archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/sdktools/debuggers/imagehlp/walk.c

488 lines
13 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1993-2001 Microsoft Corporation
  5. Module Name:
  7. walk.c
  9. Abstract:
  11. This function implements the stack walking api.
  13. Author:
  15. Wesley Witt (wesw) 1-Oct-1993
  17. Environment:
  19. User Mode
  21. --*/
  23. #include <private.h>
  24. #include "globals.h"
  25. #include "symbols.h"
  27. #ifndef PAGE_SIZE
  28. #if defined(_X86_) || defined(_AMD64_) || defined(ARM)
  29. #define PAGE_SIZE 0x1000
  30. #elif defined(_IA64_)
  31. #define PAGE_SIZE 0x2000
  32. #else
  33. #error Unknown processor architecture
  34. #endif
  35. #endif
  37. ULONG g_StackDebugMask;
  38. ULONG g_StackDebugIo = SDB_CALLBACK_OUT;
  40. BOOL
  41. ReadMemoryRoutineLocal(
  42. HANDLE hProcess,
  43. DWORD64 qwBaseAddress,
  44. LPVOID lpBuffer,
  45. DWORD nSize,
  46. LPDWORD lpNumberOfBytesRead
  47. );
  49. LPVOID
  50. FunctionTableAccessRoutineLocal(
  51. HANDLE hProcess,
  52. DWORD64 AddrBase
  53. );
  55. DWORD64
  56. GetModuleBaseRoutineLocal(
  57. HANDLE hProcess,
  58. DWORD64 ReturnAddress
  59. );
  61. DWORD64
  62. TranslateAddressRoutineLocal(
  63. HANDLE hProcess,
  64. HANDLE hThread,
  65. LPADDRESS64 lpaddr
  66. );
  68. void __cdecl
  69. SdbOut(
  70. ULONG Mask,
  71. PSTR Format,
  72. ...
  73. )
  74. {
  75. if (g_StackDebugMask & Mask) {
  76. char Text[256];
  77. char* Cur = Text;
  78. va_list Args;
  80. if (!(Mask & SDB_NO_PREFIX)) {
  81. CopyStrArray(Text, "SDB: ");
  82. Cur += 5;
  83. }
  85. va_start(Args, Format);
  86. _vsnprintf(Cur, sizeof(Text) - (Cur - Text) - 1, Format, Args);
  87. Text[sizeof(Text) - 1] = 0;
  89. switch(g_StackDebugIo) {
  90. case SDB_DEBUG_OUT:
  91. OutputDebugStringA(Text);
  92. break;
  93. case SDB_CALLBACK_OUT:
  94. _peprint(NULL, "%s", Text);
  95. break;
  96. }
  97. }
  98. }
  100. BOOL
  101. ImagepReadMemoryThunk(
  102. HANDLE hProcess,
  103. DWORD64 qwBaseAddress,
  104. LPVOID lpBuffer,
  105. DWORD nSize,
  106. LPDWORD lpNumberOfBytesRead
  107. )
  108. {
  109. PREAD_PROCESS_MEMORY_ROUTINE fnImagepUserReadMemory32;
  111. fnImagepUserReadMemory32 = tlsvar(ImagepUserReadMemory32);
  112. return fnImagepUserReadMemory32(
  113. hProcess,
  114. (DWORD)qwBaseAddress,
  115. lpBuffer,
  116. nSize,
  117. lpNumberOfBytesRead
  118. );
  119. }
  121. LPVOID
  122. ImagepFunctionTableAccessThunk(
  123. HANDLE hProcess,
  124. DWORD64 AddrBase
  125. )
  126. {
  127. PFUNCTION_TABLE_ACCESS_ROUTINE fnImagepUserFunctionTableAccess32;
  129. fnImagepUserFunctionTableAccess32 = tlsvar(ImagepUserFunctionTableAccess32);
  130. return fnImagepUserFunctionTableAccess32(
  131. hProcess,
  132. (DWORD)AddrBase
  133. );
  134. }
  136. DWORD64
  137. ImagepGetModuleBaseThunk(
  138. HANDLE hProcess,
  139. DWORD64 ReturnAddress
  140. )
  141. {
  142. PGET_MODULE_BASE_ROUTINE fnImagepUserGetModuleBase32;
  144. fnImagepUserGetModuleBase32 = tlsvar(ImagepUserGetModuleBase32);
