Add Output Decolorizer/No color option

[Zhentar]

I'm searching for... something in a haystack. I don't even know what exactly the something is yet. I've got a memory dump, and a million candidate addresses in a file; I want to read the value for each from the dump and analyze the results.

Get-Content Candidates.log | Read-DbgMemory -LengthInBytes 4 | Out-String -Stream | Out-File Values.txt gets me almost all of the way there - except that the output is crammed full of formatting control characters. An option to print things without formatting, or strip the control strings out, would be very helpful for this.

[jazzdelightsme]

Thanks for the feedback!

It smells a bit funny to have to do text processing; one of the big advantages of doing stuff in Powershell/DbgShell is that you can have objects, not strings.

That said, I understand sometimes it's necessary to interop with something, or even just have a way to simply persist a lot of intermediate results. So:

There is code in DbgShell that will do it:

Get-Content Candidates.log | `
    Read-DbgMemory -LengthInBytes 4 | `
    Out-String -Stream | `
    %{ [MS.Dbg.ColorString]::StripPrerenderedColor( $_ ) } | `
    Out-File Values.txt

So then the question is: how to make it more discoverable?

Perhaps a cmdlet/function to wrap that method... but what should the noun be? Remove-Color, maybe?

Were there any command names that you searched for (but didn't find)?

[jazzdelightsme]

BTW... I assume you are/were attached to a 32-bit target, because I noticed a bug with Read-DbgMemory--the default memory display format is PointersWithAscii, but if pointers are 8 bytes and you only read 4 bytes... it won't display anything (because you didn't even read a full pointer). (I'll fix this.)

Did you want the ascii in your output? If not, you can tell it what you want the display format to be. Ex: Read-DbgMemory -DefaultDisplayFormat DWords ....

And another point about this... another way you could not even go through [MS.Dbg.DbgMemory]'s formatting is to just access the DbgMemory object directly. Something like:

Get-Content Candidates.log | `
    Read-DbgMemory -LengthInBytes 4 | `
    %{ $_.StartAddress.ToString( "x" ) + " " + $_.DWords[ 0 ].ToString( "x" ) } | `
    Out-File Values.txt

[Zhentar]

but what should the noun be? Remove-Color, maybe?

Out-StringNoColor would make sense to me and be pretty easy to find.

Funny thing about the PointersWithAscii... I successfully ran it twice without any Ascii characters in it, then today I ran it again and they showed up. And I just realized why.... DefaultDisplayFormat is sticky. The times I ran it before had been preceded by dd commands. I understand why it behaved that way now, but it's a bit surprising.

[jazzdelightsme]

Yeah, sorry about the memory command stickiness. It was intended to model the same experience as windbg, but in hindsight, perhaps the "stickiness" part could have been done just for the windbg-like commands (dd, dp, etc.) and Read-DbgMemory could've been more standard. I don't know that it's worth bothering about right now, though.

For the new command, I decided to have it both ways--I named the function Remove-Color, but added an alias Out-StringNoColor.

The issue with Read-DbgMemory not showing anything if the display format doesn't jive with the read size is also fixed.

Thanks again for contributing!