debugging - Dave's Blog

Search

Data breakpoints in JavaScript

2016 Jun 17, 5:44

The other day I had to debug a JavaScript UWA that was failing when trying to use an undefined property. In a previous OS build this code would run and the property was defined. I wanted something similar to windbg/cdb's ba command that lets me set a breakpoint on read or writes to a memory location so I could see what was creating the object in the previous OS build and what that code was doing now in the current OS build. I couldn't find such a breakpoint mechanism in Visual Studio or F12 so I wrote a little script to approximate JavaScript data breakpoints.

The script creates a stub object with a getter and setter. It actually performs the get or set but also calls debugger; to break in the debugger. In order to handle my case of needing to break when window.object1.object2 was created or accessed, I further had it recursively set up such stub objects for the matching property names.

Its not perfect because it is an enumerable property and shows up in hasOwnProperty and likely other places. But for your average code that checks for the existence of a property via if (object.property) it works well.

PermalinkCommentsdebug debugging javascript

Cdb/Windbg Commands for Runtime Patching

2016 Feb 8, 1:47

You can use conditional breakpoints and debugging commands in windbg and cdb that together can amount to effectively patching a binary at runtime. This can be useful if you have symbols but you can't easily rebuild the binary. Or if the patch is small and the binary requires a great deal of time to rebuild.

Skipping code

If you want to skip a chunk of code you can set a breakpoint at the start address of the code to skip and set the breakpoint's command to change the instruction pointer register to point to the address at the end of the code to skip and go. Voila you're skipping over that code now. For example:

bp 0x6dd6879b "r @eip=0x6dd687c3 ; g"

Changing parameters

You may want to modify parameters or variables and this is simple of course. In the following example a conditional breakpoint ANDs out a bit from dwFlags. Now when we run its as if no one is passing in that flag.

bp wiwi!RelativeCrack "?? dwFlags &= 0xFDFFFFFF;g"

Slightly more difficult is to modify string values. If the new string length is the same size or smaller than the previous, you may be able to modify the string value in place. But if the string is longer or the string memory isn't writable, you'll need a new chunk of memory into which to write your new string. You can use .dvalloc to allocate some memory and ezu to write a string into the newly allocated memory. In the following example I then overwrite the register containing the parameter I want to modify:

.dvalloc 100
ezu 000002a9`d4eb0000 "mfcore.dll"
r rcx = 000002a9`d4eb0000

Calling functions

You can also use .call to actually make new calls to methods or functions. Read more about that on the Old New Thing: Stupid debugger tricks: Calling functions and methods. Again, all of this can be used in a breakpoint command to effectively patch a binary.

PermalinkCommentscdb debug technical windbg

Retweet of FioraAeterna

2015 Mar 7, 3:51
"This assert would've saved me hours of debugging. Why was it off?" *git blame* commit: "disable assert that caused test failures" *sobs*
PermalinkComments

Debugging anecdote - the color transparent black breaks accessibility

2014 May 22, 10:36

Some time back while I was working on getting the Javascript Windows Store app platform running on Windows Phone (now available on the last Windows Phone release!) I had an interesting bug that in retrospect is amusing.

I had just finished a work item to get accessibility working for JS WinPhone apps when I got a new bug: With some set of JS apps, accessibility appeared to be totally broken. At that time in development the only mechanism we had to test accessibility was a test tool that runs on the PC, connects to the phone, and dumps out the accessibility tree of whatever app is running on the phone. In this bug, the tool would spin for a while and then timeout with an error and no accessibility information.

My first thought was this was an issue in my new accessibility code. However, debugging with breakpoints on my code I could see none of my code was run nor the code that should call it. The code that called that code was a more generic messaging system that hit my breakpoints constantly.

Rather than trying to work backward from the failure point, I decided to try and narrow down the repro and work forwards from there. One thing all the apps with the bug had in common was their usage of WinJS, but not all WinJS apps demonstrated the issue. Using a binary search approach on one such app I removed unrelated app code until all that was left was the app's usage of the WinJS AppBar and the bug still occurred. I replaced the WinJS AppBar usage with direct usage of the underlying AppBar WinRT APIs and continued.

Only some calls to the AppBar WinRT object produced the issue:

        var appBar = Windows.UI.WebUI.Core.WebUICommandBar.getForCurrentView(); 
// appBar.opacity = 1;
// appBar.closeDisplayMode = Windows.UI.WebUI.Core.WebUICommandBarClosedDisplayMode.default;
appBar.backgroundColor = Windows.UI.Colors.white; // Bug!
Just setting the background color appeared to cause the issue and I didn't even have to display the AppBar. Through additional trial and error I was blown away to discover that some colors I would set caused the issue and other colors did not. Black wouldn't cause the issue but transparent black would. So would aqua but not white.

