├── .gitattributes ├── .gitignore ├── README.md ├── windbg_to_c.sln └── windbg_to_c ├── helpers.hpp ├── main.cpp ├── windbg_field.cpp ├── windbg_field.hpp ├── windbg_structure.cpp ├── windbg_structure.hpp └── windbg_to_c.vcxproj /.gitattributes: -------------------------------------------------------------------------------- 1 | ############################################################################### 2 | # Set default behavior to automatically normalize line endings. 3 | ############################################################################### 4 | * text=auto 5 | 6 | ############################################################################### 7 | # Set default behavior for command prompt diff. 8 | # 9 | # This is need for earlier builds of msysgit that does not have it on by 10 | # default for csharp files. 11 | # Note: This is only used by command line 12 | ############################################################################### 13 | #*.cs diff=csharp 14 | 15 | ############################################################################### 16 | # Set the merge driver for project and solution files 17 | # 18 | # Merging from the command prompt will add diff markers to the files if there 19 | # are conflicts (Merging from VS is not affected by the settings below, in VS 20 | # the diff markers are never inserted). Diff markers may cause the following 21 | # file extensions to fail to load in VS. An alternative would be to treat 22 | # these files as binary and thus will always conflict and require user 23 | # intervention with every merge. To do so, just uncomment the entries below 24 | ############################################################################### 25 | #*.sln merge=binary 26 | #*.csproj merge=binary 27 | #*.vbproj merge=binary 28 | #*.vcxproj merge=binary 29 | #*.vcproj merge=binary 30 | #*.dbproj merge=binary 31 | #*.fsproj merge=binary 32 | #*.lsproj merge=binary 33 | #*.wixproj merge=binary 34 | #*.modelproj merge=binary 35 | #*.sqlproj merge=binary 36 | #*.wwaproj merge=binary 37 | 38 | ############################################################################### 39 | # behavior for image files 40 | # 41 | # image files are treated as binary by default. 42 | ############################################################################### 43 | #*.jpg binary 44 | #*.png binary 45 | #*.gif binary 46 | 47 | ############################################################################### 48 | # diff behavior for common document formats 49 | # 50 | # Convert binary document formats to text before diffing them. This feature 51 | # is only available from the command line. Turn it on by uncommenting the 52 | # entries below. 53 | ############################################################################### 54 | #*.doc diff=astextplain 55 | #*.DOC diff=astextplain 56 | #*.docx diff=astextplain 57 | #*.DOCX diff=astextplain 58 | #*.dot diff=astextplain 59 | #*.DOT diff=astextplain 60 | #*.pdf diff=astextplain 61 | #*.PDF diff=astextplain 62 | #*.rtf diff=astextplain 63 | #*.RTF diff=astextplain 64 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | ## Ignore Visual Studio temporary files, build results, and 2 | ## files generated by popular Visual Studio add-ons. 3 | 4 | # User-specific files 5 | *.suo 6 | *.user 7 | *.userosscache 8 | *.sln.docstates 9 | 10 | # User-specific files (MonoDevelop/Xamarin Studio) 11 | *.userprefs 12 | 13 | # Build results 14 | [Dd]ebug/ 15 | [Dd]ebugPublic/ 16 | [Rr]elease/ 17 | [Rr]eleases/ 18 | [Xx]64/ 19 | [Xx]86/ 20 | [Bb]uild/ 21 | bld/ 22 | [Bb]in/ 23 | [Oo]bj/ 24 | 25 | # Visual Studio 2015 cache/options directory 26 | .vs/ 27 | # Uncomment if you have tasks that create the project's static files in wwwroot 28 | #wwwroot/ 29 | 30 | # MSTest test Results 31 | [Tt]est[Rr]esult*/ 32 | [Bb]uild[Ll]og.* 33 | 34 | # NUNIT 35 | *.VisualState.xml 36 | TestResult.xml 37 | 38 | # Build Results of an ATL Project 39 | [Dd]ebugPS/ 40 | [Rr]eleasePS/ 41 | dlldata.c 42 | 43 | # DNX 44 | project.lock.json 45 | artifacts/ 46 | 47 | *_i.c 48 | *_p.c 49 | *_i.h 50 | *.ilk 51 | *.meta 52 | *.obj 53 | *.pch 54 | *.pdb 55 | *.pgc 56 | *.pgd 57 | *.rsp 58 | *.sbr 59 | *.tlb 60 | *.tli 61 | *.tlh 62 | *.tmp 63 | *.tmp_proj 64 | *.log 65 | *.vspscc 66 | *.vssscc 67 | .builds 68 | *.pidb 69 | *.svclog 70 | *.scc 71 | 72 | # Chutzpah Test files 73 | _Chutzpah* 74 | 75 | # Visual C++ cache files 76 | ipch/ 77 | *.aps 78 | *.ncb 79 | *.opendb 80 | *.opensdf 81 | *.sdf 82 | *.cachefile 83 | *.VC.db 84 | 85 | # Visual Studio profiler 86 | *.psess 87 | *.vsp 88 | *.vspx 89 | *.sap 90 | 91 | # TFS 2012 Local Workspace 92 | $tf/ 93 | 94 | # Guidance Automation Toolkit 95 | *.gpState 96 | 97 | # ReSharper is a .NET coding add-in 98 | _ReSharper*/ 99 | *.[Rr]e[Ss]harper 100 | *.DotSettings.user 101 | 102 | # JustCode is a .NET coding add-in 103 | .JustCode 104 | 105 | # TeamCity is a build add-in 106 | _TeamCity* 107 | 108 | # DotCover is a Code Coverage Tool 109 | *.dotCover 110 | 111 | # NCrunch 112 | _NCrunch_* 113 | .*crunch*.local.xml 114 | nCrunchTemp_* 115 | 116 | # MightyMoose 117 | *.mm.* 118 | AutoTest.Net/ 119 | 120 | # Web workbench (sass) 121 | .sass-cache/ 122 | 123 | # Installshield output folder 124 | [Ee]xpress/ 125 | 126 | # DocProject is a documentation generator add-in 127 | DocProject/buildhelp/ 128 | DocProject/Help/*.HxT 129 | DocProject/Help/*.HxC 130 | DocProject/Help/*.hhc 131 | DocProject/Help/*.hhk 132 | DocProject/Help/*.hhp 133 | DocProject/Help/Html2 134 | DocProject/Help/html 135 | 136 | # Click-Once directory 137 | publish/ 138 | 139 | # Publish Web Output 140 | *.[Pp]ublish.xml 141 | *.azurePubxml 142 | 143 | # TODO: Un-comment the next line if you do not want to checkin 144 | # your web deploy settings because they may include unencrypted 145 | # passwords 146 | #*.pubxml 147 | *.publishproj 148 | 149 | # NuGet Packages 150 | *.nupkg 151 | # The packages folder can be ignored because of Package Restore 152 | **/packages/* 153 | # except build/, which is used as an MSBuild target. 154 | !**/packages/build/ 155 | # Uncomment if necessary however generally it will be regenerated when needed 156 | #!**/packages/repositories.config 157 | # NuGet v3's project.json files produces more ignoreable files 158 | *.nuget.props 159 | *.nuget.targets 160 | 161 | # Microsoft Azure Build Output 162 | csx/ 163 | *.build.csdef 164 | 165 | # Microsoft Azure Emulator 166 | ecf/ 167 | rcf/ 168 | 169 | # Microsoft Azure ApplicationInsights config file 170 | ApplicationInsights.config 171 | 172 | # Windows Store app package directory 173 | AppPackages/ 174 | BundleArtifacts/ 175 | 176 | # Visual Studio cache files 177 | # files ending in .cache can be ignored 178 | *.[Cc]ache 179 | # but keep track of directories ending in .cache 180 | !*.[Cc]ache/ 181 | 182 | # Others 183 | ClientBin/ 184 | [Ss]tyle[Cc]op.* 185 | ~$* 186 | *~ 187 | *.dbmdl 188 | *.dbproj.schemaview 189 | *.pfx 190 | *.publishsettings 191 | node_modules/ 192 | orleans.codegen.cs 193 | 194 | # RIA/Silverlight projects 195 | Generated_Code/ 196 | 197 | # Backup & report files from converting an old project file 198 | # to a newer Visual Studio version. Backup files are not needed, 199 | # because we have git ;-) 200 | _UpgradeReport_Files/ 201 | Backup*/ 202 | UpgradeLog*.XML 203 | UpgradeLog*.htm 204 | 205 | # SQL Server files 206 | *.mdf 207 | *.ldf 208 | 209 | # Business Intelligence projects 210 | *.rdl.data 211 | *.bim.layout 212 | *.bim_*.settings 213 | 214 | # Microsoft Fakes 215 | FakesAssemblies/ 216 | 217 | # GhostDoc plugin setting file 218 | *.GhostDoc.xml 219 | 220 | # Node.js Tools for Visual Studio 221 | .ntvs_analysis.dat 222 | 223 | # Visual Studio 6 build log 224 | *.plg 225 | 226 | # Visual Studio 6 workspace options file 227 | *.opt 228 | 229 | # Visual Studio LightSwitch build output 230 | **/*.HTMLClient/GeneratedArtifacts 231 | **/*.DesktopClient/GeneratedArtifacts 232 | **/*.DesktopClient/ModelManifest.xml 233 | **/*.Server/GeneratedArtifacts 234 | **/*.Server/ModelManifest.xml 235 | _Pvt_Extensions 236 | 237 | # LightSwitch generated files 238 | GeneratedArtifacts/ 239 | ModelManifest.xml 240 | 241 | # Paket dependency manager 242 | .paket/paket.exe 243 | 244 | # FAKE - F# Make 245 | .fake/ -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # windbg_to_c 2 | Translates WinDbg "dt" structure dump to a C structure 3 | 4 | ## Usage: 5 | You can run the application from the command line passing a input file as parameter. Like this: 6 | 7 | windbg_to_c.exe input.txt 8 | 9 | Or you can just drag and drop the source file into application executable. 10 | 11 | After that, a "result.txt" file will be generated with the C structure. 12 | 13 | Currently, there's no error handling so I dont know what happens if you pass an invalid input. 14 | 15 | ## Example: 16 | 17 | ### Input: 18 | 19 | ``` 20 | kd> dt nt!