Minor code formatting

Author: hugsy

Workspaces/LaunchAndExecute.debugTarget

@@ -1,21 +1,22 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <TargetConfig Name="C:\Windows\System32\notepad.exe" LastUsed="2022-07-14T23:44:46.0958299Z">
-    <EngineConfig />
-    <EngineOptions>
-        <Property name="DebugChildProcesses" value="false" />
-    </EngineOptions>
-    <TargetOptions>
-        <Option name="LaunchProcess">
-            <Property name="Executable" value="C:\Windows\System32\notepad.exe" />
-            <Property name="Arguments" value="" />
-        </Option>
-        <Option name="ExecuteCommand">
-            <Property name="Command" value="bu 4242424242424242" />
-        </Option>
-        <Option name="RestoreCommandHistory">
-            <Property name="History">
-                <Property value="dx @$curprocess.Environment.EnvironmentBlock.ProcessParameters" />
-            </Property>
-        </Option>
-    </TargetOptions>
+  <EngineConfig />
+  <EngineOptions>
+    <Property name="DebugChildProcesses" value="false" />
+  </EngineOptions>
+  <TargetOptions>
+    <Option name="LaunchProcess">
+      <Property name="Executable" value="C:\Windows\System32\notepad.exe" />
+      <Property name="Arguments" value="" />
+    </Option>
+    <Option name="ExecuteCommand">
+      <Property name="Command" value="bu 4242424242424242" />
+    </Option>
+    <Option name="RestoreCommandHistory">
+      <Property name="History">
+        <Property value="bu 4242424242424242" />
+        <Property value="dx @$curprocess.Environment.EnvironmentBlock.ProcessParameters" />
+      </Property>
+    </Option>
+  </TargetOptions>
 </TargetConfig>

scripts/JsSkeleton.js

@@ -2,6 +2,8 @@
 /// <reference path="../extra/JSProvider.d.ts" />
 ///
 /// @ts-check
+/// @links
+/// - https://aka.ms/JsDbgExt
 ///
 "use strict";
 

scripts/VadExplorer.js

@@ -1,5 +1,5 @@
 ///
-/// <reference path="JSProvider.d.ts" />
+/// <reference path="../extra/JSProvider.d.ts" />
 ///
 "use strict";
 
@@ -28,7 +28,7 @@ const PAGE_EXECUTE_READWRITE = 0x40;
 const PAGE_EXECUTE_WRITECOPY = 0x80;
 const PAGE_GUARD = 0x100;
 const PAGE_NOCACHE = 0x200;
-const PAGE_WRITECOMBINE =  0x400;
+const PAGE_WRITECOMBINE = 0x400;
 
 var PERMISSIONS = {};
 PERMISSIONS[PAGE_EXECUTE] = "PAGE_EXECUTE";
@@ -64,46 +64,40 @@ VAD_TYPES[VadRotatePhysical] = "VadRotatePhysical";
 VAD_TYPES[VadLargePageSection] = "VadLargePageSection";
 
 
-function SizeAsHumanReadableString(size)
-{
+function SizeAsHumanReadableString(size) {
     let step = 1024;
-    if(Math.abs(size) < step)
+    if (Math.abs(size) < step)
         return `${size}B`;
 
-    let units = ['kB','MB','GB','TB','PB','EB','ZB','YB'];
+    let units = ['kB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB', 'YB'];
     let u = -1;
-    do
-    {
+    do {
         size /= step;
         ++u;
     }
-    while(Math.abs(size) >= step && u < units.length - 1);
+    while (Math.abs(size) >= step && u < units.length - 1);
     return `${size.toFixed(1)}${units[u]}`;
 }
 
 
-function MakeQword(hi, lo)
-{
+function MakeQword(hi, lo) {
     return hi.bitwiseShiftLeft(32).add(lo);
 }
 
 
-function AlignHexString(value)
-{
+function AlignHexString(value) {
     return value.toString(16).padStart(10, "0");
 }
 
