Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

1506 lines
42 KiB

/*++
Copyright(c) 1999-2002 Microsoft Corporation
--*/
#include "pch.cpp"
#include "platform.h"
//----------------------------------------------------------------------------
//
// Win32LiveSystemProvider.
//
//----------------------------------------------------------------------------
Win32LiveSystemProvider::Win32LiveSystemProvider(ULONG PlatformId,
ULONG BuildNumber)
{
m_PlatformId = PlatformId;
m_BuildNumber = BuildNumber;
m_PsApi = NULL;
m_EnumProcessModules = NULL;
m_GetModuleFileNameExW = NULL;
m_Kernel32 = NULL;
m_OpenThread = NULL;
m_Thread32First = NULL;
m_Thread32Next = NULL;
m_Module32First = NULL;
m_Module32Next = NULL;
m_Module32FirstW = NULL;
m_Module32NextW = NULL;
m_CreateToolhelp32Snapshot = NULL;
m_GetLongPathNameA = NULL;
m_GetLongPathNameW = NULL;
m_GetProcessTimes = NULL;
}
Win32LiveSystemProvider::~Win32LiveSystemProvider(void)
{
if (m_PsApi) {
FreeLibrary(m_PsApi);
}
if (m_Kernel32) {
FreeLibrary(m_Kernel32);
}
}
HRESULT
Win32LiveSystemProvider::Initialize(void)
{
m_PsApi = LoadLibrary("psapi.dll");
if (m_PsApi) {
m_EnumProcessModules = (ENUM_PROCESS_MODULES)
GetProcAddress(m_PsApi, "EnumProcessModules");
m_GetModuleFileNameExW = (GET_MODULE_FILE_NAME_EX_W)
GetProcAddress(m_PsApi, "GetModuleFileNameExW");
}
m_Kernel32 = LoadLibrary("kernel32.dll");
if (m_Kernel32) {
m_OpenThread = (OPEN_THREAD)
GetProcAddress(m_Kernel32, "OpenThread");
m_Thread32First = (THREAD32_FIRST)
GetProcAddress(m_Kernel32, "Thread32First");
m_Thread32Next = (THREAD32_NEXT)
GetProcAddress(m_Kernel32, "Thread32Next");
m_Module32First = (MODULE32_FIRST)
GetProcAddress(m_Kernel32, "Module32First");
m_Module32Next = (MODULE32_NEXT)
GetProcAddress(m_Kernel32, "Module32Next");
m_Module32FirstW = (MODULE32_FIRST)
GetProcAddress(m_Kernel32, "Module32FirstW");
m_Module32NextW = (MODULE32_NEXT)
GetProcAddress(m_Kernel32, "Module32NextW");
m_CreateToolhelp32Snapshot = (CREATE_TOOLHELP32_SNAPSHOT)
GetProcAddress(m_Kernel32, "CreateToolhelp32Snapshot");
m_GetLongPathNameA = (GET_LONG_PATH_NAME_A)
GetProcAddress(m_Kernel32, "GetLongPathNameA");
m_GetLongPathNameW = (GET_LONG_PATH_NAME_W)
GetProcAddress(m_Kernel32, "GetLongPathNameW");
m_GetProcessTimes = (GET_PROCESS_TIMES)
GetProcAddress(m_Kernel32, "GetProcessTimes");
}
return S_OK;
}
void
Win32LiveSystemProvider::Release(void)
{
delete this;
}
HRESULT
Win32LiveSystemProvider::GetCurrentTimeDate(OUT PULONG TimeDate)
{
FILETIME FileTime;
GetSystemTimeAsFileTime(&FileTime);
*TimeDate = FileTimeToTimeDate(&FileTime);
return S_OK;
}
HRESULT
Win32LiveSystemProvider::GetCpuType(OUT PULONG Type,
OUT PBOOL BackingStore)
{
SYSTEM_INFO SysInfo;
GetSystemInfo(&SysInfo);
*Type = GenProcArchToImageMachine(SysInfo.wProcessorArchitecture);
if (*Type == IMAGE_FILE_MACHINE_UNKNOWN) {
return E_INVALIDARG;
}
#ifdef DUMP_BACKING_STORE
*BackingStore = TRUE;
#else
*BackingStore = FALSE;
#endif
return S_OK;
}
#if defined(i386)
BOOL
X86CpuId(
IN ULONG32 SubFunction,
OUT PULONG32 EaxRegister, OPTIONAL
OUT PULONG32 EbxRegister, OPTIONAL
OUT PULONG32 EcxRegister, OPTIONAL
OUT PULONG32 EdxRegister OPTIONAL
)
{
BOOL Succ;
ULONG32 _Eax;
ULONG32 _Ebx;
ULONG32 _Ecx;
ULONG32 _Edx;
__try {
__asm {
mov eax, SubFunction
__emit 0x0F
__emit 0xA2 ;; CPUID
mov _Eax, eax
mov _Ebx, ebx
mov _Ecx, ecx
mov _Edx, edx
}
if ( EaxRegister ) {
*EaxRegister = _Eax;
}
if ( EbxRegister ) {
*EbxRegister = _Ebx;
}
if ( EcxRegister ) {
*EcxRegister = _Ecx;
}
if ( EdxRegister ) {
*EdxRegister = _Edx;
}
Succ = TRUE;
}
__except ( EXCEPTION_EXECUTE_HANDLER ) {
Succ = FALSE;
}
return Succ;
}
VOID
GetCpuInformation(
PCPU_INFORMATION Cpu
)
{
BOOL Succ;
//
// Get the VendorID
//
Succ = X86CpuId ( CPUID_VENDOR_ID,
NULL,
&Cpu->X86CpuInfo.VendorId [0],
&Cpu->X86CpuInfo.VendorId [2],
&Cpu->X86CpuInfo.VendorId [1]
);
if ( !Succ ) {
//
// CPUID is not supported on this processor.
