Useful WinDbg commands: .formats

One of the many things that you end up having to do while debugging a program is displaying data types. While you probably know many of the basic commands like db, da, du, and soforth, one perhaps little-used command is useful for displaying a four or eight byte quantity in a number of different data types: the “.formats” command. This command is useful for viewing various primative/built-in data types, where you cannot display as a structure via the “dt” command.

In particular, you can use .formats to translate a number of different data types into readable values, including floating point or various time formats (time_t if you provide a 32-bit value, or FILETIME if you give a 64-bit value). For instance:

0:001> .formats 41414141
Evaluate expression:
  Hex:     41414141
  Decimal: 1094795585
  Octal:   10120240501
  Binary:  01000001 01000001 01000001 01000001
  Chars:   AAAA
  Time:    Fri Sep 10 01:53:05 2004
  Float:   low 12.0784 high 0
  Double:  5.40901e-315

The command also supports 64-bit filetime quantities:

0:001> .formats 01010101`01010101
Evaluate expression:
  Hex:     01010101`01010101
  Decimal: 72340172838076673
  Octal:   0004010020040100200401
  Binary:  00000001 00000001 00000001 00000001
           00000001 00000001 00000001 00000001
  Chars:   ........
  Time:    Sun Mar 28 21:14:43.807 1830 (GMT-4)
  Float:   low 2.36943e-038 high 2.36943e-038
  Double:  7.7486e-304

.formats is primarily useful for saving you a bit of time poking around in a calculator to translate times, or convert perhaps an overwritten eip into text if you are examining a stack buffer string overflow. In conjunction with db and dt, you should be able to format most any data you’ll come across in a debugging session into a readable format (provided you have symbols, of course, in the case of complex user-defined data types).

This entry was posted on Monday, October 23rd, 2006 at 7:00 am and is filed under Debugging. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

2 Responses to “Useful WinDbg commands: .formats”

  1. cclark says:
    April 30, 2007 at 7:04 pm

    It’s worth noting that .formats interprets arguments using your default radix unless specified otherwise. So you can convert numbers to from decimal to hex by using the n specifier.

    Example:
    0:000> .formats 0n10
    Evaluate expression:
    Hex: 0000000a
    Decimal: 10
    Octal: 00000000012
    Binary: 00000000 00000000 00000000 00001010
    Chars: ….
    Time: Wed Dec 31 16:00:10 1969
    Float: low 1.4013e-044 high 0
    Double: 4.94066e-323

  2. Skywing says:
    April 30, 2007 at 7:54 pm

    Yep. Actually, between that and the other features of the built-in expression evaluator, the debugger can suffice as a passable poor man’s calculator in a pinch (been there, done that a few times myself).