You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
403 lines
16 KiB
403 lines
16 KiB
/*++
|
|
|
|
Copyright (c) 1992 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
help.c
|
|
|
|
Abstract:
|
|
|
|
Help for AFD.SYS Kernel Debugger Extensions.
|
|
|
|
Author:
|
|
|
|
Keith Moore (keithmo) 19-Apr-1995
|
|
|
|
Environment:
|
|
|
|
User Mode.
|
|
|
|
Revision History:
|
|
|
|
--*/
|
|
|
|
|
|
#include "afdkdp.h"
|
|
#pragma hdrstop
|
|
|
|
|
|
|
|
//
|
|
// Public functions.
|
|
//
|
|
|
|
DECLARE_API( help )
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Displays help for the AFD.SYS Kernel Debugger Extensions.
|
|
|
|
Arguments:
|
|
|
|
None.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
|
|
{
|
|
|
|
gClient = pClient;
|
|
|
|
dprintf( "? - Displays this list\n" );
|
|
dprintf( "help - Displays this list\n" );
|
|
dprintf( "endp [-b[rl]|-c|-v] [-r] [-f[co] fld,...] [-s endp | endp... | -e expr]\n"
|
|
" - Dumps endpoint(s)\n" );
|
|
dprintf( "file [-b[rl]|-v] [file...] [-f[co] fld,...] \n"
|
|
" - Dumps endpoint(s) associated with file object(s)\n" );
|
|
dprintf( "port [-b[rl]|-c|-v] [-r] [-e expr] [-f[co] fld,...] [-s endp] port\n"
|
|
" - Dumps endpoint(s) bound to port(s)\n" );
|
|
dprintf( "state [-b[rl]|-c|-v] [-r] [-e expr] [-f[co] fld,...] [-s endp] state\n"
|
|
" - Dumps endpoints in specific states\n" );
|
|
dprintf( "proc [-b[rl]|-c|-v] [-r] [-e expr] [-f[co] fld,...] [-s endp] [{proc|pid}]\n"
|
|
" - Dumps endpoints owned by processes\n" );
|
|
dprintf( "conn [-b|-c|-v] [-r] [-f[co] fld,...] [-s endp | conn... | -e expr]\n"
|
|
" - Dumps connections\n" );
|
|
dprintf( "rport [-b|-c|-v] [-r] [-f[co] fld,...] [-e expr] [-s endp] port\n"
|
|
" - Dumps connections to remote ports\n" );
|
|
dprintf( "tran [-b[l]|-c|-v] [-r] [-f[co] fld,...] [-s endp | irp... | -e expr]\n"
|
|
" - Dumps TransmitPackets/File info\n" );
|
|
dprintf( "buff [-b|-c|-v] [-r] [-f[co] fld,...] [-s endp | buff... | -e expr]\n"
|
|
" - Dumps buffer structure\n");
|
|
dprintf( "poll [-b|-v] [-r] [-f[co] fld,...] [-s endp | poll... | -e expr]\n"
|
|
" - Dumps poll info structure(s)\n" );
|
|
dprintf( "addr [-b|-v] [-f[co] fld,...] addr\n"
|
|
" - Dumps transport address\n" );
|
|
dprintf( "addrlist [-b|-v] [-f[co] fld,...] [-e expr]\n"
|
|
" - Dumps addresses registered by the transports\n" );
|
|
dprintf( "tranlist [-b|-v] [-f[co] fld,...] [-e expr]\n"
|
|
" - Dumps transports known to afd (have open sockets)\n" );
|
|
dprintf( "filefind <FsContext> - Finds file object given its FsContext field value\n" );
|
|
dprintf( "In all of the above:\n" );
|
|
dprintf( " -b[rl] - use brief display (1-line per entry),\n"
|
|
" r - dump text representation of the remote address,\n"
|
|
" l - count items in linked lists (takes time),\n");
|
|
dprintf( " -c - don't display entry data, just count them,\n" );
|
|
dprintf( " -e expr - while scanning list evaluate the <expr> and only\n"
|
|
