archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/base/ntos/dbgk/dbgkproc.c

721 lines
17 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1989 Microsoft Corporation
  5. Module Name:
  7. dbgkproc.c
  9. Abstract:
  11. This module implements process control primitives for the
  12. Dbg component of NT
  14. Author:
  16. Mark Lucovsky (markl) 19-Jan-1990
  18. Revision History:
  20. --*/
  22. #include "dbgkp.h"
  24. #ifdef ALLOC_PRAGMA
  25. #pragma alloc_text(PAGE, DbgkpSuspendProcess)
  26. #pragma alloc_text(PAGE, DbgkpResumeProcess)
  27. #pragma alloc_text(PAGE, DbgkpSectionToFileHandle)
  28. #pragma alloc_text(PAGE, DbgkCreateThread)
  29. #pragma alloc_text(PAGE, DbgkExitThread)
  30. #pragma alloc_text(PAGE, DbgkExitProcess)
  31. #pragma alloc_text(PAGE, DbgkMapViewOfSection)
  32. #pragma alloc_text(PAGE, DbgkUnMapViewOfSection)
  33. #endif
  35. BOOLEAN
  36. DbgkpSuspendProcess (
  37. VOID
  38. )
  40. /*++
  42. Routine Description:
  44. This function causes all threads in the calling process except for
  45. the calling thread to suspend.
  47. Arguments:
  49. CreateDeleteLockHeld - Supplies a flag that specifies whether or not
  50. the caller is holding the process create delete lock. If the
  51. caller holds the lock, than this function will not aquire the
  52. lock before suspending the process.
  54. Return Value:
  56. None.
  58. --*/
  60. {
  61. PAGED_CODE();
  63. //
  64. // Freeze the execution of all threads in the current process, but
  65. // the calling thread. If we are in the process of being deleted don't do this.
  66. //
  67. if ((PsGetCurrentProcess()->Flags&PS_PROCESS_FLAGS_PROCESS_DELETE) == 0) {
  68. KeFreezeAllThreads();
  69. return TRUE;
  70. }
  72. return FALSE;
  73. }
  75. VOID
  76. DbgkpResumeProcess (
  77. VOID
  78. )
  80. /*++
  82. Routine Description:
  84. This function causes all threads in the calling process except for
  85. the calling thread to resume.
  87. Arguments:
  89. CreateDeleteLockHeld - Supplies a flag that specifies whether or not
  90. the caller is holding the process create delete lock. If the
  91. caller holds the lock, than this function will not aquire the
  92. lock before suspending the process.
  94. Return Value:
  96. None.
  98. --*/
  100. {
  102. PAGED_CODE();
  104. //
  105. // Thaw the execution of all threads in the current process, but
  106. // the calling thread.
  107. //
  109. KeThawAllThreads();
  111. return;
  112. }
  114. HANDLE
  115. DbgkpSectionToFileHandle(
  116. IN PVOID SectionObject
  117. )
  119. /*++
  121. Routine Description:
  123. This function Opens a handle to the file associated with the processes
  124. section. The file is opened such that it can be dupped all the way to
  125. the UI where the UI can either map the file or read the file to get
  126. the debug info.
  128. Arguments:
  130. SectionHandle - Supplies a handle to the section whose associated file
  131. is to be opened.
  133. Return Value:
  135. NULL - The file could not be opened.
  137. NON-NULL - Returns a handle to the file associated with the specified
  138. section.
