forked from 0vercl0k/windbg-scripts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
readmemory.js
26 lines (22 loc) · 683 Bytes
/
readmemory.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
// Axel '0vercl0k' Souchet - Dec 2017
"use strict";
let logln = function (e) {
host.diagnostics.debugLog(e + '\n');
}
function read_u64(addr) {
return host.memory.readMemoryValues(addr, 1, 8)[0];
}
function invokeScript() {
let Regs = host.currentThread.Registers.User;
let a = read_u64(Regs.rsp);
logln(a.toString(16));
try {
read_u64(0xdeadbeef);
} catch(e) {
logln(e);
}
let WideStr = host.currentProcess.Environment.EnvironmentBlock.ProcessParameters.ImagePathName.Buffer;
logln(host.memory.readWideString(WideStr));
let WideStrAddress = WideStr.address;
logln(host.memory.readWideString(WideStrAddress));
}