archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/base/win32/fusion/debugexts/dumputils.cpp

335 lines
10 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. #include "windows.h"
  2. #include "sxstypes.h"
  3. #define KDEXT_64BIT
  4. #include "wdbgexts.h"
  5. #include "fusiondbgext.h"
  7. #define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_RELEASE_ON_DEACTIVATION (0x00000001)
  8. #define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_NO_DEACTIVATE (0x00000002)
  9. #define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_ON_FREE_LIST (0x00000004)
  10. #define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_HEAP_ALLOCATED (0x00000008)
  12. BOOL
  13. DumpActivationContextStackFrame(
  14. PCSTR pcsLineHeader,
  15. ULONG64 ulStackFrameAddress,
  16. ULONG ulDepth,
  17. DWORD dwFlags
  18. )
  19. {
  21. ULONG64 ulPreviousPtr = 0;
  22. ULONG64 ulActivationContextPointer = 0;
  23. ULONG ulFrameFlags = 0;
  25. if (!pcsLineHeader) pcsLineHeader = "";
  27. GetFieldValue(ulStackFrameAddress, "nt!_RTL_ACTIVATION_CONTEXT_STACK_FRAME", "Previous", ulPreviousPtr);
  28. GetFieldValue(ulStackFrameAddress, "nt!_RTL_ACTIVATION_CONTEXT_STACK_FRAME", "ActivationContext", ulActivationContextPointer);
  29. GetFieldValue(ulStackFrameAddress, "nt!_RTL_ACTIVATION_CONTEXT_STACK_FRAME", "Flags", ulFrameFlags);
  31. dprintf(
  32. "%sActivation stack frame @ 0x%p (depth %ld):\n"
  33. "%s Previous : 0x%p\n"
  34. "%s ActivationContext : 0x%p\n"
  35. "%s Flags : 0x%08lx ",
  36. pcsLineHeader, ulStackFrameAddress, ulDepth,
  37. pcsLineHeader, ulPreviousPtr,
  38. pcsLineHeader, ulActivationContextPointer,
  39. pcsLineHeader, ulFrameFlags);
  41. if (ulFrameFlags != 0)
  42. {
  43. dprintf("(");
  44. if (ulFrameFlags & RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_RELEASE_ON_DEACTIVATION)
  45. dprintf("ReleaseOnDeactivate ");
  47. if (ulFrameFlags & RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_NO_DEACTIVATE)
  48. dprintf("NoDeactivate ");
  50. if (ulFrameFlags & RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_ON_FREE_LIST)
  51. dprintf("OnFreeList");
  54. if (ulFrameFlags & RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_HEAP_ALLOCATED)
  55. dprintf("HeapAllocated ");
  57. dprintf(")");
  58. }
  59. dprintf ("\n");
  61. return 0;
  63. }
  66. BOOL
  67. DumpActCtxStackFullStack(
  68. ULONG64 ulFirstStackFramePointer
  69. )
  70. {
  71. ULONG ulDepth = 0;
  72. ULONG64 ulStackFramePtr = ulFirstStackFramePointer;
  74. while (ulStackFramePtr)
  75. {
  76. DumpActivationContextStackFrame(" ", ulStackFramePtr, ulDepth++, 0xffff);
  77. GetFieldValue(ulStackFramePtr, "nt!_RTL_ACTIVATION_CONTEXT_STACK_FRAME", "Previous", ulStackFramePtr);
  78. if (CheckControlC() || (ulStackFramePtr == 0))
  79. break;
  80. }
  82. return TRUE;
  83. }
  87. BOOL
  88. DumpActCtxData(
  89. PCSTR LineHeader,
  90. const ULONG64 ActCtxDataAddressInDebugeeSpace,
  91. ULONG ulFlags
  92. )
  93. {
  94. //
  95. // ACTIVATION_CONTEXT_DATA is a self-referential type, so dumping it is
  96. // easy once it's all in memory.
  97. //
  98. ACTIVATION_CONTEXT_DATA ActData;
  99. BYTE *pbActualData = NULL;
  100. BOOL fOk = FALSE;
  101. ULONG cbRead = 0;
  103. if (!LineHeader) LineHeader = "";
  105. if (!ReadMemory(ActCtxDataAddressInDebugeeSpace, &ActData, sizeof(ActData), &cbRead) ||
  106. (cbRead != sizeof(ActData)))
  107. {
  108. dprintf(
  109. "%sFailed reading ACTIVATION_CONTEXT_DATA @ %p , or wrong kind of block is there.\n",
  110. LineHeader,
  111. ActCtxDataAddressInDebugeeSpace);
  112. goto Exit;
  113. }
  115. //
  116. // Let's create a blob of memory that can hold the whole thing, then
  117. //
  118. pbActualData = new BYTE[ActData.TotalSize];
  119. if (!pbActualData)
  120. {
  121. dprintf(
  122. "%sUnable to allocate %d bytes to store activation context data\n",
  123. LineHeader,
  124. ActData.TotalSize);
  125. goto Exit;
  126. }
  128. //
  129. // And re-read from the debugee
  130. //
  131. if (!ReadMemory(ActCtxDataAddressInDebugeeSpace, pbActualData, ActData.TotalSize, &cbRead) ||
  132. (cbRead != ActData.TotalSize))
  133. {
  134. dprintf(
  135. "%sUnable to read in %d bytes from %p as an activation context object?\n",
  136. LineHeader,
  137. ActData.TotalSize,
  138. ActCtxDataAddressInDebugeeSpace);
  139. goto Exit;
  140. }
  142. DbgExtPrintActivationContextData(
  143. (ulFlags & DUMPACTCTXDATA_FLAG_FULL) == DUMPACTCTXDATA_FLAG_FULL,
  144. (PCACTIVATION_CONTEXT_DATA)pbActualData,
  145. L" "
  146. );
  148. fOk = TRUE;
  149. Exit:
  150. if (pbActualData)
  151. delete[] pbActualData;
  153. return fOk;
  155. }
  160. BOOL
  161. DumpActCtx(
  162. const ULONG64 ActCtxAddressInDebugeeSpace,
  163. ULONG ulFlags
  164. )
  165. {
  166. ULONG64 ActCtxAddr = ActCtxAddressInDebugeeSpace;
  167. ULONG64 ulSymbolOffset = 0;
  168. PRIVATE_ACTIVATION_CONTEXT prvContextFilled = { 0 };
  169. CHAR NotificationSymbol[1024] = { 0 };
  170. BOOL fOk = FALSE;
  171. int i = 0;
  173. #define GET_FIELD(a, fn, dst) { GetFieldData((a), "nt!_ACTIVATION_CONTEXT", #fn, sizeof((dst).##fn), (PVOID)&((dst).##fn)); }
  174. GET_FIELD(ActCtxAddr, Flags, prvContextFilled);
  175. GET_FIELD(ActCtxAddr, RefCount, prvContextFilled);
  176. GET_FIELD(ActCtxAddr, ActivationContextData, prvContextFilled);
  177. GET_FIELD(ActCtxAddr, NotificationRoutine, prvContextFilled);
  178. GET_FIELD(ActCtxAddr, NotificationContext, prvContextFilled);
  179. // GET_FIELD(ActCtxAddr, SentNotifications, prvContextFilled);
  180. // GET_FIELD(ActCtxAddr, DisabledNotifications, prvContextFilled);
  181. // GET_FIELD(ActCtxAddr, StorageMap, prvContextFilled);
  182. // GET_FIELD(ActCtxAddr, InlineStorageMapEntries, prvContextFilled);
  183. #undef GET_FIELD
  186. dprintf(
  187. "Activation context structure @ 0x%p\n"
  188. " RefCount %d\n"
  189. " Flags 0x%08x\n"
  190. " ActivationContextData 0x%p\n",
  191. ActCtxAddressInDebugeeSpace,
  192. (LONG)prvContextFilled.RefCount,
  193. (ULONG)prvContextFilled.Flags,
  194. (PVOID)prvContextFilled.ActivationContextData);
  196. if (ulFlags & DUMPACTCTX_DATA)
  197. {
  198. // if (!DumpActCtxData(" ", (ULONG64)prvContextFilled.ActivationContextData, ulFlags))
  199. // goto Exit;
  200. DumpActCtxData(" ", (ULONG64)prvContextFilled.ActivationContextData, ulFlags);
  201. }
  203. //
  204. // This icky gunk is to print out a symbol name properly...
