#include #include // for BSTR definition #include #include #include #include "utilfun.h" #ifndef COREPROX_POLARITY #define COREPROX_POLARITY #endif #include #include typedef void IWbemCallSecurity; #ifndef INTERNAL #define INTERNAL #endif #ifndef ADDREF #define ADDREF #endif #ifndef READONLY #define READONLY #endif #ifdef GetContext #undef GetContext #endif #include #include typedef void IWmiDbSession; typedef void IWmiDbController; typedef void IWmiDbHandle; typedef void CWbemObject; typedef void CWbemClass; typedef void CWbemInstance; class CWbemNamespace; typedef void * PF_FilterForwarder; #define ReleaseIfNotNULL class CAsyncReq; class ParsedObjectPath; class CWmiMerger; #include #include #include #include #include #include #include class CAsyncReq : public CWbemRequest { protected: CStdSink *m_pHandler; long m_lRequestHandle; }; class CAsyncServiceQueue : public CWbemQueue{ }; /* class CFlexArray { private: DWORD m_nSize; DWORD m_nExtent; DWORD m_nGrowByPercent; void * m_pArray; } */ /* typedef enum tag_WMI_TASK_TYPE { WMICORE_TASK_NULL = 0, WMICORE_TASK_GET_OBJECT = 1, WMICORE_TASK_GET_INSTANCE = 2, WMICORE_TASK_PUT_INSTANCE = 3, WMICORE_TASK_DELETE_INSTANCE = 4, WMICORE_TASK_ENUM_INSTANCES = 5, WMICORE_TASK_GET_CLASS = 6, WMICORE_TASK_PUT_CLASS = 7, WMICORE_TASK_DELETE_CLASS = 8, WMICORE_TASK_ENUM_CLASSES = 9, WMICORE_TASK_EXEC_QUERY = 10, WMICORE_TASK_EXEC_METHOD = 11, WMICORE_TASK_OPEN = 12, WMICORE_TASK_OPEN_SCOPE = 13, WMICORE_TASK_OPEN_NAMESPACE = 14, WMICORE_TASK_OPEN_COLLECTION = 15, WMICORE_TASK_ADD = 16, WMICORE_TASK_REMOVE = 17, WMICORE_TASK_REFRESH_OBJECT = 18, WMICORE_TASK_RENAME_OBJECT = 19, WMICORE_TASK_ATOMIC_DYN_INST_GET = 20, WMICORE_TASK_ATOMIC_DYN_INST_ENUM = 21, WMICORE_TASK_ATOMIC_DYN_INST_QUERY = 22, WMICORE_TASK_ATOMIC_DYN_INST_PUT = 23, WMICORE_TASK_DYN_CLASS_ENUM = 24, WMICORE_TASK_EXEC_NOTIFICATION_QUERY = 25, WMICORE_TASK_TYPE_SYNC = 0x1000000, WMICORE_TASK_TYPE_SEMISYNC = 0x2000000, WMICORE_TASK_TYPE_ASYNC = 0x4000000, WMICORE_TASK_TYPE_PRIMARY = 0x10000000, WMICORE_TASK_TYPE_SUBTASK = 0x20000000, WMICORE_TASK_TYPE_DEPENDENT = 0x40000000 } WMI_TASK_TYPE; typedef enum tag_WMICORE_TASK_STATUS { WMICORE_TASK_STATUS_NEW = 1, WMICORE_TASK_STATUS_VALIDATED = WMICORE_TASK_STATUS_NEW + 1, WMICORE_TASK_STATUS_SUSPENDED = WMICORE_TASK_STATUS_VALIDATED + 1, WMICORE_TASK_STATUS_EXECUTING = WMICORE_TASK_STATUS_SUSPENDED + 1, WMICORE_TASK_STATUS_WAITING_ON_SUBTASKS = WMICORE_TASK_STATUS_EXECUTING + 1, WMICORE_TASK_STATUS_TIMED_OUT = WMICORE_TASK_STATUS_WAITING_ON_SUBTASKS + 1, WMICORE_TASK_STATUS_CORE_COMPLETED = WMICORE_TASK_STATUS_TIMED_OUT + 1, WMICORE_TASK_STATUS_CLIENT_COMPLETED = WMICORE_TASK_STATUS_CORE_COMPLETED + 1, WMICORE_TASK_STATUS_CANCELLED = WMICORE_TASK_STATUS_CLIENT_COMPLETED + 1, WMICORE_TASK_STATUS_FAILED = WMICORE_TASK_STATUS_CANCELLED + 1 } WMICORE_TASK_STATUS; */ //typedef void CWbemNamespace; char * GetTaskStatus(DWORD TaskStatus) { char * p = ""; switch(TaskStatus) { case WMICORE_TASK_STATUS_NEW: p = "WMICORE_TASK_STATUS_NEW"; break; case WMICORE_TASK_STATUS_VALIDATED: p = "WMICORE_TASK_STATUS_VALIDATED"; break; case WMICORE_TASK_STATUS_SUSPENDED: p = "WMICORE_TASK_STATUS_SUSPENDED"; break; case WMICORE_TASK_STATUS_EXECUTING: p = "WMICORE_TASK_STATUS_EXECUTING"; break; case WMICORE_TASK_STATUS_WAITING_ON_SUBTASKS: p = "WMICORE_TASK_STATUS_WAITING_ON_SUBTASKS"; break; case WMICORE_TASK_STATUS_TIMED_OUT: p = "WMICORE_TASK_STATUS_TIMED_OUT"; break; case WMICORE_TASK_STATUS_CORE_COMPLETED: p = "WMICORE_TASK_STATUS_CORE_COMPLETED"; break; case WMICORE_TASK_STATUS_CLIENT_COMPLETED: p = "WMICORE_TASK_STATUS_CLIENT_COMPLETED"; break; case WMICORE_TASK_STATUS_CANCELLED: p = "WMICORE_TASK_STATUS_CANCELLED"; break; case WMICORE_TASK_STATUS_FAILED: p = "WMICORE_TASK_STATUS_FAILED"; break; }; return p; } char * GetTaskType(DWORD TaskType) { char * p = ""; switch(TaskType & 0xFF) { case WMICORE_TASK_NULL: p = "WMICORE_TASK_NULL"; break; case WMICORE_TASK_GET_OBJECT: p = "WMICORE_TASK_GET_OBJECT"; break; case WMICORE_TASK_GET_INSTANCE: p = "WMICORE_TASK_GET_INSTANCE"; break; case WMICORE_TASK_PUT_INSTANCE: p = "WMICORE_TASK_PUT_INSTANCE"; break; case WMICORE_TASK_DELETE_INSTANCE: p = "WMICORE_TASK_DELETE_INSTANCE"; break; case WMICORE_TASK_ENUM_INSTANCES: p = "WMICORE_TASK_ENUM_INSTANCES"; break; case WMICORE_TASK_GET_CLASS: p = "WMICORE_TASK_GET_CLASS"; break; case WMICORE_TASK_PUT_CLASS: p = "WMICORE_TASK_PUT_CLASS"; break; case WMICORE_TASK_DELETE_CLASS: p = "WMICORE_TASK_DELETE_CLASS"; break; case WMICORE_TASK_ENUM_CLASSES: p = "WMICORE_TASK_ENUM_CLASSES"; break; case WMICORE_TASK_EXEC_QUERY: p = "WMICORE_TASK_EXEC_QUERY"; break; case WMICORE_TASK_EXEC_METHOD: p = "WMICORE_TASK_EXEC_METHOD"; break; case WMICORE_TASK_OPEN: p = "WMICORE_TASK_OPEN"; break; case WMICORE_TASK_OPEN_SCOPE: p = "WMICORE_TASK_OPEN_SCOPE"; break; case WMICORE_TASK_OPEN_NAMESPACE: p = "WMICORE_TASK_OPEN_NAMESPACE"; break; case WMICORE_TASK_EXEC_NOTIFICATION_QUERY: p = "WMICORE_TASK_EXEC_NOTIFICATION_QUERY"; break; } return p; } char * GetOpType(DWORD TaskType) { if (TaskType & WMICORE_TASK_TYPE_SYNC) return " WMICORE_TASK_TYPE_SYNC"; if (TaskType & WMICORE_TASK_TYPE_SEMISYNC) return " WMICORE_TASK_TYPE_SEMISYNC"; if (TaskType & WMICORE_TASK_TYPE_ASYNC) return " WMICORE_TASK_TYPE_ASYNC"; if (TaskType & WMICORE_TASK_TYPE_PRIMARY) return " WMICORE_TASK_TYPE_PRIMARY"; if (TaskType & WMICORE_TASK_TYPE_DEPENDENT) return " WMICORE_TASK_TYPE_DEPENDENT"; return ""; } void DumpCWmiTask(CWmiTask * pTask_OOP) { DEFINE_CPP_VAR(CWmiTask, MyWmiTask); if (ReadMemory((ULONG_PTR)pTask_OOP,&MyWmiTask,sizeof(MyWmiTask),0)) { CWmiTask * pWmiTask = (CWmiTask *)&MyWmiTask; dprintf(" m_uRefCount %d\n",pWmiTask->m_uRefCount); //: 0x3 dprintf(" m_uTaskType %s %s\n",GetTaskType(pWmiTask->m_uTaskType),GetOpType(pWmiTask->m_uTaskType)); //: 0x11000005 dprintf(" m_uTaskStatus %s\n",GetTaskStatus(pWmiTask->m_uTaskStatus)); //: 0x0 dprintf(" m_uTaskId %p\n",pWmiTask->m_uTaskId); //: 0x17f dprintf(" m_pAsyncClientSink %p\n",pWmiTask->m_pAsyncClientSink); //: (null) dprintf(" m_pReqSink %p\n",pWmiTask->m_pReqSink); //: 0x06e0cc80 //dprintf(" m_pWorkingFnz %p\n",pWmiTask->m_pWorkingFnz); //: 0x01395ed8 //dprintf(" m_pUser %p\n",pWmiTask->m_pUser); //: (null) //dprintf(" m_pSec %p\n",pWmiTask->m_pSec); //: (null) dprintf(" m_pAsyncClientSink %p\n",pWmiTask->m_pAsyncClientSink); //: (null) dprintf(" m_pNs %p\n",pWmiTask->m_pNs); //: 0x0131a198 DWORD i; VOID ** ppPointers = (VOID **)_alloca(max(pWmiTask->m_aTaskProviders.m_nSize,pWmiTask->m_aArbitratees.m_nSize)); dprintf(" m_aTaskProviders: size %x p %p\n", pWmiTask->m_aTaskProviders.m_nSize, pWmiTask->m_aTaskProviders.m_pArray); if (pWmiTask->m_aTaskProviders.m_nSize) { if (ReadMemory((ULONG_PTR)pWmiTask->m_aTaskProviders.m_pArray,ppPointers,sizeof(void *)*pWmiTask->m_aTaskProviders.m_nSize,NULL)) { for(i=0;im_aTaskProviders.m_nSize;i++) { dprintf(" %p - %x\n",ppPointers[i],i); GetVTable((MEMORY_ADDRESS)ppPointers[i]); } } } dprintf(" m_aArbitratees: size %x p %p\n", pWmiTask->m_aArbitratees.m_nSize, pWmiTask->m_aArbitratees.m_pArray); if (pWmiTask->m_aArbitratees.m_nSize) { if (ReadMemory((ULONG_PTR)pWmiTask->m_aArbitratees.m_pArray,ppPointers,sizeof(void *)*pWmiTask->m_aArbitratees.m_nSize,NULL)) { for(i=0;im_aArbitratees.m_nSize;i++) { dprintf(" %p - %x\n",ppPointers[i],i); GetVTable((MEMORY_ADDRESS)ppPointers[i]); } } } } else { dprintf("RM %p\n",pTask_OOP); } } DWORD DumpCAsyncReq(ULONG_PTR pAsyncReq_OOP) { DEFINE_CPP_VAR(CAsyncReq,MyCAsyncReq); if (ReadMemory((ULONG_PTR)pAsyncReq_OOP,&MyCAsyncReq,sizeof(CAsyncReq),NULL)) { CAsyncReq * pAsyncReq = (CAsyncReq *)&MyCAsyncReq; GetVTable((MEMORY_ADDRESS)pAsyncReq_OOP); dprintf(" %p m_hWhenDone\n",pAsyncReq->m_hWhenDone); // Ptr32 to Void dprintf(" %p m_pNext\n",pAsyncReq->m_pNext); // Ptr32 CCoreExecReq dprintf(" %08x m_lPriority\n",pAsyncReq->m_lPriority); // Int 4B dprintf(" %d m_fOk\n",pAsyncReq->m_fOk); // Char dprintf(" %p m_phTask ",pAsyncReq->m_phTask); // Ptr32 _IWmiCoreHandle if (pAsyncReq->m_phTask){ DumpCWmiTask((CWmiTask *)pAsyncReq->m_phTask); } dprintf(" %p m_pContext\n",pAsyncReq->m_pContext); // Ptr32 IWbemContext dprintf(" %p m_pCA\n",pAsyncReq->m_pCA); // Ptr32 IWbemCausalityAccess dprintf(" %p m_pCallSec\n",pAsyncReq->m_pCallSec); // Ptr32 IWbemCallSecurity dprintf(" %p m_pHandler ",pAsyncReq->m_pHandler); // Ptr32 CStdSink //GetVTable(pAsyncReq->m_pHandler); dprintf(" %08x m_lRequestHandle\n",pAsyncReq->m_lRequestHandle); // Int 4B } else { dprintf("RM %p\n",pAsyncReq_OOP); } return 0; } DWORD EnumListNamespaces(VOID * pStructure_OOP, VOID * pLocalStructure) { /* DEFINE_CPP_VAR(CWbemNamespace, MyWbemNamespace); ReadMemory((ULONG_PTR)pNamespace_OOP,&MyWbemNamespace,sizeof(CWbemNamespace),0); */ dprintf(" - CWbemNamespace @ %p\n",pStructure_OOP); CWbemNamespace * pName = (CWbemNamespace *)pLocalStructure; dprintf(" m_bShutDown %d\n",pName->m_bShutDown); dprintf(" Status %d\n",pName->Status); dprintf(" m_uSecondaryRefCount %d\n",pName->m_uSecondaryRefCount); // WCHAR pBuff[MAX_PATH]; ReadMemory((ULONG_PTR)pName->m_pThisNamespace,pBuff,sizeof(pBuff),0); pBuff[MAX_PATH-1] = 0; // in any case dprintf(" m_pThisNamespace %S\n",pBuff); dprintf(" m_pProvFact %p\n",pName->m_pProvFact); dprintf(" m_pCoreSvc %p\n",pName->m_pCoreSvc); dprintf(" m_bRepositOnly %d\n",pName->m_bRepositOnly); dprintf(" m_pRefreshingSvc %p\n",pName->m_pRefreshingSvc); dprintf(" m_bESS %d\n",pName->m_bESS); return 0; } void GetThreadInfo(HANDLE hThread,HANDLE hSourceProcess) { HANDLE hThreadThisProc; if (DuplicateHandle(hSourceProcess, hThread, GetCurrentProcess(), &hThreadThisProc, 0, FALSE, DUPLICATE_SAME_ACCESS)) { NTSTATUS Status; ULONG Long; THREAD_BASIC_INFORMATION TBasicInfo; Status = NtQueryInformationThread(hThreadThisProc, ThreadBasicInformation, &TBasicInfo, sizeof(TBasicInfo), &Long); if ( Status == 0 ) { dprintf(" %p %x.%x\n",TBasicInfo.TebBaseAddress,TBasicInfo.ClientId.UniqueProcess,TBasicInfo.ClientId.UniqueThread); } else { dprintf(" NTSTATUS %08x\n",Status); } CloseHandle(hThreadThisProc); } else { dprintf("DuplicateHandle %d\n",GetLastError()); } } void DumpRecord(ULONG_PTR pRecord_OOP, HANDLE hSourceProcess, pfnDumpRequest DumpRequest) { DEFINE_CPP_VAR(CCoreQueue::CThreadRecord,MyThreadRecord); if (ReadMemory((ULONG_PTR)pRecord_OOP,&MyThreadRecord,sizeof(CCoreQueue::CThreadRecord),NULL)) { CCoreQueue::CThreadRecord * pRecord = (CCoreQueue::CThreadRecord *)&MyThreadRecord; //dprintf(" %p m_pQueue\n",pRecord->m_pQueue); //: Ptr32 CCoreQueue dprintf(" %p m_pCurrentRequest",pRecord->m_pCurrentRequest);// : Ptr32 CCoreExecReq dprintf(" %d m_bReady",pRecord->m_bReady); //: Int 4B dprintf(" %d m_bExitNow",pRecord->m_bExitNow); //: Int 4B dprintf(" %p m_hThread",pRecord->m_hThread); //: Ptr32 to Void dprintf(" %p m_hAttention\n",pRecord->m_hAttention); //: Ptr32 to Void GetThreadInfo(pRecord->m_hThread,hSourceProcess); if (pRecord->m_pCurrentRequest) { //DumpCAsyncReq((CAsyncReq *)pRecord->m_pCurrentRequest); if (DumpRequest) DumpRequest((ULONG_PTR)pRecord->m_pCurrentRequest); } } else { dprintf("RM %p\n",pRecord_OOP); } } DECLARE_API( q ) { INIT_API(); ULONG_PTR Addr = GetExpression("wbemcore!g_pAsyncSvcQueue"); if (Addr) { CAsyncServiceQueue * pAsyncQueue = NULL; if (ReadMemory(Addr,&pAsyncQueue,sizeof(CAsyncServiceQueue *),0)) { dprintf("CAsyncServiceQueue %p\n",pAsyncQueue); DEFINE_CPP_VAR(CAsyncServiceQueue,MyAsyncServiceQueue); if (ReadMemory((ULONG_PTR)pAsyncQueue,&MyAsyncServiceQueue,sizeof(CAsyncServiceQueue),NULL)) { pAsyncQueue = (CAsyncServiceQueue *)&MyAsyncServiceQueue; //m_aThreads : CFlexArray dprintf(" elems %d pointer %p\n",pAsyncQueue->m_aThreads.m_nSize,pAsyncQueue->m_aThreads.m_pArray); CCoreQueue::CThreadRecord ** pRecord_OOP = (CCoreQueue::CThreadRecord **)_alloca(sizeof(void*)*pAsyncQueue->m_aThreads.m_nSize); if (ReadMemory((ULONG_PTR)pAsyncQueue->m_aThreads.m_pArray,pRecord_OOP,sizeof(void*)*pAsyncQueue->m_aThreads.m_nSize,0)) { DWORD i; for (i=0;im_aThreads.m_nSize;i++) { dprintf(" -- CThreadRecord %p - %d\n",pRecord_OOP[i],i); DumpRecord((ULONG_PTR)pRecord_OOP[i],hCurrentProcess,DumpCAsyncReq); } } else { dprintf("RM %p\n",pRecord_OOP); } dprintf(" m_pHead %p\n",pAsyncQueue->m_pHead); dprintf(" m_pTail %p\n",pAsyncQueue->m_pTail); // here code for the list CCoreExecReq * pReq = pAsyncQueue->m_pHead; DWORD i = 0; while (pReq) { dprintf(" ---- list - %d\n",i++); DEFINE_CPP_VAR(CCoreExecReq,MyAsyncReq); CCoreExecReq * pReqHERE = GET_CPP_VAR_PTR(CCoreExecReq,MyAsyncReq); if (ReadMemory((ULONG_PTR)pReq,pReqHERE,sizeof(CCoreExecReq),NULL)) { //dprintf(" %p %p\n",pReq,pReqHERE->m_pNext); DumpCAsyncReq((ULONG_PTR)pReq); } else { dprintf("RM %p\n",pReq); break; } if (pReq == pAsyncQueue->m_pTail) break; pReq = pReqHERE->m_pNext; if (CheckControlC()) break; } // dprintf(" m_lNumThreads %d \n",pAsyncQueue->m_lNumThreads); dprintf(" m_lNumIdle %d\n",pAsyncQueue->m_lNumIdle); dprintf(" m_lNumRequests %d\n",pAsyncQueue->m_lNumRequests); dprintf(" m_lMaxThreads %d\n",pAsyncQueue->m_lMaxThreads); dprintf(" m_lHiPriBound %d\n",pAsyncQueue->m_lHiPriBound); dprintf(" m_lHiPriMaxThreads %d\n",pAsyncQueue->m_lHiPriMaxThreads); dprintf(" m_lStartSlowdownCount %d\n",pAsyncQueue->m_lStartSlowdownCount); dprintf(" m_lAbsoluteLimitCount %d\n",pAsyncQueue->m_lAbsoluteLimitCount); dprintf(" m_lOneSecondDelayCount %d\n",pAsyncQueue->m_lOneSecondDelayCount); dprintf(" m_dblAlpha %f\n",pAsyncQueue->m_dblAlpha); dprintf(" m_dblBeta %f\n",pAsyncQueue->m_dblBeta); dprintf(" m_dwTimeout %x\n",pAsyncQueue->m_dwTimeout); // m_dwOverflowTimeout // m_lChildPenalty // m_lSiblingPenalty // m_lPassingPenalty } else { dprintf("RM %p\n",pAsyncQueue); } } else { dprintf("RM %p\n",Addr); } } else { dprintf("unable to resolve wbemcore!g_pAsyncSvcQueue"); } } #include void Dump_CWmiFinalizer() { DWORD Val; ULONG_PTR pAddr; pAddr = GetExpression("wbemcore!s_Finalizer_ObjectCount"); ReadMemory(pAddr,&Val,sizeof(DWORD),NULL); dprintf(" s_Finalizer_ObjectCount = %d\n",Val); pAddr = GetExpression("wbemcore!s_FinalizerCallResult_ObjectCount"); ReadMemory(pAddr,&Val,sizeof(DWORD),NULL); dprintf(" s_FinalizerCallResult_ObjectCount = %d\n",Val); pAddr = GetExpression("wbemcore!s_FinalizerEnum_ObjectCount"); ReadMemory(pAddr,&Val,sizeof(DWORD),NULL); dprintf(" s_FinalizerEnum_ObjectCount = %d\n",Val); pAddr = GetExpression("wbemcore!s_FinalizerEnumSink_ObjectCount"); ReadMemory(pAddr,&Val,sizeof(DWORD),NULL); dprintf(" s_FinalizerEnumSink_ObjectCount = %d\n",Val); pAddr = GetExpression("wbemcore!s_FinalizerInBoundSink_ObjectCount"); ReadMemory(pAddr,&Val,sizeof(DWORD),NULL); dprintf(" s_FinalizerInBoundSink_ObjectCount = %d\n\n",Val); } void DumpCProvSink(CProviderSink * pProvSink) { dprintf(" Total Indicates = %d\n", pProvSink->m_lIndicateCount); WCHAR pString[MAX_PATH+1]; pString[MAX_PATH] = 0; if (ReadMemory((ULONG_PTR)pProvSink->m_pszDebugInfo,pString,MAX_PATH*sizeof(WCHAR),NULL)) { dprintf(" Debug Info = %S\n",pString); } dprintf(" SetStatus called? %d\n", pProvSink->m_bDone); dprintf(" hRes = 0x%x\n", pProvSink->m_hRes); dprintf(" m_pNextSink = %p\n", pProvSink->m_pNextSink); } DECLARE_API( arb ) { INIT_API(); CWmiArbitrator * pArbit_OOP = NULL; ULONG_PTR Addr = GetExpression(args); if (NULL == Addr) { Addr = GetExpression("wbemcore!CWmiArbitrator__m_pArb"); if (Addr) { if (ReadMemory(Addr,&pArbit_OOP,sizeof(CWmiArbitrator *),0)) { } else { dprintf("RM %p\n",Addr); } } else { dprintf("unable to resolve wbemcore!CWmiArbitrator__m_pArb\n"); } } else pArbit_OOP = (CWmiArbitrator *)Addr; if (pArbit_OOP) { DWORD Val; ULONG_PTR pAddr; pAddr = GetExpression("wbemcore!g_nSinkCount"); ReadMemory(pAddr,&Val,sizeof(DWORD),NULL); dprintf("Total sinks active = %d\n",Val); pAddr = GetExpression("wbemcore!g_nStdSinkCount"); ReadMemory(pAddr,&Val,sizeof(DWORD),NULL); dprintf("Total std sink objects = %d\n",Val); pAddr = GetExpression("wbemcore!g_nSynchronousSinkCount"); ReadMemory(pAddr,&Val,sizeof(DWORD),NULL); dprintf("Total Sync sink objects = %d\n",Val); pAddr = GetExpression("wbemcore!g_nProviderSinkCount"); ReadMemory(pAddr,&Val,sizeof(DWORD),NULL); dprintf("Total Prov sink objects = %d\n",Val); pAddr = GetExpression("wbemcore!g_lCoreThreads"); ReadMemory(pAddr,&Val,sizeof(DWORD),NULL); dprintf("Total Core Threads = %d\n",Val); pAddr = GetExpression("fastprox!g_lDebugObjCount"); ReadMemory(pAddr,&Val,sizeof(DWORD),NULL); dprintf("Total Obj-QualSets = %d\n",Val); Dump_CWmiFinalizer(); DEFINE_CPP_VAR(CWmiArbitrator,varWmiArbitrator); CWmiArbitrator * pArbit = GET_CPP_VAR_PTR(CWmiArbitrator,varWmiArbitrator); dprintf("CWmiArbitrator %p\n",pArbit_OOP); if (ReadMemory((ULONG_PTR)pArbit_OOP,pArbit,sizeof(CWmiArbitrator),NULL)) { dprintf(" m_lRefCount %d\n",pArbit->m_lRefCount); dprintf(" m_uTotalTasks %d\n",pArbit->m_uTotalTasks); dprintf(" m_uTotalPrimaryTasks %d\n",pArbit->m_uTotalPrimaryTasks); DWORD dwTot = pArbit->m_aTasks.m_nSize*sizeof(void*); void ** pMem = new void *[dwTot]; DWORD i; dprintf(" m_aTasks P %p S %x\n",pArbit->m_aTasks.m_pArray,pArbit->m_aTasks.m_nSize); if (ReadMemory((ULONG_PTR)pArbit->m_aTasks.m_pArray,pMem,dwTot,0)) { for (i=0;im_aTasks.m_nSize;i++) { dprintf(" - CWmiTask %d - %p\n",i,pMem[i]); if (pMem[i]) { DumpCWmiTask((CWmiTask *)pMem[i]); } else { dprintf(" \n"); } } } else { dprintf("RM %p\n",pArbit->m_aTasks.m_pArray); } delete [] pMem; //m_aNamespaces /* DWORD dwTot2 = pArbit->m_aNamespaces.m_nSize*sizeof(void*); void ** pMem2 = new void *[dwTot2]; dprintf(" m_aNamespaces P %p S %x\n",pArbit->m_aNamespaces.m_pArray,pArbit->m_aNamespaces.m_nSize); if (ReadMemory((ULONG_PTR)pArbit->m_aNamespaces.m_pArray,pMem2,dwTot2,0)) { for (i=0;im_aNamespaces.m_nSize;i++) { dprintf(" - CWbemNamespace %d - %p\n",i,pMem2[i]); if (pMem2[i]) { DumpCWbemNamespace((CWbemNamespace *)pMem2[i]); } } } else { dprintf("RM %p\n",pArbit->m_aNamespaces.m_pArray); } delete [] pMem2; */ ULONG_PTR pListHead_oop = (ULONG_PTR)pArbit_OOP + FIELD_OFFSET(CWmiArbitrator,m_NameSpaceList); EnumLinkedListCB((LIST_ENTRY *)pListHead_oop, sizeof(CWmiArbitrator), FIELD_OFFSET(CWbemNamespace,m_EntryArb), EnumListNamespaces); } else { dprintf("RM %p\n",pArbit_OOP); } } //g_aProviderSinks DEFINE_CPP_VAR(CFlexArray,varCFlexArray); CFlexArray * pFlexArray = GET_CPP_VAR_PTR(CFlexArray,varCFlexArray); Addr = GetExpression("wbemcore!g_aProviderSinks"); if (Addr) { if (ReadMemory(Addr,pFlexArray,sizeof(CFlexArray),NULL)) { VOID ** ppPointers = (VOID **)_alloca(pFlexArray->m_nSize*sizeof(void *)); if (ReadMemory((ULONG_PTR)pFlexArray->m_pArray,ppPointers,pFlexArray->m_nSize*sizeof(void *),NULL)) { for(DWORD i =0 ;im_nSize;i++) { dprintf(" - CProviderSink %d - %p\n",i,ppPointers[i]); GetVTable((MEMORY_ADDRESS)ppPointers[i]); DEFINE_CPP_VAR(CProviderSink,varCProviderSink); CProviderSink * pProvSink = GET_CPP_VAR_PTR(CProviderSink,varCProviderSink); if (ppPointers[i] && ReadMemory((ULONG_PTR)ppPointers[i],pProvSink,sizeof(CProviderSink),NULL)) { DumpCProvSink(pProvSink); } else { dprintf("RM %p\n",ppPointers[i]); } } } } } }