mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
255 lines
4.4 KiB
255 lines
4.4 KiB
#include "precomp.h"
|
|
#pragma hdrstop
|
|
|
|
VOID
|
|
DumpMdlChain
|
|
(
|
|
ULONG _objAddr,
|
|
VERBOSITY Verbosity
|
|
);
|
|
|
|
DECLARE_API( MDLChain )
|
|
{
|
|
ULONG addressToDump = 0;
|
|
ULONG result;
|
|
|
|
if ( *args ) {
|
|
sscanf(args, "%lx", &addressToDump);
|
|
}
|
|
|
|
DumpMdlChain( addressToDump, VERBOSITY_NORMAL );
|
|
|
|
return;
|
|
}
|
|
|
|
#ifdef _obj
|
|
# undef _obj
|
|
# undef _objAddr
|
|
# undef _objType
|
|
#endif
|
|
|
|
#define _obj Mdl
|
|
#define _objAddr MdlToDump
|
|
#define _objType MDL
|
|
|
|
VOID
|
|
DumpMdlChain
|
|
(
|
|
ULONG _objAddr,
|
|
VERBOSITY Verbosity
|
|
)
|
|
{
|
|
_objType _obj;
|
|
ULONG result;
|
|
|
|
if ( !ReadMemory( _objAddr,
|
|
&_obj,
|
|
sizeof( _obj ),
|
|
&result ))
|
|
{
|
|
dprintf("%08lx: Could not read MDL structure\n", _objAddr );
|
|
return;
|
|
}
|
|
|
|
PrintStartStruct();
|
|
PrintPtr( Next );
|
|
PrintUShort( Size );
|
|
PrintXUShort( MdlFlags );
|
|
PrintPtr( Process );
|
|
PrintPtr( MappedSystemVa );
|
|
PrintPtr( StartVa );
|
|
PrintULong( ByteCount );
|
|
PrintULong( ByteOffset );
|
|
return;
|
|
}
|
|
|
|
VOID
|
|
DumpCTELock
|
|
(
|
|
ULONG_PTR LockToDump,
|
|
VERBOSITY Verbosity
|
|
)
|
|
{
|
|
CTELock Lock;
|
|
CTELock *pLock;
|
|
ULONG result;
|
|
|
|
pLock = ( CTELock * )LockToDump;
|
|
|
|
if ( !ReadMemory( LockToDump,
|
|
&Lock,
|
|
sizeof( Lock ),
|
|
&result ))
|
|
{
|
|
dprintf("%08lx: Could not read CTELock structure\n", LockToDump );
|
|
return;
|
|
}
|
|
|
|
dprintf( "{ Lock = %d }", Lock );
|
|
return;
|
|
}
|
|
|
|
#ifdef _obj
|
|
# undef _obj
|
|
# undef _objAddr
|
|
# undef _objType
|
|
#endif
|
|
|
|
#define _obj Timer
|
|
#define _objAddr pItem
|
|
#define _objType CTETimer
|
|
|
|
VOID
|
|
DumpCTETimer
|
|
(
|
|
ULONG_PTR TimerToDump,
|
|
VERBOSITY Verbosity
|
|
)
|
|
{
|
|
CTETimer Timer;
|
|
CTETimer *prTimer;
|
|
ULONG result;
|
|
|
|
prTimer = ( CTETimer * )TimerToDump;
|
|
|
|
if ( !ReadMemory( TimerToDump,
|
|
&Timer,
|
|
sizeof( Timer ),
|
|
&result ))
|
|
{
|
|
dprintf("%08lx: Could not read CTETimer structure\n", TimerToDump );
|
|
return;
|
|
}
|
|
|
|
PrintStart;
|
|
PrintULong( t_running );
|
|
PrintLock( t_lock );
|
|
PrintSymbolPtr( t_handler );
|
|
PrintXULong( t_arg );
|
|
// DPC
|
|
// KTIMER
|
|
PrintEnd;
|
|
return;
|
|
}
|
|
|
|
#ifdef _obj
|
|
# undef _obj
|
|
# undef _objAddr
|
|
# undef _objType
|
|
#endif
|
|
|
|
#define _obj Event
|
|
#define _objAddr pItem
|
|
#define _objType CTEEvent
|
|
|
|
VOID
|
|
DumpCTEEvent
|
|
(
|
|
ULONG_PTR _objAddr,
|
|
VERBOSITY Verbosity
|
|
)
|
|
{
|
|
_objType _obj;
|
|
ULONG result;
|
|
|
|
if ( !ReadMemory( _objAddr,
|
|
&_obj,
|
|
sizeof( _obj ),
|
|
&result ))
|
|
{
|
|
dprintf("%08lx: Could not read CTEEvent structure\n", _objAddr );
|
|
return;
|
|
}
|
|
|
|
PrintStart;
|
|
PrintULong( ce_scheduled );
|
|
PrintLock( ce_lock );
|
|
PrintSymbolPtr( ce_handler );
|
|
PrintXULong( ce_arg );
|
|
PrintWorkQueueItem( ce_workitem );
|
|
PrintEnd;
|
|
return;
|
|
}
|
|
|
|
#ifdef _obj
|
|
# undef _obj
|
|
# undef _objAddr
|
|
# undef _objType
|
|
#endif
|
|
|
|
#define _obj KEvent
|
|
#define _objAddr pItem
|
|
#define _objType KEVENT
|
|
|
|
VOID
|
|
DumpKEvent
|
|
(
|
|
ULONG_PTR _objAddr,
|
|
VERBOSITY Verbosity
|
|
)
|
|
{
|
|
_objType _obj;
|
|
ULONG result;
|
|
|
|
if ( !ReadMemory( _objAddr,
|
|
&_obj,
|
|
sizeof( _obj ),
|
|
&result ))
|
|
{
|
|
dprintf("%08lx: Could not read KEvent structure\n", _objAddr );
|
|
return;
|
|
}
|
|
|
|
PrintStart;
|
|
PrintUChar( Header.Type );
|
|
PrintUChar( Header.Absolute );
|
|
PrintUChar( Header.Size );
|
|
PrintUChar( Header.Inserted );
|
|
PrintXULong( Header.SignalState );
|
|
PrintLL( Header.WaitListHead );
|
|
PrintEnd;
|
|
return;
|
|
}
|
|
|
|
#ifdef _obj
|
|
# undef _obj
|
|
# undef _objAddr
|
|
# undef _objType
|
|
#endif
|
|
|
|
#define _obj QItem
|
|
#define _objAddr prQItem
|
|
#define _objType WORK_QUEUE_ITEM
|
|
|
|
VOID
|
|
DumpWorkQueueItem
|
|
(
|
|
ULONG_PTR ItemToDump,
|
|
VERBOSITY Verbosity
|
|
)
|
|
{
|
|
_objType _obj;
|
|
_objType *_objAddr;
|
|
ULONG result;
|
|
|
|
_objAddr = ( _objType * )ItemToDump;
|
|
|
|
if ( !ReadMemory( ItemToDump,
|
|
&_obj,
|
|
sizeof( _obj ),
|
|
&result ))
|
|
{
|
|
dprintf( "%08lx: Could not read %s structure\n",
|
|
ItemToDump,
|
|
"WORK_QUEUE_ITEM" );
|
|
return;
|
|
}
|
|
|
|
PrintStart;
|
|
PrintLL( List );
|
|
PrintSymbolPtr( WorkerRoutine );
|
|
PrintXULong( Parameter );
|
|
PrintEnd;
|
|
return;
|
|
}
|
|
|