Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

3741 lines
91 KiB

//----------------------------------------------------------------------------
//
// Low-level debugging service interface implementations.
//
// Copyright (C) Microsoft Corporation, 2000-2001.
//
//----------------------------------------------------------------------------
#include "pch.hpp"
#include <time.h>
#include <comsvcs.h>
#include "dbgsvc.hpp"
#ifndef NT_NATIVE
// #include <winbasep.h>
extern "C" {
BOOL
WINAPI
CloseProfileUserMapping(
VOID
);
};
// winbasep.h
#else
#define CloseProfileUserMapping()
#endif
// SYSTEM_PROCESS_INFORMATION can change in size, requiring
// different offsets to get to thread information.
#define NT4_SYSTEM_PROCESS_INFORMATION_SIZE 136
#define W2K_SYSTEM_PROCESS_INFORMATION_SIZE 184
#define SYSTEM_PROCESS_NAME "System Process"
#define SYSTEM_PROCESS_NAME_W L"System Process"
#define PEBLESS_PROCESS_NAME "System"
ULONG g_UserServicesUninitialized;
//----------------------------------------------------------------------------
//
// UserDebugServices.
//
//----------------------------------------------------------------------------
UserDebugServices::UserDebugServices(void)
{
m_Refs = 1;
m_Initialized = FALSE;
}
UserDebugServices::~UserDebugServices(void)
{
}
STDMETHODIMP
UserDebugServices::QueryInterface(
THIS_
IN REFIID InterfaceId,
OUT PVOID* Interface
)
{
HRESULT Status;
*Interface = NULL;
Status = S_OK;
if (DbgIsEqualIID(InterfaceId, __uuidof(IUnknown)) ||
DbgIsEqualIID(InterfaceId, __uuidof(IUserDebugServices)))
{
*Interface = (IUserDebugServices *)this;
}
else
{
Status = E_NOINTERFACE;
}
if (Status == S_OK)
{
AddRef();
}
return Status;
}
STDMETHODIMP_(ULONG)
UserDebugServices::AddRef(
THIS
)
{
return InterlockedIncrement((PLONG)&m_Refs);
}
STDMETHODIMP_(ULONG)
UserDebugServices::Release(
THIS
)
{
LONG Refs = InterlockedDecrement((PLONG)&m_Refs);
if (Refs == 0)
{
delete this;
}
return Refs;
}
HRESULT
UserDebugServices::Initialize(
THIS_
OUT PULONG Flags
)
{
m_Initialized = TRUE;
*Flags = 0;
return S_OK;
}
HRESULT
UserDebugServices::Uninitialize(
THIS_
IN BOOL Global
)
{
m_Initialized = FALSE;
if (Global)
{
g_UserServicesUninitialized++;
}
return S_OK;
}
HRESULT
UserDebugServices::Initialize(PSTR Identity, PVOID* Interface)
{
HRESULT Status;
ULONG Flags;
if ((Status = Initialize(&Flags)) != S_OK)
{
return Status;
}
*Interface = (IUserDebugServices*)this;
return S_OK;
}
void
UserDebugServices::Finalize(void)
{
// Take a reference on this object for the RPC client
// thread to hold.
AddRef();
}
void
UserDebugServices::Uninitialize(void)
{
// Directly destroy the client object rather than releasing
// as the remote client may have exited without politely
// cleaning up references.
delete this;
}
//----------------------------------------------------------------------------
//
// LiveUserDebugServices.
//
//----------------------------------------------------------------------------
// This global instance is intended for direct use only
// by routines which need a temporary local service instance.
LiveUserDebugServices g_LiveUserDebugServices(FALSE);
LiveUserDebugServices::LiveUserDebugServices(BOOL Remote)
{
m_Remote = Remote;
m_EventProcessId = 0;
m_ContextSize = 0;
m_SysProcInfoSize = 0;
m_PlatformId = VER_PLATFORM_WIN32s;
m_DebugObject = NULL;
}
LiveUserDebugServices::~LiveUserDebugServices(void)
{
if (m_DebugObject != NULL)
{
g_NtDllCalls.NtClose(m_DebugObject);
}
}
HRESULT
GetOsVerInfo(LPOSVERSIONINFOW OsVersionInfo, PBOOL WideCsd)
{
*WideCsd = TRUE;
ZeroMemory(OsVersionInfo, sizeof(*OsVersionInfo));
OsVersionInfo->dwOSVersionInfoSize = sizeof(*OsVersionInfo);
#ifdef NT_NATIVE
NTSTATUS NtStatus;
if (!NT_SUCCESS(NtStatus = RtlGetVersion(OsVersionInfo)))
{
return HRESULT_FROM_NT(NtStatus);
}
#else
if (!GetVersionExW(OsVersionInfo))
{
if (GetLastError() == ERROR_CALL_NOT_IMPLEMENTED)
{
OSVERSIONINFOA InfoA;
// Must be Win9x.
ZeroMemory(&InfoA, sizeof(InfoA));
InfoA.dwOSVersionInfoSize = sizeof(InfoA);
if (!::GetVersionExA(&InfoA))
{
return WIN32_LAST_STATUS();
}
OsVersionInfo->dwMajorVersion = InfoA.dwMajorVersion;
OsVersionInfo->dwMinorVersion = InfoA.dwMinorVersion;
OsVersionInfo->dwBuildNumber = InfoA.dwBuildNumber;
OsVersionInfo->dwPlatformId = InfoA.dwPlatformId;
memcpy(OsVersionInfo->szCSDVersion, InfoA.szCSDVersion,
sizeof(InfoA.szCSDVersion));
*WideCsd = FALSE;
}
else
{
return WIN32_LAST_STATUS();
}
}
#endif
return S_OK;
}
HRESULT
LiveUserDebugServices::Initialize(
THIS_
OUT PULONG Flags
)
{
HRESULT Status;
OSVERSIONINFOW OsVersionInfo;
BOOL WideCsd;
if ((Status = GetOsVerInfo(&OsVersionInfo, &WideCsd)) != S_OK)
{
return Status;
}
ULONG BaseFlags;
if ((Status = UserDebugServices::Initialize(&BaseFlags)) != S_OK)
{
return Status;
}
m_PlatformId = OsVersionInfo.dwPlatformId;
// System structures may change size depending on the OS
// version. Pick the right size to use later.
if (m_PlatformId == VER_PLATFORM_WIN32_NT)
{
if (OsVersionInfo.dwBuildNumber <= 1381)
{
m_SysProcInfoSize = NT4_SYSTEM_PROCESS_INFORMATION_SIZE;
}
else if (OsVersionInfo.dwBuildNumber <= 2195)
{
m_SysProcInfoSize = W2K_SYSTEM_PROCESS_INFORMATION_SIZE;
}
else
{
m_SysProcInfoSize = sizeof(SYSTEM_PROCESS_INFORMATION);
}
}
// If the direct NT debugging APIs are available use them
// as they offer more flexibility.
if (g_NtDllCalls.DbgUiSetThreadDebugObject != NULL)
{
// The NtWait/Continue APIs do not automatically manage
// process and thread handles so the caller must close them.
BaseFlags |= DBGSVC_CLOSE_PROC_THREAD_HANDLES;
m_UseDebugObject = TRUE;
}
else
{
m_UseDebugObject = FALSE;
}
*Flags = BaseFlags | DBGSVC_GENERIC_CODE_BREAKPOINTS;
return S_OK;
}
HRESULT
LiveUserDebugServices::Uninitialize(
THIS_
IN BOOL Global
)
{
HRESULT Status;
if ((Status = UserDebugServices::Uninitialize(Global)) != S_OK)
{
return Status;
}
m_Remote = FALSE;
m_EventProcessId = 0;
m_ContextSize = 0;
m_PlatformId = VER_PLATFORM_WIN32s;
if (m_DebugObject != NULL)
{
::CloseHandle(m_DebugObject);
m_DebugObject = NULL;
}
return S_OK;
}
STDMETHODIMP
LiveUserDebugServices::GetTargetInfo(
THIS_
OUT PULONG MachineType,
OUT PULONG NumberProcessors,
OUT PULONG PlatformId,
OUT PULONG BuildNumber,
OUT PULONG CheckedBuild,
OUT PSTR CsdString,
IN ULONG CsdStringSize,
OUT PSTR BuildString,
IN ULONG BuildStringSize
)
{
HRESULT Status;
OSVERSIONINFOW OsVersionInfo;
BOOL WideCsd;
if ((Status = GetOsVerInfo(&OsVersionInfo, &WideCsd)) != S_OK)
{
return Status;
}
ULONG ProcArch, NumProc;
#ifdef NT_NATIVE
NTSTATUS NtStatus;
SYSTEM_BASIC_INFORMATION BasicInfo;
SYSTEM_PROCESSOR_INFORMATION ProcInfo;
if (!NT_SUCCESS(NtStatus =
NtQuerySystemInformation(SystemBasicInformation,
&BasicInfo, sizeof(BasicInfo),
NULL)) ||
!NT_SUCCESS(NtStatus =
NtQuerySystemInformation(SystemProcessorInformation,
&ProcInfo, sizeof(ProcInfo),
NULL)))
{
return HRESULT_FROM_NT(NtStatus);
}
ProcArch = ProcInfo.ProcessorArchitecture;
NumProc = BasicInfo.NumberOfProcessors;
#else
SYSTEM_INFO SystemInfo;
::GetSystemInfo(&SystemInfo);
ProcArch = SystemInfo.wProcessorArchitecture;
NumProc = SystemInfo.dwNumberOfProcessors;
#endif
switch(ProcArch)
{
case PROCESSOR_ARCHITECTURE_INTEL:
*MachineType = IMAGE_FILE_MACHINE_I386;
if (OsVersionInfo.dwPlatformId == VER_PLATFORM_WIN32_NT)
{
if (OsVersionInfo.dwBuildNumber <= 1381)
{
m_ContextSize = sizeof(X86_CONTEXT);
}
else
{
m_ContextSize = sizeof(X86_NT5_CONTEXT);
}
}
else if ((OsVersionInfo.dwBuildNumber & 0xffff) <= 1998)
{
// Win9x prior to Win98SE didn't support the extended context.
m_ContextSize = sizeof(X86_CONTEXT);
}
else
{
m_ContextSize = sizeof(X86_NT5_CONTEXT);
}
break;
case PROCESSOR_ARCHITECTURE_ALPHA:
*MachineType = IMAGE_FILE_MACHINE_ALPHA;
// The "NT5" is a misnomer, this context
// applies to all versions.
m_ContextSize = sizeof(ALPHA_NT5_CONTEXT);
break;
case PROCESSOR_ARCHITECTURE_ALPHA64:
*MachineType = IMAGE_FILE_MACHINE_AXP64;
m_ContextSize = sizeof(ALPHA_NT5_CONTEXT);
break;
case PROCESSOR_ARCHITECTURE_IA64:
*MachineType = IMAGE_FILE_MACHINE_IA64;
m_ContextSize = sizeof(IA64_CONTEXT);
break;
default:
return E_UNEXPECTED;
}
*NumberProcessors = NumProc;
*PlatformId = OsVersionInfo.dwPlatformId;
*BuildNumber = OsVersionInfo.dwBuildNumber;
*CheckedBuild = 0;
if (WideCsd)
{
if (!WideCharToMultiByte(CP_ACP, 0, OsVersionInfo.szCSDVersion, -1,
CsdString, CsdStringSize, NULL, NULL))
{
CsdString[0] = 0;
}
}
else
{
CsdString[0] = 0;
strncat(CsdString, (PSTR)OsVersionInfo.szCSDVersion, CsdStringSize);
}
BuildString[0] = 0;
#ifndef NT_NATIVE
if (VER_PLATFORM_WIN32_NT == OsVersionInfo.dwPlatformId)
{
HKEY hkey = NULL;
TCHAR sz[40] = {0};
DWORD dwType;
DWORD dwSize = sizeof(sz);
if (ERROR_SUCCESS ==
RegOpenKeyEx(HKEY_LOCAL_MACHINE,
"Software\\Microsoft\\Windows NT\\CurrentVersion",
0,
KEY_READ,
&hkey))
{
if (ERROR_SUCCESS ==
RegQueryValueEx(hkey,
"CurrentType",
NULL,
&dwType,
(PUCHAR) sz,
&dwSize))
{
if (*sz)
{
_strlwr(sz);
if (strstr(sz, "checked"))
{
*CheckedBuild = 0xC;
}
}
}
RegCloseKey(hkey);
}
if (OsVersionInfo.dwBuildNumber > 2195)
{
char RawString[128];
// Look up the file version string for a system DLL to
// try and get the build lab information.
strcpy(RawString, "kernel32.dll version: ");
GetFileStringFileInfo("kernel32.dll", "FileVersion",
RawString + strlen(RawString),
sizeof(RawString) - strlen(RawString));
strncat(BuildString, RawString, BuildStringSize);
}
}
#endif // #ifndef NT_NATIVE
return S_OK;
}
BOOL
X86CpuId(
IN ULONG SubFunction,
OUT PULONG EaxRegister,
OUT PULONG EbxRegister,
OUT PULONG EcxRegister,
OUT PULONG EdxRegister
)
{
#ifdef _X86_
ULONG _Eax;
ULONG _Ebx;
ULONG _Ecx;
ULONG _Edx;
__asm
{
mov eax, SubFunction
__emit 0x0F
__emit 0xA2 ;; CPUID
mov _Eax, eax
mov _Ebx, ebx
mov _Ecx, ecx
mov _Edx, edx
}
*EaxRegister = _Eax;
*EbxRegister = _Ebx;
*EcxRegister = _Ecx;
*EdxRegister = _Edx;
return TRUE;
#else
return FALSE;
#endif // #ifdef _X86_
}
BOOL
Ia64CpuId(ULONG Reg, PULONG64 Val)
{
// XXX drewb - How should this be implemented?
