Rizin
unix-like reverse engineering framework and cli tools
Functions | Variables
bin_mdmp.c File Reference
#include <rz_types.h>
#include <rz_util.h>
#include <rz_util/rz_print.h>
#include <rz_lib.h>
#include <rz_bin.h>
#include "mdmp/mdmp.h"

Go to the source code of this file.

Functions

static Sdbget_sdb (RzBinFile *bf)
 
static void destroy (RzBinFile *bf)
 
static RzListentries (RzBinFile *bf)
 
static RzBinInfoinfo (RzBinFile *bf)
 
static RzListlibs (RzBinFile *bf)
 
static bool load_buffer (RzBinFile *bf, RzBinObject *obj, RzBuffer *buf, Sdb *sdb)
 
static RzListmaps (RzBinFile *bf)
 
static RzListsections (RzBinFile *bf)
 
static RzListmem (RzBinFile *bf)
 
static RzListrelocs (RzBinFile *bf)
 
static RzListimports (RzBinFile *bf)
 
static RzListsymbols (RzBinFile *bf)
 
static bool check_buffer (RzBuffer *b)
 
static RzListstrings (RzBinFile *bf)
 

Variables

RzBinPlugin rz_bin_plugin_mdmp
 
RZ_API RzLibStruct rizin_plugin
 

Function Documentation

◆ check_buffer()

static bool check_buffer ( RzBuffer b)
static

Definition at line 455 of file bin_mdmp.c.

455  {
456  ut8 magic[6];
457  if (rz_buf_read_at(b, 0, magic, sizeof(magic)) == 6) {
458  return !memcmp(magic, MDMP_MAGIC, 6);
459  }
460  return false;
461 }
ut8
uint8_t ut8
Definition: lh5801.h:11
MDMP_MAGIC
#define MDMP_MAGIC
Definition: mdmp_specs.h:47
rz_buf_read_at
RZ_API st64 rz_buf_read_at(RZ_NONNULL RzBuffer *b, ut64 addr, RZ_NONNULL RZ_OUT ut8 *buf, ut64 len)
Read len bytes of the buffer at the specified address.
Definition: buf.c:1136
b
#define b(i)
Definition: sha256.c:42

References b, MDMP_MAGIC, and rz_buf_read_at().

◆ destroy()

static void destroy ( RzBinFile bf)
static

Definition at line 19 of file bin_mdmp.c.

19  {
20  rz_bin_mdmp_free((struct rz_bin_mdmp_obj *)bf->o->bin_obj);
21 }
rz_bin_mdmp_free
void rz_bin_mdmp_free(struct rz_bin_mdmp_obj *obj)
Definition: mdmp.c:97
rz_bin_file_t::o
RzBinObject * o
Definition: rz_bin.h:305
rz_bin_mdmp_obj
Definition: mdmp.h:17
rz_bin_object_t::bin_obj
void * bin_obj
Definition: rz_bin.h:293

References rz_bin_object_t::bin_obj, rz_bin_file_t::o, and rz_bin_mdmp_free().

◆ entries()

static RzList* entries ( RzBinFile bf)
static

Definition at line 23 of file bin_mdmp.c.

23  {
24  struct rz_bin_mdmp_obj *obj;
25  struct Pe32_rz_bin_mdmp_pe_bin *pe32_bin;
26  struct Pe64_rz_bin_mdmp_pe_bin *pe64_bin;
27  RzListIter *it;
28  RzList *ret, *list;
29 
30  if (!(ret = rz_list_newf(free))) {
31  return NULL;
32  }
33 
34  obj = (struct rz_bin_mdmp_obj *)bf->o->bin_obj;
35 
36  rz_list_foreach (obj->pe32_bins, it, pe32_bin) {
37  list = Pe32_rz_bin_mdmp_pe_get_entrypoint(pe32_bin);
38  rz_list_join(ret, list);
39  rz_list_free(list);
40  }
41  rz_list_foreach (obj->pe64_bins, it, pe64_bin) {
42  list = Pe64_rz_bin_mdmp_pe_get_entrypoint(pe64_bin);
43  rz_list_join(ret, list);
44  rz_list_free(list);
45  }
46 
47  return ret;
48 }
NULL
#define NULL
Definition: cris-opc.c:27
free
RZ_API void Ht_() free(HtName_(Ht) *ht)
Definition: ht_inc.c:130
list
static void list(RzEgg *egg)
Definition: rz-gg.c:52
rz_list_newf
RZ_API RZ_OWN RzList * rz_list_newf(RzListFree f)
Returns a new initialized RzList pointer and sets the free method.
Definition: list.c:248
rz_list_join
RZ_API bool rz_list_join(RZ_NONNULL RzList *list1, RZ_NONNULL RzList *list2)
Joins 2 list into one (list2 pointer needs to be freed by the user)
Definition: list.c:209
rz_list_free
RZ_API void rz_list_free(RZ_NONNULL RzList *list)
Empties the list and frees the list pointer.
Definition: list.c:137
rz_bin_mdmp_obj::pe32_bins
RzList * pe32_bins
Definition: mdmp.h:52
rz_bin_mdmp_obj::pe64_bins
RzList * pe64_bins
Definition: mdmp.h:53
rz_list_iter_t
Definition: rz_list.h:13
rz_list_t
Definition: rz_list.h:18

References rz_bin_object_t::bin_obj, free(), list(), NULL, rz_bin_file_t::o, rz_bin_mdmp_obj::pe32_bins, rz_bin_mdmp_obj::pe64_bins, rz_list_free(), rz_list_join(), and rz_list_newf().

◆ get_sdb()

static Sdb* get_sdb ( RzBinFile bf)
static

Definition at line 13 of file bin_mdmp.c.

13  {
14  rz_return_val_if_fail(bf && bf->o, NULL);
15  struct rz_bin_mdmp_obj *obj = (struct rz_bin_mdmp_obj *)bf->o->bin_obj;
16  return (obj && obj->kv) ? obj->kv : NULL;
17 }
rz_return_val_if_fail
#define rz_return_val_if_fail(expr, val)
Definition: rz_assert.h:108
rz_bin_mdmp_obj::kv
Sdb * kv
Definition: mdmp.h:58

References rz_bin_object_t::bin_obj, rz_bin_mdmp_obj::kv, NULL, rz_bin_file_t::o, and rz_return_val_if_fail.

◆ imports()

static RzList* imports ( RzBinFile bf)
static

Definition at line 398 of file bin_mdmp.c.

398  {
399  struct rz_bin_mdmp_obj *obj;
400  struct Pe32_rz_bin_mdmp_pe_bin *pe32_bin;
401  struct Pe64_rz_bin_mdmp_pe_bin *pe64_bin;
402  RzList *list;
403  RzListIter *it;
404 
405  RzList *ret = rz_list_newf((RzListFree)rz_bin_import_free);
406  if (!ret) {
407  return NULL;
408  }
409 
410  obj = (struct rz_bin_mdmp_obj *)bf->o->bin_obj;
411 
412  rz_list_foreach (obj->pe32_bins, it, pe32_bin) {
413  list = Pe32_rz_bin_mdmp_pe_get_imports(pe32_bin);
414  if (list) {
415  rz_list_join(ret, list);
416  rz_list_free(list);
417  }
418  }
419  rz_list_foreach (obj->pe64_bins, it, pe64_bin) {
420  list = Pe64_rz_bin_mdmp_pe_get_imports(pe64_bin);
421  if (list) {
422  rz_list_join(ret, list);
423  rz_list_free(list);
424  }
425  }
426  return ret;
427 }
rz_bin_import_free
RZ_API void rz_bin_import_free(RzBinImport *imp)
Definition: bin.c:137
RzListFree
void(* RzListFree)(void *ptr)
Definition: rz_list.h:11

References rz_bin_object_t::bin_obj, list(), NULL, rz_bin_file_t::o, rz_bin_mdmp_obj::pe32_bins, rz_bin_mdmp_obj::pe64_bins, rz_bin_import_free(), rz_list_free(), rz_list_join(), and rz_list_newf().

◆ info()

static RzBinInfo* info ( RzBinFile bf)
static

Definition at line 50 of file bin_mdmp.c.

50  {
51  struct rz_bin_mdmp_obj *obj;
52  RzBinInfo *ret;
53 
54  if (!(ret = RZ_NEW0(RzBinInfo))) {
55  return NULL;
56  }
57 
58  obj = (struct rz_bin_mdmp_obj *)bf->o->bin_obj;
59 
60  ret->big_endian = obj->endian;
61  ret->claimed_checksum = strdup(sdb_fmt("0x%08x", obj->hdr->check_sum)); // FIXME: Leaks
62  ret->file = bf->file ? strdup(bf->file) : NULL;
63  ret->has_va = true;
64  ret->rclass = strdup("mdmp");
65  ret->rpath = strdup("NONE");
66  ret->type = strdup("MDMP (MiniDump crash report data)");
67 
68  sdb_set(bf->sdb, "mdmp.flags", sdb_fmt("0x%08" PFMT64x, obj->hdr->flags), 0);
69  sdb_num_set(bf->sdb, "mdmp.streams", obj->hdr->number_of_streams, 0);
70 
71  if (obj->streams.system_info) {
72  switch (obj->streams.system_info->processor_architecture) {
73  case MDMP_PROCESSOR_ARCHITECTURE_INTEL:
74  ret->machine = strdup("i386");
75  ret->arch = strdup("x86");
76  ret->bits = 32;
77  break;
78  case MDMP_PROCESSOR_ARCHITECTURE_ARM:
79  ret->machine = strdup("ARM");
80  ret->big_endian = false;
81  break;
82  case MDMP_PROCESSOR_ARCHITECTURE_IA64:
83  ret->machine = strdup("IA64");
84  ret->arch = strdup("IA64");
85  ret->bits = 64;
86  break;
87  case MDMP_PROCESSOR_ARCHITECTURE_AMD64:
88  ret->machine = strdup("AMD64");
89  ret->arch = strdup("x86");
90  ret->bits = 64;
91  break;
92  default:
93  ret->machine = strdup("Unknown");
94  break;
95  }
96 
97  switch (obj->streams.system_info->product_type) {
98  case MDMP_VER_NT_WORKSTATION:
99  ret->os = rz_str_newf("Windows NT Workstation %d.%d.%d",
100  obj->streams.system_info->major_version,
101  obj->streams.system_info->minor_version,
102  obj->streams.system_info->build_number);
103  break;
104  case MDMP_VER_NT_DOMAIN_CONTROLLER:
105  ret->os = rz_str_newf("Windows NT Server Domain Controller %d.%d.%d",
106  obj->streams.system_info->major_version,
107  obj->streams.system_info->minor_version,
108  obj->streams.system_info->build_number);
109  break;
110  case MDMP_VER_NT_SERVER:
111  ret->os = rz_str_newf("Windows NT Server %d.%d.%d",
112  obj->streams.system_info->major_version,
113  obj->streams.system_info->minor_version,
114  obj->streams.system_info->build_number);
115  break;
116  default:
117  ret->os = strdup("Unknown");
118  }
119  }
120 
121  return ret;
122 }
sdb_fmt
RZ_API char * sdb_fmt(const char *fmt,...)
Definition: fmt.c:26
strdup
return strdup("=SP r13\n" "=LR r14\n" "=PC r15\n" "=A0 r0\n" "=A1 r1\n" "=A2 r2\n" "=A3 r3\n" "=ZF zf\n" "=SF nf\n" "=OF vf\n" "=CF cf\n" "=SN or0\n" "gpr lr .32 56 0\n" "gpr pc .32 60 0\n" "gpr cpsr .32 64 0 ____tfiae_________________qvczn\n" "gpr or0 .32 68 0\n" "gpr tf .1 64.5 0 thumb\n" "gpr ef .1 64.9 0 endian\n" "gpr jf .1 64.24 0 java\n" "gpr qf .1 64.27 0 sticky_overflow\n" "gpr vf .1 64.28 0 overflow\n" "gpr cf .1 64.29 0 carry\n" "gpr zf .1 64.30 0 zero\n" "gpr nf .1 64.31 0 negative\n" "gpr itc .4 64.10 0 if_then_count\n" "gpr gef .4 64.16 0 great_or_equal\n" "gpr r0 .32 0 0\n" "gpr r1 .32 4 0\n" "gpr r2 .32 8 0\n" "gpr r3 .32 12 0\n" "gpr r4 .32 16 0\n" "gpr r5 .32 20 0\n" "gpr r6 .32 24 0\n" "gpr r7 .32 28 0\n" "gpr r8 .32 32 0\n" "gpr r9 .32 36 0\n" "gpr r10 .32 40 0\n" "gpr r11 .32 44 0\n" "gpr r12 .32 48 0\n" "gpr r13 .32 52 0\n" "gpr r14 .32 56 0\n" "gpr r15 .32 60 0\n" "gpr r16 .32 64 0\n" "gpr r17 .32 68 0\n")
MDMP_PROCESSOR_ARCHITECTURE_AMD64
#define MDMP_PROCESSOR_ARCHITECTURE_AMD64
Definition: mdmp_specs.h:23
MDMP_PROCESSOR_ARCHITECTURE_ARM
#define MDMP_PROCESSOR_ARCHITECTURE_ARM
Definition: mdmp_specs.h:21
MDMP_PROCESSOR_ARCHITECTURE_IA64
#define MDMP_PROCESSOR_ARCHITECTURE_IA64
Definition: mdmp_specs.h:22
MDMP_VER_NT_WORKSTATION
#define MDMP_VER_NT_WORKSTATION
Definition: mdmp_specs.h:26
MDMP_VER_NT_SERVER
#define MDMP_VER_NT_SERVER
Definition: mdmp_specs.h:28
MDMP_VER_NT_DOMAIN_CONTROLLER
#define MDMP_VER_NT_DOMAIN_CONTROLLER
Definition: mdmp_specs.h:27
MDMP_PROCESSOR_ARCHITECTURE_INTEL
#define MDMP_PROCESSOR_ARCHITECTURE_INTEL
Definition: mdmp_specs.h:20
sdb_num_set
RZ_API int sdb_num_set(Sdb *s, const char *key, ut64 v, ut32 cas)
Definition: num.c:25
rz_str_newf
RZ_API char * rz_str_newf(const char *fmt,...) RZ_PRINTF_CHECK(1
RZ_NEW0
#define RZ_NEW0(x)
Definition: rz_types.h:284
PFMT64x
#define PFMT64x
Definition: rz_types.h:393
sdb_set
RZ_API int sdb_set(Sdb *s, const char *key, const char *val, ut32 cas)
Definition: sdb.c:611
rz_bin_file_t::sdb
RZ_DEPRECATE Sdb * sdb
deprecated, put info in C structures instead of this
Definition: rz_bin.h:315
rz_bin_file_t::file
char * file
Definition: rz_bin.h:299
rz_bin_info_t
Definition: rz_bin.h:209
rz_bin_info_t::has_va
int has_va
Definition: rz_bin.h:228
rz_bin_info_t::claimed_checksum
char * claimed_checksum
Definition: rz_bin.h:237
rz_bin_info_t::type
char * type
Definition: rz_bin.h:211
rz_bin_info_t::bits
int bits
Definition: rz_bin.h:227
rz_bin_info_t::os
char * os
Definition: rz_bin.h:219
rz_bin_info_t::machine
char * machine
Definition: rz_bin.h:216
rz_bin_info_t::file
char * file
Definition: rz_bin.h:210
rz_bin_info_t::rpath
char * rpath
Definition: rz_bin.h:221
rz_bin_info_t::rclass
char * rclass
Definition: rz_bin.h:213
rz_bin_info_t::arch
char * arch
Definition: rz_bin.h:214
rz_bin_info_t::big_endian
int big_endian
Definition: rz_bin.h:235
rz_bin_mdmp_obj::minidump_streams::system_info
struct minidump_system_info * system_info
Definition: mdmp.h:28
rz_bin_mdmp_obj::endian
ut8 endian
Definition: mdmp.h:57
rz_bin_mdmp_obj::streams
struct rz_bin_mdmp_obj::minidump_streams streams
rz_bin_mdmp_obj::hdr
struct minidump_header * hdr
Definition: mdmp.h:18

