|
|
/*++
Copyright (c) 1992 Microsoft Corporation
Module Name:
pte.c
Abstract:
WinDbg Extension Api
Author:
Lou Perazzoli (LouP) 15-Feb-1992
Environment:
User Mode.
Revision History:
--*/
#include "precomp.h"
#include "i386.h"
#include "ia64.h"
#include "amd64.h"
ULONG64 MmNonPagedPoolEnd=0;ULONG64 MmSubsectionBase=0;
ULONG64 KiIA64VaSignedFill;ULONG64 KiIA64PtaBase;ULONG64 KiIA64PtaSign;
ULONGDbgGetPageFileHigh( ULONG64 Pte );
////////////////////////////////////////////////////////////////////////////////
//
// I386
//
////////////////////////////////////////////////////////////////////////////////
#define PaeGetPdeAddressX86(va) ((ULONG64) (LONG64) (LONG) (PDE_BASE_X86 + ((((ULONG)(va)) >> 21) << 3)))
#define MiGetPdeAddressX86(va) ((ULONG64) (LONG64) (LONG) (((((ULONG)(va)) >> 22) << 2) + PDE_BASE_X86))
#define PaeGetVirtualAddressMappedByPteX86(PTE) (((ULONG64)(PTE) << 9))
#define PaeGetPteAddressX86(va) ((ULONG64)(PTE_BASE_X86 + ((((ULONG)(va)) >> 12) << 3)))
#define MiGetPteAddressX86(va) (((((ULONG) (va)) >> 12) << 2) + PTE_BASE_X86)
#define MiGetPteOffsetX86(va) ((((ULONG) (va)) >> 12) & 0x3ff)
#define MiGetVirtualAddressMappedByPteX86(PTE) ((ULONG64) (LONG64) (LONG) ((PTE) << 10))
////////////////////////////////////////////////////////////////////////////////
//
// AMD64
//
////////////////////////////////////////////////////////////////////////////////
#define AMD64_VA_MASK (((ULONG64)1 << AMD64_VA_BITS) - 1)
#define MiGetPteAddressAMD64(va) ((((((ULONG64)(va) & AMD64_VA_MASK) >> PTI_SHIFT_AMD64) << PTE_SHIFT_AMD64) + PTE_BASE_AMD64))
#define MiGetPdeAddressAMD64(va) ((((((ULONG64)(va) & AMD64_VA_MASK) >> PDI_SHIFT_AMD64) << PTE_SHIFT_AMD64) + PDE_BASE_AMD64))
#define MiGetPpeAddressAMD64(va) ((((((ULONG64)(va) & AMD64_VA_MASK) >> PPI_SHIFT_AMD64) << PTE_SHIFT_AMD64) + PPE_BASE_AMD64))
#define MiGetPxeAddressAMD64(va) ((((((ULONG64)(va) & AMD64_VA_MASK) >> PXI_SHIFT_AMD64) << PTE_SHIFT_AMD64) + PXE_BASE_AMD64))
#define MiGetPteOffsetAMD64(va) ((((ULONG_PTR) (va)) >> 12) & 0x3ff)
#define MiGetVirtualAddressMappedByPteAMD64(PTE) \
((ULONG64)((LONG64)(((LONG64)(PTE) - PTE_BASE_AMD64) << (PAGE_SHIFT_AMD64 + AMD64_VA_SHIFT - PTE_SHIFT_AMD64)) >> AMD64_VA_SHIFT))
////////////////////////////////////////////////////////////////////////////////
//
// IA64
//
////////////////////////////////////////////////////////////////////////////////
//
// MiGetPdeAddress returns the address of the PTE which maps the
// given virtual address. Note we must redefine some of the MM
// macros here because they cast values to pointers which does not work
// on systems where pointers are only 32 bits.
//
VOIDDbgGetPteBaseIA64( VOID ){ ULONG64 PtaValue; ULONG i;
if (KiIA64PtaBase != 0) {
return;
}
if (g_ExtData == NULL || g_ExtData->lpVtbl-> ReadProcessorSystemData(g_ExtData, 0, DEBUG_DATA_BASE_TRANSLATION_VIRTUAL_OFFSET, &PtaValue, sizeof(PtaValue), NULL) != S_OK) { PtaValue = (ULONG64) GetExpression("@pta"); }
KiIA64PtaBase = PtaValue & ~0xffffUI64; KiIA64VaSignedFill = (KiIA64PtaBase << (PAGE_SHIFT_IA64 - PTE_SHIFT_IA64)) & ~VRN_MASK_IA64;
KiIA64PtaSign = KiIA64PtaBase;
for (i = 0; i < 64; i += 1) {
KiIA64PtaSign >>= 1;
if (KiIA64PtaSign & 1) { KiIA64PtaSign = (ULONG64)1 << i; break; } }}
ULONG64MiGetPteAddressIA64 ( IN ULONG64 Va ){
DbgGetPteBaseIA64();
if (((((ULONG64)(Va)) & PDE_TBASE_IA64) == PDE_TBASE_IA64) && ((((ULONG64)(Va)) & ~(VRN_MASK_IA64|PDE_TBASE_IA64)) < PageSize)) {
return (ULONG64) ((((ULONG64)(Va)) & VRN_MASK_IA64) | (PDE_TBASE_IA64 + PageSize - GetTypeSize("nt!_MMPTE"))); }
return (ULONG64) (((((ULONG64)(Va)) & VRN_MASK_IA64)) | ((((((ULONG64)(Va)) >> PTI_SHIFT_IA64) << PTE_SHIFT_IA64) & (~(PTE_BASE_IA64|VRN_MASK_IA64))) + PTE_BASE_IA64));}
ULONG64MiGetPdeAddressIA64 ( IN ULONG64 Va ){ DbgGetPteBaseIA64();
if (((((ULONG64)(Va)) & PDE_BASE_IA64) == PDE_BASE_IA64) && ((((ULONG64)(Va)) & ~(VRN_MASK_IA64|PDE_BASE_IA64)) < ((ULONG64)1 << PDI_SHIFT_IA64))) {
return (ULONG64) ((((ULONG64)(Va)) & VRN_MASK_IA64) | (PDE_TBASE_IA64 + PageSize - GetTypeSize("nt!_MMPTE"))); }
if (((((ULONG64)(Va)) & PDE_TBASE_IA64) == PDE_TBASE_IA64) && ((((ULONG64)(Va)) & ~(VRN_MASK_IA64|PDE_TBASE_IA64)) < PageSize)) {
return (ULONG64) ((((ULONG64)(Va)) & VRN_MASK_IA64) | (PDE_TBASE_IA64 + PageSize - GetTypeSize("nt!_MMPTE"))); }
return (ULONG64) (((((ULONG64)(Va)) & VRN_MASK_IA64)) | ((((((ULONG64)(Va)) >> PDI_SHIFT_IA64) << PTE_SHIFT_IA64) & (~(PDE_BASE_IA64|VRN_MASK_IA64))) + PDE_BASE_IA64));}
ULONG64MiGetPpeAddressIA64 ( IN ULONG64 Va ){ DbgGetPteBaseIA64();
if ((((ULONG64)(Va) & PTE_BASE_IA64) == PTE_BASE_IA64) && ((((ULONG64)(Va)) & ~(VRN_MASK_IA64|PTE_BASE_IA64)) < ((ULONG64)1 << PDI1_SHIFT_IA64))) {
return (ULONG64) (((ULONG64)Va & VRN_MASK_IA64) | (PDE_TBASE_IA64 + PageSize - GetTypeSize("nt!_MMPTE"))); }
if (((((ULONG64)(Va)) & PDE_BASE_IA64) == PDE_BASE_IA64) && ((((ULONG64)(Va)) & ~(VRN_MASK_IA64|PDE_BASE_IA64)) < ((ULONG64)1 << PDI_SHIFT_IA64))) {
return (ULONG64) ((((ULONG64)(Va)) & VRN_MASK_IA64) | (PDE_TBASE_IA64 + PageSize - GetTypeSize("nt!_MMPTE"))); }
if (((((ULONG64)(Va)) & PDE_TBASE_IA64) == PDE_TBASE_IA64) && ((((ULONG64)(Va)) & ~(VRN_MASK_IA64|PDE_TBASE_IA64)) < PageSize)) {
return (ULONG64) ((((ULONG64)(Va)) & VRN_MASK_IA64) | (PDE_TBASE_IA64 + PageSize - GetTypeSize("nt!_MMPTE"))); }
return (ULONG64) (((((ULONG64)(Va)) & VRN_MASK_IA64)) | ((((((ULONG64)(Va)) >> PDI1_SHIFT_IA64) << PTE_SHIFT_IA64) & (~(PDE_TBASE_IA64|VRN_MASK_IA64))) + PDE_TBASE_IA64));}
ULONG64MiGetVirtualAddressMappedByPteIA64( IN ULONG64 PTE ) { DbgGetPteBaseIA64();
return (((ULONG64)(PTE) & PTA_SIGN_IA64) ? (ULONG64)(((ULONG64)(PTE) & VRN_MASK_IA64) | VA_FILL_IA64 | (((ULONG64)(PTE)-PTE_BASE_IA64) << (PAGE_SHIFT_IA64 - PTE_SHIFT_IA64))) : (ULONG64)(((ULONG64)(PTE) & VRN_MASK_IA64) | (((ULONG64)(PTE)-PTE_BASE_IA64) << (PAGE_SHIFT_IA64 - PTE_SHIFT_IA64))));
}
#define MiGetSubsectionAddress(lpte) \
(((lpte)->u.Subsect.WhichPool == 1) ? \ ((ULONG64)((ULONG64)MmSubsectionBase + \ ((ULONG64)(lpte)->u.Subsect.SubsectionAddress))) \ : \ ((ULONG64)((ULONG64)MM_NONPAGED_POOL_END - \ ((ULONG64)(lpte)->u.Subsect.SubsectionAddress))))
