archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/base/tools/kdexts2/driver.c

863 lines
28 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1992 Microsoft Corporation
  5. Module Name:
  7. driver.c
  9. Abstract:
  11. WinDbg Extension Api
  13. Author:
  15. Wesley Witt (wesw) 15-Aug-1993
  17. Environment:
  19. User Mode.
  21. Revision History:
  23. --*/
  25. #include "precomp.h"
  26. #pragma hdrstop
  28. #include <time.h>
  30. VOID
  31. DumpImage(
  32. ULONG Base,
  33. BOOL DoHeaders,
  34. BOOL DoSections
  35. );
  37. PUCHAR DispatchRoutineTable[]=
  38. {
  39. "IRP_MJ_CREATE",
  40. "IRP_MJ_CREATE_NAMED_PIPE",
  41. "IRP_MJ_CLOSE",
  42. "IRP_MJ_READ",
  43. "IRP_MJ_WRITE",
  44. "IRP_MJ_QUERY_INFORMATION",
  45. "IRP_MJ_SET_INFORMATION",
  46. "IRP_MJ_QUERY_EA",
  47. "IRP_MJ_SET_EA",
  48. "IRP_MJ_FLUSH_BUFFERS",
  49. "IRP_MJ_QUERY_VOLUME_INFORMATION",
  50. "IRP_MJ_SET_VOLUME_INFORMATION",
  51. "IRP_MJ_DIRECTORY_CONTROL",
  52. "IRP_MJ_FILE_SYSTEM_CONTROL",
  53. "IRP_MJ_DEVICE_CONTROL",
  54. "IRP_MJ_INTERNAL_DEVICE_CONTROL",
  55. "IRP_MJ_SHUTDOWN",
  56. "IRP_MJ_LOCK_CONTROL",
  57. "IRP_MJ_CLEANUP",
  58. "IRP_MJ_CREATE_MAILSLOT",
  59. "IRP_MJ_QUERY_SECURITY",
  60. "IRP_MJ_SET_SECURITY",
  61. "IRP_MJ_POWER",
  62. "IRP_MJ_SYSTEM_CONTROL",
  63. "IRP_MJ_DEVICE_CHANGE",
  64. "IRP_MJ_QUERY_QUOTA",
  65. "IRP_MJ_SET_QUOTA",
  66. "IRP_MJ_PNP",
  67. NULL
  68. } ;
  70. PUCHAR FastIoDispatchTable[]=
  71. {
  72. "FastIoCheckIfPossible",
  73. "FastIoRead",
  74. "FastIoWrite",
  75. "FastIoQueryBasicInfo",
  76. "FastIoQueryStandardInfo",
  77. "FastIoLock",
  78. "FastIoUnlockSingle",
  79. "FastIoUnlockAll",
  80. "FastIoUnlockAllByKey",
  81. "FastIoDeviceControl",
  82. "AcquireFileForNtCreateSection",
  83. "ReleaseFileForNtCreateSection",
  84. "FastIoDetachDevice",
  85. "FastIoQueryNetworkOpenInfo",
  86. "AcquireForModWrite",
  87. "MdlRead",
  88. "MdlReadComplete",
  89. "PrepareMdlWrite",
  90. "MdlWriteComplete",
  91. "FastIoReadCompressed",
  92. "FastIoWriteCompressed",
  93. "MdlReadCompleteCompressed",
  94. "MdlWriteCompleteCompressed",
  95. "FastIoQueryOpen",
  96. "ReleaseForModWrite",
  97. "AcquireForCcFlush",
  98. "ReleaseForCcFlush",
  99. NULL
  100. } ;
  102. //
  103. // Change this value and update the above table if IRP_MJ_MAXIMUM_FUNCTION
  104. // is increased.
  105. //
  106. #define IRP_MJ_MAXIMUM_FUNCTION_HANDLED 0x1b
  108. DECLARE_API( drvobj )
  110. /*++
  112. Routine Description:
  114. Dump a driver object.
  116. Arguments:
  118. args - the location of the driver object to dump.
