Alter.Org.UA
 << Back Home UK uk   Donate Donate

KdPrint/DbgPrint and UNICODE_STRING/ANSI_STRING

Just to remember:
NT likes string of the following form:

typedef struct _UNICODE_STRING {
    USHORT Length;
    USHORT MaximumLength;
    PWSTR  Buffer;
} UNICODE_STRING;
typedef UNICODE_STRING *PUNICODE_STRING;
 
typedef struct _STRING {
    USHORT Length;
    USHORT MaximumLength;
    PCHAR Buffer;
} STRING;
typedef STRING *PSTRING;

typedef STRING ANSI_STRING;
typedef PSTRING PANSI_STRING;

To make life easier MS have extended kernel CRTL output() function with Z format specifier. This works for all kernel functions those understand formatted strings (e.g. sprintf, _vsnprintf, KdPrint/DbgPrint). For example:

PUNICODE_STRING pUStr;
PANSI_STRING    pAStr;
...
KdPrint(("Unicode string: %wZ\n", pUStr));
KdPrint(("ANSI    string: %Z\n",  pAStr));

Though, you can use a little more complicated documented way. Btw, this form is suitable for printing byte array of strictly defined length.

KdPrint(("Unicode string: %*.*ws\n",pUStr->Length/sizeof(WCHAR),
    pUStr->Length/sizeof(WCHAR), pUStr));
KdPrint(("Unicode string: %*.*S\n",pUStr->Length/sizeof(WCHAR),
    pUStr->Length/sizeof(WCHAR), pUStr));
KdPrint(("ANSI    string: %*.*s\n", pAStr->Length/sizeof(CHAR),
    pAStr->Length/sizeof(CHAR),  pAStr));

Or, if you want to take into account NULL-terminator, but limit output length to specified number of characters:

KdPrint(("Unicode string: %.*ws\n",
    pUStr->Length/sizeof(WCHAR), pUStr));
KdPrint(("Unicode string: %.*S\n",
    pUStr->Length/sizeof(WCHAR), pUStr));
KdPrint(("ANSI    string: %.*s\n",
    pAStr->Length/sizeof(CHAR),  pAStr));
<< Back designed by Alter aka Alexander A. Telyatnikov powered by Apache+PHP under FBSD © 2002-2024