mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2417 lines
66 KiB
2417 lines
66 KiB
/*++
|
|
|
|
Copyright (c) 1993-2000 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
setupext.c
|
|
|
|
Abstract:
|
|
|
|
This file contains the generic routines and initialization code
|
|
for the kernel debugger extensions dll.
|
|
|
|
--*/
|
|
|
|
#define KDEXT_64BIT
|
|
|
|
#include <windows.h>
|
|
#include <wdbgexts.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
|
|
#include <ntverp.h>
|
|
|
|
//
|
|
// BUGBUG - need to find better way to get these values
|
|
//
|
|
|
|
#define HASH_BUCKET_COUNT 509
|
|
#define WizPagesTypeMax 7
|
|
#define LOADED_INF_SIG 0x24666e49
|
|
#define INF_STYLE_NONE 0x00000000 // unrecognized or non-existent
|
|
#define INF_STYLE_OLDNT 0x00000001 // winnt 3.x
|
|
#define INF_STYLE_WIN4 0x00000002 // Win95
|
|
#define SPOST_NONE 0
|
|
#define SPOST_PATH 1
|
|
#define SPOST_URL 2
|
|
#define SPOST_MAX 3
|
|
#define DRIVERSIGN_NONE 0x00000000
|
|
#define DRIVERSIGN_WARNING 0x00000001
|
|
#define DRIVERSIGN_BLOCKING 0x00000002
|
|
#define SP_FILE_QUEUE_SIG 0xc78e1098
|
|
#define FILEOP_COPY 0
|
|
#define FILEOP_RENAME 1
|
|
#define FILEOP_DELETE 2
|
|
#define FILEOP_ABORT 0
|
|
#define FILEOP_DOIT 1
|
|
#define FILEOP_SKIP 2
|
|
#define FILEOP_RETRY FILEOP_DOIT
|
|
#define FILEOP_NEWPATH 4
|
|
|
|
//
|
|
// Local function prototypes
|
|
//
|
|
|
|
VOID
|
|
UtilGetWStringField (
|
|
ULONG64 Address,
|
|
PUCHAR Structure,
|
|
PUCHAR Field,
|
|
PWCHAR Buffer,
|
|
ULONG Size
|
|
);
|
|
|
|
VOID
|
|
UtilReadWString (
|
|
ULONG64 Address,
|
|
PWCHAR Buffer,
|
|
ULONG64 Size
|
|
);
|
|
|
|
VOID
|
|
UtilDumpHex (
|
|
PUCHAR Buffer,
|
|
ULONG Size
|
|
);
|
|
|
|
VOID
|
|
DumpUnwindList(
|
|
ULONG64 pun,
|
|
BOOL recursive
|
|
);
|
|
|
|
VOID
|
|
DumpTargetEnt(
|
|
ULONG64 pte
|
|
);
|
|
|
|
VOID
|
|
DumpDelayMoveList(
|
|
ULONG64 pdn,
|
|
BOOL recursive
|
|
);
|
|
|
|
VOID
|
|
DumpFileQueueNodeList(
|
|
ULONG64 pfqn,
|
|
ULONG64 mask,
|
|
BOOL recursive
|
|
);
|
|
|
|
VOID
|
|
DumpSourceMediaInfoList(
|
|
ULONG64 smi,
|
|
ULONG64 mask,
|
|
BOOL recursive
|
|
);
|
|
|
|
VOID
|
|
DumpCatalogInfoList(
|
|
ULONG64 ci,
|
|
ULONG64 mask,
|
|
BOOL recursive
|
|
);
|
|
|
|
VOID
|
|
DumpAltPlatformInfo(
|
|
ULONG64 api
|
|
);
|
|
|
|
VOID
|
|
DumpXFile(
|
|
ULONG64 pxf,
|
|
ULONG64 mask
|
|
);
|
|
|
|
VOID
|
|
DumpXDirectory(
|
|
ULONG64 pxdir,
|
|
ULONG64 mask
|
|
);
|
|
|
|
VOID
|
|
DumpXDrive(
|
|
ULONG64 pxd,
|
|
ULONG64 mask
|
|
);
|
|
|
|
VOID
|
|
DumpInfVersionNode(
|
|
ULONG64 ver
|
|
);
|
|
|
|
VOID
|
|
DumpInfLine(
|
|
ULONG64 line,
|
|
ULONG64 valuedata
|
|
);
|
|
|
|
VOID
|
|
DumpStringTableHeader(
|
|
ULONG64 st
|
|
);
|
|
|
|
VOID
|
|
DumpInfSection(
|
|
ULONG64 section,
|
|
ULONG64 linedata,
|
|
ULONG64 valuedata
|
|
);
|
|
|
|
ULONG64
|
|
GetStringTableData(
|
|
ULONG64 st
|
|
);
|
|
|
|
ULONG64
|
|
GetFirstNode(
|
|
ULONG64 stdata,
|
|
ULONG64 offset,
|
|
PULONG64 poffset
|
|
);
|
|
|
|
ULONG64
|
|
GetNextNode(
|
|
ULONG64 stdata,
|
|
ULONG64 node,
|
|
PULONG64 offset
|
|
);
|
|
|
|
BOOL
|
|
CheckInterupted(
|
|
VOID
|
|
);
|
|
|
|
LPCSTR
|
|
GetWizPage(
|
|
DWORD i
|
|
);
|
|
|
|
VOID
|
|
DumpOcComponent(
|
|
ULONG64 offset,
|
|
ULONG64 node,
|
|
ULONG64 pcomp
|
|
);
|
|
|
|
|
|
//
|
|
// globals
|
|
//
|
|
EXT_API_VERSION ApiVersion = { (VER_PRODUCTVERSION_W >> 8), (VER_PRODUCTVERSION_W & 0xff), EXT_API_VERSION_NUMBER64, 0 };
|
|
WINDBG_EXTENSION_APIS ExtensionApis;
|
|
USHORT SavedMajorVersion;
|
|
USHORT SavedMinorVersion;
|
|
|
|
ULONG64 EXPRLastDump = 0;
|
|
|
|
|
|
//
|
|
// this string is for supporting both the old and the new way of getting
|
|
// data from the kernel. Maybe it will go away soon.
|
|
//
|
|
char ___SillyString[200];
|
|
|
|
|
|
|
|
DllInit(
|
|
HANDLE hModule,
|
|
DWORD dwReason,
|
|
DWORD dwReserved
|
|
)
|
|
{
|
|
switch (dwReason) {
|
|
case DLL_THREAD_ATTACH:
|
|
break;
|
|
|
|
case DLL_THREAD_DETACH:
|
|
break;
|
|
|
|
case DLL_PROCESS_DETACH:
|
|
break;
|
|
|
|
case DLL_PROCESS_ATTACH:
|
|
break;
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
VOID
|
|
WinDbgExtensionDllInit(
|
|
PWINDBG_EXTENSION_APIS64 lpExtensionApis, // 64Bit Change
|
|
USHORT MajorVersion,
|
|
USHORT MinorVersion
|
|
)
|
|
{
|
|
ExtensionApis = *lpExtensionApis;
|
|
|
|
SavedMajorVersion = MajorVersion;
|
|
SavedMinorVersion = MinorVersion;
|
|
|
|
return;
|
|
}
|
|
|
|
VOID
|
|
CheckVersion(
|
|
VOID
|
|
)
|
|
{
|
|
return;
|
|
}
|
|
|
|
|
|
LPEXT_API_VERSION
|
|
ExtensionApiVersion(
|
|
VOID
|
|
)
|
|
{
|
|
return &ApiVersion;
|
|
}
|
|
|
|
VOID
|
|
UtilGetWStringField (
|
|
ULONG64 Address,
|
|
PUCHAR Structure,
|
|
PUCHAR Field,
|
|
PWCHAR Buffer,
|
|
ULONG Size
|
|
)
|
|
{
|
|
ULONG offset = 0;
|
|
GetFieldOffset (Structure, Field, &offset);
|
|
UtilReadWString (offset + Address, Buffer, Size);
|
|
}
|
|
|
|
|
|
VOID
|
|
UtilReadWString (
|
|
ULONG64 Address,
|
|
PWCHAR Buffer,
|
|
ULONG64 Size
|
|
)
|
|
{
|
|
ULONG64 count = 0;
|
|
|
|
ZeroMemory (Buffer, (ULONG) Size);
|
|
|
|
while (1)
|
|
{
|
|
|
|
if (count == (Size-1)) {
|
|
break;
|
|
}
|
|
|
|
ReadMemory (Address + (count * sizeof (WCHAR)),
|
|
Buffer + count,
|
|
sizeof (WCHAR),
|
|
NULL);
|
|
|
|
if (!Buffer[count]) {
|
|
break;
|
|
}
|
|
|
|
count ++;
|
|
}
|
|
}
|
|
|
|
|
|
ULONG64
|
|
UtilStringToUlong64 (
|
|
UCHAR *String
|
|
)
|
|
{
|
|
ULONG64 ReturnValue = 0;
|
|
sscanf (String, "%I64x", &ReturnValue);
|
|
|
|
return ReturnValue;
|
|
}
|
|
|
|
|
|
|
|
VOID
|
|
UtilDumpHex (
|
|
PUCHAR Buffer,
|
|
ULONG Size
|
|
)
|
|
{
|
|
ULONG count = 0, count2 = 0;
|
|
|
|
dprintf ("\n%08lx:", Buffer);
|
|
|
|
while (count < Size) {
|
|
|
|
if (! (count%16) && count) {
|
|
dprintf ("|");
|
|
for (count2 = 16; count2; count2--) {
|
|
|
|
if (Buffer[count - count2] >= 0x30) {
|
|
dprintf ("%c", (UCHAR) Buffer[count - count2]);
|
|
} else {
|
|
dprintf (".");
|
|
}
|
|
}
|
|
dprintf ("\n%08lx:", Buffer + count);
|
|
}
|
|
dprintf ("%02x ", (UCHAR) Buffer[count]);
|
|
count ++;
|
|
}
|
|
}
|
|
|
|
VOID
|
|
DumpUnwindList(
|
|
ULONG64 pun,
|
|
BOOL recursive
|
|
)
|
|
{
|
|
InitTypeRead (pun, SETUPAPI!SP_UNWIND_NODE);
|
|
|
|
dprintf( "\t\t***SP_UNWIND_NODE structure***\n" );
|
|
dprintf( "\t\t NextNode : 0x%I64x\n", ReadField (NextNode));
|
|
dprintf( "\t\t TargetID : 0x%I64x\n", ReadField (TargetID));
|
|
dprintf( "\t\t SecurityDesc : 0x%I64x\n", ReadField (SecurityDesc));
|
|
dprintf( "\t\t CreateTime : 0x%I64x 0x%I64x\n",
|
|
ReadField (CreateTime.dwLowDateTime),
|
|
ReadField (CreateTime.dwHighDateTime));
|
|
|
|
dprintf( "\t\t AccessTime : 0x%I64x 0x%I64x\n",
|
|
ReadField (AccessTime.dwLowDateTime),
|
|
ReadField (AccessTime.dwHighDateTime));
|
|
|
|
dprintf( "\t\t WriteTime : 0x%I64x 0x%I64x\n",
|
|
ReadField (WriteTime.dwLowDateTime),
|
|
ReadField (WriteTime.dwHighDateTime));
|
|
|
|
if (ReadField (NextNode) && recursive) {
|
|
|
|
if (CheckInterupted()) {
|
|
return;
|
|
}
|
|
|
|
DumpUnwindList(ReadField (NextNode), TRUE );
|
|
}
|
|
|
|
}
|
|
|
|
|
|
VOID
|
|
DumpTargetEnt(
|
|
ULONG64 pte
|
|
)
|
|
{
|
|
InitTypeRead (pte, SETUPAPI!SP_TARGET_ENT);
|
|
|
|
dprintf( "\t\t***SP_TARGET_ENT structure***\n" );
|
|
dprintf( "\t\t TargetRoot : 0x%I64x\n", ReadField (TargetRoot));
|
|
dprintf( "\t\t TargetSubDir : 0x%I64x\n", ReadField (TargetSubDir));
