📄 parsecrash.pl
字号:
$addr,
struct('THREAD.hTh', $addr),
struct('THREAD.ctx.reg_Sp', $addr),
struct('THREAD.ctx.reg_Lr', $addr),
struct('THREAD.ctx.reg_Pc', $addr),
struct('THREAD.bBPrio', $addr),
struct('THREAD.bCPrio', $addr),
struct('THREAD.dwStartAddr', $addr),
struct('THREAD.dwKernTime', $addr),
struct('THREAD.dwUserTime', $addr)
);
if ($g_verbose) {
for (my $cs= struct('THREAD.pcstkTop', $addr) ; $cs ; $cs = struct('CALLSTACK.pcstkNext', $cs)) {
printf("CALLSTACK proc=%08lx addr=%08lx sp=%08lx\n",
struct('CALLSTACK.pprcLast',$cs)?struct('PROCESS.hProc',struct('CALLSTACK.pprcLast',$cs)):0,
struct('CALLSTACK.retAddr',$cs),
struct('CALLSTACK.dwPrevSP',$cs));
}
}
}
package PhysicalMemory;
use Carp;
sub new {
my ($class)= @_;
return bless {}, $class;
}
sub Load {
my ($self, $fn, $base)= @_;
my $fh= IO::File->new($fn, "r") or croak "Physmem::Load $fn: $!\n";
binmode $fh;
$self->{$base}= $fh;
}
sub FindFile {
my ($self, $pofs)= @_;
for (keys %$self) {
if ($_ <= $pofs && $pofs < $_ + -s $self->{$_}) {
return ($_, $self->{$_});
}
}
croak sprintf("PhysicalMemory::FileFile(%08lx) address is not mapped\n", $pofs);
}
sub ReadData {
my ($self, $addr, $size)= @_;
my @chunks;
while ($size>0) {
my ($base, $fh)= $self->FindFile($addr);
if (!$fh) {
croak sprintf("PhysicalMemory::ReadData(%08lx) address is not mapped\n", $addr);
}
$fh->seek($addr-$base, 0) or croak sprintf("PhysicalMemory::ReadData(%08lx): seek %08lx: %s\n", $addr, $addr-$base, $!);
my $data;
$fh->read($data, $size) or croak sprintf("PhysicalMemory::ReadData(%08lx): read %08lx: %s\n", $addr, $size, $!);
push @chunks, $data;
$size -= length($data);
$addr += length($addr);
}
return join("", @chunks);
}
sub ReadByte {
my ($self, $addr)= @_;
return unpack("C", $self->ReadData($addr, 1));
}
sub ReadWord {
my ($self, $addr)= @_;
return unpack("v", $self->ReadData($addr, 2));
}
sub ReadDword {
my ($self, $addr)= @_;
return unpack("V", $self->ReadData($addr, 4));
}
sub ReadString {
my ($self, $addr)= @_;
my $data= $self->ReadData($addr, 64);
$data =~ s/\x00.*//;
return $data;
}
sub ReadWString {
my ($self, $addr)= @_;
if ($addr==0) {
return "(pnull)";
}
my $data= $self->ReadData($addr, 128);
$data= substr($data, 0, index($data, "\x00\x00\x00")+1);
$data= pack("C*", unpack("v*", $data));
return "\"".$data."\"";
}
package VirtualMemory;
use Carp;