I eventually realized that predefined WinRT color values like Windows.UI.Colors.aqua would cause the issue while JS literal based colors didn't cause the issue (Windows.UI.Color is a WinRT struct which projects in JS as a JS literal object with the struct members as JS object properties so its easy to write something like {r: 0, g: 0, b: 0, a: 0} to make a color) and I had been mixing both in my tests without realizing there would be a difference. I debugged into the backgroundColor property setter that consumed the WinRT color struct to see what was different between Windows.UI.Colors.black and {a: 1, r: 0, g: 0, b: 0} and found the two structs to be byte wise exactly the same.

On a hunch I tried my test app with only a reference to the color and otherwise no interaction with the AppBar and not doing anything with the actual reference to the color: Windows.UI.Colors.black;. This too caused the issue. I knew that the implementation for these WinRT const values live in a DLL and guessed that something in the code to create these predefined colors was causing the issue. I debugged in and no luck. Now I also have experienced crusty code that would do exciting things in its DllMain, the function that's called when a DLL is loaded into the process so I tried modifying my C++ code to simply LoadLibrary the DLL containing the WinRT color definition, windows.ui.xaml.dll and found the bug still occurred! A short lived moment of relief as the world seemed to make sense again.

Debugging into DllMain nothing interesting happened. There were interesting calls in there to be sure, but all of them behind conditions that were false. I was again stumped. On another hunch I tried renaming the DLL and only LoadLibrary'ing it and the bug went away. I took a different DLL renamed it windows.ui.xaml.dll and tried LoadLibrary'ing that and the bug came back. Just the name of the DLL was causing the issue.

I searched for the DLL name in our source code index and found hits in the accessibility tool. Grinning I opened the source to find that the accessibility tool's phone side service was trying to determine if a process belonged to a XAML app or not because XAML apps had a different accessibility contract. It did this by checking to see if windows.ui.xaml.dll was loaded in the target process.

At this point I got to fix my main issue and open several new bugs for the variety of problems I had just run into. This is a how to on writing software that is difficult to debug.

PermalinkCommentsbug debug javascript JS technical windows winrt

Debugging LoadLibrary Failures - Junfeng Zhang's Windows Programming Notes - Site Home - MSDN Blogs

2014 Feb 25, 2:22

How to turn on debug logging for LoadLibrary to diagnose failures. For example, see where in the dependency graph of a DLL LoadLibrary ran into issues.

PermalinkCommentstechnical win32 windows debugging loadlibrary

WinDbg .cmdtree file format reverse engineered | Debugging

2013 May 22, 3:34

Wrote some scripts that produce .cmdtree files. Nice to find this format definition.

PermalinkCommentsdebug windows windbg technical cmdtree

The Fiddler Book: "Debugging with Fiddler: The official reference from the developer of Fiddler"

2012 Jun 23, 9:19

THE Fiddler Book straight from the source, EricLaw - the developer of Fiddler!

Fiddler is a wonderful tool with never ending extensibility. With this book I shall master it!

PermalinkCommentstechnical programming book ericlaw fiddler http

WPAD Server Fiddler Extension Update v1.0.1

2011 Jun 12, 3:34
As it turns out the WPAD Server Fiddler Extension I made a while back actually has a non-malicious purpose. Apparently its useful for debugging HTTP on the WP7 phone (or so I'm told). Anyway I took some requests and I've fixed a few minor bugs (start button not updating correctly), changed the dialog to be a Fiddler tab so you can use it non-modally, and the WPAD server is now always off when Fiddler starts.
PermalinkCommentsextension fiddler technical update wpad

The Old New Thing : Advantages of knowing your x86 machine code

2010 Feb 19, 2:27Raymond's tips for modifying x86 assembly code while debugging.PermalinkCommentstutorial debug debugging technical assembly x86 windows raymond-chen tips

Annotated x64 Disassembly

2010 Feb 19, 2:26A short tutorial on debugging amd64 assemblyPermalinkCommentsmicrosoft tutorial msdn debug debugging technical assembly x64 amd64 windows documentation

Annotated x86 Disassembly

2010 Feb 19, 2:25A short tutorial on debugging x86 assembly code.PermalinkCommentsmicrosoft tutorial msdn debug debugging technical assembly x86 windows documentation

Become a Web Debugging Virtuoso with Fiddler :: Sessions :: Microsoft PDC09

2009 Nov 19, 3:32Eric's talk at PDC on Fiddler.PermalinkCommentshttp eric-lawrence fiddler pdc video proxy microsoft windows debug debugger technical

The 'Is It UTF-8?' Quick and Dirty Test

2009 Mar 6, 5:16

I've found while debugging networking in IE its often useful to quickly tell if a string is encoded in UTF-8. You can check for the Byte Order Mark (EF BB BF in UTF-8) but, I rarely see the BOM on UTF-8 strings. Instead I apply a quick and dirty UTF-8 test that takes advantage of the well-formed UTF-8 restrictions.

