mirror of
https://github.com/chromium/crashpad.git
synced 2024-12-27 15:32:10 +08:00
981d4189aa
Bug: crashpad: 326459659,326458942,326459376,326459390,326459417,326458979,326459333,326459016,326458338,326458738,326459156,326459512,326458694 Change-Id: I04724530cbef50a8d3c18f306d16c0bbf3b0815b Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/5512394 Reviewed-by: Mark Mentovai <mark@chromium.org> Commit-Queue: Arthur Wang <wuwang@chromium.org>
448 lines
15 KiB
C++
448 lines
15 KiB
C++
// Copyright 2015 The Crashpad Authors
|
||
//
|
||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||
// you may not use this file except in compliance with the License.
|
||
// You may obtain a copy of the License at
|
||
//
|
||
// http://www.apache.org/licenses/LICENSE-2.0
|
||
//
|
||
// Unless required by applicable law or agreed to in writing, software
|
||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||
// See the License for the specific language governing permissions and
|
||
// limitations under the License.
|
||
|
||
#include "snapshot/win/pe_image_reader.h"
|
||
|
||
#include <stddef.h>
|
||
#include <string.h>
|
||
|
||
#include <algorithm>
|
||
#include <iterator>
|
||
|
||
#include "base/containers/heap_array.h"
|
||
#include "base/logging.h"
|
||
#include "base/strings/stringprintf.h"
|
||
#include "client/crashpad_info.h"
|
||
#include "snapshot/win/pe_image_resource_reader.h"
|
||
#include "util/misc/from_pointer_cast.h"
|
||
#include "util/misc/pdb_structures.h"
|
||
#include "util/win/process_structs.h"
|
||
|
||
namespace crashpad {
|
||
|
||
namespace {
|
||
|
||
// Map from Traits to an IMAGE_NT_HEADERSxx.
|
||
template <class Traits>
|
||
struct NtHeadersForTraits;
|
||
|
||
template <>
|
||
struct NtHeadersForTraits<process_types::internal::Traits32> {
|
||
using type = IMAGE_NT_HEADERS32;
|
||
};
|
||
|
||
template <>
|
||
struct NtHeadersForTraits<process_types::internal::Traits64> {
|
||
using type = IMAGE_NT_HEADERS64;
|
||
};
|
||
|
||
} // namespace
|
||
|
||
PEImageReader::PEImageReader()
|
||
: module_subrange_reader_(),
|
||
initialized_() {
|
||
}
|
||
|
||
PEImageReader::~PEImageReader() {
|
||
}
|
||
|
||
bool PEImageReader::Initialize(ProcessReaderWin* process_reader,
|
||
WinVMAddress address,
|
||
WinVMSize size,
|
||
const std::string& module_name) {
|
||
INITIALIZATION_STATE_SET_INITIALIZING(initialized_);
|
||
|
||
if (!module_subrange_reader_.Initialize(
|
||
process_reader, address, size, module_name)) {
|
||
return false;
|
||
}
|
||
|
||
INITIALIZATION_STATE_SET_VALID(initialized_);
|
||
return true;
|
||
}
|
||
|
||
bool PEImageReader::GetCrashpadInfoSection(WinVMAddress* address,
|
||
WinVMSize* size) const {
|
||
INITIALIZATION_STATE_DCHECK_VALID(initialized_);
|
||
if (module_subrange_reader_.Is64Bit()) {
|
||
return GetCrashpadInfoSectionInternal<process_types::internal::Traits64>(
|
||
address, size);
|
||
} else {
|
||
return GetCrashpadInfoSectionInternal<process_types::internal::Traits32>(
|
||
address, size);
|
||
}
|
||
}
|
||
|
||
template <class Traits>
|
||
bool PEImageReader::GetCrashpadInfo(
|
||
process_types::CrashpadInfo<Traits>* crashpad_info) const {