#define MiPteToProto(lpte) \
((ULONG64) ((ULONG64)((lpte)->u.Proto.ProtoAddress) + MmProtopte_Base))
////////////////////////////////////////////////////////////////////////////////
//
// AMD64
//
////////////////////////////////////////////////////////////////////////////////
VOIDDbgPrintProtection ( ULONG Protection ){ if (Protection == 0) { dprintf("0"); return; }
dprintf ("%x - ", Protection);
if (Protection == MM_NOACCESS) { dprintf("No Access"); } else if (Protection == MM_DECOMMIT) { dprintf("Decommitted"); } else { switch (Protection & 7) { case MM_READONLY: dprintf("Readonly"); break; case MM_EXECUTE: dprintf("Execute"); break; case MM_EXECUTE_READ: dprintf("ExecuteRead"); break; case MM_READWRITE: dprintf("ReadWrite"); break; case MM_WRITECOPY: dprintf("ReadWriteCopy"); break; case MM_EXECUTE_READWRITE: dprintf("ReadWriteExecute"); break; case MM_EXECUTE_WRITECOPY: dprintf("ReadWriteCopyExecute "); break; default: ; } if (Protection & MM_NOCACHE) { dprintf(" UC"); } if (Protection & MM_GUARD_PAGE) { dprintf(" G"); } }}
ULONG64DbgPteLookupNeeded ( VOID ){ switch (TargetMachine) {
case IMAGE_FILE_MACHINE_I386: return MI_PTE_LOOKUP_NEEDED_X86;
case IMAGE_FILE_MACHINE_AMD64: return MI_PTE_LOOKUP_NEEDED_AMD64; break;
case IMAGE_FILE_MACHINE_IA64: return MI_PTE_LOOKUP_NEEDED_IA64;
default: break; }
return 0;}
LOGICALDbgPteIsDemandZero ( ULONG64 CurrentPte ){ ULONG Protection = 0; ULONG64 CurrentPteContents = 0; GetFieldValue(CurrentPte, "nt!_MMPTE", "u.Long", CurrentPteContents); GetFieldValue(CurrentPte, "nt!_MMPTE", "u.Soft.Protection", Protection);
//
// The caller has already ensured that the valid, prototype & transition
// bits in the PTE are all zero.
//
if (DbgGetPageFileHigh (CurrentPte) != 0) { return FALSE; }
if ((Protection != 0) && (Protection != MM_NOACCESS) && (Protection != MM_DECOMMIT)) {
return TRUE; }
return FALSE;}
#define PMMPTEx ULONG64
#define PACKET_MAX_SIZE 4000
typedef struct _SYS_PTE_LIST { ULONG64 Next; ULONG64 Previous; ULONG64 Value; ULONG Count;} SYS_PTE_LIST, *PSYS_PTE_LIST;
ULONG MmKseg2Frame;
ULONGMiGetSysPteListDelimiter ( VOID )
/*++
Routine Description:
The platform-specific system PTE list delimiter is returned.
Arguments:
None.
--*/
{ switch (TargetMachine) {
case IMAGE_FILE_MACHINE_I386: if (PaeEnabled) { return 0xFFFFFFFF; } return 0xFFFFF;
case IMAGE_FILE_MACHINE_AMD64: return 0xFFFFFFFF;
case IMAGE_FILE_MACHINE_IA64: return 0xFFFFFFFF;
default: break; }
return 0;}
ULONG64MiGetFreeCountFromPteList ( IN ULONG64 Pte )
/*++
Routine Description:
The specified PTE points to a free list header in the system PTE pool. It returns the number of free entries in this block.
Arguments:
Pte - the PTE to examine.
--*/
{ ULONG OneEntry; ULONG64 NextEntry;
GetFieldValue(Pte, "MMPTE", "u.List.OneEntry", OneEntry); GetFieldValue(Pte + GetTypeSize("nt!_MMPTE"), "MMPTE", "u.List.NextEntry",NextEntry); return (( OneEntry) ? 1 : NextEntry);}
DECLARE_API( sysptes )
/*++
Routine Description:
Dumps system PTEs.
Arguments:
args - Flags
Return Value:
None
--*/
{ ULONG ExtraPtesUnleashed; ULONG MaxPteRead; ULONG TotalNumberOfSystemPtes; ULONG64 NonPagedSystemStart; ULONG64 ExtraResourceStart; ULONG64 ExtraPteStart; ULONG NumberOfExtraPtes; ULONG PteListDelimiter; ULONG result; ULONG64 nextfreepte; ULONG Flags; ULONG LastCount; ULONG ReadCount; ULONG64 next; ULONG64 Pte; ULONG64 IndexBase; ULONG64 PteBase; ULONG64 PteBase2; ULONG64 PteArrayReal; ULONG64 PteArray2Real; PCHAR PteArray2; ULONG64 PteEnd; ULONG64 IndexBias; ULONG64 FreeStart; ULONG NumberOfSystemPtes; ULONG NumberOfPtesToCover; PCHAR PteArray; HANDLE PteHandle; ULONG64 PageCount; ULONG64 free; ULONG64 totalFree; ULONG64 largeFree; ULONG i; ULONG64 Flink; ULONG64 PteHeaderAddress; ULONG FreeSysPteListBySize[MM_SYS_PTE_TABLES_MAX]; ULONG SysPteIndex [MM_SYS_PTE_TABLES_MAX]; ULONG PteSize; PVOID PteData; PSYS_PTE_LIST List; CHAR Buffer[256]; ULONG64 displacement;
INIT_API();
List = NULL; PteData = NULL; PteArray = NULL; PteHandle = (HANDLE)0;
Flags = 0; sscanf(args,"%lx",&Flags);
if (Flags & 8) {
//
// Dump the nonpaged pool expansion free PTE list only.
//
IndexBias = GetPointerValue ("nt!MmSystemPteBase"); PteSize = GetTypeSize ("nt!_MMPTE");
i = 0; totalFree = 0; largeFree = 0; PteData = LocalAlloc (LMEM_FIXED, PteSize * 2); if (!PteData) { dprintf("Unable to malloc PTE data\n"); EXIT_API(); return E_INVALIDARG; } FreeStart = GetExpression ("nt!MmFirstFreeSystemPte") + PteSize; if ( !ReadMemory( FreeStart, PteData, PteSize, &result) ) { dprintf("%08p: Unable to get MmFirstFreeSystemPte\n",FreeStart); LocalFree(PteData); EXIT_API(); return E_INVALIDARG; } GetFieldValue(FreeStart, "nt!_MMPTE", "u.List.NextEntry", FreeStart); next = FreeStart;
PteListDelimiter = MiGetSysPteListDelimiter (); while (next != PteListDelimiter) { if ( CheckControlC() ) { goto Bail; }
nextfreepte = IndexBias + next * PteSize;
if ( !ReadMemory( nextfreepte, PteData, PteSize * 2, &result) ) { dprintf("%16I64X: Unable to get nonpaged PTE\n", nextfreepte); break; }
free = MiGetFreeCountFromPteList (nextfreepte); if (Flags & 1) { dprintf(" free ptes: %8p number free: %5I64ld.\n", nextfreepte, free); }
if (free > largeFree) { largeFree = free; }
totalFree += free; i += 1; GetFieldValue(nextfreepte, "nt!_MMPTE", "u.List.NextEntry", next); // next = MiGetNextFromPteList ((PMMPTE)PteData);
} dprintf("\n free blocks: %ld total free: %I64ld largest free block: %I64ld\n\n", i, totalFree, largeFree); LocalFree(PteData); EXIT_API(); return E_INVALIDARG; }
if (Flags & 4) {
PteHeaderAddress = GetExpression( "nt!MiPteHeader" ); if ( GetFieldValue( PteHeaderAddress, "nt!_SYSPTES_HEADER", "Count", NumberOfSystemPtes) ) { dprintf("%08p: Unable to get System PTE lock consumer information\n", PteHeaderAddress); } else { dprintf("\n0x%I64x System PTEs allocated to mapping locked pages\n\n", NumberOfSystemPtes);
dprintf("VA MDL PageCount Caller/CallersCaller\n");
//
// Dump the MDL and PTE addresses and 2 callers.
