|
|
//----------------------------------------------------------------------------
//
// Symbol-handling routines.
//
// Copyright (C) Microsoft Corporation, 1997-2002.
//
//----------------------------------------------------------------------------
#include "ntsdp.hpp"
#include <stddef.h>
#include <cvconst.h>
PCSTR g_CallConv[] ={ // Ignore near/far distinctions.
"cdecl", "cdecl", "pascal", "pascal", "fastcall", "fastcall", "<skipped>", "stdcall", "stdcall", "syscall", "syscall", "thiscall", "MIPS", "generic", "Alpha", "PPC", "SuperH 4", "ARM", "AM33", "TriCore", "SuperH 5", "M32R",};
typedef struct _OUTPUT_SYMBOL_CALLBACK{ PSTR Prefix; ULONG Verbose:1; ULONG ShowAddress:1;} OUTPUT_SYMBOL_CALLBACK, *POUTPUT_SYMBOL_CALLBACK;
LPSTR g_SymbolSearchPath;LPSTR g_ExecutableImageSearchPath;
// Symbol options that require symbol reloading to take effect.
#define RELOAD_SYM_OPTIONS \
(SYMOPT_UNDNAME | SYMOPT_NO_CPP | SYMOPT_DEFERRED_LOADS | \ SYMOPT_LOAD_LINES | SYMOPT_IGNORE_CVREC | SYMOPT_LOAD_ANYTHING | \ SYMOPT_EXACT_SYMBOLS | SYMOPT_ALLOW_ABSOLUTE_SYMBOLS | \ SYMOPT_IGNORE_NT_SYMPATH | SYMOPT_INCLUDE_32BIT_MODULES | \ SYMOPT_PUBLICS_ONLY | SYMOPT_NO_PUBLICS | SYMOPT_AUTO_PUBLICS |\ SYMOPT_NO_IMAGE_SEARCH)
ULONG g_SymOptions = SYMOPT_CASE_INSENSITIVE | SYMOPT_UNDNAME | SYMOPT_OMAP_FIND_NEAREST | SYMOPT_DEFERRED_LOADS | SYMOPT_AUTO_PUBLICS | SYMOPT_NO_IMAGE_SEARCH | SYMOPT_FAIL_CRITICAL_ERRORS;
#define SYM_BUFFER_SIZE (sizeof(IMAGEHLP_SYMBOL64) + MAX_SYMBOL_LEN)
ULONG64 g_SymBuffer[(SYM_BUFFER_SIZE + sizeof(ULONG64) - 1) / sizeof(ULONG64)];PIMAGEHLP_SYMBOL64 g_Sym = (PIMAGEHLP_SYMBOL64) g_SymBuffer;
SYMBOL_INFO_AND_NAME g_TmpSymInfo;
PSTR g_DmtNameDescs[DMT_NAME_COUNT] ={ "Loaded symbol image file", "Symbol file", "Mapped memory image file", "Image path",};
DEBUG_SCOPE g_ScopeBuffer;
voidRefreshAllModules(BOOL EnsureLines){ TargetInfo* Target; ProcessInfo* Process;
ForAllLayersToProcess() { ImageInfo* Image;
for (Image = Process->m_ImageHead; Image; Image = Image->m_Next) { if (EnsureLines) { IMAGEHLP_MODULE64 ModInfo;
ModInfo.SizeOfStruct = sizeof(ModInfo); if (SymGetModuleInfo64(g_Process->m_SymHandle, Image->m_BaseOfImage, &ModInfo) && ModInfo.LineNumbers) { // Line number information is already loaded,
// so there's no need to reload this image.
continue; } }
Image->ReloadSymbols(); } }}
HRESULTSetSymOptions(ULONG Options){ ULONG OldOptions = g_SymOptions;
//
// If we're enabling untrusted user mode we can't
// already be in a dangerous state.
//
if ((Options & SYMOPT_SECURE) && !(OldOptions & SYMOPT_SECURE)) { ULONG Id; char Desc[2 * MAX_PARAM_VALUE];
// If there are any active targets we
// can't be sure they're safe.
// If we have RPC servers there may be ways
// to attack through those so disallow that.
if (g_TargetHead || DbgRpcEnumActiveServers(NULL, &Id, Desc, sizeof(Desc))) { return HRESULT_FROM_WIN32(ERROR_ACCESS_DENIED); } }
SymSetOptions(Options); g_SymOptions = SymGetOptions(); if (g_SymOptions != Options) { // dbghelp denied the request to set options.
return E_INVALIDARG; }
NotifyChangeSymbolState(DEBUG_CSS_SYMBOL_OPTIONS, g_SymOptions, NULL);
if ((OldOptions ^ g_SymOptions) & RELOAD_SYM_OPTIONS) { BOOL EnsureLines = FALSE;
// If the only change was to turn on line loading
// there's no need to reload modules which already
// have lines loaded. This is usually the case for
// PDBs, so this optimization effectively avoids all
// PDB reloading when turning on .lines.
if ((OldOptions & ~SYMOPT_LOAD_LINES) == (g_SymOptions & ~SYMOPT_LOAD_LINES) && (g_SymOptions & SYMOPT_LOAD_LINES)) { EnsureLines = TRUE; }
RefreshAllModules(EnsureLines); }
return S_OK;}
/*
* TranslateAddress* Flags Flags returned by dbghelp* Address IN Address returned by dbghelp* OUT Address of symbol* Value Value of the symbol if its in register**/BOOLTranslateAddress( IN ULONG64 ModBase, IN ULONG Flags, IN ULONG RegId, IN OUT PULONG64 Address, OUT PULONG64 Value ){ BOOL Status; ContextSave* Push;
PCROSS_PLATFORM_CONTEXT ScopeContext = GetCurrentScopeContext(); if (ScopeContext) { Push = g_Machine->PushContext(ScopeContext); }
if (Flags & SYMFLAG_REGREL) { ULONG64 RegContent;
if (RegId || (Value && (RegId = (ULONG)*Value))) { if (g_Machine-> GetScopeFrameRegister(RegId, &GetCurrentScope()->Frame, &RegContent) != S_OK) { Status = FALSE; goto Exit; } } else { DBG_ASSERT(FALSE); Status = FALSE; goto Exit; }
*Address = RegContent + ((LONG64) (LONG) (ULONG) *Address); } else if (Flags & SYMFLAG_REGISTER) { if (Value) { if (RegId || (RegId = (ULONG)*Address)) { if (g_Machine-> GetScopeFrameRegister(RegId, &GetCurrentScope()->Frame, Value) != S_OK) { Status = FALSE; goto Exit; } } else { DBG_ASSERT(FALSE); Status = FALSE; goto Exit; } } } else if (Flags & SYMFLAG_FRAMEREL) { PDEBUG_SCOPE Scope = GetCurrentScope(); if (Scope->Frame.FrameOffset) { *Address += Scope->Frame.FrameOffset;
PFPO_DATA pFpoData = (PFPO_DATA)Scope->Frame.FuncTableEntry; if (g_Machine->m_ExecTypes[0] == IMAGE_FILE_MACHINE_I386 && pFpoData && (pFpoData->cbFrame == FRAME_FPO || pFpoData->cbFrame == FRAME_TRAP)) { // Compensate for FPO's not having ebp
*Address += sizeof(DWORD); } } else { ADDR FP;
g_Machine->GetFP(&FP); FP.flat = (LONG64) FP.flat + *Address; *Address = FP.flat; } } else if (Flags & SYMFLAG_TLSREL) { ULONG64 TlsAddr;
ImageInfo* Image = g_Process->FindImageByOffset(ModBase, FALSE); if (!Image || Image->GetTlsIndex() != S_OK) { Status = FALSE; goto Exit; }
if (g_Process->GetImplicitThreadDataTeb(g_Thread, &TlsAddr) != S_OK || g_Target->ReadPointer(g_Process, g_Machine, TlsAddr + 11 * (g_Machine->m_Ptr64 ? 8 : 4), &TlsAddr) != S_OK || g_Target->ReadPointer(g_Process, g_Machine, TlsAddr + Image->m_TlsIndex * (g_Machine->m_Ptr64 ? 8 : 4), &TlsAddr) != S_OK) { return MEMORY; }
(*Address) += TlsAddr; }
Status = TRUE;
Exit: if (ScopeContext) { g_Machine->PopContext(Push); } return Status;}
voidFillCorSymbolInfo(PSYMBOL_INFO SymInfo){ // XXX drewb - Not clear what to do here.