" dump entry if its result is not 0, prefix <expr> with @@\n"
|
|
" to use debugger's C++ evaluator, @$exp represents\n"
|
|
" current entry being processed (e.g. @$exp-><FieldName>\n"
|
|
" gets field values),\n" );
|
|
dprintf( " -f[co] fld,... - dump additional fields of the entries specified\n"
|
|
" (comma separated list, no spaces), c-compact,o-no offsets\n" );
|
|
dprintf( " -s endp - scan list starting with this endpoint,\n" );
|
|
dprintf( " -r - scan endpoint list in reverse order,\n" );
|
|
dprintf( " -v - force verbose display,\n" );
|
|
dprintf( " endp - AFD_ENDPOINT structure at address <endp>,\n" );
|
|
dprintf( " file - FILE_OBJECT structure at address <file>,\n" );
|
|
dprintf( " conn - AFD_CONNECTION structure at address <conn>,\n" );
|
|
dprintf( " proc - EPROCESS structure at address <proc>,\n" );
|
|
dprintf( " pid - process id,\n" );
|
|
dprintf( " port - port in host byte order and current debugger base (use n 10|16 to set),\n" );
|
|
dprintf( " irp - TPackets/TFile/DisconnectEx IRP at address <irp>,\n" );
|
|
dprintf( " buff - AFD_BUFFER_HEADER structure at address <buff>,\n" );
|
|
dprintf( " poll - AFD_POLL_INFO_INTERNAL structure at address <poll>,\n" );
|
|
dprintf( " addr - TRANSPORT_ADDRESS structure at address <addr>,\n" );
|
|
dprintf( " state - endpoint state, valid states are:\n" );
|
|
dprintf( " 1 - Open\n" );
|
|
dprintf( " 2 - Bound\n" );
|
|
dprintf( " 3 - Connected\n" );
|
|
dprintf( " 4 - Cleanup\n" );
|
|
dprintf( " 5 - Closing\n" );
|
|
dprintf( " 6 - TransmitClosing\n" );
|
|
dprintf( " 7 - Invalid\n" );
|
|
dprintf( " 10 - Listening.\n" );
|
|
dprintf( "\n");
|
|
if( IsReferenceDebug ) {
|
|
dprintf( "cref <conn> - Dumps connection reference debug info\n" );
|
|
dprintf( "eref <endp> - Dumps endpoint reference debug info\n" );
|
|
dprintf( "tref <tpck> - Dumps tpacket reference debug info\n" );
|
|
}
|
|
dprintf( "sock [-m] [-f[co] fld,...] [-e expr | Hdl] - Dumps user mode socket context(s)\n"
|
|
" for current address space (needs ws2help, ws2_32,\n"
|
|
" and %s (for -m) symbols).\n",
|
|
SavedMinorVersion>2195 ? "mswsock.dll" : "msafd.dll");
|
|
dprintf( "dprov [-f[co] fld,...] [-e expr | prov] - Dumps Winsock2 protocol or catalog\n"
|
|
" for current address space (needs ws2_32 symbols).\n");
|
|
dprintf( "nprov [-f[co] fld,...] [-e expr | prov] - Dumps Winsock2 namesapce or catalog\n"
|
|
" for current address space (needs ws2_32 symbols).\n");
|
|
dprintf( "tcb [-w] [-y] [-f[co] fld,...] [-e expr | tcb] - Dumps TCPIP TCB or TCBTable\n"
|
|
" -w dumps TWTCBTable, -y dumps SYNTCBTable.\n");
|
|
dprintf( "tao [-f[co] fld,...] [-e expr | ao] - Dumps TCPIP AO or AOTable.\n");
|
|
dprintf( "tcb6 [-f[co] fld,...] [-e expr | tcb6] - Dumps TCPIP6 TCB or TCBTable.\n");
|
|
dprintf( "tao6 [-f[co] fld,...] [-e expr | ao6] - Dumps TCPIP6 AO or AOTable.\n");
|
|
dprintf( "stats - Dumps debug-only statistics\n" );
|
|
dprintf( "version - Display extension version and reload global info\n" );
|
|
#if GLOBAL_REFERENCE_DEBUG
|
|
dprintf( "gref - Dumps global reference debug info\n" );
|
|
#endif
|
|
|
|
return S_OK;
|
|
} // help
|
|
|
|
|
|
ULONG Options;
|
|
ULONG64 StartEndpoint;
|
|
CHAR Conditional[MAX_CONDITIONAL_EXPRESSION];
|
|
CHAR FieldNames[MAX_FIELDS_EXPRESSION];
|
|
FIELD_INFO Fields[MAX_NUM_FIELDS];
|
|
SYM_DUMP_PARAM FldParam = {
|
|
sizeof (SYM_DUMP_PARAM), // size
|
|
NULL, // sName
|
|
0, // Options
|
|
0, // addr
|
|
NULL, // listLink
|
|
NULL, NULL, // Context,CallbackRoutine
|
|
0, // nFields
|
|
Fields // Fields
|
|
};
|
|
CHAR LinkField[MAX_FIELD_CHARS];
|
|
CHAR ListedType[MAX_FIELD_CHARS];
|
|
ULONG CppFieldEnd;
|
|
|
|
|
|
PCHAR
|
|
ProcessOptions (
|
|
IN PCHAR Args
|
|
)
|
|
{
|
|
CHAR expr[max(MAX_FIELDS_EXPRESSION,MAX_CONDITIONAL_EXPRESSION)];
|
|
ULONG i;
|
|
|
|
Options = 0;
|
|
CppFieldEnd = 0;
|
|
FldParam.nFields = 0;
|
|
FldParam.Options = 0;
|
|
|
|
while (sscanf( Args, "%s%n", expr, &i )==1) {
|
|
Args += i;
|
|
if (CheckControlC ())
|
|
break;
|
|
if (expr[0]=='-') {
|
|
switch (expr[1]) {
|
|
case 'B':
|
|
case 'b':
|
|
if ((Options & (AFDKD_NO_DISPLAY))==0) {
|
|
Options |= AFDKD_BRIEF_DISPLAY;
|
|
for (i=2; expr[i]!=0; i++) {
|
|
switch (expr[i]) {
|
|
case 'l':
|
|
Options |= AFDKD_LIST_COUNT;
|
|
break;
|
|
case 'r':
|
|
Options |= AFDKD_RADDR_DISPLAY;
|
|
break;
|
|
}
|
|
}
|
|
continue;
|
|
}
|
|
else {
|
|
dprintf ("\nProcessOptions: only one of -b or -c options can be specified.\n");
|
|
}
|
|
break;
|
|
case 'C':
|
|
case 'c':
|
|
Options |= AFDKD_NO_DISPLAY;
|
|
Options &= ~AFDKD_BRIEF_DISPLAY;
|
|
continue;
|
|
case 'E':
|
|
case 'e':
|
|
if (sscanf( Args, "%s%n", Conditional, &i )==1) {
|
|
Args += i;
|
|
Options |= AFDKD_CONDITIONAL;
|
|
continue;
|
|
}
|
|
else {
|
|
dprintf ("\nProcessOptions: -e requires an argument.\n");
|
|
}
|
|
break;
|
|
case 'F':
|
|
case 'f':
|
|
for (i=2; expr[i]!=0; i++) {
|
|
switch (expr[i]) {
|
|
case 'c':
|
|
FldParam.Options |= DBG_DUMP_COMPACT_OUT;
|
|
break;
|
|
case 'o':
|
|
FldParam.Options |= DBG_DUMP_NO_OFFSET;
|
|
break;
|
|
}
|
|
}
|
|
if (sscanf( Args, "%s%n", FieldNames, &i )==1) {
|
|
PCHAR fld;
|
|
Args += i;
|
|
Options |= AFDKD_FIELD_DISPLAY;
|
|
if (strcmp (FieldNames,".")==0) {
|
|
FldParam.nFields = 0;
|
|
CppFieldEnd = 0;
|
|
continue;
|
|
}
|
|
for (i=FldParam.nFields, fld = strtok (FieldNames, ",");
|
|
i<sizeof (Fields)/sizeof (Fields[0]) && fld!=NULL;
|
|
i++, fld = strtok (NULL, ",")) {
|
|
Fields[i].fOptions = DBG_DUMP_FIELD_FULL_NAME;
|
|
if (*fld=='-') {
|
|
fld+=1;
|
|
do {
|
|
switch (*fld) {
|
|
case 'a':
|
|
Fields[i].fOptions |= DBG_DUMP_FIELD_ARRAY;
|
|
break;
|
|
case 'g':
|
|
Fields[i].fOptions |= DBG_DUMP_FIELD_GUID_STRING;
|
|
break;
|
|
case 'm':
|
|
Fields[i].fOptions |= DBG_DUMP_FIELD_MULTI_STRING;
|
|
break;
|
|
case 's':
|
|
Fields[i].fOptions |= DBG_DUMP_FIELD_DEFAULT_STRING;
|
|
break;
|
|
case 'w':
|
|
