From mboxrd@z Thu Jan 1 00:00:00 1970 X-Greylist: delayed 455 seconds by postgrey-1.37 at hurricane; Sat, 01 Jun 2019 12:00:23 PDT Received: from out.smtp-auth.no-ip.com (smtp-auth.no-ip.com [8.23.224.60]) by hurricane.the-brannons.com (Postfix) with ESMTPS id 764B277BBB for ; Sat, 1 Jun 2019 12:00:23 -0700 (PDT) X-No-IP: carhart.net@noip-smtp X-Report-Spam-To: abuse@no-ip.com Received: from carhart.net (unknown [99.57.137.251]) (Authenticated sender: carhart.net@noip-smtp) by smtp-auth.no-ip.com (Postfix) with ESMTPA id 0373337FDA0 for ; Sat, 1 Jun 2019 11:52:47 -0700 (PDT) Received: from localhost (kevin@localhost) by carhart.net (8.15.2/8.15.2) with ESMTP id x51IqlZl169979 for ; Sat, 1 Jun 2019 11:52:47 -0700 Date: Sat, 1 Jun 2019 11:52:47 -0700 (PDT) From: Kevin Carhart To: edbrowse-dev@lists.the-brannons.com Subject: [edbrowse-dev] $bp Message-ID: User-Agent: Alpine 2.21 (DEB 202 2017-01-01) X-BeenThere: edbrowse-dev@edbrowse.org List-Id: Edbrowse Development List MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset=US-ASCII Exciting stuff - I'm starting with $bp. I'm unpacking the bp routine to understand it, so if I write up a little paraphrasing here, could you remark if I have grasped how it works? The thing that you inject is eval($bp). It's legal to call it with or without a line number passed in. If you call it without a line, it is called as $bp(0). So now you're inside function(l) If you passed in a line, it alerts what that line number is. If l == 0 , it doesn't alert. while (true) - on its own, this is an idiom for looping forever, right? So potentially forever, you do a series of things. Use window.prompt to prompt the user that they're at the breakpoint and have a REPL which is indistinguishable from jdb. You can run ok(window) or whatever! The user's response is stored in res. In case they said nothing, keep going with the infinite while(true) and carry on to the try-catch. In case they typed ".", break out of while(true) and duktape can keep processing JS. Now if you're still going, you reach the try-catch On the assumption that res is legal javascript, try to evaluate it. If it worked, alert the returned value from eval. If there was an error, alert the error Now continue to while(true) forever until the user enters "." So in aggregate, when duktape hits eval($bp), it evaluates $bp, where $bp is JS code in its own right which implements a self-contained REPL. It is indistinguishable from jdb and will evaluate your JS for as long as you want. The reason why you can find out about things like transitory private variables with a brief life is simply because you're running a REPL at any moment in time within the JS execution. Very cool - I had no clue this was possible without needing to understand the Duktape C. Kevin