Rizin
unix-like reverse engineering framework and cli tools
Macros | Functions | Variables
bin_dmp64.c File Reference
#include <rz_types.h>
#include <rz_util.h>
#include <rz_util/rz_print.h>
#include <rz_lib.h>
#include <rz_bin.h>
#include "dmp/dmp64.h"

Go to the source code of this file.

Macros

#define FIELD_COMMENT(header, field, comment)    rz_list_append(fields, rz_bin_field_new(rz_offsetof(header, field), rz_offsetof(header, field), sizeof(((header *)0)->field), #field, comment, sizeof(((header *)0)->field) == 4 ? "x" : "q", false));
 
#define FIELD(header, field)   FIELD_COMMENT(header, field, NULL)
 

Functions

static Sdbget_sdb (RzBinFile *bf)
 
static void destroy (RzBinFile *bf)
 
static void header (RzBinFile *bf)
 
static RzListstrings (RzBinFile *bf)
 
static RzListfields (RzBinFile *bf)
 
static RzBinInfoinfo (RzBinFile *bf)
 
static RzListmaps (RzBinFile *bf)
 
static RzListlibs (RzBinFile *bf)
 
static int file_type (RzBinFile *bf)
 
static char * regstate (RzBinFile *bf)
 
static bool load_buffer (RzBinFile *bf, RzBinObject *obj, RzBuffer *buf, Sdb *sdb)
 
static bool check_buffer (RzBuffer *b)
 

Variables

RzBinPlugin rz_bin_plugin_dmp64
 
RZ_API RzLibStruct rizin_plugin
 

Macro Definition Documentation

◆ FIELD

#define FIELD (   header,
  field 
)    FIELD_COMMENT(header, field, NULL)

◆ FIELD_COMMENT

#define FIELD_COMMENT (   header,
  field,
  comment 
)     rz_list_append(fields, rz_bin_field_new(rz_offsetof(header, field), rz_offsetof(header, field), sizeof(((header *)0)->field), #field, comment, sizeof(((header *)0)->field) == 4 ? "x" : "q", false));

Function Documentation

◆ check_buffer()

static bool check_buffer ( RzBuffer b)
static

Definition at line 268 of file bin_dmp64.c.

268  {
269  ut8 magic[8];
270  if (rz_buf_read_at(b, 0, magic, sizeof(magic)) == 8) {
271  return !memcmp(magic, DMP64_MAGIC, 8);
272  }
273  return false;
274 }
DMP64_MAGIC
#define DMP64_MAGIC
Definition: dmp_specs.h:11
ut8
uint8_t ut8
Definition: lh5801.h:11
rz_buf_read_at
RZ_API st64 rz_buf_read_at(RZ_NONNULL RzBuffer *b, ut64 addr, RZ_NONNULL RZ_OUT ut8 *buf, ut64 len)
Read len bytes of the buffer at the specified address.
Definition: buf.c:1136
b
#define b(i)
Definition: sha256.c:42

References b, DMP64_MAGIC, and rz_buf_read_at().

◆ destroy()

static void destroy ( RzBinFile bf)
static

Definition at line 18 of file bin_dmp64.c.

18  {
19  rz_bin_dmp64_free((struct rz_bin_dmp64_obj_t *)bf->o->bin_obj);
20 }
rz_bin_dmp64_free
void rz_bin_dmp64_free(struct rz_bin_dmp64_obj_t *obj)
Definition: dmp64.c:312
rz_bin_dmp64_obj_t
Definition: dmp64.h:24
rz_bin_file_t::o
RzBinObject * o
Definition: rz_bin.h:305
rz_bin_object_t::bin_obj
void * bin_obj
Definition: rz_bin.h:293

References rz_bin_object_t::bin_obj, rz_bin_file_t::o, and rz_bin_dmp64_free().

◆ fields()

static RzList* fields ( RzBinFile bf)
static

Definition at line 87 of file bin_dmp64.c.

