{"id":58,"date":"2006-10-23T07:00:52","date_gmt":"2006-10-23T12:00:52","guid":{"rendered":"http:\/\/www.nynaeve.net\/?p=58"},"modified":"2019-12-13T17:41:45","modified_gmt":"2019-12-13T22:41:45","slug":"useful-windbg-commands-formats","status":"publish","type":"post","link":"http:\/\/www.nynaeve.net\/?p=58","title":{"rendered":"Useful WinDbg commands: .formats"},"content":{"rendered":"

One of the many things that you end up having to do while debugging a program is displaying data types. While you probably know many of the basic commands like db<\/em>, da<\/em>, du<\/em>, and soforth, one perhaps little-used command is useful for displaying a four or eight byte quantity in a number of different data types: the “.formats<\/em>” command. This command is useful for viewing various primative\/built-in data types, where you cannot display as a structure via the “dt<\/em>” command.<\/p>\n

In particular, you can use .formats<\/em> to translate a number of different data types into readable values, including floating point or various time formats (time_t if you provide a 32-bit value, or FILETIME if you give a 64-bit value). For instance:<\/p>\n

0:001> .formats 41414141\r\nEvaluate expression:\r\n  Hex:     41414141\r\n  Decimal: 1094795585\r\n  Octal:   10120240501\r\n  Binary:  01000001 01000001 01000001 01000001\r\n  Chars:   AAAA\r\n  Time:    Fri Sep 10 01:53:05 2004\r\n  Float:   low 12.0784 high 0\r\n  Double:  5.40901e-315\r\n<\/pre>\n
The command also supports 64-bit filetime quantities:<\/p>\n
0:001> .formats 01010101`01010101\r\nEvaluate expression:\r\n  Hex:     01010101`01010101\r\n  Decimal: 72340172838076673\r\n  Octal:   0004010020040100200401\r\n  Binary:  00000001 00000001 00000001 00000001\r\n           00000001 00000001 00000001 00000001\r\n  Chars:   ........\r\n  Time:    Sun Mar 28 21:14:43.807 1830 (GMT-4)\r\n  Float:   low 2.36943e-038 high 2.36943e-038\r\n  Double:  7.7486e-304\r\n<\/pre>\n
.formats<\/em> is primarily useful for saving you a bit of time poking around in a calculator to translate times, or convert perhaps an overwritten eip into text if you are examining a stack buffer string overflow.  In conjunction with db<\/em> and dt<\/em>, you should be able to format most any data you’ll come across in a debugging session into a readable format (provided you have symbols, of course, in the case of complex user-defined data types).<\/p>\n","protected":false},"excerpt":{"rendered":"
One of the many things that you end up having to do while debugging a program is displaying data types. While you probably know many of the basic commands like db, da, du, and soforth, one perhaps little-used command is useful for displaying a four or eight byte quantity in a number of different data […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[2],"tags":[],"_links":{"self":[{"href":"http:\/\/www.nynaeve.net\/index.php?rest_route=\/wp\/v2\/posts\/58"}],"collection":[{"href":"http:\/\/www.nynaeve.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.nynaeve.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.nynaeve.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.nynaeve.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=58"}],"version-history":[{"count":1,"href":"http:\/\/www.nynaeve.net\/index.php?rest_route=\/wp\/v2\/posts\/58\/revisions"}],"predecessor-version":[{"id":677,"href":"http:\/\/www.nynaeve.net\/index.php?rest_route=\/wp\/v2\/posts\/58\/revisions\/677"}],"wp:attachment":[{"href":"http:\/\/www.nynaeve.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=58"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.nynaeve.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=58"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.nynaeve.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=58"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}