|
||
INITIALIZATION_STATE_DCHECK_VALID(initialized_);
|
||
|
||
IMAGE_SECTION_HEADER section;
|
||
if (!GetSectionByName<typename NtHeadersForTraits<Traits>::type>("CPADinfo",
|
||
§ion)) {
|
||
return false;
|
||
}
|
||
|
||
if (section.Misc.VirtualSize <
|
||
offsetof(process_types::CrashpadInfo<Traits>, size) +
|
||
sizeof(crashpad_info->size)) {
|
||
LOG(WARNING) << "small crashpad info section size "
|
||
<< section.Misc.VirtualSize << ", "
|
||
<< module_subrange_reader_.name();
|
||
return false;
|
||
}
|
||
|
||
const WinVMAddress crashpad_info_address = Address() + section.VirtualAddress;
|
||
const WinVMSize crashpad_info_size =
|
||
std::min(static_cast<WinVMSize>(sizeof(*crashpad_info)),
|
||
static_cast<WinVMSize>(section.Misc.VirtualSize));
|
||
if (!module_subrange_reader_.ReadMemory(
|
||
crashpad_info_address, crashpad_info_size, crashpad_info)) {
|
||
LOG(WARNING) << "could not read crashpad info from "
|
||
<< module_subrange_reader_.name();
|
||
return false;
|
||
}
|
||
|
||
if (crashpad_info->size < sizeof(*crashpad_info)) {
|
||
// Zero out anything beyond the structure’s declared size.
|
||
memset(reinterpret_cast<char*>(crashpad_info) + crashpad_info->size,
|
||
0,
|
||
sizeof(*crashpad_info) - crashpad_info->size);
|
||
}
|
||
|
||
if (crashpad_info->signature != CrashpadInfo::kSignature ||
|
||
crashpad_info->version != 1) {
|
||
LOG(WARNING) << base::StringPrintf(
|
||
"unexpected crashpad info signature 0x%x, version %u in %s",
|
||
crashpad_info->signature,
|
||
crashpad_info->version,
|
||
module_subrange_reader_.name().c_str());
|
||
return false;
|
||
}
|
||
|
||
// Don’t require strict equality, to leave wiggle room for sloppy linkers.
|
||
if (crashpad_info->size > section.Misc.VirtualSize) {
|
||
LOG(WARNING) << "crashpad info struct size " << crashpad_info->size
|
||
<< " large for section size " << section.Misc.VirtualSize
|
||
<< " in " << module_subrange_reader_.name();
|
||
return false;
|
||
}
|
||
|
||
if (crashpad_info->size > sizeof(*crashpad_info)) {
|
||
// This isn’t strictly a problem, because unknown fields will simply be
|
||
// ignored, but it may be of diagnostic interest.
|
||
LOG(INFO) << "large crashpad info size " << crashpad_info->size << ", "
|
||
<< module_subrange_reader_.name();
|
||
}
|
||
|
||
return true;
|
||
}
|
||
|
||
bool PEImageReader::DebugDirectoryInformation(UUID* uuid,
|
||
DWORD* age,
|
||
std::string* pdbname) const {
|
||
INITIALIZATION_STATE_DCHECK_VALID(initialized_);
|
||
|
||
IMAGE_DATA_DIRECTORY data_directory;
|
||
if (!ImageDataDirectoryEntry(IMAGE_DIRECTORY_ENTRY_DEBUG, &data_directory))
|
||
return false;
|
||
|
||
IMAGE_DEBUG_DIRECTORY debug_directory;
|
||
if (data_directory.Size % sizeof(debug_directory) != 0)
|
||
return false;
|
||
for (size_t offset = 0; offset < data_directory.Size;
|
||
offset += sizeof(debug_directory)) {
|
||
if (!module_subrange_reader_.ReadMemory(
|
||
Address() + data_directory.VirtualAddress + offset,
|
||
sizeof(debug_directory),
|
||
&debug_directory)) {
|
||
LOG(WARNING) << "could not read data directory from "
|
||
<< module_subrange_reader_.name();
|
||
return false;
|
||
}
|
||
|
||
if (debug_directory.Type != IMAGE_DEBUG_TYPE_CODEVIEW)
|
||
continue;
|
||
|
||
if (debug_directory.AddressOfRawData) {
|
||
if (debug_directory.SizeOfData < sizeof(CodeViewRecordPDB70)) {
|
||
LOG(WARNING) << "CodeView debug entry of unexpected size in "
|
||
<< module_subrange_reader_.name();
|
||
continue;
|
||
}
|
||
|
||
auto data = base::HeapArray<char>::Uninit(debug_directory.SizeOfData);
|
||
if (!module_subrange_reader_.ReadMemory(
|
||
Address() + debug_directory.AddressOfRawData,
|
||
data.size(),
|
||
data.data())) {
|
||
LOG(WARNING) << "could not read debug directory from "
|
||
<< module_subrange_reader_.name();
|
||
return false;
|
||
}
|
||
|
||
if (*reinterpret_cast<DWORD*>(data.data()) !=
|
||
CodeViewRecordPDB70::kSignature) {
|
||
LOG(WARNING) << "encountered non-7.0 CodeView debug record in "
|
||
<< module_subrange_reader_.name();
|
||
continue;
|
||
}
|
||
|
||
CodeViewRecordPDB70* codeview =
|
||
reinterpret_cast<CodeViewRecordPDB70*>(data.data());
|
||
*uuid = codeview->uuid;
|
||
*age = codeview->age;
|
||
// This is a NUL-terminated string encoded in the codepage of the system
|
||
// where the binary was linked. We have no idea what that was, so we just
|
||
// assume ASCII.
|
||
*pdbname = std::string(reinterpret_cast<char*>(&codeview->pdb_name[0]));
|
||
return true;
|
||
} else if (debug_directory.PointerToRawData) {
|
||
// This occurs for non-PDB based debug information. We simply ignore these
|
||
// as we don't expect to encounter modules that will be in this format
|
||
// for which we'll actually have symbols. See
|
||
// https://crashpad.chromium.org/bug/47.
|
||
}
|
||
}
|
||
|
||
return false;
|
||
}
|
||
|
||
bool PEImageReader::VSFixedFileInfo(
|
||
VS_FIXEDFILEINFO* vs_fixed_file_info) const {
|
||
INITIALIZATION_STATE_DCHECK_VALID(initialized_);
|
||
|
||
IMAGE_DATA_DIRECTORY data_directory;
|
||
if (!ImageDataDirectoryEntry(IMAGE_DIRECTORY_ENTRY_RESOURCE,
|
||
&data_directory)) {
|
||
return false;
|
||
}
|
||
|
||
PEImageResourceReader resource_reader;
|
||
if (!resource_reader.Initialize(module_subrange_reader_, data_directory)) {
|
||
return false;
|
||
}
|
||
|
||
WinVMAddress address;
|
||
WinVMSize size;
|
||
if (!resource_reader.FindResourceByID(
|
||
FromPointerCast<uint16_t>(VS_FILE_INFO), // RT_VERSION
|
||
VS_VERSION_INFO,
|
||
MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL),
|
||
&address,
|
||
&size,
|
||
nullptr)) {
|
||
return false;
|
||
}
|
||
|
||
// This structure is not declared anywhere in the SDK, but is documented at
|
||
// https://msdn.microsoft.com/library/ms647001.aspx.
|
||
struct VS_VERSIONINFO {
|
||
WORD wLength;
|
||
WORD wValueLength;
|
||
WORD wType;
|
||
|
||
// The structure documentation on MSDN doesn’t show the [16], but it does
|
||
// say that it’s supposed to be L"VS_VERSION_INFO", which is is in fact a
|
||
// 16-character string (including its NUL terminator).
|
||
WCHAR szKey[16];
|
||
|
||
WORD Padding1;
|
||
VS_FIXEDFILEINFO Value;
|
||
|
||
// Don’t include Children or the Padding2 that precedes it, because they may
|
||
// not be present.
|
||
// WORD Padding2;
|
||
// WORD Children;
|
||
};
|
||
VS_VERSIONINFO version_info;
|
||
|
||
if (size < sizeof(version_info)) {
|
||
LOG(WARNING) << "version info size " << size
|
||
<< " too small for structure of size " << sizeof(version_info)
|
||
<< " in " << module_subrange_reader_.name();
|
||
return false;
|
||
}
|
||
|
||
if (!module_subrange_reader_.ReadMemory(
|
||
address, sizeof(version_info), &version_info)) {
|
||
LOG(WARNING) << "could not read version info from "
|
||
<< module_subrange_reader_.name();
|
||
return false;
|
||
}
|
||
|
||
if (version_info.wLength < sizeof(version_info) ||
|
||
version_info.wValueLength != sizeof(version_info.Value) ||
|
||
version_info.wType != 0 ||
|
||
wcsncmp(version_info.szKey,
|
||
L"VS_VERSION_INFO",
|
||
std::size(version_info.szKey)) != 0) {
|
||
LOG(WARNING) << "unexpected VS_VERSIONINFO in "
|
||
<< module_subrange_reader_.name();
|
||
return false;
|
||
}
|
||
|
||
if (version_info.Value.dwSignature != VS_FFI_SIGNATURE ||
|
||
version_info.Value.dwStrucVersion != VS_FFI_STRUCVERSION) {
|
||
LOG(WARNING) << "unexpected VS_FIXEDFILEINFO in "
|
||
<< module_subrange_reader_.name();
|
||
return false;
|
||
}
|
||
|
||
*vs_fixed_file_info = version_info.Value;
|
||
vs_fixed_file_info->dwFileFlags &= vs_fixed_file_info->dwFileFlagsMask;
|
||
return true;
|
||
}
|
||
|
||
template <class Traits>
|
||
bool PEImageReader::GetCrashpadInfoSectionInternal(WinVMAddress* address,
|
||
WinVMSize* size) const {
|
||
IMAGE_SECTION_HEADER section;
|
||
if (!GetSectionByName<typename NtHeadersForTraits<Traits>::type>("CPADinfo",
|
||
§ion)) {
|
||
return false;
|
||
}
|
||
|
||
process_types::CrashpadInfo<Traits> crashpad_info;
|
||
if (section.Misc.VirtualSize <
|
||
offsetof(process_types::CrashpadInfo<Traits>, size) +
|
||
sizeof(crashpad_info.size)) {
|
||
LOG(WARNING) << "small crashpad info section size "
|
||
<< section.Misc.VirtualSize << ", "
|
||
<< module_subrange_reader_.name();
|
||
return false;
|
||
}
|
||
|
||
*address = Address() + section.VirtualAddress;
|
||
*size = std::min<WinVMSize>(sizeof(crashpad_info), section.Misc.VirtualSize);
|
||
|
||
return true;
|
||
}
|
||
|
||
template <class NtHeadersType>
|
||
bool PEImageReader::ReadNtHeaders(NtHeadersType* nt_headers,
|
||
WinVMAddress* nt_headers_address) const {
|
||
IMAGE_DOS_HEADER dos_header;
|
||
if (!module_subrange_reader_.ReadMemory(
|
||
Address(), sizeof(IMAGE_DOS_HEADER), &dos_header)) {
|
||
LOG(WARNING) << "could not read dos header from "
|
||
<< module_subrange_reader_.name();
|
||
return false;
|
||
}
|
||
|
||
if (dos_header.e_magic != IMAGE_DOS_SIGNATURE) {
|
||
LOG(WARNING) << "invalid e_magic in dos header of "
|
||
<< module_subrange_reader_.name();
|
||
return false;
|
||
}
|
||
|
||
WinVMAddress local_nt_headers_address = Address() + dos_header.e_lfanew;
|
||
if (!module_subrange_reader_.ReadMemory(
|
||
local_nt_headers_address, sizeof(NtHeadersType), nt_headers)) {
|
||
LOG(WARNING) << "could not read nt headers from "
|
||
<< module_subrange_reader_.name();
|
||
return false;
|
||
}
|
||
