dumprom.cpp

wince 内核dump程序

DWORD MemoryMap::GetDword(DWORD offset)
{
    DWORD *p= (DWORD*)GetPtr(offset);
    if (p==NULL)
        return 0;
    return *p;
}
void *MemoryMap::GetPtr(DWORD offset)
{
    for (MemoryBlockVector::iterator i=m_blocks.begin() ; i!=m_blocks.end(); ++i)
    {
        if ((*i).InRange(offset)) {
            return (*i).data+(offset-(*i).start);
        }
    }
    printf("ERROR: could not find pointer for ofs %08lx\n", offset);
    return NULL;
}
DWORD MemoryMap::GetOfs(void *ptr)
{
    for (MemoryBlockVector::iterator i=m_blocks.begin() ; i!= m_blocks.end() ; ++i)
    {
        if ((*i).data <= ptr && ptr < (*i).data+(*i).length)
        {
            return ((BYTE*)ptr - (*i).data) + (*i).start;
        }
    }
    printf("ERROR: could not find offset for ptr %08lx\n", (DWORD)ptr);
    return 0;
}

DWORD MemoryMap::FirstAddress()
{
    MemoryBlockVector::iterator i=m_blocks.begin();

    return (*i).start;
}
DWORD MemoryMap::LastAddress()
{
    MemoryBlockVector::reverse_iterator i=m_blocks.rbegin();
    return (*i).end;
}
MemoryMapIterator MemoryMap::begin()
{
    return MemoryMapIterator(m_blocks.begin(), m_blocks.end());
}
const MemoryMapIterator MemoryMap::end()
{
    return MemoryMapIterator(m_blocks.end(), m_blocks.end());
}

// -----------------------------------------------------------------------------
// -----------------------------------------------------------------------------

MemRegion& MemRegions::MarkRange(DWORD start, DWORD end, const char *msg, ...)
{
    va_list ap;
    va_start(ap, msg);
    MemRegion& r= MarkRegion_v(start, end-start, msg, ap);
    va_end(ap);

    return r;
}
MemRegion& MemRegions::MarkRegion(DWORD start, DWORD length, const char *msg, ...)
{
    va_list ap;
    va_start(ap, msg);
    MemRegion& r= MarkRegion_v(start, length, msg, ap);
    va_end(ap);

    return r;
}
MemRegion& MemRegions::MarkRegion_v(DWORD start, DWORD length, const char *msg, va_list ap)
{
    char msgbuf[1024];
    _vsnprintf(msgbuf, 1024, msg, ap);

    if (start==0) {
        printf("start=0\n");
    }
    //printf("region %08lx-%08lx %s\n", start, length, msgbuf);

    MemRegion *m= new MemRegion(start, start+length);
    m->description= new string(msgbuf);
    if (m->description==NULL)
    {
        printf("error allocating memory\n");
    }

    m_list.push_back(*m);

    return *m;
}
void bytedump(DWORD start, DWORD end)
{
    for (DWORD ofs= start; ofs<end ; ++ofs)
        printf(" %02x", g_mem.GetByte(ofs));
}
string dworddumpasstring(DWORD start, DWORD end)
{
    string s;
    char buf[10];

    for (DWORD ofs= start ; ofs<(end&~3) ; ofs+=4)
    {
        _snprintf(buf, 10, " %08lx", g_mem.GetDword(ofs));
        s += buf;
    }
    return s;
}

void dworddump(DWORD start, DWORD end)
{
    if (start&3)
    {
        bytedump(start, min(end, (start&~3)+4));

        start= min(end, (start&~3)+4);
    }
    for (DWORD ofs= start ; ofs<(end&~3) ; ofs+=4)
        printf(" %08lx", g_mem.GetDword(ofs));

    if (end&3)
        bytedump(end&~3, end);
}
void MemRegions::DumpMemoryMap()
{
    sort(m_list.begin(), m_list.end());

    DWORD offset= g_mem.FirstAddress();
    for (MemRegionVector::iterator i=m_list.begin() ; i!=m_list.end() ; ++i)
    {
        if (offset < (*i).start) {
            MemRegion m(offset, (*i).start);
            if ( ((*i).start & 3)==0 && (*i).start - offset < 4)
            {
                if (g_verbose>0) {
                    printf("\t%08lx - %08lx L%08lx alignment", m.start, m.end, m.length);
                    if (m.FirstNonzero()!=m.end)
                        bytedump(m.start, m.end);
                }
            }
            else
            {
                DWORD firstnz= max(m.start, m.FirstNonzero() & ~3);
                DWORD lastnz= min(m.end, (m.LastNonzero() & ~3)+4);
                if (firstnz==m.end)
                    printf("\n%08lx - %08lx L%08lx NUL", m.start, m.end, m.length);
                else {
                    if (firstnz != m.start)
                        printf("\n%08lx - %08lx L%08lx NUL", m.start, firstnz, firstnz-m.start);
                    printf("\n%08lx - %08lx L%08lx unknown", firstnz, lastnz, lastnz-firstnz);
                    if (lastnz-firstnz<16)
                        bytedump(firstnz, lastnz);
                    else if (lastnz-firstnz<64)
                        dworddump(firstnz, lastnz);
                    if (lastnz != m.end)
                        printf("\n%08lx - %08lx L%08lx NUL", lastnz, m.end, m.end-lastnz);
                }
            }
        }
        else if (offset > (*i).start) {
            printf("\n!!! overlap of %ld bytes\n", offset-(*i).start );
        }

