9 #define COMMENTS_SIZE 32
14 struct minidump_memory_descriptor64 *memory;
15 ut64 index, paddr = 0;
21 if (vaddr == memory->start_of_memory_range) {
25 index += memory->data_size;
31 struct minidump_memory_info *mem_info;
39 if (mem_info->allocation_base && vaddr == mem_info->base_address) {
48 struct minidump_memory_info *mem_info;
57 switch (mem_info->protect) {
80 struct Pe32_rz_bin_mdmp_pe_bin *pe_bin = pe_bin_;
83 Pe32_rz_bin_pe_free(pe_bin->bin);
89 struct Pe64_rz_bin_mdmp_pe_bin *pe_bin = pe_bin_;
92 Pe64_rz_bin_pe_free(pe_bin->bin);
134 sdb_set(obj->
kv,
"mdmp_mem_state.cparse",
135 "enum mdmp_mem_state { MEM_COMMIT=0x1000, "
136 "MEM_FREE=0x10000, MEM_RESERVE=0x02000 };",
140 "enum mdmp_mem_type { MEM_IMAGE=0x1000000, "
141 "MEM_MAPPED=0x40000, MEM_PRIVATE=0x20000 };",
144 sdb_set(obj->
kv,
"mdmp_page_protect.cparse",
145 "enum mdmp_page_protect { PAGE_NOACCESS=1, "
146 "PAGE_READONLY=2, PAGE_READWRITE=4, PAGE_WRITECOPY=8, "
147 "PAGE_EXECUTE=0x10, PAGE_EXECUTE_READ=0x20, "
148 "PAGE_EXECUTE_READWRITE=0x40, PAGE_EXECUTE_WRITECOPY=0x80, "
149 "PAGE_GUARD=0x100, PAGE_NOCACHE=0x200, "
150 "PAGE_WRITECOMBINE=0x400, PAGE_TARGETS_INVALID=0x40000000 };",
153 sdb_set(obj->
kv,
"mdmp_misc1_flags.cparse",
154 "enum mdmp_misc1_flags { MINIDUMP_MISC1_PROCESS_ID=1, "
155 "MINIDUMP_MISC1_PROCESS_TIMES=2, "
156 "MINIDUMP_MISC1_PROCESSOR_POWER_INFO=4 };",
159 sdb_set(obj->
kv,
"mdmp_processor_architecture.cparse",
160 "enum mdmp_processor_architecture { "
161 "PROCESSOR_ARCHITECTURE_INTEL=0, "
162 "PROCESSOR_ARCHITECTURE_ARM=5, "
163 "PROCESSOR_ARCHITECTURE_IA64=6, "
164 "PROCESSOR_ARCHITECTURE_AMD64=9, "
165 "PROCESSOR_ARCHITECTURE_UNKNOWN=0xffff };",
168 sdb_set(obj->
kv,
"mdmp_product_type.cparse",
169 "enum mdmp_product_type { "
170 "VER_NT_WORKSTATION=1, VER_NT_DOMAIN_CONTROLLER=2, "
171 "VER_NT_SERVER=3 };",
174 sdb_set(obj->
kv,
"mdmp_platform_id.cparse",
175 "enum mdmp_platform_id { "
176 "VER_PLATFORM_WIN32s=0, "
177 "VER_PLATFORM_WIN32_WINDOWS=1, "
178 "VER_PLATFORM_WIN32_NT=2 };",
181 sdb_set(obj->
kv,
"mdmp_suite_mask.cparse",
182 "enum mdmp_suite_mask { "
183 "VER_SUITE_SMALLBUSINESS=1, VER_SUITE_ENTERPRISE=2, "
184 "VER_SUITE_BACKOFFICE=4, VER_SUITE_TERMINAL=0x10, "
185 "VER_SUITE_SMALLBUSINESS_RESTRICTED=0x20, "
186 "VER_SUITE_EMBEDDEDNT=0x40, VER_SUITE_DATACENTER=0x80, "
187 "VER_SUITE_SINGLEUSERTS=0x100, VER_SUITE_PERSONAL=0x200, "
188 "VER_SUITE_BLADE=0x400, VER_SUITE_STORAGE_SERVER=0x2000, "
189 "VER_SUITE_COMPUTE_SERVER=0x4000 };",
192 sdb_set(obj->
kv,
"mdmp_callback_type.cparse",
193 "enum mdmp_callback_type { ModuleCallback=0,"
194 "ThreadCallback=1, ThreadExCallback=2, "
195 "IncludeThreadCallback=3, IncludeModuleCallback=4, "
196 "MemoryCallback=5, CancelCallback=6, "
197 "WriteKernelMinidumpCallback=7, "
198 "KernelMinidumpStatusCallback=8, "
199 "RemoveMemoryCallback=9, "
200 "IncludeVmRegionCallback=10, "
201 "IoStartCallback=11, IoWriteAllCallback=12, "
202 "IoFinishCallback=13, ReadMemoryFailureCallback=14, "
203 "SecondaryFlagsCallback=15 };",
206 sdb_set(obj->
kv,
"mdmp_exception_code.cparse",
207 "enum mdmp_exception_code { "
208 "DBG_CONTROL_C=0x40010005, "
209 "EXCEPTION_GUARD_PAGE_VIOLATION=0x80000001, "
