Rizin
unix-like reverse engineering framework and cli tools
common_winkd.h File Reference
#include <rz_analysis.h>
#include <winkd.h>

Go to the source code of this file.

Functions

void winkd_build_profile (WindCtx *ctx, RzTypeDB *db)
 
bool winkd_download_module_and_pdb (WindModule *module, const char *symserver, const char *symstore, char **exepath, char **pdbpath)
 

Function Documentation

◆ winkd_build_profile()

void winkd_build_profile ( WindCtx ctx,
RzTypeDB db 
)

Definition at line 7 of file common_winkd.c.

7  {
8  ctx->profile = RZ_NEW0(Profile);
9  if (!ctx->profile) {
10  return;
11  }
12 #define O_(n) ctx->profile->f[n]
13  O_(E_ActiveProcessLinks) = rz_type_db_struct_member_offset(db, "_EPROCESS", "ActiveProcessLinks");
14  O_(E_UniqueProcessId) = rz_type_db_struct_member_offset(db, "_EPROCESS", "UniqueProcessId");
15  O_(E_Peb) = rz_type_db_struct_member_offset(db, "_EPROCESS", "Peb");
16  O_(E_ImageFileName) = rz_type_db_struct_member_offset(db, "_EPROCESS", "ImageFileName");
17  O_(E_VadRoot) = rz_type_db_struct_member_offset(db, "_EPROCESS", "VadRoot");
18  O_(E_ThreadListHead) = rz_type_db_struct_member_offset(db, "_EPROCESS", "ThreadListHead");
19  O_(K_DirectoryTableBase) = rz_type_db_struct_member_offset(db, "_KPROCESS", "DirectoryTableBase");
20  O_(P_ImageBaseAddress) = rz_type_db_struct_member_offset(db, "_PEB", "ImageBaseAddress");
21  O_(P_ProcessParameters) = rz_type_db_struct_member_offset(db, "_PEB", "ProcessParameters");
22  O_(RZ_ImagePathName) = rz_type_db_struct_member_offset(db, "_RTL_USER_PROCESS_PARAMETERS", "ImagePathName");
23  O_(ET_ThreadListEntry) = rz_type_db_struct_member_offset(db, "_ETHREAD", "ThreadListEntry");
24  O_(ET_Win32StartAddress) = rz_type_db_struct_member_offset(db, "_ETHREAD", "Win32StartAddress");
25  O_(ET_Cid) = rz_type_db_struct_member_offset(db, "_ETHREAD", "Cid");
26  O_(C_UniqueThread) = rz_type_db_struct_member_offset(db, "_CLIENT_ID", "UniqueThread");
27  RZ_LOG_VERBOSE("_EPROCESS.ActiveProcessLinks: 0x%" PFMT32x "\n", O_(E_ActiveProcessLinks));
28  RZ_LOG_VERBOSE("_EPROCESS.UniqueProcessId: 0x%" PFMT32x "\n", O_(E_UniqueProcessId));
29  RZ_LOG_VERBOSE("_EPROCESS.Peb: 0x%" PFMT32x "\n", O_(E_Peb));
30  RZ_LOG_VERBOSE("_EPROCESS.ImageFileName: 0x%" PFMT32x "\n", O_(E_ImageFileName));
31  RZ_LOG_VERBOSE("_EPROCESS.VadRoot: 0x%" PFMT32x "\n", O_(E_VadRoot));
32  RZ_LOG_VERBOSE("_EPROCESS.ThreadListHead: 0x%" PFMT32x "\n", O_(E_ThreadListHead));
33  RZ_LOG_VERBOSE("_KPROCESS.DirectoryTableBase: 0x%" PFMT32x "\n", O_(K_DirectoryTableBase));
34  RZ_LOG_VERBOSE("_PEB.ImageBaseAddress: 0x%" PFMT32x "\n", O_(P_ImageBaseAddress));
35  RZ_LOG_VERBOSE("_PEB.ProcessParameters: 0x%" PFMT32x "\n", O_(P_ProcessParameters));
36  RZ_LOG_VERBOSE("_RTL_USER_PROCESS_PARAMETERS.ImagePathName: 0x%" PFMT32x "\n", O_(RZ_ImagePathName));
37  RZ_LOG_VERBOSE("_ETHREAD.ThreadListEntry: 0x%" PFMT32x "\n", O_(ET_ThreadListEntry));
38  RZ_LOG_VERBOSE("_ETHREAD.Win32StartAddress: 0x%" PFMT32x "\n", O_(ET_Win32StartAddress));
39  RZ_LOG_VERBOSE("_ETHREAD.Cid: 0x%" PFMT32x "\n", O_(ET_Cid));
40  RZ_LOG_VERBOSE("_CLIENT_ID.UniqueThread: 0x%" PFMT32x "\n", O_(C_UniqueThread));
41 #undef O_
42 }
#define PFMT32x
#define O_(n)
#define RZ_LOG_VERBOSE(fmtstr,...)
Definition: rz_log.h:52
#define RZ_NEW0(x)
Definition: rz_types.h:284
Definition: winkd.h:68
RZ_API ut64 rz_type_db_struct_member_offset(RZ_NONNULL const RzTypeDB *typedb, RZ_NONNULL const char *name, RZ_NONNULL const char *member)
Returns the offset in bytes of the structure member if there is a match.
Definition: path.c:269
@ P_ProcessParameters
Definition: winkd.h:58
@ C_UniqueThread
Definition: winkd.h:64
@ E_Peb
Definition: winkd.h:52
@ E_UniqueProcessId
Definition: winkd.h:51
@ ET_Win32StartAddress
Definition: winkd.h:62
@ E_ActiveProcessLinks
Definition: winkd.h:50
@ K_DirectoryTableBase
Definition: winkd.h:56
@ ET_Cid
Definition: winkd.h:63
@ E_VadRoot
Definition: winkd.h:54
@ RZ_ImagePathName
Definition: winkd.h:59
@ E_ImageFileName
Definition: winkd.h:53
@ ET_ThreadListEntry
Definition: winkd.h:61
@ E_ThreadListHead
Definition: winkd.h:55
@ P_ImageBaseAddress
Definition: winkd.h:57