//
ZeroMemory (&Cpu->X86CpuInfo, sizeof (Cpu->X86CpuInfo));
}
//
// Get the feature information.
//
Succ = X86CpuId ( CPUID_VERSION_FEATURES,
&Cpu->X86CpuInfo.VersionInformation,
NULL,
NULL,
&Cpu->X86CpuInfo.FeatureInformation
);
if ( !Succ ) {
Cpu->X86CpuInfo.VersionInformation = 0;
Cpu->X86CpuInfo.FeatureInformation = 0;
}
//
// Get the AMD specific information if this is an AMD processor.
//
if ( Cpu->X86CpuInfo.VendorId [0] == AMD_VENDOR_ID_0 &&
Cpu->X86CpuInfo.VendorId [1] == AMD_VENDOR_ID_1 &&
Cpu->X86CpuInfo.VendorId [2] == AMD_VENDOR_ID_2 ) {
Succ = X86CpuId ( CPUID_AMD_EXTENDED_FEATURES,
NULL,
NULL,
NULL,
&Cpu->X86CpuInfo.AMDExtendedCpuFeatures
);
if ( !Succ ) {
Cpu->X86CpuInfo.AMDExtendedCpuFeatures = 0;
}
}
}
#else // #if defined(i386)
VOID
GetCpuInformation(
PCPU_INFORMATION Cpu
)
/*++
Routine Description:
Get CPU information for non-X86 platform using the
IsProcessorFeaturePresent() API call.
Arguments:
Cpu - A buffer where the processor feature information will be copied.
Note: we copy the processor features as a set of bits or'd together.
Also, we only allow for the first 128 processor feature flags.
Return Value:
None.
--*/
{
ULONG i;
DWORD j;
for (i = 0; i < ARRAY_COUNT (Cpu->OtherCpuInfo.ProcessorFeatures); i++) {
Cpu->OtherCpuInfo.ProcessorFeatures[i] = 0;
for (j = 0; j < 64; j++) {
if (IsProcessorFeaturePresent ( j + i * 64 )) {
Cpu->OtherCpuInfo.ProcessorFeatures[i] |= 1 << j;
}
}
}
}
#endif // #if defined(i386)
HRESULT
Win32LiveSystemProvider::GetCpuInfo(OUT PUSHORT Architecture,
OUT PUSHORT Level,
OUT PUSHORT Revision,
OUT PUCHAR NumberOfProcessors,
OUT PCPU_INFORMATION Info)
{
SYSTEM_INFO SysInfo;
GetSystemInfo(&SysInfo);
*Architecture = SysInfo.wProcessorArchitecture;
*Level = SysInfo.wProcessorLevel;
*Revision = SysInfo.wProcessorRevision;
*NumberOfProcessors = (UCHAR)SysInfo.dwNumberOfProcessors;
GetCpuInformation(Info);
return S_OK;
}
void
Win32LiveSystemProvider::GetContextSizes(OUT PULONG Size,
OUT PULONG RegScanOffset,
OUT PULONG RegScanCount)
{
*Size = sizeof(CONTEXT);
#ifdef _X86_
// X86 has two sizes of context.
switch(m_PlatformId) {
case VER_PLATFORM_WIN32_NT:
if (m_BuildNumber < NT_BUILD_WIN2K) {
*Size = FIELD_OFFSET(CONTEXT, ExtendedRegisters);
}
break;
case VER_PLATFORM_WIN32_WINDOWS:
if (m_BuildNumber <= 1998) {
*Size = FIELD_OFFSET(CONTEXT, ExtendedRegisters);
}
break;
default:
*Size = FIELD_OFFSET(CONTEXT, ExtendedRegisters);
break;
}
#endif
// Default reg scan.
*RegScanOffset = -1;
*RegScanCount = -1;
}
void
Win32LiveSystemProvider::GetPointerSize(OUT PULONG Size)
{
*Size = sizeof(PVOID);
}
void
Win32LiveSystemProvider::GetPageSize(OUT PULONG Size)
{
*Size = PAGE_SIZE;
}
void
Win32LiveSystemProvider::GetFunctionTableSizes(OUT PULONG TableSize,
OUT PULONG EntrySize)
{
#if defined(_IA64_) || defined(_AMD64_)
*TableSize = sizeof(DYNAMIC_FUNCTION_TABLE);
*EntrySize = sizeof(RUNTIME_FUNCTION);
#else
*TableSize = 0;
*EntrySize = 0;
#endif
}
void
Win32LiveSystemProvider::GetInstructionWindowSize(OUT PULONG Size)
{
// Default window.
