WinDBG – 不匹配的JavaScript和dx行为

huangapple
go评论106阅读模式
英文:

WinDBG - Mismatching JavaScript and dx behaviour

问题

I am writing a simple JavaScript WinDBG script, however, I can't properly map the operands used in an instruction mapped by host.namespace.Debugger.Utility.Code.CreateDissassembler().DisassembleBlocks(addr)[addr].Instructions[addr]

I can list the operands with a for(var o of instruction.Operands) loop, but that doesn't particularly make sense considering that the order of operands is essential. So I have to convert that manually to an array, hoping that the order is preserved...?

What is even more confusing is that if I evaluate the same expression with dx, it behaves as an array. Namely, dx Debugger.Utility.Code.CreateDisassembler().DisassembleBlocks(0x7900ffff)[0x7900ffff].Instructions[0x7900ffff].Operands[0] does return the first operand, and (…).Operands[1] returns the second operand; while in JavaScript this same exact command will return undefined.

All I was able to find from the documentation is that Operands returns "A collection of operand objects describing the operands of the instruction."

Is this the expected behavior, or am I missing something?

Edit: As pointed out, a minimal reproducible example:

// Retrieves operand for current instruction pointed by EIP
function run() {
    var p = host.currentThread.Registers.User.eip;
    var instr = host.namespace.Debugger.Utility.Code.CreateDisassembler().DisassembleBlocks(p)[p].Instructions[p];
    host.diagnostics.debugLog(`Operand: ${instr.Operands[0]}\n`); // "Operand: undefined"
    // Incompatible with: `dx Debugger.Utility.Code.CreateDisassembler().DisassembleBlocks(@eip)[@eip].Instructions[@eip].Operands[0]` --> Attributes | ImmediateValue: (…) | Registers
}
英文:

I am writing a simple JavaScript WinDBG script, however, I can't properly map the operands used in an instruction mapped by host.namespace.Debugger.Utility.Code.CreateDissassembler().DisassembleBlocks(addr)[addr].Instructions[addr]

I can list the operands with a for(var o of instruction.Operands) loop, but that doesn't particularly make sense considering that the order of operands is essential.
So I have to convert that manually to an array, hoping that the order is preserved…?

What is even more confusing is that if I evaluate the same expression with dx, it behaves as an array. Namely, dx Debugger.Utility.Code.CreateDisassembler().DisassembleBlocks(0x7900ffff)[0x7900ffff].Instructions[0x7900ffff].Operands[0] does return the first operand, and (…).Operands[1] returns the second operand; while in JavaScript this same exact command will return undefined.

All I was able to find from the documentation is that Operands returns "A collection of operand objects describing the operands of the instruction."

Is this the expected behaviour, or am I missing something?

Edit: As pointed out, a minimal reproducible example:

// Retrieves operand for current instruction pointed by EIP
function run() {
    var p = host.currentThread.Registers.User.eip;
    var instr = host.namespace.Debugger.Utility.Code.CreateDisassembler().DisassembleBlocks(p)[p].Instructions[p];
    host.diagnostics.debugLog(`Operand: ${instr.Operands[0]}\n`); // "Operand: undefined"
    // Incompatible with: `dx Debugger.Utility.Code.CreateDisassembler().DisassembleBlocks(@eip)[@eip].Instructions[@eip].Operands[0]` --> Attributes | ImmediateValue: (…) | Registers
}

答案1

得分: 1

"Operands"对象上的指令是一个可迭代容器,但不支持索引。然而,有一个保证,使用for...of将保持容器中内容的顺序,并且容器中操作数的顺序与指令中操作数的顺序相同。

dx评估器对可迭代容器的[]有一些额外支持,以使调试器的超链接功能正常运行。对于可迭代但不可索引的任何对象,在dx评估器中使用[n]将实际上开始迭代容器,前进到第n个元素并返回它。脚本模型不会对索引操作执行此操作。

话虽如此,操作数应该是可索引的。我可以确保这个问题得到修复。

英文:

The Operands object on an instruction is, unfortunately, just an iterable container. It does not presently support indexing. There is, however, a guarantee that a for...of will maintain the order of what's in the container and that the order of operands in the container is the order of operands within the instruction.

The evaluator for dx has a bit of "extra support" for [] on iterable containers in order to make the debugger hyperlinks function. For any object which is iterable but not indexable, doing [n] within the dx evaluator will, in effect, start iterating the container, advance to the n-th element, and return that. The scripting model does not do that for indexing operations.

That said -- operands is one of those things which should be indexable. I can make sure that gets fixed...

huangapple
  • 本文由 发表于 2023年4月17日 17:57:56
  • 转载请务必保留本文链接:https://go.coder-hub.com/76033883.html
  • windbg
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定