  140. --*/
  142. {
  143. NTSTATUS Status;
  144. ANSI_STRING FileName;
  145. UNICODE_STRING UnicodeFileName;
  146. OBJECT_ATTRIBUTES Obja;
  147. IO_STATUS_BLOCK IoStatusBlock;
  148. HANDLE Handle;
  150. PAGED_CODE();
  152. Status = MmGetFileNameForSection(SectionObject, (PSTRING)&FileName);
  153. if ( !NT_SUCCESS(Status) ) {
  154. return NULL;
  155. }
  157. Status = RtlAnsiStringToUnicodeString(&UnicodeFileName,&FileName,TRUE);
  158. ExFreePool(FileName.Buffer);
  159. if ( !NT_SUCCESS(Status) ) {
  160. return NULL;
  161. }
  163. InitializeObjectAttributes(
  164. &Obja,
  165. &UnicodeFileName,
  166. OBJ_CASE_INSENSITIVE | OBJ_FORCE_ACCESS_CHECK | OBJ_KERNEL_HANDLE,
  167. NULL,
  168. NULL
  169. );
  171. Status = ZwOpenFile(
  172. &Handle,
  173. (ACCESS_MASK)(GENERIC_READ | SYNCHRONIZE),
  174. &Obja,
  175. &IoStatusBlock,
  176. FILE_SHARE_DELETE | FILE_SHARE_READ | FILE_SHARE_WRITE,
  177. FILE_SYNCHRONOUS_IO_NONALERT
  178. );
  179. RtlFreeUnicodeString(&UnicodeFileName);
  180. if ( !NT_SUCCESS(Status) ) {
  181. return NULL;
  182. }
  183. else {
  184. return Handle;
  185. }
  186. }
  189. VOID
  190. DbgkCreateThread(
  191. PVOID StartAddress
  192. )
  194. /*++
  196. Routine Description:
  198. This function is called when a new thread begins to execute. If the
  199. thread has an associated DebugPort, then a message is sent thru the
  200. port.
  202. If this thread is the first thread in the process, then this event
  203. is translated into a CreateProcessInfo message.
  205. If a message is sent, then while the thread is awaiting a reply,
  206. all other threads in the process are suspended.
  208. Arguments:
  210. StartAddress - Supplies the start address for the thread that is
  211. starting.
  213. Return Value:
  215. None.
  217. --*/
  219. {
  220. PVOID Port;
  221. DBGKM_APIMSG m;
  222. PDBGKM_CREATE_THREAD CreateThreadArgs;
  223. PDBGKM_CREATE_PROCESS CreateProcessArgs;
  224. PETHREAD Thread;
  225. PEPROCESS Process;
  226. PDBGKM_LOAD_DLL LoadDllArgs;
  227. NTSTATUS Status;
  228. OBJECT_ATTRIBUTES Obja;
  229. IO_STATUS_BLOCK IoStatusBlock;
  230. PIMAGE_NT_HEADERS NtHeaders;
  231. PTEB Teb;
  233. PAGED_CODE();
  235. Thread = PsGetCurrentThread ();
  236. Process = PsGetCurrentProcessByThread (Thread);
  238. if (PsImageNotifyEnabled && !Process->Pcb.UserTime) {
  239. IMAGE_INFO ImageInfo;
  240. PIMAGE_NT_HEADERS NtHeaders;
  241. ANSI_STRING FileName;
  242. UNICODE_STRING UnicodeFileName;
  243. PUNICODE_STRING pUnicodeFileName;
  245. //
  246. // notification of main .exe
  247. //
  248. ImageInfo.Properties = 0;
  249. ImageInfo.ImageAddressingMode = IMAGE_ADDRESSING_MODE_32BIT;
  250. ImageInfo.ImageBase = Process->SectionBaseAddress;
  251. ImageInfo.ImageSize = 0;
  253. try {
  254. NtHeaders = RtlImageNtHeader (Process->SectionBaseAddress);
  256. if (NtHeaders) {
  257. ImageInfo.ImageSize = NtHeaders->OptionalHeader.SizeOfImage;
  258. }
  259. } except (EXCEPTION_EXECUTE_HANDLER) {
