|
|
/*++
Copyright (c) 1999-2000 Microsoft Corporation
Module Name:
tcp.c
Abstract:
TCP kernel debugger extensions.
Author:
Scott Holden (sholden) 24-Apr-1999
Revision History:
--*/
#include "tcpipxp.h"
#include "tcpipkd.h"
// Simple to declare if just dumping a specific address/object type.
TCPIP_DBGEXT(TCB, tcb);TCPIP_DBGEXT(TWTCB, twtcb);TCPIP_DBGEXT(AddrObj, ao);TCPIP_DBGEXT(TCPRcvReq, trr);TCPIP_DBGEXT(TCPSendReq, tsr);TCPIP_DBGEXT(SendCmpltContext, scc);TCPIP_DBGEXT(TCPRAHdr, trh);TCPIP_DBGEXT(DGSendReq, dsr);TCPIP_DBGEXT(DGRcvReq, drr);TCPIP_DBGEXT(TCPConn, tc);TCPIP_DBGEXT(TCPConnBlock, cb);TCPIP_DBGEXT(TCPHeader, tcph);TCPIP_DBGEXT(UDPHeader, udph);TCPIP_DBGEXT(TCP_CONTEXT, tcpctxt);TCPIP_DBGEXT(FILE_OBJECT, tcpfo);TCPIP_DBGEXT_LIST(MDL, mdlc, Next);
//
// Dump TCP global parameters.
//
DECLARE_API(gtcp){ dprintf(ENDL);
//
// tcpconn.c
//
TCPIPDump_uint(MaxConnBlocks); TCPIPDumpCfg_uint(ConnPerBlock, MAX_CONN_PER_BLOCK); TCPIPDumpCfg_uint(MaxFreeConns, MAX_CONN_PER_BLOCK); TCPIPDump_uint(ConnsAllocated); TCPIPDump_uint(ConnsOnFreeList); TCPIPDump_uint(NextConnBlock); TCPIPDump_uint(MaxAllocatedConnBlocks);
dprintf(ENDL);
TCPIPDump_DWORD(g_CurIsn); TCPIPDumpCfg_DWORD(g_cRandIsnStore, 256); TCPIPDumpCfg_DWORD(g_maskRandIsnStore, 255);
dprintf(ENDL);
TCPIPDump_uint(NumConnReq); TCPIPDumpCfg_uint(MaxConnReq, 0xffffffff); TCPIPDump_uint(ConnTableSize);
dprintf(ENDL);
//
// tcpdeliv.c
//
TCPIPDump_uint(NumTCPRcvReq); TCPIPDumpCfg_uint(MaxRcvReq, 0xffffffff);
dprintf(ENDL);
//
// tcprcv.c
//
TCPIPDumpCfg_uint(MaxRcvWin, 0xffff); TCPIPDump_uint(MaxDupAcks);
dprintf(ENDL);
//
// tcpsend.c
//
TCPIPDumpCfg_uint(MaxSendSegments, 64); TCPIPDump_uint(TCPSendHwchksum); TCPIPDump_uint(TCPCurrentSendFree); TCPIPDump_uint(NumTCPSendReq); TCPIPDumpCfg_uint(MaxSendReq , 0xffffffff);
dprintf(ENDL);
//
// tcb.c
//
TCPIPDump_uint(TCBsOnFreeList); TCPIPDump_uint(TCPTime); TCPIPDump_uint(TCBWalkCount); TCPIPDump_uint(CurrentTCBs); TCPIPDump_uint(CurrentTWTCBs); TCPIPDumpCfg_uint(MaxTCBs, 0xffffffff); TCPIPDumpCfg_uint(MaxTWTCBs, 0xffffffff); TCPIPDumpCfg_uint(MaxFreeTcbs, 1000); TCPIPDumpCfg_uint(MaxFreeTWTcbs, 1000); TCPIPDumpCfg_uint(MaxHashTableSize, 512); TCPIPDump_uint(DeadmanTicks); TCPIPDump_uint(NumTcbTablePartitions); TCPIPDump_uint(PerPartitionSize); TCPIPDump_uint(LogPerPartitionSize);
