📄 dbg.c
字号:
pkmodi->bTrustLevel = pProc->bTrustLevel;
DEBUGGERMSG(KDZONE_DBG, (TEXT("Returning name: %a, Base: %8.8lx, Size: %8.8lx, TimeStamp: %8.8lx of Executable\r\n"),
pkmodi->szName, pkmodi->ImageBase, pkmodi->ImageSize, pkmodi->dwTimeStamp));
}
else if ((void *) dwStructAddr == ((MODULE *) dwStructAddr)->lpSelf)
{ // DLL
lpMod = (MODULE *) dwStructAddr;
if ((lpMod->DbgFlags & DBG_SYMBOLS_LOADED) &&
fRedundant && !fUnloadSymbols)
{
DEBUGGERMSG(KDZONE_DBG, (TEXT("\r\nReturing redundant\r\n")));
}
kdbgWtoA(lpMod->lpszModName,lpszModuleName);
pkmodi->szName = lpszModuleName;
pkmodi->ImageBase = ZeroPtr(lpMod->BasePtr);
pkmodi->ImageSize = lpMod->e32.e32_vsize;
pkmodi->dwDllRwStart = lpMod->rwLow;
pkmodi->dwDllRwEnd = lpMod->rwHigh;
pkmodi->dwTimeStamp = lpMod->e32.e32_timestamp;
pkmodi->hDll = (HMODULE) lpMod;
pkmodi->dwInUse = lpMod->inuse;
pkmodi->wFlags = lpMod->wFlags;
pkmodi->bTrustLevel = lpMod->bTrustLevel;
}
else
{
DEBUGGERMSG(KDZONE_DBG, (TEXT("No module associated with address %8.8lx\r\n"), dwStructAddr));
return FALSE;
}
DEBUGGERMSG(KDZONE_DBG, (TEXT("Returning name: %a, Base: %8.8lx, Size: %8.8lx, TimeStamp: %8.8lx, Handle: %8.8lX of DLL\r\n"),
pkmodi->szName, pkmodi->ImageBase, pkmodi->ImageSize, pkmodi->dwTimeStamp, pkmodi->hDll));
return TRUE;
}
//////////////////////////////////////////////////////////////////
//---- OLD STYLE STATIC PROCESS AND THREAD INFORMATION CODE ----//
//////////////////////////////////////////////////////////////////
// Structures used to retrieve debug information from the kernel
#define SIG_DBGPROCINFO 0x46780002 // should go away with HANDLE_PROCESS_INFO_REQUEST
#define SIG_DBGTHREADINFO 0x46780020 // should go away with HANDLE_PROCESS_INFO_REQUEST
// @struct DBGPROCINFO | Used to return info in <f GetDbgInfo>
typedef struct _DBGPROCINFO {
DWORD dwSig; // @field Must be SIG_DBGPROCINFO
LPVOID lpProcess; // @field Ptr to process structure
ULONG ulPid; // @field PID of process
DWORD dwVMBase; // @field Start of address space
ULONG ulAccessKey; // @field Address space access permissions
LPVOID lpvBasePtr; // @field BasePtr assigned to this process
ULONG ulCurZones; // @field Cur zone mask in effect
CHAR rgbProcName[32]; // @field Process name in ASCII
} DBGPROCINFO, *LPDBGPROCINFO;
// @struct DBGTHREADINFO | Used to return info in <f GetDbgInfo>
typedef struct _DBGTHREADINFO {
DWORD dwSig; // @field Must be SIG_DBGTHREADINFO
LPVOID lpThread; // @field Ptr to thread structure
LPVOID lpvRunQPtr; // @field Ptr to RunQ if thread is blocked
UINT uThreadState; // @field State of the thread
ULONG ulAccessKey; // @field Cur access permissions
LPVOID hCurProcess; // @field Handle to process currently in
ULONG ulSleepCount; // @field Sleep time
USHORT usSuspendCount; // @field Suspend time
USHORT usPriority; // @field Current priority
} DBGTHREADINFO, *LPDBGTHREADINFO;
static DWORD MarshalThread(PTHREAD pthCur, LPBYTE lpbBuf, DWORD dwSize) {
LPDBGTHREADINFO lpdbgThread=(LPDBGTHREADINFO)lpbBuf;
DWORD dwUsed=0;
if (dwSize<sizeof(DBGTHREADINFO))
goto done;
// Fill fields
lpdbgThread->dwSig = SIG_DBGTHREADINFO;
lpdbgThread->lpThread = pthCur;
lpdbgThread->lpvRunQPtr = 0;
if (GET_SLEEPING(pthCur))
lpdbgThread->uThreadState = 4 + (pthCur->lpProxy != 0)
+ (pthCur->bSuspendCnt != 0) * 2;
else
lpdbgThread->uThreadState = GET_RUNSTATE(pthCur);
lpdbgThread->ulAccessKey = pthCur->aky;
lpdbgThread->ulSleepCount = pthCur->dwWakeupTime;
lpdbgThread->usSuspendCount = pthCur->bSuspendCnt;