87  {
88  RzList *fields = rz_list_newf((RzListFree)rz_bin_field_free);
89  struct rz_bin_dmp64_obj_t *obj = (struct rz_bin_dmp64_obj_t *)bf->o->bin_obj;
90 #define FIELD_COMMENT(header, field, comment) \
91  rz_list_append(fields, rz_bin_field_new(rz_offsetof(header, field), rz_offsetof(header, field), sizeof(((header *)0)->field), #field, comment, sizeof(((header *)0)->field) == 4 ? "x" : "q", false));
92 #define FIELD(header, field) FIELD_COMMENT(header, field, NULL)
93 
94  FIELD(dmp64_header, MajorVersion);
95  FIELD(dmp64_header, MinorVersion);
96  FIELD(dmp64_header, DirectoryTableBase);
97  FIELD(dmp64_header, PfnDataBase);
98  FIELD(dmp64_header, PsLoadedModuleList);
99  FIELD(dmp64_header, PsActiveProcessHead);
100  FIELD(dmp64_header, MachineImageType);
101  FIELD(dmp64_header, NumberProcessors);
102  FIELD_COMMENT(dmp64_header, BugCheckCode, rz_bin_dmp64_bugcheckcode_as_str(obj->header->BugCheckCode));
103  FIELD(dmp64_header, BugCheckParameter1);
104  FIELD(dmp64_header, BugCheckParameter2);
105  FIELD(dmp64_header, BugCheckParameter3);
106  FIELD(dmp64_header, BugCheckParameter4);
107  FIELD(dmp64_header, KdDebuggerDataBlock);
108  FIELD(dmp64_header, DumpType);
109  FIELD(dmp64_header, SecondaryDataState);
110  FIELD(dmp64_header, ProductType);
111  FIELD(dmp64_header, SuiteMask);
112 
113  if (obj->bmp_header) {
114  FIELD(dmp_bmp_header, FirstPage);
115  FIELD(dmp_bmp_header, Pages);
116  FIELD(dmp_bmp_header, TotalPresentPages);
117  } else if (obj->triage64_header) {
118  FIELD(dmp64_triage, ServicePackBuild);
119  FIELD(dmp64_triage, SizeOfDump);
120  FIELD(dmp64_triage, ValidOffset);
121  FIELD(dmp64_triage, ContextOffset);
122  FIELD(dmp64_triage, ExceptionOffset);
123  FIELD(dmp64_triage, MmOffset);
124  FIELD(dmp64_triage, UnloadedDriversOffset);
125  FIELD(dmp64_triage, PrcbOffset);
126  FIELD(dmp64_triage, ProcessOffset);
127  FIELD(dmp64_triage, ThreadOffset);
128  FIELD(dmp64_triage, CallStackOffset);
129  FIELD(dmp64_triage, SizeOfCallStack);
130  FIELD(dmp64_triage, DriverListOffset);
131  FIELD(dmp64_triage, DriverCount);
132  FIELD(dmp64_triage, StringPoolOffset);
133  FIELD(dmp64_triage, StringPoolSize);
134  FIELD(dmp64_triage, BrokenDriverOffset);
135  FIELD(dmp64_triage, TriageOptions);
136  FIELD(dmp64_triage, TopOfStack);
137  FIELD(dmp64_triage, ArchitectureSpecific.Ia64.BStoreOffset);
138  FIELD(dmp64_triage, ArchitectureSpecific.Ia64.SizeOfBStore);
139  FIELD(dmp64_triage, ArchitectureSpecific.Ia64.LimitOfBStore);
140  FIELD(dmp64_triage, DataPageAddress);
141  FIELD(dmp64_triage, DataPageOffset);
142  FIELD(dmp64_triage, DataPageSize);
143  FIELD(dmp64_triage, DebuggerDataOffset);
144  FIELD(dmp64_triage, DebuggerDataSize);
145  FIELD(dmp64_triage, DataBlocksOffset);
146  FIELD(dmp64_triage, DataBlocksCount);
147  }
148  return fields;
149 }
rz_bin_field_free
RZ_API void rz_bin_field_free(RzBinField *field)
Definition: bin.c:950
rz_bin_field_new
RZ_API RzBinField * rz_bin_field_new(ut64 paddr, ut64 vaddr, int size, const char *name, const char *comment, const char *format, bool format_named)
Definition: bin.c:935
FIELD
#define FIELD(header, field)
header
static void header(RzBinFile *bf)
Definition: bin_dmp64.c:22
fields
static RzList * fields(RzBinFile *bf)
Definition: bin_dmp64.c:87
FIELD_COMMENT
#define FIELD_COMMENT(header, field, comment)
rz_bin_dmp64_bugcheckcode_as_str
const char * rz_bin_dmp64_bugcheckcode_as_str(ut32 BugCheckCode)
Definition: dmp64.c:345
rz_list_newf
RZ_API RZ_OWN RzList * rz_list_newf(RzListFree f)
Returns a new initialized RzList pointer and sets the free method.
Definition: list.c:248
RzListFree
void(* RzListFree)(void *ptr)
Definition: rz_list.h:11
rz_offsetof
#define rz_offsetof(type, member)
Definition: rz_types.h:360
dmp64_header
Definition: dmp_specs.h:89
dmp64_header::BugCheckCode
ut32 BugCheckCode
Definition: dmp_specs.h:100
dmp64_triage
Definition: dmp_specs.h:170
dmp64_triage::Ia64
struct dmp64_triage::@133::@134 Ia64
dmp_bmp_header
Definition: dmp_specs.h:131
rz_bin_dmp64_obj_t::header
dmp64_header * header
Definition: dmp64.h:25
rz_bin_dmp64_obj_t::bmp_header
dmp_bmp_header * bmp_header
Definition: dmp64.h:26
rz_bin_dmp64_obj_t::triage64_header
dmp64_triage * triage64_header
Definition: dmp64.h:27
rz_list_t
Definition: rz_list.h:18

References rz_bin_object_t::bin_obj, rz_bin_dmp64_obj_t::bmp_header, dmp64_header::BugCheckCode, FIELD, FIELD_COMMENT, rz_bin_dmp64_obj_t::header, header(), dmp64_triage::Ia64, rz_bin_file_t::o, rz_bin_dmp64_bugcheckcode_as_str(), rz_bin_field_free(), rz_bin_field_new(), rz_list_newf(), rz_offsetof, and rz_bin_dmp64_obj_t::triage64_header.

◆ file_type()

static int file_type ( RzBinFile bf)
static

Definition at line 248 of file bin_dmp64.c.

248  {
249  return RZ_BIN_TYPE_CORE;
250 }
RZ_BIN_TYPE_CORE
@ RZ_BIN_TYPE_CORE
Definition: rz_bin.h:182

References RZ_BIN_TYPE_CORE.

◆ get_sdb()

static Sdb* get_sdb ( RzBinFile bf)
static

Definition at line 12 of file bin_dmp64.c.

12  {
13  rz_return_val_if_fail(bf && bf->o, NULL);
14  struct rz_bin_dmp64_obj_t *obj = (struct rz_bin_dmp64_obj_t *)bf->o->bin_obj;
15  return (obj && obj->kv) ? obj->kv : NULL;
16 }
NULL
#define NULL
Definition: cris-opc.c:27
rz_return_val_if_fail
#define rz_return_val_if_fail(expr, val)
Definition: rz_assert.h:108
rz_bin_dmp64_obj_t::kv
Sdb * kv
Definition: dmp64.h:38

References rz_bin_object_t::bin_obj, rz_bin_dmp64_obj_t::kv, NULL, rz_bin_file_t::o, and rz_return_val_if_fail.

◆ header()

static void header ( RzBinFile bf)
static

Definition at line 22 of file bin_dmp64.c.

22  {
23  struct rz_bin_dmp64_obj_t *obj = (struct rz_bin_dmp64_obj_t *)bf->o->bin_obj;
24  struct rz_bin_t *rbin = bf->rbin;
25  rbin->cb_printf("DUMP_HEADER64:\n");
26  rbin->cb_printf(" MajorVersion : 0x%08" PFMT32x "\n", obj->header->MajorVersion);
27  rbin->cb_printf(" MinorVersion : 0x%08" PFMT32x "\n", obj->header->MinorVersion);
28  rbin->cb_printf(" DirectoryTableBase : 0x%016" PFMT64x "\n", obj->header->DirectoryTableBase);
29  rbin->cb_printf(" PfnDataBase : 0x%016" PFMT64x "\n", obj->header->PfnDataBase);
30  rbin->cb_printf(" PsLoadedModuleList : 0x%016" PFMT64x "\n", obj->header->PsLoadedModuleList);
31  rbin->cb_printf(" PsActiveProcessHead : 0x%016" PFMT64x "\n", obj->header->PsActiveProcessHead);
32  rbin->cb_printf(" MachineImageType : 0x%08" PFMT32x "\n", obj->header->MachineImageType);
33  rbin->cb_printf(" NumberProcessors : 0x%08" PFMT32x "\n", obj->header->NumberProcessors);
34  rbin->cb_printf(" BugCheckCode : 0x%08" PFMT32x " (%s)\n", obj->header->BugCheckCode, rz_bin_dmp64_bugcheckcode_as_str(obj->header->BugCheckCode));
35  rbin->cb_printf(" BugCheckParameter1 : 0x%016" PFMT64x "\n", obj->header->BugCheckParameter1);
36  rbin->cb_printf(" BugCheckParameter2 : 0x%016" PFMT64x "\n", obj->header->BugCheckParameter2);
37  rbin->cb_printf(" BugCheckParameter3 : 0x%016" PFMT64x "\n", obj->header->BugCheckParameter3);
38  rbin->cb_printf(" BugCheckParameter4 : 0x%016" PFMT64x "\n", obj->header->BugCheckParameter4);
39  rbin->cb_printf(" KdDebuggerDataBlock : 0x%016" PFMT64x "\n", obj->header->KdDebuggerDataBlock);
40  rbin->cb_printf(" SecondaryDataState : 0x%08" PFMT32x "\n", obj->header->SecondaryDataState);
41  rbin->cb_printf(" ProductType : 0x%08" PFMT32x "\n", obj->header->ProductType);
42  rbin->cb_printf(" SuiteMask : 0x%08" PFMT32x "\n", obj->header->SuiteMask);
43 
44  if (obj->bmp_header) {
45  rbin->cb_printf("\nBITMAP_DUMP:\n");
46  rbin->cb_printf(" HeaderSize : 0x%08" PFMT64x "\n", obj->bmp_header->FirstPage);
47  rbin->cb_printf(" BitmapSize : 0x%08" PFMT64x "\n", obj->bmp_header->Pages);
48  rbin->cb_printf(" Pages : 0x%08" PFMT64x "\n", obj->bmp_header->TotalPresentPages);
49  } else if (obj->triage64_header) {
50  rbin->cb_printf("\nTRIAGE_DUMP64:\n");
51  rbin->cb_printf(" ServicePackBuild : 0x%08" PFMT32x "\n", obj->triage64_header->ServicePackBuild);
52  rbin->cb_printf(" SizeOfDump : 0x%08" PFMT32x "\n", obj->triage64_header->SizeOfDump);
53  rbin->cb_printf(" ValidOffset : 0x%08" PFMT32x "\n", obj->triage64_header->ValidOffset);
54  rbin->cb_printf(" ContextOffset : 0x%08" PFMT32x "\n", obj->triage64_header->ContextOffset);
55  rbin->cb_printf(" ExceptionOffset : 0x%08" PFMT32x "\n", obj->triage64_header->ExceptionOffset);
56  rbin->cb_printf(" MmOffset : 0x%08" PFMT32x "\n", obj->triage64_header->MmOffset);
57  rbin->cb_printf(" UnloadedDriversOffset : 0x%08" PFMT32x "\n", obj->triage64_header->UnloadedDriversOffset);
58  rbin->cb_printf(" PrcbOffset : 0x%08" PFMT32x "\n", obj->triage64_header->PrcbOffset);
59  rbin->cb_printf(" ProcessOffset : 0x%08" PFMT32x "\n", obj->triage64_header->ProcessOffset);
60  rbin->cb_printf(" ThreadOffset : 0x%08" PFMT32x "\n", obj->triage64_header->ThreadOffset);
61  rbin->cb_printf(" CallStackOffset : 0x%08" PFMT32x "\n", obj->triage64_header->CallStackOffset);
62  rbin->cb_printf(" SizeOfCallStack : 0x%08" PFMT32x "\n", obj->triage64_header->SizeOfCallStack);
63  rbin->cb_printf(" DriverListOffset : 0x%08" PFMT32x "\n", obj->triage64_header->DriverListOffset);
64  rbin->cb_printf(" DriverCount : 0x%08" PFMT32x "\n", obj->triage64_header->DriverCount);
65  rbin->cb_printf(" StringPoolOffset : 0x%08" PFMT32x "\n", obj->triage64_header->StringPoolOffset);
66  rbin->cb_printf(" StringPoolSize : 0x%08" PFMT32x "\n", obj->triage64_header->StringPoolSize);
67  rbin->cb_printf(" BrokenDriverOffset : 0x%08" PFMT32x "\n", obj->triage64_header->BrokenDriverOffset);
68  rbin->cb_printf(" TriageOptions : 0x%08" PFMT32x "\n", obj->triage64_header->TriageOptions);
69  rbin->cb_printf(" TopOfStack : 0x%016" PFMT64x "\n", obj->triage64_header->TopOfStack);
70  rbin->cb_printf(" BStoreOffset : 0x%08" PFMT32x "\n", rz_read_le32(&obj->triage64_header->ArchitectureSpecific.Ia64.BStoreOffset));
