|
|
/*++
Copyright (c) 1990 Microsoft Corporation
Module Name:
kdextlib.c
Abstract:
Library routines for dumping data structures given a meta level descrioption
Author:
Balan Sethu Raman (SethuR) 11-May-1994
Notes: The implementation tends to avoid memory allocation and deallocation as much as possible. Therefore We have choosen an arbitrary length as the default buffer size. A mechanism will be provided to modify this buffer length through the debugger extension commands.
Revision History:
11-Nov-1994 SethuR Created
--*/
#include <nt.h>
#include <ntrtl.h>
#include "ntverp.h"
#define KDEXTMODE
#include <windef.h>
#include <ntkdexts.h>
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <kdextlib.h>
#include <..\..\inc\types.h>
PNTKD_OUTPUT_ROUTINE lpOutputRoutine;PNTKD_GET_EXPRESSION lpGetExpressionRoutine;PNTKD_GET_SYMBOL lpGetSymbolRoutine;PNTKD_READ_VIRTUAL_MEMORY lpReadMemoryRoutine;
#define PRINTF lpOutputRoutine
#define ERROR lpOutputRoutine
#define NL 1
#define NONL 0
#define MAX_LIST_ELEMENTS 4096
BYTE DataBuffer[4096];
#define SETCALLBACKS() \
lpOutputRoutine = lpExtensionApis->lpOutputRoutine; \ lpGetExpressionRoutine = lpExtensionApis->lpGetExpressionRoutine; \ lpGetSymbolRoutine = lpExtensionApis->lpGetSymbolRoutine; \ lpReadMemoryRoutine = lpExtensionApis->lpReadVirtualMemRoutine;
#define DEFAULT_UNICODE_DATA_LENGTH 4096
USHORT s_UnicodeStringDataLength = DEFAULT_UNICODE_DATA_LENGTH;WCHAR s_UnicodeStringData[DEFAULT_UNICODE_DATA_LENGTH];WCHAR *s_pUnicodeStringData = s_UnicodeStringData;
#define DEFAULT_ANSI_DATA_LENGTH 4096
USHORT s_AnsiStringDataLength = DEFAULT_ANSI_DATA_LENGTH;CHAR s_AnsiStringData[DEFAULT_ANSI_DATA_LENGTH];CHAR *s_pAnsiStringData = s_AnsiStringData;
//
// No. of columns used to display struct fields;
//
ULONG s_MaxNoOfColumns = 3;ULONG s_NoOfColumns = 1;
/*
* Fetches the data at the given address */BOOLEANGetData(PVOID dwAddress, PVOID ptr, ULONG size){ BOOL b; ULONG BytesRead;
b = (lpReadMemoryRoutine)(dwAddress, ptr, size, &BytesRead );
if (!b || BytesRead != size ) { return FALSE; }
return TRUE;}
/*
* Fetch the null terminated ASCII string at dwAddress into buf */BOOLGetString(PUCHAR dwAddress, PSZ buf ){ do { if (!GetData (dwAddress, buf, 1)) { return FALSE; }
dwAddress++; buf++;
} while( *buf != '\0' );
return TRUE;}
/*
* Displays a byte in hexadecimal */VOIDPrintHexChar( UCHAR c ){ PRINTF( "%c%c", "0123456789abcdef"[ (c>>4)&7 ], "0123456789abcdef"[ c&7 ] );}
/*
* Displays a buffer of data in hexadecimal */VOIDPrintHexBuf( PUCHAR buf, ULONG cbuf ){ while( cbuf-- ) { PrintHexChar( *buf++ ); PRINTF( " " ); }}
/*
* Displays a unicode string */BOOLPrintStringW(LPSTR msg, PUNICODE_STRING puStr, BOOL nl ){ UNICODE_STRING UnicodeString; ANSI_STRING AnsiString; BOOL b;
if( msg ) PRINTF( msg );
if( puStr->Length == 0 ) { if( nl ) PRINTF( "\n" ); return TRUE; }
UnicodeString.Buffer = s_pUnicodeStringData; UnicodeString.MaximumLength = s_UnicodeStringDataLength; UnicodeString.Length = (puStr->Length > s_UnicodeStringDataLength) ? s_UnicodeStringDataLength : puStr->Length;
b = (lpReadMemoryRoutine)( (LPVOID) puStr->Buffer, UnicodeString.Buffer, UnicodeString.Length, NULL);
if (b) { RtlUnicodeStringToAnsiString(&AnsiString, &UnicodeString, TRUE); PRINTF("%s%s", AnsiString.Buffer, nl ? "\n" : "" ); RtlFreeAnsiString(&AnsiString); }
return b;}
/*