#if defined(_IA64_) && defined(IA64_INLINE_ASSEMBLY)
ULONG64 _Val;
__asm mov t0, Reg;
__asm mov _Val, cpuid[t0];
*Val = _Val;
return TRUE;
#else
return FALSE;
#endif
}
STDMETHODIMP
LiveUserDebugServices::GetProcessorId(
THIS_
OUT PVOID Buffer,
IN ULONG BufferSize,
OUT PULONG BufferUsed
)
{
if (BufferSize < sizeof(DEBUG_PROCESSOR_IDENTIFICATION_ALL))
{
return E_INVALIDARG;
}
ZeroMemory(Buffer, sizeof(DEBUG_PROCESSOR_IDENTIFICATION_ALL));
ULONG ProcArch, ProcLevel, ProcRevision;
#ifdef NT_NATIVE
NTSTATUS NtStatus;
SYSTEM_PROCESSOR_INFORMATION ProcInfo;
if (!NT_SUCCESS(NtStatus =
NtQuerySystemInformation(SystemProcessorInformation,
&ProcInfo, sizeof(ProcInfo),
NULL)))
{
return HRESULT_FROM_NT(NtStatus);
}
ProcArch = ProcInfo.ProcessorArchitecture;
ProcLevel = ProcInfo.ProcessorLevel;
ProcRevision = ProcInfo.ProcessorRevision;
#else
SYSTEM_INFO SystemInfo;
::GetSystemInfo(&SystemInfo);
ProcArch = SystemInfo.wProcessorArchitecture;
ProcLevel = SystemInfo.wProcessorLevel;
ProcRevision = SystemInfo.wProcessorRevision;
#endif
PDEBUG_PROCESSOR_IDENTIFICATION_ALL Id =
(PDEBUG_PROCESSOR_IDENTIFICATION_ALL)Buffer;
ULONG64 Val;
switch(ProcArch)
{
case PROCESSOR_ARCHITECTURE_INTEL:
*BufferUsed = sizeof(DEBUG_PROCESSOR_IDENTIFICATION_X86);
Id->X86.Family = ProcLevel;
Id->X86.Model = (ProcRevision >> 8) & 0xf;
Id->X86.Stepping = ProcRevision & 0xf;
if (ProcLevel >= 5)
{
ULONG Eax, Ebx, Ecx, Edx;
if (X86CpuId(0, &Eax, &Ebx, &Ecx, &Edx))
{
*(PULONG)(Id->X86.VendorString + 0 * sizeof(ULONG)) = Ebx;
*(PULONG)(Id->X86.VendorString + 1 * sizeof(ULONG)) = Edx;
*(PULONG)(Id->X86.VendorString + 2 * sizeof(ULONG)) = Ecx;
}
}
break;
case PROCESSOR_ARCHITECTURE_ALPHA:
*BufferUsed = sizeof(DEBUG_PROCESSOR_IDENTIFICATION_ALPHA);
Id->Alpha.Type = ProcLevel;
Id->Alpha.Revision = ProcRevision;
break;
case PROCESSOR_ARCHITECTURE_IA64:
*BufferUsed = sizeof(DEBUG_PROCESSOR_IDENTIFICATION_IA64);
Id->Ia64.Model = ProcLevel;
Id->Ia64.Revision = ProcRevision;
if (Ia64CpuId(3, &Val))
{
Id->Ia64.ArchRev = (ULONG)((Val >> 32) & 0xff);
Id->Ia64.Family = (ULONG)((Val >> 24) & 0xff);
Ia64CpuId(0, (PULONG64)
(Id->Ia64.VendorString + 0 * sizeof(ULONG64)));
Ia64CpuId(1, (PULONG64)
(Id->Ia64.VendorString + 1 * sizeof(ULONG64)));
}
break;
case PROCESSOR_ARCHITECTURE_AMD64:
*BufferUsed = sizeof(DEBUG_PROCESSOR_IDENTIFICATION_AMD64);
Id->Amd64.Family = ProcLevel;
Id->Amd64.Model = (ProcRevision >> 8) & 0xf;
Id->Amd64.Stepping = ProcRevision & 0xf;
break;
}
return S_OK;
}
STDMETHODIMP
LiveUserDebugServices::GetFileVersionInformation(
THIS_
IN PCSTR File,
IN PCSTR Item,
OUT OPTIONAL PVOID Buffer,
IN ULONG BufferSize,
OUT OPTIONAL PULONG VerInfoSize
)
{
#ifndef NT_NATIVE
PVOID AllInfo = GetAllFileVersionInfo((PSTR)File);
if (AllInfo == NULL)
{
return E_OUTOFMEMORY;
}
HRESULT Status;
PVOID Val;
UINT ValSize;
if (VerQueryValue(AllInfo, (PSTR)Item, &Val, &ValSize))
{
Status = FillDataBuffer(Val, ValSize,
Buffer, BufferSize, VerInfoSize);
}
else
{
Status = WIN32_LAST_STATUS();
}
free(AllInfo);
return Status;
#else // #ifndef NT_NATIVE
return E_UNEXPECTED;
#endif // #ifndef NT_NATIVE
}
HRESULT
GetNtSystemProcessInformation(PSYSTEM_PROCESS_INFORMATION* ProcInfo)
{
NTSTATUS NtStatus;
PVOID Buffer;
SIZE_T BufferSize = 8192;
for (;;)
{
Buffer = NULL;
NtStatus = g_NtDllCalls.
NtAllocateVirtualMemory(NtCurrentProcess(),
&Buffer, 0, &BufferSize,
MEM_COMMIT, PAGE_READWRITE);
if (!NT_SUCCESS(NtStatus))
{
return HRESULT_FROM_NT(NtStatus);
}
NtStatus = g_NtDllCalls.
NtQuerySystemInformation(SystemProcessInformation,
Buffer, (ULONG)BufferSize, NULL);
if (NT_SUCCESS(NtStatus))
{
break;
}
g_NtDllCalls.NtFreeVirtualMemory(NtCurrentProcess(),
&Buffer, &BufferSize, MEM_RELEASE);
if (NtStatus == STATUS_INFO_LENGTH_MISMATCH)
{
BufferSize += 8192;
}
else
{
return HRESULT_FROM_NT(NtStatus);
}
}
*ProcInfo = (PSYSTEM_PROCESS_INFORMATION)Buffer;
return S_OK;
}
HRESULT
NtGetProcessIds(PULONG Ids, ULONG Count, PULONG ActualCount)
{
HRESULT Status;
PSYSTEM_PROCESS_INFORMATION ProcessInfo, ProcInfoBuffer;
if ((Status = GetNtSystemProcessInformation(&ProcInfoBuffer)) != S_OK)
{
return Status;
}
ULONG TotalOffset;
ULONG ProcessCount;
ProcessInfo = ProcInfoBuffer;
TotalOffset = 0;
ProcessCount = 0;
for (;;)
{
if (ProcessCount < Count)
{
Ids[ProcessCount] = (ULONG)(ULONG_PTR)ProcessInfo->UniqueProcessId;
}
ProcessCount++;
if (ProcessInfo->NextEntryOffset == 0)
{
break;
}
TotalOffset += ProcessInfo->NextEntryOffset;
ProcessInfo = (PSYSTEM_PROCESS_INFORMATION)
((PUCHAR)ProcInfoBuffer + TotalOffset);
}
if (ActualCount != NULL)
{
*ActualCount = ProcessCount;
}
SIZE_T MemSize;
g_NtDllCalls.NtFreeVirtualMemory(NtCurrentProcess(),
(PVOID*)&ProcInfoBuffer, &MemSize,
MEM_RELEASE);
return Status;
}
HRESULT
W9xGetProcessIds(PULONG Ids, ULONG Count, PULONG ActualCount)
{
#ifndef NT_NATIVE
HRESULT Status;
HANDLE Snap;
Snap = g_Kernel32Calls.CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (Snap == INVALID_HANDLE_VALUE)
{
return WIN32_LAST_STATUS();
}
ULONG ProcessCount = 0;
for (;;)
{
PROCESSENTRY32 Proc;
BOOL Succ;
Proc.dwSize = sizeof(Proc);
if (ProcessCount == 0)
{
Succ = g_Kernel32Calls.Process32First(Snap, &Proc);
}
else
{
Succ = g_Kernel32Calls.Process32Next(Snap, &Proc);
}
if (!Succ)
{
break;
}
if (ProcessCount < Count)
{
Ids[ProcessCount] = Proc.th32ProcessID;
}
ProcessCount++;
}
if (ActualCount != NULL)
{
*ActualCount = ProcessCount;
}
CloseHandle(Snap);
return S_OK;
#else
return E_UNEXPECTED;
#endif
}
STDMETHODIMP
LiveUserDebugServices::GetProcessIds(
THIS_
OUT OPTIONAL /* size_is(Count) */ PULONG Ids,
IN ULONG Count,
OUT OPTIONAL PULONG ActualCount
)
{
HRESULT Status;
// Allow privileged enumeration.
if ((Status = EnableDebugPrivilege()) != S_OK)
{
return Status;
}
switch(m_PlatformId)
{
case VER_PLATFORM_WIN32_NT:
return NtGetProcessIds(Ids, Count, ActualCount);
case VER_PLATFORM_WIN32_WINDOWS:
return W9xGetProcessIds(Ids, Count, ActualCount);
default:
return E_UNEXPECTED;
}
}
HRESULT
NtGetPidByExe(PCSTR ExeName, ULONG Flags, PULONG Id)
{
HRESULT Status;
// Rather than converting each process name to ANSI and
// comparing, convert the incoming name to Unicode so
// only one conversion is needed.
WCHAR WideName[MAX_PATH];
BOOL WideHasPath;
if (!MultiByteToWideChar(CP_ACP, 0, ExeName, -1,
WideName, sizeof(WideName) / sizeof(WCHAR)))
{
return WIN32_LAST_STATUS();
}
// Check if the given name has path components.