//
GetFieldValue( PteHeaderAddress,"SYSPTES_HEADER","ListHead.Flink", Flink);
for (PageCount = 0; PageCount < NumberOfSystemPtes; ) { ULONG64 Count;
if (Flink == PteHeaderAddress) { dprintf("early finish (%I64u) during syspte tracker dumping\n", PageCount); break; }
if ( CheckControlC() ) { break; }
if ( GetFieldValue( Flink, "nt!_PTE_TRACKER", "Count", Count) ) { dprintf("%08p: Unable to get System PTE individual lock consumer information\n", Flink); break; }
InitTypeRead(Flink, nt!_PTE_TRACKER); dprintf("%8p %8p %8I64lx ", ReadField(SystemVa), ReadField(Mdl), Count);
Buffer[0] = '!'; Flink = ReadField(ListEntry.Flink); GetSymbol (ReadField(CallingAddress), (PCHAR)Buffer, &displacement); dprintf("%s", Buffer); if (displacement) { dprintf( "+0x%1p", displacement ); } dprintf("/");
Buffer[0] = '!'; GetSymbol (ReadField(CallersCaller), (PCHAR)Buffer, &displacement); dprintf("%s", Buffer); if (displacement) { dprintf( "+0x%1p", displacement ); } dprintf("\n");
PageCount += Count; } } if ((Flags & ~4) == 0) {
//
// no other flags specified, so just return.
//
EXIT_API(); return E_INVALIDARG; } }
dprintf("\nSystem PTE Information\n");
PteBase = GetPointerValue ("nt!MmSystemPtesStart"); PteEnd = GetPointerValue ("nt!MmSystemPtesEnd"); IndexBias = GetPointerValue ("nt!MmSystemPteBase"); NumberOfSystemPtes = GetUlongValue ("nt!MmNumberOfSystemPtes"); NonPagedSystemStart = GetPointerValue ("nt!MmNonPagedSystemStart");
PteSize = GetTypeSize ("nt!_MMPTE");
NumberOfExtraPtes = 0; NumberOfPtesToCover = (ULONG) ((PteEnd - PteBase + 1) / PteSize);
//
// The system PTEs may exist in 2 separate virtual address ranges.
//
// See if there are extra resources, if so then see if they are being
// used for system PTEs (as opposed to system cache, etc).
//
ExtraPtesUnleashed = 0; ExtraPtesUnleashed = GetUlongValue ("MiAddPtesCount");
if (ExtraPtesUnleashed != 0) { ExtraResourceStart = GetExpression ("nt!MiExtraResourceStart");
if (ExtraResourceStart != 0) {
NumberOfExtraPtes = GetUlongValue ("MiExtraPtes1");
if (NumberOfExtraPtes != 0) {
if (!ReadPointer(ExtraResourceStart,&ExtraPteStart)) { dprintf("%016I64X: Unable to read PTE start %p\n",ExtraResourceStart); goto Bail; } } } }
TotalNumberOfSystemPtes = (ULONG) (NumberOfSystemPtes + NumberOfExtraPtes);
dprintf(" Total System Ptes %ld\n", TotalNumberOfSystemPtes);
free = GetExpression( "nt!MmSysPteIndex" );
if ( !ReadMemory( free, &SysPteIndex[0], sizeof(ULONG) * MM_SYS_PTE_TABLES_MAX, &result) ) { dprintf("%08p: Unable to get PTE index\n",free); goto Bail; }
free = GetExpression( "nt!MmSysPteListBySizeCount" );
if ( !ReadMemory( free, &FreeSysPteListBySize[0], sizeof (FreeSysPteListBySize), &result) ) { dprintf("%08p: Unable to get free PTE index\n",free); goto Bail; }
for (i = 0; i < MM_SYS_PTE_TABLES_MAX; i += 1 ) { dprintf(" SysPtes list of size %ld has %ld free\n", SysPteIndex[i], FreeSysPteListBySize[i]); }
dprintf(" \n");
dprintf(" starting PTE: %016I64X\n", PteBase); dprintf(" ending PTE: %016I64X\n", PteEnd);
PteHandle = LocalAlloc(LMEM_MOVEABLE, NumberOfPtesToCover * PteSize);
if (!PteHandle) { dprintf("Unable to get allocate memory of %ld bytes\n", NumberOfPtesToCover * PteSize); goto Bail; }
MaxPteRead = ((PACKET_MAX_SIZE/PteSize)-1);
PteArray = LocalLock(PteHandle);
PteArrayReal = PteBase;
//
// If the ranges are discontiguous, zero the piece(s) in the middle.
//
if (NumberOfExtraPtes != 0) { RtlZeroMemory (PteArray, NumberOfPtesToCover * PteSize); }
for (PageCount = 0; PageCount < NumberOfExtraPtes; PageCount += ReadCount) {
if ( CheckControlC() ) { goto Bail; }
dprintf("loading (%d%% complete)\r", (PageCount * 100)/ TotalNumberOfSystemPtes);
ReadCount = (ULONG) (NumberOfExtraPtes - PageCount > MaxPteRead ? MaxPteRead : NumberOfExtraPtes - PageCount + 1);
Pte = (PteBase + PageCount * PteSize);
if ( !ReadMemory( Pte, (PCHAR)PteArray + PageCount * PteSize, ReadCount * PteSize, &result) ) { dprintf("Unable to get system pte block - " "address %p - count %lu - page %lu\n", Pte, ReadCount, PageCount); goto Bail; } } LastCount = (ULONG) PageCount;
if (NumberOfSystemPtes != 0) {
if (NumberOfExtraPtes != 0) { PteBase2 = DbgGetPteAddress (NonPagedSystemStart); } else { PteBase2 = PteBase; }
PteArray2 = (PteArray + (ULONG) (PteBase2 - PteBase)); PteArray2Real = PteBase2; for (PageCount = 0; (PageCount < NumberOfSystemPtes); PageCount += ReadCount) { if ( CheckControlC() ) { goto Bail; } dprintf("loading (%d%% complete)\r", ((LastCount + PageCount) * 100)/ TotalNumberOfSystemPtes); ReadCount = (ULONG) (NumberOfSystemPtes - PageCount > MaxPteRead ? MaxPteRead : NumberOfSystemPtes - PageCount + 1); Pte = (PteBase2 + PageCount * PteSize); if ( !ReadMemory( Pte, PteArray2 + PageCount * PteSize, ReadCount * PteSize, &result) ) { dprintf("Unable to get system pte block2 - " "address %p - count %lu - page %lu\n", Pte, ReadCount, PageCount); goto Bail; } } }
dprintf("\n");
//
// Now we have a local copy: let's take a look.
//
//
// Walk the free list.
//
IndexBase = (PteBase - IndexBias) / PteSize;
totalFree = 0; i = 0; largeFree = 0;
FreeStart = GetExpression ("nt!MmFirstFreeSystemPte");
if ( GetFieldValue( FreeStart, "nt!_MMPTE", "u.List.NextEntry", next) ) { dprintf("%08p: Unable to get MmFirstFreeSystemPte\n",FreeStart); goto Bail; }
FreeStart = next;
PteListDelimiter = MiGetSysPteListDelimiter ();
while (next != PteListDelimiter) {
if ( CheckControlC() ) { goto Bail; }
free = MiGetFreeCountFromPteList ((PteArrayReal + (next - IndexBase)* PteSize));
if (Flags & 1) { dprintf(" free ptes: %8p number free: %5I64ld.\n", PteBase + (next - IndexBase) * PteSize, free); } if (free > largeFree) { largeFree = free; } totalFree += free; i += 1;
GetFieldValue ((PteArrayReal + (next - IndexBase) * PteSize), "nt!_MMPTE", "u.List.NextEntry", next); } dprintf("\n free blocks: %ld total free: %I64ld largest free block: %I64ld\n\n", i, totalFree, largeFree);
#if 0
//
// Walk through the array and sum up the usage on a per physical
// page basis.
