Jaa


Special Command—Extracting Class and Struct Fields Using dt

dt is another command used almost all the time whenever you want to get the fields and type for a structure or class. For example, you may have a this pointer and use dt to get its fields and type.

It’s a simple command with interesting variations that you should be aware of, because it’s an important armory when hunting nasty bugs.

The simplest dt form displays a type without using instance information. In other words, you don’t need to provide the address where the object is located, just its type, like:

dt <symbol>

Note: Have you noticed the colors I’m using? It’s much better than just black. J

 

The second variation is to use the address of the object, getting details of the specific instance, like:

dt <symbol> <address>    ß You may invert the order if you want.

This time you have not only the type and fields, but also the values for each field.

 

If you want full details you can display all fields recursively. If a displayed structure contains substructures, it is expanded recursively to arbitrary depths and displayed in full, like:

dt <symbol> [address] –b

 

Suppose you have a linked list with more than, let’s say, 100 nodes. For this case you may want to control how many nodes you display. To do this you use:

dt <symbol> <address> -rn ß n is the depth, a number between 1 and 9.

 

For a linked list you can specify the name that links a linked list, for example, the pointer that points to the next node by using:

dt <symbol> <address> -l fieldname

 

Finally the sniper shot! J The verbose output that gives you additional information such as the total size of a structure/class and the number of elements with all symbols.

dt <symbol> <address> -v

Don’t forget to use symbols; otherwise you won’t be able to use dt.

Happy bug hunting!

Here you can see scripts that use dt.

Comments