8 #include "../pe/pe_specs.h"
53 RZ_LOG_ERROR(
"Invalid PhysicalMemoryDescriptor magic\n");
58 RZ_LOG_ERROR(
"Invalid PhysicalMemoryDescriptor offset\n");
68 RZ_LOG_ERROR(
"Cannot read memory runs value from dmp64.\n");
75 for (
i = 0;
i < num_runs;
i++) {
77 for (j = 0; j <
run->PageCount; j++) {
90 RZ_LOG_WARN(
"The number of pages in the structure does not match with the counted one.\n");
132 ut32 name_offset = 0;
142 if (
str.count > 1024) {
155 const size_t size = (
str.count + 1) *
sizeof(
ut16);
157 driver->
file = (
char *)file_utf8;
218 bool create_new_page =
true;
220 for (
i = 0;
i < num_pages;
i++) {
222 create_new_page =
true;
225 if (!create_new_page) {
244 create_new_page =
false;
247 RZ_LOG_ERROR(
"The total present pages number in the header does not match with the counted one.\n");
347 case code: return #code;
348 switch (BugCheckCode) {
715 return "Not a crash";
static int rz_bin_dmp64_init_header(struct rz_bin_dmp64_obj_t *obj)
struct rz_bin_dmp64_obj_t * rz_bin_dmp64_new_buf(RzBuffer *buf)
static bool rz_bin_dmp64_init_triage_datablocks(struct rz_bin_dmp64_obj_t *obj)
static int rz_bin_dmp64_init(struct rz_bin_dmp64_obj_t *obj)
static int rz_bin_dmp64_init_memory_runs(struct rz_bin_dmp64_obj_t *obj)
static int rz_bin_dmp64_init_bmp_header(struct rz_bin_dmp64_obj_t *obj)
static bool rz_bin_dmp64_init_triage_drivers(struct rz_bin_dmp64_obj_t *obj)
static int rz_bin_dmp64_init_bmp_pages(struct rz_bin_dmp64_obj_t *obj)
const char * rz_bin_dmp64_bugcheckcode_as_str(ut32 BugCheckCode)
void rz_bin_dmp64_free(struct rz_bin_dmp64_obj_t *obj)
static bool rz_bin_dmp64_init_triage(struct rz_bin_dmp64_obj_t *obj)
static void free_driver(dmp_driver_desc *driver)
#define INSTRUCTION_BUS_ERROR
#define PAGE_FAULT_IN_FREED_SPECIAL_POOL
#define INVALID_PROCESS_ATTACH_ATTEMPT
#define PNP_DETECTED_FATAL_ERROR
#define CID_HANDLE_CREATION
#define INVALID_FLOATING_POINT_STATE
#define CORRUPT_ACCESS_TOKEN
#define PFN_REFERENCE_COUNT
#define OS_DATA_TAMPERING
#define DRIVER_POWER_STATE_FAILURE
#define INVALID_KERNEL_STACK_ADDRESS
#define DRIVER_RETURNED_HOLDING_CANCEL_LOCK
#define KERNEL_MODE_EXCEPTION_NOT_HANDLED_M
#define NO_SUCH_PARTITION
#define PASSIVE_INTERRUPT_ERROR
#define FAULTY_HARDWARE_CORRUPTED_PAGE
#define WORKER_THREAD_TEST_CONDITION
#define SET_ENV_VAR_FAILED
#define VIDEO_SCHEDULER_INTERNAL_ERROR
#define DRIVER_LEFT_LOCKED_PAGES_IN_PROCESS
#define END_OF_NT_EVALUATION_PERIOD
#define CID_HANDLE_DELETION
#define LOCKED_PAGES_TRACKER_CORRUPTION
#define INVALID_AFFINITY_SET
#define SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
#define PINBALL_FILE_SYSTEM
