Rizin
unix-like reverse engineering framework and cli tools
Classes | Functions
mdmp.h File Reference
#include <rz_types.h>
#include <rz_util.h>
#include <rz_lib.h>
#include <rz_bin.h>
#include "mdmp_specs.h"
#include "mdmp_pe.h"
#include "mdmp_pe64.h"

Go to the source code of this file.

Classes

struct  rz_bin_mdmp_obj
 
struct  rz_bin_mdmp_obj::minidump_streams
 

Functions

struct rz_bin_mdmp_objrz_bin_mdmp_new_buf (RzBuffer *buf)
 
void rz_bin_mdmp_free (struct rz_bin_mdmp_obj *obj)
 
ut64 rz_bin_mdmp_get_paddr (struct rz_bin_mdmp_obj *obj, ut64 vaddr)
 
ut32 rz_bin_mdmp_get_perm (struct rz_bin_mdmp_obj *obj, ut64 vaddr)
 
struct minidump_memory_info * rz_bin_mdmp_get_mem_info (struct rz_bin_mdmp_obj *obj, ut64 vaddr)
 

Function Documentation

◆ rz_bin_mdmp_free()

void rz_bin_mdmp_free ( struct rz_bin_mdmp_obj obj)

Definition at line 97 of file mdmp.c.

97  {
98  if (!obj) {
99  return;
100  }
101 
102  rz_list_free(obj->streams.ex_threads);
103  rz_list_free(obj->streams.memories);
104  rz_list_free(obj->streams.memories64.memories);
105  rz_list_free(obj->streams.memory_infos);
106  rz_list_free(obj->streams.modules);
107  rz_list_free(obj->streams.operations);
108  rz_list_free(obj->streams.thread_infos);
109  rz_list_free(obj->streams.threads);
110  rz_list_free(obj->streams.token_infos);
111  rz_list_free(obj->streams.unloaded_modules);
112  free(obj->streams.exception);
113  free(obj->streams.system_info);
114  free(obj->streams.comments_a);
115  free(obj->streams.comments_w);
116  free(obj->streams.handle_data);
117  free(obj->streams.function_table);
118  free(obj->streams.misc_info.misc_info_1);
119 
120  rz_list_free(obj->pe32_bins);
121  rz_list_free(obj->pe64_bins);
122 
123  rz_buf_free(obj->b);
124  free(obj->hdr);
125  obj->b = NULL;
126  free(obj);
127 
128  return;
129 }
NULL
#define NULL
Definition: cris-opc.c:27
free
RZ_API void Ht_() free(HtName_(Ht) *ht)
Definition: ht_inc.c:130
rz_list_free
RZ_API void rz_list_free(RZ_NONNULL RzList *list)
Empties the list and frees the list pointer.
Definition: list.c:137
rz_buf_free
RZ_API void rz_buf_free(RzBuffer *b)
Free all internal data hold by the buffer and the buffer.
Definition: buf.c:1253
rz_bin_mdmp_obj::minidump_streams::memory_infos
RzList * memory_infos
Definition: mdmp.h:38
rz_bin_mdmp_obj::minidump_streams::thread_infos
RzList * thread_infos
Definition: mdmp.h:41
rz_bin_mdmp_obj::minidump_streams::memories
RzList * memories
Definition: mdmp.h:37
rz_bin_mdmp_obj::minidump_streams::handle_data
struct minidump_handle_data_stream * handle_data
Definition: mdmp.h:27
rz_bin_mdmp_obj::minidump_streams::threads
RzList * threads
Definition: mdmp.h:42
rz_bin_mdmp_obj::minidump_streams::exception
struct minidump_exception_stream * exception
Definition: mdmp.h:25
rz_bin_mdmp_obj::minidump_streams::unloaded_modules
RzList * unloaded_modules
Definition: mdmp.h:44
rz_bin_mdmp_obj::minidump_streams::comments_w
ut8 * comments_w
Definition: mdmp.h:23
rz_bin_mdmp_obj::minidump_streams::token_infos
RzList * token_infos
Definition: mdmp.h:43
rz_bin_mdmp_obj::minidump_streams::misc_info_1
struct minidump_misc_info * misc_info_1
Definition: mdmp.h:31
rz_bin_mdmp_obj::minidump_streams::function_table
struct minidump_function_table_stream * function_table
Definition: mdmp.h:26
rz_bin_mdmp_obj::minidump_streams::operations
RzList * operations
Definition: mdmp.h:40
rz_bin_mdmp_obj::minidump_streams::system_info
struct minidump_system_info * system_info
Definition: mdmp.h:28
rz_bin_mdmp_obj::minidump_streams::misc_info
union rz_bin_mdmp_obj::minidump_streams::@162 misc_info
rz_bin_mdmp_obj::minidump_streams::comments_a
ut8 * comments_a
Definition: mdmp.h:22
rz_bin_mdmp_obj::minidump_streams::memories64
struct rz_bin_mdmp_obj::minidump_streams::@163 memories64
rz_bin_mdmp_obj::minidump_streams::ex_threads
RzList * ex_threads
Definition: mdmp.h:36
rz_bin_mdmp_obj::minidump_streams::modules
RzList * modules
Definition: mdmp.h:39
rz_bin_mdmp_obj::pe32_bins
RzList * pe32_bins
Definition: mdmp.h:52
rz_bin_mdmp_obj::b
RzBuffer * b
Definition: mdmp.h:55
rz_bin_mdmp_obj::streams
struct rz_bin_mdmp_obj::minidump_streams streams
rz_bin_mdmp_obj::pe64_bins
RzList * pe64_bins
Definition: mdmp.h:53
rz_bin_mdmp_obj::hdr
struct minidump_header * hdr
Definition: mdmp.h:18