|
|
dprintf( "\t\t TargetFilename : 0x%I64\n", ReadField (TargetFilename));
|
|
dprintf( "\t\t BackupRoot : 0x%I64x\n", ReadField (BackupRoot));
|
|
dprintf( "\t\t BackupSubDir : 0x%I64x\n", ReadField (BackupSubDir));
|
|
dprintf( "\t\t BackupFilename : 0x%I64x\n", ReadField (BackupFilename));
|
|
dprintf( "\t\t NewTargetFilename : 0x%I64x\n", ReadField (NewTargetFilename));
|
|
dprintf( "\t\t InternalFlags : 0x%I64x\n", ReadField (InternalFlags));
|
|
}
|
|
|
|
VOID
|
|
DumpDelayMoveList(
|
|
ULONG64 pdn,
|
|
BOOL recursive
|
|
)
|
|
{
|
|
InitTypeRead (pdn, SETUPAPI!SP_DELAYMOVE_NODE);
|
|
|
|
dprintf( "\t\t***SP_DELAYMOVE_NODE structure***\n" );
|
|
dprintf( "\t\t NextNode : 0x%I64x\n", ReadField (NextNode));
|
|
dprintf( "\t\t SourceFilename : 0x%I64x\n", ReadField (SourceFilename));
|
|
dprintf( "\t\t TargetFilename : 0x%I64x\n", ReadField (TargetFilename));
|
|
dprintf( "\t\t SecurityDesc (stringtable index) : 0x%I64x\n", ReadField (SecurityDesc));
|
|
|
|
if (ReadField (NextNode) && recursive) {
|
|
if (CheckInterupted()) {
|
|
return;
|
|
}
|
|
DumpDelayMoveList( ReadField (Next), TRUE );
|
|
}
|
|
|
|
}
|
|
|
|
VOID
|
|
DumpFileQueueNodeList(
|
|
ULONG64 pfqn,
|
|
ULONG64 mask,
|
|
BOOL recursive
|
|
)
|
|
|
|
{
|
|
InitTypeRead (pfqn, SP_FILE_QUEUE_NODE);
|
|
|
|
dprintf( "\t\t***SP_FILE_QUEUE_NODE structure***\n" );
|
|
dprintf( "\t\t Next : 0x%I64x\n", ReadField (Next));
|
|
dprintf( "\t\t Operation : 0x%I64x ( %s )\n", ReadField (Operation),
|
|
(ReadField (Operation) == FILEOP_DELETE) ? "DELETE" :
|
|
(ReadField (Operation) == FILEOP_RENAME) ? "RENAME" :
|
|
"COPY" );
|
|
|
|
|
|
dprintf( "\t\t SourceRootPath : 0x%I64x\n", ReadField (SourceRootPath));
|
|
dprintf( "\t\t SourcePath : 0x%I64x\n", ReadField (SourcePath));
|
|
dprintf( "\t\t SourceFilename : 0x%I64x\n", ReadField (SourceFilename));
|
|
dprintf( "\t\t TargetDirectory : 0x%I64x\n", ReadField (TargetDirectory));
|
|
dprintf( "\t\t SecurityDesc : 0x%I64x\n", ReadField (SecurityDesc));
|
|
|
|
dprintf( "\t\t SourceMediaInfo : 0x%I64x\n", ReadField (SourceMediaInfo));
|
|
if (ReadField (SourceMediaInfo) && recursive) {
|
|
if (CheckInterupted()) {
|
|
return;
|
|
}
|
|
DumpSourceMediaInfoList( ReadField (SourceMediaInfo), mask, FALSE );
|
|
InitTypeRead (pfqn, SP_FILE_QUEUE_NODE);
|
|
}
|
|
|
|
dprintf( "\t\t StyleFlags : 0x%I64x\n", ReadField (StyleFlags));
|
|
dprintf( "\t\t InternalFlags : 0x%I64x\n", ReadField (InternalFlags));
|
|
|
|
dprintf( "\t\t CatalogInfo : 0x%I64x\n", ReadField (CatalogInfo));
|
|
|
|
if (ReadField (CatalogInfo) && recursive) {
|
|
if (CheckInterupted()) {
|
|
return;
|
|
}
|
|
DumpCatalogInfoList( ReadField (CatalogInfo), mask, FALSE );
|
|
InitTypeRead (pfqn, SP_FILE_QUEUE_NODE);
|
|
}
|
|
|
|
if (ReadField (Next) && recursive) {
|
|
|
|
DumpFileQueueNodeList( ReadField (Next), mask, TRUE );
|
|
}
|
|
|
|
}
|
|
|
|
|
|
VOID
|
|
DumpSourceMediaInfoList(
|
|
ULONG64 smi,
|
|
ULONG64 mask,
|
|
BOOL recursive
|
|
)
|
|
{
|
|
InitTypeRead (smi, SETUPAPI!SOURCE_MEDIA_INFO);
|
|
|
|
dprintf( "\t\t***SOURCE_MEDIA_INFO structure***\n" );
|
|
dprintf( "\t\t Next : 0x%I64x\n", ReadField (Next));
|
|
dprintf( "\t\t Description : 0x%I64x\n", ReadField (Description));
|
|
dprintf( "\t\t DescriptionDisplayName : 0x%I64x\n", ReadField (DescriptionDisplayName));
|
|
dprintf( "\t\t Tagfile : 0x%I64x\n", ReadField (Tagfile));
|
|
dprintf( "\t\t SourceRootPath : 0x%I64x\n", ReadField (SourceRootPath));
|
|
dprintf( "\t\t CopyQueue : 0x%I64x\n", ReadField (CopyQueue));
|
|
|
|
if (ReadField (CopyQueue) && (mask & 8) && recursive) {
|
|
|
|
if (CheckInterupted()) {
|
|
return;
|
|
}
|
|
|
|
DumpFileQueueNodeList( ReadField (CopyQueue), mask, FALSE );
|
|
InitTypeRead (smi, SETUPAPI!SOURCE_MEDIA_INFO);
|
|
}
|
|
|
|
dprintf( "\t\t CopyNodeCount : 0x%I64x\n", ReadField (CopyNodeCount));
|
|
dprintf( "\t\t Flags : 0x%I64x\n", ReadField (Flags));
|
|
|
|
if (ReadField (Next) && recursive) {
|
|
if (CheckInterupted()) {
|
|
return;
|
|
}
|
|
DumpSourceMediaInfoList( ReadField (next), mask, TRUE );
|
|
}
|
|
|
|
}
|
|
|
|
VOID
|
|
DumpCatalogInfoList(
|
|
ULONG64 ci,
|
|
ULONG64 mask,
|
|
BOOL recursive
|
|
)
|
|
{
|
|
WCHAR Buffer[200];
|
|
|
|
InitTypeRead (ci, SETUPAPI!SPQ_CATALOG_INFO);
|
|
|
|
dprintf( "\t\t***SPQ_CATALOG_INFO structure***\n" );
|
|
dprintf( "\t\t Next : 0x%I64x\n", ReadField (Next));
|
|
dprintf( "\t\t CatalogFileFromInf : 0x%I64x\n", ReadField (CatalogFileFromInf));
|
|
dprintf( "\t\t AltCatalogFileFromInf : 0x%I64x\n", ReadField (AltCatalogFileFromInf));
|
|
dprintf( "\t\t AltCatalogFileFromInfPending : 0x%I64x\n", ReadField (AltCatalogFileFromInfPending));
|
|
dprintf( "\t\t InfFullPath : 0x%I64x\n", ReadField (InfFullPath));
|
|
dprintf( "\t\t InfOriginalName : 0x%I64x\n", ReadField (InfOriginalName));
|
|
dprintf( "\t\t InfFinalPath : 0x%I64x\n", ReadField (InfFinalPath));
|
|
dprintf( "\t\t VerificationFailureError : 0x%I64x\n", ReadField (VerificationFailureError));
|
|
dprintf( "\t\t Flags : 0x%I64x\n", ReadField (Flags));
|
|
|
|
UtilGetWStringField (ci, "SETUPAPI!SPQ_CATALOG_INFO", "CatalogFilenameOnSystem", Buffer, sizeof (Buffer));
|
|
dprintf( "\t\t CatalogFilenameOnSystem : %ws\n", Buffer);
|
|
|
|
if (ReadField (Next) && recursive) {
|
|
if (CheckInterupted()) {
|
|
return;
|
|
}
|
|
DumpCatalogInfoList(ReadField (Next), mask, TRUE ) ;
|
|
}
|
|
|
|
}
|
|
|
|
VOID
|
|
DumpAltPlatformInfo(
|
|
ULONG64 api
|
|
)
|
|
{
|
|
InitTypeRead (api, SETUPAPI!SP_ALTPLATFORM_INFO);
|
|
|
|
dprintf( "\t\t***SP_ALT_PLATFORM_INFO structure***\n" );
|
|
dprintf( "\t\t cbSize : 0x%I64x\n", ReadField (cbSize));
|
|
dprintf( "\t\t Platform : 0x%I64x\n", ReadField (Platform));
|
|
dprintf( "\t\t MajorVersion : 0x%I64x\n", ReadField (MajorVersion));
|
|
dprintf( "\t\t MinorVersion : 0x%I64x\n", ReadField (MinorVersion));
|
|
dprintf( "\t\t ProcessorArchitecture : 0x%I64x\n", ReadField (ProcessorArchitecture));
|
|
dprintf( "\t\t Reserved : 0x%I64x\n", ReadField (Reserved));
|
|
|
|
}
|
|
|
|
|
|
VOID
|
|
DumpXFile(
|
|
ULONG64 pxf,
|
|
ULONG64 mask
|
|
)
|
|
{
|
|
if ((mask & 4) == 0 ) {
|
|
return;
|
|
}
|
|
|
|
InitTypeRead (pxf, SETUPAPI!XFILE);
|
|
|
|
dprintf( "\t\t ***XFILE structure***\n" );
|
|
dprintf( "\t\t CurrentSize : 0x%I64x", ReadField (CurrentSize));
|
|
if (ReadField (CurrentSize) == -1) {
|
|
dprintf( " (doesn't currently exist)" );
|
|
}
|
|
|
|
dprintf( "\n\t\t NewSize : 0x%I64x", ReadField (NewSize));
|
|
|
|
if (ReadField (NewSize) == -1) {
|
|
dprintf( " (will be deleted)" );
|
|
}
|
|
dprintf("\n");
|
|
|
|
}
|
|
|
|
VOID
|
|
DumpXDirectory(
|
|
ULONG64 pxdir,
|
|
ULONG64 mask
|
|
)
|
|
{
|
|
ULONG64 pst;
|
|
DWORD i;
|
|
ULONG64 offset;
|
|
ULONG64 stdata = 0,pextradata = 0;
|
|
//STRING_TABLE st;
|
|
//PSTRING_NODEW node;//, prev;
|
|
//PXFILE pxf;
|
|
ULONG64 node = 0, boffset = 0, count = 0;
|
|
WCHAR Buffer [200];
|
|
ULONG64 pxf = 0;
|
|
|
|
if ((mask & 2) == 0 ) {
|
|
return;
|
|
}
|
|
|
|
InitTypeRead (pxdir, SETUPAPI!XDIRECTORY);
|
|
|
|
dprintf( "\t\t ***XDIRECTORY structure***\n");
|
|
dprintf( "\t\t SpaceRequired : 0x%x\n", ReadField (SpaceRequired));
|
|
dprintf( "\t\t FilesTable : 08%08x\n", ReadField (FilesTable));
|
|
|
|
pst = ReadField (FilesTable);
|
|
|
|
DumpStringTableHeader (pst);
|
|
stdata = GetStringTableData (pst);
|
|
|
|
if (!stdata) {
|
|
dprintf("error retrieving string table data!\n");
|
|
return;
|
|
}
|
|
|
|
//
|
|
// now, dump each node in the string table
|
|
//
|
|
for (i = 0; i<HASH_BUCKET_COUNT; i++ ) {
|
|
node = GetFirstNode(stdata, (stdata + (GetTypeSize ("SETUPAPI!ULONG_PTR") * i)), &offset );
|
|
|
|
if (!node) {
|
|
// dprintf("No data at hash bucket %d\n", i);
|
|
} else {
|
|
dprintf("Data at hash bucket %d\n", i);
|
|
while (node) {
|
|
|
|
boffset = GetTypeSize ("SETUPAPI!ULONG_PTR");
|
|
count = 0;
|
|
|
|
while (1)
|
|
{
|
|
|
|
if (count == sizeof (Buffer)) {
|
|
break;
|
|
}
|
|
|
|
ReadMemory (node + boffset + count,
|
|
(PWCHAR) &Buffer + count/2,
|
|
sizeof (WCHAR),
|
|
NULL);
|
|
|
|
if (!Buffer[count/2]) {
|
|
break;
|
|
}
|
|
|
|
count +=2;
|
|
}
|
|
|
|
dprintf("\tEntry Name:\t%ws (0x%08x)\n", Buffer, offset);
|
|
InitTypeRead (pst, SETUPAPI!STRING_TABLE);
|
|
pxf = ReadField (Data) + offset + (wcslen(Buffer) + 1)*sizeof(WCHAR) + sizeof(DWORD);
|
|
DumpXFile(pxf, mask );
|
|
|
|
node = GetNextNode( stdata, node, &offset );
|
|
|
|
if (CheckInterupted()) {
|
|
return;
|
|
}
|
|
}
|
|
}
|
|
|
|
if (CheckInterupted()) {
|
|
return;
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
VOID
|
|
DumpXDrive(
|
|
ULONG64 pxd,
|
|
ULONG64 mask
|
|
)
|
|
{
|
|
DWORD i;
|
|
ULONG64 offset = 0;
|
|
ULONG64 stdata = 0, pextradata = 0, pst = 0;
|
|
//STRING_TABLE st;
|
|
//PSTRING_NODEW node;//, prev;
|
|
//PXDIRECTORY pxdir;
|
|
ULONG64 node = 0, pxdir = 0, boffset = 0, count = 0;
|
|
WCHAR Buffer [200];
|
|
|
|
if ((mask & 1) == 0) {
|
|
return;
|
|
}
|
|
|
|
InitTypeRead (pxd, SETUPAPI!XDRIVE);
|
|
|
|
dprintf( "\t\t***XDRIVE structure***\n");
|
|
dprintf( "\t\t SpaceRequired : 0x%I64x\n", ReadField (SpaceRequired));
|
|
dprintf( "\t\t BytesPerCluster : 0x%I64x\n", ReadField (BytesPerCluster));
|
|
dprintf( "\t\t Slop : 0x%I64x\n", ReadField (Slop));
|
|
dprintf( "\t\t DirsTable : 0x%016I64x\n", ReadField (DirsTable));
|
|
|
|
pst = ReadField (DirsTable);
|
|
|
|
DumpStringTableHeader (pst);
|
|
|
|
stdata = GetStringTableData(pst );
|
|
|
|
if (!stdata) {
|
|
dprintf("error retrieving string table data!\n");
|
|
return;
|
|
}
|
|
|
|
//
|
|
// now, dump each node in the string table
|
|
//
|
|
for (i = 0; i<HASH_BUCKET_COUNT; i++ ) {
|
|
node = GetFirstNode(stdata, (stdata + (GetTypeSize ("SETUPAPI!ULONG_PTR") * i)), &offset );
|
|
|
|
if (!node) {
|
|
// dprintf("No data at hash bucket %d\n", i);
|
|
} else {
|
|
dprintf("Data at hash bucket %d\n", i);
|
|
while (node) {
|
|
|
|
boffset = GetTypeSize ("SETUPAPI!ULONG_PTR");
|
|
count = 0;
|
|
|
|
while (1)
|
|
{
|
|
|
|
if (count == sizeof (Buffer)) {
|
|
break;
|
|
}
|
|
|
|
ReadMemory (node + boffset + count,
|
|
(PWCHAR) &Buffer + count/2,
|
|
sizeof (WCHAR),
|
|
NULL);
|
|
|
|
if (!Buffer[count/2]) {
|
|
break;
|
|
}
|
|
|
|
count +=2;
|
|
}
|
|
|
|
dprintf("\tEntry Name:\t%ws (0x%08x)\n", Buffer, offset);
|
|
InitTypeRead (pst, SETUPAPI!STRING_TABLE);
|
|
pxdir = ReadField (Data) + offset + (wcslen(Buffer) + 1)*sizeof(WCHAR) + sizeof(DWORD);
|
|
DumpXDirectory(pxdir, mask );
|
|
|
|
node = GetNextNode( stdata, node, &offset );
|
|
|
|
if (CheckInterupted()) {
|
|
return;
|
|
}
|
|
}
|
|
}
|
|
|
|
if (CheckInterupted()) {
|
|
return;
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
VOID
|
|
DumpInfVersionNode(
|
|
ULONG64 ver
|
|
)
|
|
{
|
|
WCHAR Buffer[200];
|
|
|
|
InitTypeRead (ver, SETUPAPI!INF_VERSION_NODE);
|
|
|
|
dprintf("***INF_VERSION_NODE***\n");
|
|
dprintf("\t FilenameSize : 0x%x\n", ReadField (FilenameSize));
|
|
dprintf("\t DataBlock : 0x%x\n", ReadField (DataBlock));
|
|
dprintf("\t DataSize : 0x%x\n", ReadField (DataSize));
|
|
dprintf("\t DatumCount : 0x%x\n", ReadField (DatumCount));
|
|
|
|
UtilGetWStringField (ver, "SETUPAPI!INF_VERSION_NODE", "Filename", Buffer, sizeof (Buffer));
|
|
dprintf("\t Filename : %ws\n", Buffer);
|
|
|
|
return;
|
|
}
|
|
|
|
VOID
|
|
DumpInfLine(
|
|
ULONG64 line,
|
|
ULONG64 valuedata
|
|
)
|
|
{
|
|
DWORD i;
|
|
ULONG64 ptr = 0;
|
|
ULONG64 data = 0;
|
|
ULONG ulongptrsize = GetTypeSize ("SETUPAPI!ULONG_PTR");
|
|
|
|
InitTypeRead (line, SETUPAPI!INF_LINE);
|
|
|
|
dprintf("\t ValueCount : 0x%I64x\n", ReadField (ValueCount));
|
|
dprintf("\t Flags : 0x%I64x\n", ReadField (Flags));
|
|
dprintf("\t Values : 0x%I64x\n", ReadField (Values));
|
|
|
|
if (ReadField (Flags) > 3) {
|
|
return;
|
|
}
|
|
|
|
for (i = 0; i< ReadField (ValueCount); i++) {
|
|
ptr = valuedata + (ReadField (Values) * ulongptrsize) + (i * ulongptrsize);
|
|
ReadMemory (ptr, &data, ulongptrsize, NULL);
|
|
|
|
dprintf("\t data [%ld] : 0x%I64x [0x%I64x]\n", i, ptr, data);
|
|
|
|
if (CheckInterupted()) {
|
|
return;
|
|
}
|
|
}
|
|
}
|
|
|
|
VOID
|
|
DumpInfSection(
|
|
ULONG64 section,
|
|
ULONG64 linedata,
|
|
ULONG64 valuedata
|
|
)
|
|
{
|
|
DWORD i;
|
|
//INF_LINE line;
|
|
ULONG64 line;
|
|
ULONG64 data;
|
|
|
|
InitTypeRead (section, SETUPAPI!INF_SECTION);
|
|
|
|
dprintf("***INF_SECTION***\n");
|
|
dprintf("\t SectionName : 0x%I64x\n", ReadField (SectionName));
|
|
dprintf("\t LineCount : 0x%I64x\n", ReadField (LineCount));
|
|
dprintf("\t Lines : 0x%I64x\n", ReadField (Lines));
|
|
|
|
for (i = 0; i< ReadField (LineCount); i++) {
|
|
|
|
data = linedata + (GetTypeSize ("SETUPAPI!INF_LINE") * ReadField (Lines)) + GetTypeSize ("SETUPAPI!INF_LINE") * i;
|
|
dprintf("***INF_LINE [%ld] at 0x%I64x***\n", i, data);
|
|
|
|
DumpInfLine (data, valuedata);
|
|
|
|
//
|
|
// Have to reinit type read because of DumpInfLine
|
|
//
|
|
|
|
InitTypeRead (section, SETUPAPI!INF_SECTION);
|
|
|
|
if (CheckInterupted()) {
|
|
return;
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
VOID
|
|
DumpStringTableHeader(
|
|
ULONG64 st
|
|
)
|
|
{
|
|
//
|
|
// dump the string table header
|
|
//
|
|
|
|
InitTypeRead (st, SETUPAPI!STRING_TABLE);
|
|
|
|
dprintf("\tBase Data ptr:\t0x%016I64x\n", ReadField (Data));
|
|
dprintf("\tDataSize:\t0x%016I64x\n", ReadField (DataSize));
|
|
dprintf("\tBufferSize:\t0x%016I64x\n", ReadField (BufferSize));
|
|
dprintf("\tExtraDataSize:\t0x%016I64x\n", ReadField (ExtraDataSize));
|
|
|
|
}
|
|
|
|
ULONG64
|
|
GetStringTableData(
|
|
ULONG64 st
|
|
)
|
|
{
|
|
InitTypeRead (st, SETUPAPI!STRING_TABLE);
|
|
return ReadField (Data);
|
|
}
|
|
|
|
ULONG64
|
|
GetFirstNode(
|
|
ULONG64 stdata,
|
|
ULONG64 offset,
|
|
PULONG64 poffset
|
|
)
|
|
{
|
|
ULONG64 NodeAddress = 0;
|
|
|
|
ReadPtr (offset, &NodeAddress);
|
|
*poffset = NodeAddress;
|
|
|
|
if (NodeAddress == -1) {
|
|
return 0;
|
|
}
|
|
|
|
return NodeAddress + stdata;
|
|
|
|
}
|
|
|
|
ULONG64
|
|
GetNextNode(
|
|
ULONG64 stdata,
|
|
ULONG64 node,
|
|
PULONG64 offset
|
|
)
|
|
{
|
|
ULONG64 next, nextoffset;
|
|
|
|
//
|
|
// BUG BUG: Hack for ptr - STRING_NODEW is not built into any file
|
|
// so I will cheat because I know that the offset is the first entry
|
|
//
|
|
|
|
ReadPtr (node, &nextoffset);
|
|
|
|
if (nextoffset == -1) {
|
|
*offset = 0;
|
|
return 0;
|
|
}
|
|
|
|
next = stdata + nextoffset;
|
|
*offset = nextoffset;
|
|
|
|
return next;
|
|
|
|
}
|
|
|
|
BOOL
|
|
CheckInterupted(
|
|
VOID
|
|
)
|
|
{
|
|
if ( CheckControlC() ) {
|
|
dprintf( "\nInterrupted\n\n" );
|
|
return TRUE;
|
|
}
|
|
return FALSE;
|
|
}
|
|
|
|
LPCSTR
|
|
GetWizPage(
|
|
DWORD i
|
|
)
|
|
{
|
|
LPCSTR WizPage[] = {
|
|
"WizPagesWelcome", // welcome page
|
|
"WizPagesMode", // setup mode page
|
|
"WizPagesEarly", // pages that come after the mode page and before prenet pages
|
|
"WizPagesPrenet", // pages that come before network setup
|
|
"WizPagesPostnet", // pages that come after network setup
|
|
"WizPagesLate", // pages that come after postnet pages and before the final page
|
|
"WizPagesFinal", // final page
|
|
"WizPagesTypeMax"
|
|
};
|
|
|
|
return WizPage[i];
|
|
|
|
}
|
|
|
|
VOID
|
|
DumpOcComponent(
|
|
ULONG64 offset,
|
|
ULONG64 node,
|
|
ULONG64 pcomp
|
|
)
|
|
{
|
|
DWORD i;
|
|
ULONG count;
|
|
WCHAR Buffer[200];
|
|
|
|
UtilReadWString (node + GetTypeSize ("SETUPAPI!ULONG_PTR"),
|
|
Buffer,
|
|
sizeof (Buffer));
|
|
|
|
InitTypeRead (pcomp, OCMANAGE!OPTIONAL_COMPONENT);
|
|
|
|
dprintf("OC_COMPONENT Data for node %ws : 0x%p\n", Buffer, offset );
|
|
dprintf( "\t InfStringId:\t\t0x%016I64x\n", ReadField (InfStringId));
|
|
dprintf( "\t TopLevelStringId:\t0x%016I64x\n", ReadField (TopLevelStringId));
|
|
dprintf( "\t ParentStringId:\t0x%016I64x\n", ReadField (ParentStringId));
|
|
dprintf( "\t FirstChildStringId:\t0x%016I64x\n", ReadField (FirstChildStringId));
|
|
dprintf( "\t ChildrenCount:\t\t0x%016I64x\n", ReadField (ChildrenCount));
|
|
dprintf( "\t NextSiblingStringId:\t0x%016I64x\n", ReadField (NextSiblingStringId));
|
|
dprintf( "\t NeedsCount:\t\t%d\n", ReadField (NeedsCount));
|
|
|
|
if (ReadField (NeedsCount)) {
|
|
// read and dump needs list
|
|
for (i = 0; i < ReadField (NeedsCount); i++) {
|
|
ReadMemory(ReadField (NeedsStringIds) + (i * sizeof (ULONG)), &count, sizeof (count), NULL);
|
|
dprintf("\t NeedsStringIds #%d:\t0x%08x\n", i, count);
|
|
if (CheckInterupted()) {
|
|
return;
|
|
}
|
|
}
|
|
}
|
|
|
|
dprintf( "\t NeededByCount:\t\t%d\n", ReadField (NeededByCount));
|
|
|
|
if (ReadField (NeededByCount)) {
|
|
// read and dump needs list
|
|
|
|
for (i = 0; i < ReadField (NeededByCount); i++) {
|
|
ReadMemory(ReadField (NeededByStringIds) + (i * sizeof (ULONG)), &count, sizeof (count), NULL);
|
|
dprintf("\t NeededByStringIds #%d: 0x%08x\n", i, count);
|
|
|
|
if (CheckInterupted()) {
|
|
return;
|
|
}
|
|
}
|
|
}
|
|
|
|
dprintf( "\t ExcludeCount:\t\t%d\n", ReadField (ExcludeCount));
|
|
|
|
if (ReadField (ExcludeCount)) {
|
|
|
|
// read and dump Excludes list
|
|
|
|
for (i = 0; i < ReadField (ExcludeCount); i++) {
|
|
|
|
ReadMemory(ReadField (ExcludeStringIds) + (i * sizeof (ULONG)), &count, sizeof (ULONG), NULL);
|
|
|
|
dprintf("\t ExcludeStringIds #%d: 0x%08x\n", i, count);
|
|
|
|
if (CheckInterupted()) {
|
|
return;
|
|
}
|
|
}
|
|
}
|
|
|
|
dprintf( "\t ExcludedByCount:\t%d\n", ReadField (ExcludedByCount));
|
|
|
|
if (ReadField (ExcludedByCount)) {
|
|
|
|
// read and dump Excludes list
|
|
|
|
for (i = 0; i < ReadField (ExcludedByCount); i++) {
|
|
|
|
ReadMemory(ReadField (ExcludedByStringIds) + (i * sizeof (ULONG)), &count, sizeof (ULONG), NULL);
|
|
dprintf("\t ExcludesStringIds #%d:\t0x%08x\n", i, count);
|
|
|
|
if (CheckInterupted()) {
|
|
return;
|
|
}
|
|
}
|
|
}
|
|
|
|
dprintf( "\t InternalFlags:\t\t0x%08x\n", ReadField (InternalFlags));
|
|
|
|
//
|
|
// bugbug correct identifier
|
|
//
|
|
dprintf( "\t SizeApproximation:\t0x%016I64x\n", ReadField (SizeApproximation));
|
|
dprintf( "\t IconIndex:\t\t0x%016I64x\n", ReadField (IconIndex));
|
|
|
|
UtilGetWStringField (pcomp, "OCMANAGE!OPTIONAL_COMPONENT", "IconDll", Buffer, sizeof (Buffer));
|
|
dprintf( "\t IconDll:\t\t%ws\n", Buffer);
|
|
|
|
UtilGetWStringField (pcomp, "OCMANAGE!OPTIONAL_COMPONENT", "IconResource", Buffer, sizeof (Buffer));
|
|
dprintf( "\t IconResource:\t\t%ws\n", Buffer);
|
|
|
|
dprintf( "\t SelectionState:\t0x%016I64x\n", ReadField (SelectionState));
|
|
dprintf( "\t OriginalSelectionState:0x%016I64x\n", ReadField (OriginalSelectionState));
|
|
dprintf( "\t InstalledState:\t0x%016I64x\n", ReadField (InstalledState));
|
|
dprintf( "\t ModeBits:\t\t0x%08x\n", ReadField (ModeBits));
|
|
|
|
UtilGetWStringField (pcomp, "OCMANAGE!OPTIONAL_COMPONENT", "Description", Buffer, sizeof (Buffer));
|
|
dprintf( "\t Description:\t\t%ws\n", Buffer);
|
|
|
|
UtilGetWStringField (pcomp, "OCMANAGE!OPTIONAL_COMPONENT", "Tip", Buffer, sizeof (Buffer));
|
|
dprintf( "\t Tip:\t\t\t%ws\n", Buffer);
|
|
|
|
UtilGetWStringField (pcomp, "OCMANAGE!OPTIONAL_COMPONENT", "InstallationDllName", Buffer, sizeof (Buffer));
|
|
dprintf( "\t InstallationDllName:\t%ws\n", Buffer);
|
|
|
|
UtilGetWStringField (pcomp, "OCMANAGE!OPTIONAL_COMPONENT", "InterfaceFunctionName", Buffer, sizeof (Buffer));
|
|
dprintf( "\t InterfaceFunctionName:\t%s\n", Buffer);
|
|
|
|
dprintf( "\t InstallationDll:\t0x%016I64x\n", ReadField (InstallationDll));
|
|
dprintf( "\t ExpectedVersion:\t0x%016I64x\n", ReadField (ExpectedVersion));
|
|
dprintf( "\t Exists:\t\t0x%016I64x\n", ReadField (Exists));
|
|
dprintf( "\t Flags:\t\t\t0x%016I64x\n\n\n", ReadField (Flags));
|
|
|
|
return;
|
|
}
|
|
|
|
DECLARE_API( setuphelp )
|
|
{
|
|
dprintf("setupexts help:\n\n");
|
|
dprintf("!setuphelp - This message\n");
|
|
dprintf("!ocm [address] [opt. flag] - Dump the OC_MANAGER structure at address, flag increased verbosity\n");
|
|
dprintf("!space [address] [opt. flag] - Dump the DISK_SPACE_LIST structure at specified address\n");
|
|
dprintf("!st [address] - Dump the contents of a STRING_TABLE structure at specified address\n");
|
|
dprintf("!stfind [address] [element] - Dump the specified string table element\n");
|
|
dprintf("!queue [address] [opt. flag] - Dump the specified file queue\n");
|
|
dprintf("!qcontext [address] - Dump the specified default queue context \n");
|
|
dprintf("!infdump [addr] [opt. flag] - Dump the specified hinf \n");
|
|
|
|
}
|
|
|
|
DECLARE_API( st )
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This debugger extension dumps a string table at the address specified.
|
|
|
|
Arguments:
|
|
|
|
|
|
Return Value:
|
|
|
|
--*/
|
|
{
|
|
ULONG64 pst;
|
|
DWORD i;
|
|
ULONG64 offset;
|
|
ULONG64 pextradata;
|
|
ULONG64 stdata;
|
|
WCHAR Buffer[200];
|
|
ULONG64 boffset, node;
|
|
ULONG count = 0;
|
|
|
|
if (args==0) {
|
|
|
|
dprintf ("st: no string table specified.\n");
|
|
return;
|
|
}
|
|
|
|
ZeroMemory (&Buffer, sizeof (Buffer));
|
|
|
|
pst = UtilStringToUlong64 ((UCHAR *)args);
|
|
dprintf("Base String Table Address:\t0x%p\n", pst);
|
|
DumpStringTableHeader(pst);
|
|
stdata = GetStringTableData(pst);
|
|
|
|
//
|
|
// now, dump each node in the string table
|
|
//
|
|
for (i = 0; i<HASH_BUCKET_COUNT; i++ ) {
|
|
node = GetFirstNode(stdata, (stdata + (GetTypeSize ("SETUPAPI!ULONG_PTR") * i)), &offset );
|
|
|
|
if (!node) {
|
|
// dprintf("No data at hash bucket %d\n", i);
|
|
} else {
|
|
dprintf("Data at hash bucket %d\n", i);
|
|
while (node) {
|
|
|
|
//
|
|
// BUG BUG: Hack for offset - STRING_NODEW is not built into any file
|
|
// so I will cheat because I know that the offset is after a ptr
|
|
//
|
|
|
|
boffset = GetTypeSize ("SETUPAPI!ULONG_PTR");
|
|
count = 0;
|
|
|
|
while (1)
|
|
{
|
|
|
|
if (count == sizeof (Buffer)) {
|
|
break;
|
|
}
|
|
|
|
ReadMemory (node + boffset + count,
|
|
(PWCHAR) &Buffer + count/2,
|
|