TCPIPDump_BOOLEAN(fTCBTimerStopping);
dprintf(ENDL);
//
// addr.c
//
TCPIPDump_ushort(NextUserPort); TCPIPDumpCfg_ULONG(DisableUserTOSSetting, TRUE); TCPIPDumpCfg_ULONG(DefaultTOSValue, 0);
dprintf(ENDL);
//
// dgram.c
//
TCPIPDump_ULONG(DGCurrentSendFree); TCPIPDumpCfg_ULONG(DGMaxSendFree, 0x4000); TCPIPDump_uint(NumSendReq); TCPIPDump_uint(DGHeaderSize);
dprintf(ENDL);
//
// init.c
//
TCPIPDumpCfg_uint(DeadGWDetect, TRUE); TCPIPDumpCfg_uint(PMTUDiscovery, TRUE); TCPIPDumpCfg_uint(PMTUBHDetect, FALSE); TCPIPDumpCfg_uint(KeepAliveTime, 72000 /*DEFAULT_KEEPALIVE_TIME*/); TCPIPDumpCfg_uint(KAInterval, 10 /*DEFAULT_KEEPALIVE_INTERVAL*/); TCPIPDumpCfg_uint(DefaultRcvWin, 0);
dprintf(ENDL);
TCPIPDumpCfg_uint(MaxConnections, DEFAULT_MAX_CONNECTIONS); TCPIPDumpCfg_uint(MaxConnectRexmitCount, MAX_CONNECT_REXMIT_CNT); TCPIPDumpCfg_uint(MaxConnectResponseRexmitCount, MAX_CONNECT_RESPONSE_REXMIT_CNT); TCPIPDump_uint(MaxConnectResponseRexmitCountTmp); TCPIPDumpCfg_uint(MaxDataRexmitCount, MAX_REXMIT_CNT);
dprintf(ENDL);
//
// ntinit.c
//
TCPIPDump_uint(TCPHalfOpen); TCPIPDump_uint(TCPHalfOpenRetried); TCPIPDump_uint(TCPMaxHalfOpen); TCPIPDump_uint(TCPMaxHalfOpenRetried); TCPIPDump_uint(TCPMaxHalfOpenRetriedLW);
dprintf(ENDL);
TCPIPDump_uint(TCPPortsExhausted); TCPIPDump_uint(TCPMaxPortsExhausted); TCPIPDump_uint(TCPMaxPortsExhaustedLW);
dprintf(ENDL);
TCPIPDumpCfg_BOOLEAN(SynAttackProtect, FALSE); TCPIPDumpCfg_uint(BSDUrgent, TRUE); TCPIPDumpCfg_uint(FinWait2TO, FIN_WAIT2_TO * 10); TCPIPDumpCfg_uint(NTWMaxConnectCount, NTW_MAX_CONNECT_COUNT); TCPIPDumpCfg_uint(NTWMaxConnectTime, NTW_MAX_CONNECT_TIME * 2); TCPIPDumpCfg_uint(MaxUserPort, MAX_USER_PORT); TCPIPDumpCfg_uint(SecurityFilteringEnabled, FALSE);
dprintf(ENDL);
return;}
//
// Searches TCBs in the TCB table and dumps.
//
DECLARE_API(srchtcbtable){ TCB **TcbTable = NULL;
ULONG TcbTableAddr = 0; ULONG TcbTableSize = 0; BOOL fStatus;
ULONG i;
PTCPIP_SRCH pSrch = NULL;
pSrch = ParseSrch( args, TCPIP_SRCH_ALL, TCPIP_SRCH_ALL | TCPIP_SRCH_IPADDR | TCPIP_SRCH_PORT | TCPIP_SRCH_STATS);
if (pSrch == NULL) { dprintf("srchtcbtable: Invalid parameter" ENDL); goto done; }
//
// Now retrieve the table and dump.
