archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-xp/Source/XPSP1/NT/sdktools/debuggers/exts/extsdll/peb.c

498 lines
16 KiB
Raw Permalink Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1992 Microsoft Corporation
  5. Module Name:
  7. peb.c
  9. Abstract:
  11. WinDbg Extension Api
  13. Author:
  15. Ramon J San Andres (ramonsa) 5-Nov-1993
  17. Environment:
  19. User Mode.
  21. Revision History:
  23. --*/
  25. #include "precomp.h"
  26. #pragma hdrstop
  27. #include <time.h>
  29. BOOL
  30. GetTeb32FromWowTeb(ULONG64 Teb, PULONG64 pTeb32)
  31. {
  32. if (pTeb32) {
  33. return ReadPointer(Teb, pTeb32);
  34. }
  35. return FALSE;
  36. }
  38. BOOL
  39. GetPeb32FromWowTeb(ULONG64 Teb, PULONG64 pPeb32)
  40. {
  41. ULONG Peb32;
  42. ULONG64 Teb32=0;
  43. ULONG err;
  45. if (GetTeb32FromWowTeb(Teb, &Teb32) && Teb32) {
  46. if (!(err =GetFieldValue(Teb32, "nt!TEB32", "ProcessEnvironmentBlock", Peb32))) {
  47. *pPeb32 = Peb32;
  48. return TRUE;
  49. } else if (err == SYMBOL_TYPE_INFO_NOT_FOUND) {
  50. if (!(err =GetFieldValue(Teb32, "wow64!TEB32", "ProcessEnvironmentBlock", Peb32))) {
  51. *pPeb32 = Peb32;
  52. return TRUE;
  53. }
  54. }
  55. }
  56. return FALSE;
  57. }
  59. HRESULT
  60. DumpPeb(ULONG64 peb, BOOL IsWow64Peb)
  61. {
  62. ULONG64 ldr;
  63. ULONG64 err;
  64. ULONG64 ldr_Initialized;
  65. ULONG64 ldr_InInitializationOrderModuleList_Flink;
  66. ULONG64 ldr_InInitializationOrderModuleList_Blink;
  67. ULONG64 ldr_InLoadOrderModuleList_Flink;
  68. ULONG64 ldr_InLoadOrderModuleList_Blink;
  69. ULONG ldr_InMemoryOrderModuleList_Offset;
  70. ULONG64 ldr_InMemoryOrderModuleList_Flink;
  71. ULONG64 ldr_InMemoryOrderModuleList_Blink;
  72. ULONG ldr_DataTableEntry_InMemoryOrderLinks_Offset;
  73. ULONG64 peb_SubSystemData;
  74. ULONG64 peb_ProcessHeap;
  75. ULONG64 peb_ProcessParameters;
  76. PCHAR ldrdata = "nt!_PEB_LDR_DATA";
  77. PCHAR ldrEntry = "nt!_LDR_DATA_TABLE_ENTRY";
  78. PCHAR processparam = "nt!_RTL_USER_PROCESS_PARAMETERS";
  79. HRESULT hr = S_OK;
  81. if (IsWow64Peb) {
  82. // try and load types from nt
  83. if ( err = InitTypeRead( peb, nt!PEB32 ) ) {
  84. if (err == SYMBOL_TYPE_INFO_NOT_FOUND) {
  85. // try load types from wow64
  86. if ( !( err = InitTypeRead( peb, wow64!PEB32 )) ) {
  87. ldrdata = "wow64!_PEB_LDR_DATA32";
  88. ldrEntry = "wow64!_LDR_DATA_TABLE_ENTRY32";
  89. processparam = "wow64!_RTL_USER_PROCESS_PARAMETERS32";
  90. } else {
  91. dprintf( "error %d InitTypeRead( wow64!PEB32 at %p)...\n", (ULONG) err, peb);
  92. return E_INVALIDARG;
  93. }
  94. } else {
  95. dprintf( "error %d InitTypeRead( nt!PEB32 at %p)...\n", (ULONG) err, peb);
  96. return E_INVALIDARG;
  97. }
  98. } else {
  99. ldrdata = "nt!_PEB_LDR_DATA32";
  100. ldrEntry = "nt!_LDR_DATA_TABLE_ENTRY32";
  101. processparam = "nt!_RTL_USER_PROCESS_PARAMETERS32";
  102. }
  103. } else {
  104. if ( err = InitTypeRead( peb, PEB ) ) {
  105. dprintf( "error %d InitTypeRead( nt!PEB32 at %p)...\n", (ULONG) err, peb);
  106. return E_INVALIDARG;
  107. }
  108. }
  110. dprintf(