  260. ImageInfo.ImageSize = 0;
  261. }
  262. ImageInfo.ImageSelector = 0;
  263. ImageInfo.ImageSectionNumber = 0;
  265. pUnicodeFileName = NULL;
  266. Status = MmGetFileNameForSection (Process->SectionObject, (PSTRING)&FileName);
  267. if (NT_SUCCESS (Status)) {
  268. Status = RtlAnsiStringToUnicodeString (&UnicodeFileName, &FileName,TRUE);
  269. ExFreePool (FileName.Buffer);
  270. if (NT_SUCCESS (Status)) {
  271. pUnicodeFileName = &UnicodeFileName;
  272. }
  273. }
  274. PsCallImageNotifyRoutines (pUnicodeFileName,
  275. Process->UniqueProcessId,
  276. &ImageInfo);
  277. if (pUnicodeFileName != NULL) {
  278. RtlFreeUnicodeString (pUnicodeFileName);
  279. }
  281. //
  282. // and of ntdll.dll
  283. //
  284. ImageInfo.Properties = 0;
  285. ImageInfo.ImageAddressingMode = IMAGE_ADDRESSING_MODE_32BIT;
  286. ImageInfo.ImageBase = PsSystemDllBase;
  287. ImageInfo.ImageSize = 0;
  289. try {
  290. NtHeaders = RtlImageNtHeader (PsSystemDllBase);
  291. if ( NtHeaders ) {
  292. ImageInfo.ImageSize = NtHeaders->OptionalHeader.SizeOfImage;
  293. }
  294. } except(EXCEPTION_EXECUTE_HANDLER) {
  295. ImageInfo.ImageSize = 0;
  296. }
  298. ImageInfo.ImageSelector = 0;
  299. ImageInfo.ImageSectionNumber = 0;
  301. RtlInitUnicodeString (&UnicodeFileName,
  302. L"\\SystemRoot\\System32\\ntdll.dll");
  303. PsCallImageNotifyRoutines (&UnicodeFileName,
  304. Process->UniqueProcessId,
  305. &ImageInfo);
  306. }
  309. Port = Process->DebugPort;
  311. if (Port == NULL) {
  312. return;
  313. }
  315. //
  316. // If we are doing a debug attach, then the create process has
  317. // already occured. If this is the case, then the process has
  318. // accumulated some time, so set reported to true
  319. //
  321. if (Process->Pcb.UserTime) {
  322. PS_SET_BITS (&Process->Flags, PS_PROCESS_FLAGS_CREATE_REPORTED);
  323. }
  325. if ((PS_TEST_SET_BITS (&Process->Flags, PS_PROCESS_FLAGS_CREATE_REPORTED)&PS_PROCESS_FLAGS_CREATE_REPORTED) == 0) {
  327. //
  328. // This is a create process
  329. //
  331. CreateThreadArgs = &m.u.CreateProcessInfo.InitialThread;
  332. CreateThreadArgs->SubSystemKey = 0;
  334. CreateProcessArgs = &m.u.CreateProcessInfo;
  335. CreateProcessArgs->SubSystemKey = 0;
  336. CreateProcessArgs->FileHandle = DbgkpSectionToFileHandle(
  337. Process->SectionObject
  338. );
  339. CreateProcessArgs->BaseOfImage = Process->SectionBaseAddress;
  340. CreateThreadArgs->StartAddress = NULL;
  341. CreateProcessArgs->DebugInfoFileOffset = 0;
  342. CreateProcessArgs->DebugInfoSize = 0;
  344. try {
  345. NtHeaders = RtlImageNtHeader(Process->SectionBaseAddress);
  346. if ( NtHeaders ) {
  347. CreateThreadArgs->StartAddress = (PVOID)(
  348. NtHeaders->OptionalHeader.ImageBase +
  349. NtHeaders->OptionalHeader.AddressOfEntryPoint);
  351. CreateProcessArgs->DebugInfoFileOffset = NtHeaders->FileHeader.PointerToSymbolTable;
  352. CreateProcessArgs->DebugInfoSize = NtHeaders->FileHeader.NumberOfSymbols;
  353. }