lpdbgThread->hCurProcess = pthCur->pProc->hProc;
lpdbgThread->usPriority = pthCur->wInfo;
// accounting
dwUsed += sizeof(DBGTHREADINFO);
done:
return dwUsed;
}
static DWORD MarshalProcess(PPROCESS pProc, LPBYTE lpbBuf, DWORD dwSize) {
LPDBGPROCINFO lpdbgProc = (LPDBGPROCINFO)lpbBuf;
DWORD dwUsed=0;
PTHREAD pthCur;
if (dwSize<sizeof(DBGPROCINFO))
goto done;
// Fill fields
lpdbgProc->dwSig = SIG_DBGPROCINFO;
lpdbgProc->lpProcess = pProc;
lpdbgProc->ulPid = pProc->dwVMBase;
lpdbgProc->dwVMBase = pProc->dwVMBase;
lpdbgProc->ulAccessKey = pProc->aky;
lpdbgProc->lpvBasePtr = pProc->BasePtr;
lpdbgProc->rgbProcName[0] = '\0';
lpdbgProc->ulCurZones = pProc->ZonePtr?pProc->ZonePtr->ulZoneMask:0;
if (pProc->lpszProcName) {
int loop;
LPWSTR pTrav1;
LPSTR pTrav2;
pTrav1 = pProc->lpszProcName;
pTrav2 = lpdbgProc->rgbProcName;
for (loop = 0; (loop < sizeof(lpdbgProc->rgbProcName)-1) && *pTrav1; loop++)
*pTrav2++ = (BYTE)*pTrav1++;
*pTrav2 = 0;
}
// accounting
dwUsed += sizeof(DBGPROCINFO);
// Check for threads
for (pthCur=pProc->pTh; pthCur; pthCur=pthCur->pNextInProc)
dwUsed += MarshalThread(pthCur, lpbBuf+dwUsed, dwSize-dwUsed);
done:
return dwUsed;
}
/////////////////////////////////////////////////////
//---- FLEXIBLE PROCESS AND THREAD INFORMATION ----//
/////////////////////////////////////////////////////
typedef struct _PROC_THREAD_INFO_FIELD
{
WORD wIdentifier; // -1 is Custom field (identified by label then)
WORD wSize; // size of field in bytes
PCHAR szLabel; // field label (zero terminated string)
PCHAR szFormat; // string containing default format (printf style) to use for rendering field
} PROC_THREAD_INFO_FIELD;
// NOTE on format strings:
// the printf format is supported except the following:
// -Exceptions:
// -no I64 in the prefix
// -no * for width
// -no * for precision
// -Additions:
// -%T{N=BitFieldNameN, M=BitFieldNameM...} for bitfield description
// where bitnumbers (N and M) are in [0..63] and BitFieldNameN and BitFieldNameM are strings of char with no ","
// if bitnumber in [0..31], the BitfieldName will be display for bitnumber == 1
// if bitnumber in [32..63], the BitfieldName will be display for bitnumber == 0
// Any non described bit will be ignored
// Will display all set bitfield separated by a ,
// -%N{N=EnumElementNameN, M=EnumElementNameM...} for enumeration description
// where N and M are decimal DWORD value and EnumElementNameN and EnumElementNameM are strings of char with no ","
// Any non described enum value will be ignored
//////////////////////////////
// Process Descriptor Table //
//////////////////////////////
// Process Fields Identifiers
#define pfiStructAddr (0L) // address to the process structure itself
#define pfiProcessSlot (1L) // Slot number
#define pfiStartOfAddrSpace (2L) // VM Address space (slot) first address
#define pfiDefaultAccessKey (3L) // Default thread Access keys
#define pfiBasePtr (4L) // First exe module load address
#define pfiCurDbgZoneMasks (5L) // Current Debug Zone mask
#define pfiName (6L) // EXE Name
#define pfiCmdLine (7L) // Command line
#define pfiTrustLevel (8L) // Trust level
#define pfiHandle (9L) // Process handle
#define pfiTlsUsageBitMaskL (10L) // First 32 TLS slots usage bit mask
#define pfiTlsUsageBitMaskH (11L) // Second 32 TLS slots usage bit mask
#define pfiUserDefined (-1L) // field identified by its label
PROC_THREAD_INFO_FIELD ProcessDescriptorTable [] =
{
{
pfiProcessSlot,
sizeof (BYTE),
"ProcSlot#",
"%u"
},
{
pfiName,
32L,
"Name",
"%s"
},
{
pfiStartOfAddrSpace,
sizeof (DWORD),
"VMBase",
"0x%08lX"
},
{
pfiDefaultAccessKey,
sizeof (ULONG),
"AccessKey",
"0x%08lX"
},
{
pfiTrustLevel,
sizeof (BYTE),
"TrustLevel",
"%N{0=None,1=Run,2=Full}"
},
{
pfiHandle,
sizeof (HANDLE),
"hProcess",
"0x%08lX"
},
{
pfiBasePtr,
sizeof (LPVOID),
"BasePtr",
"0x%08lX"
},
{
pfiTlsUsageBitMaskL,
sizeof (DWORD),
"TlsUseL32b",
"0x%08lX"
},
{
pfiTlsUsageBitMaskH,
sizeof (DWORD),
"TlsUseH32b",
"0x%08lX"
},
{
pfiCurDbgZoneMasks,
sizeof (ULONG),
"CurZoneMask",
"0x%08lX"
},
{
pfiStructAddr,
sizeof (LPVOID),
"pProcess",
"0x%08lX"
},
{
pfiCmdLine,
128L,
"CmdLine",
"%s"
},
};
/////////////////////////////
// Thread Descriptor Table //
/////////////////////////////
// Thread Fields Identifiers
#define tfiStructAddr (0L) // address to the thread structure itself
#define tfiRunState (1L) // Running / Sleeping / Blocked / Killed states of the thread
#define tfiAddrSpaceAccessKey (2L) // Current access key for handles and memory access
#define tfiHandleCurrentProcessRunIn (3L) // Current process running in
#define tfiSleepCount (4L) // Sleep count
#define tfiSuspendCount (5L) // Suspend count
#define tfiCurrentPriority (6L) // Current priority
#define tfiInfo (7L) // Information status bits
#define tfiBasePriority (8L) // Base priority
#define tfiWaitState (9L) // Wait state
#define tfiHandleOwnerProc (10L) // Handle to the process owning the thread
#define tfiTlsPtr (11L) // Thread local storage block pointer
#define tfiKernelTime (12L) // Accumulated time spend in kernel mode
#define tfiUserTime (13L) // Accumulated time spend in user mode
#define tfiHandle (14L) // Thread handle
#define tfiLastError (15L) // Last error
#define tfiStackBase (16L) // Stack base address
#define tfiStackLowBound (17L) // Lower bound of commited stack space
#define tfiCreationTimeMSW (18L) // MSW of Creation timestamp
#define tfiCreationTimeLSW (19L) // LSW of Creation timestamp
#define tfiQuantum (20L) // Quantum
#define tfiQuantumLeft (21L) // Quantum left
#define tfiPC (22L) // Program Counter / Instruction Pointer
#define tfiUserDefined (-1L) // field identified by its label
PROC_THREAD_INFO_FIELD ThreadDescriptorTable [] =
{
{
tfiStructAddr,
sizeof (LPVOID),
"pThread",
"0x%08lX"
},
{
tfiRunState,
sizeof (WORD),
"RunState",
"%T{4=Dying,5=Dead,6=Buried,7=Slpg,39=Awak,0=Rung,1=Runab,2=RunBlkd,3=RunNeeds}"
},
{
tfiInfo,
sizeof (WORD),
"InfoStatus",
"%T{38=UMode,6=KMode,8=StkFlt,12=UsrBlkd,15=Profd}"
},
{
tfiHandle,
sizeof (HANDLE),
"hThread",
"0x%08lX"
},
{
tfiWaitState,
sizeof (BYTE),
"WaitState",
"%N{0=Signalled,1=Processing,2=Blocked}"
},
{
tfiAddrSpaceAccessKey,
sizeof (ACCESSKEY),
"AccessKey",
"0x%08lX"
},
{
tfiHandleCurrentProcessRunIn,
sizeof (HANDLE),
"hCurProcIn",
"0x%08lX"
},
{
tfiHandleOwnerProc,
sizeof (HANDLE),
"hOwnerProc",
"0x%08lX"
},
{
tfiCurrentPriority,
sizeof (BYTE),
"CurPrio",
"%u"
},
{
tfiBasePriority,
sizeof (BYTE),
"BasePrio",
"%u"
},
{
tfiKernelTime,
sizeof (DWORD),
"KernelTime",
"%lu"
},
{
tfiUserTime,
sizeof (DWORD),
"UserTime",
"%lu"
},
{
tfiQuantum,
sizeof (DWORD),
"Quantum",
"%lu"
},
{
tfiQuantumLeft,
sizeof (DWORD),
"QuantuLeft",
"%lu"
},
{
tfiSleepCount,
sizeof (DWORD),
"SleepCount",
"%lu"
},
{
tfiSuspendCount,
sizeof (BYTE),
"SuspendCount",
"%u"
},
{
tfiTlsPtr,
sizeof (LPDWORD),
"TlsPtr",
"0x%08lX"
},
{
tfiLastError,
sizeof (DWORD),
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -