142{
143 UINT64 Address;
144 vector<UINT64> ValuesToEdit;
153 UINT64 Length = 0;
157 UINT64 * FinalBuffer =
NULL;
159
160
161
162
163
165 {
167 }
168
169 if (CommandTokens.size() <= 4)
170 {
171 ShowMessages("incorrect use of the '%s'\n\n",
173
175 return;
176 }
177
178 for (auto Section : CommandTokens)
179 {
180 if (IsFirstCommand ==
TRUE)
181 {
183
184 if (!FirstCommand.compare("!sb"))
185 {
188 }
189 else if (!FirstCommand.compare("!sd"))
190 {
193 }
194 else if (!FirstCommand.compare("!sq"))
195 {
198 }
199 else if (!FirstCommand.compare("sb"))
200 {
203 }
204 else if (!FirstCommand.compare("sd"))
205 {
208 }
209 else if (!FirstCommand.compare("sq"))
210 {
213 }
214 else
215 {
216
217
218
219 ShowMessages("unknown error happened!\n\n");
221 return;
222 }
223
224 IsFirstCommand =
FALSE;
225
226 continue;
227 }
228
229 if (NextIsProcId)
230 {
231
232
233
234 NextIsProcId =
FALSE;
235
237 {
238 ShowMessages("please specify a correct hex process id\n\n");
240 return;
241 }
242 else
243 {
244
245
246
247 continue;
248 }
249 }
250
251 if (NextIsLength)
252 {
253
254
255
256 NextIsLength =
FALSE;
257
259 {
260 ShowMessages("please specify a correct hex length\n\n");
262 return;
263 }
264 else
265 {
266
267
268
270 continue;
271 }
272 }
273
274
275
276
278 {
280 continue;
281 }
282
283
284
285
287 {
289 continue;
290 }
291
292 if (!SetAddress)
293 {
295 {
296 ShowMessages("err, couldn't resolve error at '%s'\n\n",
299 return;
300 }
301 else
302 {
303
304
305
307 continue;
308 }
309 }
310
311 if (SetAddress)
312 {
313
314
315
317
318 if (TargetVal.rfind("0x", 0) == 0 || TargetVal.rfind("0X", 0) == 0 ||
319 TargetVal.rfind("\\x", 0) == 0 || TargetVal.rfind("\\X", 0) == 0)
320 {
321 TargetVal = TargetVal.erase(0, 2);
322 }
323 else if (TargetVal.rfind('x', 0) == 0 || TargetVal.rfind('X', 0) == 0)
324 {
325 TargetVal = TargetVal.erase(0, 1);
326 }
327
328 TargetVal.erase(remove(TargetVal.begin(), TargetVal.end(), '`'), TargetVal.end());
329
330
331
332
334 {
335 ShowMessages("please specify a byte (hex) value for 'sb' or '!sb'\n\n");
336 return;
337 }
338
340 {
341 ShowMessages("please specify a dword (hex) value for 'sd' or '!sd'\n\n");
342 return;
343 }
344
346 {
347 ShowMessages("please specify a qword (hex) value for 'sq' or '!sq'\n\n");
348 return;
349 }
350
351
352
353
354
356 {
357 ShowMessages("please specify a correct hex value to search in the "
358 "memory content\n\n");
360 return;
361 }
362 else
363 {
364
365
366
367 ValuesToEdit.push_back(
Value);
368
369
370
371
372 CountOfValues++;
373
375 {
376
377
378
380 }
381 continue;
382 }
383 }
384 }
385
386
387
388
390 {
392 return;
393 }
394
395 if (ProcId == 0)