References rz_bin_mdmp_obj::b, rz_bin_mdmp_obj::minidump_streams::comments_a, rz_bin_mdmp_obj::minidump_streams::comments_w, rz_bin_mdmp_obj::minidump_streams::ex_threads, rz_bin_mdmp_obj::minidump_streams::exception, free(), rz_bin_mdmp_obj::minidump_streams::function_table, rz_bin_mdmp_obj::minidump_streams::handle_data, rz_bin_mdmp_obj::hdr, rz_bin_mdmp_obj::minidump_streams::memories, rz_bin_mdmp_obj::minidump_streams::memories64, rz_bin_mdmp_obj::minidump_streams::memory_infos, rz_bin_mdmp_obj::minidump_streams::misc_info, rz_bin_mdmp_obj::minidump_streams::misc_info_1, rz_bin_mdmp_obj::minidump_streams::modules, NULL, rz_bin_mdmp_obj::minidump_streams::operations, rz_bin_mdmp_obj::pe32_bins, rz_bin_mdmp_obj::pe64_bins, rz_buf_free(), rz_list_free(), rz_bin_mdmp_obj::streams, rz_bin_mdmp_obj::minidump_streams::system_info, rz_bin_mdmp_obj::minidump_streams::thread_infos, rz_bin_mdmp_obj::minidump_streams::threads, rz_bin_mdmp_obj::minidump_streams::token_infos, and rz_bin_mdmp_obj::minidump_streams::unloaded_modules.

Referenced by destroy(), and rz_bin_mdmp_new_buf().

◆ rz_bin_mdmp_get_mem_info()

struct minidump_memory_info* rz_bin_mdmp_get_mem_info ( struct rz_bin_mdmp_obj obj,
ut64  vaddr 
)

Definition at line 30 of file mdmp.c.

30  {
31  struct minidump_memory_info *mem_info;
32  RzListIter *it;
33 
34  if (!obj) {
35  return NULL;
36  }
37 
38  rz_list_foreach (obj->streams.memory_infos, it, mem_info) {
39  if (mem_info->allocation_base && vaddr == mem_info->base_address) {
40  return mem_info;
41  }
42  }
43 
44  return NULL;
45 }
rz_list_iter_t
Definition: rz_list.h:13

References rz_bin_mdmp_obj::minidump_streams::memory_infos, NULL, and rz_bin_mdmp_obj::streams.

Referenced by mem(), and rz_bin_mdmp_get_perm().

◆ rz_bin_mdmp_get_paddr()

ut64 rz_bin_mdmp_get_paddr ( struct rz_bin_mdmp_obj obj,
ut64  vaddr 
)

Definition at line 11 of file mdmp.c.

11  {
12  /* FIXME: Will only resolve exact matches, probably no need to fix as
13  ** this function will become redundant on the optimisation stage */
14  struct minidump_memory_descriptor64 *memory;
15  ut64 index, paddr = 0;
16  RzListIter *it;
17 
18  /* Loop through the memories sections looking for a match */
19  index = obj->streams.memories64.base_rva;
20  rz_list_foreach (obj->streams.memories64.memories, it, memory) {
21  if (vaddr == memory->start_of_memory_range) {
22  paddr = index;
23  break;
24  }
25  index += memory->data_size;
26  }
27  return paddr;
28 }
rz_bin_mdmp_obj::minidump_streams::base_rva
rva64_t base_rva
Definition: mdmp.h:46
ut64
ut64(WINAPI *w32_GetEnabledXStateFeatures)()

References rz_bin_mdmp_obj::minidump_streams::base_rva, rz_bin_mdmp_obj::minidump_streams::memories, rz_bin_mdmp_obj::minidump_streams::memories64, rz_bin_mdmp_obj::streams, and ut64().

Referenced by rz_bin_mdmp_init_pe_bins(), and sections().

◆ rz_bin_mdmp_get_perm()

ut32 rz_bin_mdmp_get_perm ( struct rz_bin_mdmp_obj obj,
ut64  vaddr 
)

Definition at line 47 of file mdmp.c.

47  {
48  struct minidump_memory_info *mem_info;
49 
50  if (!(mem_info = rz_bin_mdmp_get_mem_info(obj, vaddr))) {
51  /* if there is no mem info in the dump, assume default permission */
52  return RZ_PERM_R;
53  }
54 
55  /* FIXME: Have I got these mappings right, I am not sure I have!!! */
56 
57  switch (mem_info->protect) {
58  case MINIDUMP_PAGE_READONLY:
59  return RZ_PERM_R;
60  case MINIDUMP_PAGE_READWRITE:
61  return RZ_PERM_RW;
62  case MINIDUMP_PAGE_EXECUTE:
63  return RZ_PERM_X;
64  case MINIDUMP_PAGE_EXECUTE_READ:
65  return RZ_PERM_RX;
66  case MINIDUMP_PAGE_EXECUTE_READWRITE:
67  return RZ_PERM_RWX;
68  case MINIDUMP_PAGE_NOACCESS:
69  case MINIDUMP_PAGE_WRITECOPY:
70  case MINIDUMP_PAGE_EXECUTE_WRITECOPY:
71  case MINIDUMP_PAGE_GUARD:
72  case MINIDUMP_PAGE_NOCACHE:
73  case MINIDUMP_PAGE_WRITECOMBINE:
74  default:
75  return 0;
76  }
77 }
rz_bin_mdmp_get_mem_info
struct minidump_memory_info * rz_bin_mdmp_get_mem_info(struct rz_bin_mdmp_obj *obj, ut64 vaddr)
Definition: mdmp.c:30
MINIDUMP_PAGE_EXECUTE_WRITECOPY
#define MINIDUMP_PAGE_EXECUTE_WRITECOPY
Definition: mdmp_specs.h:58
MINIDUMP_PAGE_NOACCESS
#define MINIDUMP_PAGE_NOACCESS
Definition: mdmp_specs.h:51
MINIDUMP_PAGE_WRITECOMBINE
#define MINIDUMP_PAGE_WRITECOMBINE
Definition: mdmp_specs.h:61
MINIDUMP_PAGE_GUARD
#define MINIDUMP_PAGE_GUARD
Definition: mdmp_specs.h:59
MINIDUMP_PAGE_EXECUTE_READ
#define MINIDUMP_PAGE_EXECUTE_READ
Definition: mdmp_specs.h:56
MINIDUMP_PAGE_READONLY
#define MINIDUMP_PAGE_READONLY
Definition: mdmp_specs.h:52
MINIDUMP_PAGE_EXECUTE_READWRITE
#define MINIDUMP_PAGE_EXECUTE_READWRITE
Definition: mdmp_specs.h:57
MINIDUMP_PAGE_READWRITE
#define MINIDUMP_PAGE_READWRITE
Definition: mdmp_specs.h:53
MINIDUMP_PAGE_NOCACHE
#define MINIDUMP_PAGE_NOCACHE
Definition: mdmp_specs.h:60
MINIDUMP_PAGE_WRITECOPY
#define MINIDUMP_PAGE_WRITECOPY
Definition: mdmp_specs.h:54
MINIDUMP_PAGE_EXECUTE
#define MINIDUMP_PAGE_EXECUTE
Definition: mdmp_specs.h:55
RZ_PERM_R
#define RZ_PERM_R
Definition: rz_types.h:93
RZ_PERM_RW
#define RZ_PERM_RW
Definition: rz_types.h:96
RZ_PERM_X
#define RZ_PERM_X
Definition: rz_types.h:95
RZ_PERM_RX
#define RZ_PERM_RX
Definition: rz_types.h:97
RZ_PERM_RWX
#define RZ_PERM_RWX
Definition: rz_types.h:98

References MINIDUMP_PAGE_EXECUTE, MINIDUMP_PAGE_EXECUTE_READ, MINIDUMP_PAGE_EXECUTE_READWRITE, MINIDUMP_PAGE_EXECUTE_WRITECOPY, MINIDUMP_PAGE_GUARD, MINIDUMP_PAGE_NOACCESS, MINIDUMP_PAGE_NOCACHE, MINIDUMP_PAGE_READONLY, MINIDUMP_PAGE_READWRITE, MINIDUMP_PAGE_WRITECOMBINE, MINIDUMP_PAGE_WRITECOPY, rz_bin_mdmp_get_mem_info(), RZ_PERM_R, RZ_PERM_RW, RZ_PERM_RWX, RZ_PERM_RX, and RZ_PERM_X.

Referenced by maps(), and mem().

◆ rz_bin_mdmp_new_buf()

struct rz_bin_mdmp_obj* rz_bin_mdmp_new_buf ( RzBuffer buf)

Definition at line 1389 of file mdmp.c.

1389  {
1390  bool fail = false;
1391  struct rz_bin_mdmp_obj *obj = RZ_NEW0(struct rz_bin_mdmp_obj);
1392  if (!obj) {
1393  return NULL;
1394  }
1395  obj->kv = sdb_new0();
1396  obj->size = (ut32)rz_buf_size(buf);
1397 
1398  fail |= (!(obj->streams.ex_threads = rz_list_new()));
1399  fail |= (!(obj->streams.memories = rz_list_newf((RzListFree)free)));
1400  fail |= (!(obj->streams.memories64.memories = rz_list_new()));
1401  fail |= (!(obj->streams.memory_infos = rz_list_newf((RzListFree)free)));
1402  fail |= (!(obj->streams.modules = rz_list_newf((RzListFree)free)));
1403  fail |= (!(obj->streams.operations = rz_list_newf((RzListFree)free)));
1404  fail |= (!(obj->streams.thread_infos = rz_list_newf((RzListFree)free)));
1405  fail |= (!(obj->streams.token_infos = rz_list_newf((RzListFree)free)));
1406  fail |= (!(obj->streams.threads = rz_list_new()));
1407  fail |= (!(obj->streams.unloaded_modules = rz_list_newf((RzListFree)free)));
1408 
1409  fail |= (!(obj->pe32_bins = rz_list_newf(rz_bin_mdmp_free_pe32_bin)));
1410  fail |= (!(obj->pe64_bins = rz_list_newf(rz_bin_mdmp_free_pe64_bin)));
1411 
1412  if (fail) {
1413  rz_bin_mdmp_free(obj);
1414  return NULL;
1415  }
1416 
1417  obj->b = rz_buf_ref(buf);
1418  if (!rz_bin_mdmp_init(obj)) {
1419  rz_bin_mdmp_free(obj);
1420  return NULL;
1421  }
1422 
1423  return obj;
1424 }
ut32
uint32_t ut32
Definition: demangler_util.h:31
buf
voidpf void * buf
Definition: ioapi.h:138
rz_list_newf
RZ_API RZ_OWN RzList * rz_list_newf(RzListFree f)