_PEB 21 | +0x000 InheritedAddressSpace : UChar 22 | +0x001 ReadImageFileExecOptions : UChar 23 | +0x002 BeingDebugged : UChar 24 | +0x003 BitField : UChar 25 | +0x003 ImageUsesLargePages : Pos 0, 1 Bit 26 | +0x003 IsProtectedProcess : Pos 1, 1 Bit 27 | +0x003 IsImageDynamicallyRelocated : Pos 2, 1 Bit 28 | +0x003 SkipPatchingUser32Forwarders : Pos 3, 1 Bit 29 | +0x003 IsPackagedProcess : Pos 4, 1 Bit 30 | +0x003 IsAppContainer : Pos 5, 1 Bit 31 | +0x003 IsProtectedProcessLight : Pos 6, 1 Bit 32 | +0x003 SpareBits : Pos 7, 1 Bit 33 | +0x004 Padding0 : [4] UChar 34 | +0x008 Mutant : Ptr64 Void 35 | +0x010 ImageBaseAddress : Ptr64 Void 36 | +0x018 Ldr : Ptr64 _PEB_LDR_DATA 37 | +0x020 ProcessParameters : Ptr64 _RTL_USER_PROCESS_PARAMETERS 38 | +0x028 SubSystemData : Ptr64 Void 39 | +0x030 ProcessHeap : Ptr64 Void 40 | +0x038 FastPebLock : Ptr64 _RTL_CRITICAL_SECTION 41 | +0x040 AtlThunkSListPtr : Ptr64 Void 42 | +0x048 IFEOKey : Ptr64 Void 43 | +0x050 CrossProcessFlags : Uint4B 44 | +0x050 ProcessInJob : Pos 0, 1 Bit 45 | +0x050 ProcessInitializing : Pos 1, 1 Bit 46 | +0x050 ProcessUsingVEH : Pos 2, 1 Bit 47 | +0x050 ProcessUsingVCH : Pos 3, 1 Bit 48 | +0x050 ProcessUsingFTH : Pos 4, 1 Bit 49 | +0x050 ReservedBits0 : Pos 5, 27 Bits 50 | +0x054 Padding1 : [4] UChar 51 | +0x058 KernelCallbackTable : Ptr64 Void 52 | +0x058 UserSharedInfoPtr : Ptr64 Void 53 | +0x060 SystemReserved : [1] Uint4B 54 | +0x064 AtlThunkSListPtr32 : Uint4B 55 | +0x068 ApiSetMap : Ptr64 Void 56 | +0x070 TlsExpansionCounter : Uint4B 57 | +0x074 Padding2 : [4] UChar 58 | +0x078 TlsBitmap : Ptr64 Void 59 | +0x080 TlsBitmapBits : [2] Uint4B 60 | +0x088 ReadOnlySharedMemoryBase : Ptr64 Void 61 | +0x090 SparePvoid0 : Ptr64 Void 62 | +0x098 ReadOnlyStaticServerData : Ptr64 Ptr64 Void 63 | +0x0a0 AnsiCodePageData : Ptr64 Void 64 | +0x0a8 OemCodePageData : Ptr64 Void 65 | +0x0b0 UnicodeCaseTableData : Ptr64 Void 66 | +0x0b8 NumberOfProcessors : Uint4B 67 | +0x0bc NtGlobalFlag : Uint4B 68 | +0x0c0 CriticalSectionTimeout : _LARGE_INTEGER 69 | +0x0c8 HeapSegmentReserve : Uint8B 70 | +0x0d0 HeapSegmentCommit : Uint8B 71 | +0x0d8 HeapDeCommitTotalFreeThreshold : Uint8B 72 | +0x0e0 HeapDeCommitFreeBlockThreshold : Uint8B 73 | +0x0e8 NumberOfHeaps : Uint4B 74 | +0x0ec MaximumNumberOfHeaps : Uint4B 75 | +0x0f0 ProcessHeaps : Ptr64 Ptr64 Void 76 | +0x0f8 GdiSharedHandleTable : Ptr64 Void 77 | +0x100 ProcessStarterHelper : Ptr64 Void 78 | +0x108 GdiDCAttributeList : Uint4B 79 | +0x10c Padding3 : [4] UChar 80 | +0x110 LoaderLock : Ptr64 _RTL_CRITICAL_SECTION 81 | +0x118 OSMajorVersion : Uint4B 82 | +0x11c OSMinorVersion : Uint4B 83 | +0x120 OSBuildNumber : Uint2B 84 | +0x122 OSCSDVersion : Uint2B 85 | +0x124 OSPlatformId : Uint4B 86 | +0x128 ImageSubsystem : Uint4B 87 | +0x12c ImageSubsystemMajorVersion : Uint4B 88 | +0x130 ImageSubsystemMinorVersion : Uint4B 89 | +0x134 Padding4 : [4] UChar 90 | +0x138 ActiveProcessAffinityMask : Uint8B 91 | +0x140 GdiHandleBuffer : [60] Uint4B 92 | +0x230 PostProcessInitRoutine : Ptr64 void 93 | +0x238 TlsExpansionBitmap : Ptr64 Void 94 | +0x240 TlsExpansionBitmapBits : [32] Uint4B 95 | +0x2c0 SessionId : Uint4B 96 | +0x2c4 Padding5 : [4] UChar 97 | +0x2c8 AppCompatFlags : _ULARGE_INTEGER 98 | +0x2d0 AppCompatFlagsUser : _ULARGE_INTEGER 99 | +0x2d8 pShimData : Ptr64 Void 100 | +0x2e0 AppCompatInfo : Ptr64 Void 101 | +0x2e8 CSDVersion : _UNICODE_STRING 102 | +0x2f8 ActivationContextData : Ptr64 _ACTIVATION_CONTEXT_DATA 103 | +0x300 ProcessAssemblyStorageMap : Ptr64 _ASSEMBLY_STORAGE_MAP 104 | +0x308 SystemDefaultActivationContextData : Ptr64 _ACTIVATION_CONTEXT_DATA 105 | +0x310 SystemAssemblyStorageMap : Ptr64 _ASSEMBLY_STORAGE_MAP 106 | +0x318 MinimumStackCommit : Uint8B 107 | +0x320 FlsCallback : Ptr64 _FLS_CALLBACK_INFO 108 | +0x328 FlsListHead : _LIST_ENTRY 109 | +0x338 FlsBitmap : Ptr64 Void 110 | +0x340 FlsBitmapBits : [4] Uint4B 111 | +0x350 FlsHighIndex : Uint4B 112 | +0x358 WerRegistrationData : Ptr64 Void 113 | +0x360 WerShipAssertPtr : Ptr64 Void 114 | +0x368 pUnused : Ptr64 Void 115 | +0x370 pImageHeaderHash : Ptr64 Void 116 | +0x378 TracingFlags : Uint4B 117 | +0x378 HeapTracingEnabled : Pos 0, 1 Bit 118 | +0x378 CritSecTracingEnabled : Pos 1, 1 Bit 119 | +0x378 LibLoaderTracingEnabled : Pos 2, 1 Bit 120 | +0x378 SpareTracingBits : Pos 3, 29 Bits 121 | +0x37c Padding6 : [4] UChar 122 | +0x380 CsrServerReadOnlySharedMemoryBase : Uint8B 123 | +0x388 TppWorkerpListLock : Uint8B 124 | +0x390 TppWorkerpList : _LIST_ENTRY 125 | +0x3a0 WaitOnAddressHashTable : [128] Ptr64 Void 126 | ``` 127 | 128 | ### Output: 129 | 130 | ``` 131 | typedef struct _PEB 132 | { 133 | UCHAR InheritedAddressSpace; 134 | UCHAR ReadImageFileExecOptions; 135 | UCHAR BeingDebugged; 136 | union { 137 | UCHAR BitField; 138 | struct { 139 | UCHAR ImageUsesLargePages : 1; 140 | UCHAR IsProtectedProcess : 1; 141 | UCHAR IsImageDynamicallyRelocated : 1; 142 | UCHAR SkipPatchingUser32Forwarders : 1; 143 | UCHAR IsPackagedProcess : 1; 144 | UCHAR IsAppContainer : 1; 145 | UCHAR IsProtectedProcessLight : 1; 146 | UCHAR SpareBits : 1; 147 | }; 148 | }; 149 | UCHAR Padding0[4]; 150 | PVOID Mutant; 151 | PVOID ImageBaseAddress; 152 | PPEB_LDR_DATA Ldr; 153 | PRTL_USER_PROCESS_PARAMETERS ProcessParameters; 154 | PVOID SubSystemData; 155 | PVOID ProcessHeap; 156 | PRTL_CRITICAL_SECTION FastPebLock; 157 | PVOID AtlThunkSListPtr; 158 | PVOID IFEOKey; 159 | union { 160 | ULONG CrossProcessFlags; 161 | struct { 162 | UCHAR ProcessInJob : 1; 163 | UCHAR ProcessInitializing : 1; 164 | UCHAR ProcessUsingVEH : 1; 165 | UCHAR ProcessUsingVCH : 1; 166 | UCHAR ProcessUsingFTH : 1; 167 | ULONG ReservedBits0 : 27; 168 | }; 169 | }; 170 | UCHAR Padding1[4]; 171 | union { 172 | PVOID KernelCallbackTable; 173 | PVOID UserSharedInfoPtr; 174 | }; 175 | ULONG SystemReserved[1]; 176 | ULONG AtlThunkSListPtr32; 177 | PVOID ApiSetMap; 178 | ULONG TlsExpansionCounter; 179 | UCHAR Padding2[4]; 180 | PVOID TlsBitmap; 181 | ULONG TlsBitmapBits[2]; 182 | PVOID ReadOnlySharedMemoryBase; 183 | PVOID SparePvoid0; 184 | PVOID* ReadOnlyStaticServerData; 185 | PVOID AnsiCodePageData; 186 | PVOID OemCodePageData; 187 | PVOID UnicodeCaseTableData; 188 | ULONG NumberOfProcessors; 189 | ULONG NtGlobalFlag; 190 | LARGE_INTEGER CriticalSectionTimeout; 191 | ULONGLONG HeapSegmentReserve; 192 | ULONGLONG HeapSegmentCommit; 193 | ULONGLONG HeapDeCommitTotalFreeThreshold; 194 | ULONGLONG HeapDeCommitFreeBlockThreshold; 195 | ULONG NumberOfHeaps; 196 | ULONG MaximumNumberOfHeaps; 197 | PVOID* ProcessHeaps; 198 | PVOID GdiSharedHandleTable; 199 | PVOID ProcessStarterHelper; 200 | ULONG GdiDCAttributeList; 201 | UCHAR Padding3[4]; 202 | PRTL_CRITICAL_SECTION LoaderLock; 203 | ULONG OSMajorVersion; 204 | ULONG OSMinorVersion; 205 | USHORT OSBuildNumber; 206 | USHORT OSCSDVersion; 207 | ULONG OSPlatformId; 208 | ULONG ImageSubsystem; 209 | ULONG ImageSubsystemMajorVersion; 210 | ULONG ImageSubsystemMinorVersion; 211 | UCHAR Padding4[4]; 212 | ULONGLONG ActiveProcessAffinityMask; 213 | ULONG GdiHandleBuffer[60]; 214 | PVOID PostProcessInitRoutine; 215 | PVOID TlsExpansionBitmap; 216 | ULONG TlsExpansionBitmapBits[32]; 217 | ULONG SessionId; 218 | UCHAR Padding5[4]; 219 | ULARGE_INTEGER AppCompatFlags; 220 | ULARGE_INTEGER AppCompatFlagsUser; 221 | PVOID pShimData; 222 | PVOID AppCompatInfo; 223 | UNICODE_STRING CSDVersion; 224 | PACTIVATION_CONTEXT_DATA ActivationContextData; 225 | PASSEMBLY_STORAGE_MAP ProcessAssemblyStorageMap; 226 | PACTIVATION_CONTEXT_DATA SystemDefaultActivationContextData; 227 | PASSEMBLY_STORAGE_MAP SystemAssemblyStorageMap; 228 | ULONGLONG MinimumStackCommit; 229 | PFLS_CALLBACK_INFO FlsCallback; 230 | LIST_ENTRY FlsListHead; 231 | PVOID FlsBitmap; 232 | ULONG FlsBitmapBits[4]; 233 | ULONG FlsHighIndex; 234 | PVOID WerRegistrationData; 235 | PVOID WerShipAssertPtr; 236 | PVOID pUnused; 237 | PVOID pImageHeaderHash; 238 | union { 239 | ULONG TracingFlags; 240 | struct { 241 | UCHAR HeapTracingEnabled : 1; 242 | UCHAR CritSecTracingEnabled : 1; 243 | UCHAR LibLoaderTracingEnabled : 1; 244 | ULONG SpareTracingBits : 29; 245 | }; 246 | }; 247 | UCHAR Padding6[4]; 248 | ULONGLONG CsrServerReadOnlySharedMemoryBase; 249 | ULONGLONG TppWorkerpListLock; 250 | LIST_ENTRY TppWorkerpList; 251 | PVOID WaitOnAddressHashTable[128]; 252 | } PEB, *PPEB; 253 | ``` 254 | -------------------------------------------------------------------------------- /windbg_to_c.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 14 4 | VisualStudioVersion = 14.0.25123.0 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "windbg_to_c", "windbg_to_c\windbg_to_c.vcxproj", "{3FBEDFB7-EB36-420D-BA64-2758E2C5EAA6}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|x64 = Debug|x64 11 | Debug|x86 = Debug|x86 12 | Release|x64 = Release|x64 13 | Release|x86 = Release|x86 14 | EndGlobalSection 15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 16 | {3FBEDFB7-EB36-420D-BA64-2758E2C5EAA6}.Debug|x64.ActiveCfg = Debug|x64 17 | {3FBEDFB7-EB36-420D-BA64-2758E2C5EAA6}.Debug|x64.Build.0 = Debug|x64 18 | {3FBEDFB7-EB36-420D-BA64-2758E2C5EAA6}.Debug|x86.ActiveCfg = Debug|Win32 19 | {3FBEDFB7-EB36-420D-BA64-2758E2C5EAA6}.Debug|x86.Build.0 = Debug|Win32 20 | {3FBEDFB7-EB36-420D-BA64-2758E2C5EAA6}.Release|x64.ActiveCfg = Release|x64 21 | {3FBEDFB7-EB36-420D-BA64-2758E2C5EAA6}.Release|x64.Build.0 = Release|x64 22 | {3FBEDFB7-EB36-420D-BA64-2758E2C5EAA6}.Release|x86.ActiveCfg = Release|Win32 23 | {3FBEDFB7-EB36-420D-BA64-2758E2C5EAA6}.Release|x86.Build.0 = Release|Win32 24 | EndGlobalSection 25 | GlobalSection(SolutionProperties) = preSolution 26 | HideSolutionNode = FALSE 27 | EndGlobalSection 28 | EndGlobal 29 | -------------------------------------------------------------------------------- /windbg_to_c/helpers.