archive
/
windows-nt-4.0
mirror of https://github.com/lianthony/NT4.0
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Windows NT 4.0 source code leak
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
184 MiB
Tree: b4a8d373d8
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b4a8d373d8'
${ noResults }
windows-nt-4.0/private/mvdm/bde/bdeutil.c

614 lines
14 KiB
Raw Normal View History

initial commit
4 years ago
  1. #include <precomp.h>
  2. #pragma hdrstop
  4. BOOL
  5. WINAPI
  6. ReadProcessMem(
  7. HANDLE hProcess,
  8. LPVOID lpBaseAddress,
  9. LPVOID lpBuffer,
  10. DWORD nSize,
  11. LPDWORD lpNumberOfBytesRead
  12. )
  13. {
  14. if ( fWinDbg ) {
  15. return (*ReadProcessMemWinDbg)( (DWORD)lpBaseAddress, lpBuffer, nSize, lpNumberOfBytesRead );
  16. } else {
  17. return ReadProcessMemory( hProcess, lpBaseAddress, lpBuffer, nSize, lpNumberOfBytesRead );
  18. }
  19. }
  21. BOOL
  22. WINAPI
  23. WriteProcessMem(
  24. HANDLE hProcess,
  25. LPVOID lpBaseAddress,
  26. LPVOID lpBuffer,
  27. DWORD nSize,
  28. LPDWORD lpNumberOfBytesWritten
  29. )
  30. {
  31. if ( fWinDbg ) {
  32. return (*WriteProcessMemWinDbg)( (DWORD)lpBaseAddress, lpBuffer, nSize, lpNumberOfBytesWritten );
  33. } else {
  34. return WriteProcessMemory( hProcess, lpBaseAddress, lpBuffer, nSize, lpNumberOfBytesWritten );
  35. }
  37. }
  39. #ifndef i386
  41. ULONG
  42. GetRegValue(
  43. NT_CPU_REG reg,
  44. BOOL bInNano,
  45. ULONG UMask
  46. )
  48. {
  49. if (bInNano) {
  51. return(ReadDword(reg.nano_reg));
  53. } else if (UMask & reg.universe_8bit_mask) {
  55. return (ReadDword(reg.saved_reg) & 0xFFFFFF00 |
  56. ReadDword(reg.reg) & 0xFF);
  58. } else if (UMask & reg.universe_16bit_mask) {
  60. return (ReadDword(reg.saved_reg) & 0xFFFF0000 |
  61. ReadDword(reg.reg) & 0xFFFF);
  63. } else {
  65. return (ReadDword(reg.reg));
  67. }
  68. }
  70. ULONG
  71. GetEspValue(
  72. NT_CPU_INFO nt_cpu_info,
  73. BOOL bInNano
  74. )
  76. {
  77. if (bInNano) {
  79. return (ReadDword(nt_cpu_info.nano_esp));
  81. } else {
  83. if (ReadDword(nt_cpu_info.stack_is_big)) {
  85. return (ReadDword(nt_cpu_info.host_sp) -
  86. ReadDword(nt_cpu_info.ss_base));
  88. } else {
  90. return (ReadDword(nt_cpu_info.esp_sanctuary) & 0xFFFF0000 |
  91. (ReadDword(nt_cpu_info.host_sp) -
  92. ReadDword(nt_cpu_info.ss_base) & 0xFFFF));
  94. }
  96. }
  98. }
  100. #endif
  102. int
  103. GetContext(
  104. VDMCONTEXT* lpContext
  105. ) {
  106. #ifndef i386 //
  107. int mode;
  108. ULONG pTmp;