210 "EXCEPTION_DATATYPE_MISALIGNMENT=0x80000002, "
211 "EXCEPTION_BREAKPOINT=0x80000003, "
212 "EXCEPTION_SINGLE_STEP=0x80000004, "
213 "EXCEPTION_ACCESS_VIOLATION=0xc0000005, "
214 "EXCEPTION_IN_PAGE_ERROR=0xc0000006, "
215 "EXCEPTION_INVALID_HANDLE=0xc0000008, "
216 "EXCEPTION_ILLEGAL_INSTRUCTION=0xc000001d, "
217 "EXCEPTION_NONCONTINUABLE_EXCEPTION=0xc0000025, "
218 "EXCEPTION_INVALID_DISPOSITION=0xc0000026, "
219 "EXCEPTION_ARRAY_BOUNDS_EXCEEDED=0xc000008c, "
220 "EXCEPTION_FLOAT_DENORMAL_OPERAND=0xc000008d, "
221 "EXCEPTION_FLOAT_DIVIDE_BY_ZERO=0xc000008e, "
222 "EXCEPTION_FLOAT_INEXACT_RESULT=0xc000008f, "
223 "EXCEPTION_FLOAT_INVALID_OPERATION=0xc0000090, "
224 "EXCEPTION_FLOAT_OVERFLOW=0xc0000091, "
225 "EXCEPTION_FLOAT_STACK_CHECK=0xc0000092, "
226 "EXCEPTION_FLOAT_UNDERFLOW=0xc0000093, "
227 "EXCEPTION_INTEGER_DIVIDE_BY_ZERO=0xc0000094, "
228 "EXCEPTION_INTEGER_OVERFLOW=0xc0000095, "
229 "EXCEPTION_PRIVILEGED_INSTRUCTION=0xc0000096, "
230 "EXCEPTION_STACK_OVERFLOW=0xc00000fd, "
231 "EXCEPTION_POSSIBLE_DEADLOCK=0xc0000194 };",
234 sdb_set(obj->
kv,
"mdmp_exception_flags.cparse",
235 "enum mdmp_exception_flags { "
236 "EXCEPTION_CONTINUABLE=0, "
237 "EXCEPTION_NONCONTINUABLE=1 };",
240 sdb_set(obj->
kv,
"mdmp_handle_object_information_type.cparse",
241 "enum mdmp_handle_object_information_type { "
242 "MiniHandleObjectInformationNone=0, "
243 "MiniThreadInformation1=1, MiniMutantInformation1=2, "
244 "MiniMutantInformation2=3, MiniMutantProcessInformation1=4, "
245 "MiniProcessInformation2=5 };",
248 sdb_set(obj->
kv,
"mdmp_secondary_flags.cparse",
249 "enum mdmp_secondary_flags { "
250 "MiniSecondaryWithoutPowerInfo=0 };",
253 sdb_set(obj->
kv,
"mdmp_stream_type.cparse",
254 "enum mdmp_stream_type { UnusedStream=0, "
255 "ReservedStream0=1, ReservedStream1=2, "
256 "ThreadListStream=3, ModuleListStream=4, "
257 "MemoryListStream=5, ExceptionStream=6, "
258 "SystemInfoStream=7, ThreadExListStream=8, "
259 "Memory64ListStream=9, CommentStreamA=10, "
260 "CommentStreamW=11, HandleDataStream=12, "
261 "FunctionTableStream=13, UnloadedModuleListStream=14, "
262 "MiscInfoStream=15, MemoryInfoListStream=16, "
263 "ThreadInfoListStream=17, "
264 "HandleOperationListStream=18, "
265 "LastReservedStream=0xffff };",
268 sdb_set(obj->
kv,
"mdmp_type.cparse",
"enum mdmp_type { "
269 "MiniDumpNormal=0x0, "
270 "MiniDumpWithDataSegs=0x1, "
271 "MiniDumpWithFullMemory=0x2, "
272 "MiniDumpWithHandleData=0x4, "
273 "MiniDumpFilterMemory=0x8, "
274 "MiniDumpScanMemory=0x10, "
275 "MiniDumpWithUnloadedModule=0x20, "
276 "MiniDumpWihinDirectlyReferencedMemory=0x40, "
277 "MiniDumpFilterWithModulePaths=0x80,"
278 "MiniDumpWithProcessThreadData=0x100, "
279 "MiniDumpWithPrivateReadWriteMemory=0x200, "
280 "MiniDumpWithoutOptionalDate=0x400, "
281 "MiniDumpWithFullMemoryInfo=0x800, "
282 "MiniDumpWithThreadInfo=0x1000, "
283 "MiniDumpWithCodeSegs=0x2000, "
284 "MiniDumpWithoutAuxiliaryState=0x4000, "
285 "MiniDumpWithFullAuxiliaryState=0x8000, "
286 "MiniDumpWithPrivateWriteCopyMemory=0x10000, "
287 "MiniDumpIgnoreInaccessibleMemory=0x20000, "
288 "MiniDumpWithTokenInformation=0x40000, "
289 "MiniDumpWithModuleHeaders=0x80000, "
290 "MiniDumpFilterTriage=0x100000, "
291 "MiniDumpValidTypeFlags=0x1fffff };",