Unlike other multibyte character encoding forms (see Windows supported character sets or IANA's list of character sets), for example Big5, where sticking together any two bytes is more likely than not to give a valid byte sequence, UTF-8 is more restrictive. And unlike other multibyte character encodings, UTF-8 bytes may be taken out of context and one can still know that its a single byte character, the starting byte of a three byte sequence, etc.

The full rules for well-formed UTF-8 are a little too complicated for me to commit to memory. Instead I've got my own simpler (this is the quick part) set of rules that will be mostly correct (this is the dirty part). For as many bytes in the string as you care to examine, check the most significant digit of the byte:

F:
This is byte 1 of a 4 byte encoded codepoint and must be followed by 3 trail bytes.
E:
This is byte 1 of a 3 byte encoded codepoint and must be followed by 2 trail bytes.
C..D:
This is byte 1 of a 2 byte encoded codepoint and must be followed by 1 trail byte.
8..B:
This is a trail byte.
0..7:
This is a single byte encoded codepoint.
The simpler rules can produce false positives in some cases: that is, they'll say a string is UTF-8 when in fact it might not be. But it won't produce false negatives. The following is table from the Unicode spec. that actually describes well-formed UTF-8.
Code Points 1st Byte 2nd Byte 3rd Byte 4th Byte
U+0000..U+007F 00..7F
U+0080..U+07FF C2..DF 80..BF
U+0800..U+0FFF E0 A0..BF 80..BF
U+1000..U+CFFF E1..EC 80..BF 80..BF
U+D000..U+D7FF ED 80..9F 80..BF
U+E000..U+FFFF EE..EF 80..BF 80..BF
U+10000..U+3FFFF F0 90..BF 80..BF 80..BF
U+40000..U+FFFFF F1..F3 80..BF 80..BF 80..BF
U+100000..U+10FFFF F4 80..8F 80..BF 80..BF

PermalinkCommentstest technical unicode boring charset utf8 encoding

Debugging Toolbox

2008 Sep 30, 11:14Tools and hints for debugging esp. WinDbg. Some interesting things in here. "...When I'm not debugging applications with Windbg, I'm working on tools (utility software) like those presented in this blog. My tools should help you during your debugging or troubleshooting session. "PermalinkCommentsblog windows debug windbg powershell tool programming

Debugging XSLT

2008 Aug 15, 4:02VS debugs XSLT. Didn't know that. Neat. "You can use the Visual Studio debugger to debug XSLT. The debugger supports setting breakpoints, viewing XSLT execution state, and so on. The debugger can be used to debug a style sheet, or to debug an XSLT transformation invoked from another application. XSLT debugging is available in the Visual Studio Team System and the Professional Edition." Unfortunately I couldn't figure out how to pass in parameter values... I just ended up setting the default value for my param elements. Otherwise, cool.PermalinkCommentsdebug visual-studio microsoft msdn reference xsl xslt xml

The Microsoft Wow Blog!: Mike Klucher: XNA Framework games running on Zune

2008 May 5, 11:42Video of "Mike Klucher talks about building XNA Framework games for the Zune and shows the soon-to-be-released CTP that enables developers to build Zune projects, adds a new menu on your Zune for games, and also enables device debugging directly from VisuPermalinkCommentszune xbox videogame development microsoft blog article video

/EP (Preprocess to stdout Without #line Directives) (C++)

2008 Jan 28, 2:42Use this option with cl.exe (the Visual Studio C/C++ compiler) to see what your files look like after all the #define macro magic occurs. Useful when debugging crufty or organic macros.PermalinkCommentsmicrosoft msdn reference c++ cpp preprocessor tool compiler cl

IEBlog : Scripting Debugging in Internet Explorer

2007 Sep 7, 11:29Info on debugging script in IE.PermalinkCommentsie ie7 blog javascript debug debugger debugging web development programming vbscript tools tool download browser reference microsoft msdn

Install Debugging Tools for Windows 32-bit Version

2007 May 20, 5:14Debugging tools for Windows executables.PermalinkCommentsmsdn microsoft c++ c debug debugger development download free programming software tool tools windbg windows cdb

Intel Assembly Quick Reference

2006 Aug 31, 7:25Debugging assembly isn't that bad... Although source+symbols is much nicer.PermalinkCommentsintel x86 assembly programming reference
Older Entries Creative Commons License Some rights reserved.