  109. NT_CPU_INFO nt_cpu_info;
  110. BOOL b;
  111. BOOL bInNano;
  112. ULONG UMask;
  114. pTmp = (ULONG)EXPRESSION("ntvdm!nt_cpu_info");
  116. if ( pTmp ) {
  117. b = ReadProcessMem( hCurrentProcess,
  118. (LPVOID) pTmp,
  119. (LPVOID) &nt_cpu_info,
  120. sizeof(NT_CPU_INFO),
  121. NULL );
  122. if ( !b ) {
  123. PRINTF("Could not read IntelRegisters context out of process\n");
  124. return( -1 );
  125. }
  127. bInNano = ReadDword((ULONG) nt_cpu_info.in_nano_cpu);
  128. UMask = ReadDword((ULONG) nt_cpu_info.universe);
  130. lpContext->Eax = GetRegValue(nt_cpu_info.eax, bInNano, UMask);
  131. lpContext->Ecx = GetRegValue(nt_cpu_info.ecx, bInNano, UMask);
  132. lpContext->Edx = GetRegValue(nt_cpu_info.edx, bInNano, UMask);
  133. lpContext->Ebx = GetRegValue(nt_cpu_info.ebx, bInNano, UMask);
  134. lpContext->Ebp = GetRegValue(nt_cpu_info.ebp, bInNano, UMask);
  135. lpContext->Esi = GetRegValue(nt_cpu_info.esi, bInNano, UMask);
  136. lpContext->Edi = GetRegValue(nt_cpu_info.edi, bInNano, UMask);
  138. lpContext->Esp = GetEspValue(nt_cpu_info, bInNano);
  139. lpContext->EFlags = ReadDword(nt_cpu_info.flags);
  140. lpContext->Eip = ReadDword(nt_cpu_info.eip);
  142. lpContext->SegEs = ReadWord(nt_cpu_info.es);
  143. lpContext->SegCs = ReadWord(nt_cpu_info.cs);
  144. lpContext->SegSs = ReadWord(nt_cpu_info.ss);
  145. lpContext->SegDs = ReadWord(nt_cpu_info.ds);
  146. lpContext->SegFs = ReadWord(nt_cpu_info.fs);
  147. lpContext->SegGs = ReadWord(nt_cpu_info.gs);
  150. } else {
  152. PRINTF("Could not find the symbol 'ntvdm!nt_cpu_info'\n");
  153. return( -1 );
  154. }
  156. if ( !(ReadDword(nt_cpu_info.cr0) & 1) ) {
  157. mode = V86_MODE;
  158. } else {
  159. mode = PROT_MODE;
  160. }
  161. return( mode );
  163. #else //
  165. NTSTATUS rc;
  166. BOOL b;
  167. ULONG EFlags;
  168. WORD cs;
  169. int mode;
  170. ULONG lpVdmTib;
  172. lpContext->ContextFlags = CONTEXT_FULL;
  173. rc = NtGetContextThread( hCurrentThread,
  174. lpContext );
  175. if ( NT_ERROR(rc) ) {
  176. PRINTF( "bde.k: Could not get current threads context - status = %08lX\n", rc );
  177. return( -1 );
  178. }
  179. /*
  180. ** Get the 16-bit registers from the context
  181. */
  182. cs = (WORD)lpContext->SegCs;
  183. EFlags = lpContext->EFlags;
  185. if ( EFlags & V86_BITS ) {
  186. /*
  187. ** V86 Mode
  188. */
  189. mode = V86_MODE;
  190. } else {
  191. if ( (cs & RPL_MASK) != KGDT_R3_CODE ) {
  192. mode = PROT_MODE;
  193. } else {
  194. /*
  195. ** We are in flat 32-bit address space!
  196. */
  197. lpVdmTib = (ULONG)EXPRESSION("ntvdm!VdmTib");
  198. if ( !lpVdmTib ) {
  199. PRINTF("Could not find the symbol 'VdmTib'\n");
  200. return( -1 );
  201. }
  202. b = ReadProcessMem( hCurrentProcess,
  203. (LPVOID) (lpVdmTib +
  204. FIELD_OFFSET(VDM_TIB,VdmContext)),
  205. lpContext,
  206. sizeof(VDMCONTEXT),
  207. NULL );
  208. if ( !b ) {
  209. PRINTF("Could not read IntelRegisters context out of process\n");
  210. return( -1 );
  211. }
  212. EFlags = lpContext->EFlags;
  213. if ( EFlags & V86_BITS ) {
  214. mode = V86_MODE;
  215. } else {
  216. mode = PROT_MODE;
  217. }
  218. }
  219. }
  221. return( mode );
  222. #endif
  223. }
  225. ULONG
  226. GetIntelBase(
  227. VOID
  228. )
  229. {
  230. #ifndef i386
  231. ULONG IntelBase;
  232. BOOL b;
  234. IntelBase = (ULONG)EXPRESSION("ntvdm!Start_of_M_area");
  235. if ( IntelBase ) {
  236. b = ReadProcessMem( hCurrentProcess,
  237. (LPVOID) IntelBase, &IntelBase,
  238. sizeof(ULONG), NULL );
  239. if ( !b ) {
  240. PRINTF("Could not read symbol 'ntvdm!Start_of_M_area\n");
  241. return(0);
  242. }
  244. } else {
  245. PRINTF("Could not find the symbol 'ntvdm!Start_of_M_area'\n");
  246. }
  248. return(IntelBase);
  249. #else
  250. return(0);
  251. #endif
  252. }
  254. DWORD read_dword(
  255. ULONG lpAddress,
  256. BOOL bSafe
  257. ) {
  258. BOOL b;
  259. DWORD dword;
  261. b = ReadProcessMem(
  262. hCurrentProcess,
  263. (LPVOID)lpAddress,
  264. &dword,
  265. sizeof(dword),
  266. NULL
  267. );
  268. if ( !b ) {
  269. if ( !bSafe ) {
  270. PRINTF("Failure reading dword at memory location %08lX\n", lpAddress );
  271. }
  272. return( 0 );
  273. }
  274. return( dword );
  275. }
  277. WORD read_word(
  278. ULONG lpAddress,
  279. BOOL bSafe
  280. ) {
  281. BOOL b;
  282. WORD word;
  284. b = ReadProcessMem(
  285. hCurrentProcess,
  286. (LPVOID)lpAddress,
  287. &word,
  288. sizeof(word),
  289. NULL
  290. );
  291. if ( !b ) {
  292. if ( !bSafe ) {
  293. PRINTF("Failure reading word at memory location %08lX\n", lpAddress );
  294. }
  295. return( 0 );
  296. }
  297. return( word );
  298. }
  300. BYTE read_byte(
  301. ULONG lpAddress,
  302. BOOL bSafe
  303. ) {
  304. BOOL b;
  305. BYTE byte;
  307. b = ReadProcessMem(
  308. hCurrentProcess,
  309. (LPVOID)lpAddress,
  310. &byte,
  311. sizeof(byte),
  312. NULL
  313. );
  314. if ( !b ) {
  315. if ( !bSafe ) {
  316. PRINTF("Failure reading byte at memory location %08lX\n", lpAddress );
  317. }
  318. return( 0 );
  319. }
  320. return( byte );
  321. }
  323. BOOL read_gnode(
  324. ULONG lpAddress,
  325. PGNODE p,
  326. BOOL bSafe
  327. ) {
  328. BOOL b;
  330. b = ReadProcessMem(
  331. hCurrentProcess,
  332. (LPVOID)lpAddress,
  333. p,
  334. sizeof(*p),
  335. NULL
  336. );
  337. if ( !b ) {
  338. if ( !bSafe ) {
  339. PRINTF("Failure reading word at memory location %08lX\n", lpAddress );
  340. }
  341. return( 0 );
  342. }
  343. return( TRUE );
  344. }
  346. BOOL read_gnode32(
  347. ULONG lpAddress,
  348. PGNODE32 p,
  349. BOOL bSafe
  350. ) {
  351. BOOL b;
  353. b = ReadProcessMem(
  354. hCurrentProcess,
  355. (LPVOID)lpAddress,
  356. p,
  357. sizeof(*p),
  358. NULL
  359. );
  360. if ( !b ) {
  361. if ( !bSafe ) {
  362. PRINTF("Failure reading word at memory location %08lX\n", lpAddress );
  363. }
  364. return( 0 );
  365. }
  366. return( TRUE );
  367. }
  370. BOOL GetDescriptorData(
  371. WORD selector,
  372. LPVDMLDT_ENTRY pdte
  373. )
  374. {
  375. #ifdef i386
  376. NTSTATUS rc;
  377. DESCRIPTOR_TABLE_ENTRY dte;
  378. dte.Selector = selector;
  379. rc = NtQueryInformationThread( hCurrentThread,
  380. ThreadDescriptorTableEntry,
  381. &dte,
  382. sizeof(DESCRIPTOR_TABLE_ENTRY),
  383. NULL );
  384. if ( NT_ERROR(rc) ) {
  385. return( FALSE );
  386. }
  387. pdte->HighWord = dte.Descriptor.HighWord;
  388. pdte->BaseLow = dte.Descriptor.BaseLow;
  389. pdte->LimitLow = dte.Descriptor.LimitLow;
  390. return (TRUE);
  391. #else
  392. PVOID LdtAddress;
  393. NTSTATUS Status;
  394. ULONG BytesRead;
  395. selector &= ~(SELECTOR_LDT | SELECTOR_RPL);
  397. //
  398. // Get address of Ldt
  399. //
  401. LdtAddress = (PVOID)EXPRESSION("ntvdm!Ldt");
  403. Status = ReadProcessMem(
  404. hCurrentProcess,
  405. LdtAddress,
  406. &LdtAddress,
  407. sizeof(ULONG),
  408. &BytesRead
  409. );
  411. if ((!Status) || (BytesRead != sizeof(ULONG))) {
  412. return FALSE;
  413. }
  415. (PUCHAR)LdtAddress += selector;
  417. Status = ReadProcessMem(
  418. hCurrentProcess,
  419. LdtAddress,
  420. pdte,
  421. sizeof(VDMLDT_ENTRY),
  422. &BytesRead
  423. );
  424. return TRUE;
  425. #endif
  426. }
  428. ULONG GetInfoFromSelector(
  429. WORD selector,
  430. int mode,
  431. SELECTORINFO *si
  432. ) {
  434. ULONG base;
  435. ULONG type;
  436. #ifdef i386
  437. BYTE byte;
  438. BOOL b;
  439. #endif
  440. VDMLDT_ENTRY dte;
  442. switch( mode ) {
  443. case V86_MODE:
  444. base = (ULONG)selector << 4;
  445. if ( si ) {
  446. si->Limit = 0xFFFFL;
  447. si->bCode = FALSE;
  448. }
  449. break;
  450. case PROT_MODE:
  452. #ifdef i386
  453. if ( (selector & 0xFF78) < KGDT_LDT ) {
  454. return( (ULONG)-1 );
  455. }
  456. #endif
  458. if ( !GetDescriptorData(selector, &dte) ) {
  459. return( (ULONG)-1 );
  460. }
  462. base = ((ULONG)dte.HighWord.Bytes.BaseHi << 24)
  463. + ((ULONG)dte.HighWord.Bytes.BaseMid << 16)
  464. + ((ULONG)dte.BaseLow);
  466. if ( si ) {
  467. si->Limit = (ULONG)dte.LimitLow
  468. + ((ULONG)dte.HighWord.Bits.LimitHi << 16);
  470. if ( dte.HighWord.Bits.Granularity ) {
  471. si->Limit <<= 12;
  472. si->Limit += 0xFFF;
  473. }
  474. si->Base = base;
  476. type = dte.HighWord.Bits.Type;
  478. si->bSystem = !(BOOL) (type & 0x10);
  480. if (!si->bSystem) {