|
||
if (nt_headers->Signature != IMAGE_NT_SIGNATURE) {
|
||
LOG(WARNING) << "invalid signature in nt headers of "
|
||
<< module_subrange_reader_.name();
|
||
return false;
|
||
}
|
||
|
||
if (nt_headers_address)
|
||
*nt_headers_address = local_nt_headers_address;
|
||
|
||
return true;
|
||
}
|
||
|
||
template <class NtHeadersType>
|
||
bool PEImageReader::GetSectionByName(const std::string& name,
|
||
IMAGE_SECTION_HEADER* section) const {
|
||
if (name.size() > sizeof(section->Name)) {
|
||
LOG(WARNING) << "supplied section name too long " << name;
|
||
return false;
|
||
}
|
||
|
||
NtHeadersType nt_headers;
|
||
WinVMAddress nt_headers_address;
|
||
if (!ReadNtHeaders(&nt_headers, &nt_headers_address))
|
||
return false;
|
||
|
||
WinVMAddress first_section_address =
|
||
nt_headers_address + offsetof(NtHeadersType, OptionalHeader) +
|
||
nt_headers.FileHeader.SizeOfOptionalHeader;
|
||
for (DWORD i = 0; i < nt_headers.FileHeader.NumberOfSections; ++i) {
|
||
WinVMAddress section_address =
|
||
first_section_address + sizeof(IMAGE_SECTION_HEADER) * i;
|
||
if (!module_subrange_reader_.ReadMemory(
|
||
section_address, sizeof(IMAGE_SECTION_HEADER), section)) {
|
||
LOG(WARNING) << "could not read section " << i << " from "
|
||
<< module_subrange_reader_.name();
|
||
return false;
|
||
}
|
||
if (strncmp(reinterpret_cast<const char*>(section->Name),
|
||
name.c_str(),
|
||
sizeof(section->Name)) == 0) {
|
||
return true;
|
||
}
|
||
}
|
||
|
||
return false;
|
||
}
|
||
|
||
bool PEImageReader::ImageDataDirectoryEntry(size_t index,
|
||
IMAGE_DATA_DIRECTORY* entry) const {
|
||
bool rv;
|
||
if (module_subrange_reader_.Is64Bit()) {
|
||
rv = ImageDataDirectoryEntryT<IMAGE_NT_HEADERS64>(index, entry);
|
||
} else {
|
||
rv = ImageDataDirectoryEntryT<IMAGE_NT_HEADERS32>(index, entry);
|
||
}
|
||
|
||
return rv && entry->VirtualAddress != 0 && entry->Size != 0;
|
||
}
|
||
|
||
template <class NtHeadersType>
|
||
bool PEImageReader::ImageDataDirectoryEntryT(
|
||
size_t index,
|
||
IMAGE_DATA_DIRECTORY* entry) const {
|
||
NtHeadersType nt_headers;
|
||
if (!ReadNtHeaders(&nt_headers, nullptr)) {
|
||
return false;
|
||
}
|
||
|
||
if (nt_headers.FileHeader.SizeOfOptionalHeader <
|
||
offsetof(decltype(nt_headers.OptionalHeader), DataDirectory[index]) +
|
||
sizeof(nt_headers.OptionalHeader.DataDirectory[index]) ||
|
||
nt_headers.OptionalHeader.NumberOfRvaAndSizes <= index) {
|
||
return false;
|
||
}
|
||
|
||
*entry = nt_headers.OptionalHeader.DataDirectory[index];
|
||
return true;
|
||
}
|
||
|
||
// Explicit instantiations with the only 2 valid template arguments to avoid
|
||
// putting the body of the function in the header.
|
||
template bool PEImageReader::GetCrashpadInfo<process_types::internal::Traits32>(
|
||
process_types::CrashpadInfo<process_types::internal::Traits32>*
|
||
crashpad_info) const;
|
||
template bool PEImageReader::GetCrashpadInfo<process_types::internal::Traits64>(
|
||
process_types::CrashpadInfo<process_types::internal::Traits64>*
|
||
crashpad_info) const;
|
||
|
||
} // namespace crashpad
|