// Assumes the SYM_INFO was already zero-filled,
// so just leave it zeroed.
}
BOOLFormatSymbolName(ImageInfo* Image, ULONG64 Offset, PCSTR Name, PULONG64 Displacement, PSTR Buffer, ULONG BufferLen){ DBG_ASSERT(BufferLen > 0);
if (!Image) { *Buffer = 0; *Displacement = Offset; return FALSE; }
if (Name) { if (*Displacement == (ULONG64)-1) { // In some BBT cases dbghelp can tell that an offset
// is associated with a particular symbol but it
// doesn't have a valid offset. Present the symbol
// but in a way that makes it clear that it's
// this special case.
PrintString(Buffer, BufferLen, "%s!%s <PERF> (%s+0x%I64x)", Image->m_ModuleName, Name, Image->m_ModuleName, (Offset - Image->m_BaseOfImage)); *Displacement = 0; } else { PrintString(Buffer, BufferLen, "%s!%s", Image->m_ModuleName, Name); } } else { CopyString(Buffer, Image->m_ModuleName, BufferLen); *Displacement = Offset - Image->m_BaseOfImage; }
return TRUE;}
BOOLGetSymbolInfo(ULONG64 Offset, PCHAR Buffer, ULONG BufferLen, PSYMBOL_INFO SymInfo, PULONG64 Displacement){ ImageInfo* Image; PCSTR Name = NULL; PSYMBOL_INFO TmpInfo = g_TmpSymInfo.Init();
if ((Image = g_Process->FindImageByOffset(Offset, TRUE)) && !Image->m_CorImage) { if (SymFromAddr(g_Process->m_SymHandle, Offset, Displacement, TmpInfo)) { Name = TmpInfo->Name; } } else if (g_Process->m_CorImage) { ULONG64 IlModBase; ULONG32 MethodToken; ULONG32 MethodOffs;
// The offset is not in any known module.
// The managed runtime is loaded in this process,
// so possibly the offset is in some JIT code.
// See if the runtime knows about it.
if (g_Process-> ConvertNativeToIlOffset(Offset, &IlModBase, &MethodToken, &MethodOffs) == S_OK && (Image = g_Process->FindImageByOffset(IlModBase, TRUE)) && g_Process-> GetCorSymbol(Offset, TmpInfo->Name, TmpInfo->MaxNameLen, Displacement) == S_OK) { Name = TmpInfo->Name; FillCorSymbolInfo(TmpInfo); } }
if (SymInfo) { memcpy(SymInfo, TmpInfo, FIELD_OFFSET(SYMBOL_INFO, MaxNameLen)); Buffer = SymInfo->Name; BufferLen = SymInfo->MaxNameLen; }
return FormatSymbolName(Image, Offset, Name, Displacement, Buffer, BufferLen);}
BOOLGetNearSymbol(ULONG64 Offset, PSTR Buffer, ULONG BufferLen, PULONG64 Displacement, LONG Delta){ ImageInfo* Image;
if (Delta == 0) { return GetSymbol(Offset, Buffer, BufferLen, Displacement); }
if (!(Image = g_Process->FindImageByOffset(Offset, TRUE)) || !SymGetSymFromAddr64(g_Process->m_SymHandle, Offset, Displacement, g_Sym)) { return FALSE; }
if (Delta < 0) { while (Delta++ < 0) { if (!SymGetSymPrev(g_Process->m_SymHandle, g_Sym)) { return FALSE; } }
if (Displacement != NULL) { *Displacement = Offset - g_Sym->Address; } } else if (Delta > 0) { while (Delta-- > 0) { if (!SymGetSymNext(g_Process->m_SymHandle, g_Sym)) { return FALSE; } }
if (Displacement != NULL) { *Displacement = g_Sym->Address - Offset; } }
PrintString(Buffer, BufferLen, "%s!%s", Image->m_ModuleName, g_Sym->Name); return TRUE;}
BOOLGetLineFromAddr(ProcessInfo* Process, ULONG64 Offset, PIMAGEHLP_LINE64 Line, PULONG Displacement){ ImageInfo* Image;
Line->SizeOfStruct = sizeof(*Line);
if (!(Image = Process->FindImageByOffset(Offset, FALSE)) || Image->m_CorImage) { ULONG32 MethodToken; ULONG32 MethodOffs; SYMBOL_INFO SymInfo = {0};
// The offset is not in any known module.
// The managed runtime is loaded in this process,
// so possibly the offset is in some JIT code.
// See if the runtime knows about it.
if (Process-> ConvertNativeToIlOffset(Offset, &Offset, &MethodToken, &MethodOffs) != S_OK) { return FALSE; }
// Need to look up the fake method RVA by
// the method token, then add the method offset
// to that and search by that offset for the line.
if (!SymFromToken(Process->m_SymHandle, Offset, MethodToken, &SymInfo)) { return FALSE; }
Offset = SymInfo.Address + MethodOffs; }
return SymGetLineFromAddr64(Process->m_SymHandle, Offset, Displacement, Line);}
voidOutputSymbolAndInfo(ULONG64 Addr){ SYMBOL_INFO_AND_NAME SymInfo; ULONG64 Disp;
if (GetSymbolInfo(Addr, NULL, 0, SymInfo, &Disp)) { dprintf("%s", SymInfo->Name); ShowSymbolInfo(SymInfo); }}
#define IMAGE_IS_PATTERN ((ImageInfo*)-1)
ImageInfo*ParseModuleName(PBOOL ModSpecified){ PSTR CmdSaved = g_CurCmd; CHAR Name[MAX_MODULE]; PSTR Dst = Name; CHAR ch; BOOL HasWild = FALSE;
// first, parse out a possible module name, either a '*' or
// a string of 'A'-'Z', 'a'-'z', '0'-'9', '_', '~' (or null)
ch = PeekChar(); g_CurCmd++;
while ((ch >= 'A' && ch <= 'Z') || (ch >= 'a' && ch <= 'z') || (ch >= '0' && ch <= '9') || ch == '_' || ch == '~' || ch == '*' || ch == '?') { if (ch == '*' || ch == '?') { HasWild = TRUE; }
*Dst++ = ch; ch = *g_CurCmd++; } *Dst = '\0'; g_CurCmd--;
// if no '!' after name and white space, then no module specified
// restore text pointer and treat as null module (PC current)
if (PeekChar() == '!') { g_CurCmd++; } else { g_CurCmd = CmdSaved; Name[0] = '\0'; }
// Name either has: '*' for all modules,
// '\0' for current module,
// nonnull string for module name.