//
List = VirtualAlloc (NULL, (ULONG) NumberOfPtes * sizeof(SYS_PTE_LIST), MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); if (List == NULL) { dprintf("alloc failed %lx\n",GetLastError()); goto Bail; } RtlZeroMemory (List, (ULONG) NumberOfPtes * sizeof(SYS_PTE_LIST)); GetBitFieldOffset("nt!_MMPTE", "u.Hard.PageFrameNumber", &PfnOff, &PfnSz);
free = 0; next = 0; List[0].Value = (ULONG64) -1; List[0].Previous = 0xffffff; first = 0;
for (i = 0; i < NumberOfPtes ; i += 1) { ULONG64 lPte = *((PULONG64) (PteArray + i * PteSize));
Page =0; if ((lPte >> ValidOff) & 1) { Page = GetBits(lPte, PfnOff, PfnSz); // DbgGetFrameNumber (PteArray + i * PteSize);
} if (!(i%100)) dprintf("%c\r",rot[(i/100) % 4]); if (Page != 0) { // dprintf("Adding PTE @ %p, Pfn %p\n", PteArrayReal + i*PteSize, Page);
next = first; while (Page > List[next].Value) { next = List[next].Next; } if (List[next].Value == Page) { List[next].Count += 1; } else { free += 1; List[free].Next = next; List[free].Value = Page; List[free].Count = 1; List[free].Previous = List[next].Previous; if (next == first) { first = free; } else { List[List[next].Previous].Next = free; } List[next].Previous = free; } }
if ( CheckControlC() ) { goto Bail; } }
next = first; dprintf (" Page Count\n"); while (List[next].Value != (ULONG64) -1) { if ((Flags & 2) || (List[next].Count > 1)) { dprintf (" %8p %5ld.\n", List[next].Value, List[next].Count); } next = List[next].Next; if ( CheckControlC() ) { goto Bail; } }#endif
Bail:
if (PteArray) { LocalUnlock(PteArray); if (PteHandle) { LocalFree((void *)PteHandle); } } if (List) { VirtualFree (List, 0, MEM_RELEASE); }
EXIT_API(); return S_OK;}
ULONG64DbgGetFrameNumber( ULONG64 Pte ) { ULONG Valid=0; ULONG Prototype=0; ULONG Transition=0; ULONG64 PageFrameNumber=0;
GetFieldValue(Pte, "nt!_MMPTE", "u.Hard.Valid", Valid); if (Valid) { GetFieldValue(Pte, "nt!_MMPTE", "u.Hard.PageFrameNumber", PageFrameNumber); } else { GetFieldValue(Pte, "nt!_MMPTE", "u.Soft.Prototype", Prototype); if (Prototype == 0) { GetFieldValue(Pte, "nt!_MMPTE", "u.Soft.Transition", Transition); if (Transition == 1) { GetFieldValue(Pte, "_MMPTE", "u.Trans.PageFrameNumber", PageFrameNumber); } else { // Must be pagefile or demand zero.
GetFieldValue(Pte, "nt!_MMPTE", "u.Soft.PageFileHigh", PageFrameNumber); } } }
return PageFrameNumber;}
ULONGDbgGetOwner( ULONG64 Pte ) { ULONG Owner=0;
GetFieldValue(Pte, "nt!_MMPTE", "u.Hard.Owner", Owner);
return Owner;}
ULONGDbgGetValid( ULONG64 Pte ) { ULONG Valid=0;
GetFieldValue(Pte, "nt!_MMPTE", "u.Hard.Valid", Valid);
return Valid;}
ULONGDbgGetDirty( ULONG64 Pte ) { ULONG Dirty=0;
GetFieldValue(Pte, "nt!_MMPTE", "u.Hard.Dirty", Dirty);
return Dirty;}
ULONGDbgGetAccessed( ULONG64 Pte ) { ULONG Accessed=0;
GetFieldValue(Pte, "nt!_MMPTE", "u.Hard.Accessed", Accessed);
return Accessed;}
ULONGDbgGetWrite( ULONG64 Pte ) { ULONG Write=0;
GetFieldValue(Pte, "nt!_MMPTE", "u.Hard.Write", Write);
return Write;}
ULONGDbgGetExecute( ULONG64 Pte ) { ULONG Execute=0;
GetFieldValue(Pte, "nt!_MMPTE", "u.Hard.Execute", Execute);
return Execute;}
ULONGDbgGetCopyOnWrite( ULONG64 Pte ) { ULONG CopyOnWrite=0;
GetFieldValue(Pte, "nt!_MMPTE", "u.Hard.CopyOnWrite", CopyOnWrite);
return CopyOnWrite;}
ULONGDbgGetPageFileHigh( ULONG64 Pte ){ ULONG64 PageFileHigh=0; GetFieldValue(Pte, "nt!_MMPTE", "u.Soft.PageFileHigh", PageFileHigh); return (ULONG) PageFileHigh;}
ULONGDbgGetPageFileLow( ULONG64 Pte ){ ULONG PageFileLow=0; GetFieldValue(Pte, "nt!_MMPTE", "u.Soft.PageFileLow", PageFileLow); return PageFileLow;}
ULONG64DbgPteToProto( ULONG64 lpte ){ ULONG64 PteLong=0; ULONG64 ProtoAddress=0; if (TargetMachine != IMAGE_FILE_MACHINE_I386) { GetFieldValue(lpte, "nt!_MMPTE", "u.Proto.ProtoAddress",ProtoAddress); return ProtoAddress; }
if (PaeEnabled) { GetFieldValue(lpte, "nt!_MMPTE", "u.Proto.ProtoAddress",ProtoAddress); return ProtoAddress; }
GetFieldValue(lpte, "nt!_MMPTE", "u.Long", PteLong);
ProtoAddress = (((ULONG)PteLong >> 11) << 9) + (((ULONG)PteLong << 24) >> 23) + 0xE1000000;
return ProtoAddress;}
ULONG64DbgGetSubsectionAddress( IN ULONG64 Pte ){ ULONG64 PteLong=0; ULONG64 MmSubsectionBase; ULONG64 SubsectionAddress=0;
if (PaeEnabled && (TargetMachine == IMAGE_FILE_MACHINE_I386)) { ULONG64 SubsectionAddress=0;
GetFieldValue(Pte, "nt!_MMPTE", "u.Subsect.SubsectionAddress", SubsectionAddress); return SubsectionAddress; }
MmSubsectionBase = GetNtDebuggerDataPtrValue(MmSubsectionBase); GetFieldValue(Pte, "nt!_MMPTE", "u.Long", PteLong);
switch (TargetMachine) { case IMAGE_FILE_MACHINE_I386:{
if (!MmNonPagedPoolEnd) { MmNonPagedPoolEnd = GetNtDebuggerDataValue(MmNonPagedPoolEnd); }
SubsectionAddress = ((PteLong & 0x80000000) ? (((ULONG) MmSubsectionBase + (((PteLong & 0x7ffff800) >> 4) | ((PteLong<<2) & 0x78)))) : (((ULONG) MmNonPagedPoolEnd - ((((PteLong)>>11)<<7) | ((PteLong<<2) & 0x78)))));
SubsectionAddress = (ULONG64) (LONG64) (LONG) SubsectionAddress; break; } case IMAGE_FILE_MACHINE_AMD64: {
LONG64 SignedSubsectionAddress;
GetFieldValue(Pte, "nt!_MMPTE", "u.Subsect.SubsectionAddress", SignedSubsectionAddress);
SubsectionAddress = (ULONG64) SignedSubsectionAddress; break; } case IMAGE_FILE_MACHINE_IA64: { ULONG64 WhichPool=0, SubsectionAddress2=0;
GetFieldValue(Pte, "nt!_MMPTE", "u.Subsect.SubsectionAddress", SubsectionAddress2); GetFieldValue(Pte, "nt!_MMPTE", "u.Subsect.WhichPool", WhichPool);
if (!MmNonPagedPoolEnd) { MmNonPagedPoolEnd = GetNtDebuggerDataValue(MmNonPagedPoolEnd); }
SubsectionAddress = ((WhichPool == 1) ? ((MmSubsectionBase + (SubsectionAddress2))) : ((MmNonPagedPoolEnd - (SubsectionAddress2)))); break; } default: return FALSE; } /* switch */ return SubsectionAddress;}
ULONG64DbgGetPdeAddress( IN ULONG64 VirtualAddress ){ switch (TargetMachine) {
case IMAGE_FILE_MACHINE_I386: if (PaeEnabled) { return PaeGetPdeAddressX86 (VirtualAddress); } return MiGetPdeAddressX86(VirtualAddress);
case IMAGE_FILE_MACHINE_AMD64: return MiGetPdeAddressAMD64(VirtualAddress);
case IMAGE_FILE_MACHINE_IA64: return MiGetPdeAddressIA64(VirtualAddress);
default: break; } return 0;}
ULONG64DbgGetPpeAddress( IN ULONG64 VirtualAddress ){ switch (TargetMachine) {
case IMAGE_FILE_MACHINE_AMD64: return MiGetPpeAddressAMD64(VirtualAddress);
case IMAGE_FILE_MACHINE_IA64: return MiGetPpeAddressIA64(VirtualAddress);
default: break; }
return 0;}
ULONG64DbgGetPxeAddress( IN ULONG64 VirtualAddress ){ switch (TargetMachine) {
case IMAGE_FILE_MACHINE_AMD64: return MiGetPxeAddressAMD64(VirtualAddress);
default: break; }
return 0;}
ULONG64DbgGetVirtualAddressMappedByPte( IN ULONG64 Pte ){ switch (TargetMachine) {
case IMAGE_FILE_MACHINE_I386: if (PaeEnabled) { return PaeGetVirtualAddressMappedByPteX86(Pte); } return MiGetVirtualAddressMappedByPteX86 (Pte);
case IMAGE_FILE_MACHINE_AMD64: return MiGetVirtualAddressMappedByPteAMD64 (Pte);
case IMAGE_FILE_MACHINE_IA64: return MiGetVirtualAddressMappedByPteIA64 (Pte);
default: break; }
return 0;}
ULONG64DbgGetPteAddress( IN ULONG64 VirtualAddress ){ switch (TargetMachine) { case IMAGE_FILE_MACHINE_I386:{ if (PaeEnabled) { return PaeGetPteAddressX86 (VirtualAddress); } return MiGetPteAddressX86(VirtualAddress); } case IMAGE_FILE_MACHINE_AMD64: { return MiGetPteAddressAMD64(VirtualAddress); } case IMAGE_FILE_MACHINE_IA64: { return MiGetPteAddressIA64(VirtualAddress); } default: return FALSE; } /* switch */ return FALSE;}
BOOLMi_Is_Physical_Address ( ULONG64 VirtualAddress ){ switch (TargetMachine) { case IMAGE_FILE_MACHINE_IA64: { return MI_IS_PHYSICAL_ADDRESS_IA64(VirtualAddress); } default: return FALSE; } /* switch */ return FALSE;}
ULONGDBG_GET_PAGE_SHIFT ( VOID ){ switch (TargetMachine) { case IMAGE_FILE_MACHINE_I386:{ return PAGE_SHIFT_X86; } case IMAGE_FILE_MACHINE_AMD64: { return PAGE_SHIFT_AMD64; } case IMAGE_FILE_MACHINE_IA64: { return PAGE_SHIFT_IA64; } default: return FALSE; } /* switch */ return FALSE;}
ULONG64DBG_GET_MM_SESSION_SPACE_DEFAULT ( VOID ){ switch (TargetMachine) { case IMAGE_FILE_MACHINE_I386:{ return MM_SESSION_SPACE_DEFAULT_X86; } case IMAGE_FILE_MACHINE_AMD64: { return MM_SESSION_SPACE_DEFAULT_AMD64; } case IMAGE_FILE_MACHINE_IA64: { return MM_SESSION_SPACE_DEFAULT_IA64; } default: return FALSE; } /* switch */ return FALSE;}
ULONGGET_MM_PTE_VALID_MASK ( VOID ){ switch (TargetMachine) { case IMAGE_FILE_MACHINE_I386:{ return MM_PTE_VALID_MASK_X86; } case IMAGE_FILE_MACHINE_AMD64: { return MM_PTE_VALID_MASK_AMD64; } case IMAGE_FILE_MACHINE_IA64: { return MM_PTE_VALID_MASK_IA64; } default: return FALSE; } /* switch */ return FALSE;}
ULONGGET_MM_PTE_LARGE_PAGE_MASK ( VOID ){ switch (TargetMachine) { case IMAGE_FILE_MACHINE_I386:{ return MM_PTE_LARGE_PAGE_MASK_X86; } case IMAGE_FILE_MACHINE_AMD64:{ return MM_PTE_LARGE_PAGE_MASK_AMD64; } case IMAGE_FILE_MACHINE_IA64: { return MM_PTE_LARGE_PAGE_MASK_IA64; } default: return FALSE; } /* switch */ return FALSE;}
ULONGGET_MM_PTE_TRANSITION_MASK ( VOID ){ switch (TargetMachine) { case IMAGE_FILE_MACHINE_I386:{ return MM_PTE_TRANSITION_MASK_X86; } case IMAGE_FILE_MACHINE_AMD64:{ return MM_PTE_TRANSITION_MASK_AMD64; } case IMAGE_FILE_MACHINE_IA64: { return MM_PTE_TRANSITION_MASK_IA64; } default: return FALSE; } /* switch */ return FALSE;}
ULONGGET_MM_PTE_PROTOTYPE_MASK ( VOID ){ switch (TargetMachine) { case IMAGE_FILE_MACHINE_I386:{ return MM_PTE_PROTOTYPE_MASK_X86; } case IMAGE_FILE_MACHINE_AMD64:{ return MM_PTE_PROTOTYPE_MASK_AMD64; } case IMAGE_FILE_MACHINE_IA64: { return MM_PTE_PROTOTYPE_MASK_IA64; } default: return FALSE; } /* switch */ return FALSE;}
ULONGGET_MM_PTE_PROTECTION_MASK ( VOID ){ switch (TargetMachine) { case IMAGE_FILE_MACHINE_I386:{ return MM_PTE_PROTECTION_MASK_X86; } case IMAGE_FILE_MACHINE_AMD64:{ return MM_PTE_PROTECTION_MASK_AMD64; } case IMAGE_FILE_MACHINE_IA64: { return MM_PTE_PROTECTION_MASK_IA64; } default: return FALSE; } /* switch */ return FALSE;}
ULONGGET_MM_PTE_PAGEFILE_MASK ( VOID ){ switch (TargetMachine) { case IMAGE_FILE_MACHINE_I386:{ return MM_PTE_PAGEFILE_MASK_X86; } case IMAGE_FILE_MACHINE_AMD64:{ return MM_PTE_PAGEFILE_MASK_AMD64; } case IMAGE_FILE_MACHINE_IA64: { return MM_PTE_PAGEFILE_MASK_IA64; } default: return FALSE; } /* switch */ return FALSE;}
ULONG64GET_PTE_TOP ( VOID ){ switch (TargetMachine) { case IMAGE_FILE_MACHINE_I386:{ return PTE_TOP_X86; } case IMAGE_FILE_MACHINE_IA64: { return PDE_TOP_IA64; } case IMAGE_FILE_MACHINE_AMD64: { return PTE_TOP_AMD64; } default: return FALSE; } /* switch */ return FALSE;}
ULONG64GET_PDE_TOP ( VOID ){ return GET_PTE_TOP();}
ULONG64GET_PTE_BASE ( VOID ){ switch (TargetMachine) { case IMAGE_FILE_MACHINE_I386:{ return PTE_BASE_X86; } case IMAGE_FILE_MACHINE_IA64: { return PTE_BASE_IA64; } case IMAGE_FILE_MACHINE_AMD64: { return PTE_BASE_AMD64; } default: return FALSE; } /* switch */ return FALSE;}
�ULONGGetAddressState( IN ULONG64 VirtualAddress )
{ ULONG64 Address; ULONG result; ULONG64 Pte; ULONG64 Pde; ULONG PdeContents; ULONG PteContents;
if (Mi_Is_Physical_Address (VirtualAddress)) { return ADDRESS_VALID; } Address = VirtualAddress;
Pde = DbgGetPdeAddress (VirtualAddress); Pte = DbgGetPteAddress (VirtualAddress);
if ( !ReadMemory( Pde, &PdeContents, sizeof(ULONG), &result) ) { dprintf("%08p: Unable to get PDE\n",Pde); return ADDRESS_NOT_VALID; }
if (PdeContents & GET_MM_PTE_VALID_MASK()) { if (PdeContents & GET_MM_PTE_LARGE_PAGE_MASK()) { return ADDRESS_VALID; } if ( !ReadMemory( Pte, &PteContents, sizeof(ULONG), &result) ) { dprintf("%08p: Unable to get PTE\n",Pte); return ADDRESS_NOT_VALID; } if (PteContents & GET_MM_PTE_VALID_MASK()) { return ADDRESS_VALID; } if (PteContents & GET_MM_PTE_TRANSITION_MASK()) { if (!(PteContents & GET_MM_PTE_PROTOTYPE_MASK())) { return ADDRESS_TRANSITION; } } } return ADDRESS_NOT_VALID;}
VOIDDbgDisplayInvalidPte ( ULONG64 CurrentPte, ULONG64 flags, PCHAR Indent ){ ULONG Transition = 0; ULONG Protection = 0; ULONG PrototypeBit = 0; ULONG64 CurrentPteContents; ULONG PteSize;
PteSize = GetTypeSize ("nt!_MMPTE");
GetFieldValue(CurrentPte, "nt!_MMPTE", "u.Long", CurrentPteContents); GetFieldValue(CurrentPte, "nt!_MMPTE", "u.Soft.Prototype", PrototypeBit);
dprintf("not valid\n", Indent); GetFieldValue (CurrentPte, "nt!_MMPTE", "u.Soft.Protection", Protection); GetFieldValue (CurrentPte, "nt!_MMPTE", "u.Soft.Transition", Transition);
