mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
693 lines
17 KiB
693 lines
17 KiB
#include <windows.h>
|
|
#include "faultrep.h"
|
|
#include "util.h"
|
|
#include "stdio.h"
|
|
#include "malloc.h"
|
|
|
|
BOOL g_fDebug = FALSE;
|
|
|
|
enum EFaultType
|
|
{
|
|
eftAV = 0,
|
|
eftMisalign,
|
|
eftArrayBound,
|
|
|
|
eftStackOverflowFunc,
|
|
eftStackOverflowAlloc,
|
|
|
|
eftInstrPriv,
|
|
eftInstrBad,
|
|
|
|
eftIntDivZero,
|
|
eftIntOverflow,
|
|
|
|
eftFltDivZero,
|
|
eftFltOverflow,
|
|
eftFltUnderflow,
|
|
eftFltStack,
|
|
eftFltInexact,
|
|
eftFltDenormal,
|
|
eftFltInvalid,
|
|
|
|
eftExBadRet,
|
|
eftExNonCont,
|
|
};
|
|
|
|
// ***************************************************************************
|
|
void ShowUsage(void)
|
|
{
|
|
printf("\n");
|
|
printf("gpfme [command] [exception type]\n");
|
|
printf("\nCommand options:\n");
|
|
printf(" -a: Access violation (default if no command is specified)\n");
|
|
#ifndef _WIN64
|
|
printf(" -b: Array bound violation\n");
|
|
#endif
|
|
printf(" -i: Integer divide by 0 (default)\n");
|
|
printf(" -iz: Integer divide by 0\n");
|
|
printf(" -io: Integer overflow\n");
|
|
#ifdef _WIN64
|
|
printf(" -m: Data misalignment fault (not available on x86)\n");
|
|
#endif
|
|
printf(" -s: Stack overflow via infinite recursion (default) \n");
|
|
printf(" -sa: Stack overflow via alloca\n");
|
|
printf(" -sf: Stack overflow via infinite recursion\n");
|
|
printf(" -f: Floating point divide by 0 (default)\n");
|
|
printf(" -fi: Floating point inexact result\n");
|
|
printf(" -fn: Floating point invalid operation\n");
|
|
printf(" -fo: Floating point overflow\n");
|
|
printf(" -fu: Floating point underflow\n");
|
|
printf(" -fz: Floating point divide by 0\n");
|
|
printf(" -n: Execute privilidged instruction (default)\n");
|
|
printf(" -ni: Execute invalid instruction\n");
|
|
printf(" -np: Execute privilidged instruction\n");
|
|
}
|
|
|
|
|
|
// ***************************************************************************
|
|
LONG MyFilter(EXCEPTION_POINTERS *pep)
|
|
{
|
|
static BOOL fGotHere = FALSE;
|
|
|
|
EFaultRepRetVal frrv;
|
|
pfn_REPORTFAULT pfn = NULL;
|
|
HMODULE hmodFaultRep = NULL;
|
|
WCHAR szDebugger[2 * MAX_PATH];
|
|
BOOL fGotDbgr = FALSE;
|
|
char wszMsg[2048];
|
|
|
|
|
|
if (g_fDebug &&
|
|
(pep->ExceptionRecord->ExceptionCode == EXCEPTION_BREAKPOINT ||
|
|
pep->ExceptionRecord->ExceptionCode == EXCEPTION_SINGLE_STEP))
|
|
return EXCEPTION_CONTINUE_SEARCH;
|
|
|
|
if (g_fDebug && fGotHere)
|
|
return EXCEPTION_CONTINUE_SEARCH;
|
|
|
|
fGotHere = TRUE;
|
|
|
|
if (g_fDebug)
|
|
DebugBreak();
|
|
|
|
if (GetProfileStringW(L"AeDebug", L"Debugger", NULL, szDebugger, sizeofSTRW(szDebugger) - 1))
|
|
fGotDbgr = TRUE;
|
|
|
|
hmodFaultRep = LoadLibrary("faultrep.dll");
|
|
if (hmodFaultRep != NULL)
|
|
{
|
|
pfn = (pfn_REPORTFAULT)GetProcAddress(hmodFaultRep, "ReportFault");
|
|
if (pfn != NULL)
|
|
{
|
|
