Capture the memory for the loader lock (can be inspected by !cs), as
well as all locks that were created with .DebugInfo which can be viewed
with !locks.
e.g.
0:000> !cs ntdll!LdrpLoaderLock
-----------------------------------------
Critical section = 0x778d6410 (ntdll!LdrpLoaderLock+0x0)
DebugInfo = 0x778d6b6c
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x04000000
0:000> !locks -v
CritSec ntdll!RtlpProcessHeapsListLock+0 at 778d7620
LockCount NOT LOCKED
RecursionCount 0
OwningThread 0
EntryCount 0
ContentionCount 0
CritSec +7a0248 at 007a0248
LockCount NOT LOCKED
RecursionCount 0
OwningThread 0
EntryCount 0
ContentionCount 0
CritSec crashy_program!g_critical_section_with_debug_info+0 at 01342c48
LockCount NOT LOCKED
RecursionCount 0
OwningThread 0
EntryCount 0
ContentionCount 0
CritSec crashy_program!crashpad::`anonymous namespace'::g_test_critical_section+0 at 01342be0
WaiterWoken No
LockCount 0
RecursionCount 1
OwningThread 34b8
EntryCount 0
ContentionCount 0
*** Locked
Scanned 4 critical sections
R=mark@chromium.org
BUG=crashpad:52
Review URL: https://codereview.chromium.org/1392093003 .
When not building against the C++11 library headers, the compiler cannot
treat the lambda as lvalue. When building against the C++11 library headers, it
is converted to an rvalue.
BUG=chromium:542321
R=mark@chromium.org
Review URL: https://codereview.chromium.org/1406733003 .
Getting closer... Some tests passed on the last run, but the ones that
rely on having ntdll symbols fail on the bot. With `_NT_SYMBOL_PATH`
set, cdb will be able to download the PDBs so will be able to dump
data for `ntdll!_PEB`, etc.
R=mark@chromium.org
BUG=crashpad:46
Review URL: https://codereview.chromium.org/1402643002 .
Oops, was passing the out dir (...\crashpad\out), not the binary dir
(...\crashpad\out\Debug). Didn't notice because I was running the
script directly, rather than via run_tests.py. :/
R=mark@chromium.org
BUG=crashpad:46
Review URL: https://codereview.chromium.org/1394343005 .
I'd like to write some `expect(1)`-style tests (possibly using
http://pexpect.readthedocs.org/en/stable/) to verify that various windbg
commands that I'm adding support for do actually work when consuming
minidumps in real life.
For the moment, this is just the beginnings of a stub as I don't know if
bots even have windbg/cdb installed.
R=mark@chromium.org
BUG=crashpad:20, crashpad:46, crashpad:52
Review URL: https://codereview.chromium.org/1396943002 .
This script populates doc/generated. This directory is named in
.gitignore on the master branch, but will not be ignored on the doc
branch. The plan is to merge master into doc and run this script to
generate and check in a new set of generated docs.
BUG=crashpad:67
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/1397683003 .
I’ve accidentally created Crashpad databases when running
crashpad_database_util by mistyping the argument to --database. Typical
users of crashpad_database_util probably don’t want the database to be
created.
This adds a new --create option to crashpad_database_util that is
required to get it to create a database. If not present, a database will
not be created if it does not already exist.
TEST=crashpad_client_test CrashReportDatabaseTest.*
R=rsesek@chromium.org, scottmg@chromium.org
Review URL: https://codereview.chromium.org/1395653002 .
Previously, any attempt to create a new crash report database would
result in this message being logged:
[p:t:yyyymmdd,hhmmss.uuuuuu:ERROR file_io.cc:30] read: expected 40,
observed 0
This would be the first thing that a developer embedding Crashpad into
their application would see after getting everything right. It doesn’t
exactly seem like everything’s right with that being logged. It would
also be the first thing that a user would see on stderr or in logs upon
launching a Crashpad-enabled application, which also seems kind of
dodgy.
