memory - Dave's Blog

Search
My timeline on Mastodon

Tweet from David Risney

2016 Dec 7, 5:30
@ericlaw @RReverser broke my screenshot muscle memory. Switched to snipping tool.
PermalinkComments

Data breakpoints in JavaScript

2016 Jun 17, 5:44

The other day I had to debug a JavaScript UWA that was failing when trying to use an undefined property. In a previous OS build this code would run and the property was defined. I wanted something similar to windbg/cdb's ba command that lets me set a breakpoint on read or writes to a memory location so I could see what was creating the object in the previous OS build and what that code was doing now in the current OS build. I couldn't find such a breakpoint mechanism in Visual Studio or F12 so I wrote a little script to approximate JavaScript data breakpoints.

The script creates a stub object with a getter and setter. It actually performs the get or set but also calls debugger; to break in the debugger. In order to handle my case of needing to break when window.object1.object2 was created or accessed, I further had it recursively set up such stub objects for the matching property names.

Its not perfect because it is an enumerable property and shows up in hasOwnProperty and likely other places. But for your average code that checks for the existence of a property via if (object.property) it works well.

PermalinkCommentsdebug debugging javascript

Cdb/Windbg Commands for Runtime Patching

2016 Feb 8, 1:47

You can use conditional breakpoints and debugging commands in windbg and cdb that together can amount to effectively patching a binary at runtime. This can be useful if you have symbols but you can't easily rebuild the binary. Or if the patch is small and the binary requires a great deal of time to rebuild.

Skipping code

If you want to skip a chunk of code you can set a breakpoint at the start address of the code to skip and set the breakpoint's command to change the instruction pointer register to point to the address at the end of the code to skip and go. Voila you're skipping over that code now. For example: 

bp 0x6dd6879b "r @eip=0x6dd687c3 ; g"

Changing parameters

You may want to modify parameters or variables and this is simple of course. In the following example a conditional breakpoint ANDs out a bit from dwFlags. Now when we run its as if no one is passing in that flag. 

bp wiwi!RelativeCrack "?? dwFlags &= 0xFDFFFFFF;g"

Slightly more difficult is to modify string values. If the new string length is the same size or smaller than the previous, you may be able to modify the string value in place. But if the string is longer or the string memory isn't writable, you'll need a new chunk of memory into which to write your new string. You can use .dvalloc to allocate some memory and ezu to write a string into the newly allocated memory. In the following example I then overwrite the register containing the parameter I want to modify: 

.dvalloc 100
ezu 000002a9`d4eb0000 "mfcore.dll"
r rcx = 000002a9`d4eb0000

Calling functions

You can also use .call to actually make new calls to methods or functions. Read more about that on the Old New Thing: Stupid debugger tricks: Calling functions and methods. Again, all of this can be used in a breakpoint command to effectively patch a binary.

PermalinkCommentscdb debug technical windbg

Video memory offer and reclaim (Windows Drivers)

2013 Sep 18, 9:41PermalinkCommentstechnical windows driver memory offer-reclaim

Nintendo GDC keynote: Wii Storage, new Zelda, world domination - Ars Technica

2009 Mar 25, 1:03Finally more storage for all those virtual console games I download: "What is going to interest gamers, however, is the expanded support for storage on the Nintendo Wii. The new update for the Wii Menu allows you to download and launch content straight from an SD card, and there is now support for SDHC cards, meaning you can cheaply add as much storage to your system as you'd like. A game was shown launching from a memory stick, with only a short loading time."PermalinkCommentsnintendo wii videogame storage

Security Research & Defense : Released build of Internet Explorer 8 blocks Dowd/Sotirov ASLR+DEP .NET bypass

2009 Mar 23, 12:58Details on a particular browser exploit and how its been resolved in IE8. "One approach they presented allowed attackers to use .NET framework DLL's to allocate executable pages of memory at predictable locations within the iexplore.exe process. They were then able to demonstrate how .NET behavior could be combined with a separate exploitable memory corruption vulnerability to run arbitrary code."PermalinkCommentssecurity ie8 ie browser hack via:ericlaw

The 'Is It UTF-8?' Quick and Dirty Test

2009 Mar 6, 5:16

I've found while debugging networking in IE its often useful to quickly tell if a string is encoded in UTF-8. You can check for the Byte Order Mark (EF BB BF in UTF-8) but, I rarely see the BOM on UTF-8 strings. Instead I apply a quick and dirty UTF-8 test that takes advantage of the well-formed UTF-8 restrictions.

