Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

663 lines
27 KiB

  1. #include<nt.h>
  2. #include<ntrtl.h>
  3. #include<nturtl.h>
  4. #include<stdio.h>
  5. #include<string.h>
  6. #include<memory.h>
  7. #include<malloc.h>
  8. #include<stdlib.h>
  9. #ifndef WIN32_LEAN_AND_MEAN
  10. #define WIN32_LEAN_AND_MEAN
  11. #endif
  12. #include <windows.h>
  13. #include <dbghelp.h>
  14. #include <ntsdexts.h>
  15. #include <wdbgexts.h>
  16. #include <ntverp.h>
  17. #define private public
  18. #define protected public
  19. #include "uenv.h"
  20. #include "reghash.h"
  21. //
  22. // forwards
  23. //
  24. BOOL
  25. ReadMemoryUserMode( HANDLE hProcess, const void* pAddress, void* pBuffer, DWORD dwSize, DWORD* pdwRead );
  26. BOOL
  27. ReadMemoryKernelMode( HANDLE hProcess, const void* pAddress, void* pBuffer, DWORD dwSize, DWORD* pdwRead );
  28. BOOL
  29. WriteMemoryUserMode( HANDLE hProcess, const void* pAddress, void* pBuffer, DWORD dwSize, DWORD* pdwRead );
  30. BOOL
  31. WriteMemoryKernelMode( HANDLE hProcess, const void* pAddress, void* pBuffer, DWORD dwSize, DWORD* pdwRead );
  32. //
  33. // types
  34. //
  35. typedef BOOL (*UEnvReadMemory)( HANDLE, const void*, void*, DWORD, DWORD* );
  36. typedef BOOL (*UEnvWriteMemory)( HANDLE, void*, void*, DWORD, DWORD* );
  37. //
  38. // globals
  39. //
  40. EXT_API_VERSION ApiVersion = { (VER_PRODUCTVERSION_W >> 8), (VER_PRODUCTVERSION_W & 0xff), EXT_API_VERSION_NUMBER, 0 };
  41. WINDBG_EXTENSION_APIS ExtensionApis;
  42. USHORT SavedMajorVersion = 0;
  43. USHORT SavedMinorVersion = 0;
  44. BOOL fKernelDebug = FALSE;
  45. UEnvReadMemory ReadMemoryExt = ReadMemoryUserMode;
  46. UEnvReadMemory WriteMemoryExt = ReadMemoryUserMode;
  47. //
  48. // macros
  49. //
  50. #define ExtensionRoutinePrologue() if (!fKernelDebug) \
  51. { \
  52. ExtensionApis = *lpExtensionApis; \
  53. ReadMemoryExt = ReadMemoryUserMode; \
  54. WriteMemoryExt = WriteMemoryUserMode; \
  55. } \
  56. ULONG_PTR dwAddr = GetExpression(lpArgumentString); \
  57. #define PRINT_SIZE(_x_) {dprintf(#_x_" - 0x%X\n", sizeof(_x_));}
  58. #define Boolean( x ) ( x ) ? "True" : "False"
  59. //
  60. // routines
  61. //
  62. BOOL
  63. DllInit(HANDLE hModule,
  64. DWORD dwReason,
  65. DWORD dwReserved )
  66. {
  67. switch (dwReason) {
  68. case DLL_THREAD_ATTACH:
  69. break;
  70. case DLL_THREAD_DETACH:
  71. break;
  72. case DLL_PROCESS_DETACH:
  73. break;
  74. case DLL_PROCESS_ATTACH:
  75. break;
  76. }
  77. return TRUE;
  78. }
  79. void
  80. WinDbgExtensionDllInit(
  81. PWINDBG_EXTENSION_APIS lpExtensionApis,
  82. USHORT MajorVersion,
  83. USHORT MinorVersion
  84. )
  85. {
  86. fKernelDebug = TRUE;
  87. ReadMemoryExt = ReadMemoryKernelMode;
  88. WriteMemoryExt = WriteMemoryKernelMode;
  89. ExtensionApis = *lpExtensionApis;
  90. SavedMajorVersion = MajorVersion;
  91. SavedMinorVersion = MinorVersion;
  92. return;
  93. }
  94. //
  95. // define our own operators new and delete, so that we do not have to include the crt