*ModSpecified = Name[0] != 0; if (HasWild) { return IMAGE_IS_PATTERN; } else if (Name[0]) { return g_Process->FindImageByName(Name, 0, INAME_MODULE, TRUE); } else { return NULL; }}
BOOL CALLBACKOutputSymbolInfoCallback( PSYMBOL_INFO SymInfo, ULONG Size, PVOID Arg ){ POUTPUT_SYMBOL_CALLBACK OutSym = (POUTPUT_SYMBOL_CALLBACK)Arg; ULONG64 Address = SymInfo->Address; ULONG64 Value = 0; ImageInfo* Image;
if (OutSym->Prefix) { dprintf("%s", OutSym->Prefix); }
if (SymInfo->Flags & (SYMFLAG_REGISTER | SYMFLAG_REGREL | SYMFLAG_FRAMEREL | SYMFLAG_TLSREL)) { TranslateAddress(SymInfo->ModBase, SymInfo->Flags, g_Machine-> CvRegToMachine((CV_HREG_e)SymInfo->Register), &Address, &Value); }
if (OutSym->ShowAddress) { dprintf("%s ", FormatAddr64(Address)); }
Image = g_Process->FindImageByOffset(SymInfo->ModBase, TRUE); if (Image && ((SymInfo->Flags & SYMFLAG_LOCAL) == 0)) { dprintf("%s!%s", Image->m_ModuleName, SymInfo->Name); } else { dprintf("%s", SymInfo->Name); }
if (OutSym->Verbose) { dprintf(" "); ShowSymbolInfo(SymInfo); }
dprintf("\n");
return !CheckUserInterrupt();}
/*** ParseExamine - parse and execute examine command
** Purpose:* Parse the current command string and examine the symbol* table to display the appropriate entries. The entries* are displayed in increasing string order. This function* accepts underscores, alphabetic, and numeric characters* to match as well as the special characters '?', '*', '['-']'.** Input:* g_CurCmd - pointer to current command string** Output:* offset and string name of symbols displayed**************************************************************************/
voidParseExamine(void){ CHAR StringBuf[MAX_SYMBOL_LEN]; UCHAR ch; PSTR String = StringBuf; PSTR Start; PSTR ModEnd; BOOL ModSpecified; ULONG64 Base = 0; ImageInfo* Image; OUTPUT_SYMBOL_CALLBACK OutSymInfo;
// Get module pointer from name in command line (<string>!).
PeekChar(); Start = g_CurCmd;
Image = ParseModuleName(&ModSpecified);
ModEnd = g_CurCmd; ch = PeekChar();
// Special case the command "x <pattern>!" to dump out the module table.
if (Image == IMAGE_IS_PATTERN && (ch == ';' || ch == '\0')) { *(ModEnd - 1) = 0; _strupr(Start); DumpModuleTable(DMT_STANDARD, Start); return; }
if (ModSpecified) { if (Image == NULL) { // The user specified a module that doesn't exist.
error(VARDEF); } else if (Image == IMAGE_IS_PATTERN) { // The user gave a pattern string for the module
// so we need to pass it on for dbghelp to scan with.
memcpy(String, Start, (ModEnd - Start)); String += ModEnd - Start; } else { // A specific image was given and found so
// confine the search to that one image.
Base = Image->m_BaseOfImage; } }
g_CurCmd++;
// Condense leading underscores into a "_#"
// that will match zero or more underscores. This causes all
// underscore-prefixed symbols to match the base symbol name
// when the pattern is prefixed by an underscore.
if (ch == '_') { *String++ = '_'; *String++ = '#'; do { ch = *g_CurCmd++; } while (ch == '_'); }
ch = (UCHAR)toupper(ch); while (ch && ch != ';' && ch != ' ') { *String++ = ch; ch = (CHAR)toupper(*g_CurCmd); g_CurCmd++; } *String = '\0'; g_CurCmd--;
ZeroMemory(&OutSymInfo, sizeof(OutSymInfo)); OutSymInfo.Verbose = TRUE; OutSymInfo.ShowAddress = TRUE;
// We nee the scope for all cases since param values are displayed for
// function in scope
RequireCurrentScope();
SymEnumSymbols(g_Process->m_SymHandle, Base, StringBuf, OutputSymbolInfoCallback, &OutSymInfo);}
voidListNearSymbols(ULONG64 AddrStart){ ULONG64 Displacement; ImageInfo* Image;
if (g_SrcOptions & SRCOPT_LIST_LINE) { OutputLineAddr(AddrStart, "%s(%d)%s\n"); }
if ((Image = g_Process->FindImageByOffset(AddrStart, TRUE)) && !Image->m_CorImage) { if (!SymGetSymFromAddr64(g_Process->m_SymHandle, AddrStart, &Displacement, g_Sym)) { return; }
dprintf("(%s) %s!%s", FormatAddr64(g_Sym->Address), Image->m_ModuleName, g_Sym->Name);
if (Displacement) { dprintf("+0x%s ", FormatDisp64(Displacement)); } else { dprintf(" "); }
if (SymGetSymNext64(g_Process->m_SymHandle, g_Sym)) { dprintf("| (%s) %s!%s", FormatAddr64(g_Sym->Address), Image->m_ModuleName, g_Sym->Name); } dprintf("\n");
if (Displacement == 0) { OUTPUT_SYMBOL_CALLBACK OutSymInfo;
dprintf("Exact matches:\n"); FlushCallbacks(); ZeroMemory(&OutSymInfo, sizeof(OutSymInfo)); OutSymInfo.Prefix = " "; OutSymInfo.Verbose = TRUE; SymEnumSymbolsForAddr(g_Process->m_SymHandle, AddrStart, OutputSymbolInfoCallback, &OutSymInfo); } } else { SYMBOL_INFO_AND_NAME SymInfo;
// We couldn't find a true symbol but it may be
// possible to find a managed symbol.
if (GetSymbolInfo(AddrStart, NULL, 0, SymInfo, &Displacement)) { dprintf("(%s) %s", FormatAddr64(AddrStart), SymInfo->Name); if (Displacement) { dprintf("+0x%s", FormatDisp64(Displacement)); } dprintf("\n"); } }}
voidDumpModuleTable(ULONG Flags, PSTR Pattern){ ImageInfo* Image; IMAGEHLP_MODULE64 ModInfo; ULONG i;
if (g_Target->m_Machine->m_Ptr64) { dprintf("start end module name\n"); } else { dprintf("start end module name\n"); }
Image = g_Process->m_ImageHead; while (Image) { ULONG PrimaryName; PSTR Names[DMT_NAME_COUNT];
if (Pattern != NULL && !MatchPattern(Image->m_ModuleName, Pattern)) { Image = Image->m_Next; continue; }
ModInfo.SizeOfStruct = sizeof(ModInfo); if (!SymGetModuleInfo64(g_Process->m_SymHandle, Image->m_BaseOfImage, &ModInfo)) { ModInfo.SymType = SymNone; }
Names[DMT_NAME_SYM_IMAGE] = ModInfo.LoadedImageName; Names[DMT_NAME_SYM_FILE] = ModInfoSymFile(&ModInfo); Names[DMT_NAME_MAPPED_IMAGE] = Image->m_MappedImagePath; Names[DMT_NAME_IMAGE_PATH] = Image->m_ImagePath;
if (Flags & DMT_SYM_FILE_NAME) { PrimaryName = DMT_NAME_SYM_FILE; } else if (Flags & DMT_MAPPED_IMAGE_NAME) { PrimaryName = DMT_NAME_MAPPED_IMAGE; } else if (Flags & DMT_IMAGE_PATH_NAME) { PrimaryName = DMT_NAME_IMAGE_PATH; } else { PrimaryName = DMT_NAME_SYM_IMAGE; }
//
// Skip modules filtered by flags
//
