\nI was doing some crash dump debugging, as I am often called upon to do,\nand one of the data structure I had to grovel through was something\nthat operated basically like an atom table, so that’s what I’ll call\nit.\nLike an atom table,\nit manages a collection of strings.\nYou can add a string to the table (getting a unique value back,\nwhich we will call an atom),\nand later you can hand it the atom and it will give you the string back.\nIt looked something like this:\n<\/p>\n
\nstruct ENTRY\n{\n ENTRY *next;\n UINT atom;\n PCWSTR value;\n};\n#define ATOMTABLESIZE 19\nstruct ATOMTABLE\n{\n ENTRY *buckets[ATOMTABLESIZE];\n};\n<\/pre>\n\n(It didn’t actually look like this; I’ve reduced it to the smallest\nexample that still illustrates my point.)\n<\/p>\n
\nAs part of my debugging, I had an atom and needed to look it up\nin the table.\nA program would do this by simply calling the\n“here is an atom, please give me the string” function,\nbut since this was a crash dump,\nthere’s nothing around to execute anything.\n(Not that having a live machine would’ve made things much easier,\nbecause this was a kernel-mode crash,\nso you don’t get any of this edit-and-continue froofy stuff.\nThis is real debugging<\/i>™.)\n<\/p>\n
\nBut even though the crashed system can’t execute anything,\nthe debugger<\/i> can execute stuff,\nand the debugger engine used by kd<\/code>\ncomes with its own mini-programming language.\nHere’s how I dumped the atom table:\n<\/p>\n\n\/\/ note: this was entered all on one line\n\/\/ broken into two lines for readability\n0: kd> .for (r $t0=0; @$t0 < 0n19; r $t0=@$t0+1)\n { dl poi (fffff8a0`06b69930+@$t0*8) 99 2 }\nfffff8a0`06ad3b90 fffff8a0`037a3fc0 fffff8a0`0000000c \\\nfffff8a0`037a3fc0 fffff8a0`037a4ae0 00000000`00000025 | $t0=0\nfffff8a0`037a4ae0 fffff8a0`02257580 00000000`00000036 |\nfffff8a0`02257580 00000000`00000000 00000000`00000056 \/\nfffff8a0`06ad3b30 fffff8a0`06ad3ad0 a9e8a9d8`0000000d \\\nfffff8a0`06ad3ad0 fffff8a0`037a4700 000007fc`0000000e |\nfffff8a0`037a4700 fffff8a0`01f96fb0 00000000`0000003f | $t0=1\nfffff8a0`01f96fb0 fffff8a0`06cfa5d0 fffff8a0`00000044 |\nfffff8a0`06cfa5d0 00000000`00000000 00181000`00000060 \/\nfffff8a0`033e7a70 fffff8a0`037a4770 00000020`00000023 \\\nfffff8a0`037a4770 fffff8a0`023b52f0 00000000`0000003e | $t0=2\nfffff8a0`023b52f0 fffff8a0`03b6e020 006f0063`00000059 |\nfffff8a0`03b6e020 00000000`00000000 00000000`00000075 \/\nfffff8a0`037a0670 fffff8a0`02b08870 fffff8a0`00000026 \\ $t0=3\nfffff8a0`03b9e390 00000000`00000000 00240000`00000071 \/\n...\n<\/pre>\n\nLet’s take that weirdo command apart one piece at a time.\n<\/p>\n
\nThe overall command is\n<\/p>\n
\n.for (a; b; c) { d }\n<\/pre>\n