  96. //
  97. void* __cdecl
  98. ::operator new(size_t dwBytes)
  99. {
  100. void *p;
  101. p = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwBytes);
  102. return (p);
  103. }
  104. void __cdecl
  105. ::operator delete (void* p)
  106. {
  107. HeapFree(GetProcessHeap(), 0, p);
  108. }
  109. BOOL
  110. ReadMemoryUserMode( HANDLE hProcess, const void* pAddress, void* pBuffer, DWORD dwSize, DWORD* pdwRead )
  111. {
  112. return ReadProcessMemory( hProcess, pAddress, pBuffer, dwSize, pdwRead );
  113. }
  114. BOOL
  115. ReadMemoryKernelMode( HANDLE, const void* pAddress, void* pBuffer, DWORD dwSize, DWORD* pdwRead )
  116. {
  117. return ReadMemory( (ULONG) pAddress, pBuffer, dwSize, pdwRead );
  118. }
  119. BOOL
  120. WriteMemoryUserMode( HANDLE hProcess, const void* pAddress, void* pBuffer, DWORD dwSize, DWORD* pdwRead )
  121. {
  122. return WriteProcessMemory( hProcess, (void*) pAddress, pBuffer, dwSize, pdwRead );
  123. }
  124. BOOL
  125. WriteMemoryKernelMode( HANDLE, const void* pAddress, void* pBuffer, DWORD dwSize, DWORD* pdwRead )
  126. {
  127. return WriteMemory( (ULONG) pAddress, pBuffer, dwSize, pdwRead );
  128. }
  129. void
  130. PrintUuid( UUID x )
  131. {
  132. dprintf("%08lx-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
  133. x.Data1, x.Data2, x.Data3, x.Data4[0], x.Data4[1],
  134. x.Data4[2], x.Data4[3], x.Data4[4], x.Data4[5],
  135. x.Data4[6], x.Data4[7] );
  136. }
  137. void
  138. version(HANDLE hCurrentProcess,
  139. HANDLE hCurrentThread,
  140. DWORD dwCurrentPc,
  141. PWINDBG_EXTENSION_APIS lpExtensionApis,
  142. LPSTR lpArgumentString )
  143. {
  144. ExtensionRoutinePrologue();
  145. #if DBG
  146. PCHAR DebuggerType = "Checked";
  147. #else
  148. PCHAR DebuggerType = "Free";
  149. #endif
  150. if ( fKernelDebug )
  151. {
  152. dprintf( "%s UserEnv Extension dll for Build %d debugging %s kernel for Build %d\n",
  153. DebuggerType,
  154. VER_PRODUCTBUILD,
  155. SavedMajorVersion == 0x0c ? "Checked" : "Free",
  156. SavedMinorVersion
  157. );
  158. }
  159. else
  160. {
  161. dprintf(
  162. "%s UserEnv Extension dll for Build %d\n",
  163. DebuggerType,
  164. VER_PRODUCTBUILD
  165. );
  166. }
  167. }
  168. LPEXT_API_VERSION
  169. ExtensionApiVersion( void )
  170. {
  171. return &ApiVersion;
  172. }
  173. void help( HANDLE hCurrentProcess,
  174. HANDLE hCurrentThread,
  175. DWORD dwCurrentPc,
  176. PWINDBG_EXTENSION_APIS lpExtensionApis,
  177. LPSTR lpArgumentString )
  178. {
  179. ExtensionRoutinePrologue();
  180. dprintf("!version\n");
  181. dprintf("!gpo <address>\n");
  182. dprintf("!gpext <address>\n");
  183. dprintf("!container <address>\n");
  184. dprintf("!som <address>\n");
  185. dprintf("!profile <address>\n");
  186. dprintf("!debuglevel <address>\n");
  187. dprintf("!dmpregtable <address>\n");
  188. // dprintf("!globals\n");
  189. dprintf("!sizes\n");
  190. }
  191. void gpo( HANDLE hCurrentProcess,
  192. HANDLE hCurrentThread,
  193. DWORD dwCurrentPc,
  194. PWINDBG_EXTENSION_APIS lpExtensionApis,
  195. LPSTR lpArgumentString )
  196. {
  197. ExtensionRoutinePrologue();
  198. unsigned char buffer[sizeof(GPOINFO)];
  199. LPGPOINFO lpGPOInfo = (LPGPOINFO) buffer;
  200. DWORD dwBytesRead = 0;
  201. BOOL bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) dwAddr, buffer, sizeof(GPOINFO), &dwBytesRead );
  202. if ( bOk && dwBytesRead == sizeof(GPOINFO) )
  203. {
  204. dprintf("dwFlags - 0x%08X\n", lpGPOInfo->dwFlags );
  205. dprintf("iMachineRole - %d\n", lpGPOInfo->iMachineRole );
  206. dprintf("hToken - 0x%08X\n", lpGPOInfo->hToken );
  207. dprintf("pRsopToken - 0x%08X\n", lpGPOInfo->pRsopToken );
  208. WCHAR sz[128];
  209. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpGPOInfo->lpDNName, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  210. sz[127] = 0;
  211. dprintf("lpDNName - 0x%08X\t: \"%S\"\n", lpGPOInfo->lpDNName, bOk ? sz : L"" );
  212. dprintf("hEvent - 0x%08X\n", lpGPOInfo->hEvent );
  213. dprintf("hKeyRoot - 0x%08X\n", lpGPOInfo->hKeyRoot );
  214. dprintf("bXferToExtList - %s\n", Boolean( lpGPOInfo->bXferToExtList ) );
  215. dprintf("lpExtFilterList - 0x%08X\n", lpGPOInfo->lpExtFilterList );
  216. dprintf("lpGPOList - 0x%08X\n", lpGPOInfo->lpGPOList );
  217. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpGPOInfo->lpwszSidUser, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  218. sz[127] = 0;
  219. dprintf("lpwszSidUser - 0x%08X\t: \"%S\"\n", lpGPOInfo->lpwszSidUser, bOk ? sz : L"" );
  220. dprintf("hTriggerEvent - 0x%08X\n", lpGPOInfo->hTriggerEvent );
  221. dprintf("hNotifyEvent - 0x%08X\n", lpGPOInfo->hNotifyEvent );
  222. dprintf("hCritSection - 0x%08X\n", lpGPOInfo->hCritSection );
  223. dprintf("lpExtensions - 0x%08X\n", lpGPOInfo->lpExtensions );
  224. dprintf("bMemChanged - %s\n", Boolean( lpGPOInfo->bMemChanged ) );
  225. dprintf("bUserLocalMemChanged - %s\n", Boolean( lpGPOInfo->bUserLocalMemChanged ) );
  226. dprintf("pStatusCallback - 0x%08X\n", lpGPOInfo->pStatusCallback );
  227. dprintf("lpSOMList - 0x%08X\n", lpGPOInfo->lpSOMList );
  228. dprintf("lpGpContainerList - 0x%08X\n", lpGPOInfo->lpGpContainerList );
  229. dprintf("lpLoopbackSOMList - 0x%08X\n", lpGPOInfo->lpLoopbackSOMList );
  230. dprintf("lpLoopbackGpContainer - 0x%08X\n", lpGPOInfo->lpLoopbackGpContainerList );
  231. }
  232. }
  233. void gpext( HANDLE hCurrentProcess,
  234. HANDLE hCurrentThread,
  235. DWORD dwCurrentPc,
  236. PWINDBG_EXTENSION_APIS lpExtensionApis,
  237. LPSTR lpArgumentString )
  238. {
  239. ExtensionRoutinePrologue();
  240. unsigned char buffer[sizeof(GPEXT)];
  241. LPGPEXT lpGPExt = (LPGPEXT) buffer;
  242. DWORD dwBytesRead = 0;
  243. BOOL bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) dwAddr, buffer, sizeof(GPEXT), &dwBytesRead );
  244. if ( bOk && dwBytesRead == sizeof(GPEXT) )
  245. {
  246. WCHAR sz[256];
  247. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpGPExt->lpDisplayName, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  248. sz[127] = 0;
  249. dprintf("lpDisplayName - 0x%08X\t: \"%S\"\n", lpGPExt->lpDisplayName, bOk ? sz : L"" );
  250. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpGPExt->lpKeyName, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  251. sz[127] = 0;
  252. dprintf("lpKeyName - 0x%08X\t: \"%S\"\n", lpGPExt->lpKeyName, bOk ? sz : L"" );
  253. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpGPExt->lpDllName, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  254. sz[127] = 0;
  255. dprintf("lpDllName - 0x%08X\t: \"%S\"\n", lpGPExt->lpDllName, bOk ? sz : L"" );
  256. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpGPExt->lpFunctionName, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  257. sz[127] = 0;
  258. dprintf("lpFunctionName - 0x%08X\t: \"%S\"\n", lpGPExt->lpFunctionName, bOk ? sz : L"" );
  259. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpGPExt->lpRsopFunctionName, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  260. sz[127] = 0;
  261. dprintf("lpRsopFunctionName - 0x%08X\t: \"%S\"\n", lpGPExt->lpRsopFunctionName, bOk ? sz : L"" );
  262. dprintf("hInstance - 0x%08X\n", lpGPExt->hInstance );
  263. DWORD dwDisplacement = 0;
  264. GetSymbol((void*)lpGPExt->pEntryPoint, (UCHAR *)sz, &dwDisplacement);
  265. sz[64] = 0;
  266. dprintf("pEntryPoint - 0x%08X\t: %s\n", lpGPExt->pEntryPoint, sz );
  267. GetSymbol((void*)lpGPExt->pRsopEntryPoint, (UCHAR *)sz, &dwDisplacement);
  268. sz[64] = 0;
  269. dprintf("pRsopEntryPoint - 0x%08X\t: %s\n", lpGPExt->pRsopEntryPoint, sz );
  270. dprintf("dwNoMachPolicy - 0x%08X\n", lpGPExt->dwNoMachPolicy );
  271. dprintf("dwNoUserPolicy - 0x%08X\n", lpGPExt->dwNoUserPolicy );
  272. dprintf("dwNoSlowLink - 0x%08X\n", lpGPExt->dwNoSlowLink );
  273. dprintf("dwNoBackgroundPolicy - 0x%08X\n", lpGPExt->dwNoBackgroundPolicy );
  274. dprintf("dwNoGPOChanges - 0x%08X\n", lpGPExt->dwNoGPOChanges );
  275. dprintf("dwUserLocalSetting - 0x%08X\n", lpGPExt->dwUserLocalSetting );
  276. dprintf("dwRequireRegistry - 0x%08X\n", lpGPExt->dwRequireRegistry );
  277. dprintf("dwEnableAsynch - 0x%08X\n", lpGPExt->dwEnableAsynch );
  278. dprintf("dwLinkTransition - 0x%08X\n", lpGPExt->dwLinkTransition );
  279. dprintf("dwMaxChangesInterval - 0x%08X\n", lpGPExt->dwMaxChangesInterval );
  280. dprintf("bRegistryExt - %s\n", Boolean( lpGPExt->bRegistryExt ) );
  281. dprintf("bSkipped - %s\n", Boolean( lpGPExt->bSkipped ) );
  282. dprintf("bHistoryProcessing - %s\n", Boolean( lpGPExt->bHistoryProcessing ) );
  283. // dprintf("dwSlowLinkPrev - 0x%08X\n", lpGPExt->dwSlowLinkPrev );
  284. dprintf("guid - " );
  285. PrintUuid( lpGPExt->guid );
  286. dprintf("\n" );
  287. dprintf("pNext - 0x%08X\n", lpGPExt->pNext );
  288. }
  289. }
  290. void container(HANDLE hCurrentProcess,
  291. HANDLE hCurrentThread,
  292. DWORD dwCurrentPc,
  293. PWINDBG_EXTENSION_APIS lpExtensionApis,
  294. LPSTR lpArgumentString )
  295. {
  296. ExtensionRoutinePrologue();
  297. unsigned char buffer[sizeof(GPCONTAINER)];
  298. LPGPCONTAINER lpGPCont = (LPGPCONTAINER) buffer;
  299. DWORD dwBytesRead = 0;
  300. BOOL bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) dwAddr, buffer, sizeof(GPCONTAINER), &dwBytesRead );
  301. if ( bOk && dwBytesRead == sizeof(GPCONTAINER) )
  302. {
  303. WCHAR sz[256];
  304. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpGPCont->pwszDSPath, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  305. sz[127] = 0;
  306. dprintf("pwszDSPath - 0x%08X\t: \"%S\"\n", lpGPCont->pwszDSPath, bOk ? sz : L"" );
  307. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpGPCont->pwszGPOName, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  308. sz[127] = 0;
  309. dprintf("pwszGPONa - 0x%08X\t: \"%S\"\n", lpGPCont->pwszGPOName, bOk ? sz : L"" );
  310. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpGPCont->pwszDisplayName, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  311. sz[127] = 0;
  312. dprintf("pwszDisplayName - 0x%08X\t: \"%S\"\n", lpGPCont->pwszDisplayName, bOk ? sz : L"" );
  313. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpGPCont->pwszFileSysPath, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  314. sz[127] = 0;
  315. dprintf("pwszFileSysPath - 0x%08X\t: \"%S\"\n", lpGPCont->pwszFileSysPath, bOk ? sz : L"" );
  316. dprintf("bFound - %s\n", Boolean( lpGPCont->bFound ) );
  317. dprintf("bAccessDenied - %s\n", Boolean( lpGPCont->bAccessDenied ) );
  318. dprintf("bUserDisabled - %s\n", Boolean( lpGPCont->bUserDisabled ) );
  319. dprintf("bMachDisabled - %s\n", Boolean( lpGPCont->bMachDisabled ) );
  320. dprintf("dwUserVersion - 0x%08X\n", lpGPCont->dwUserVersion );
  321. dprintf("dwMachVersion - 0x%08X\n", lpGPCont->dwMachVersion );
  322. dprintf("pSD - 0x%08X\n", lpGPCont->pSD );
  323. dprintf("cbSDLen - 0x%08X\n", lpGPCont->cbSDLen );
  324. dprintf("pNext - 0x%08X\n", lpGPCont->pNext );
  325. }
  326. }
  327. void som( HANDLE hCurrentProcess,
  328. HANDLE hCurrentThread,
  329. DWORD dwCurrentPc,
  330. PWINDBG_EXTENSION_APIS lpExtensionApis,
  331. LPSTR lpArgumentString )
  332. {
  333. ExtensionRoutinePrologue();
  334. unsigned char buffer[sizeof(SCOPEOFMGMT)];
  335. LPSCOPEOFMGMT lpSOM = (LPSCOPEOFMGMT) buffer;
  336. DWORD dwBytesRead = 0;
  337. BOOL bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) dwAddr, buffer, sizeof(SCOPEOFMGMT), &dwBytesRead );
  338. if ( bOk && dwBytesRead == sizeof(SCOPEOFMGMT) )
  339. {
  340. WCHAR sz[128];
  341. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpSOM->pwszSOMId, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  342. sz[127] = 0;
  343. dprintf("pwszSOMId - 0x%08X\t: \"%S\"\n", lpSOM->pwszSOMId, bOk ? sz : L"" );
  344. dprintf("dwType - 0x%08X\n", lpSOM->dwType );
  345. dprintf("bBlocking - %s\n", Boolean( lpSOM->bBlocking ) );
  346. dprintf("pGpLinkList - 0x%08X\n", lpSOM->pGpLinkList );
  347. }
  348. }
  349. void profile( HANDLE hCurrentProcess,
  350. HANDLE hCurrentThread,
  351. DWORD dwCurrentPc,
  352. PWINDBG_EXTENSION_APIS lpExtensionApis,
  353. LPSTR lpArgumentString )
  354. {
  355. ExtensionRoutinePrologue();