294 sdb_set(obj->
kv,
"mdmp_module_write_flags.cparse",
295 "enum mdmp_module_write_flags { "
296 "ModuleWriteModule=0, ModuleWriteDataSeg=2, "
297 "ModuleWriteMiscRecord=4, ModuleWriteCvRecord=8, "
298 "ModuleReferencedByMemory=0x10, ModuleWriteTlsData=0x20, "
299 "ModuleWriteCodeSegs=0x40 };",
302 sdb_set(obj->
kv,
"mdmp_thread_write_flags.cparse",
303 "enum mdmp_thread_write_flags { "
304 "ThreadWriteThread=0, ThreadWriteStack=2, "
305 "ThreadWriteContext=4, ThreadWriteBackingStore=8, "
306 "ThreadWriteInstructionWindow=0x10, "
307 "ThreadWriteThreadData=0x20, "
308 "ThreadWriteThreadInfo=0x40 };",
311 sdb_set(obj->
kv,
"mdmp_context_flags.cparse",
312 "enum mdmp_context_flags { CONTEXT_i386=0x10000, "
313 "CONTEXT_CONTROL=0x10001, CONTEXT_INTEGER=0x10002, "
314 "CONTEXT_SEGMENTS=0x10004, CONTEXT_FLOATING_POINT=0x10008, "
315 "CONTEXT_DEBUG_REGISTERS=0x10010, "
316 "CONTEXT_EXTENDED_REGISTERS=0x10020 };",
319 sdb_set(obj->
kv,
"mdmp_location_descriptor.format",
320 "dd DataSize RVA", 0);
321 sdb_set(obj->
kv,
"mdmp_location_descriptor64.format",
322 "qq DataSize RVA", 0);
323 sdb_set(obj->
kv,
"mdmp_memory_descriptor.format",
"q? "
324 "StartOfMemoryRange "
325 "(mdmp_location_descriptor)Memory",
327 sdb_set(obj->
kv,
"mdmp_memory_descriptor64.format",
"qq "
328 "StartOfMemoryRange DataSize",
333 sdb_set (obj->
kv,
"mdmp_context.format",
"[4]B "
334 "(mdmp_context_flags)ContextFlags", 0);
337 sdb_set(obj->
kv,
"mdmp_vs_fixedfileinfo.format",
"ddddddddddddd "
338 "dwSignature dwStrucVersion dwFileVersionMs "
339 "dwFileVersionLs dwProductVersionMs "
340 "dwProductVersionLs dwFileFlagsMask dwFileFlags "
341 "dwFileOs dwFileType dwFileSubtype dwFileDateMs "
345 sdb_set(obj->
kv,
"mdmp_string.format",
"dZ Length Buffer", 0);
372 ut32 number_of_streams = 0;
376 hdr->number_of_streams = number_of_streams;
378 ut32 stream_directory_rva = 0;
382 hdr->stream_directory_rva = stream_directory_rva;
388 hdr->check_sum = check_sum;
410 obj->
hdr =
RZ_NEW(
struct minidump_header);
416 if (obj->
hdr->number_of_streams == 0) {
421 if (obj->
hdr->stream_directory_rva <
sizeof(
struct minidump_header)) {
422 RZ_LOG_ERROR(
"RVA for directory resides in the header!\n");
426 if (obj->
hdr->check_sum) {
427 RZ_LOG_INFO(
"Checksum present but needs validating!\n");
431 sdb_num_set(obj->
kv,
"mdmp.hdr.time_date_stamp", obj->
hdr->time_date_stamp, 0);
434 sdb_set(obj->
kv,
"mdmp_header.format",
"[4]zddddt[8]B Signature "
435 "Version NumberOfStreams StreamDirectoryRVA CheckSum "
436 "TimeDateStamp (mdmp_type)Flags",
447 module->base_of_image = base_of_image;
453 module->size_of_image = size_of_image;
459 module->check_sum = check_sum;
461 ut32 time_date_stamp;
465 module->time_date_stamp = time_date_stamp;
467 ut32 module_name_rva;
471 module->module_name_rva = module_name_rva;
477 module->version_info.dw_signature = dw_signature;
479 ut32 dw_struc_version;
483 module->version_info.dw_struc_version = dw_struc_version;
485 ut32 dw_file_version_ms;
489 module->version_info.dw_file_version_ms = dw_file_version_ms;
491 ut32 dw_file_version_ls;
495 module->version_info.dw_file_version_ls = dw_file_version_ls;
497 ut32 dw_product_version_ms;
