What's the way to get only the property value of an object using Windbg?

Question

I'm doing dump debugging, using PYKD, and therefore I'm using the PYKD dbgCommand() for getting information on objects.

The problem is: the dbgCommand() results need to be parsed in order to be used, as you can see in following example:

source code : result = dbgCommand(("dt -c CStringArray m_nSize " + pointer_format) % (ptr)).split(' : ')
example     : dt -c CStringArray m_nSize 0x03966ce8
example output : 
  <application>!CStringArray
  +0x008 m_nSize 0n16  

I'm only interested in the size itself (0n16), and I can parse the result in order to get this, but as I'm having lots of objects (some 100,000) this becomes very time-consuming, therfore I'd like to limit the result as much as possible.

Is there a way (using other display options, using other commands than dt, using native visualisers if needed) to get following situation:

dt <options> CStringArray m_nSize 0x03966ce8
0n16 // only that, nothing else

In the meanwhile, I've already arrived one step further, using dd command, as you can see:

0:000> dd 0x03966ce8+0x008 L1 // for a CStringArray, m_nSize is at memory address +0x008
                              // L1 means: limit the amount of answers to one byte
03966cf0  00000010            // the result only contains one line.

Now I only need to find a way not to see the memory address anymore.

Answer 1

Why don't you want to use typedVar class from pykd?

Try:

print( typedVar('CStringArray', address).m_nSize )

Answer 2

0:000> dt -c foo m_nsize
Local var @ 0x2dfdb8 Type CStringArray
+0x008 m_nSize 0n5
0:000> .printf "%x\n" , @@c++(foo.m_nSize)
5
0:000>