crashpad/snapshot/win/process_snapshot_win.h

198 lines
7.7 KiB
C
Raw Normal View History

// Copyright 2015 The Crashpad Authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef CRASHPAD_SNAPSHOT_WIN_PROCESS_SNAPSHOT_WIN_H_
#define CRASHPAD_SNAPSHOT_WIN_PROCESS_SNAPSHOT_WIN_H_
#include <windows.h>
#include <sys/time.h>
#include <map>
#include <string>
#include <vector>
#include "base/basictypes.h"
#include "base/memory/scoped_ptr.h"
#include "client/crashpad_info.h"
#include "snapshot/crashpad_info_client_options.h"
#include "snapshot/exception_snapshot.h"
#include "snapshot/memory_map_region_snapshot.h"
win: Save contents of PEB to minidump to start making !peb work This makes the basics of !peb work in windbg, however, pointed-to things are not yet retrieved. For full functionality, a variety of pointers in the PEB also needs to be walked and captured. e.g. Previously: 0:000> .ecxr eax=00000007 ebx=7e383000 ecx=c3f9a943 edx=00000000 esi=006d62d0 edi=003c9280 eip=00384828 esp=005bf634 ebp=005bf638 iopl=0 nv up ei pl zr na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246 crashy_program!crashpad::`anonymous namespace'::SomeCrashyFunction+0x28: 00384828 c7002a000000 mov dword ptr [eax],2Ah ds:002b:00000007=???????? 0:000> !peb PEB at 7e383000 error 1 InitTypeRead( nt!_PEB at 7e383000)... Now: 0:000> .ecxr eax=00000007 ebx=7f958000 ecx=02102f4d edx=00000000 esi=00e162d0 edi=01389280 eip=01344828 esp=00c2fb64 ebp=00c2fb68 iopl=0 nv up ei pl zr na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246 crashy_program!crashpad::`anonymous namespace'::SomeCrashyFunction+0x28: 01344828 c7002a000000 mov dword ptr [eax],2Ah ds:002b:00000007=???????? 0:000> !peb PEB at 7f958000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 01340000 Ldr 77ec8b40 *** unable to read Ldr table at 77ec8b40 SubSystemData: 00000000 ProcessHeap: 00e10000 ProcessParameters: 00e114e0 CurrentDirectory: '< Name not readable >' WindowTitle: '< Name not readable >' ImageFile: '< Name not readable >' CommandLine: '< Name not readable >' DllPath: '< Name not readable >' Environment: 00000000 Unable to read Environment string. R=mark@chromium.org BUG=crashpad:46 Review URL: https://codereview.chromium.org/1364053002 .
2015-09-25 10:31:02 -07:00
#include "snapshot/memory_snapshot.h"
#include "snapshot/module_snapshot.h"
#include "snapshot/process_snapshot.h"
#include "snapshot/system_snapshot.h"
#include "snapshot/thread_snapshot.h"
#include "snapshot/win/exception_snapshot_win.h"
#include "snapshot/win/memory_map_region_snapshot_win.h"
win: Save contents of PEB to minidump to start making !peb work This makes the basics of !peb work in windbg, however, pointed-to things are not yet retrieved. For full functionality, a variety of pointers in the PEB also needs to be walked and captured. e.g. Previously: 0:000> .ecxr eax=00000007 ebx=7e383000 ecx=c3f9a943 edx=00000000 esi=006d62d0 edi=003c9280 eip=00384828 esp=005bf634 ebp=005bf638 iopl=0 nv up ei pl zr na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246 crashy_program!crashpad::`anonymous namespace'::SomeCrashyFunction+0x28: 00384828 c7002a000000 mov dword ptr [eax],2Ah ds:002b:00000007=???????? 0:000> !peb PEB at 7e383000 error 1 InitTypeRead( nt!_PEB at 7e383000)... Now: 0:000> .ecxr eax=00000007 ebx=7f958000 ecx=02102f4d edx=00000000 esi=00e162d0 edi=01389280 eip=01344828 esp=00c2fb64 ebp=00c2fb68 iopl=0 nv up ei pl zr na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246 crashy_program!crashpad::`anonymous namespace'::SomeCrashyFunction+0x28: 01344828 c7002a000000 mov dword ptr [eax],2Ah ds:002b:00000007=???????? 0:000> !peb PEB at 7f958000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 01340000 Ldr 77ec8b40 *** unable to read Ldr table at 77ec8b40 SubSystemData: 00000000 ProcessHeap: 00e10000 ProcessParameters: 00e114e0 CurrentDirectory: '< Name not readable >' WindowTitle: '< Name not readable >' ImageFile: '< Name not readable >' CommandLine: '< Name not readable >' DllPath: '< Name not readable >' Environment: 00000000 Unable to read Environment string. R=mark@chromium.org BUG=crashpad:46 Review URL: https://codereview.chromium.org/1364053002 .
2015-09-25 10:31:02 -07:00
#include "snapshot/win/memory_snapshot_win.h"
#include "snapshot/win/module_snapshot_win.h"
#include "snapshot/win/system_snapshot_win.h"
#include "snapshot/win/thread_snapshot_win.h"
#include "util/misc/initialization_state_dcheck.h"
#include "util/misc/uuid.h"
#include "util/win/address_types.h"
win: Add more memory regions to gathering of PEB Previously: 0:000> !peb PEB at 7f374000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 01380000 Ldr 77ec8b40 *** unable to read Ldr table at 77ec8b40 SubSystemData: 00000000 ProcessHeap: 00740000 ProcessParameters: 007414e0 CurrentDirectory: '< Name not readable >' WindowTitle: '< Name not readable >' ImageFile: '< Name not readable >' CommandLine: '< Name not readable >' DllPath: '< Name not readable >' Environment: 00000000 Unable to read Environment string. Now: 0:000> !peb PEB at 7f494000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 00ef0000 Ldr 77ec8b40 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 01042b68 . 01043c68 Ldr.InLoadOrderModuleList: 01042c38 . 01043c58 Ldr.InMemoryOrderModuleList: 01042c40 . 01043c60 Base TimeStamp Module ef0000 5609bd17 Sep 28 15:20:07 2015 d:\src\crashpad\crashpad\out\debug\crashy_program.exe 77dc0000 55c599e1 Aug 07 22:55:45 2015 C:\Windows\SYSTEM32\ntdll.dll 758e0000 559f3b21 Jul 09 20:25:21 2015 C:\Windows\SYSTEM32\KERNEL32.DLL 76850000 559f3b2a Jul 09 20:25:30 2015 C:\Windows\SYSTEM32\KERNELBASE.dll SubSystemData: 00000000 ProcessHeap: 01040000 ProcessParameters: 01041520 CurrentDirectory: 'd:\src\crashpad\crashpad\' WindowTitle: 'out\debug\crashy_program.exe \\.\pipe\stuff' ImageFile: 'd:\src\crashpad\crashpad\out\debug\crashy_program.exe' CommandLine: 'out\debug\crashy_program.exe \\.\pipe\stuff' DllPath: '< Name not readable >' Environment: 010405c8 =D:=d:\src\crashpad\crashpad =ExitCode=C0000005 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\scott\AppData\Roaming CommonProgramFiles=C:\Program Files (x86)\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files ... R=mark@chromium.org BUG=crashpad:46 Review URL: https://codereview.chromium.org/1360863006 .
2015-10-01 15:24:12 -07:00
#include "util/win/process_structs.h"
#include "util/stdlib/pointer_container.h"
namespace crashpad {
//! \brief A ProcessSnapshot of a running (or crashed) process running on a
//! Windows system.
class ProcessSnapshotWin final : public ProcessSnapshot {
public:
ProcessSnapshotWin();
~ProcessSnapshotWin() override;
//! \brief Initializes the object.
//!
//! \param[in] process The handle to create a snapshot from.
//! \param[in] suspension_state Whether \a process has been suspended by the
//! caller.
//! \param[in] debug_critical_section_address The address in the target
//! process's address space of a `CRITICAL_SECTION` allocated with valid
//! `.DebugInfo`. Used as a starting point to walk the process's locks.
//! May be `0`.
//!
//! \return `true` if the snapshot could be created, `false` otherwise with
//! an appropriate message logged.
//!
//! \sa ScopedProcessSuspend
bool Initialize(HANDLE process,
ProcessSuspensionState suspension_state,
WinVMAddress debug_critical_section_address);
//! \brief Initializes the object's exception.
//!
//! This populates the data to be returned by Exception().
//!
//! This method must not be called until after a successful call to
//! Initialize().
//!
//! \param[in] exception_information_address The address in the client
//! process's address space of an ExceptionInformation structure.
//!
//! \return `true` if the exception information could be initialized, `false`
//! otherwise with an appropriate message logged. When this method returns
//! `false`, the ProcessSnapshotWin object's validity remains unchanged.
bool InitializeException(WinVMAddress exception_information_address);
//! \brief Sets the value to be returned by ReportID().
//!
//! The crash report ID is under the control of the snapshot producer, which
//! may call this method to set the report ID. If this is not done, ReportID()
//! will return an identifier consisting entirely of zeroes.
void SetReportID(const UUID& report_id) { report_id_ = report_id; }
//! \brief Sets the value to be returned by ClientID().
//!
//! The client ID is under the control of the snapshot producer, which may
//! call this method to set the client ID. If this is not done, ClientID()
//! will return an identifier consisting entirely of zeroes.
void SetClientID(const UUID& client_id) { client_id_ = client_id; }
//! \brief Sets the value to be returned by AnnotationsSimpleMap().
//!
//! All process annotations are under the control of the snapshot producer,
//! which may call this method to establish these annotations. Contrast this
//! with module annotations, which are under the control of the process being
//! snapshotted.
void SetAnnotationsSimpleMap(
const std::map<std::string, std::string>& annotations_simple_map) {
annotations_simple_map_ = annotations_simple_map;
}
//! \brief Returns options from CrashpadInfo structures found in modules in
//! the process.
//!
//! \param[out] options Options set in CrashpadInfo structures in modules in
//! the process.
void GetCrashpadOptions(CrashpadInfoClientOptions* options);
// ProcessSnapshot:
pid_t ProcessID() const override;
pid_t ParentProcessID() const override;
void SnapshotTime(timeval* snapshot_time) const override;
void ProcessStartTime(timeval* start_time) const override;
void ProcessCPUTimes(timeval* user_time, timeval* system_time) const override;
void ReportID(UUID* report_id) const override;
void ClientID(UUID* client_id) const override;
const std::map<std::string, std::string>& AnnotationsSimpleMap()
const override;
const SystemSnapshot* System() const override;
std::vector<const ThreadSnapshot*> Threads() const override;
std::vector<const ModuleSnapshot*> Modules() const override;
const ExceptionSnapshot* Exception() const override;
std::vector<const MemoryMapRegionSnapshot*> MemoryMap() const override;
std::vector<HandleSnapshot> Handles() const override;
win: Save contents of PEB to minidump to start making !peb work This makes the basics of !peb work in windbg, however, pointed-to things are not yet retrieved. For full functionality, a variety of pointers in the PEB also needs to be walked and captured. e.g. Previously: 0:000> .ecxr eax=00000007 ebx=7e383000 ecx=c3f9a943 edx=00000000 esi=006d62d0 edi=003c9280 eip=00384828 esp=005bf634 ebp=005bf638 iopl=0 nv up ei pl zr na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246 crashy_program!crashpad::`anonymous namespace'::SomeCrashyFunction+0x28: 00384828 c7002a000000 mov dword ptr [eax],2Ah ds:002b:00000007=???????? 0:000> !peb PEB at 7e383000 error 1 InitTypeRead( nt!_PEB at 7e383000)... Now: 0:000> .ecxr eax=00000007 ebx=7f958000 ecx=02102f4d edx=00000000 esi=00e162d0 edi=01389280 eip=01344828 esp=00c2fb64 ebp=00c2fb68 iopl=0 nv up ei pl zr na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246 crashy_program!crashpad::`anonymous namespace'::SomeCrashyFunction+0x28: 01344828 c7002a000000 mov dword ptr [eax],2Ah ds:002b:00000007=???????? 0:000> !peb PEB at 7f958000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 01340000 Ldr 77ec8b40 *** unable to read Ldr table at 77ec8b40 SubSystemData: 00000000 ProcessHeap: 00e10000 ProcessParameters: 00e114e0 CurrentDirectory: '< Name not readable >' WindowTitle: '< Name not readable >' ImageFile: '< Name not readable >' CommandLine: '< Name not readable >' DllPath: '< Name not readable >' Environment: 00000000 Unable to read Environment string. R=mark@chromium.org BUG=crashpad:46 Review URL: https://codereview.chromium.org/1364053002 .
2015-09-25 10:31:02 -07:00
std::vector<const MemorySnapshot*> ExtraMemory() const override;
private:
// Initializes threads_ on behalf of Initialize().
void InitializeThreads();
// Initializes modules_ on behalf of Initialize().
void InitializeModules();
// Initializes various memory blocks reachable from the PEB on behalf of
// Initialize().
win: Add more memory regions to gathering of PEB Previously: 0:000> !peb PEB at 7f374000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 01380000 Ldr 77ec8b40 *** unable to read Ldr table at 77ec8b40 SubSystemData: 00000000 ProcessHeap: 00740000 ProcessParameters: 007414e0 CurrentDirectory: '< Name not readable >' WindowTitle: '< Name not readable >' ImageFile: '< Name not readable >' CommandLine: '< Name not readable >' DllPath: '< Name not readable >' Environment: 00000000 Unable to read Environment string. Now: 0:000> !peb PEB at 7f494000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 00ef0000 Ldr 77ec8b40 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 01042b68 . 01043c68 Ldr.InLoadOrderModuleList: 01042c38 . 01043c58 Ldr.InMemoryOrderModuleList: 01042c40 . 01043c60 Base TimeStamp Module ef0000 5609bd17 Sep 28 15:20:07 2015 d:\src\crashpad\crashpad\out\debug\crashy_program.exe 77dc0000 55c599e1 Aug 07 22:55:45 2015 C:\Windows\SYSTEM32\ntdll.dll 758e0000 559f3b21 Jul 09 20:25:21 2015 C:\Windows\SYSTEM32\KERNEL32.DLL 76850000 559f3b2a Jul 09 20:25:30 2015 C:\Windows\SYSTEM32\KERNELBASE.dll SubSystemData: 00000000 ProcessHeap: 01040000 ProcessParameters: 01041520 CurrentDirectory: 'd:\src\crashpad\crashpad\' WindowTitle: 'out\debug\crashy_program.exe \\.\pipe\stuff' ImageFile: 'd:\src\crashpad\crashpad\out\debug\crashy_program.exe' CommandLine: 'out\debug\crashy_program.exe \\.\pipe\stuff' DllPath: '< Name not readable >' Environment: 010405c8 =D:=d:\src\crashpad\crashpad =ExitCode=C0000005 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\scott\AppData\Roaming CommonProgramFiles=C:\Program Files (x86)\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files ... R=mark@chromium.org BUG=crashpad:46 Review URL: https://codereview.chromium.org/1360863006 .
2015-10-01 15:24:12 -07:00
template <class Traits>
void InitializePebData(WinVMAddress debug_critical_section_address);
win: Add more memory regions to gathering of PEB Previously: 0:000> !peb PEB at 7f374000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 01380000 Ldr 77ec8b40 *** unable to read Ldr table at 77ec8b40 SubSystemData: 00000000 ProcessHeap: 00740000 ProcessParameters: 007414e0 CurrentDirectory: '< Name not readable >' WindowTitle: '< Name not readable >' ImageFile: '< Name not readable >' CommandLine: '< Name not readable >' DllPath: '< Name not readable >' Environment: 00000000 Unable to read Environment string. Now: 0:000> !peb PEB at 7f494000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 00ef0000 Ldr 77ec8b40 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 01042b68 . 01043c68 Ldr.InLoadOrderModuleList: 01042c38 . 01043c58 Ldr.InMemoryOrderModuleList: 01042c40 . 01043c60 Base TimeStamp Module ef0000 5609bd17 Sep 28 15:20:07 2015 d:\src\crashpad\crashpad\out\debug\crashy_program.exe 77dc0000 55c599e1 Aug 07 22:55:45 2015 C:\Windows\SYSTEM32\ntdll.dll 758e0000 559f3b21 Jul 09 20:25:21 2015 C:\Windows\SYSTEM32\KERNEL32.DLL 76850000 559f3b2a Jul 09 20:25:30 2015 C:\Windows\SYSTEM32\KERNELBASE.dll SubSystemData: 00000000 ProcessHeap: 01040000 ProcessParameters: 01041520 CurrentDirectory: 'd:\src\crashpad\crashpad\' WindowTitle: 'out\debug\crashy_program.exe \\.\pipe\stuff' ImageFile: 'd:\src\crashpad\crashpad\out\debug\crashy_program.exe' CommandLine: 'out\debug\crashy_program.exe \\.\pipe\stuff' DllPath: '< Name not readable >' Environment: 010405c8 =D:=d:\src\crashpad\crashpad =ExitCode=C0000005 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\scott\AppData\Roaming CommonProgramFiles=C:\Program Files (x86)\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files ... R=mark@chromium.org BUG=crashpad:46 Review URL: https://codereview.chromium.org/1360863006 .
2015-10-01 15:24:12 -07:00
void AddMemorySnapshot(WinVMAddress address,
WinVMSize size,
PointerVector<internal::MemorySnapshotWin>* into);
template <class Traits>
void AddMemorySnapshotForUNICODE_STRING(
const process_types::UNICODE_STRING<Traits>& us,
PointerVector<internal::MemorySnapshotWin>* into);
template <class Traits>
void AddMemorySnapshotForLdrLIST_ENTRY(
const process_types::LIST_ENTRY<Traits>& le,
size_t offset_of_member,
PointerVector<internal::MemorySnapshotWin>* into);
WinVMSize DetermineSizeOfEnvironmentBlock(
WinVMAddress start_of_environment_block);
// Starting from the address of a CRITICAL_SECTION, walks the doubly-linked
// list stored in RTL_CRITICAL_SECTION.DebugInfo.ProcessLocksList adding both
// the RTL_CRITICAL_SECTION and the RTL_CRITICAL_SECTION_DEBUG memory blocks
// to the snapshot.
template <class Traits>
void ReadLocks(WinVMAddress start,
PointerVector<internal::MemorySnapshotWin>* into);
internal::SystemSnapshotWin system_;
PointerVector<internal::MemorySnapshotWin> extra_memory_;
PointerVector<internal::ThreadSnapshotWin> threads_;
PointerVector<internal::ModuleSnapshotWin> modules_;
scoped_ptr<internal::ExceptionSnapshotWin> exception_;
PointerVector<internal::MemoryMapRegionSnapshotWin> memory_map_;
ProcessReaderWin process_reader_;
UUID report_id_;
UUID client_id_;
std::map<std::string, std::string> annotations_simple_map_;
timeval snapshot_time_;
InitializationStateDcheck initialized_;
DISALLOW_COPY_AND_ASSIGN(ProcessSnapshotWin);
};
} // namespace crashpad
#endif // CRASHPAD_SNAPSHOT_WIN_PROCESS_SNAPSHOT_WIN_H_