1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
|
// Copyright 2019 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
/*=============================================================================
This is a convenience script for debugging with WinDbg (akin to gdbinit)
It can be loaded into WinDbg with: .scriptload full_path\windbg.js
To printout the help message below into the debugger's command window:
!help
=============================================================================*/
function help() {
print("--------------------------------------------------------------------");
print(" LIVE debugging only");
print("--------------------------------------------------------------------");
print(" !jlh(\"local_handle_var_name\")");
print(" prints object held by the handle");
print(" e.g. !jlh(\"key\") or !jlh(\"this->receiver_\")");
print(" !job(address_or_taggedint)");
print(" prints object at the address, e.g. !job(0x235cb869f9)");
print(" !jobs(start_address, count)");
print(" prints 'count' objects from a continuous range of Object pointers");
print(" e.g. !jobs(0x5f7270, 42)");
print(" !jst() or !jst");
print(" prints javascript stack (output goes into the console)");
print(" !jsbp() or !jsbp");
print(" sets bp in v8::internal::Execution::Call (begin user's script)");
print("");
print("--------------------------------------------------------------------");
print(" to run any function from this script (live or postmortem):");
print("");
print(" dx @$scriptContents.function_name(args)");
print(" e.g. dx @$scriptContents.pointer_size()");
print(" e.g. dx @$scriptContents.module_name('v8_test')");
print("--------------------------------------------------------------------");
}
/*=============================================================================
Output
=============================================================================*/
function print(s) {
host.diagnostics.debugLog(s + "\n");
}
function print_filtered(obj, filter) {
for (let line of obj) {
if (!filter || line.indexOf(filter) != -1) {
print(line);
}
}
}
function inspect(s) {
for (var k of Reflect.ownKeys(s)) {
print(k + " => " + Reflect.get(s, k));
}
}
/*=============================================================================
Utils (postmortem and live)
=============================================================================*/
function cast(address, type_name) {
return host.createTypedObject(address, module_name(), type_name);
}
// Failed to figure out how to get pointer size from the debugger's data model,
// so we parse it out from sizeof(void*) output.
function pointer_size() {
let ctl = host.namespace.Debugger.Utility.Control;
let sizeof = ctl.ExecuteCommand("?? sizeof(void*)");
let output = "";
for (output of sizeof) {} // unsigned int64 8
return parseInt(output.trim().split(" ").pop());
}
function poi(address) {
try {
// readMemoryValues throws if cannot read from 'address'.
return host.memory.readMemoryValues(address, 1, pointer_size())[0];
}
catch (e){}
}
function get_register(name) {
return host.namespace.Debugger.State.DebuggerVariables.curthread
.Registers.User[name];
}
// In debug builds v8 code is compiled into v8.dll, and in release builds
// the code is compiled directly into the executable. If you are debugging some
// other embedder, invoke module_name explicitly from the debugger and provide
// the module name to use.
const known_exes = ["d8", "unittests", "mksnapshot", "chrome", "chromium"];
let module_name_cache;
function module_name(use_this_module) {
if (use_this_module) {
module_name_cache = use_this_module;
}
if (!module_name_cache) {
let v8 = host.namespace.Debugger.State.DebuggerVariables.curprocess
.Modules.Where(
function(m) {
return m.Name.indexOf("\\v8.dll") !== -1;
});
if (v8) {
module_name_cache = "v8";
}
else {
for (let exe_name in known_exes) {
let exe = host.namespace.Debugger.State.DebuggerVariables.curprocess
.Modules.Where(
function(m) {
return m.Name.indexOf(`\\${exe_name}.exe`) !== -1;
});
if (exe) {
module_name_cache = exe_name;
break;
}
}
}
}
return module_name_cache;
};
function make_call(fn) {
// .call resets current frame to the top one, so have to manually remember
// and restore it after making the call.
let curframe = host.namespace.Debugger.State.DebuggerVariables.curframe;
let ctl = host.namespace.Debugger.Utility.Control;
let output = ctl.ExecuteCommand(`.call ${fn};g`);
curframe.SwitchTo();
return output;
}
// Skips the meta output about the .call invocation.
function make_call_and_print_return(fn) {
let output = make_call(fn);
let print_line = false;
for (let line of output) {
if (print_line) {
print(line);
break;
}
if (line.includes(".call returns")) {
print_line = true;
}
}
}
/*=============================================================================
Wrappers around V8's printing functions and other utils for live-debugging
=============================================================================*/
/*-----------------------------------------------------------------------------
'address' should be an int (so in hex must include '0x' prefix).
-----------------------------------------------------------------------------*/
function print_object(address) {
let output = make_call(`_v8_internal_Print_Object(${address})`);
// skip the first few lines with meta info of .call command
let skip_line = true;
for (let line of output) {
if (!skip_line) {
print(line);
continue;
}
if (line.includes("deadlocks and corruption of the debuggee")) {
skip_line = false;
}
}
}
/*-----------------------------------------------------------------------------
'handle_to_object' should be a name of a Handle which can be a local
variable or it can be a member variable like "this->receiver_".
-----------------------------------------------------------------------------*/
function print_object_from_handle(handle_to_object) {
let handle = host.evaluateExpression(handle_to_object);
let location = handle.location_;
let pobj = poi(location.address);
print_object(pobj);
}
/*-----------------------------------------------------------------------------
'start_address' should be an int (so in hex must include '0x' prefix), it can
point at any continuous memory that contains Object pointers.
-----------------------------------------------------------------------------*/
function print_objects_array(start_address, count) {
let ctl = host.namespace.Debugger.Utility.Control;
let psize = pointer_size();
let addr_int = start_address;
for (let i = 0; i < count; i++) {
const addr_hex = `0x${addr_int.toString(16)}`;
// TODO: Tried using createPointerObject but it throws unknown exception
// from ChakraCore. Why?
//let obj = host.createPointerObject(addr_hex, module, "void*");
let output = ctl.ExecuteCommand(`dp ${addr_hex} l1`);
let item = "";
for (item of output) {} // 005f7270 34604101
let deref = `0x${item.split(" ").pop()}`;
print(`${addr_hex} -> ${deref}`);
print_object(deref);
addr_int += psize;
}
}
function print_js_stack() {
make_call("_v8_internal_Print_StackTrace()");
}
function set_user_js_bp() {
let ctl = host.namespace.Debugger.Utility.Control;
ctl.ExecuteCommand(`bp ${module_name()}!v8::internal::Execution::Call`)
}
/*=============================================================================
Initialize short aliased names for the most common commands
=============================================================================*/
function initializeScript() {
return [
new host.functionAlias(help, "help"),
new host.functionAlias(print_object_from_handle, "jlh"),
new host.functionAlias(print_object, "job"),
new host.functionAlias(print_objects_array, "jobs"),
new host.functionAlias(print_js_stack, "jst"),
new host.functionAlias(set_user_js_bp, "jsbp"),
]
}
|
