GEOS SDK TechDocs
|
| 
2 Notation
| 
4 On-line Help
Address expressions are used as arguments to any Swat command that accesses memory. For example, the
pobject
command takes an address expression as an argument and prints out information about the object at that address. An address expression can be a symbol name, which is just the name of a pointer, or a
symbol path
. A symbol path has the following structure, where scope is the name of a patient, module, function, structure type, union type, enumerated type, or assembly record type:
(<scope>::)+<symbol>
Some of the more common symbol path formats are:
<module>::<symbol> <patient>::<symbol> <patient>::<module>::<symbol> <structure name>::<field name>
The symbol path is used when there is more than one symbol of a given name or if a symbol of a different application is needed. A symbol can be represented in a variety of ways: the name of an object, a field of a structure, a register/number combination, a number from the address history, an element of an array, nested Tcl commands, or a Tcl variable. Array indexing is used as follows:
<addr> [<n>]
which will return the zero-based element
n
from the given
addr
, even if
addr
is not an array.
Another important way of representing the symbol is as a
segment:offset
pair. In this, the segment is a constant, a register, a module, or a handle ID given as
^h<id>
where
id
is a constant or register.
There are several operators which are used to make memory examination and manipulation easier in Swat. These operators are shown below (in order of highest precedence to lowest):
^h
The
carat-h
is used to dereference a memory handle when representing an address as a
handle:offset
pair (this is also known as a "heap pointer" representation) or when accessing a particular block of memory. It is often used in the situation when a memory handle is in one register (such as BX) and the offset is in another register (such as SI). This is similar to the ^l operator (below), but it requires an offset into the block rather than a chunk handle. The
^h
operator is used thus:[hello3:0] 6 => print ^hdx:ALB_appRef
.
The
period
is used to access a field in a structure. For example, to get the top bound part of a rectangle structure stored as a global variable:[hello3:0] 8 => print theRect.R_top
+ -
The addition and subtraction operators are used to add and subtract symbols to and from other symbols and constants. If two symbols in the same segment are subtracted, a constant will be the result.
^l
The
carat-l
is used to dereference an optr, a pointer in the form
handle:chunk-handle
(this is also known as a "local memory pointer"). This is similar to the
^h
operator, but
^l
requires a chunk handle rather than an offset. If an optr is stored in CX:DX, for example, the ^l operator could be used to dereference it as follows:[hello3:0] 11 => pobj ^lCX:DX [hello3:0] 12 => pobj ^l0x43d0:0x022
:
The
colon
is the segment/offset operator, used to separate the segment and offset in a
segment:offset
pair.[hello3:0] 13 => pobj ^hCX:DX [hello3:0] 14 => pobj 0x43d0:0x022 [hello3:0] 15 => pobj INTERFACE:HelloView
*
The
asterisk
is a pointer-dereferencing operator, as in the C programming language:[hello3:0] 16 => print SubliminalTone @5: SubliminalTone = 7246h
[hello3:0] 17 => print *(&SubliminalTone)
@6: *(&SubliminalTone) = 7246h
^v
The
carat-v
is the virtual memory operator, used to get to the base of a block that is in a Virtual Memory file given the file handle and VM block handle. The correct usage of the
^v
operator is:^v<file>:<VM_block>
Much of the time the type of data stored at the address given by the address expression is implicit in the expression. Sometimes in ambiguous situations (using code as data), however, the type of data must be explicitly stated in the address expression. This is done by indicating the type of the data followed by a space and then a normal address expression. For example, in the expression
dword ds:14h
the data at
ds:14h
will be treated as a double word.
GEOS SDK TechDocs
|
| 2 Notation
| 4 On-line Help