if ((Flags & DMT_ONLY_LOADED_SYMBOLS) && (ModInfo.SymType == SymDeferred)) { Image = Image->m_Next; continue; }
if (IS_KERNEL_TARGET(g_Target)) { if ((Flags & DMT_ONLY_USER_SYMBOLS) && (Image->m_BaseOfImage >= g_Target->m_SystemRangeStart)) { Image = Image->m_Next; continue; }
if ((Flags & DMT_ONLY_KERNEL_SYMBOLS) && (Image->m_BaseOfImage <= g_Target->m_SystemRangeStart)) { Image = Image->m_Next; continue; } }
dprintf("%s %s %-8s ", FormatAddr64(Image->m_BaseOfImage), FormatAddr64(Image->m_BaseOfImage + Image->m_SizeOfImage), Image->m_ModuleName);
if (Flags & DMT_NO_SYMBOL_OUTPUT) { goto SkipSymbolOutput; } if (PrimaryName == DMT_NAME_MAPPED_IMAGE || PrimaryName == DMT_NAME_IMAGE_PATH) { dprintf(" %s\n", *Names[PrimaryName] ? Names[PrimaryName] : "<none>"); goto SkipSymbolOutput; }
switch(Image->m_SymState) { case ISS_MATCHED: dprintf( " " ); break; case ISS_MISMATCHED_SYMBOLS: dprintf( "M " ); break; case ISS_UNKNOWN_TIMESTAMP: dprintf( "T " ); break; case ISS_UNKNOWN_CHECKSUM: dprintf( "C " ); break; case ISS_BAD_CHECKSUM: dprintf( "# " ); break; }
if (ModInfo.SymType == SymDeferred) { dprintf("(deferred) "); } else if (ModInfo.SymType == SymNone) { dprintf("(no symbolic information) "); } else { switch(ModInfo.SymType) { case SymCoff: dprintf("(coff symbols) "); break;
case SymCv: dprintf("(codeview symbols) "); break;
case SymPdb: dprintf("(pdb symbols) "); break;
case SymExport: dprintf("(export symbols) "); break; }
dprintf("%s", *Names[PrimaryName] ? Names[PrimaryName] : "<none>"); }
dprintf("\n");
SkipSymbolOutput: if (Flags & DMT_VERBOSE) {
for (i = 0; i < DMT_NAME_COUNT; i++) { if (i != PrimaryName && *Names[i]) { dprintf(" %s: %s\n", g_DmtNameDescs[i], Names[i]); } } } if (Flags & (DMT_VERBOSE | DMT_IMAGE_TIMESTAMP)) { LPSTR TimeDateStr = TimeToStr(Image->m_TimeDateStamp); dprintf(" Checksum: %08X Timestamp: %s (%08X)\n", Image->m_CheckSum, TimeDateStr, Image->m_TimeDateStamp);
} if (Flags & DMT_VERBOSE) { Image->OutputVersionInformation(); }
if (CheckUserInterrupt()) { break; }
Image = Image->m_Next; }
if ((Flags & (DMT_ONLY_LOADED_SYMBOLS | DMT_ONLY_USER_SYMBOLS)) == 0) { ULONG LumFlags = LUM_OUTPUT;
LumFlags |= ((Flags & DMT_VERBOSE) ? LUM_OUTPUT_VERBOSE : 0); LumFlags |= ((Flags & DMT_IMAGE_TIMESTAMP) ? LUM_OUTPUT_IMAGE_INFO : 0); dprintf("\n"); ListUnloadedModules(LumFlags, Pattern); }}
voidParseDumpModuleTable(void){ ULONG Flags = DMT_STANDARD; char Pattern[MAX_MODULE]; PSTR Pat = NULL;
if (!IS_CUR_MACHINE_ACCESSIBLE()) { error(BADTHREAD); }
g_CurCmd++;
for (;;) { // skip white space
while (isspace(*g_CurCmd)) { g_CurCmd++; }
if (*g_CurCmd == 'f') { Flags = (Flags & ~DMT_NAME_FLAGS) | DMT_IMAGE_PATH_NAME; g_CurCmd++; } else if (*g_CurCmd == 'i') { Flags = (Flags & ~DMT_NAME_FLAGS) | DMT_SYM_IMAGE_FILE_NAME; g_CurCmd++; } else if (*g_CurCmd == 'l') { Flags |= DMT_ONLY_LOADED_SYMBOLS; g_CurCmd++; } else if (*g_CurCmd == 'm') { g_CurCmd++; // skip white space
while (isspace(*g_CurCmd)) { g_CurCmd++; } Pat = Pattern; while (*g_CurCmd && !isspace(*g_CurCmd)) { if ((Pat - Pattern) < sizeof(Pattern) - 1) { *Pat++ = *g_CurCmd; }
g_CurCmd++; } *Pat = 0; Pat = Pattern; _strupr(Pat); } else if (*g_CurCmd == 'p') { Flags = (Flags & ~DMT_NAME_FLAGS) | DMT_MAPPED_IMAGE_NAME; g_CurCmd++; } else if (*g_CurCmd == 't') { Flags = (Flags & ~(DMT_NAME_FLAGS)) | DMT_NAME_SYM_IMAGE | DMT_IMAGE_TIMESTAMP | DMT_NO_SYMBOL_OUTPUT; g_CurCmd++; } else if (*g_CurCmd == 'v') { Flags |= DMT_VERBOSE; g_CurCmd++; } else if (IS_KERNEL_TARGET(g_Target)) { if (*g_CurCmd == 'u') { Flags |= DMT_ONLY_USER_SYMBOLS; g_CurCmd++; } else if (*g_CurCmd == 'k') { Flags |= DMT_ONLY_KERNEL_SYMBOLS; g_CurCmd++; } else { break; } } else { break; } }
DumpModuleTable(Flags, Pat);}
voidGetCurrentMemoryOffsets(PULONG64 MemoryLow, PULONG64 MemoryHigh){ // Default value for no source.
*MemoryLow = (ULONG64)(LONG64)-1;}
PCSTRPrependPrefixToSymbol(char PrefixedString[], PCSTR pString, PCSTR *RegString){ if ( RegString ) { *RegString = NULL; }
PCSTR bangPtr; int bang = '!'; PCSTR Tail;
bangPtr = strchr( pString, bang ); if ( bangPtr ) { Tail = bangPtr + 1; } else { Tail = pString; }
if ( strncmp( Tail, g_Machine->m_SymPrefix, g_Machine->m_SymPrefixLen ) ) { ULONG Loc = (ULONG)(Tail - pString); if (Loc > 0) { memcpy( PrefixedString, pString, Loc ); } memcpy( PrefixedString + Loc, g_Machine->m_SymPrefix, g_Machine->m_SymPrefixLen ); if ( RegString ) { *RegString = &PrefixedString[Loc]; } Loc += g_Machine->m_SymPrefixLen; strcpy( &PrefixedString[Loc], Tail ); return PrefixedString; } else { return pString; }}
BOOLForceSymbolCodeAddress(ProcessInfo* Process, PSYMBOL_INFO Symbol, MachineInfo* Machine){ ULONG64 Code = Symbol->Address;
if (Symbol->Flags & SYMFLAG_FORWARDER) { char Fwd[2 * MAX_PATH]; ULONG Read; PSTR Sep;
// The address of a forwarder entry points to the
// string name of the function that things are forwarded
// to. Look up that name and try to get the address
// from it.
if (g_Target->ReadVirtual(Process, Symbol->Address, Fwd, sizeof(Fwd), &Read) != S_OK || Read < 2) { ErrOut("Unable to read forwarder string\n"); return FALSE; }
Fwd[sizeof(Fwd) - 1] = 0; if (!(Sep = strchr(Fwd, '.'))) { ErrOut("Unable to read forwarder string\n"); return FALSE; }
*Sep = '!'; if (GetOffsetFromSym(Process, Fwd, &Code, NULL) != 1) { ErrOut("Unable to get address of forwarder '%s'\n", Fwd); return FALSE; } } else if (Machine && Machine->m_ExecTypes[0] == IMAGE_FILE_MACHINE_IA64 && (Symbol->Flags & SYMFLAG_EXPORT)) { // On IA64 the export entries contain the address
// of the plabel. We want the actual code address
// so resolve the plabel to its code.
if (!Machine->GetPrefixedSymbolOffset(Process, Symbol->Address, GETPREF_VERBOSE, &Code)) { return FALSE; } }
Symbol->Address = Code; return TRUE;}
BOOLGetOffsetFromBreakpoint(PCSTR String, PULONG64 Offset){ ULONG Id; Breakpoint* Bp;
//
// The string must be of the form "$bp[digits]".
//
if (strlen(String) < 4 || _memicmp(String, "$bp", 3) != 0) { return FALSE; }
String += 3; Id = 0;
while (*String) { if (*String < '0' || *String > '9') { return FALSE; }
Id = Id * 10 + (int)(*String - '0');
String++; }
Bp = GetBreakpointById(NULL, Id); if (Bp == NULL || (Bp->m_Flags & DEBUG_BREAKPOINT_DEFERRED)) { return FALSE; }
*Offset = Flat(*Bp->GetAddr()); return TRUE;}
BOOLIgnoreEnumeratedSymbol(ProcessInfo* Process, PSTR MatchString, MachineInfo* Machine, PSYMBOL_INFO SymInfo){ ULONG64 Func;
//
// The compiler and linker can generate thunks for
// a variety of reasons. For example, a "this" adjustor
// thunk can be generated to adjust a this pointer before
// calling into a method to account for differences between
// derived/container classes and the base/containee classes.
// Assume that the user doesn't care about thunks as they're
// automatically emitted.
//
if (SymInfo->Tag == SymTagThunk && !_stricmp(MatchString, SymInfo->Name)) { // We hit a thunk for the function we're looking
// for, just ignore it.
return TRUE; }
//
// IA64 plabels are publics with the same name
// as the function they refer to. This causes
// ambiguity problems as we end up with two
// hits. The plabel is rarely interesting, though,
// so just filter them out here so that expressions
// always evaluate to the function itself.
//
if ((Machine->m_ExecTypes[0] != IMAGE_FILE_MACHINE_IA64) || (SymInfo->Scope != SymTagPublicSymbol) || (SymInfo->Flags & SYMFLAG_FUNCTION) || !Machine->GetPrefixedSymbolOffset(Process, SymInfo->Address, 0, &Func)) { return FALSE; }
if (Func == SymInfo->Address) { // The symbol is probably a global pointing to itself
return FALSE; }
PSYMBOL_INFO FuncSymInfo; PSTR FuncSym;
__try { FuncSymInfo = (PSYMBOL_INFO) alloca(sizeof(*FuncSymInfo) + MAX_SYMBOL_LEN * 2); } __except(EXCEPTION_EXECUTE_HANDLER) { FuncSymInfo = NULL; }
if (FuncSymInfo == NULL) { return FALSE; } FuncSym = FuncSymInfo->Name;
SYMBOL_INFO LocalSymInfo;
// We have to save and restore the original data as
// dbghelp always uses a single buffer to store all
// symbol information. The incoming symbol info
// is going to be wiped out when we look up another symbol.
LocalSymInfo = *SymInfo; strcpy(FuncSym + MAX_SYMBOL_LEN, SymInfo->Name);
ULONG64 FuncSymDisp;
ZeroMemory(FuncSymInfo, sizeof(*FuncSymInfo)); FuncSymInfo->SizeOfStruct = sizeof(*FuncSymInfo); FuncSymInfo->MaxNameLen = MAX_SYMBOL_LEN; FuncSym[0] = 0; if (!SymFromAddr(Process->m_SymHandle, Func, &FuncSymDisp, FuncSymInfo)) { FuncSymDisp = 1; } else { // Incremental linking produces intermediate thunks
// that entry points refer to. The thunks call on
// to the real code. The extra layer of code prevents
// direct filtering; we have to chain through thunks
// to see if the final code is the function code.
while (FuncSymDisp == 0 && FuncSymInfo->Tag == SymTagThunk && strstr(FuncSym, FuncSym + MAX_SYMBOL_LEN) == NULL) { FuncSym[0] = 0; if (!SymFromAddr(Process->m_SymHandle, FuncSymInfo->Value, &FuncSymDisp, FuncSymInfo)) { FuncSymDisp = 1; break; } } }
*SymInfo = LocalSymInfo; strcpy(SymInfo->Name, FuncSym + MAX_SYMBOL_LEN); return FuncSymDisp == 0 && strstr(FuncSym, SymInfo->Name);}
struct COUNT_SYMBOL_MATCHES{ PSTR MatchString; ProcessInfo* Process; MachineInfo* Machine; SYMBOL_INFO ReturnSymInfo; CHAR SymbolNameOverflowBuffer[MAX_SYMBOL_LEN]; ULONG Matches;};
BOOL CALLBACKCountSymbolMatches( PSYMBOL_INFO SymInfo, ULONG Size, PVOID UserContext ){ COUNT_SYMBOL_MATCHES* Context = (COUNT_SYMBOL_MATCHES*)UserContext;
if (IgnoreEnumeratedSymbol(Context->Process, Context->MatchString, Context->Machine, SymInfo)) { return TRUE; }
if (Context->Matches == 1) { // We already have one match, check if we got a duplicate.
if ((SymInfo->Address == Context->ReturnSymInfo.Address) && !strcmp(SymInfo->Name, Context->ReturnSymInfo.Name)) { // Looks like the same symbol, ignore it.
return TRUE; } }
Context->ReturnSymInfo = *SymInfo; if (SymInfo->NameLen < MAX_SYMBOL_LEN) { strcpy(Context->ReturnSymInfo.Name, SymInfo->Name); } Context->Matches++;
return TRUE;}
ULONGMultiSymFromName(IN ProcessInfo* Process, IN LPSTR Name, IN ImageInfo* Image, IN MachineInfo* Machine, OUT PSYMBOL_INFO Symbol){ ULONG Matches;
RequireCurrentScope();
if (!Image) { if (!SymFromName(Process->m_SymHandle, Name, Symbol)) { return 0; }
Matches = 1; } else { COUNT_SYMBOL_MATCHES Context; ULONG MaxName = Symbol->MaxNameLen; PSTR Bang;
Bang = strchr(Name, '!'); if (Bang && !_strnicmp(Image->m_ModuleName, Name, Bang - Name)) { Context.MatchString = Bang + 1; } else { Context.MatchString = Name; } Context.Process = Process; Context.Machine = Machine; Context.ReturnSymInfo = *Symbol; if (Symbol->NameLen < MAX_SYMBOL_LEN) { strcpy(Context.ReturnSymInfo.Name, Symbol->Name); } Context.Matches = 0; SymEnumSymbols(Process->m_SymHandle, Image->m_BaseOfImage, Name, CountSymbolMatches, &Context); *Symbol = Context.ReturnSymInfo; Symbol->MaxNameLen = MaxName; if (Symbol->MaxNameLen > Context.ReturnSymInfo.NameLen) { strcpy(Symbol->Name, Context.ReturnSymInfo.Name); }
Matches = Context.Matches; }
if (Matches == 1 && !ForceSymbolCodeAddress(Process, Symbol, Machine)) { return 0; }
return Matches;}
ULONGGetOffsetFromSym(ProcessInfo* Process, PCSTR String, PULONG64 Offset, ImageInfo** Image){ CHAR ModifiedString[MAX_SYMBOL_LEN + 64]; CHAR Suffix[2]; SYMBOL_INFO SymInfo = {0}; ULONG Count;
if (Image != NULL) { *Image = NULL; }
if (strlen(String) >= MAX_SYMBOL_LEN) { return 0; }
//
// We can't do anything without a current process.
//
if (Process == NULL) { return 0; }
if ( strlen(String) == 0 ) { return 0; }
if (Process->GetOffsetFromMod(String, Offset) || GetOffsetFromBreakpoint(String, Offset)) { return 1; }
//
// If a module name was given look up the module
// and determine the processor type so that the
// appropriate machine is used for the following
// machine-specific operations.
//
ImageInfo* StrImage; PCSTR ModSep = strchr(String, '!'); if (ModSep != NULL) { StrImage = Process-> FindImageByName(String, (ULONG)(ModSep - String), INAME_MODULE, TRUE); if (Image != NULL) { *Image = StrImage; } } else { StrImage = NULL; }
MachineInfo* Machine = Process->m_Target->m_EffMachine;
if (StrImage != NULL) { Machine = MachineTypeInfo(Process->m_Target, StrImage->GetMachineType()); if (Machine == NULL) { Machine = Process->m_Target->m_EffMachine; } }
if ( g_PrefixSymbols && Machine->m_SymPrefix != NULL ) { PCSTR PreString; PCSTR RegString;
PreString = PrependPrefixToSymbol( ModifiedString, String, &RegString ); if ( Count = MultiSymFromName( Process, (PSTR)PreString, StrImage, Machine, &SymInfo ) ) { *Offset = SymInfo.Address; goto GotOffsetSuccess; } if ( (PreString != String) && (Count = MultiSymFromName( Process, (PSTR)String, StrImage, Machine, &SymInfo ) ) ) { // Ambiguous plabels shouldn't be further resolved,
// so just return the information for the plabel.
if (Count > 1) { *Offset = SymInfo.Address; goto GotOffsetSuccess; }
if (!Machine->GetPrefixedSymbolOffset(Process, SymInfo.Address, GETPREF_VERBOSE, Offset)) { // This symbol doesn't appear to actually
// be a plabel so just use the symbol address.
*Offset = SymInfo.Address; } goto GotOffsetSuccess; } } else if (Count = MultiSymFromName( Process, (PSTR)String, StrImage, Machine, &SymInfo )) { *Offset = SymInfo.Address; goto GotOffsetSuccess; }
if (g_SymbolSuffix != 'n') { strcpy( ModifiedString, String ); Suffix[0] = g_SymbolSuffix; Suffix[1] = '\0'; strcat( ModifiedString, Suffix ); if (Count = MultiSymFromName( Process, ModifiedString, StrImage, Machine, &SymInfo )) { *Offset = SymInfo.Address; goto GotOffsetSuccess; } }
return 0;
GotOffsetSuccess: TranslateAddress(SymInfo.ModBase, SymInfo.Flags, Machine->CvRegToMachine((CV_HREG_e)SymInfo.Register), Offset, &SymInfo.Value); if (SymInfo.Flags & SYMFLAG_REGISTER) { *Offset = SymInfo.Value; } return Count;}
voidCreateModuleNameFromPath(LPSTR ImagePath, LPSTR ModuleName){ PSTR Scan;
CopyString( ModuleName, PathTail(ImagePath), MAX_MODULE ); Scan = strrchr( ModuleName, '.' ); if (Scan != NULL) { *Scan = '\0'; }}
voidGetAdjacentSymOffsets(ULONG64 AddrStart, PULONG64 PrevOffset, PULONG64 NextOffset){ DWORD64 Displacement;
//
// assume failure
//
*PrevOffset = 0; *NextOffset = (ULONG64) -1;
//
// get the symbol for the initial address
//
if (!SymGetSymFromAddr64(g_Process->m_SymHandle, AddrStart, &Displacement, g_Sym)) { return; }
*PrevOffset = g_Sym->Address;
if (SymGetSymNext64(g_Process->m_SymHandle, g_Sym)) { *NextOffset = g_Sym->Address; }}
BOOLSymbolCallbackFunction(HANDLE ProcessSymHandle, ULONG ActionCode, ULONG64 CallbackData, ULONG64 UserContext){ PIMAGEHLP_DEFERRED_SYMBOL_LOAD64 DefLoad; PIMAGEHLP_CBA_READ_MEMORY ReadMem; PIMAGEHLP_CBA_EVENT Event; ImageInfo* Image; ULONG i; ULONG OldSymOptions; PVOID Mapping; ProcessInfo* Process = (ProcessInfo*)(ULONG_PTR)UserContext;
DefLoad = (PIMAGEHLP_DEFERRED_SYMBOL_LOAD64) CallbackData;
switch(ActionCode) { case CBA_DEBUG_INFO: DBG_ASSERT(CallbackData && *(LPSTR)CallbackData); CompletePartialLine(DEBUG_OUTPUT_SYMBOLS); MaskOut(DEBUG_OUTPUT_SYMBOLS, "%s", (LPSTR)CallbackData); return TRUE;
case CBA_EVENT: Event = (PIMAGEHLP_CBA_EVENT)CallbackData; DBG_ASSERT(Event); if (Event->desc && *Event->desc) { dprintf("%s", Event->desc); if (Event->severity >= sevProblem) { FlushCallbacks(); } } return TRUE;
case CBA_DEFERRED_SYMBOL_LOAD_CANCEL: return PollUserInterrupt(TRUE);
case CBA_DEFERRED_SYMBOL_LOAD_START: Image = Process->FindImageByOffset(DefLoad->BaseOfImage, FALSE); if (Image) { // Try to load the image memory right away in this
// case to catch incomplete-information errors.
if (!Image->DemandLoadImageMemory(TRUE, TRUE)) { return FALSE; }
// Update dbghelp with the latest image file handle
// as loading image memory may have given us one.
DefLoad->hFile = Image->m_File;
VerbOut("Loading symbols for %s %16s -> ", FormatAddr64(DefLoad->BaseOfImage), DefLoad->FileName); return TRUE; } break;
case CBA_DEFERRED_SYMBOL_LOAD_PARTIAL: //
// dbghelp wasn't able to get complete
// information about an image and so had
// to do some guessing when loading symbols.
// Returning FALSE means do the best that
// dbghelp can. Returning TRUE means try
// again with any updated data we provide here.
// We use this as an opportunity to go out
// and attempt to load image files to get
// image information that may not be present in
// the debuggee and thus we are creating information
// that's not really present. Hopefully we'll find
// the right image and not come up with incorrect information.
//
// Don't do this if the user has asked for exact
// symbols as the in-memory image may not exactly
// match what's on disk even if the headers are similar.
if (g_SymOptions & SYMOPT_EXACT_SYMBOLS) { return FALSE; }
Image = Process->FindImageByOffset(DefLoad->BaseOfImage, FALSE); if (!Image || Image->m_File || Image->m_MapAlreadyFailed || !(Mapping = FindImageFile(Process, Image->m_ImagePath, Image->m_SizeOfImage, Image->m_CheckSum, Image->m_TimeDateStamp, &Image->m_File, Image->m_MappedImagePath))) { return FALSE; }
// This file handle is only good as long as the
// image information doesn't change.
Image->m_FileIsDemandMapped = TRUE;
// We don't need the actual file mapping, just
// the file handle.
UnmapViewOfFile(Mapping);
// Update dbghelp with the latest image file handle
// as loading the image has given us one.
