archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/base/ntos/config/test/regext.c

591 lines
13 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1992 Microsoft Corporation
  5. Module Name:
  7. regext.c
  9. Abstract:
  11. Kernel debugger extensions useful for the registry
  13. Author:
  15. John Vert (jvert) 7-Sep-1993
  17. Environment:
  19. Loaded as a kernel debugger extension
  21. Revision History:
  23. John Vert (jvert) 7-Sep-1993
  24. created
  26. --*/
  27. #include "cmp.h"
  28. #include <windef.h>
  29. #include <ntkdexts.h>
  30. #include <stdlib.h>
  31. #include <stdio.h>
  33. HIVE_LIST_ENTRY HiveList[8];
  35. ULONG TotalPages;
  36. ULONG TotalPresentPages;
  38. ULONG TotalKcbs;
  39. ULONG TotalKcbName;
  41. BOOLEAN SavePages;
  42. BOOLEAN RestorePages;
  43. FILE *TempFile;
  45. PNTKD_OUTPUT_ROUTINE lpPrint;
  46. PNTKD_GET_EXPRESSION lpGetExpressionRoutine;
  47. PNTKD_GET_SYMBOL lpGetSymbolRoutine;
  48. PNTKD_CHECK_CONTROL_C lpCheckControlCRoutine;
  49. PNTKD_READ_VIRTUAL_MEMORY lpReadMem;
  51. void
  52. poolDumpHive(
  53. IN PCMHIVE Hive
  54. );
  56. VOID
  57. poolDumpMap(
  58. IN ULONG Length,
  59. IN PHMAP_DIRECTORY Map
  60. );
  62. void
  63. dumpHiveFromFile(
  64. IN FILE *File
  65. );
  67. VOID
  68. kcbWorker(
  69. IN PCM_KEY_CONTROL_BLOCK pKcb
  70. );
  72. VOID
  73. pool(
  74. DWORD dwCurrentPc,
  75. PNTKD_EXTENSION_APIS lpExtensionApis,
  76. LPSTR lpArgumentString
  77. )
  79. /*++
  81. Routine Description:
  83. Goes through all the paged pool allocated to registry space and
  84. determines which pages are present and which are not.
  86. Called as:
  88. !regext.pool [s|r]
  90. s Save list of registry pages to temporary file
  91. r Restore list of registry pages from temp. file
  93. Arguments:
  95. CurrentPc - Supplies the current pc at the time the extension is
  96. called.
  98. lpExtensionApis - Supplies the address of the functions callable
  99. by this extension.
  101. lpArgumentString - Supplies the pattern and expression for this
  102. command.
  104. Return Value:
  106. None.
  108. --*/
  110. {
  111. PLIST_ENTRY pCmpHiveListHead;
  112. PLIST_ENTRY pNextHiveList;
  113. HIVE_LIST_ENTRY *pHiveListEntry;
  114. ULONG BytesRead;
  115. PCMHIVE CmHive;
  117. lpPrint = lpExtensionApis->lpOutputRoutine;
  118. lpGetExpressionRoutine = lpExtensionApis->lpGetExpressionRoutine;
  119. lpGetSymbolRoutine = lpExtensionApis->lpGetSymbolRoutine;
  120. lpCheckControlCRoutine = lpExtensionApis->lpCheckControlCRoutine;
  121. lpReadMem = lpExtensionApis->lpReadVirtualMemRoutine;
  123. if (toupper(lpArgumentString[0])=='S') {
  124. SavePages = TRUE;
  125. } else {
  126. SavePages = FALSE;
  127. }
  128. if (toupper(lpArgumentString[0])=='R') {
  129. RestorePages = TRUE;
  130. } else {
  131. RestorePages = FALSE;
  132. }
  134. //
  135. // Go get the hivelist.