if (PrototypeBit) { if (DbgGetPageFileHigh (CurrentPte) == DbgPteLookupNeeded ()) { dprintf("%s Proto: VAD\n", Indent); dprintf("%s Protect: ", Indent); DbgPrintProtection (Protection); } else if (flags) { if (PteSize == 4) { dprintf("%s Subsection: %08I64X\n", Indent, DbgGetSubsectionAddress (CurrentPte)); } else { dprintf("%s Subsection: %016I64X\n", Indent, DbgGetSubsectionAddress (CurrentPte)); } dprintf("%s Protect: ", Indent); DbgPrintProtection (Protection); } else { if (PteSize == 4) { dprintf("%s Proto: %08I64X\n", Indent, DbgPteToProto (CurrentPte)); } else { dprintf("%s Proto: %016I64X\n", Indent, DbgPteToProto (CurrentPte)); } } } else if (Transition) { dprintf("%s Transition: %x\n", Indent, (ULONG) DbgGetFrameNumber (CurrentPte)); dprintf("%s Protect: ", Indent); DbgPrintProtection (Protection);
} else if (CurrentPteContents != 0) {
if (DbgPteIsDemandZero (CurrentPte)) { dprintf("%s DemandZero\n", Indent); } else { dprintf("%s PageFile: %2lx\n", Indent, DbgGetPageFileLow (CurrentPte)); dprintf("%s Offset: %lx\n", Indent, DbgGetPageFileHigh (CurrentPte)); } dprintf("%s Protect: ", Indent); DbgPrintProtection (Protection); } dprintf ("\n");}
VOIDDbgDisplayValidPte ( ULONG64 Pte ){ ULONG64 Pte_Long;
if (Pte == 0) { return; }
switch (TargetMachine) {
case IMAGE_FILE_MACHINE_I386: case IMAGE_FILE_MACHINE_AMD64:
GetFieldValue(Pte, "nt!_MMPTE", "u.Long", Pte_Long); dprintf("pfn %x %c%c%c%c%c%c%c%c%cV", (ULONG) DbgGetFrameNumber(Pte), DbgGetCopyOnWrite(Pte) ? 'C' : '-', Pte_Long & 0x100 ? 'G' : '-', Pte_Long & 0x80 ? 'L' : '-', DbgGetDirty(Pte) ? 'D' : '-', DbgGetAccessed(Pte) ? 'A' : '-', Pte_Long & 0x10 ? 'N' : '-', Pte_Long & 0x8 ? 'T' : '-', DbgGetOwner(Pte) ? 'U' : 'K', Pte_Long & 0x2 ? 'W' : 'R'); break;
case IMAGE_FILE_MACHINE_IA64:
dprintf("pfn %x %c%c%c%c%c%cV", (ULONG) DbgGetFrameNumber(Pte), DbgGetExecute(Pte) ? 'E' : '-', DbgGetCopyOnWrite(Pte) ? 'C' : '-', DbgGetDirty(Pte) ? 'D' : '-', DbgGetAccessed(Pte) ? 'A' : '-', DbgGetOwner(Pte) ? 'U' : 'K', DbgGetWrite(Pte) ? 'W' : 'R');
break;
default: break; }}
LOGICALDbgAddressSelfMapped ( ULONG64 Address ){ switch (TargetMachine) {
case IMAGE_FILE_MACHINE_I386: if ((Address >= GET_PTE_BASE()) && (Address < GET_PTE_TOP())) { return TRUE; } break;
case IMAGE_FILE_MACHINE_IA64:
if (((Address & PTE_BASE_IA64) == PTE_BASE_IA64) && ((Address & ~(VRN_MASK_IA64|PTE_BASE_IA64)) < ((ULONG64)1 << PDI1_SHIFT_IA64))) { return TRUE; } else if (((Address & PDE_BASE_IA64) == PDE_BASE_IA64) && ((Address & ~(VRN_MASK_IA64|PDE_BASE_IA64)) < ((ULONG64)1 << PDI_SHIFT_IA64))) { return TRUE; } else if (((Address & PDE_TBASE_IA64) == PDE_TBASE_IA64) && ((Address & ~(VRN_MASK_IA64|PDE_TBASE_IA64)) < PageSize)) { return TRUE; }
break;
case IMAGE_FILE_MACHINE_AMD64: if ((Address >= PTE_BASE_AMD64) && (Address <= PTE_TOP_AMD64)) { return TRUE; } break;
default: break; }
return FALSE;}
VOIDDumpPte ( ULONG64 Address, ULONG64 flags ){ PCHAR Indent; ULONG Levels; ULONG64 Pte; ULONG64 Pde; ULONG64 Ppe; ULONG64 Pxe; ULONG64 CurrentPte; ULONG64 CurrentPteContents; ULONG ValidBit; ULONG64 Pde_Long=0; ULONG64 Pte_Long=0; ULONG64 Ppe_Long=0; ULONG64 Pxe_Long=0; ULONG PteSize;
PteSize = GetTypeSize ("nt!_MMPTE");
switch (TargetMachine) {
case IMAGE_FILE_MACHINE_I386: Levels = 2; break;
case IMAGE_FILE_MACHINE_IA64: Levels = 3; break;
case IMAGE_FILE_MACHINE_AMD64: Levels = 4; break;
default: dprintf("Not implemented for this platform\n"); return; break; }
if (DbgAddressSelfMapped (Address)) {
if (!flags) {
//
// The address is the address of a PTE, rather than
// a virtual address. Don't get the corresponding
// PTE contents, use this address as the PTE.
//
Address = DbgGetVirtualAddressMappedByPte (Address); } }
if (!flags) { Pxe = DbgGetPxeAddress (Address); Ppe = DbgGetPpeAddress (Address); Pde = DbgGetPdeAddress (Address); Pte = DbgGetPteAddress (Address); } else { Pxe = Address; Ppe = Address; Pde = Address; Pte = Address; }
if (Levels >= 3) { dprintf(" VA %016p\n", Address); } else { dprintf(" VA %08p\n", Address); }
if (Levels == 4) { dprintf("PXE @ %016P PPE at %016P PDE at %016P PTE at %016P\n", Pxe, Ppe, Pde, Pte); } else if (Levels == 3) { dprintf("PPE at %016P PDE at %016P PTE at %016P\n", Ppe, Pde, Pte); } else { if (PteSize == 4) { dprintf("PDE at %08P PTE at %08P\n", Pde, Pte); } else { dprintf("PDE at %016P PTE at %016P\n", Pde, Pte); } }
//
// Decode the PXE.
//
if (Levels >= 4) {
CurrentPte = Pxe;
if (GetFieldValue (CurrentPte, "nt!_MMPTE", "u.Hard.Valid", ValidBit)) { dprintf("Unable to get PXE %I64X\n", CurrentPte); return; }
GetFieldValue (CurrentPte, "nt!_MMPTE", "u.Long", CurrentPteContents);
Pxe_Long = CurrentPteContents;
if (ValidBit == 0) {
dprintf("contains %016I64X unavailable\n", Pxe_Long); Indent = "";
if (CurrentPteContents != 0) { DbgDisplayInvalidPte (CurrentPte, flags, Indent); } else { dprintf ("\n"); } return; } }
//
// Decode the PPE.
//
if (Levels >= 3) {
CurrentPte = Ppe;
if (GetFieldValue (CurrentPte, "nt!_MMPTE", "u.Hard.Valid", ValidBit)) { dprintf("Unable to get PPE %I64X\n", CurrentPte); return; }
GetFieldValue (CurrentPte, "nt!_MMPTE", "u.Long", CurrentPteContents);
Ppe_Long = CurrentPteContents;
if (ValidBit == 0) {
if (Levels >= 4) { dprintf("contains %016I64X contains %016I64X\n", Pxe_Long, Ppe_Long); Indent = " "; DbgDisplayValidPte (Pxe); } else { dprintf("contains %016I64X\n", Ppe_Long); Indent = ""; } if (CurrentPteContents != 0) { DbgDisplayInvalidPte (CurrentPte, flags, Indent); } else { dprintf ("\n"); } return; } }
//
// Decode the PDE.
//
CurrentPte = Pde;
if ( GetFieldValue(CurrentPte, "nt!_MMPTE", "u.Hard.Valid", ValidBit) ) { dprintf("Unable to get PDE %I64X\n", CurrentPte); return; }
GetFieldValue(CurrentPte, "nt!_MMPTE", "u.Long", CurrentPteContents);
Pde_Long = CurrentPteContents;
if (ValidBit == 0) {
if (Levels >= 4) { dprintf("contains %016I64X contains %016I64X contains %016I64X\n", Pxe_Long, Ppe_Long, Pde_Long); DbgDisplayValidPte (Pxe); dprintf (" "); DbgDisplayValidPte (Ppe); Indent = " "; } else if (Levels == 3) { dprintf("contains %016I64X contains %016I64X\n", Ppe_Long, Pde_Long); DbgDisplayValidPte (Ppe); Indent = " "; } else { if (PteSize == 4) { dprintf("contains %08I64X\n", Pde_Long); } else { dprintf("contains %016I64X\n", Pde_Long); }
Indent = ""; } if (CurrentPteContents != 0) { DbgDisplayInvalidPte (CurrentPte, flags, Indent); } else { dprintf ("\n"); } return; }
//
// Decode the PTE and print everything out.
//
CurrentPte = Pte;
if ( GetFieldValue(CurrentPte, "nt!_MMPTE", "u.Hard.Valid", ValidBit) ) { dprintf("Unable to get PTE %I64X\n", CurrentPte); return; }
GetFieldValue(CurrentPte, "nt!_MMPTE", "u.Long", CurrentPteContents);
if (Pde_Long & GET_MM_PTE_LARGE_PAGE_MASK()) { CurrentPteContents = 0; }
Pte_Long = CurrentPteContents;
//
// Print the raw values.
//
if (Levels == 4) { dprintf("contains %016I64X contains %016I64X contains %016I64X contains %016I64X\n", Pxe_Long, Ppe_Long, Pde_Long, Pte_Long); Indent = " "; DbgDisplayValidPte (Pxe); dprintf (" "); DbgDisplayValidPte (Ppe); dprintf (" "); DbgDisplayValidPte (Pde); dprintf (" "); } else if (Levels == 3) { dprintf("contains %016I64X contains %016I64X contains %016I64X\n", Ppe_Long, Pde_Long, Pte_Long); Indent = " "; DbgDisplayValidPte (Ppe); dprintf (" "); DbgDisplayValidPte (Pde); dprintf (" "); } else { if (PteSize == 4) { dprintf("contains %08I64X contains %08I64X\n", Pde_Long, Pte_Long); Indent = " "; } else { dprintf("contains %016I64X contains %016I64X\n", Pde_Long, Pte_Long); Indent = " "; } DbgDisplayValidPte (Pde); dprintf (" "); }
if (Pde_Long & GET_MM_PTE_LARGE_PAGE_MASK()) { dprintf ("LARGE PAGE\n"); } else if (ValidBit != 0) { DbgDisplayValidPte (Pte); dprintf ("\n"); } else { if (CurrentPteContents != 0) { DbgDisplayInvalidPte (CurrentPte, flags, Indent); } else { dprintf ("\n"); } }
dprintf ("\n");
return;}
DECLARE_API( pte )
/*++
Routine Description:
Displays the corresponding PDE and PTE.
Arguments:
args -
Return Value:
None
--*/
{ ULONG64 Address = 0; ULONG64 flags = 0; ULONG flags2 = 0;
INIT_API();
if (GetExpressionEx(args,&Address, &args)) { if (GetExpressionEx(args,&flags, &args)) { flags2 = (ULONG) GetExpression(args); } }
switch (TargetMachine) { case IMAGE_FILE_MACHINE_I386: Address = (ULONG64) (LONG64) (LONG) Address; DumpPte (Address, flags); break; case IMAGE_FILE_MACHINE_IA64: DumpPte (Address, flags); break; case IMAGE_FILE_MACHINE_AMD64: DumpPte (Address, flags); break; default: dprintf("Unknown platform %d\n",TargetMachine); break; }
EXIT_API(); return S_OK;}
BOOLEANGetPhysicalAddress ( IN ULONG64 Address, OUT PULONG64 PhysAddress )
/*++
Routine Description:
Retrieves the physical address corresponding to the supplied virtual address.
Arguments:
Va - Supplies the virtual address for which the PTE address is sought.
PhysAddress - Supplies a pointer to caller-supplied memory which is to contain the physical address.
Return Value: TRUE - The supplied Va is valid and it's physical address was placed in *PhysAddress.
FALSE - The supplied Va does not correspond to a valid address.
--*/
{ ULONG ValidBit; ULONG LargePageBit; ULONG PageFrameIndex; ULONG64 PteAddress, PteContents;
switch (TargetMachine) {
case IMAGE_FILE_MACHINE_I386: case IMAGE_FILE_MACHINE_AMD64: PteAddress = DbgGetPdeAddress (Address);
if (GetFieldValue (PteAddress, "nt!_MMPTE", "u.Hard.Valid", ValidBit) ) { dprintf("Unable to get PDE %I64X\n", PteAddress); return FALSE; }
if (ValidBit == 0) { return FALSE; }
if (GetFieldValue (PteAddress, "nt!_MMPTE", "u.Hard.LargePage", LargePageBit) ) { dprintf("Unable to get PDE %I64X\n", PteAddress); return FALSE; }
if (LargePageBit == 0) { break; }
PageFrameIndex = (ULONG) DbgGetFrameNumber(PteAddress);
switch (TargetMachine) {
case IMAGE_FILE_MACHINE_I386: PageFrameIndex += MiGetPteOffsetX86 (Address); break;
case IMAGE_FILE_MACHINE_AMD64: PageFrameIndex += (ULONG) MiGetPteOffsetAMD64 (Address); break; }
*PhysAddress = ((PageFrameIndex << DBG_GET_PAGE_SHIFT ()) | (Address & 0xFFF));
return TRUE;
default: break; }
PteAddress = DbgGetPteAddress (Address);
if (GetFieldValue (PteAddress, "nt!_MMPTE", "u.Hard.Valid", ValidBit) ) { dprintf("Unable to get PTE %I64X\n", PteAddress); return FALSE; }
if (ValidBit == 0) { return FALSE; }
GetFieldValue (PteAddress, "nt!_MMPTE", "u.Long", PteContents);
*PhysAddress = ((DbgGetFrameNumber(PteAddress) << DBG_GET_PAGE_SHIFT ()) | (Address & 0xFFF));
return TRUE;}
typedef struct _BPENTRY { ULONG64 VirtualAddress; ULONG64 PhysicalAddress; ULONG Flags; ULONG Contents;} BPENTRY, *PBPENTRY;
#define PHYSICAL_BP_TABLE_SIZE 16
#define PBP_BYTE_POSITION 0x03
#define PBP_INUSE 0x04
#define PBP_ENABLED 0x08
BPENTRY PhysicalBreakpointTable[PHYSICAL_BP_TABLE_SIZE];
#define MAX_FORMAT_STRINGS 8
LPSTRFormatAddr64( ULONG64 addr ){ static CHAR strings[MAX_FORMAT_STRINGS][18]; static int next = 0; LPSTR string;
string = strings[next]; ++next; if (next >= MAX_FORMAT_STRINGS) { next = 0; } if (addr >> 32) { sprintf(string, "%08x`%08x", (ULONG)(addr>>32), (ULONG)addr); } else { sprintf(string, "%08x", (ULONG)addr); } return string;}
DECLARE_API( ubl ){ int i;
INIT_API(); UNREFERENCED_PARAMETER (args);
for (i = 0; i < PHYSICAL_BP_TABLE_SIZE; i++) { if (PhysicalBreakpointTable[i].Flags & PBP_INUSE) { dprintf("%2d: %c %s (%s) %d %02x", i, (PhysicalBreakpointTable[i].Flags & PBP_ENABLED) ? 'e' : 'd', FormatAddr64(PhysicalBreakpointTable[i].VirtualAddress), FormatAddr64(PhysicalBreakpointTable[i].PhysicalAddress), (PhysicalBreakpointTable[i].Flags & PBP_BYTE_POSITION), PhysicalBreakpointTable[i].Contents ); } }
EXIT_API(); return S_OK;}
voidPbpEnable( int n ){ PBPENTRY Pbp = PhysicalBreakpointTable + n; ULONG mask; ULONG Data; ULONG cb=0;
mask = 0xff << (8 * (Pbp->Flags & PBP_BYTE_POSITION)); Data = (Pbp->Contents & ~mask) | (0xcccccccc & mask);
WritePhysical(Pbp->PhysicalAddress, &Data, 4, &cb);
if (cb == 4) { Pbp->Flags |= PBP_ENABLED; }}
voidPbpDisable( int n ){ PBPENTRY Pbp = PhysicalBreakpointTable + n; ULONG cb;
WritePhysical(Pbp->PhysicalAddress, &Pbp->Contents, 4, &cb);
if (cb == 4) { Pbp->Flags &= ~PBP_ENABLED; }}
voidPbpClear( int n ){ PBPENTRY Pbp = PhysicalBreakpointTable + n; ULONG cb;
WritePhysical(Pbp->PhysicalAddress, &Pbp->Contents, 4, &cb);
if (cb == 4) { Pbp->Flags = 0; }}
DECLARE_API( ubc ){ int i; int n;
INIT_API();
if (*args == '*') { //
// clear them all
//
for (i = 0; i < PHYSICAL_BP_TABLE_SIZE; i++) { if (PhysicalBreakpointTable[i].Flags & PBP_INUSE) { PbpClear(i); } } EXIT_API(); return E_INVALIDARG; }
n = sscanf(args,"%d",&i);
if (n != 1 || i < 0 || i >= PHYSICAL_BP_TABLE_SIZE) { dprintf("!ubc: bad breakpoint number\n"); EXIT_API(); return E_INVALIDARG; }
if ( !(PhysicalBreakpointTable[i].Flags & PBP_INUSE)) { dprintf("!ubc: breakpoint number %d not set\n", i); EXIT_API(); return E_INVALIDARG; }
PbpClear(i);
EXIT_API(); return S_OK;}
DECLARE_API( ube ){ int i; int n;
INIT_API();
if (*args == '*') { //
// enable them all
//
for (i = 0; i < PHYSICAL_BP_TABLE_SIZE; i++) { if (PhysicalBreakpointTable[i].Flags & PBP_INUSE) { PbpEnable(i); } } EXIT_API(); return E_INVALIDARG; }
n = sscanf(args,"%d",&i);
if (n != 1 || i < 0 || i >= PHYSICAL_BP_TABLE_SIZE) { dprintf("!ube: bad breakpoint number\n"); EXIT_API(); return E_INVALIDARG; }
if ( !(PhysicalBreakpointTable[i].Flags & PBP_INUSE)) { dprintf("!ube: breakpoint number %d not set\n", i); EXIT_API(); return E_INVALIDARG; }
PbpEnable(i);
EXIT_API(); return S_OK;}
DECLARE_API( ubd ){ int i; int n;
INIT_API();
if (*args == '*') { //
// disable them all
//
for (i = 0; i < PHYSICAL_BP_TABLE_SIZE; i++) { if (PhysicalBreakpointTable[i].Flags & PBP_INUSE) { PbpDisable(i); } } EXIT_API(); return E_INVALIDARG; }
n = sscanf(args,"%d",&i);
if (n != 1 || i < 0 || i >= PHYSICAL_BP_TABLE_SIZE) { dprintf("!ubd: bad breakpoint number\n"); EXIT_API(); return E_INVALIDARG; }
if ( !(PhysicalBreakpointTable[i].Flags & PBP_INUSE)) { dprintf("!ubd: breakpoint number %d not set\n", i); EXIT_API(); return E_INVALIDARG; }
PbpDisable(i);
EXIT_API(); return S_OK;}
DECLARE_API( ubp ){ ULONG64 Address; ULONG result; ULONG PageShift; PMMPTEx Pte; PMMPTEx Pde; ULONG64 PdeContents; ULONG64 PteContents; PBPENTRY Pbp = NULL; ULONG cb; int i; ULONG64 PhysicalAddress;
static BOOL DoWarning = TRUE;
INIT_API();
if (DoWarning) { DoWarning = FALSE; dprintf("This command is VERY DANGEROUS, and may crash your system!\n"); dprintf("If you don't know what you are doing, enter \"!ubc *\" now!\n\n"); }
for (i = 0; i < PHYSICAL_BP_TABLE_SIZE; i++) { if (!(PhysicalBreakpointTable[i].Flags & PBP_INUSE)) { Pbp = PhysicalBreakpointTable + i; break; } }
if (!Pbp) { dprintf("!ubp: breakpoint table is full!\n"); EXIT_API(); return E_INVALIDARG; }
Address = GetExpression(args);
if ((Address >= GET_PTE_BASE()) && (Address < GET_PDE_TOP())) {
//
// The address is the address of a PTE, rather than
// a virtual address.
//
dprintf("!ubp: cannot set a breakpoint on a PTE\n"); EXIT_API(); return E_INVALIDARG; }
Pde = DbgGetPdeAddress (Address); Pte = DbgGetPteAddress (Address);
if ( !ReadMemory( (DWORD)Pde, &PdeContents, sizeof(ULONG), &result) ) { dprintf("!ubp: %08lx: Unable to get PDE\n",Pde); EXIT_API(); return E_INVALIDARG; }
if (!(PdeContents & 0x1)) { dprintf("!ubp: no valid PTE\n"); EXIT_API(); return E_INVALIDARG; }
if (PdeContents & GET_MM_PTE_LARGE_PAGE_MASK()) { dprintf("!ubp: not supported for large page\n"); EXIT_API(); return E_INVALIDARG; }
if ( GetFieldValue( Pte, "nt!_MMPTE", "u.Long", PteContents) ) { dprintf("!ubp: %08p: Unable to get PTE (PDE = %08p)\n",Pte, Pde); EXIT_API(); return E_INVALIDARG; }
if (!(PteContents & 1)) { dprintf("!ubp: no valid PTE\n"); EXIT_API(); return E_INVALIDARG; }
PageShift = DBG_GET_PAGE_SHIFT (); PhysicalAddress = ((DbgGetFrameNumber (PteContents)) << PageShift); PhysicalAddress &= ~((1 << PageShift) - 1); PhysicalAddress |= (Address & ~((1 << PageShift) - 1)); PhysicalAddress &= ~3;
for (i = 0; i < PHYSICAL_BP_TABLE_SIZE; i++) { if (PhysicalBreakpointTable[i].PhysicalAddress == PhysicalAddress) { dprintf("!ubp: cannot set two breakpoints in the same word\n"); EXIT_API(); return E_INVALIDARG; } }
ReadPhysical(PhysicalAddress, &Pbp->Contents, 4, &cb);
if (cb != 4) { dprintf("!ubp: unable to read physical at 0x%08x\n", PhysicalAddress); EXIT_API(); return E_INVALIDARG; }
Pbp->VirtualAddress = Address; Pbp->PhysicalAddress = PhysicalAddress; Pbp->Flags = PBP_INUSE | ((ULONG) Address & 3);
PbpEnable((int)(Pbp - PhysicalBreakpointTable));
EXIT_API(); return S_OK;}
DECLARE_API( halpte ){
#define HAL_VA_START_X86 0xffffffffffd00000
ULONG64 virtAddr = HAL_VA_START_X86; ULONG64 pteAddr; ULONG64 pteContents; ULONG count = 0;
INIT_API(); UNREFERENCED_PARAMETER (args);
if (TargetMachine != IMAGE_FILE_MACHINE_I386) { dprintf("X86 only API\n"); EXIT_API(); return E_UNEXPECTED; } dprintf("\n\nDumping HAL PTE ranges\n\n"); while (virtAddr < 0xffffffffffffe000) {
pteAddr = DbgGetPteAddress(virtAddr);
if (!InitTypeRead(pteAddr, nt!_MMPTE)) {
if (pteContents = ReadField(u.Long)) {
dprintf("[%03x] %p -> %I64x\n", count++, virtAddr, pteContents & (ULONG64) ~0xFFF); } }
virtAddr += PageSize; }
EXIT_API(); return S_OK;}
#if defined(ALT_4K)
#undef MiGetAltPteAddress
#define MiGetAltPteAddress(VA) \
((ULONG64) (ALT4KB_PERMISSION_TABLE_START + \ ((((ULONG64) (VA)) >> PAGE_4K_SHIFT) << ALT_PTE_SHIFT)))
#endif // defined(ALT_4K)
//
// Limit the IA32 subsystem to a 2GB virtual address space.
// This means "Large Address Aware" apps are not supported in emulation mode.
//
#define _MAX_WOW64_ADDRESS (0x00000000080000000UI64)
DECLARE_API( ate )
/*++
Routine Description:
Displays the correnponding ATE.
Arguments:
Args - Address Flags
Return Value:
None
--*/{#if defined(ALT_4K)
ULONG64 Address; ULONG flags; ULONG Result; ULONG64 PointerAte; ULONG64 Process; ULONG AltTable[(_MAX_WOW64_ADDRESS >> PTI_SHIFT)/32]; ULONG64 *Wow64Process;
if (GetExpressionEx(args,&Address, &args)) { flags = (ULONG) GetExpression(args); }
Address = Address & ~((ULONG64)PageSize - 1); PointerAte = MiGetAltPteAddress(Address);
if ( InitTypeRead( PointerAte, nt!_MMPTE) ) { dprintf("Unable to get ATE %p\n", PointerAte); return E_INVALIDARG; } dprintf("%016I64X: %016I64X ", PointerAte, ReadField(u.Long));
dprintf("PTE off: %08I64X protect: ", ReadField(u.Alt.PteOffset));
DbgPrintProtection((ULONG) ReadField(u.Alt.Protection));
dprintf(" %c%c%c%c%c%c%c%c%c%c\n", ReadField(u.Alt.Commit) ? 'V' : '-', ReadField(u.Alt.Accessed) ? '-' : 'G', ReadField(u.Alt.Execute) ? 'E' : '-', ReadField(u.Alt.Write) ? 'W' : 'R', ReadField(u.Alt.Lock) ? 'L' : '-', ReadField(u.Alt.FillZero) ? 'Z' : '-', ReadField(u.Alt.NoAccess) ? 'N' : '-', ReadField(u.Alt.CopyOnWrite) ? 'C' : '-', ReadField(u.Alt.PteIndirect) ? 'I' : '-', ReadField(u.Alt.Private) ? 'P' : '-');
#else
UNREFERENCED_PARAMETER (args); UNREFERENCED_PARAMETER (Client);
#endif // defined(ALT_4K)
return S_OK;} DECLARE_API( pte2va )
/*++
Routine Description:
Displays the correnponding ATE.
Arguments:
Args - Address Flags
Return Value:
None
--*/{ ULONG64 Address=0; ULONG flags=0; UNREFERENCED_PARAMETER (Client);
if (GetExpressionEx(args,&Address, &args)) { flags = (ULONG) GetExpression(args); }
Address = DbgGetVirtualAddressMappedByPte(Address);
dprintf("%p \n", Address);
return S_OK;}
|