  111. " InheritedAddressSpace: %s\n"
  112. " ReadImageFileExecOptions: %s\n"
  113. " BeingDebugged: %s\n"
  114. " ImageBaseAddress: %p\n"
  115. " Ldr %p\n",
  116. ReadField( InheritedAddressSpace ) ? "Yes" : "No",
  117. ReadField( ReadImageFileExecOptions ) ? "Yes" : "No",
  118. ReadField( BeingDebugged ) ? "Yes" : "No",
  119. ReadField( ImageBaseAddress ),
  120. (ldr = ReadField( Ldr ))
  121. );
  123. peb_SubSystemData = ReadField( SubSystemData );
  124. peb_ProcessHeap = ReadField( ProcessHeap );
  125. peb_ProcessParameters = ReadField( ProcessParameters );
  127. err = GetFieldOffset( ldrdata,
  128. "InMemoryOrderModuleList",
  129. &ldr_InMemoryOrderModuleList_Offset
  130. );
  131. if ( err ) {
  132. dprintf( " *** _PEB_LDR_DATA%s was not found...\n",
  133. ( err == FIELDS_DID_NOT_MATCH ) ? ".InMemoryModuleList field" :
  134. " type"
  135. );
  136. }
  137. else {
  138. err = GetFieldOffset( ldrEntry,
  139. "InMemoryOrderLinks",
  140. &ldr_DataTableEntry_InMemoryOrderLinks_Offset
  141. );
  142. if (err ) {
  143. dprintf( " *** _LDR_DATA_TABLE_ENTRY%s was not found...\n",
  144. ( err == FIELDS_DID_NOT_MATCH ) ? ".InMemoryOrderLinks field" :
  145. " type"
  146. );
  147. }
  148. }
  150. if ( err || GetFieldValue( ldr, ldrdata, "Initialized", ldr_Initialized ) ) {
  151. dprintf( " *** unable to read Ldr table at %p\n", ldr );
  152. }
  153. else {
  154. ULONG64 next, head;
  155. BOOL First = TRUE;
  157. GetFieldValue( ldr, ldrdata, "InInitializationOrderModuleList.Flink", ldr_InInitializationOrderModuleList_Flink );
  158. GetFieldValue( ldr, ldrdata, "InInitializationOrderModuleList.Blink", ldr_InInitializationOrderModuleList_Blink );
  159. GetFieldValue( ldr, ldrdata, "InLoadOrderModuleList.Flink", ldr_InLoadOrderModuleList_Flink );
  160. GetFieldValue( ldr, ldrdata, "InLoadOrderModuleList.Blink", ldr_InLoadOrderModuleList_Blink );
  161. GetFieldValue( ldr, ldrdata, "InMemoryOrderModuleList.Flink", ldr_InMemoryOrderModuleList_Flink );
  162. GetFieldValue( ldr, ldrdata, "InMemoryOrderModuleList.Blink", ldr_InMemoryOrderModuleList_Blink );
  164. dprintf(
  165. " Ldr.Initialized: %s\n"
  166. " Ldr.InInitializationOrderModuleList: %p . %p\n"
  167. " Ldr.InLoadOrderModuleList: %p . %p\n"
  168. " Ldr.InMemoryOrderModuleList: %p . %p\n",
  169. ldr_Initialized ? "Yes" : "No",
  170. ldr_InInitializationOrderModuleList_Flink,
  171. ldr_InInitializationOrderModuleList_Blink,
  172. ldr_InLoadOrderModuleList_Flink,
  173. ldr_InLoadOrderModuleList_Blink,
  174. ldr_InMemoryOrderModuleList_Flink,
  175. ldr_InMemoryOrderModuleList_Blink
  176. );
  177. head = ldr + (ULONG64)ldr_InMemoryOrderModuleList_Offset;
  178. next = ldr_InMemoryOrderModuleList_Flink;
  179. while( next != head ) {
  180. ULONG64 entry, dllBase;
  181. UNICODE_STRING64 u;
  182. ULONG Timestamp;
  183. const char *time;
  185. entry = next - ldr_DataTableEntry_InMemoryOrderLinks_Offset;
  186. if (GetFieldValue( entry, ldrEntry, "DllBase", dllBase )) {
  187. dprintf("Cannot read %s at %p\n",ldrEntry, entry);
  188. break;
  189. }
  190. GetFieldValue( entry, ldrEntry, "TimeDateStamp", Timestamp );