* Displays a ANSI string */BOOLPrintStringA(LPSTR msg, PANSI_STRING pStr, BOOL nl ){ ANSI_STRING AnsiString; BOOL b;
if( msg ) PRINTF( msg );
if( pStr->Length == 0 ) { if( nl ) PRINTF( "\n" ); return TRUE; }
AnsiString.Buffer = s_pAnsiStringData; AnsiString.MaximumLength = s_AnsiStringDataLength; AnsiString.Length = (pStr->Length > (s_AnsiStringDataLength - 1)) ? (s_AnsiStringDataLength - 1) : pStr->Length;
b = (lpReadMemoryRoutine)( (LPVOID) pStr->Buffer, AnsiString.Buffer, AnsiString.Length, NULL);
if (b) { AnsiString.Buffer[ AnsiString.Length ] = '\0'; PRINTF("%s%s", AnsiString.Buffer, nl ? "\n" : "" ); }
return b;}
/*
* Get the ULONG value referenced by the pointer given to us */VOIDNext3( PVOID Ptr, PVOID *pFLink, PVOID *pBLink, PULONG_PTR pVerify ){ PVOID Buffer[4];
GetData(Ptr, (PVOID) Buffer, sizeof(PVOID)*3);
if (pFLink) { *pFLink = Buffer[0]; }
if (pBLink) { *pBLink = Buffer[1]; }
if (pVerify) { *pVerify = (ULONG_PTR) Buffer[2]; }}
/*
* Displays all the fields of a given struct. This is the driver routine that is called * with the appropriate descriptor array to display all the fields in a given struct. */
char *NewLine = "\n";char *FieldSeparator = " ";char *DotSeparator = ".";#define NewLineForFields(FieldNo) \
((((FieldNo) % s_NoOfColumns) == 0) ? NewLine : FieldSeparator)#define FIELD_NAME_LENGTH 30
VOIDPrintStructFields(PVOID dwAddress, VOID *ptr, FIELD_DESCRIPTOR *pFieldDescriptors ){ int i; int j; BYTE ch;
// Display the fields in the struct.
for( i=0; pFieldDescriptors->Name; i++, pFieldDescriptors++ ) {
// Indentation to begin the struct display.
PRINTF( " " );
if( strlen( pFieldDescriptors->Name ) > FIELD_NAME_LENGTH ) { PRINTF( "%-17s...%s ", pFieldDescriptors->Name, pFieldDescriptors->Name+strlen(pFieldDescriptors->Name)-10 ); } else { PRINTF( "%-30s ", pFieldDescriptors->Name ); }
PRINTF( "(0x%-2X) ", pFieldDescriptors->Offset );
switch( pFieldDescriptors->FieldType ) { case FieldTypeByte: case FieldTypeChar: PRINTF( "%-16d%s", *(BYTE *)(((char *)ptr) + pFieldDescriptors->Offset ), NewLineForFields(i) ); break;
case FieldTypeBoolean: PRINTF( "%-16s%s", *(BOOLEAN *)(((char *)ptr) + pFieldDescriptors->Offset ) ? "TRUE" : "FALSE", NewLineForFields(i)); break;
case FieldTypeBool: PRINTF( "%-16s%s", *(BOOLEAN *)(((char *)ptr) + pFieldDescriptors->Offset ) ? "TRUE" : "FALSE", NewLineForFields(i)); break;
case FieldTypePointer: PRINTF( "%-16X%s", *(ULONG *)(((char *)ptr) + pFieldDescriptors->Offset ), NewLineForFields(i) ); break;
case FieldTypeULongULong: PRINTF( "%d%s", *(ULONG *)(((char *)ptr) + pFieldDescriptors->Offset + sizeof(ULONG)), FieldSeparator ); PRINTF( "%d%s", *(ULONG *)(((char *)ptr) + pFieldDescriptors->Offset ), NewLineForFields(i) ); break;
case FieldTypeListEntry:
if ( (PVOID)((PUCHAR)dwAddress + pFieldDescriptors->Offset) == *(PVOID *)(((PUCHAR)ptr) + pFieldDescriptors->Offset )) { PRINTF( "%s", "List Empty\n" ); } else { PVOID Address, StartAddress; ULONG Count = 0; UCHAR Greater = ' ';
StartAddress = (PVOID) (((PUCHAR)dwAddress) + pFieldDescriptors->Offset); Address = *(PVOID *) (((PUCHAR)ptr) + pFieldDescriptors->Offset);
while ((Address != StartAddress) && (++Count < MAX_LIST_ELEMENTS)) { Next3 (Address, &Address, NULL, NULL); }
if (Address != StartAddress) { Greater = '>'; }
