Rizin
unix-like reverse engineering framework and cli tools
Macros | Functions
common_winkd.c File Reference
#include "common_winkd.h"
#include <bin/pdb/pdb_downloader.h>

Go to the source code of this file.

Macros

#define O_(n)   ctx->profile->f[n]
 

Functions

void winkd_build_profile (WindCtx *ctx, RzTypeDB *db)
 
static char * download_pdb (const char *path, const char *symserver, const char *symstore)
 
bool winkd_download_module_and_pdb (WindModule *module, const char *symserver, const char *symstore, char **exepath, char **pdbpath)
 

Macro Definition Documentation

◆ O_

#define O_ (   n)    ctx->profile->f[n]

Function Documentation

◆ download_pdb()

static char* download_pdb ( const char *  path,
const char *  symserver,
const char *  symstore 
)
static

Definition at line 44 of file common_winkd.c.

44  {
45  PJ *pj = pj_new();
46  if (!pj) {
47  return NULL;
48  }
49  RzBin *bin = NULL;
50  RzIO *io = rz_io_new();
51  if (!io) {
52  goto end;
53  }
54  bin = rz_bin_new();
55  if (!bin) {
56  goto end;
57  }
58  rz_io_bind(io, &bin->iob);
59 
60  RzBinOptions opt = { 0 };
61  bin->filter_rules = RZ_BIN_REQ_INFO;
62  if (!rz_bin_open(bin, path, &opt)) {
63  goto end;
64  }
65  pj_o(pj);
66  SPDBOptions opts = { .extract = 1, .symbol_server = symserver, .symbol_store_path = symstore };
67  rz_bin_pdb_download(bin, pj, true, &opts);
68  pj_end(pj);
69 end:
70  rz_bin_free(bin);
71  rz_io_free(io);
72  return pj_drain(pj);
73 }
rz_bin_new
RZ_API RzBin * rz_bin_new(void)
Definition: bin.c:716
rz_bin_open
RZ_API RzBinFile * rz_bin_open(RzBin *bin, const char *file, RzBinOptions *opt)
Definition: bin.c:200
rz_bin_free
RZ_API void rz_bin_free(RzBin *bin)
Definition: bin.c:440
NULL
#define NULL
Definition: cris-opc.c:27
path
static static fork const void static count static fd const char const char static newpath const char static path const char path
Definition: sflib.h:35
test_evm.end
end
Definition: test_evm.py:20
rz_bin_pdb_download
RZ_API int rz_bin_pdb_download(RZ_NONNULL RzBin *bin, RZ_NULLABLE PJ *pj, int isradjson, RZ_NONNULL SPDBOptions *options)
Download PDB file for currently opened RzBin file.
Definition: pdb_downloader.c:171
RZ_BIN_REQ_INFO
#define RZ_BIN_REQ_INFO
Definition: rz_bin.h:49
rz_io_free
RZ_API void rz_io_free(RzIO *io)
Definition: io.c:126
rz_io_bind
RZ_API void rz_io_bind(RzIO *io, RzIOBind *bnd)
Definition: io.c:550
rz_io_new
RZ_API RzIO * rz_io_new(void)
Definition: io.c:110
pj_new
RZ_API PJ * pj_new(void)
Definition: pj.c:25
pj_drain
RZ_API char * pj_drain(PJ *j)
Definition: pj.c:50
pj_end
RZ_API PJ * pj_end(PJ *j)
Definition: pj.c:87
pj_o
RZ_API PJ * pj_o(PJ *j)
Definition: pj.c:75
bin
Definition: malloc.c:26
pj_t
Definition: rz_pj.h:12
rz_bin_t
Definition: rz_bin.h:328
rz_io_t
Definition: rz_io.h:59

References test_evm::end, SPDBOptions::extract, NULL, path, pj_drain(), pj_end(), pj_new(), pj_o(), rz_bin_free(), rz_bin_new(), rz_bin_open(), rz_bin_pdb_download(), RZ_BIN_REQ_INFO, rz_io_bind(), rz_io_free(), and rz_io_new().

Referenced by winkd_download_module_and_pdb().