*Size = -1;
}
HRESULT
Win32LiveSystemProvider::GetOsInfo(OUT PULONG PlatformId,
OUT PULONG Major,
OUT PULONG Minor,
OUT PULONG BuildNumber,
OUT PUSHORT ProductType,
OUT PUSHORT SuiteMask)
{
OSVERSIONINFOEXA OsInfo;
// Try first with the EX struct.
OsInfo.dwOSVersionInfoSize = sizeof(OsInfo);
if (!GetVersionExA((LPOSVERSIONINFO)&OsInfo)) {
// EX struct didn't work, try with the basic struct.
ZeroMemory(&OsInfo, sizeof(OsInfo));
OsInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFOA);
if (!GetVersionExA((LPOSVERSIONINFO)&OsInfo)) {
return WIN32_LAST_STATUS();
}
}
*PlatformId = OsInfo.dwPlatformId;
*Major = OsInfo.dwMajorVersion;
*Minor = OsInfo.dwMinorVersion;
*BuildNumber = OsInfo.dwBuildNumber;
*ProductType = OsInfo.wProductType;
*SuiteMask = OsInfo.wSuiteMask;
return S_OK;
}
HRESULT
Win32LiveSystemProvider::GetOsCsdString(OUT PWSTR Buffer,
IN ULONG BufferChars)
{
OSVERSIONINFOW OsInfoW;
// Try first with the Unicode struct.
OsInfoW.dwOSVersionInfoSize = sizeof(OsInfoW);
if (GetVersionExW(&OsInfoW)) {
// Got it.
GenStrCopyNW(Buffer, OsInfoW.szCSDVersion, BufferChars);
return S_OK;
}
OSVERSIONINFOA OsInfoA;
// Unicode struct didn't work, try with the ANSI struct.
OsInfoA.dwOSVersionInfoSize = sizeof(OsInfoA);
if (!GetVersionExA(&OsInfoA)) {
return WIN32_LAST_STATUS();
}
if (!MultiByteToWideChar(CP_ACP,
0,
OsInfoA.szCSDVersion,
-1,
Buffer,
BufferChars)) {
return WIN32_LAST_STATUS();
}
return S_OK;
}
HRESULT
Win32LiveSystemProvider::OpenMapping(IN PCWSTR FilePath,
OUT PULONG Size,
OUT PWSTR LongPath,
IN ULONG LongPathChars,
OUT PVOID* ViewRet)
{
HRESULT Status;
HANDLE File;
HANDLE Mapping;
PVOID View;
DWORD Chars;
//
// The module may be loaded with a short name. Open
// the mapping with the name given, but also determine
// the long name if possible. This is done here as
// the ANSI/Unicode issues are already being handled here.
//
File = CreateFileW(FilePath,
GENERIC_READ,
FILE_SHARE_READ | FILE_SHARE_WRITE,
NULL,
OPEN_EXISTING,
0,
NULL);
if ( File == NULL || File == INVALID_HANDLE_VALUE ) {
if (GetLastError() == ERROR_CALL_NOT_IMPLEMENTED) {
// We're on an OS that doesn't support Unicode
// file operations. Convert to ANSI and see if
// that helps.
CHAR FilePathA [ MAX_PATH + 10 ];
if (WideCharToMultiByte (CP_ACP,
0,
FilePath,
-1,
FilePathA,
sizeof (FilePathA),
0,
0
) > 0) {
File = CreateFileA(FilePathA,
GENERIC_READ,
FILE_SHARE_READ | FILE_SHARE_WRITE,
NULL,
OPEN_EXISTING,
0,
NULL);
if (File != INVALID_HANDLE_VALUE) {
if (!m_GetLongPathNameA) {
Chars = 0;
} else {
Chars = m_GetLongPathNameA(FilePathA, FilePathA,
ARRAY_COUNT(FilePathA));
}
if (Chars == 0 || Chars >= ARRAY_COUNT(FilePathA) ||
MultiByteToWideChar(CP_ACP, 0, FilePathA, -1,
LongPath, LongPathChars) == 0) {
// Couldn't get the long path, just use the
// given path.
GenStrCopyNW(LongPath, FilePath, LongPathChars);
}
}
}
}
if ( File == NULL || File == INVALID_HANDLE_VALUE ) {
return WIN32_LAST_STATUS();
}
} else {
if (!m_GetLongPathNameW) {
Chars = 0;
} else {
Chars = m_GetLongPathNameW(FilePath, LongPath, LongPathChars);
}
if (Chars == 0 || Chars >= LongPathChars) {
// Couldn't get the long path, just use the given path.
GenStrCopyNW(LongPath, FilePath, LongPathChars);
}
}
*Size = GetFileSize(File, NULL);
if (*Size == -1) {
::CloseHandle( File );
return WIN32_LAST_STATUS();
}
Mapping = CreateFileMapping(File,
NULL,
PAGE_READONLY,
0,
0,
NULL);
if (!Mapping) {
::CloseHandle(File);
return WIN32_LAST_STATUS();
}
View = MapViewOfFile(Mapping,
FILE_MAP_READ,
0,
0,
0);
if (!View) {
Status = WIN32_LAST_STATUS();
} else {
Status = S_OK;
}
::CloseHandle(Mapping);
::CloseHandle(File);
*ViewRet = View;
return Status;
}
void
Win32LiveSystemProvider::CloseMapping(PVOID Mapping)
{
UnmapViewOfFile(Mapping);
}
HRESULT
Win32LiveSystemProvider::GetImageHeaderInfo(IN HANDLE Process,
IN PCWSTR FilePath,
IN ULONG64 ImageBase,
OUT PULONG Size,
OUT PULONG CheckSum,
OUT PULONG TimeDateStamp)
{
UCHAR HeaderBuffer[512];
PIMAGE_NT_HEADERS NtHeaders;
IMAGE_NT_HEADERS64 Generic;
SIZE_T Done;
if (!ReadProcessMemory(Process, (PVOID)(ULONG_PTR)ImageBase,
HeaderBuffer, sizeof(HeaderBuffer), &Done)) {
return WIN32_LAST_STATUS();
}
if (Done < sizeof(HeaderBuffer)) {
return HRESULT_FROM_WIN32(ERROR_READ_FAULT);
}
NtHeaders = GenImageNtHeader(HeaderBuffer, &Generic);
if (!NtHeaders) {
return HRESULT_FROM_WIN32(ERROR_INVALID_DLL);
}
*Size = Generic.OptionalHeader.SizeOfImage;
*CheckSum = Generic.OptionalHeader.CheckSum;
*TimeDateStamp = Generic.FileHeader.TimeDateStamp;
return S_OK;
}
HRESULT
Win32LiveSystemProvider::GetImageVersionInfo(IN HANDLE Process,
IN PCWSTR FilePath,
IN ULONG64 ImageBase,
OUT VS_FIXEDFILEINFO* Info)
{
HRESULT Status;
BOOL Succ;
ULONG Unused;
ULONG Size;
UINT VerSize;
PVOID VersionBlock;
PVOID VersionData;
CHAR FilePathA [ MAX_PATH + 10 ];
BOOL UseAnsi = FALSE;
//
// Get the version information.
//
Size = GetFileVersionInfoSizeW (FilePath, &Unused);
if (Size == 0 &&
GetLastError() == ERROR_CALL_NOT_IMPLEMENTED) {
// We're on an OS that doesn't support Unicode
// file operations. Convert to ANSI and see if
// that helps.
if (!WideCharToMultiByte(CP_ACP,
0,
FilePath,
-1,
FilePathA,
sizeof (FilePathA),
0,
0
)) {
return WIN32_LAST_STATUS();
}
Size = GetFileVersionInfoSizeA(FilePathA, &Unused);
UseAnsi = TRUE;
}
if (!Size) {
return WIN32_LAST_STATUS();
}
VersionBlock = HeapAlloc(GetProcessHeap(), 0, Size);
if (!VersionBlock) {
return E_OUTOFMEMORY;
}
if (UseAnsi) {
Succ = GetFileVersionInfoA(FilePathA,
0,
Size,
VersionBlock);
} else {
Succ = GetFileVersionInfoW(FilePath,
0,
Size,
VersionBlock);
}
if (Succ) {
//
// Get the VS_FIXEDFILEINFO from the image.
//
Succ = VerQueryValue(VersionBlock,
"\\",
&VersionData,
&VerSize);
if ( Succ && (VerSize == sizeof (VS_FIXEDFILEINFO)) ) {
CopyMemory(Info, VersionData, sizeof(*Info));
} else {
Succ = FALSE;
}
}
if (Succ) {
Status = S_OK;
} else {
Status = WIN32_LAST_STATUS();
}
HeapFree(GetProcessHeap(), 0, VersionBlock);
return Status;
}
HRESULT
Win32LiveSystemProvider::GetImageDebugRecord(IN HANDLE Process,
IN PCWSTR FilePath,
IN ULONG64 ImageBase,
IN ULONG RecordType,
OUT OPTIONAL PVOID Data,
IN OUT PULONG DataLen)
{
// We can rely on the default processing.
return E_NOINTERFACE;
}
HRESULT
Win32LiveSystemProvider::EnumImageDataSections(IN HANDLE Process,
IN PCWSTR FilePath,
IN ULONG64 ImageBase,
IN MiniDumpProviderCallbacks*
Callback)
{
// We can rely on the default processing.
return E_NOINTERFACE;
}
HRESULT
Win32LiveSystemProvider::OpenThread(IN ULONG DesiredAccess,
IN BOOL InheritHandle,
IN ULONG ThreadId,
OUT PHANDLE Handle)
{
if (!m_OpenThread) {
return E_NOTIMPL;
}
*Handle = m_OpenThread(DesiredAccess, InheritHandle, ThreadId);
return *Handle ? S_OK : WIN32_LAST_STATUS();
}
void
Win32LiveSystemProvider::CloseThread(IN HANDLE Handle)
{
::CloseHandle(Handle);
}
ULONG
Win32LiveSystemProvider::GetCurrentThreadId(void)
{
return ::GetCurrentThreadId();
}
ULONG
Win32LiveSystemProvider::SuspendThread(IN HANDLE Thread)
{
return ::SuspendThread(Thread);
}
ULONG
Win32LiveSystemProvider::ResumeThread(IN HANDLE Thread)
{
return ::ResumeThread(Thread);
}
HRESULT
Win32LiveSystemProvider::GetThreadContext(IN HANDLE Thread,
OUT PVOID Context,
IN ULONG ContextSize,
OUT PULONG64 CurrentPc,
OUT PULONG64 CurrentStack,
OUT PULONG64 CurrentStore)
{
CONTEXT StackContext;
BOOL Succ;
if (ContextSize > sizeof(StackContext)) {
return E_INVALIDARG;
}
// Always call GetThreadContext on the CONTEXT structure
// on the stack as CONTEXTs have strict alignment requirements
// and the raw buffer coming in may not obey them.