//
TcbTableAddr = GetUlongValue("tcpip!TcbTable"); TcbTableSize = GetUlongValue("tcpip!MaxHashTableSize");
// Allocate and read table into memory.
TcbTable = LocalAlloc(LPTR, sizeof(TCB *) * TcbTableSize);
if (TcbTable == NULL) { dprintf("Failed to allocate table" ENDL); goto done; }
fStatus = GetData( TcbTable, sizeof(TCB *) * TcbTableSize, TcbTableAddr, "TcbTable");
if (fStatus == FALSE) { dprintf("Failed to read table at %x" ENDL, TcbTableAddr); goto done; }
dprintf("TcbTable %x, size = %d" ENDL, TcbTableAddr, TcbTableSize);
for (i = 0; i < TcbTableSize; i++) { TCB Tcb; BOOL fPrint; TCB * pTcb;
pTcb = TcbTable[i];
while (pTcb != NULL) { fStatus = GetData(&Tcb, sizeof(TCB), (ULONG_PTR)pTcb, "TCB");
if (fStatus == FALSE) { dprintf("Failed to get TCB %x" ENDL, pTcb); goto done; }
fPrint = FALSE;
switch (pSrch->ulOp) { case TCPIP_SRCH_PORT: if (Tcb.tcb_sport == htons(pSrch->port) || Tcb.tcb_dport == htons(pSrch->port)) { fPrint = TRUE; } break; case TCPIP_SRCH_IPADDR: if (Tcb.tcb_saddr == pSrch->ipaddr || Tcb.tcb_daddr == pSrch->ipaddr) { fPrint = TRUE; } break; case TCPIP_SRCH_STATS: fPrint = FALSE; break; case TCPIP_SRCH_ALL: fPrint = TRUE; break; }
if (fPrint == TRUE) { dprintf("[%4d] ", i); // Print which table entry it is in.
fStatus = DumpTCB(&Tcb, (ULONG_PTR) pTcb, g_Verbosity);
if (fStatus == FALSE) { dprintf("Failed to dump TCB %x" ENDL, pTcb); } }
pTcb = Tcb.tcb_next;
if (CheckControlC()) { goto done; } } }
done:
if (pSrch) { LocalFree(pSrch); }
if (TcbTable) { LocalFree(TcbTable); }
return;}
//
// Searches time-wait TCB table.
//
DECLARE_API(srchtwtcbtable){ // Don't fix until I know that change has stopped.
#if 0
TWTCB **TwtcbTable = NULL;
ULONG TwtcbTableAddr = 0; ULONG TwtcbTableSize = 0; BOOL fStatus;
ULONG i;
PTCPIP_SRCH pSrch = NULL;
pSrch = ParseSrch( args, TCPIP_SRCH_ALL, TCPIP_SRCH_ALL | TCPIP_SRCH_IPADDR | TCPIP_SRCH_PORT | TCPIP_SRCH_STATS);
if (pSrch == NULL) { dprintf("srchtwtcbtable: Invalid parameter" ENDL); goto done; }
//
// Now retrieve the table and dump.
//
TwtcbTableAddr = GetUlongValue("tcpip!TwtcbTable"); TwtcbTableSize = GetUlongValue("tcpip!MaxHashTableSize");
// Allocate and read table into memory.