  205. //
  206. dprintf(" NotificationRoutine 0x%p ", prvContextFilled.NotificationRoutine);
  207. GetSymbol((ULONG64)prvContextFilled.NotificationRoutine, NotificationSymbol, &ulSymbolOffset);
  208. if (strlen(NotificationSymbol))
  209. {
  210. dprintf("(%s" , NotificationSymbol);
  211. if (ulSymbolOffset)
  212. dprintf("+0x%p", ulSymbolOffset);
  213. dprintf(")");
  214. }
  215. dprintf("\n");
  218. dprintf(" NotificationContext 0x%p\n", prvContextFilled.NotificationContext);
  220. dprintf(" SentNotifications [");
  221. for (i = 0; i < NUMBER_OF(prvContextFilled.SentNotifications); i++)
  222. {
  223. if (i) dprintf(" ");
  224. dprintf("%d", prvContextFilled.SentNotifications[i]);
  225. }
  226. dprintf("]\n");
  228. dprintf(" DisabledNotifications [");
  229. for (i = 0; i < NUMBER_OF(prvContextFilled.DisabledNotifications); i++)
  230. {
  231. if (i) dprintf(" ");
  232. dprintf("%d", prvContextFilled.DisabledNotifications[i]);
  233. }
  234. dprintf("]\n");
  236. {
  237. ULONG ulStorageMapFlags, ulCount;
  238. ULONG64 ulMapAddress;
  240. GetFieldValue(ActCtxAddressInDebugeeSpace, "_ACTIVATION_CONTEXT", "StorageMap.Flags", ulStorageMapFlags);
  241. GetFieldValue(ActCtxAddressInDebugeeSpace, "_ACTIVATION_CONTEXT", "StorageMap.AssemblyCount", ulCount);
  242. GetFieldValue(ActCtxAddressInDebugeeSpace, "_ACTIVATION_CONTEXT", "StorageMap.AssemblyArray", ulMapAddress);
  243. dprintf(
  244. " StorageMap (Flags = 0x%08lx Count = %d MapArray = %p)\n",
  245. ulStorageMapFlags,
  246. ulCount,
  247. ulMapAddress);
  248. }
  250. fOk = TRUE;
  252. return fOk;
  253. }
  256. BOOL
  257. GetActiveActivationContextData(
  258. PULONG64 pulActiveActCtx
  259. )
  260. {
  261. ULONG64 ulTebAddress = 0, ulPebAddress = 0;
  262. ULONG64 ulTebActiveFrameAddress = 0;
  263. //
  264. // The algorithm is like this:
  265. // - Look at Teb.ActivationContextStack.ActiveFrame.ActivationContext. If this is
  266. // nonzero, stop looking.
  267. // - Now look at the process default activation context in Peb.ActivationContextData.
  268. // If this is nonzero, stop looking.
  269. // - Look at the system default act ctx data, in Peb.SystemDefaultActivationContextData
  270. // If this is nonzero, stop looking.
  271. // - Didn't find any active activation context data? Fooey.
  272. //
  274. *pulActiveActCtx = 0;
  276. GetTebAddress(&ulTebAddress);
  277. GetPebAddress(0, &ulPebAddress);
  279. if (ulTebAddress != NULL)
  280. {
  281. // Look at the active stack frame in the teb
  282. GetFieldValue(ulTebAddress, "nt!TEB", "ActivationContextStack.ActiveFrame", ulTebActiveFrameAddress);
  283. if (ulTebActiveFrameAddress)
  284. {
  285. ULONG64 ulActivationContextFrame;
  287. // Get the pointer to the active activation context itself
  288. GetFieldValue(
  289. ulTebActiveFrameAddress,
  290. "ntdll!_RTL_ACTIVATION_CONTEXT_STACK_FRAME",
  291. "ActivationContext",
  292. ulActivationContextFrame);
  293. // If that was valid, then ask for the pointer to the activation context data
  294. if (ulActivationContextFrame)
  295. {
  296. GetFieldValue(
  297. ulActivationContextFrame,
  298. "ntdll!ACTIVATION_CONTEXT",
  299. "ActivationContextData",
  300. *pulActiveActCtx);
  301. return TRUE;
  302. }
  303. // Is this really requesting the process default?
  304. else if (ulActivationContextFrame == NULL)
  305. {
  306. // Then get it and return
  307. GetFieldValue(ulPebAddress, "nt!PEB", "ActivationContextData", *pulActiveActCtx);
  308. return TRUE;
  309. }
  310. }
  311. }
  313. //
  314. // Still nothing, so go look at the process default directly
  315. //
  316. {
  317. ULONG ActCtxDataOffset;
  318. ULONG64 PebData;
  320. GetFieldOffset("nt!_PEB", "ActivationContextData", &ActCtxDataOffset);
  321. if ((ReadPtr(ulPebAddress + ActCtxDataOffset, &PebData) == 0) && PebData)
  322. {
  323. *pulActiveActCtx = PebData;
  324. return TRUE;
  325. }
  326. }
  328. //
  329. // Otherwise...
  330. //
  331. GetFieldValue(ulPebAddress, "nt!PEB", "SystemDefaultActivationContextData", *pulActiveActCtx);
  332. return (*pulActiveActCtx ? TRUE : FALSE);
  334. }