sizeof (WCHAR),
|
|
NULL);
|
|
|
|
if (!Buffer[count/2]) {
|
|
break;
|
|
}
|
|
|
|
count +=2;
|
|
}
|
|
dprintf("\tEntry Name:\t%ws (0x%08x)\n", Buffer, offset);
|
|
InitTypeRead (pst, SETUPAPI!STRING_TABLE);
|
|
pextradata = ReadField (Data) + offset + (wcslen(Buffer) + 1)*sizeof(WCHAR) + sizeof(DWORD);
|
|
dprintf("\tExtra Data:\t0x%016I64x\n", pextradata );
|
|
|
|
node = GetNextNode(stdata, node, &offset );
|
|
|
|
if (CheckInterupted()) {
|
|
return;
|
|
}
|
|
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
DECLARE_API( stfind )
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This debugger extension dumps the data for a given string table number
|
|
|
|
Arguments:
|
|
|
|
|
|
Return Value:
|
|
|
|
--*/
|
|
|
|
{
|
|
ULONG64 pst, element, stdata, boffset;
|
|
DWORD i;
|
|
ULONG64 offset;
|
|
ULONG64 pextradata;
|
|
ULONG64 node;
|
|
UCHAR arg[2][100];
|
|
WCHAR Buffer[200];
|
|
ULONG64 count = 0, argcount = 0;
|
|
PUCHAR argptr = (PUCHAR) args;
|
|
|
|
ZeroMemory (&arg, sizeof (arg));
|
|
ZeroMemory (&Buffer, sizeof (Buffer));
|
|
|
|
while (*argptr != 0) {
|
|
|
|
if (*argptr == ' ') {
|
|
argcount++;
|
|
count = 0;
|
|
argptr++;
|
|
}
|
|
|
|
if (argcount > 1) {
|
|
break;
|
|
}
|
|
|
|
arg[argcount][count] = *argptr;
|
|
count++;
|
|
argptr++;
|
|
}
|
|
|
|
if (!arg[0][0] || !arg[1][0]) {
|
|
|
|
dprintf ("stfind: missing one or more parameters\nusage:!stfind [address] [element]\n");
|
|
return;
|
|
}
|
|
|
|
pst = UtilStringToUlong64 (arg[0]);
|
|
element = UtilStringToUlong64 (arg[1]);
|
|
|
|
stdata = GetStringTableData(pst);
|
|
|
|
if (!stdata) {
|
|
dprintf("Error retrieving string table data!\n");
|
|
return;
|
|
}
|
|
|
|
//
|
|
// search each node in the string table
|
|
//
|
|
for (i = 0; i<HASH_BUCKET_COUNT; i++ ) {
|
|
node = GetFirstNode(stdata, (stdata + (GetTypeSize ("SETUPAPI!ULONG_PTR") * i)), &offset );
|
|
if (!node) {
|
|
|
|
} else {
|
|
|
|
while (node) {
|
|
if (element == offset) {
|
|
//
|
|
// BUG BUG: Hack for offset - STRING_NODEW is not built into any file
|
|
// so I will cheat because I know that the offset is after a ptr
|
|
//
|
|
|
|
boffset = GetTypeSize ("SETUPAPI!ULONG_PTR");
|
|
count = 0;
|
|
|
|
while (1)
|
|
{
|
|
|
|
if (count == sizeof (Buffer)) {
|
|
break;
|
|
}
|
|
|
|
ReadMemory (node + boffset + count,
|
|
(PWCHAR) &Buffer + count/2,
|
|
sizeof (WCHAR),
|
|
NULL);
|
|
|
|
if (!Buffer[count/2]) {
|
|
break;
|
|
}
|
|
|
|
count +=2;
|
|
}
|
|
dprintf("\tEntry Name:\t%ws (0x%08x)\n", Buffer, offset);
|
|
InitTypeRead (pst, SETUPAPI!STRING_TABLE);
|
|
pextradata = ReadField (Data) + offset + (wcslen(Buffer) + 1)*sizeof(WCHAR) + sizeof(DWORD);
|
|
dprintf("\tExtra Data:\t0x%016I64x\n", pextradata );
|
|
return;
|
|
}
|
|
|
|
node = GetNextNode( stdata, node, &offset );
|
|
|
|
if (CheckInterupted()) {
|
|
return;
|
|
}
|
|
|
|
}
|
|
}
|
|
}
|
|
|
|
dprintf("Couldn't find element\n");
|
|
|
|
}
|
|
|
|
|
|
DECLARE_API( ocm )
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This debugger extension dumps an OC_MANAGER (UNICODE!) structure at the specified address
|
|
|
|
Arguments:
|
|
|
|
|
|
Return Value:
|
|
|
|
--*/
|
|
{
|
|
ULONG64 pocm;
|
|
DWORD i;
|
|
ULONG64 infdata,compdata;
|
|
ULONG64 Mask = 0;
|
|
LONG count = 0;
|
|
UCHAR arg[2][100];
|
|
PUCHAR argptr = (PUCHAR) args;
|
|
ULONG64 offset = 0;
|
|
WCHAR Buffer[200];
|
|
ULONG argcount = 0;
|
|
ULONG64 node = 0, boffset = 0;
|
|
|
|
ZeroMemory (&arg, sizeof (arg));
|
|
|
|
|
|
while (*argptr != 0) {
|
|
|
|
if (*argptr == ' ') {
|
|
argcount++;
|
|
count = 0;
|
|
argptr++;
|
|
}
|
|
|
|
if (argcount > 1) {
|
|
break;
|
|
}
|
|
|
|
arg[argcount][count] = *argptr;
|
|
count++;
|
|
argptr++;
|
|
}
|
|
|
|
if (!arg[0][0]) {
|
|
|
|
dprintf ("ocm: missing one or more parameters\nusage:!ocm [address] [verbosity]\n");
|
|
return;
|
|
}
|
|
|
|
pocm = UtilStringToUlong64 (arg[0]);
|
|
Mask = UtilStringToUlong64 (arg[1]);
|
|
|
|
InitTypeRead (pocm, OCMANAGE!OC_MANAGER);
|
|
|
|
//
|
|
// dump the OCM structure
|
|
//
|
|
dprintf("OC_MANAGER structure at Address:\t0x%016I64x\n", pocm);
|
|
|
|
dprintf("\tCallbacks :\n");
|
|
dprintf("\t\tFillInSetupDataA:\t0x%016I64x\n", ReadField (Callbacks.FillInSetupDataA));
|
|
dprintf("\t\tLogError:\t\t0x%016I64x\n", ReadField (Callbacks.LogError));
|
|
dprintf("\t\tSetReboot:\t\t0x%016I64x\n", ReadField (Callbacks.SetReboot));
|
|
dprintf("\t\tFillInSetupDataW:\t0x%016I64x\n", ReadField (Callbacks.FillInSetupDataW));
|
|
|
|
dprintf("\tMasterOcInf:\t\t0x%016I64x\n", ReadField (MasterOcInf));
|
|
dprintf("\tUnattendedInf:\t\t0x%016I64x\n", ReadField (UnattendedInf));
|
|
|
|
UtilGetWStringField (pocm, "OCMANAGE!OC_MANAGER", "MasterOcInfPath", Buffer, sizeof (Buffer));
|
|
dprintf("\tMasterOcInfPath:\t%ws\n", Buffer);
|
|
|
|
UtilGetWStringField (pocm, "OCMANAGE!OC_MANAGER", "UnattendedInfPath", Buffer, sizeof (Buffer));
|
|
dprintf("\tUnattendInfPath:\t%ws\n", Buffer);
|
|
|
|
UtilGetWStringField (pocm, "OCMANAGE!OC_MANAGER", "SourceDir", Buffer, sizeof (Buffer));
|
|
dprintf("\tSourceDir:\t\t%ws\n", Buffer);
|
|
|
|
UtilGetWStringField (pocm, "OCMANAGE!OC_MANAGER", "SuiteName", Buffer, sizeof (Buffer));
|
|
dprintf("\tSuiteName:\t\t%ws\n", Buffer);
|
|
|
|
UtilGetWStringField (pocm, "OCMANAGE!OC_MANAGER", "SetupPageTitle", Buffer, sizeof (Buffer));
|
|
dprintf("\tSetupPageTitle:\t\t%ws\n", Buffer);
|
|
|
|
UtilGetWStringField (pocm, "OCMANAGE!OC_MANAGER", "WindowTitle", Buffer, sizeof (Buffer));
|
|
dprintf("\tWindowTitle:\t\t%ws\n", Buffer);
|
|
|
|
dprintf("\tInfListStringTable:\t0x%016I64x\n", ReadField (InfListStringTable));
|
|
dprintf("\tComponentStringTable:\t0x%016I64x\n", ReadField (ComponentStringTable));
|
|
dprintf("\tOcSetupPage:\t\t0x%016I64x\n", ReadField (OcSetupPage));
|
|
dprintf("\tSetupMode:\t\t%d\n", ReadField (SetupMode));
|
|
|
|
dprintf("\tTopLevelOcCount:\t%d\n", ReadField (TopLevelOcCount));
|
|
|
|
if (ReadField (TopLevelOcCount)) {
|
|
|
|
// read and dump needs list
|
|
|
|
for (i = 0; i < ReadField (TopLevelOcCount); i++) {
|
|
|
|
//
|
|
// BUG BUG - No way to read size of String Ids off target, so assume LONG
|
|
//
|
|
|
|
ReadMemory(ReadField (TopLevelOcStringIds) + (i * sizeof (LONG)), &count, sizeof (count), NULL);
|
|
dprintf("\t TopLevelOcStringIds #%d:\t0x%08x\n", i, count);
|
|
|
|
if (CheckInterupted()) {
|
|
return;
|
|
}
|
|
}
|
|
}
|
|
|
|
dprintf("\tTopLevelParenOcCount:\t%d\n", ReadField (TopLevelParentOcCount));
|
|
|
|
if (ReadField (TopLevelParentOcCount)) {
|
|
|
|
// read and dump needs list
|
|
|
|
for (i = 0; i < ReadField (TopLevelParentOcCount); i++) {
|
|
|
|
//
|
|
// BUG BUG - No way to read size of String Ids off target, so assume LONG
|
|
//
|
|
|
|
ReadMemory(ReadField (TopLevelParentOcStringIds) + (i * sizeof (LONG)), &count, sizeof (count), NULL);
|
|
dprintf("\t TopLevelParentOcStringIds #%d:\t0x%08x\n", i, count);
|
|
|
|
if (CheckInterupted()) {
|
|
return;
|
|
}
|
|
}
|
|
}
|
|
|
|
dprintf("\tSubComponentsPresent:\t%d\n", ReadField (SubComponentsPresent));
|
|
|
|
//
|
|
// BugBug WizardPagesOrder there's not really any way to tell the exact upper bound of
|
|
// each array, though we know that it's <= TopLevelParentOcCount...since this is the case
|
|
// we just dump the point to each array of pages...