The crash report database settings creation logic is restructured to
avoid logging this error when definitely creating a new database, while
retaining all other error logging.
BUG=crashpad:63
TEST=crashpad_database_util --database $new_db --show-client-id
(should not show any errors)
R=rsesek@chromium.org, scottmg@chromium.org
Review URL: https://codereview.chromium.org/1392953002 .
This doesn’t really provide compatibility, it just ignores the
deprecation warning for +[NSURLConnection
sendSynchronousRequest:returningResponse:error:].
The suggested replacement, NSURLSession, was new in 10.9, and this code
needs to run on 10.6, so it’s not usable here, at least not without a
runtime check.
BUG=crashpad:65
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/1395673002 .
We already use all the shared constants for page protection and type,
so rather than making various incompatible structures, just use
the MEMORY_BASIC_INFORMATION64 one directly, so that it can be directly
used.
R=mark@chromium.org
BUG=crashpad:20, crashpad:46
Review URL: https://codereview.chromium.org/1375313005 .
This resolves some left-behind TODOs referring to a closed bug. It looks
like this should have worked since dfaa25af4929.
BUG=crashpad:13
TEST=crashpad_snapshot_test CrashReportDatabaseTest.*
R=scottmg@chromium.org
Review URL: https://codereview.chromium.org/1391993002 .
ExceptionPorts::GetExceptionPorts() returned a
std::vector<ExceptionPorts::ExceptionHandler>, which contained send
rights to Mach ports. The interface required callers to assume ownership
of each send right contained within the vector. This was cumbersome and
error-prone, and despite the care taken in Crashpad, port right leaks
did occur:
- SimulateCrash() didn’t make any attempt to release these resources at
all.
- Neither did crashpad_util_test ExceptionPorts.HostExceptionPorts,
which also reused a vector.
This replaces the vector with the interface-compatible (as far as
necessary) ExceptionPorts::ExceptionHandlerVector, which deallocates
collected port rights on destruction or clear().
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/1381023007 .
This is a weird option that causes crashpad_handler to discard the crash
handler it inherited and replace it with the system default. Its use is
not recommended.
BUG=chromium:538373
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/1391463002 .
If the task’s exception handler for EXC_CRASH, EXC_RESOURCE, and
EXC_GUARD exceptions cannot be set, clear the handler instead.
Nothing considered this function’s return value, and the only viable
fallback action on failure would have been to do what the function now
does, so its return type is changed to void.
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/1386943002 .
launchd actually does set the EXC_RESOURCE and EXC_GUARD handlers
exactly the same way that it sets the EXC_CRASH handler. See 10.9.5
launchd-842.92.1/src/core.c job_setup_exception_port().
Cases where an EXC_CRASH handler is set but EXC_RESOURCE and EXC_GUARD
handlers are not set occur when the exception ports are set by
/usr/bin/login instead of launchd. login looks up the
exception-reporting service by name and sets the exception port without
including EXC_MASK_RESOURCE or EXC_MASK_GUARD in the mask. See 10.10.5
system_cmds-643.30.1/login.tproj/login.c main().
login is a setuid executable, so it does not inherit its parent process’
exception handlers. See 10.10.5 xnu-2782.40.9/osfmk/kern/ipc_tt.c
ipc_task_reset().
Terminal.app executes login when establishing its command-line
environment, so the exception handlers set for Terminal.app itself
(including EXC_MASK_CRASH, EXC_MASK_RESOURCE, and EXC_MASK_GUARD) are
discarded, and then login sets an exception handler only for
EXC_MASK_CRASH. The same thing occurs for any other process descended
from login, including SSH sessions, because sshd executes login.
This is a bug in login filed as Apple radar 22978644. This bug led to a
misunderstanding about the use of EXC_RESOURCE and EXC_GUARD. Comments
that discuss this behavior are now reworded to be accurate, and
non-fatal EXC_RESOURCE exceptions are made eligible for forwarding to
the user ReportCrash (because it would normally handle them in the
absence of Crashpad) while Crashpad itself will still skip processing
them.
