change function return value - windbg

I have a .net application that is doing COM interop and calling some native library APIs. One of these APIs are returning some data that is unexpected and causing headaches for me. I am looking for some way of forcing the return value of the managed API. This is not going to solve my problem but help me narrow a few things down. I am simplifying things a bit below.
Keeping all this in mind, Let's say my managed class name MyClass and it has two methods ParentMethod() and ChildMethod(). ParentMethod calls ChildMethod which internally calls those native APIs. The ChildMethod itself returns a bool.
After breaking into my app via Windbg I first ran !dumpheap -type MyClass command that gave me following output
0:027> !dumpheap -type MyClass
Address MT Size
0ac7e7e4 04ac5030 100
total 0 objects
Statistics:
MT Count TotalSize Class Name
04ac5030 1 100 MyNamespace.MyClass
Total 1 objects
I then ran following command trying to get the address of the methods in this class.
0:027> !dumpmt -md 04ac5030
EEClass: 04ac1b20
Module: 04ac49c8
Name: MyNamespace.MyClass
mdToken: 02000002
File: MyAssemblyName, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
BaseSize: 0x64
ComponentSize: 0x0
Slots in VTable: 61
Number of IFaces in IFaceMap: 4
MethodDesc Table
Entry MethodDesc JIT Name
04b20270 04ac4fd0 JIT MyNamespace.MyClass..ctor()
04b20230 04ac4ffc JIT MyNamespace.MyClass..cctor()
04acc081 04ac4fd8 NONE MyNamespace.MyClass.ParentMethod()
04acc085 04ac4fe4 NONE MyNamespace.MyClass.ChildMethod()
04b202c0 04ac4ff0 JIT MyNamespace.MyClass.InitializeComponent()
I have found Naveen's blog entry where he describes some technique of doing something along the same line but I couldn't figure out what exact step should I take from here. Any help will be highly appreciated.

Here are simple steps
bp 04acc085 - Which is the ChildMethod
When the break-point hits then issue the command bp poi(#esp) which sets the break-point on return register
And the when the second break-point hits you could change the value to true using r eax=00000001 . The eax register stores the return value in x86
Or another way is to bp 04acc085 "gu;r eax=00000001;gc" which will do the same in one line

Related

I am getting an error while trying to pass the data from scoreboard to sequence, how to get rid of it?

I am new to UVM and I am trying to verify a memory design where I am trying to run a write sequence multiple times followed by read sequence same number of times so that I could read the same addresses I am writing to, and compare. For this I tried to create a new class extended from uvm_object with a queue to store the addresses I am writing to, so that I could use them in read seq and I am instantiating this class in the scoreboard and then sending the handle of class to the read sequence via uvm_config_db, now the issue is I am able to store addresses in queue but unable to get the class handle in read sequence ......Is this the right way of checking or is there some better way to check the write and read back from memory, please help me !
entire code link (yet to complete): https://www.edaplayground.com/x/3iTr
Relevant code snippets:
This is the class I created to store the addresses
class address_list extends uvm_object;
reg[7:0]addr_q[$];
function new(string name);
super.new(name);
endfunction
endclass;
In my scoreboard, I am passing the handle of class with address queue to the read sequence, here is the snippet from scoreboard
virtual function void write(mem_seq_item pkt);
if(pkt.wr_en==1)
begin
pkt_qu_write.push_back(pkt);
addr.addr_q.push_back(pkt.addr);
uvm_config_db#(address_list)::set(uvm_root::get(),"*","address",addr);
end
if(pkt.rd_en==1)
pkt_qu_read.push_back(pkt);
`uvm_info(get_type_name(),$sformatf("Adder list is
%p",addr.addr_q),UVM_LOW)
endfunction : write
In my read sequence, I am trying to get the handle
virtual task body();
repeat(3)
`uvm_do(wr_seq)
if(!uvm_config_db#(address_list)::get(this, " ", "address", addr_))
`uvm_fatal("NO_VIF",{"virtual interface must be set for:",get_full_name(),".addr_"});
`uvm_info(get_type_name(),$sformatf("ADDR IS %p",addr_),UVM_LOW)
repeat(3)
`uvm_do(rd_seq)
endtask
Error-[ICTTFC] Incompatible complex type usage
mem_sequence.sv, 137 {line where i try to get from uvm_config_db}
Incompatible complex type usage in task or function call.
The following expression is incompatible with the formal parameter of the
function. The type of the actual is 'class $unit::wr_rd_sequence', while
the
type of the formal is 'class uvm_pkg::uvm_component'. Expression: this
Source info: uvm_config_db#
(_vcs_unit__3308544630::address_list)::get(this,
" ", "address", this.addr_)
There are two problems with this line:
if(!uvm_config_db#(address_list)::get(this, " ", "address", addr_))
One is causing your error. One might lead to you not being able to find what you're looking for in the database.
This (literally this) is causing your error. You are calling get from a class derived from uvm_sequence. The first argument to get is expecting a class derived from uvm_component. Your problem is that a sequence is not part of the testbench hierarchy, so you cannot use a sequence as the first argument to a call to get (or set) in a uvm_config_db. Instead the convention is to use the sequencer that the sequence is running on, which is returned by a call to the sequence's get_sequencer() method. This solves your problem:
if(!uvm_config_db#(address_list)::get(get_sequencer(), "", "address", addr_))
This works because you used a wildcard when you called set.
Notice that I also removed the space from between the quotes. That might not give you a problem, because you used the wildcard when you called set, but in general this string should either be empty or should be a real hierarchical path. (The hierarchy input to the set and get calls is split between the first argument - a SystemVerilog hierarchical path - and the second - a string representing a hierarchical path).
uvm_config_db is basically for passing configuration between components.
For purpose of passing data from scoreboard to sequence, you can use uvm_event.
Trigger event in scoreboard using event.trigger(address_list)
sequence wait for event using event.wait_for_trigger_data(address_list)

