3party/crashpad
0
0
Fork 0
mirror of https://github.com/chromium/crashpad.git synced 2025-03-09 14:06:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

win: Add more memory regions to gathering of PEB

Browse Source 
Previously:

0:000> !peb
PEB at 7f374000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         01380000
    Ldr                       77ec8b40
    *** unable to read Ldr table at 77ec8b40
    SubSystemData:     00000000
    ProcessHeap:       00740000
    ProcessParameters: 007414e0
    CurrentDirectory:  '< Name not readable >'
    WindowTitle:  '< Name not readable >'
    ImageFile:    '< Name not readable >'
    CommandLine:  '< Name not readable >'
    DllPath:      '< Name not readable >'
    Environment:  00000000
       Unable to read Environment string.

Now:

0:000> !peb
PEB at 7f494000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         00ef0000
    Ldr                       77ec8b40
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 01042b68 . 01043c68
    Ldr.InLoadOrderModuleList:           01042c38 . 01043c58
    Ldr.InMemoryOrderModuleList:         01042c40 . 01043c60
            Base TimeStamp                     Module
          ef0000 5609bd17 Sep 28 15:20:07 2015 d:\src\crashpad\crashpad\out\debug\crashy_program.exe
        77dc0000 55c599e1 Aug 07 22:55:45 2015 C:\Windows\SYSTEM32\ntdll.dll
        758e0000 559f3b21 Jul 09 20:25:21 2015 C:\Windows\SYSTEM32\KERNEL32.DLL
        76850000 559f3b2a Jul 09 20:25:30 2015 C:\Windows\SYSTEM32\KERNELBASE.dll
    SubSystemData:     00000000
    ProcessHeap:       01040000
    ProcessParameters: 01041520
    CurrentDirectory:  'd:\src\crashpad\crashpad\'
    WindowTitle:  'out\debug\crashy_program.exe  \\.\pipe\stuff'
    ImageFile:    'd:\src\crashpad\crashpad\out\debug\crashy_program.exe'
    CommandLine:  'out\debug\crashy_program.exe  \\.\pipe\stuff'
    DllPath:      '< Name not readable >'
    Environment:  010405c8
        =D:=d:\src\crashpad\crashpad
        =ExitCode=C0000005
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\Users\scott\AppData\Roaming
        CommonProgramFiles=C:\Program Files (x86)\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
...

R=mark@chromium.org
BUG=crashpad:46

Review URL: https://codereview.chromium.org/1360863006 .
This commit is contained in:
Scott Graham 2015-10-01 15:24:12 -07:00
parent d8769ed212
commit 23ab86bc19
4 changed files with 256 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
snapshot/win/process_reader_win.cc
View File

@ -18,6 +18,7 @@
#include "base/memory/scoped_ptr.h"
#include "base/numerics/safe_conversions.h"
#include "base/strings/stringprintf.h"
#include "util/win/capture_context.h"
#include "util/win/nt_internals.h"
#include "util/win/ntstatus_logging.h"
@ -214,6 +215,9 @@ bool ProcessReaderWin::Initialize(HANDLE process,
bool ProcessReaderWin::ReadMemory(WinVMAddress at,
WinVMSize num_bytes,
void* into) const {
if (num_bytes == 0)
return 0;
SIZE_T bytes_read;
if (!ReadProcessMemory(process_,
reinterpret_cast<void*>(at),
@ -228,6 +232,41 @@ bool ProcessReaderWin::ReadMemory(WinVMAddress at,
return true;
}
WinVMSize ProcessReaderWin::ReadAvailableMemory(WinVMAddress at,
WinVMSize num_bytes,
void* into) const {
if (num_bytes == 0)
return 0;
auto ranges = process_info_.GetReadableRanges(
CheckedRange<WinVMAddress, WinVMSize>(at, num_bytes));
// We only read up until the first unavailable byte, so we only read from the
// first range. If we have no ranges, then no bytes were accessible anywhere
// in the range.
if (ranges.empty()) {
LOG(ERROR) << base::StringPrintf(
"range at 0x%llx, size 0x%llx completely inaccessible", at, num_bytes);
return 0;
}
// If the start address was adjusted, we couldn't read even the first
// requested byte.
if (ranges.front().base() != at) {
LOG(ERROR) << base::StringPrintf(
"start of range at 0x%llx, size 0x%llx inaccessible", at, num_bytes);
return 0;
}
DCHECK_LE(ranges.front().size(), num_bytes);
// If we fail on a normal read, then something went very wrong.
if (!ReadMemory(ranges.front().base(), ranges.front().size(), into))
return 0;
return ranges.front().size();
}
bool ProcessReaderWin::StartTime(timeval* start_time) const {
FILETIME creation, exit, kernel, user;
if (!GetProcessTimes(process_, &creation, &exit, &kernel, &user)) {

18
snapshot/win/process_reader_win.h
View File

@ -83,8 +83,26 @@ class ProcessReaderWin {
//! \return `true` if the target task is a 64-bit process.
bool Is64Bit() const { return process_info_.Is64Bit(); }
//! \brief Attempts to read \a num_bytes bytes from the target process
//! starting at address \a at into \a into.
//!
//! \return `true` if the entire region could be read, or `false` with an
//! error logged.
//!
//! \sa ReadAvailableMemory
bool ReadMemory(WinVMAddress at, WinVMSize num_bytes, void* into) const;
//! \brief Attempts to read \a num_bytes bytes from the target process
//! starting at address \a at into \a into. If some of the specified range
//! is not accessible, reads up to the first inaccessible byte.
//!
//! \return The actual number of bytes read.
//!
//! \sa ReadMemory
WinVMSize ReadAvailableMemory(WinVMAddress at,
WinVMSize num_bytes,
void* into) const;
//! \brief Determines the target process' start time.
//!
//! \param[out] start_time The time that the process started.

180
snapshot/win/process_snapshot_win.cc
View File

@ -14,7 +14,10 @@
#include "snapshot/win/process_snapshot_win.h"
#include <algorithm>
#include "base/logging.h"
#include "base/strings/stringprintf.h"
#include "snapshot/win/module_snapshot_win.h"
#include "util/win/registration_protocol_win.h"
#include "util/win/time.h"
@ -48,10 +51,11 @@ bool ProcessSnapshotWin::Initialize(HANDLE process,
return false;
system_.Initialize(&process_reader_);
WinVMAddress peb_address;
WinVMSize peb_size;
process_reader_.GetProcessInfo().Peb(&peb_address, &peb_size);
peb_.Initialize(&process_reader_, peb_address, peb_size);
if (process_reader_.Is64Bit())
InitializePebData<process_types::internal::Traits64>();
else
InitializePebData<process_types::internal::Traits32>();
InitializeThreads();
InitializeModules();
@ -186,7 +190,8 @@ const ExceptionSnapshot* ProcessSnapshotWin::Exception() const {
std::vector<const MemorySnapshot*> ProcessSnapshotWin::ExtraMemory() const {
INITIALIZATION_STATE_DCHECK_VALID(initialized_);
std::vector<const MemorySnapshot*> extra_memory;
extra_memory.push_back(&peb_);
for (const auto& peb_memory : peb_memory_)
extra_memory.push_back(peb_memory);
return extra_memory;
}
@ -214,4 +219,169 @@ void ProcessSnapshotWin::InitializeModules() {
}
}
template <class Traits>
void ProcessSnapshotWin::InitializePebData() {
WinVMAddress peb_address;
WinVMSize peb_size;
process_reader_.GetProcessInfo().Peb(&peb_address, &peb_size);
AddMemorySnapshot(peb_address, peb_size, &peb_memory_);
process_types::PEB<Traits> peb_data;
if (!process_reader_.ReadMemory(peb_address, peb_size, &peb_data)) {
LOG(ERROR) << "ReadMemory PEB";
return;
}
process_types::PEB_LDR_DATA<Traits> peb_ldr_data;
AddMemorySnapshot(peb_data.Ldr, sizeof(peb_ldr_data), &peb_memory_);
if (!process_reader_.ReadMemory(
peb_data.Ldr, sizeof(peb_ldr_data), &peb_ldr_data)) {
LOG(ERROR) << "ReadMemory PEB_LDR_DATA";
} else {
// Walk the LDR structure to retrieve its pointed-to data.
AddMemorySnapshotForLdrLIST_ENTRY(
peb_ldr_data.InLoadOrderModuleList,
offsetof(process_types::LDR_DATA_TABLE_ENTRY<Traits>, InLoadOrderLinks),
&peb_memory_);
AddMemorySnapshotForLdrLIST_ENTRY(
peb_ldr_data.InMemoryOrderModuleList,
offsetof(process_types::LDR_DATA_TABLE_ENTRY<Traits>,
InMemoryOrderLinks),
&peb_memory_);
AddMemorySnapshotForLdrLIST_ENTRY(
peb_ldr_data.InInitializationOrderModuleList,
offsetof(process_types::LDR_DATA_TABLE_ENTRY<Traits>,
InInitializationOrderLinks),
&peb_memory_);
}
process_types::RTL_USER_PROCESS_PARAMETERS<Traits> process_parameters;
if (!process_reader_.ReadMemory(peb_data.ProcessParameters,
sizeof(process_parameters),
&process_parameters)) {
LOG(ERROR) << "ReadMemory RTL_USER_PROCESS_PARAMETERS";
return;
}
AddMemorySnapshot(
peb_data.ProcessParameters, sizeof(process_parameters), &peb_memory_);
AddMemorySnapshotForUNICODE_STRING(
process_parameters.CurrentDirectory.DosPath, &peb_memory_);
AddMemorySnapshotForUNICODE_STRING(process_parameters.DllPath, &peb_memory_);
AddMemorySnapshotForUNICODE_STRING(process_parameters.ImagePathName,
&peb_memory_);
