📄 dwdmpgen.cpp
字号:
if (dwFrameCount < dwFramesReturned)
{
dwPC = csexFrames[dwFrameCount].dwReturnAddr;
pProcess = HandleToProc((HANDLE)csexFrames[dwFrameCount].dwCurProc);
++ dwFrameCount;
}
else
{
fFramesLeft = FALSE;
}
}
// Now Walk down frames until we are out of coredll.dll
// If we don't have any in coredll.dll, then we still continue
// since coredll.dll may not always be in the call stack,
// especially with retail x86.
if (fFramesLeft)
{
pMod = (MODULE *)pKData->aInfo[KINX_MODULES];
while (pMod && (pMod->lpSelf == pMod))
{
if (kdbgwcsnicmp(pMod->lpszModName, L"coredll.dll", kdbgwcslen(pMod->lpszModName)) == 0)
{
// Coredll.dll found
dwImageBase = (DWORD) ZeroPtr(pMod->BasePtr);
dwImageSize = (DWORD) pMod->e32.e32_vsize;
dwPCSlot = ZeroPtr(dwPC);
while ((dwImageBase <= dwPCSlot) && (dwPCSlot < (dwImageBase + dwImageSize)) && (fFramesLeft))
{
if (dwFrameCount < dwFramesReturned)
{
dwPC = csexFrames[dwFrameCount].dwReturnAddr;
dwPCSlot = ZeroPtr(dwPC);
pProcess = HandleToProc((HANDLE)csexFrames[dwFrameCount].dwCurProc);
++ dwFrameCount;
}
else
{
fFramesLeft = FALSE;
}
}
break;
}
pMod = pMod->pMod;
}
}
if (!fFramesLeft)
{
// Ran out of frames, in which case revert to the original PC & Process
DEBUGGERMSG (OXZONE_ALERT,(L" DwDmpGen!GetBucketParameters: WARNING: Walking out of Nk.exe walked to many frames, reverting to orignal PC, dwFrameCount=%u.\r\n", dwFrameCount));
dwPC = dwPCOriginal;
pProcess = pProcessOriginal;
}
}
}
}
if ((dwPC != dwPCOriginal) || (pProcess != pProcessOriginal))
{
DEBUGGERMSG (OXZONE_DWDMPGEN, (L" DwDmpGen!GetBucketParameters: CaptureDumpFileOnDevice API called, using different PC or Process\r\n"));
DEBUGGERMSG (OXZONE_DWDMPGEN, (L" DwDmpGen!GetBucketParameters: New PC=0x%08X, Original PC=0x%08X, New Process=0x%08X, Original Process=0x%08X\r\n",
dwPC, dwPCOriginal, (pProcess ? pProcess->hProc : 0), pProcessOriginal->hProc));
fDifferentPCorProcess = TRUE;
}
while (!fFoundMod)
{
if (dwPC && pProcess)
{
dwPC = (DWORD) MapPtrProc (dwPC, pProcess);
dwPCSlot = ZeroPtr(dwPC);
DEBUGGERMSG(OXZONE_DWDMPGEN,(L" DwDmpGen!GetBucketParameters: PC=0x%08X, ZeroPtr PC=0x%08X\r\n", dwPC, dwPCSlot));
// Get the bucket parameters for the Application
pceDmpBucketParameters->AppName = (DWORD)pProcess->lpszProcName;
pceDmpBucketParameters->AppStamp = pProcess->e32.e32_timestamp;
hRes = GetVersionInfo(pProcess->hProc, &pvsFixedInfo);
if (SUCCEEDED(hRes))
{
pceDmpBucketParameters->AppVerMS = pvsFixedInfo->dwFileVersionMS;
pceDmpBucketParameters->AppVerLS = pvsFixedInfo->dwFileVersionLS;
pceDmpBucketParameters->fDebug = (pvsFixedInfo->dwFileFlags & VS_FF_DEBUG)?1:0;
}
else
{
pceDmpBucketParameters->AppVerMS = (pProcess->e32.e32_cevermajor << 16) | (pProcess->e32.e32_ceverminor & 0xFFFF);
pceDmpBucketParameters->AppVerLS = 0;
pceDmpBucketParameters->fDebug = 0;
}
DEBUGGERMSG(OXZONE_DWDMPGEN,(L" DwDmpGen!GetBucketParameters: AppName=%s, AppStamp=0x%08X, AppVer=%d.%d.%d.%d, fDebug=%u\r\n",
(LPWSTR)pceDmpBucketParameters->AppName,
pceDmpBucketParameters->AppStamp,
(WORD)(pceDmpBucketParameters->AppVerMS >> 16),
(WORD)(pceDmpBucketParameters->AppVerMS & 0xFFFF),
(WORD)(pceDmpBucketParameters->AppVerLS >> 16),
(WORD)(pceDmpBucketParameters->AppVerLS & 0xFFFF),
pceDmpBucketParameters->fDebug));
// Get the bucket parameters for the Module, may be in a process or a DLL
// Iterate through all processes to find which one corresponds to Program Counter
for (dwProcessNumber = 0; ((dwProcessNumber < MAX_PROCESSES) && (FALSE == fFoundMod)); dwProcessNumber++)
{
// Check for valid process
if (pProcArray[dwProcessNumber].dwVMBase)
{
dwImageBase = (DWORD) pProcArray[dwProcessNumber].BasePtr;
if (dwImageBase < 0x01FFFFFF)
{
dwImageBase |= pProcArray[dwProcessNumber].dwVMBase;
}
dwImageSize = pProcArray[dwProcessNumber].e32.e32_vsize;
if ((dwImageBase <= dwPC) && (dwPC < (dwImageBase + dwImageSize)))
{
// Correct process found