◆ winkd_build_profile()

void winkd_build_profile ( WindCtx ctx,
RzTypeDB db 
)

Definition at line 7 of file common_winkd.c.

7  {
8  ctx->profile = RZ_NEW0(Profile);
9  if (!ctx->profile) {
10  return;
11  }
12 #define O_(n) ctx->profile->f[n]
13  O_(E_ActiveProcessLinks) = rz_type_db_struct_member_offset(db, "_EPROCESS", "ActiveProcessLinks");
14  O_(E_UniqueProcessId) = rz_type_db_struct_member_offset(db, "_EPROCESS", "UniqueProcessId");
15  O_(E_Peb) = rz_type_db_struct_member_offset(db, "_EPROCESS", "Peb");
16  O_(E_ImageFileName) = rz_type_db_struct_member_offset(db, "_EPROCESS", "ImageFileName");
17  O_(E_VadRoot) = rz_type_db_struct_member_offset(db, "_EPROCESS", "VadRoot");
18  O_(E_ThreadListHead) = rz_type_db_struct_member_offset(db, "_EPROCESS", "ThreadListHead");
19  O_(K_DirectoryTableBase) = rz_type_db_struct_member_offset(db, "_KPROCESS", "DirectoryTableBase");
20  O_(P_ImageBaseAddress) = rz_type_db_struct_member_offset(db, "_PEB", "ImageBaseAddress");
21  O_(P_ProcessParameters) = rz_type_db_struct_member_offset(db, "_PEB", "ProcessParameters");
22  O_(RZ_ImagePathName) = rz_type_db_struct_member_offset(db, "_RTL_USER_PROCESS_PARAMETERS", "ImagePathName");
23  O_(ET_ThreadListEntry) = rz_type_db_struct_member_offset(db, "_ETHREAD", "ThreadListEntry");
24  O_(ET_Win32StartAddress) = rz_type_db_struct_member_offset(db, "_ETHREAD", "Win32StartAddress");
25  O_(ET_Cid) = rz_type_db_struct_member_offset(db, "_ETHREAD", "Cid");
26  O_(C_UniqueThread) = rz_type_db_struct_member_offset(db, "_CLIENT_ID", "UniqueThread");
27  RZ_LOG_VERBOSE("_EPROCESS.ActiveProcessLinks: 0x%" PFMT32x "\n", O_(E_ActiveProcessLinks));
28  RZ_LOG_VERBOSE("_EPROCESS.UniqueProcessId: 0x%" PFMT32x "\n", O_(E_UniqueProcessId));
29  RZ_LOG_VERBOSE("_EPROCESS.Peb: 0x%" PFMT32x "\n", O_(E_Peb));
30  RZ_LOG_VERBOSE("_EPROCESS.ImageFileName: 0x%" PFMT32x "\n", O_(E_ImageFileName));
31  RZ_LOG_VERBOSE("_EPROCESS.VadRoot: 0x%" PFMT32x "\n", O_(E_VadRoot));
32  RZ_LOG_VERBOSE("_EPROCESS.ThreadListHead: 0x%" PFMT32x "\n", O_(E_ThreadListHead));
