archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
4.9 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/base/wow64/mscpu/dbgexts/entrypt.c

641 lines
18 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1995-1999 Microsoft Corporation
  5. Module Name:
  7. entrypt.c
  9. Abstract:
  11. Debugger extensions that give an entry point from either an
  12. intel address or a native address
  14. Author:
  16. 02-Aug-1995 Ori Gershony (t-orig)
  18. Revision History:
  20. --*/
  22. #define _WOW64CPUDBGAPI_
  23. #define DECLARE_CPU_DEBUGGER_INTERFACE
  24. #include <nt.h>
  25. #include <ntrtl.h>
  26. #include <nturtl.h>
  27. #include <windows.h>
  28. #include <imagehlp.h>
  29. #include <ntsdexts.h>
  30. #include "ntosdef.h"
  31. #include "v86emul.h"
  32. #include "ia64.h"
  33. #include "wow64.h"
  34. #include "wow64cpu.h"
  35. #include "threadst.h"
  36. #include "entrypt.h"
  38. extern HANDLE Process;
  39. extern HANDLE Thread;
  40. extern PNTSD_OUTPUT_ROUTINE OutputRoutine;
  41. extern PNTSD_GET_SYMBOL GetSymbolRoutine;
  42. extern PNTSD_GET_EXPRESSION GetExpression;
  43. extern PWOW64GETCPUDATA CpuGetData;
  44. extern LPSTR ArgumentString;
  46. #define DEBUGGERPRINT (*OutputRoutine)
  47. #define GETSYMBOL (*GetSymbolRoutine)
  48. #define GETEXPRESSION (*GetExpression)
  49. #define CPUGETDATA (*CpuGetData)
  52. extern THREADSTATE LocalCpuContext;
  53. extern BOOL ContextFetched;
  54. extern BOOL ContextDirty;
  57. #define DECLARE_EXTAPI(name) \
  58. VOID \
  59. name( \
  60. HANDLE hCurrentProcess, \
  61. HANDLE hCurrentThread, \
  62. DWORD64 dwCurrentPc, \
  63. PNTSD_EXTENSION_APIS lpExtensionApis, \
  64. LPSTR lpArgumentString \
  65. )
  67. #define INIT_EXTAPI \
  68. Process = hCurrentProcess; \
  69. Thread = hCurrentThread; \
  70. OutputRoutine = lpExtensionApis->lpOutputRoutine; \
  71. GetSymbolRoutine = lpExtensionApis->lpGetSymbolRoutine; \
  72. GetExpression = lpExtensionApis->lpGetExpressionRoutine; \
  73. ArgumentString = lpArgumentString;
  76. #if _ALPHA_
  77. #define EXCEPTIONDATA_SIGNATURE 0x01010101
  78. #else
  79. #define EXCEPTIONDATA_SIGNATURE 0x12341234
  80. #endif
  82. // Assume we can have at most 1/2 million entrypoints in a tree:
  83. // With 4MB Translation Cache, we can have 1 million RISC instructions
  84. // in the cache. Assume each Intel instruction requires 2 RISC instructions,
  85. // and that each Intel instruction has its own Entrypoint. In that case,
  86. // there can be at most 1/2 million entrypoints. Realistically, that number
  87. // should be much smaller (like 50,000).
  88. //
  89. // Also, since the Entrypoint tree is balanced (a property of Red-Black trees),
  90. // the required stack depth should be log2(500,000).
  91. //
  92. #define MAX_EPN_STACK_DEPTH 512*1024
  93. ULONG_PTR EPN_Stack[MAX_EPN_STACK_DEPTH];
  94. ULONG EPN_StackTop;
  95. ULONG EPN_MaxStackDepth;
  97. #define EPN_STACK_RESET() EPN_StackTop=0; EPN_MaxStackDepth=0
  99. #define EPN_PUSH(x) { \
  100. if (EPN_StackTop == MAX_EPN_STACK_DEPTH-1) { \
  101. DEBUGGERPRINT("Error: EPN stack overflow\n"); \
  102. goto Error; \
  103. } else { \
  104. EPN_Stack[EPN_StackTop] = x; \
  105. EPN_StackTop++; \
  106. if (EPN_StackTop > EPN_MaxStackDepth) EPN_MaxStackDepth=EPN_StackTop; \
  107. } \
  108. }
  110. #define EPN_POP(x) { \
  111. if (EPN_StackTop == 0) { \
  112. DEBUGGERPRINT("Error: EPN stack underflow\n"); \
  113. goto Error; \
  114. } else { \
  115. EPN_StackTop--; \
  116. x = EPN_Stack[EPN_StackTop]; \
  117. } \
  118. }
  121. NTSTATUS
  122. TryGetExpr(
  123. PSTR Expression,
  124. PULONG_PTR pValue
  125. );
  128. VOID
  129. findEPI(
  130. ULONG_PTR intelAddress,
  131. ULONG_PTR intelRoot
  132. )
  133. /*++
  135. Routine Description:
  137. This routine finds an entry point which contains intelAddress if in the
  138. tree under intelRoot.
  140. Arguments:
  142. intelAddress -- The intel address to be contained in the entry point
  144. intelRoot -- The root of the tree to use for the search
  146. Return Value:
  148. return-value - none
  150. --*/
  151. {
  152. EPNODE entrypoint;
  153. NTSTATUS Status;
  155. for (;;) {
  156. Status = NtReadVirtualMemory(Process, (PVOID)intelRoot, (PVOID) (&entrypoint), sizeof(EPNODE), NULL);
  157. if (!NT_SUCCESS(Status)) {
  158. DEBUGGERPRINT("Error: cannot read value of entry point at location %x\n", intelRoot);
  159. return;
  160. }
  162. if (intelRoot == (ULONG_PTR)entrypoint.intelLeft) {
  163. //
  164. // At a NIL node.
  165. //
  166. break;
  167. }
  169. if (intelAddress < (ULONG_PTR)entrypoint.ep.intelStart){
  170. intelRoot = (ULONG_PTR)entrypoint.intelLeft;
  171. } else if (intelAddress > (ULONG_PTR)entrypoint.ep.intelEnd) {
  172. intelRoot = (ULONG_PTR)entrypoint.intelRight;
  173. } else {
  174. DEBUGGERPRINT ("Entry point for intel address %x is at %x\n", intelAddress, intelRoot);
  175. DEBUGGERPRINT ("intelStart = %x, intelEnd = %x\n", entrypoint.ep.intelStart, entrypoint.ep.intelEnd);
  176. DEBUGGERPRINT ("nativeStart = %x, nativeEnd = %x\n", entrypoint.ep.nativeStart, entrypoint.ep.nativeEnd);
  177. return;
  178. }
  179. }
  181. DEBUGGERPRINT("Entry point corresponding to intel address %x is not in the tree.\n", intelAddress);
  182. }
  184. DECLARE_EXTAPI(epi)
  185. /*++
  187. Routine Description:
  189. This routine dumps the entry point information for an intel address
  191. Arguments:
  193. Return Value:
  195. return-value - none
  197. --*/
  198. {
  199. CHAR *pchCmd;
  200. ULONG_PTR intelAddress, pIntelRoot, intelRoot;
  201. NTSTATUS Status;
  203. INIT_EXTAPI;
  205. //
  206. // fetch the CpuContext for the current thread
  207. //
  208. if (!CpuDbgGetRemoteContext(CPUGETDATA(Process, Thread))) {
  209. return;
  210. }
  212. DEBUGGERPRINT ("Argument: %s\n", ArgumentString);
  214. //
  215. // advance to first token
  216. //
  217. pchCmd = ArgumentString;
  218. while (*pchCmd && isspace(*pchCmd)) {
  219. pchCmd++;
  220. }
  222. //
  223. // if exists must be intel address
  224. //
  225. if (*pchCmd) {
  226. Status = TryGetExpr(pchCmd, &intelAddress);
  227. if (!NT_SUCCESS(Status)) {
  228. DEBUGGERPRINT("Invalid Intel Address '%s' Status %x\n", pchCmd, Status);
  229. return;
  230. }
  231. } else {
  232. // Take the current eip value as the first argument
  233. intelAddress = LocalCpuContext.eipReg.i4;
  234. }
  236. Status = TryGetExpr("intelRoot", &pIntelRoot);
  237. if (!NT_SUCCESS(Status)) {
  238. DEBUGGERPRINT("Error: cannot evaluate intelRoot\n");
  239. return;
  240. }
  242. Status = NtReadVirtualMemory(Process, (PVOID)pIntelRoot, (PVOID) (&intelRoot), sizeof(intelRoot), NULL);
  243. if (!NT_SUCCESS(Status)) {
  244. DEBUGGERPRINT("Error: cannot read value of intelRoot\n");
  245. return;
  246. }
  248. findEPI(intelAddress, intelRoot);
  249. }
  251. ULONG_PTR
  252. findEPN(
  253. ULONG_PTR nativeAddress,
  254. ULONG_PTR intelRoot
  255. )
  256. /*++
  258. Routine Description:
  260. This routine finds an entry point which contains nativeAddress if in the
  261. tree under intelRoot.
  263. Arguments:
  265. nativeAddress -- The native address to be contained in the entry point
  267. intelRoot -- The root of the tree to use for the search
  269. Return Value:
  271. return-value - NULL - entrypoint not found
  272. non-NULL - ptr to ENTRYPOINT matching the native address
  274. --*/
  275. {
  276. EPNODE entrypoint;
  277. NTSTATUS Status;
  278. PVOID SubEP;
  280. EPN_STACK_RESET();
  282. EPN_PUSH(0);
  284. while (intelRoot != 0) {
  286. Status = NtReadVirtualMemory(Process, (PVOID)intelRoot, (PVOID) (&entrypoint), sizeof(EPNODE), NULL);
  287. if (!NT_SUCCESS(Status)) {
  288. DEBUGGERPRINT("Error: cannot read value of entry point at location %x\n", intelRoot);
  289. return 0;
  290. }
  292. if ((nativeAddress >= (ULONG_PTR)entrypoint.ep.nativeStart) &&
  293. (nativeAddress <= (ULONG_PTR)entrypoint.ep.nativeEnd)) {
  295. DEBUGGERPRINT ("Entry point for native address %x is at %x\n", nativeAddress, intelRoot);
  296. DEBUGGERPRINT ("intelStart = %x, intelEnd = %x\n", entrypoint.ep.intelStart, entrypoint.ep.intelEnd);
  297. DEBUGGERPRINT ("nativeStart = %x, nativeEnd = %x\n", entrypoint.ep.nativeStart, entrypoint.ep.nativeEnd);
  298. return intelRoot;
  299. }
  301. // If there are sub-entrypoints, search them, too.
  302. SubEP = (PVOID)entrypoint.ep.SubEP;
  303. while (SubEP) {
  304. ENTRYPOINT ep;
  306. Status = NtReadVirtualMemory(Process, SubEP, (PVOID)(&ep), sizeof(ENTRYPOINT), NULL);
  307. if (!NT_SUCCESS(Status)) {
  308. DEBUGGERPRINT("Error: cannot read value of sub-entry point at location %x\n", SubEP);
  309. return 0;
  310. }
  312. if ((nativeAddress >= (ULONG_PTR)ep.nativeStart) &&
  313. (nativeAddress <= (ULONG_PTR)ep.nativeEnd)) {
  314. DEBUGGERPRINT ("Entry point for native address %x is at %x\n", nativeAddress, intelRoot);
  315. DEBUGGERPRINT ("Sub-entrypoint actually containing the native address is %x\n", SubEP);
  316. DEBUGGERPRINT ("intelStart = %x, intelEnd = %x\n", ep.intelStart, ep.intelEnd);
  317. DEBUGGERPRINT ("nativeStart = %x, nativeEnd = %x\n", ep.nativeStart, ep.nativeEnd);
  318. return (ULONG_PTR)SubEP;
  319. }
  321. SubEP = ep.SubEP;
  322. }
  324. if ((ULONG_PTR)entrypoint.intelRight != intelRoot) {
  325. EPN_PUSH((ULONG_PTR)entrypoint.intelRight);
  326. }
  327. if ((ULONG_PTR)entrypoint.intelLeft != intelRoot) {
  328. EPN_PUSH((ULONG_PTR)entrypoint.intelLeft);
  329. }
  331. EPN_POP(intelRoot);
  332. }
  334. DEBUGGERPRINT("Entry point corresponding to native address %x is not in the tree.\n", nativeAddress);
  335. Error:
  336. return 0;
  337. }
  339. VOID
  340. FindEipFromNativeAddress(
  341. ULONG_PTR nativeAddress,
  342. ULONG_PTR pEP
  343. )
  344. {
  345. ENTRYPOINT EP;
  346. NTSTATUS Status;
  347. PVOID pUL;
  348. ULONG UL;
  349. ULONG RiscStart;
  350. ULONG RiscEnd;
  351. ULONG cEntryPoints;
  353. Status = NtReadVirtualMemory(Process, (PVOID)pEP, (PVOID)(&EP), sizeof(ENTRYPOINT), NULL);
  354. if (!NT_SUCCESS(Status)) {
  355. DEBUGGERPRINT("Error: cannot read value of entry point at location %x\n", pEP);
  356. return;
  357. }
  359. //
  360. // Search forward to the next EXCEPTIONDATA_SIGNATURE in the cache
  361. //
  362. pUL = (PVOID)(((ULONG_PTR)EP.nativeEnd+3) & ~3);
  363. do {
  364. Status = NtReadVirtualMemory(Process, pUL, &UL, sizeof(ULONG), NULL);
  365. if (!NT_SUCCESS(Status)) {
  366. DEBUGGERPRINT("Error: error reading from TC at %x\n", pUL);
  367. return;
  368. }
  370. pUL = (PVOID)( (PULONG)pUL + 1);
  371. } while (UL != EXCEPTIONDATA_SIGNATURE);
  373. //
  374. // Found the signature, get cEntryPoints
  375. //
  376. Status = NtReadVirtualMemory(Process, pUL, &cEntryPoints, sizeof(ULONG), NULL);
  377. if (!NT_SUCCESS(Status)) {
  378. DEBUGGERPRINT("Error: error reading from TC at %x\n", pUL);
  379. return;
  380. }
  381. pUL = (PVOID)( (PULONG)pUL + 1); // skip cEntryPoints
  383. while (1) {
  384. Status = NtReadVirtualMemory(Process, pUL, &UL, sizeof(ULONG), NULL);
  385. if (!NT_SUCCESS(Status)) {
  386. DEBUGGERPRINT("Error: error reading from TC at %x\n", pUL);
  387. return;
  388. }
  390. if (UL == (ULONG)pEP) {
  391. //
  392. // Found the right ENTRYPOINT pointer
  393. //
  394. break;
  395. }
  397. //
  398. // Skip over the pairs of (x86, risc) offsets
  399. //
  400. do {
  401. pUL = (PVOID)( (PULONG)pUL + 1);
  402. Status = NtReadVirtualMemory(Process, pUL, &UL, sizeof(ULONG), NULL);
  403. if (!NT_SUCCESS(Status)) {
  404. DEBUGGERPRINT("Error: error reading from TC at %x\n", pUL);
  405. return;
  406. }
  407. } while ((UL & 1) == 0);
  409. cEntryPoints--;
  410. if (cEntryPoints == 0) {
  411. DEBUGGERPRINT("Error: cEntryPoints went to 0 at %x\n", pUL);
  412. return;
  413. }
  415. pUL = (PVOID)( (PULONG)pUL + 1);
  416. }
  418. //
  419. // pUL points at the correct entrypoint pointer
  420. //
  421. nativeAddress -= (ULONG_PTR)EP.nativeStart; // Make relative to start of EP
  422. RiscStart = 0; // Also relative to start of EP
  423. while (1) {
  424. ULONG UL2;
  426. pUL = (PVOID)( (PULONG)pUL + 1);
  427. Status = NtReadVirtualMemory(Process, pUL, &UL, sizeof(ULONG), NULL);
  428. if (!NT_SUCCESS(Status)) {
  429. DEBUGGERPRINT("Error: error reading from TC at %x\n", pUL);
  430. return;
  431. }
  432. if (UL & 1) {
  433. break;
  434. }
  436. Status = NtReadVirtualMemory(Process, (PVOID)((PULONG)pUL+1), &UL2, sizeof(ULONG), NULL);
  437. if (!NT_SUCCESS(Status)) {
  438. DEBUGGERPRINT("Error: error reading from TC at %p\n", (ULONG_PTR)pUL+4);
  439. return;
  440. }
  441. RiscEnd = LOWORD(UL2) & 0xfffe; // RiscEnd = RiscStart of next instr
  442. if ((RiscStart <= nativeAddress && nativeAddress < RiscEnd)
  443. || (UL & 1)) {
  444. DEBUGGERPRINT("Corresponding EIP=%p\n", (ULONG_PTR)EP.intelStart + HIWORD(UL));
  445. return;
  446. }
  447. }
  449. return;
  451. }
  453. DECLARE_EXTAPI(epn)
  454. /*++
  456. Routine Description:
  458. This routine dumps the entry point information for a native address
  460. Arguments:
  462. Return Value:
  464. return-value - none
  466. --*/
  467. {
  468. CHAR *pchCmd;
  469. ULONG_PTR nativeAddress, pIntelRoot, intelRoot, EP;
  470. NTSTATUS Status;
  472. INIT_EXTAPI;
  474. //
  475. // fetch the CpuContext for the current thread
  476. //
  477. if (!CpuDbgGetRemoteContext(CPUGETDATA(Process, Thread))) {
  478. return;
  479. }
  481. //
  482. // advance to first token
  483. //
  484. pchCmd = ArgumentString;
  485. while (*pchCmd && isspace(*pchCmd)) {
  486. pchCmd++;
  487. }
  489. //
  490. // if exists must be intel address
  491. //
  492. if (*pchCmd) {
  493. Status = TryGetExpr(pchCmd, &nativeAddress);
  494. if (!NT_SUCCESS(Status)) {
  495. DEBUGGERPRINT("Invalid Native Address '%s' Status %x\n", pchCmd, Status);
  496. return;
  497. }
  498. } else {
  499. // Use the current pc as the host address
  500. CONTEXT context;
  501. if (!GetThreadContext(Thread, &context)){
  502. DEBUGGERPRINT("Error: cannot get thread context\n");
  503. return;
  504. }
  505. #if defined (_MIPS_) || defined (_ALPHA_)
  506. nativeAddress = (ULONG)context.Fir;
  507. #elif defined (_PPC_)
  508. nativeAddress = context.Iar;
  509. #endif
  512. }
  514. Status = TryGetExpr("intelRoot", &pIntelRoot);
  515. if (!NT_SUCCESS(Status)) {
  516. DEBUGGERPRINT("Error: cannot evaluate intelRoot\n");
  517. return;
  518. }
  520. Status = NtReadVirtualMemory(Process, (PVOID)pIntelRoot, (PVOID) (&intelRoot), sizeof(ULONG_PTR), NULL);
  521. if (!NT_SUCCESS(Status)) {
  522. DEBUGGERPRINT("Error: cannot read value of intelRoot\n");
  523. return;
  524. }
  526. EP = findEPN(nativeAddress, intelRoot);
  527. if (EP) {
  528. FindEipFromNativeAddress(nativeAddress, EP);
  529. }
  530. }
  532. DECLARE_EXTAPI(dumpep)
  533. /*++
  535. Routine Description:
  537. This routine dumps all entrypoints.
  539. Arguments:
  541. Return Value:
  543. return-value - none
  545. --*/
  546. {
  547. ULONG_PTR pIntelRoot, intelRoot;
  548. NTSTATUS Status;
  549. EPNODE entrypoint;
  551. INIT_EXTAPI;
  553. //
  554. // fetch the CpuContext for the current thread
  555. //
  556. if (!CpuDbgGetRemoteContext(CPUGETDATA(Process, Thread))) {
  557. return;
  558. }
  560. Status = TryGetExpr("intelRoot", &pIntelRoot);
  561. if (!NT_SUCCESS(Status)) {
  562. DEBUGGERPRINT("Error: cannot evaluate intelRoot\n");
  563. return;
  564. }
  566. Status = NtReadVirtualMemory(Process, (PVOID)pIntelRoot, (PVOID) (&intelRoot), sizeof(intelRoot), NULL);
  567. if (!NT_SUCCESS(Status)) {
  568. DEBUGGERPRINT("Error: cannot read value of intelRoot\n");
  569. return;
  570. }
  572. EPN_STACK_RESET();
  574. EPN_PUSH(0);
  576. DEBUGGERPRINT("Entrypt: iStart: iEnd: rStart: rEnd: SubEP: iLeft: iRight:\n");
  577. // xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx
  578. while (intelRoot != 0) {
  579. PENTRYPOINT ep;
  581. Status = NtReadVirtualMemory(Process, (PVOID)intelRoot, (PVOID) (&entrypoint), sizeof(EPNODE), NULL);
  582. if (!NT_SUCCESS(Status)) {
  583. DEBUGGERPRINT("Error: cannot read value of entry point at location %x\n", intelRoot);
  584. return;
  585. }
  587. ep = &entrypoint.ep;
  589. //
  590. // Print all entrypoints except NIL.
  591. //
  592. if ((ULONG_PTR)entrypoint.intelLeft != intelRoot &&
  593. (ULONG_PTR)entrypoint.intelRight != intelRoot) {
  595. DEBUGGERPRINT("%8.8X %8.8X %8.8X %8.8X %8.8X %8.8X %8.8X %8.8X\n",
  596. intelRoot,
  597. ep->intelStart,
  598. ep->intelEnd,
  599. ep->nativeStart,
  600. ep->nativeEnd,
  601. ep->SubEP,
  602. entrypoint.intelLeft,
  603. entrypoint.intelRight
  604. );
  606. while (ep->SubEP) {
  607. PVOID SubEP;
  609. SubEP = (PVOID)ep->SubEP;
  610. Status = NtReadVirtualMemory(Process, SubEP, (PVOID)ep, sizeof(ENTRYPOINT), NULL);
  611. if (!NT_SUCCESS(Status)) {
  612. DEBUGGERPRINT("Error: cannot read value of sub-entry point at location %x\n", SubEP);
  613. return;
  614. }
  616. DEBUGGERPRINT("%8.8X %8.8X %8.8X %8.8X %8.8X %8.8X\n",
  617. SubEP,
  618. ep->intelStart,
  619. ep->intelEnd,
  620. ep->nativeStart,
  621. ep->nativeEnd,
  622. ep->SubEP
  623. );
  626. }
  627. }
  629. if ((ULONG_PTR)entrypoint.intelRight != intelRoot) {
  630. EPN_PUSH((ULONG_PTR)entrypoint.intelRight);
  631. }
  632. if ((ULONG_PTR)entrypoint.intelLeft != intelRoot) {
  633. EPN_PUSH((ULONG_PTR)entrypoint.intelLeft);
  634. }
  636. EPN_POP(intelRoot);
  637. }
  638. DEBUGGERPRINT("---- End of Entrypoint Dump ----\n");
  639. Error:
  640. return;
  641. }