DefLoad->Reparse = TRUE; DefLoad->hFile = Image->m_File;
if (g_SymOptions & SYMOPT_DEBUG) { CompletePartialLine(DEBUG_OUTPUT_SYMBOLS); MaskOut(DEBUG_OUTPUT_SYMBOLS, "DBGENG: Partial symbol load found image %s.\n", Image->m_MappedImagePath); }
return TRUE;
case CBA_DEFERRED_SYMBOL_LOAD_FAILURE: if (IS_KERNEL_TARGET(Process->m_Target) && DefLoad->SizeOfStruct >= FIELD_OFFSET(IMAGEHLP_DEFERRED_SYMBOL_LOAD, Reparse)) { i = 0;
if (strncmp(DefLoad->FileName, "dump_", sizeof("dump_")-1) == 0) { i = sizeof("dump_")-1; }
if (strncmp(DefLoad->FileName, "hiber_", sizeof("hiber_")-1) == 0) { i = sizeof("hiber_")-1; }
if (i) { if (_stricmp (DefLoad->FileName+i, "scsiport.sys") == 0) { strcpy (DefLoad->FileName, "diskdump.sys"); } else { strcpy(DefLoad->FileName, DefLoad->FileName+i); }
DefLoad->Reparse = TRUE; return TRUE; } }
if (DefLoad->FileName && *DefLoad->FileName) { VerbOut("*** Error: could not load symbols for %s\n", DefLoad->FileName); } else { VerbOut("*** Error: could not load symbols [MODNAME UNKNOWN]\n"); } break;
case CBA_DEFERRED_SYMBOL_LOAD_COMPLETE: Image = Process->FindImageByOffset(DefLoad->BaseOfImage, FALSE); if (!Image) { VerbOut("\n"); break; }
// Do not load unqualified symbols in this callback since this
// could result in stack overflow.
OldSymOptions = SymGetOptions(); SymSetOptions(OldSymOptions | SYMOPT_NO_UNQUALIFIED_LOADS);
VerbOut("%s\n", DefLoad->FileName); Image->ValidateSymbolLoad(DefLoad); NotifyChangeSymbolState(DEBUG_CSS_LOADS, DefLoad->BaseOfImage, Process);
SymSetOptions(OldSymOptions); return TRUE;
case CBA_SYMBOLS_UNLOADED: VerbOut("Symbols unloaded for %s %s\n", FormatAddr64(DefLoad->BaseOfImage), DefLoad->FileName); break;
case CBA_READ_MEMORY: ReadMem = (PIMAGEHLP_CBA_READ_MEMORY)CallbackData; return Process->m_Target-> ReadVirtual(Process, ReadMem->addr, ReadMem->buf, ReadMem->bytes, ReadMem->bytesread) == S_OK;
case CBA_SET_OPTIONS: // Symbol options are set through the interface
// so the debugger generally knows about them
// already. The only flags that we want to check
// here are internal flags that can be changed through
// !sym or other dbghelp extension commands.
// There is no need to notify here for internal flag
// changes.
#define DBGHELP_CHANGE_SYMOPT \
(SYMOPT_NO_PROMPTS | \ SYMOPT_DEBUG)
g_SymOptions = (g_SymOptions & ~DBGHELP_CHANGE_SYMOPT) | (*(PULONG)CallbackData & DBGHELP_CHANGE_SYMOPT); break;
default: return FALSE; }
return FALSE;}
BOOLValidatePathComponent(PCSTR Part){ if (strlen(Part) == 0) { return FALSE; } else if (!_strnicmp(Part, "SYMSRV*", 7) || !_strnicmp(Part, "SRV*", 4) || IsUrlPathComponent(Part)) { // No easy way to validate symbol server or URL paths.
// They're virtually always network references,
// so just disallow all such usage when net
// access isn't allowed.
if (g_EngOptions & DEBUG_ENGOPT_DISALLOW_NETWORK_PATHS) { return FALSE; }
return TRUE; } else { DWORD Attrs; DWORD OldMode; char Expand[MAX_PATH];
// Otherwise make sure this is a valid directory.
if (!ExpandEnvironmentStrings(Part, Expand, sizeof(Expand))) { return FALSE; }
if (g_EngOptions & DEBUG_ENGOPT_DISALLOW_NETWORK_PATHS) { // Don't call GetFileAttributes when network paths
// are disabled as net operations may cause deadlocks.
if (NetworkPathCheck(Expand) != ERROR_SUCCESS) { return FALSE; } }
// We can still get to this point when debugging CSR
// if the user has explicitly allowed net paths.
// This check isn't important enough to risk a hang.
if (AnySystemProcesses(TRUE)) { return TRUE; }
OldMode = SetErrorMode(SEM_FAILCRITICALERRORS);
Attrs = GetFileAttributes(Expand);
SetErrorMode(OldMode); return Attrs != 0xffffffff && (Attrs & FILE_ATTRIBUTE_DIRECTORY); }}
voidSetSymbolSearchPath(ProcessInfo* Process){ LPSTR lpExePathEnv; size_t cbExePath;
LPSTR lpSymPathEnv; LPSTR lpAltSymPathEnv; size_t cbSymPath; LPSTR NewMem;
//
// Load the Binary path (needed for triage dumps)
//
// No clue why this or the next is 18 ...
cbExePath = 18;
if (g_ExecutableImageSearchPath) { cbExePath += strlen(g_ExecutableImageSearchPath) + 1; }
lpExePathEnv = NULL; if ((g_SymOptions & SYMOPT_IGNORE_NT_SYMPATH) == 0 && (lpExePathEnv = getenv("_NT_EXECUTABLE_IMAGE_PATH"))) { cbExePath += strlen(lpExePathEnv) + 1; }
NewMem = (char*)realloc(g_ExecutableImageSearchPath, cbExePath); if (!NewMem) { ErrOut("Not enough memory to allocate/initialize " "ExecutableImageSearchPath"); return; } if (!g_ExecutableImageSearchPath) { *NewMem = 0; } g_ExecutableImageSearchPath = NewMem;
if ((g_SymOptions & SYMOPT_IGNORE_NT_SYMPATH) == 0) { AppendComponentsToPath(g_ExecutableImageSearchPath, lpExePathEnv, TRUE); }
//
// Load symbol Path
//
cbSymPath = 18; if (g_SymbolSearchPath) { cbSymPath += strlen(g_SymbolSearchPath) + 1; } if ((g_SymOptions & SYMOPT_IGNORE_NT_SYMPATH) == 0 && (lpSymPathEnv = getenv("_NT_SYMBOL_PATH"))) { cbSymPath += strlen(lpSymPathEnv) + 1; } if ((g_SymOptions & SYMOPT_IGNORE_NT_SYMPATH) == 0 && (lpAltSymPathEnv = getenv("_NT_ALT_SYMBOL_PATH"))) { cbSymPath += strlen(lpAltSymPathEnv) + 1; }
NewMem = (char*)realloc(g_SymbolSearchPath, cbSymPath); if (!NewMem) { ErrOut("Not enough memory to allocate/initialize " "SymbolSearchPath"); return; } if (!g_SymbolSearchPath) { *NewMem = 0; } g_SymbolSearchPath = NewMem;
if ((g_SymOptions & SYMOPT_IGNORE_NT_SYMPATH) == 0) { AppendComponentsToPath(g_SymbolSearchPath, lpAltSymPathEnv, TRUE); AppendComponentsToPath(g_SymbolSearchPath, lpSymPathEnv, TRUE); }
SymSetSearchPath( Process->m_SymHandle, g_SymbolSearchPath );
dprintf("Symbol search path is: %s\n", *g_SymbolSearchPath ? g_SymbolSearchPath : "*** Invalid *** : Verify _NT_SYMBOL_PATH setting" );
if (g_ExecutableImageSearchPath) { dprintf("Executable search path is: %s\n", g_ExecutableImageSearchPath); }}
BOOLSetCurrentScope( IN PDEBUG_STACK_FRAME ScopeFrame, IN OPTIONAL PVOID ScopeContext, IN ULONG ScopeContextSize ){ BOOL ScopeChanged; PDEBUG_SCOPE Scope = &g_ScopeBuffer;
if (Scope->State == ScopeDefaultLazy) { // It's not a lazy scope now.