71  rbin->cb_printf(" SizeOfBStore : 0x%08" PFMT32x "\n", rz_read_le32(&obj->triage64_header->ArchitectureSpecific.Ia64.SizeOfBStore));
72  rbin->cb_printf(" LimitOfBStore : 0x%016" PFMT64x "\n", rz_read_le64(&obj->triage64_header->ArchitectureSpecific.Ia64.LimitOfBStore));
73  rbin->cb_printf(" DataPageAddress : 0x%016" PFMT64x "\n", obj->triage64_header->DataPageAddress);
74  rbin->cb_printf(" DataPageOffset : 0x%08" PFMT32x "\n", obj->triage64_header->DataPageOffset);
75  rbin->cb_printf(" DataPageSize : 0x%08" PFMT32x "\n", obj->triage64_header->DataPageSize);
76  rbin->cb_printf(" DebuggerDataOffset : 0x%08" PFMT32x "\n", obj->triage64_header->DebuggerDataOffset);
77  rbin->cb_printf(" DebuggerDataSize : 0x%08" PFMT32x "\n", obj->triage64_header->DebuggerDataSize);
78  rbin->cb_printf(" DataBlocksOffset : 0x%08" PFMT32x "\n", obj->triage64_header->DataBlocksOffset);
79  rbin->cb_printf(" DataBlocksCount : 0x%08" PFMT32x "\n", obj->triage64_header->DataBlocksCount);
80  }
81 }
PFMT32x
#define PFMT32x
Definition: analysis_ppc_cs.c:28
rz_read_le32
static ut32 rz_read_le32(const void *src)
Definition: rz_endian.h:239
rz_read_le64
static ut64 rz_read_le64(const void *src)
Definition: rz_endian.h:266
PFMT64x
#define PFMT64x
Definition: rz_types.h:393
dmp64_header::MachineImageType
ut32 MachineImageType
Definition: dmp_specs.h:98
dmp64_header::PsLoadedModuleList
ut64 PsLoadedModuleList
Definition: dmp_specs.h:96
dmp64_header::SuiteMask
ut32 SuiteMask
Definition: dmp_specs.h:123
dmp64_header::BugCheckParameter4
ut64 BugCheckParameter4
Definition: dmp_specs.h:105
dmp64_header::BugCheckParameter3
ut64 BugCheckParameter3
Definition: dmp_specs.h:104
dmp64_header::PfnDataBase
ut64 PfnDataBase
Definition: dmp_specs.h:95
dmp64_header::MajorVersion
ut32 MajorVersion
Definition: dmp_specs.h:92
dmp64_header::ProductType
ut32 ProductType
Definition: dmp_specs.h:122
dmp64_header::MinorVersion
ut32 MinorVersion
Definition: dmp_specs.h:93
dmp64_header::KdDebuggerDataBlock
ut64 KdDebuggerDataBlock
Definition: dmp_specs.h:107
dmp64_header::DirectoryTableBase
ut64 DirectoryTableBase
Definition: dmp_specs.h:94
dmp64_header::NumberProcessors
ut32 NumberProcessors
Definition: dmp_specs.h:99
dmp64_header::PsActiveProcessHead
ut64 PsActiveProcessHead
Definition: dmp_specs.h:97
dmp64_header::BugCheckParameter1
ut64 BugCheckParameter1
Definition: dmp_specs.h:102
dmp64_header::BugCheckParameter2
ut64 BugCheckParameter2
Definition: dmp_specs.h:103
dmp64_header::SecondaryDataState
ut32 SecondaryDataState
Definition: dmp_specs.h:121
dmp64_triage::ThreadOffset
ut32 ThreadOffset
Definition: dmp_specs.h:180
dmp64_triage::ArchitectureSpecific
union dmp64_triage::@133 ArchitectureSpecific
dmp64_triage::SizeOfDump
ut32 SizeOfDump
Definition: dmp_specs.h:172
dmp64_triage::ProcessOffset
ut32 ProcessOffset
Definition: dmp_specs.h:179
dmp64_triage::PrcbOffset
ut32 PrcbOffset
Definition: dmp_specs.h:178
dmp64_triage::DataPageAddress
ut64 DataPageAddress
Definition: dmp_specs.h:197
dmp64_triage::SizeOfCallStack
ut32 SizeOfCallStack
Definition: dmp_specs.h:182
dmp64_triage::StringPoolSize
ut32 StringPoolSize
Definition: dmp_specs.h:186
dmp64_triage::ContextOffset
ut32 ContextOffset
Definition: dmp_specs.h:174
dmp64_triage::DebuggerDataOffset
ut32 DebuggerDataOffset
Definition: dmp_specs.h:200
dmp64_triage::TopOfStack
ut64 TopOfStack
Definition: dmp_specs.h:189
dmp64_triage::BrokenDriverOffset
ut32 BrokenDriverOffset
Definition: dmp_specs.h:187
dmp64_triage::StringPoolOffset
ut32 StringPoolOffset
Definition: dmp_specs.h:185
dmp64_triage::CallStackOffset
ut32 CallStackOffset
Definition: dmp_specs.h:181
dmp64_triage::TriageOptions
ut32 TriageOptions
Definition: dmp_specs.h:188
dmp64_triage::DataPageSize
ut32 DataPageSize
Definition: dmp_specs.h:199
dmp64_triage::DebuggerDataSize
ut32 DebuggerDataSize
Definition: dmp_specs.h:201
dmp64_triage::DriverCount
ut32 DriverCount
Definition: dmp_specs.h:184
dmp64_triage::DataBlocksCount
ut32 DataBlocksCount
Definition: dmp_specs.h:203
dmp64_triage::DataPageOffset
ut32 DataPageOffset
Definition: dmp_specs.h:198
dmp64_triage::ExceptionOffset
ut32 ExceptionOffset
Definition: dmp_specs.h:175
dmp64_triage::ValidOffset
ut32 ValidOffset
Definition: dmp_specs.h:173
dmp64_triage::DriverListOffset
ut32 DriverListOffset
Definition: dmp_specs.h:183
dmp64_triage::UnloadedDriversOffset
ut32 UnloadedDriversOffset
Definition: dmp_specs.h:177
dmp64_triage::DataBlocksOffset
ut32 DataBlocksOffset
Definition: dmp_specs.h:202
dmp64_triage::MmOffset
ut32 MmOffset
Definition: dmp_specs.h:176
dmp64_triage::ServicePackBuild
ut32 ServicePackBuild
Definition: dmp_specs.h:171
dmp_bmp_header::FirstPage
ut64 FirstPage
Definition: dmp_specs.h:135
dmp_bmp_header::TotalPresentPages
ut64 TotalPresentPages
Definition: dmp_specs.h:136
dmp_bmp_header::Pages
ut64 Pages
Definition: dmp_specs.h:137
rz_bin_file_t::rbin
struct rz_bin_t * rbin
Definition: rz_bin.h:316
rz_bin_t
Definition: rz_bin.h:328
rz_bin_t::cb_printf
PrintfCallback cb_printf
Definition: rz_bin.h:345

References dmp64_triage::ArchitectureSpecific, rz_bin_object_t::bin_obj, rz_bin_dmp64_obj_t::bmp_header, dmp64_triage::BrokenDriverOffset, dmp64_header::BugCheckCode, dmp64_header::BugCheckParameter1, dmp64_header::BugCheckParameter2, dmp64_header::BugCheckParameter3, dmp64_header::BugCheckParameter4, dmp64_triage::CallStackOffset, rz_bin_t::cb_printf, dmp64_triage::ContextOffset, dmp64_triage::DataBlocksCount, dmp64_triage::DataBlocksOffset, dmp64_triage::DataPageAddress, dmp64_triage::DataPageOffset, dmp64_triage::DataPageSize, dmp64_triage::DebuggerDataOffset, dmp64_triage::DebuggerDataSize, dmp64_header::DirectoryTableBase, dmp64_triage::DriverCount, dmp64_triage::DriverListOffset, dmp64_triage::ExceptionOffset, dmp_bmp_header::FirstPage, rz_bin_dmp64_obj_t::header, dmp64_triage::Ia64, dmp64_header::KdDebuggerDataBlock, dmp64_header::MachineImageType, dmp64_header::MajorVersion, dmp64_header::MinorVersion, dmp64_triage::MmOffset, dmp64_header::NumberProcessors, rz_bin_file_t::o, dmp_bmp_header::Pages, PFMT32x, PFMT64x, dmp64_header::PfnDataBase, dmp64_triage::PrcbOffset, dmp64_triage::ProcessOffset, dmp64_header::ProductType, dmp64_header::PsActiveProcessHead, dmp64_header::PsLoadedModuleList, rz_bin_file_t::rbin, rz_bin_dmp64_bugcheckcode_as_str(), rz_read_le32(), rz_read_le64(), dmp64_header::SecondaryDataState, dmp64_triage::ServicePackBuild, dmp64_triage::SizeOfCallStack, dmp64_triage::SizeOfDump, dmp64_triage::StringPoolOffset, dmp64_triage::StringPoolSize, dmp64_header::SuiteMask, dmp64_triage::ThreadOffset, dmp64_triage::TopOfStack, dmp_bmp_header::TotalPresentPages, rz_bin_dmp64_obj_t::triage64_header, dmp64_triage::TriageOptions, dmp64_triage::UnloadedDriversOffset, and dmp64_triage::ValidOffset.