501 module->version_info.dw_product_version_ms = dw_product_version_ms;
503 ut32 dw_product_version_ls;
507 module->version_info.dw_product_version_ls = dw_product_version_ls;
509 ut32 dw_file_flags_mask;
513 module->version_info.dw_file_flags_mask = dw_file_flags_mask;
519 module->version_info.dw_file_flags = dw_file_flags;
525 module->version_info.dw_file_os = dw_file_os;
531 module->version_info.dw_file_type = dw_file_type;
533 ut32 dw_file_subtype;
537 module->version_info.dw_file_subtype = dw_file_subtype;
539 ut32 dw_file_date_ms;
543 module->version_info.dw_file_date_ms = dw_file_date_ms;
545 ut32 dw_file_date_ls;
549 module->version_info.dw_file_date_ls = dw_file_date_ls;
551 ut32 cv_record_data_size;
555 module->cv_record.data_size = cv_record_data_size;
561 module->cv_record.rva = cv_record_rva;
563 ut32 misc_record_data_size;
567 module->misc_record.data_size = misc_record_data_size;
569 ut32 misc_record_rva;
573 module->misc_record.rva = misc_record_rva;
579 module->reserved_0 = reserved_0;
585 module->reserved_1 = reserved_1;
619 ut64 number_of_memory_ranges;
623 memory64_list->number_of_memory_ranges = number_of_memory_ranges;
629 memory64_list->base_rva = base_rva;
648 ut64 start_of_memory_range;
652 desc->start_of_memory_range = start_of_memory_range;
658 desc->data_size = data_size;
668 struct minidump_handle_operation_list handle_operation_list;
669 struct minidump_memory_list memory_list;
670 struct minidump_memory64_list memory64_list;
671 struct minidump_memory_info_list memory_info_list;
672 struct minidump_module_list module_list;
673 struct minidump_thread_list thread_list;
674 struct minidump_thread_ex_list thread_ex_list;
675 struct minidump_thread_info_list thread_info_list;
676 struct minidump_token_info_list token_info_list;
677 struct minidump_unloaded_module_list unloaded_module_list;
684 RZ_LOG_ERROR(
"Size Mismatch - Stream data is larger than file size!\n");
688 ut32 number_of_modules;
690 switch (
entry->stream_type) {
693 if (
r !=
sizeof(thread_list)) {
697 sdb_set(obj->
kv,
"mdmp_thread.format",
"ddddq?? "
698 "ThreadId SuspendCount PriorityClass Priority "
699 "Teb (mdmp_memory_descriptor)Stack "
700 "(mdmp_location_descriptor)ThreadContext",
703 entry->location.rva, 0);
704 sdb_set(obj->
kv,
"mdmp_thread_list.format",
706 "NumberOfThreads (mdmp_thread)Threads",
707 thread_list.number_of_threads),
716 module_list.number_of_modules = number_of_modules;
718 sdb_set(obj->
kv,
"mdmp_module.format",
"qddtd???qq "
719 "BaseOfImage SizeOfImage CheckSum "
720 "TimeDateStamp ModuleNameRVA "
721 "(mdmp_vs_fixedfileinfo)VersionInfo "
722 "(mdmp_location_descriptor)CvRecord "
723 "(mdmp_location_descriptor)MiscRecord "
724 "Reserved0 Reserved1",
727 entry->location.rva, 0);
728 sdb_set(obj->
kv,
"mdmp_module_list.format",
730 "NumberOfModule (mdmp_module)Modules",
731 module_list.number_of_modules),
734 offset =
entry->location.rva +
sizeof(module_list);
735 for (
i = 0;
i < module_list.number_of_modules;
i++) {
736 struct minidump_module *
module =
RZ_NEW(
struct minidump_module);
744 offset +=
sizeof(*module);
749 if (
r !=
sizeof(memory_list)) {
754 entry->location.rva, 0);
755 sdb_set(obj->
kv,
"mdmp_memory_list.format",
757 "NumberOfMemoryRanges "
