KdPrint/DbgPrint and UNICODE_STRING/ANSI_STRING

最新推荐文章于 2024-12-11 16:23:00 发布

swanabin

最新推荐文章于 2024-12-11 16:23:00 发布

阅读量1.6k

点赞数

分类专栏：驱动

驱动专栏收录该内容

32 篇文章

订阅专栏

本文介绍了如何使用 MS 扩展的内核 CRTL 函数以简化格式输出 Unicode 和 ANSI 字符串的方法。通过 Z 格式说明符可以轻松地将 PUNICODE_STRING 和 PANSI_STRING 类型的指针内容输出到 KdPrint 等函数中。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

typedef struct _UNICODE_STRING {
    USHORT Length;
    USHORT MaximumLength;
    PWSTR  Buffer;
} UNICODE_STRING;
typedef UNICODE_STRING *PUNICODE_STRING;

typedef struct _STRING {
    USHORT Length;
    USHORT MaximumLength;
    PCHAR Buffer;
} STRING;
typedef STRING *PSTRING;

typedef STRING ANSI_STRING;
typedef PSTRING PANSI_STRING;


To make life easier MS have extended kernel CRTL output() function with Z format specifier. This works for all kernel functions those understand formatted strings (e.g. sprintf, _vsnprintf, KdPrint/DbgPrint). For example:
PUNICODE_STRING pUStr;
PANSI_STRING    pAStr;
...
KdPrint(("Unicode string: %wZ\n", pUStr));
KdPrint(("ANSI    string: %Z\n",  pAStr));
Though, you can use a little more complicated documented way. Btw, this form is suitable for printing byte array of strictly defined length.
KdPrint(("Unicode string: %*.*ws\n",pUStr->Length/sizeof(WCHAR),
    pUStr->Length/sizeof(WCHAR), pUStr));
KdPrint(("Unicode string: %*.*S\n",pUStr->Length/sizeof(WCHAR),
    pUStr->Length/sizeof(WCHAR), pUStr));
KdPrint(("ANSI    string: %*.*s\n", pAStr->Length/sizeof(CHAR),
    pAStr->Length/sizeof(CHAR),  pAStr));
Or, if you want to take into account NULL-terminator, but limit output length to specified number of characters:
KdPrint(("Unicode string: %.*ws\n",
    pUStr->Length/sizeof(WCHAR), pUStr));
KdPrint(("Unicode string: %.*S\n",
    pUStr->Length/sizeof(WCHAR), pUStr));
KdPrint(("ANSI    string: %.*s\n",
    pAStr->Length/sizeof(CHAR),  pAStr));