PRINTF( "%-8X%s", *(PVOID *)(((PUCHAR)ptr) + pFieldDescriptors->Offset ), FieldSeparator ); PRINTF( "%-8X, (%c %d Elements)%s", *(PVOID *)(((PUCHAR)ptr) + pFieldDescriptors->Offset + sizeof(PVOID)), Greater, Count, NewLineForFields(i) ); } break;
// Ip address: 4 bytes long
case FieldTypeIpAddr: PRINTF( "%X%s", *(ULONG *)(((char *)ptr) + pFieldDescriptors->Offset ), FieldSeparator ); PRINTF( "(%d%s", *(BYTE *)(((char *)ptr) + pFieldDescriptors->Offset + 3), DotSeparator ); PRINTF( "%d%s", *(BYTE *)(((char *)ptr) + pFieldDescriptors->Offset + 2 ), DotSeparator ); PRINTF( "%d%s", *(BYTE *)(((char *)ptr) + pFieldDescriptors->Offset + 1 ), DotSeparator ); PRINTF( "%d)%s", *(BYTE *)(((char *)ptr) + pFieldDescriptors->Offset ), NewLineForFields(i) ); break;
// Mac address: 6 bytes long
case FieldTypeMacAddr: for (j=0; j<5; j++) { PRINTF( "%X%s", *(BYTE *)(((char *)ptr) + pFieldDescriptors->Offset + j), FieldSeparator ); } PRINTF( "%X%s", *(BYTE *)(((char *)ptr) + pFieldDescriptors->Offset + 5), NewLineForFields(i) ); break;
// Netbios name: 16 bytes long
case FieldTypeNBName: //
// if first byte is printable, print the first 15 bytes as characters
// and 16th byte as a hex value. otherwise, print all the 16 bytes
// as hex values
//
ch = *(BYTE *)(((char *)ptr) + pFieldDescriptors->Offset); if (ch >= 0x20 && ch <= 0x7e) { for (j=0; j<15; j++) { PRINTF( "%c", *(BYTE *)(((char *)ptr) + pFieldDescriptors->Offset + j)); } PRINTF( "<%X>%s", *(BYTE *)(((char *)ptr) + pFieldDescriptors->Offset + 15), NewLineForFields(i) ); } else { for (j=0; j<16; j++) { PRINTF( "%.2X", *(BYTE *)(((char *)ptr) + pFieldDescriptors->Offset + j)); } PRINTF( "%s", NewLineForFields(i) ); } break;
case FieldTypeULong: case FieldTypeLong: PRINTF( "%-16d%s", *(ULONG *)(((char *)ptr) + pFieldDescriptors->Offset ), NewLineForFields(i) ); break;
case FieldTypeShort: PRINTF( "%-16X%s", *(SHORT *)(((char *)ptr) + pFieldDescriptors->Offset ), NewLineForFields(i) ); break;
case FieldTypeUShort: PRINTF( "%-16X%s", *(USHORT *)(((char *)ptr) + pFieldDescriptors->Offset ), NewLineForFields(i) ); break;
case FieldTypeUnicodeString: PrintStringW( NULL, (UNICODE_STRING *)(((char *)ptr) + pFieldDescriptors->Offset ), NONL ); PRINTF( NewLine ); break;
case FieldTypeAnsiString: PrintStringA( NULL, (ANSI_STRING *)(((char *)ptr) + pFieldDescriptors->Offset ), NONL ); PRINTF( NewLine ); break;
case FieldTypeSymbol: { UCHAR SymbolName[ 200 ]; ULONG Displacement; PVOID sym = (PVOID)(*(ULONG_PTR *)(((char *)ptr) + pFieldDescriptors->Offset ));
lpGetSymbolRoutine( sym, SymbolName, &Displacement ); PRINTF( "%-16s%s", SymbolName, NewLineForFields(i) ); } break;
case FieldTypeEnum: { ULONG EnumValue; ENUM_VALUE_DESCRIPTOR *pEnumValueDescr; // Get the associated numericla value.
EnumValue = *((ULONG *)((BYTE *)ptr + pFieldDescriptors->Offset));
if ((pEnumValueDescr = pFieldDescriptors->AuxillaryInfo.pEnumValueDescriptor) != NULL) { //
// An auxilary textual description of the value is
// available. Display it instead of the numerical value.
//
LPSTR pEnumName = NULL;
while (pEnumValueDescr->EnumName != NULL) { if (EnumValue == pEnumValueDescr->EnumValue) { pEnumName = pEnumValueDescr->EnumName; break; } }
if (pEnumName != NULL) { PRINTF( "%-16s ", pEnumName ); } else { PRINTF( "%-4d (%-10s) ", EnumValue,"@$#%^&*"); }
} else { //
// No auxilary information is associated with the ehumerated type
// print the numerical value.