        printf("\n%08lx - %08lx L%08lx %s", (*i).start, (*i).end, (*i).length, (*i).description->c_str());

        offset= (*i).end;
    }

    if (offset<g_mem.LastAddress())
    {
        printf("\n%08lx - %08lx unknown", offset, g_mem.LastAddress());
    }
    printf("\n");
}
// -----------------------------------------------------------------------------
// -----------------------------------------------------------------------------

// from c:\local\wince420\PUBLIC/COMMON/OAK/INC/PEHDR.H
struct info {                       /* Extra information header block      */
    unsigned long   rva;            /* Virtual relative address of info    */
    unsigned long   size;           /* Size of information block           */
};

// from c:\local\wince420\PUBLIC/COMMON/OAK/INC/ROMLDR.H
#define ROM_SIGNATURE_OFFSET 64
#define ROM_SIGNATURE 0x43454345

#define ROM_EXTRA 9

typedef struct e32_rom {
    unsigned short  e32_objcnt;     /* Number of memory objects            */
    unsigned short  e32_imageflags; /* Image flags                         */
    unsigned long   e32_entryrva;   /* Relative virt. addr. of entry point */
    unsigned long   e32_vbase;      /* Virtual base address of module      */
    unsigned short  e32_subsysmajor;/* The subsystem major version number  */
    unsigned short  e32_subsysminor;/* The subsystem minor version number  */

    unsigned long   e32_stackmax;   /* Maximum stack size                  */
    unsigned long   e32_vsize;      /* Virtual size of the entire image    */
    unsigned long   e32_sect14rva;  /* section 14 rva */
    unsigned long   e32_sect14size; /* section 14 size */

    struct info     e32_unit[ROM_EXTRA]; /* Array of extra info units      */
    unsigned short  e32_subsys;     /* The subsystem type                  */
} e32_rom;

// o32_flags
#define IMAGE_SCN_COMPRESSED                 0x00002000  // Section is compressed
typedef struct o32_rom {
    unsigned long       o32_vsize;      /* Virtual memory size              */
    unsigned long       o32_rva;        /* Object relative virtual address  */
    unsigned long       o32_psize;      /* Physical file size of init. data */
    unsigned long       o32_dataptr;    /* Image pages offset               */
    unsigned long   o32_realaddr;       /* pointer to actual                */
    unsigned long       o32_flags;      /* Attribute flags for the object   */
} o32_rom;


typedef struct ROMHDR {
    ULONG   dllfirst;               // first DLL address
    ULONG   dlllast;                // last DLL address
    ULONG   physfirst;              // first physical address
    ULONG   physlast;               // highest physical address
    ULONG   nummods;                // number of TOCentry's
    ULONG   ulRAMStart;             // start of RAM
    ULONG   ulRAMFree;              // start of RAM free space
    ULONG   ulRAMEnd;               // end of RAM
    ULONG   ulCopyEntries;          // number of copy section entries
    ULONG   ulCopyOffset;           // offset to copy section
    ULONG   ulProfileLen;           // length of PROFentries RAM 
    ULONG   ulProfileOffset;        // offset to PROFentries
    ULONG   numfiles;               // number of FILES
    ULONG   ulKernelFlags;          // optional kernel flags from ROMFLAGS .bib config option
    ULONG   ulFSRamPercent;         // Percentage of RAM used for filesystem 
                                        // byte 0 = #4K chunks/Mbyte of RAM for filesystem 0-2Mbytes 0-255
                                        // byte 1 = #4K chunks/Mbyte of RAM for filesystem 2-4Mbytes 0-255
                                        // byte 2 = #4K chunks/Mbyte of RAM for filesystem 4-6Mbytes 0-255
                                        // byte 3 = #4K chunks/Mbyte of RAM for filesystem > 6Mbytes 0-255

    ULONG   ulDrivglobStart;        // device driver global starting address
    ULONG   ulDrivglobLen;          // device driver global length
    USHORT  usCPUType;              // CPU (machine) Type
    USHORT  usMiscFlags;            // Miscellaneous flags
    void    *pExtensions;           // pointer to ROM Header extensions
    ULONG   ulTrackingStart;        // tracking memory starting address
    ULONG   ulTrackingLen;          // tracking memory ending address
} ROMHDR;
// followed by nummods <TOCentry>'s
typedef struct TOCentry {           // MODULE BIB section structure
    DWORD dwFileAttributes;
    FILETIME ftTime;
    DWORD nFileSize;
    LPSTR   lpszFileName;
    ULONG   ulE32Offset;            // Offset to E32 structure
    ULONG   ulO32Offset;            // Offset to O32 structure
    ULONG   ulLoadOffset;           // MODULE load buffer offset
} TOCentry, *LPTOCentry;

// followed by numfiles <TOCentry>'s
typedef struct FILESentry {         // FILES BIB section structure
    DWORD dwFileAttributes;
    FILETIME ftTime;
    DWORD nRealFileSize;
    DWORD nCompFileSize;
    LPSTR   lpszFileName;
    ULONG   ulLoadOffset;           // FILES load buffer offset
} FILESentry, *LPFILESentry;

typedef struct COPYentry {
    ULONG   ulSource;               // copy source address
    ULONG   ulDest;                 // copy destination address
    ULONG   ulCopyLen;              // copy length
    ULONG   ulDestLen;              // copy destination length 
                                    // (zero fill to end if > ulCopyLen)
} COPYentry;

// from c:\local\wince420\PUBLIC/COMMON/OAK/INC/ROMLDR.H
#define MAX_ROM                 32      // max numbler of XIPs
#define XIP_NAMELEN             32      // max name length of XIP
#define ROM_CHAIN_OFFSET        0x100   // offset for XIPCHAIN_INFO

typedef struct _XIPCHAIN_ENTRY {
    LPVOID  pvAddr;                 // address of the XIP
    DWORD   dwLength;               // the size of the XIP
    DWORD   dwMaxLength;            // the biggest it can grow to
    USHORT  usOrder;                // where to put into ROMChain_t
    USHORT  usFlags;                // flags/status of XIP
    DWORD   dwVersion;              // version info
    CHAR    szName[XIP_NAMELEN];    // Name of XIP, typically the bin file's name, w/o .bin
    DWORD   dwAlgoFlags;            // algorithm to use for signature verification
    DWORD   dwKeyLen;               // length of key in byPublicKey
    BYTE    byPublicKey[596];       // public key data
} XIPCHAIN_ENTRY, *PXIPCHAIN_ENTRY;

typedef struct _XIPCHAIN_INFO {
    DWORD cXIPs;
    //
    // may contain more than one entry, but we only need the address of first one
    //
    XIPCHAIN_ENTRY xipEntryStart;
} XIPCHAIN_INFO, *PXIPCHAIN_INFO;

#define PID_LENGTH 10
// pointed to by ROMHDR.pExtensions
typedef struct ROMPID {
  union{
    DWORD dwPID[PID_LENGTH];        // PID
    struct {
      char  name[(PID_LENGTH - 4) * sizeof(DWORD)];
      DWORD type;
      PVOID pdata;
      DWORD length;
      DWORD reserved;
    } s;
  };
  PVOID pNextExt;                 // pointer to next extension if any
} ROMPID, EXTENSION;

//----------------output structures [ how pe-exe files are structured ]
//
//  file starts with IMAGE_DOS_HEADER
// 0000000: 5a4d  0090  0003  0000  0004  0000  ffff  0000   MZ..............
// 0000010: 00b8  0000  0000  0000  0040  0000  0000  0000   ........@.......
// 0000020: 0000  0000  0000  0000  0000  0000  0000  0000   ................
// 0000030: 0000  0000  0000  0000  0000  0000  000000c0     ................
//
// followed by some dummy code
// 0000040: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68  ........!..L.!Th
// 0000050: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f  is program canno
// 0000060: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20  t be run in DOS 
// 0000070: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00  mode....$.......
//
// followed by something unknown
// 0000080: bf 1a f4 da fb 7b 9a 89 fb 7b 9a 89 fb 7b 9a 89  .....{...{...{..
// 0000090: fb 7b 9b 89 fa 7b 9a 89 66 5b ba 89 f8 7b 9a 89  .{...{..f[...{..
// 00000a0: 82 5a be 89 fa 7b 9a 89 52 69 63 68 fb 7b 9a 89  .Z...{..Rich.{..
// 00000b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
//
// followed by a 'e32_exe' struct
// followed by <e32_objcnt> 'o32_obj' structs
// followed by NUL's to align to next 512-byte boundary
// followed by data-sections, each NUL-padded to the next 512-byte boundary
//
// followed by the debug-directory


// also defined in c:\local\WINCE420\PUBLIC\COMMON\SDK\INC\winnt.h
#ifndef IMAGE_DOS_SIGNATURE
#define IMAGE_DOS_SIGNATURE                 0x5A4D      // MZ

typedef struct _IMAGE_DOS_HEADER {      // DOS .EXE header
    WORD   e_magic;                     // Magic number
    WORD   e_cblp;                      // Bytes on last page of file
    WORD   e_cp;                        // Pages in file
    WORD   e_crlc;                      // Relocations
    WORD   e_cparhdr;                   // Size of header in paragraphs
    WORD   e_minalloc;                  // Minimum extra paragraphs needed
    WORD   e_maxalloc;                  // Maximum extra paragraphs needed
    WORD   e_ss;                        // Initial (relative) SS value
    WORD   e_sp;                        // Initial SP value
    WORD   e_csum;                      // Checksum