References rz_bin_info_t::arch, rz_bin_info_t::big_endian, rz_bin_object_t::bin_obj, rz_bin_info_t::bits, rz_bin_info_t::claimed_checksum, rz_bin_mdmp_obj::endian, rz_bin_info_t::file, rz_bin_file_t::file, rz_bin_info_t::has_va, rz_bin_mdmp_obj::hdr, rz_bin_info_t::machine, MDMP_PROCESSOR_ARCHITECTURE_AMD64, MDMP_PROCESSOR_ARCHITECTURE_ARM, MDMP_PROCESSOR_ARCHITECTURE_IA64, MDMP_PROCESSOR_ARCHITECTURE_INTEL, MDMP_VER_NT_DOMAIN_CONTROLLER, MDMP_VER_NT_SERVER, MDMP_VER_NT_WORKSTATION, NULL, rz_bin_file_t::o, rz_bin_info_t::os, PFMT64x, rz_bin_info_t::rclass, rz_bin_info_t::rpath, RZ_NEW0, rz_str_newf(), rz_bin_file_t::sdb, sdb_fmt(), sdb_num_set(), sdb_set(), strdup(), rz_bin_mdmp_obj::streams, rz_bin_mdmp_obj::minidump_streams::system_info, and rz_bin_info_t::type.

◆ libs()

static RzList* libs ( RzBinFile bf)
static

Definition at line 124 of file bin_mdmp.c.

124  {
125  char *ptr = NULL;
126  int i;
127  struct rz_bin_mdmp_obj *obj;
128  struct rz_bin_pe_lib_t *libs = NULL;
129  struct Pe32_rz_bin_mdmp_pe_bin *pe32_bin;
130  struct Pe64_rz_bin_mdmp_pe_bin *pe64_bin;
131  RzList *ret = NULL;
132  RzListIter *it;
133 
134  if (!bf || !bf->o || !bf->o->bin_obj) {
135  return NULL;
136  }
137  if (!(ret = rz_list_newf(free))) {
138  return NULL;
139  }
140 
141  obj = (struct rz_bin_mdmp_obj *)bf->o->bin_obj;
142 
143  /* TODO: Resolve module name for lib, or filter to remove duplicates,
144  ** rather than the vaddr :) */
145  rz_list_foreach (obj->pe32_bins, it, pe32_bin) {
146  if (!(libs = Pe32_rz_bin_pe_get_libs(pe32_bin->bin))) {
147  return ret;
148  }
149  for (i = 0; !libs[i].last; i++) {
150  ptr = rz_str_newf("[0x%.08" PFMT64x "] - %s", pe32_bin->vaddr, libs[i].name);
151  rz_list_append(ret, ptr);
152  }
153  free(libs);
154  }
155  rz_list_foreach (obj->pe64_bins, it, pe64_bin) {
156  if (!(libs = Pe64_rz_bin_pe_get_libs(pe64_bin->bin))) {
157  return ret;
158  }
159  for (i = 0; !libs[i].last; i++) {
160  ptr = rz_str_newf("[0x%.08" PFMT64x "] - %s", pe64_bin->vaddr, libs[i].name);
161  rz_list_append(ret, ptr);
162  }
163  free(libs);
164  }
165  return ret;
166 }
i
lzma_index ** i
Definition: index.h:629
libs
static RzList * libs(RzBinFile *bf)
Definition: bin_mdmp.c:124
rz_list_append
RZ_API RZ_BORROW RzListIter * rz_list_append(RZ_NONNULL RzList *list, void *data)
Appends at the end of the list a new element.
Definition: list.c:288
rz_bin_pe_lib_t
Definition: pe.h:103

References rz_bin_object_t::bin_obj, free(), i, NULL, rz_bin_file_t::o, rz_bin_mdmp_obj::pe32_bins, rz_bin_mdmp_obj::pe64_bins, PFMT64x, rz_list_append(), rz_list_newf(), and rz_str_newf().

◆ load_buffer()

static bool load_buffer ( RzBinFile bf,
RzBinObject obj,
RzBuffer buf,
Sdb sdb 
)
static

Definition at line 168 of file bin_mdmp.c.

168  {
169  rz_return_val_if_fail(buf, false);
170  struct rz_bin_mdmp_obj *res = rz_bin_mdmp_new_buf(buf);
171  if (res) {
172  sdb_ns_set(sdb, "info", res->kv);
173  obj->bin_obj = res;
174  return true;
175  }
176  return false;
177 }
buf
voidpf void * buf
Definition: ioapi.h:138
rz_bin_mdmp_new_buf
struct rz_bin_mdmp_obj * rz_bin_mdmp_new_buf(RzBuffer *buf)
Definition: mdmp.c:1389
sdb_ns_set
RZ_API int sdb_ns_set(Sdb *s, const char *name, Sdb *r)
Definition: ns.c:156

References rz_bin_object_t::bin_obj, rz_bin_mdmp_obj::kv, rz_bin_mdmp_new_buf(), rz_return_val_if_fail, and sdb_ns_set().

◆ maps()

static RzList* maps ( RzBinFile bf)
static

Definition at line 179 of file bin_mdmp.c.

179  {
180  struct rz_bin_mdmp_obj *obj = (struct rz_bin_mdmp_obj *)bf->o->bin_obj;
181  RzList *ret = rz_list_newf((RzListFree)rz_bin_map_free);
182  if (!ret) {
183  return NULL;
184  }
185 
186  RzListIter *it;
187  struct minidump_memory_descriptor *memory;
188  rz_list_foreach (obj->streams.memories, it, memory) {
189  RzBinMap *map = RZ_NEW0(RzBinMap);
190  if (!map) {
191  return ret;
192  }
193  map->paddr = (memory->memory).rva;
194  map->psize = (memory->memory).data_size;
195  map->vaddr = memory->start_of_memory_range;
196  map->vsize = (memory->memory).data_size;
197  map->perm = rz_bin_mdmp_get_perm(obj, map->vaddr);
198  map->name = rz_str_newf("memory.0x%" PFMT64x, map->vaddr);
199  rz_list_append(ret, map);
200  }
201 
202  ut64 index = obj->streams.memories64.base_rva;
203  struct minidump_memory_descriptor64 *memory64;
204  rz_list_foreach (obj->streams.memories64.memories, it, memory64) {
205  RzBinMap *map = RZ_NEW0(RzBinMap);
206  if (!map) {
207  return ret;
208  }
209  map->paddr = index;
210  map->psize = memory64->data_size;
211  map->vaddr = memory64->start_of_memory_range;
212  map->vsize = memory64->data_size;
213  map->perm = rz_bin_mdmp_get_perm(obj, map->vaddr);
214  map->name = rz_str_newf("memory64.0x%" PFMT64x, map->vaddr);
215  rz_list_append(ret, map);
216  index += memory64->data_size;
217  }
218 
219  return ret;
220 }
rz_bin_map_free
RZ_API void rz_bin_map_free(RzBinMap *map)
Definition: bin.c:1023
rva
static ut64 rva(RzBinObject *o, ut64 paddr, ut64 vaddr, int va)
Definition: cbin.c:77
map
size_t map(int syms, int left, int len)
Definition: enough.c:237
rz_bin_mdmp_get_perm
ut32 rz_bin_mdmp_get_perm(struct rz_bin_mdmp_obj *obj, ut64 vaddr)
Definition: mdmp.c:47
rz_bin_map_t
Description of a single memory mapping into virtual memory from a binary.
Definition: rz_bin.h:602
rz_bin_mdmp_obj::minidump_streams::memories
RzList * memories
Definition: mdmp.h:37
rz_bin_mdmp_obj::minidump_streams::base_rva
rva64_t base_rva
Definition: mdmp.h:46
rz_bin_mdmp_obj::minidump_streams::memories64
struct rz_bin_mdmp_obj::minidump_streams::@163 memories64
ut64
ut64(WINAPI *w32_GetEnabledXStateFeatures)()

References rz_bin_mdmp_obj::minidump_streams::base_rva, rz_bin_object_t::bin_obj, map(), rz_bin_mdmp_obj::minidump_streams::memories, rz_bin_mdmp_obj::minidump_streams::memories64, NULL, rz_bin_file_t::o, PFMT64x, rva(), rz_bin_map_free(), rz_bin_mdmp_get_perm(), rz_list_append(), rz_list_newf(), RZ_NEW0, rz_str_newf(), rz_bin_mdmp_obj::streams, and ut64().

◆ mem()

static RzList* mem ( RzBinFile bf)
static

Definition at line 300 of file bin_mdmp.c.

300  {
301  struct minidump_location_descriptor *location = NULL;
302  struct minidump_memory_descriptor *module;
303  struct minidump_memory_descriptor64 *module64;
304  struct minidump_memory_info *mem_info;
305  struct rz_bin_mdmp_obj *obj;
306  RzList *ret;
307  RzListIter *it;
308  RzBinMem *ptr;
309  ut64 index;
310  ut64 state, type, a_protect;
311 
312  if (!(ret = rz_list_newf(rz_bin_mem_free))) {
313  return NULL;
314  }
315 
316  obj = (struct rz_bin_mdmp_obj *)bf->o->bin_obj;
317 
318  /* [1] As there isnt a better place to put this info at the moment we will
319  ** mash it into the name field, but without enumeration for now */
320  rz_list_foreach (obj->streams.memories, it, module) {
321  if (!(ptr = RZ_NEW0(RzBinMem))) {
322  return ret;
323  }
324  ptr->addr = module->start_of_memory_range;
325  ptr->size = location ? location->data_size : 0;
326  ptr->perms = rz_bin_mdmp_get_perm(obj, ptr->addr);
327 
328  /* [1] */
329  state = type = a_protect = 0;
330  if ((mem_info = rz_bin_mdmp_get_mem_info(obj, ptr->addr))) {
331  state = mem_info->state;
332  type = mem_info->type;
333  a_protect = mem_info->allocation_protect;
334  }
335  location = &(module->memory);
336  ptr->name = strdup(sdb_fmt("paddr=0x%08" PFMT32x " state=0x%08" PFMT64x
337  " type=0x%08" PFMT64x " allocation_protect=0x%08" PFMT64x " Memory_Section",
338  location->rva, state, type, a_protect));
339 
340  rz_list_append(ret, ptr);
341  }
342 
343  index = obj->streams.memories64.base_rva;
344  rz_list_foreach (obj->streams.memories64.memories, it, module64) {
345  if (!(ptr = RZ_NEW0(RzBinMem))) {
346  return ret;
347  }
348  ptr->addr = module64->start_of_memory_range;
349  ptr->size = module64->data_size;
350  ptr->perms = rz_bin_mdmp_get_perm(obj, ptr->addr);
351 
352  /* [1] */
353  state = type = a_protect = 0;
354  if ((mem_info = rz_bin_mdmp_get_mem_info(obj, ptr->addr))) {
355  state = mem_info->state;
356  type = mem_info->type;
357  a_protect = mem_info->allocation_protect;
358  }
359  ptr->name = strdup(sdb_fmt("paddr=0x%08" PFMT64x " state=0x%08" PFMT64x
360  " type=0x%08" PFMT64x " allocation_protect=0x%08" PFMT64x " Memory_Section",
361  index, state, type, a_protect));
362 
363  index += module64->data_size;
364 
365  rz_list_append(ret, ptr);
366  }
367 
368  return ret;
369 }
PFMT32x
#define PFMT32x
Definition: analysis_ppc_cs.c:28
rz_bin_mem_free
RZ_API void rz_bin_mem_free(void *data)
Definition: bobj.c:49
rz_bin_mdmp_get_mem_info
struct minidump_memory_info * rz_bin_mdmp_get_mem_info(struct rz_bin_mdmp_obj *obj, ut64 vaddr)
Definition: mdmp.c:30
type
int type
Definition: mipsasm.c:17
module
Definition: sftypes.h:77
rz_bin_mem_t
Definition: rz_bin.h:779
rz_bin_mem_t::name
char * name
Definition: rz_bin.h:780
rz_bin_mem_t::addr
ut64 addr
Definition: rz_bin.h:781
rz_bin_mem_t::size
int size
Definition: rz_bin.h:782
rz_bin_mem_t::perms
int perms
Definition: rz_bin.h:783
state
Definition: dis.h:43

References rz_bin_mem_t::addr, rz_bin_mdmp_obj::minidump_streams::base_rva, rz_bin_object_t::bin_obj, rz_bin_mdmp_obj::minidump_streams::memories, rz_bin_mdmp_obj::minidump_streams::memories64, rz_bin_mem_t::name, NULL, rz_bin_file_t::o, rz_bin_mem_t::perms, PFMT32x, PFMT64x, rz_bin_mdmp_get_mem_info(), rz_bin_mdmp_get_perm(), rz_bin_mem_free(), rz_list_append(), rz_list_newf(), RZ_NEW0, sdb_fmt(), rz_bin_mem_t::size, strdup(), rz_bin_mdmp_obj::streams, type, and ut64().

◆ relocs()

static RzList* relocs ( RzBinFile bf)
static

Definition at line 371 of file bin_mdmp.c.

371  {
372  struct rz_bin_mdmp_obj *obj;
373  struct Pe32_rz_bin_mdmp_pe_bin *pe32_bin;
374  struct Pe64_rz_bin_mdmp_pe_bin *pe64_bin;
375  RzListIter *it;
376 
377  RzList *ret = rz_list_newf(free);
378  if (!ret) {
379  return NULL;
380  }
381 
382  obj = (struct rz_bin_mdmp_obj *)bf->o->bin_obj;
383 
384  rz_list_foreach (obj->pe32_bins, it, pe32_bin) {
385  if (pe32_bin->bin && pe32_bin->bin->relocs) {
386  rz_list_join(ret, pe32_bin->bin->relocs);
387  }
388  }
389  rz_list_foreach (obj->pe64_bins, it, pe64_bin) {
390  if (pe64_bin->bin && pe64_bin->bin->relocs) {
391  rz_list_join(ret, pe64_bin->bin->relocs);
392  }
393  }
394 
395  return ret;
396 }

References rz_bin_object_t::bin_obj, free(), NULL, rz_bin_file_t::o, rz_bin_mdmp_obj::pe32_bins, rz_bin_mdmp_obj::pe64_bins, rz_list_join(), and rz_list_newf().

◆ sections()

static RzList* sections ( RzBinFile bf)
static

Definition at line 222 of file bin_mdmp.c.

222  {
223  struct minidump_module *module;
224  struct minidump_string *str;
225  struct rz_bin_mdmp_obj *obj;
226  struct Pe32_rz_bin_mdmp_pe_bin *pe32_bin;
227  struct Pe64_rz_bin_mdmp_pe_bin *pe64_bin;
228  RzList *ret, *pe_secs;
229  RzListIter *it, *it0;
230  RzBinSection *ptr;
231 
232  obj = (struct rz_bin_mdmp_obj *)bf->o->bin_obj;
233 
234  if (!(ret = rz_list_newf((RzListFree)rz_bin_section_free))) {
235  return NULL;
236  }
237 
238  // XXX: Never add here as they are covered above
239  rz_list_foreach (obj->streams.modules, it, module) {
240  ut8 b[512];
241 
242  if (!(ptr = RZ_NEW0(RzBinSection))) {
243  return ret;
244  }
245  if (module->module_name_rva + sizeof(struct minidump_string) >= rz_buf_size(obj->b)) {
246  free(ptr);
247  continue;
248  }
249  rz_buf_read_at(obj->b, module->module_name_rva, (ut8 *)&b, sizeof(b));
250  str = (struct minidump_string *)b;
251  int ptr_name_len = (str->length + 2) * 4;
252  if (ptr_name_len < 1 || ptr_name_len > sizeof(b) - 4) {
253  continue;
254  }
255  if (module->module_name_rva + str->length > rz_buf_size(obj->b)) {
256  free(ptr);
257  break;
258  }
259  ptr->name = calloc(1, ptr_name_len);
260  if (!ptr->name) {
261  free(ptr);
262  continue;
263  }
264  rz_str_utf16_to_utf8((ut8 *)ptr->name, str->length * 4,
265  (const ut8 *)(&str->buffer), str->length, obj->endian);
266  ptr->vaddr = module->base_of_image;
267  ptr->vsize = module->size_of_image;
268  ptr->paddr = rz_bin_mdmp_get_paddr(obj, ptr->vaddr);
269  ptr->size = module->size_of_image;
270  ptr->has_strings = false;
271  /* As this is an encompassing section we will set the RWX to 0 */
272  ptr->perm = 0;
273 
274  if (!rz_list_append(ret, ptr)) {
275  free(ptr);
276  break;
277  }
278 
279  /* Grab the pe sections */
280  rz_list_foreach (obj->pe32_bins, it0, pe32_bin) {
281  if (pe32_bin->vaddr == module->base_of_image && pe32_bin->bin) {
282  pe_secs = Pe32_rz_bin_mdmp_pe_get_sections(pe32_bin);
283  rz_list_join(ret, pe_secs);
284  rz_list_free(pe_secs);
285  }
286  }
287  rz_list_foreach (obj->pe64_bins, it0, pe64_bin) {
288  if (pe64_bin->vaddr == module->base_of_image && pe64_bin->bin) {
289  pe_secs = Pe64_rz_bin_mdmp_pe_get_sections(pe64_bin);
290  rz_list_join(ret, pe_secs);
291  rz_list_free(pe_secs);
292  }
293  }
294  }
295  RZ_LOG_WARN("Parsing data sections for large dumps can take time, "
296  "please be patient (if strings are not needed, try with -z)!\n");
297  return ret;
298 }
rz_bin_section_free
RZ_API void rz_bin_section_free(RzBinSection *bs)
Definition: bin.c:1116
calloc
void * calloc(size_t number, size_t size)
Definition: malloc.c:102
rz_bin_mdmp_get_paddr
ut64 rz_bin_mdmp_get_paddr(struct rz_bin_mdmp_obj *obj, ut64 vaddr)
Definition: mdmp.c:11
cmd_descs_generate.str
str
Definition: cmd_descs_generate.py:785
rz_buf_size
RZ_API ut64 rz_buf_size(RZ_NONNULL RzBuffer *b)
Return the size of the buffer.
Definition: buf.c:1225
RZ_LOG_WARN
#define RZ_LOG_WARN(fmtstr,...)
Definition: rz_log.h:56
rz_str_utf16_to_utf8
RZ_API int rz_str_utf16_to_utf8(ut8 *dst, int len_dst, const ut8 *src, int len_src, bool little_endian)
Definition: str.c:2884
rz_bin_mdmp_obj::minidump_streams::modules
RzList * modules
Definition: mdmp.h:39
rz_bin_mdmp_obj::b
RzBuffer * b
Definition: mdmp.h:55
rz_bin_section_t
Definition: rz_bin.h:618
rz_bin_section_t::paddr
ut64 paddr
Definition: rz_bin.h:623
rz_bin_section_t::perm
ut32 perm
Definition: rz_bin.h:624
rz_bin_section_t::size
ut64 size
Definition: rz_bin.h:620
rz_bin_section_t::name
char * name
Definition: rz_bin.h:619
rz_bin_section_t::has_strings
bool has_strings
Definition: rz_bin.h:632
rz_bin_section_t::vaddr
ut64 vaddr
Definition: rz_bin.h:622
rz_bin_section_t::vsize
ut64 vsize
Definition: rz_bin.h:621
if
if(dbg->bits==RZ_SYS_BITS_64)
Definition: windows-arm64.h:4

References rz_bin_mdmp_obj::b, b, rz_bin_object_t::bin_obj, calloc(), rz_bin_mdmp_obj::endian, free(), rz_bin_section_t::has_strings, if(), rz_bin_mdmp_obj::minidump_streams::modules, rz_bin_section_t::name, NULL, rz_bin_file_t::o, rz_bin_section_t::paddr, rz_bin_mdmp_obj::pe32_bins, rz_bin_mdmp_obj::pe64_bins, rz_bin_section_t::perm, rz_bin_mdmp_get_paddr(), rz_bin_section_free(), rz_buf_read_at(), rz_buf_size(), rz_list_append(), rz_list_free(), rz_list_join(), rz_list_newf(), RZ_LOG_WARN, RZ_NEW0, rz_str_utf16_to_utf8(), rz_bin_section_t::size, cmd_descs_generate::str, rz_bin_mdmp_obj::streams, rz_bin_section_t::vaddr, and rz_bin_section_t::vsize.