frrv = (*pfn)(pep, fGotDbgr);
|
|
}
|
|
else
|
|
{
|
|
printf("Unable to get ReportFault function\n");
|
|
return EXCEPTION_CONTINUE_SEARCH;
|
|
}
|
|
}
|
|
|
|
else
|
|
{
|
|
printf("Unable to load faultrep.dll\n");
|
|
return EXCEPTION_CONTINUE_SEARCH;
|
|
}
|
|
|
|
switch(frrv)
|
|
{
|
|
case frrvOk:
|
|
printf("DW completed fine.\n");
|
|
break;
|
|
|
|
case frrvOkManifest:
|
|
printf("DW completed fine in manifest mode.\n");
|
|
break;
|
|
|
|
case frrvOkQueued:
|
|
printf("DW completed fine in queue mode.\n");
|
|
break;
|
|
|
|
case frrvLaunchDebugger:
|
|
printf("DW completed fine & says to launch debugger.\n");
|
|
break;
|
|
|
|
case frrvErrNoDW:
|
|
printf("DW could not be launched.\n");
|
|
break;
|
|
|
|
case frrvErr:
|
|
printf("An error occurred.\n");
|
|
break;
|
|
|
|
case frrvErrTimeout:
|
|
printf("Timed out waiting for DW to complete.\n");
|
|
break;
|
|
|
|
default:
|
|
printf("unexpected return value...\n");
|
|
break;
|
|
|
|
}
|
|
|
|
if (hmodFaultRep != NULL)
|
|
FreeLibrary(hmodFaultRep);
|
|
|
|
return EXCEPTION_EXECUTE_HANDLER;
|
|
};
|
|
|
|
|
|
// ***************************************************************************
|
|
void NukeStack(void)
|
|
{
|
|
DWORD rgdw[512];
|
|
DWORD a = 1;
|
|
|
|
// the compiler tries to be smart and not let me deliberately write a
|
|
// infinitely recursive function, so gotta do this to work around it.
|
|
if(a == 1)
|
|
NukeStack();
|
|
}
|
|
|
|
// ***************************************************************************
|
|
typedef DWORD (*FAULT_FN)(void);
|
|
void DoException(EFaultType eft)
|
|
{
|
|
switch(eft)
|
|
{
|
|
// access violation
|
|
default:
|
|
case eftAV:
|
|
{
|
|
int *p = NULL;
|
|
|
|
fprintf(stderr, "Generating an access violation\n");
|
|
*p = 1;
|
|
fprintf(stderr, "Error: No exception thrown.\n");
|
|
break;
|
|
}
|
|
|
|
#ifdef _WIN64
|
|
// data misalignment
|
|
case eftMisalign:
|
|
{
|
|
DWORD *pdw;
|
|
BYTE rg[8];
|
|
|
|
fprintf(stderr, "Generating an misalignment fault.\n");
|
|
pdw = (DWORD *)&rg[2];
|
|
*pdw = 1;
|
|
fprintf(stderr, "Error: No exception thrown.\n");
|
|
break;
|
|
}
|
|
#endif
|
|
|
|
#ifndef _WIN64
|
|
// array bounds failure
|
|
case eftArrayBound:
|
|
{
|
|
fprintf(stderr, "Generating an out-of-bounds exception\n");
|
|
|
|
__int64 li;
|
|
DWORD *pdw = (DWORD *)&li;
|
|
|
|
*pdw = 1;
|
|
pdw++;
|
|
*pdw = 2;
|
|
|
|
// bound will throw an 'array out of bounds' exception
|
|
_asm mov eax, 0
|
|
_asm bound eax, li
|
|
fprintf(stderr, "Error: No exception thrown.\n");
|
|
break;
|
|
}
|
|
#endif
|
|
|
|
// stack overflow
|
|
case eftStackOverflowFunc:
|
|
{
|
|
fprintf(stderr, "Generating an stack overflow via recursion\n");
|
|
NukeStack();
|
|
fprintf(stderr, "Error: No exception thrown.\n");
|
|
break;
|
|
}
|
|
|
|
// stack overflow
|
|
case eftStackOverflowAlloc:
|
|
{
|
|
LPVOID pv;
|
|
DWORD i;
|
|
|
|
fprintf(stderr, "Generating an stack overflow via alloca\n");
|
|
for (i = 0; i < 0xffffffff; i++)
|
|
pv = _alloca(512);
|
|
fprintf(stderr, "Error: No exception thrown.\n");
|
|
break;
|
|
}
|
|
|
|
// integer divide by 0
|
|
case eftIntDivZero:
|
|
{
|
|
DWORD x = 4, y = 0;
|
|
|
|
fprintf(stderr, "Generating an integer div by 0\n");
|
|
x = x / y;
|
|
fprintf(stderr, "Error: No exception thrown.\n");
|
|
break;
|
|
}
|
|
|
|
// integer overflow
|
|
case eftIntOverflow:
|
|
{
|
|
|
|
fprintf(stderr, "Generating an integer overflow\n");
|
|
#ifdef _WIN64
|
|
__int64 x = 0x7fffffffffffffff, y = 0x7fffffffffffffff;
|
|
x = x + y;
|
|
#else
|
|
DWORD x = 0x7fffffff, y = 0x7fffffff;
|
|
x = x + y;
|
|
_asm into
|
|
#endif
|
|
fprintf(stderr, "Error: No exception thrown.\n");
|
|
break;
|
|
}
|
|
|
|
// floating point divide by 0
|
|
case eftFltDivZero:
|
|
{
|
|
double x = 4.1, y = 0.0;
|
|
WORD wCtl, wCtlNew;
|
|
|
|
fprintf(stderr, "Generating an floating point div by 0\n");
|
|
|
|
#ifdef _WIN64
|
|
x = x / y;
|
|
#else
|
|
// got to unmask the floating point exceptions so that the
|
|
// processor doesn't handle them on it's own
|
|
_asm fnstcw wCtl
|
|
wCtlNew = wCtl & 0xffc0;
|
|
_asm fldcw wCtlNew
|
|
x = x / y;
|
|
_asm fldcw wCtl
|
|
#endif
|
|
fprintf(stderr, "Error: No exception thrown.\n");
|
|
break;
|
|
}
|
|
|
|
// floating point stack overflow
|
|
case eftFltStack:
|
|
{
|
|
double x;
|
|
WORD wCtl, wCtlNew;
|
|
|
|
fprintf(stderr, "Generating an floating point stack overflow\n");
|
|
|
|
#ifdef _WIN64
|
|
#else
|
|
// Got to unmask the floating point exceptions so that the
|
|
// processor doesn't handle them on it's own
|
|
_asm fnstcw wCtl
|
|
wCtlNew = wCtl & 0xffc0;
|
|
_asm fldcw wCtlNew
|
|
|
|
// there should be 8 floating point stack registers, so attempting
|
|
// to add a 9th element should nuke it
|
|
_asm fld x
|
|
_asm fld x
|
|
_asm fld x
|
|
_asm fld x
|
|
_asm fld x
|
|
_asm fld x
|
|
_asm fld x
|
|
_asm fld x
|
|
_asm fld x
|
|
_asm fldcw wCtl
|
|
#endif
|
|
fprintf(stderr, "Error: No exception thrown.\n");
|
|
break;
|
|
}
|
|
|
|
// floating point overflow
|
|
case eftFltOverflow:
|
|
{
|
|
double x = 1.0, y = 10.0;
|
|
WORD wCtl, wCtlNew;
|
|
DWORD i;
|
|
|
|
fprintf(stderr, "Generating an floating point overflow\n");
|
|
|
|
#ifdef _WIN64
|
|
#else
|
|
// Got to unmask the floating point exceptions so that the
|
|
// processor doesn't handle them on it's own
|
|
_asm fnstcw wCtl
|
|
wCtlNew = wCtl & 0xffe0;
|
|
_asm fldcw wCtlNew
|
|
#endif
|
|
|
|
for(i = 0; i < 100000; i++)
|
|
x = x * y;
|
|
|
|
fprintf(stderr, "Error: No exception thrown.\n");
|
|
break;
|
|
}
|
|
|
|
// floating point invalid op
|
|
case eftFltInvalid:
|
|
{
|
|
double x = 1.0, y = 10.0;
|
|
WORD wCtl, wCtlNew;
|
|
DWORD i;
|
|
|
|
#ifdef _WIN64
|
|
#else
|
|
// Got to unmask the floating point exceptions so that the
|
|
// processor doesn't handle them on it's own
|
|
_asm fnstcw wCtl
|
|
wCtlNew = wCtl & 0xffe0;