#define SECURITY1_INITIALIZATION_FAILED
#define STATUS_IMAGE_CHECKSUM_MISMATCH
#define PROCESS_HAS_LOCKED_PAGES
#define NMI_HARDWARE_FAILURE
#define WORKER_THREAD_RETURNED_AT_BAD_IRQL
#define INVALID_SILO_DETACH
#define SHARED_RESOURCE_CONV_ERROR
#define INVALID_DATA_ACCESS_TRAP
#define UNEXPECTED_KERNEL_MODE_TRAP
#define DMP_DUMPTYPE_BITMAPFULL
#define IO1_INITIALIZATION_FAILED
#define INSUFFICIENT_SYSTEM_MAP_REGS
#define PDC_WATCHDOG_TIMEOUT
#define REFERENCE_BY_POINTER
#define PROCESSOR_DRIVER_INTERNAL
#define PAGE_FAULT_BEYOND_END_OF_ALLOCATION
#define EMPTY_THREAD_REAPER_LIST
#define NDIS_INTERNAL_ERROR
#define SYSTEM_LICENSE_VIOLATION
#define MEMORY1_INITIALIZATION_FAILED
#define INVALID_WORK_QUEUE_ITEM
#define DMP_DUMPTYPE_BITMAPKERNEL
#define SDBUS_INTERNAL_ERROR
#define IMPERSONATING_WORKER_THREAD
#define INVALID_SOFTWARE_INTERRUPT
#define LPC_INITIALIZATION_FAILED
#define THREAD_TERMINATE_HELD_MUTEX
#define INVALID_REGION_OR_SEGMENT
#define WIN32K_HANDLE_MANAGER
#define NETIO_INVALID_POOL_CALLER
#define TRAP_CAUSE_UNKNOWN
#define TARGET_MDL_TOO_SMALL
#define WORKER_THREAD_RETURNED_WHILE_ATTACHED_TO_SILO
#define DRIVER_CORRUPTED_MMPOOL
#define HYPERGUARD_VIOLATION
#define KERNEL_MODE_HEAP_CORRUPTION
#define UNSUPPORTED_PROCESSOR
#define DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS
#define VOLSNAP_OVERLAPPED_TABLE_ACCESS
#define UNSUPPORTED_INSTRUCTION_MODE
#define INVALID_PUSH_LOCK_FLAGS
#define DMP_DUMPTYPE_TRIAGE
#define RESOURCE_NOT_OWNED
#define DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL
#define VIDEO_TDR_TIMEOUT_DETECTED
#define BC_BTHMINI_VERIFIER_FAULT
#define ELAM_DRIVER_DETECTED_FATAL_ERROR
#define CANNOT_WRITE_CONFIGURATION
#define PROFILER_CONFIGURATION_ILLEGAL
#define THREAD_STUCK_IN_DEVICE_DRIVER_M
#define KERNEL_THREAD_PRIORITY_FLOOR_VIOLATION
#define SCSI_VERIFIER_DETECTED_VIOLATION
#define ERESOURCE_INVALID_RELEASE
#define KERNEL_SECURITY_CHECK_FAILURE
#define SECURE_KERNEL_ERROR
#define INVALID_DRIVER_HANDLE
#define SERIAL_DRIVER_INTERNAL
#define SET_OF_INVALID_CONTEXT
#define WORKER_THREAD_RETURNED_WITH_BAD_PAGING_IO_PRIORITY
#define HTTP_DRIVER_CORRUPTED
#define SPIN_LOCK_ALREADY_OWNED
#define PROCESS_INITIALIZATION_FAILED
#define MANUALLY_INITIATED_POWER_BUTTON_HOLD
#define BC_BLUETOOTH_VERIFIER_FAULT
#define INVALID_CALLBACK_STACK_ADDRESS
#define INVALID_SLOT_ALLOCATOR_FLAGS
#define MUST_SUCCEED_POOL_EMPTY
#define IRQL_UNEXPECTED_VALUE
#define DRIVER_CORRUPTED_EXPOOL
#define SYSTEM_SERVICE_EXCEPTION
#define SESSION1_INITIALIZATION_FAILED
#define CLUSTER_CSV_CLUSSVC_DISCONNECT_WATCHDOG
#define TOO_MANY_RECURSIVE_FAULTS