//
PRINTF( "%-16d",EnumValue); } } break;
case FieldTypeStruct: PRINTF( "@%-15X%s", ((PUCHAR)dwAddress + pFieldDescriptors->Offset ), NewLineForFields(i) ); break;
case FieldTypeLargeInteger: case FieldTypeFileTime: default: ERROR( "Unrecognized field type %c for %s\n", pFieldDescriptors->FieldType, pFieldDescriptors->Name ); break; } }}
LPSTR LibCommands[] = { "columns <d> -- controls the number of columns in the display ", "logdump <Log Address>\n", "dump <Struct Type Name>@<address expr>, for eg: !netbtkd.dump tNBTCONFIG@xxxxxx ", "devices <netbt!NbtConfig>", "connections <netbt!NbtConfig>", "verifyll <ListHead> [<Verify>]", "cache [Local|Remote]", 0};
BOOLhelp( DWORD dwCurrentPC, PNTKD_EXTENSION_APIS lpExtensionApis, LPSTR lpArgumentString){ int i;
SETCALLBACKS();
for( i=0; Extensions[i]; i++ ) PRINTF( " %s\n", Extensions[i] );
for( i=0; LibCommands[i]; i++ ) PRINTF( " %s\n", LibCommands[i] );
return TRUE;}
BOOLcolumns( DWORD dwCurrentPC, PNTKD_EXTENSION_APIS lpExtensionApis, LPSTR lpArgumentString){ ULONG NoOfColumns; int i;
SETCALLBACKS();
sscanf(lpArgumentString,"%ld",&NoOfColumns);
if (NoOfColumns > s_MaxNoOfColumns) { // PRINTF( "No. Of Columns exceeds maximum(%ld) -- directive Ignored\n", s_MaxNoOfColumns );
} else { s_NoOfColumns = NoOfColumns; }
PRINTF("Not Yet Implemented\n");
return TRUE;}
BOOLglobals( DWORD dwCurrentPC, PNTKD_EXTENSION_APIS lpExtensionApis, LPSTR lpArgumentString){ PVOID dwAddress; CHAR buf[ 100 ]; int i; int c=0;
SETCALLBACKS();
strcpy( buf, "srv!" );
for( i=0; GlobalBool[i]; i++, c++ ) { BOOL b;
strcpy( &buf[4], GlobalBool[i] ); dwAddress = (PVOID) (lpGetExpressionRoutine) (buf); if( dwAddress == 0 ) { ERROR( "Unable to get address of %s\n", GlobalBool[i] ); continue; } if( !GetData( dwAddress,&b, sizeof(b)) ) return FALSE;
PRINTF( "%s%-30s %10s%s", c&1 ? " " : "", GlobalBool[i], b ? " TRUE" : "FALSE", c&1 ? "\n" : "" ); }
for( i=0; GlobalShort[i]; i++, c++ ) { SHORT s;
strcpy( &buf[4], GlobalShort[i] ); dwAddress = (PVOID) (lpGetExpressionRoutine) ( buf ); if( dwAddress == 0 ) { ERROR( "Unable to get address of %s\n", GlobalShort[i] ); continue; } if( !GetData( dwAddress,&s,sizeof(s)) ) return FALSE;
PRINTF( "%s%-30s %10d%s", c&1 ? " " : "", GlobalShort[i], s, c&1 ? "\n" : "" ); }
for( i=0; GlobalLong[i]; i++, c++ ) { LONG l;
strcpy( &buf[4], GlobalLong[i] ); dwAddress = (PVOID) (lpGetExpressionRoutine) ( buf ); if( dwAddress == 0 ) { ERROR( "Unable to get address of %s\n", GlobalLong[i] ); continue; } if( !GetData(dwAddress,&l, sizeof(l)) ) return FALSE;
PRINTF( "%s%-30s %10d%s", c&1 ? " " : "", GlobalLong[i], l, c&1 ? "\n" : "" ); }
PRINTF( "\n" );
return TRUE;}
BOOLversion( DWORD dwCurrentPC, PNTKD_EXTENSION_APIS lpExtensionApis, LPSTR lpArgumentString){#if VER_DEBUG
char *kind = "checked";#else
char *kind = "free";#endif
SETCALLBACKS();
PRINTF( "Redirector debugger Extension dll for %s build %u\n", kind, VER_PRODUCTBUILD );
return TRUE;}
#define NAME_DELIMITER '@'
#define NAME_DELIMITERS "@ "
#define INVALID_INDEX 0xffffffff
#define MIN(x,y) ((x) < (y) ? (x) : (y))
ULONG SearchStructs(LPSTR lpArgument){ ULONG i = 0; STRUCT_DESCRIPTOR *pStructs = Structs; ULONG NameIndex = INVALID_INDEX; ULONG ArgumentLength = strlen(lpArgument); BOOLEAN fAmbigous = FALSE;
while ((pStructs->StructName != 0)) { int Result = _strnicmp(lpArgument, pStructs->StructName, MIN(strlen(pStructs->StructName),ArgumentLength));
if (Result == 0) { if (NameIndex != INVALID_INDEX) { // We have encountered duplicate matches. Print out the
// matching strings and let the user disambiguate.
