The other day I had to debug a JavaScript UWA that was failing when trying to use an undefined property. In a previous OS build this code would run and the property was defined. I wanted something similar to windbg/cdb's ba command that lets me set a breakpoint on read or writes to a memory location so I could see what was creating the object in the previous OS build and what that code was doing now in the current OS build. I couldn't find such a breakpoint mechanism in Visual Studio or F12 so I wrote a little script to approximate JavaScript data breakpoints.
The script creates a stub object with a getter and setter. It actually performs the get or set but also calls debugger; to break in the debugger. In order to handle my case of needing to break when window.object1.object2 was created or accessed, I further had it recursively set up such stub objects for the matching property names.
Its not perfect because it is an enumerable property and shows up in hasOwnProperty and likely other places. But for your average code that checks for the existence of a property via if (object.property) it works well.
You can use conditional breakpoints and debugging commands in windbg and cdb that together can amount to effectively patching a binary at runtime. This can be useful if you have symbols but you can't easily rebuild the binary. Or if the patch is small and the binary requires a great deal of time to rebuild.
If you want to skip a chunk of code you can set a breakpoint at the start address of the code to skip and set the breakpoint's command to change the instruction pointer register to point to the address at the end of the code to skip and go. Voila you're skipping over that code now. For example:
bp 0x6dd6879b "r @eip=0x6dd687c3 ; g"You may want to modify parameters or variables and this is simple of course. In the following example a conditional breakpoint ANDs out a bit from dwFlags. Now when we run its as if no one is passing in that flag.
bp wiwi!RelativeCrack "?? dwFlags &= 0xFDFFFFFF;g"Slightly more difficult is to modify string values. If the new string length is the same size or smaller than the previous, you may be able to modify the string value in place. But if the string is longer or the string memory isn't writable, you'll need a new chunk of memory into which to write your new string. You can use .dvalloc to allocate some memory and ezu to write a string into the newly allocated memory. In the following example I then overwrite the register containing the parameter I want to modify:
.dvalloc 100
ezu 000002a9`d4eb0000 "mfcore.dll"
r rcx = 000002a9`d4eb0000You can also use .call to actually make new calls to methods or functions. Read more about that on the Old New Thing: Stupid debugger tricks: Calling functions and methods. Again, all of this can be used in a breakpoint command to effectively patch a binary.
Scripting in cdb/kd is not pleasant. Using PowerShell to script cdb/kd instead:
http://www.leeholmes.com/blog/2009/01/21/scripting-windbg-with-powershell/ … . Any other better ways?
Another Comedy Bang Bang preview clip this time with Zach Galifianakis.
Last Thursday I saw a bunch of college friends that I hadn't seen in a while, despite all of us working at Microsoft, and Saul and Ciera who were visiting. We had dinner at Typhoon! which I haven't been to in quite a while. Daniil and Val brought their cute child. I got to see Charlie and Matt who I'm not sure I've seen since my 25th birthday. There was much nerdiness. I need to remember to organize such a night myself sometime in near future so I don't have to wait another year to see them.
On the weekend Sarah and I went out to dinner at Carnegie's, a former
public library in Ballard, Seattle that's now a restaurant. I saw the restaurant's website in Matt's delicious links and thought it looked interesting. The exterior and entryway look like a public
library, but just inside its redone as a sort of modern version of french classical with a bar and two dining rooms. No pictures since my replacement camera only arrived today, but there are
photos available. They serve french cuisine which was good and
not as expensive as I would have expected. An interesting place, although its a bit of a drive and I'm not sure if we'll be going back soon.
Two weekends ago it was actually sunny and kind of warm so Sarah and I went down to Spud Fish and Chips and Juanita Beach Park. We ate fish and chips on the dock. I took a few pictures and this
time actually put some geographical information on Flickr so now I've got a map of my tiny fish and chips journey. On the map click on the floating marks to view the associated photos.
Flickr provides access to the geo data associated with your photos via GeoRSS feeds. And Google Maps displays GeoRSS feed content on their maps allowing you even to edit the data but doesn't appear to let you easily export the GeoRSS. Live Maps does the inverse, allowing you to create and export GeoRSS data but not import it. I'd like both please. Oh well.
Some rights reserved