  120. Return Value:
  122. None
  124. --*/
  126. {
  127. ULONG64 driverToDump;
  128. ULONG Flags;
  129. char driverExprBuf[256] ;
  130. char *driverExpr ;
  132. //
  133. // !drvobj DriverAddress DumpLevel
  134. // where DriverAddress can be an expression or driver name
  135. // and DumpLevel is a hex mask
  136. //
  137. strcpy(driverExprBuf, "\\Driver\\") ;
  138. driverExpr = driverExprBuf+strlen(driverExprBuf) ;
  139. Flags = 1;
  140. driverToDump = 0 ;
  142. if (!sscanf(args, "%230s %lx", driverExpr, &Flags)) {
  143. driverExpr[0] = 0;
  144. }
  146. //
  147. // The debugger will treat C0000000 as a symbol first, then a number if
  148. // no match comes up.
  149. //
  150. if (driverExpr[0] == '\\') {
  152. driverToDump = FindObjectByName( driverExpr, 0);
  154. } else {
  156. driverToDump = FindObjectByName((PUCHAR) driverExprBuf, 0);
  158. if (driverToDump == 0)
  159. {
  160. driverToDump = GetExpression(driverExpr);
  161. }
  162. }
  164. if(driverToDump == 0) {
  165. dprintf("Driver object %s not found\n", args);
  166. return E_INVALIDARG;
  167. }
  169. dprintf("Driver object (%08p) is for:\n", driverToDump);
  170. DumpDriver( driverToDump, 0, Flags);
  171. if (!Flags)
  172. {
  173. dprintf("\n");
  174. }
  175. return S_OK;
  176. }
  178. VOID
  179. DumpDriver(
  180. ULONG64 DriverAddress,
  181. ULONG FieldWidth,
  182. ULONG Flags
  183. )
  185. /*++
  187. Routine Description:
  189. Displays the driver name and the list of device objects created by
  190. the driver.
  192. Arguments:
  194. DriverAddress - addres of the driver object to dump.
  195. FieldWidth - Width of printf field (eg %11s) for driver name.
  196. Use 0 for full display.
  197. Flags - Bit 0, Dump out device objects owned by driver
  198. Bit 1, Dump out dispatch routines for driver
  200. Return Value:
  202. None
  204. --*/
  206. {
  207. // DRIVER_OBJECT driverObject;
  208. ULONG result;
  209. ULONG i,j;
  210. PUCHAR buffer;
  211. ULONG64 deviceAddress;
  212. // DEVICE_OBJECT deviceObject;
  213. UNICODE_STRING unicodeString;
  214. ULONG64 displacement;
  215. UCHAR component[512];
  216. PUCHAR *dispatchTableText ;
  217. // FAST_IO_DISPATCH FastIoDispatch;
  218. ULONG64 *p;
  219. ULONG Type=0, Name_MaxLen=0, Name_Len=0, LongAddr, IoD_SizeOfFastIoDispatch=0;
  220. ULONG64 MajorFunction[IRP_MJ_MAXIMUM_FUNCTION_HANDLED+1]= {0}, IoD[27] = {0};
  221. ULONG64 Name_Buf=0, DriverExtension=0, Ext_ClientDriverExtension=0, DeviceObject=0,
  222. FastIoDispatch=0, IoD_FastIoCheckIfPossible=0;
  223. ULONG64 DriverEntry=0, DriverUnload=0, DriverStartIo=0;
  225. FIELD_INFO DriverFields[] = {
  226. {"DriverExtension", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA |
  227. ((Flags & 1) ? DBG_DUMP_FIELD_RECUR_ON_THIS : 0), 0, (PVOID) &DriverExtension},
  228. {"DriverName", "", 0, DBG_DUMP_FIELD_RECUR_ON_THIS, 0, NULL},
  229. {"DriverName.MaximumLength", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &Name_MaxLen},
  230. {"DriverName.Length", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &Name_Len},
  231. {"DriverName.Buffer", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &Name_Buf},
  232. {"DriverExtension.ClientDriverExtension", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &Ext_ClientDriverExtension},
  233. {"DeviceObject", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &DeviceObject},
  234. {"DriverInit", "DriverEntry", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &DriverEntry},
  235. {"DriverStartIo", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &DriverStartIo},
  236. {"DriverUnload", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &DriverUnload},
  237. {"MajorFunction", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &MajorFunction[0]},
  238. {"FastIoDispatch","", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA |
  239. DBG_DUMP_FIELD_RECUR_ON_THIS, 0, (PVOID) &FastIoDispatch},
