This example shows how to find the queue element on both the system queue and an application queue.

A similar technique applies to both types of queue. The system queue header is located from the address at psysqueue. Location of application queue headers has been discussed in How to find the MQ of any thread.

The queue header contains the current read and write pointers, the queue element length and number of elements queued.

We illustrate this with the system queue in the following example:

##dd psysqueue l1
deff:00000000  1bdf0ac0
##dd %1bdf0ac0
%1bdf0ac0  00000000 0030001e 00000078 1bdf0ae4
%1bdf0ad0  1bdf18f4 1bdf1840 1bdf0fd0 00060000
%1bdf0ae0  00070007 00000072 00510196 000002fe
%1bdf0af0  00342420 1c0a9c00 01040040 00335362
%1bdf0b00  00700040 015c0000 000000c1 26cf0000
%1bdf0b10  1c000034 00401c0a 53c00104 00000033
%1bdf0b20  00000071 00c1015c 000082fe 003426cf
%1bdf0b30  1c0a9c00 01040040 003353ff 00700040
##dw %1bdf1840
%1bdf1840  0070 0000 0134 0050 0000 0000 1616 0034
%1bdf1850  8e00 0e7f 0040 0104 50f1 0033 0040 0071
%1bdf1860  0000 0134 0050 82fe 0000 172f 0034 1c00
%1bdf1870  1c0a 0040 0104 51cc 0033 0000 0072 0000
%1bdf1880  0134 0050 02fe 0000 180a 0034 9c00 1c0a
%1bdf1890  0040 0104 522a 0033 0040 0070 0000 019f
%1bdf18a0  0052 0000 0000 22c8 0034 1c00 1c0a 0040
%1bdf18b0  0104 5268 0033 0000 0071 0000 019f 0052
##

MQ+0x4 tells us 0x30 elements are queued, of length 0x1e bytes each.

MQ+0x14 is the current read pointer.

Displaying the queue from the current read pointer we can read off the first few message IDs since they are located at +0x0 of each entry: 70, 71, 72, and so on.

In an application queue the element length is 0x20.