  356. unsigned char buffer[sizeof(USERPROFILE)];
  357. LPPROFILE lpProf = (LPPROFILE) buffer;
  358. DWORD dwBytesRead = 0;
  359. BOOL bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) dwAddr, buffer, sizeof(USERPROFILE), &dwBytesRead );
  360. if ( bOk && dwBytesRead == sizeof(USERPROFILE) )
  361. {
  362. WCHAR sz[128];
  363. dprintf("dwFlags - 0x%08X\n", lpProf->dwFlags );
  364. dprintf("dwInternalFlags - 0x%08X\n", lpProf->dwInternalFlags );
  365. dprintf("dwUserPreference - 0x%08X\n", lpProf->dwUserPreference );
  366. dprintf("hToken - 0x%08X\n", lpProf->hToken );
  367. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpProf->lpUserName, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  368. sz[127] = 0;
  369. dprintf("lpUserName - 0x%08X\t: \"%S\"\n", lpProf->lpUserName, bOk ? sz : L"" );
  370. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpProf->lpProfilePath, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  371. sz[127] = 0;
  372. dprintf("lpProfilePath - 0x%08X\t: \"%S\"\n", lpProf->lpProfilePath, bOk ? sz : L"" );
  373. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpProf->lpRoamingProfile, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  374. sz[127] = 0;
  375. dprintf("lpRoamingProfile - 0x%08X\t: \"%S\"\n", lpProf->lpRoamingProfile, bOk ? sz : L"" );
  376. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpProf->lpDefaultProfile, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  377. sz[127] = 0;
  378. dprintf("lpDefaultProfile - 0x%08X\t: \"%S\"\n", lpProf->lpDefaultProfile, bOk ? sz : L"" );
  379. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpProf->lpLocalProfile, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  380. sz[127] = 0;
  381. dprintf("lpLocalProfile - 0x%08X\t: \"%S\"\n", lpProf->lpLocalProfile, bOk ? sz : L"" );
  382. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpProf->lpPolicyPath, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  383. sz[127] = 0;
  384. dprintf("lpPolicyPath - 0x%08X\t: \"%S\"\n", lpProf->lpPolicyPath, bOk ? sz : L"" );
  385. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpProf->lpServerName, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  386. sz[127] = 0;
  387. dprintf("lpServerName - 0x%08X\t: \"%S\"\n", lpProf->lpServerName, bOk ? sz : L"" );
  388. dprintf("hKeyCurrentUser - 0x%08X\n", lpProf->hKeyCurrentUser );
  389. dprintf("ftProfileLoad - 0x%08X:0x%08X\n", lpProf->ftProfileLoad.dwLowDateTime, lpProf->ftProfileLoad.dwHighDateTime );
  390. dprintf("ftProfileUnload - 0x%08X:0x%08X\n", lpProf->ftProfileUnload.dwLowDateTime, lpProf->ftProfileUnload.dwHighDateTime );
  391. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) lpProf->lpExclusionList, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  392. sz[127] = 0;
  393. dprintf("lpExclusionList - 0x%08X\t: \"%S\"\n", lpProf->lpExclusionList, bOk ? sz : L"" );
  394. }
  395. }
  396. void
  397. debuglevel( HANDLE hCurrentProcess,
  398. HANDLE hCurrentThread,
  399. DWORD dwCurrentPc,