fAmbigous = TRUE; break; } else { NameIndex = i; }
} pStructs++;i++; }
if (fAmbigous) { PRINTF("Ambigous Name Specification -- The following structs match\n"); PRINTF("%s\n",Structs[NameIndex].StructName); PRINTF("%s\n",Structs[i].StructName); while (pStructs->StructName != 0) { if (_strnicmp(lpArgument, pStructs->StructName, MIN(strlen(pStructs->StructName),ArgumentLength)) == 0) { PRINTF("%s\n",pStructs->StructName); } pStructs++; } PRINTF("Dumping Information for %s\n",Structs[NameIndex].StructName); }
return(NameIndex);}
VOID DisplayStructs(){ STRUCT_DESCRIPTOR *pStructs = Structs;
PRINTF("The following structs are handled .... \n"); while (pStructs->StructName != 0) { PRINTF("\t%s\n",pStructs->StructName); pStructs++; }}
BOOLdump( DWORD dwCurrentPC, PNTKD_EXTENSION_APIS lpExtensionApis, LPSTR lpArgumentString){ PVOID dwAddress;
SETCALLBACKS();
if( lpArgumentString && *lpArgumentString ) { // Parse the argument string to determine the structure to be displayed.
// Scan for the NAME_DELIMITER ( '@' ).
LPSTR lpName = lpArgumentString; LPSTR lpArgs = strpbrk(lpArgumentString, NAME_DELIMITERS); ULONG Index;
if (lpArgs) { //
// The specified command is of the form
// dump <name>@<address expr.>
//
// Locate the matching struct for the given name. In the case
// of ambiguity we seek user intervention for disambiguation.
//
// We do an inplace modification of the argument string to
// facilitate matching.
//
*lpArgs = '\0';
Index = SearchStructs(lpName);
//
// Let us restore the original value back.
//
*lpArgs = NAME_DELIMITER;
if (INVALID_INDEX != Index) {
dwAddress = (PVOID) (lpGetExpressionRoutine)( ++lpArgs ); if (GetData(dwAddress,DataBuffer,Structs[Index].StructSize)) {
PRINTF( "++++++++++++++++ %s@%lx ++++++++++++++++\n", Structs[Index].StructName, dwAddress); PrintStructFields( dwAddress, &DataBuffer, Structs[Index].FieldDescriptors); PRINTF( "---------------- %s@%lx ----------------\n", Structs[Index].StructName, dwAddress); } else { PRINTF("Error reading Memory @ %lx\n",dwAddress); } } else { // No matching struct was found. Display the list of
// structs currently handled.
DisplayStructs(); } } else { //
// The command is of the form
// dump <name>
//
// Currently we do not handle this. In future we will map it to
// the name of a global variable and display it if required.
//
DisplayStructs(); } } else { //
// display the list of structs currently handled.
//
DisplayStructs(); }
return TRUE;}
BOOLdevices( DWORD dwCurrentPC, PNTKD_EXTENSION_APIS lpExtensionApis, LPSTR lpArgumentString){ PLIST_ENTRY pEntry; PLIST_ENTRY pHead; tDEVICECONTEXT *pDeviceContext; STRUCT_DESCRIPTOR *pStructs = Structs; ULONG Index = 0; tNBTCONFIG *ConfigPtr = (tNBTCONFIG *) lpArgumentString; tDEVICECONTEXT **ppNbtSmbDevice;
PVOID dwAddress;
SETCALLBACKS();
if (!lpArgumentString || !(*lpArgumentString )) { ConfigPtr = (tNBTCONFIG *) lpGetExpressionRoutine ("netbt!NbtConfig"); } else { ConfigPtr = (tNBTCONFIG *) lpGetExpressionRoutine (lpArgumentString); } ppNbtSmbDevice = (tDEVICECONTEXT **) lpGetExpressionRoutine ("netbt!pNbtSmbDevice");
while (pStructs->StructName != 0) { if (!(_strnicmp("tDEVICECONTEXT", pStructs->StructName, 10))) { break; } Index++; pStructs++; }
if (pStructs->StructName == 0) { PRINTF ("ERROR: Could not find structure definition for <tDEVICECONTEXT>\n"); return FALSE; }
if (!GetData(ppNbtSmbDevice, DataBuffer, sizeof (tDEVICECONTEXT *))) { PRINTF ("ERROR: Could not read pNbtSmbDevice ptr\n"); } else if (!(pDeviceContext = *((tDEVICECONTEXT **) DataBuffer))) { PRINTF ("pNbtSmbDevice is NULL\n"); } else if (!GetData(pDeviceContext, DataBuffer, Structs[Index].StructSize)) { PRINTF ("ERROR: Could not read pNbtSmbDevice data@ <%p>\n", pDeviceContext); } else { //