Doxygen : error variable seen as function

I have in a function the following variable :
97
98 UINT8 Reponse;
99 static UINT8 Initialisation = 0;
100 static DWORD StartTime = 0; //
Initialisation is also the name of one function :
void Initialisation(void)
When I clic on the hyperlink on Initialisation line 99, the block of function void Initialisation(void) is oppened.
Did any of you have an idea of what is appening ?
Thanks you for your help
Jean-Marie
See doxygen's Known Problems:
Not all names in code fragments that are included in the documentation are replaced by links (for instance when using SOURCE_BROWSER = YES) and links to overloaded members may point to the wrong member. This also holds for the "Referenced by" list that is generated for each function.
For a part this is because the code parser isn't smart enough at the moment. I'll try to improve this in the future. But even with these improvements not everything can be properly linked to the corresponding documentation, because of possible ambiguities or lack of information about the context in which the code fragment is found.
and
Doxygen does not work properly if there are multiple classes, structs or unions with the same name in your code. It should not crash however, rather it should ignore all of the classes with the same name except one.

How can I read data from COM object (an activex server) in MATLAB?

I am trying to connect a simulator to the MATLAB. The simulator program exposes a COM object interface.
I have connected to the COM object by the following command and can perform most of it methods:
h=actxserver(ProgID)
But some of its methods need passing of a Variant* type as output.
Here is the signature of one of the methods indicated by "invoke" method:
ReadOutputImage=Variant(Pointer) ReadOutputImage(handle, int32, int32, `ImageDataTypeConstants, Variant(Pointer))`
I have called this method with several syntax's, but none of them work:
a=uint8([0]) %means unsigned integer array with 1 member
h.ReadOutputImage(0,1,2,a) % 0 ,1 ,2 are contants pointing to the position, number of elements to read and size of elemnts while 2 shows Byte element (VT_UI2 COM type).
Other syntax's that I have tried and has no result are: using uint16, uint32, int8, int16, int32 for all of the followings:
logical types (like a=[false]),
cell arrays (like a={uint8([0])} )
empty cell array {}
empty array []
empty sring ''
I have used libpointer as well:
a=libpointer;
also a=libpointer('uint8Ptr',0)
also a=libpointer('bool',false)
also a=libpointer('bool',[0])
The problem is that I am not sure about the following items:
What is the similar type of " Variant(Pointer) " in MATLAB?
What is the method of passing a variable as output to a COM method in MATLAB?
Is it even possible to get a value from a COM object method result as a pointer in MATLAB?
To find how the data appears in other clients, I have imported the same dll file into Delphi and the signature of the type library for the above method is like this:
procedure ReadOutputImage(StartIndex: Integer; ElementsToRead: Integer;
DataType: ImageDataTypeConstants; var pData: OleVariant);
Yes Siemens has provided a guide for this com server (prosim) and based on such documentation I have connected and performed most of its methods. But the methods which read I/o data are not working. In documentation the method signature is specified as follows: (in VB)
STDMETHOD(CS7Prosim::ReadOutputImage)(long startindex,long elementstoread, imagedatatypeconstants DtaType, VARIANT* pData)
What about your application, was it working? Did it contains variant pointers as the returning argument? Did you have simillar methods in that application?
Thank you
I can help with #2 in your question. I just worked through this myself. Basically, any pass by reference to COM object you to access after it is modified, Matlab just spits back as an output.
[var1 a]=thisObject.DB.Execute(queryString,a)
See here
"The syntax shown here shows a server function being called by the MATLAB client. The function's return value is shown as retval. The function's output arguments (out1, out2, ...) follow this:
[retval out1 out2 ...] = handle.functionname(in1, in2, ...);
MATLAB makes use of the pass by reference capabilities in COM to implement this feature. Note that pass by reference is a COM feature. It is not available in MATLAB at this time."

ØMQ C function (shared library / .dll) binding causing hard crash on zmq_init

I'm trying to write an ABL binding for the ØMQ C library, but am crashing the Procedure Editor for my zmq_init function binding. I wrote a binding for zmq_version without issue, so I assume it's not a .dll file problem. Anyway, the C function prototype looks like this:
void *zmq_init (int io_threads);
The ABL code I've written is as follows:
PROCEDURE zmq_init EXTERNAL "libzmq.dll" CDECL:
DEFINE INPUT PARAMETER num_threads AS LONG.
DEFINE RETURN PARAMETER context_ptr AS MEMPTR.
END PROCEDURE.
DEF VAR mContext AS MEMPTR NO-UNDO.
RUN zmq_init(INPUT 0, OUTPUT mContext).
This particular function initializes a "0mq context" (potential problem: it's a thread pool) and returns a pointer to it. Could the error be related to OpenEdge's non-threaded nature, even though I'm calling an external library and requesting 0 threads be allocated in the pool?
Running the code in Procedure Editor makes it crash with a Windows "Progress Client has stopped working" error with Exception code: C0000005 ACCESS_VIOLATION (full stack trace here, although I don't always get a stack trace with info in it).
I've never done Windows C programming, but it looks like what I'd call a Segmentation Fault if I were on Unix using gcc (accessing protected memory). Speaking of which, I'd in fact rather run this code on a Unix machine but apparently Progress only provides evaluation developer OE environments for Windows :(.
I've disabled DEP without success. Is ABL trying to dereference the pointer when it returns from the library or something? Surely there has to be a way to handle signatures with a return value of void* that get malloc'ed in the library call.
I've paged through OpenEdge Development: Programming Interfaces, Tom Bascom's UNIX Shared Libraries PowerPoint, and some other PowerPoint called OpenEdge in an LDAP World that has some code samples but don't see anything obvious that I'm missing.
I'm on OpenEdge 10.2B, Windows 7 64-bit, however using the 32-bit version of OpenEdge as that's my only option for evaluation software. Anyone got a license I could borrow for compiling/running this code on CentOS? :-)
You are missing PERSISTENT keyword when you are declaring your procedures.
Please try the following code:
zmq.p
&SCOPED DLLNAME 'libzmq.so'
PROCEDURE zmq_init EXTERNAL {&DLLNAME} CDECL PERSISTENT:
DEF INPUT PARAMETER NumThreads AS LONG.
DEF RETURN PARAMETER Context AS MEMPTR.
END PROCEDURE.
PROCEDURE zmq_term EXTERNAL {&DLLNAME} CDECL PERSISTENT:
DEF INPUT PARAMETER Context AS MEMPTR.
DEF RETURN PARAMETER ResultStatus AS LONG.
END PROCEDURE.
PROCEDURE zmq_version EXTERNAL {&DLLNAME} CDECL PERSISTENT:
DEF OUTPUT PARAMETER major AS LONG.
DEF OUTPUT PARAMETER minor AS LONG.
DEF OUTPUT PARAMETER patch AS LONG.
END PROCEDURE.
check_zmq.p
DEF VAR Zmq AS HANDLE NO-UNDO.
DEF VAR MajorVersion AS INT NO-UNDO.
DEF VAR MinorVersion AS INT NO-UNDO.
DEF VAR PatchVersion AS INT NO-UNDO.
DEF VAR CallStatus AS INT NO-UNDO.
DEF VAR ZmqContext AS MEMPTR NO-UNDO.
RUN zmq.p PERSISTENT SET Zmq.
RUN zmq_version IN Zmq ( OUTPUT MajorVersion, OUTPUT MinorVersion, OUTPUT PatchVersion ).
MESSAGE MajorVersion MinorVersion PatchVersion.
RUN zmq_init IN Zmq ( 1, OUTPUT ZmqContext ).
RUN zmq_term IN Zmq ( ZmqContext, OUTPUT CallStatus ).
MESSAGE CallStatus.
FINALLY:
IF VALID-HANDLE(Zmq) THEN
DELETE PROCEDURE Zmq.
END FINALLY.
Could the error be related to OpenEdge's non-threaded nature, even though I'm calling an >external library and requesting 0 threads be allocated in the pool?
I ran into the same problem several times (Progress Client has stopped working) while i was working on some c# methods (called via clr bridge) in which I used threads.
Hiding the threads from progress by using some c# library classes(AsyncOperation,AsyncCallback) solved the problem, but most attempts caused the progress runtime to stop.
Related to .net the progress help states "You cannot use System.Threading.Thread, or any derived class — ABL is single-threaded."
I know that calling c# methods via clr bridge is completely different from invoking c libraries but maybe our problems are caused by the single threaded nature of OpenEdge.
I grabbed your code from github and changed the MEMPTR variables to INT64. This allowed it to run without crashing (10.2b05 32-bit on 64-bit Windows 7). Since the memory is being handled by zeromq, I think this is a safe way to handle the issue.