References C_UniqueThread, E_ActiveProcessLinks, E_ImageFileName, E_Peb, E_ThreadListHead, E_UniqueProcessId, E_VadRoot, ET_Cid, ET_ThreadListEntry, ET_Win32StartAddress, K_DirectoryTableBase, O_, P_ImageBaseAddress, P_ProcessParameters, PFMT32x, RZ_ImagePathName, RZ_LOG_VERBOSE, RZ_NEW0, and rz_type_db_struct_member_offset().

Referenced by rz_debug_dmp_init(), and rz_debug_winkd_attach().

◆ winkd_download_module_and_pdb()

bool winkd_download_module_and_pdb ( WindModule module,
const char *  symserver,
const char *  symstore,
char **  exepath,
char **  pdbpath 
)

Definition at line 75 of file common_winkd.c.

75  {
76  if (exepath) {
77  *exepath = NULL;
78  }
79  if (pdbpath) {
80  *pdbpath = NULL;
81  }
82  char *sum = rz_str_newf("%08" PFMT32x "%" PFMT32x, module->timestamp, module->size);
83  const char *file = rz_str_rchr(module->name, NULL, '\\') + 1;
84  RZ_LOG_INFO("Downloading module and pdb for '%s'\n", file);
85  SPDBDownloaderOpt opts = {
86  .dbg_file = file, .extract = true, .guid = sum, .symbol_server = symserver, .symbol_store_path = symstore
87  };
88  char *executable = rz_bin_symserver_download(&opts);
89  free(sum);
90  if (!executable) {
91  return false;
92  }
93  char *res = download_pdb(executable, symserver, symstore);
94  if (exepath) {
95  *exepath = executable;
96  } else {
97  free(executable);
98  }
99  RzJson *json = rz_json_parse(res);
100  if (!json) {
101  return false;
102  }
103  const RzJson *pdb = rz_json_get(json, "pdb");
104  if (!pdb) {
105  return false;
106  }
107  const RzJson *ppath = rz_json_get(pdb, "path");
108  if (!ppath) {
109  return false;
110  }
111  if (pdbpath) {
112  *pdbpath = strdup(ppath->str_value);
113  }
114  rz_json_free(json);
115  free(res);
116  return true;
117 }
static char * download_pdb(const char *path, const char *symserver, const char *symstore)
Definition: common_winkd.c:44
#define NULL
Definition: cris-opc.c:27
RZ_API void Ht_() free(HtName_(Ht) *ht)
Definition: ht_inc.c:130
return strdup("=SP r13\n" "=LR r14\n" "=PC r15\n" "=A0 r0\n" "=A1 r1\n" "=A2 r2\n" "=A3 r3\n" "=ZF zf\n" "=SF nf\n" "=OF vf\n" "=CF cf\n" "=SN or0\n" "gpr lr .32 56 0\n" "gpr pc .32 60 0\n" "gpr cpsr .32 64 0 ____tfiae_________________qvczn\n" "gpr or0 .32 68 0\n" "gpr tf .1 64.5 0 thumb\n" "gpr ef .1 64.9 0 endian\n" "gpr jf .1 64.24 0 java\n" "gpr qf .1 64.27 0 sticky_overflow\n" "gpr vf .1 64.28 0 overflow\n" "gpr cf .1 64.29 0 carry\n" "gpr zf .1 64.30 0 zero\n" "gpr nf .1 64.31 0 negative\n" "gpr itc .4 64.10 0 if_then_count\n" "gpr gef .4 64.16 0 great_or_equal\n" "gpr r0 .32 0 0\n" "gpr r1 .32 4 0\n" "gpr r2 .32 8 0\n" "gpr r3 .32 12 0\n" "gpr r4 .32 16 0\n" "gpr r5 .32 20 0\n" "gpr r6 .32 24 0\n" "gpr r7 .32 28 0\n" "gpr r8 .32 32 0\n" "gpr r9 .32 36 0\n" "gpr r10 .32 40 0\n" "gpr r11 .32 44 0\n" "gpr r12 .32 48 0\n" "gpr r13 .32 52 0\n" "gpr r14 .32 56 0\n" "gpr r15 .32 60 0\n" "gpr r16 .32 64 0\n" "gpr r17 .32 68 0\n")
RZ_API RZ_OWN char * rz_bin_symserver_download(RZ_NONNULL const SPDBDownloaderOpt *options)
downloads file from symbol server
RZ_API const RzJson * rz_json_get(const RzJson *json, const char *key)
Definition: json_parser.c:405
RZ_API RzJson * rz_json_parse(char *text)
Definition: json_parser.c:382
RZ_API void rz_json_free(RzJson *js)
Definition: json_parser.c:45
#define RZ_LOG_INFO(fmtstr,...)
Definition: rz_log.h:54
RZ_API char * rz_str_newf(const char *fmt,...) RZ_PRINTF_CHECK(1
RZ_API const char * rz_str_rchr(const char *base, const char *p, int ch)
Definition: str.c:829
const char * dbg_file
Definition: gzappend.c:170
Definition: sftypes.h:77
const char * str_value
Definition: rz_json.h:42
static int file
Definition: z80asm.c:58

References SPDBDownloaderOpt::dbg_file, download_pdb(), file, free(), NULL, PFMT32x, rz_bin_symserver_download(), rz_json_free(), rz_json_get(), rz_json_parse(), RZ_LOG_INFO, rz_str_newf(), rz_str_rchr(), rz_json_t::str_value, and strdup().

Referenced by rz_debug_dmp_frames(), rz_debug_dmp_init(), and rz_debug_winkd_attach().