758 "(mdmp_memory_descriptor)MemoryRanges ",
759 memory_list.number_of_memory_ranges),
762 offset =
entry->location.rva +
sizeof(memory_list);
763 for (
i = 0;
i < memory_list.number_of_memory_ranges;
i++) {
764 struct minidump_memory_descriptor *
desc =
RZ_NEW(
struct minidump_memory_descriptor);
769 if (
r !=
sizeof(*
desc)) {
788 sdb_set(obj->
kv,
"mdmp_exception.format",
"[4]E[4]Eqqdd[15]q "
789 "(mdmp_exception_code)ExceptionCode "
790 "(mdmp_exception_flags)ExceptionFlags "
791 "ExceptionRecord ExceptionAddress "
792 "NumberParameters __UnusedAlignment "
793 "ExceptionInformation",
796 entry->location.rva, 0);
797 sdb_set(obj->
kv,
"mdmp_exception_stream.format",
"dd?? "
798 "ThreadId __Alignment "
799 "(mdmp_exception)ExceptionRecord "
800 "(mdmp_location_descriptor)ThreadContext",
815 entry->location.rva, 0);
817 sdb_set(obj->
kv,
"mdmp_system_info.format",
"[2]EwwbBddd[4]Ed[2]Ew[2]q "
818 "(mdmp_processor_architecture)ProcessorArchitecture "
819 "ProcessorLevel ProcessorRevision NumberOfProcessors "
820 "(mdmp_product_type)ProductType "
821 "MajorVersion MinorVersion BuildNumber (mdmp_platform_id)PlatformId "
822 "CsdVersionRva (mdmp_suite_mask)SuiteMask Reserved2 ProcessorFeatures",
829 if (
r !=
sizeof(thread_ex_list)) {
833 sdb_set(obj->
kv,
"mdmp_thread_ex.format",
"ddddq??? "
834 "ThreadId SuspendCount PriorityClass Priority "
835 "Teb (mdmp_memory_descriptor)Stack "
836 "(mdmp_location_descriptor)ThreadContext "
837 "(mdmp_memory_descriptor)BackingStore",
840 entry->location.rva, 0);
841 sdb_set(obj->
kv,
"mdmp_thread_ex_list.format",
842 sdb_fmt(
"d[%d]? NumberOfThreads "
843 "(mdmp_thread_ex)Threads",
844 thread_ex_list.number_of_threads),
847 offset =
entry->location.rva +
sizeof(thread_ex_list);
848 for (
i = 0;
i < thread_ex_list.number_of_threads;
i++) {
849 struct minidump_thread_ex *thread =
RZ_NEW(
struct minidump_thread_ex);
854 if (
r !=
sizeof(*thread)) {
858 offset +=
sizeof(*thread);
867 entry->location.rva, 0);
868 sdb_set(obj->
kv,
"mdmp_memory64_list.format",
871 "(mdmp_memory_descriptor64)MemoryRanges",
872 memory64_list.number_of_memory_ranges),
876 offset =
entry->location.rva +
sizeof(memory64_list);
877 for (
i = 0;
i < memory64_list.number_of_memory_ranges;
i++) {
878 struct minidump_memory_descriptor64 *
desc =
RZ_NEW(
struct minidump_memory_descriptor64);
899 entry->location.rva, 0);
900 sdb_set(obj->
kv,
"mdmp_comment_stream_a.format",
916 entry->location.rva, 0);
917 sdb_set(obj->
kv,
"mdmp_comment_stream_w.format",
933 entry->location.rva, 0);
934 sdb_set(obj->
kv,
"mdmp_handle_data_stream.format",
"dddd "
935 "SizeOfHeader SizeOfDescriptor "
936 "NumberOfDescriptors Reserved",
951 entry->location.rva, 0);
952 sdb_set(obj->
kv,
"mdmp_function_table_stream.format",
"dddddd "
953 "SizeOfHeader SizeOfDescriptor SizeOfNativeDescriptor "
954 "SizeOfFunctionEntry NumberOfDescriptors SizeOfAlignPad",
960 if (
r !=
sizeof(unloaded_module_list)) {
964 sdb_set(obj->
kv,
"mdmp_unloaded_module.format",
"qddtd "
965 "BaseOfImage SizeOfImage CheckSum TimeDateStamp "
969 entry->location.rva, 0);
970 sdb_set(obj->
kv,
"mdmp_unloaded_module_list.format",
"ddd "
971 "SizeOfHeader SizeOfEntry NumberOfEntries",
974 offset =
entry->location.rva +