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/1391453002 .
This wraps bootstrap_check_in() in BootstrapCheckIn(), and
bootstrap_look_up() in BootstrapLookUp(). The wrappers make it more
difficult to accidentally leak a returned right. They’re easier to use,
encapsulating common error checking and logging, simplifying all call
sites.
TEST=crashpad_util_test MachExtensions.BootstrapCheckInAndLookUp
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/1383283003 .
Chrome’s relauncher process needs a way to sever ties with the
crashpad_handler instance running from the disk image in order to cause
that instance to exit so that the disk image may be unmounted. This new
function is otherwise not thought to be interesting, and its use is not
recommended.
This comes with a small refactoring to create a
SystemCrashReporterHandler() function, and a fix for a minor port leak
in CrashReportExceptionHandler::CatchMachException().
BUG=chromium:538373
R=rsesek@chromium.org
Review URL: https://codereview.chromium.org/1375573005 .
Sadly this code did not survive a collision with the real world. In
probing for the environment block there's a MEM_COMMIT region followed
directly by a MEM_RESERVE region (past the end of the environment
block).
Update region checker to correctly treat MEM_RESERVE as inaccessible.
R=mark@chromium.org
BUG=crashpad:20, crashpad:46, crashpad:59
Review URL: https://codereview.chromium.org/1370063005 .
On Win10, VirtualQueryEx supports querying the x64 part of WOW64
processes. However, on lower OSs it errors past 2/3G. There's no direct
way to retrieve to maximum memory address for processes other than
yourself, but fortunately, VirtualQueryEx sets a distinct error code
when `lpAddress` exceeds the maximum accessible address, so we can just
terminate successfully in that case.
R=mark@chromium.org
BUG=crashpad:20, crashpad:46
Review URL: https://codereview.chromium.org/1376353002 .
Windows requires the connection to the handler to do anything, so it
can't really be implemented or tested without CrashpadClient and the
connection machinery.
R=mark@chromium.org
BUG=crashpad:53
Review URL: https://codereview.chromium.org/1356383002 .
This makes the basics of !peb work in windbg, however, pointed-to things
are not yet retrieved. For full functionality, a variety of pointers in
the PEB also needs to be walked and captured.
e.g.
Previously:
0:000> .ecxr
eax=00000007 ebx=7e383000 ecx=c3f9a943 edx=00000000 esi=006d62d0 edi=003c9280
eip=00384828 esp=005bf634 ebp=005bf638 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246
crashy_program!crashpad::`anonymous namespace'::SomeCrashyFunction+0x28:
00384828 c7002a000000 mov dword ptr [eax],2Ah ds:002b:00000007=????????
0:000> !peb
PEB at 7e383000
error 1 InitTypeRead( nt!_PEB at 7e383000)...
Now:
0:000> .ecxr
eax=00000007 ebx=7f958000 ecx=02102f4d edx=00000000 esi=00e162d0 edi=01389280
eip=01344828 esp=00c2fb64 ebp=00c2fb68 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246
crashy_program!crashpad::`anonymous namespace'::SomeCrashyFunction+0x28:
01344828 c7002a000000 mov dword ptr [eax],2Ah ds:002b:00000007=????????
0:000> !peb
PEB at 7f958000
InheritedAddressSpace: No
ReadImageFileExecOptions: No
BeingDebugged: No
ImageBaseAddress: 01340000
Ldr 77ec8b40
*** unable to read Ldr table at 77ec8b40
SubSystemData: 00000000
ProcessHeap: 00e10000
ProcessParameters: 00e114e0
CurrentDirectory: '< Name not readable >'
WindowTitle: '< Name not readable >'
ImageFile: '< Name not readable >'
CommandLine: '< Name not readable >'
DllPath: '< Name not readable >'
Environment: 00000000
Unable to read Environment string.
R=mark@chromium.org
BUG=crashpad:46
Review URL: https://codereview.chromium.org/1364053002 .