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | 6 | inline std::vector split_string(const std::string& str, const std::string& delimiter) 7 | { 8 | std::vector strings; 9 | 10 | std::string::size_type pos = 0; 11 | std::string::size_type prev = 0; 12 | while((pos = str.find(delimiter, prev)) != std::string::npos) { 13 | strings.push_back(str.substr(prev, pos - prev)); 14 | prev = pos + 1; 15 | } 16 | 17 | // To get the last substring (or only, if delimiter is not found) 18 | strings.push_back(str.substr(prev)); 19 | 20 | return strings; 21 | } 22 | 23 | inline std::string trim_spaces(std::string str) 24 | { 25 | auto first_non_space = str.find_first_not_of(" \n"); 26 | if(first_non_space != std::string::npos) 27 | str = str.substr(first_non_space); 28 | auto last_non_space = str.find_last_not_of(" \n"); 29 | if(last_non_space != std::string::npos) 30 | str = str.substr(0, last_non_space + 1); 31 | return str; 32 | } -------------------------------------------------------------------------------- /windbg_to_c/main.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include "windbg_structure.hpp" 6 | 7 | int main(int argc, char** argv) 8 | { 9 | if(argc < 2) { 10 | std::cout << "Usage: windbg_to_c.exe input.txt" << std::endl; 11 | return EXIT_FAILURE; 12 | } 13 | std::ifstream input(argv[1]); 14 | std::ofstream output("result.txt"); 15 | 16 | std::stringstream inputstream; 17 | inputstream << input.rdbuf(); 18 | 19 | windbg_structure s(inputstream.str()); 20 | 21 | output << s.as_string(0) << std::endl; 22 | 23 | return EXIT_SUCCESS; 24 | } -------------------------------------------------------------------------------- /windbg_to_c/windbg_field.cpp: -------------------------------------------------------------------------------- 1 | #include "windbg_field.hpp" 2 | #include "helpers.hpp" 3 | 4 | #include 5 | #include 6 | #include 7 | 8 | windbg_field::windbg_field(std::string name, std::string type, uint32_t offset) 9 | : _name(std::move(name)), _type(std::move(type)), _offset(offset) 10 | { 11 | 12 | } 13 | windbg_field::~windbg_field() 14 | { 15 | } 16 | 17 | windbg_simple::windbg_simple(std::string name, std::string type, uint32_t offset) 18 | : windbg_field(std::move(name), std::move(type), offset) 19 | { 20 | 21 | } 22 | 23 | std::string windbg_simple::as_string(int tabcount /*= 0*/) const 24 | { 25 | return std::string(tabcount * 4, ' ') + _type + " " + _name + ";"; 26 | } 27 | 28 | windbg_array::windbg_array(std::string name, std::string type, uint32_t offset, uint32_t len) 29 | : windbg_field(std::move(name), std::move(type), offset), _length(len) 30 | { 31 | 32 | } 33 | 34 | std::string windbg_array::as_string(int tabcount /*= 0*/) const 35 | { 36 | return std::string(tabcount * 4, ' ') + _type + " " + _name + "[" + std::to_string(_length) + "];"; 37 | } 38 | 39 | windbg_union::windbg_union(uint32_t offset) 40 | : windbg_field("UNNAMED_UNION", "UNION", offset), _members() 41 | { 42 | 43 | } 44 | 45 | std::string windbg_union::as_string(int tabcount /*= 0*/) const 46 | { 47 | std::stringstream ss; 48 | ss << std::string(tabcount * 4, ' ') << "union {\n"; 49 | for(auto& f : _members) { 50 | ss << f->as_string(tabcount + 1) << '\n'; 51 | } 52 | ss << std::string(tabcount * 4, ' ') << "};"; 53 | return ss.str(); 54 | } 55 | 56 | windbg_bitfield::windbg_bitfield(std::string name, std::string type, uint32_t offset, uint32_t pos, uint32_t len) 57 | : windbg_field(std::move(name), std::move(type), offset), _pos(pos), _len(len) 58 | { 59 | 60 | } 61 | 62 | std::string windbg_bitfield::as_string(int tabcount /*= 0*/) const 63 | { 64 | return std::string(tabcount * 4, ' ') + _type + " " + _name + " : " + std::to_string(_len) + ";"; 65 | } 66 | 67 | windbg_bitfield_pack::windbg_bitfield_pack(uint32_t offset) 68 | : windbg_field("UNNAMED_PACK", "PACK", offset), _members() 69 | { 70 | 71 | } 72 | 73 | std::string windbg_bitfield_pack::as_string(int tabcount /*= 0*/) const 74 | { 75 | std::stringstream ss; 76 | ss << std::string(tabcount * 4, ' ') << "struct {\n"; 77 | for(auto& f : _members) { 78 | ss << f->as_string(tabcount + 1) << '\n'; 79 | } 80 | ss << std::string(tabcount * 4, ' ') << "};"; 81 | return ss.str(); 82 | } -------------------------------------------------------------------------------- /windbg_to_c/windbg_field.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | class windbg_field 9 | { 10 | public: 11 | windbg_field(std::string name, std::string type, uint32_t offset); 12 | windbg_field(const windbg_field&) = delete; 13 | windbg_field& operator=(const windbg_field&) = delete; 14 | 15 | virtual ~windbg_field(); 16 | 17 | virtual bool is_array() const = 0; 18 | virtual bool is_union() const = 0; 19 | virtual bool is_bitfield() const = 0; 20 | virtual bool is_bitfield_pack() const = 0; 21 | virtual std::string as_string(int tabcount = 0) const = 0; 22 | 23 | const std::string& get_name() const { return _name; } 24 | const std::string& get_type() const { return _type; } 25 | uint32_t get_offset() const { return _offset; } 26 | 27 | protected: 28 | std::string _name; 29 | std::string _type; 30 | uint32_t _offset; 31 | }; 32 | 33 | class windbg_simple 34 | : public windbg_field 35 | { 36 | public: 37 | windbg_simple(std::string name, std::string type, uint32_t offset); 38 | 39 | bool is_array() const override { return false; } 40 | bool is_union() const override { return false; } 41 | bool is_bitfield() const override { return false; } 42 | bool is_bitfield_pack() const override { return false; } 43 | 44 | std::string as_string(int tabcount = 0) const override; 45 | }; 46 | 47 | class windbg_array 48 | : public windbg_field 49 | { 50 | public: 51 | windbg_array(std::string name, std::string type, uint32_t offset, uint32_t len); 52 | 53 | bool is_array() const override { return true; } 54 | bool is_union() const override { return false; } 55 | bool is_bitfield() const override { return false; } 56 | bool is_bitfield_pack() const override { return false; } 57 | 58 | std::string as_string(int tabcount = 0) const override; 59 | 60 | uint32_t get_array_len() const { return _length; } 61 | 62 | private: 63 | uint32_t _length; 64 | }; 65 | 66 | class windbg_union 67 | : public windbg_field 68 | { 69 | public: 70 | windbg_union(uint32_t offset); 71 | 72 | bool is_array() const override { return false; } 73 | bool is_union() const override { return true; } 74 | bool is_bitfield() const override { return false; } 75 | bool is_bitfield_pack() const override { return false; } 76 | 77 | std::string as_string(int tabcount = 0) const override; 78 | 79 | void add_union_member(std::unique_ptr&& m) 80 | { 81 | _members.push_back(std::move(m)); 82 | } 83 | private: 84 | std::vector> _members; 85 | }; 86 | 87 | class windbg_bitfield 88 | : public windbg_field 89 | { 90 | public: 91 | windbg_bitfield(std::string name, std::string type, uint32_t offset, uint32_t pos, uint32_t len); 92 | 93 | bool is_array() const override { return false; } 94 | bool is_union() const override { return false; } 95 | bool is_bitfield() const override { return true; } 96 | bool is_bitfield_pack() const override { return false; } 97 | 98 | std::string as_string(int tabcount = 0) const override; 99 | 100 | uint32_t get_bitfield_pos() const { return _pos; } 101 | uint32_t get_bitfield_len() const { return _len; } 102 | 103 | private: 104 | uint32_t _pos; 105 | uint32_t _len; 106 | }; 107 | 108 | class windbg_bitfield_pack 109 | : public windbg_field 110 | { 111 | public: 112 | windbg_bitfield_pack(uint32_t offset); 113 | 114 | bool is_array() const override { return false; } 115 | bool is_union() const override { return false; } 116 | bool is_bitfield() const override { return false; } 117 | bool is_bitfield_pack() const override { return true; } 118 | 119 | std::string as_string(int tabcount = 0) const override; 120 | 121 | void add_bitfield_member(std::unique_ptr&& m) 122 | { 123 | _members.emplace_back(std::move(m)); 124 | } 125 | private: 126 | std::vector> _members; 127 | }; 128 | 129 | -------------------------------------------------------------------------------- /windbg_to_c/windbg_structure.cpp: -------------------------------------------------------------------------------- 1 | #include "windbg_structure.hpp" 2 | #include "helpers.hpp" 3 | #include 4 | #include 5 | 6 | windbg_structure::windbg_structure(const std::string& text) 7 | { 8 | auto lines = split_string(text, "\n"); 9 | 10 | std::transform(lines.begin(), lines.end(), lines.begin(), [](std::string& str) { 11 | return trim_spaces(str); 12 | }); 13 | 14 | // 15 | // For each line... 16 | // 17 | for(auto it = lines.begin(); it != lines.end(); ++it) { 18 | if(it->empty()) continue; 19 | 20 | // 21 | // A line can be either: 22 | // - Header 23 | // - Union 24 | // - Bitfield 25 | // - Regular type 26 | // 27 | if(is_header(*it)) { 28 | _name = it->substr(it->find('!') + 1); 29 | if(_name[0] == '_') 30 | _name = _name.substr(1); 31 | } else if(is_union_or_bitfield(it)) { 32 | std::vector> union_fields; 33 | do { 34 | union_fields.emplace_back(parse_field(*it)); 35 | ++it; 36 | } while(is_union_or_bitfield(it)); 37 | 38 | union_fields.emplace_back(parse_field(*it)); 39 | 40 | auto bitfield_count = std::count_if( 41 | union_fields.begin(), 42 | union_fields.end(), 43 | [](const std::unique_ptr& field) { return field->is_bitfield(); }); 44 | 45 | if(bitfield_count != union_fields.size() && bitfield_count != 0) { //Its a union of a bitfield + non-bitfield 46 | std::unique_ptr field = std::make_unique(parse_field_offset(*it)); 47 | std::unique_ptr pack = std::make_unique(parse_field_offset(*it)); 48 | 49 | for(auto& f : union_fields) { 50 | if(f->is_bitfield()) 51 | pack->add_bitfield_member(std::move(f)); 52 | else 53 | field->add_union_member(std::move(f)); 54 | } 55 | 56 | field->add_union_member(std::move(pack)); 57 | _fields.emplace_back(std::move(field)); 58 | } else if(bitfield_count == 0) { //It just a union 59 | std::unique_ptr field = std::make_unique(parse_field_offset(*it)); 60 | for(auto& f : union_fields) { 61 | field->add_union_member(std::move(f)); 62 | } 63 | _fields.emplace_back(std::move(field)); 64 | } else { //It's just a bitfield 65 | std::unique_ptr pack = std::make_unique(parse_field_offset(*it)); 66 | for(auto& f : union_fields) { 67 | pack->add_bitfield_member(std::move(f)); 68 | } 69 | _fields.emplace_back(std::move(pack)); 70 | } 71 | } else { 72 | _fields.emplace_back(parse_field(*it)); 73 | } 74 | } 75 | } 76 | 77 | bool windbg_structure::is_header(const std::string& line) 78 | { 79 | return line.find('!') != std::string::npos; 80 | } 81 | 82 | std::unique_ptr windbg_structure::parse_field(const std::string& line) 83 | { 84 | using namespace std::string_literals; 85 | 86 | auto pointer_count = 0; 87 | auto is_array = false; 88 | auto array_len = 0; 89 | 90 | auto offset_string = line.substr(3, line.find_first_of(' ') - 3); 91 | auto offset = strtoul(std::data(offset_string), nullptr, 16); 92 | 93 | auto name_start = line.find_first_of(' ') + 1; 94 | auto name_end = line.find_first_of(' ', name_start); 95 | auto name_string = line.substr(name_start, name_end - name_start); 96 | 97 | auto type_start = line.find_first_of(':') + 1; 98 | auto type_string = line.substr(type_start); 99 | 100 | type_string = trim_spaces(type_string); 101 | name_string = trim_spaces(name_string); 102 | 103 | // 104 | // Check if this is a bitfield. 105 | // We return early if it is 106 | // 107 | if(type_string.find("Pos") == 0) { 108 | auto separator = type_string.find(','); 109 | auto pos = type_string.substr(4, separator - 4); 110 | auto len = type_string.substr(separator + 2); 111 | auto bitfield_pos = std::strtoul(std::data(pos), nullptr, 10); 112 | auto bitfield_len = std::strtoul(std::data(len), nullptr, 10); 113 | auto type = "UCHAR"s; 114 | 115 | if(bitfield_len > 32) 116 | type = "ULONGLONG"; 117 | else if(bitfield_len > 16) 118 | type = "ULONG"; 119 | else if(bitfield_len > 8) 120 | type = "USHORT"; 121 | 122 | return std::make_unique(name_string, type, offset, bitfield_pos, bitfield_len); 123 | } 124 | 125 | if(type_string[0] == '[') { 126 | is_array = true; 127 | auto array_end = type_string.find(']'); 128 | auto subscript = type_string.substr(1, array_end - 1); 129 | array_len = std::strtoul(std::data(subscript), nullptr, 10); 130 | 131 | type_string = type_string.substr(array_end + 2); 132 | 133 | } 134 | 135 | while(type_string.find("Ptr64") != std::string::npos) { 136 | pointer_count++; 137 | type_string = type_string.substr(6); 138 | } 139 | 140 | type_string = trim_spaces(type_string); 141 | 142 | auto it = known_types.find(type_string); 143 | if(it != known_types.end()) { 144 | type_string = it->second; 145 | } else { 146 | if(type_string[0] == '_') 147 | type_string = type_string.substr(1); 148 | } 149 | 150 | if(pointer_count > 1) { 151 | type_string = "P"s + type_string; 152 | while(--pointer_count) { 153 | type_string += "*"; 154 | } 155 | } else if(pointer_count == 1) { 156 | type_string = "P"s + type_string; 157 | } 158 | 159 | if(is_array) 160 | return std::make_unique(name_string, type_string, offset, array_len); 161 | else 162 | return std::make_unique(name_string, type_string, offset); 163 | } 164 | 165 | 166 | std::string windbg_structure::as_string(int tabcount/* = 0*/) const 167 | { 168 | std::stringstream out; 169 | out << std::string(tabcount * 4, ' ') << "typedef struct _" << _name << "\n{\n"; 170 | for(auto& field : _fields) { 171 | out << field->as_string(tabcount + 1) << "\n"; 172 | } 173 | out << std::string(tabcount * 4, ' ') << "} " << _name << ", *P" << _name << ";" << std::endl; 174 | return out.str(); 175 | } -------------------------------------------------------------------------------- /windbg_to_c/windbg_structure.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | 6 | #include "helpers.hpp" 7 | #include "windbg_field.hpp" 8 | 9 | // 10 | // Known WinDbg Data Types 11 | // 12 | const std::map known_types = { 13 | {"void", "VOID"}, 14 | {"Void", "VOID"}, 15 | {"Char", "CHAR"}, 16 | {"Int2B", "SHORT"}, 17 | {"Int4B", "LONG"}, 18 | {"Int8B", "LONGLONG"}, 19 | {"UChar", "UCHAR"}, 20 | {"Uint2B", "USHORT"}, 21 | {"Uint4B", "ULONG"}, 22 | {"Uint8B", "ULONGLONG"} 23 | }; 24 | 25 | enum field_types 26 | { 27 | regular_field, 28 | array_field, 29 | bitfield, 30 | }; 31 | 32 | class windbg_structure 33 | { 34 | public: 35 | windbg_structure(const std::string& text); 36 | 37 | static bool is_header(const std::string& line); 38 | 39 | template 40 | static bool is_union_or_bitfield(Iter it) 41 | { 42 | try { 43 | return parse_field_offset(*it) == parse_field_offset(*(it + 1)); 44 | } catch(const std::out_of_range&) { //end iterator throws when you try to increment past it 45 | return false; 46 | } 47 | } 48 | 49 | const std::string& get_name() const 50 | { 51 | return _name; 52 | } 53 | 54 | std::string as_string(int tabcount = 0) const; 55 | 56 | private: 57 | static std::string parse_field_name(const std::string& line) 58 | { 59 | auto name_start = line.find_first_of(' ') + 1; 60 | auto name_end = line.find_first_of(':'); 61 | auto temp = line.substr(name_start, name_end - name_start); 62 | return trim_spaces(temp); 63 | } 64 | 65 | static uint32_t parse_field_offset(const std::string& line) 66 | { 67 | auto temp = line.substr(3, line.find_first_of(' ') - 3); 68 | return strtoul(std::data(temp), nullptr, 16); 69 | } 70 | 71 | static std::unique_ptr parse_field(const std::string& line); 72 | private: 73 | std::string _name; 74 | std::vector> _fields; 75 | }; 76 | -------------------------------------------------------------------------------- /windbg_to_c/windbg_to_c.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | {3FBEDFB7-EB36-420D-BA64-2758E2C5EAA6} 23 | Win32Proj 24 | Win32Project1 25 | 10.0.10586.0 26 | windbg_to_c 27 | 28 | 29 | 30 | Application 31 | true 32 | v140 33 | Unicode 34 | 35 | 36 | Application 37 | false 38 | v140 39 | true 40 | Unicode 41 | 42 | 43 | Application 44 | true 45 | v140 46 | Unicode 47 | 48 | 49 | Application 50 | false 51 | v140 52 | true 53 | Unicode 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | true 75 | .exe 76 | windbg_to_c 77 | $(SolutionDir)bin\$(Platform)\$(Configuration)\ 78 | $(SolutionDir)build\$(Platform)\$(Configuration)\ 79 | $(VC_IncludePath);$(WindowsSDK_IncludePath);C:\Development\boost_1_61_0; 80 | $(VC_LibraryPath_x86);$(WindowsSDK_LibraryPath_x86);$(NETFXKitsDir)Lib\um\x86;C:\Development\boost_1_61_0\lib\win32 81 | 82 | 83 | true 84 | .exe 85 | windbg_to_c 86 | $(SolutionDir)bin\$(Platform)\$(Configuration)\ 87 | $(SolutionDir)build\$(Platform)\$(Configuration)\ 88 | $(VC_IncludePath);$(WindowsSDK_IncludePath);C:\Development\boost_1_61_0; 89 | $(VC_LibraryPath_x64);$(WindowsSDK_LibraryPath_x64);$(NETFXKitsDir)Lib\um\x64;C:\Development\boost_1_61_0\lib\win64 90 | 91 | 92 | false 93 | .exe 94 | windbg_to_c 95 | $(SolutionDir)bin\$(Platform)\$(Configuration)\ 96 | $(SolutionDir)build\$(Platform)\$(Configuration)\ 97 | $(VC_IncludePath);$(WindowsSDK_IncludePath);C:\Development\boost_1_61_0; 98 | $(VC_LibraryPath_x86);$(WindowsSDK_LibraryPath_x86);$(NETFXKitsDir)Lib\um\x86;C:\Development\boost_1_61_0\lib\win32 99 | 100 | 101 | false 102 | .exe 103 | windbg_to_c 104 | $(SolutionDir)bin\$(Platform)\$(Configuration)\ 105 | $(SolutionDir)build\$(Platform)\$(Configuration)\ 106 | $(VC_IncludePath);$(WindowsSDK_IncludePath);C:\Development\boost_1_61_0; 107 | $(VC_LibraryPath_x64);$(WindowsSDK_LibraryPath_x64);$(NETFXKitsDir)Lib\um\x64;C:\Development\boost_1_61_0\lib\win64 108 | 109 | 110 | 111 | 112 | 113 | Level3 114 | Disabled 115 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 116 | Default 117 | false 118 | 119 | 120 | Console 121 | true 122 | 123 | 124 | 125 | 126 | 127 | 128 | Level3 129 | Disabled 130 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions) 131 | Default 132 | false 133 | 134 | 135 | Console 136 | true 137 | 138 | 139 | 140 | 141 | Level4 142 | 143 | 144 | MaxSpeed 145 | true 146 | true 147 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 148 | Default 149 | Speed 150 | false 151 | 152 | 153 | Console 154 | true 155 | true 156 | true 157 | 158 | 159 | 160 | 161 | Level4 162 | 163 | 164 | MaxSpeed 165 | true 166 | true 167 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 168 | Default 169 | Speed 170 | false 171 | 172 | 173 | Console 174 | true 175 | true 176 | true 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | --------------------------------------------------------------------------------