JavaScript - Debugging 
by The Sandman
12th March 1999 
 
 
Title
 
Understanding JavaScript
Written by The Sandman 
 
Rating
( X )Beginner   ( )Intermediate   ( )Advanced   ( )Expert 
 
Introduction
   
Greetings Crackers,  

JavaScript will at first, seem quite daunting and complex to understand when you begin reversing it's scripts.  While there is a fair amount of resources to be had from searching the net for JavaScript related matirials, there's very little to explain 'how to reverse it'. In software reversing we have an array of powerful toolz at our command that provides us with an inside view of any unfamiliar code we may come across. JavaScript however is different, we're told we must use a pen and paper and work the script out for ourselves.. Well, that isn't strictly true, we do have some methods we can use, that will help us to better understand scripts and this is the purpose of this tutorial, to educate and teach you these techniques and provide you with access to any/all toolz currently available..  
 
Tools
Required
      
Netscape Browser.     
An open mind.     
Patience. 
 
About this
tutorial
   
This tutorial will be updated as-and-when new techniques, methods are found to help you better reverse and understand JavaScript. In the meantime, learn and study what has been written here and if you have something new to add here then by all means let me know and I will include it here.  
 
T
H
E
 
E
S
S
A
Y
     
JavaScript Alerts. 

Yep, no doubt we've seen these plenty of those annoying Alert box's on those web pages our Browser's have found something wrong with.  Typically, a dialogue box is displayed describing the error, for example: Line 56: Variable XXXXX is not defined 

For most of us this rarely makes much sense to us and we click on the OK button and continue on as though nothing had happened. But we can change use this method to our advantage and get much more from our scripts, to the point where it can help us reverse even the most complex of scripts. 

Alert Box's are highly configurable, therefore we can get it to display any value/variable we wish and just as importantly, they halt the script dead in it's tracks, allowing us time to read it's contents.  From our point of view, Alert Box's can be as detailed and meaningful as we like and their use has no effect on the rest of the script, so we can use as many as we wish. Alert Box's can be placed almost anywhere within the script we want to reverse, inside functions, For Loops, IF statements making it a powerful tool for monitoring those elusive variables / arrays etc. 

Basically, alert box's consist of a text string enclosed within a pair of single quotes like this:- 

alert('Hello World'); 

We can also make it display the contents of variables, which is where we will find it most useful. 

alert('Contents of variable xxx is '+xxx) 

Notice we precede the variable we wish to display with a + sign which serves to tell JavaScript to add this value to end of our text string. 

Here is how Alert Box's can help us.. 

Take a look at this script fragment, taken from Level III - JavaScript Challenges.. 

function ValidateUsr ()  
 {  
  var txt=document.entry.user.value  
  var pass=document.entry.password.value  

  if (txt=='pass')  
   {  
    alert('Please complete this form');  
    var xxx=1  
   }  
  if (pass=='txt')  
   {  
    alert('please complete this form');  
    var xxx=1  
   }  
   
   if (xxx==0) 
   {  
    alert('Entry was not successful');  
    var xxx=0  
   }  
  else  
   {  
    AreYouWho(txt, pass)  
   }  
 }  

Running the above script produces no error, however, there is a bug in it that prevents part of this code from ever running. Can you see where this bug is and what causes it?. 

Okay, here we have three alert box's already inserted for us, they are nested inside three IF statements.  No matter how many times you run this script our third alert statement  alert('Entry was not successful'); never gets executed, but the other two alerts do. Therefore, the third IF statement that checks on the status of xxx must somehow be at fault. 

If we haven't already spotted the 'bug' then our next move is to place an alert box in front of our third IF statement because that's where it will be checked to see if variable xxx has been set to 0. 

alert('Value of xxx is '+xxx);    //We add this line 
if (xxx==0) 
   {  
    alert('Entry was not successful');  
    var xxx=0  
   }  
  else  
   {  
    AreYouWho(txt, pass)  
   }  
 }  

Now when we run this script our newly created alert box pops up this error message:- 

Value of xxx is undefined 

Huh?. That can't be right, variable xxx MUST be given a value before the IF statement can check on it's value. If we check within the function we see that variable xxx is indeed defined, but ONLY if we type in one of the two valid passwords, in which case variable xxx will be given the value of 1. However, if the User gets both passwords wrong, and it's more likely they will, then variable xxx will remain undefined and the last IF statement will never be executed because variable xxx is NEVER set to 0!. 

