Rizin
unix-like reverse engineering framework and cli tools
Functions
windows_maps.h File Reference
#include <rz_core.h>

Go to the source code of this file.

Functions

RZ_API RzListrz_w32_dbg_modules (RzDebug *dbg)
 
RZ_API RzListrz_w32_dbg_maps (RzDebug *dbg)
 

Function Documentation

◆ rz_w32_dbg_maps()

RZ_API RzList* rz_w32_dbg_maps ( RzDebug dbg)

Definition at line 245 of file windows_maps.c.

245  {
246  if (dbg->pid == -1) {
247  return NULL;
248  }
249  SYSTEM_INFO si = { 0 };
250  LPVOID cur_addr;
251  MEMORY_BASIC_INFORMATION mbi;
252  RWinModInfo mod_inf = { 0 };
253  RzList *map_list = rz_list_newf((RzListFree)rz_debug_map_free), *mod_list = NULL;
254  W32DbgWInst *wrap = dbg->plugin_data;
255 
256  GetSystemInfo(&si);
257  cur_addr = si.lpMinimumApplicationAddress;
258  /* get process modules list */
259  mod_list = rz_w32_dbg_modules(dbg);
260  /* process memory map */
261  while (cur_addr < si.lpMaximumApplicationAddress &&
262  VirtualQueryEx(wrap->pi.hProcess, cur_addr, &mbi, sizeof(mbi)) != 0) {
263  if (mbi.State != MEM_FREE) {
264  switch (mbi.Type) {
265  case MEM_IMAGE:
266  proc_mem_img(wrap->pi.hProcess, map_list, mod_list, &mod_inf, &si, &mbi);
267  break;
268  case MEM_MAPPED:
269  proc_mem_map(wrap->pi.hProcess, map_list, &mbi);
270  break;
271  default:
272  add_map_reg(map_list, "", &mbi);
273  }
274  }
275  cur_addr = (LPVOID)(size_t)((ut64)(size_t)mbi.BaseAddress + mbi.RegionSize);
276  }
277  free(mod_inf.sect_hdr);
278  rz_list_free(mod_list);
279  return map_list;
280 }
si
si
Definition: address-size.s.cs:4
NULL
#define NULL
Definition: cris-opc.c:27
dbg
RzDebug * dbg
Definition: desil.c:30
rz_debug_map_free
RZ_API void rz_debug_map_free(RzDebugMap *map)
Definition: dmap.c:77
free
RZ_API void Ht_() free(HtName_(Ht) *ht)
Definition: ht_inc.c:130
rz_list_newf
RZ_API RZ_OWN RzList * rz_list_newf(RzListFree f)
Returns a new initialized RzList pointer and sets the free method.
Definition: list.c:248
rz_list_free
RZ_API void rz_list_free(RZ_NONNULL RzList *list)
Empties the list and frees the list pointer.
Definition: list.c:137
RzListFree
void(* RzListFree)(void *ptr)
Definition: rz_list.h:11
RWinModInfo::sect_hdr
IMAGE_SECTION_HEADER * sect_hdr
Definition: windows_maps.c:9
W32DbgWInst::pi
PROCESS_INFORMATION pi
Definition: w32dbg_wrap.h:40
rz_debug_t::pid
int pid
Definition: rz_debug.h:247
rz_debug_t::plugin_data
void * plugin_data
Definition: rz_debug.h:296
rz_list_t
Definition: rz_list.h:18
ut64
ut64(WINAPI *w32_GetEnabledXStateFeatures)()
add_map_reg
static RzDebugMap * add_map_reg(RzList *list, const char *name, MEMORY_BASIC_INFORMATION *mbi)
Definition: windows_maps.c:72
proc_mem_img
static void proc_mem_img(HANDLE h_proc, RzList *map_list, RzList *mod_list, RWinModInfo *mod, SYSTEM_INFO *si, MEMORY_BASIC_INFORMATION *mbi)
Definition: windows_maps.c:169
rz_w32_dbg_modules
RZ_API RzList * rz_w32_dbg_modules(RzDebug *dbg)
Definition: windows_maps.c:76
proc_mem_map
static void proc_mem_map(HANDLE h_proc, RzList *map_list, MEMORY_BASIC_INFORMATION *mbi)
Definition: windows_maps.c:232

References add_map_reg(), dbg, free(), NULL, W32DbgWInst::pi, rz_debug_t::pid, rz_debug_t::plugin_data, proc_mem_img(), proc_mem_map(), rz_debug_map_free(), rz_list_free(), rz_list_newf(), rz_w32_dbg_modules(), RWinModInfo::sect_hdr, si, and ut64().

◆ rz_w32_dbg_modules()

RZ_API RzList* rz_w32_dbg_modules ( RzDebug dbg)

Definition at line 76 of file windows_maps.c.

76  {
77  if (dbg->pid == -1) {
78  return NULL;
79  }
80  MODULEENTRY32 me;
81  RzList *list = rz_list_newf((RzListFree)rz_debug_map_free);
82  DWORD flags = TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32;
83  HANDLE h_mod_snap = CreateToolhelp32Snapshot(flags, dbg->pid);
84 
85  if (h_mod_snap == INVALID_HANDLE_VALUE) {
86  // Suppress if process is still initializing
87  if (GetLastError() != ERROR_PARTIAL_COPY || rz_list_length(dbg->threads) > 1) {
88  rz_sys_perror("rz_w32_dbg_modules/CreateToolhelp32Snapshot");
89  }
90  goto err_w32_dbg_modules;
91  }
92  me.dwSize = sizeof(MODULEENTRY32);
93  if (!Module32First(h_mod_snap, &me)) {
94  rz_sys_perror("rz_w32_dbg_modules/Module32First");
95  goto err_w32_dbg_modules;
96  }
97  do {
98  ut64 baddr = (ut64)(size_t)me.modBaseAddr;
99  char *mod_name = rz_sys_conv_win_to_utf8(me.szModule);
100  RzDebugMap *dbgmap = rz_debug_map_new(mod_name, baddr, baddr + me.modBaseSize, 0, 0);
101  free(mod_name);
102  if (dbgmap) {
103  dbgmap->file = rz_sys_conv_win_to_utf8(me.szExePath);
104  if (dbgmap->file) {
105  rz_list_append(list, dbgmap);
106  }
107  }
108  } while (Module32Next(h_mod_snap, &me));
109 err_w32_dbg_modules:
110  if (h_mod_snap && h_mod_snap != INVALID_HANDLE_VALUE) {
111  CloseHandle(h_mod_snap);
112  }
113  return list;
114 }
baddr
static ut64 baddr(RzBinFile *bf)
Definition: bin_any.c:58
rz_debug_map_new
RZ_API RzDebugMap * rz_debug_map_new(char *name, ut64 addr, ut64 addr_end, int perm, int user)
Definition: dmap.c:7
INVALID_HANDLE_VALUE
#define INVALID_HANDLE_VALUE
Definition: iowin32.c:21
list
static void list(RzEgg *egg)
Definition: rz-gg.c:52
rz_list_length
RZ_API ut32 rz_list_length(RZ_NONNULL const RzList *list)
Returns the length of the list.
Definition: list.c:109
rz_list_append
RZ_API RZ_BORROW RzListIter * rz_list_append(RZ_NONNULL RzList *list, void *data)
Appends at the end of the list a new element.
Definition: list.c:288
rz_sys_perror
#define rz_sys_perror(x)
Definition: rz_types.h:336
flags
static struct sockaddr static addrlen static backlog const void static flags void flags
Definition: sfsocketcall.h:123
rz_debug_map_t
Definition: rz_debug.h:136
rz_debug_map_t::file
char * file
Definition: rz_debug.h:142
rz_debug_t::threads
RzList * threads
Definition: rz_debug.h:251
HANDLE
DWORD * HANDLE
Definition: windows_debug.h:119
DWORD
DWORD
Definition: windows_debug.h:119

References baddr(), dbg, DWORD, rz_debug_map_t::file, flags, free(), HANDLE, INVALID_HANDLE_VALUE, list(), NULL, rz_debug_t::pid, rz_debug_map_free(), rz_debug_map_new(), rz_list_append(), rz_list_length(), rz_list_newf(), rz_sys_perror, rz_debug_t::threads, and ut64().

Referenced by GetHeapGlobalsOffset(), and rz_w32_dbg_maps().