  191. GetFieldValue( entry, ldrEntry, "FullDllName.Buffer", u.Buffer );
  192. GetFieldValue( entry, ldrEntry, "FullDllName.Length", u.Length );
  193. GetFieldValue( entry, ldrEntry, "FullDllName.MaximumLength", u.MaximumLength );
  194. if (First) {
  195. if (IsPtr64()) {
  196. dprintf(" Base TimeStamp / Module\n");
  197. } else {
  198. dprintf(" Base TimeStamp Module\n");
  199. }
  200. First = FALSE;
  201. }
  202. if (IsPtr64()) {
  203. dprintf(" ");
  204. }
  205. dprintf( "%16p ", dllBase );
  206. if ((time = ctime((time_t *) &Timestamp)) != NULL) {
  207. dprintf( "%08x %-20.20s ", Timestamp, time+4);
  208. }
  209. if ( u.Buffer ) {
  210. if (IsPtr64()) {
  211. dprintf("\n ");
  212. }
  213. DumpUnicode64( u );
  214. }
  215. dprintf( "\n");
  216. GetFieldValue( entry, ldrEntry, "InMemoryOrderLinks.Flink", next );
  218. if (CheckControlC()) {
  219. break;
  220. }
  221. }
  222. }
  224. dprintf(
  225. " SubSystemData: %p\n"
  226. " ProcessHeap: %p\n"
  227. " ProcessParameters: %p\n",
  228. peb_SubSystemData,
  229. peb_ProcessHeap,
  230. peb_ProcessParameters
  231. );
  232. if ( peb_ProcessParameters ) {
  233. ULONG64 peb_ProcessParameters_Environment;
  234. ULONG64 peb_ProcessParameters_Flags;
  235. UNICODE_STRING64 windowTitle;
  236. UNICODE_STRING64 imagePathName;
  237. UNICODE_STRING64 commandLine;
  238. UNICODE_STRING64 dllPath;
  240. GetFieldValue( peb_ProcessParameters, processparam, "Environment", peb_ProcessParameters_Environment );
  241. GetFieldValue( peb_ProcessParameters, processparam, "Flags", peb_ProcessParameters_Flags );
  242. GetFieldValue( peb_ProcessParameters, processparam, "WindowTitle.Buffer", windowTitle.Buffer );
  243. GetFieldValue( peb_ProcessParameters, processparam, "WindowTitle.Length", windowTitle.Length );
  244. GetFieldValue( peb_ProcessParameters, processparam, "WindowTitle.MaximumLength", windowTitle.MaximumLength );
  245. GetFieldValue( peb_ProcessParameters, processparam, "ImagePathName.Buffer", imagePathName.Buffer );
  246. GetFieldValue( peb_ProcessParameters, processparam, "ImagePathName.Length", imagePathName.Length );
  247. GetFieldValue( peb_ProcessParameters, processparam, "ImagePathName.MaximumLength", imagePathName.MaximumLength );
  248. GetFieldValue( peb_ProcessParameters, processparam, "CommandLine.Buffer", commandLine.Buffer );
  249. GetFieldValue( peb_ProcessParameters, processparam, "CommandLine.Length", commandLine.Length );
  250. GetFieldValue( peb_ProcessParameters, processparam, "CommandLine.MaximumLength", commandLine.MaximumLength );
  251. GetFieldValue( peb_ProcessParameters, processparam, "DllPath.Buffer", dllPath.Buffer );
  252. GetFieldValue( peb_ProcessParameters, processparam, "DllPath.Length", dllPath.Length );
  253. GetFieldValue( peb_ProcessParameters, processparam, "DllPath.MaximumLength", dllPath.MaximumLength );
  254. if ( !(peb_ProcessParameters_Flags & RTL_USER_PROC_PARAMS_NORMALIZED) ) {
  255. windowTitle.Buffer += peb_ProcessParameters;
  256. imagePathName.Buffer += peb_ProcessParameters;
