-
Notifications
You must be signed in to change notification settings - Fork 35
/
BreakPoints.txt
44 lines (31 loc) · 1.51 KB
/
BreakPoints.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
Heap Handles
=============
?poi(ole32!g_hHeap)
?poi(MSHTML!g_hProcessHeap)
?poi(MSHTML!g_hIsolatedHeap)
View Isolated and Process Heap Segment Details
==============================================
!heap -p -h poi(MSHTML!g_hIsolatedHeap)
!heap -p -h poi(MSHTML!g_hProcessHeap)
Javascript Logging
===================
Math.atan2(0xdeadbeef, "Log: This is a test message");
bp jscript9!Js::Math::Atan2 ".printf \"Log: %mu\", poi(poi(esp+14)+0c);.echo;gc"
Record Heap Allocation Windows 7 SP1 x86
=========================================
bp !ntdll+00052ebc ".printf \"Allocation: %p Size: 0x%x\", @eax, poi(@esp+0c);.echo;gc"
Record Heap Frees Windows 7 SP1 x86
====================================
bp ntdll!RtlFreeHeap ".printf \"Free @ %p\", poi(@esp+0c);.echo;gc"
Record Allocations MsGestureEvent
=================================
bp MSHTML!CDOMMSGestureEvent::Create+0x24 ".printf \"MsGestureEvent @ %p\", @eax;.echo;gc"
Misc
=================================
bp jscript9!Js::Math::Atan2 ".printf \"Log: %mu\", poi(poi(esp+14)+0c);.echo;gc"
bp MSHTML!CDOMMSGestureEvent::Create+0x24 ".printf \"MsGestureEvent @ %p\", @eax;.echo;gc"
bp ntdll!RtlFreeHeap ".printf \"Free @ %p\", poi(@esp+0c);.echo;gc"
bp MSHTML!CDOMStringDataList::InitFromString
bp jscript9!Js::Math::Atan2 ".printf \"Log: %mu\", poi(poi(esp+14)+0c);.echo;!heap -flts 0x0a0;.echo;gc"
bp jscript9!Js::Math::Atan2 ".printf \"Log: %mu\", poi(poi(esp+14)+0c);.echo;"
bp MSHTML!CDOMStringDataList::InitFromString ".printf \"InitFromString ESI: %p\", @esi-8;.echo;gc;"