// Exception occured within process, so exception module is a process
fFoundMod = TRUE;
pceDmpBucketParameters->ModName = (DWORD)pProcArray[dwProcessNumber].lpszProcName;
pceDmpBucketParameters->ModStamp = pProcArray[dwProcessNumber].e32.e32_timestamp;
pceDmpBucketParameters->Offset = dwPC - dwImageBase;
hRes = GetVersionInfo(pProcArray[dwProcessNumber].hProc, &pvsFixedInfo);
if (SUCCEEDED(hRes))
{
pceDmpBucketParameters->ModVerMS = pvsFixedInfo->dwFileVersionMS;
pceDmpBucketParameters->ModVerLS = pvsFixedInfo->dwFileVersionLS;
}
else
{
pceDmpBucketParameters->ModVerMS = (pProcArray[dwProcessNumber].e32.e32_cevermajor << 16) | (pProcArray[dwProcessNumber].e32.e32_ceverminor & 0xFFFF);
pceDmpBucketParameters->ModVerLS = 0;
}
}
}
}
if (FALSE == fFoundMod)
{
// Exception occured in a loaded DLL, find correct module
pMod = (MODULE *)pKData->aInfo[KINX_MODULES];
while (pMod && (pMod->lpSelf == pMod))
{
dwImageBase = (DWORD) ZeroPtr(pMod->BasePtr);
dwImageSize = (DWORD) pMod->e32.e32_vsize;
if ((dwImageBase <= dwPCSlot) && (dwPCSlot < (dwImageBase + dwImageSize)))
{
// Correct module found
fFoundMod = TRUE;
pceDmpBucketParameters->ModName = (DWORD)pMod->lpszModName;
pceDmpBucketParameters->ModStamp = pMod->e32.e32_timestamp;
pceDmpBucketParameters->Offset = dwPCSlot - dwImageBase;
hRes = GetVersionInfo((HANDLE)pMod, &pvsFixedInfo);
if (SUCCEEDED(hRes))
{
pceDmpBucketParameters->ModVerMS = pvsFixedInfo->dwFileVersionMS;
pceDmpBucketParameters->ModVerLS = pvsFixedInfo->dwFileVersionLS;
}
else
{
pceDmpBucketParameters->ModVerMS = (pMod->e32.e32_cevermajor << 16) | (pMod->e32.e32_ceverminor & 0xFFFF);
pceDmpBucketParameters->ModVerLS = 0;
}
break;
}
pMod = pMod->pMod;
}
}
}
if (fFoundMod)
{
// Module found
DEBUGGERMSG(OXZONE_DWDMPGEN,(L" DwDmpGen!GetBucketParameters: ModName=%s, ModStamp=0x%08X, ModVer=%d.%d.%d.%d, Offset=0x%08X\r\n",
(LPWSTR)pceDmpBucketParameters->ModName,
pceDmpBucketParameters->ModStamp,
(WORD)(pceDmpBucketParameters->ModVerMS >> 16),
(WORD)(pceDmpBucketParameters->ModVerMS & 0xFFFF),
(WORD)(pceDmpBucketParameters->ModVerLS >> 16),
(WORD)(pceDmpBucketParameters->ModVerLS & 0xFFFF),
pceDmpBucketParameters->Offset));
}
else
{
// No module found
if (fDifferentPCorProcess)
{
DEBUGGERMSG(OXZONE_ALERT,(L" DwDmpGen!GetBucketParameters: Could not find module where exception occured, trying original PC and Process\r\n"));
dwPC = dwPCOriginal;
pProcess = pProcessOriginal;
fDifferentPCorProcess = FALSE;
}
else
{
// Still no module found, error
DEBUGGERMSG(OXZONE_ALERT,(L" DwDmpGen!GetBucketParameters: Could not find module where exception occured\r\n"));
hRes = E_FAIL;
goto Exit;
}
}
}
// Get the bucket parameters for the Owner Application
pProcess = pThread->pOwnerProc;
pceDmpBucketParameters->OwnerName = (DWORD)pProcess->lpszProcName;
pceDmpBucketParameters->OwnerStamp = pProcess->e32.e32_timestamp;
hRes = GetVersionInfo(pProcess->hProc, &pvsFixedInfo);
if (SUCCEEDED(hRes))
{
pceDmpBucketParameters->OwnerVerMS = pvsFixedInfo->dwFileVersionMS;
pceDmpBucketParameters->OwnerVerLS = pvsFixedInfo->dwFileVersionLS;
}
else
{
pceDmpBucketParameters->OwnerVerMS = (pProcess->e32.e32_cevermajor << 16) | (pProcess->e32.e32_ceverminor & 0xFFFF);
pceDmpBucketParameters->OwnerVerLS = 0;
}
DEBUGGERMSG(OXZONE_DWDMPGEN,(L" DwDmpGen!GetBucketParameters: OwnerName=%s, OwnerStamp=0x%08X, OwnerVer=%d.%d.%d.%d\r\n",
(LPWSTR)pceDmpBucketParameters->OwnerName,
pceDmpBucketParameters->OwnerStamp,
(WORD)(pceDmpBucketParameters->OwnerVerMS >> 16),
(WORD)(pceDmpBucketParameters->OwnerVerMS & 0xFFFF),
(WORD)(pceDmpBucketParameters->OwnerVerLS >> 16),
(WORD)(pceDmpBucketParameters->OwnerVerLS & 0xFFFF)));
hRes = S_OK;
Exit:
DEBUGGERMSG(OXZONE_DWDMPGEN,(L"--DwDmpGen!GetBucketParameters: Leave, hRes=0x%08X\r\n", hRes));
return hRes;
}
/*----------------------------------------------------------------------------
GetCaptureDumpFileParameters
Get Parameters passed to the CaptureDumpFileOnDevice API.