Referenced by fields().

◆ info()

static RzBinInfo* info ( RzBinFile bf)
static

Definition at line 151 of file bin_dmp64.c.

151  {
152  RzBinInfo *ret;
153  if (!(ret = RZ_NEW0(RzBinInfo))) {
154  return NULL;
155  }
156  struct rz_bin_dmp64_obj_t *obj = (struct rz_bin_dmp64_obj_t *)bf->o->bin_obj;
157 
158  ret->arch = obj->header->MachineImageType == 0xaa64 ? strdup("arm") : strdup("x86");
159  ret->bits = 64;
160  ret->machine = obj->header->MachineImageType == 0xaa64 ? strdup("ARM64") : strdup("AMD64");
161  ret->rclass = strdup("dmp64");
162  ret->type = strdup("Windows Crash Dump");
163  ret->has_va = true;
164 
165  switch (obj->header->ProductType) {
166  case MDMP_VER_NT_WORKSTATION:
167  ret->os = rz_str_newf("Windows NT Workstation %d.%d",
168  obj->header->MajorVersion,
169  obj->header->MinorVersion);
170  break;
171  case MDMP_VER_NT_DOMAIN_CONTROLLER:
172  ret->os = rz_str_newf("Windows NT Server Domain Controller %d.%d",
173  obj->header->MajorVersion,
174  obj->header->MinorVersion);
175  break;
176  case MDMP_VER_NT_SERVER:
177  ret->os = rz_str_newf("Windows NT Server %d.%d",
178  obj->header->MajorVersion,
179  obj->header->MinorVersion);
180  break;
181  default:
182  ret->os = strdup("Unknown");
183  }
184 
185  return ret;
186 }
strdup
return strdup("=SP r13\n" "=LR r14\n" "=PC r15\n" "=A0 r0\n" "=A1 r1\n" "=A2 r2\n" "=A3 r3\n" "=ZF zf\n" "=SF nf\n" "=OF vf\n" "=CF cf\n" "=SN or0\n" "gpr lr .32 56 0\n" "gpr pc .32 60 0\n" "gpr cpsr .32 64 0 ____tfiae_________________qvczn\n" "gpr or0 .32 68 0\n" "gpr tf .1 64.5 0 thumb\n" "gpr ef .1 64.9 0 endian\n" "gpr jf .1 64.24 0 java\n" "gpr qf .1 64.27 0 sticky_overflow\n" "gpr vf .1 64.28 0 overflow\n" "gpr cf .1 64.29 0 carry\n" "gpr zf .1 64.30 0 zero\n" "gpr nf .1 64.31 0 negative\n" "gpr itc .4 64.10 0 if_then_count\n" "gpr gef .4 64.16 0 great_or_equal\n" "gpr r0 .32 0 0\n" "gpr r1 .32 4 0\n" "gpr r2 .32 8 0\n" "gpr r3 .32 12 0\n" "gpr r4 .32 16 0\n" "gpr r5 .32 20 0\n" "gpr r6 .32 24 0\n" "gpr r7 .32 28 0\n" "gpr r8 .32 32 0\n" "gpr r9 .32 36 0\n" "gpr r10 .32 40 0\n" "gpr r11 .32 44 0\n" "gpr r12 .32 48 0\n" "gpr r13 .32 52 0\n" "gpr r14 .32 56 0\n" "gpr r15 .32 60 0\n" "gpr r16 .32 64 0\n" "gpr r17 .32 68 0\n")
MDMP_VER_NT_WORKSTATION
#define MDMP_VER_NT_WORKSTATION
Definition: mdmp_specs.h:26
MDMP_VER_NT_SERVER
#define MDMP_VER_NT_SERVER
Definition: mdmp_specs.h:28
MDMP_VER_NT_DOMAIN_CONTROLLER
#define MDMP_VER_NT_DOMAIN_CONTROLLER
Definition: mdmp_specs.h:27
rz_str_newf
RZ_API char * rz_str_newf(const char *fmt,...) RZ_PRINTF_CHECK(1
RZ_NEW0
#define RZ_NEW0(x)
Definition: rz_types.h:284
rz_bin_info_t
Definition: rz_bin.h:209
rz_bin_info_t::has_va
int has_va
Definition: rz_bin.h:228
rz_bin_info_t::type
char * type
Definition: rz_bin.h:211
rz_bin_info_t::bits
int bits
Definition: rz_bin.h:227
rz_bin_info_t::os
char * os
Definition: rz_bin.h:219
rz_bin_info_t::machine
char * machine
Definition: rz_bin.h:216
rz_bin_info_t::rclass
char * rclass
Definition: rz_bin.h:213
rz_bin_info_t::arch
char * arch
Definition: rz_bin.h:214

References rz_bin_info_t::arch, rz_bin_object_t::bin_obj, rz_bin_info_t::bits, rz_bin_info_t::has_va, rz_bin_dmp64_obj_t::header, rz_bin_info_t::machine, dmp64_header::MachineImageType, dmp64_header::MajorVersion, MDMP_VER_NT_DOMAIN_CONTROLLER, MDMP_VER_NT_SERVER, MDMP_VER_NT_WORKSTATION, dmp64_header::MinorVersion, NULL, rz_bin_file_t::o, rz_bin_info_t::os, dmp64_header::ProductType, rz_bin_info_t::rclass, RZ_NEW0, rz_str_newf(), strdup(), and rz_bin_info_t::type.

◆ libs()

static RzList* libs ( RzBinFile bf)
static

Definition at line 230 of file bin_dmp64.c.

230  {
231  struct rz_bin_dmp64_obj_t *obj = (struct rz_bin_dmp64_obj_t *)bf->o->bin_obj;
232  if (!obj->drivers) {
233  return NULL;
234  }
235  RzList *ret = rz_list_newf(free);
236  RzListIter *it;
237  dmp_driver_desc *driver;
238  rz_list_foreach (obj->drivers, it, driver) {
239  char *file = strdup(driver->file);
240  if (!file) {
241  break;
242  }
243  rz_list_append(ret, file);
244  }
245  return ret;
246 }
free
RZ_API void Ht_() free(HtName_(Ht) *ht)
Definition: ht_inc.c:130
rz_list_append
RZ_API RZ_BORROW RzListIter * rz_list_append(RZ_NONNULL RzList *list, void *data)
Appends at the end of the list a new element.
Definition: list.c:288
dmp_driver_desc
Definition: dmp64.h:17
dmp_driver_desc::file
char * file
Definition: dmp64.h:18
file
Definition: gzappend.c:170
rz_bin_dmp64_obj_t::drivers
RzList * drivers
Definition: dmp64.h:34
rz_list_iter_t
Definition: rz_list.h:13
if
if(dbg->bits==RZ_SYS_BITS_64)
Definition: windows-arm64.h:4

References rz_bin_object_t::bin_obj, rz_bin_dmp64_obj_t::drivers, dmp_driver_desc::file, free(), if(), NULL, rz_bin_file_t::o, rz_list_append(), rz_list_newf(), and strdup().

◆ load_buffer()

static bool load_buffer ( RzBinFile bf,
RzBinObject obj,
RzBuffer buf,
Sdb sdb 
)
static

Definition at line 257 of file bin_dmp64.c.

257  {
258  rz_return_val_if_fail(buf, false);
259  struct rz_bin_dmp64_obj_t *res = rz_bin_dmp64_new_buf(buf);
260  if (res) {
261  sdb_ns_set(sdb, "info", res->kv);
262  obj->bin_obj = res;
263  return true;
264  }
265  return false;
266 }
rz_bin_dmp64_new_buf
struct rz_bin_dmp64_obj_t * rz_bin_dmp64_new_buf(RzBuffer *buf)
Definition: dmp64.c:328
buf
voidpf void * buf
Definition: ioapi.h:138
sdb_ns_set
RZ_API int sdb_ns_set(Sdb *s, const char *name, Sdb *r)
Definition: ns.c:156

References rz_bin_object_t::bin_obj, rz_bin_dmp64_obj_t::kv, rz_bin_dmp64_new_buf(), rz_return_val_if_fail, and sdb_ns_set().

◆ maps()

static RzList* maps ( RzBinFile bf)
static

Definition at line 188 of file bin_dmp64.c.

188  {
189  dmp_page_desc *page;
190  dmp64_triage_datablock *datablock;
191  RzList *ret;
192  RzListIter *it;
193  struct rz_bin_dmp64_obj_t *obj = (struct rz_bin_dmp64_obj_t *)bf->o->bin_obj;
194 
195  if (!(ret = rz_list_newf((RzListFree)rz_bin_map_free))) {
196  return NULL;
197  }
198 
199  rz_list_foreach (obj->pages, it, page) {
200  RzBinMap *map = RZ_NEW0(RzBinMap);
201  if (!map) {
202  return ret;
203  }
204  map->name = rz_str_newf("page.0x%" PFMT64x, page->start);
205  map->paddr = page->file_offset;
206  map->psize = page->size;
207  map->vaddr = page->start;
208  map->vsize = page->size;
209  map->perm = RZ_PERM_R;
210  rz_list_append(ret, map);
211  }
212 
213  rz_list_foreach (obj->datablocks, it, datablock) {
214  RzBinMap *map = RZ_NEW0(RzBinMap);
215  if (!map) {
216  return ret;
217  }
218  map->name = rz_str_newf("kernel.0x%" PFMT64x, datablock->virtualAddress);
219  map->paddr = datablock->offset;
220  map->psize = datablock->size;
221  map->vaddr = datablock->virtualAddress;
222  map->vsize = datablock->size;
223  map->perm = RZ_PERM_R;
224  rz_list_append(ret, map);
225  }
226 
227  return ret;
228 }
rz_bin_map_free
RZ_API void rz_bin_map_free(RzBinMap *map)
Definition: bin.c:1023
map
size_t map(int syms, int left, int len)
Definition: enough.c:237
RZ_PERM_R
#define RZ_PERM_R
Definition: rz_types.h:93
dmp64_triage_datablock
Definition: dmp_specs.h:206
dmp64_triage_datablock::virtualAddress
ut64 virtualAddress
Definition: dmp_specs.h:207
dmp64_triage_datablock::offset
ut32 offset
Definition: dmp_specs.h:208
dmp64_triage_datablock::size
ut32 size
Definition: dmp_specs.h:209
dmp_page_desc
Definition: dmp64.h:11
dmp_page_desc::size
ut64 size
Definition: dmp64.h:14
dmp_page_desc::file_offset
ut64 file_offset
Definition: dmp64.h:13
dmp_page_desc::start
ut64 start
Definition: dmp64.h:12
rz_bin_dmp64_obj_t::pages
RzList * pages
Definition: dmp64.h:32
rz_bin_dmp64_obj_t::datablocks
RzList * datablocks
Definition: dmp64.h:33
rz_bin_map_t
Description of a single memory mapping into virtual memory from a binary.
Definition: rz_bin.h:602

