You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
329 lines
12 KiB
329 lines
12 KiB
#include "pch.h"
|
|
#include "fatkd.h"
|
|
#include "..\nodetype.h"
|
|
#include "..\fat.h"
|
|
#include "..\fatstruc.h"
|
|
#include "..\fatdata.h"
|
|
|
|
STATE FatFcbState[] = {
|
|
|
|
{ FCB_STATE_DELETE_ON_CLOSE, FCB_STATE_DELETE_ON_CLOSE, "DeleteOnClose" },
|
|
{ FCB_STATE_TRUNCATE_ON_CLOSE, FCB_STATE_TRUNCATE_ON_CLOSE, "TruncateOnClose" },
|
|
{ FCB_STATE_PAGING_FILE, FCB_STATE_PAGING_FILE, "PagingFile" },
|
|
{ FCB_STATE_FORCE_MISS_IN_PROGRESS, FCB_STATE_FORCE_MISS_IN_PROGRESS, "ForceMissInProgress" },
|
|
{ FCB_STATE_FLUSH_FAT, FCB_STATE_FLUSH_FAT, "FlushFat" },
|
|
{ FCB_STATE_TEMPORARY, FCB_STATE_TEMPORARY, "Temporary" },
|
|
{ FCB_STATE_SYSTEM_FILE, FCB_STATE_SYSTEM_FILE, "SystemFile" },
|
|
{ FCB_STATE_NAMES_IN_SPLAY_TREE, FCB_STATE_NAMES_IN_SPLAY_TREE, "NamesInSplayTree" },
|
|
{ FCB_STATE_HAS_OEM_LONG_NAME, FCB_STATE_HAS_OEM_LONG_NAME, "OEMLongName" },
|
|
{ FCB_STATE_HAS_UNICODE_LONG_NAME, FCB_STATE_HAS_UNICODE_LONG_NAME, "UnicodeLongName" },
|
|
{ FCB_STATE_DELAY_CLOSE, FCB_STATE_DELAY_CLOSE, "DelayClose" },
|
|
{ FCB_STATE_8_LOWER_CASE, FCB_STATE_8_LOWER_CASE, "8LowerCase" },
|
|
{ FCB_STATE_3_LOWER_CASE, FCB_STATE_3_LOWER_CASE, "3LowerCase" },
|
|
{ 0 }
|
|
};
|
|
|
|
|
|
STATE FatIrpContextFlags[] = {
|
|
|
|
{ IRP_CONTEXT_FLAG_DISABLE_DIRTY, IRP_CONTEXT_FLAG_DISABLE_DIRTY, "DisableDirty" },
|
|
{ IRP_CONTEXT_FLAG_WAIT, IRP_CONTEXT_FLAG_WAIT, "Wait"},
|
|
{ IRP_CONTEXT_FLAG_WRITE_THROUGH, IRP_CONTEXT_FLAG_WRITE_THROUGH, "WriteThrough"},
|
|
{ IRP_CONTEXT_FLAG_DISABLE_WRITE_THROUGH, IRP_CONTEXT_FLAG_DISABLE_WRITE_THROUGH, "DisableWriteThrough"},
|
|
{ IRP_CONTEXT_FLAG_RECURSIVE_CALL, IRP_CONTEXT_FLAG_RECURSIVE_CALL, "RecursiveCall"},
|
|
{ IRP_CONTEXT_FLAG_DISABLE_POPUPS, IRP_CONTEXT_FLAG_DISABLE_POPUPS, "DisablePopups"},
|
|
{ IRP_CONTEXT_FLAG_DEFERRED_WRITE, IRP_CONTEXT_FLAG_DEFERRED_WRITE, "DeferredWrite"},
|
|
{ IRP_CONTEXT_FLAG_VERIFY_READ, IRP_CONTEXT_FLAG_VERIFY_READ, "VerifyRead"},
|
|
{ IRP_CONTEXT_STACK_IO_CONTEXT, IRP_CONTEXT_STACK_IO_CONTEXT, "StackIoContext"},
|
|
{ IRP_CONTEXT_FLAG_IN_FSP, IRP_CONTEXT_FLAG_IN_FSP, "InFsp"},
|
|
{ IRP_CONTEXT_FLAG_USER_IO, IRP_CONTEXT_FLAG_USER_IO, "UserIo"},