sizeof(unloaded_module_list);
975 for (
i = 0;
i < unloaded_module_list.number_of_entries;
i++) {
976 struct minidump_unloaded_module *
module =
RZ_NEW(
struct minidump_unloaded_module);
985 offset +=
sizeof(*module);
1001 entry->location.rva, 0);
1002 sdb_set(obj->
kv,
"mdmp_misc_info.format",
"d[4]Bdtttddddd "
1003 "SizeOfInfo (mdmp_misc1_flags)Flags1 ProcessId "
1004 "ProcessCreateTime ProcessUserTime ProcessKernelTime "
1005 "ProcessorMaxMhz ProcessorCurrentMhz "
1006 "ProcessorMhzLimit ProcessorMaxIdleState "
1007 "ProcessorCurrentIdleState",
1013 if (
r !=
sizeof(memory_info_list)) {
1017 sdb_set(obj->
kv,
"mdmp_memory_info.format",
1018 "qq[4]Edq[4]E[4]E[4]Ed BaseAddress AllocationBase "
1019 "(mdmp_page_protect)AllocationProtect __Alignment1 RegionSize "
1020 "(mdmp_mem_state)State (mdmp_page_protect)Protect "
1021 "(mdmp_mem_type)Type __Alignment2",
1024 entry->location.rva, 0);
1025 sdb_set(obj->
kv,
"mdmp_memory_info_list.format",
1027 "NumberOfEntries (mdmp_memory_info)MemoryInfo",
1028 memory_info_list.number_of_entries),
1031 offset =
entry->location.rva +
sizeof(memory_info_list);
1032 for (
i = 0;
i < memory_info_list.number_of_entries;
i++) {
1033 struct minidump_memory_info *
info =
RZ_NEW(
struct minidump_memory_info);
1038 if (
r !=
sizeof(*
info)) {
1048 if (
r !=
sizeof(thread_info_list)) {
1052 sdb_set(obj->
kv,
"mdmp_thread_info.format",
"ddddttttqq "
1053 "ThreadId DumpFlags DumpError ExitStatus CreateTime "
1054 "ExitTime KernelTime UserTime StartAddress Affinity",
1057 entry->location.rva, 0);
1058 sdb_set(obj->
kv,
"mdmp_thread_info_list.format",
"ddd "
1059 "SizeOfHeader SizeOfEntry NumberOfEntries",
1062 offset =
entry->location.rva +
sizeof(thread_info_list);
1063 for (
i = 0;
i < thread_info_list.number_of_entries;
i++) {
1064 struct minidump_thread_info *
info =
RZ_NEW(
struct minidump_thread_info);
1069 if (
r !=
sizeof(*
info)) {
1079 if (
r !=
sizeof(handle_operation_list)) {
1084 entry->location.rva, 0);
1085 sdb_set(obj->
kv,
"mdmp_handle_operation_list.format",
"dddd "
1086 "SizeOfHeader SizeOfEntry NumberOfEntries Reserved",
1089 offset =
entry->location.rva +
sizeof(handle_operation_list);
1090 for (
i = 0;
i < handle_operation_list.number_of_entries;
i++) {
1091 struct avrf_handle_operation *
op =
RZ_NEW(
struct avrf_handle_operation);
1096 if (
r !=
sizeof(*
op)) {
1107 if (
r !=
sizeof(token_info_list)) {
1111 sdb_set(obj->
kv,
"mdmp_token_info.format",
"ddq "
1112 "TokenSize TokenId TokenHandle",
1116 entry->location.rva, 0);
1117 sdb_set(obj->
kv,
"mdmp_token_info_list.format",
"dddd "
1118 "TokenListSize TokenListEntries ListHeaderSize ElementHeaderSize",
1121 offset =
entry->location.rva +
sizeof(token_info_list);
1122 for (
i = 0;
i < token_info_list.number_of_entries;
i++) {
1123 struct minidump_token_info *
info =
RZ_NEW(
struct minidump_token_info);
1128 if (
r !=
sizeof(*
info)) {
1145 RZ_LOG_WARN(
"Invalid or unsupported enumeration encountered %d\n",
entry->stream_type);
1165 entry->stream_type = stream_type;
1171 entry->location.data_size = data_size;
1188 struct minidump_directory
entry;
1191 obj->
hdr->stream_directory_rva, 0);
1192 sdb_set(obj->
kv,
"mdmp_directory.format",
"[4]E? "
1193 "(mdmp_stream_type)StreamType "