|
|
_asm fldcw wCtlNew
|
|
#endif
|
|
|
|
fprintf(stderr, "Generating an floating point invalid operation\n");
|
|
for(i = 0; i < 100000; i++)
|
|
x = x / y;
|
|
|
|
fprintf(stderr, "Error: No exception thrown.\n");
|
|
break;
|
|
}
|
|
|
|
// floating point inexact result
|
|
case eftFltInexact:
|
|
{
|
|
double x = 1.0, y = 10.0;
|
|
WORD wCtl, wCtlNew;
|
|
DWORD i;
|
|
|
|
#ifdef _WIN64
|
|
#else
|
|
// Got to unmask the floating point exceptions so that the
|
|
// processor doesn't handle them on it's own
|
|
_asm fnstcw wCtl
|
|
wCtlNew = wCtl & 0xffc0;
|
|
_asm fldcw wCtlNew
|
|
#endif
|
|
|
|
fprintf(stderr, "Generating an floating point underflow\n");
|
|
for(i = 0; i < 100000; i++)
|
|
x = x / y;
|
|
|
|
fprintf(stderr, "Error: No exception thrown.\n");
|
|
break;
|
|
}
|
|
|
|
// floating point denormal value
|
|
case eftFltDenormal:
|
|
{
|
|
double x = 1.0;
|
|
DWORD i;
|
|
WORD wCtl, wCtlNew;
|
|
BYTE rg[8] = { 1, 0, 0, 0, 0, 0, 6, 0 };
|
|
|
|
fprintf(stderr, "Generating a floating point denormal exception\n");
|
|
|
|
#ifdef _WIN64
|
|
#else
|
|
// Got to unmask the floating point exceptions so that the
|
|
// processor doesn't handle them on it's own
|
|
memcpy(&x, rg, 8);
|
|
_asm fnstcw wCtl
|
|
wCtlNew = wCtl & 0xf2fc;
|
|
_asm fldcw wCtlNew
|
|
_asm fld x
|
|
#endif
|
|
|
|
fprintf(stderr, "Error: No exception thrown.\n");
|
|
break;
|
|
}
|
|
|
|
// executing a privilidged instruction
|
|
case eftInstrPriv:
|
|
{
|
|
fprintf(stderr, "Generating an privilidged instruction exception\n");
|
|
|
|
#ifdef _WIN64
|
|
#else
|
|
// must be ring 0 to execute HLT
|
|
_asm hlt
|
|
#endif
|
|
fprintf(stderr, "Error: No exception thrown.\n");
|
|
break;
|
|
}
|
|
|
|
// executing an invalid instruction
|
|
case eftInstrBad:
|
|
{
|
|
FAULT_FN pfn;
|
|
BYTE rgc[2048];
|
|
|
|
FillMemory(rgc, sizeof(rgc), 0);
|
|
pfn = (FAULT_FN)(DWORD_PTR)rgc;
|
|
|
|
fprintf(stderr, "Generating an invalid instruction exception\n");
|
|
(*pfn)();
|
|
|
|
fprintf(stderr, "Error: No exception thrown.\n");
|
|
break;
|
|
}
|
|
|
|
case eftExNonCont:
|
|
{
|
|
fprintf(stderr, "Generating an non-continuable exception- **not implemented**\n");
|
|
fprintf(stderr, "Error: No exception thrown.\n");
|
|
break;
|
|
}
|
|
|
|
case eftExBadRet:
|
|
{
|
|
fprintf(stderr, "Generating an bad exception filter exception- **not implemented**\n");
|
|
fprintf(stderr, "Error: No exception thrown.\n");
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
// ***************************************************************************
|
|
int __cdecl main(int argc, char **argv)
|
|
{
|
|
EFaultType eft = eftAV;
|
|
BOOL fCheckDebug = FALSE;
|
|
BOOL fUseTry = FALSE;
|
|
BOOL fUseFilter = FALSE;
|
|
|
|
if (argc >= 3 && (argv[2][0] == '/' || argv[2][0] == '-'))
|
|
{
|
|
switch(argv[2][1])
|
|
{
|
|
case 't':
|
|
case 'T':
|
|
if (argv[2][2] == 'D' || argv[2][2] == 'd')
|
|
g_fDebug = TRUE;
|
|