StackContext.ContextFlags = ALL_REGISTERS;
Succ = ::GetThreadContext(Thread, &StackContext);
if (Succ) {
memcpy(Context, &StackContext, ContextSize);
*CurrentPc = PROGRAM_COUNTER(&StackContext);
*CurrentStack = STACK_POINTER(&StackContext);
#ifdef DUMP_BACKING_STORE
*CurrentStore = BSTORE_POINTER(&StackContext);
#endif
return S_OK;
} else {
return WIN32_LAST_STATUS();
}
}
HRESULT
Win32LiveSystemProvider::GetProcessTimes(IN HANDLE Process,
OUT LPFILETIME Create,
OUT LPFILETIME User,
OUT LPFILETIME Kernel)
{
if (!m_GetProcessTimes) {
return E_NOTIMPL;
}
FILETIME Exit;
if (!m_GetProcessTimes(Process, Create, &Exit, User, Kernel)) {
return WIN32_LAST_STATUS();
}
return S_OK;
}
HRESULT
Win32LiveSystemProvider::ReadVirtual(IN HANDLE Process,
IN ULONG64 Offset,
OUT PVOID Buffer,
IN ULONG Request,
OUT PULONG Done)
{
// ReadProcessMemory will fail if any part of the
// region to read does not have read access. This
// routine attempts to read the largest valid prefix
// so it has to break up reads on page boundaries.
HRESULT Status = S_OK;
SIZE_T TotalBytesRead = 0;
SIZE_T Read;
ULONG ReadSize;
while (Request > 0) {
// Calculate bytes to read and don't let read cross
// a page boundary.
ReadSize = PAGE_SIZE - (ULONG)(Offset & (PAGE_SIZE - 1));
ReadSize = min(Request, ReadSize);
if (!ReadProcessMemory(Process, (PVOID)(ULONG_PTR)Offset,
Buffer, ReadSize, &Read)) {
if (TotalBytesRead == 0) {
// If we haven't read anything indicate failure.
Status = WIN32_LAST_STATUS();
}
break;
}
TotalBytesRead += Read;
Offset += Read;
Buffer = (PVOID)((PUCHAR)Buffer + Read);
Request -= (ULONG)Read;
}
*Done = (ULONG)TotalBytesRead;
return Status;
}
HRESULT
Win32LiveSystemProvider::ReadAllVirtual(IN HANDLE Process,
IN ULONG64 Offset,
OUT PVOID Buffer,
IN ULONG Request)
{
HRESULT Status;
ULONG Done;
if ((Status = ReadVirtual(Process, Offset, Buffer, Request,
&Done)) != S_OK)
{
return Status;
}
if (Done != Request)
{
return HRESULT_FROM_WIN32(ERROR_READ_FAULT);
}
return S_OK;
}
HRESULT
Win32LiveSystemProvider::QueryVirtual(IN HANDLE Process,
IN ULONG64 Offset,
OUT PULONG64 Base,
OUT PULONG64 Size,
OUT PULONG Protect,
OUT PULONG State,
OUT PULONG Type)
{
MEMORY_BASIC_INFORMATION Info;
if (!VirtualQueryEx(Process, (PVOID)(ULONG_PTR)Offset,
&Info, sizeof(Info))) {
return WIN32_LAST_STATUS();
}
*Base = (LONG_PTR)Info.BaseAddress;
*Size = Info.RegionSize;
*Protect = Info.Protect;
*State = Info.State;
*Type = Info.Type;
return S_OK;
}
HRESULT
Win32LiveSystemProvider::StartProcessEnum(IN HANDLE Process,
IN ULONG ProcessId)
{
ULONG SnapFlags;
if (!m_CreateToolhelp32Snapshot) {
return E_NOTIMPL;
}
//
// Toolhelp on older NT builds uses an in-process enumeration
// of modules so don't use it to keep everything out of process.
// On other platforms it's the only option.
