WinDbg as UNICODE to ASCII Converter

Steps:

1. Open a crash dump or attach WinDbg to a process you can sacrifice.

2. Enter this command: eb rsp <UNICODE string> [00 00]

0: kd> eb rsp 42 00 65 00 65 00 74 00 68 00 6F 00 76 00 65 00 6E 00 3A 00 20 00 53 00 79 00 6D 00 70 00 68 00 6F 00 6E 00 69 00 65 00 73 00 20 00 31 00 20 00 61 00 6E 00 64 00 20 00 33 00 00 00

Note: use esp for a 32-bit dump. Last NULL terminators 00 00 are not necessary if the string already has them.

3. Enter this command: du rsp

0: kd> du rsp
fffff880`15925ae8  "Beethoven: Symphonies 1 and 3"

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

Leave a Reply

You must be logged in to post a comment.