WideHasPath =
wcschr(WideName, '\\') != NULL ||
wcschr(WideName, '/') != NULL ||
(WideName[0] && WideName[1] == ':');
PSYSTEM_PROCESS_INFORMATION ProcessInfo, ProcInfoBuffer;
if ((Status = GetNtSystemProcessInformation(&ProcInfoBuffer)) != S_OK)
{
return Status;
}
ULONG TotalOffset;
ULONG FoundId;
ProcessInfo = ProcInfoBuffer;
TotalOffset = 0;
FoundId = DEBUG_ANY_ID;
Status = E_NOINTERFACE;
for (;;)
{
PWSTR ImageName;
if (ProcessInfo->ImageName.Buffer == NULL)
{
ImageName = SYSTEM_PROCESS_NAME_W;
}
else
{
ImageName = ProcessInfo->ImageName.Buffer;
}
if ((Flags & DEBUG_GET_PROC_FULL_MATCH) == 0 &&
!WideHasPath)
{
PWSTR Slash;
Slash = wcsrchr(ImageName, '\\');
if (Slash == NULL)
{
Slash = wcsrchr(ImageName, '/');
}
if (Slash != NULL)
{
ImageName = Slash + 1;
}
}
if (!_wcsicmp(ImageName, WideName))
{
if ((Flags & DEBUG_GET_PROC_ONLY_MATCH) &&
FoundId != DEBUG_ANY_ID)
{
Status = S_FALSE;
break;
}
Status = S_OK;
FoundId = (ULONG)(ULONG_PTR)ProcessInfo->UniqueProcessId;
*Id = FoundId;
if ((Flags & DEBUG_GET_PROC_ONLY_MATCH) == 0)
{
break;
}
}
if (ProcessInfo->NextEntryOffset == 0)
{
break;
}
TotalOffset += ProcessInfo->NextEntryOffset;
ProcessInfo = (PSYSTEM_PROCESS_INFORMATION)
((PUCHAR)ProcInfoBuffer + TotalOffset);
}
SIZE_T MemSize;
g_NtDllCalls.NtFreeVirtualMemory(NtCurrentProcess(),
(PVOID*)&ProcInfoBuffer, &MemSize,
MEM_RELEASE);
return Status;
}
HRESULT
W9xGetPidByExe(PCSTR ExeName, ULONG Flags, PULONG Id)
{
#ifndef NT_NATIVE
HRESULT Status;
HANDLE Snap;
Snap = g_Kernel32Calls.CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (Snap == INVALID_HANDLE_VALUE)
{
return WIN32_LAST_STATUS();
}
// Check if the given name has path components.
BOOL HasPath =
strchr(ExeName, '\\') != NULL ||
strchr(ExeName, '/') != NULL ||
(ExeName[0] && ExeName[1] == ':');
ULONG FoundId = DEBUG_ANY_ID;
BOOL First = TRUE;
for (;;)
{
PROCESSENTRY32 Proc;
BOOL Succ;
Proc.dwSize = sizeof(Proc);
if (First)
{
Succ = g_Kernel32Calls.Process32First(Snap, &Proc);
First = FALSE;
}
else
{
Succ = g_Kernel32Calls.Process32Next(Snap, &Proc);
}
if (!Succ)
{
break;
}
PSTR ImageName = Proc.szExeFile;
if ((Flags & DEBUG_GET_PROC_FULL_MATCH) == 0 &&
!HasPath)
{
PSTR Slash;
Slash = strrchr(ImageName, '\\');
if (Slash == NULL)
{
Slash = strrchr(ImageName, '/');
}
if (Slash != NULL)
{
ImageName = Slash + 1;
}
}
if (!_stricmp(ImageName, ExeName))
{
if ((Flags & DEBUG_GET_PROC_ONLY_MATCH) &&
FoundId != DEBUG_ANY_ID)
{
Status = S_FALSE;
break;
}
Status = S_OK;
FoundId = Proc.th32ProcessID;
*Id = FoundId;
if ((Flags & DEBUG_GET_PROC_ONLY_MATCH) == 0)
{
break;
}
}
}
CloseHandle(Snap);
return S_OK;
#else
return E_UNEXPECTED;
#endif
}
STDMETHODIMP
LiveUserDebugServices::GetProcessIdByExecutableName(
THIS_
IN PCSTR ExeName,
IN ULONG Flags,
OUT PULONG Id
)
{
HRESULT Status;
// Allow privileged enumeration.
if ((Status = EnableDebugPrivilege()) != S_OK)
{
return Status;
}
switch(m_PlatformId)
{
case VER_PLATFORM_WIN32_NT:
return NtGetPidByExe(ExeName, Flags, Id);
case VER_PLATFORM_WIN32_WINDOWS:
return W9xGetPidByExe(ExeName, Flags, Id);
default:
return E_UNEXPECTED;
}
}
HRESULT
ConvertProcessUnicodeString(HANDLE Process,
PUNICODE_STRING UniString,
PSTR* AnsiString)
{
HRESULT Status;
PSTR Ansi = NULL;
PWSTR Wide = NULL;
SIZE_T Done;
Wide = new WCHAR[UniString->Length + 1];
if (Wide == NULL)
{
return E_OUTOFMEMORY;
}
Ansi = new CHAR[UniString->Length + 1];
if (Ansi == NULL)
{
Status = E_OUTOFMEMORY;
goto Exit;
}
if (!::ReadProcessMemory(Process, UniString->Buffer, Wide,
(UniString->Length + 1) * sizeof(WCHAR), &Done))
{
Status = WIN32_LAST_STATUS();
goto Exit;
}
if (Done != (UniString->Length + 1) * sizeof(WCHAR))
{
Status = E_FAIL;
goto Exit;
}
if (!WideCharToMultiByte(CP_ACP, 0, Wide, UniString->Length + 1,
Ansi, UniString->Length + 1, NULL, NULL))
{
Status = WIN32_LAST_STATUS();
goto Exit;
}
*AnsiString = Ansi;
Ansi = NULL;
Status = S_OK;
Exit:
delete Ansi;
delete Wide;
return Status;
}
#ifndef NT_NATIVE
HRESULT
NtGetServiceStatus(PULONG NumServices,
LPENUM_SERVICE_STATUS_PROCESS* ServiceStatus)
{
SC_HANDLE Scm;
Scm = g_Advapi32Calls.OpenSCManagerA(NULL, NULL,
SC_MANAGER_CONNECT |
SC_MANAGER_ENUMERATE_SERVICE);
if (!Scm)
{
return WIN32_LAST_STATUS();
}
HRESULT Status;
LPENUM_SERVICE_STATUS_PROCESS Info;
ULONG InfoSize = 8 * 1024;
ULONG ExtraNeeded;
ULONG Resume;
ULONG Loop = 0;
//
// First pass through the loop allocates from an initial guess.
// If that isn't sufficient, we make another pass and allocate
// what is actually needed. Things may have changed due to
// other machine changes, so loop around a few times before
// giving up.
//
for (;;)
{
Info = (LPENUM_SERVICE_STATUS_PROCESS)malloc(InfoSize);
if (!Info)
{
Status = E_OUTOFMEMORY;
break;
}
Resume = 0;
if (!g_Advapi32Calls.EnumServicesStatusExA(Scm,
SC_ENUM_PROCESS_INFO,
SERVICE_WIN32,
SERVICE_ACTIVE,
(LPBYTE)Info,
InfoSize,
&ExtraNeeded,
NumServices,
&Resume,
NULL))
{
free(Info);
if (Loop > 2 || GetLastError() != ERROR_MORE_DATA)
{
Status = WIN32_LAST_STATUS();
break;
}
}
else
{
*ServiceStatus = Info;
Status = S_OK;
break;
}
InfoSize += ExtraNeeded;
Loop++;
}
CloseServiceHandle(Scm);
return Status;
}
HRESULT
NtGetProcessServiceNames(HRESULT RetStatus, ULONG ProcessId,
PSTR* Description, ULONG* DescriptionSize,
PULONG ActualDescriptionSize, PBOOL Any)
{
HRESULT Status;
if (!g_Advapi32Calls.EnumServicesStatusExA ||
!g_Advapi32Calls.OpenSCManagerA)
{
return RetStatus;
}
ULONG i, NumServices;
LPENUM_SERVICE_STATUS_PROCESS ServiceStatus;
BOOL AnyServices = FALSE;
if ((Status = NtGetServiceStatus(&NumServices, &ServiceStatus)) != S_OK)
{
// If we can't get the service status just leave the
// string unchanged and do not consider it a serious error.
return RetStatus;
}
for (i = 0; i < NumServices; i++)
{
if (ServiceStatus[i].ServiceStatusProcess.dwProcessId != ProcessId ||
!ServiceStatus[i].lpServiceName ||
!ServiceStatus[i].lpServiceName[0])
{
continue;
}
PSTR Intro;
if (AnyServices)
{
Intro = ",";
}
else if (*Any)
{
Intro = " Services: ";
}
else
{
Intro = "Services: ";
}
RetStatus = AppendToStringBuffer(RetStatus, Intro, !*Any,
Description, DescriptionSize,
ActualDescriptionSize);
RetStatus = AppendToStringBuffer(RetStatus,
ServiceStatus[i].lpServiceName, FALSE,
Description, DescriptionSize,
ActualDescriptionSize);
*Any = TRUE;
AnyServices = TRUE;
}
free(ServiceStatus);
return RetStatus;
}
HRESULT
NtGetProcessMtsPackageNames(HRESULT RetStatus, ULONG ProcessId,
PSTR* Description, ULONG* DescriptionSize,
PULONG ActualDescriptionSize, PBOOL Any)
{
HRESULT Status;
// Load and initialize ole32.dll so we can call CoCreateInstance.
if ((Status = InitDynamicCalls(&g_Ole32CallsDesc)) != S_OK ||
(Status = InitDynamicCalls(&g_OleAut32CallsDesc)) != S_OK ||
(Status = g_Ole32Calls.
CoInitializeEx(NULL, COINIT_MULTITHREADED)) != S_OK)
{
// Just leave things unchanged on failure.
return RetStatus;
}
IMtsGrp* MtsGrp = NULL;
long Packages;
long i;
BOOL AnyPackages = FALSE;
if ((Status = g_Ole32Calls.
CoCreateInstance(CLSID_MtsGrp, NULL, CLSCTX_ALL,
__uuidof(IMtsGrp), (void **)&MtsGrp)) != S_OK ||
(Status = MtsGrp->Refresh()) != S_OK ||
(Status = MtsGrp->get_Count(&Packages)) != S_OK)
{
goto Exit;
}
for (i = 0; i < Packages; i++)
{
IUnknown* Unk;
IMtsEvents* Events;
BSTR Name;
ULONG Pid;
if ((Status = MtsGrp->Item(i, &Unk)) != S_OK)
{
continue;
}
Status = Unk->QueryInterface(IID_IMtsEvents, (void **)&Events);
Unk->Release();
if (Status != S_OK)
{
continue;
}
Status = Events->GetProcessID((PLONG)&Pid);
if (Status == S_OK && Pid == ProcessId)
{
Status = Events->get_PackageName(&Name);
}
Events->Release();
if (Status != S_OK || Pid != ProcessId)
{
continue;
}
char NameA[MAX_PATH];
int Conv;
Conv = WideCharToMultiByte(CP_ACP, 0, Name, -1, NameA, sizeof(NameA),
NULL, NULL);
g_OleAut32Calls.SysFreeString(Name);
if (Conv > 0)
{
PSTR Intro;
if (AnyPackages)
{
Intro = ",";
}
else if (*Any)
{
Intro = " MTS Packages: ";
}
else
{
Intro = "MTS Packages: ";
}
RetStatus = AppendToStringBuffer(RetStatus, Intro, !*Any,
Description, DescriptionSize,
ActualDescriptionSize);
RetStatus = AppendToStringBuffer(RetStatus, NameA, FALSE,
Description, DescriptionSize,
ActualDescriptionSize);
*Any = TRUE;
AnyPackages = TRUE;
}
}
Exit:
if (MtsGrp)
{
MtsGrp->Release();
}
g_Ole32Calls.CoUninitialize();
return RetStatus;
}
#endif // #ifndef NT_NATIVE
HRESULT
NtGetProcDesc(ULONG ProcessId, ULONG Flags,
PSTR ExeName, ULONG ExeNameSize, PULONG ActualExeNameSize,
PSTR Description, ULONG DescriptionSize,
PULONG ActualDescriptionSize)
{
HRESULT Status;
if (ProcessId == 0)
{
// This is base system process so fake the description.
Status = FillStringBuffer(SYSTEM_PROCESS_NAME, 0,
ExeName, ExeNameSize, ActualExeNameSize);
FillStringBuffer("", 0,
Description, DescriptionSize, ActualDescriptionSize);
return Status;
}
NTSTATUS NtStatus;
HANDLE Process;
OBJECT_ATTRIBUTES ObjAttr;
CLIENT_ID ClientId;
ClientId.UniqueThread = NULL;
ClientId.UniqueProcess = (HANDLE)(ULONG_PTR)ProcessId;
InitializeObjectAttributes(&ObjAttr, NULL, 0, NULL, NULL);
NtStatus = g_NtDllCalls.NtOpenProcess(&Process, PROCESS_ALL_ACCESS,
&ObjAttr, &ClientId);
if (!NT_SUCCESS(NtStatus))
{
Status = HRESULT_FROM_NT(NtStatus);
goto EH_Exit;
}
PROCESS_BASIC_INFORMATION ProcBasic;
ULONG Done;
NtStatus = g_NtDllCalls.
NtQueryInformationProcess(Process, ProcessBasicInformation,
&ProcBasic, sizeof(ProcBasic), &Done);
if (!NT_SUCCESS(NtStatus))
{
Status = HRESULT_FROM_NT(NtStatus);
goto EH_Process;
}
if (Done != sizeof(ProcBasic))
{
Status = E_FAIL;
goto EH_Process;
}
if (ProcBasic.PebBaseAddress == 0)
{
// This process has no PEB so fake the description.
Status = FillStringBuffer(PEBLESS_PROCESS_NAME, 0,
ExeName, ExeNameSize, ActualExeNameSize);
FillStringBuffer("", 0,
Description, DescriptionSize, ActualDescriptionSize);
goto EH_Process;
}
PEB Peb;
SIZE_T DoneSize;
if (!::ReadProcessMemory(Process, ProcBasic.PebBaseAddress,
&Peb, sizeof(Peb), &DoneSize))
{
Status = WIN32_LAST_STATUS();
goto EH_Process;
}
if (DoneSize != sizeof(Peb))
{
Status = E_FAIL;
goto EH_Process;
}
RTL_USER_PROCESS_PARAMETERS Params;
if (!::ReadProcessMemory(Process, Peb.ProcessParameters,
&Params, sizeof(Params), &DoneSize))
{
Status = WIN32_LAST_STATUS();
goto EH_Process;
}
if (DoneSize != sizeof(Params))
{
Status = E_FAIL;
goto EH_Process;
}
if (Params.ImagePathName.Buffer != NULL)
{
PSTR AnsiImage, ImageName;
if ((Status = ConvertProcessUnicodeString(Process,
&Params.ImagePathName,
&AnsiImage)) != S_OK)
{
goto EH_Process;
}
if (Flags & DEBUG_PROC_DESC_NO_PATHS)
{
ImageName = strrchr(AnsiImage, '\\');
if (ImageName == NULL)
{
ImageName = strrchr(AnsiImage, '/');
}
if (ImageName == NULL)
{
ImageName = AnsiImage;
}
else
{
ImageName++;
}
}
else
{
ImageName = AnsiImage;
}
Status = FillStringBuffer(ImageName, 0,
ExeName, ExeNameSize, ActualExeNameSize);
delete AnsiImage;
}
else
{
Status = FillStringBuffer(SYSTEM_PROCESS_NAME, 0,
ExeName, ExeNameSize, ActualExeNameSize);
}
#ifndef NT_NATIVE
if ((Description && DescriptionSize) || ActualDescriptionSize)
{
BOOL Any = FALSE;
Status = NtGetProcessServiceNames(Status, ProcessId,
&Description, &DescriptionSize,
ActualDescriptionSize, &Any);
Status = NtGetProcessMtsPackageNames(Status, ProcessId,
&Description, &DescriptionSize,
ActualDescriptionSize, &Any);
if (!Any)
{
if (FillStringBuffer("", 0,
Description, DescriptionSize,
ActualDescriptionSize) == S_FALSE)
{
Status = S_FALSE;
}
}
}
else
#endif // #ifndef NT_NATIVE
{
FillStringBuffer("", 0,
Description, DescriptionSize, ActualDescriptionSize);
}
EH_Process:
g_NtDllCalls.NtClose(Process);
EH_Exit:
return Status;
}
HRESULT
W9xGetProcDesc(ULONG ProcessId, ULONG Flags,
PSTR ExeName, ULONG ExeNameSize, PULONG ActualExeNameSize,
PSTR Description, ULONG DescriptionSize,
PULONG ActualDescriptionSize)
{
#ifndef NT_NATIVE
HRESULT Status;
HANDLE Snap;
Snap = g_Kernel32Calls.CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (Snap == INVALID_HANDLE_VALUE)
{
return WIN32_LAST_STATUS();
}
BOOL First = TRUE;
Status = E_NOINTERFACE;
for (;;)
{
PROCESSENTRY32 Proc;
BOOL Succ;
Proc.dwSize = sizeof(Proc);
if (First)
{
Succ = g_Kernel32Calls.Process32First(Snap, &Proc);
First = FALSE;
}
else
{
Succ = g_Kernel32Calls.Process32Next(Snap, &Proc);
}
if (!Succ)
{
break;
}
if (Proc.th32ProcessID == ProcessId)
{
PSTR AnsiImage = Proc.szExeFile;
PSTR ImageName;
if (Flags & DEBUG_PROC_DESC_NO_PATHS)
{
ImageName = strrchr(AnsiImage, '\\');
if (ImageName == NULL)
{
ImageName = strrchr(AnsiImage, '/');
}
if (ImageName == NULL)
{
ImageName = AnsiImage;
}
else
{
ImageName++;
}
}
else
{
ImageName = AnsiImage;
}
Status = FillStringBuffer(ImageName, 0,
ExeName, ExeNameSize, ActualExeNameSize);
break;
}
}
CloseHandle(Snap);
// Win9x doesn't have services and we don't have to
// worry about IIS so there's currently nothing we provide
// as a description.
FillStringBuffer("", 0,
Description, DescriptionSize, ActualDescriptionSize);
return Status;
#else
return E_UNEXPECTED;
#endif
}
STDMETHODIMP
LiveUserDebugServices::GetProcessDescription(
THIS_
IN ULONG ProcessId,
IN ULONG Flags,
OUT OPTIONAL PSTR ExeName,
IN ULONG ExeNameSize,
OUT OPTIONAL PULONG ActualExeNameSize,
OUT OPTIONAL PSTR Description,
IN ULONG DescriptionSize,
OUT OPTIONAL PULONG ActualDescriptionSize
)
{
HRESULT Status;
// Allow privileged access.
if ((Status = EnableDebugPrivilege()) != S_OK)
{
return Status;
}
switch(m_PlatformId)
{
case VER_PLATFORM_WIN32_NT:
return NtGetProcDesc(ProcessId, Flags, ExeName, ExeNameSize,
ActualExeNameSize, Description, DescriptionSize,
ActualDescriptionSize);
case VER_PLATFORM_WIN32_WINDOWS:
return W9xGetProcDesc(ProcessId, Flags, ExeName, ExeNameSize,
ActualExeNameSize, Description, DescriptionSize,
ActualDescriptionSize);
default:
return E_UNEXPECTED;
}
}
HRESULT
InsertUserThread(PUSER_THREAD_INFO Threads, ULONG Index,
HRESULT Status, ULONG ThreadId, HANDLE ThreadHandle,
PUSER_THREAD_INFO PrevThreads, ULONG PrevInfoCount)
{
// Suspend the thread immediately to try and keep the
// process state as static as we can.
if (::SuspendThread(ThreadHandle) == -1)
{
Status = WIN32_LAST_STATUS();
::CloseHandle(ThreadHandle);
}
if (Status != S_OK)
{
while (Index-- > 0)
{
::ResumeThread(OS_HANDLE(Threads[Index].Handle));
::CloseHandle(OS_HANDLE(Threads[Index].Handle));
}
return Status;
}
Threads[Index].Handle = SERVICE_HANDLE(ThreadHandle);
Threads[Index].Id = ThreadId;
Threads[Index].Reserved = 0;
//
// Search for this thread in any previous information.
//
if (PrevThreads == NULL)
{
return S_OK;
}
ULONG i;
Status = S_FALSE;
for (i = 0; i < PrevInfoCount; i++)
{
if (PrevThreads[i].Id == ThreadId)
{
// Found a match.
Status = S_OK;
break;
}
}
return Status;
}
HRESULT
NtGetProcThreads(ULONG ProcessId, PUSER_THREAD_INFO Threads,
ULONG InfoCount, PULONG ThreadCount,
ULONG SysProcInfoSize,
PUSER_THREAD_INFO PrevThreads, ULONG PrevInfoCount)
{
HRESULT Status;
PSYSTEM_PROCESS_INFORMATION ProcessInfo, ProcInfoBuffer;
if ((Status = GetNtSystemProcessInformation(&ProcInfoBuffer)) != S_OK)
{
return Status;
}
ULONG TotalOffset;
ProcessInfo = ProcInfoBuffer;
TotalOffset = 0;
for (;;)
{
if (ProcessInfo->UniqueProcessId == (HANDLE)(ULONG_PTR)ProcessId ||
ProcessInfo->NextEntryOffset == 0)
{
break;
}
TotalOffset += ProcessInfo->NextEntryOffset;
ProcessInfo = (PSYSTEM_PROCESS_INFORMATION)
((PUCHAR)ProcInfoBuffer + TotalOffset);
}
if (ProcessInfo->UniqueProcessId == (HANDLE)(ULONG_PTR)ProcessId)
{
if (ThreadCount != NULL)
{
*ThreadCount = ProcessInfo->NumberOfThreads;
}
if (ProcessInfo->NumberOfThreads < InfoCount)
{
InfoCount = ProcessInfo->NumberOfThreads;
}
// If the last iteration returned a different number
// of threads there's a mismatch so we need to return S_FALSE.
Status = (PrevThreads != NULL &&
PrevInfoCount != ProcessInfo->NumberOfThreads) ?
S_FALSE : S_OK;
PSYSTEM_THREAD_INFORMATION ThreadInfo = (PSYSTEM_THREAD_INFORMATION)
((PUCHAR)ProcessInfo + SysProcInfoSize);
for (ULONG i = 0; i < InfoCount; i++)
{
NTSTATUS NtStatus;
OBJECT_ATTRIBUTES ObjAttr;
HANDLE Thread;
HRESULT SingleStatus;
InitializeObjectAttributes(&ObjAttr, NULL, 0, NULL, NULL);
NtStatus = g_NtDllCalls.
NtOpenThread(&Thread, THREAD_ALL_ACCESS, &ObjAttr,
&ThreadInfo->ClientId);
SingleStatus = InsertUserThread
(Threads, i, CONV_NT_STATUS(NtStatus),
(ULONG)(ULONG_PTR)ThreadInfo->ClientId.UniqueThread,
Thread, PrevThreads, PrevInfoCount);
if (SingleStatus == S_FALSE)
{
// Inserted thread didn't match so return S_FALSE.
Status = S_FALSE;
}
else if (SingleStatus != S_OK)
{
Status = SingleStatus;
break;
}
ThreadInfo++;
}
}
else
{
Status = E_NOINTERFACE;
}
SIZE_T MemSize;
g_NtDllCalls.NtFreeVirtualMemory(NtCurrentProcess(),
(PVOID*)&ProcInfoBuffer, &MemSize,
MEM_RELEASE);
return Status;
}
// These functions are in the minidump library and are
// not really public functions, but we need them so
// just extern them here.
#ifdef _X86_
extern "C" BOOL WinInitialize(void);
extern "C" HANDLE WINAPI WinOpenThread(DWORD dwAccess, BOOL bInheritHandle,
DWORD ThreadId);
#else
#define WinInitialize() FALSE
#define WinOpenThread(dwAccess, bInheritHandle, ThreadId) NULL
#endif
HRESULT
W9xGetProcThreads(ULONG ProcessId, PUSER_THREAD_INFO Threads,
ULONG InfoCount, PULONG ThreadCount,
PUSER_THREAD_INFO PrevThreads, ULONG PrevInfoCount)
{
#ifndef NT_NATIVE
HRESULT Status;
HANDLE Snap;
if (!WinInitialize())
{
return WIN32_LAST_STATUS();
}
Snap = g_Kernel32Calls.CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD,
ProcessId);
if (Snap == INVALID_HANDLE_VALUE)
{
return WIN32_LAST_STATUS();
}
BOOL First = TRUE;
ULONG NumThreads = 0;
Status = S_OK;
for (;;)
{
THREADENTRY32 Thread;
BOOL Succ;
Thread.dwSize = sizeof(Thread);
if (First)
{
Succ = g_Kernel32Calls.Thread32First(Snap, &Thread);
First = FALSE;
}
else
{
Succ = g_Kernel32Calls.Thread32Next(Snap, &Thread);
}
if (!Succ)
{
break;
}
if (Thread.th32OwnerProcessID == ProcessId)
{
if (NumThreads < InfoCount)
{
HRESULT SingleStatus;
HANDLE Handle = WinOpenThread(THREAD_ALL_ACCESS, FALSE,
Thread.th32ThreadID);
SingleStatus = InsertUserThread
(Threads, NumThreads, CONV_W32_STATUS(Handle != NULL),
Thread.th32ThreadID, Handle, PrevThreads, PrevInfoCount);
if (SingleStatus == S_FALSE)
{
// Inserted thread didn't match so return S_FALSE.
Status = S_FALSE;
}
else if (SingleStatus != S_OK)
{
Status = SingleStatus;
break;
}
}
NumThreads++;
}
}
if (ThreadCount != NULL)
{
*ThreadCount = NumThreads;
}
if (Status == S_OK)
{
// If no threads were found the process must be invalid.
if (NumThreads == 0)
{
Status = E_NOINTERFACE;
}
else if (PrevThreads != NULL && NumThreads != PrevInfoCount)
{
// Thread count didn't match so return S_FALSE.
Status = S_FALSE;
}
}
CloseHandle(Snap);
return Status;
#else
return E_UNEXPECTED;
#endif
}
STDMETHODIMP
LiveUserDebugServices::GetProcessInfo(
THIS_
IN ULONG ProcessId,
OUT OPTIONAL PULONG64 Handle,
OUT OPTIONAL /* size_is(InfoCount) */ PUSER_THREAD_INFO Threads,
IN ULONG InfoCount,
OUT OPTIONAL PULONG ThreadCount
)
{
HANDLE Process;
HRESULT Status;
// Enable the privilege that allows the user to debug
// another process.
if ((Status = EnableDebugPrivilege()) != S_OK)
{
return Status;
}
if (Handle != NULL)
{
// This should always be a real process ID so there's
// no need to look for the special CSR value.
Process = ::OpenProcess(PROCESS_ALL_ACCESS, 0, ProcessId);
if (Process == NULL)
{
return WIN32_LAST_STATUS();
}
*Handle = SERVICE_HANDLE(Process);
}
else
{
Process = NULL;
}
if (Threads != NULL || ThreadCount != NULL)
{
PUSER_THREAD_INFO PrevThreads;
ULONG PrevInfoCount;
ULONG _ThreadCount;
//
// We need to enumerate the threads in the process.
// This is a difficult thing to get right as
// the thread state for the process can continuously
// change. In order to try and get a clean snapshot
// of the thread state we iteratively enumerate until
// we get two consecutive snapshots that match.
//
// We suspend enumerated threads immediately to
// reduce churn from inside the process itself.
// We can't do anything about external processes so
// the enumeration could still get stale right after
// we return but by stopping everything in the process
// itself we do what we can.
//
// If the caller is just getting the count and
// not the actual thread information we don't bother
// iterating as there's no expectation that the
// thread state will be the same from one call to
// the next so there's no need to do the extra work.
//
if (Threads != NULL)
{
// Allocate an array to hold previous results. This
// can always be the same size as the return array
// because if there are more threads than can fit in
// the return array the snapshot will be wrong anyway
// so we just return without doing comparisons.
PrevThreads = new USER_THREAD_INFO[InfoCount];
if (PrevThreads == NULL)
{
Status = E_OUTOFMEMORY;
goto EH_CloseProc;
}
}
else
{
PrevThreads = NULL;
}
PrevInfoCount = 0;
for (;;)
{
switch(m_PlatformId)
{
case VER_PLATFORM_WIN32_NT:
Status = NtGetProcThreads(ProcessId, Threads, InfoCount,
&_ThreadCount, m_SysProcInfoSize,
PrevThreads, PrevInfoCount);
break;
case VER_PLATFORM_WIN32_WINDOWS:
Status = W9xGetProcThreads(ProcessId, Threads, InfoCount,
&_ThreadCount, PrevThreads,
PrevInfoCount);
break;
default:
Status = E_UNEXPECTED;
break;
}
//
// We can clean up any previous information now.
//
ULONG i;
for (i = 0; i < PrevInfoCount; i++)
{
::ResumeThread(OS_HANDLE(PrevThreads[i].Handle));
::CloseHandle(OS_HANDLE(PrevThreads[i].Handle));
}
if (Status != S_FALSE ||
_ThreadCount > InfoCount)
{
// The snapshot either matched the previous
// snapshot or there was an error. Also,
// if the snapshot overflowed the return array
// quit and give the caller the option of
// calling again when they notice they didn't
// get a complete snapshot.
break;
}
// There was a snapshot mismatch so loop again
// with this snapshot as the previous data.
PrevInfoCount = _ThreadCount;
if (PrevInfoCount > InfoCount)
{
PrevInfoCount = InfoCount;
}
RtlCopyMemory(PrevThreads, Threads,
PrevInfoCount * sizeof(*PrevThreads));
}
if (ThreadCount != NULL)
{
*ThreadCount = _ThreadCount;
}
delete PrevThreads;
EH_CloseProc:
if (Status != S_OK && Process != NULL)
{
::CloseHandle(Process);
}
}
else
{
Status = S_OK;
}
return Status;
}
HRESULT
ProcessIdToHandle(ULONG ProcessId, PHANDLE Process)
{
if (ProcessId == CSRSS_PROCESS_ID)
{
if (g_NtDllCalls.CsrGetProcessId != NULL)
{
ProcessId = (ULONG)(ULONG_PTR)g_NtDllCalls.CsrGetProcessId();
}
else
{
*Process = NULL;
return S_OK;
}
}
*Process = ::OpenProcess(PROCESS_ALL_ACCESS, 0, ProcessId);
if (*Process == NULL)
{
return WIN32_LAST_STATUS();
}
return S_OK;
}
NTSTATUS
CreateDebugObject(PHANDLE Object)
{
if (*Object != NULL)
{
return STATUS_SUCCESS;
}
OBJECT_ATTRIBUTES Attr;
InitializeObjectAttributes(&Attr, NULL, 0, NULL, g_AllAccessSecDesc);
return g_NtDllCalls.NtCreateDebugObject(Object, DEBUG_ALL_ACCESS,
&Attr, DEBUG_KILL_ON_CLOSE);
}
HRESULT
LiveUserDebugServices::SysGetProcessOptions(HANDLE Process, PULONG Options)
{
NTSTATUS NtStatus;
ULONG Flags;
if (m_PlatformId == VER_PLATFORM_WIN32_NT)
{
NtStatus = g_NtDllCalls.
NtQueryInformationProcess(Process, ProcessDebugFlags,
&Flags, sizeof(Flags), NULL);
}
else
{
NtStatus = STATUS_INVALID_INFO_CLASS;
}
if (NtStatus == STATUS_INVALID_INFO_CLASS)
{
// The system doesn't support control over the
// debug flags. In the attach case this means
// the flags will be DEBUG_ONLY_THIS_PROCESS.
*Options = DEBUG_PROCESS_ONLY_THIS_PROCESS;
NtStatus = STATUS_SUCCESS;
}
else if (NT_SUCCESS(NtStatus))
{
*Options = 0;
if ((Flags & PROCESS_DEBUG_INHERIT) == 0)
{
*Options = DEBUG_PROCESS_ONLY_THIS_PROCESS;
}
}
return CONV_NT_STATUS(NtStatus);
}
HRESULT
LiveUserDebugServices::OpenDebugActiveProcess(ULONG ProcessId,
HANDLE Process)
{
if (m_PlatformId != VER_PLATFORM_WIN32_NT ||
!m_UseDebugObject)
{
return E_NOTIMPL;
}
// We're going to open the process's existing debug
// object and use it so we can't already have a debug object.
if (Process == NULL || m_DebugObject != NULL)
{
return E_UNEXPECTED;
}
NTSTATUS NtStatus;
NtStatus = g_NtDllCalls.
NtQueryInformationProcess(Process, ProcessDebugObjectHandle,
&m_DebugObject, sizeof(m_DebugObject), NULL);
if (!NT_SUCCESS(NtStatus))
{
return HRESULT_FROM_NT(NtStatus);
}
return S_OK;
}
HRESULT
LiveUserDebugServices::CreateDebugActiveProcess(ULONG ProcessId,
HANDLE Process)
{
if (m_UseDebugObject)
{
if (Process == NULL)
{
return E_FAIL;
}
if (g_NtDllCalls.NtDebugActiveProcess == NULL)
{
return E_NOTIMPL;
}
NTSTATUS NtStatus;
NtStatus = CreateDebugObject(&m_DebugObject);
if (NT_SUCCESS(NtStatus))
{
NtStatus = g_NtDllCalls.NtDebugActiveProcess(Process,
m_DebugObject);
if (NT_SUCCESS(NtStatus))
{
g_NtDllCalls.DbgUiIssueRemoteBreakin(Process);
}
}
if (!NT_SUCCESS(NtStatus))
{
return HRESULT_FROM_NT(NtStatus);
}
}
#ifndef NT_NATIVE
else if (!::DebugActiveProcess(ProcessId))
{
return WIN32_LAST_STATUS();
}
#else
else
{
return E_UNEXPECTED;
}
#endif
return S_OK;
}
STDMETHODIMP
LiveUserDebugServices::AttachProcess(
THIS_
IN ULONG ProcessId,
IN ULONG AttachFlags,
OUT PULONG64 ProcessHandle,
OUT PULONG ProcessOptions
)
{
HRESULT Status;
// Enable the privilege that allows the user to debug
// another process.
if ((Status = EnableDebugPrivilege()) != S_OK)
{
return Status;
}
HANDLE Process;
if (ProcessId == CSRSS_PROCESS_ID)
{
CloseProfileUserMapping();
}
if ((Status = ProcessIdToHandle(ProcessId, &Process)) != S_OK)
{
return Status;
}
if ((Status = SysGetProcessOptions(Process, ProcessOptions)) != S_OK)
{
if (Process != NULL)
{
::CloseHandle(Process);
}
return Status;
}
if (AttachFlags & DEBUG_ATTACH_EXISTING)
{
Status = OpenDebugActiveProcess(ProcessId, Process);
}
else
{
Status = CreateDebugActiveProcess(ProcessId, Process);
}
if (Status != S_OK)
{
if (Process != NULL)
{
::CloseHandle(Process);
}
return Status;
}
*ProcessHandle = SERVICE_HANDLE(Process);
return S_OK;
}
STDMETHODIMP
LiveUserDebugServices::DetachProcess(
THIS_
IN ULONG ProcessId
)
{
HRESULT Status;
//
// A ProcessId of zero means that the caller is just
// checking for detach support and no actual detach
// should occur.
//
if (m_UseDebugObject)
{
if (g_NtDllCalls.NtRemoveProcessDebug == NULL)
{
return E_NOTIMPL;
}
// Check for the query before checking the debug
// object as the query may come in early.
if (ProcessId == 0)
{
return S_OK;
}
if (m_DebugObject == NULL)
{
return E_UNEXPECTED;
}
HANDLE Process;
if ((Status = ProcessIdToHandle(ProcessId, &Process)) != S_OK)
{
return Status;
}
if (Process == NULL)
{
return E_FAIL;
}
NTSTATUS NtStatus;
NtStatus = g_NtDllCalls.
NtRemoveProcessDebug(Process, m_DebugObject);
Status = CONV_NT_STATUS(NtStatus);
::CloseHandle(Process);
}
else
{
if (g_Kernel32Calls.DebugActiveProcessStop == NULL)
{
return E_NOTIMPL;
}
if (ProcessId == 0)
{
return S_OK;
}
if (!g_Kernel32Calls.DebugActiveProcessStop(ProcessId))
{
return WIN32_LAST_STATUS();
}
}
return S_OK;
}
#ifdef NT_NATIVE
NTSTATUS
NtSimpleCreateProcess(PCSTR CommandLine, ULONG CreateFlags,
HANDLE DebugObject, PPROCESS_INFORMATION RetInfo)
{
NTSTATUS Status;
ANSI_STRING Ansi;
UNICODE_STRING RawAppName, AppName;
UNICODE_STRING WideCmdLine;
PRTL_USER_PROCESS_PARAMETERS Params;
RTL_USER_PROCESS_INFORMATION Info;
if (CreateFlags & DEBUG_ONLY_THIS_PROCESS)
{
// The hacked way of controlling debug inheritance
// is via the low bit of the debug object handle.
// If the bit is set it means do not inherit.
DebugObject = (HANDLE)((ULONG_PTR)DebugObject | 1);
}
//
// This is a simple interface, so assume the first
// space-delimited token is the executable to run.
//
PCSTR ExeStart, ExeEnd;
ExeStart = CommandLine;
while (*ExeStart == ' ' || *ExeStart == '\t')
{
ExeStart++;
}
if (*ExeStart == 0)
{
return STATUS_INVALID_PARAMETER;
}
ExeEnd = ExeStart;
while (*ExeEnd && !(*ExeEnd == ' ' || *ExeEnd == '\t'))
{
ExeEnd++;
}
Ansi.Buffer = (PSTR)ExeStart;
Ansi.Length = (USHORT)(ExeEnd - ExeStart);
Ansi.MaximumLength = Ansi.Length;
Status = RtlAnsiStringToUnicodeString(&RawAppName, &Ansi, TRUE);
if (!NT_SUCCESS(Status))
{
return Status;
}
Status = RtlDosPathNameToNtPathName_U(RawAppName.Buffer, &AppName,
NULL, NULL);
if (!NT_SUCCESS(Status))
{
goto EH_RawAppName;
}
RtlInitAnsiString(&Ansi, CommandLine);
Status = RtlAnsiStringToUnicodeString(&WideCmdLine, &Ansi, TRUE);
if (!NT_SUCCESS(Status))
{
goto EH_AppName;
}
Status = RtlCreateProcessParameters(&Params, &AppName, NULL, NULL,
&WideCmdLine, NULL, NULL, NULL,
NULL, NULL);
if (!NT_SUCCESS(Status))
{
goto EH_WideCmdLine;
}
Info.Length = sizeof(Info);
Status = RtlCreateUserProcess(&AppName, OBJ_CASE_INSENSITIVE,
Params, NULL, NULL, NULL, FALSE,
DebugObject, NULL, &Info);
RtlDestroyProcessParameters(Params);
if (NT_SUCCESS(Status))
{
RetInfo->dwProcessId = HandleToUlong(Info.ClientId.UniqueProcess);
RetInfo->dwThreadId = HandleToUlong(Info.ClientId.UniqueThread);
RetInfo->hProcess = Info.Process;
RetInfo->hThread = Info.Thread;
if ((CreateFlags & CREATE_SUSPENDED) == 0)
{
NtResumeThread(Info.Thread, NULL);
}
}
EH_WideCmdLine:
RtlFreeUnicodeString(&WideCmdLine);
EH_AppName:
RtlFreeUnicodeString(&AppName);
EH_RawAppName:
RtlFreeUnicodeString(&RawAppName);
return Status;
}
#endif // #ifdef NT_NATIVE
#define DHEAP_ENV "_NO_DEBUG_HEAP"
STDMETHODIMP
LiveUserDebugServices::CreateProcess(
THIS_
IN PSTR CommandLine,
IN ULONG CreateFlags,
OUT PULONG ProcessId,
OUT PULONG ThreadId,
OUT PULONG64 ProcessHandle,
OUT PULONG64 ThreadHandle
)
{
HRESULT Status;
// Enable the privilege that allows the user to debug
// another process.
if ((Status = EnableDebugPrivilege()) != S_OK)
{
return Status;
}
// The system looks at the environment variable
// _NO_DEBUG_HEAP to determine whether the new
// process should use the debug heap or not. If
// the caller has requested the normal heap
// set this environment variable so that it's
// inherited.
if (CreateFlags & DEBUG_CREATE_PROCESS_NO_DEBUG_HEAP)
{
::SetEnvironmentVariable(DHEAP_ENV, "1");
// Turn off this flag since it's not meaningful
// to CreateProcess itself.
CreateFlags &= ~DEBUG_CREATE_PROCESS_NO_DEBUG_HEAP;
}
PROCESS_INFORMATION ProcInfo;
#ifndef NT_NATIVE
HANDLE OldDebugObject;
BOOL SetOldDebugObject = FALSE;
Status = S_OK;
if (m_UseDebugObject)
{
//
// Set up this thread's debug object to the one that
// we're using so that our debug object is used when
// debugging the new process. This lets us continue
// to use the normal Win32 CreateProcess call rather
// than trying to go through NtCreateProcessEx and
// guarantees we get all the Win32 process creation logic.
//
if (g_NtDllCalls.DbgUiSetThreadDebugObject == NULL)
{
Status = E_NOTIMPL;
}
else
{
NTSTATUS NtStatus;
OldDebugObject = g_NtDllCalls.DbgUiGetThreadDebugObject();
NtStatus = CreateDebugObject(&m_DebugObject);
if (NT_SUCCESS(NtStatus))
{
g_NtDllCalls.DbgUiSetThreadDebugObject(m_DebugObject);
SetOldDebugObject = TRUE;
}
else
{
Status = HRESULT_FROM_NT(NtStatus);
}
}
}
if (Status == S_OK)
{
STARTUPINFO StartupInfo;
ZeroMemory(&StartupInfo, sizeof(StartupInfo));
StartupInfo.cb = sizeof(StartupInfo);
if (!::CreateProcess(NULL, CommandLine, NULL, NULL, TRUE,
CreateFlags, NULL, NULL,
&StartupInfo, &ProcInfo))
{
Status = WIN32_LAST_STATUS();
}
else
{
Status = S_OK;
}
}
if (SetOldDebugObject)
{
g_NtDllCalls.DbgUiSetThreadDebugObject(OldDebugObject);
}
#else // #ifndef NT_NATIVE
if (!m_UseDebugObject)
{
Status = E_UNEXPECTED;
}
else
{
NTSTATUS NtStatus;
NtStatus = CreateDebugObject(&m_DebugObject);
if (NT_SUCCESS(NtStatus))
{
NtStatus = NtSimpleCreateProcess(CommandLine, CreateFlags,
m_DebugObject, &ProcInfo);
}
Status = CONV_NT_STATUS(NtStatus);
}
#endif // #ifndef NT_NATIVE
// Clear the special debug heap variable so it
// isn't inadvertently used somewhere else.
::SetEnvironmentVariable(DHEAP_ENV, NULL);
if (Status == S_OK)
{
*ProcessId = ProcInfo.dwProcessId;
*ThreadId = ProcInfo.dwThreadId;
*ProcessHandle = SERVICE_HANDLE(ProcInfo.hProcess);
*ThreadHandle = SERVICE_HANDLE(ProcInfo.hThread);
}
return Status;
}
STDMETHODIMP
LiveUserDebugServices::TerminateProcess(
THIS_
IN ULONG64 Process,
IN ULONG ExitCode
)
{
if (!::TerminateProcess(OS_HANDLE(Process), ExitCode))
{
return WIN32_LAST_STATUS();
}
return S_OK;
}
STDMETHODIMP
LiveUserDebugServices::AbandonProcess(
THIS_
IN ULONG64 Process
)
{
HRESULT Status;
//
// In order to abandon a process but still leave it
// as being debugged we need to get the process's
// debug object and duplicate it into the debuggee
// process. This gives the debuggee process itself
// a reference to its debug object, creating a circle
// that will keep the process alive and in the debugged
// state.
//
// This circular reference will also mean that the
// process must be manually killed. This may be
// something interesting to address at some point.
//
if (m_DebugObject == NULL)
{
return E_NOTIMPL;
}
HANDLE Dup;
if (!::DuplicateHandle(GetCurrentProcess(), m_DebugObject,
OS_HANDLE(Process), &Dup, 0, FALSE,
DUPLICATE_SAME_ACCESS))
{
return WIN32_LAST_STATUS();
}
return S_OK;
}
STDMETHODIMP
LiveUserDebugServices::GetProcessExitCode(
THIS_
IN ULONG64 Process,
OUT PULONG ExitCode
)
{
if (!::GetExitCodeProcess(OS_HANDLE(Process), ExitCode))
{
return WIN32_LAST_STATUS();
}
return *ExitCode == STILL_ACTIVE ? S_FALSE : S_OK;
}
STDMETHODIMP
LiveUserDebugServices::CloseHandle(
THIS_
IN ULONG64 Handle
)
{
if (Handle == 0)
{
return S_FALSE;
}
if (!::CloseHandle(OS_HANDLE(Handle)))
{
return WIN32_LAST_STATUS();
}
return S_OK;
}
STDMETHODIMP
LiveUserDebugServices::SetProcessOptions(
THIS_
IN ULONG64 Process,
IN ULONG Options
)
{
if (m_PlatformId != VER_PLATFORM_WIN32_NT)
{
return E_NOTIMPL;
}
NTSTATUS NtStatus;
ULONG NtFlags = 0;
if ((Options & DEBUG_PROCESS_ONLY_THIS_PROCESS) == 0)
{
NtFlags |= PROCESS_DEBUG_INHERIT;
}
NtStatus = g_NtDllCalls.
NtSetInformationProcess(OS_HANDLE(Process), ProcessDebugFlags,
&NtFlags, sizeof(NtFlags));
if (NtStatus == STATUS_INVALID_INFO_CLASS)
{
return E_NOTIMPL;
}
else
{
return CONV_NT_STATUS(NtStatus);
}
}
STDMETHODIMP
LiveUserDebugServices::SetDebugObjectOptions(
THIS_
IN ULONG64 DebugObject,
IN ULONG Options
)
{
if (DebugObject == 0)
{
if (m_DebugObject == NULL)
{
if (g_Kernel32Calls.DebugSetProcessKillOnExit == NULL)
{
return E_NOTIMPL;
}
if (!g_Kernel32Calls.
DebugSetProcessKillOnExit((Options &
DEBUG_PROCESS_DETACH_ON_EXIT) == 0))
{
return WIN32_LAST_STATUS();
}
return S_OK;
}
DebugObject = SERVICE_HANDLE(m_DebugObject);
}
if (g_NtDllCalls.NtSetInformationDebugObject == NULL)
{
return E_NOTIMPL;
}
NTSTATUS NtStatus;
ULONG NtFlags = 0;
if ((Options & DEBUG_PROCESS_DETACH_ON_EXIT) == 0)
{
NtFlags |= DEBUG_KILL_ON_CLOSE;
}
NtStatus = g_NtDllCalls.
NtSetInformationDebugObject(OS_HANDLE(DebugObject), DebugObjectFlags,
&NtFlags, sizeof(NtFlags), NULL);
return CONV_NT_STATUS(NtStatus);
}
STDMETHODIMP
LiveUserDebugServices::GetProcessDebugObject(
THIS_
IN ULONG64 Process,
OUT PULONG64 DebugObject
)
{
if (m_PlatformId != VER_PLATFORM_WIN32_NT)
{
return E_NOTIMPL;
}
NTSTATUS NtStatus;
HANDLE ObjHandle;
NtStatus = g_NtDllCalls.
NtQueryInformationProcess(OS_HANDLE(Process), ProcessDebugObjectHandle,
&ObjHandle, sizeof(ObjHandle), NULL);
if (!NT_SUCCESS(NtStatus))
{
return HRESULT_FROM_NT(NtStatus);
}
*DebugObject = SERVICE_HANDLE(ObjHandle);
return S_OK;
}
STDMETHODIMP
LiveUserDebugServices::DuplicateHandle(
THIS_
IN ULONG64 InProcess,
IN ULONG64 InHandle,
IN ULONG64 OutProcess,
IN ULONG DesiredAccess,
IN ULONG Inherit,
IN ULONG Options,
OUT PULONG64 OutHandle
)
{
HANDLE Dup;
if (!::DuplicateHandle(OS_HANDLE(InProcess), OS_HANDLE(InHandle),
OS_HANDLE(OutProcess), &Dup,
DesiredAccess, Inherit, Options))
{
return WIN32_LAST_STATUS();
}
*OutHandle = SERVICE_HANDLE(Dup);
return S_OK;
}
STDMETHODIMP
LiveUserDebugServices::ReadVirtual(
THIS_
IN ULONG64 Process,
IN ULONG64 Offset,
OUT PVOID Buffer,
IN ULONG BufferSize,
OUT OPTIONAL PULONG BytesRead
)
{
SIZE_T SizeRead;
if (!::ReadProcessMemory(OS_HANDLE(Process),
(LPCVOID)(ULONG_PTR)Offset,
Buffer, BufferSize, &SizeRead))
{
return WIN32_LAST_STATUS();
}
if (BytesRead != NULL)
{
*BytesRead = (ULONG)SizeRead;
}
return S_OK;
}
STDMETHODIMP
LiveUserDebugServices::WriteVirtual(
THIS_
IN ULONG64 Process,
IN ULONG64 Offset,
IN PVOID Buffer,
IN ULONG BufferSize,
OUT OPTIONAL PULONG BytesWritten
)
{
SIZE_T SizeWritten;
if (!::WriteProcessMemory(OS_HANDLE(Process),
(LPVOID)(ULONG_PTR)Offset,
Buffer, BufferSize, &SizeWritten))
{
return WIN32_LAST_STATUS();
}
if (BytesWritten != NULL)
{
*BytesWritten = (ULONG)SizeWritten;
}
return S_OK;
}
STDMETHODIMP
LiveUserDebugServices::QueryVirtual(
THIS_
IN ULONG64 Process,
IN ULONG64 Offset,
OUT PVOID Buffer,
IN ULONG BufferSize,
OUT OPTIONAL PULONG BufferUsed
)
{
if (BufferSize < sizeof(MEMORY_BASIC_INFORMATION))
{
return E_INVALIDARG;
}
if (BufferUsed != NULL)
{
*BufferUsed = sizeof(MEMORY_BASIC_INFORMATION);
}
if (!::VirtualQueryEx(OS_HANDLE(Process),
(LPCVOID)(ULONG_PTR)Offset,
(PMEMORY_BASIC_INFORMATION)Buffer,
sizeof(MEMORY_BASIC_INFORMATION)))
{
return WIN32_LAST_STATUS();
}
return S_OK;
}
STDMETHODIMP
LiveUserDebugServices::ProtectVirtual(
THIS_
IN ULONG64 Process,
IN ULONG64 Offset,
IN ULONG64 Size,
IN ULONG NewProtect,
OUT PULONG OldProtect
)
{
BOOL Status = ::VirtualProtectEx(OS_HANDLE(Process),
(PVOID)(ULONG_PTR)Offset, (SIZE_T)Size,
NewProtect, OldProtect);
return CONV_W32_STATUS(Status);
}
STDMETHODIMP
LiveUserDebugServices::AllocVirtual(
THIS_
IN ULONG64 Process,
IN ULONG64 Offset,
IN ULONG64 Size,
IN ULONG Type,
IN ULONG Protect,
OUT PULONG64 AllocOffset
)
{
PVOID Addr = ::VirtualAllocEx(OS_HANDLE(Process), (PVOID)(ULONG_PTR)Offset,
(SIZE_T)Size, Type, Protect);
if (Addr == NULL)
{
return WIN32_LAST_STATUS();
}
*AllocOffset = (ULONG64)(LONG64)(ULONG_PTR)Addr;
return S_OK;
}
STDMETHODIMP
LiveUserDebugServices::FreeVirtual(
THIS_
IN ULONG64 Process,
IN ULONG64 Offset,
IN ULONG64 Size,
IN ULONG Type
)
{
BOOL Status = ::VirtualFreeEx(OS_HANDLE(Process), (PVOID)(ULONG_PTR)Offset,
(SIZE_T)Size, Type);
return CONV_W32_STATUS(Status);
}
STDMETHODIMP
LiveUserDebugServices::ReadHandleData(
THIS_
IN ULONG64 Process,
IN ULONG64 Handle,
IN ULONG DataType,
OUT OPTIONAL PVOID Buffer,
IN ULONG BufferSize,
OUT OPTIONAL PULONG DataSize
)
{
if (m_PlatformId != VER_PLATFORM_WIN32_NT)
{
return E_NOTIMPL;
}
HANDLE Dup = NULL;
if (DataType != DEBUG_HANDLE_DATA_TYPE_HANDLE_COUNT &&
!::DuplicateHandle(OS_HANDLE(Process), OS_HANDLE(Handle),
GetCurrentProcess(), &Dup, 0, FALSE,
DUPLICATE_SAME_ACCESS))
{
return WIN32_LAST_STATUS();
}
ULONG64 NtBuffer[1024 / sizeof(ULONG64)];
ULONG Used = 0;
NTSTATUS NtStatus;
HRESULT Status = S_OK;
switch(DataType)
{
case DEBUG_HANDLE_DATA_TYPE_BASIC:
Used = sizeof(DEBUG_HANDLE_DATA_BASIC);
if (Buffer == NULL)
{
break;
}
if (BufferSize < Used)
{
Status = E_INVALIDARG;
break;
}
POBJECT_BASIC_INFORMATION NtBasic;
NtBasic = (POBJECT_BASIC_INFORMATION)NtBuffer;
NtStatus = g_NtDllCalls.NtQueryObject(Dup, ObjectBasicInformation,
NtBasic, sizeof(*NtBasic), NULL);
if (!NT_SUCCESS(NtStatus))
{
Status = HRESULT_FROM_NT(NtStatus);
break;
}
PDEBUG_HANDLE_DATA_BASIC Basic;
Basic = (PDEBUG_HANDLE_DATA_BASIC)Buffer;
Basic->TypeNameSize = NtBasic->TypeInfoSize / sizeof(WCHAR);
Basic->ObjectNameSize = NtBasic->NameInfoSize / sizeof(WCHAR);
Basic->Attributes = NtBasic->Attributes;
Basic->GrantedAccess = NtBasic->GrantedAccess;
Basic->HandleCount = NtBasic->HandleCount;
Basic->PointerCount = NtBasic->PointerCount;
break;
case DEBUG_HANDLE_DATA_TYPE_TYPE_NAME:
POBJECT_TYPE_INFORMATION NtType;
NtType = (POBJECT_TYPE_INFORMATION)NtBuffer;
NtStatus = g_NtDllCalls.NtQueryObject(Dup, ObjectTypeInformation,
NtType, sizeof(NtBuffer), NULL);
if (!NT_SUCCESS(NtStatus))
{
Status = HRESULT_FROM_NT(NtStatus);
break;
}
if (NtType->TypeName.Buffer == NULL)
{
Used = 1;
if (Buffer != NULL && BufferSize > 0)
{
*(PCHAR)Buffer = 0;
}
break;
}
Used = NtType->TypeName.Length / sizeof(WCHAR) + 1;
NtType->TypeName.Buffer[Used - 1] = 0;
if (Buffer != NULL &&
WideCharToMultiByte(CP_ACP, 0, NtType->TypeName.Buffer,
-1, (LPSTR)Buffer, BufferSize,
NULL, NULL) == 0)
{
Status = WIN32_LAST_STATUS();
break;
}
break;
case DEBUG_HANDLE_DATA_TYPE_OBJECT_NAME:
POBJECT_NAME_INFORMATION NtName;
NtName = (POBJECT_NAME_INFORMATION)NtBuffer;
NtStatus = g_NtDllCalls.NtQueryObject(Dup, ObjectNameInformation,
NtName, sizeof(NtBuffer), NULL);
if (!NT_SUCCESS(NtStatus))
{
Status = HRESULT_FROM_NT(NtStatus);
break;
}
if (NtName->Name.Buffer == NULL)
{
Used = 1;
if (Buffer != NULL && BufferSize > 0)
{
*(PCHAR)Buffer = 0;
}
break;
}
Used = NtName->Name.Length / sizeof(WCHAR) + 1;
NtName->Name.Buffer[Used - 1] = 0;
if (Buffer != NULL &&
WideCharToMultiByte(CP_ACP, 0, NtName->Name.Buffer,
-1, (LPSTR)Buffer, BufferSize,
NULL, NULL) == 0)
{
Status = WIN32_LAST_STATUS();
break;
}
break;
case DEBUG_HANDLE_DATA_TYPE_HANDLE_COUNT:
NtStatus = g_NtDllCalls.
NtQueryInformationProcess(OS_HANDLE(Process), ProcessHandleCount,
Buffer, BufferSize, &Used);
if (!NT_SUCCESS(NtStatus))
{
Status = HRESULT_FROM_NT(NtStatus);
}
break;
}
if (DataSize != NULL)
{
*DataSize = Used;
}
if (Dup != NULL)
{
::CloseHandle(Dup);
}
return Status;
}
STDMETHODIMP
LiveUserDebugServices::SuspendThreads(
THIS_
IN ULONG Count,
IN /* size_is(Count) */ PULONG64 Threads,
OUT OPTIONAL /* size_is(Count) */ PULONG SuspendCounts
)
{
ULONG i;
HRESULT Status;
Status = S_OK;
for (i = 0; i < Count; i++)
{
ULONG OldCount = ::SuspendThread(OS_HANDLE(Threads[i]));
if (OldCount == -1)
{
Status = WIN32_LAST_STATUS();
}
if (SuspendCounts != NULL)
{
SuspendCounts[i] = OldCount + 1;
}
}
return Status;
}
STDMETHODIMP
LiveUserDebugServices::ResumeThreads(
THIS_
IN ULONG Count,
IN /* size_is(Count) */ PULONG64 Threads,
OUT OPTIONAL /* size_is(Count) */ PULONG SuspendCounts
)
{
ULONG i;
HRESULT Status;
Status = S_OK;
for (i = 0; i < Count; i++)
{
ULONG OldCount = ::ResumeThread(OS_HANDLE(Threads[i]));
if (OldCount == -1)
{
Status = WIN32_LAST_STATUS();
}
if (SuspendCounts != NULL)
{
SuspendCounts[i] = OldCount - 1;
}
}
return Status;
}
STDMETHODIMP
LiveUserDebugServices::GetContext(
THIS_
IN ULONG64 Thread,
IN ULONG Flags,
IN ULONG FlagsOffset,
OUT PVOID Context,
IN ULONG ContextSize,
OUT OPTIONAL PULONG ContextUsed
)
{
if (ContextSize < m_ContextSize)
{
return E_INVALIDARG;
}
if (ContextUsed != NULL)
{
*ContextUsed = m_ContextSize;
}
// Some platforms have alignment requirements for
// context information, so just get data into a
// local context structure, which presumably the
// compiler will properly align, and then copy
// it into the output buffer.
#ifndef _X86_
CONTEXT _LocalContext;
PCONTEXT LocalContext = &_LocalContext;
#else
PCONTEXT LocalContext = (PCONTEXT)Context;
#endif
// Initialize context flags here rather than making Context
// IN OUT to avoid sending a full CONTEXT just for a
// ULONG's worth of flags.
*(PULONG)((PUCHAR)LocalContext + FlagsOffset) = Flags;
if (!::GetThreadContext(OS_HANDLE(Thread), LocalContext))
{
return WIN32_LAST_STATUS();
}
#ifndef _X86_
memcpy(Context, LocalContext, m_ContextSize);
#endif
return S_OK;
}
STDMETHODIMP
LiveUserDebugServices::SetContext(
THIS_
IN ULONG64 Thread,
IN PVOID Context,
IN ULONG ContextSize,
OUT OPTIONAL PULONG ContextUsed
)
{
if (ContextSize < m_ContextSize)
{
return E_INVALIDARG;
}
if (ContextUsed != NULL)
{
*ContextUsed = m_ContextSize;
}
// Some platforms have alignment requirements for
// context information, so just get data into a
// local context structure, which presumably the
// compiler will properly align.
#ifndef _X86_
CONTEXT _LocalContext;
PCONTEXT LocalContext = &_LocalContext;
memcpy(LocalContext, Context, m_ContextSize);
#else
PCONTEXT LocalContext = (PCONTEXT)Context;
#endif
if (!::SetThreadContext(OS_HANDLE(Thread), LocalContext))
{
return WIN32_LAST_STATUS();
}
return S_OK;
}
STDMETHODIMP
LiveUserDebugServices::GetProcessDataOffset(
THIS_
IN ULONG64 Process,
OUT PULONG64 Offset
)
{
if (m_PlatformId != VER_PLATFORM_WIN32_NT)
{
// XXX drewb - Equivalent?
return E_NOTIMPL;
}
NTSTATUS NtStatus;
PROCESS_BASIC_INFORMATION ProcessInformation;
NtStatus = g_NtDllCalls.
NtQueryInformationProcess(OS_HANDLE(Process),
ProcessBasicInformation,
&ProcessInformation,
sizeof(ProcessInformation),
NULL);
*Offset = (ULONG64)(ProcessInformation.PebBaseAddress);
return CONV_NT_STATUS(NtStatus);
}
STDMETHODIMP
LiveUserDebugServices::GetThreadDataOffset(
THIS_
IN ULONG64 Thread,
OUT PULONG64 Offset
)
{
if (m_PlatformId != VER_PLATFORM_WIN32_NT)
{
// XXX drewb - Equivalent?
return E_NOTIMPL;
}
NTSTATUS NtStatus;
THREAD_BASIC_INFORMATION ThreadInformation;
NtStatus = g_NtDllCalls.
NtQueryInformationThread(OS_HANDLE(Thread),
ThreadBasicInformation,
&ThreadInformation,
sizeof(ThreadInformation),
NULL);
*Offset = (ULONG64)(ThreadInformation.TebBaseAddress);
return CONV_NT_STATUS(NtStatus);
}
STDMETHODIMP
LiveUserDebugServices::DescribeSelector(
THIS_
IN ULONG64 Thread,
IN ULONG Selector,
OUT PVOID Buffer,
IN ULONG BufferSize,
OUT OPTIONAL PULONG BufferUsed
)
{
#ifdef _X86_
if (BufferSize < sizeof(LDT_ENTRY))
{
return E_INVALIDARG;
}
if (BufferUsed != NULL)
{
*BufferUsed = sizeof(LDT_ENTRY);
}
#endif
if (!::GetThreadSelectorEntry(OS_HANDLE(Thread), Selector,
(LPLDT_ENTRY)Buffer))
{
return WIN32_LAST_STATUS();
}
return S_OK;
}
STDMETHODIMP
LiveUserDebugServices::GetCurrentTimeDateN(
THIS_
OUT PULONG64 TimeDate
)
{
// On NT only: *TimeDate = USER_SHARED_DATA->SystemTime;
*TimeDate = TimeDateStampToFileTime((ULONG)time(NULL));
return S_OK;
}
STDMETHODIMP
LiveUserDebugServices::GetCurrentSystemUpTimeN(
THIS_
OUT PULONG64 UpTime
)
{
// On NT only: *UpTime = USER_SHARED_DATA->InterruptTime;
*UpTime = TimeToFileTime(GetTickCount() / 1000);
return S_OK;
}
STDMETHODIMP
LiveUserDebugServices::GetProcessUpTimeN(
THIS_
IN ULONG64 Process,
OUT PULONG64 UpTime
)
{
if (m_PlatformId == VER_PLATFORM_WIN32_NT)
{
NTSTATUS NtStatus;
KERNEL_USER_TIMES KernelUserTimes;
NtStatus = g_NtDllCalls.
NtQueryInformationProcess(OS_HANDLE(Process),
ProcessTimes,
&KernelUserTimes,
sizeof(KernelUserTimes),
NULL);
if (NT_SUCCESS(NtStatus))
{
ULONG64 SystemUpTime;
GetCurrentTimeDateN(&SystemUpTime);
*UpTime = SystemUpTime - KernelUserTimes.CreateTime.QuadPart;
}
return CONV_NT_STATUS(NtStatus);
}
else
{
return E_NOTIMPL;
}
}
STDMETHODIMP
LiveUserDebugServices::RequestBreakIn(
THIS_
IN ULONG64 Process
)
{
if (g_Kernel32Calls.DebugBreakProcess != NULL)
{
if (!g_Kernel32Calls.DebugBreakProcess(OS_HANDLE(Process)))
{
return WIN32_LAST_STATUS();
}
}
else if (g_NtDllCalls.DbgUiIssueRemoteBreakin != NULL)
{
NTSTATUS Status;
Status = g_NtDllCalls.DbgUiIssueRemoteBreakin(OS_HANDLE(Process));
return CONV_NT_STATUS(Status);
}
else
{
HANDLE Thread;
DWORD ThreadId;
LPTHREAD_START_ROUTINE BreakFn;
#if defined(_WIN64)
BreakFn = (LPTHREAD_START_ROUTINE)g_NtDllCalls.DbgBreakPoint;
#else
BreakFn = (LPTHREAD_START_ROUTINE)g_Kernel32Calls.DebugBreak;
#endif
Thread =
::CreateRemoteThread(OS_HANDLE(Process), NULL, 0, BreakFn,
NULL, 0, &ThreadId);
if (Thread != NULL)
{
::CloseHandle(Thread);
}
else
{
return WIN32_LAST_STATUS();
}
}
return S_OK;
}
STDMETHODIMP
LiveUserDebugServices::WaitForEvent(
THIS_
IN ULONG Timeout,
OUT PVOID Buffer,
IN ULONG BufferSize,
OUT OPTIONAL PULONG BufferUsed
)
{
if (BufferSize < sizeof(DEBUG_EVENT))
{
return E_INVALIDARG;
}
if (BufferUsed != NULL)
{
*BufferUsed = sizeof(DEBUG_EVENT);
}
LPDEBUG_EVENT Event = (LPDEBUG_EVENT)Buffer;
HRESULT Status = E_NOTIMPL;
if (m_DebugObject == NULL)
{
#ifndef NT_NATIVE
if (!::WaitForDebugEvent(Event, Timeout))
{
if (GetLastError() == ERROR_SEM_TIMEOUT)
{
Status = S_FALSE;
}
else
{
Status = WIN32_LAST_STATUS();
}
}
else
{
Status = S_OK;
}
#endif
}
else if (g_NtDllCalls.NtWaitForDebugEvent != NULL &&
g_NtDllCalls.DbgUiConvertStateChangeStructure != NULL)
{
NTSTATUS NtStatus;
LARGE_INTEGER NtTimeout;
DBGUI_WAIT_STATE_CHANGE StateChange;
Win32ToNtTimeout(Timeout, &NtTimeout);
NtStatus = g_NtDllCalls.NtWaitForDebugEvent(m_DebugObject, FALSE,
&NtTimeout, &StateChange);
if (NtStatus == STATUS_TIMEOUT)
{
Status = S_FALSE;
}
else if (!NT_SUCCESS(NtStatus))
{
Status = HRESULT_FROM_NT(NtStatus);
}
else
{
NtStatus = g_NtDllCalls.
DbgUiConvertStateChangeStructure(&StateChange, Event);
// If the conversion fails we'll lose an event, but
// there's nothing else that can be done. Conversion
// failures will only occur in out-of-resource situations
// so normal debugging will not be affected.
Status = CONV_NT_STATUS(NtStatus);
}
}
if (Status != S_OK)
{
return Status;
}
m_EventProcessId = Event->dwProcessId;
m_EventThreadId = Event->dwThreadId;
#ifdef DBG_WAITFOREVENT
g_NtDllCalls.DbgPrint("Event %d for %X.%X\n",
Event->dwDebugEventCode, Event->dwProcessId,
Event->dwThreadId);
#endif
// If this is responding to a remote request then
// we can't return file handles.
if (m_Remote)
{
switch(Event->dwDebugEventCode)
{
case CREATE_PROCESS_DEBUG_EVENT:
::CloseHandle(Event->u.CreateProcessInfo.hFile);
Event->u.CreateProcessInfo.hFile = NULL;
break;
case LOAD_DLL_DEBUG_EVENT:
::CloseHandle(Event->u.LoadDll.hFile);
Event->u.LoadDll.hFile = NULL;
break;
}
}
return S_OK;
}
STDMETHODIMP
LiveUserDebugServices::ContinueEvent(
THIS_
IN ULONG ContinueStatus
)
{
#ifdef DBG_WAITFOREVENT
g_NtDllCalls.DbgPrint("Continue event for %X.%X\n",
m_EventProcessId, m_EventThreadId);
#endif
if (m_EventProcessId == 0)
{
return E_UNEXPECTED;
}
if (m_DebugObject != NULL && g_NtDllCalls.NtDebugContinue != NULL)
{
NTSTATUS NtStatus;
CLIENT_ID ClientId;
ClientId.UniqueProcess = UlongToHandle(m_EventProcessId);
ClientId.UniqueThread = UlongToHandle(m_EventThreadId);
NtStatus = g_NtDllCalls.NtDebugContinue(m_DebugObject, &ClientId,
ContinueStatus);
if (!NT_SUCCESS(NtStatus))
{
return HRESULT_FROM_NT(NtStatus);
}
}
#ifndef NT_NATIVE
else if (!::ContinueDebugEvent(m_EventProcessId, m_EventThreadId,
ContinueStatus))
{
return WIN32_LAST_STATUS();
}
#else
else
{
return E_UNEXPECTED;
}
#endif
m_EventProcessId = 0;
return S_OK;
}
STDMETHODIMP
LiveUserDebugServices::InsertCodeBreakpoint(
THIS_
IN ULONG64 Process,
IN ULONG64 Offset,
IN ULONG MachineType,
OUT PVOID Storage,
IN ULONG StorageSize
)
{
// Generic breakpoint support is used so this method
// does not do anything.
return E_UNEXPECTED;
}
STDMETHODIMP
LiveUserDebugServices::RemoveCodeBreakpoint(
THIS_
IN ULONG64 Process,
IN ULONG64 Offset,
IN ULONG MachineType,
IN PVOID Storage,
IN ULONG StorageSize
)
{
// Generic breakpoint support is used so this method
// does not do anything.
return E_UNEXPECTED;
}
STDMETHODIMP
LiveUserDebugServices::GetFunctionTableListHead(
THIS_
IN ULONG64 Process,
OUT PULONG64 Offset
)
{
if (!g_NtDllCalls.RtlGetFunctionTableListHead)
{
*Offset = 0;
return E_NOINTERFACE;
}
else
{
*Offset = (ULONG64)(ULONG_PTR)
g_NtDllCalls.RtlGetFunctionTableListHead();
return S_OK;
}
}
STDMETHODIMP
LiveUserDebugServices::GetOutOfProcessFunctionTable(
THIS_
IN ULONG64 Process,
IN PSTR Dll,
IN ULONG64 Table,
IN OPTIONAL PVOID Buffer,
IN ULONG BufferSize,
OUT OPTIONAL PULONG TableSize
)
{
#if !defined(NT_NATIVE) && defined(OUT_OF_PROCESS_FUNCTION_TABLE_CALLBACK_EXPORT_NAME)
HRESULT Status;
NTSTATUS NtStatus;
HMODULE DllHandle;
POUT_OF_PROCESS_FUNCTION_TABLE_CALLBACK Callback;
ULONG Entries;
PRUNTIME_FUNCTION Functions;
if ((DllHandle = LoadLibrary(Dll)) == NULL)
{
return WIN32_LAST_STATUS();
}
Callback = (POUT_OF_PROCESS_FUNCTION_TABLE_CALLBACK)GetProcAddress
(DllHandle, OUT_OF_PROCESS_FUNCTION_TABLE_CALLBACK_EXPORT_NAME);
if (!Callback)
{
Status = WIN32_LAST_STATUS();
goto Exit;
}
NtStatus = Callback(OS_HANDLE(Process), (PVOID)(ULONG_PTR)Table,
&Entries, &Functions);
if (!NT_SUCCESS(NtStatus))
{
Status = HRESULT_FROM_NT(NtStatus);
goto Exit;
}
if (Functions == NULL)
{
Status = E_NOINTERFACE;
goto Exit;
}
Status = FillDataBuffer(Functions, Entries * sizeof(RUNTIME_FUNCTION),
Buffer, BufferSize, TableSize);
// RtlProcessHeap turns into a TEB reference so it doesn't
// need to (and can't) be a dynamic reference.
g_NtDllCalls.RtlFreeHeap(RtlProcessHeap(), 0, Functions);
Exit:
FreeLibrary(DllHandle);
return Status;
#else
return E_UNEXPECTED;
#endif
}
//----------------------------------------------------------------------------
//
// Generated RPC proxies and stubs.
//
//----------------------------------------------------------------------------
// Generated headers.
#include "dbgsvc_p.hpp"
#include "dbgsvc_s.hpp"
#include "dbgsvc_p.cpp"
#include "dbgsvc_s.cpp"