  257. commandLine.Buffer += peb_ProcessParameters;
  258. dllPath.Buffer += peb_ProcessParameters;
  259. }
  260. dprintf(
  261. " WindowTitle: '" );
  262. DumpUnicode64( windowTitle );
  263. dprintf("'\n");
  264. dprintf(
  265. " ImageFile: '" );
  266. DumpUnicode64( imagePathName );
  267. dprintf("'\n");
  268. dprintf(
  269. " CommandLine: '" );
  270. DumpUnicode64( commandLine );
  271. dprintf("'\n");
  272. dprintf(
  273. " DllPath: '" );
  274. DumpUnicode64( dllPath );
  275. dprintf("'\n"
  276. " Environment: %p\n", peb_ProcessParameters_Environment );
  278. }
  279. else {
  280. dprintf( " *** unable to read process parameters\n" );
  282. }
  283. return S_OK;
  284. }
  286. DECLARE_API( peb )
  288. /*++
  290. Routine Description:
  292. This function is called to dump the PEB
  294. Called as:
  296. !peb
  298. Arguments:
  300. None
  302. Return Value:
  304. None
  306. --*/
  308. {
  309. ULONG64 pebAddress;
  310. ULONG64 peb;
  311. HRESULT hr = S_OK;
  313. INIT_API();
  314. if ( *args ) {
  315. pebAddress = GetExpression( args );
  316. } else {
  317. ULONG64 tebAddress;
  318. GetTebAddress( &tebAddress );
  319. if (TargetMachine == IMAGE_FILE_MACHINE_IA64 && tebAddress) {
  320. ULONG64 Peb32=0;
  321. if (GetPeb32FromWowTeb(tebAddress, &Peb32) && Peb32) {
  322. dprintf("Wow64 PEB32 at %lx\n", Peb32);
  323. DumpPeb(Peb32, TRUE);
  324. dprintf("\n\nWow64 ");
  325. }
  326. }
  328. GetPebAddress( 0, &pebAddress );
  329. }
  331. if ( pebAddress ) {
  332. dprintf( "PEB at %p\n", pebAddress );
  333. }
  334. else {
  335. dprintf( "PEB NULL...\n" );
  336. return E_INVALIDARG;
  337. }
  339. peb = IsPtr64() ? pebAddress : (ULONG64)(LONG64)(LONG)pebAddress;
  341. hr = DumpPeb(peb, FALSE);
  342. EXIT_API();
  343. return hr;
  346. } // PebExtension()
  349. HRESULT
  350. DumpTeb(ULONG64 tebAddress, BOOL IsWow64Teb)
  351. {
  353. ULONG64 teb;
  354. ULONG64 tib_ExceptionList;
  355. ULONG64 tib_StackBase;
  356. ULONG64 tib_StackLimit;
  357. ULONG64 tib_StackSusSystemTib;
  358. ULONG64 tib_FiberData;
  359. ULONG64 tib_ArbitraryUserPointer;
  360. ULONG64 tib_Self;
  361. ULONG64 tib_EnvironmentPointer;
  362. ULONG64 teb_ClientId_UniqueProcess;
  363. ULONG64 teb_ClientId_UniqueThread;
  364. ULONG64 teb_RealClientId_UniqueProcess;
  365. ULONG64 teb_RealClientId_UniqueThread;
  366. ULONG64 DeallocationBStore;
  367. HRESULT hr = S_OK;
  368. ULONG64 err;
  370. teb = tebAddress;
  371. if (!IsWow64Teb) {
  372. if ( InitTypeRead( teb, TEB ) ) {
  373. dprintf( "error InitTypeRead( TEB )...\n");
  374. return E_INVALIDARG;
  375. }
  376. } else {
  377. if ( err = InitTypeRead( teb, nt!TEB32 ) ) {
  378. if (err == SYMBOL_TYPE_INFO_NOT_FOUND) {
  379. if ( InitTypeRead( teb, wow64!TEB32 ) ) {
  380. dprintf( "error InitTypeRead( wow64!TEB32 )...\n");
  381. return E_INVALIDARG;
  382. }
  383. } else {
  384. dprintf( "error InitTypeRead( TEB32 )...\n");
  385. return E_INVALIDARG;
  386. }
  387. }
  388. }
  390. dprintf(
  391. " ExceptionList: %p\n"
  392. " StackBase: %p\n"
  393. " StackLimit: %p\n"
