DebugTools 0.3.0

New Features

• Add Get-DbgProxy cmdlet (experimental): creates a proxy around an object contained in another process, and allows interacting with it as if it were a native dynamic object! Very cool

• Add Get-PEHeader cmdlet. Emits the in-memory PE Header based on a specified process + module name

• Add Get-DbgStaticField cmdlet. Lists all static fields contained in a remote process (Note: due to the way generic types are implemented within the CLR, this cmdlet may or may not find static fields contained within certain generic. Also, see known issues below)

• Add Get-UiMessage cmdlet (experimental): allows monitoring the window messages of a target process (similar to Spy++). Currently only provides enhanced WPARAM / LPARAM analysis of a limited subset of message types.

  When monitoring messages that have the same WPARAM / LPARAM meanings (e.g. in WM_MOUSEMOVE and WM_LBUTTONDOWN, the WPARAM and WPARAM are KeyModifiers and X + Y respectively) Get-UiMessage will synthesize a custom PowerShell Object Format so that you can easily see what values are contained within the window messages, rather than simply looking at meaningless WPARAM / LPARAM columns

• Add Send-UiMessage cmdlet (experimental): allows sending arbitrary window message values to a target process. Marshalling of custom WPARAM / LPARAM structures is not yet implemented

• Add initial support for performing UI automation (experimental)

Improvements

• Add -Synchronous parameter to Start-DbgProfiler. Allows synchronously receiving events from the profiler, guaranteeing that all events arrive (at the cost of performance). Useful when a complex target (such as Visual Studio) is generating way too many events for ETW to deal with

Bugfixes

• Fix the profiler crashing attempting to read pointers that are not null terminated

Known Issues

• Get-DbgStaticField will crash when attempting to process types that are nested inside of generic types. Specify more specific filters so these don't get caught