debug_winkd.c File Reference

#include <rz_debug.h>
#include <winkd.h>
#include <kd.h>
#include "common_winkd.h"
#include "common_windows.h"
#include "mdmp_windefs.h"
#include "native/reg/windows-x86.h"
#include "native/reg/windows-x64.h"
#include "native/bt/windows-x64.c"
#include "native/bt/generic-all.c"

Go to the source code of this file.

Macros
#define	O_(n)   kdctx->windctx.profile->f[n]

Functions
static int	rz_debug_winkd_reg_read (RZ_BORROW RZ_NONNULL RzDebug *dbg, int type, ut8 *buf, int size)
static int	rz_debug_winkd_reg_write (RZ_BORROW RZ_NONNULL RzDebug *dbg, int type, const ut8 *buf, int size)
static int	rz_debug_winkd_continue (RZ_BORROW RZ_NONNULL RzDebug *dbg, int pid, int tid, int sig)
static void	get_current_process_and_thread (RZ_BORROW RZ_NONNULL RzDebug *dbg, ut64 thread_address)
static RzDebugReasonType	rz_debug_winkd_wait (RZ_BORROW RZ_NONNULL RzDebug *dbg, int pid)
static bool	get_module_timestamp (ut64 addr, ut32 *timestamp, ut32 *sizeofimage)
static int	rz_debug_winkd_attach (RZ_BORROW RZ_NONNULL RzDebug *dbg, int pid)
static int	rz_debug_winkd_detach (RZ_BORROW RZ_NONNULL RzDebug *dbg, int pid)
static char *	rz_debug_winkd_reg_profile (RZ_BORROW RZ_NONNULL RzDebug *dbg)
static int	rz_debug_winkd_breakpoint (RZ_BORROW RZ_NONNULL RzBreakpoint *bp, RZ_BORROW RZ_NULLABLE RzBreakpointItem *b, bool set)
static bool	rz_debug_winkd_init (RZ_BORROW RZ_NONNULL RzDebug *dbg, void **user)
static RzList *	rz_debug_winkd_pids (RZ_BORROW RZ_NONNULL RzDebug *dbg, int pid)
static int	rz_debug_winkd_select (RZ_BORROW RZ_NONNULL RzDebug *dbg, int pid, int tid)
static RzList *	rz_debug_winkd_threads (RZ_BORROW RZ_NONNULL RzDebug *dbg, int pid)
static RzList *	rz_debug_winkd_modules (RZ_BORROW RZ_NONNULL RzDebug *dbg)
static RzList *	rz_debug_winkd_frames (RZ_BORROW RZ_NONNULL RzDebug *dbg, ut64 at)
static RzList *	rz_debug_winkd_maps (RZ_BORROW RZ_NONNULL RzDebug *dbg)

Variables
static KdCtx *	kdctx = NULL
RzDebugPlugin	rz_debug_plugin_winkd
RZ_API RzLibStruct	rizin_plugin

Macro Definition Documentation

O_

#define O_

(

n

)

kdctx->windctx.profile->f[n]

Definition at line 11 of file debug_winkd.c.

Function Documentation

get_current_process_and_thread()

static void get_current_process_and_thread ( RZ_BORROW RZ_NONNULL RzDebug *  dbg, ut64  thread_address  )

static

Definition at line 52 of file debug_winkd.c.

                                                                                                   {
    if (!O_(ET_ApcProcess)) {
        return;
    }
    WindThread *thread = winkd_get_thread_at(&kdctx->windctx, thread_address);
    if (!thread) {
        return;
    }
    // Read the process pointer from the current thread
    const ut64 address_process = winkd_read_ptr_at(&kdctx->windctx, kdctx->windctx.read_at_kernel_virtual, thread->ethread + O_(ET_ApcProcess));
    if (address_process && address_process != kdctx->windctx.target.eprocess) {
        // Then read the process
        WindProc *proc = winkd_get_process_at(&kdctx->windctx, address_process);
        if (proc) {
            kdctx->windctx.target = *proc;
            dbg->pid = kdctx->windctx.target.uniqueid;
            free(proc);
        }
    }
 
    kdctx->windctx.target_thread = *thread;
    dbg->tid = kdctx->windctx.target_thread.uniqueid;
    free(thread);
}

References dbg, WindProc::eprocess, ET_ApcProcess, WindThread::ethread, free(), kdctx, O_, rz_debug_t::pid, proc, _WindCtx::read_at_kernel_virtual, _WindCtx::target, _WindCtx::target_thread, rz_debug_t::tid, WindProc::uniqueid, WindThread::uniqueid, ut64(), _KdCtx::windctx, winkd_get_process_at(), winkd_get_thread_at(), and winkd_read_ptr_at().

Referenced by rz_debug_winkd_attach(), and rz_debug_winkd_wait().

get_module_timestamp()

static bool get_module_timestamp ( ut64  addr, ut32 *  timestamp, ut32 *  sizeofimage  )

static

Definition at line 122 of file debug_winkd.c.

                                                                                {
    ut8 mz[2];
    if (kdctx->windctx.read_at_kernel_virtual(kdctx->windctx.user, addr, mz, 2) != 2) {
        return false;
    }
    if (memcmp(mz, "MZ", 2)) {
        return false;
    }
    ut8 pe_off_buf[2];
    if (kdctx->windctx.read_at_kernel_virtual(kdctx->windctx.user, addr + 0x3c, pe_off_buf, 2) != 2) {
        return false;
    }
    const ut16 pe_off = rz_read_le16(pe_off_buf);
    ut8 pe[2];
    if (kdctx->windctx.read_at_kernel_virtual(kdctx->windctx.user, addr + pe_off, pe, 2) != 2) {
        return false;
    }
    if (memcmp(pe, "PE", 2)) {
        return false;
    }
    ut8 ts[4];
    if (kdctx->windctx.read_at_kernel_virtual(kdctx->windctx.user, addr + pe_off + 8, ts, 4) != 4) {
        return false;
    }
    ut8 sz[4];
    if (kdctx->windctx.read_at_kernel_virtual(kdctx->windctx.user, addr + pe_off + 0x50, sz, 4) != 4) {
        return false;
    };
    *timestamp = rz_read_le32(ts);
    *sizeofimage = rz_read_le32(sz);
    return true;
}

References addr, kdctx, _WindCtx::read_at_kernel_virtual, rz_read_le16(), rz_read_le32(), _WindCtx::user, and _KdCtx::windctx.

Referenced by rz_debug_winkd_attach().

rz_debug_winkd_attach()

static int rz_debug_winkd_attach ( RZ_BORROW RZ_NONNULL RzDebug *  dbg, int  pid  )

static

Definition at line 155 of file debug_winkd.c.

                                                                             {
    RzIODesc *desc = dbg->iob.io->desc;
 
    if (!desc || !desc->plugin || !desc->plugin->name || !desc->data) {
        return false;
    }
    if (strncmp(desc->plugin->name, "winkd", 6)) {
        return false;
    }
    if (dbg->arch && strcmp(dbg->arch, "x86")) {
        return false;
    }
    kdctx = (KdCtx *)desc->data;
 
    // Handshake
    int ret = winkd_sync(kdctx);
    if (ret < 0) {
        RZ_LOG_ERROR("Could not connect to winkd\n");
        return false;
    } else if (!ret) {
        RZ_LOG_VERBOSE("Already synced\n");
        return true;
    }
    if (!winkd_read_ver(kdctx)) {
        return false;
    }
 
    // Load PDB for kernel
    WindModule *mod = &kdctx->kernel_module;
    RzList *modules = NULL;
    if (!mod->timestamp || !mod->size) {
        if (!get_module_timestamp(kdctx->kernel_module.addr, &kdctx->kernel_module.timestamp, &kdctx->kernel_module.size)) {
            RZ_LOG_ERROR("Could not get timestamp for kernel module\n");
            return false;
        }
    }
    if (!mod->name) {
        mod->name = strdup("\\ntoskrnl.exe");
    }
    char *exepath, *pdbpath;
    if (!winkd_download_module_and_pdb(mod,
            dbg->corebind.cfgGet(dbg->corebind.core, "pdb.server"),
            dbg->corebind.cfgGet(dbg->corebind.core, "pdb.symstore"),
            &exepath, &pdbpath)) {
        RZ_LOG_ERROR("Failed to download module and pdb\n");
        rz_list_free(modules);
        return false;
    }
    dbg->corebind.cfgSetI(dbg->corebind.core, "bin.baddr", mod->addr);
    // TODO: Convert to API call
    dbg->corebind.cmdf(dbg->corebind.core, "idp \"%s\"", pdbpath);
    rz_list_free(modules);
 
    if (!kdctx->windctx.profile) {
        RZ_LOG_INFO("Trying to build profile dinamically by using the ntoskrnl.exe's PDB\n");
        winkd_build_profile(&kdctx->windctx, dbg->analysis->typedb);
    }
    dbg->bits = winkd_get_bits(&kdctx->windctx);
    // Make rz_debug_is_dead happy
    dbg->pid = 0;
    ut8 buf[2];
    // Get structure offset of current process pointer inside a KTHREAD from the kd debugger data
    if (winkd_read_at(kdctx, kdctx->windctx.KdDebuggerDataBlock + K_OffsetKThreadApcProcess, buf, 2) == 2) {
        O_(ET_ApcProcess) = rz_read_le16(buf);
        get_current_process_and_thread(dbg, kdctx->windctx.target_thread.ethread);
    }
 
    // Mapping from the vad is unreliable so just tell core that its ok to put breakpoints everywhere
    dbg->corebind.cfgSetI(dbg->corebind.core, "dbg.bpinmaps", 0);
    return true;
}

References WindModule::addr, rz_debug_t::analysis, rz_debug_t::arch, rz_debug_t::bits, rz_core_bind_t::cfgGet, rz_core_bind_t::cfgSetI, rz_core_bind_t::cmdf, rz_core_bind_t::core, rz_debug_t::corebind, dbg, desc, rz_io_t::desc, ET_ApcProcess, WindThread::ethread, get_current_process_and_thread(), get_module_timestamp(), rz_io_bind_t::io, rz_debug_t::iob, K_OffsetKThreadApcProcess, kdctx, _WindCtx::KdDebuggerDataBlock, _KdCtx::kernel_module, mod(), regress::modules, NULL, O_, rz_debug_t::pid, _WindCtx::profile, rz_list_free(), RZ_LOG_ERROR, RZ_LOG_INFO, RZ_LOG_VERBOSE, rz_read_le16(), WindModule::size, strdup(), _WindCtx::target_thread, WindModule::timestamp, rz_analysis_t::typedb, _KdCtx::windctx, winkd_build_profile(), winkd_download_module_and_pdb(), winkd_get_bits(), winkd_read_at(), winkd_read_ver(), and winkd_sync().

Referenced by rz_debug_winkd_reg_profile().

rz_debug_winkd_breakpoint()

static int rz_debug_winkd_breakpoint ( RZ_BORROW RZ_NONNULL RzBreakpoint *  bp, RZ_BORROW RZ_NULLABLE RzBreakpointItem *  b, bool  set  )

static

Definition at line 249 of file debug_winkd.c.

                                                                                                                                 {
    int *tag;
    if (!b) {
        return false;
    }
    // Use a 32 bit word here to keep this compatible with 32 bit hosts
    if (!b->data) {
        b->data = RZ_NEWS0(char, 4);
        if (!b->data) {
            return 0;
        }
    }
    tag = (int *)b->data;
    return winkd_bkpt(kdctx, b->addr, set, b->hw, tag);
}

References b, kdctx, RZ_NEWS0, test-lz4-versions::tag, and winkd_bkpt().

rz_debug_winkd_continue()

static int rz_debug_winkd_continue ( RZ_BORROW RZ_NONNULL RzDebug *  dbg, int  pid, int  tid, int  sig  )

static

Definition at line 48 of file debug_winkd.c.

                                                                                                 {
    return winkd_continue(kdctx, !sig);
}

References kdctx, and winkd_continue().

rz_debug_winkd_detach()

static int rz_debug_winkd_detach ( RZ_BORROW RZ_NONNULL RzDebug *  dbg, int  pid  )

static

Definition at line 227 of file debug_winkd.c.