◆ strings()

static RzList* strings ( RzBinFile bf)
static

Definition at line 463 of file bin_mdmp.c.

463  {
464  return rz_bin_file_strings(bf, 0, false);
465 }
rz_bin_file_strings
RZ_API RZ_OWN RzList * rz_bin_file_strings(RZ_NONNULL RzBinFile *bf, size_t min_length, bool raw_strings)
Generates a RzList struct containing RzBinString from a given RzBinFile.
Definition: bfile_string.c:325

References rz_bin_file_strings().

◆ symbols()

static RzList* symbols ( RzBinFile bf)
static

Definition at line 429 of file bin_mdmp.c.

429  {
430  struct rz_bin_mdmp_obj *obj;
431  struct Pe32_rz_bin_mdmp_pe_bin *pe32_bin;
432  struct Pe64_rz_bin_mdmp_pe_bin *pe64_bin;
433  RzList *ret, *list;
434  RzListIter *it;
435 
436  if (!(ret = rz_list_newf((RzListFree)rz_bin_symbol_free))) {
437  return NULL;
438  }
439 
440  obj = (struct rz_bin_mdmp_obj *)bf->o->bin_obj;
441 
442  rz_list_foreach (obj->pe32_bins, it, pe32_bin) {
443  list = Pe32_rz_bin_mdmp_pe_get_symbols(bf->rbin, pe32_bin);
444  rz_list_join(ret, list);
445  rz_list_free(list);
446  }
447  rz_list_foreach (obj->pe64_bins, it, pe64_bin) {
448  list = Pe64_rz_bin_mdmp_pe_get_symbols(bf->rbin, pe64_bin);
449  rz_list_join(ret, list);
450  rz_list_free(list);
451  }
452  return ret;
453 }
rz_bin_symbol_free
RZ_API void rz_bin_symbol_free(RzBinSymbol *sym)
Definition: bin.c:175
rz_bin_file_t::rbin
struct rz_bin_t * rbin
Definition: rz_bin.h:316

References rz_bin_object_t::bin_obj, list(), NULL, rz_bin_file_t::o, rz_bin_mdmp_obj::pe32_bins, rz_bin_mdmp_obj::pe64_bins, rz_bin_file_t::rbin, rz_bin_symbol_free(), rz_list_free(), rz_list_join(), and rz_list_newf().

Variable Documentation

◆ rizin_plugin

RZ_API RzLibStruct rizin_plugin
Initial value:
= {
.type = RZ_LIB_TYPE_BIN,
.data = &rz_bin_plugin_mdmp,
.version = RZ_VERSION
}
rz_bin_plugin_mdmp
RzBinPlugin rz_bin_plugin_mdmp
Definition: bin_mdmp.c:467
RZ_LIB_TYPE_BIN
@ RZ_LIB_TYPE_BIN
Definition: rz_lib.h:75
RZ_VERSION
#define RZ_VERSION
Definition: rz_version.h:8
rz_bin_plugin_t::version
char * version
Definition: rz_bin.h:512

Definition at line 488 of file bin_mdmp.c.

◆ rz_bin_plugin_mdmp

RzBinPlugin rz_bin_plugin_mdmp
Initial value:
= {
.name = "mdmp",
.desc = "Minidump format rz_bin plugin",
.license = "LGPL3",
.destroy = &destroy,
.entries = entries,
.get_sdb = &get_sdb,
.imports = &imports,
.info = &info,
.libs = &libs,
.load_buffer = &load_buffer,
.check_buffer = &check_buffer,
.mem = &mem,
.relocs = &relocs,
.maps = &maps,
.sections = &sections,
.symbols = &symbols,
.strings = &strings,
}
mem
static RzList * mem(RzBinFile *bf)
Definition: bin_mdmp.c:300
get_sdb
static Sdb * get_sdb(RzBinFile *bf)
Definition: bin_mdmp.c:13
load_buffer
static bool load_buffer(RzBinFile *bf, RzBinObject *obj, RzBuffer *buf, Sdb *sdb)
Definition: bin_mdmp.c:168
symbols
static RzList * symbols(RzBinFile *bf)
Definition: bin_mdmp.c:429
strings
static RzList * strings(RzBinFile *bf)
Definition: bin_mdmp.c:463
destroy
static void destroy(RzBinFile *bf)
Definition: bin_mdmp.c:19
check_buffer
static bool check_buffer(RzBuffer *b)
Definition: bin_mdmp.c:455
info
static RzBinInfo * info(RzBinFile *bf)
Definition: bin_mdmp.c:50
entries
static RzList * entries(RzBinFile *bf)
Definition: bin_mdmp.c:23
maps
static RzList * maps(RzBinFile *bf)
Definition: bin_mdmp.c:179
sections
static RzList * sections(RzBinFile *bf)
Definition: bin_mdmp.c:222
imports
static RzList * imports(RzBinFile *bf)
Definition: bin_mdmp.c:398
relocs
static RzList * relocs(RzBinFile *bf)
Definition: bin_mdmp.c:371

Definition at line 467 of file bin_mdmp.c.