TwtcbTable = LocalAlloc(LPTR, sizeof(TWTCB *) * TwtcbTableSize);
if (TwtcbTable == NULL) { dprintf("Failed to allocate table" ENDL); goto done; }
fStatus = GetData( TwtcbTable, sizeof(TWTCB *) * TwtcbTableSize, TwtcbTableAddr, "TwtcbTable");
if (fStatus == FALSE) { dprintf("Failed to read table at %x" ENDL, TwtcbTableAddr); goto done; }
dprintf("TwtcbTable %x, size = %d" ENDL, TwtcbTableAddr, TwtcbTableSize);
for (i = 0; i < TwtcbTableSize; i++) { TWTCB Twtcb; BOOL fPrint; TWTCB * pTwtcb;
pTwtcb = TwtcbTable[i];
while (pTwtcb != NULL) { fStatus = GetData(&Twtcb, sizeof(TWTCB), (ULONG_PTR)pTwtcb, "TWTCB");
if (fStatus == FALSE) { dprintf("Failed to get TWTCB %x" ENDL, pTwtcb); goto done; }
fPrint = FALSE;
switch (pSrch->ulOp) { case TCPIP_SRCH_PORT: if (Twtcb.twtcb_sport == htons(pSrch->port) || Twtcb.twtcb_dport == htons(pSrch->port)) { fPrint = TRUE; } break; case TCPIP_SRCH_IPADDR: if (Twtcb.twtcb_saddr == pSrch->ipaddr || Twtcb.twtcb_daddr == pSrch->ipaddr) { fPrint = TRUE; } break; case TCPIP_SRCH_STATS: fPrint = FALSE; break; case TCPIP_SRCH_ALL: fPrint = TRUE; break; }
if (fPrint == TRUE) { dprintf("[%4d] ", i); // Print which table entry it is in.
fStatus = DumpTWTCB(&Twtcb, (ULONG_PTR) pTwtcb, g_Verbosity);
if (fStatus == FALSE) { dprintf("Failed to dump TWTCB %x" ENDL, pTwtcb); } }
pTwtcb = Twtcb.twtcb_next;
if (CheckControlC()) { goto done; } } }
done:
if (pSrch) { LocalFree(pSrch); }
if (TwtcbTable) { LocalFree(TwtcbTable); }
return;#endif
}
//
// Searches time-wait TCB queue.
//
DECLARE_API(srchtwtcbq){#if 0
Queue *TwtcbQ = NULL;
ULONG TwtcbQAddr = 0; ULONG TwtcbQSize = 0; BOOL fStatus;
ULONG i;
PTCPIP_SRCH pSrch = NULL;
pSrch = ParseSrch( args, TCPIP_SRCH_ALL, TCPIP_SRCH_ALL | TCPIP_SRCH_IPADDR | TCPIP_SRCH_PORT | TCPIP_SRCH_STATS);
if (pSrch == NULL) { dprintf("srchtwtcbq: Invalid parameter" ENDL); goto done; }
//
// Now retrieve the table and dump.
//
TwtcbQAddr = GetUlongValue("tcpip!TWQueue"); TwtcbQSize = GetUlongValue("tcpip!NumTcbTablePartitions");
// Allocate and read table into memory.
TwtcbQ = LocalAlloc(LPTR, sizeof(Queue) * TwtcbQSize);
if (TwtcbQ == NULL) { dprintf("Failed to allocate table" ENDL); goto done; }
fStatus = GetData( TwtcbQ, sizeof(Queue) * TwtcbQSize, TwtcbQAddr, "TWQueue");
if (fStatus == FALSE) { dprintf("Failed to read table at %x" ENDL, TwtcbQAddr); goto done; }
dprintf("TwtcbQ %x, size = %d" ENDL, TwtcbQAddr, TwtcbQSize);
for (i = 0; i < TwtcbQSize; i++) { TWTCB Twtcb; BOOL fPrint; TWTCB * pTwtcb; Queue * pQ;
pQ = TwtcbQ[i].q_next;
while (pQ != (Queue *)((PBYTE)TwtcbQAddr + sizeof(Queue) * i)) { pTwtcb = STRUCT_OF(TWTCB, pQ, twtcb_TWQueue);
fStatus = GetData(&Twtcb, sizeof(TWTCB), (ULONG_PTR)pTwtcb, "TWTCB");
if (fStatus == FALSE) { dprintf("Failed to get TWTCB %x" ENDL, pTwtcb); goto done; }
fPrint = FALSE;
switch (pSrch->ulOp) { case TCPIP_SRCH_PORT: if (Twtcb.twtcb_sport == htons(pSrch->port) || Twtcb.twtcb_dport == htons(pSrch->port)) { fPrint = TRUE; } break; case TCPIP_SRCH_IPADDR: if (Twtcb.twtcb_saddr == pSrch->ipaddr || Twtcb.twtcb_daddr == pSrch->ipaddr) { fPrint = TRUE; } break; case TCPIP_SRCH_STATS: fPrint = FALSE; break; case TCPIP_SRCH_ALL: fPrint = TRUE; break; }
if (fPrint == TRUE) { dprintf("[%4d] ", i); // Print which queue it is in.
