如何确定 WinDbg 中以空字符结尾的字符串的长度 [英] How to determine length of null-terminated string in WinDbg
问题描述
在调试中的目标进程的地址空间中存在以空字符结尾的 ASCII 字符串.我想写一个 WinDbg 脚本来打印出这个字符串的长度.假设我知道字符串起始字符的地址,我如何计算它的长度?
There is a null-terminated ASCII string existing in the address space of the target process under debugging. I want to write a WinDbg script to print out the length of this string. Assuming I know the address of the starting character of the string, how do I calculate its length?
推荐答案
恕我直言,它在 WinDbg 中并不方便,我尝试找到涉及 s
、.foreach
和 .if
超过 15 分钟,但结果令人沮丧.在这种情况下,我使用 Python 等真正的编程语言和 PyKD.
IMHO it's not convenient in WinDbg and I tried finding a solution involving s
, .foreach
and .if
for more than 15 minutes but the result was frustrating. In such a case I use a real programming language like Python with PyKD.
将以下内容保存到文件 strlen.py
中:
Save the following into a file strlen.py
:
from pykd import *
import sys
addr = int(sys.argv[1], 16)
length = 0
while(0 != loadBytes(addr+length, 1)[0]):
length += 1
dprintln(str(length))
然后以地址为参数运行它:
Then run it with the address as argument:
0:022> !py c:\tmp\strlen.py 773a004e
43
0:022> db 773a004e L0n44
773a004e 54 68 69 73 20 70 72 6f-67 72 61 6d 20 63 61 6e This program can
773a005e 6e 6f 74 20 62 65 20 72-75 6e 20 69 6e 20 44 4f not be run in DO
773a006e 53 20 6d 6f 64 65 2e 0d-0d 0a 24 00 S mode....$.
请注意,PyKd 不会自动将命名符号转换为地址(例如,您不能将 ntdll
作为地址传递)
Note that PyKd does not automatically convert named symbols to addresses (e.g. you can't pass ntdll
as an address)
这篇关于如何确定 WinDbg 中以空字符结尾的字符串的长度的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!