Unlike other multibyte character encoding forms (see Windows supported character sets or IANA's list of character sets), for example Big5, where sticking together any two bytes is more likely than not to give a valid byte sequence, UTF-8 is more restrictive. And unlike other multibyte character encodings, UTF-8 bytes may be taken out of context and one can still know that its a single byte character, the starting byte of a three byte sequence, etc.

The full rules for well-formed UTF-8 are a little too complicated for me to commit to memory. Instead I've got my own simpler (this is the quick part) set of rules that will be mostly correct (this is the dirty part). For as many bytes in the string as you care to examine, check the most significant digit of the byte:

F:
This is byte 1 of a 4 byte encoded codepoint and must be followed by 3 trail bytes.
E:
This is byte 1 of a 3 byte encoded codepoint and must be followed by 2 trail bytes.
C..D:
This is byte 1 of a 2 byte encoded codepoint and must be followed by 1 trail byte.
8..B:
This is a trail byte.
0..7:
This is a single byte encoded codepoint.
The simpler rules can produce false positives in some cases: that is, they'll say a string is UTF-8 when in fact it might not be. But it won't produce false negatives. The following is table from the Unicode spec. that actually describes well-formed UTF-8.
Code Points 1st Byte 2nd Byte 3rd Byte 4th Byte
U+0000..U+007F 00..7F
U+0080..U+07FF C2..DF 80..BF
U+0800..U+0FFF E0 A0..BF 80..BF
U+1000..U+CFFF E1..EC 80..BF 80..BF
U+D000..U+D7FF ED 80..9F 80..BF
U+E000..U+FFFF EE..EF 80..BF 80..BF
U+10000..U+3FFFF F0 90..BF 80..BF 80..BF
U+40000..U+FFFFF F1..F3 80..BF 80..BF 80..BF
U+100000..U+10FFFF F4 80..8F 80..BF 80..BF

PermalinkCommentstest technical unicode boring charset utf8 encoding

Retro Sabotage: Highwaymen On Memory Lane - Flash Games [ver.9.0 req.]

2008 Mar 23, 3:26Flash versions of retro games with humorous differences.PermalinkCommentsgame humor retro games flash web internet pacman space-invaders tetris via:boingboing

GPDE Team Blog : JavaScript Memory Leak Detector

2008 Jan 25, 1:35GPDE team has a tool to help find memory leaks for JavaScript running in IE.PermalinkCommentsvia:kris.kowal microsoft ie javascript blog article tool free memory-leak programming

Quagmire

2007 Dec 28, 11:25Programming language that again works on a 2D memory field this time using black and white images.PermalinkCommentsart code language programming visualization

The Smashed Volkswagon page

2007 Jul 26, 12:44After Chris' VW was smashed he created this page in memory (of memories). Good times...PermalinkCommentschris-shelton bug car poetry prose vw volkswagon

MoHo Living

2007 May 13, 12:16My parents and grandmother came to visit the weekend before this current weekend, starting Friday May 4th. They arrived via their new motor-home which is quite the machine. Of course its my parents motor-home so its very well decorated inside including drapes and mini-chandelier. I didn't have a memory card for my camera at the time but I'm sure my parents will put up photos on their new blog dedicated to their motor-home at some point in the future.

At any rate, they parked the motor-home in an RV park in Issaquah so that Friday night I drove over to them and we ate at the conveniently closely located Pogachas. The next day they came over and I showed them the various cool looking things my computer connected to my flat screen TV can do. This includes Vista Media Center showing my photos from recent trips and Google Earth mapping out our respective homes and my recent trips (and Paris). Additionally, we played Wii which, unsurprisingly based on anecdotal evidence from varied sources across the Internet, was a seeming hit. Mom broke records playing bowling with my dad and I, Dad did an excellent job fishing, and Grandma's slow but steady win's the race approach to cow racing worked very well.

The next day I drove them to Seattle and we walked around Pike's Place. My parents made dinner that night at my place which was very good and made my apartment actually smell like cooked food. Also, we exchanged Christmas gifts. For the past two years I've flown back to my parents' house for Christmas and ended up with gifts I couldn't take with me in both directions. Those I left at their house they drove up and I was able to give them the ones I left at my place. They started the drive back the next day. I really enjoyed seeing them here.PermalinkCommentsmotorhome family personal nontechnical

Darmok (episode) - Memory Alpha

2005 Sep 4, 3:24PermalinkCommentsscifi tv startrek

Main Page - Memory Alpha

2005 Sep 4, 3:24Star Trek EncyclopediaPermalinkCommentsencyclopedia reference scifi startrek tv nerds search
Older Entries Creative Commons License Some rights reserved.