                                                                             {
    eprintf("Detaching...\n");
    kdctx->syncd = 0;
    return true;
}

References eprintf, kdctx, and _KdCtx::syncd.

rz_debug_winkd_frames()

static RzList* rz_debug_winkd_frames ( RZ_BORROW RZ_NONNULL RzDebug *  dbg, ut64  at  )

static

Definition at line 389 of file debug_winkd.c.

                                                                                 {
    if (!kdctx || !kdctx->desc || !kdctx->syncd) {
        return NULL;
    }
    RzList *ret = NULL;
    if (!kdctx->windctx.is_arm && kdctx->windctx.is_64bit) {
        struct context_type_amd64 context = { 0 };
        backtrace_windows_x64(dbg, &ret, &context);
    } else {
        ret = backtrace_generic(dbg);
    }
    return ret;
}

References backtrace_generic(), backtrace_windows_x64(), dbg, _KdCtx::desc, _WindCtx::is_64bit, _WindCtx::is_arm, kdctx, NULL, _KdCtx::syncd, and _KdCtx::windctx.

rz_debug_winkd_init()

static bool rz_debug_winkd_init ( RZ_BORROW RZ_NONNULL RzDebug *  dbg, void **  user  )

static

Definition at line 265 of file debug_winkd.c.

                                                                                {
    return true;
}

rz_debug_winkd_maps()

static RzList* rz_debug_winkd_maps ( RZ_BORROW RZ_NONNULL RzDebug *  dbg )

static

Definition at line 403 of file debug_winkd.c.

                                                                      {
    RzList *maps = winkd_list_maps(&kdctx->windctx);
    RzListIter *it;
    WindMap *m;
    RzList *ret = rz_list_newf((RzListFree)rz_debug_map_free);
    if (!ret) {
        rz_list_free(maps);
        return NULL;
    }
    rz_list_foreach (maps, it, m) {
        RzDebugMap *map = RZ_NEW0(RzDebugMap);
        if (!map) {
            rz_list_free(maps);
            rz_list_free(ret);
            return NULL;
        }
        if (m->file) {
            RZ_PTR_MOVE(map->file, m->file);
            map->name = strdup(rz_file_dos_basename(map->file));
        }
        map->size = m->end - m->start;
        map->addr = m->start;
        map->addr_end = m->end;
        map->perm = m->perm;
        rz_list_append(ret, map);
    }
    rz_list_free(maps);
    return ret;
}

References kdctx, regress::m, map(), maps(), NULL, rz_debug_map_free(), rz_file_dos_basename(), rz_list_append(), rz_list_free(), rz_list_newf(), RZ_NEW0, RZ_PTR_MOVE, strdup(), _KdCtx::windctx, and winkd_list_maps().

rz_debug_winkd_modules()

static RzList* rz_debug_winkd_modules ( RZ_BORROW RZ_NONNULL RzDebug *  dbg )

static

Definition at line 358 of file debug_winkd.c.

                                                                         {
    if (!kdctx || !kdctx->desc || !kdctx->syncd) {
        return NULL;
    }
    RzList *ret = rz_list_newf((RzListFree)rz_debug_map_free);
    if (!ret) {
        return NULL;
    }
    RzList *modules = winkd_list_modules(&kdctx->windctx);
    RzListIter *it;
    WindModule *m;
    rz_list_foreach (modules, it, m) {
        RzDebugMap *mod = RZ_NEW0(RzDebugMap);
        if (!mod) {
            rz_list_free(modules);
            rz_list_free(ret);
            return NULL;
        }
        RZ_PTR_MOVE(mod->file, m->name);
        mod->size = m->size;
        mod->addr = m->addr;
        mod->addr_end = m->addr + m->size;
        rz_list_append(ret, mod);
    }
    rz_list_free(modules);
    return ret;
}

References _KdCtx::desc, kdctx, regress::m, mod(), regress::modules, NULL, rz_debug_map_free(), rz_list_append(), rz_list_free(), rz_list_newf(), RZ_NEW0, RZ_PTR_MOVE, _KdCtx::syncd, _KdCtx::windctx, and winkd_list_modules().

rz_debug_winkd_pids()

static RzList* rz_debug_winkd_pids ( RZ_BORROW RZ_NONNULL RzDebug *  dbg, int  pid  )

static

Definition at line 269 of file debug_winkd.c.

                                                                               {
    if (!kdctx || !kdctx->desc || !kdctx->syncd) {
        return NULL;
    }
 
    RzList *ret = rz_list_newf((RzListFree)rz_debug_pid_free);
    if (!ret) {
        return NULL;
    }
 
    RzList *pids = kdctx->plist_cache ? kdctx->plist_cache : winkd_list_process(&kdctx->windctx);
    if (!pids) {
        rz_list_free(ret);
        return NULL;
    }
    RzListIter *it;
    WindProc *p;
    rz_list_foreach (pids, it, p) {
        RzDebugPid *newpid = RZ_NEW0(RzDebugPid);
        if (!newpid) {
            rz_list_free(ret);
            rz_list_free(pids);
            return NULL;
        }
        newpid->path = strdup(p->name);
        newpid->pid = p->uniqueid;
        newpid->status = 's';
        newpid->runnable = true;
        rz_list_append(ret, newpid);
    }
    kdctx->plist_cache = pids;
    return ret;
}

References _KdCtx::desc, kdctx, NULL, p, rz_debug_pid_t::path, rz_debug_pid_t::pid, _KdCtx::plist_cache, rz_debug_pid_t::runnable, rz_debug_pid_free(), rz_list_append(), rz_list_free(), rz_list_newf(), RZ_NEW0, rz_debug_pid_t::status, strdup(), _KdCtx::syncd, _KdCtx::windctx, and winkd_list_process().

rz_debug_winkd_reg_profile()

static char* rz_debug_winkd_reg_profile ( RZ_BORROW RZ_NONNULL RzDebug *  dbg )

static

Definition at line 233 of file debug_winkd.c.

                                                                           {
    if (!dbg) {
        return NULL;
    }
    if (dbg->arch && strcmp(dbg->arch, "x86")) {
        return NULL;
    }
    rz_debug_winkd_attach(dbg, 0);
    if (dbg->bits == RZ_SYS_BITS_32) {
#include "native/reg/windows-x86.h"
    } else if (dbg->bits == RZ_SYS_BITS_64) {
#include "native/reg/windows-x64.h"
    }
    return NULL;
}

References rz_debug_t::arch, rz_debug_t::bits, dbg, NULL, rz_debug_winkd_attach(), RZ_SYS_BITS_32, and RZ_SYS_BITS_64.

rz_debug_winkd_reg_read()

static int rz_debug_winkd_reg_read ( RZ_BORROW RZ_NONNULL RzDebug *  dbg, int  type, ut8 *  buf, int  size  )

static

Definition at line 15 of file debug_winkd.c.

                                                                                                    {
    int ret = winkd_read_reg(kdctx, buf, size);
    if (!ret) {
        return -1;
    }
    return ret;
}

References kdctx, and winkd_read_reg().

rz_debug_winkd_reg_write()

static int rz_debug_winkd_reg_write ( RZ_BORROW RZ_NONNULL RzDebug *  dbg, int  type, const ut8 *  buf, int  size  )

static

Definition at line 23 of file debug_winkd.c.

                                                                                                           {
    if (!dbg->reg) {
        return false;
    }
    ut32 flags;
    if (kdctx->windctx.is_arm) {
        if (kdctx->windctx.is_64bit) {
            const struct context_type_arm64 *ctx = (void *)buf;
            flags = ctx->ContextFlags;
        } else {
            const struct context_type_arm *ctx = (void *)buf;
            flags = ctx->context_flags;
        }
    } else {
        if (kdctx->windctx.is_64bit) {
            const struct context_type_amd64 *ctx = (void *)buf;
            flags = ctx->context_flags;
        } else {
            const struct context_type_i386 *ctx = (void *)buf;
            flags = ctx->context_flags;
        }
    }
    return winkd_write_reg(kdctx, flags, buf, size);
}

References dbg, flags, _WindCtx::is_64bit, _WindCtx::is_arm, kdctx, rz_debug_t::reg, _KdCtx::windctx, and winkd_write_reg().

rz_debug_winkd_select()

static int rz_debug_winkd_select ( RZ_BORROW RZ_NONNULL RzDebug *  dbg, int  pid, int  tid  )

static

Definition at line 303 of file debug_winkd.c.

                                                                                      {
    ut32 old = winkd_get_target(&kdctx->windctx);
    ut32 old_tid = winkd_get_target_thread(&kdctx->windctx);
    if (pid != old || tid != old_tid) {
        kdctx->context_cache_valid = false;
        if (pid != old) {
            rz_list_free(kdctx->tlist_cache);
            kdctx->tlist_cache = NULL;
        }
    }
    int ret = winkd_set_target(&kdctx->windctx, pid, tid);
    if (!ret) {
        return false;
    }
    ut64 base = winkd_get_target_base(&kdctx->windctx);
    if (!base) {
        winkd_set_target(&kdctx->windctx, old, tid);
        return false;
    }
    eprintf("Process base is 0x%" PFMT64x "\n", base);
    return true;
}

References _KdCtx::context_cache_valid, eprintf, kdctx, NULL, PFMT64x, pid, rz_list_free(), _KdCtx::tlist_cache, ut64(), _KdCtx::windctx, winkd_get_target(), winkd_get_target_base(), winkd_get_target_thread(), and winkd_set_target().

rz_debug_winkd_threads()

static RzList* rz_debug_winkd_threads ( RZ_BORROW RZ_NONNULL RzDebug *  dbg, int  pid  )

static

Definition at line 326 of file debug_winkd.c.

                                                                                  {
    if (!kdctx || !kdctx->desc || !kdctx->syncd) {
        return NULL;
    }
 
    RzList *ret = rz_list_newf(free);
    if (!ret) {
        return NULL;
    }
    RzList *threads = kdctx->tlist_cache ? kdctx->tlist_cache : winkd_list_threads(&kdctx->windctx);
    if (!threads) {
        rz_list_free(ret);
        return NULL;
    }
    RzListIter *it;
    WindThread *t;
    rz_list_foreach (threads, it, t) {
        RzDebugPid *newpid = RZ_NEW0(RzDebugPid);
        if (!newpid) {
            rz_list_free(ret);
            rz_list_free(threads);
            return NULL;
        }
        newpid->pid = t->uniqueid;
        newpid->status = t->status;
        newpid->runnable = t->runnable;
        rz_list_append(ret, newpid);
    }
    kdctx->tlist_cache = threads;
    return ret;
}

References _KdCtx::desc, free(), kdctx, NULL, rz_debug_pid_t::pid, rz_debug_pid_t::runnable, WindThread::runnable, rz_list_append(), rz_list_free(), rz_list_newf(), RZ_NEW0, rz_debug_pid_t::status, WindThread::status, _KdCtx::syncd, threads, _KdCtx::tlist_cache, WindThread::uniqueid, _KdCtx::windctx, and winkd_list_threads().

rz_debug_winkd_wait()

static RzDebugReasonType rz_debug_winkd_wait ( RZ_BORROW RZ_NONNULL RzDebug *  dbg, int  pid  )

static

Definition at line 77 of file debug_winkd.c.

                                                                                         {
    RzDebugReasonType reason = RZ_DEBUG_REASON_UNKNOWN;
    kd_packet_t *pkt = NULL;
    kd_stc_64 *stc;
    if (!winkd_lock_enter(kdctx)) {
        return RZ_DEBUG_REASON_UNKNOWN;
    }
    for (;;) {
        void *bed = rz_cons_sleep_begin();
        int ret;
        do {
            ret = winkd_wait_packet(kdctx, KD_PACKET_TYPE_STATE_CHANGE64, &pkt);
        } while (ret == KD_E_BREAK || ret == KD_E_MALFORMED);
        rz_cons_sleep_end(bed);
        if (ret != KD_E_OK || !pkt) {
            reason = RZ_DEBUG_REASON_ERROR;
            break;
        }
        stc = (kd_stc_64 *)pkt->data;
        dbg->reason.addr = stc->pc;
        dbg->reason.tid = stc->kthread;
        dbg->reason.signum = stc->state;
        if (stc->kthread && stc->kthread != kdctx->windctx.target_thread.ethread) {
            get_current_process_and_thread(dbg, stc->kthread);
        }
        winkd_set_cpu(kdctx, stc->cpu);
        if (stc->state == DbgKdExceptionStateChange) {
            windows_print_exception_event(kdctx->windctx.target.uniqueid, kdctx->windctx.target_thread.uniqueid, stc->exception.code, stc->exception.flags);
            dbg->reason.type = windows_exception_to_reason(stc->exception.code);
            dbg->reason.addr = stc->exception.ex_addr;
            dbg->reason.signum = stc->exception.code;
            reason = dbg->reason.type;
            break;
        } else if (stc->state == DbgKdLoadSymbolsStateChange) {
            dbg->reason.type = RZ_DEBUG_REASON_NEW_LIB;
            reason = RZ_DEBUG_REASON_NEW_LIB;
            break;
        }
        RZ_FREE(pkt);
    }
    winkd_lock_leave(kdctx);
    free(pkt);
    return reason;
}

References rz_debug_reason_t::addr, _KdCtx::cpu, dbg, DbgKdExceptionStateChange, DbgKdLoadSymbolsStateChange, WindThread::ethread, free(), get_current_process_and_thread(), if(), KD_E_BREAK, KD_E_MALFORMED, KD_E_OK, KD_PACKET_TYPE_STATE_CHANGE64, kdctx, NULL, rz_debug_t::reason, rz_cons_sleep_begin(), rz_cons_sleep_end(), RZ_DEBUG_REASON_ERROR, RZ_DEBUG_REASON_NEW_LIB, RZ_DEBUG_REASON_UNKNOWN, RZ_FREE, rz_debug_reason_t::signum, _WindCtx::target, _WindCtx::target_thread, rz_debug_reason_t::tid, rz_debug_reason_t::type, WindProc::uniqueid, WindThread::uniqueid, _KdCtx::windctx, windows_exception_to_reason(), windows_print_exception_event(), winkd_lock_enter(), winkd_lock_leave(), winkd_set_cpu(), and winkd_wait_packet().

Variable Documentation

kdctx

KdCtx* kdctx = NULL

static

Definition at line 13 of file debug_winkd.c.

Referenced by get_current_process_and_thread(), get_module_timestamp(), rz_debug_winkd_attach(), rz_debug_winkd_breakpoint(), rz_debug_winkd_continue(), rz_debug_winkd_detach(), rz_debug_winkd_frames(), rz_debug_winkd_maps(), rz_debug_winkd_modules(), rz_debug_winkd_pids(), rz_debug_winkd_reg_read(), rz_debug_winkd_reg_write(), rz_debug_winkd_select(), rz_debug_winkd_threads(), and rz_debug_winkd_wait().

rizin_plugin

RZ_API RzLibStruct rizin_plugin

Initial value:

= {
    .type = RZ_LIB_TYPE_DBG,
    .data = &rz_debug_plugin_winkd,
    .version = RZ_VERSION
}

Definition at line 457 of file debug_winkd.c.

rz_debug_plugin_winkd

RzDebugPlugin rz_debug_plugin_winkd

Initial value:

= {
    .name = "winkd",
    .license = "LGPL3",
    .arch = "x86",
    .bits = RZ_SYS_BITS_32 | RZ_SYS_BITS_64,
    .init = &rz_debug_winkd_init,
    
    .cont = &rz_debug_winkd_continue,
    .attach = &rz_debug_winkd_attach,
    .detach = &rz_debug_winkd_detach,
    .pids = &rz_debug_winkd_pids,
    .wait = &rz_debug_winkd_wait,
    .select = &rz_debug_winkd_select,
    .breakpoint = rz_debug_winkd_breakpoint,
    .reg_read = &rz_debug_winkd_reg_read,
    .reg_write = &rz_debug_winkd_reg_write,
    .reg_profile = &rz_debug_winkd_reg_profile,
    .threads = &rz_debug_winkd_threads,
    .modules_get = &rz_debug_winkd_modules,
    .map_get = &rz_debug_winkd_maps,
    .frames = &rz_debug_winkd_frames,
}

Definition at line 433 of file debug_winkd.c.