|
|
//
|
|
|
|
for (i = 0; i < WizPagesTypeMax; i++) {
|
|
|
|
ULONG wizardpageorder = 0;
|
|
|
|
//
|
|
// BUG BUG - Again, assuming that this type will always be ULONG
|
|
//
|
|
|
|
GetFieldOffset ("OCMANAGE!OC_MANAGER", "WizardPagesOrder", (PULONG) &offset);
|
|
|
|
ReadMemory (pocm + offset + (i * sizeof (ULONG)), &wizardpageorder, sizeof (ULONG), NULL);
|
|
|
|
dprintf("\tWizardPagesOrder[%i] (%s)\t: 0x%08x\n",
|
|
i,
|
|
GetWizPage(i),
|
|
wizardpageorder);
|
|
|
|
if (CheckInterupted()) {
|
|
return;
|
|
}
|
|
}
|
|
|
|
UtilGetWStringField (pocm, "OCMANAGE!OC_MANAGER", "PrivateDataSubkey", Buffer, sizeof (Buffer));
|
|
dprintf("\tPrivateDataSubkey:\t\t%ws\n", Buffer);
|
|
|
|
dprintf("\thKeyPrivateData:\t\t0x%016I64x\n", ReadField (hKeyPrivateData));
|
|
dprintf("\thKeyPrivateDataRoot:\t\t0x%016I64x\n", ReadField (hKeyPrivateDataRoot));
|
|
dprintf("\tProgressTextWindow:\t\t0x%016I64x\n", ReadField (ProgressTextWindow));
|
|
dprintf("\tCurrentComponentStringId:\t0x%016I64x\n", ReadField(CurrentComponentStringId));
|
|
dprintf("\tAbortedCount:\t\t%d\n", ReadField (AbortedCount));
|
|
|
|
if (ReadField (AbortedCount)) {
|
|
|
|
// read and dump needs list
|
|
|
|
for (i = 0; i < ReadField (AbortedCount); i++) {
|
|
|
|
ReadMemory(ReadField (AbortedComponentIds) + (i * sizeof (LONG)), &count, sizeof(count), NULL);
|
|
|
|
dprintf("\t AbortedComponentIds #%d:\t0x%08x\n", i, count);
|
|
|
|
if (CheckInterupted()) {
|
|
return;
|
|
}
|
|
}
|
|
}
|
|
|
|
dprintf("\tInternalFlags:\t\t0x%016I64x\n\n\n", ReadField (InternalFlags));
|
|
|
|
dprintf("\tSetupData.SetupMode :\t\t0x%016I64x\n", ReadField (SetupData.SetupMode));
|
|
dprintf("\tSetupData.ProductType :\t\t0x%016I64x\n", ReadField (SetupData.ProductType));
|
|
dprintf("\tSetupData.OperationFlags :\t0x%016I64x\n", ReadField (SetupData.OperationFlags));
|
|
|
|
UtilGetWStringField (pocm, "OCMANAGE!OC_MANAGER", "SetupData.SourcePath", Buffer, sizeof (Buffer));
|
|
dprintf("\tSetupData.SourcePath :\t\t%ws\n", Buffer);
|
|
|
|
UtilGetWStringField (pocm, "OCMANAGE!OC_MANAGER", "SetupData.UnattendFile", Buffer, sizeof (Buffer));
|
|
dprintf("\tSetupData.UnattendFile :\t\t%ws\n", Buffer);
|
|
|
|
//
|
|
// Verbose print
|
|
//
|
|
|
|
if ((Mask&1) && ReadField (InfListStringTable)) {
|
|
ULONG64 pinfdata = 0;
|
|
|
|
dprintf("\t\t***InfListStringTable***\n");
|
|
|
|
pinfdata = GetStringTableData( ReadField (InfListStringTable));
|
|
|
|
if (!pinfdata) {
|
|
dprintf("error retrieving string table data!\n");
|
|
return;
|
|
}
|
|
|
|
// now, dump each node with data in the string table
|
|
for (i = 0; i<HASH_BUCKET_COUNT; i++ ) {
|
|
|
|
node = GetFirstNode(pinfdata, (pinfdata + (GetTypeSize ("SETUPAPI!ULONG_PTR") * i)), &offset);
|
|
|
|
if (!node) {
|
|
// dprintf("No data at hash bucket %d\n", i);
|
|
} else {
|
|
//dprintf("Data at hash bucket %d\n", i);
|
|
while (node) {
|
|
ULONG64 pocinf = 0;
|
|
//dprintf("\tNode Name:%ws\n", node->String);
|
|
|
|
UtilReadWString (node + GetTypeSize ("SETUPAPI!ULONG_PTR"),
|
|
Buffer,
|
|
sizeof (Buffer)
|
|
);
|
|
|
|
boffset = wcslen (Buffer) * sizeof (WCHAR);
|
|
|
|
ReadPtr (node + GetTypeSize ("SETUPAPI!ULONG_PTR") + boffset + 1,
|
|
&pocinf);
|
|
|
|
pocinf = node + GetTypeSize ("SETUPAPI!ULONG_PTR") + boffset + 2;
|
|
|
|
if (pocinf) {
|
|
|
|
InitTypeRead (pocinf, OCMANAGE!OC_INF);
|
|
|
|
dprintf("\tNode Data for %ws\t (0x%08x): 0x%016I64x\n",
|
|
Buffer,
|
|
offset,
|
|
ReadField (Handle)
|
|
);
|
|
} else {
|
|
dprintf("\tNo Node Data for %ws\n",
|
|
Buffer
|
|
);
|
|
}
|
|
node = GetNextNode(pinfdata, node, &offset );
|
|
|
|
if (CheckInterupted()) {
|
|
return;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
dprintf("\n\n");
|
|
}
|
|
|
|
InitTypeRead (pocm, OCMANAGE!OC_MANAGER);
|
|
|
|
if ((Mask&1) && ReadField (ComponentStringTable)) {
|
|
ULONG64 compdata = 0;
|
|
|
|
dprintf("\t\t***ComponentStringTable***\n");
|
|
|
|
compdata = GetStringTableData(ReadField (ComponentStringTable));
|
|
|
|
if (!compdata) {
|
|
dprintf("error retrieving string table data!\n");
|
|
return;
|
|
}
|
|
|
|
//
|
|
// dump each node with data in the string table
|
|
//
|
|
for (i = 0; i<HASH_BUCKET_COUNT; i++ ) {
|
|
node = GetFirstNode(compdata, (compdata + (GetTypeSize ("SETUPAPI!ULONG_PTR") * i)), &offset);
|
|
|
|
if (!node) {
|
|
// dprintf("No data at hash bucket %d\n", i);
|
|
} else {
|
|
//dprintf("Data at hash bucket %d\n", i);
|
|
while (node) {
|
|
ULONG64 pcomp = 0;
|
|
//dprintf("\tNode Name:%ws\n", node->String);
|
|
|
|
UtilReadWString (node + GetTypeSize ("SETUPAPI!ULONG_PTR"),
|
|
Buffer,
|
|
sizeof (Buffer)
|
|
);
|
|
|
|
boffset = wcslen (Buffer) * sizeof (WCHAR);
|
|
|
|
pcomp = node + GetTypeSize ("SETUPAPI!ULONG_PTR") + boffset + 2;
|
|
|
|
if (pcomp) {
|
|
|
|
DumpOcComponent( offset , node, pcomp );
|
|
|
|
} else {
|
|
|
|
dprintf("\tNo Node Data for %ws\n",
|
|
Buffer
|
|
);
|
|
}
|
|
|
|
if (CheckInterupted()) {
|
|
return;
|
|
}
|
|
|
|
node = GetNextNode( compdata, node, &offset );
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
DECLARE_API( infdump )
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This debugger extension dumps the data related to an HINF structure
|
|
|
|
Arguments:
|
|
|
|
|
|
Return Value:
|
|
|
|
--*/
|
|
{
|
|
DWORD ReturnLength;
|
|
ULONG64 pinf;
|
|
//LOADED_INF inf;
|
|
//INF_SECTION InfSection;
|
|
//INF_LINE InfLine;
|
|
DWORD i;
|
|
ULONG64 offset = 0, count = 0;
|
|
ULONG64 stdata,pextradata;
|
|
//STRING_TABLE st;
|
|
//PSTRING_NODEW node;//, prev;
|
|
PUCHAR argptr = (PUCHAR) args;
|
|
UCHAR arg[2][100];
|
|
WCHAR Buffer[200];
|
|
ULONG argcount = 0;
|
|
ULONG64 node = 0, boffset = 0, pst = 0;
|
|
ULONG64 Mask = 0;
|
|
|
|
ZeroMemory (&arg, sizeof (arg));
|
|
|
|
|
|
while (*argptr != 0) {
|
|
|
|
if (*argptr == ' ') {
|
|
argcount++;
|
|
count = 0;
|
|
argptr++;
|
|
}
|
|
|
|
if (argcount > 1) {
|
|
break;
|
|
}
|
|
|
|
arg[argcount][count] = *argptr;
|
|
count++;
|
|
argptr++;
|
|
}
|
|
|
|
if (!arg[0][0]) {
|
|
|
|
dprintf ("infdump: missing one or more parameters\nusage:!infdump [address] [verbosity]\n");
|
|
return;
|
|
}
|
|
|
|
pinf = UtilStringToUlong64 (arg[0]);
|
|
Mask = UtilStringToUlong64 (arg[1]);
|
|
|
|
InitTypeRead (pinf, SETUPAPI!LOADED_INF);
|
|
|
|
count = ReadField (Signature);
|
|
|
|
dprintf("LOADED_INF at :\t0x%016I64x\n", pinf);
|
|
dprintf("\t Signature : 0x%08x (%s)\n", (ULONG) count, ((count == LOADED_INF_SIG) ? "Valid" : "Invalid"));
|
|
|
|
if (ReadField (Signature) != LOADED_INF_SIG) {
|
|
return;
|
|
}
|
|
|
|
dprintf("\t FileHandle:\t0x%016I64x\n", ReadField (FileHandle));
|
|
dprintf("\t MappingHandle:\t0x%016I64x\n", ReadField (MappingHandle));
|
|
dprintf("\t ViewAddress:\t0x%016I64x\n", ReadField (ViewAddress));
|
|
|
|
if (ReadField (FileHandle) == (ULONG64) INVALID_HANDLE_VALUE) {
|
|
dprintf(" *** In memory INF ***\n" );
|
|
} else {
|
|
dprintf(" *** PNF ***\n" );
|
|
}
|
|
|
|
dprintf("\t StringTable:\t0x%016I64x\n", ReadField (StringTable));
|
|
dprintf("\t SectionCount:\t0x%016I64x\n", ReadField (SectionCount));
|
|
|
|
dprintf("\tSectionBlock:\t0x%016I64x\n", ReadField (SectionBlock));
|
|
|
|
for (i = 0; i < ReadField (SectionCount); i++) {
|
|
|
|
dprintf("***INF_SECTION [%d] at 0x%016I64x***\n",i, ReadField (SectionBlock) + (GetTypeSize ("SETUPAPI!INF_SECTION") * i));
|
|
DumpInfSection( ReadField (SectionBlock) + (GetTypeSize ("SETUPAPI!INF_SECTION") * i), ReadField (LineBlock), ReadField (ValueBlock));
|
|
|
|
//
|
|
// Need to reinit type read because previous functions change the
|
|
// default read structure type
|
|
//
|
|
|
|
InitTypeRead (pinf, SETUPAPI!LOADED_INF);
|
|
|
|
if (CheckInterupted()) {
|
|
return;
|
|
}
|
|
}
|
|
|
|
dprintf("\tLineBlock : 0x%I64x\n", ReadField (LineBlock));
|
|
dprintf("\t ValueBlock : 0x%I64x\n", ReadField (ValueBlock));
|
|
|
|
DumpInfVersionNode(ReadField (VersionBlock));
|
|
|
|
InitTypeRead (pinf, SETUPAPI!LOADED_INF);
|
|
|
|
dprintf("\t HasStrings : 0x%I64x\n", ReadField (HasStrings));
|
|
|
|
UtilGetWStringField (pinf, "SETUPAPI!LOADED_INF", "OsLoaderPath", Buffer, sizeof (Buffer));
|
|
dprintf("\t OsLoaderPath : %ws\n", Buffer);
|
|
|
|
dprintf("\t InfSourceMediaType : 0x%I64x ( ", ReadField (InfSourceMediaType));
|
|
|
|
if (ReadField (InfSourceMediaType)) {