|
|
{ IRP_CONTEXT_FLAG_DISABLE_RAISE, IRP_CONTEXT_FLAG_DISABLE_RAISE, "DisableRaise"},
|
|
{ IRP_CONTEXT_FLAG_PARENT_BY_CHILD, IRP_CONTEXT_FLAG_PARENT_BY_CHILD, "ParentByChild"},
|
|
{ 0 }
|
|
};
|
|
|
|
|
|
STATE FatVcbStateFlags[] = {
|
|
|
|
{ VCB_STATE_FLAG_LOCKED, VCB_STATE_FLAG_LOCKED, "Locked"},
|
|
{ VCB_STATE_FLAG_REMOVABLE_MEDIA, VCB_STATE_FLAG_REMOVABLE_MEDIA, "Removable"},
|
|
{ VCB_STATE_FLAG_VOLUME_DIRTY, VCB_STATE_FLAG_VOLUME_DIRTY, "VolumeDirty"},
|
|
{ VCB_STATE_FLAG_MOUNTED_DIRTY, VCB_STATE_FLAG_MOUNTED_DIRTY, "MountedDirty"},
|
|
{ VCB_STATE_FLAG_SHUTDOWN, VCB_STATE_FLAG_SHUTDOWN, "Shutdown"},
|
|
{ VCB_STATE_FLAG_CLOSE_IN_PROGRESS, VCB_STATE_FLAG_CLOSE_IN_PROGRESS, "CloseInProgress"},
|
|
{ VCB_STATE_FLAG_DELETED_FCB, VCB_STATE_FLAG_DELETED_FCB, "DeletedFcb"},
|
|
{ VCB_STATE_FLAG_CREATE_IN_PROGRESS, VCB_STATE_FLAG_CREATE_IN_PROGRESS, "CreateInProgress"},
|
|
{ VCB_STATE_FLAG_BOOT_OR_PAGING_FILE, VCB_STATE_FLAG_BOOT_OR_PAGING_FILE, "BootOrPagingFile"},
|
|
{ VCB_STATE_FLAG_DEFERRED_FLUSH, VCB_STATE_FLAG_DEFERRED_FLUSH, "DeferredFlush"},
|
|
{ VCB_STATE_FLAG_ASYNC_CLOSE_ACTIVE, VCB_STATE_FLAG_ASYNC_CLOSE_ACTIVE, "AsyncCloseActive"},
|
|
{ VCB_STATE_FLAG_WRITE_PROTECTED, VCB_STATE_FLAG_WRITE_PROTECTED, "WriteProtect"},
|
|
{ VCB_STATE_FLAG_REMOVAL_PREVENTED, VCB_STATE_FLAG_REMOVAL_PREVENTED, "RemovalPrevented"},
|
|
{ VCB_STATE_FLAG_VOLUME_DISMOUNTED, VCB_STATE_FLAG_VOLUME_DISMOUNTED, "Dismounted"},
|
|
{ 0 }
|
|
};
|
|
|
|
|
|
STATE FatCcbFlags[] = {
|
|
|
|
{ CCB_FLAG_MATCH_ALL, CCB_FLAG_MATCH_ALL, "MatchAll"},
|
|
{ CCB_FLAG_SKIP_SHORT_NAME_COMPARE, CCB_FLAG_SKIP_SHORT_NAME_COMPARE, "ShortNameCompare"},
|
|
{ CCB_FLAG_FREE_OEM_BEST_FIT, CCB_FLAG_FREE_OEM_BEST_FIT, "OemBestFit"},
|
|
{ CCB_FLAG_FREE_UNICODE, CCB_FLAG_FREE_UNICODE, "FreeUnicode"},
|
|
{ CCB_FLAG_USER_SET_LAST_WRITE, CCB_FLAG_USER_SET_LAST_WRITE, "UserSetLastWrite"},
|
|
{ CCB_FLAG_USER_SET_LAST_ACCESS, CCB_FLAG_USER_SET_LAST_ACCESS, "UserSetLastAccess"},
|
|
{ CCB_FLAG_USER_SET_CREATION, CCB_FLAG_USER_SET_CREATION, "UserSetCreation"},
|
|
{ CCB_FLAG_READ_ONLY, CCB_FLAG_READ_ONLY, "ReadOnly"},
|
|
{ CCB_FLAG_DASD_FLUSH_DONE, CCB_FLAG_DASD_FLUSH_DONE, "DasdFlushDone"},
|
|
{ CCB_FLAG_DASD_PURGE_DONE, CCB_FLAG_DASD_PURGE_DONE, "DasdPurgeDone"},
|
|
{ CCB_FLAG_DELETE_ON_CLOSE, CCB_FLAG_DELETE_ON_CLOSE, "DeleteOnClose"},
|
|
{ CCB_FLAG_OPENED_BY_SHORTNAME, CCB_FLAG_OPENED_BY_SHORTNAME, "OpenedByShortname"},
|
|
{ CCB_FLAG_QUERY_TEMPLATE_MIXED, CCB_FLAG_QUERY_TEMPLATE_MIXED, "QueryTemplateMixed"},
|
|
{ CCB_FLAG_ALLOW_EXTENDED_DASD_IO, CCB_FLAG_ALLOW_EXTENDED_DASD_IO, "AllowExtendedDasdIo"},
|
|
{ CCB_FLAG_CLOSE_CONTEXT, CCB_FLAG_CLOSE_CONTEXT, "CloseContext"},
|
|
{ CCB_FLAG_COMPLETE_DISMOUNT, CCB_FLAG_COMPLETE_DISMOUNT, "CompleteDismount"},
|
|
{ 0 }
|
|
};
|
|
|
|
|
|
VOID
|
|
FatSummaryFcbDumpRoutine(
|
|
IN ULONG64 RemoteAddress,
|
|
IN LONG Options
|
|
)
|
|
{
|
|
ULONG Offset;
|
|
|
|
if (Options >= 2) {
|
|
|
|
DumpFatFcb( RemoteAddress, 0, 0);
|
|
}
|
|
else {
|
|
|
|
USHORT Type;
|
|
|
|
ReadM( &Type, RemoteAddress, sizeof( Type));
|
|
|
|
if ((Type != FAT_NTC_FCB) && (FAT_NTC_DCB != Type) &&
|
|
(Type != FAT_NTC_ROOT_DCB)
|
|
) {
|
|
|
|
dprintf( "FCB/DCB signature does not match @%I64x", RemoteAddress);
|
|
return;
|
|
}
|
|
|
|
ROE( GetFieldValue( RemoteAddress, "fastfat!FCB", "LfnOffsetWithinDirectory", Offset));
|
|
|
|
dprintf( "\n%s @ %I64x LFNDirOfst: %08x ", NodeTypeName( TypeCodeInfoIndex( Type)), RemoteAddress, Offset);
|
|
|
|
ROE( GetFieldOffset( "fastfat!FCB", "FullFileName", &Offset));
|
|
DumpStr( Offset, RemoteAddress + Offset, "ShortName", FALSE, TRUE);
|
|
}
|
|
}
|
|
|
|
|
|
DUMP_ROUTINE( DumpFatFcb )
|
|
{
|
|
ULONG Result;
|
|
USHORT Type;
|
|
ULONG FcbState, Flags, Offset, Offsetb;
|
|
UINT64 NonP;
|
|
FIELD_INFO Expand[] = { //{ ".", NULL, 0, 0, 0, NULL},
|
|
{ "Header.", NULL, 0, DBG_DUMP_FIELD_RECUR_ON_THIS,0, NULL}
|
|
};
|
|
FIELD_INFO ExpandFcb[] = { //{ ".", NULL, 0, 0, 0, NULL},
|
|
{ "Specific.Fcb.", NULL, 0, DBG_DUMP_FIELD_RECUR_ON_THIS,0, NULL}
|
|
};
|
|
FIELD_INFO ExpandDcb[] = { //{ ".", NULL, 0, 0, 0, NULL},
|
|
{ "Specific.Dcb.", NULL, 0, DBG_DUMP_FIELD_RECUR_ON_THIS,0, NULL}
|
|
};
|
|
|
|
ReadM( &Type, Address, sizeof( Type));
|
|
|
|
dprintf("[ Option flags: 1 = list children, 2 = Dump MCB ]\n\n");
|
|
|
|
//
|
|
// Having established that this looks like an fcb, let's dump the
|
|
// interesting parts.
|
|
//
|
|
|
|
ROE( GetFieldValue( Address, InfoNode->TypeName, "FcbState", FcbState));
|
|
dprintf("FcbState : ");
|
|
PrintState( FatFcbState, FcbState );
|
|
|
|
ROE( GetFieldValue( Address, InfoNode->TypeName, "Header.Flags", Flags));
|
|
dprintf("Header.Flags : ");
|
|
PrintState( HeaderFlags, Flags );
|
|
|
|
ROE( GetFieldValue( Address, InfoNode->TypeName, "Header.Flags2", Flags));
|
|
dprintf("Header.Flags2: ");
|
|
PrintState( HeaderFlags2, Flags );
|
|
dprintf("\n");
|
|
|
|
//
|
|
// Dump names etc.
|
|
//
|
|
|
|
ROE( GetFieldOffset( InfoNode->TypeName, "ShortName.Name.Unicode", &Offset));
|
|
DumpStr( Offset, Address + Offset, "ShortName: ", FALSE, FALSE);
|
|
|
|
if ( FcbState & FCB_STATE_HAS_UNICODE_LONG_NAME) {
|
|
|
|
ROE( GetFieldOffset( InfoNode->TypeName, "LongName.Unicode.Name.Unicode", &Offset));
|
|
DumpStr( Offset, Address + Offset, "LongName :", FALSE, TRUE);
|
|
}
|
|
|
|
dprintf("\n");
|
|
Dt( InfoNode->TypeName, Address, 0, 1, Expand);
|
|
Dt( InfoNode->TypeName, Address, 0, 0, NULL);
|
|
dprintf("\n");
|
|
|
|
//
|
|
// Expand F/Dcb specific portion
|
|
//
|
|
|
|
if (Type == FAT_NTC_FCB) {
|
|
|
|
Dt( InfoNode->TypeName, Address, 0, 1, ExpandFcb);
|
|
}
|
|
else {
|
|
|
|
Dt( InfoNode->TypeName, Address, 0, 1, ExpandDcb);
|
|
}
|
|
|
|
//
|
|
// Nonpaged portion
|
|
//
|
|
|
|
ROE( GetFieldValue( Address, InfoNode->TypeName, "NonPaged", NonP));
|
|
|
|
if (NonP != 0) {
|
|
|
|
dprintf("\nNonpaged part @ %I64x\n\n", NonP);
|
|
|
|
Dt( "fastfat!NON_PAGED_FCB", NonP, 0, 0, NULL);
|
|
}
|
|
|
|
//
|
|
// Dump all children / siblings?