What is the difference between forward declaration and forward reference?

What is the difference between forward declaration and forward reference?
Forward declaration is, in my head, when you declare a function that isn't yet implemented, but is this incorrect? Do you have to look at the specified situation for either declaring a case "forward reference" or "forward declaration"?
A forward declaration is the declaration of a method or variable before you implement and use it. The purpose of forward declarations is to save compilation time.
The forward declaration of a variable causes storage space to be set aside, so you can later set the value of that variable.
The forward declaration of a function is also called a "function prototype," and is a declaration statement that tells the compiler what a function’s return type is, what the name of the function is, and the types its parameters. Compilers in languages such as C/C++ and Pascal store declared symbols (which include functions) in a lookup table and references them as it comes across them in your code. These compilers read your code sequentially, that is, top to bottom, so if you don't forward declare, the compiler discovers a symbol that it can't reference in the lookup table, and it raises an error that it doesn't know how to respond to the function.
The forward declaration is a hint to the compiler that you have defined (filled out the implementation of) the function elsewhere.
For example:
int first(int x); // forward declaration of first
...
int first(int x) {
if (x == 0) return 1;
else return 2;
}
But, you ask, why don't we just have the compiler make two passes on every source file: the first one to index all the symbols inside, and the second to parse the references and look them up? According to Dan Story:
When C was created in 1972, computing resources were much more scarce
and at a high premium -- the memory required to store a complex
program's entire symbolic table at once simply wasn't available in
most systems. Fixed storage was also expensive, and extremely slow, so
ideas like virtual memory or storing parts of the symbolic table on
disk simply wouldn't have allowed compilation in a reasonable
timeframe... When you're dealing with magnetic tape where seek times
were measured in seconds and read throughput was measured in bytes per
second (not kilobytes or megabytes), that was pretty meaningful.
C++, while created almost 17 years later, was defined as a superset
of C, and therefore had to use the same mechanism.
By the time Java rolled around in 1995, average computers had enough
memory that holding a symbolic table, even for a complex project, was
no longer a substantial burden. And Java wasn't designed to be
backwards-compatible with C, so it had no need to adopt a legacy
mechanism. C# was similarly unencumbered.
As a result, their designers chose to shift the burden of
compartmentalizing symbolic declaration back off the programmer and
put it on the computer again, since its cost in proportion to the
total effort of compilation was minimal.
In Java and C#, identifiers are recognized automatically from source files and read directly from dynamic library symbols. In these languages, header files are not needed for the same reason.
A forward reference is the opposite. It refers to the use of an entity before its declaration. For example:
int first(int x) {
if (x == 0) return 1;
return second(x-1); // forward reference to second
}
int second(int x) {
if (x == 0) return 0;
return first(x-1);
}
Note that "forward reference" is used sometimes, though less often, as a synonym for "forward declaration."
From Wikipedia:
Forward Declaration
Declaration of a variable or function which are not defined yet. Their defnition can be seen later on.
Forward Reference
Similar to Forward Declaration but where the variable or function appears first the definition is also in place.
forward declarations are used to allow single-pass compilation of a language (C, Pascal).
if forward references are allowed without forward declaration (Java, C#), a two-pass compiler is required.