References rz_bin_object_t::bin_obj, rz_bin_dmp64_obj_t::datablocks, dmp_page_desc::file_offset, if(), map(), NULL, rz_bin_file_t::o, dmp64_triage_datablock::offset, rz_bin_dmp64_obj_t::pages, PFMT64x, rz_bin_map_free(), rz_list_append(), rz_list_newf(), RZ_NEW0, RZ_PERM_R, rz_str_newf(), dmp_page_desc::size, dmp64_triage_datablock::size, dmp_page_desc::start, and dmp64_triage_datablock::virtualAddress.

◆ regstate()

static char* regstate ( RzBinFile bf)
static

Definition at line 252 of file bin_dmp64.c.

252  {
253  struct rz_bin_dmp64_obj_t *dmp64 = bf->o->bin_obj;
254  return rz_hex_bin2strdup(dmp64->header->ContextRecord, sizeof(dmp64->header->ContextRecord));
255 }
rz_hex_bin2strdup
RZ_API char * rz_hex_bin2strdup(const ut8 *in, int len)
Definition: hex.c:415
dmp64_header::ContextRecord
ut8 ContextRecord[DMP_CONTEXT_RECORD_SIZE_64]
Definition: dmp_specs.h:112

References rz_bin_object_t::bin_obj, dmp64_header::ContextRecord, rz_bin_dmp64_obj_t::header, rz_bin_file_t::o, and rz_hex_bin2strdup().

◆ strings()

static RzList* strings ( RzBinFile bf)
static

Definition at line 83 of file bin_dmp64.c.

83  {
84  return rz_bin_file_strings(bf, 4, false);
85 }
rz_bin_file_strings
RZ_API RZ_OWN RzList * rz_bin_file_strings(RZ_NONNULL RzBinFile *bf, size_t min_length, bool raw_strings)
Generates a RzList struct containing RzBinString from a given RzBinFile.
Definition: bfile_string.c:325

References rz_bin_file_strings().

Variable Documentation

◆ rizin_plugin

RZ_API RzLibStruct rizin_plugin
Initial value:
= {
.type = RZ_LIB_TYPE_BIN,
.data = &rz_bin_plugin_dmp64,
.version = RZ_VERSION
}
rz_bin_plugin_dmp64
RzBinPlugin rz_bin_plugin_dmp64
Definition: bin_dmp64.c:276
RZ_LIB_TYPE_BIN
@ RZ_LIB_TYPE_BIN
Definition: rz_lib.h:75
RZ_VERSION
#define RZ_VERSION
Definition: rz_version.h:8
rz_bin_plugin_t::version
char * version
Definition: rz_bin.h:512

Definition at line 295 of file bin_dmp64.c.

◆ rz_bin_plugin_dmp64

RzBinPlugin rz_bin_plugin_dmp64
Initial value:
= {
.name = "dmp64",
.desc = "Windows Crash Dump x64 rz_bin plugin",
.license = "LGPL3",
.destroy = &destroy,
.get_sdb = &get_sdb,
.header = &header,
.strings = &strings,
.info = &info,
.load_buffer = &load_buffer,
.check_buffer = &check_buffer,
.maps = &maps,
.libs = &libs,
.regstate = &regstate,
.file_type = &file_type,
.fields = &fields
}
get_sdb
static Sdb * get_sdb(RzBinFile *bf)
Definition: bin_dmp64.c:12
load_buffer
static bool load_buffer(RzBinFile *bf, RzBinObject *obj, RzBuffer *buf, Sdb *sdb)
Definition: bin_dmp64.c:257
libs
static RzList * libs(RzBinFile *bf)
Definition: bin_dmp64.c:230
strings
static RzList * strings(RzBinFile *bf)
Definition: bin_dmp64.c:83
destroy
static void destroy(RzBinFile *bf)
Definition: bin_dmp64.c:18
check_buffer
static bool check_buffer(RzBuffer *b)
Definition: bin_dmp64.c:268
info
static RzBinInfo * info(RzBinFile *bf)
Definition: bin_dmp64.c:151
regstate
static char * regstate(RzBinFile *bf)
Definition: bin_dmp64.c:252
maps
static RzList * maps(RzBinFile *bf)
Definition: bin_dmp64.c:188
file_type
static int file_type(RzBinFile *bf)
Definition: bin_dmp64.c:248

Definition at line 276 of file bin_dmp64.c.