  145. return (ULONG64)(LONG64)(LONG)fnImagepUserGetModuleBase32(
  146. hProcess,
  147. (DWORD)ReturnAddress
  148. );
  149. }
  151. DWORD64
  152. ImagepTranslateAddressThunk(
  153. HANDLE hProcess,
  154. HANDLE hThread,
  155. LPADDRESS64 lpaddr
  156. )
  157. {
  158. return 0;
  159. }
  161. void
  162. StackFrame32To64(
  163. LPSTACKFRAME StackFrame32,
  164. LPSTACKFRAME64 StackFrame64
  165. )
  166. {
  167. Address32To64(&StackFrame32->AddrPC, &StackFrame64->AddrPC );
  168. Address32To64(&StackFrame32->AddrReturn, &StackFrame64->AddrReturn );
  169. Address32To64(&StackFrame32->AddrFrame, &StackFrame64->AddrFrame );
  170. Address32To64(&StackFrame32->AddrStack, &StackFrame64->AddrStack );
  171. StackFrame64->FuncTableEntry = StackFrame32->FuncTableEntry;
  172. StackFrame64->Far = StackFrame32->Far;
  173. StackFrame64->Virtual = StackFrame32->Virtual;
  174. StackFrame64->Params[0] = EXTEND64(StackFrame32->Params[0]);
  175. StackFrame64->Params[1] = EXTEND64(StackFrame32->Params[1]);
  176. StackFrame64->Params[2] = EXTEND64(StackFrame32->Params[2]);
  177. StackFrame64->Params[3] = EXTEND64(StackFrame32->Params[3]);
  178. StackFrame64->Reserved[0] = EXTEND64(StackFrame32->Reserved[0]);
  179. StackFrame64->Reserved[1] = EXTEND64(StackFrame32->Reserved[1]);
  180. StackFrame64->Reserved[2] = EXTEND64(StackFrame32->Reserved[2]);
  181. KdHelp32To64(&StackFrame32->KdHelp, &StackFrame64->KdHelp);
  182. }
  184. void
  185. StackFrame64To32(
  186. LPSTACKFRAME64 StackFrame64,
  187. LPSTACKFRAME StackFrame32
  188. )
  189. {
  190. Address64To32(&StackFrame64->AddrPC, &StackFrame32->AddrPC );
  191. Address64To32(&StackFrame64->AddrReturn, &StackFrame32->AddrReturn );
  192. Address64To32(&StackFrame64->AddrFrame, &StackFrame32->AddrFrame );
  193. Address64To32(&StackFrame64->AddrStack, &StackFrame32->AddrStack );
  194. StackFrame32->FuncTableEntry = StackFrame64->FuncTableEntry;
  195. StackFrame32->Far = StackFrame64->Far;
  196. StackFrame32->Virtual = StackFrame64->Virtual;
  197. StackFrame32->Params[0] = (ULONG)StackFrame64->Params[0];
  198. StackFrame32->Params[1] = (ULONG)StackFrame64->Params[1];
  199. StackFrame32->Params[2] = (ULONG)StackFrame64->Params[2];
  200. StackFrame32->Params[3] = (ULONG)StackFrame64->Params[3];
  201. StackFrame32->Reserved[0] = (ULONG)StackFrame64->Reserved[0];
  202. StackFrame32->Reserved[1] = (ULONG)StackFrame64->Reserved[1];
  203. StackFrame32->Reserved[2] = (ULONG)StackFrame64->Reserved[2];
  204. }
  206. BOOL
  207. StackWalk(
  208. DWORD MachineType,
  209. HANDLE hProcess,
  210. HANDLE hThread,
  211. LPSTACKFRAME StackFrame32,
  212. LPVOID ContextRecord,
  213. PREAD_PROCESS_MEMORY_ROUTINE ReadMemory32,
  214. PFUNCTION_TABLE_ACCESS_ROUTINE FunctionTableAccess32,
  215. PGET_MODULE_BASE_ROUTINE GetModuleBase32,
  216. PTRANSLATE_ADDRESS_ROUTINE TranslateAddress32
  217. )
  218. {
  219. BOOL rval;
  220. BOOL UseSym = FALSE;
  221. PREAD_PROCESS_MEMORY_ROUTINE64 ReadMemory;
  222. PFUNCTION_TABLE_ACCESS_ROUTINE64 FunctionTableAccess;
  223. PGET_MODULE_BASE_ROUTINE64 GetModuleBase;