  400. PWINDBG_EXTENSION_APIS lpExtensionApis,
  401. LPSTR lpArgumentString )
  402. {
  403. ExtensionRoutinePrologue();
  404. DWORD dwDebugLevelPtr = 0;
  405. dwDebugLevelPtr = GetExpression( "userenv!dwDebugLevel" );
  406. if ( dwDebugLevelPtr )
  407. {
  408. unsigned char buffer[sizeof(DWORD)];
  409. LPDWORD lpdw = (LPDWORD) buffer;
  410. DWORD dwBytesRead = 0;
  411. BOOL bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) dwDebugLevelPtr, buffer, sizeof(DWORD), &dwBytesRead );
  412. if ( bOk && dwBytesRead == sizeof(DWORD) )
  413. {
  414. dprintf("0x%08X\n", *lpdw );
  415. }
  416. /*
  417. if ( lpArgumentString && isxdigit( *lpArgumentString ) )
  418. {
  419. DWORD dwValue = GetExpression(lpArgumentString);
  420. dprintf("%x, Writing 0x%X at 0x%X\n", ExtensionApis.lpWriteProcessMemoryRoutine, dwValue, dwDebugLevelPtr );
  421. WriteMemoryExt( hCurrentProcess, (void*) dwDebugLevelPtr, (void*) dwValue, sizeof( DWORD ), 0 );
  422. }
  423. */
  424. }
  425. else
  426. {
  427. dprintf("Could not resolve symbol dwDebugLevel in module userenv!\n" );
  428. }
  429. }
  430. void
  431. globals( HANDLE hCurrentProcess,
  432. HANDLE hCurrentThread,
  433. DWORD dwCurrentPc,
  434. PWINDBG_EXTENSION_APIS lpExtensionApis,
  435. LPSTR lpArgumentString )
  436. {
  437. ExtensionRoutinePrologue();
  438. }
  439. void sizes( HANDLE hCurrentProcess,
  440. HANDLE hCurrentThread,
  441. DWORD dwCurrentPc,
  442. PWINDBG_EXTENSION_APIS lpExtensionApis,
  443. LPSTR lpArgumentString )
  444. {
  445. ExtensionRoutinePrologue();
  446. PRINT_SIZE(GPEXT);
  447. PRINT_SIZE(GPLINK);
  448. PRINT_SIZE(SCOPEOFMGMT);
  449. PRINT_SIZE(GPCONTAINER);
  450. PRINT_SIZE(GPOINFO);
  451. PRINT_SIZE(USERPROFILE);
  452. }
  453. void dmpregtable( HANDLE hCurrentProcess,
  454. HANDLE hCurrentThread,
  455. DWORD dwCurrentPc,
  456. PWINDBG_EXTENSION_APIS lpExtensionApis,
  457. LPSTR lpArgumentString )
  458. {
  459. ExtensionRoutinePrologue();
  460. unsigned char buffer[sizeof(REGHASHTABLE)];
  461. LPREGHASHTABLE pHashTable = (LPREGHASHTABLE) buffer;
  462. DWORD dwBytesRead = 0;
  463. int i;
  464. BOOL bError=FALSE;
  465. BOOL bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) dwAddr, buffer, sizeof(REGHASHTABLE), &dwBytesRead );
  466. if ( bOk && dwBytesRead == sizeof(REGHASHTABLE) )
  467. {
  468. WCHAR sz[128];
  469. dprintf("Dumping Registry HashTable at Location 0x%08X\n", dwAddr );
  470. for ( i=0; i<HASH_TABLE_SIZE; i++ ) {
  471. REGKEYENTRY *pKeyEntry = pHashTable->aHashTable[i];
  472. REGKEYENTRY KeyEntry;
  473. if (pKeyEntry)
  474. dprintf("Hash Bucket 0x%X\n", i);
  475. while ( pKeyEntry ) {
  476. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) pKeyEntry, &KeyEntry, sizeof(REGKEYENTRY), &dwBytesRead );
  477. if (!bOk || dwBytesRead != sizeof(REGKEYENTRY) ) {
  478. dprintf(" !!Couldn't read keyEntry at 0x%08X. quitting..\n", pKeyEntry);
  479. bError = TRUE;
  480. break;
  481. }
  482. dprintf(" KeyEntry at 0x%08X\n", pKeyEntry);
  483. pKeyEntry = &KeyEntry;
