DWORD_PTR LLDBServices::GetExpression( PCSTR exp) { if (exp == nullptr) { return 0; } lldb::SBFrame frame = GetCurrentFrame(); if (!frame.IsValid()) { return 0; } DWORD_PTR result = 0; lldb::SBError error; std::string str; // To be compatible with windbg/dbgeng, we need to emulate the default // hex radix (because sos prints addresses and other hex values without // the 0x) by first prepending 0x and if that fails use the actual // undecorated expression. str.append("0x"); str.append(exp); result = GetExpression(frame, error, str.c_str()); if (error.Fail()) { result = GetExpression(frame, error, exp); } return result; }
void CMArray1DDir::CreateNextNode() { if (itsCurrentNode != NULL) { return; } JTreeNode* root = itsTree->GetRoot(); if (itsRequestRange.first < itsDisplayRange.first) { itsDisplayRange.first--; const JString expr = GetExpression(itsDisplayRange.first); CMVarNode* node = itsLink->CreateVarNode(root, expr, expr, ""); assert (node != NULL); itsCurrentNode = node; root->InsertAtIndex(1, node); // move it to the top -- inserted by ctor so it will update self ListenTo(itsTree); } else if (itsDisplayRange.last < itsRequestRange.last) { itsDisplayRange.last++; const JString expr = GetExpression(itsDisplayRange.last); CMVarNode* node = itsLink->CreateVarNode(root, expr, expr, ""); assert (node != NULL); itsCurrentNode = node; ListenTo(itsTree); } else { CreateNodesFinished(); } }
VOID AtomExtension( PCSTR lpArgumentString ) { PRTL_ATOM_TABLE *ppat; ATOM a; try { while (*lpArgumentString == ' ') { lpArgumentString++; } if (*lpArgumentString && *lpArgumentString != 0xa) { a = (ATOM)GetExpression((LPSTR)lpArgumentString); } else { a = 0; } ppat = (PRTL_ATOM_TABLE *)GetExpression(szBaseLocalAtomTable); if (ppat != NULL) { dprintf("\nLocal atom table "); DumpAtomTable(ppat, a); } } except (EXCEPTION_EXECUTE_HANDLER) { ; } }
VOID WinDbgExtensionDllInit( PWINDBG_EXTENSION_APIS lpExtensionApis, USHORT MajorVersion, USHORT MinorVersion ) { ULONG_PTR offKeProcessorArchitecture; ULONG Result; ExtensionApis = *lpExtensionApis; SavedMajorVersion = MajorVersion; SavedMinorVersion = MinorVersion; bDebuggingChecked = (SavedMajorVersion == 0x0c); usProcessorArchitecture = (USHORT)-1; offKeProcessorArchitecture = GetExpression("KeProcessorArchitecture"); if (offKeProcessorArchitecture != 0) ReadMemory(offKeProcessorArchitecture, &usProcessorArchitecture, sizeof(USHORT), &Result); if (usProcessorArchitecture >= cArchitecture) { #ifdef IA64 GetEProcessData = GetEProcessData_IA64; #else GetEProcessData = GetEProcessData_X86; #endif } else { GetEProcessData = aGetEProcessDataFunc[usProcessorArchitecture]; } // // Read the user probe address from the target system. // // N.B. The user probe address is constant on MIPS, Alpha, and the PPC. // On the x86, it may not be defined for the target system if it // does not contain the code to support 3gb of user address space. // UserProbeAddress = GetExpression("MmUserProbeAddress"); if ((UserProbeAddress == 0) || (ReadMemory(UserProbeAddress, &UserProbeAddress, sizeof(UserProbeAddress), &Result) == FALSE)) { UserProbeAddress = 0x7fff0000; } return; }
void AsmEnums() { int Value=0; //Fredrik: correct initializer in case first token is not "=" ? NeedToken("{"); do { GetName(); // Get the new type Name if (Token("=")) { Value = GetExpression(); } else Value++; // if (Pass == 1) RedefENum(Name, Value); //printf("- Enum %s' Value %ld\n",Name,Value); SkipWhiteSpace(); } while(Token(",")); NeedToken("}"); }