// Dump this Device's Info
//
PRINTF("pNbtSmbDevice @ <%p>\n", pDeviceContext); PRINTF( "++++++++++++++++ %s @%lx ++++++++++++++++\n", Structs[Index].StructName, pDeviceContext); PrintStructFields( pDeviceContext, &DataBuffer, Structs[Index].FieldDescriptors); PRINTF("\n++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n"); }
pHead = &ConfigPtr->DeviceContexts; if (!GetData(ConfigPtr, DataBuffer, sizeof(tNBTCONFIG))) { PRINTF ("ERROR: Could not read NbtConfig data @<%x>\n", ConfigPtr); return FALSE; }
//
// Get the number of Devices attached
//
{ PVOID StartAddress; PVOID Address; ULONG Count = 0; PVOID Buffer[4]; UCHAR Greater = ' ';
StartAddress = pHead; GetData( StartAddress, Buffer, sizeof(ULONG)*4 ); Address = Buffer[0];
while ((Address != StartAddress) && (++Count < MAX_LIST_ELEMENTS)) { GetData( Address, Buffer, sizeof(ULONG)*4 ); Address = Buffer[0]; }
PRINTF( "Dumping <%d> Devices attached to NbtConfig@<%x>\n", Count, ConfigPtr); }
ConfigPtr = (tNBTCONFIG *) DataBuffer; pEntry = ConfigPtr->DeviceContexts.Flink;
while (pEntry != pHead) { pDeviceContext = (tDEVICECONTEXT *) CONTAINING_RECORD(pEntry,tDEVICECONTEXT,Linkage); if (!GetData(pDeviceContext, DataBuffer, Structs[Index].StructSize)) { PRINTF ("ERROR: Could not read DeviceContext data @<%x>\n", pDeviceContext); return FALSE; }
//
// Dump this Device's Info
//
PRINTF( "++++++++++++++++ %s @%lx ++++++++++++++++\n", Structs[Index].StructName, pDeviceContext); PrintStructFields( pDeviceContext, &DataBuffer, Structs[Index].FieldDescriptors);
//
// Go to next device
//
pDeviceContext = (tDEVICECONTEXT *) DataBuffer; pEntry = pDeviceContext->Linkage.Flink; }
return (TRUE);}
BOOLconnections( DWORD dwCurrentPC, PNTKD_EXTENSION_APIS lpExtensionApis, LPSTR lpArgumentString){ PLIST_ENTRY pEntry, pHead, pClientHead, pClientEntry, pConnHead, pConnEntry; tNBTCONFIG *ConfigPtr; tADDRESSELE *pAddressEle; tCLIENTELE *pClient; tCONNECTELE *pConnEle, *pSavConnEle; tNAMEADDR *pNameAddr; tLISTENREQUESTS *pListen;
SETCALLBACKS();
PRINTF ("Dumping information on all NetBT conections ...\n");
if (!lpArgumentString || !(*lpArgumentString )) { ConfigPtr = (tNBTCONFIG *) lpGetExpressionRoutine ("netbt!NbtConfig"); } else { ConfigPtr = (tNBTCONFIG *) (lpGetExpressionRoutine) (lpArgumentString); }
pHead = &ConfigPtr->AddressHead; if (!GetData(ConfigPtr, DataBuffer, sizeof(tNBTCONFIG))) { PRINTF ("ERROR: Could not read NbtConfig data @<%x>\n", ConfigPtr); return FALSE; } ConfigPtr = (tNBTCONFIG *) DataBuffer; Next3 (pHead, &pEntry, NULL, NULL);
while (pEntry != pHead) { pAddressEle = CONTAINING_RECORD(pEntry,tADDRESSELE,Linkage);
Next3 (&pAddressEle->pNameAddr, &pNameAddr, NULL, NULL); if (!GetData(pNameAddr, DataBuffer, sizeof(tNAMEADDR))) { PRINTF ("[1] Error reading pNameAddr data @<%x>", pNameAddr); return FALSE; } pNameAddr = (tNAMEADDR *) DataBuffer; PRINTF ("Address@<%x> ==> <%-16.16s:%x>\n", pAddressEle, pNameAddr->Name, pNameAddr->Name[15]);
pClientHead = &pAddressEle->ClientHead; Next3 (pClientHead, &pClientEntry, NULL, NULL); while (pClientEntry != pClientHead) { pClient = CONTAINING_RECORD(pClientEntry,tCLIENTELE,Linkage); if (!GetData(pClient, DataBuffer, sizeof(tCLIENTELE))) { PRINTF ("Error reading pClientEle data @<%p>", pClient); continue; }
PRINTF ("\tClient@<%p> ==> pDevice=<%p>\n", pClient, ((tCLIENTELE *)DataBuffer)->pDeviceContext);
PRINTF ("\t\t(ConnectHead):\n"); pConnHead = &pClient->ConnectHead; Next3 (pConnHead, &pConnEntry, NULL, NULL); while (pConnEntry != pConnHead) { pSavConnEle = pConnEle = CONTAINING_RECORD(pConnEntry,tCONNECTELE,Linkage); if (!GetData(pConnEle, DataBuffer, sizeof(tCONNECTELE))) { PRINTF ("[2] Error reading pConnEle data @<%x>", pConnEle); return FALSE; } pConnEle = (tCONNECTELE *) DataBuffer; PRINTF ("\t\t ** Connection@<%x> ==> <%-16.16s:%x>:\n", pSavConnEle, pConnEle->RemoteName, pConnEle->RemoteName[15]);
Next3 (pConnEntry, &pConnEntry, NULL, NULL); }
PRINTF ("\t\t(ConnectActive):\n"); pConnHead = &pClient->ConnectActive; Next3 (pConnHead, &pConnEntry, NULL, NULL); while (pConnEntry != pConnHead) { pSavConnEle = pConnEle = CONTAINING_RECORD(pConnEntry,tCONNECTELE,Linkage); if (!GetData(pConnEle, DataBuffer, sizeof(tCONNECTELE))) { PRINTF ("[3] Error reading pConnEle data @<%x>", pConnEle); return FALSE; } pConnEle = (tCONNECTELE *) DataBuffer; PRINTF ("\t\t ** Connection@<%x> ==> <%-16.16s:%x>:\n", pSavConnEle, pConnEle->RemoteName, pConnEle->RemoteName[15]);
Next3 (pConnEntry, &pConnEntry, NULL, NULL); }
PRINTF ("\t\t(ListenHead):\n"); pConnHead = &pClient->ListenHead; Next3 (pConnHead, &pConnEntry, NULL, NULL); while (pConnEntry != pConnHead) { pSavConnEle = pConnEle = CONTAINING_RECORD(pConnEntry,tCONNECTELE,Linkage); if (!GetData(pConnEle, DataBuffer, sizeof(tLISTENREQUESTS))) { PRINTF ("[4] Error reading pListen data @<%x>", pSavConnEle); return FALSE; } pListen = (tLISTENREQUESTS *) DataBuffer; PRINTF ("\t\t ** pListen@<%p> ==> pIrp=<%p>\n", pSavConnEle, pListen->pIrp);
Next3 (pConnEntry, &pConnEntry, NULL, NULL); }
Next3 (pClientEntry, &pClientEntry, NULL, NULL); } Next3 (pEntry, &pEntry, NULL, NULL); PRINTF ("\n"); }
PRINTF( "---------------- Connections ----------------\n");
return (TRUE);}
BOOLverifyll( DWORD dwCurrentPC, PNTKD_EXTENSION_APIS lpExtensionApis, LPSTR lpArgumentString){ PLIST_ENTRY pHead, pCurrentEntry, pNextEntry, pPreviousEntry; ULONG_PTR VerifyRead, VerifyIn = 0; ULONG Count = 0; BOOL fVerifyIn = FALSE; BOOL fListCorrupt = FALSE;
SETCALLBACKS();
PRINTF ("Verifying Linked list ...\n");
if (!lpArgumentString || !(*lpArgumentString )) { PRINTF ("Usage: !NetbtKd.VerifyLL <ListHead> [<Verify]>\n"); return FALSE; } else { //
// lpArgumentString = "<pHead> [<Verify>]"
//
LPSTR lpVerify;
while (*lpArgumentString == ' ') { lpArgumentString++; } lpVerify = strpbrk(lpArgumentString, NAME_DELIMITERS);
pHead = (PVOID) (lpGetExpressionRoutine) (lpArgumentString); if (lpVerify) { VerifyIn = (lpGetExpressionRoutine) (lpVerify); fVerifyIn = TRUE; } }
PRINTF ("** ListHead@<%x>, fVerifyIn=<%x>, VerifyIn=<%x>:\n\n", pHead, fVerifyIn, VerifyIn); PRINTF ("Verifying Flinks ...");
// Read in the data for the first FLink in the list!
pPreviousEntry = pHead; Next3 (pHead, &pCurrentEntry, NULL, NULL); Next3 (pCurrentEntry, &pNextEntry, NULL, &VerifyRead);
while ((pCurrentEntry != pHead) && (++Count < MAX_LIST_ELEMENTS)) { if ((fVerifyIn) && (VerifyRead != VerifyIn)) { PRINTF ("Verify FAILURE:\n\t<%d> Elements Read so far, Previous=<%x>, Current=<%x>, Next=<%x>\n", Count, pPreviousEntry, pCurrentEntry, pNextEntry); fListCorrupt = TRUE; break; } pPreviousEntry = pCurrentEntry; pCurrentEntry = pNextEntry; Next3 (pCurrentEntry, &pNextEntry, NULL, &VerifyRead); }
if (!fListCorrupt) { PRINTF ("SUCCESS: %s<%d> Elements!\n", (pCurrentEntry==pHead? "":"> "), Count); }
PRINTF ("Verifying Blinks ...");
Count = 0; fListCorrupt = FALSE; // Read in the data for the first BLink in the list!
pPreviousEntry = pHead; Next3 (pHead, NULL, &pCurrentEntry, NULL); Next3 (pCurrentEntry, NULL, &pNextEntry, &VerifyRead);
while ((pCurrentEntry != pHead) && (++Count < MAX_LIST_ELEMENTS)) { if ((fVerifyIn) && (VerifyRead != VerifyIn)) { PRINTF ("Verify FAILURE:\n\t<%d> Elements Read so far, Previous=<%x>, Current=<%x>, Next=<%x>\n", Count, pPreviousEntry, pCurrentEntry, pNextEntry); fListCorrupt = TRUE; break; } pPreviousEntry = pCurrentEntry; pCurrentEntry = pNextEntry; Next3 (pCurrentEntry, NULL, &pNextEntry, &VerifyRead); }
if (!fListCorrupt) { PRINTF ("SUCCESS: %s<%d> Elements!\n", (pCurrentEntry==pHead? "":"> "), Count); }
PRINTF( "---------------- Verify LinkedList ----------------\n");
return (TRUE);}
BOOLDumpCache( tHASHTABLE *pHashTable, enum eNbtLocation CacheType ){ LONG i, NumBuckets; PLIST_ENTRY pHead; PLIST_ENTRY pEntry; tHASHTABLE HashTbl; tNAMEADDR NameAddr, *pNameAddr;
if (!GetData(pHashTable, &HashTbl, sizeof(tHASHTABLE))) { PRINTF ("ERROR: Could not read %s HashTable data @<%x>\n", (CacheType == NBT_LOCAL ? "Local":"Remote"), pHashTable); return FALSE; }
NumBuckets = HashTbl.lNumBuckets; PRINTF ("\nDumping %s Cache = <%d> buckets:\n", (CacheType == NBT_LOCAL ? "Local":"Remote"), NumBuckets); PRINTF ("[Bkt#]\t<Address> => <Name > | IpAddr | RefC | State | Ttl\n"); PRINTF ("-----------------------------------------------------------------------------------\n");
for (i=0; i < NumBuckets; i++) { pHead = &pHashTable->Bucket[i]; Next3 (pHead, &pEntry, NULL, NULL);
//
// Go through each name in each bucket of the hashtable
//
while (pEntry != pHead) { pNameAddr = CONTAINING_RECORD(pEntry,tNAMEADDR,Linkage); if (!GetData(pNameAddr, &NameAddr, sizeof(tNAMEADDR))) { PRINTF ("ERROR: Could not read NameAddr data @<%x>\n", pNameAddr); return FALSE; }
if ((NameAddr.Verify == LOCAL_NAME) || (NameAddr.Verify == REMOTE_NAME)) { PRINTF ("[%d]\t<%x> => <%-15.15s:%2x> | %8x | %d | %8x | %9d\n", i, pNameAddr, NameAddr.Name, (NameAddr.Name[15]&0x000000ff), NameAddr.IpAddress, NameAddr.RefCount, NameAddr.NameTypeState, NameAddr.Ttl); } else { PRINTF ("ERROR: Bad Name cache entry @ <%x>!\n", pNameAddr); return FALSE; }
Next3 (pEntry, &pEntry, NULL, NULL); // next hash table entry
} } // for ( .. pHashTable .. )
return TRUE; }
BOOLcache( DWORD dwCurrentPC, PNTKD_EXTENSION_APIS lpExtensionApis, LPSTR lpArgumentString){ tNBTCONFIG NbtConfig, *pConfig; BOOL fDumpLocal = TRUE; // Dump both local and remote cache by default
BOOL fDumpRemote = TRUE;
SETCALLBACKS();
if (lpArgumentString && (*lpArgumentString )) { //
// lpArgumentString = "[Local|Remote]"
//
while (*lpArgumentString == ' ') { lpArgumentString++; }
if ((*lpArgumentString == 'l') || (*lpArgumentString == 'L')) { fDumpRemote = FALSE; } else if ((*lpArgumentString == 'r') || (*lpArgumentString == 'R')) { fDumpLocal = FALSE; } }
pConfig = (tNBTCONFIG *) lpGetExpressionRoutine ("netbt!NbtConfig"); if (!GetData(pConfig, &NbtConfig, sizeof(tNBTCONFIG))) { PRINTF ("ERROR: Could not read NbtConfig data @<%x>\n", pConfig); return FALSE; }
if (fDumpLocal) { DumpCache (NbtConfig.pLocalHashTbl, NBT_LOCAL); } if (fDumpRemote) { DumpCache (NbtConfig.pRemoteHashTbl, NBT_REMOTE); }
PRINTF( "---------------- Cache ----------------\n");
return (TRUE);}
|