  484. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) pKeyEntry->pwszKeyName, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  485. sz[127] = 0;
  486. dprintf(" pwszKeyName - 0x%08X\t: \"%S\"\n", pKeyEntry->pwszKeyName, pKeyEntry->pwszKeyName?sz:L"<NULL>");
  487. REGVALUEENTRY *pValueList=pKeyEntry->pValueList;
  488. REGVALUEENTRY ValueList;
  489. while ( pValueList ) {
  490. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) pValueList, &ValueList, sizeof(REGVALUEENTRY), &dwBytesRead );
  491. if (!bOk || dwBytesRead != sizeof(REGVALUEENTRY) ) {
  492. dprintf(" !!Couldn't read ValueEntry at 0x%08X. quitting..\n", pValueList);
  493. bError = TRUE;
  494. break;
  495. }
  496. dprintf(" ValueEntry at 0x%08X\n", pValueList);
  497. pValueList = &ValueList;
  498. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) pValueList->pwszValueName, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  499. sz[127] = 0;
  500. dprintf(" pwszValueName - 0x%08X\t: \"%S\"\n", pValueList->pwszValueName, pValueList->pwszValueName?sz:L"<NULL>");
  501. REGDATAENTRY *pDataList = pValueList->pDataList;
  502. REGDATAENTRY DataList;
  503. while ( pDataList ) {
  504. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) pDataList, &DataList, sizeof(REGDATAENTRY), &dwBytesRead );
  505. if (!bOk || dwBytesRead != sizeof(REGDATAENTRY) ) {
  506. dprintf(" !!Couldn't read DataEntry at 0x%08X. quitting..\n", pDataList);
  507. bError = TRUE;
  508. break;
  509. }
  510. dprintf(" **DataEntry** at 0x%08X\n", pDataList);
  511. pDataList = &DataList;
  512. dprintf(" bDeleted - %s\n", pDataList->bDeleted?"TRUE":"FALSE");
  513. dprintf(" bAdmPolicy - %s\n", pDataList->bAdmPolicy?"TRUE":"FALSE");
  514. dprintf(" dwValueType - 0x%X\n", pDataList->dwValueType);
  515. dprintf(" dwDataLen - 0x%X\n", pDataList->dwDataLen);
  516. dprintf(" pData - 0x%08X\n", pDataList->pData);
  517. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) pDataList->pwszGPO, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  518. sz[127] = 0;
  519. dprintf(" pwszGPO - 0x%08X\t: \"%S\"\n", pDataList->pwszGPO, pDataList->pwszGPO?sz:L"<NULL>");
  520. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) pDataList->pwszSOM, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  521. sz[127] = 0;
  522. dprintf(" pwszSOM - 0x%08X\t: \"%S\"\n", pDataList->pwszSOM, pDataList->pwszSOM?sz:L"<NULL>");
  523. bOk = ReadMemoryExt( hCurrentProcess, ( const void * ) pDataList->pwszCommand, sz, sizeof(WCHAR) * 128, &dwBytesRead );
  524. sz[127] = 0;
  525. dprintf(" pwszCommand - 0x%08X\t: \"%S\"\n", pDataList->pwszCommand, pDataList->pwszCommand?sz:L"<NULL>");
  526. if (bError)
  527. break;
  528. pDataList = pDataList->pNext;
  529. } // While pDataList
  530. if (bError)
  531. break;
  532. pValueList = pValueList->pNext;
  533. } // While pValue
  534. if (bError)
  535. break;
  536. pKeyEntry = pKeyEntry->pNext;
  537. dprintf("\n");
  538. } // while pKey
  539. if (bError)
  540. break;
  541. }
  542. } // for
  543. }