vector<HANDLE_OBJECT> ObOpenObjectDirectory( _In_ ULONG64 InputObject ) /*++ Routine Description: Description. Arguments: InputObject - Return Value: vector<HANDLE_OBJECT>. --*/ { vector<HANDLE_OBJECT> Handles; HANDLE_OBJECT Handle = { 0 }; ExtRemoteTyped Directory; ULONG64 ObjectDir = InputObject; if (!ObjectDir) { ReadPointer(GetExpression("nt!ObpRootDirectoryObject"), &ObjectDir); } Directory = ExtRemoteTyped("(nt!_OBJECT_DIRECTORY *)@$extin", ObjectDir); ObReadObject(ObjectDir, &Handle); for (UINT i = 0; i < 37; i += 1) { ULONG64 Entry = Directory.Field("HashBuckets").ArrayElement(i).GetPointerTo().GetPtr(); if (!Entry) continue; // // ExtRemoteTypedList requires a POINTER to the first entry. Not the offset of the first entry. // ExtRemoteTypedList EntryList(Entry, "nt!_OBJECT_DIRECTORY_ENTRY", "ChainLink"); for (EntryList.StartHead(); EntryList.HasNode(); EntryList.Next()) { HANDLE_OBJECT Handle = {0}; ULONG64 Object = EntryList.GetTypedNode().Field("Object").GetPtr(); ObReadObject(Object, &Handle); Handles.push_back(Handle); } } return Handles; }
short HeaderCommands() { int v; SkipWhiteSpace(); //------------------------------------ // //------------------------------------ if (QToken("#define")) { SkipWhiteSpace(); GetAsmName(); strcpy(DefineNameCopy, Name); if (NextToken("#")) { // Just define a script RedefENum(DefineNameCopy, 1); rhprint("HeaderRead: .set %s = 1\n", DefineNameCopy); SkipWhiteSpace(); return 1; } // Test for strings if (QToken("\"")) { GetStringName(128); RedefENumString(DefineNameCopy, Name); printf("HeaderRead: .set %s = '%s'\n", DefineNameCopy, Name); SkipWhiteSpace(); return 1; } v = GetExpression(); RedefENum(DefineNameCopy, v); SkipWhiteSpace(); rhprint("Profile: unknown define '%s'\n", DefineNameCopy); return 1; } //------------------------------------ // Line not understood, skip line //------------------------------------ SkipLine(); return 0; }
LPSTR GetAddress( LPSTR CmdBuf, LPDWORD Address ) { *Address = GetExpression( CmdBuf ); return (LPSTR) pchCommand; }
PyObject * wipe_GetExpression(PyObject * self, PyObject * args) { LPCSTR szExpr; if (!PyArg_ParseTuple(args, "s", &szExpr)) { return NULL; } return Py_BuildValue("k", GetExpression(szExpr)); }
HRESULT CALLBACK max_indirection_level(PDEBUG_CLIENT4 Client, PCSTR args) { int value; if (!args || strlen(args)==0) value = 0; else value = (int) GetExpression(args); set_max_indirection_level(value); return S_OK; }
HRESULT CALLBACK dumptree(PDEBUG_CLIENT pClient, PCSTR szArgs) { HRESULT hRes=S_OK; ULONG_PTR pAddress=(ULONG_PTR) GetExpression(szArgs); if(!pAddress) { dprintf("Invalid head pointer address specified: %s\n", szArgs); return E_FAIL; } InOrderTraversal(pAddress); return hRes; }
HRESULT CALLBACK unset(PDEBUG_CLIENT4 Client, PCSTR args) { if (!args || strlen(args)==0) { dprintf("Please see help for this command's usage\n"); return E_FAIL; } address_t addr = GetExpression(args); unset_value (addr); return S_OK; }
//处理常数、参数、函数、以及括号表达式 std::shared_ptr<ExpressTree> Expression::atom() { //表示本节点 std::shared_ptr<ExpressTree> node; //获取一个记号 Parser::token = lexer->GetToken(); //如果是终结符 switch(Parser::token.type) { //最高级匹配(常数、参数、函数等)并创建一个树节点 case TokenType::Const: case TokenType::T: node = ExpressTree::CreateNode(Parser::token); return node; case TokenType::Func: //先产生本节点 node = ExpressTree::CreateNode(Parser::token); //如果是函数则继续匹配左括号 match(TokenType::Lbracket); //产生本节点左儿子(即函数内参数子树) node->SetChild(Child::left,GetExpression()); //匹配右括号 match(TokenType::Rbracket); return node; case TokenType::Lbracket: //匹配左括号内表达式 node = GetExpression(); //匹配右括号 match(TokenType::Rbracket); return node; default: std::ostringstream out; out << "行号:" << Parser::token.no << " 错误类型:未预期的符号"; Parser::log.push_back(out.str()); return nullptr; } }
HRESULT CALLBACK shrobj_level(PDEBUG_CLIENT4 Client, PCSTR args) { if (!enter_command(Client)) return E_FAIL; unsigned int level = 0; if (args && strlen(args)) level = (unsigned int) GetExpression(args); set_shared_objects_indirection_level(level); leave_command(); return S_OK; }
TExpressionPtr ExpressionParser::ParseNotParameterizedVariableExpression(StringPtrLen str) const { auto variable = m_variable_mgr.FindVariable(str); if (nullptr == variable) { return TExpressionPtr(); } if (variable->GetParameterCount() > 0) { Error("Parameters are missing during usage of variable '", variable->GetName(), "'."); } return variable->GetExpression()->Clone(); }
void GetStrings() { do { if (NextToken("\"")) { GetQuoteStr(NAME_MAX); // get a bounded string } else { imm = GetExpression(); // Get the number WriteByte(imm); } } while (QToken(",")); }
LONG GetValue (PUCHAR inString, PUCHAR *outString, BOOLEAN fSigned, ULONG bitsize) { ULONG value; inString = SkipWhite(&inString); pchCommand = inString; value = GetExpression(); *outString = pchCommand; if ((value > (ULONG)(1L << bitsize) - 1) && (!fSigned || (value < (ULONG)(-1L << (bitsize - 1))))) error(OVERFLOW); return ((LONG) value); }
VOID DumpStaticFastMutex ( IN PCHAR Name ) /*++ Routine Description: This function dumps the contention statistics for a fast mutex. Arguments: Name - Supplies a pointer to the symbol name for the fast mutex. Return Value: None. --*/ { ULONG FastMutex; FAST_MUTEX FastMutexContents; ULONG Result; // // Get the address of the fast mutex, read the fast mutex contents, // and dump the contention data. // FastMutex = GetExpression(Name); if ((FastMutex != 0) && (ReadMemory((DWORD)FastMutex, &FastMutexContents, sizeof(FAST_MUTEX), &Result) != FALSE)) { dprintf("%08lx %10u %s\n", FastMutex, FastMutexContents.Contention, &Name[0]); } return; }
bool ObjIeeeAscii::GetOffset(const char *buffer, eParseType ParseType) { if (!file) ThrowSyntax(buffer, ParseType); int pos =3 ; char ch = buffer[2]; int index = 0; if (ch != 'G') index = ObjUtil::FromHex(buffer, &pos); if (buffer[pos++] != ',') ThrowSyntax(buffer, ParseType); ObjExpression *exp = GetExpression(buffer, &pos); CheckTerm(buffer + pos); switch(ch) { case 'G': SetStartAddress(file, exp); break; case 'S': { ObjSection *sect = GetSection(index); if (!sect) ThrowSyntax(buffer, ParseType); sect->SetSize(exp); break; } case 'L': { ObjSection *sect = GetSection(index); if (!sect) ThrowSyntax(buffer, ParseType); sect->SetOffset(exp); break; } default: { ObjSymbol *sym = FindSymbol(ch, index); if (!sym) ThrowSyntax(buffer, ParseType); sym->SetOffset(exp); break; } } return false; }
///////////////////////////////////////////////////// // Unexposed cmd to re-initialize once targetee changed ///////////////////////////////////////////////////// HRESULT CALLBACK set_alignment(PDEBUG_CLIENT4 Client, PCSTR args) { size_t value; if (!args || strlen(args)==0) value = 0; else value = GetExpression(args); if (value == 0) dprintf("Current alignment is "PRINT_FORMAT_SIZE"\n", g_align); else if (value==4 || value==8 || value==16) g_align = value; else dprintf("Invalid setting for alignment "PRINT_FORMAT_SIZE"\n", value); return S_OK; }
static ret_code EvaluateHllExpression( hll_list * hll, int *i, int ilabel, bool is_true ) /***************************************************************************************/ { char *lastjmp = NULL; expr_list opndx; char buffer[MAX_LINE_LEN*2]; DebugMsg(("EvaluateHllExpression enter\n")); buffer[0] = NULLC; if ( ERROR == GetExpression( hll, i, ilabel, is_true, buffer, &lastjmp, &opndx ) ) return( ERROR ); if ( buffer[0] ) WriteExprSrc( hll, buffer ); if ( hll->condlines != NULL && *hll->condlines == '\n' ) { AsmError( SYNTAX_ERROR_IN_CONTROL_FLOW_DIRECTIVE ); return( ERROR ); } return( NOT_ERROR ); }
VOID WinDbgExtensionDllInit( PWINDBG_EXTENSION_APIS lpExtensionApis, USHORT MajorVersion, USHORT MinorVersion ) { ExtensionApis = *lpExtensionApis; SavedMajorVersion = MajorVersion; SavedMinorVersion = MinorVersion; // // Try to get a pointer to afd!AfdDebug. If we can, then we know // the target machine is running a checked AFD.SYS. // IsCheckedAfd = ( GetExpression( "afd!AfdDebug" ) != 0 ); return; }
bool ParseLine(std::string line) { bool success = false; if (line.find(";") != string::npos) { success = GetAssignment(line); } else { success = GetExpression(line); } if (success == 1) { GoodLines.push_back(line); } else { BadLines.push_back(std::string(line) + " Error: " + std::string(error)); } return success; }
bool GetAssignment(std::string line) { if (line.find(";") != string::npos) { //check for characters after the ; std::string lineS = line.substr(line.find_first_of(";"), line.length() - line.find_first_of("=")); for (int i = 0; i < lineS.length(); i++) { if (CheckChar(lineS[i])) { error = "charaters after semicolon!"; return false; } } line = line.substr(0, line.find_first_of(";")); // lineS = line.substr(0, line.find_first_of("=")); //check if line contains white space if (lineS.find(" ") != string::npos) { int indexOfWhiteSpace = lineS.find_first_of(" "); if (indexOfWhiteSpace == lineS.length() - 1) lineS = lineS.substr(0, indexOfWhiteSpace); else if (indexOfWhiteSpace == 0) lineS = lineS.substr(1); else { error = "incorrent space in id"; return false; } } if (!CheckID(lineS)) return false; if (!GetExpression(line.substr(line.find_first_of("=") + 1, (line.length() - line.find_first_of("=") - 1)))) return false; return true; } error = "No semicolon in the assignment!"; return false; }
///////////////////////////////////////////////////// // Unexposed cmd to set max recursive reference depth ///////////////////////////////////////////////////// HRESULT CALLBACK block_size(PDEBUG_CLIENT4 Client, PCSTR args) { if (!enter_command(Client)) return E_FAIL; if (!args || strlen(args)==0) { dprintf("0"); return E_FAIL; } address_t addr = GetExpression(args); struct heap_block heap_block; if (addr && get_heap_block_info(addr, &heap_block)) dprintf(PRINT_FORMAT_SIZE, heap_block.size); else dprintf("0"); leave_command(); return S_OK; }
VOID GetNum() { LONG lValue; /* Initialize */ wLongFlag = 0; nParenCount = 0; /* Return the number */ lValue = GetExpression(); /* Make sure we had matched parens */ if (nParenCount) ParseError1(1013); //"Mismatched parentheses" /* Return as the proper token */ if (wLongFlag) token.flongval = TRUE; token.type = NUMLIT; token.longval = lValue; token.val = (USHORT)lValue; }
bool ObjIeeeAscii::Fixup(const char *buffer, eParseType ParseType) { if (!file || currentDataSection == NULL) ThrowSyntax(buffer, ParseType); int pos = 3; if (buffer[2] != '(') ThrowSyntax(buffer, ParseType); ObjExpression *exp = GetExpression(buffer, &pos); if (buffer[pos++] != ')') ThrowSyntax(buffer, ParseType); CheckTerm(buffer + pos); if (exp->GetOperator() != ObjExpression::eNonExpression) ThrowSyntax(buffer, ParseType); if (exp->GetRight()->GetOperator() != ObjExpression::eValue) ThrowSyntax(buffer, ParseType); int size = exp->GetRight()->GetValue(); ObjExpression *left = exp->GetLeft(); ObjMemory *mem = factory->MakeFixup(left, size); mem->SetDebugTags(currentTags); currentTags = new ObjMemory::DebugTagContainer; currentDataSection->Add(mem); return false; }
TExpressionPtr ExpressionParser::ParseParameterizedVariableExpression(StringPtrLen str) const { BracketsContent content; auto name = content.Parse(str); if (str.Len() == name.Len()) { return TExpressionPtr(); } name.Trim(); CheckQualifier(name, "Variable name"); auto variable = m_variable_mgr.FindVariable(name); if (nullptr == variable) { Error("Usage of undefined variable '", name, "'."); } TExpressionPtrVector actual_params; actual_params.reserve(5); StringPtrLen param; while (content.GetPart(param)) { auto param_expr = ParseExpression(param); actual_params.push_back(std::move(param_expr)); } if (actual_params.size() != variable->GetParameterCount()) { Error("Incorrect amount of parameters during usage of variable '", variable->GetName(), "'. Expected amount - ", variable->GetParameterCount(), ", actual amount - ", actual_params.size(), "."); } return variable->GetExpression()->CloneWithSubstitution(actual_params); }
LONG GetOperand(VOID) { /* Check to see if we need to descend a level */ if (curChar == L'(') { /* Bump paren count so we can match them up */ ++nParenCount; /* Skip past the paren char */ OurGetChar(); SkipWhitespace(); /* Return the value of the computed expression for the operand */ return GetExpression(); } /* If this isn't a number, return an error */ if (curChar != L'-' && curChar != L'~' && !iswdigit(curChar)) { GetKwd(FALSE); ParseError2(2237, tokenbuf); return 0; } /* Get the number in the token structure */ GetNumFTB(); /* See if we need to force the result long */ if (token.flongval) wLongFlag = TRUE; /* Skip trailing whitespace */ SkipWhitespace(); /* Return the value */ return token.longval; }
void returnAddressHuntJutsu(){ struct trackedBuf *curBuf; int i = 0, bufferIndex = 0; ULONG offset = 0, bytes = 0; char findBufferExpression[25]; ULONG64 returnAddress = 0; HRESULT memSearch = S_OK; //disassembly variables char returnInstruction[30]; unsigned char opcodeBuffer[30]; unsigned short instructionLength = 0; dprintf("[J] started return address hunt\n"); for(i; i<6; i++){ //6, because we don't want to waste time on the eip register curBuf = trackedBufList; memset(findBufferExpression, 0x00, sizeof(findBufferExpression)); if(!(bytes = GetExpression(regs[i]))){ dprintf("[J] skipping %s as register - it is a null pointer\n", regs[i]); continue; } StringCchPrintf(findBufferExpression, sizeof(findBufferExpression), "poi(%s)", regs[i]); bytes = GetExpression(findBufferExpression); //tests if a register points to a location in user controlled data while(curBuf != NULL){ for(bufferIndex=0; bufferIndex < strlen(curBuf->bufPatt); bufferIndex++){ if(*(PULONG)((curBuf->bufPatt)+bufferIndex) == bytes){ memset(opcodeBuffer, 0x00, sizeof(opcodeBuffer)); memset(returnInstruction, 0x00, sizeof(returnInstruction)); //find the opcodes for the desired instruction //first, for call reg StringCchPrintf(returnInstruction, sizeof(returnInstruction), "call %s", regs[i]); if(!(instructionLength = getInstructionBytes(returnInstruction, opcodeBuffer))) dprintf("[J] getInstructionBytes failed for '%s'\n", returnInstruction); if(returnAddress = searchMemory(opcodeBuffer, instructionLength)){ if(checkExecutability(returnAddress)) dprintf("[J] valid return address (call %s) found at 0x%08x\n", regs[i], returnAddress); } //now, for jmp reg memset(returnInstruction, 0x00, sizeof(returnInstruction)); StringCchPrintf(returnInstruction, sizeof(returnInstruction), "jmp %s", regs[i]); if(!(instructionLength = getInstructionBytes(returnInstruction, opcodeBuffer))) dprintf("[J] getInstructionBytes failed for '%s'\n", returnInstruction); if(returnAddress = searchMemory(opcodeBuffer, instructionLength)){ if(checkExecutability(returnAddress)) dprintf("[J] valid return address (jmp %s) found at 0x%08x\n", regs[i], returnAddress); } } } curBuf = curBuf->next; } curBuf = trackedBufList; for(offset=0; offset<0x1000; offset+=4){ memset(findBufferExpression, 0x00, sizeof(findBufferExpression)); StringCchPrintf(findBufferExpression, sizeof(findBufferExpression), "poi(poi(%s+0x%08x))", regs[i], offset); if(!(bytes = GetExpression(findBufferExpression))) continue; //this is basically a replacement for the //ddp windbg command, except more automated //walk through the buffer to see if any dword in there matches the current //value returned by the expression while(curBuf != NULL){ for(bufferIndex=0; bufferIndex < strlen(curBuf->bufPatt); bufferIndex++){ if(*(PULONG)((curBuf->bufPatt)+bufferIndex) == bytes){ memset(opcodeBuffer, 0x00, sizeof(opcodeBuffer)); memset(returnInstruction, 0x00, sizeof(returnInstruction)); dprintf("[J] %s + 0x%08x points into offset 0x%x of buffer %s\n", regs[i], offset, bufferIndex, curBuf->bufName); //first, build the instruction to find the bytes for //for now, we will support jmp [reg+offset] and call [reg+offset] //first, for call [reg+offset] StringCchPrintf(returnInstruction, sizeof(returnInstruction), "call [%s+%x]", regs[i], offset); if(!(instructionLength = getInstructionBytes(returnInstruction, opcodeBuffer))) dprintf("[J] getInstructionBytes failed for '%s'\n", returnInstruction); if(returnAddress = searchMemory(opcodeBuffer, instructionLength)){ if(checkExecutability(returnAddress)) dprintf("[J] valid return address (call [%s+%x]) found at 0x%08x\n", regs[i], offset, returnAddress); } //now, for jmp [reg+offset] memset(returnInstruction, 0x00, sizeof(returnInstruction)); StringCchPrintf(returnInstruction, sizeof(returnInstruction), "jmp [%s+%x]", regs[i], offset); if(!(instructionLength = getInstructionBytes(returnInstruction, opcodeBuffer))) dprintf("[J] getInstructionBytes failed for '%s'\n", returnInstruction); if(returnAddress = searchMemory(opcodeBuffer, instructionLength)){ if(checkExecutability(returnAddress)) dprintf("[J] valid return address (jmp [%s+%x]) found at 0x%08x\n", regs[i], offset, returnAddress); } } } curBuf = curBuf->next; } curBuf = trackedBufList; } } }