  224. PTRANSLATE_ADDRESS_ROUTINE64 TranslateAddress;
  225. STACKFRAME64 StackFrame;
  227. if (FunctionTableAccess32) {
  228. tlsvar(ImagepUserFunctionTableAccess32) = FunctionTableAccess32;
  229. FunctionTableAccess = ImagepFunctionTableAccessThunk;
  230. } else {
  231. FunctionTableAccess = FunctionTableAccessRoutineLocal;
  232. UseSym = TRUE;
  233. }
  236. if (GetModuleBase32) {
  237. tlsvar(ImagepUserGetModuleBase32) = GetModuleBase32;
  238. GetModuleBase = ImagepGetModuleBaseThunk;
  239. } else {
  240. GetModuleBase = GetModuleBaseRoutineLocal;
  241. UseSym = TRUE;
  242. }
  244. if (ReadMemory32) {
  245. tlsvar(ImagepUserReadMemory32) = ReadMemory32;
  246. ReadMemory = ImagepReadMemoryThunk;
  247. } else {
  248. ReadMemory = ReadMemoryRoutineLocal;
  249. }
  251. if (TranslateAddress32) {
  252. tlsvar(ImagepUserTranslateAddress32) = TranslateAddress32;
  253. TranslateAddress = ImagepTranslateAddressThunk;
  254. } else {
  255. TranslateAddress = TranslateAddressRoutineLocal;
  256. }
  258. if (UseSym) {
  259. //
  260. // We are using the code in symbols.c
  261. // hProcess better be a real valid process handle
  262. //
  264. //
  265. // Always call syminitialize. It's a nop if process
  266. // is already loaded.
  267. //
  268. if (!SymInitialize( hProcess, NULL, FALSE )) {
  269. return FALSE;
  270. }
  272. }
  274. StackFrame32To64(StackFrame32, &StackFrame);
  276. switch (MachineType) {
  277. case IMAGE_FILE_MACHINE_I386:
  278. rval = WalkX86( hProcess,
  279. hThread,
  280. &StackFrame,
  281. ContextRecord,
  282. ReadMemory,
  283. FunctionTableAccess,
  284. GetModuleBase,
  285. TranslateAddress,
  286. 0
  287. );
  288. break;
  290. case IMAGE_FILE_MACHINE_IA64:
  291. case IMAGE_FILE_MACHINE_AMD64:
  292. default:
  293. rval = FALSE;
  294. break;
  295. }
  296. if (rval) {
  297. StackFrame64To32(&StackFrame, StackFrame32);
  298. }
  300. return rval;
  301. }
  304. BOOL
  305. StackWalk64(
  306. DWORD MachineType,
  307. HANDLE hProcess,
  308. HANDLE hThread,
  309. LPSTACKFRAME64 StackFrame,
  310. LPVOID ContextRecord,
  311. PREAD_PROCESS_MEMORY_ROUTINE64 ReadMemory,
  312. PFUNCTION_TABLE_ACCESS_ROUTINE64 FunctionTableAccess,
  313. PGET_MODULE_BASE_ROUTINE64 GetModuleBase,
  314. PTRANSLATE_ADDRESS_ROUTINE64 TranslateAddress
  315. )
  316. {
  317. BOOL rval;
  318. BOOL UseSym = FALSE;
  320. g.MachineType = MachineType;
  321. if (!FunctionTableAccess) {
  322. FunctionTableAccess = FunctionTableAccessRoutineLocal;
  323. UseSym = TRUE;
  324. }
  326. if (!GetModuleBase) {
  327. GetModuleBase = GetModuleBaseRoutineLocal;
  328. UseSym = TRUE;
  329. }
  331. if (!ReadMemory) {
  332. ReadMemory = ReadMemoryRoutineLocal;
  333. }
  335. if (!TranslateAddress) {
  336. TranslateAddress = TranslateAddressRoutineLocal;
  337. }
  339. if (UseSym) {
  340. //
  341. // We are using the code in symbols.c
  342. // hProcess better be a real valid process handle
  343. //
  345. //
  346. // Always call syminitialize. It's a nop if process
  347. // is already loaded.
  348. //
  349. if (!SymInitialize( hProcess, NULL, FALSE )) {
  350. return FALSE;
  351. }
  353. }
  355. switch (MachineType) {
  356. case IMAGE_FILE_MACHINE_I386:
  357. rval = WalkX86( hProcess,
  358. hThread,
  359. StackFrame,
  360. ContextRecord,
  361. ReadMemory,
  362. FunctionTableAccess,
  363. GetModuleBase,
  364. TranslateAddress,
  365. WALK_FIX_FPO_EBP
  366. );
  368. break;
  370. case IMAGE_FILE_MACHINE_IA64:
  371. rval = WalkIa64( hProcess,
  372. StackFrame,
  373. ContextRecord,
  374. ReadMemory,
  375. FunctionTableAccess,
  376. GetModuleBase
  377. );
  378. break;
  380. case IMAGE_FILE_MACHINE_AMD64:
  381. rval = WalkAmd64( hProcess,
  382. StackFrame,
  383. ContextRecord,
  384. ReadMemory,
  385. FunctionTableAccess,
  386. GetModuleBase
  387. );
  388. break;
  390. case IMAGE_FILE_MACHINE_ARM:
  391. rval = WalkArm( hProcess,
  392. hThread,
  393. StackFrame,
  394. ContextRecord,
  395. ReadMemory,
  396. FunctionTableAccess,
  397. GetModuleBase
  398. );
  399. break;
  401. default:
  402. rval = FALSE;
  403. break;
  404. }
  406. return rval;
  407. }
  409. BOOL
  410. ReadMemoryRoutineLocal(
  411. HANDLE hProcess,
  412. DWORD64 qwBaseAddress,
  413. LPVOID lpBuffer,
  414. DWORD nSize,
  415. LPDWORD lpNumberOfBytesRead
  416. )
  417. {
  418. // ReadProcessMemory will fail if any part of the
  419. // region to read does not have read access. This
  420. // routine attempts to read the largest valid prefix
  421. // so it has to break up reads on page boundaries.
  423. BOOL Status = TRUE;
  424. SIZE_T TotalBytesRead = 0;
  425. SIZE_T Read;
  426. ULONG ReadSize;
  428. while (nSize > 0) {
  430. // Calculate bytes to read and don't let read cross
  431. // a page boundary.
  432. ReadSize = PAGE_SIZE - (ULONG)(qwBaseAddress & (PAGE_SIZE - 1));
  433. ReadSize = min(nSize, ReadSize);
  435. if (!ReadProcessMemory(hProcess, (PVOID)(ULONG_PTR)qwBaseAddress,
  436. lpBuffer, ReadSize, &Read)) {
  437. if (TotalBytesRead == 0) {
  438. // If we haven't read anything indicate failure.
  439. Status = FALSE;
  440. }
  441. break;
  442. }
  444. TotalBytesRead += Read;
  445. qwBaseAddress += Read;
  446. lpBuffer = (PVOID)((PUCHAR)lpBuffer + Read);
  447. nSize -= (DWORD)Read;
  448. }
  450. *lpNumberOfBytesRead = (DWORD)TotalBytesRead;
  451. return Status;
  452. }
  454. LPVOID
  455. FunctionTableAccessRoutineLocal(
  456. HANDLE hProcess,
  457. DWORD64 AddrBase
  458. )
  459. {
  460. return SymFunctionTableAccess64(hProcess, AddrBase);
  461. }
  463. DWORD64
  464. GetModuleBaseRoutineLocal(
  465. HANDLE hProcess,
  466. DWORD64 ReturnAddress
  467. )
  468. {
  469. IMAGEHLP_MODULE64 ModuleInfo = {0};
  470. ModuleInfo.SizeOfStruct = sizeof(ModuleInfo);
  472. if (SymGetModuleInfo64(hProcess, ReturnAddress, &ModuleInfo)) {
  473. return ModuleInfo.BaseOfImage;
  474. } else {
  475. return 0;
  476. }
  477. }
  480. DWORD64
  481. TranslateAddressRoutineLocal(
  482. HANDLE hProcess,
  483. HANDLE hThread,
  484. LPADDRESS64 paddr
  485. )
  486. {
  487. return 0;
  488. }