3party/crashpad
0
0
Fork 0
mirror of https://github.com/chromium/crashpad.git synced 2025-03-10 06:36:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
crashpad/snapshot/process_snapshot.h
Scott Graham 0758dbde9a win: Save contents of PEB to minidump to start making !peb work 
This makes the basics of !peb work in windbg, however, pointed-to things
are not yet retrieved. For full functionality, a variety of pointers in
the PEB also needs to be walked and captured.

e.g.

Previously:

0:000> .ecxr
eax=00000007 ebx=7e383000 ecx=c3f9a943 edx=00000000 esi=006d62d0 edi=003c9280
eip=00384828 esp=005bf634 ebp=005bf638 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
crashy_program!crashpad::`anonymous namespace'::SomeCrashyFunction+0x28:
00384828 c7002a000000    mov     dword ptr [eax],2Ah  ds:002b:00000007=????????
0:000> !peb
PEB at 7e383000
error 1 InitTypeRead( nt!_PEB at 7e383000)...

Now:

0:000> .ecxr
eax=00000007 ebx=7f958000 ecx=02102f4d edx=00000000 esi=00e162d0 edi=01389280
eip=01344828 esp=00c2fb64 ebp=00c2fb68 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
crashy_program!crashpad::`anonymous namespace'::SomeCrashyFunction+0x28:
01344828 c7002a000000    mov     dword ptr [eax],2Ah  ds:002b:00000007=????????
0:000> !peb
PEB at 7f958000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         01340000
    Ldr                       77ec8b40
    *** unable to read Ldr table at 77ec8b40
    SubSystemData:     00000000
    ProcessHeap:       00e10000
    ProcessParameters: 00e114e0
    CurrentDirectory:  '< Name not readable >'
    WindowTitle:  '< Name not readable >'
    ImageFile:    '< Name not readable >'
    CommandLine:  '< Name not readable >'
    DllPath:      '< Name not readable >'
    Environment:  00000000
       Unable to read Environment string.

R=mark@chromium.org
BUG=crashpad:46

Review URL: https://codereview.chromium.org/1364053002 .
2015-09-25 10:31:02 -07:00

178 lines
7.8 KiB
C++
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

// Copyright 2014 The Crashpad Authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef CRASHPAD_SNAPSHOT_PROCESS_SNAPSHOT_H_
#define CRASHPAD_SNAPSHOT_PROCESS_SNAPSHOT_H_
#include <sys/time.h>
#include <sys/types.h>
#include <map>
#include <string>
#include <vector>
#include "util/misc/uuid.h"
namespace crashpad {
class ExceptionSnapshot;
class MemorySnapshot;
class ModuleSnapshot;
class SystemSnapshot;
class ThreadSnapshot;
//! \brief An abstract interface to a snapshot representing the state of a
//! process.
//!
//! This is the top-level object in a family of Snapshot objects, because it
//! gives access to a SystemSnapshot, vectors of ModuleSnapshot and
//! ThreadSnapshot objects, and possibly an ExceptionSnapshot. In turn,
//! ThreadSnapshot and ExceptionSnapshot objects both give access to CPUContext
//! objects, and ThreadSnapshot objects also give access to MemorySnapshot
//! objects corresponding to thread stacks.
class ProcessSnapshot {
public:
virtual ~ProcessSnapshot() {}
//! \brief Returns the snapshot process process ID.
virtual pid_t ProcessID() const = 0;
//! \brief Returns the snapshot process parent process process ID.
virtual pid_t ParentProcessID() const = 0;
//! \brief Returns the time that the snapshot was taken in \a snapshot_time.
//!
//! \param[out] snapshot_time The time that the snapshot was taken. This is
//! distinct from the time that a ProcessSnapshot object was created or
//! initialized, although it may be that time for ProcessSnapshot objects
//! representing live or recently-crashed process state.
virtual void SnapshotTime(timeval* snapshot_time) const = 0;
//! \brief Returns the time that the snapshot process was started in \a
//! start_time.
//!
//! Normally, process uptime in wall clock time can be computed as
//! SnapshotTime() ProcessStartTime(), but this cannot be guaranteed in
//! cases where the real-time clock has been set during the snapshot process
//! lifetime.
//!
//! \param[out] start_time The time that the process was started.
virtual void ProcessStartTime(timeval* start_time) const = 0;
//! \brief Returns the snapshot process CPU usage times in \a user_time and
//! \a system_time.
//!
//! \param[out] user_time The time that the process has spent executing in
//! user mode.
//! \param[out] system_time The time that the process has spent executing in
//! system (kernel) mode.
virtual void ProcessCPUTimes(timeval* user_time,
timeval* system_time) const = 0;
//! \brief Returns a %UUID identifying the event that the snapshot describes.
//!
//! This provides a stable identifier for a crash even as the report is
//! converted to different formats, provided that all formats support storing
//! a crash report ID. When a report is originally created, a report ID should
//! be assigned. From that point on, any operations involving the same report
//! should preserve the same report ID.
//!
//! If no identifier is available, this field will contain zeroes.
virtual void ReportID(UUID* client_id) const = 0;
//! \brief Returns a %UUID identifying the client that the snapshot
//! represents.
//!
//! Client identification is within the scope of the application, but it is
//! expected that the identifier will be unique for an instance of Crashpad
//! monitoring an application or set of applications for a user. The
//! identifier shall remain stable over time.
//!
//! If no identifier is available, this field will contain zeroes.
virtual void ClientID(UUID* client_id) const = 0;
//! \brief Returns key-value string annotations recorded for the process,
//! system, or snapshot producer.
//!
//! This method retrieves annotations recorded for a process. These
//! annotations are intended for diagnostic use, including crash analysis.
//! “Simple annotations” are structured as a sequence of key-value pairs,
//! where all keys and values are strings. These are referred to in Chrome as
//! “crash keys.”
//!
//! Annotations stored here may reflect the process, system, or snapshot
//! producer. Most annotations not under the clients direct control will be
//! retrievable by this method. For clients such as Chrome, this includes the
//! product name and version.
//!
//! Additional per-module annotations may be obtained by calling
//! ModuleSnapshot::AnnotationsSimpleMap().
//
// This interface currently returns a const& because all implementations store
// the data within their objects in this format, and are therefore able to
// provide this access without requiring a copy. Future implementations may
// obtain data on demand or store data in a different format, at which point
// the cost of maintaining this data in ProcessSnapshot subclass objects will
// need to be taken into account, and this interface possibly revised.
virtual const std::map<std::string, std::string>& AnnotationsSimpleMap()
const = 0;
//! \brief Returns a SystemSnapshot reflecting the characteristics of the
//! system that ran the snapshot process at the time of the snapshot.
//!
//! \return A SystemSnapshot object. The caller does not take ownership of
//! this object, it is scoped to the lifetime of the ProcessSnapshot
//! object that it was obtained from.
virtual const SystemSnapshot* System() const = 0;
//! \brief Returns ModuleSnapshot objects reflecting the code modules (binary
//! images) loaded into the snapshot process at the time of the snapshot.
//!
//! \return A vector of ModuleSnapshot objects. The caller does not take
//! ownership of these objects, they are scoped to the lifetime of the
//! ProcessSnapshot object that they were obtained from.
virtual std::vector<const ModuleSnapshot*> Modules() const = 0;
//! \brief Returns ThreadSnapshot objects reflecting the threads (lightweight
//! processes) existing in the snapshot process at the time of the
//! snapshot.
//!
//! \return A vector of ThreadSnapshot objects. The caller does not take
//! ownership of these objects, they are scoped to the lifetime of the
//! ProcessSnapshot object that they were obtained from.
virtual std::vector<const ThreadSnapshot*> Threads() const = 0;
//! \brief Returns an ExceptionSnapshot reflecting the exception that the
//! snapshot process sustained to trigger the snapshot being taken.
//!
//! \return An ExceptionSnapshot object. The caller does not take ownership of
//! this object, it is scoped to the lifetime of the ProcessSnapshot
//! object that it was obtained from. If the snapshot is not a result of
//! an exception, returns `nullptr`.
virtual const ExceptionSnapshot* Exception() const = 0;
//! \brief Returns a vector of additional memory blocks that should be
//! included in a minidump.
//!
//! \return An vector of MemorySnapshot objects that will be included in the
//! crash dump. The caller does not take ownership of these objects, they
//! are scoped to the lifetime of the ProcessSnapshot object that they
//! were obtained from.
virtual std::vector<const MemorySnapshot*> ExtraMemory() const = 0;
};
} // namespace crashpad
#endif // CRASHPAD_SNAPSHOT_PROCESS_SNAPSHOT_H_
Reference in New Issue View Git Blame Copy Permalink