  240. {"FastIoDispatch.SizeOfFastIoDispatch", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &IoD_SizeOfFastIoDispatch},
  241. {"FastIoDispatch.FastIoCheckIfPossible", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &IoD[0]},
  242. {"FastIoDispatch.FastIoRead", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &IoD[1]},
  243. {"FastIoDispatch.FastIoWrite", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &IoD[2]},
  244. {"FastIoDispatch.FastIoQueryBasicInfo", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &IoD[3]},
  245. {"FastIoDispatch.FastIoQueryStandardInfo", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &IoD[4]},
  246. {"FastIoDispatch.FastIoLock", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &IoD[5]},
  247. {"FastIoDispatch.FastIoUnlockSingle", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &IoD[6]},
  248. {"FastIoDispatch.FastIoUnlockAll", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &IoD[7]},
  249. {"FastIoDispatch.FastIoUnlockAllByKey", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &IoD[8]},
  250. {"FastIoDispatch.FastIoDeviceControl", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &IoD[9]},
  251. {"FastIoDispatch.AcquireFileForNtCreateSection", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &IoD[10]},
  252. {"FastIoDispatch.ReleaseFileForNtCreateSection", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &IoD[11]},
  253. {"FastIoDispatch.FastIoDetachDevice", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &IoD[12]},
  254. {"FastIoDispatch.FastIoQueryNetworkOpenInfo", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &IoD[13]},
  255. {"FastIoDispatch.AcquireForModWrite", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &IoD[14]},
  256. {"FastIoDispatch.MdlRead", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &IoD[15]},
  257. {"FastIoDispatch.MdlReadComplete", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &IoD[16]},
  258. {"FastIoDispatch.PrepareMdlWrite", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &IoD[17]},
  259. {"FastIoDispatch.MdlWriteComplete", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &IoD[18]},
  260. {"FastIoDispatch.FastIoReadCompressed", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &IoD[19]},
  261. {"FastIoDispatch.FastIoWriteCompressed", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &IoD[20]},
  262. {"FastIoDispatch.MdlReadCompleteCompressed", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &IoD[21]},
  263. {"FastIoDispatch.MdlWriteCompleteCompressed", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &IoD[22]},
  264. {"FastIoDispatch.FastIoQueryOpen", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &IoD[23]},
  265. {"FastIoDispatch.ReleaseForModWrite", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &IoD[24]},
  266. {"FastIoDispatch.AcquireForCcFlush", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &IoD[25]},
  267. {"FastIoDispatch.ReleaseForCcFlush", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &IoD[26]},
  268. };
  269. SYM_DUMP_PARAM DriverSym = {
  270. sizeof (SYM_DUMP_PARAM), "nt!_DRIVER_OBJECT", DBG_DUMP_NO_PRINT, (ULONG64) DriverAddress,
  271. NULL, NULL, NULL, sizeof (DriverFields) / sizeof(FIELD_INFO), &DriverFields[0]
  272. };
  275. if (GetFieldValue(DriverAddress, "nt!_DRIVER_OBJECT",
  276. "Type", Type)) {
  277. dprintf("Cannot read _DRIVER_OBJECT at %p\n", DriverAddress);
  278. return;
  279. }
  281. LongAddr = IsPtr64();
  283. if (Type != IO_TYPE_DRIVER) {
  284. dprintf("%08p: is not a driver object\n", DriverAddress);
  285. return;
  286. }
  287. Ioctl(IG_DUMP_SYMBOL_INFO, &DriverSym, DriverSym.size);
  289. if (Name_MaxLen > 1024) // sanity sheck
  290. {
  291. Name_MaxLen = 1024;
  292. }
  293. buffer = LocalAlloc(LPTR, Name_MaxLen);
  294. if (buffer == NULL) {
  295. dprintf("Could not allocate %d bytes\n",
  296. Name_MaxLen);
  297. return;
  298. }
  300. //
  301. // This memory may be paged out.
  302. //
  304. unicodeString.Buffer = (PWSTR)buffer;
  305. unicodeString.Length = (USHORT) Name_Len;
  306. unicodeString.MaximumLength = (USHORT) Name_MaxLen;
  307. if (!ReadMemory( Name_Buf,
  308. buffer,
  309. Name_MaxLen,
  310. &result)) {
  311. dprintf(" Name paged out");
  312. } else {
  313. sprintf(component, " %wZ", &unicodeString);
  314. dprintf("%s", component) ;
  315. for(i = strlen(component); i<FieldWidth; i++) {
  316. dprintf(" ") ;
  317. }
  318. }
  319. LocalFree(buffer);
  321. if (Flags&1) {
  322. dprintf("\n");
  324. //
  325. // Dump the list of client extensions
  326. //
  328. if(DriverExtension) {
  329. ULONG sz = GetTypeSize("nt!_IO_CLIENT_EXTENSION");
  330. ULONG64 clientExtension = Ext_ClientDriverExtension;
  332. dprintf("Driver Extension List: (id , addr)\n");
  334. //
  335. // Check to see if there are any extensions.
  336. //
  338. while(clientExtension != 0) {
  339. ULONG64 ClientIdentificationAddress=0, NextExtension=0;
  340. FIELD_INFO IoCltFields[] = {
  341. {"ClientIdentificationAddress", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA,
  342. 0, (PVOID) &ClientIdentificationAddress},
  343. {"NextExtension", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA,
  344. 0, (PVOID) &NextExtension},
  345. };
  346. // IO_CLIENT_EXTENSION buffer;
  348. DriverSym.sName = "_IO_CLIENT_EXTENSION"; DriverSym.addr = clientExtension;
  349. DriverSym.nFields = 2; DriverSym.Fields = &IoCltFields[0];
  351. if (!Ioctl(IG_DUMP_SYMBOL_INFO, &DriverSym, DriverSym.size)) {
  353. dprintf("(%08p %08p) ",
  354. ClientIdentificationAddress,
  355. clientExtension + sz);
  356. clientExtension = NextExtension;
  358. } else {
  360. dprintf("\nCouldn't read extension at %#08p\n", clientExtension);
  361. clientExtension = 0;
  362. }
  363. }
  364. dprintf("\n");
  365. }
  367. dprintf("Device Object list:\n");
  369. deviceAddress = DeviceObject;
  371. for (i= 0; deviceAddress != 0; i++) {
  372. ULONG64 NextDevice=0;
  373. FIELD_INFO DevFields = {"NextDevice", "", 0, DBG_DUMP_FIELD_COPY_FIELD_DATA, 0, (PVOID) &NextDevice};
  375. DriverSym.sName = "_DEVICE_OBJECT"; DriverSym.addr = deviceAddress;
  376. DriverSym.nFields = 1; DriverSym.Fields = &DevFields;
  378. if (Ioctl(IG_DUMP_SYMBOL_INFO, &DriverSym, DriverSym.size)) {
  379. dprintf("%08p: Could not read device object\n", deviceAddress);
  380. break;
  381. }
  383. dprintf("%08p%s", deviceAddress, ((i & 0x03) == 0x03) ? "\n" : " ");
  384. deviceAddress = NextDevice;
  385. }
  386. dprintf("\n");
  387. }
  389. if (Flags&0x2) {
  391. GetSymbol(DriverEntry, component, &displacement);
  392. dprintf("\nDriverEntry: %8.8p\t%s\n", DriverEntry, component);
  394. GetSymbol(DriverStartIo, component, &displacement);
  395. dprintf("DriverStartIo: %8.8p\t%s\n", DriverStartIo, component);
  397. GetSymbol(DriverUnload, component, &displacement);
  398. dprintf("DriverUnload: %8.8p\t%s\n", DriverUnload, component);
  400. dprintf ("\nDispatch routines:\n");
  401. dispatchTableText = DispatchRoutineTable ;
  402. for (i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION_HANDLED; i++) {
  403. //