Returns a new initialized RzList pointer and sets the free method.
Definition: list.c:248
rz_list_new
RZ_API RZ_OWN RzList * rz_list_new(void)
Returns a new initialized RzList pointer (free method is not initialized)
Definition: list.c:235
rz_bin_mdmp_init
static int rz_bin_mdmp_init(struct rz_bin_mdmp_obj *obj)
Definition: mdmp.c:1368
rz_bin_mdmp_free_pe64_bin
static void rz_bin_mdmp_free_pe64_bin(void *pe_bin_)
Definition: mdmp.c:88
rz_bin_mdmp_free
void rz_bin_mdmp_free(struct rz_bin_mdmp_obj *obj)
Definition: mdmp.c:97
rz_bin_mdmp_free_pe32_bin
static void rz_bin_mdmp_free_pe32_bin(void *pe_bin_)
Definition: mdmp.c:79
rz_buf_ref
RZ_API RzBuffer * rz_buf_ref(RzBuffer *b)
Increment the reference count of the buffer.
Definition: buf.c:668
rz_buf_size
RZ_API ut64 rz_buf_size(RZ_NONNULL RzBuffer *b)
Return the size of the buffer.
Definition: buf.c:1225
RzListFree
void(* RzListFree)(void *ptr)
Definition: rz_list.h:11
RZ_NEW0
#define RZ_NEW0(x)
Definition: rz_types.h:284
sdb_new0
RZ_API Sdb * sdb_new0(void)
Definition: sdb.c:43
rz_bin_mdmp_obj
Definition: mdmp.h:17
rz_bin_mdmp_obj::kv
Sdb * kv
Definition: mdmp.h:58
rz_bin_mdmp_obj::size
size_t size
Definition: mdmp.h:56
fail
#define fail(test)
Definition: tests.h:29

References rz_bin_mdmp_obj::b, rz_bin_mdmp_obj::minidump_streams::ex_threads, fail, free(), rz_bin_mdmp_obj::kv, rz_bin_mdmp_obj::minidump_streams::memories, rz_bin_mdmp_obj::minidump_streams::memories64, rz_bin_mdmp_obj::minidump_streams::memory_infos, rz_bin_mdmp_obj::minidump_streams::modules, NULL, rz_bin_mdmp_obj::minidump_streams::operations, rz_bin_mdmp_obj::pe32_bins, rz_bin_mdmp_obj::pe64_bins, rz_bin_mdmp_free(), rz_bin_mdmp_free_pe32_bin(), rz_bin_mdmp_free_pe64_bin(), rz_bin_mdmp_init(), rz_buf_ref(), rz_buf_size(), rz_list_new(), rz_list_newf(), RZ_NEW0, sdb_new0(), rz_bin_mdmp_obj::size, rz_bin_mdmp_obj::streams, rz_bin_mdmp_obj::minidump_streams::thread_infos, rz_bin_mdmp_obj::minidump_streams::threads, rz_bin_mdmp_obj::minidump_streams::token_infos, and rz_bin_mdmp_obj::minidump_streams::unloaded_modules.

Referenced by load_buffer().