# fedcba9876543210fedcba9876543210
# .ssssssbbbbbbbbbpppp............
sub VA_SECTION { 25 }
sub SECTION_MASK { 0x3f }
sub VA_BLOCK { 16 }
sub BLOCK_MASK { 0x1ff }
sub VA_PAGE { 12 }
sub PAGE_MASK { 0xf }
sub BAD_PAGE { ~0xf }
sub NULL_BLOCK { 0 }
sub RESERVED_BLOCK { 1 }
sub new {
my ($class, $img, $physTLBOfs, $virtSectionsOfs)= @_;
my $self= bless {
img=>$img,
physTLBOfs=>$physTLBOfs,
}, $class;
return $self;
}
sub SetSectionTable {
my ($self, $vofs)= @_;
$self->{virtSectionsOfs}= $vofs;
}
sub PhysicalToVirtual {
}
sub VirtualToPhysical {
my ($self, $vofs)= @_;
if ($vofs<0x80000000 || ($vofs>=0xc2000000 && $vofs<0xc4000000)) {
return $self->SectionVirtualToPhysical($vofs);
}
else {
return $self->TLBVirtualToPhysical($vofs);
}
}
sub SectionVirtualToPhysical {
my ($self, $vofs)= @_;
my $ixSection= ($vofs >> VA_SECTION);
$ixSection= 0xb3 if ($ixSection==0x62); # SECURE_SECTION -> KINX_NKSECTION
my $ixBlock = ($vofs >> VA_BLOCK) & BLOCK_MASK;
my $ixPage = ($vofs >> VA_PAGE) & PAGE_MASK;
my $pscn = $self->ReadDword($self->{virtSectionsOfs} + 4*$ixSection);
my $pmb = $self->ReadDword($pscn+4*$ixBlock);
if ($pmb==NULL_BLOCK) {
croak sprintf("SectionVirtualToPhysical(%08lx) : NULL_BLOCK", $vofs);
}
if ($pmb==RESERVED_BLOCK) {
croak sprintf("SectionVirtualToPhysical(%08lx) : RESERVED_BLOCK", $vofs);
}
my $apages= main::struct("MemBlock.aPages", $pmb);
my $dwPageentry= $self->ReadDword($apages+4*$ixPage);
if ($dwPageentry==BAD_PAGE) {
croak sprintf("SectionVirtualToPhysical(%08lx) : BAD_PAGE", $vofs);
}
if ($dwPageentry==0 ) {
croak sprintf("SectionVirtualToPhysical(%08lx) : NULL_PAGE", $vofs);
}
if (($dwPageentry&0xfff00000)==0xfff00000) {
croak sprintf("SectionVirtualToPhysical(%08lx) : invalid memory", $vofs);
}
return ($vofs&0xfff)|($dwPageentry&0xfffff000);
}
sub isValidPtr {
my ($self, $vofs)= @_;
return 0 if ($vofs<0x10000);
return 0 if ($vofs&3);
eval { $self->VirtualToPhysical($vofs); };
return (!$@);
}
sub TLBVirtualToPhysical {
my ($self, $vofs)= @_;
my $firstLevelIndex= $vofs>>20;
my $firstLevelDescriptor= $self->{img}->ReadDword($self->{physTLBOfs}+$firstLevelIndex*4);
for ($firstLevelDescriptor&3) {
if ($_==0) {
croak sprintf("v2p1 %08lx : %08lx -> ignore entry\n", $vofs, $firstLevelDescriptor);
}
elsif ($_==1) {
return $self->CoarseEntry($vofs, $firstLevelDescriptor);
}
elsif ($_==2) {
return $self->SectionEntry($vofs, $firstLevelDescriptor);
}
elsif ($_==3) {
return $self->FineEntry($vofs, $firstLevelDescriptor);
}
}
}
sub CoarseEntry {
my ($self, $vofs, $firstLevelDescriptor)= @_;
my $secondLevelIndex= ($vofs>>12)&0xff;
my $pagetable= $firstLevelDescriptor&0xfffffc00;
my $secondLevelDescriptor= $self->{img}->ReadDword($pagetable+$secondLevelIndex*4);
return $self->SecondLevelPagetable($vofs, $secondLevelDescriptor);
}
sub SectionEntry {
my ($self, $vofs, $firstLevelDescriptor)= @_;
my $sectionbase= $firstLevelDescriptor&0xfff00000;
return $sectionbase | ($vofs&0xfffff);
}
sub FineEntry {
my ($self, $vofs, $firstLevelDescriptor)= @_;
my $secondLevelIndex= ($vofs>>10)&0x3ff;
my $pagetable= $firstLevelDescriptor&0xfffff000;
my $secondLevelDescriptor= $self->{img}->ReadDword($pagetable+$secondLevelIndex*4);
return $self->SecondLevelPagetable($vofs, $secondLevelDescriptor);
}
sub SecondLevelPagetable {
my ($self, $vofs, $secondLevelDescriptor)= @_;
for ($secondLevelDescriptor&3) {
if ($_==0) {
croak sprintf("v2p2: %08lx : %08lx -> ignore entry\n", $vofs, $secondLevelDescriptor);
}
elsif ($_==1) {
return $self->LargePage($vofs, $secondLevelDescriptor);
}
elsif ($_==2) {
return $self->SmallPage($vofs, $secondLevelDescriptor);
}
elsif ($_==3) {
return $self->TinyPage($vofs, $secondLevelDescriptor);
}
}
}
sub LargePage {
my ($self, $vofs, $secondLevelDescriptor)= @_;
return ($secondLevelDescriptor&0xffff0000) | ($vofs&0xffff);
}
sub SmallPage {
my ($self, $vofs, $secondLevelDescriptor)= @_;
return ($secondLevelDescriptor&0xfffff000) | ($vofs&0xfff);
}
sub TinyPage {
my ($self, $vofs, $secondLevelDescriptor)= @_;
return ($secondLevelDescriptor&0xfffffc00) | ($vofs&0x3ff);
}
###############################
# todo: these functions don't handle page boundaries.
sub ReadData {
my ($self, $vofs, @args)= @_;
return $self->{img}->ReadData($self->VirtualToPhysical($vofs), @args);
}
sub ReadByte {
my ($self, $vofs, @args)= @_;
return $self->{img}->ReadByte($self->VirtualToPhysical($vofs), @args);
}
sub ReadWord {
my ($self, $vofs, @args)= @_;
return $self->{img}->ReadWord($self->VirtualToPhysical($vofs), @args);
}
sub ReadDword {
my ($self, $vofs, @args)= @_;
return $self->{img}->ReadDword($self->VirtualToPhysical($vofs), @args);
}
sub ReadString {
my ($self, $vofs, @args)= @_;
return $self->{img}->ReadString($self->VirtualToPhysical($vofs), @args);
}
sub ReadWString {
my ($self, $vofs, @args)= @_;
if ($vofs==0) {
return "(vnull)";
}
my $str;
eval {
$str= $self->{img}->ReadWString($self->VirtualToPhysical($vofs), @args);
};
if ($@) {
return "(invalid)";
}
return $str;
}
package main;
__DATA__
# z:/sources/wince500/PRIVATE/WINCEOS/COREOS/NK/INC/nkarm.h
!kdata
0xFFFD0000 firstpagetabel
# 0xFFFD4000 - disabled for protection
0xFFFE0000 secondpagetabel
# 0xFFFE4000 - disabled for protection
0xFFFF0000 exceptionvectors
# 0xFFFF0400 - not used (r/o)
# 0xFFFF1000 - disabled for protection
# 0xFFFF2000 - r/o (physical overlaps with vectors)
# 0xFFFF2400 - Interrupt stack (1k)
# 0xFFFF2800 - r/o (physical overlaps with Abort stack & FIQ stack)
# 0xFFFF3000 - disabled for protection
# 0xFFFF4000 - r/o (physical memory overlaps with vectors & intr. stack & FIQ stack)
# 0xFFFF4900 - Abort stack (2k - 256 bytes)
# 0xFFFF5000 - disabled for protection
# 0xFFFF6000 - r/o (physical memory overlaps with vectors & intr. stack)
# 0xFFFF6800 - FIQ stack (256 bytes)
# 0xFFFF6900 - r/o (physical memory overlaps with Abort stack)
# 0xFFFF7000 - disabled
# 0xFFFFC000 - kernel stack
# 0xFFFFC800 - KDataStruct
0xFFFFC800 lpvTls Current thread local storage pointer
0xFFFFC804 ahSys_W32
0xFFFFC808 hCurThread
0xFFFFC80C hCurProc
0xFFFFC810 ahSys_KW32
0xFFFFC884 bResched reschedule flag
0xFFFFC885 cNest kernel exception nesting
0xFFFFC886 bPowerOff TRUE during "power off" processing
0xFFFFC887 bProfileOn TRUE if profiling enabled
0xFFFFC888 unused
0xFFFFC88C rsvd2 was DiffMSec
0xFFFFC890 pCurPrc ptr to current PROCESS struct
0xFFFFC894 pCurThd ptr to current THREAD struct
0xFFFFC898 dwKCRes
0xFFFFC89C handleBase handle table base address
0xFFFFC8A0 aSections section table for virutal memory
0xFFFFC9A0 alpeIntrEvents
0xFFFFCA20 alpvIntrData
0xFFFFCAA0 pAPIReturn direct API return address for kernel mode
0xFFFFCAA4 pMap ptr to MemoryMap array
0xFFFFCAA8 dwInDebugger !0 when in debugger
0xFFFFCAAC pCurFPUOwner current FPU owner
0xFFFFCAB0 pCpuASIDPrc current ASID proc
0xFFFFCAB4 nMemForPT Memory used for PageTables
0xFFFFCAB8 aPend1
0xFFFFCABC aPend2
0xFFFFCAC0 alPad
# z:/sources/wince500/PUBLIC/COMMON/OAK/INC/pkfuncs.h
0xFFFFCB00 KINX_PROCARRAY address of process array
0xFFFFCB04 KINX_PAGESIZE system page size
0xFFFFCB08 KINX_PFN_SHIFT shift for page # in PTE
0xFFFFCB0C KINX_PFN_MASK mask for page # in PTE
0xFFFFCB10 KINX_PAGEFREE # of free physical pages
0xFFFFCB14 KINX_SYSPAGES # of pages used by kernel
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -