protected override void ProcessRecord() { ulong addr; if (0 != Address) { addr = Address; Util.Assert((c_Address_ScriptBlockCommand_ParamSet == this.ParameterSetName) || (c_Address_DbgEngCommand_ParamSet == this.ParameterSetName)); Expression = DbgProvider.FormatAddress(Address, Debugger.TargetIs32Bit, true).ToString(false); } else { if (DbgProvider.TryParseHexOrDecimalNumber(Expression, out addr)) { // Oh... PowerShell might have interpreted a backtick as an escape... // Let's fix it. Expression = DbgProvider.FormatAddress(addr, Debugger.TargetIs32Bit, true).ToString(false); } } if (0 != addr) { _CreateBp(addr); return; } // // We have a symbolic expression. Dbgeng may or may not like it. // // For instance, if it resolves to a function that got inlined, even if // there is only a single match, dbgeng will complain and say "please use // bm instead". // // I hate that, so we're just going to try tohandle the symbol lookup // ourselves. Also, it seems there isn't actually a way to do a "bm" // breakpoint via the API. // IList <ulong> addrs = _TryResolveExpression(); if (null != addrs) { // We may not actually have been able to resolve the expression, but it // wasn't obviously bad, in which case we'll have to set a deferred // breakpoint. if (0 == addrs.Count) { _CreateDeferredBp(); } else { foreach (ulong bpAddr in addrs) { Util.Assert(0 != bpAddr); _CreateBp(bpAddr); } } } } // end ProcessRecord()
// You must pass either the engineIntrinsics, or the path. (You don't need both.) // This is a hacky-wacky workaround for the fact that there's no way for user code // to get an EngineIntrinsics object, but I want user code to be able to call this // method directly, and I don't want everyone to /always/ have to get the path. public static object Transform(EngineIntrinsics engineIntrinsics, string dbgProviderPath, bool skipGlobalSymbolTest, bool throwOnFailure, bool dbgMemoryPassthru, bool allowList, object inputData) { //Console.WriteLine( "vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv" ); //Console.WriteLine( "{0} 1: inputData type: {1}", DebuggingTag, inputData.GetType().FullName ); //Console.WriteLine( "{0} 2: dynamic type: {1}", DebuggingTag, ((dynamic) inputData).GetType().FullName ); //Console.WriteLine( "{0} 3: ToString(): {1}", DebuggingTag, inputData.ToString() ); //Console.WriteLine( "{0} 4: dynamic ToString(): {1}", DebuggingTag, ((dynamic) inputData).ToString() ); var pso = inputData as PSObject; if (allowList) { var objList = inputData as IList; if ((null != pso) && (pso.BaseObject is IList)) { objList = (IList)pso.BaseObject; } if (null != objList) { ulong[] addrs = new ulong[objList.Count]; try { for (int i = 0; i < objList.Count; i++) { addrs[i] = (ulong)Transform(engineIntrinsics, dbgProviderPath, skipGlobalSymbolTest, true, // throwOnFailure, dbgMemoryPassthru, false, // we don't allow nested arrays objList[i]); } // end for( each obj ) return(addrs); } catch (Exception e_temp) { if (throwOnFailure || (!(e_temp is DbgProviderException) && !(e_temp is MetadataException))) { throw; } } } // end if( it's an array ) } // end if( allowList ) if (null != pso) { // Addresses are always expressed in hexadecimal. // // Thus you can type a leading "0x", but it is redundant and not // necessary. // // If the address contains a backtick, or for some reason is expressed in // decimal with a leading "0n", or has hex-only digits ([a-f]) but no // leading "0x", then PowerShell will parse it as a string. Then we can // handle parsing it ourselves (in this method). // // However... if the user /did/ use a leading "0x" and there is no // backtick, OR if the address contains no hex-only digits and there is no // backtick, OR if the address ended with "eN" (where N is a digit)... // then PowerShell will have parsed it as a number (giving us either an // UInt32, or a UInt64, or a double, depending on how big). // // In that case, we need to figure out whether or not the user typed an // "0x", because if they did not, that means that PowerShell parsed it // incorrectly (as a base-10 number, and possibly using scientific // notation, instead of a base-16 number). // // Fortunately, if we have the PSObject for that typed number, we can get // the originally typed string, which will let us know if there was an // "0x" or not. // // Update: "if we have the PSObject for that typed number, we can get the // originally typed string": unfortunately, that is not always true, such // as when the address is piped in. TODO: can we change PowerShell to // allow us to get the string as originally typed in more cases? //Console.WriteLine( "{0} 5: BaseObject type: {1}", DebuggingTag, pso.BaseObject.GetType().FullName ); if ((pso.BaseObject is int) || (pso.BaseObject is long) || (pso.BaseObject is double) || (pso.BaseObject is float)) { // The standard way to get the originally typed string is to use // LanguagePrimitives.ConvertTo< string >. However, it seems that it // wants to /always/ give us a string back, even if it doesn't have // the originally typed string. So if we use that method, we don't // know if the string we get back actually is what was originally // typed or not. //var asTyped = LanguagePrimitives.ConvertTo< string >( pso ); // This /will/ get what the user actually typed (if it was typed), // but relies on reflection to get at PS internals. :( var asTyped = _GetAsTyped_usingIckyPrivateReflection(pso); //Console.WriteLine( "As typed: {0}", asTyped ); if (null != asTyped) { if (asTyped.StartsWith("0x", StringComparison.OrdinalIgnoreCase)) { // Yes, they typed an "0x", so PS correctly parsed as hex. // // The cast to (int) first is to un-box. Then to (uint) to // prevent sign extension. if (pso.BaseObject is int) { return((ulong)(uint)(int)pso.BaseObject); } if (pso.BaseObject is long) { return(unchecked ((ulong)(long)pso.BaseObject)); } // Should not reach here. Util.Fail("How could the typed string start with 0x but get parsed as something besides an int or long?"); } inputData = asTyped; // we'll re-parse it below as base-16 } else { // If we get here, then it /was/ typed, but piped in: // // 01234000 | ConvertTo-Number // 0x01234000 | ConvertTo-Number // // So PS parsed it... but if we ended up with an integer type, we // don't know if it parsed as decimal or hex, so we can't be sure // how to undo that parsing. :( For now we'll have to just assume // that the user knows that they need to use 0x when piping in. // // That sounds bad, because actually a user probably will /not/ // know that, but the alternative is worse; a user who directly // specifies hex ("0x01230000 | something") should never get the // wrong result. // // TODO: see if we can get PS to preserve the as-typed value for // things that are piped in. inputData = pso.BaseObject; } } else { inputData = pso.BaseObject; } } //Console.WriteLine( "^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^" ); if (dbgMemoryPassthru && (inputData is DbgMemory)) { return(inputData); } // Some commands do not require an address. if (null == inputData) { return((ulong)0); } if (inputData is ulong) { return(inputData); } // We used to assume that this was probably a base-16 number without any // letters in it, so PS interpreted it as a base-10 number, so then we would // undo that. And hope it was right. But unfortunately, that messed up the // scenario where you assign a number to a variable ("$blah = 123"), so I'm // going the other way now--we'll assume it's already correct. Unfortunately, // that means that on 32-bit, you'll need to always use "0x" to be safe. :( // if( (inputData is int) || (inputData is long) ) // { // inputData = inputData.ToString(); // } if (inputData is int) { return((ulong)(uint)(int)inputData); // 1st cast unboxes; 2nd prevents sign extension } if (inputData is long) { return((ulong)(long)inputData); // need two casts in order to unbox first. } if (inputData is uint) { // This can happen, for instance, when using the register variables for a // 32-bit process ("u $eip"). return((ulong)(uint)inputData); // need two casts in order to unbox first. } if (inputData is byte) { // This can happen because we [ab]use AddressTransformationAttribute to // convert lots of numeric data, not just addresses. (For instance, the // "eb" command.) return((ulong)(byte)inputData); // need two casts in order to unbox first. } if (inputData is double) { // This can happen when doing arithmetic. For instance, this will yield // Double: // // [UInt32] $ui1 = 0x03 // [UInt32] $ui2 = 0x01 // ($ui2 - $ui1).GetType() // // To determine if it's really something that can be represented as a // ulong, we'll round-trip it through a ulong back to a double, and then // see if the bits representation matches the original double. double dOrig = (double)inputData; Int64 origBits = BitConverter.DoubleToInt64Bits(dOrig); unchecked { ulong asUlong = (ulong)(long)dOrig; double d2 = Convert.ToDouble((long)asUlong); Int64 d2Bits = BitConverter.DoubleToInt64Bits(d2); if (d2Bits == origBits) { // We round-tripped back to double: it doesn't have any fractional // part. return(asUlong); } } } // end if( inputData is double ) Exception e = null; string str = inputData as string; if (null != str) { // Some commands do not require an address. if (0 == str.Length) { return((ulong)0); } if ((1 == str.Length) && (str[0] == '.')) { dbgProviderPath = _GetDbgProviderPath(dbgProviderPath, engineIntrinsics); var regSet = DbgProvider.GetRegisterSetForPath(dbgProviderPath); return(regSet.Pseudo["$ip"].Value); } ulong address; if (DbgProvider.TryParseHexOrDecimalNumber(str, out address)) { return(address); } // Mabye it's a symbolic name? if (!skipGlobalSymbolTest) { dbgProviderPath = _GetDbgProviderPath(dbgProviderPath, engineIntrinsics); var debugger = DbgProvider.GetDebugger(dbgProviderPath); try { address = debugger.GetOffsetByName(str); return(address); } catch (DbgProviderException dpe) { e = dpe; } } } // Check for implicit conversion to ulong. (For instance, types that derive // from DbgPointerValueBase have this.) ulong addr; if (_TryImplicitConversionTo(inputData, out addr)) { return(addr); } if (!throwOnFailure) { return(null); } if (null != e) { ExceptionDispatchInfo.Capture(e).Throw(); } // https://github.com/PowerShell/PowerShell/issues/7600 // // For parameter binding to be able to continue (for example, to try binding // by property name), this exception needs to wrap a PSInvalidCastException. throw CreateRecoverableAtme("Could not convert '{0}' to an address.", inputData); } // end Transform()
// Throws a DbgProviderException if the disassembly represents a bad memory access. internal static DbgDisassembly _ParseDisassembly(ulong address, string s, ColorString blockId, bool hasCodeBytes) { // Example inputs: // // 0113162e 55 push ebp // 0113162f 8bec mov ebp,esp // 01131631 51 push ecx // 01131632 894dfc mov dword ptr [ebp-4],ecx // 01131635 8b45fc mov eax,dword ptr [ebp-4] // 01131638 c70068c81301 mov dword ptr [eax],offset TestNativeConsoleApp!VirtualBase1::`vftable' (0113c868) // 0113163e 8b4508 mov eax,dword ptr [ebp+8] // 01131641 83e001 and eax,1 // 01131644 740a je TestNativeConsoleApp!VirtualBase1::`scalar deleting destructor'+0x22 (01131650) // 01131646 ff75fc push dword ptr [ebp-4] // 01131649 ff1578c01301 call dword ptr [TestNativeConsoleApp!_imp_??3YAXPAXZ (0113c078)] // 0113164f 59 pop ecx // 01131650 8b45fc mov eax,dword ptr [ebp-4] // 01131653 c9 leave // 01131654 c20400 ret 4 // // Here's what it looks like if the address is bad: // // 00007ff6`ece87d60 ?? ??? // ColorString cs = new ColorString(); byte[] codeBytes = null; string instruction = null; string arguments = null; Regex goodRegex; Regex badRegex; if (hasCodeBytes) { goodRegex = sm_asmRegex; badRegex = sm_badAsmRegex; } else { goodRegex = sm_asmRegex_noCodeBytes; badRegex = sm_badAsmRegex_noCodeBytes; } int matchCount = 0; foreach (Match match in goodRegex.Matches(s)) { if (0 == address) { // Then we need to parse it out. (this is for -WholeFunction. if (!DbgProvider.TryParseHexOrDecimalNumber(match.Groups["addr"].Value, out address)) { throw new Exception(Util.Sprintf("Couldn't convert to address: {0}", match.Groups["addr"].Value)); } } #if DEBUG else { ulong parsedAddress; if (!DbgProvider.TryParseHexOrDecimalNumber(match.Groups["addr"].Value, out parsedAddress)) { throw new Exception(Util.Sprintf("Couldn't convert to address: {0}", match.Groups["addr"].Value)); } // Nope: these are routinely different on ARM/THUMB2, where the low // bit of the program counter is used as some sort of flag. //Util.Assert( address == parsedAddress ); } #endif if (hasCodeBytes) { codeBytes = Util.ConvertToBytes(match.Groups["codebytes"].Value); } instruction = match.Groups["instr"].Value; arguments = match.Groups["args"].Value; matchCount++; cs.AppendPushPopFg(ConsoleColor.DarkCyan, match.Groups["addr"].Value) .Append(match.Groups["space1"].Value); if (hasCodeBytes) { cs.AppendPushPopFg(ConsoleColor.DarkGray, match.Groups["codebytes"].Value) .Append(match.Groups["space2"].Value); } var instr = match.Groups["instr"].Value; cs.Append(DbgProvider.ColorizeInstruction(instr)); cs.Append(match.Groups["space3"].Value); cs.Append(match.Groups["args"].Value); } if (0 == matchCount) { var match = badRegex.Match(s); if ((null != match) && match.Success) { string addrString = match.Groups["addr"].Value; if (0 == address) { if (!DbgProvider.TryParseHexOrDecimalNumber(addrString, out address)) { Util.Fail(Util.Sprintf("Couldn't convert to address: {0}", addrString)); } } throw new DbgMemoryAccessException(address, Util.Sprintf("No code found at {0}.", addrString)); } else { throw new Exception(Util.Sprintf("TODO: Need to handle disassembly format: {0}", s)); } } else { Util.Assert(1 == matchCount); } return(new DbgDisassembly(address, codeBytes, instruction, arguments, blockId, cs.MakeReadOnly())); } // end _ParseDisassembly()