  136. //
  137. memset(HiveList,0,sizeof(HiveList));
  138. pHiveListEntry = (PHIVE_LIST_ENTRY)(lpGetExpressionRoutine)("CmpMachineHiveList");
  139. if (pHiveListEntry != NULL) {
  140. (lpReadMem)(pHiveListEntry,
  141. HiveList,
  142. sizeof(HiveList),
  143. &BytesRead);
  144. }
  146. //
  147. // First go and get the hivelisthead
  148. //
  149. pCmpHiveListHead = (PLIST_ENTRY)(lpGetExpressionRoutine)("CmpHiveListHead");
  150. if (pCmpHiveListHead==NULL) {
  151. (lpPrint)("CmpHiveListHead couldn't be read\n");
  152. return;
  153. }
  155. (lpReadMem)(&pCmpHiveListHead->Flink,
  156. &pNextHiveList,
  157. sizeof(pNextHiveList),
  158. &BytesRead);
  159. if (BytesRead != sizeof(pNextHiveList)) {
  160. (lpPrint)("Couldn't read first Flink (%lx) of CmpHiveList\n",
  161. &pCmpHiveListHead->Flink);
  162. return;
  163. }
  165. TotalPages = TotalPresentPages = 0;
  167. if (SavePages) {
  168. TempFile = fopen("regext.dat","w+");
  169. if (TempFile==NULL) {
  170. (lpPrint)("Couldn't create regext.dat for write\n");
  171. return;
  172. }
  173. } else if (RestorePages) {
  174. TempFile = fopen("regext.dat","r");
  175. if (TempFile==NULL) {
  176. (lpPrint)("Couldn't open regext.dat for read\n");
  177. return;
  178. }
  179. }
  181. if (RestorePages) {
  182. dumpHiveFromFile(TempFile);
  183. } else {
  184. while (pNextHiveList != pCmpHiveListHead) {
  185. CmHive = CONTAINING_RECORD(pNextHiveList, CMHIVE, HiveList);
  186. poolDumpHive(CmHive);
  188. (lpReadMem)(&pNextHiveList->Flink,
  189. &pNextHiveList,
  190. sizeof(pNextHiveList),
  191. &BytesRead);
  192. if (BytesRead != sizeof(pNextHiveList)) {
  193. (lpPrint)("Couldn't read Flink (%lx) of %lx\n",
  194. &pCmpHiveListHead->Flink,pNextHiveList);
  195. break;
  196. }
  198. }
  199. }
  201. (lpPrint)("Total pages present = %d / %d\n",
  202. TotalPresentPages,
  203. TotalPages);
  205. if (SavePages || RestorePages) {
  206. fclose(TempFile);
  207. }
  208. }
  210. void
  211. poolDumpHive(
  212. IN PCMHIVE pHive
  213. )
  214. {
  215. CMHIVE CmHive;
  216. ULONG BytesRead;
  217. WCHAR FileName[HBASE_NAME_ALLOC/2 + 1];
  218. ULONG i;
  220. (lpPrint)("\ndumping hive at %lx ",pHive);
  221. (lpReadMem)(pHive,
  222. &CmHive,
  223. sizeof(CmHive),
  224. &BytesRead);
  226. if (BytesRead < sizeof(CmHive)) {
  227. (lpPrint)("\tRead %lx bytes from %lx\n",BytesRead,pHive);
  228. return;
  229. }
  231. (lpReadMem)(&CmHive.Hive.BaseBlock->FileName,
  232. FileName,
  233. sizeof(FileName),
  234. &BytesRead);
  236. if (BytesRead < sizeof(FileName)) {
  237. wcscpy(FileName, L"UNKNOWN");
  238. } else {
  239. if (FileName[0]==L'\0') {
  240. wcscpy(FileName, L"NONAME");
  241. } else {
  242. FileName[HBASE_NAME_ALLOC/2]=L'\0';
  243. }
  244. }
  246. (lpPrint)("(%ws)\n",FileName);
  248. (lpPrint)(" %d KCBs open\n",CmHive.KcbCount);
  249. (lpPrint)(" Stable Length = %lx\n",CmHive.Hive.Storage[Stable].Length);
  250. if (SavePages) {
  251. fprintf(TempFile,
  252. "%ws %d %d\n",
  253. FileName,
  254. CmHive.Hive.Storage[Stable].Length,
  255. CmHive.Hive.Storage[Volatile].Length);
  256. }
  257. poolDumpMap(CmHive.Hive.Storage[Stable].Length,
  258. CmHive.Hive.Storage[Stable].Map);
  260. (lpPrint)(" Volatile Length = %lx\n",CmHive.Hive.Storage[Volatile].Length);
  261. poolDumpMap(CmHive.Hive.Storage[Volatile].Length,
  262. CmHive.Hive.Storage[Volatile].Map);
  264. }
  266. VOID
  267. poolDumpMap(
  268. IN ULONG Length,
  269. IN PHMAP_DIRECTORY Map
  270. )
  271. {
  272. ULONG Tables;
  273. ULONG MapSlots;
  274. ULONG i;
  275. ULONG BytesRead;
  276. HMAP_DIRECTORY MapDirectory;
  277. PHMAP_TABLE MapTable;
  278. HMAP_ENTRY MapEntry;
  279. ULONG Garbage;
  280. ULONG Present=0;
  282. if (Length==0) {
  283. return;
  284. }
  286. MapSlots = Length / HBLOCK_SIZE;
  287. Tables = 1+ ((MapSlots-1) / HTABLE_SLOTS);
  289. //
  290. // read in map directory
  291. //
  292. (lpReadMem)(Map,
  293. &MapDirectory,
  294. Tables * sizeof(PHMAP_TABLE),
  295. &BytesRead);
  296. if (BytesRead < (Tables * sizeof(PHMAP_TABLE))) {
  297. (lpPrint)("Only read %lx/%lx bytes from %lx\n",
  298. BytesRead,
  299. Tables * sizeof(PHMAP_TABLE),
  300. Map);
  301. return;
  303. }
  305. //
  306. // check out each map entry
  307. //
  308. for (i=0; i<MapSlots; i++) {
  310. MapTable = MapDirectory.Directory[i/HTABLE_SLOTS];
  312. (lpReadMem)(&(MapTable->Table[i%HTABLE_SLOTS]),
  313. &MapEntry,
  314. sizeof(HMAP_ENTRY),
  315. &BytesRead);
  316. if (BytesRead < sizeof(HMAP_ENTRY)) {
  317. (lpPrint)(" can't read HMAP_ENTRY at %lx\n",
  318. &(MapTable->Table[i%HTABLE_SLOTS]));
  319. }
  321. if (SavePages) {
  322. fprintf(TempFile, "%lx\n",MapEntry.BlockAddress);
  324. }
  326. //
  327. // probe the HBLOCK
  328. //
  329. (lpReadMem)(MapEntry.BlockAddress,
  330. &Garbage,
  331. sizeof(ULONG),
  332. &BytesRead);
  333. if (BytesRead > 0) {
  334. ++Present;
  335. }
  336. }
  337. (lpPrint)(" %d/%d pages present\n",
  338. Present,
  339. MapSlots);
  341. TotalPages += MapSlots;
  342. TotalPresentPages += Present;
  344. }
  346. void
  347. dumpHiveFromFile(
  348. IN FILE *File
  349. )
  351. /*++
  353. Routine Description:
  355. Takes a list of the registry hives and pages from a file and
  356. checks to see how many of the pages are in memory.
  358. The format of the file is as follows
  359. hivename stablelength volatilelength
  360. stable page address
  361. stable page address
  362. .
  363. .
  364. .
  365. volatile page address
  366. volatile page address
  367. .
  368. .
  369. .
  370. hivename stablelength volatilelength
  371. .
  372. .
  373. .
  376. Arguments:
  378. File - Supplies a file.
  380. Return Value:
  382. None.
  384. --*/
  386. {
  387. CHAR Hivename[33];
  388. ULONG StableLength;
  389. ULONG VolatileLength;
  390. ULONG Page;
  391. ULONG i;
  392. ULONG NumFields;
  393. ULONG Garbage;
  394. ULONG Present;
  395. ULONG Total;
  396. ULONG BytesRead;
  398. while (!feof(File)) {
  399. NumFields = fscanf(File,"%s %d %d\n",
  400. Hivename,
  401. &StableLength,
  402. &VolatileLength);
  403. if (NumFields != 3) {
  404. (lpPrint)("fscanf returned %d\n",NumFields);
  405. return;
  406. }
  408. (lpPrint)("\ndumping hive %s\n",Hivename);
  409. (lpPrint)(" Stable Length = %lx\n",StableLength);
  410. Present = 0;
  411. Total = 0;
  412. while (StableLength > 0) {
  413. fscanf(File, "%lx\n",&Page);
  414. (lpReadMem)(Page,
  415. &Garbage,
  416. sizeof(ULONG),
  417. &BytesRead);
  418. if (BytesRead > 0) {
  419. ++Present;
  420. }
  421. ++Total;
  422. StableLength -= HBLOCK_SIZE;
  423. }
  424. if (Total > 0) {
  425. (lpPrint)(" %d/%d stable pages present\n",
  426. Present,Total);
  427. }
  428. TotalPages += Total;
  429. TotalPresentPages += Present;
  431. (lpPrint)(" Volatile Length = %lx\n",VolatileLength);
  432. Present = 0;
  433. Total = 0;
  434. while (VolatileLength > 0) {
  435. fscanf(File, "%lx\n",&Page);
  436. (lpReadMem)(Page,
  437. &Garbage,
  438. sizeof(ULONG),
  439. &BytesRead);
  440. if (BytesRead > 0) {
  441. ++Present;
  442. }
  443. ++Total;
  444. VolatileLength -= HBLOCK_SIZE;
  445. }
  446. if (Total > 0) {
  447. (lpPrint)(" %d/%d volatile pages present\n",
  448. Present,Total);
  449. }
  451. TotalPages += Total;
  452. TotalPresentPages += Present;
  453. }
  455. }
  457. void
  458. kcb(
  459. DWORD dwCurrentPc,
  460. PNTKD_EXTENSION_APIS lpExtensionApis,
  461. LPSTR lpArgumentString
  462. )
  464. /*++
  466. Routine Description:
  468. Walks the kcb tree and prints the names of keys which have
  469. outstanding kcbs
  471. Called as:
  473. !regext.kcb
  475. Arguments:
  477. CurrentPc - Supplies the current pc at the time the extension is
  478. called.
  480. lpExtensionApis - Supplies the address of the functions callable
  481. by this extension.
  483. lpArgumentString - Supplies the pattern and expression for this
  484. command.
  486. Return Value:
  488. None.
  490. --*/
  492. {
  493. PCM_KEY_CONTROL_BLOCK pKCB;
  494. PCM_KEY_CONTROL_BLOCK Root;
  495. ULONG BytesRead;
  497. lpPrint = lpExtensionApis->lpOutputRoutine;
  498. lpGetExpressionRoutine = lpExtensionApis->lpGetExpressionRoutine;
  499. lpGetSymbolRoutine = lpExtensionApis->lpGetSymbolRoutine;
  500. lpCheckControlCRoutine = lpExtensionApis->lpCheckControlCRoutine;
  501. lpReadMem = lpExtensionApis->lpReadVirtualMemRoutine;
  503. Root = (PCM_KEY_CONTROL_BLOCK)(lpGetExpressionRoutine)("CmpKeyControlBlockRoot");
  504. if (Root == NULL) {
  505. (lpPrint)("Couldn't find address of CmpKeyControlBlockRoot\n");
  506. return;
  507. }
  508. (lpReadMem)(Root,
  509. &pKCB,
  510. sizeof(pKCB),
  511. &BytesRead);
  513. if (BytesRead < sizeof(pKCB)) {
  514. (lpPrint)("Couldn't get pKCB from CmpKeyControlBlockRoot\n");
  515. }
  517. TotalKcbs = 0;
  518. TotalKcbName = 0;
  519. kcbWorker(pKCB);
  521. (lpPrint)("%d KCBs\n",TotalKcbs);
  522. (lpPrint)("%d total bytes of FullNames\n",TotalKcbName);
  524. }
  526. VOID
  527. kcbWorker(
  528. IN PCM_KEY_CONTROL_BLOCK pKcb
  529. )
  531. /*++
  533. Routine Description:
  535. recursive worker for walking the kcb tree.
  537. Arguments:
  539. pKcb - Supplies pointer to kcb.
  541. Return Value:
  543. None.
  545. --*/
  547. {
  548. CM_KEY_CONTROL_BLOCK kcb;
  549. ULONG BytesRead;
  550. WCHAR *Buffer;
  552. ++TotalKcbs;
  553. (lpReadMem)(pKcb,
  554. &kcb,
  555. sizeof(kcb),
  556. &BytesRead);
  557. if (BytesRead < sizeof(kcb)) {
  558. (lpPrint)("Can't read kcb at %lx\n",pKcb);
  559. return;
  560. }
  561. TotalKcbName += kcb.FullName.Length;
  563. if (kcb.Left != NULL) {
  564. kcbWorker(kcb.Left);
  565. }
  567. (lpPrint)("%d - ",kcb.RefCount);
  569. Buffer = malloc(kcb.FullName.Length);
  570. if (Buffer != NULL) {
  571. (lpReadMem)(kcb.FullName.Buffer,
  572. Buffer,
  573. kcb.FullName.Length,
  574. &BytesRead);
  576. kcb.FullName.Length = BytesRead;
  577. kcb.FullName.Buffer = Buffer;
  579. (lpPrint)(" %wZ\n",&kcb.FullName);
  580. free(Buffer);
  582. } else {
  583. (lpPrint)(" ??? \n");
  584. }
  586. if (kcb.Right != NULL) {
  587. kcbWorker(kcb.Right);
  588. }
  591. }
  592.