1194 "(mdmp_location_descriptor)Location",
1197 ut64 rvadir = obj->
hdr->stream_directory_rva;
1198 ut64 bytes_left = rvadir < obj->
size ? obj->
size - rvadir : 0;
1199 size_t max_entries =
RZ_MIN(obj->
hdr->number_of_streams, bytes_left /
sizeof(
struct minidump_directory));
1200 if (max_entries < obj->hdr->number_of_streams) {
1201 RZ_LOG_ERROR(
"Number of streams = %u is greater than is supportable by bin size\n",
1202 obj->
hdr->number_of_streams);
1205 for (
i = 0;
i < max_entries;
i++) {
1206 ut32 delta =
i *
sizeof(
struct minidump_directory);
1234 section_hdr.PointerToRawData = section_hdr.VirtualAddress;
1257 idx = tmp1 | (tmp2 << 8);
1260 ut8 tmp1[2], tmp2[2], tmp3[2];
1264 if (!memcmp(tmp1,
"MZ", 2) && !memcmp(tmp2,
"PE", 2) && !memcmp(tmp3,
"\x0b\x01", 2)) {
1273 int idx, ret =
false;
1288 idx = tmp1 | (tmp2 << 8);
1291 ut8 tmp1[2], tmp2[2], tmp3[2];
1295 if (!memcmp(tmp1,
"MZ", 2) && !memcmp(tmp2,
"PE", 2) && !memcmp(tmp3,
"\x0b\x02", 2)) {
1305 struct minidump_module *
module;
1306 struct Pe32_rz_bin_mdmp_pe_bin *pe32_bin, *pe32_dup;
1307 struct Pe64_rz_bin_mdmp_pe_bin *pe64_bin, *pe64_dup;
1325 rz_list_foreach (obj->
pe32_bins, it_dup, pe32_dup) {
1326 if (pe32_dup->vaddr ==
module->base_of_image) {
1334 if (!(pe32_bin =
RZ_NEW0(
struct Pe32_rz_bin_mdmp_pe_bin))) {
1338 pe32_bin->vaddr =
module->base_of_image;
1339 pe32_bin->paddr = paddr;
1340 pe32_bin->bin = Pe32_rz_bin_pe_new_buf(
buf, 0);
1344 rz_list_foreach (obj->
pe64_bins, it_dup, pe64_dup) {
1345 if (pe64_dup->vaddr ==
module->base_of_image) {
1353 if (!(pe64_bin =
RZ_NEW0(
struct Pe64_rz_bin_mdmp_pe_bin))) {
1357 pe64_bin->vaddr =
module->base_of_image;
1358 pe64_bin->paddr = paddr;
1359 pe64_bin->bin = Pe64_rz_bin_pe_new_buf(
buf, 0);
1377 RZ_LOG_ERROR(
"Failed to initialise directory structures!\n");
RzBinInfo * info(RzBinFile *bf)
static char * signature(RzBinFile *bf, bool json)
static ut64 rva(RzBinObject *o, ut64 paddr, ut64 vaddr, int va)
static static sync static getppid static getegid const char static filename char static len const char char static bufsiz static mask static vfork const void static prot static getpgrp const char static swapflags static arg static fd static protocol static who struct sockaddr static addrlen static backlog struct timeval struct timezone static tz const struct iovec static count static mode const void const struct sockaddr static tolen const char static pathname void static offset struct stat static buf void long static basep static whence static length const void static len static semflg const void static shmflg const struct timespec struct timespec static rem const char static group const void length
RZ_API char * sdb_fmt(const char *fmt,...)
RZ_API void Ht_() free(HtName_(Ht) *ht)
RZ_API RZ_OWN RzList * rz_list_newf(RzListFree f)
Returns a new initialized RzList pointer and sets the free method.
RZ_API RZ_OWN RzList * rz_list_new(void)
Returns a new initialized RzList pointer (free method is not initialized)
RZ_API RZ_BORROW RzListIter * rz_list_append(RZ_NONNULL RzList *list, void *data)
Appends at the end of the list a new element.
RZ_API void rz_list_free(RZ_NONNULL RzList *list)
Empties the list and frees the list pointer.