fUseTry = TRUE;
|
|
break;
|
|
|
|
case 'g':
|
|
case 'G':
|
|
if (argv[2][2] == 'D' || argv[2][2] == 'd')
|
|
g_fDebug = TRUE;
|
|
fUseFilter = TRUE;
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (argc >= 2 && (argv[1][0] == '/' || argv[1][0] == '-'))
|
|
{
|
|
switch(argv[1][1])
|
|
{
|
|
case 't':
|
|
case 'T':
|
|
if (argv[1][2] == 'D' || argv[1][2] == 'd')
|
|
g_fDebug = TRUE;
|
|
fUseTry = TRUE;
|
|
break;
|
|
|
|
case 'g':
|
|
case 'G':
|
|
if (argv[1][2] == 'D' || argv[1][2] == 'd')
|
|
g_fDebug = TRUE;
|
|
fUseFilter = TRUE;
|
|
break;
|
|
|
|
// AV
|
|
default:
|
|
case 'a':
|
|
case 'A':
|
|
eft = eftAV;
|
|
break;
|
|
#ifndef _WIN64
|
|
// array bounds
|
|
case 'b':
|
|
case 'B':
|
|
eft = eftArrayBound;
|
|
break;
|
|
#endif
|
|
|
|
#ifdef _WIN64
|
|
// Misalignment
|
|
case 'm':
|
|
case 'M':
|
|
eft = eftMisalign;
|
|
break;
|
|
#endif
|
|
|
|
// Stack overflow
|
|
case 's':
|
|
case 'S':
|
|
switch(argv[1][2])
|
|
{
|
|
default:
|
|
case 'f':
|
|
case 'F':
|
|
eft = eftStackOverflowFunc;
|
|
break;
|
|
|
|
case 'a':
|
|
case 'A':
|
|
eft = eftStackOverflowAlloc;
|
|
break;
|
|
};
|
|
break;
|
|
|
|
// integer exceptions
|
|
case 'i':
|
|
case 'I':
|
|
switch(argv[1][2])
|
|
{
|
|
default:
|
|
case 'z':
|
|
case 'Z':
|
|
eft = eftIntDivZero;
|
|
break;
|
|
|
|
case 'o':
|
|
case 'O':
|
|
eft = eftIntOverflow;
|
|
break;
|
|
};
|
|
break;
|
|
|
|
// floating point exceptions
|
|
case 'f':
|
|
case 'F':
|
|
switch(argv[1][2])
|
|
{
|
|
default:
|
|
case 'z':
|
|
case 'Z':
|
|
eft = eftFltDivZero;
|
|
break;
|
|
|
|
case 'o':
|
|
case 'O':
|
|
eft = eftFltOverflow;
|
|
break;
|
|
|
|
case 'u':
|
|
case 'U':
|
|
eft = eftFltUnderflow;
|
|
break;
|
|
|
|
case 'S':
|
|
case 's':
|
|
eft = eftFltStack;
|
|
break;
|
|
|
|
case 'I':
|
|
case 'i':
|
|
eft = eftFltInexact;
|
|
break;
|
|
|
|
case 'D':
|
|
case 'd':
|
|
eft = eftFltDenormal;
|
|
break;
|
|
|
|
case 'N':
|
|
case 'n':
|
|
eft = eftFltInvalid;
|
|
break;
|
|
};
|
|
break;
|
|
|
|
// CPU instruction exceptions
|
|
case 'n':
|
|
case 'N':
|
|
switch(argv[1][2])
|
|
{
|
|
default:
|
|
case 'p':
|
|
case 'P':
|
|
eft = eftInstrPriv;
|
|
break;
|
|
|
|
case 'i':
|
|
case 'I':
|
|
eft = eftInstrBad;
|
|
break;
|
|
};
|
|
break;
|
|
|
|
case 'E':
|
|
case 'e':
|
|
switch(argv[1][2])
|
|
{
|
|
default:
|
|
case 'n':
|
|
case 'N':
|
|
eft = eftExNonCont;
|
|
break;
|
|
|
|
case 'i':
|
|
case 'I':
|
|
eft = eftExBadRet;
|
|
break;
|
|
};
|
|
break;
|
|
|
|
// help
|
|
case '?':
|
|
ShowUsage();
|
|
return 0;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
eft = eftAV;
|
|
}
|
|
|
|
if (fUseFilter)
|
|
{
|
|
fUseTry = FALSE;
|
|
SetUnhandledExceptionFilter(MyFilter);
|
|
}
|
|
|
|
if (fUseTry)
|
|
{
|
|
__try
|
|
{
|
|
DoException(eft);
|
|
}
|
|
__except(MyFilter(GetExceptionInformation()))
|
|
{
|
|
}
|
|
}
|
|
|
|
else
|
|
{
|
|
DoException(eft);
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|