AddMemorySnapshotForUNICODE_STRING(process_parameters.CommandLine,
&peb_memory_);
AddMemorySnapshotForUNICODE_STRING(process_parameters.WindowTitle,
&peb_memory_);
AddMemorySnapshotForUNICODE_STRING(process_parameters.DesktopInfo,
&peb_memory_);
AddMemorySnapshotForUNICODE_STRING(process_parameters.ShellInfo,
&peb_memory_);
AddMemorySnapshotForUNICODE_STRING(process_parameters.RuntimeData,
&peb_memory_);
AddMemorySnapshot(
process_parameters.Environment,
DetermineSizeOfEnvironmentBlock(process_parameters.Environment),
&peb_memory_);
}
void ProcessSnapshotWin::AddMemorySnapshot(
WinVMAddress address,
WinVMSize size,
PointerVector<internal::MemorySnapshotWin>* into) {
if (size == 0)
return;
// Ensure that the entire range is readable. TODO(scottmg): Consider
// generalizing this as part of
// https://code.google.com/p/crashpad/issues/detail?id=59.
auto ranges = process_reader_.GetProcessInfo().GetReadableRanges(
CheckedRange<WinVMAddress, WinVMSize>(address, size));
if (ranges.size() != 1) {
LOG(ERROR) << base::StringPrintf(
"range at 0x%llx, size 0x%llx fully unreadable", address, size);
return;
}
if (ranges[0].base() != address || ranges[0].size() != size) {
LOG(ERROR) << base::StringPrintf(
"some of range at 0x%llx, size 0x%llx unreadable", address, size);
return;
}
// If we have already added this exact range, don't add it again. This is
// useful for the LDR module lists which are a set of doubly-linked lists, all
// pointing to the same module name strings.
// TODO(scottmg): A more general version of this, handling overlapping,
// contained, etc. https://code.google.com/p/crashpad/issues/detail?id=61.
for (const auto& memory_snapshot : *into) {
if (memory_snapshot->Address() == address &&
memory_snapshot->Size() == size) {
return;
}
}
internal::MemorySnapshotWin* memory_snapshot =
new internal::MemorySnapshotWin();
memory_snapshot->Initialize(&process_reader_, address, size);
into->push_back(memory_snapshot);
}
template <class Traits>
void ProcessSnapshotWin::AddMemorySnapshotForUNICODE_STRING(
const process_types::UNICODE_STRING<Traits>& us,
PointerVector<internal::MemorySnapshotWin>* into) {
AddMemorySnapshot(us.Buffer, us.Length, into);
}
template <class Traits>
void ProcessSnapshotWin::AddMemorySnapshotForLdrLIST_ENTRY(
const process_types::LIST_ENTRY<Traits>& le, size_t offset_of_member,
PointerVector<internal::MemorySnapshotWin>* into) {
// Walk the doubly-linked list of entries, adding the list memory itself, as
// well as pointed-to strings.
Traits::Pointer last = le.Blink;
process_types::LDR_DATA_TABLE_ENTRY<Traits> entry;
Traits::Pointer cur = le.Flink;
for (;;) {
// |cur| is the pointer to LIST_ENTRY embedded in the LDR_DATA_TABLE_ENTRY.
// So we need to offset back to the beginning of the structure.
if (!process_reader_.ReadMemory(
cur - offset_of_member, sizeof(entry), &entry)) {
return;
}
AddMemorySnapshot(cur - offset_of_member, sizeof(entry), into);
AddMemorySnapshotForUNICODE_STRING(entry.FullDllName, into);
AddMemorySnapshotForUNICODE_STRING(entry.BaseDllName, into);
process_types::LIST_ENTRY<Traits>* links =
reinterpret_cast<process_types::LIST_ENTRY<Traits>*>(
reinterpret_cast<unsigned char*>(&entry) + offset_of_member);
cur = links->Flink;
if (cur == last)
break;
}
}
WinVMSize ProcessSnapshotWin::DetermineSizeOfEnvironmentBlock(
WinVMAddress start_of_environment_block) {
// http://blogs.msdn.com/b/oldnewthing/archive/2010/02/03/9957320.aspx On
// newer OSs there's no stated limit, but in practice grabbing 32k characters
// should be more than enough.
std::wstring env_block;
env_block.resize(32768);
WinVMSize bytes_read = process_reader_.ReadAvailableMemory(
start_of_environment_block,
env_block.size() * sizeof(env_block[0]),
&env_block[0]);
env_block.resize(
static_cast<unsigned int>(bytes_read / sizeof(env_block[0])));
const wchar_t terminator[] = { 0, 0 };
size_t at = env_block.find(std::wstring(terminator, arraysize(terminator)));
if (at != std::wstring::npos)
env_block.resize(at + arraysize(terminator));
return env_block.size() * sizeof(env_block[0]);
}
} // namespace crashpad

25
snapshot/win/process_snapshot_win.h
View File

@ -40,6 +40,7 @@
#include "util/misc/initialization_state_dcheck.h"
#include "util/misc/uuid.h"
#include "util/win/address_types.h"
#include "util/win/process_structs.h"
#include "util/stdlib/pointer_container.h"
namespace crashpad {
@ -134,8 +135,30 @@ class ProcessSnapshotWin final : public ProcessSnapshot {
// Initializes modules_ on behalf of Initialize().
void InitializeModules();
// Initializes peb_memory_ on behalf of Initialize().
template <class Traits>
void InitializePebData();
void AddMemorySnapshot(WinVMAddress address,
WinVMSize size,
PointerVector<internal::MemorySnapshotWin>* into);
template <class Traits>
void AddMemorySnapshotForUNICODE_STRING(
const process_types::UNICODE_STRING<Traits>& us,
PointerVector<internal::MemorySnapshotWin>* into);
template <class Traits>
void AddMemorySnapshotForLdrLIST_ENTRY(
const process_types::LIST_ENTRY<Traits>& le,
size_t offset_of_member,
PointerVector<internal::MemorySnapshotWin>* into);
WinVMSize DetermineSizeOfEnvironmentBlock(
WinVMAddress start_of_environment_block);
internal::SystemSnapshotWin system_;
internal::MemorySnapshotWin peb_;
PointerVector<internal::MemorySnapshotWin> peb_memory_;
PointerVector<internal::ThreadSnapshotWin> threads_;
PointerVector<internal::ModuleSnapshotWin> modules_;
scoped_ptr<internal::ExceptionSnapshotWin> exception_;