 
 /**
  *
  */
-class Vad
-{
+class Vad {
     /**
      *
      */
-    constructor(level, address, pMmProtectToValue)
-    {
+    constructor(level, address, pMmProtectToValue) {
         this.Level = level;
         this.Address = address;
         this.VadObject = host.createTypedObject(this.Address, "nt", "_MMVAD");
@@ -114,7 +108,7 @@ class Vad
         //
         this.__ProtectionIndex = this.VadObject.Core.u.VadFlags.Protection;
         this.__MmProtectToValue = pMmProtectToValue;
-        this.__Protection = u32(this.__MmProtectToValue.add(4*this.__ProtectionIndex));
+        this.__Protection = u32(this.__MmProtectToValue.add(4 * this.__ProtectionIndex));
 
         //
         // The 3-bit is an index in VAD_TYPES (see MI_VAD_TYPES - https://www.nirsoft.net/kernel_struct/vista/MI_VAD_TYPE.html)
@@ -131,8 +125,7 @@ class Vad
     /**
      *
      */
-    get Protection()
-    {
+    get Protection() {
         var p = [];
         if (this.__Protection & PAGE_EXECUTE)
             p.push(PERMISSIONS[this.__Protection & PAGE_EXECUTE]);
@@ -163,67 +156,59 @@ class Vad
     /**
      *
      */
-    get VadType()
-    {
+    get VadType() {
         return VAD_TYPES[this.__VadType];
     }
 
 
     /**
      *
      */
-    get Filename()
-    {
-        if(this.__VadType == VadNone)
+    get Filename() {
+        if (this.__VadType == VadNone)
             return "";
 
-       try
-       {
+        try {
             let ControlArea = host.createTypedObject(this.VadObject.Subsection.ControlArea.address, "nt", "_CONTROL_AREA");
             let FileObjectAddress = ControlArea.FilePointer.Value.bitwiseAnd(-16);
             let FileObject = host.createTypedObject(FileObjectAddress, "nt", "_FILE_OBJECT");
-            return host.memory.readWideString(FileObject.FileName.Buffer.address, FileObject.FileName.Length/2);
-       }
-       catch(e)
-       {
-           return "";
-       }
+            return host.memory.readWideString(FileObject.FileName.Buffer.address, FileObject.FileName.Length / 2);
+        }
+        catch (e) {
+            return "";
+        }
     }
 
     /**
      *
      */
-    IsInRange(address)
-    {
+    IsInRange(address) {
         return (address.compareTo(this.VaStart) >= 0 && address.compareTo(this.VaEnd) < 0);
     }
 
     /**
      *
      */
-    toString()
-    {
+    toString() {
         let txt = "VAD(";
         txt += `Address=${this.Address.toString(16)}, VpnStart=${AlignHexString(this.VpnStart)}, VpnEnd=${AlignHexString(this.VpnEnd)}`
-        txt +=`, Protection=${this.Protection}, VadType=${this.VadType}`;
-        txt +=`, Size=${SizeAsHumanReadableString(this.Size)}`;
+        txt += `, Protection=${this.Protection}, VadType=${this.VadType}`;
+        txt += `, Size=${SizeAsHumanReadableString(this.Size)}`;
 
-        if(this.Filename)
+        if (this.Filename)
             txt += `, Filename=${this.Filename}`;
         txt += ")";
         return txt;
     }
 }
 
 
-class VadList
-{
+class VadList {
 
     /**
      *
      */
-    constructor(process)
-    {
+    constructor(process) {
         this.__process = process;
         this.__entries_by_level = new Array();
         this.__pMmProtectToValue = host.getModuleSymbolAddress("nt", "MmProtectToValue");
@@ -233,12 +218,10 @@ class VadList
     /**
      * MaxLevel getter
      */
-    get MaxLevel()
-    {
-        let MaxLevel  = 0;
+    get MaxLevel() {
+        let MaxLevel = 0;
 
-        for(let vad of this)
-        {
+        for (let vad of this) {
             if (vad.Level > MaxLevel)
                 MaxLevel = vad.Level;
         }
@@ -250,25 +233,22 @@ class VadList
     /**
      * Average level getter
      */
-    get AverageLevel()
-    {
-        return this.__entries_by_level.indexOf(Math.max(...this.__entries_by_level) );
+    get AverageLevel() {
+        return this.__entries_by_level.indexOf(Math.max(...this.__entries_by_level));
     }
 