fStatus = DumpTWTCB(&Twtcb, (ULONG_PTR) pTwtcb, g_Verbosity);
if (fStatus == FALSE) { dprintf("Failed to dump TWTCB %x" ENDL, pTwtcb); } }
pTwtcb = Twtcb.twtcb_next;
if (CheckControlC()) { goto done; }
pQ = Twtcb.twtcb_TWQueue.q_next; }
}
done:
if (pSrch) { LocalFree(pSrch); }
if (TwtcbQ) { LocalFree(TwtcbQ); }
return;#endif
}
//
// Searches AddrObj table.
//
DECLARE_API(srchaotable){ ULONG_PTR AoTableAddr; DWORD AoTableSize; AddrObj *AoTable[AO_TABLE_SIZE]; BOOL fStatus; DWORD i;
ULONG cAos = 0; ULONG cValidAos = 0; ULONG cBusyAos = 0; ULONG cQueueAos = 0; ULONG cDeleteAos = 0; ULONG cNetbtAos = 0; ULONG cTcpAos = 0;
PTCPIP_SRCH pSrch = NULL;
pSrch = ParseSrch( args, TCPIP_SRCH_ALL, TCPIP_SRCH_ALL | TCPIP_SRCH_IPADDR | TCPIP_SRCH_PORT | TCPIP_SRCH_STATS | TCPIP_SRCH_PROT);
if (pSrch == NULL) { dprintf("srchaotable: Invalid parameter" ENDL); goto done; }
AoTableAddr = GetExpression("tcpip!AddrObjTable"); AoTableSize = AO_TABLE_SIZE;
fStatus = GetData( AoTable, sizeof(AddrObj *) * AO_TABLE_SIZE, AoTableAddr, "AoTable");
if (fStatus == FALSE) { dprintf("Failed to read table at %x" ENDL, AoTableAddr); goto done; }
dprintf("AoTable %x, size %d" ENDL, AoTableAddr, AoTableSize);
for (i = 0; i < AoTableSize; i++) { AddrObj Ao; BOOL fPrint; AddrObj *pAo;
pAo = AoTable[i];
while (pAo != NULL) { fStatus = GetData( &Ao, sizeof(AddrObj), (ULONG_PTR)pAo, "AddrObj");
if (fStatus == FALSE) { dprintf("Failed to get AddrObj %x" ENDL, pAo); goto done; }
fPrint = FALSE; // Default.
switch (pSrch->ulOp) { case TCPIP_SRCH_PORT: if (Ao.ao_port == htons(pSrch->port)) { fPrint = TRUE; } break; case TCPIP_SRCH_PROT: if (Ao.ao_prot == pSrch->prot) { fPrint = TRUE; } break; case TCPIP_SRCH_IPADDR: if (Ao.ao_addr == pSrch->ipaddr) { fPrint = TRUE; } break; case TCPIP_SRCH_STATS: fPrint = FALSE; break; case TCPIP_SRCH_ALL: fPrint = TRUE; break; }
if (fPrint == TRUE) { dprintf("[%4d] ", i); // Print which entry.
fStatus = DumpAddrObj(&Ao, (ULONG_PTR)pAo, g_Verbosity);
if (fStatus == FALSE) { dprintf("Failed to dump AO %x" ENDL, pAo); } }
// Collect stats.