  354. } except (EXCEPTION_EXECUTE_HANDLER) {
  355. CreateThreadArgs->StartAddress = NULL;
  356. CreateProcessArgs->DebugInfoFileOffset = 0;
  357. CreateProcessArgs->DebugInfoSize = 0;
  358. }
  360. DBGKM_FORMAT_API_MSG(m,DbgKmCreateProcessApi,sizeof(*CreateProcessArgs));
  362. DbgkpSendApiMessage(&m,FALSE);
  364. if (CreateProcessArgs->FileHandle != NULL) {
  365. ObCloseHandle(CreateProcessArgs->FileHandle, KernelMode);
  366. }
  368. LoadDllArgs = &m.u.LoadDll;
  369. LoadDllArgs->BaseOfDll = PsSystemDllBase;
  370. LoadDllArgs->DebugInfoFileOffset = 0;
  371. LoadDllArgs->DebugInfoSize = 0;
  373. Teb = NULL;
  374. try {
  375. NtHeaders = RtlImageNtHeader(PsSystemDllBase);
  376. if ( NtHeaders ) {
  377. LoadDllArgs->DebugInfoFileOffset = NtHeaders->FileHeader.PointerToSymbolTable;
  378. LoadDllArgs->DebugInfoSize = NtHeaders->FileHeader.NumberOfSymbols;
  379. }
  381. //
  382. // Normaly the ntdll loaded fills in this pointer for the debug API's. We fake it here
  383. // as ntdll isn't loaded yet and it can't load itself.
  384. //
  385. Teb = Thread->Tcb.Teb;
  386. if (Teb != NULL) {
  387. Teb->NtTib.ArbitraryUserPointer = Teb->StaticUnicodeBuffer;
  388. wcsncpy (Teb->StaticUnicodeBuffer,
  389. L"ntdll.dll",
  390. sizeof (Teb->StaticUnicodeBuffer) / sizeof (Teb->StaticUnicodeBuffer[0]));
  391. }
  393. } except (EXCEPTION_EXECUTE_HANDLER) {
  394. LoadDllArgs->DebugInfoFileOffset = 0;
  395. LoadDllArgs->DebugInfoSize = 0;
  396. }
  398. //
  399. // Send load dll section for NT dll !
  400. //
  402. InitializeObjectAttributes(
  403. &Obja,
  404. (PUNICODE_STRING)&PsNtDllPathName,
  405. OBJ_CASE_INSENSITIVE | OBJ_FORCE_ACCESS_CHECK | OBJ_KERNEL_HANDLE,
  406. NULL,
  407. NULL
  408. );
  410. Status = ZwOpenFile(
  411. &LoadDllArgs->FileHandle,
  412. (ACCESS_MASK)(GENERIC_READ | SYNCHRONIZE),
  413. &Obja,
  414. &IoStatusBlock,
  415. FILE_SHARE_DELETE | FILE_SHARE_READ | FILE_SHARE_WRITE,
  416. FILE_SYNCHRONOUS_IO_NONALERT
  417. );
  419. if (!NT_SUCCESS (Status)) {
  420. LoadDllArgs->FileHandle = NULL;
  421. }
  423. DBGKM_FORMAT_API_MSG(m,DbgKmLoadDllApi,sizeof(*LoadDllArgs));
  424. DbgkpSendApiMessage(&m,TRUE);
  426. if (LoadDllArgs->FileHandle != NULL) {
  427. ObCloseHandle(LoadDllArgs->FileHandle, KernelMode);
  428. }
  430. if (Teb != NULL) {
  431. try {
  432. Teb->NtTib.ArbitraryUserPointer = NULL;
  433. } except(EXCEPTION_EXECUTE_HANDLER) {
  434. }
  435. }
  437. } else {
  439. CreateThreadArgs = &m.u.CreateThread;
  440. CreateThreadArgs->SubSystemKey = 0;
  441. CreateThreadArgs->StartAddress = StartAddress;
  443. DBGKM_FORMAT_API_MSG (m,DbgKmCreateThreadApi,sizeof(*CreateThreadArgs));
  445. DbgkpSendApiMessage (&m,TRUE);
  446. }
  447. }
  449. VOID
  450. DbgkExitThread(
  451. NTSTATUS ExitStatus
  452. )
  454. /*++
  456. Routine Description:
  458. This function is called when a new thread terminates. At this
  459. point, the thread will no longer execute in user-mode. No other
  460. exit processing has occured.