#define BGI_DETECTED_VIOLATION
#define WIN32K_ATOMIC_CHECK_FAILURE
#define MULTIPLE_IRP_COMPLETE_REQUESTS
#define NO_MORE_IRP_STACK_LOCATIONS
#define SCSI_DISK_DRIVER_INTERNAL
#define KERNEL_LOCK_ENTRY_LEAKED_ON_THREAD_TERMINATION
#define NMR_INVALID_STATE
#define IRQL_NOT_DISPATCH_LEVEL
#define THIRD_PARTY_FILE_SYSTEM_FAILURE
#define DPC_WATCHDOG_VIOLATION
#define PP1_INITIALIZATION_FAILED
#define REGISTRY_FILTER_DRIVER_EXCEPTION
#define INTERNAL_POWER_ERROR
#define HAL_BLOCKED_PROCESSOR_INTERNAL_ERROR
#define STORAGE_DEVICE_ABNORMALITY_DETECTED
#define SOC_SUBSYSTEM_FAILURE
#define EXCEPTION_SCOPE_INVALID
#define CNSS_FILE_SYSTEM_FILTER
#define DYNAMIC_ADD_PROCESSOR_MISMATCH
#define MAILSLOT_FILE_SYSTEM
#define MEMORY_MANAGEMENT
#define WINLOGON_FATAL_ERROR
#define HARDWARE_INTERRUPT_STORM
#define MEMORY_IMAGE_CORRUPT
#define DRIVER_PNP_WATCHDOG
#define MUTEX_LEVEL_NUMBER_VIOLATION
#define MUTEX_ALREADY_OWNED
#define VIDEO_SHADOW_DRIVER_FATAL_ERROR
#define DRIVER_INVALID_STACK_ACCESS
#define NO_SPIN_LOCK_AVAILABLE
#define CLOCK_WATCHDOG_TIMEOUT
#define MBR_CHECKSUM_MISMATCH
#define ACTIVE_EX_WORKER_THREAD_TERMINATION
#define BAD_SYSTEM_CONFIG_INFO
#define LOADER_BLOCK_MISMATCH
#define DRIVER_USED_EXCESSIVE_PTES
#define VIDEO_DRIVER_INIT_FAILURE
#define BUGCODE_NDIS_DRIVER
#define BAD_OBJECT_HEADER
#define KERNEL_STACK_LOCKED_AT_EXIT
#define BOUND_IMAGE_UNSUPPORTED
#define SESSION4_INITIALIZATION_FAILED
#define REF_UNKNOWN_LOGON_SESSION
#define ABNORMAL_RESET_DETECTED
#define PAGE_FAULT_IN_NONPAGED_AREA
#define DATA_COHERENCY_EXCEPTION
#define CACHE_INITIALIZATION_FAILED
#define DRIVER_CAUGHT_MODIFYING_FREED_POOL
#define MACHINE_CHECK_EXCEPTION
#define INVALID_HIBERNATED_STATE
#define SESSION3_INITIALIZATION_FAILED
#define FATAL_UNHANDLED_HARD_ERROR
#define MICROCODE_REVISION_MISMATCH
#define FLOPPY_INTERNAL_ERROR
#define INTERRUPT_EXCEPTION_NOT_HANDLED
#define ACPI_BIOS_FATAL_ERROR
#define DRIVER_VERIFIER_DMA_VIOLATION
#define MANUALLY_INITIATED_CRASH
#define ILLEGAL_IOMMU_PAGE_FAULT
#define KERNEL_AUTO_BOOST_INVALID_LOCK_RELEASE
#define NO_USER_MODE_CONTEXT
#define INVALID_MDL_RANGE
#define CONFIG_LIST_FAILED
#define AGP_GART_CORRUPTION
#define SECURE_FAULT_UNHANDLED
#define INTERRUPT_UNWIND_ATTEMPTED
#define SECURITY_INITIALIZATION_FAILED
#define VHD_BOOT_INITIALIZATION_FAILED
#define CHIPSET_DETECTED_ERROR
#define FLTMGR_FILE_SYSTEM
#define RESOURCE_MANAGER_EXCEPTION_NOT_HANDLED
#define MULTIPROCESSOR_CONFIGURATION_NOT_SUPPORTED
#define PF_DETECTED_CORRUPTION
#define AGP_ILLEGALLY_REPROGRAMMED
#define KERNEL_WMI_INTERNAL
#define SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION
#define AGP_INVALID_ACCESS
#define MSRPC_STATE_VIOLATION
#define SOC_CRITICAL_DEVICE_REMOVED
#define ATTEMPTED_WRITE_TO_CM_PROTECTED_STORAGE
#define DRIVER_IRQL_NOT_LESS_OR_EQUAL
#define RESOURCE_OWNER_POINTER_INVALID
#define HARDWARE_WATCHDOG_TIMEOUT
#define DIRTY_MAPPED_PAGES_CONGESTION
#define PAGE_FAULT_WITH_INTERRUPTS_OFF
#define CRITICAL_INITIALIZATION_FAILURE
#define STORAGE_MINIPORT_ERROR
#define MAXIMUM_WAIT_OBJECTS_EXCEEDED
#define WORKER_THREAD_RETURNED_WITH_NON_DEFAULT_WORKLOAD_CLASS
#define SPIN_LOCK_INIT_FAILURE
#define SYSTEM_PTE_MISUSE
#define DISORDERLY_SHUTDOWN
#define POOL_CORRUPTION_IN_FILE_AREA
#define DEVICE_REFERENCE_COUNT_NOT_ZERO
#define SESSION_HAS_VALID_VIEWS_ON_EXIT
#define PROCESS1_INITIALIZATION_FAILED
#define KERNEL_DATA_INPAGE_ERROR
#define PP0_INITIALIZATION_FAILED
#define COREMSGCALL_INTERNAL_ERROR
#define LM_SERVER_INTERNAL_ERROR
#define OBJECT_INITIALIZATION_FAILED
#define STATUS_CANNOT_LOAD_REGISTRY_FILE
#define CRITICAL_SERVICE_FAILED
#define WORKER_THREAD_RETURNED_WITH_SYSTEM_PAGE_PRIORITY_ACTIVE
#define NO_MORE_SYSTEM_PTES
#define SYMBOLIC_INITIALIZATION_FAILED
#define FATAL_ABNORMAL_RESET_ERROR
#define HAL_IOMMU_INTERNAL_ERROR
#define DRIVER_PAGE_FAULT_BEYOND_END_OF_ALLOCATION
#define UNEXPECTED_KERNEL_MODE_TRAP_M
#define DMP_DUMPTYPE_FULL
#define CRITICAL_PROCESS_DIED
#define DMA_COMMON_BUFFER_VECTOR_ERROR
#define NO_EXCEPTION_HANDLING_SUPPORT
#define HAL_ILLEGAL_IOMMU_PAGE_FAULT
#define KERNEL_STORAGE_SLOT_IN_USE
#define LAST_CHANCE_CALLED_FROM_KMODE
#define KMODE_EXCEPTION_NOT_HANDLED
#define ATDISK_DRIVER_INTERNAL
#define RAMDISK_BOOT_INITIALIZATION_FAILED
#define DRIVER_VERIFIER_IOMANAGER_VIOLATION
#define MUI_NO_VALID_SYSTEM_LANGUAGE
#define RESERVE_QUEUE_OVERFLOW
#define SECURE_BOOT_VIOLATION
#define PHASE0_INITIALIZATION_FAILED
#define HAL1_INITIALIZATION_FAILED
#define TTM_WATCHDOG_TIMEOUT
#define LOADER_ROLLBACK_DETECTED
#define WIN32K_CALLOUT_WATCHDOG_BUGCHECK
#define ACPI_DRIVER_INTERNAL
#define COREMSG_INTERNAL_ERROR
#define WHEA_INTERNAL_ERROR
#define CONFIG_INITIALIZATION_FAILED
#define WFP_INVALID_OPERATION
#define UP_DRIVER_ON_MP_SYSTEM
#define SESSION5_INITIALIZATION_FAILED
#define VIDEO_DXGKRNL_FATAL_ERROR
#define DPC_WATCHDOG_TIMEOUT
#define BITLOCKER_FATAL_ERROR
#define GPIO_CONTROLLER_DRIVER_ERROR
#define EXFAT_FILE_SYSTEM
#define MANUALLY_INITIATED_CRASH1
#define THREAD_STUCK_IN_DEVICE_DRIVER
#define UNEXPECTED_STORE_EXCEPTION
#define ATTEMPTED_WRITE_TO_READONLY_MEMORY
#define CPI_FIRMWARE_WATCHDOG_TIMEOUT
#define APP_TAGGING_INITIALIZATION_FAILED
#define CREATE_DELETE_LOCK_NOT_LOCKED
