archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
4.9 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/sdktools/debuggers/exts/extsdll/peb.c

540 lines
18 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1992 Microsoft Corporation
  5. Module Name:
  7. peb.c
  9. Abstract:
  11. WinDbg Extension Api
  13. Author:
  15. Ramon J San Andres (ramonsa) 5-Nov-1993
  17. Environment:
  19. User Mode.
  21. Revision History:
  23. --*/
  25. #include "precomp.h"
  26. #pragma hdrstop
  27. #include <time.h>
  29. BOOL
  30. GetTeb32FromWowTeb(ULONG64 Teb, PULONG64 pTeb32)
  31. {
  32. if (pTeb32) {
  33. return ReadPointer(Teb, pTeb32);
  34. }
  35. return FALSE;
  36. }
  38. BOOL
  39. GetPeb32FromWowTeb(ULONG64 Teb, PULONG64 pPeb32)
  40. {
  41. ULONG Peb32;
  42. ULONG64 Teb32=0;
  43. ULONG err;
  45. if (GetTeb32FromWowTeb(Teb, &Teb32) && Teb32) {
  46. if (!(err =GetFieldValue(Teb32, "nt!TEB32", "ProcessEnvironmentBlock", Peb32))) {
  47. *pPeb32 = Peb32;
  48. return TRUE;
  49. } else if (err == SYMBOL_TYPE_INFO_NOT_FOUND) {
  50. if (!(err =GetFieldValue(Teb32, "wow64!TEB32", "ProcessEnvironmentBlock", Peb32))) {
  51. *pPeb32 = Peb32;
  52. return TRUE;
  53. }
  54. }
  55. }
  56. return FALSE;
  57. }
  59. HRESULT
  60. DumpPeb(ULONG64 peb, BOOL IsWow64Peb)
  61. {
  62. ULONG64 ldr;
  63. ULONG64 err;
  64. ULONG64 ldr_Initialized;
  65. ULONG64 ldr_InInitializationOrderModuleList_Flink;
  66. ULONG64 ldr_InInitializationOrderModuleList_Blink;
  67. ULONG64 ldr_InLoadOrderModuleList_Flink;
  68. ULONG64 ldr_InLoadOrderModuleList_Blink;
  69. ULONG ldr_InMemoryOrderModuleList_Offset;
  70. ULONG64 ldr_InMemoryOrderModuleList_Flink;
  71. ULONG64 ldr_InMemoryOrderModuleList_Blink;
  72. ULONG ldr_DataTableEntry_InMemoryOrderLinks_Offset;
  73. ULONG64 peb_SubSystemData;
  74. ULONG64 peb_ProcessHeap;
  75. ULONG64 peb_ProcessParameters;
  76. PCHAR ldrdata = "nt!_PEB_LDR_DATA";
  77. PCHAR ldrEntry = "nt!_LDR_DATA_TABLE_ENTRY";
  78. PCHAR processparam = "nt!_RTL_USER_PROCESS_PARAMETERS";
  79. HRESULT hr = S_OK;
  81. if (IsWow64Peb) {
  82. // try and load types from nt
  83. if ( err = InitTypeRead( peb, nt!PEB32 ) ) {
  84. if (err == SYMBOL_TYPE_INFO_NOT_FOUND) {
  85. // try load types from wow64
  86. if ( !( err = InitTypeRead( peb, wow64!PEB32 )) ) {
  87. ldrdata = "wow64!_PEB_LDR_DATA32";
  88. ldrEntry = "wow64!_LDR_DATA_TABLE_ENTRY32";
  89. processparam = "wow64!_RTL_USER_PROCESS_PARAMETERS32";
  90. } else {
  91. dprintf( "error %d InitTypeRead( wow64!PEB32 at %p)...\n", (ULONG) err, peb);
  92. return E_INVALIDARG;
  93. }
  94. } else {
  95. dprintf( "error %d InitTypeRead( nt!PEB32 at %p)...\n", (ULONG) err, peb);
  96. return E_INVALIDARG;
  97. }
  98. } else {
  99. ldrdata = "nt!_PEB_LDR_DATA32";
  100. ldrEntry = "nt!_LDR_DATA_TABLE_ENTRY32";
  101. processparam = "nt!_RTL_USER_PROCESS_PARAMETERS32";
  102. }
  103. } else {
  104. if ( err = InitTypeRead( peb, nt!_PEB ) ) {
  105. dprintf( "error %d InitTypeRead( nt!_PEB at %p)...\n", (ULONG) err, peb);
  106. return E_INVALIDARG;
  107. }
  108. }
  110. dprintf(
  111. " InheritedAddressSpace: %s\n"
  112. " ReadImageFileExecOptions: %s\n"
  113. " BeingDebugged: %s\n"
  114. " ImageBaseAddress: %p\n"
  115. " Ldr %p\n",
  116. ReadField( InheritedAddressSpace ) ? "Yes" : "No",
  117. ReadField( ReadImageFileExecOptions ) ? "Yes" : "No",
  118. ReadField( BeingDebugged ) ? "Yes" : "No",
  119. ReadField( ImageBaseAddress ),
  120. (ldr = ReadField( Ldr ))
  121. );
  123. peb_SubSystemData = ReadField( SubSystemData );
  124. peb_ProcessHeap = ReadField( ProcessHeap );
  125. peb_ProcessParameters = ReadField( ProcessParameters );
  127. err = GetFieldOffset( ldrdata,
  128. "InMemoryOrderModuleList",
  129. &ldr_InMemoryOrderModuleList_Offset
  130. );
  131. if ( err ) {
  132. dprintf( " *** _PEB_LDR_DATA%s was not found...\n",
  133. ( err == FIELDS_DID_NOT_MATCH ) ? ".InMemoryModuleList field" :
  134. " type"
  135. );
  136. }
  137. else {
  138. err = GetFieldOffset( ldrEntry,
  139. "InMemoryOrderLinks",
  140. &ldr_DataTableEntry_InMemoryOrderLinks_Offset
  141. );
  142. if (err ) {
  143. dprintf( " *** _LDR_DATA_TABLE_ENTRY%s was not found...\n",
  144. ( err == FIELDS_DID_NOT_MATCH ) ? ".InMemoryOrderLinks field" :
  145. " type"
  146. );
  147. }
  148. }
  150. if ( err || GetFieldValue( ldr, ldrdata, "Initialized", ldr_Initialized ) ) {
  151. dprintf( " *** unable to read Ldr table at %p\n", ldr );
  152. }
  153. else {
  154. ULONG64 next, head;
  155. BOOL First = TRUE;
  157. GetFieldValue( ldr, ldrdata, "InInitializationOrderModuleList.Flink", ldr_InInitializationOrderModuleList_Flink );
  158. GetFieldValue( ldr, ldrdata, "InInitializationOrderModuleList.Blink", ldr_InInitializationOrderModuleList_Blink );
  159. GetFieldValue( ldr, ldrdata, "InLoadOrderModuleList.Flink", ldr_InLoadOrderModuleList_Flink );
  160. GetFieldValue( ldr, ldrdata, "InLoadOrderModuleList.Blink", ldr_InLoadOrderModuleList_Blink );
  161. GetFieldValue( ldr, ldrdata, "InMemoryOrderModuleList.Flink", ldr_InMemoryOrderModuleList_Flink );
  162. GetFieldValue( ldr, ldrdata, "InMemoryOrderModuleList.Blink", ldr_InMemoryOrderModuleList_Blink );
  164. dprintf(
  165. " Ldr.Initialized: %s\n"
  166. " Ldr.InInitializationOrderModuleList: %p . %p\n"
  167. " Ldr.InLoadOrderModuleList: %p . %p\n"
  168. " Ldr.InMemoryOrderModuleList: %p . %p\n",
  169. ldr_Initialized ? "Yes" : "No",
  170. ldr_InInitializationOrderModuleList_Flink,
  171. ldr_InInitializationOrderModuleList_Blink,
  172. ldr_InLoadOrderModuleList_Flink,
  173. ldr_InLoadOrderModuleList_Blink,
  174. ldr_InMemoryOrderModuleList_Flink,
  175. ldr_InMemoryOrderModuleList_Blink
  176. );
  177. head = ldr + (ULONG64)ldr_InMemoryOrderModuleList_Offset;
  178. next = ldr_InMemoryOrderModuleList_Flink;
  179. while( next != head ) {
  180. ULONG64 entry, dllBase;
  181. UNICODE_STRING64 u;
  182. time_t Timestamp=0;
  183. const char *time;
  185. entry = next - ldr_DataTableEntry_InMemoryOrderLinks_Offset;
  186. if (GetFieldValue( entry, ldrEntry, "DllBase", dllBase )) {
  187. dprintf("Cannot read %s at %p\n",ldrEntry, entry);
  188. break;
  189. }
  190. GetFieldValue( entry, ldrEntry, "TimeDateStamp", Timestamp );
  191. GetFieldValue( entry, ldrEntry, "FullDllName.Buffer", u.Buffer );
  192. GetFieldValue( entry, ldrEntry, "FullDllName.Length", u.Length );
  193. GetFieldValue( entry, ldrEntry, "FullDllName.MaximumLength", u.MaximumLength );
  194. if (First) {
  195. if (IsPtr64()) {
  196. dprintf(" Base TimeStamp / Module\n");
  197. } else {
  198. dprintf(" Base TimeStamp Module\n");
  199. }
  200. First = FALSE;
  201. }
  202. if (IsPtr64()) {
  203. dprintf(" ");
  204. }
  205. dprintf( "%16p ", dllBase );
  206. if ((time = ctime((time_t *) &Timestamp)) != NULL) {
  207. dprintf( "%08x %-20.20s ", Timestamp, time+4);
  208. }
  209. if ( u.Buffer ) {
  210. if (IsPtr64()) {
  211. dprintf("\n ");
  212. }
  213. DumpUnicode64( u );
  214. }
  215. dprintf( "\n");
  216. GetFieldValue( entry, ldrEntry, "InMemoryOrderLinks.Flink", next );
  218. if (CheckControlC()) {
  219. break;
  220. }
  221. }
  222. }
  224. dprintf(
  225. " SubSystemData: %p\n"
  226. " ProcessHeap: %p\n"
  227. " ProcessParameters: %p\n",
  228. peb_SubSystemData,
  229. peb_ProcessHeap,
  230. peb_ProcessParameters
  231. );
  232. if ( peb_ProcessParameters ) {
  233. ULONG64 peb_ProcessParameters_Environment;
  234. ULONG64 peb_ProcessParameters_Flags;
  235. UNICODE_STRING64 windowTitle;
  236. UNICODE_STRING64 imagePathName;
  237. UNICODE_STRING64 commandLine;
  238. UNICODE_STRING64 dllPath;
  240. GetFieldValue( peb_ProcessParameters, processparam, "Environment", peb_ProcessParameters_Environment );
  241. GetFieldValue( peb_ProcessParameters, processparam, "Flags", peb_ProcessParameters_Flags );
  242. GetFieldValue( peb_ProcessParameters, processparam, "WindowTitle.Buffer", windowTitle.Buffer );
  243. GetFieldValue( peb_ProcessParameters, processparam, "WindowTitle.Length", windowTitle.Length );
  244. GetFieldValue( peb_ProcessParameters, processparam, "WindowTitle.MaximumLength", windowTitle.MaximumLength );
  245. GetFieldValue( peb_ProcessParameters, processparam, "ImagePathName.Buffer", imagePathName.Buffer );
  246. GetFieldValue( peb_ProcessParameters, processparam, "ImagePathName.Length", imagePathName.Length );
  247. GetFieldValue( peb_ProcessParameters, processparam, "ImagePathName.MaximumLength", imagePathName.MaximumLength );
  248. GetFieldValue( peb_ProcessParameters, processparam, "CommandLine.Buffer", commandLine.Buffer );
  249. GetFieldValue( peb_ProcessParameters, processparam, "CommandLine.Length", commandLine.Length );
  250. GetFieldValue( peb_ProcessParameters, processparam, "CommandLine.MaximumLength", commandLine.MaximumLength );
  251. GetFieldValue( peb_ProcessParameters, processparam, "DllPath.Buffer", dllPath.Buffer );
  252. GetFieldValue( peb_ProcessParameters, processparam, "DllPath.Length", dllPath.Length );
  253. GetFieldValue( peb_ProcessParameters, processparam, "DllPath.MaximumLength", dllPath.MaximumLength );
  254. if ( !(peb_ProcessParameters_Flags & RTL_USER_PROC_PARAMS_NORMALIZED) ) {
  255. windowTitle.Buffer += peb_ProcessParameters;
  256. imagePathName.Buffer += peb_ProcessParameters;
  257. commandLine.Buffer += peb_ProcessParameters;
  258. dllPath.Buffer += peb_ProcessParameters;
  259. }
  260. dprintf(
  261. " WindowTitle: '" );
  262. DumpUnicode64( windowTitle );
  263. dprintf("'\n");
  264. dprintf(
  265. " ImageFile: '" );
  266. DumpUnicode64( imagePathName );
  267. dprintf("'\n");
  268. dprintf(
  269. " CommandLine: '" );
  270. DumpUnicode64( commandLine );
  271. dprintf("'\n");
  272. dprintf(
  273. " DllPath: '" );
  274. DumpUnicode64( dllPath );
  275. dprintf("'\n"
  276. " Environment: %p\n", peb_ProcessParameters_Environment );
  278. {
  279. WCHAR EnvBuf[0x4000];
  280. WCHAR *Env = EnvBuf;
  281. ULONG cb;
  283. if (ReadMemory(peb_ProcessParameters_Environment, Env,
  284. sizeof(EnvBuf)-4, &cb))
  285. {
  286. EnvBuf[cb /2] = 0;
  287. EnvBuf[(cb /2)+ 1] = 0;
  289. //
  290. // Go until we reach a double NULL unicode
  291. //
  293. while(*(Env+1) != 0)
  294. {
  295. dprintf(" %ws\n", Env);
  296. while(*Env++ != 0);
  297. }
  299. if ((PUCHAR) Env >= (PUCHAR)EnvBuf + (sizeof(EnvBuf)-4))
  300. {
  301. dprintf("\n use 'db %p' to see remaining "
  302. "environment variables\n",
  303. peb_ProcessParameters_Environment + sizeof(EnvBuf));
  304. }
  305. }
  306. }
  307. }
  308. else {
  309. dprintf( " *** unable to read process parameters\n" );
  311. }
  312. return S_OK;
  313. }
  315. DECLARE_API( peb )
  317. /*++
  319. Routine Description:
  321. This function is called to dump the PEB
  323. Called as:
  325. !peb
  327. Arguments:
  329. None
  331. Return Value:
  333. None
  335. --*/
  337. {
  338. ULONG64 pebAddress;
  339. ULONG64 peb;
  340. HRESULT hr = S_OK;
  342. INIT_API();
  343. if ( *args ) {
  344. pebAddress = GetExpression( args );
  345. } else {
  346. ULONG64 tebAddress;
  347. tebAddress = GetExpression("@$teb");
  348. if (TargetMachine == IMAGE_FILE_MACHINE_IA64 && tebAddress) {
  349. ULONG64 Peb32=0;
  350. if (GetPeb32FromWowTeb(tebAddress, &Peb32) && Peb32) {
  351. dprintf("Wow64 PEB32 at %lx\n", Peb32);
  352. DumpPeb(Peb32, TRUE);
  353. dprintf("\n\nWow64 ");
  354. }
  355. }
  357. pebAddress = GetExpression("@$peb");
  358. //GetPebAddress( 0, &pebAddress );
  359. }
  361. if ( pebAddress ) {
  362. dprintf( "PEB at %p\n", pebAddress );
  363. }
  364. else {
  365. dprintf( "PEB NULL...\n" );
  366. return E_INVALIDARG;
  367. }
  369. peb = IsPtr64() ? pebAddress : (ULONG64)(LONG64)(LONG)pebAddress;
  371. hr = DumpPeb(peb, FALSE);
  372. EXIT_API();
  373. return hr;
  376. } // PebExtension()
  379. HRESULT
  380. DumpTeb(ULONG64 tebAddress, BOOL IsWow64Teb)
  381. {
  383. ULONG64 teb;
  384. ULONG64 tib_ExceptionList;
  385. ULONG64 tib_StackBase;
  386. ULONG64 tib_StackLimit;
  387. ULONG64 tib_StackSusSystemTib;
  388. ULONG64 tib_FiberData;
  389. ULONG64 tib_ArbitraryUserPointer;
  390. ULONG64 tib_Self;
  391. ULONG64 tib_EnvironmentPointer;
  392. ULONG64 teb_ClientId_UniqueProcess;
  393. ULONG64 teb_ClientId_UniqueThread;
  394. ULONG64 teb_RealClientId_UniqueProcess;
  395. ULONG64 teb_RealClientId_UniqueThread;
  396. ULONG64 DeallocationBStore;
  397. HRESULT hr = S_OK;
  398. ULONG64 err;
  399. ULONG64 UseHardErrorsAreDisabled;
  400. ULONG HardErrorModeOffset;
  401. PCHAR TebType;
  403. teb = tebAddress;
  404. if (!IsWow64Teb) {
  405. TebType = "nt!_TEB";
  406. if ( InitTypeRead( teb, nt!_TEB ) ) {
  407. dprintf( "error InitTypeRead( TEB )...\n");
  408. return E_INVALIDARG;
  409. }
  410. } else {
  411. TebType = "nt!TEB32";
  412. if ( err = InitTypeRead( teb, nt!TEB32 ) ) {
  413. if (err == SYMBOL_TYPE_INFO_NOT_FOUND) {
  414. TebType = "wow64!TEB32";
  415. if ( InitTypeRead( teb, wow64!TEB32 ) ) {
  416. dprintf( "error InitTypeRead( wow64!TEB32 )...\n");
  417. return E_INVALIDARG;
  418. }
  419. } else {
  420. dprintf( "error InitTypeRead( TEB32 )...\n");
  421. return E_INVALIDARG;
  422. }
  423. }
  424. }
  426. dprintf(
  427. " ExceptionList: %p\n"
  428. " StackBase: %p\n"
  429. " StackLimit: %p\n"
  430. " SubSystemTib: %p\n"
  431. " FiberData: %p\n"
  432. " ArbitraryUserPointer: %p\n"
  433. " Self: %p\n"
  434. " EnvironmentPointer: %p\n",
  435. GetShortField(0, "NtTib.ExceptionList", 0),
  436. ReadField( NtTib.StackBase ),
  437. GetShortField(0, "NtTib.StackLimit", 0),
  438. GetShortField(0, "NtTib.SubsystemTib", 0),
  439. GetShortField(0, "NtTib.FiberData", 0),
  440. GetShortField(0, "NtTib.ArbitraryUsetPointer", 0),
  441. GetShortField(0, "NtTib.Self", 0),
  442. GetShortField(0, "NtTib.EnvironmentPointer", 0)
  443. );
  445. teb_ClientId_UniqueProcess = GetShortField( 0, "ClientId.UniqueProcess", 0 );
  446. teb_ClientId_UniqueThread = GetShortField( 0, "ClientId.UniqueThread", 0 );
  447. teb_RealClientId_UniqueProcess = GetShortField( 0, "RealClientId.UniqueProcess", 0 );
  448. teb_RealClientId_UniqueThread = GetShortField( 0, "RealClientId.UniqueThread", 0 );
  449. dprintf(
  450. " ClientId: %p . %p\n", teb_ClientId_UniqueProcess, teb_ClientId_UniqueThread );
  451. if ( teb_ClientId_UniqueProcess != teb_RealClientId_UniqueProcess ||
  452. teb_ClientId_UniqueThread != teb_RealClientId_UniqueThread )
  453. {
  454. dprintf(
  455. " Real ClientId: %p . %p\n", teb_RealClientId_UniqueProcess, teb_RealClientId_UniqueThread );
  456. }
  458. UseHardErrorsAreDisabled = GetFieldOffset(TebType,
  459. "HardErrorMode",
  460. &HardErrorModeOffset);
  462. dprintf(
  463. " RpcHandle: %p\n"
  464. " Tls Storage: %p\n"
  465. " PEB Address: %p\n"
  466. " LastErrorValue: %u\n"
  467. " LastStatusValue: %x\n"
  468. " Count Owned Locks: %u\n"
  469. " HardErrorMode: %x\n",
  470. ReadField( ActiveRpcHandle ),
  471. ReadField( ThreadLocalStoragePointer ),
  472. ReadField( ProcessEnvironmentBlock ),
  473. (ULONG)ReadField( LastErrorValue ),
  474. (ULONG)ReadField( LastStatusValue ),
  475. (ULONG)ReadField( CountOfOwnedCriticalSections ),
  476. (ULONG) (UseHardErrorsAreDisabled
  477. ? ReadField( HardErrorsAreDisabled )
  478. : ReadField( HardErrorMode ))
  479. );
  480. if (TargetMachine == IMAGE_FILE_MACHINE_IA64 && !IsWow64Teb) {
  481. dprintf(
  482. " DeallocationBStore: %p\n"
  483. " BStoreLimit: %p\n",
  484. ReadField(DeallocationBStore),
  485. ReadField( BStoreLimit )
  486. );
  487. }
  488. return hr;
  489. } // DumpTeb()
  493. DECLARE_API( teb )
  495. /*++
  497. Routine Description:
  499. This function is called to dump the TEB
  501. Called as:
  503. !teb
  505. --*/
  507. {
  509. ULONG64 tebAddress;
  510. HRESULT hr = S_OK;
  512. INIT_API();
  513. if ( *args ) {
  514. tebAddress = GetExpression( args );
  515. } else {
  516. tebAddress = GetExpression("@$teb");
  517. }
  519. if ( tebAddress ) {
  520. if (TargetMachine == IMAGE_FILE_MACHINE_IA64 && tebAddress) {
  521. ULONG64 Teb32=0;
  522. if (GetTeb32FromWowTeb(tebAddress, &Teb32) && Teb32) {
  523. dprintf("Wow64 TEB32 at %p\n", Teb32);
  524. DumpTeb(Teb32, TRUE);
  525. dprintf("\n\nWow64 ");
  526. }
  527. }
  528. dprintf( "TEB at %p\n", tebAddress );
  529. } else {
  530. dprintf( "TEB NULL...\n" );
  531. hr = E_INVALIDARG;
  532. goto ExitTeb;
  533. }
  534. // tebAddress = IsPtr64() ? tebAddress : (ULONG64)(LONG64)(LONG)tebAddress;
  536. hr = DumpTeb(tebAddress, FALSE);
  537. ExitTeb:
  538. EXIT_API();
  539. return hr;
  540. }