  462. If a message is sent, then while the thread is awaiting a reply,
  463. all other threads in the process are suspended.
  465. Arguments:
  467. ExitStatus - Supplies the ExitStatus of the exiting thread.
  469. Return Value:
  471. None.
  473. --*/
  475. {
  476. PVOID Port;
  477. DBGKM_APIMSG m;
  478. PDBGKM_EXIT_THREAD args;
  479. PEPROCESS Process;
  480. BOOLEAN Frozen;
  482. PAGED_CODE();
  484. Process = PsGetCurrentProcess();
  485. if (PsGetCurrentThread()->CrossThreadFlags&PS_CROSS_THREAD_FLAGS_HIDEFROMDBG) {
  486. Port = NULL;
  487. } else {
  488. Port = Process->DebugPort;
  489. }
  491. if ( !Port ) {
  492. return;
  493. }
  495. if (PsGetCurrentThread()->CrossThreadFlags&PS_CROSS_THREAD_FLAGS_DEADTHREAD) {
  496. return;
  497. }
  499. args = &m.u.ExitThread;
  500. args->ExitStatus = ExitStatus;
  502. DBGKM_FORMAT_API_MSG(m,DbgKmExitThreadApi,sizeof(*args));
  504. Frozen = DbgkpSuspendProcess();
  506. DbgkpSendApiMessage(&m,FALSE);
  508. if (Frozen) {
  509. DbgkpResumeProcess();
  510. }
  511. }
  513. VOID
  514. DbgkExitProcess(
  515. NTSTATUS ExitStatus
  516. )
  518. /*++
  520. Routine Description:
  522. This function is called when a process terminates. The address
  523. space of the process is still intact, but no threads exist in
  524. the process.
  526. Arguments:
  528. ExitStatus - Supplies the ExitStatus of the exiting process.
  530. Return Value:
  532. None.
  534. --*/
  536. {
  537. PVOID Port;
  538. DBGKM_APIMSG m;
  539. PDBGKM_EXIT_PROCESS args;
  540. PEPROCESS Process;
  542. PAGED_CODE();
  544. Process = PsGetCurrentProcess();
  546. if (PsGetCurrentThread()->CrossThreadFlags&PS_CROSS_THREAD_FLAGS_HIDEFROMDBG) {
  547. Port = NULL;
  548. } else {
  549. Port = Process->DebugPort;
  550. }
  552. if ( !Port ) {
  553. return;
  554. }
  556. if (PsGetCurrentThread()->CrossThreadFlags&PS_CROSS_THREAD_FLAGS_DEADTHREAD) {
  557. return;
  558. }
  560. //
  561. // this ensures that other timed lockers of the process will bail
  562. // since this call is done while holding the process lock, and lock duration
  563. // is controlled by debugger
  564. //
  565. KeQuerySystemTime(&PsGetCurrentProcess()->ExitTime);
  567. args = &m.u.ExitProcess;
  568. args->ExitStatus = ExitStatus;
  570. DBGKM_FORMAT_API_MSG(m,DbgKmExitProcessApi,sizeof(*args));
  572. DbgkpSendApiMessage(&m,FALSE);
  574. }
  576. VOID
  577. DbgkMapViewOfSection(
  578. IN PVOID SectionObject,
  579. IN PVOID BaseAddress,
  580. IN ULONG SectionOffset,
  581. IN ULONG_PTR ViewSize
  582. )
  584. /*++
  586. Routine Description:
  588. This function is called when the current process successfully
  589. maps a view of an image section. If the process has an associated
  590. debug port, then a load dll message is sent.
  592. Arguments:
  594. SectionObject - Supplies a pointer to the section mapped by the
  595. process.