static static fork const void static count static fd const char const char static newpath char char char static envp time_t static t const char static mode static whence const char static dir time_t static t unsigned static seconds const char struct utimbuf static buf static inc static sig const char static mode dup
static int rz_bin_mdmp_init(struct rz_bin_mdmp_obj *obj)
static bool read_memory64_list(RzBuffer *b, ut64 addr, struct minidump_memory64_list *memory64_list)
static bool rz_bin_mdmp_init_hdr(struct rz_bin_mdmp_obj *obj)
static int check_pe64_buf(RzBuffer *buf, ut64 length)
static void rz_bin_mdmp_free_pe64_bin(void *pe_bin_)
static bool rz_bin_mdmp_patch_pe_headers(RzBuffer *pe_buf)
void rz_bin_mdmp_free(struct rz_bin_mdmp_obj *obj)
static void rz_bin_mdmp_free_pe32_bin(void *pe_bin_)
static bool read_entry(RzBuffer *b, ut64 addr, struct minidump_directory *entry)
static void rz_bin_mdmp_init_parsing(struct rz_bin_mdmp_obj *obj)
static int check_pe32_buf(RzBuffer *buf, ut64 length)
ut64 rz_bin_mdmp_get_paddr(struct rz_bin_mdmp_obj *obj, ut64 vaddr)
static bool rz_bin_mdmp_init_directory(struct rz_bin_mdmp_obj *obj)
static bool rz_bin_mdmp_init_directory_entry(struct rz_bin_mdmp_obj *obj, struct minidump_directory *entry)
static bool read_hdr(RzBuffer *b, struct minidump_header *hdr)
struct rz_bin_mdmp_obj * rz_bin_mdmp_new_buf(RzBuffer *buf)
static bool read_desc(RzBuffer *b, ut64 addr, struct minidump_memory_descriptor64 *desc)
static bool read_module_aux(RzBuffer *b, ut64 addr, struct minidump_module *module)
ut32 rz_bin_mdmp_get_perm(struct rz_bin_mdmp_obj *obj, ut64 vaddr)
struct minidump_memory_info * rz_bin_mdmp_get_mem_info(struct rz_bin_mdmp_obj *obj, ut64 vaddr)
static bool rz_bin_mdmp_init_pe_bins(struct rz_bin_mdmp_obj *obj)
static bool read_module(RzBuffer *b, ut64 addr, struct minidump_module *module)
#define MINIDUMP_PAGE_EXECUTE_WRITECOPY
#define MINIDUMP_PAGE_NOACCESS
#define MINIDUMP_PAGE_WRITECOMBINE
@ UNLOADED_MODULE_LIST_STREAM
@ THREAD_INFO_LIST_STREAM
@ HANDLE_OPERATION_LIST_STREAM
@ MEMORY_INFO_LIST_STREAM
#define MINIDUMP_PAGE_GUARD
#define MINIDUMP_PAGE_EXECUTE_READ
#define MINIDUMP_PAGE_READONLY
#define MINIDUMP_PAGE_EXECUTE_READWRITE
#define MINIDUMP_PAGE_READWRITE
#define MINIDUMP_PAGE_NOCACHE
#define MINIDUMP_PAGE_WRITECOPY
#define MINIDUMP_PAGE_EXECUTE
RZ_API int sdb_num_set(Sdb *s, const char *key, ut64 v, ut32 cas)
void Pe64_write_image_section_header(RzBuffer *b, ut64 addr, Pe64_image_section_header *section_header)
struct Pe32_image_file_header Pe64_image_file_header
bool Pe64_read_image_section_header(RzBuffer *b, ut64 addr, Pe64_image_section_header *section_header)
bool Pe64_read_dos_header(RzBuffer *buf, Pe64_image_dos_header *header)
bool Pe64_read_nt_headers(RzBuffer *buf, ut64 addr, Pe64_image_nt_headers *headers)
RZ_API st64 rz_buf_seek(RZ_NONNULL RzBuffer *b, st64 addr, int whence)
Modify the current cursor position in the buffer.
RZ_API RzBuffer * rz_buf_ref(RzBuffer *b)
Increment the reference count of the buffer.
RZ_API bool rz_buf_read8_at(RzBuffer *b, ut64 addr, RZ_NONNULL RZ_OUT ut8 *result)
Read a byte at the specified address in the buffer.
RZ_API st64 rz_buf_read_at(RZ_NONNULL RzBuffer *b, ut64 addr, RZ_NONNULL RZ_OUT ut8 *buf, ut64 len)
Read len bytes of the buffer at the specified address.
#define rz_buf_read_le32_at(b, addr, result)
#define rz_buf_read_le32(b, result)
#define rz_buf_read_le64(b, result)
RZ_API void rz_buf_free(RzBuffer *b)
Free all internal data hold by the buffer and the buffer.
RZ_API RZ_OWN RzBuffer * rz_buf_new_with_bytes(RZ_NULLABLE RZ_BORROW const ut8 *bytes, ut64 len)
Creates a new buffer with a bytes array.
RZ_API ut64 rz_buf_size(RZ_NONNULL RzBuffer *b)
Return the size of the buffer.
void(* RzListFree)(void *ptr)
#define RZ_LOG_INFO(fmtstr,...)
#define RZ_LOG_WARN(fmtstr,...)
#define RZ_LOG_ERROR(fmtstr,...)
RZ_API int sdb_set(Sdb *s, const char *key, const char *val, ut32 cas)
RZ_API Sdb * sdb_new0(void)
RZ_API bool sdb_free(Sdb *s)
static struct sockaddr static addrlen static backlog const void static flags void flags
struct minidump_handle_data_stream * handle_data
struct minidump_exception_stream * exception
RzList * unloaded_modules
struct minidump_misc_info * misc_info_1
struct minidump_function_table_stream * function_table
struct minidump_system_info * system_info
union rz_bin_mdmp_obj::minidump_streams::@162 misc_info
struct rz_bin_mdmp_obj::minidump_streams::@163 memories64
struct rz_bin_mdmp_obj::minidump_streams streams
struct minidump_header * hdr
ut64(WINAPI *w32_GetEnabledXStateFeatures)()
1.9.1