Fields[i].fOptions |= DBG_DUMP_FIELD_WCHAR_STRING;
|
|
break;
|
|
case 'y':
|
|
Fields[i].fOptions &= ~DBG_DUMP_FIELD_FULL_NAME;
|
|
break;
|
|
}
|
|
}
|
|
while (*fld++!=':');
|
|
}
|
|
Fields[i].fName = fld;
|
|
}
|
|
if (fld==NULL) {
|
|
if (i>0) {
|
|
FldParam.nFields = i;
|
|
CppFieldEnd = i;
|
|
for (i=0; i<FldParam.nFields; i++) {
|
|
if (strncmp (Fields[i].fName,
|
|
AFDKD_CPP_PREFIX,
|
|
AFDKD_CPP_PREFSZ)==0) {
|
|
FIELD_INFO tmp = Fields[i];
|
|
Fields[i] = Fields[--FldParam.nFields];
|
|
Fields[FldParam.nFields] = tmp;
|
|
}
|
|
}
|
|
continue;
|
|
}
|
|
else {
|
|
dprintf("\nProcessOptions: -f requires at least one valid field name.\n");
|
|
}
|
|
}
|
|
else {
|
|
dprintf("\nProcessOptions: too many fields (>%d) for -f.\n", i);
|
|
}
|
|
}
|
|
else {
|
|
dprintf ("\nProcessOptions: -f requires an argument.\n");
|
|
}
|
|
break;
|
|
case 'L':
|
|
case 'l':
|
|
for (i=2; expr[i]!=0; i++) {
|
|
switch (expr[i]) {
|
|
case 'a':
|
|
Options |= AFDKD_LINK_AOF;
|
|
break;
|
|
case 's':
|
|
Options |= AFDKD_LINK_SELF;
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (sscanf( Args, "%s%n", LinkField, &i )==1) {
|
|
Args += i;
|
|
Options |= AFDKD_LINK_FIELD;
|
|
continue;
|
|
}
|
|
else {
|
|
dprintf ("\nProcessOptions: -l requires an argument.\n");
|
|
}
|
|
break;
|
|
case 'M':
|
|
case 'm':
|
|
Options |= AFDKD_MSWSOCK_DISPLAY;
|
|
continue;
|
|
case 'R':
|
|
case 'r':
|
|
Options |= AFDKD_BACKWARD_SCAN;
|
|
continue;
|
|
case 'S':
|
|
case 's':
|
|
Options |= AFDKD_ENDPOINT_SCAN;
|
|
if (sscanf( Args, "%s%n", expr, &i )==1) {
|
|
Args += i;
|
|
StartEndpoint = GetExpression (expr);
|
|
if (StartEndpoint!=0) {
|
|
dprintf ("ProcessOptions: StartEndpoint-%p\n", StartEndpoint);
|
|
continue;
|
|
}
|
|
else {
|
|
dprintf ("ProcessOptions: StartEndpoint (%s) evaluates to NULL\n", expr);
|
|
}
|
|
|
|
}
|
|
else {
|
|
dprintf ("\nProcessOptions: %s option missing required parameter.\n", expr);
|
|
}
|
|
break;
|
|
case 'T':
|
|
case 't':
|
|
|
|
if (sscanf( Args, "%s%n", ListedType, &i )==1) {
|
|
Args += i;
|
|
Options |= AFDKD_LIST_TYPE;
|
|
continue;
|
|
}
|
|
else {
|
|
dprintf ("\nProcessOptions: -l requires an argument.\n");
|
|
}
|
|
break;
|
|
case 'V':
|
|
case 'v':
|
|
Options &= ~AFDKD_BRIEF_DISPLAY;
|
|
continue;
|
|
case 'W':
|
|
case 'w':
|
|
if ((Options & (AFDKD_SYNTCB_DISPLAY))==0) {
|
|
Options |= AFDKD_TWTCB_DISPLAY;
|
|
continue;
|
|
}
|
|
else {
|
|
dprintf ("\nProcessOptions: only one of -y or -w options can be specified.\n");
|
|
}
|
|
break;
|
|
case 'Y':
|
|
case 'y':
|
|
if ((Options & (AFDKD_TWTCB_DISPLAY))==0) {
|
|
Options |= AFDKD_SYNTCB_DISPLAY;
|
|
continue;
|
|
}
|
|
else {
|
|
dprintf ("\nProcessOptions: only one of -y or -w options can be specified.\n");
|
|
}
|
|
break;
|
|
default:
|
|
dprintf ("\nProcessOptions: Unrecognized option %s.\n", expr);
|
|
}
|
|
|
|
return NULL;
|
|
}
|
|
else {
|
|
Args -= i;
|
|
break;
|
|
}
|
|
}
|
|
|
|
return Args;
|
|
}
|
|
|