 
     /**
      * Process getter
      */
-    get Process()
-    {
+    get Process() {
         return this.__process;
     }
 
     /**
      * Help
      */
-    get [Symbol.metadataDescriptor]()
-    {
+    get [Symbol.metadataDescriptor]() {
         return {
             Process:
             {
@@ -279,16 +259,15 @@ class VadList
             MaxLevel: {
                 PreferShow: true,
                 Help: "The maximum level of recursion for the process's VADs."
-          },
+            },
         };
     }
 
 
     /**
      *
      */
-    *[Symbol.iterator]()
-    {
+    *[Symbol.iterator]() {
         for (let vad of this.__Walk(0, this.__process.VadRoot.Root.address))
             yield vad;
     }
@@ -297,11 +276,10 @@ class VadList
     /**
      *
      */
-    *__Walk(level, VadAddress)
-    {
+    *__Walk(level, VadAddress) {
         var nodeObject = host.createTypedObject(VadAddress, "nt", "_RTL_BALANCED_NODE");
 
-        if( nodeObject.isNull || nodeObject.Left == undefined || nodeObject.Right == undefined)
+        if (nodeObject.isNull || nodeObject.Left == undefined || nodeObject.Right == undefined)
             return;
 
         if (this.__entries_by_level.length < level + 1)
@@ -311,11 +289,11 @@ class VadList
 
         yield new Vad(level, VadAddress, this.__pMmProtectToValue);
 
-        if(nodeObject.Left)
-            yield *this.__Walk(level+1, nodeObject.Left.address);
+        if (nodeObject.Left)
+            yield* this.__Walk(level + 1, nodeObject.Left.address);
 
-        if(nodeObject.Right)
-            yield *this.__Walk(level+1, nodeObject.Right.address);
+        if (nodeObject.Right)
+            yield* this.__Walk(level + 1, nodeObject.Right.address);
     }
 
     /**
@@ -324,30 +302,25 @@ class VadList
      * @param {host.Int64} virtualAddress An address to find in the process
      * @returns {Vad} If the function finds the VAD, it returns a Vad object, else it returns null
      */
-    LookupVad(virtualAddress)
-    {
+    LookupVad(virtualAddress) {
         var currentLevel = 0;
         var currentVadAddress = this.__process.VadRoot.Root.address;
 
-        while (currentVadAddress.compareTo(0) != 0)
-        {
+        while (currentVadAddress.compareTo(0) != 0) {
             var currentVad = new Vad(currentLevel, currentVadAddress, this.__pMmProtectToValue);
 
-            if (currentVad.IsInRange(virtualAddress))
-            {
+            if (currentVad.IsInRange(virtualAddress)) {
                 return currentVad;
             }
 
             currentLevel += 1;
 
             var currentNodeObject = host.createTypedObject(currentVadAddress, "nt", "_RTL_BALANCED_NODE");
 
-            if (currentVad.VaStart.compareTo(virtualAddress) > 0) 
-            {
+            if (currentVad.VaStart.compareTo(virtualAddress) > 0) {
                 currentVadAddress = currentNodeObject.Left.address;
-            } 
-            else 
-            {
+            }
+            else {
                 currentVadAddress = currentNodeObject.Right.address;
             }
         }
@@ -360,10 +333,8 @@ class VadList
 /**
  *
  */
-class ProcessVads
-{
-    get Vads()
-    {
+class ProcessVads {
+    get Vads() {
         return new VadList(this);
     }
 }
@@ -372,12 +343,11 @@ class ProcessVads
 /**
  *
  */
-function initializeScript()
-{
+function initializeScript() {
     //log("[+] Extending EPROCESS with Vads property...");
 
     return [
         new host.apiVersionSupport(1, 3),
-        new host.typeSignatureExtension(ProcessVads,  "_EPROCESS"),
+        new host.typeSignatureExtension(ProcessVads, "_EPROCESS"),
     ];
 }