----------------------------------------------------------------------------*/
HRESULT GetCaptureDumpFileParameters()
{
HRESULT hRes = E_FAIL;
HANDLE hDumpProc;
HANDLE hDumpThread;
BOOL fTrustedApp;
BYTE bTrustLevel;
PEXCEPTION_POINTERS pep;
DEBUGGERMSG(OXZONE_DWDMPGEN,(L"++DwDmpGen!GetCaptureDumpFileParameters: Enter\r\n"));
// Initialise global dump parameters to current process and thread
g_pDmpThread = pCurThread;
g_pDmpProc = pCurProc;
// Check if CaptureDumpFileOnDevice API called
if (g_fCaptureDumpFileOnDeviceCalled)
{
// Get the process and thread to dump
hDumpProc = (HANDLE)g_pExceptionRecord->ExceptionInformation[0];
hDumpThread = (HANDLE)g_pExceptionRecord->ExceptionInformation[1];
bTrustLevel = (BYTE)g_pExceptionRecord->ExceptionInformation[3];
if ((hDumpProc == (HANDLE)-1) && (hDumpThread == (HANDLE)-1))
{
// When Process ID & Thread ID are both -1 then we are passing in exception pointers to use for the dump
pep = (PEXCEPTION_POINTERS)g_pExceptionRecord->ExceptionInformation[2];
DEBUGGERMSG(OXZONE_ALERT, (L" DwDmpGen!GetCaptureDumpFileParameters: API call to ReportFault detected, Exception Pointers=0x%08X\r\n",
pep));
if (NULL == pep)
{
DEBUGGERMSG(OXZONE_ALERT, (L" DwDmpGen!GetCaptureDumpFileParameters: Exception Pointers == NULL\r\n"));
hRes = E_INVALIDARG;
goto Exit;
}
g_pExceptionRecord = pep->ExceptionRecord;
g_pContextException = pep->ContextRecord;
g_fCaptureDumpFileOnDeviceCalled = FALSE;
g_fReportFaultCalled = TRUE;
hRes = S_OK;
goto Exit;
}
DEBUGGERMSG(OXZONE_ALERT, (L" DwDmpGen!GetCaptureDumpFileParameters: API call to CaptureDumpFileOnDevice, dwProcessId=0x%08X, dwThreadId=0x%08X\r\n",
hDumpProc, hDumpThread));
KD_ASSERT(bTrustLevel == pCurProc->bTrustLevel);
if ((KERN_TRUST_FULL != bTrustLevel) || (KERN_TRUST_FULL != pCurProc->bTrustLevel))
{
// If untrusted apps call the CaptureDumpFileOnDevice API the requested process defaults to 0 (current process)
fTrustedApp = FALSE;
hDumpProc = 0;
DEBUGGERMSG(OXZONE_ALERT, (L" DwDmpGen!GetCaptureDumpFileParameters: Untrusted API call to CaptureDumpFileOnDevice, dwProcessId forced to zero\r\n",
hDumpProc, hDumpThread));
}
else
{
fTrustedApp = TRUE;
}
// Default to current process if the process ID was not set
if (0 == hDumpProc)
{
hDumpProc = hCurProc;
}
// Validate the passed in thread ID, if set
if (hDumpThread != 0)
{
g_pDmpThread = HandleToThread(hDumpThread);
if (NULL == g_pDmpThread)
{
DEBUGGERMSG(OXZONE_ALERT, (L" DwDmpGen!GetCaptureDumpFileParameters: Invalid Thread Id passed to CaptureDumpFileOnDevice, dwThreadId=0x%08X\r\n", hDumpThread));
hRes = E_INVALIDARG;
goto Exit;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -