1 //将内存内容写入到文件 2 //by 鸟哥 1833183060 3 //使用示例:!mem2file 0x000002b57556b858,0xbb 4 "use strict"; 5 let console={} 6 console.log=host.diagnostics.debugLog 7 let handle=0; 8 let log2file=function(e){ 9 //host.diagnostics.debugLog(e+' ') 10 try{ 11 writeFile(e); 12 }catch(ex){ 13 logln("error:"+ex.toString()); 14 } 15 } 16 let logln=function(e){ 17 host.diagnostics.debugLog(e+' ') 18 19 } 20 let path = "D:\mywork\github\windbg\vlx\mem.txt"; 21 var file=null; 22 //读写文件 https://github.com/microsoft/WinDbg-Samples/blob/master/FileSystem/FileSystemSample.js 23 //https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/dbgmodel-namespace-file-system 24 function initLogFile(){ 25 if(host.namespace.Debugger.Utility.FileSystem.FileExists(path)){ 26 file = host.namespace.Debugger.Utility.FileSystem.OpenFile(path); 27 }else{ 28 file = host.namespace.Debugger.Utility.FileSystem.CreateFile(path,"CreateNew"); 29 } 30 } 31 //注意每次打开文件后文件指针会指向文件头部。每次close后,文件内容才会真正写入到文件。也就是说 在命令行执行 dx @$scriptContents.closeFile() 后,内容才会写入到文件中。 32 function writeFile(d) 33 { 34 initLogFile(); 35 let textWriter = host.namespace.Debugger.Utility.FileSystem.CreateTextWriter(file); 36 textWriter.WriteLine(d); 37 closeFile(); 38 39 } 40 function closeFile(){ 41 if(file!=null){ 42 file.Close(); 43 } 44 } 45 46 function hex2str(hex){ 47 return hex.toString(16); 48 } 49 function 补全前置0(num, length) { 50 return (Array(length).join('0') + num).slice(-length); 51 } 52 function printObj(obj){ 53 let str = ""; 54 for(let i in obj){ 55 let property=obj[i]; 56 str+=""+补全前置0(property.toString(16),2)+" "; 57 } 58 return str; 59 } 60 61 function mem2file(addr,size){ 62 if(typeof addr=='undefined'){ 63 let regs=host.currentThread.Registers.User 64 addr=regs.rdx; 65 size=regs.r8; 66 }else{ 67 68 } 69 let r=host.memory.readMemoryValues(addr,size); 70 let content=printObj(r); 71 72 host.diagnostics.debugLog(" "+content+" ") 73 writeFile(content); 74 } 75 function test(adr){ 76 host.diagnostics.debugLog(typeof adr) 77 host.diagnostics.debugLog(" "+adr.toString(16)+" "); 78 host.diagnostics.debugLog(" "+adr+" "); 79 host.diagnostics.debugLog('test1 '); 80 } 81 // __CodeExtension: 82 // 83 // Provides an extension on Debugger.Utility.Code 84 // 85 class __CodeExtension 86 { 87 TraceDataFlow(address) 88 { 89 90 } 91 } 92 // __InstructionExtension: 93 // 94 // Provides an extension on an instruction 95 // 96 class __InstructionExtension 97 { 98 get SourceDataFlow() 99 { 100 return null; 101 } 102 } 103 function invokeScript() 104 { 105 let control=host.namespace.Debugger.Utility.Control; 106 let regs=host.currentThread.Registers.User; 107 let currentprocess=host.currentProcess; 108 109 logln('Press "g" to run the target.'); 110 } 111 function initializeScript(){ 112 113 return [//new host.apiVersionSupport(1, 2), 114 /*new host.namespacePropertyParent(__CodeExtension, "Debugger.Models.Utility", "Debugger.Models.Utility.Code", "Code"), 115 new host.namedModelParent(__InstructionExtension, "Debugger.Models.Utility.Code.Instruction"),*/ 116 new host.functionAlias(test, "test"), 117 new host.functionAlias(mem2file, "mem2file") 118 ]; 119 }
输出的文件截图
