Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

2493 lines
63 KiB

//----------------------------------------------------------------------------
//
// Process abstraction.
//
// Copyright (C) Microsoft Corporation, 2001-2002.
//
//----------------------------------------------------------------------------
#include "ntsdp.hpp"
#include <common.ver>
#define NTLDR_IMAGE_NAME "ntldr"
#define OSLOADER_IMAGE_NAME "osloader"
#define SETUPLDR_IMAGE_NAME "setupldr"
#define LDR_IMAGE_SIZE 0x80000
#define CSRSS_IMAGE_NAME "csrss.exe"
#define LSASS_IMAGE_NAME "lsass.exe"
#define SERVICES_IMAGE_NAME "services.exe"
void
RestrictModNameChars(PCSTR ModName, PSTR RewriteBuffer)
{
PCSTR Scan = ModName;
PSTR Write = RewriteBuffer;
while (*Scan)
{
if ((*Scan < 'a' || *Scan > 'z') &&
(*Scan < 'A' || *Scan > 'Z') &&
(*Scan < '0' || *Scan > '9') &&
*Scan != '_')
{
*Write++ = '_';
}
else
{
*Write++ = *Scan;
}
Scan++;
}
*Write = 0;
}
//----------------------------------------------------------------------------
//
// ProcCorDataAccessServices.
//
//----------------------------------------------------------------------------
ProcCorDataAccessServices::ProcCorDataAccessServices(void)
{
m_Process = NULL;
}
STDMETHODIMP
ProcCorDataAccessServices::QueryInterface(
THIS_
IN REFIID InterfaceId,
OUT PVOID* Interface
)
{
if (DbgIsEqualIID(InterfaceId, IID_IUnknown) ||
DbgIsEqualIID(InterfaceId, __uuidof(ICorDataAccessServices)))
{
*Interface = (ICorDataAccessServices*)this;
// No need to refcount as this class is contained.
return S_OK;
}
else
{
*Interface = NULL;
return E_NOINTERFACE;
}
}
STDMETHODIMP_(ULONG)
ProcCorDataAccessServices::AddRef(
THIS
)
{
// No need to refcount as this class is contained.
return 1;
}
STDMETHODIMP_(ULONG)
ProcCorDataAccessServices::Release(
THIS
)
{
// No need to refcount as this class is contained.
return 0;
}
HRESULT STDMETHODCALLTYPE
ProcCorDataAccessServices::GetMachineType(
/* [out] */ ULONG32 *machine)
{
*machine = m_Process->m_Target->m_MachineType;
return S_OK;
}
HRESULT STDMETHODCALLTYPE
ProcCorDataAccessServices::GetPointerSize(
/* [out] */ ULONG32 *size)
{
*size = m_Process->m_Target->m_Machine->m_Ptr64 ? 8 : 4;
return S_OK;
}
HRESULT STDMETHODCALLTYPE
ProcCorDataAccessServices::GetImageBase(
/* [string][in] */ LPCWSTR name,
/* [out] */ CORDATA_ADDRESS *base)
{
HRESULT Status;
PSTR Ansi;
INAME WhichName;
ImageInfo* Image;
if ((Status = WideToAnsi(name, &Ansi)) != S_OK)
{
return Status;
}
if (PathTail(Ansi) != Ansi)
{
WhichName = INAME_IMAGE_PATH;
}
else
{
WhichName = INAME_IMAGE_PATH_TAIL;
}
if (Image = m_Process->FindImageByName(Ansi, 0, WhichName, FALSE))
{
*base = Image->m_BaseOfImage;
Status = S_OK;
}
else
{
Status = E_NOINTERFACE;
}
FreeAnsi(Ansi);
return Status;
}
HRESULT STDMETHODCALLTYPE
ProcCorDataAccessServices::ReadVirtual(
/* [in] */ CORDATA_ADDRESS address,
/* [length_is][size_is][out] */ PBYTE buffer,
/* [in] */ ULONG32 request,
/* [optional][out] */ ULONG32 *done)
{
return m_Process->m_Target->
ReadVirtual(m_Process, address, buffer, request, (PULONG)done);
}
HRESULT STDMETHODCALLTYPE
ProcCorDataAccessServices::WriteVirtual(
/* [in] */ CORDATA_ADDRESS address,
/* [size_is][in] */ PBYTE buffer,
/* [in] */ ULONG32 request,
/* [optional][out] */ ULONG32 *done)
{
return m_Process->m_Target->
WriteVirtual(m_Process, address, buffer, request, (PULONG)done);
}
HRESULT STDMETHODCALLTYPE
ProcCorDataAccessServices::GetTlsValue(
/* [in] */ ULONG32 index,
/* [out] */ CORDATA_ADDRESS* value)
{
HRESULT Status;
ULONG64 SlotAddr;
if ((Status = m_Process->m_CurrentThread->
GetTlsSlotAddress((ULONG)index, &SlotAddr)) != S_OK)
{
return Status;
}
return m_Process->m_Target->
ReadPointer(m_Process, m_Process->m_Target->m_Machine,
SlotAddr, value);
}
HRESULT STDMETHODCALLTYPE
ProcCorDataAccessServices::SetTlsValue(
/* [in] */ ULONG32 index,
/* [in] */ CORDATA_ADDRESS value)
{
HRESULT Status;
ULONG64 SlotAddr;
if ((Status = m_Process->m_CurrentThread->
GetTlsSlotAddress((ULONG)index, &SlotAddr)) != S_OK)
{
return Status;
}
return m_Process->m_Target->
WritePointer(m_Process, m_Process->m_Target->m_Machine,
SlotAddr, value);
}
HRESULT STDMETHODCALLTYPE
ProcCorDataAccessServices::GetCurrentThreadId(
/* [out] */ ULONG32* threadId)
{
*threadId = g_Thread->m_SystemId;
return S_OK;
}
HRESULT STDMETHODCALLTYPE
ProcCorDataAccessServices::GetThreadContext(
/* [in] */ ULONG32 threadId,
/* [in] */ ULONG32 contextFlags,
/* [in] */ ULONG32 contextSize,
/* [out, size_is(contextSize)] */ PBYTE context)
{
HRESULT Status;
if (contextSize < m_Process->m_Target->m_TypeInfo.SizeTargetContext)
{
return E_INVALIDARG;
}
ThreadInfo* Thread = m_Process->FindThreadBySystemId(threadId);
if (!Thread)
{
return E_NOINTERFACE;
}
m_Process->m_Target->ChangeRegContext(Thread);
if ((Status = m_Process->m_Target->m_Machine->
GetContextState(MCTX_CONTEXT)) == S_OK)
{
Status = m_Process->m_Target->m_Machine->
ConvertContextTo(&m_Process->m_Target->m_Machine->m_Context,
m_Process->m_Target->m_SystemVersion,
m_Process->m_Target->m_TypeInfo.SizeTargetContext,
context);
}
m_Process->m_Target->ChangeRegContext(m_Process->m_CurrentThread);
return Status;
}
HRESULT STDMETHODCALLTYPE
ProcCorDataAccessServices::SetThreadContext(
/* [in] */ ULONG32 threadId,
/* [in] */ ULONG32 contextSize,
/* [out, size_is(contextSize)] */ PBYTE context)
{
HRESULT Status;
if (contextSize < m_Process->m_Target->m_TypeInfo.SizeTargetContext)
{
return E_INVALIDARG;
}
ThreadInfo* Thread = m_Process->FindThreadBySystemId(threadId);
if (!Thread)
{
return E_NOINTERFACE;
}
m_Process->m_Target->ChangeRegContext(Thread);
if ((Status = m_Process->m_Target->m_Machine->
GetContextState(MCTX_DIRTY)) == S_OK)
{
Status = m_Process->m_Target->m_Machine->
ConvertContextFrom(&m_Process->m_Target->m_Machine->m_Context,
m_Process->m_Target->m_SystemVersion,
m_Process->m_Target->
m_TypeInfo.SizeTargetContext,
context);
if (Status == S_OK)
{
NotifyChangeDebuggeeState(DEBUG_CDS_REGISTERS, DEBUG_ANY_ID);
}
}
m_Process->m_Target->ChangeRegContext(m_Process->m_CurrentThread);
return Status;
}
//----------------------------------------------------------------------------
//
// ProcessInfo.
//
//----------------------------------------------------------------------------
ProcessInfo::ProcessInfo(TargetInfo* Target,
ULONG SystemId,
HANDLE SymHandle,
ULONG64 SysHandle,
ULONG Flags,
ULONG Options)
{
m_Target = Target;
m_UserId = FindNextUserId(LAYER_PROCESS);
m_Next = NULL;
m_NumImages = 0;
m_NumUnloadedModules = 0;
m_ImageHead = NULL;
m_ExecutableImage = NULL;
m_SynthesizedImage = NULL;
m_NumThreads = 0;
m_ThreadHead = NULL;
m_CurrentThread = NULL;
m_SystemId = SystemId;
m_Exited = FALSE;
m_ModulesLoaded = FALSE;
m_InitialBreakDone = (Flags & ENG_PROC_NO_INITIAL_BREAK) != 0;
// Always ask for an "initial" break when the process
// won't generate its own initial break as the first
// break encountered will just be a normal break and
// so should cause a break-in.
m_InitialBreak =
(Flags & ENG_PROC_NO_INITIAL_BREAK) ||
IS_KERNEL_TARGET(m_Target) ||
(g_EngOptions & DEBUG_ENGOPT_INITIAL_BREAK) != 0;
m_InitialBreakWx86 =
(g_EngOptions & DEBUG_ENGOPT_INITIAL_BREAK) != 0;
m_DataOffset = 0;
m_SymHandle = SymHandle;
m_SysHandle = SysHandle;
m_Flags = Flags;
m_Options = Options;
m_NumBreakpoints = 0;
m_Breakpoints = NULL;
m_BreakpointsTail = NULL;
m_DynFuncTableList = 0;
m_OopFuncTableDlls = NULL;
m_RtlUnloadList = 0;
ResetImplicitData();
m_CorImage = NULL;
m_CorImageType = COR_DLL_INVALID;
m_CorDebugDll = NULL;
m_CorAccess = NULL;
m_CorServices.m_Process = this;
m_VirtualCache.SetProcess(this);
PCHAR CacheEnv = getenv("_NT_DEBUG_CACHE_SIZE");
if (CacheEnv != NULL)
{
m_VirtualCache.m_MaxSize = atol(CacheEnv);
}
m_VirtualCache.m_DecodePTEs =
IS_KERNEL_TARGET(m_Target) &&
!(m_Target->m_KdVersion.Flags & DBGKD_VERS_FLAG_NOMM);
m_Target->InsertProcess(this);
SymInitialize(m_SymHandle, NULL, FALSE);
SymRegisterCallback64(m_SymHandle, SymbolCallbackFunction,
(ULONG_PTR)this);
if (IS_USER_TARGET(m_Target) &&
m_Target->m_MachineType != IMAGE_FILE_MACHINE_I386)
{
SymRegisterFunctionEntryCallback64
(m_SymHandle, TargetInfo::DynamicFunctionTableCallback,
(ULONG_PTR)this);
}
SetSymbolSearchPath(this);
SynthesizeSymbols();
}
ProcessInfo::~ProcessInfo(void)
{
ClearOopFuncTableDlls();
RELEASE(m_CorAccess);
if (m_CorDebugDll)
{
FreeLibrary(m_CorDebugDll);
}
while (m_ThreadHead)
{
delete m_ThreadHead;
}
// Suppress notifications until all images are deleted.
g_EngNotify++;
while (m_ImageHead)
{
delete m_ImageHead;
}
delete m_SynthesizedImage;
// Notification can use process information so put things
// in a clean state before notify.
m_SynthesizedImage = NULL;
g_EngNotify--;
NotifyChangeSymbolState(DEBUG_CSS_UNLOADS, 0, this);
SymCleanup(m_SymHandle);
RemoveProcessBreakpoints(this);
if (m_Flags & ENG_PROC_THREAD_CLOSE_HANDLE)
{
DBG_ASSERT(IS_LIVE_USER_TARGET(m_Target) &&
((LiveUserTargetInfo*)m_Target)->m_Services);
((LiveUserTargetInfo*)m_Target)->m_Services->
CloseHandle(m_SysHandle);
}
m_Target->RemoveProcess(this);
g_UserIdFragmented[LAYER_PROCESS]++;
if (this == g_Process)
{
g_Process = NULL;
}
if (this == g_EventProcess)
{
g_EventProcess = NULL;
DiscardLastEvent();
}
if (g_StepTraceBp && g_StepTraceBp->m_Process == this)
{
g_StepTraceBp->m_Process = NULL;
if (g_WatchFunctions.IsStarted())
{
g_WatchFunctions.End(NULL);
}
ResetStepTrace();
g_StepTraceBp->m_Flags &= ~(DEBUG_BREAKPOINT_ENABLED |
BREAKPOINT_INSERTED);
}
if (g_ScopeBuffer.State == ScopeFromContext &&
g_ScopeBuffer.Process == this)
{
ResetCurrentScopeLazy();
}
}
ThreadInfo*
ProcessInfo::FindThreadByUserId(ULONG Id)
{
ThreadInfo* Thread;
ForProcessThreads(this)
{
if (Thread->m_UserId == Id)
{
return Thread;
}
}
return NULL;
}
ThreadInfo*
ProcessInfo::FindThreadBySystemId(ULONG Id)
{
ThreadInfo* Thread;
ForProcessThreads(this)
{
if (Thread->m_SystemId == Id)
{
return Thread;
}
}
return NULL;
}
ThreadInfo*
ProcessInfo::FindThreadByHandle(ULONG64 Handle)
{
ThreadInfo* Thread;
ForProcessThreads(this)
{
if (Thread->m_Handle == Handle)
{
return Thread;
}
}
return NULL;
}
void
ProcessInfo::InsertThread(ThreadInfo* Thread)
{
ThreadInfo* Cur;
ThreadInfo* Prev;
Prev = NULL;
for (Cur = m_ThreadHead; Cur; Cur = Cur->m_Next)
{
if (Cur->m_UserId > Thread->m_UserId)
{
break;
}
Prev = Cur;
}
Thread->m_Next = Cur;
if (!Prev)
{
m_ThreadHead = Thread;
}
else
{
Prev->m_Next = Thread;
}
m_NumThreads++;
Thread->m_Process = this;
if (!m_CurrentThread)
{
m_CurrentThread = Thread;
}
m_Target->AddThreadToAllProcessInfo(this, Thread);
}
void
ProcessInfo::RemoveThread(ThreadInfo* Thread)
{
ThreadInfo* Cur;
ThreadInfo* Prev;
Prev = NULL;
for (Cur = m_ThreadHead; Cur; Cur = Cur->m_Next)
{
if (Cur == Thread)
{
break;
}
Prev = Cur;
}
if (!Cur)
{
return;
}
if (!Prev)
{
m_ThreadHead = Thread->m_Next;
}
else
{
Prev->m_Next = Thread->m_Next;
}
m_NumThreads--;
Thread->m_Process = NULL;
if (m_CurrentThread == Thread)
{
m_CurrentThread = m_ThreadHead;
}
m_Target->RemoveThreadFromAllProcessInfo(this, Thread);
}
HRESULT
ProcessInfo::CreateVirtualThreads(ULONG StartId, ULONG Threads)
{
ThreadInfo* Thread;
while (Threads-- > 0)
{
Thread = new ThreadInfo(this, VIRTUAL_THREAD_ID(StartId), 0,
VIRTUAL_THREAD_HANDLE(StartId), 0, 0);
if (!Thread)
{
return E_OUTOFMEMORY;
}
StartId++;
}
return S_OK;
}
ImageInfo*
ProcessInfo::FindImageByIndex(ULONG Index)
{
ImageInfo* Image = m_ImageHead;
while (Index > 0 && Image != NULL)
{
Index--;
Image = Image->m_Next;
}
return Image;
}
ImageInfo*
ProcessInfo::FindImageByOffset(ULONG64 Offset, BOOL AllowSynth)
{
ImageInfo* Image = m_ImageHead;
while (Image != NULL &&
(Offset < Image->m_BaseOfImage ||
Offset >= Image->m_BaseOfImage + Image->m_SizeOfImage))
{
Image = Image->m_Next;
}
//
// If synthesized symbols are allowed, check those images
// also.