#define SYSTEM_EXIT_OWNED_MUTEX
#define FAST_ERESOURCE_PRECONDITION_VIOLATION
#define INACCESSIBLE_BOOT_DEVICE
#define DEVICE_QUEUE_NOT_BUSY
#define STREAMS_INTERNAL_ERROR
#define DRIVER_OVERRAN_STACK_BUFFER
#define EM_INITIALIZATION_FAILURE
#define UNMOUNTABLE_BOOT_VOLUME
#define VHD_BOOT_HOST_VOLUME_NOT_ENOUGH_SPACE
#define FILE_INITIALIZATION_FAILED
#define WIN32K_SECURITY_FAILURE
#define ASSIGN_DRIVE_LETTERS_FAILED
#define KERNEL_PARTITION_REFERENCE_VIOLATION
#define DRIVER_PORTION_MUST_BE_NONPAGED
#define INSTALL_MORE_MEMORY
#define SESSION2_INITIALIZATION_FAILED
#define PHASE1_INITIALIZATION_FAILED
#define WIN32K_POWER_WATCHDOG_TIMEOUT
#define VIDEO_TDR_FAILURE
#define KERNEL_AUTO_BOOST_LOCK_ACQUISITION_WITH_RAISED_IRQL
#define KERNEL_STACK_INPAGE_ERROR
#define NETWORK_BOOT_INITIALIZATION_FAILED
#define ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY
#define HAL_INITIALIZATION_FAILED
#define VIDEO_MEMORY_MANAGEMENT_INTERNAL
#define SPIN_LOCK_NOT_OWNED
#define TIMER_OR_DPC_INVALID
#define STORE_DATA_STRUCTURE_CORRUPTION
#define IRQL_GT_ZERO_AT_SYSTEM_SERVICE
#define REFMON_INITIALIZATION_FAILED
#define INVALID_PROCESS_DETACH_ATTEMPT
#define INSTRUCTION_COHERENCY_EXCEPTION
#define VIDEO_DWMINIT_TIMEOUT_FALLBACK_BDD
#define UNEXPECTED_INITIALIZATION_CALL
#define INVALID_EXTENDED_PROCESSOR_STATE
#define WORKER_THREAD_RETURNED_WITH_BAD_IO_PRIORITY
#define IRQL_NOT_LESS_OR_EQUAL
#define INVALID_CANCEL_OF_FILE_OPEN
#define APC_INDEX_MISMATCH
#define HAL_MEMORY_ALLOCATION
#define BUGCODE_USB_DRIVER
#define KERNEL_APC_PENDING_DURING_EXIT
#define USER_MODE_HEALTH_MONITOR
#define XBOX_ERACTRL_CS_TIMEOUT
#define INVALID_IO_BOOST_STATE
#define IPI_WATCHDOG_TIMEOUT
#define ATTEMPTED_SWITCH_FROM_DPC
#define TCPIP_AOAC_NIC_ACTIVE_REFERENCE_LEAK
#define DRIVER_UNMAPPING_INVALID_VIEW
#define VIDEO_DRIVER_DEBUG_REPORT_REQUEST
#define EVENT_TRACING_FATAL_ERROR
#define CRYPTO_LIBRARY_INTERNAL_ERROR
#define CRITICAL_OBJECT_TERMINATION
#define DRIVER_VERIFIER_DETECTED_VIOLATION
#define CRYPTO_SELF_TEST_FAILURE
#define TERMINAL_SERVER_DRIVER_MADE_INCORRECT_MEMORY_REFERENCE
#define SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
#define INVALID_KERNEL_HANDLE
#define XNS_INTERNAL_ERROR
#define IRQL_NOT_GREATER_OR_EQUAL
#define WORKER_THREAD_INVALID_STATE
#define FTDISK_INTERNAL_ERROR
#define DEREF_UNKNOWN_LOGON_SESSION
#define CANCEL_STATE_IN_COMPLETED_IRP
#define SESSION_HAS_VALID_SPECIAL_POOL_ON_EXIT
#define DIRTY_NOWRITE_PAGES_CONGESTION
#define SYSTEM_UNWIND_PREVIOUS_USER
#define PCI_VERIFIER_DETECTED_VIOLATION
#define NETWORK_BOOT_DUPLICATE_ADDRESS
#define BUGCODE_ID_DRIVER
#define CRITICAL_STRUCTURE_CORRUPTION
#define SYSTEM_SCAN_AT_RAISED_IRQL_CAUGHT_IMPROPER_DRIVER_UNLOAD
#define DMP_BMP_FULL_MAGIC
#define PORT_DRIVER_INTERNAL
#define THREAD_NOT_MUTEX_OWNER
#define FSRTL_EXTRA_CREATE_PARAMETER_VIOLATION
#define INVALID_RUNDOWN_PROTECTION_FLAGS
#define PANIC_STACK_SWITCH
#define DRIVER_RETURNED_STATUS_REPARSE_FOR_VOLUME_OPEN
#define BUGCODE_USB3_DRIVER
#define KERNEL_MODE_EXCEPTION_NOT_HANDLED
#define NO_PAGES_AVAILABLE
#define PCI_BUS_DRIVER_INTERNAL
#define DRIVER_CORRUPTED_SYSPTES
#define OBJECT1_INITIALIZATION_FAILED
#define SYNTHETIC_WATCHDOG_TIMEOUT
RZ_API void Ht_() free(HtName_(Ht) *ht)
RZ_API RZ_OWN RzList * rz_list_newf(RzListFree f)
Returns a new initialized RzList pointer and sets the free method.
RZ_API RZ_BORROW RzListIter * rz_list_push(RZ_NONNULL RzList *list, void *item)
Alias for rz_list_append.
RZ_API RZ_BORROW RzListIter * rz_list_append(RZ_NONNULL RzList *list, void *data)
Appends at the end of the list a new element.
RZ_API void rz_list_free(RZ_NONNULL RzList *list)
Empties the list and frees the list pointer.
void * calloc(size_t number, size_t size)
static int run(int i, const char *arg)
RZ_API RzBitmap * rz_bitmap_new(size_t len)
RZ_API void rz_bitmap_set_bytes(RzBitmap *b, const ut8 *buf, int len)
RZ_API int rz_bitmap_test(RzBitmap *b, size_t bit)
RZ_API void rz_bitmap_free(RzBitmap *b)
RZ_API st64 rz_buf_seek(RZ_NONNULL RzBuffer *b, st64 addr, int whence)
Modify the current cursor position in the buffer.
RZ_API RzBuffer * rz_buf_ref(RzBuffer *b)
Increment the reference count of the buffer.
RZ_API st64 rz_buf_read_at(RZ_NONNULL RzBuffer *b, ut64 addr, RZ_NONNULL RZ_OUT ut8 *buf, ut64 len)
Read len bytes of the buffer at the specified address.
#define rz_buf_read_le32_at(b, addr, result)
#define rz_buf_read_le32(b, result)
#define rz_buf_read_le64(b, result)
RZ_API void rz_buf_free(RzBuffer *b)
Free all internal data hold by the buffer and the buffer.
RZ_API st64 rz_buf_read(RZ_NONNULL RzBuffer *b, RZ_NONNULL RZ_OUT ut8 *buf, ut64 len)
RZ_API ut64 rz_buf_size(RZ_NONNULL RzBuffer *b)
Return the size of the buffer.
#define rz_buf_read_le64_at(b, addr, result)
void(* RzListFree)(void *ptr)
#define RZ_LOG_WARN(fmtstr,...)
#define RZ_LOG_ERROR(fmtstr,...)
RZ_API int rz_str_utf16_to_utf8(ut8 *dst, int len_dst, const ut8 *src, int len_src, bool little_endian)
#define rz_offsetof(type, member)
RZ_API Sdb * sdb_new0(void)
union dmp64_triage::@133 ArchitectureSpecific
ut32 UnloadedDriversOffset
dmp_bmp_header * bmp_header
dmp64_triage * triage64_header
ut64(WINAPI *w32_GetEnabledXStateFeatures)()
1.9.1