396 {
397 ProcId = GetCurrentProcessId();
398 }
399
400
401
402
404 SearchMemoryRequest.
Address = Address;
406
407
408
409
410 if (!SetAddress)
411 {
412 ShowMessages("please specify a correct hex address\n\n");
414 return;
415 }
417 {
418 ShowMessages(
419 "please specify a correct hex value as the content to search\n\n");
421 return;
422 }
423 if (!SetLength)
424 {
425 ShowMessages("please specify a correct hex value as the length\n\n");
427 return;
428 }
429 if (NextIsProcId)
430 {
431 ShowMessages("please specify a correct hex value as the process id\n\n");
433 return;
434 }
435 if (NextIsLength)
436 {
437 ShowMessages("please specify a correct hex length\n\n");
439 return;
440 }
441
442
443
444
446
447
448
449
451
452
453
454
455 SearchMemoryRequest.
Length = Length;
456
458 {
460 }
461
462
463
464
465 FinalBuffer = (UINT64 *)malloc(FinalSize);
466
467 if (!FinalBuffer)
468 {
469 ShowMessages("unable to allocate memory\n\n");
470 return;
471 }
472
473
474
475
476 ZeroMemory(FinalBuffer, FinalSize);
477
478
479
480
482
483
484
485
487
488
489
490
492 {
493
494
495
497 }
498 else
499 {
500
501
502
504 }
505
506
507
508
509 free(FinalBuffer);
510}
VOID SetValue(PGUEST_REGS GuestRegs, SCRIPT_ENGINE_GENERAL_REGISTERS *ScriptGeneralRegisters, PSYMBOL Symbol, UINT64 Value)
Set the value.
Definition ScriptEngineEval.c:185
BOOLEAN g_IsSerialConnectedToRemoteDebuggee
Shows if the debugger was connected to remote debuggee over (A remote guest).
Definition globals.h:253
ACTIVE_DEBUGGING_PROCESS g_ActiveProcessDebuggingState
State of active debugging thread.
Definition globals.h:372
std::string GetCaseSensitiveStringFromCommandToken(CommandToken TargetToken)
Get case sensitive string from command token.
Definition common.cpp:467
std::string GetLowerStringFromCommandToken(CommandToken TargetToken)
Get lower case string from command token.
Definition common.cpp:484
BOOLEAN CompareLowerCaseStrings(CommandToken TargetToken, const CHAR *StringToCompare)
Compare lower case strings.
Definition common.cpp:503
BOOLEAN ConvertTokenToUInt64(CommandToken TargetToken, PUINT64 Result)
add ` between 64 bit values and convert them to string
Definition common.cpp:447
BOOLEAN ConvertTokenToUInt32(CommandToken TargetToken, PUINT32 Result)
check and convert command token to a 32 bit unsigned integer
Definition common.cpp:546
RequestedActionOfThePacket Value(0x1) 00000000
BOOLEAN KdSendSearchRequestPacketToDebuggee(UINT64 *SearchRequestBuffer, UINT32 SearchRequestBufferSize)
Sends search query request packet to the debuggee.
Definition kd.cpp:1353
HANDLE g_DeviceHandle
Holds the global handle of device which is used to send the request to the kernel by IOCTL,...
Definition globals.h:481
BOOLEAN g_IsKdModuleLoaded
shows whether the kernel debugger (KD) module is loaded or not
Definition globals.h:22
NULL()
Definition test-case-generator.py:530
VOID CommandSearchSendRequest(UINT64 *BufferToSendAsIoctl, UINT32 BufferToSendAsIoctlSize)
Send the request of search to the kernel.
Definition s.cpp:63
VOID CommandSearchMemoryHelp()
help of !s* s* commands
Definition s.cpp:27
UINT64 Length
Definition RequestStructures.h:548
UINT32 ProcessId
Definition RequestStructures.h:549
UINT32 CountOf64Chunks
Definition RequestStructures.h:552
UINT32 FinalStructureSize
Definition RequestStructures.h:553
UINT64 Address
Definition RequestStructures.h:547
DEBUGGER_SEARCH_MEMORY_BYTE_SIZE ByteSize
Definition RequestStructures.h:551
DEBUGGER_SEARCH_MEMORY_TYPE MemoryType
Definition RequestStructures.h:550
BOOLEAN SymbolConvertNameOrExprToAddress(const string &TextToConvert, PUINT64 Result)
check and convert string to a 64 bit unsigned integer and also check for symbol object names and eval...
Definition symbol.cpp:359