33  RZ_LOG_VERBOSE("_KPROCESS.DirectoryTableBase: 0x%" PFMT32x "\n", O_(K_DirectoryTableBase));
34  RZ_LOG_VERBOSE("_PEB.ImageBaseAddress: 0x%" PFMT32x "\n", O_(P_ImageBaseAddress));
35  RZ_LOG_VERBOSE("_PEB.ProcessParameters: 0x%" PFMT32x "\n", O_(P_ProcessParameters));
36  RZ_LOG_VERBOSE("_RTL_USER_PROCESS_PARAMETERS.ImagePathName: 0x%" PFMT32x "\n", O_(RZ_ImagePathName));
37  RZ_LOG_VERBOSE("_ETHREAD.ThreadListEntry: 0x%" PFMT32x "\n", O_(ET_ThreadListEntry));
38  RZ_LOG_VERBOSE("_ETHREAD.Win32StartAddress: 0x%" PFMT32x "\n", O_(ET_Win32StartAddress));
39  RZ_LOG_VERBOSE("_ETHREAD.Cid: 0x%" PFMT32x "\n", O_(ET_Cid));
40  RZ_LOG_VERBOSE("_CLIENT_ID.UniqueThread: 0x%" PFMT32x "\n", O_(C_UniqueThread));
41 #undef O_
42 }
PFMT32x
#define PFMT32x
Definition: analysis_ppc_cs.c:28
O_
#define O_(n)
RZ_LOG_VERBOSE
#define RZ_LOG_VERBOSE(fmtstr,...)
Definition: rz_log.h:52
RZ_NEW0
#define RZ_NEW0(x)
Definition: rz_types.h:284
Profile
Definition: winkd.h:68
rz_type_db_struct_member_offset
RZ_API ut64 rz_type_db_struct_member_offset(RZ_NONNULL const RzTypeDB *typedb, RZ_NONNULL const char *name, RZ_NONNULL const char *member)
Returns the offset in bytes of the structure member if there is a match.
Definition: path.c:269
P_ProcessParameters
@ P_ProcessParameters
Definition: winkd.h:58
C_UniqueThread
@ C_UniqueThread
Definition: winkd.h:64
E_Peb
@ E_Peb
Definition: winkd.h:52
E_UniqueProcessId
@ E_UniqueProcessId
Definition: winkd.h:51
ET_Win32StartAddress
@ ET_Win32StartAddress
Definition: winkd.h:62
E_ActiveProcessLinks
@ E_ActiveProcessLinks
Definition: winkd.h:50
K_DirectoryTableBase
@ K_DirectoryTableBase
Definition: winkd.h:56
ET_Cid
@ ET_Cid
Definition: winkd.h:63
E_VadRoot
@ E_VadRoot
Definition: winkd.h:54
RZ_ImagePathName
@ RZ_ImagePathName
Definition: winkd.h:59
E_ImageFileName
@ E_ImageFileName
Definition: winkd.h:53
ET_ThreadListEntry
@ ET_ThreadListEntry
Definition: winkd.h:61
E_ThreadListHead
@ E_ThreadListHead
Definition: winkd.h:55
P_ImageBaseAddress
@ P_ImageBaseAddress
Definition: winkd.h:57

References C_UniqueThread, E_ActiveProcessLinks, E_ImageFileName, E_Peb, E_ThreadListHead, E_UniqueProcessId, E_VadRoot, ET_Cid, ET_ThreadListEntry, ET_Win32StartAddress, K_DirectoryTableBase, O_, P_ImageBaseAddress, P_ProcessParameters, PFMT32x, RZ_ImagePathName, RZ_LOG_VERBOSE, RZ_NEW0, and rz_type_db_struct_member_offset().

Referenced by rz_debug_dmp_init(), and rz_debug_winkd_attach().

◆ winkd_download_module_and_pdb()

bool winkd_download_module_and_pdb ( WindModule module,
const char *  symserver,
const char *  symstore,
char **  exepath,
char **  pdbpath 
)

Definition at line 75 of file common_winkd.c.

75  {
76  if (exepath) {
77  *exepath = NULL;
78  }
79  if (pdbpath) {
80  *pdbpath = NULL;
81  }
82  char *sum = rz_str_newf("%08" PFMT32x "%" PFMT32x, module->timestamp, module->size);
83  const char *file = rz_str_rchr(module->name, NULL, '\\') + 1;
84  RZ_LOG_INFO("Downloading module and pdb for '%s'\n", file);
85  SPDBDownloaderOpt opts = {
86  .dbg_file = file, .extract = true, .guid = sum, .symbol_server = symserver, .symbol_store_path = symstore
87  };
88  char *executable = rz_bin_symserver_download(&opts);
89  free(sum);
90  if (!executable) {
91  return false;
92  }
93  char *res = download_pdb(executable, symserver, symstore);
94  if (exepath) {
95  *exepath = executable;
96  } else {
97  free(executable);
98  }
99  RzJson *json = rz_json_parse(res);
100  if (!json) {
101  return false;
102  }
103  const RzJson *pdb = rz_json_get(json, "pdb");
104  if (!pdb) {
105  return false;
106  }
107  const RzJson *ppath = rz_json_get(pdb, "path");
108  if (!ppath) {
109  return false;
110  }
111  if (pdbpath) {
112  *pdbpath = strdup(ppath->str_value);
113  }
114  rz_json_free(json);
115  free(res);
116  return true;
117 }
download_pdb
static char * download_pdb(const char *path, const char *symserver, const char *symstore)
Definition: common_winkd.c:44
free
RZ_API void Ht_() free(HtName_(Ht) *ht)
Definition: ht_inc.c:130
strdup
return strdup("=SP r13\n" "=LR r14\n" "=PC r15\n" "=A0 r0\n" "=A1 r1\n" "=A2 r2\n" "=A3 r3\n" "=ZF zf\n" "=SF nf\n" "=OF vf\n" "=CF cf\n" "=SN or0\n" "gpr lr .32 56 0\n" "gpr pc .32 60 0\n" "gpr cpsr .32 64 0 ____tfiae_________________qvczn\n" "gpr or0 .32 68 0\n" "gpr tf .1 64.5 0 thumb\n" "gpr ef .1 64.9 0 endian\n" "gpr jf .1 64.24 0 java\n" "gpr qf .1 64.27 0 sticky_overflow\n" "gpr vf .1 64.28 0 overflow\n" "gpr cf .1 64.29 0 carry\n" "gpr zf .1 64.30 0 zero\n" "gpr nf .1 64.31 0 negative\n" "gpr itc .4 64.10 0 if_then_count\n" "gpr gef .4 64.16 0 great_or_equal\n" "gpr r0 .32 0 0\n" "gpr r1 .32 4 0\n" "gpr r2 .32 8 0\n" "gpr r3 .32 12 0\n" "gpr r4 .32 16 0\n" "gpr r5 .32 20 0\n" "gpr r6 .32 24 0\n" "gpr r7 .32 28 0\n" "gpr r8 .32 32 0\n" "gpr r9 .32 36 0\n" "gpr r10 .32 40 0\n" "gpr r11 .32 44 0\n" "gpr r12 .32 48 0\n" "gpr r13 .32 52 0\n" "gpr r14 .32 56 0\n" "gpr r15 .32 60 0\n" "gpr r16 .32 64 0\n" "gpr r17 .32 68 0\n")
rz_bin_symserver_download
RZ_API RZ_OWN char * rz_bin_symserver_download(RZ_NONNULL const SPDBDownloaderOpt *options)
downloads file from symbol server
Definition: pdb_downloader.c:219
rz_json_get
RZ_API const RzJson * rz_json_get(const RzJson *json, const char *key)
Definition: json_parser.c:405
rz_json_parse
RZ_API RzJson * rz_json_parse(char *text)
Definition: json_parser.c:382
rz_json_free
RZ_API void rz_json_free(RzJson *js)
Definition: json_parser.c:45
RZ_LOG_INFO
#define RZ_LOG_INFO(fmtstr,...)
Definition: rz_log.h:54
rz_str_newf
RZ_API char * rz_str_newf(const char *fmt,...) RZ_PRINTF_CHECK(1
rz_str_rchr
RZ_API const char * rz_str_rchr(const char *base, const char *p, int ch)
Definition: str.c:829
SPDBDownloaderOpt::dbg_file
const char * dbg_file
Definition: pdb_downloader.h:22
file
Definition: gzappend.c:170
module
Definition: sftypes.h:77
rz_json_t
Definition: rz_json.h:38
rz_json_t::str_value
const char * str_value
Definition: rz_json.h:42
file
static int file
Definition: z80asm.c:58

References SPDBDownloaderOpt::dbg_file, download_pdb(), file, free(), NULL, PFMT32x, rz_bin_symserver_download(), rz_json_free(), rz_json_get(), rz_json_parse(), RZ_LOG_INFO, rz_str_newf(), rz_str_rchr(), rz_json_t::str_value, and strdup().

Referenced by rz_debug_dmp_frames(), rz_debug_dmp_init(), and rz_debug_winkd_attach().