|
|
if (ReadField (InfSourceMediaType) & SPOST_PATH ) {
|
|
dprintf("SPOST_PATH ");
|
|
}
|
|
if (ReadField (InfSourceMediaType) & SPOST_URL) {
|
|
dprintf("SPOST_URL ");
|
|
}
|
|
} else {
|
|
dprintf("SPOST_NONE ");
|
|
}
|
|
|
|
dprintf(")\n");
|
|
|
|
UtilGetWStringField (pinf, "SETUPAPI!LOADED_INF", "InfSourcePath", Buffer, sizeof (Buffer));
|
|
dprintf("\t InfSourcePath : %ws\n", Buffer);
|
|
|
|
UtilGetWStringField (pinf, "SETUPAPI!LOADED_INF", "OriginalInfName", Buffer, sizeof (Buffer));
|
|
dprintf("\t OriginalInfName : %ws\n", Buffer);
|
|
dprintf("\t SubstValueList : 0x%I64x\n", ReadField (SubstValueList));
|
|
dprintf("\t SubstValueCount : 0x%I64x\n", ReadField (SubstValueCount));
|
|
dprintf("\t Style : 0x%x ( ", ReadField (Style));
|
|
|
|
if (ReadField (Style) & INF_STYLE_OLDNT) {
|
|
dprintf("INF_STYLE_OLDNT ");
|
|
}
|
|
if (ReadField (Style) & INF_STYLE_WIN4) {
|
|
dprintf("INF_STYLE_WIN4 ");
|
|
}
|
|
|
|
dprintf(")\n");
|
|
|
|
dprintf("\t SectionBlockSizeBytes : 0x%x\n", ReadField (SectionBlockSizeBytes));
|
|
dprintf("\t LineBlockSizeBytes : 0x%x\n", ReadField (LineBlockSizeBytes));
|
|
dprintf("\t ValueBlockSizeBytes : 0x%x\n", ReadField (ValueBlockSizeBytes));
|
|
dprintf("\t LanguageId : 0x%x\n", ReadField (LanguageId));
|
|
|
|
dprintf("\t UserDirIdList : 0x%x\n", ReadField (UserDirIdList));
|
|
dprintf("\tLock[0] : 0x%x\n", ReadField (Lock.handles[0]));
|
|
dprintf("\tLock[1] : 0x%x\n", ReadField (Lock.handles[1]));
|
|
|
|
dprintf("\tPrev : 0x%x\n", ReadField (Prev));
|
|
dprintf("\tNext : 0x%x\n", ReadField (Next));
|
|
|
|
pst = ReadField (StringTable);
|
|
|
|
DumpStringTableHeader (pst);
|
|
|
|
stdata = GetStringTableData (pst);
|
|
|
|
//
|
|
// now, dump each node in the string table
|
|
//
|
|
for (i = 0; i<HASH_BUCKET_COUNT; i++ ) {
|
|
node = GetFirstNode(stdata, (stdata + (GetTypeSize ("SETUPAPI!ULONG_PTR") * i)), &offset );
|
|
|
|
if (!node) {
|
|
// dprintf("No data at hash bucket %d\n", i);
|
|
} else {
|
|
dprintf("Data at hash bucket %d\n", i);
|
|
while (node) {
|
|
|
|
//
|
|
// BUG BUG: Hack for offset - STRING_NODEW is not built into any file
|
|
// so I will cheat because I know that the offset is after a ptr
|
|
//
|
|
|
|
boffset = GetTypeSize ("SETUPAPI!ULONG_PTR");
|
|
count = 0;
|
|
|
|
while (1)
|
|
{
|
|
|
|
if (count == sizeof (Buffer)) {
|
|
break;
|
|
}
|
|
|
|
ReadMemory (node + boffset + count,
|
|
(PWCHAR) &Buffer + count/2,
|
|
sizeof (WCHAR),
|
|
NULL);
|
|
|
|
if (!Buffer[count/2]) {
|
|
break;
|
|
}
|
|
|
|
count +=2;
|
|
}
|
|
dprintf("\tEntry Name:\t%ws (0x%08x)\n", Buffer, offset);
|
|
InitTypeRead (pst, SETUPAPI!STRING_TABLE);
|
|
pextradata = ReadField (Data) + offset + (wcslen(Buffer) + 1)*sizeof(WCHAR) + sizeof(DWORD);
|
|
dprintf("\tExtra Data:\t0x%016I64x\n", pextradata );
|
|
|
|
node = GetNextNode(stdata, node, &offset );
|
|
|
|
if (CheckInterupted()) {
|
|
return;
|
|
}
|
|
|
|
}
|
|
}
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
DECLARE_API( space )
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This debugger extension dumps the data related to a HDSKSPC structure
|
|
|
|
Arguments:
|
|
|
|
|
|
Return Value:
|
|
|
|
--*/
|
|
{
|
|
DWORD ReturnLength;
|
|
ULONG64 pst = 0;
|
|
ULONG64 dsl = 0;
|
|
DWORD i;
|
|
ULONG64 offset = 0, count = 0, boffset = 0;
|
|
ULONG64 stdata = 0,pextradata = 0;
|
|
ULONG64 Mask = 0;
|
|
ULONG64 node = 0, pxd = 0, pte = 0;
|
|
PUCHAR argptr = (PUCHAR) args;
|
|
UCHAR arg[2][100];
|
|
WCHAR Buffer[200];
|
|
ULONG argcount = 0;
|
|
|
|
|
|
while (*argptr != 0) {
|
|
|
|
if (*argptr == ' ') {
|
|
argcount++;
|
|
count = 0;
|
|
argptr++;
|
|
}
|
|
|
|
if (argcount > 1) {
|
|
break;
|
|
}
|
|
|
|
arg[argcount][count] = *argptr;
|
|
count++;
|
|
argptr++;
|
|
}
|
|
|
|
if (!arg[0][0]) {
|
|
|
|
dprintf ("space: missing one or more parameters\nusage:!space [address] [verbosity]\n");
|
|
return;
|
|
}
|
|
|
|
dsl = UtilStringToUlong64 (arg[0]);
|
|
Mask = UtilStringToUlong64 (arg[1]);
|
|
|
|
InitTypeRead (dsl, SETUPAPI!DISK_SPACE_LIST);
|
|
|
|
dprintf("DISK_SPACE_LIST at :\t0x%016I64x\n", dsl);
|
|
|
|
GetFieldOffset ("SETUPAPI!DISK_SPACE_LIST", "Lock", (ULONG *) &offset);
|
|
boffset = GetTypeSize ("SETUPAPI!HANDLE");
|
|
|
|
ReadMemory (dsl + offset, &count, (ULONG) boffset, NULL);
|
|
dprintf("\tLock[0] : 0x%016I64x\n", count);
|
|
|
|
ReadMemory (dsl + offset + boffset, &count, (ULONG) boffset, NULL);
|
|
dprintf("\tLock[1] : 0x%016I64x\n", count);
|
|
|
|
dprintf("\tDrivesTable : 0x%016I64x\n", ReadField (DrivesTable));
|
|
dprintf("\tFlags : 0x%016I64x\n", ReadField (Flags));
|
|
|
|
pst = ReadField (DrivesTable);
|
|
|
|
dprintf("\t ***DrivesTable***\n");
|
|
DumpStringTableHeader(pst);
|
|
|
|
stdata = GetStringTableData(pst);
|
|
if (!stdata) {
|
|
dprintf("error retrieving string table data!\n");
|
|
return;
|
|
}
|
|
|
|
//
|
|
// now, dump each node in the string table
|
|
//
|
|
for (i = 0; i<HASH_BUCKET_COUNT; i++ ) {
|
|
node = GetFirstNode(stdata, (stdata + (GetTypeSize ("SETUPAPI!ULONG_PTR") * i)), &offset );
|
|
|
|
if (!node) {
|
|
// dprintf("No data at hash bucket %d\n", i);
|
|
} else {
|
|
dprintf("Data at hash bucket %d\n", i);
|
|
while (node) {
|
|
|
|
boffset = GetTypeSize ("SETUPAPI!ULONG_PTR");
|
|
count = 0;
|
|
|
|
while (1)
|
|
{
|
|
|
|
if (count == sizeof (Buffer)) {
|
|
break;
|
|
}
|
|
|
|
ReadMemory (node + boffset + count,
|
|
(PWCHAR) &Buffer + count/2,
|
|
sizeof (WCHAR),
|
|
NULL);
|
|
|
|
if (!Buffer[count/2]) {
|
|
break;
|
|
}
|
|
|
|
count +=2;
|
|
}
|
|
dprintf("\tEntry Name:\t%ws (0x%08x)\n", Buffer, offset);
|
|
InitTypeRead (pst, SETUPAPI!STRING_TABLE);
|
|
pxd = ReadField (Data) + offset + (wcslen(Buffer) + 1)*sizeof(WCHAR) + sizeof(DWORD);
|
|
DumpXDrive( pxd, Mask );
|
|
|
|
node = GetNextNode( stdata, node, &offset );
|
|
|
|
if (CheckInterupted()) {
|
|
return;
|
|
}
|
|
}
|
|
}
|
|
|
|
if (CheckInterupted()) {
|
|
return;
|
|
}
|
|
}
|
|
}
|
|
|
|
DECLARE_API( queue )
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This debugger extension dumps the data related to a HSPFILEQ
|
|
|
|
Arguments:
|
|
|
|
|
|
Return Value:
|
|
|
|
--*/
|
|
{
|
|
ULONG64 ReturnLength;
|
|
ULONG64 pfq = 0,pst = 0, pte = 0;
|
|
//SP_FILE_QUEUE fq;
|
|
//PSP_TARGET_ENT pte;
|
|
DWORD i;
|
|
ULONG64 offset = 0, count = 0, boffset = 0;
|
|
ULONG64 stdata = 0, pextradata = 0, node = 0;
|
|
//STRING_TABLE st;
|
|
//PSTRING_NODEW node;//, prev;
|
|
ULONG64 Mask = 0;
|
|
PUCHAR argptr = (PUCHAR) args;
|
|
UCHAR arg[2][100];
|
|
WCHAR Buffer[200];
|
|
ULONG argcount = 0;
|
|
|
|
|
|
while (*argptr != 0) {
|
|
|
|
if (*argptr == ' ') {
|
|
argcount++;
|
|
count = 0;
|
|
argptr++;
|
|
}
|
|
|
|
if (argcount > 1) {
|
|
break;
|
|
}
|
|
|
|
arg[argcount][count] = *argptr;
|
|
count++;
|
|
argptr++;
|
|
}
|
|
|
|
if (!arg[0][0]) {
|
|
|
|
dprintf ("queue: missing one or more parameters\nusage:!queue [address] [verbosity]\n");
|
|
return;
|
|
}
|
|
|
|
pfq = UtilStringToUlong64 (arg[0]);
|
|
Mask = UtilStringToUlong64 (arg[1]);
|
|
|
|
InitTypeRead (pfq, SETUPAPI!SP_FILE_QUEUE);
|
|
|
|
dprintf("SP_FILE_QUEUE at :\t0x%016I64x\n", pfq);
|
|
dprintf("\t BackupQueue : 0x%016I64x\n", ReadField (BackupQueue));
|
|
dprintf("\t DeleteQueue : 0x%016I64x\n", ReadField (DeleteQueue));
|
|
dprintf("\t RenameQueue : 0x%016I64x\n", ReadField (RenameQueue));
|
|
|
|
dprintf("\t CopyNodeCount : 0x%016I64x\n", ReadField (CopyNodeCount));
|
|
dprintf("\t DeleteNodeCount : 0x%016I64x\n", ReadField (DeleteNodeCount));
|
|
dprintf("\t RenameNodeCount : 0x%016I64x\n", ReadField (RenameNodeCount));
|
|
dprintf("\t BackupNodeCount : 0x%016I64x\n", ReadField (BackupNodeCount));
|
|
|
|
dprintf("\t SourceMediaList : 0x%016I64x\n", ReadField (SourceMediaList));
|
|
dprintf("\t SourceMediaCount : 0x%016I64x\n", ReadField (SourceMediaCount));
|
|
|
|
dprintf("\t CatalogList : 0x%016I64x\n", ReadField (CatalogList));
|
|
dprintf("\t DriverSigningPolicy : 0x%016I64x (%s)\n",
|
|
ReadField (DriverSigningPolicy),
|
|
(ReadField (DriverSigningPolicy) == DRIVERSIGN_BLOCKING) ? "DRIVERSIGN_BLOCKING" :
|
|
(ReadField (DriverSigningPolicy) == DRIVERSIGN_WARNING) ? "DRIVERSIGN_WARNING" :
|
|
"DRIVERSIGN_NONE" );
|
|
|
|
dprintf("\t hWndDriverSigningUi : 0x%016I64x\n", ReadField (hWndDriverSigningUi));
