crashpad/snapshot/win/process_reader_win.h

// Copyright 2015 The Crashpad Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

#ifndef CRASHPAD_SNAPSHOT_WIN_PROCESS_READER_WIN_H_
#define CRASHPAD_SNAPSHOT_WIN_PROCESS_READER_WIN_H_

#include <windows.h>
#include <sys/time.h>

#include <string>
#include <vector>

#include "build/build_config.h"
#include "util/misc/initialization_state_dcheck.h"
#include "util/process/process_memory_win.h"
#include "util/win/address_types.h"
#include "util/win/process_info.h"

namespace crashpad {

//! \brief State of process being read by ProcessReaderWin.
enum class ProcessSuspensionState : bool {
  //! \brief The process has not been suspended.
  kRunning,

  //! \brief The process is suspended.
  kSuspended,
};

//! \brief Accesses information about another process, identified by a `HANDLE`.
class ProcessReaderWin {
 public:
  //! \brief Helper to make the context copyable and resizable.
  class ThreadContext {
   public:
    ThreadContext();
    ~ThreadContext() {}

    template <typename T>
    T* context() const {
      DCHECK(initialized_);
      return reinterpret_cast<T*>(
          const_cast<unsigned char*>(data_.data() + offset_));
    }
#if defined(ARCH_CPU_64_BITS)
    bool InitializeWow64(HANDLE thread_handle);
#endif  // ARCH_CPU_64_BITS
#if defined(ARCH_CPU_X86_64)
    // Initializes internal structures for extended compacted contexts.
    bool InitializeXState(HANDLE thread_handle, ULONG64 XStateCompactionMask);
#endif  // ARCH_CPU_X86_64
    void InitializeFromCurrentThread();
    bool InitializeNative(HANDLE thread_handle);

   private:
    // This is usually 0 but Windows might cause it to be positive when
    // fetching the extended context. This needs to be adjusted after
    // calls to InitializeContext2().
    size_t offset_;
    bool initialized_;
    std::vector<unsigned char> data_;
  };

  //! \brief Contains information about a thread that belongs to a process.
  struct Thread {
    Thread();
    ~Thread() {}

    ThreadContext context;
    std::string name;
    uint64_t id;
    WinVMAddress teb_address;
    WinVMSize teb_size;
    WinVMAddress stack_region_address;
    WinVMSize stack_region_size;
    uint32_t suspend_count;
    uint32_t priority_class;
    uint32_t priority;
  };

  ProcessReaderWin();

  ProcessReaderWin(const ProcessReaderWin&) = delete;
  ProcessReaderWin& operator=(const ProcessReaderWin&) = delete;

  ~ProcessReaderWin();

  //! \brief Initializes this object. This method must be called before any
  //!     other.
  //!
  //! \param[in] process Process handle, must have `PROCESS_QUERY_INFORMATION`,
  //!     `PROCESS_VM_READ`, and `PROCESS_DUP_HANDLE` access.
  //! \param[in] suspension_state Whether \a process has already been suspended
  //!     by the caller. Typically, this will be
  //!     ProcessSuspensionState::kSuspended, except for testing uses and where
  //!     the reader is reading itself.
  //!
  //! \return `true` on success, indicating that this object will respond
  //!     validly to further method calls. `false` on failure. On failure, no
  //!     further method calls should be made.
  //!
  //! \sa ScopedProcessSuspend
  bool Initialize(HANDLE process, ProcessSuspensionState suspension_state);

  //! \return `true` if the target task is a 64-bit process.
  bool Is64Bit() const { return process_info_.Is64Bit(); }

  //! \brief Return a memory reader for the target process.
  const ProcessMemoryWin* Memory() const { return &process_memory_; }

  //! \brief Determines the target process' start time.
  //!
  //! \param[out] start_time The time that the process started.
  //!
  //! \return `true` on success, `false` on failure, with a warning logged.
  bool StartTime(timeval* start_time) const;

  //! \brief Determines the target process' execution time.
  //!
  //! \param[out] user_time The amount of time the process has executed code in
  //!     user mode.
  //! \param[out] system_time The amount of time the process has executed code
  //!     in kernel mode.
  //!
  //! \return `true` on success, `false` on failure, with a warning logged.
  bool CPUTimes(timeval* user_time, timeval* system_time) const;

  //! \return The threads that are in the process. The first element (at index
  //!     `0`) corresponds to the main thread.
  const std::vector<Thread>& Threads();

  //! \return The modules loaded in the process. The first element (at index
  //!     `0`) corresponds to the main executable.
  const std::vector<ProcessInfo::Module>& Modules();

  //! \return A ProcessInfo object for the process being read.
  const ProcessInfo& GetProcessInfo() const;

  //! \brief Decrements the thread suspend counts for all thread ids other than
  //!     \a except_thread_id.
  //!
  //! Used to adjust the thread suspend count to correspond to the actual values
  //! for the process before Crashpad got involved.
  void DecrementThreadSuspendCounts(uint64_t except_thread_id);

 private:
  template <class Traits>
  void ReadThreadData(bool is_64_reading_32);

  HANDLE process_;
  ProcessInfo process_info_;
  ProcessMemoryWin process_memory_;
  std::vector<Thread> threads_;
  std::vector<ProcessInfo::Module> modules_;
  ProcessSuspensionState suspension_state_;
  bool initialized_threads_;
  InitializationStateDcheck initialized_;
};

}  // namespace crashpad

#endif  // CRASHPAD_SNAPSHOT_WIN_PROCESS_READER_WIN_H_