  404. // Get the read pointer values depending on 32 or 64 bit addresses
  405. //
  406. if (LongAddr) {
  407. GetSymbol(MajorFunction[i], component, &displacement);
  408. } else {
  409. GetSymbol((ULONG64) (LONG64) (LONG) (((PULONG) &MajorFunction[0])[i]), component, &displacement);
  410. }
  412. //
  413. // Forms are:
  414. // [1b] IRP_MJ_PNP C0000000 DispatchHandler+30
  415. // [1b] IRP_MJ_PNP C0000000 DispatchHandler
  416. // [1b] ??? C0000000 <either of above>
  417. //
  418. if (*dispatchTableText) {
  419. dprintf("[%02x] %s", i, *dispatchTableText) ;
  420. j=strlen(*dispatchTableText) ;
  421. } else {
  422. dprintf("[%02x] ???", i) ;
  423. j=3 ;
  424. }
  426. while(j++<35) dprintf(" ") ;
  427. if (LongAddr) {
  428. dprintf("%8.8p\t%s", MajorFunction[i], component);
  429. } else {
  430. dprintf("%8.8x\t%s", (((PULONG) &MajorFunction[0])[i]), component);
  431. }
  432. // dprintf("%8.8x\t%s", driverObject.MajorFunction[i], component) ;
  434. if (displacement) {
  436. dprintf("+0x%1p\n", displacement) ;
  437. } else {
  439. dprintf("\n") ;
  440. }
  442. if (*dispatchTableText) {
  444. dispatchTableText++ ;
  445. }
  446. }
  448. if (FastIoDispatch) {
  450. dprintf("\nFast I/O routines:\n");
  451. dispatchTableText = FastIoDispatchTable ;
  453. for (i=0;i < ((IoD_SizeOfFastIoDispatch - 4)/ (LongAddr ? 8 : 4)); i++) {
  454. if (IoD[i]) {
  456. GetSymbol(IoD[i], component, &displacement);
  458. if (*dispatchTableText) {
  459. dprintf("%s", *dispatchTableText) ;
  460. j=strlen(*dispatchTableText) ;
  461. } else {
  462. dprintf("???") ;
  463. j=3 ;
  464. }
  466. while(j++<40) dprintf(" ") ;
  467. dprintf("%8.8p\t%s", IoD[i], component) ;
  469. if (displacement) {
  471. dprintf("+0x%1p", displacement) ;
  472. }
  474. dprintf("\n") ;
  475. }
  477. if (*dispatchTableText) {
  479. dispatchTableText++ ;
  480. }
  481. }
  482. }
  483. dprintf("\n");
  484. }
  485. }
  489. UCHAR *PagedOut = {"Header Paged Out"};
  491. DECLARE_API( drivers )
  493. /*++
  495. Routine Description:
  497. Displays physical memory usage by driver.
  499. Arguments:
  501. None.
  503. Return Value:
  505. None.
  507. --*/
  509. {
  510. while (*args && *args != '-' && *args != '/') ++args;
  511. ++args;
  512. if (*args == 'h' || *args == '?')
  513. {
  514. dprintf("!drivers is now replaced by \".reload -l\"\n"
  515. "Also lmv will give verbose info about loaded drivers\n");
  516. return S_OK;
  517. }
  518. return ExecuteCommand(Client, ".reload -l");
  520. #if 0
  521. LIST_ENTRY64 List;
  522. ULONG64 Next;
  523. ULONG64 ListHead;
  524. NTSTATUS Status = 0;
  525. ULONG Result;
  526. ULONG64 DataTable;
  527. LDR_DATA_TABLE_ENTRY DataTableBuffer;
  528. WCHAR UnicodeBuffer[128];
  529. UNICODE_STRING BaseName;
  530. ULONG64 NtHeader;
  531. ULONG64 DosHeader;
  532. ULONG SizeOfData;
  533. ULONG SizeOfCode;
  534. ULONG SizeOfLocked;
  535. ULONG TotalCode = 0;
  536. ULONG TotalData = 0;
  537. ULONG TotalValid = 0;
  538. ULONG TotalTransition = 0;
  539. ULONG DosHeaderSize;
  540. ULONG TimeDateStamp;
  541. LONG_PTR TDStamp;
  542. ULONG InLoadOrderLinksOff;
  543. PUCHAR time;
  544. ULONG64 Flags;
  545. UCHAR LdrName[] = "_LDR_DATA_TABLE_ENTRY";
  547. Flags = GetExpression(args);
  549. ListHead = GetNtDebuggerData( PsLoadedModuleList );
  551. if (!ListHead) {
  552. dprintf("Unable to get value of PsLoadedModuleListHead\n");
  553. return E_INVALIDARG;
  554. }
  556. if (GetFieldValue(ListHead, "_LIST_ENTRY", "Flink", List.Flink)) {
  557. dprintf("Couldn't read _LIST_ENTRY @ %p\n", ListHead);
  558. return E_INVALIDARG;
  559. }
  561. Next = List.Flink;
  562. if (Next == 0) {
  563. dprintf("PsLoadedModuleList is NULL, trying loader block instead\n");
  565. ListHead = GetUlongValue ("KeLoaderBlock");
  567. if (ListHead == 0) {
  568. dprintf ("KeLoaderBlock is NULL\n");
  569. return E_INVALIDARG;
  570. }
  572. if (GetFieldValue(ListHead, "_LIST_ENTRY", "Flink", List.Flink)) {
  573. dprintf("Couldn't read _LIST_ENTRY1 @ %p\n", ListHead);
  574. return E_INVALIDARG;
  575. }
  577. if (GetFieldValue(List.Flink, "_LIST_ENTRY", "Flink", List.Flink)) {
  578. dprintf("Couldn't read _LIST_ENTRY2 @ %p\n", ListHead);
  579. return E_INVALIDARG;
  580. }
  582. if (!IsPtr64()) {
  583. ListHead = (ULONG64)(LONG64)(LONG)ListHead;
  584. }
  586. Next = List.Flink;
  587. }
  589. dprintf("Loaded System Driver Summary\n\n");
  590. if (Flags & 1) {
  591. dprintf("Base Code Size Data Size Resident Standby Driver Name\n");
  592. } else if (Flags & 2) {
  593. dprintf("Base Code Data Locked Resident Standby Loader Entry Driver Name\n");
  594. } else {
  595. dprintf("Base Code Size Data Size Driver Name Creation Time\n");
  596. }
  598. // Get The offset of InLoadOrderLinks
  599. if (GetFieldOffset("_LDR_DATA_TABLE_ENTRY", "InLoadOrderLinks", &InLoadOrderLinksOff)){
  600. dprintf("Cannot find _LDR_DATA_TABLE_ENTRY type\n");
  601. return E_INVALIDARG;
  602. }
  605. while (Next != ListHead) {
  606. ULONG64 BaseDllBuffer=0, DllBase=0;
  607. ULONG BaseDllNameLen=0, SizeOfImage=0;
  609. if (CheckControlC()) {
  610. return E_INVALIDARG;
  611. }
  612. DataTable = Next - InLoadOrderLinksOff;
  614. if (GetFieldValue(DataTable, LdrName, "BaseDllName.Buffer", BaseDllBuffer)) {
  615. dprintf("Unable to read LDR_DATA_TABLE_ENTRY at %08lx - status %08p\n",
  616. DataTable,
  617. Status);
  618. return E_INVALIDARG;
  619. }
  621. GetFieldValue(DataTable, LdrName, "BaseDllName.Length", BaseDllNameLen);
  623. if (BaseDllNameLen >= sizeof(UnicodeBuffer)) {
  624. BaseDllNameLen = sizeof(UnicodeBuffer);
  625. }
  626. //
  627. // Get the base DLL name.
  628. //
  629. if ((!ReadMemory(BaseDllBuffer,
  630. UnicodeBuffer,
  631. BaseDllNameLen,
  632. &Result)) || (Result < BaseDllNameLen)) {
  633. dprintf("Unable to read name string at %08p - status %08lx\n",
  634. DataTable,
  635. Status);
  636. return E_INVALIDARG;
  637. }
  639. BaseName.Buffer = UnicodeBuffer;
  640. BaseName.Length = BaseName.MaximumLength = (USHORT)Result;
  642. GetFieldValue(DataTable, LdrName, "DllBase", DllBase);
  643. DosHeader = DllBase;
  645. DosHeaderSize=0;
  646. if (GetFieldValue(DosHeader, "_IMAGE_DOS_HEADER", "e_lfanew", DosHeaderSize)) {
  647. //dprintf("Unable to read DosHeader at %08lx - status %08lx\n",
  648. // &DosHeader->e_lfanew,
  649. // Status);
  651. SizeOfCode = 0;
  652. SizeOfData = 0;
  653. SizeOfLocked = -1;
  654. time = PagedOut;
  655. } else {
  657. NtHeader = DosHeader + DosHeaderSize;
  659. if (GetFieldValue(NtHeader, "_IMAGE_NT_HEADERS", "OptionalHeader.SizeOfCode", SizeOfCode)) {
  660. dprintf("Unable to read DosHeader at %08p - status %08lx\n",
  661. NtHeader,
  662. Status);
  663. goto getnext;
  664. }
  666. GetFieldValue(NtHeader, "_IMAGE_NT_HEADERS", "OptionalHeader.SizeOfInitializedData", SizeOfData);
  667. GetFieldValue(NtHeader, "_IMAGE_NT_HEADERS", "FileHeader.TimeDateStamp", TimeDateStamp);
  669. // TimeDateStamp is always a 32 bit quantity on the target, and we
  670. // need to sign extend for 64 bit host
  671. TDStamp = (LONG_PTR)(LONG)TimeDateStamp;
  672. time = ctime((time_t *)&TDStamp);
  673. if (time) {
  674. time[strlen(time)-1] = 0; // ctime always returns 26 char ending win \n\0
  675. }
  676. }
  678. GetFieldValue(DataTable, LdrName, "SizeOfImage", SizeOfImage);
  679. if (Flags & 1) {
  680. ULONG64 Va;
  681. ULONG64 EndVa;
  682. ULONG States[3] = {0,0,0};
  684. Va = DllBase;
  685. EndVa = Va + SizeOfImage;
  687. // PLATFORM SPECIFIC
  688. while (Va < EndVa) {
  689. States[GetAddressState(Va)] += _KB;
  690. Va += PageSize;
  691. }
  692. dprintf("%08p %6lx (%4ld kb) %6lx (%4ld kb) (%5ld kb %5ld kb) %12wZ\n",
  693. DllBase,
  694. SizeOfCode,
  695. SizeOfCode / 1024,
  696. SizeOfData,
  697. SizeOfData / 1024,
  698. States[ADDRESS_VALID],
  699. States[ADDRESS_TRANSITION],
  700. &BaseName);
  701. TotalValid += States[ADDRESS_VALID];
  702. TotalTransition += States[ADDRESS_TRANSITION];
  703. } else if (Flags & 2) {
  704. ULONG i;
  705. ULONG SizeToLock;
  706. ULONG64 PointerPte;
  707. ULONG64 LastPte;
  708. ULONG64 BaseAddress;
  709. ULONG64 Va;
  710. ULONG64 EndVa;
  711. ULONG States[3] = {0,0,0};
  712. ULONG64 NtSection;
  713. ULONG SizeOfOptionalHeader=0, NumberOfSections=0;
  715. Va = DllBase;
  716. EndVa = Va + SizeOfImage;
  718. while (Va < EndVa) {
  719. States[GetAddressState(Va)] += _KB;
  720. Va += PageSize;
  721. }
  723. SizeOfLocked = 0;
  725. //
  726. // Read the sections in the executable header to see which are
  727. // locked. Don't bother looking for refcounted PFNs.
  728. //
  730. NtHeader = DosHeader + DosHeaderSize;
  732. if (GetFieldValue(NtHeader, "_IMAGE_NT_HEADERS", "FileHeader.SizeOfOptionalHeader", SizeOfOptionalHeader)) {
  733. dprintf("Unable to read FileHeader at %08lx - status %08lx\n",
  734. NtHeader,
  735. Status);
  736. goto getnext;
  737. }
  738. GetFieldValue(NtHeader, "_IMAGE_NT_HEADERS", "FileHeader.NumberOfSections", NumberOfSections);
  740. NtSection = NtHeader +
  741. GetTypeSize("ULONG") +
  742. GetTypeSize("_IMAGE_FILE_HEADER") +
  743. SizeOfOptionalHeader;
  745. for (i = 0; i < NumberOfSections; i += 1) {
  746. ULONG NumberOfLinenumbers=0, PointerToRelocations=0, SizeOfRawData=0;
  748. if (GetFieldValue(NtSection, "_IMAGE_SECTION_HEADER", "NumberOfLinenumbers", NumberOfLinenumbers)) {
  749. dprintf("Unable to read NtSectionData at %08lx - status %08p\n",
  750. NtSection,
  751. Status);
  752. goto getnext;
  753. }
  755. GetFieldValue(NtSection, "_IMAGE_SECTION_HEADER", "SizeOfRawData", SizeOfRawData);
  756. GetFieldValue(NtSection, "_IMAGE_SECTION_HEADER", "PointerToRelocations", PointerToRelocations);
  758. if ((NumberOfLinenumbers == 1) ||
  759. (NumberOfLinenumbers == 2)) {
  761. BaseAddress = PointerToRelocations;
  762. SizeToLock = SizeOfRawData;
  763. PointerPte = DbgGetPteAddress( BaseAddress);
  764. LastPte = DbgGetPteAddress(BaseAddress + SizeToLock - 1);
  765. SizeOfLocked += (ULONG) (LastPte - PointerPte + 1);
  766. }
  768. NtSection += 1;
  769. }
  771. #if 0
  772. dprintf("Base Code Data Locked Resident Standby Loader Entry Driver Name\n");
  773. #endif
  775. dprintf("%08p %6lx %6lx %6lx %6lx %6lx %8lp %12wZ\n",
  776. DllBase,
  777. SizeOfCode,
  778. SizeOfData,
  779. SizeOfLocked,
  780. States[ADDRESS_VALID],
  781. States[ADDRESS_TRANSITION],
  782. DataTable,
  783. &BaseName);
  784. TotalValid += States[ADDRESS_VALID];
  785. TotalTransition += States[ADDRESS_TRANSITION];
  786. } else {
  787. dprintf("%08p %6lx (%4ld kb) %5lx (%3ld kb) %12wZ %s\n",
  788. DllBase,
  789. SizeOfCode,
  790. SizeOfCode / 1024,
  791. SizeOfData,
  792. SizeOfData / 1024,
  793. &BaseName,
  794. time);
  795. }
  797. if (Flags & 4) {
  798. dprintf("Cannot dump Image.\n");
  799. /*DumpImage(DllBase,
  800. (Flags & 2) == 2,
  801. (Flags & 4) == 4
  802. );*/
  803. }
  805. TotalCode += SizeOfCode;
  806. TotalData += SizeOfData;
  808. getnext:
  810. GetFieldValue(DataTable, LdrName, "InLoadOrderLinks.Flink", Next);
  811. }
  813. dprintf("TOTAL: %6lx (%4ld kb) %6lx (%4ld kb) (%5ld kb %5ld kb)\n",
  814. TotalCode,
  815. TotalCode / 1024,
  816. TotalData,
  817. TotalData / 1024,
  818. TotalValid,
  819. TotalTransition);
  822. return S_OK;
  823. #endif
  825. }
  828. HRESULT
  829. GetDrvObjInfo(
  830. IN ULONG64 DriverObject,
  831. OUT PDEBUG_DRIVER_OBJECT_INFO pDrvObjInfo)
  832. {
  833. ZeroMemory(pDrvObjInfo, sizeof(DEBUG_DRIVER_OBJECT_INFO));
  834. pDrvObjInfo->SizeOfStruct = sizeof(DEBUG_DRIVER_OBJECT_INFO);
  835. pDrvObjInfo->DriverObjAddress = DriverObject;
  836. if (InitTypeRead(DriverObject, nt!_DRIVER_OBJECT)) {
  837. return E_INVALIDARG;
  838. }
  839. pDrvObjInfo->DeviceObject = ReadField(DeviceObject);
  840. pDrvObjInfo->DriverExtension = ReadField(DriverExtension);
  841. pDrvObjInfo->DriverSize = (ULONG) ReadField(DriverSize);
  842. pDrvObjInfo->DriverStart = ReadField(DriverStart);
  843. pDrvObjInfo->DriverName.MaximumLength = (USHORT) ReadField(DriverName.MaximumLength);
  844. pDrvObjInfo->DriverName.Length = (USHORT) ReadField(DriverName.Length);
  845. pDrvObjInfo->DriverName.Buffer = ReadField(DriverName.Buffer);
  846. return S_OK;
  847. }
  849. EXTENSION_API( GetDrvObjInfo )(
  850. IN PDEBUG_CLIENT Client,
  851. IN ULONG64 DriverObject,
  852. OUT PDEBUG_DRIVER_OBJECT_INFO pDrvObjInfo)
  853. {
  854. HRESULT Hr = E_FAIL;
  856. INIT_API();
  858. if (pDrvObjInfo && (pDrvObjInfo->SizeOfStruct == sizeof(DEBUG_DRIVER_OBJECT_INFO))) {
  859. Hr = GetDrvObjInfo(DriverObject, pDrvObjInfo);
  860. }
  861. EXIT_API();
  862. return Hr;
  863. }