Displaying and Searching std::map Contents in WinDbg
Join the DZone community and get the full member experience.
Join For FreeThis time we’re up for a bigger challenge. We want to automatically display and possibly search and filter std::map objects in WinDbg. The script for std::vectors was relatively easy because of the flat structure of the data in a vector; maps are more complex beasts.
Specifically, an map in the Visual C++ STL is implemented as a red-black tree. Each tree node has three important pointers: _Left, _Right, and _Parent. Additionally, each node has a _Myval field that contains the std::pair with the key and value represented by the node.
Iterating a tree structure requires recursion, and WinDbg scripts don’t have any syntax to define functions. However, we can invoke a script recursively – a script is allowed to contain the $$>a< command that invokes it again with a different set of arguments. The path to the script is also readily available in ${$arg0}.
Before I show you the script, there’s just one little challenge I had to deal with. When you call a script recursively, the values of the pseudo-registers (like $t0) will be clobbered by the recursive invocation. I was on the verge of allocating memory dynamically or calling into a shell process to store and load variables, when I stumbled upon the .push and .pop commands, which store the register context and load it, respectively. These are a must for recursive WinDbg scripts.
OK, so suppose you want to display values from an std::map<int, point> where the key is less than or equal to 2. Here we go:
0:000> $$>a< traverse_map.script my_map -c ".block { .if (@@(@$t9.first) <= 2) { .echo ----; ?? @$t9.second } }"
size = 10
----
struct point
+0x000 x : 0n1
+0x004 y : 0n2
+0x008 data : extra_data
----
struct point
+0x000 x : 0n0
+0x004 y : 0n1
+0x008 data : extra_data
----
struct point
+0x000 x : 0n2
+0x004 y : 0n3
+0x008 data : extra_data For each pair (stored in the $t9 pseudo-register), the block checks if the first component is less than or equal to 2, and if it is, outputs the second component.
Next, here’s the script. Note it’s considerably more complex that what we had to with vectors, because it essentially invokes itself with a different set of parameters and then repeats recursively.
.if ($sicmp("${$arg1}", "-n") == 0) {
.if (@@(@$t0->_Isnil) == 0) {
.if (@$t2 == 1) {
.printf /D "<exec cmd=\"db %p L10\">%p</exec>\n", @$t0, @$t0
.printf "key = "
?? @$t0->_Myval.first
.printf "value = "
?? @$t0->_Myval.second
} .else {
r? $t9 = @$t0->_Myval
command
}
}
$$ Recurse into _Left, _Right unless they point to the root of the tree
.if (@@(@$t0->_Left) != @@(@$t1)) {
.push /r /q
r? $t0 = @$t0->_Left
$$>a< ${$arg0} -n
.pop /r /q
}
.if (@@(@$t0->_Right) != @@(@$t1)) {
.push /r /q
r? $t0 = @$t0->_Right
$$>a< ${$arg0} -n
.pop /r /q
}
} .else {
r? $t0 = ${$arg1}
.if (${/d:$arg2}) {
.if ($sicmp("${$arg2}", "-c") == 0) {
r $t2 = 0
aS ${/v:command} "${$arg3}"
}
} .else {
r $t2 = 1
aS ${/v:command} " "
}
.printf "size = %d\n", @@(@$t0._Mysize)
r? $t0 = @$t0._Myhead->_Parent
r? $t1 = @$t0->_Parent
$$>a< ${$arg0} -n
ad command
}Of particular note are the aS command which configures an alias that is then used by the recursive invocation to invoke a command block for each of the map’s elements; the $sicmp function which compares strings; and the .printf /D function, which outputs a chunk of DML. Finally, the recursion terminates when _Left or _Right are equal to the root of the tree (that’s just how the tree is implemented in this case).
Published at DZone with permission of Sasha Goldshtein. See the original article here.
Opinions expressed by DZone contributors are their own.
Comments