cAos++;
if (Ao.ao_flags & AO_VALID_FLAG) { cValidAos++;
if (Ao.ao_flags & AO_BUSY_FLAG) cBusyAos++; if (Ao.ao_flags & AO_QUEUED_FLAG) cQueueAos++; if (Ao.ao_flags & AO_DELETE_FLAG) cDeleteAos++; if ((ULONG_PTR)Ao.ao_error == GetExpression("netbt!TdiErrorHandler")) cNetbtAos++; if (Ao.ao_prot == PROTOCOL_TCP) cTcpAos++; }
pAo = Ao.ao_next;
if (CheckControlC()) { goto done; } } }
dprintf("AO Entries: %d::" ENDL, cAos); dprintf(TAB "Valid AOs: %d" ENDL, cValidAos); dprintf(TAB "Busy AOs: %d" ENDL, cBusyAos); dprintf(TAB "AOs with pending queue: %d" ENDL, cQueueAos); dprintf(TAB "AOs with pending delete: %d" ENDL, cDeleteAos); dprintf(TAB "Netbt AOs: %d" ENDL, cNetbtAos); dprintf(TAB "TCP AOs: %d" ENDL, cTcpAos);
done:
if (pSrch) { LocalFree(pSrch); }
return;}
//
// Dumps the TCPConns associated with the TCPConnBlock.
//
BOOLSrchConnBlock( ULONG_PTR CbAddr, ULONG op, VERB verb ){ TCPConnBlock cb; TCPConnBlock *pCb = &cb; BOOL fStatus; ULONG i;
fStatus = GetData( pCb, sizeof(TCPConnBlock), CbAddr, "TCPConnBlock");
if (fStatus == FALSE) { dprintf("Failed to read TCPConnBlock @ %x" ENDL, CbAddr); goto done; }
fStatus = DumpTCPConnBlock( pCb, CbAddr, VERB_MED);
for (i = 0; i < MAX_CONN_PER_BLOCK; i++) { if (CheckControlC()) { goto done; }
if (pCb->cb_conn[i] != NULL) { TCPConn tc;
fStatus = GetData( &tc, sizeof(TCPConn), (ULONG_PTR) pCb->cb_conn[i], "TCPConn");
if (fStatus == FALSE) { dprintf("Failed to read TCPConn @ %x" ENDL, pCb->cb_conn[i]); goto done; }
fStatus = DumpTCPConn(&tc, (ULONG_PTR) pCb->cb_conn[i], verb);
if (fStatus == FALSE) { dprintf("Failed to dump TCPConn @ %x" ENDL, pCb->cb_conn[i]); } } }
done:
return (TRUE);}
//
// Dumps the TCPConn's in the conn table.
//
DECLARE_API(conntable){ TCPConnBlock **CbTable = NULL;
ULONG CbTableAddr = 0; ULONG CbTableSize = 0; BOOL fStatus;
ULONG i;
//
// Now retrieve the table and dump.
//
CbTableAddr = GetUlongValue("tcpip!ConnTable"); CbTableSize = GetUlongValue("tcpip!ConnTableSize");
CbTableSize = CbTableSize/MAX_CONN_PER_BLOCK;
// Allocate and read table into memory.
CbTable = LocalAlloc(LPTR, sizeof(TWTCB *) * CbTableSize);
if (CbTable == NULL) { dprintf("Failed to allocate table" ENDL); goto done; }
fStatus = GetData( CbTable, sizeof(TCPConnBlock *) * CbTableSize, CbTableAddr, "ConnTable");
if (fStatus == FALSE) { dprintf("Failed to read table at %x" ENDL, CbTableAddr); goto done; }
dprintf("ConnTable %x, size = %d" ENDL, CbTableAddr, CbTableSize);
for (i = 0; i < CbTableSize; i++) { if (CheckControlC()) { goto done; }
if (CbTable[i] != NULL) { dprintf("[%4d] ", i); fStatus = SrchConnBlock( (ULONG_PTR) CbTable[i], TCPIP_SRCH_ALL | TCPIP_SRCH_STATS, g_Verbosity);
if (fStatus == FALSE) { dprintf("Failed to dump ConnBlock @ %x" ENDL, CbTable[i]); } } }
done:
if (CbTable) { LocalFree(CbTable); }
return;}
//
// Dumps a TCP IRP.
//
DECLARE_API(tcpirp){ ULONG_PTR IrpAddr; ULONG_PTR IrpspAddr; IRP irp; IO_STACK_LOCATION irpsp; LONG iIrpsp; BOOL fTcpIrp = TRUE; BOOL fStatus;
if (!*args) { dprintf("Usage: !irp <address>" ENDL); return; }
IrpAddr = GetExpression(args);
fStatus = GetData(&irp, sizeof(IRP), IrpAddr, "IRP");
if (fStatus == FALSE) { dprintf("Failed to get IRP %x" ENDL, IrpAddr); return; }
if (irp.Type != IO_TYPE_IRP) { dprintf("IRP sig does not match. Likely not a n IRP" ENDL); return; }
dprintf("IRP is active with %d stacks, %d is current" ENDL, irp.StackCount, irp.CurrentLocation);
if ((irp.MdlAddress != NULL) && (irp.Type == IO_TYPE_IRP)) { dprintf(" Mdl = %08lx ", irp.MdlAddress); } else { dprintf(" No Mdl "); }
if (irp.AssociatedIrp.MasterIrp != NULL) { dprintf("%s = %08lx ", (irp.Flags & IRP_ASSOCIATED_IRP) ? "Associated Irp" : (irp.Flags & IRP_DEALLOCATE_BUFFER) ? "System buffer" : "Irp count", irp.AssociatedIrp.MasterIrp); }
dprintf("Thread %08lx: ", irp.Tail.Overlay.Thread);
if (irp.StackCount > 15) { dprintf("Too many Irp stacks to be believed (>15)!!" ENDL); return; } else { if (irp.CurrentLocation > irp.StackCount) { dprintf("Irp is completed. "); } else { dprintf("Irp stack trace. "); } }
if (irp.PendingReturned) { dprintf("Pending has been returned" ENDL); } else { dprintf("" ENDL); }
if (g_Verbosity == VERB_MAX) { dprintf("Flags = %08lx" ENDL, irp.Flags); dprintf("ThreadListEntry.Flink = %08lx" ENDL, irp.ThreadListEntry.Flink); dprintf("ThreadListEntry.Blink = %08lx" ENDL, irp.ThreadListEntry.Blink); dprintf("IoStatus.Status = %08lx" ENDL, irp.IoStatus.Status); dprintf("IoStatus.Information = %08lx" ENDL, irp.IoStatus.Information); dprintf("RequestorMode = %08lx" ENDL, irp.RequestorMode); dprintf("Cancel = %02lx" ENDL, irp.Cancel); dprintf("CancelIrql = %lx" ENDL, irp.CancelIrql); dprintf("ApcEnvironment = %02lx" ENDL, irp.ApcEnvironment); dprintf("UserIosb = %08lx" ENDL, irp.UserIosb); dprintf("UserEvent = %08lx" ENDL, irp.UserEvent); dprintf("Overlay.AsynchronousParameters.UserApcRoutine = %08lx" ENDL, irp.Overlay.AsynchronousParameters.UserApcRoutine); dprintf("Overlay.AsynchronousParameters.UserApcContext = %08lx" ENDL, irp.Overlay.AsynchronousParameters.UserApcContext); dprintf("Overlay.AllocationSize = %08lx - %08lx" ENDL, irp.Overlay.AllocationSize.HighPart, irp.Overlay.AllocationSize.LowPart); dprintf("CancelRoutine = %08lx" ENDL, irp.CancelRoutine); dprintf("UserBuffer = %08lx" ENDL, irp.UserBuffer); dprintf("&Tail.Overlay.DeviceQueueEntry = %08lx" ENDL, &irp.Tail.Overlay.DeviceQueueEntry); dprintf("Tail.Overlay.Thread = %08lx" ENDL, irp.Tail.Overlay.Thread); dprintf("Tail.Overlay.AuxiliaryBuffer = %08lx" ENDL, irp.Tail.Overlay.AuxiliaryBuffer); dprintf("Tail.Overlay.ListEntry.Flink = %08lx" ENDL, irp.Tail.Overlay.ListEntry.Flink); dprintf("Tail.Overlay.ListEntry.Blink = %08lx" ENDL, irp.Tail.Overlay.ListEntry.Blink); dprintf("Tail.Overlay.CurrentStackLocation = %08lx" ENDL, irp.Tail.Overlay.CurrentStackLocation); dprintf("Tail.Overlay.OriginalFileObject = %08lx" ENDL, irp.Tail.Overlay.OriginalFileObject); dprintf("Tail.Apc = %08lx" ENDL, irp.Tail.Apc); dprintf("Tail.CompletionKey = %08lx" ENDL, irp.Tail.CompletionKey); }
IrpspAddr = IrpAddr + sizeof(IRP);
for (iIrpsp = 0; iIrpsp < irp.StackCount; iIrpsp++) { fStatus = GetData( &irpsp, sizeof(IO_STACK_LOCATION), IrpspAddr, "IO_STACK_LOCATION");
if (fStatus == FALSE) { dprintf("Failed to read IRP stack @ %x" ENDL, IrpspAddr); break; }
dprintf("%c%3x %2x %2x %08lx %08lx %08lx-%08lx %s %s %s %s" ENDL, iIrpsp == irp.CurrentLocation ? '>' : ' ', irpsp.MajorFunction, irpsp.Flags, irpsp.Control, irpsp.DeviceObject, irpsp.FileObject, irpsp.CompletionRoutine, irpsp.Context, (irpsp.Control & SL_INVOKE_ON_SUCCESS) ? "Success" : "", (irpsp.Control & SL_INVOKE_ON_ERROR) ? "Error" : "", (irpsp.Control & SL_INVOKE_ON_CANCEL) ? "Cancel" : "", (irpsp.Control & SL_PENDING_RETURNED) ? "pending" : "");
if (irpsp.DeviceObject != NULL) { ULONG_PTR TcpDevObj;
TcpDevObj = GetUlongValue("tcpip!TCPDeviceObject");
dprintf("tcpdevobj %x" ENDL, TcpDevObj); if ((ULONG)irpsp.DeviceObject != TcpDevObj) { dprintf("THIS IS NOT A TCP Irp!!!!" ENDL); fTcpIrp = FALSE; } else { dprintf(TAB TAB "\\Driver\\Tcpip"); fTcpIrp = TRUE; } }
DumpPtrSymbol(irpsp.CompletionRoutine);
dprintf(TAB TAB TAB "Args: %08lx %08lx %08lx %08lx" ENDL, irpsp.Parameters.Others.Argument1, irpsp.Parameters.Others.Argument2, irpsp.Parameters.Others.Argument3, irpsp.Parameters.Others.Argument4);
if (fTcpIrp == TRUE) { if (irpsp.FileObject != NULL) { FILE_OBJECT fo;
fStatus = GetData( &fo, sizeof(FILE_OBJECT), (ULONG_PTR)irpsp.FileObject, "FILE_OBJECT");
if (fStatus == FALSE) { dprintf("Failed to read FILE_OBJECT @ %x" ENDL, irpsp.FileObject); } else { DumpFILE_OBJECT(&fo, (ULONG_PTR)irpsp.FileObject, g_Verbosity);
if (fo.FsContext) { TCP_CONTEXT tc;
fStatus = GetData( &tc, sizeof(TCP_CONTEXT), (ULONG_PTR) fo.FsContext, "TCP_CONTEXT");
if (fStatus == FALSE) { dprintf("Failed to read TCP_CONTEXT @ %x" ENDL, fo.FsContext); } else { DumpTCP_CONTEXT_typed( &tc, (ULONG_PTR) fo.FsContext, g_Verbosity, (ULONG_PTR) fo.FsContext2); } } } } }
if (CheckControlC()) { break; }
IrpspAddr += sizeof(irpsp); }
return;}
|