  394. " SubSystemTib: %p\n"
  395. " FiberData: %p\n"
  396. " ArbitraryUserPointer: %p\n"
  397. " Self: %p\n"
  398. " EnvironmentPointer: %p\n",
  399. GetShortField(0, "NtTib.ExceptionList", 0),
  400. ReadField( NtTib.StackBase ),
  401. GetShortField(0, "NtTib.StackLimit", 0),
  402. GetShortField(0, "NtTib.SubsystemTib", 0),
  403. GetShortField(0, "NtTib.FiberData", 0),
  404. GetShortField(0, "NtTib.ArbitraryUsetPointer", 0),
  405. GetShortField(0, "NtTib.Self", 0),
  406. GetShortField(0, "NtTib.EnvironmentPointer", 0)
  407. );
  409. teb_ClientId_UniqueProcess = GetShortField( 0, "ClientId.UniqueProcess", 0 );
  410. teb_ClientId_UniqueThread = GetShortField( 0, "ClientId.UniqueThread", 0 );
  411. teb_RealClientId_UniqueProcess = GetShortField( 0, "RealClientId.UniqueProcess", 0 );
  412. teb_RealClientId_UniqueThread = GetShortField( 0, "RealClientId.UniqueThread", 0 );
  413. dprintf(
  414. " ClientId: %p . %p\n", teb_ClientId_UniqueProcess, teb_ClientId_UniqueThread );
  415. if ( teb_ClientId_UniqueProcess != teb_RealClientId_UniqueProcess ||
  416. teb_ClientId_UniqueThread != teb_RealClientId_UniqueThread )
  417. {
  418. dprintf(
  419. " Real ClientId: %p . %p\n", teb_RealClientId_UniqueProcess, teb_RealClientId_UniqueThread );
  420. }
  422. dprintf(
  423. " RpcHandle: %p\n"
  424. " Tls Storage: %p\n"
  425. " PEB Address: %p\n"
  426. " LastErrorValue: %u\n"
  427. " LastStatusValue: %x\n"
  428. " Count Owned Locks: %u\n"
  429. " HardErrorsMode: %u\n",
  430. ReadField( ActiveRpcHandle ),
  431. ReadField( ThreadLocalStoragePointer ),
  432. ReadField( ProcessEnvironmentBlock ),
  433. (ULONG)ReadField( LastErrorValue ),
  434. (ULONG)ReadField( LastStatusValue ),
  435. (ULONG)ReadField( CountOfOwnedCriticalSections ),
  436. (ULONG)ReadField( HardErrorsAreDisabled )
  437. );
  438. if (TargetMachine == IMAGE_FILE_MACHINE_IA64 && !IsWow64Teb) {
  439. dprintf(
  440. " DeallocationBStore: %p\n"
  441. " BStoreLimit: %p\n",
  442. ReadField(DeallocationBStore),
  443. ReadField( BStoreLimit )
  444. );
  445. }
  446. return hr;
  447. } // DumpTeb()
  451. DECLARE_API( teb )
  453. /*++
  455. Routine Description:
  457. This function is called to dump the TEB
  459. Called as:
  461. !teb
  463. --*/
  465. {
  467. ULONG64 tebAddress;
  468. HRESULT hr = S_OK;
  470. INIT_API();
  471. if ( *args ) {
  472. tebAddress = GetExpression( args );
  473. } else {
  474. GetTebAddress( &tebAddress );
  475. }
  477. if ( tebAddress ) {
  478. if (TargetMachine == IMAGE_FILE_MACHINE_IA64 && tebAddress) {
  479. ULONG64 Teb32=0;
  480. if (GetTeb32FromWowTeb(tebAddress, &Teb32) && Teb32) {
  481. dprintf("Wow64 TEB32 at %p\n", Teb32);
  482. DumpTeb(Teb32, TRUE);
  483. dprintf("\n\nWow64 ");
  484. }
  485. }
  486. dprintf( "TEB at %p\n", tebAddress );
  487. } else {
  488. dprintf( "TEB NULL...\n" );
  489. hr = E_INVALIDARG;
  490. goto ExitTeb;
  491. }
  492. tebAddress = IsPtr64() ? tebAddress : (ULONG64)(LONG64)(LONG)tebAddress;
  494. hr = DumpTeb(tebAddress, FALSE);
  495. ExitTeb:
  496. EXIT_API();
  497. return hr;
  498. }