WinDbg the alias command (as, aS) which is useful in script, but the script is not good WinDbg a design language, usually in writing WinDbg script will encounter various pits, including the evaluation alias command.
Compared with the variable, WinDbg's alias is more like C language macros. He can put a name defined as a specified string, environment variables, string address given, even the output string value of the expression or WinDbg command. C language macro defined only in the active end point to a file (if the latter is not undef), evaluated the alias is WinDbg this process is explained below.
Suppose have alias (aS foo bar), or run command .echo foo .echo $ {foo} (the latter may be provided to display parameters and tokenize alias name, such as the $ {/ v: foo}, reference WinDbg help). In operation .echo foo command before , the entire command string will execute the WinDbg alias replacement, replacement is completed in the entire command execution, the runtime stack as follows:
dbgeng!ReplaceAliases dbgeng!PreprocessExternalStrBuf dbgeng!PreprocessExternalString dbgeng!Execute dbgeng!DebugClient::ExecuteWide ...
If only the above rules, it is a simple calculation, also very obvious shortcomings, that is if the input is a combination of a plurality of commands, separated by semicolons, defined before the command can not be applied to the back of the alias command. Of course, if each command will run all do very confusing to replace all remaining orders, especially in the case there will be cycles, not easy to understand. WinDbg approach is to do the replacement of the internal potential alias block in front of each block started. In addition, the entire command input, though not a block, but will do alias replaced at the start. This relationship alias command, and block, if you want to reference previously defined in the following alias definition of a command, the command is preferably the back of the inside into a new block, such as the output of the command which foo (before the experiment if foo It has been defined as an alias, the best deleted):
aS foo bar; .echo foo
The following may be output while the bar:
aS foo bar; .block{.echo foo}
Replace foo runtime stack as follows:
dbgeng!ReplaceAliases dbgeng!PreprocessExternalStrBuf dbgeng!PreprocessExternalString dbgeng!ProcessCurBraceBlock dbgeng!DotBlock dbgeng!DotCommand dbgeng!Execute dbgeng!DebugClient::ExecuteWide ...
We understand the basic mechanism can understand the evaluation of the WinDbg alias. Due to the replacement alias can recursively, in order to avoid accidental recursive substitution occurs, there is a rule that if a block is as / aS / al / ad does not have any command starts with the character before (a, then the current block is not replaced, such as the following commands are still output foo:
aS foo bar; .block{aS foo1 bar1;.echo foo}
The following command can be output while the bar, there is only the difference between the space before the second aS:
aS foo bar; .block{ aS foo1 bar1;.echo foo}
The last block on the WinDbg, .block {} which will define a new block, in fact, a new block, such as .if (cond) {}. Else {} braces and all will be defined on the run from the top of the stack ProcessCurBraceBlock also reflect.
Transfer: https: //zhuanlan.zhihu.com/p/20908953