//
SnapFlags = TH32CS_SNAPTHREAD;
if (m_PlatformId == VER_PLATFORM_WIN32_NT) {
if (m_BuildNumber >= NT_BUILD_TH_MODULES) {
m_AnsiModules = FALSE;
SnapFlags |= TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32;
}
} else {
m_AnsiModules = TRUE;
SnapFlags |= TH32CS_SNAPMODULE;
}
m_ThSnap = m_CreateToolhelp32Snapshot(SnapFlags, ProcessId);
if (m_ThSnap == INVALID_HANDLE_VALUE) {
return WIN32_LAST_STATUS();
}
m_ProcessHandle = Process;
m_ProcessId = ProcessId;
m_ThreadIndex = 0;
m_ModuleIndex = 0;
return S_OK;
}
HRESULT
Win32LiveSystemProvider::EnumThreads(OUT PULONG ThreadId)
{
HRESULT Status;
THREADENTRY32 ThreadInfo;
ThreadInfo.dwSize = sizeof(ThreadInfo);
if (m_ThreadIndex == 0) {
Status = ProcessThread32First(m_ThSnap, m_ProcessId, &ThreadInfo);
} else {
Status = ProcessThread32Next(m_ThSnap, m_ProcessId, &ThreadInfo);
}
if (Status == S_OK) {
*ThreadId = ThreadInfo.th32ThreadID;
m_ThreadIndex++;
return S_OK;
} else {
return S_FALSE;
}
}
HRESULT
Win32LiveSystemProvider::EnumModules(OUT PULONG64 Base,
OUT PWSTR Path,
IN ULONG PathChars)
{
BOOL Succ;
if (m_AnsiModules) {
if (!m_Module32First || !m_Module32Next) {
return E_NOTIMPL;
}
MODULEENTRY32 ModuleInfo;
ModuleInfo.dwSize = sizeof(ModuleInfo);
if (m_ModuleIndex == 0) {
Succ = m_Module32First(m_ThSnap, &ModuleInfo);
} else {
// Win9x seems to require that this module ID be saved
// between calls so stick it back in to keep Win9x happy.
ModuleInfo.th32ModuleID = m_LastModuleId;
Succ = m_Module32Next(m_ThSnap, &ModuleInfo);
}
if (Succ) {
m_ModuleIndex++;
*Base = (LONG_PTR)ModuleInfo.modBaseAddr;
m_LastModuleId = ModuleInfo.th32ModuleID;
if (!MultiByteToWideChar(CP_ACP,
0,
ModuleInfo.szExePath,
-1,
Path,
PathChars)) {
return WIN32_LAST_STATUS();
}
return S_OK;
} else {
return S_FALSE;
}
} else {
if (!m_Module32FirstW || !m_Module32NextW) {
return E_NOTIMPL;
}
MODULEENTRY32W ModuleInfo;
ModuleInfo.dwSize = sizeof(ModuleInfo);
if (m_ModuleIndex == 0) {
Succ = m_Module32FirstW(m_ThSnap, &ModuleInfo);
} else {
Succ = m_Module32NextW(m_ThSnap, &ModuleInfo);
}
if (Succ) {
m_ModuleIndex++;
*Base = (LONG_PTR)ModuleInfo.modBaseAddr;
//
// The basic LdrQueryProcessModule API that toolhelp uses
// always returns ANSI strings for module paths. This
// means that even if you use the wide toolhelp calls
// you still lose Unicode information because the original
// Unicode path was converted to ANSI and then back to Unicode.
// To avoid this problem, always try and look up the true
// Unicode path first. This doesn't work for 32-bit modules
// in WOW64, though, so if there's a failure just use the
// incoming string.
//
if (!m_GetModuleFileNameExW ||
!m_GetModuleFileNameExW(m_ProcessHandle,
ModuleInfo.hModule,
Path,
PathChars)) {
GenStrCopyNW(Path, ModuleInfo.szExePath, PathChars);
}
return S_OK;
} else {
return S_FALSE;
}
}
}
HRESULT
Win32LiveSystemProvider::EnumFunctionTables(OUT PULONG64 MinAddress,
OUT PULONG64 MaxAddress,
OUT PULONG64 BaseAddress,
OUT PULONG EntryCount,
OUT PVOID RawTable,
IN ULONG RawTableSize,
OUT PVOID* RawEntryHandle)
{
// Basic Win32 doesn't have function tables.
return S_FALSE;
}
HRESULT
Win32LiveSystemProvider::EnumFunctionTableEntries(IN PVOID RawTable,
IN ULONG RawTableSize,
IN PVOID RawEntryHandle,
OUT PVOID RawEntries,
IN ULONG RawEntriesSize)
{
// Basic Win32 doesn't have function tables.
return E_NOTIMPL;
}
HRESULT
Win32LiveSystemProvider::EnumFunctionTableEntryMemory(IN ULONG64 TableBase,
IN PVOID RawEntries,
IN ULONG Index,
OUT PULONG64 Start,
OUT PULONG Size)
{
// Basic Win32 doesn't have function tables.
return E_NOTIMPL;
}
HRESULT
Win32LiveSystemProvider::EnumUnloadedModules(OUT PWSTR Path,
IN ULONG PathChars,
OUT PULONG64 BaseOfModule,
OUT PULONG SizeOfModule,
OUT PULONG CheckSum,
OUT PULONG TimeDateStamp)
{
// Basic Win32 doesn't have unloaded modules.
return S_FALSE;
}
void
Win32LiveSystemProvider::FinishProcessEnum(void)
{
::CloseHandle(m_ThSnap);
}
HRESULT
Win32LiveSystemProvider::StartHandleEnum(IN HANDLE Process,
IN ULONG ProcessId,
OUT PULONG Count)
{
// Basic Win32 doesn't have handle data queries.
*Count = 0;
return S_OK;
}
HRESULT
Win32LiveSystemProvider::EnumHandles(OUT PULONG64 Handle,
OUT PULONG Attributes,
OUT PULONG GrantedAccess,
OUT PULONG HandleCount,
OUT PULONG PointerCount,
OUT PWSTR TypeName,
IN ULONG TypeNameChars,
OUT PWSTR ObjectName,
IN ULONG ObjectNameChars)
{
// Basic Win32 doesn't have handle data queries.
return S_FALSE;
}
void
Win32LiveSystemProvider::FinishHandleEnum(void)
{
// Basic Win32 doesn't have handle data queries.
}
HRESULT
Win32LiveSystemProvider::EnumPebMemory(IN HANDLE Process,
IN ULONG64 PebOffset,
IN ULONG PebSize,
IN MiniDumpProviderCallbacks* Callback)
{
// Basic Win32 doesn't have a defined PEB.
return S_OK;
}
HRESULT
Win32LiveSystemProvider::EnumTebMemory(IN HANDLE Process,
IN HANDLE Thread,
IN ULONG64 TebOffset,
IN ULONG TebSize,
IN MiniDumpProviderCallbacks* Callback)
{
// Basic Win32 doesn't have a defined TEB beyond
// the TIB. The TIB can reference fiber data but
// that's NT-specific.
return S_OK;
}
HRESULT
Win32LiveSystemProvider::GetCorDataAccess(IN PWSTR AccessDllName,
IN struct ICorDataAccessServices*
Services,
OUT struct ICorDataAccess**
Access)
{
HRESULT Status;
m_CorDll = ::LoadLibraryW(AccessDllName);
if (!m_CorDll) {
char DllPathA[MAX_PATH];
if (GetLastError() == ERROR_CALL_NOT_IMPLEMENTED ||
!WideCharToMultiByte(CP_ACP, 0,
AccessDllName, -1,
DllPathA, sizeof(DllPathA),
0, 0) ||
!(m_CorDll = ::LoadLibraryA(DllPathA))) {
return WIN32_LAST_STATUS();
}
}
PFN_CreateCorDataAccess Entry = (PFN_CreateCorDataAccess)
GetProcAddress(m_CorDll, "CreateCorDataAccess");
if (!Entry)
{
Status = WIN32_LAST_STATUS();
FreeLibrary(m_CorDll);
return Status;
}
if ((Status = Entry(__uuidof(ICorDataAccess), Services,
(void**)Access)) != S_OK)
{
FreeLibrary(m_CorDll);
}
return Status;
}
void
Win32LiveSystemProvider::ReleaseCorDataAccess(IN struct ICorDataAccess*
Access)
{
Access->Release();
::FreeLibrary(m_CorDll);
}
HRESULT
Win32LiveSystemProvider::ProcessThread32Next(IN HANDLE Snapshot,
IN ULONG ProcessId,
OUT THREADENTRY32* ThreadInfo)
{
BOOL Succ;
if (!m_Thread32Next) {
return E_NOTIMPL;
}
//
// NB: Toolhelp says nothing about the order of the threads will be
// returned in (i.e., if they are grouped by process or not). If they
// are groupled by process -- which they emperically seem to be -- there
// is a more efficient algorithm than simple brute force.
//
do {
ThreadInfo->dwSize = sizeof (*ThreadInfo);
Succ = m_Thread32Next(Snapshot, ThreadInfo);
} while (Succ && ThreadInfo->th32OwnerProcessID != ProcessId);
return Succ ? S_OK : WIN32_LAST_STATUS();
}
HRESULT
Win32LiveSystemProvider::ProcessThread32First(IN HANDLE Snapshot,
IN ULONG ProcessId,
OUT THREADENTRY32* ThreadInfo)
{
HRESULT Status;
BOOL Succ;
if (!m_Thread32First) {
return E_NOTIMPL;
}
ThreadInfo->dwSize = sizeof (*ThreadInfo);
Succ = m_Thread32First(Snapshot, ThreadInfo);
Status = Succ ? S_OK : WIN32_LAST_STATUS();
if (Succ && ThreadInfo->th32OwnerProcessID != ProcessId) {
Status = ProcessThread32Next (Snapshot, ProcessId, ThreadInfo);
}
return Status;
}
HRESULT
Win32LiveSystemProvider::TibGetThreadInfo(IN HANDLE Process,
IN ULONG64 TibBase,
OUT PULONG64 StackBase,
OUT PULONG64 StackLimit,
OUT PULONG64 StoreBase,
OUT PULONG64 StoreLimit)
{
#ifdef _WIN32_WCE
return E_NOTIMPL;
#else
TEB Teb;
HRESULT Status;
#if defined (DUMP_BACKING_STORE)
if ((Status = ReadAllVirtual(Process,
TibBase,
&Teb,
sizeof(Teb))) != S_OK) {
return Status;
}
*StoreBase = BSTORE_BASE(&Teb);
*StoreLimit = BSTORE_LIMIT(&Teb);
#else
if ((Status = ReadAllVirtual(Process,
TibBase,
&Teb,
sizeof(Teb.NtTib))) != S_OK) {
return Status;
}
*StoreBase = 0;
*StoreLimit = 0;
#endif
*StackBase = (LONG_PTR)Teb.NtTib.StackBase;
*StackLimit = (LONG_PTR)Teb.NtTib.StackLimit;
return S_OK;
#endif // #ifdef _WIN32_WCE
}
HRESULT
MiniDumpCreateLiveSystemProvider
(OUT MiniDumpSystemProvider** Prov)
{
HRESULT Status;
OSVERSIONINFO OsInfo;
Win32LiveSystemProvider* Obj;
OsInfo.dwOSVersionInfoSize = sizeof(OsInfo);
if (!GetVersionEx(&OsInfo)) {
return WIN32_LAST_STATUS();
}
switch(OsInfo.dwPlatformId) {
case VER_PLATFORM_WIN32_NT:
Obj = NewNtWin32LiveSystemProvider(OsInfo.dwBuildNumber);
break;
case VER_PLATFORM_WIN32_WINDOWS:
Obj = NewWin9xWin32LiveSystemProvider(OsInfo.dwBuildNumber);
break;
case VER_PLATFORM_WIN32_CE:
Obj = NewWinCeWin32LiveSystemProvider(OsInfo.dwBuildNumber);
break;
default:
return E_INVALIDARG;
}
if (!Obj) {
return E_OUTOFMEMORY;
}
if ((Status = Obj->Initialize()) != S_OK) {
Obj->Release();
return Status;
}
*Prov = (MiniDumpSystemProvider*)Obj;
return S_OK;
}
//----------------------------------------------------------------------------
//
// Win32FileOutputProvider.
//
//----------------------------------------------------------------------------
class Win32FileOutputProvider
{
public:
Win32FileOutputProvider(HANDLE Handle);
virtual void Release(void);
virtual HRESULT SupportsStreaming(void);
virtual HRESULT Start(IN ULONG64 MaxSize);
virtual HRESULT Seek(IN ULONG How,
IN LONG64 Amount,
OUT OPTIONAL PULONG64 NewOffset);
virtual HRESULT WriteAll(IN PVOID Buffer,
IN ULONG Request);
virtual void Finish(void);
protected:
HANDLE m_Handle;
};
Win32FileOutputProvider::Win32FileOutputProvider(HANDLE Handle)
{
m_Handle = Handle;
}
void
Win32FileOutputProvider::Release(void)
{
delete this;
}
HRESULT
Win32FileOutputProvider::SupportsStreaming(void)
{
return S_OK;
}
HRESULT
Win32FileOutputProvider::Start(IN ULONG64 MaxSize)
{
// Nothing to do.
return S_OK;
}
HRESULT
Win32FileOutputProvider::Seek(IN ULONG How,
IN LONG64 Amount,
OUT OPTIONAL PULONG64 NewOffset)
{
ULONG Ret;
LONG High;
High = (LONG)(Amount >> 32);
Ret = SetFilePointer(m_Handle, (LONG)Amount, &High, How);
if (Ret == INVALID_SET_FILE_POINTER &&
GetLastError()) {
return WIN32_LAST_STATUS();
}
if (NewOffset) {
*NewOffset = ((ULONG64)High << 32) | Ret;
}
return S_OK;
}
HRESULT
Win32FileOutputProvider::WriteAll(IN PVOID Buffer,
IN ULONG Request)
{
ULONG Done;
if (!WriteFile(m_Handle, Buffer, Request, &Done, NULL)) {
return WIN32_LAST_STATUS();
}
if (Done != Request) {
return HRESULT_FROM_WIN32(ERROR_WRITE_FAULT);
}
return S_OK;
}
void
Win32FileOutputProvider::Finish(void)
{
// Nothing to do.
}
HRESULT
MiniDumpCreateFileOutputProvider
(IN HANDLE FileHandle,
OUT MiniDumpOutputProvider** Prov)
{
Win32FileOutputProvider* Obj =
new Win32FileOutputProvider(FileHandle);
if (!Obj) {
return E_OUTOFMEMORY;
}
*Prov = (MiniDumpOutputProvider*)Obj;
return S_OK;
}
//----------------------------------------------------------------------------
//
// Win32LiveAllocationProvider.
//
//----------------------------------------------------------------------------
class Win32LiveAllocationProvider : public MiniDumpAllocationProvider
{
public:
virtual void Release(void);
virtual PVOID Alloc(ULONG Size);
virtual PVOID Realloc(PVOID Mem, ULONG NewSize);
virtual void Free(PVOID Mem);
};
void
Win32LiveAllocationProvider::Release(void)
{
delete this;
}
PVOID
Win32LiveAllocationProvider::Alloc(ULONG Size)
{
return HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, Size);
}
PVOID
Win32LiveAllocationProvider::Realloc(PVOID Mem, ULONG NewSize)
{
return HeapReAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, Mem, NewSize);
}
void
Win32LiveAllocationProvider::Free(PVOID Mem)
{
if (Mem) {
HeapFree(GetProcessHeap(), 0, Mem);
}
}
HRESULT
MiniDumpCreateLiveAllocationProvider
(OUT MiniDumpAllocationProvider** Prov)
{
Win32LiveAllocationProvider* Obj =
new Win32LiveAllocationProvider;
if (!Obj) {
return E_OUTOFMEMORY;
}
*Prov = (MiniDumpAllocationProvider*)Obj;
return S_OK;
}