Scope->State = ScopeDefault; }
if (ScopeFrame->FrameNumber != 0) { // Backup 1 byte to get correct scoped locals
ScopeFrame->InstructionOffset--; } Scope->Process = g_Process; Scope->CheckedForThis = FALSE; ZeroMemory(&Scope->ThisData, sizeof(Scope->ThisData));
ScopeChanged = g_Process && SymSetContext(g_Process->m_SymHandle, (PIMAGEHLP_STACK_FRAME) ScopeFrame, ScopeContext);
if (ScopeFrame->FrameNumber != 0) { // restore backed up byte
ScopeFrame->InstructionOffset++; }
if (ScopeContext && (sizeof(Scope->Context) >= ScopeContextSize)) { memcpy(&Scope->Context, ScopeContext, ScopeContextSize); Scope->ContextState = MCTX_FULL; Scope->State = ScopeFromContext; NotifyChangeDebuggeeState(DEBUG_CDS_REGISTERS, DEBUG_ANY_ID); }
if (ScopeChanged || (ScopeFrame->FrameOffset != Scope->Frame.FrameOffset)) { Scope->Frame = *ScopeFrame; if (ScopeFrame->FuncTableEntry) { // Cache the FPO data since the pointer is only temporary
Scope->CachedFpo = *((PFPO_DATA) ScopeFrame->FuncTableEntry); Scope->Frame.FuncTableEntry = (ULONG64) &Scope->CachedFpo; } NotifyChangeSymbolState(DEBUG_CSS_SCOPE, 0, g_Process); } else { Scope->Frame = *ScopeFrame; if (ScopeFrame->FuncTableEntry) { // Cache the FPO data since the pointer is only temporary
Scope->CachedFpo = *((PFPO_DATA) ScopeFrame->FuncTableEntry); Scope->Frame.FuncTableEntry = (ULONG64) &Scope->CachedFpo; } }
return ScopeChanged;}
BOOLResetCurrentScopeLazy(void){ PDEBUG_SCOPE Scope = &g_ScopeBuffer; if (Scope->State == ScopeFromContext) { NotifyChangeDebuggeeState(DEBUG_CDS_REGISTERS, DEBUG_ANY_ID); }
Scope->State = ScopeDefaultLazy;
return TRUE;}
BOOLResetCurrentScope(void){ DEBUG_STACK_FRAME LocalFrame; PDEBUG_SCOPE Scope = &g_ScopeBuffer;
if (Scope->State == ScopeFromContext) { NotifyChangeDebuggeeState(DEBUG_CDS_REGISTERS, DEBUG_ANY_ID); }
Scope->State = ScopeDefault;
ZeroMemory(&LocalFrame, sizeof(LocalFrame));
// At the initial kernel load the system is only partially
// initialized and is very sensitive to bad memory reads.
// Stack traces can cause reads through unusual memory areas
// so it's best to avoid them at this time. This isn't
// much of a problem since users don't usually expect a locals
// context at this point.
if ((IS_USER_TARGET(g_Target) || (g_EngStatus & ENG_STATUS_AT_INITIAL_MODULE_LOAD) == 0) && IS_CUR_CONTEXT_ACCESSIBLE()) { if (!StackTrace(NULL, 0, 0, 0, STACK_ALL_DEFAULT, &LocalFrame, 1, 0, 0, TRUE)) { ADDR Addr; g_Machine->GetPC(&Addr); LocalFrame.InstructionOffset = Addr.off; } }
return SetCurrentScope(&LocalFrame, NULL, 0);}
ULONGGetCurrentScopeThisData(TypedData* Data){ PDEBUG_SCOPE Scope = GetCurrentScope();
if (!Scope->CheckedForThis) { ULONG Tag;
if (Scope->ThisData.FindSymbol(Scope->Process, "this", TDACC_REQUIRE, g_Machine->m_Ptr64 ? 8 : 4) || !Scope->ThisData.m_Image || !Scope->ThisData.IsPointer() || Scope->ThisData.GetTypeTag(Scope->ThisData.m_NextType, &Tag) || Tag != SymTagUDT) { ZeroMemory(&Scope->ThisData, sizeof(Scope->ThisData)); }
Scope->CheckedForThis = TRUE; }
if (!Scope->ThisData.m_Image) { return VARDEF; }
*Data = Scope->ThisData; return NO_ERROR;}
voidListUnloadedModules(ULONG Flags, PSTR Pattern){ UnloadedModuleInfo* Unl;
g_Process->m_NumUnloadedModules = 0;
Unl = g_Target->GetUnloadedModuleInfo(); if (Unl == NULL || Unl->Initialize(g_Thread) != S_OK) { // User-mode only has an unloaded module list
// for .NET Server, so don't show any errors
// if there isn't one.
if (IS_KERNEL_TARGET(g_Target)) { ErrOut("No unloaded module list present\n"); } return; }
char UnlName[MAX_INFO_UNLOADED_NAME]; DEBUG_MODULE_PARAMETERS Params;
if (Flags & LUM_OUTPUT) { dprintf("Unloaded modules:\n"); }
while (Unl->GetEntry(UnlName, &Params) == S_OK) { g_Process->m_NumUnloadedModules++;
if (Pattern != NULL && !MatchPattern(UnlName, Pattern)) { continue; }
if (Flags & LUM_OUTPUT_TERSE) { dprintf("."); continue; }
if (Flags & LUM_OUTPUT) { dprintf("%s %s %-8s\n", FormatAddr64(Params.Base), FormatAddr64(Params.Base + Params.Size), UnlName); }
if (Flags & ( LUM_OUTPUT_VERBOSE | LUM_OUTPUT_IMAGE_INFO)) { PSTR TimeDateStr = TimeToStr(Params.TimeDateStamp);
dprintf(" Timestamp: %s (%08X)\n", TimeDateStr, Params.TimeDateStamp); dprintf(" Checksum: %08X\n", Params.Checksum); } }
dprintf("\n");}
ULONGModuleMachineType(ProcessInfo* Process, ULONG64 Offset){ ImageInfo* Image = Process->FindImageByOffset(Offset, FALSE); return Image ? Image->GetMachineType() : IMAGE_FILE_MACHINE_UNKNOWN;}
ULONGIsInFastSyscall(ULONG64 Addr, PULONG64 Base){ if (Addr >= g_Target->m_TypeInfo.UmSharedSysCallOffset && Addr < g_Target->m_TypeInfo.UmSharedSysCallOffset + g_Target->m_TypeInfo.UmSharedSysCallSize) { *Base = g_Target->m_TypeInfo.UmSharedSysCallOffset; return FSC_FOUND; }
return FSC_NONE;}
BOOLShowFunctionParameters(PDEBUG_STACK_FRAME StackFrame){ SYM_DUMP_PARAM_EX SymFunction = {0}; ULONG Status = 0; PDEBUG_SCOPE Scope = GetCurrentScope(); DEBUG_SCOPE SavScope = *Scope;
SymFunction.size = sizeof(SYM_DUMP_PARAM_EX); SymFunction.addr = StackFrame->InstructionOffset; SymFunction.Options = DBG_DUMP_COMPACT_OUT | DBG_DUMP_FUNCTION_FORMAT;
// SetCurrentScope to this function
SymSetContext(g_Process->m_SymHandle, (PIMAGEHLP_STACK_FRAME) StackFrame, NULL); Scope->Frame = *StackFrame; if (StackFrame->FuncTableEntry) { // Cache the FPO data since the pointer is only temporary
Scope->CachedFpo = *((PFPO_DATA) StackFrame->FuncTableEntry); Scope->Frame.FuncTableEntry = (ULONG64) &Scope->CachedFpo; }
if (!SymbolTypeDumpNew(&SymFunction, &Status) && !Status) { Status = TRUE; }
g_ScopeBuffer = SavScope; SymSetContext(g_Process->m_SymHandle, (PIMAGEHLP_STACK_FRAME) &Scope->Frame, NULL);
return !Status;}
|