|
|
//
|
|
|
|
if (( Options & 1) && ((FAT_NTC_DCB == Type) ||
|
|
(FAT_NTC_ROOT_DCB == Type))) {
|
|
|
|
dprintf("\nChild Fcb list\n");
|
|
|
|
ROE( GetFieldOffset( InfoNode->TypeName, "Specific.Dcb.ParentDcbQueue", &Offset));
|
|
ROE( GetFieldOffset( InfoNode->TypeName, "ParentDcbLinks", &Offsetb));
|
|
|
|
DumpList( Address + Offset,
|
|
FatSummaryFcbDumpRoutine,
|
|
Offsetb,
|
|
FALSE,
|
|
0 );
|
|
}
|
|
|
|
if (Options & 2) {
|
|
|
|
ROE( GetFieldOffset( InfoNode->TypeName, "Mcb", &Offset));
|
|
DumpLargeMcb( Address+Offset, 0, NULL);
|
|
}
|
|
|
|
dprintf( "\n" );
|
|
}
|
|
|
|
|
|
DUMP_ROUTINE( DumpFatCcb)
|
|
{
|
|
ULONG Flags;
|
|
|
|
ROE( GetFieldValue( Address, InfoNode->TypeName, "Flags", Flags));
|
|
|
|
dprintf( "Ccb.Flags: ");
|
|
PrintState( FatCcbFlags, Flags);
|
|
dprintf( "\n");
|
|
|
|
Dt( InfoNode->TypeName, Address, Options, 0, NULL);
|
|
}
|
|
|
|
|
|
DUMP_ROUTINE( DumpFatIrpContext)
|
|
{
|
|
ULONG Flags;
|
|
|
|
ROE( GetFieldValue( Address, InfoNode->TypeName, "Flags", Flags));
|
|
|
|
dprintf( "IrpContext.Flags: ");
|
|
PrintState( FatIrpContextFlags, Flags);
|
|
dprintf( "\n");
|
|
|
|
Dt( InfoNode->TypeName, Address, Options, 0, NULL);
|
|
}
|
|
|
|
|
|
DUMP_ROUTINE( DumpFatVcb)
|
|
{
|
|
ULONG Flags;
|
|
FIELD_INFO Alloc[] = { //{ ".", NULL, 0, 0, 0, NULL},
|
|
{ "AllocationSupport.", NULL, 0, DBG_DUMP_FIELD_RECUR_ON_THIS,0, NULL}
|
|
};
|
|
|
|
ROE( GetFieldValue( Address, InfoNode->TypeName, "VcbState", Flags));
|
|
|
|
dprintf( "Vcb.VcbState: ");
|
|
PrintState( FatVcbStateFlags, Flags);
|
|
dprintf( "\n");
|
|
|
|
Dt( InfoNode->TypeName, Address, Options, 0, NULL);
|
|
|
|
dprintf( "\n");
|
|
|
|
Dt( InfoNode->TypeName, Address, 1, 1, Alloc);
|
|
|
|
dprintf( "\n" );
|
|
}
|
|
|
|
|
|
DUMP_ROUTINE( DumpFatVdo)
|
|
{
|
|
USHORT Ntc;
|
|
PUSHORT pNtc;
|
|
ULONG Offset;
|
|
|
|
ReadM( &Ntc, Address, sizeof( Ntc));
|
|
|
|
if (FAT_NTC_VCB == Ntc) {
|
|
|
|
//
|
|
// Looks like we've been given a VCB pointer. Work back to the containing vdo.
|
|
//
|
|
|
|
dprintf("Backtracking to containing VDO from VCB...");
|
|
|
|
ROE( GetFieldOffset( "fastfat!VOLUME_DEVICE_OBJECT", "Vcb", &Offset));
|
|
|
|
Address -= Offset;
|
|
}
|
|
|
|
dprintf( "\nFAT Volume device object @ %08lx\n", Address );
|
|
|
|
Dt( "fastfat!VOLUME_DEVICE_OBJECT", Address, Options, 0, NULL);
|
|
}
|
|
|
|
|
|
DECLARE_API( fatvdo )
|
|
{
|
|
UNREFERENCED_PARAMETER( dwCurrentPc );
|
|
UNREFERENCED_PARAMETER( hCurrentProcess );
|
|
|
|
ParseAndDump( (PCHAR) args, (STRUCT_DUMP_ROUTINE) DumpFatVdo, dwProcessor, hCurrentThread );
|
|
}
|
|
|
|
|
|
DECLARE_API( fatmcb )
|
|
{
|
|
UNREFERENCED_PARAMETER( dwCurrentPc );
|
|
UNREFERENCED_PARAMETER( hCurrentProcess );
|
|
|
|
ParseAndDump( (PCHAR) args, (STRUCT_DUMP_ROUTINE) DumpLargeMcb, dwProcessor, hCurrentThread );
|
|
}
|
|
|