windbg javascript脚本--将内存内容保存到文件

 

  1 //将内存内容写入到文件
  2 //by 鸟哥 1833183060
  3 //使用示例:!mem2file 0x000002b57556b858,0xbb
  4 "use strict";
  5 let console={}
  6 console.log=host.diagnostics.debugLog
  7 let handle=0;
  8 let log2file=function(e){
  9     //host.diagnostics.debugLog(e+'\n')
 10     try{
 11         writeFile(e);
 12     }catch(ex){
 13         logln("error:"+ex.toString());
 14     }
 15 }
 16 let logln=function(e){
 17     host.diagnostics.debugLog(e+'\n')
 18     
 19 }
 20 let path = "D:\\mywork\\github\\windbg\\vlx\\mem.txt";
 21 var file=null;
 22 //读写文件 https://github.com/microsoft/WinDbg-Samples/blob/master/FileSystem/FileSystemSample.js
 23 //https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/dbgmodel-namespace-file-system
 24 function initLogFile(){
 25     if(host.namespace.Debugger.Utility.FileSystem.FileExists(path)){
 26         file = host.namespace.Debugger.Utility.FileSystem.OpenFile(path);
 27     }else{
 28         file = host.namespace.Debugger.Utility.FileSystem.CreateFile(path,"CreateNew");
 29     }
 30 }
 31 //注意每次打开文件后文件指针会指向文件头部。每次close后,文件内容才会真正写入到文件。也就是说 在命令行执行 dx @$scriptContents.closeFile() 后,内容才会写入到文件中。
 32 function writeFile(d)
 33 {
 34     initLogFile();
 35     let textWriter = host.namespace.Debugger.Utility.FileSystem.CreateTextWriter(file);
 36     textWriter.WriteLine(d);
 37     closeFile();
 38     
 39 }
 40 function closeFile(){
 41     if(file!=null){
 42         file.Close();
 43     }
 44 }
 45 
 46 function hex2str(hex){
 47     return hex.toString(16);
 48 }
 49 function 补全前置0(num, length) {  
 50     return (Array(length).join('0') + num).slice(-length);  
 51 }
 52 function printObj(obj){
 53     let str = "";
 54     for(let i in obj){
 55         let property=obj[i];
 56         str+=""+补全前置0(property.toString(16),2)+" ";
 57     }
 58     return str;
 59 }
 60 
 61 function mem2file(addr,size){
 62     if(typeof addr=='undefined'){
 63         let regs=host.currentThread.Registers.User
 64         addr=regs.rdx;
 65         size=regs.r8;
 66     }else{
 67 
 68     }
 69     let r=host.memory.readMemoryValues(addr,size);
 70     let content=printObj(r);
 71     
 72     host.diagnostics.debugLog("\n"+content+"\n")
 73     writeFile(content);
 74 }
 75 function test(adr){
 76     host.diagnostics.debugLog(typeof adr)
 77     host.diagnostics.debugLog("\n"+adr.toString(16)+"\n");
 78     host.diagnostics.debugLog("\n"+adr+"\n");
 79     host.diagnostics.debugLog('test1\n');
 80 }
 81 // __CodeExtension:
 82 //
 83 // Provides an extension on Debugger.Utility.Code
 84 //
 85 class __CodeExtension
 86 {
 87     TraceDataFlow(address)
 88     {
 89         
 90     }
 91 }
 92 // __InstructionExtension:
 93 //
 94 // Provides an extension on an instruction
 95 //
 96 class __InstructionExtension
 97 {
 98     get SourceDataFlow()
 99     {
100         return null;
101     }
102 }
103 function invokeScript()
104 {    
105     let control=host.namespace.Debugger.Utility.Control;
106     let regs=host.currentThread.Registers.User;
107     let currentprocess=host.currentProcess;
108 
109     logln('Press "g" to run the target.');
110 }
111 function initializeScript(){
112     
113     return [//new host.apiVersionSupport(1, 2),
114         /*new host.namespacePropertyParent(__CodeExtension, "Debugger.Models.Utility", "Debugger.Models.Utility.Code", "Code"),
115             new host.namedModelParent(__InstructionExtension, "Debugger.Models.Utility.Code.Instruction"),*/
116         new host.functionAlias(test, "test"),
117         new host.functionAlias(mem2file, "mem2file")
118     ];
119 }

输出的文件截图

posted @ 2020-01-12 15:47  鸟哥01  阅读(713)  评论(0编辑  收藏  举报