  597. BaseAddress - Supplies the base address of where the section is
  598. mapped in the current process address space.
  600. SectionOffset - Supplies the offset in the section where the
  601. processes mapped view begins.
  603. ViewSize - Supplies the size of the mapped view.
  605. Return Value:
  607. None.
  609. --*/
  611. {
  613. PVOID Port;
  614. DBGKM_APIMSG m;
  615. PDBGKM_LOAD_DLL LoadDllArgs;
  616. PEPROCESS Process;
  617. PIMAGE_NT_HEADERS NtHeaders;
  619. PAGED_CODE();
  621. UNREFERENCED_PARAMETER (SectionOffset);
  622. UNREFERENCED_PARAMETER (ViewSize);
  624. if ( KeGetPreviousMode() == KernelMode ) {
  625. return;
  626. }
  628. Process = PsGetCurrentProcess();
  630. if (PsGetCurrentThread()->CrossThreadFlags&PS_CROSS_THREAD_FLAGS_HIDEFROMDBG) {
  631. Port = NULL;
  632. } else {
  633. Port = Process->DebugPort;
  634. }
  636. if ( !Port ) {
  637. return;
  638. }
  640. LoadDllArgs = &m.u.LoadDll;
  641. LoadDllArgs->FileHandle = DbgkpSectionToFileHandle(SectionObject);
  642. LoadDllArgs->BaseOfDll = BaseAddress;
  643. LoadDllArgs->DebugInfoFileOffset = 0;
  644. LoadDllArgs->DebugInfoSize = 0;
  646. try {
  647. NtHeaders = RtlImageNtHeader(BaseAddress);
  648. if ( NtHeaders ) {
  649. LoadDllArgs->DebugInfoFileOffset = NtHeaders->FileHeader.PointerToSymbolTable;
  650. LoadDllArgs->DebugInfoSize = NtHeaders->FileHeader.NumberOfSymbols;
  651. }
  652. }
  653. except(EXCEPTION_EXECUTE_HANDLER) {
  654. LoadDllArgs->DebugInfoFileOffset = 0;
  655. LoadDllArgs->DebugInfoSize = 0;
  656. }
  658. DBGKM_FORMAT_API_MSG(m,DbgKmLoadDllApi,sizeof(*LoadDllArgs));
  660. DbgkpSendApiMessage(&m,TRUE);
  661. if (LoadDllArgs->FileHandle != NULL) {
  662. ObCloseHandle(LoadDllArgs->FileHandle, KernelMode);
  663. }
  664. }
  666. VOID
  667. DbgkUnMapViewOfSection(
  668. IN PVOID BaseAddress
  669. )
  671. /*++
  673. Routine Description:
  675. This function is called when the current process successfully
  676. un maps a view of an image section. If the process has an associated
  677. debug port, then an "unmap view of section" message is sent.
  679. Arguments:
  681. BaseAddress - Supplies the base address of the section being
  682. unmapped.
  684. Return Value:
  686. None.
  688. --*/
  690. {
  692. PVOID Port;
  693. DBGKM_APIMSG m;
  694. PDBGKM_UNLOAD_DLL UnloadDllArgs;
  695. PEPROCESS Process;
  697. PAGED_CODE();
  699. Process = PsGetCurrentProcess();
  701. if ( KeGetPreviousMode() == KernelMode ) {
  702. return;
  703. }
  705. if (PsGetCurrentThread()->CrossThreadFlags&PS_CROSS_THREAD_FLAGS_HIDEFROMDBG) {
  706. Port = NULL;
  707. } else {
  708. Port = Process->DebugPort;
  709. }
  711. if ( !Port ) {
  712. return;
  713. }
  715. UnloadDllArgs = &m.u.UnloadDll;
  716. UnloadDllArgs->BaseAddress = BaseAddress;
  718. DBGKM_FORMAT_API_MSG(m,DbgKmUnloadDllApi,sizeof(*UnloadDllArgs));
  720. DbgkpSendApiMessage(&m,TRUE);
  721. }