|
|
dprintf("\t DeviceDescStringId : 0x%016I64x\n", ReadField (DeviceDescStringId));
|
|
dprintf("\t AltPlatformInfo : 0x%016I64x\n", ReadField (AltPlatformInfo));
|
|
|
|
GetFieldOffset ("SETUPAPI!SP_FILE_QUEUE", "AltPlatformInfo", (ULONG *) &offset);
|
|
|
|
DumpAltPlatformInfo(pfq + offset);
|
|
|
|
InitTypeRead (pfq, SETUPAPI!SP_FILE_QUEUE);
|
|
|
|
dprintf("\t AltCatalogFile : 0x%016I64x\n", ReadField (AltCatalogFile));
|
|
dprintf("\t StringTable : 0x%016I64x\n", ReadField (StringTable));
|
|
dprintf("\t LockRefCount : 0x%016I64x\n", ReadField (LockRefCount));
|
|
dprintf("\t Flags : 0x%016I64x\n", ReadField (Flags));
|
|
dprintf("\t SisSourceHandle : 0x%016I64x\n", ReadField (SisSourceHandle));
|
|
dprintf("\t SisSourceDirectory : 0x%016I64x\n", ReadField (SisSourceDirectory));
|
|
dprintf("\t BackupInfID : 0x%016I64x\n", ReadField (BackupInfID));
|
|
dprintf("\t TargetLookupTable : 0x%016I64x\n", ReadField (TargetLookupTable));
|
|
dprintf("\t UnwindQueue : 0x%016I64x\n", ReadField (UnwindQueue));
|
|
dprintf("\t DelayMoveQueue : 0x%016I64x\n", ReadField (DelayMoveQueue));
|
|
dprintf("\t DelayMoveQueueTail : 0x%016I64x\n", ReadField (DelayMoveQueueTail));
|
|
|
|
dprintf("\t Signature : 0x%016I64x (%s)\n",
|
|
ReadField (Signature),
|
|
(ReadField (Signature) == SP_FILE_QUEUE_SIG) ? "VALID" : "INVALID" );
|
|
|
|
//
|
|
// dump the queue nodes
|
|
//
|
|
|
|
if (Mask & 1) {
|
|
|
|
if (ReadField (BackupQueue)) {
|
|
dprintf("\t ***BackupQueue***\n");
|
|
DumpFileQueueNodeList(ReadField (BackupQueue), Mask, TRUE );
|
|
InitTypeRead (pfq, SETUPAPI!SP_FILE_QUEUE);
|
|
}
|
|
|
|
if (ReadField (DeleteQueue)) {
|
|
dprintf("\t ***DeleteQueue***\n");
|
|
DumpFileQueueNodeList(ReadField (DeleteQueue), Mask, TRUE );
|
|
InitTypeRead (pfq, SETUPAPI!SP_FILE_QUEUE);
|
|
}
|
|
|
|
if (ReadField (RenameQueue)) {
|
|
dprintf("\t ***RenameQueue***\n");
|
|
DumpFileQueueNodeList( ReadField (RenameQueue), Mask, TRUE );
|
|
InitTypeRead (pfq, SETUPAPI!SP_FILE_QUEUE);
|
|
}
|
|
|
|
if (ReadField (SourceMediaList)) {
|
|
dprintf("\t ***source media list***\n");
|
|
DumpSourceMediaInfoList( ReadField (SourceMediaList), Mask, TRUE );
|
|
InitTypeRead (pfq, SETUPAPI!SP_FILE_QUEUE);
|
|
}
|
|
}
|
|
|
|
//
|
|
// dump the catalog info
|
|
//
|
|
if (Mask & 2) {
|
|
|
|
if (ReadField (CatalogList)) {
|
|
dprintf("\t ***CatalogList***\n");
|
|
DumpCatalogInfoList( ReadField (CatalogList), Mask, TRUE );
|
|
}
|
|
}
|
|
|
|
//
|
|
// dump the string table
|
|
//
|
|
|
|
if (Mask & 4) {
|
|
dprintf("\t ***StringTable***\n");
|
|
|
|
pst = ReadField (StringTable);
|
|
|
|
DumpStringTableHeader (pst);
|
|
|
|
stdata = GetStringTableData (pst);
|
|
|
|
if (!stdata) {
|
|
dprintf("error retrieving string table data!\n");
|
|
return;
|
|
}
|
|
}
|
|
|
|
|
|
|
|
//
|
|
// now, dump each node in the string table
|
|
//
|
|
for (i = 0; i<HASH_BUCKET_COUNT; i++ ) {
|
|
node = GetFirstNode(stdata, (stdata + (GetTypeSize ("SETUPAPI!ULONG_PTR") * i)), &offset );
|
|
|
|
if (!node) {
|
|
// dprintf("No data at hash bucket %d\n", i);
|
|
} else {
|
|
dprintf("Data at hash bucket %d\n", i);
|
|
while (node) {
|
|
|
|
boffset = GetTypeSize ("SETUPAPI!ULONG_PTR");
|
|
count = 0;
|
|
|
|
while (1)
|
|
{
|
|
|
|
if (count == sizeof (Buffer)) {
|
|
break;
|
|
}
|
|
|
|
ReadMemory (node + boffset + count,
|
|
(PWCHAR) &Buffer + count/2,
|
|
sizeof (WCHAR),
|
|
NULL);
|
|
|
|
if (!Buffer[count/2]) {
|
|
break;
|
|
}
|
|
|
|
count +=2;
|
|
}
|
|
dprintf("\tEntry Name:\t%ws (0x%08x)\n", Buffer, offset);
|
|
InitTypeRead (pst, SETUPAPI!STRING_TABLE);
|
|
pextradata = ReadField (Data) + offset + (wcslen(Buffer) + 1)*sizeof(WCHAR) + sizeof(DWORD);
|
|
dprintf("\tExtra Data:\t0x%016I64x\n", pextradata );
|
|
|
|
node = GetNextNode( stdata, node, &offset );
|
|
|
|
if (CheckInterupted()) {
|
|
return;
|
|
}
|
|
}
|
|
}
|
|
|
|
if (CheckInterupted()) {
|
|
return;
|
|
}
|
|
}
|
|
|
|
dprintf("\t ***TargetLookupTable***\n");
|
|
|
|
InitTypeRead (pfq, SETUPAPI!SP_FILE_QUEUE);
|
|
pst = ReadField (TargetLookupTable);
|
|
|
|
DumpStringTableHeader (pst);
|
|
|
|
stdata = GetStringTableData (pst);
|
|
if (!stdata) {
|
|
dprintf("error retrieving string table data!\n");
|
|
return;
|
|
}
|
|
|
|
//
|
|
// now, dump each node in the string table
|
|
//
|
|
for (i = 0; i<HASH_BUCKET_COUNT; i++ ) {
|
|
node = GetFirstNode(stdata, (stdata + (GetTypeSize ("SETUPAPI!ULONG_PTR") * i)), &offset );
|
|
|
|
if (!node) {
|
|
// dprintf("No data at hash bucket %d\n", i);
|
|
} else {
|
|
dprintf("Data at hash bucket %d\n", i);
|
|
while (node) {
|
|
|
|
boffset = GetTypeSize ("SETUPAPI!ULONG_PTR");
|
|
count = 0;
|
|
|
|
while (1)
|
|
{
|
|
|
|
if (count == sizeof (Buffer)) {
|
|
break;
|
|
}
|
|
|
|
ReadMemory (node + boffset + count,
|
|
(PWCHAR) &Buffer + count/2,
|
|
sizeof (WCHAR),
|
|
NULL);
|
|
|
|
if (!Buffer[count/2]) {
|
|
break;
|
|
}
|
|
|
|
count +=2;
|
|
}
|
|
|
|
dprintf("\tEntry Name:\t%ws (0x%08x)\n", Buffer, offset);
|
|
InitTypeRead (pst, SETUPAPI!STRING_TABLE);
|
|
pte = ReadField (Data) + offset + (wcslen(Buffer) + 1)*sizeof(WCHAR) + sizeof(DWORD);
|
|
DumpTargetEnt(pte);
|
|
|
|
node = GetNextNode( stdata, node, &offset );
|
|
|
|
if (CheckInterupted()) {
|
|
return;
|
|
}
|
|
}
|
|
}
|
|
|
|
if (CheckInterupted()) {
|
|
return;
|
|
}
|
|
}
|
|
|
|
//
|
|
// backup stuff
|
|
//
|
|
|
|
InitTypeRead (pfq, SETUPAPI!SP_FILE_QUEUE);
|
|
|
|
if (Mask & 8) {
|
|
|
|
if (ReadField (UnwindQueue)) {
|
|
dprintf("\t ***UnwindQueue***\n");
|
|
DumpUnwindList( ReadField (UnwindQueue), TRUE );
|
|
InitTypeRead (pfq, SETUPAPI!SP_FILE_QUEUE);
|
|
|
|
}
|
|
|
|
if (ReadField (DelayMoveQueue)) {
|
|
dprintf("\t ***DelayMoveQueue***\n");
|
|
DumpDelayMoveList(ReadField (DelayMoveQueue), TRUE );
|
|
InitTypeRead (pfq, SETUPAPI!SP_FILE_QUEUE);
|
|
|
|
}
|
|
|
|
if (ReadField (DelayMoveQueueTail)) {
|
|
dprintf("\t ***DelayMoveQueueTail***\n");
|
|
DumpDelayMoveList( ReadField (DelayMoveQueueTail), TRUE );
|
|
InitTypeRead (pfq, SETUPAPI!SP_FILE_QUEUE);
|
|
|
|
}
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
DECLARE_API( qcontext )
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This debugger extension dumps the data related to a queue context structure
|
|
|
|
Arguments:
|
|
|
|
|
|
Return Value:
|
|
|
|
--*/
|
|
{
|
|
ULONG64 pqc = 0, count = 0;
|
|
PUCHAR argptr = (PUCHAR) args;
|
|
UCHAR arg[2][100];
|
|
WCHAR Buffer[200];
|
|
ULONG argcount = 0;
|
|
|
|
|
|
while (*argptr != 0) {
|
|
|
|
if (*argptr == ' ') {
|
|
argcount++;
|
|
count = 0;
|
|
argptr++;
|
|
}
|
|
|
|
if (argcount > 1) {
|
|
break;
|
|
}
|
|
|
|
arg[argcount][count] = *argptr;
|
|
count++;
|
|
argptr++;
|
|
}
|
|
|
|
if (!arg[0][0]) {
|
|
|
|
dprintf ("qcontext: missing one or more parameters\nusage:!qcontext [address]\n");
|
|
return;
|
|
}
|
|
|
|
pqc = UtilStringToUlong64 (arg[0]);
|
|
|
|
|
|
InitTypeRead (pqc, SETUPAPI!QUEUECONTEXT);
|
|
|
|
dprintf("QUEUECONTEXT at :\t0x%016I64x\n", pqc);
|
|
dprintf("\t OwnerWindow : 0x%016I64x\n", ReadField (OwnerWindow));
|
|
dprintf("\t MainThreadId : 0x%016I64x\n", ReadField (MainThreadId));
|
|
dprintf("\t ProgressDialog : 0x%016I64x\n", ReadField (ProgressDialog));
|
|
dprintf("\t ProgressBar : 0x%016I64x\n", ReadField (ProgressBar));
|
|
dprintf("\t Cancelled : 0x%016I64x\n", ReadField (Cancelled));
|
|
|
|
UtilGetWStringField (pqc, "SETUPAPI!QUEUECONTEXT", "CurrentSourceName", Buffer, sizeof (Buffer));
|
|
dprintf("\t CurrentSourceName : %ws\n", Buffer);
|
|
|
|
dprintf("\t ScreenReader : 0x%016I64x\n", ReadField (ScreenReader));
|
|
dprintf("\t MessageBoxUp : 0x%016I64x\n", ReadField (MessageBoxUp));
|
|
dprintf("\t PendingUiType : 0x%016I64x\n", ReadField (PendingUiType));
|
|
dprintf("\t PendingUiParameters : 0x%016I64x\n", ReadField (PendingUiParameters));
|
|
dprintf("\t CancelReturnCode : 0x%016I64x\n", ReadField (CancelReturnCode));
|
|
dprintf("\t DialogKilled : 0x%016I64x\n", ReadField (DialogKilled));
|
|
dprintf("\t AlternateProgressWindow : 0x%016I64x\n", ReadField (AlternateProgressWindow));
|
|
dprintf("\t ProgressMsg : 0x%016I64x\n", ReadField (ProgressMsg));
|
|
dprintf("\t NoToAllMask : 0x%016I64x\n", ReadField (NoToAllMask));
|
|
dprintf("\t UiThreadHandle : 0x%016I64x\n", ReadField (UiThreadHandle));
|
|
|
|
}
|