  481. si->bCode = (BOOL) (type & 8);
  482. }
  483. si->bAccessed = (BOOL) (type & 1);
  484. si->bWrite = (BOOL) (type & 2);
  485. if (si->bCode) {
  486. si->bWrite = !si->bWrite;
  488. }
  489. si->bPresent = (BOOL) dte.HighWord.Bits.Pres;
  490. si->bBig = (BOOL) dte.HighWord.Bits.Default_Big;
  492. }
  494. if ( base == 0 ) {
  495. return( (ULONG)-1 );
  496. }
  498. #ifdef i386
  499. b = ReadProcessMem(
  500. hCurrentProcess,
  501. (LPVOID)base,
  502. &byte,
  503. sizeof(byte),
  504. NULL
  505. );
  506. if ( !b ) {
  507. return( (ULONG)-1 );
  508. }
  509. #endif
  510. break;
  512. case FLAT_MODE:
  513. PRINTF("Unsupported determination of base address in flat mode\n");
  514. base = 0;
  515. break;
  516. }
  518. return( base );
  519. }
  522. //****************************************************************************
  523. //
  524. // Command line parsing routines
  525. //
  526. //****************************************************************************
  527. BOOL
  528. SkipToNextWhiteSpace(
  529. VOID
  530. )
  531. {
  532. char ch;
  533. while ( (ch = *lpArgumentString) != '\0' ) {
  534. if ( ch == ' ' || ch == '\t' || ch == '\r' || ch == '\n' ) {
  535. return TRUE;
  536. }
  537. lpArgumentString++;
  538. }
  539. return FALSE;
  540. }
  543. BOOL
  544. GetNextToken(
  545. VOID
  546. )
  547. {
  548. char ch;
  550. while ( (ch = *lpArgumentString) != '\0' ) {
  551. if ( ch != ' ' && ch != '\t' && ch != '\r' && ch != '\n' ) {
  552. return TRUE;
  553. }
  554. lpArgumentString++;
  555. }
  556. return FALSE;
  557. }
  560. BOOL
  561. ParseIntelAddress(
  562. int *pMode,
  563. WORD *pSelector,
  564. PULONG pOffset
  565. )
  567. {
  568. char sel_text[128], off_text[128];
  569. char *colon;
  570. char *mode_prefix;
  572. colon = strchr( lpArgumentString, ':' );
  573. if ( colon == NULL ) {
  574. PRINTF("Please specify an address in the form 'seg:offset'\n");
  575. return FALSE;
  576. }
  578. mode_prefix = strchr( lpArgumentString, '&' );
  579. if ( mode_prefix == NULL ) {
  581. mode_prefix = strchr( lpArgumentString, '#' );
  582. if ( mode_prefix != NULL ) {
  584. if ( mode_prefix != lpArgumentString ) {
  585. PRINTF("Address must have '&' symbol as the first character\n");
  586. return FALSE;
  587. }
  589. *pMode = PROT_MODE;
  590. lpArgumentString = mode_prefix+1;
  591. }
  593. } else {
  595. if ( mode_prefix != lpArgumentString ) {
  596. PRINTF("Address must have '#' symbol as the first character\n");
  597. return FALSE;
  598. }
  599. *pMode = V86_MODE;
  600. lpArgumentString = mode_prefix+1;
  602. }
  604. *colon = '\0';
  605. strcpy( sel_text, lpArgumentString );
  606. *colon = ':';
  607. strcpy( off_text, colon+1 );
  608. *pSelector = (WORD) EXPRESSION( sel_text );
  609. *pOffset = (ULONG) EXPRESSION( off_text );
  611. SkipToNextWhiteSpace();
  613. return TRUE;
  614. }