Can you now see how to make this function fully operational?. 

That's correct, we need to declare it and set it's default value to 0 at the beginning of this function. Lets try this now.. 

REVISED ValidateUsr Function. 

function ValidateUsr ()  
 {  
  var txt=document.entry.user.value  
  var pass=document.entry.password.value  
  var xxx =0;                                                  //Declare and set our variable xxx 
                                                                     //with our default value of 0 

  if (txt=='pass')  
   {  
    alert('Please complete this form');  
    var xxx=1  
   }  
  if (pass=='txt')  
   {  
    alert('please complete this form');  
    var xxx=1  
   }  
                                                                       //By the time we get here xxx will 
                                                                       //have a value of 0 or 1, depending 
                                                                       //if the User has found 1 or both 
                                                                       //of the correct passwords. 
   if (xxx==0) 
   {  
    alert('Entry was not successful');  
    var xxx=0  
   }  
  else                                                              //Come here if we have not entered 
   {                                                                  //BOTH correct passwords. 
    AreYouWho(txt, pass)  
   }  
 }  
  
  
  


  
  
The JavaScript Console 

How many of you I wonder, know that within their Netscape Browser lies a JavaScript Console that you can use to test and debug your scripts?. 

When a JavaScript error condition is encountered in the client (for example, on an HTML page or within an email message), a dialog box is displayed describing the error (for example, Line 64: myVariable is not defined). For most users, these errors are incomprehensible, and dismissing the dialog box becomes annoying. Only JavaScript developers, testers, and sophisticated users are likely to be interested in the errors. 

You can force JavaScript errors to be displayed only in the JavaScript console, which is a window that displays all JavaScript error messages. Then, when a JavaScript error occurs, the error message is directed to the JavaScript console and no dialog box appears. Since the console is normally not displayed, there will be no direct indication to the user that a JavaScript error has occurred. If a user or developer wants to view a JavaScript error, they need only to open the console. 

The text of JavaScript error messages appears the same way whether they are displayed in the JavaScript console or in the traditional error dialog box. JavaScript error descriptions are always displayed in English regardless of the locale. 

Opening the JavaScript Console 

To open the JavaScript console, enter the following URL in the location bar, as you would any other URL. 

javascript: 

The following HTML also opens the JavaScript console. 

<A HREF="javascript:">Open JavaScript console</A> 

You cannot open the JavaScript or change any preferences for the JavaScript Console from the browser menu. 

Setting your JavaScript Console Preferences...  

You can set Netscape to always open up your JavaScript Console on any errors it finds rather than just displaying an alert box by editing your prefs.js file. 
 

    1. First, close down Netscape if it's running. 
    2. Go into your <Netscape Direcotory>\Users\<user name> and look for the 
        file prefs.js file. 
    3. Open up this file using NotePad. 
    4. Insert the line: 

    user_pref("javascript.console.open_on_error", true); 

    at the end of this text file then save it.
When a JavaScript error occurs, the console opens automatically and scrolls to the error message. 
 
 
 

 
 
For those of you feeling lost without Softice then maybe this tool will be of some comfort to you. It's Netscape's JavaScript Debugger. You can download this small applet from here. Make sure you read the documentation presented to you before downloading. 

While it's a little fiddly at first to get used to, you will soon find your way around this tool.  

Netscape JavaScript Debugger is installed using the SoftUpdate  mechanism. By default, the debugger files are placed where you  installed Netscape Communicator. For example, assume you installed Communicator for Win95/NT in: 

       c:\program files\netscape\communicator\program 

 In this case, the debugger files would be installed in: 

       c:\program files\netscape\communicator\program\jsdebug 
  
The following files and directories are installed in the jsdebug directory or folder: 
  
      jsdebugger.html <----open this page in Navigator to start the debugger 
      jsdeb11.jar  
      sounds\*.au  
      images\*.gif  
      samples\*.* 
   
For trouble shooting and work arounds visit here.
Final Notes
Original format of this tut by (c) flipper (upg) 12/30/97 All rights reversed. 
way out
 
 
Page  by The Sandman  
Page Created: 12th March 1999