//
if (!Image &&
AllowSynth &&
m_SynthesizedImage &&
Offset >= m_SynthesizedImage->m_BaseOfImage &&
Offset < m_SynthesizedImage->m_BaseOfImage +
m_SynthesizedImage->m_SizeOfImage)
{
Image = m_SynthesizedImage;
}
return Image;
}
ImageInfo*
ProcessInfo::FindImageByName(PCSTR Name, ULONG NameChars,
INAME Which, BOOL AllowSynth)
{
if (NameChars == 0)
{
NameChars = strlen(Name);
}
ImageInfo* Image = m_ImageHead;
while (Image != NULL)
{
PCSTR WhichStr;
switch(Which)
{
case INAME_IMAGE_PATH:
WhichStr = Image->m_ImagePath;
break;
case INAME_IMAGE_PATH_TAIL:
WhichStr = PathTail(Image->m_ImagePath);
break;
case INAME_MODULE:
if (Image->m_OriginalModuleName[0] &&
strlen(Image->m_OriginalModuleName) == NameChars &&
!_memicmp(Image->m_OriginalModuleName, Name, NameChars))
{
return Image;
}
WhichStr = Image->m_ModuleName;
break;
}
if (strlen(WhichStr) == NameChars &&
_memicmp(WhichStr, Name, NameChars) == 0)
{
break;
}
Image = Image->m_Next;
}
//
// If synthesized symbols are allowed, check those images
// also.
//
if (!Image &&
AllowSynth &&
m_SynthesizedImage &&
Which == INAME_MODULE &&
strlen(m_SynthesizedImage->m_ModuleName) == NameChars &&
!_memicmp(m_SynthesizedImage->m_ModuleName, Name, NameChars))
{
Image = m_SynthesizedImage;
}
return Image;
}
BOOL
ProcessInfo::GetOffsetFromMod(PCSTR String, PULONG64 Offset)
{
if (!strchr(String, '!'))
{
ULONG Len;
BOOL End;
//
// Could be a module name or module$ for the end
// of a module.
//
Len = strlen(String);
if (Len == 0)
{
return FALSE;
}
if (String[Len - 1] == '$')
{
// Retrieving end-of-module.
Len--;
End = TRUE;
}
else
{
End = FALSE;
}
ImageInfo* Image = FindImageByName(String, Len, INAME_MODULE, TRUE);
if (Image)
{
if (End)
{
*Offset = Image->m_BaseOfImage + Image->m_SizeOfImage;
}
else
{
*Offset = Image->m_BaseOfImage;
}
return TRUE;
}
}
return FALSE;
}
COR_DLL
IsCorDll(PCSTR ImagePath)
{
PCSTR ImagePathTail = PathTail(ImagePath);
if (!_stricmp(ImagePathTail, "mscoree.dll"))
{
return COR_DLL_EE;
}
if (!_stricmp(ImagePathTail, "mscorwks.dll"))
{
return COR_DLL_WKS;
}
if (!_stricmp(ImagePathTail, "mscorsvr.dll"))
{
return COR_DLL_SVR;
}
return COR_DLL_INVALID;
}
void
ProcessInfo::InsertImage(ImageInfo* Image)
{
ImageInfo* Cur;
ImageInfo* Prev;
Prev = NULL;
for (Cur = m_ImageHead; Cur; Cur = Cur->m_Next)
{
if (Cur->m_BaseOfImage > Image->m_BaseOfImage)
{
break;
}
Prev = Cur;
}
Image->m_Next = Cur;
if (!Prev)
{
m_ImageHead = Image;
}
else
{
Prev->m_Next = Image;
}
m_NumImages++;
Image->m_Process = this;
Image->m_Linked = TRUE;
if (m_ExecutableImage == NULL)
{
// Try and locate the executable image entry for
// the process to use as the process's name.
ULONG NameLen = strlen(Image->m_ImagePath);
if (NameLen > 4 &&
!_stricmp(Image->m_ImagePath + NameLen - 4, ".exe"))
{
m_ExecutableImage = Image;
}
}
COR_DLL CorDll = IsCorDll(Image->m_ImagePath);
if (CorDll > m_CorImageType)
{
m_CorImage = Image;
m_CorImageType = CorDll;
}
}
void
ProcessInfo::RemoveImage(ImageInfo* Image)
{
ImageInfo* Cur;
ImageInfo* Prev;
Prev = NULL;
for (Cur = m_ImageHead; Cur; Cur = Cur->m_Next)
{
if (Cur == Image)
{
break;
}
Prev = Cur;
}
if (!Cur)
{
return;
}
if (!Prev)
{
m_ImageHead = Image->m_Next;
}
else
{
Prev->m_Next = Image->m_Next;
}
m_NumImages--;
Image->m_Process = NULL;
Image->m_Linked = FALSE;
if (m_ExecutableImage == Image)
{
m_ExecutableImage = NULL;
}
if (m_CorImageType != COR_DLL_INVALID &&
IsCorDll(Image->m_ImagePath) != COR_DLL_INVALID)
{
m_CorImage = NULL;
m_CorImageType = COR_DLL_INVALID;
}
}
BOOL
ProcessInfo::DeleteImageByName(PCSTR Name, INAME Which)
{
ImageInfo* Image;
for (Image = m_ImageHead; Image; Image = Image->m_Next)
{
PCSTR WhichStr;
switch(Which)
{
case INAME_IMAGE_PATH:
WhichStr = Image->m_ImagePath;
break;
case INAME_IMAGE_PATH_TAIL:
WhichStr = PathTail(Image->m_ImagePath);
break;
case INAME_MODULE:
WhichStr = Image->m_ModuleName;
break;
}
if (!_stricmp(WhichStr, Name))
{
delete Image;
return TRUE;
}
}
return FALSE;
}
BOOL
ProcessInfo::DeleteImageByBase(ULONG64 BaseOfImage)
{
ImageInfo* Image;
for (Image = m_ImageHead; Image; Image = Image->m_Next)
{
if (Image->m_BaseOfImage == BaseOfImage)
{
delete Image;
return TRUE;
}
}
return FALSE;
}
void
ProcessInfo::DeleteImagesBelowOffset(ULONG64 Offset)
{
ImageInfo* Image, *Next;
ULONG Count = 0;
// Suppress notifications until all images are deleted.
g_EngNotify++;
for (Image = m_ImageHead; Image; Image = Next)
{
Next = Image->m_Next;
if (Image->m_BaseOfImage < Offset)
{
delete Image;
Count++;
}
}
g_EngNotify--;
if (Count)
{
NotifyChangeSymbolState(DEBUG_CSS_UNLOADS, 0, this);
}
}
void
ProcessInfo::DeleteImages(void)
{
// Suppress notifications until all images are deleted.
g_EngNotify++;
while (m_ImageHead)
{
delete m_ImageHead;
}
g_EngNotify--;
NotifyChangeSymbolState(DEBUG_CSS_UNLOADS, 0, this);
}
HRESULT
ProcessInfo::AddImage(PMODULE_INFO_ENTRY ModEntry,
BOOL ForceSymbolLoad,
ImageInfo** ImageAdded)
{
ImageInfo* ImageNew;
IMAGEHLP_MODULE64 SymModInfo;
ULONG64 LoadAddress;
BOOL LoadSymbols = TRUE;
PCSTR ImagePathTail;
MODLOAD_DATA ModLoadData;
HRESULT Status;
BOOL ReusedExisting = FALSE;
#if DBG_MOD_LIST
dprintf("AddImage:\n"
" ImagePath %s\n"
" File %I64x\n"
" BaseOfImage %I64x\n"
" SizeOfImage %x\n"
" CheckSum %x\n"
" ModuleName %s\n"
" ForceSymbolLoad %d\n",
ModEntry->NamePtr,
(ULONG64)(ULONG_PTR)File,
ModEntry->Base,
ModEntry->Size,
ModEntry->CheckSum,
ModEntry->ModuleName,
ForceSymbolLoad);
#endif
if (ModEntry->NamePtr == NULL)
{
WarnOut("AddImage(NULL) fails\n");
return E_INVALIDARG;
}
if (ModEntry->NamePtr &&
IS_USER_TARGET(m_Target) &&
m_Target->m_PlatformId == VER_PLATFORM_WIN32_NT)
{
TranslateNtPathName(ModEntry->NamePtr);
}
//
// Search for existing image at same base address.
// If found, remove symbols, but leave image structure intact.
//
for (ImageNew = m_ImageHead; ImageNew; ImageNew = ImageNew->m_Next)
{
if (ImageNew->m_BaseOfImage == ModEntry->Base)
{
VerbOut("Force unload of %s\n", ImageNew->m_ImagePath);
ImageNew->DeleteResources(FALSE);
break;
}
}
//
// If we didn't reuse an existing image, allocate
// a new one.
//
if (!ImageNew)
{
ImageNew = new ImageInfo(this,
ModEntry->NamePtr, ModEntry->Base, TRUE);
if (ImageNew == NULL)
{
ErrOut("Unable to allocate memory for %s symbols.\n",
ModEntry->NamePtr);
return E_OUTOFMEMORY;
}
// Module name is set later after possible renaming.
ImageNew->m_File = ModEntry->File;
ImageNew->m_CheckSum = ModEntry->CheckSum;
ImageNew->m_TimeDateStamp = ModEntry->TimeDateStamp;
ImageNew->m_SymState = ISS_MATCHED;
ImageNew->m_UserMode = ModEntry->UserMode;
}
else
{
ReusedExisting = TRUE;
// Update the reused entry with the latest information.
if (ModEntry->NamePtr)
{
CopyString(ImageNew->m_ImagePath, ModEntry->NamePtr,
DIMA(ImageNew->m_ImagePath));
}
else
{
ImageNew->m_ImagePath[0] = 0;
}
}
// Always update the entry size as this allows users
// to update explicit entries (.reload image.ext=base,size)
// without having to unload them first.
ImageNew->m_SizeOfImage = ModEntry->Size;
ImagePathTail = PathTail(ImageNew->m_ImagePath);
if (ForceSymbolLoad)
{
// Try to load the image memory right away in this
// case to catch incomplete-information errors.
if (!ImageNew->DemandLoadImageMemory(!ReusedExisting, TRUE))
{
if (!ReusedExisting)
{
g_EngNotify++;
delete ImageNew;
g_EngNotify--;
}
return E_OUTOFMEMORY;
}
}
if (IS_KERNEL_TARGET(m_Target))
{
CHAR Buf[MAX_IMAGE_PATH];
MODULE_ALIAS_LIST* ModAlias;
//
// Determine the actual image name for kernel images which
// are known to have multiple identities.
//
if ((ModEntry->ModuleName &&
_stricmp(ModEntry->ModuleName, KERNEL_MODULE_NAME) == 0) ||
ModEntry->Base == m_Target->m_KdDebuggerData.KernBase)
{
ModAlias = &g_AliasLists[MODALIAS_KERNEL];
}
else
{
ModAlias = FindModuleAliasList(ImagePathTail, NULL);
}
if (ModAlias)
{
if (GetModnameFromImage(this, ModEntry->Base, NULL,
Buf, sizeof(Buf), FALSE))
{
CopyString(ImageNew->m_ImagePath, Buf,
DIMA(ImageNew->m_ImagePath));
}
ModEntry->ModuleName = (PSTR)ModAlias->BaseModule;
}
else if (ImageNew->m_SizeOfImage == 0 &&
((_stricmp(ImagePathTail, NTLDR_IMAGE_NAME) == 0) ||
(_stricmp(ImagePathTail, NTLDR_IMAGE_NAME ".exe") == 0) ||
(_stricmp(ImagePathTail, OSLOADER_IMAGE_NAME) == 0) ||
(_stricmp(ImagePathTail, OSLOADER_IMAGE_NAME ".exe") == 0) ||
(_stricmp(ImagePathTail, SETUPLDR_IMAGE_NAME) == 0) ||
(_stricmp(ImagePathTail, SETUPLDR_IMAGE_NAME ".exe") == 0)))
{
ImageNew->m_SizeOfImage = LDR_IMAGE_SIZE;
}
}
else if (!IS_DUMP_TARGET(m_Target))
{
//
// When debugging CSR, LSA or Services.exe, force the use of local-only
// symbols. Otherwise we can deadlock the entire machine when trying
// to load the symbol file from the network.
//
if (((LiveUserTargetInfo*)m_Target)->m_Local &&
(_stricmp(ImagePathTail, CSRSS_IMAGE_NAME) == 0 ||
_stricmp(ImagePathTail, LSASS_IMAGE_NAME) == 0 ||
_stricmp(ImagePathTail, SERVICES_IMAGE_NAME) == 0))
{
if (g_EngOptions & DEBUG_ENGOPT_ALLOW_NETWORK_PATHS)
{
//
// Since the user has chambered a round and pointed the barrel
// of the gun at his head, we may as well tell him that it's
// going to hurt if he pulls the trigger.
//
WarnOut("WARNING: Using network symbols with %s\n",
ImagePathTail);
WarnOut("WARNING: You may deadlock your machine.\n");
}
else
{
g_EngOptions |= DEBUG_ENGOPT_DISALLOW_NETWORK_PATHS;
}
}
if (g_EngOptions & DEBUG_ENGOPT_DISALLOW_NETWORK_PATHS)
{
DWORD NetPath;
NetPath = NetworkPathCheck(g_SymbolSearchPath);
if (NetPath == ERROR_FILE_OFFLINE)
{
ErrOut("ERROR: sympath contained network references but "
"they were not allowed.\n");
ErrOut("Symbols not loaded for %s\n",
ImagePathTail);
LoadSymbols = FALSE;
}
else if (NetPath == ERROR_BAD_PATHNAME)
{
VerbOut("WARNING: sympath contains invalid references.\n");
}
}
}
if (ModEntry->ModuleName == NULL)
{
CreateModuleNameFromPath(ImageNew->m_ImagePath,
ImageNew->m_ModuleName);
RestrictModNameChars(ImageNew->m_ModuleName, ImageNew->m_ModuleName);
strcpy(ImageNew->m_OriginalModuleName, ImageNew->m_ModuleName);
}
else
{
RestrictModNameChars(ModEntry->ModuleName, ImageNew->m_ModuleName);
//
// We have an alias, so keep original module name from path
//
CreateModuleNameFromPath(ImageNew->m_ImagePath,
ImageNew->m_OriginalModuleName);
RestrictModNameChars(ImageNew->m_OriginalModuleName,
ImageNew->m_OriginalModuleName);
}
//
// Check for duplicate module names and
// image overlaps.
//
ImageInfo* Check;
for (Check = m_ImageHead; Check != NULL; Check = Check->m_Next)
{
if (Check != ImageNew &&
!_strcmpi(ImageNew->m_ModuleName, Check->m_ModuleName))
{
int Len = strlen(ImageNew->m_ModuleName);
// Module names match, so qualify with the base address.
// Resulting name must be unique since base addresses are.
if (m_Target->m_Machine->m_Ptr64)
{
if (Len >= MAX_MODULE - 17)
{
Len = MAX_MODULE - 18;
}
sprintf(ImageNew->m_ModuleName + Len, "_%I64x",
ModEntry->Base);
}
else
{
if (Len >= MAX_MODULE - 9)
{
Len = MAX_MODULE - 10;
}
sprintf(ImageNew->m_ModuleName + Len, "_%x",
(ULONG)ModEntry->Base);
}
// Force all references to this module to be
// through the exact module name and not through
// an original name that may have been ambiguous.
ImageNew->m_OriginalModuleName[0] = 0;
}
if (Check != ImageNew &&
ImageNew->m_BaseOfImage <
Check->m_BaseOfImage + Check->m_SizeOfImage &&
Check->m_BaseOfImage <
ImageNew->m_BaseOfImage + ImageNew->m_SizeOfImage)
{
WarnOut("WARNING: %s overlaps %s\n",
ImageNew->m_ModuleName,
Check->m_ModuleName);
}
}
//
// If we do not want to load symbolic information, just return here.
//
if (!LoadSymbols)
{
*ImageAdded = ImageNew;
return S_OK;
}
if (ModEntry->DebugHeader)
{
ModLoadData.ssize = sizeof(ModLoadData);
ModLoadData.ssig = DBHHEADER_DEBUGDIRS;
ModLoadData.data = ModEntry->DebugHeader;
ModLoadData.size = ModEntry->SizeOfDebugHeader;
ModLoadData.flags = 0;
}
LoadAddress = SymLoadModuleEx(m_SymHandle,
ImageNew->m_File,
PrepareImagePath(ImageNew->m_ImagePath),
ImageNew->m_ModuleName,
ImageNew->m_BaseOfImage,
ImageNew->m_SizeOfImage,
ModEntry->DebugHeader ? &ModLoadData : NULL,
0);
if (!LoadAddress)
{
Status = WIN32_LAST_STATUS();
VerbOut("SymLoadModule(%N, %N, \"%s\", \"%s\", %s, %x) fails\n",
m_SymHandle,
ImageNew->m_File,
ImageNew->m_ImagePath,
ImageNew->m_ModuleName,
FormatAddr64(ImageNew->m_BaseOfImage),
ImageNew->m_SizeOfImage);
// We don't want deletion to notify of a symbol change
// if this is a partially newly created image.
if (!ReusedExisting)
{
g_EngNotify++;
}
delete ImageNew;
if (!ReusedExisting)
{
g_EngNotify--;
}
return Status;
}
if (!ImageNew->m_BaseOfImage)
{
ImageNew->m_BaseOfImage = LoadAddress;
}
if (ForceSymbolLoad)
{
SymLoadModule64(m_SymHandle,
NULL,
NULL,
NULL,
ImageNew->m_BaseOfImage,
0);
}
SymModInfo.SizeOfStruct = sizeof(SymModInfo);
if (SymGetModuleInfo64(m_SymHandle,
ImageNew->m_BaseOfImage, &SymModInfo))
{
ImageNew->m_SizeOfImage = SymModInfo.ImageSize;
}
else
{
Status = WIN32_LAST_STATUS();
VerbOut("SymGetModuleInfo(%N, %s) fails\n",
m_SymHandle, FormatAddr64(ImageNew->m_BaseOfImage));
// We don't want DelImage to notify of a symbol change
// if this is a partially newly created image.
if (!ReusedExisting)
{
g_EngNotify++;
}
delete ImageNew;
if (!ReusedExisting)
{
g_EngNotify--;
}
return Status;
}
if (ModEntry->ImageMachineTypeValid)
{
ImageNew->m_MachineType = ModEntry->MachineType;
}
StartOutLine(DEBUG_OUTPUT_VERBOSE, OUT_LINE_NO_PREFIX);
VerbOut("ModLoad: %s %s %-8s\n",
FormatAddr64(ImageNew->m_BaseOfImage),
FormatAddr64(ImageNew->m_BaseOfImage + ImageNew->m_SizeOfImage),
ImageNew->m_ImagePath);
NotifyChangeSymbolState(DEBUG_CSS_LOADS, ImageNew->m_BaseOfImage, this);
*ImageAdded = ImageNew;
return S_OK;
}
void
ProcessInfo::SynthesizeSymbols(void)
{
// SynthesizeSymbols can result in symbol
// callbacks but the symbols involved aren't real symbols
// so suppress notifications.
g_EngNotify++;
if (m_Target->m_TypeInfo.UmSharedUserDataOffset)
{
//
// Create a fake module for the shared user
// data area. Add a symbol for the system
// call stub there if a stub exists.
//
ImageInfo* Image;
Image = new ImageInfo(this, "SharedUserData",
m_Target->m_TypeInfo.UmSharedUserDataOffset,
FALSE);
if (!Image)
{
WarnOut("Unable to create shared user data image\n");
}
else
{
Image->m_SizeOfImage = m_Target->m_Machine->m_PageSize;
strcpy(Image->m_ModuleName, Image->m_ImagePath);
strcpy(Image->m_OriginalModuleName, Image->m_ImagePath);
if (!SymLoadModuleEx(m_SymHandle, NULL,
Image->m_ImagePath,
Image->m_ModuleName, Image->m_BaseOfImage,
Image->m_SizeOfImage, NULL, SLMFLAG_VIRTUAL))
{
WarnOut("Unable to add shared user data module\n");
delete Image;
}
else if (m_Target->m_TypeInfo.UmSharedSysCallOffset &&
!SymAddSymbol(m_SymHandle,
Image->m_BaseOfImage,
"SystemCallStub",
m_Target->m_TypeInfo.UmSharedSysCallOffset,
m_Target->m_TypeInfo.UmSharedSysCallSize,
0))
{
WarnOut("Unable to add system call symbol\n");
delete Image;
}
else
{
m_SynthesizedImage = Image;
}
}
}
g_EngNotify--;
}
void
ProcessInfo::VerifyKernel32Version(void)
{
ImageInfo* Image = FindImageByName("kernel32", 8, INAME_MODULE, FALSE);
if (!Image)
{
return;
}
//
// Verify the OS version matches kernel32's image version.
//
IMAGE_NT_HEADERS64 NtHeaders;
if (m_Target->ReadImageNtHeaders(this, Image->m_BaseOfImage,
&NtHeaders) == S_OK)
{
if (NtHeaders.OptionalHeader.MajorImageVersion !=
m_Target->m_KdVersion.MajorVersion ||
NtHeaders.OptionalHeader.MinorImageVersion !=
m_Target->m_KdVersion.MinorVersion)
{
WarnOut("WARNING: System version is %d.%d but "
"kernel32.dll is version %d.%d.\n",
m_Target->m_KdVersion.MajorVersion,
m_Target->m_KdVersion.MinorVersion,
NtHeaders.OptionalHeader.MajorImageVersion,
NtHeaders.OptionalHeader.MinorImageVersion);
if (IS_USER_DUMP(m_Target))
{
WarnOut("If this dump was generated by userdump.exe on "
"Windows NT 4.0 the dump\n"
"version is probably incorrect. "
"Set DBGENG_FULL_DUMP_VERSION=4.0 in your\n"
"environment to override the dump version.\n");
}
}
}
}
BOOL
ProcessInfo::DeleteExitedInfos(void)
{
ThreadInfo* Thread;
ThreadInfo* ThreadNext;
BOOL DeletedSomething = FALSE;
for (Thread = m_ThreadHead; Thread; Thread = ThreadNext)
{
ThreadNext = Thread->m_Next;
if (Thread->m_Exited)
{
delete Thread;
DeletedSomething = TRUE;
}
}
ImageInfo* Image;
ImageInfo* ImagePrev;
ImageInfo* ImageNext;
ImagePrev = NULL;
for (Image = m_ImageHead; Image; Image = ImageNext)
{
ImageNext = Image->m_Next;
if (Image->m_Unloaded)
{
delete Image;
DeletedSomething = TRUE;
}
else
{
ImagePrev = Image;
}
}
return DeletedSomething;
}
void
ProcessInfo::PrepareForExecution(void)
{
ThreadInfo* Thread;
ForProcessThreads(this)
{
Thread->PrepareForExecution();
}
ResetImplicitData();
m_VirtualCache.Empty();
m_VirtualCache.SetForceDecodePtes(FALSE, m_Target);
FlushCorState();
}
void
ProcessInfo::OutputThreadInfo(ThreadInfo* Match, BOOL Verbose)
{
ThreadInfo* Thread;
Thread = m_ThreadHead;
while (Thread)
{
if (Match == NULL || Match == Thread)
{
ULONG64 DataOffset;
HRESULT Status;
char CurMark;
Status =
m_Target->
GetThreadInfoDataOffset(Thread, 0, &DataOffset);
if (Status != S_OK)
{
WarnOut("Unable to get thread data for thread %u\n",
Thread->m_UserId);
DataOffset = 0;
}
if (Thread == g_Thread)
{
CurMark = '.';
}
else if (Thread == g_EventThread)
{
CurMark = '#';
}
else
{
CurMark = ' ';
}
dprintf("%c%3ld Id: %lx.%lx Suspend: %d Teb: %s ",
CurMark,
Thread->m_UserId,
m_SystemId,
Thread->m_SystemId,
Thread->m_SuspendCount,
FormatAddr64(DataOffset));
if (Thread->m_Frozen)
{
dprintf("Frozen ");
}
else
{
dprintf("Unfrozen");
}
if (Thread->m_Name[0])
{
dprintf(" \"%s\"", Thread->m_Name);
}
dprintf("\n");
if (Verbose)
{
dprintf(" ");
if (!Thread->m_StartOffset)
{
if (m_Target->
GetThreadStartOffset(Thread,
&Thread->m_StartOffset) != S_OK)
{
Thread->m_StartOffset = 0;
}
}
if (Thread->m_StartOffset)
{
dprintf("Start: ");
OutputSymAddr(Thread->m_StartOffset,
SYMADDR_FORCE | SYMADDR_OFFSET, NULL);
}
dprintf("\n");
}
}
if (CheckUserInterrupt())
{
break;
}
Thread = Thread->m_Next;
}
}
HRESULT
ProcessInfo::AddOopFuncTableDll(PWSTR Dll, ULONG64 Handle)
{
OUT_OF_PROC_FUNC_TABLE_DLL* OopDll;
OopDll = (OUT_OF_PROC_FUNC_TABLE_DLL*)
malloc(sizeof(*OopDll) + (wcslen(Dll) + 1) * sizeof(Dll));
if (!OopDll)
{
return E_OUTOFMEMORY;
}
OopDll->Next = m_OopFuncTableDlls;
m_OopFuncTableDlls = OopDll;
OopDll->Handle = Handle;
wcscpy((PWSTR)(OopDll + 1), Dll);
return S_OK;
}
void
ProcessInfo::ClearOopFuncTableDlls(void)
{
while (m_OopFuncTableDlls)
{
OUT_OF_PROC_FUNC_TABLE_DLL* OopDll = m_OopFuncTableDlls;
m_OopFuncTableDlls = OopDll->Next;
if (IS_LIVE_USER_TARGET(m_Target))
{
((LiveUserTargetInfo*)m_Target)->m_Services->
FreeLibrary(OopDll->Handle);
}
free(OopDll);
}
}
OUT_OF_PROC_FUNC_TABLE_DLL*
ProcessInfo::FindOopFuncTableDll(PWSTR Dll)
{
OUT_OF_PROC_FUNC_TABLE_DLL* OopDll;
for (OopDll = m_OopFuncTableDlls; OopDll; OopDll = OopDll->Next)
{
if (!_wcsicmp(Dll, (PWSTR)(OopDll + 1)))
{
return OopDll;
}
}
return NULL;
}
HRESULT
ProcessInfo::LoadCorDebugDll(void)
{
HRESULT Status;
MachineInfo* CorMachine;
if (m_CorDebugDll)
{
return S_OK;
}
if (!m_CorImage ||
!(CorMachine = MachineTypeInfo(m_Target,
m_CorImage->GetMachineType())))
{
return E_UNEXPECTED;
}
VS_FIXEDFILEINFO CorVer;
if ((Status = m_Target->
GetImageVersionInformation(this,
m_CorImage->m_ImagePath,
m_CorImage->m_BaseOfImage,
"\\", &CorVer, sizeof(CorVer),
NULL)) != S_OK)
{
ErrOut("Unable to get version information for %s\n",
m_CorImage->m_ModuleName);
return Status;
}
PSTR CorDacType;
switch(m_CorImageType)
{
case COR_DLL_EE:
CorDacType = "ee";
break;
case COR_DLL_WKS:
CorDacType = "wks";
break;
case COR_DLL_SVR:
CorDacType = "svr";
break;
default:
ErrOut("Unknown runtime DLL type %s\n",
m_CorImage->m_ModuleName);
return E_INVALIDARG;
}
char DacDll[MAX_PATH];
PSTR CorImagePath = NULL;
PSTR Tail;
// If this is a live session we want to look for the
// debug DLL in the same place that the runtime is.
// If this is a dump, we want to look in the same place
// that the runtime image file was mapped from.
if (IS_DUMP_TARGET(m_Target) &&
m_CorImage->m_MappedImagePath[0])
{
CorImagePath = m_CorImage->m_MappedImagePath;
}
if (!CorImagePath)
{
CorImagePath = m_CorImage->m_ImagePath;
}
if (!CopyString(DacDll, CorImagePath, DIMA(DacDll)))
{
ErrOut("Runtime debugging DLL path overflow\n");
return E_OUTOFMEMORY;
}
// We need to request the debugging DLL that runs
// using the currently running processor type and
// that can debug the current target's processor type.
#if defined(_X86_)
PSTR HostCpu = "x86";
#elif defined(_IA64_)
PSTR HostCpu = "IA64";
#elif defined(_AMD64_)
PSTR HostCpu = "AMD64";
#elif defined(_ARM_)
PSTR HostCpu = "ARM";
#else
#error Unknown processor.
#endif
Tail = (PSTR)PathTail(DacDll);
if (!PrintString(Tail, (ULONG)(DIMA(DacDll) - (Tail - DacDll)),
"mscordac%s_%s_%s_%u.%u.%u.%u%s.dll",
CorDacType,
HostCpu,
CorMachine->m_AbbrevName,
CorVer.dwFileVersionMS >> 16,
CorVer.dwFileVersionMS & 0xffff,
CorVer.dwFileVersionLS >> 16,
CorVer.dwFileVersionLS & 0xffff,
(CorVer.dwFileFlags & VS_FF_DEBUG) ?
((CorVer.dwFileFlags & VS_FF_PRIVATEBUILD) ?
".fastchecked" : ".checked") : ""))
{
ErrOut("Runtime debugging DLL path overflow\n");
return E_OUTOFMEMORY;
}
//
// First try and load the debugging DLL using the same
// path as the runtime DLL. This makes it easy to pick
// up debugging DLLs that come with runtime installations.
//
PSTR DllPath = DacDll;
m_CorDebugDll = LoadLibrary(DllPath);
if (!m_CorDebugDll &&
(GetLastError() == ERROR_PATH_NOT_FOUND ||
GetLastError() == ERROR_FILE_NOT_FOUND ||
GetLastError() == ERROR_MOD_NOT_FOUND))
{
// Couldn't find it, so allow a path search.
DllPath = Tail;
m_CorDebugDll = LoadLibrary(DllPath);
}
if (!m_CorDebugDll)
{
Status = WIN32_LAST_STATUS();
VerbOut("Unable to load runtime debug DLL %s, %s\n",
DllPath, FormatStatusCode(Status));
return Status;
}
PFN_CreateCorDataAccess Entry = (PFN_CreateCorDataAccess)
GetProcAddress(m_CorDebugDll, "CreateCorDataAccess");
if (!Entry)
{
Status = WIN32_LAST_STATUS();
FreeLibrary(m_CorDebugDll);
m_CorDebugDll = NULL;
ErrOut("Runtime debug DLL %s missing entry point\n", DllPath);
return Status;
}
if ((Status = Entry(__uuidof(ICorDataAccess), &m_CorServices,
(void**)&m_CorAccess)) != S_OK)
{
FreeLibrary(m_CorDebugDll);
m_CorDebugDll = NULL;
ErrOut("Runtime debug DLL %s init failure, %s\n",
DllPath, FormatStatusCode(Status));
return Status;
}
VerbOut("Loaded runtime debug DLL %s\n", DllPath);
return S_OK;
}
HRESULT
ProcessInfo::IsCorCode(ULONG64 Native)
{
HRESULT Status;
if ((Status = LoadCorDebugDll()) != S_OK)
{
return Status;
}
return m_CorAccess->IsCorCode(Native);
}
HRESULT
ProcessInfo::ConvertNativeToIlOffset(ULONG64 Native,
PULONG64 ImageBase,
PULONG32 MethodToken,
PULONG32 MethodOffs)
{
HRESULT Status;
if ((Status = LoadCorDebugDll()) != S_OK)
{
return Status;
}
if ((Status = m_CorAccess->
GetILOffsetFromTargetAddress(Native, ImageBase,
MethodToken, MethodOffs)) != S_OK)
{
return Status;
}
if (!FindImageByOffset(*ImageBase, FALSE))
{
IMAGE_NT_HEADERS64 NtHdr;
char Name[MAX_IMAGE_PATH];
// XXX drewb - Need to work out when the
// module list should be updated for managed
// code that's not system-loaded.
// We don't know about this module, so load it
// right now.
if (m_Target->ReadImageNtHeaders(this, *ImageBase, &NtHdr) == S_OK &&
GetModnameFromImage(this, *ImageBase, NULL,
Name, DIMA(Name), TRUE))
{
char ReloadCmd[MAX_IMAGE_PATH];
PCSTR ArgsRet;
PrintString(ReloadCmd, DIMA(ReloadCmd), "%s=0x%s,0x%x",
Name, FormatAddr64(*ImageBase),
NtHdr.OptionalHeader.SizeOfImage);
m_Target->Reload(m_CurrentThread, ReloadCmd, &ArgsRet);
ImageInfo* Image = FindImageByOffset(*ImageBase, FALSE);
if (Image)
{
Image->m_CorImage = TRUE;
}
}
}
return S_OK;
}
HRESULT
ProcessInfo::GetCorSymbol(ULONG64 Native, PSTR Buffer, ULONG BufferChars,
PULONG64 Displacement)
{
HRESULT Status;
if ((Status = LoadCorDebugDll()) != S_OK)
{
return Status;
}
WCHAR SymWide[MAX_SYMBOL_LEN];
if ((Status = m_CorAccess->
GetCodeSymbolForTargetAddress(Native, SymWide, DIMA(SymWide),
Displacement)) != S_OK)
{
return Status;
}
if (!WideCharToMultiByte(CP_ACP, 0, SymWide, -1,
Buffer, BufferChars,
NULL, NULL))
{
return WIN32_LAST_STATUS();
}
return S_OK;
}
ICorDataStackWalk*
ProcessInfo::StartCorStack(ULONG32 CorThreadId)
{
HRESULT Status;
ICorDataStackWalk* Walk;
if ((Status = LoadCorDebugDll()) != S_OK)
{
return NULL;
}
if ((Status = m_CorAccess->StartStackWalk(CorThreadId,
DAC_STACK_ALL_FRAMES,
&Walk)) != S_OK)
{
return NULL;
}
return Walk;
}
HRESULT
ProcessInfo::Terminate(void)
{
if (!IS_LIVE_USER_TARGET(m_Target))
{
return E_UNEXPECTED;
}
PUSER_DEBUG_SERVICES Services =
((LiveUserTargetInfo*)m_Target)->m_Services;
HRESULT Status = S_OK;
if (!m_Exited)
{
if ((m_Flags & ENG_PROC_EXAMINED) == 0 &&
(Status = Services->TerminateProcess(m_SysHandle,
E_FAIL)) != S_OK)
{
ErrOut("TerminateProcess failed, %s\n",
FormatStatusCode(Status));
}
else
{
MarkExited();
}
}
return Status;
}
HRESULT
ProcessInfo::Detach(void)
{
if (!IS_LIVE_USER_TARGET(m_Target))
{
return E_UNEXPECTED;
}
PUSER_DEBUG_SERVICES Services =
((LiveUserTargetInfo*)m_Target)->m_Services;
HRESULT Status = S_OK;
if (!m_Exited)
{
if ((m_Flags & ENG_PROC_EXAMINED) == 0 &&
(Status = Services->DetachProcess(m_SystemId)) != S_OK)
{
// Older systems don't support detach so
// don't show an error message in that case.
if (Status != E_NOTIMPL)
{
ErrOut("DebugActiveProcessStop(%d) failed, %s\n",
m_SystemId, FormatStatusCode(Status));
}
}
else
{
MarkExited();
}
}
return Status;
}
HRESULT
ProcessInfo::Abandon(void)
{
if (!IS_LIVE_USER_TARGET(m_Target))
{
return E_UNEXPECTED;
}
PUSER_DEBUG_SERVICES Services =
((LiveUserTargetInfo*)m_Target)->m_Services;
HRESULT Status;
if ((Status = Services->AbandonProcess(m_SysHandle)) != S_OK)
{
// Older systems don't support abandon so
// don't show an error message in that case.
if (Status != E_NOTIMPL)
{
ErrOut("Unable to abandon process\n");
}
return Status;
}
// We need to continue any existing event as it won't
// be returned from WaitForDebugEvent again. We
// do not want to resume execution, though.
if (m_Target->m_DeferContinueEvent)
{
if ((Status = Services->ContinueEvent(DBG_CONTINUE)) != S_OK)
{
ErrOut("Unable to continue abandoned event, %s\n",
FormatStatusCode(Status));
return Status;
}
m_Target->m_DeferContinueEvent = FALSE;
}
return Status;
}
HRESULT
ProcessInfo::GetImplicitThreadData(ThreadInfo* Thread, PULONG64 Offset)
{
HRESULT Status;
if (m_ImplicitThreadData == 0 ||
(m_ImplicitThreadDataIsDefault &&
Thread != m_ImplicitThreadDataThread))
{
Status = SetImplicitThreadData(Thread, 0, FALSE);
}
else
{
Status = S_OK;
}
*Offset = m_ImplicitThreadData;
return Status;
}
HRESULT
ProcessInfo::GetImplicitThreadDataTeb(ThreadInfo* Thread, PULONG64 Offset)
{
if (IS_USER_TARGET(m_Target))
{
// In user mode the thread data is the TEB.
return GetImplicitThreadData(Thread, Offset);
}
else if (IS_KERNEL_TARGET(m_Target))
{
return ReadImplicitThreadInfoPointer
(Thread, m_Target->m_KdDebuggerData.OffsetKThreadTeb, Offset);
}
else
{
return E_UNEXPECTED;
}
}
HRESULT
ProcessInfo::SetImplicitThreadData(ThreadInfo* Thread,
ULONG64 Offset, BOOL Verbose)
{
HRESULT Status;
BOOL Default = FALSE;
if (Offset == 0)
{
if (!Thread || Thread->m_Process != this)
{
if (Verbose)
{
ErrOut("Unable to get the current thread data\n");
}
return E_UNEXPECTED;
}
if ((Status = m_Target->
GetThreadInfoDataOffset(Thread, 0, &Offset)) != S_OK)
{
if (Verbose)
{
ErrOut("Unable to get the current thread data\n");
}
return Status;
}
if (Offset == 0)
{
if (Verbose)
{
ErrOut("Current thread data is NULL\n");
}
return E_FAIL;
}
Default = TRUE;
}
m_ImplicitThreadData = Offset;
m_ImplicitThreadDataIsDefault = Default;
m_ImplicitThreadDataThread = Thread;
return S_OK;
}
HRESULT
ProcessInfo::ReadImplicitThreadInfoPointer(ThreadInfo* Thread,
ULONG Offset, PULONG64 Ptr)
{
HRESULT Status;
ULONG64 CurThread;
// Retrieve the current ETHREAD.
if ((Status = GetImplicitThreadData(Thread, &CurThread)) != S_OK)
{
return Status;
}
return m_Target->
ReadPointer(this, m_Target->m_Machine, CurThread + Offset, Ptr);
}
//----------------------------------------------------------------------------
//
// Functions.
//
//----------------------------------------------------------------------------
ProcessInfo*
FindAnyProcessByUserId(ULONG Id)
{
TargetInfo* Target;
ProcessInfo* Process;
ForAllLayersToProcess()
{
if (Process->m_UserId == Id)
{
return Process;
}
}
return NULL;
}
ProcessInfo*
FindAnyProcessBySystemId(ULONG Id)
{
TargetInfo* Target;
ProcessInfo* Process;
ForAllLayersToProcess()
{
if (Process->m_SystemId == Id)
{
return Process;
}
}
return NULL;
}
void
ParseProcessCmds(void)
{
char Ch;
ProcessInfo* Process;
ULONG Id;
if (!g_Target)
{
error(BADTHREAD);
}
Ch = PeekChar();
if (Ch == '\0' || Ch == ';')
{
g_Target->OutputProcessInfo(NULL);
}
else
{
Process = g_Process;
g_CurCmd++;
if (Ch == '.')
{
;
}
else if (Ch == '#')
{
Process = g_EventProcess;
}
else if (Ch == '*')
{
Process = NULL;
}
else if (Ch == '[')
{
g_CurCmd--;
Id = (ULONG)GetTermExpression("Process ID missing from");
Process = FindAnyProcessByUserId(Id);
if (Process == NULL)
{
error(BADPROCESS);
}
}
else if (Ch == '~')
{
if (*g_CurCmd != '[')
{
error(SYNTAX);
}
Id = (ULONG)GetTermExpression("Process ID missing from");
Process = FindAnyProcessBySystemId(Id);
if (Process == NULL)
{
error(BADPROCESS);
}
}
else if (Ch >= '0' && Ch <= '9')
{
Id = 0;
do
{
Id = Id * 10 + Ch - '0';
Ch = *g_CurCmd++;
} while (Ch >= '0' && Ch <= '9');
g_CurCmd--;
Process = FindAnyProcessByUserId(Id);
if (Process == NULL)
{
error(BADPROCESS);
}
}
else
{
g_CurCmd--;
}
Ch = PeekChar();
if (Ch == '\0' || Ch == ';')
{
g_Target->OutputProcessInfo(Process);
}
else
{
g_CurCmd++;
if (tolower(Ch) == 's')
{
if (Process == NULL)
{
error(BADPROCESS);
}
if (Process->m_CurrentThread == NULL)
{
Process->m_CurrentThread = Process->m_ThreadHead;
if (Process->m_CurrentThread == NULL)
{
error(BADPROCESS);
}
}
SetPromptThread(Process->m_CurrentThread,
SPT_DEFAULT_OCI_FLAGS);
}
else
{
g_CurCmd--;
}
}
}
}
//----------------------------------------------------------------------------
//
// Process creation and attach functions.
//
//----------------------------------------------------------------------------
HRESULT
TerminateProcesses(void)
{
HRESULT Status;
if (!AnyLiveUserTargets())
{
// Nothing to do.
return S_OK;
}
if (g_SymOptions & SYMOPT_SECURE)
{
ErrOut("SECURE: Process termination disallowed\n");
return HRESULT_FROM_WIN32(ERROR_ACCESS_DENIED);
}
Status = PrepareForSeparation();
if (Status != S_OK)
{
ErrOut("Unable to prepare for termination, %s\n",
FormatStatusCode(Status));
return Status;
}
TargetInfo* Target;
HRESULT SingleStatus;
ForAllLayersToTarget()
{
// If we fail in the middle of killing things there
// isn't much that can be done so just attempt to
// kill as many things as possible.
if (IS_LIVE_USER_TARGET(Target) &&
(SingleStatus = Target->TerminateProcesses()) != S_OK)
{
Status = SingleStatus;
}
}
DiscardLastEvent();
return Status;
}
HRESULT
DetachProcesses(void)
{
HRESULT Status;
if (!AnyLiveUserTargets())
{
// Nothing to do.
return S_OK;
}
if (g_SymOptions & SYMOPT_SECURE)
{
ErrOut("SECURE: Process detach disallowed\n");
return HRESULT_FROM_WIN32(ERROR_ACCESS_DENIED);
}
Status = PrepareForSeparation();
if (Status != S_OK)
{
ErrOut("Unable to prepare for detach, %s\n",
FormatStatusCode(Status));
return Status;
}
TargetInfo* Target;
HRESULT SingleStatus;
ForAllLayersToTarget()
{
// If we fail in the middle of detaching things there
// isn't much that can be done so just attempt to
// detach as many things as possible.
if (IS_LIVE_USER_TARGET(Target) &&
(SingleStatus = Target->DetachProcesses()) != S_OK)
{
Status = SingleStatus;
}
}
DiscardLastEvent();
return Status;
}
HRESULT
SeparateCurrentProcess(ULONG Mode, PSTR Description)
{
if (!IS_LIVE_USER_TARGET(g_Target) ||
g_Process == NULL)
{
return E_INVALIDARG;
}
if (g_SymOptions & SYMOPT_SECURE)
{
ErrOut("SECURE: Process separation disallowed\n");
return HRESULT_FROM_WIN32(ERROR_ACCESS_DENIED);
}
PUSER_DEBUG_SERVICES Services =
((LiveUserTargetInfo*)g_Target)->m_Services;
if ((Mode == SEP_DETACH || Mode == SEP_TERMINATE) &&
IS_CUR_CONTEXT_ACCESSIBLE())
{
ADDR Pc;
// Move the PC past any current breakpoint instruction so that
// the process has a chance of running.
g_Machine->GetPC(&Pc);
if (g_Machine->IsBreakpointInstruction(g_Process, &Pc))
{
g_Machine->AdjustPCPastBreakpointInstruction
(&Pc, DEBUG_BREAKPOINT_CODE);
}
}
// Flush any buffered changes.
if (IS_CUR_CONTEXT_ACCESSIBLE())
{
g_Target->FlushRegContext();
}
if (g_EventProcess == g_Process && Mode != SEP_TERMINATE)
{
if (g_Target->m_DeferContinueEvent)
{
Services->ContinueEvent(DBG_CONTINUE);
g_Target->m_DeferContinueEvent = FALSE;
}
}
((LiveUserTargetInfo*)g_Target)->
SuspendResumeThreads(g_Process, FALSE, NULL);
HRESULT Status;
PSTR Operation;
switch(Mode)
{
case SEP_DETACH:
Status = g_Process->Detach();
Operation = "Detached";
break;
case SEP_TERMINATE:
Status = g_Process->Terminate();
if ((g_Process->m_Flags & ENG_PROC_EXAMINED) == 0)
{
Operation = "Terminated. "
"Exit thread and process events will occur.";
}
else
{
Operation = "Terminated";
}
break;
case SEP_ABANDON:
Status = g_Process->Abandon();
Operation = "Abandoned";
break;
}
if (Status == S_OK)
{
if (Description != NULL)
{
strcpy(Description, Operation);
}
// If we're detaching or abandoning it's safe to go
// ahead and remove the process now so that it
// can't be access further.
// If we're terminating we have to wait for
// the exit events to come through so
// keep the process until that happens.
if (Mode != SEP_TERMINATE)
{
delete g_Process;
SetToAnyLayers(TRUE);
}
else
{
g_Process->m_Exited = FALSE;
}
}
else
{
((LiveUserTargetInfo*)g_Target)->
SuspendResumeThreads(g_Process, TRUE, NULL);
}
return Status;
}