Magic-Mirror/radare2
1
0
Fork 0
mirror of https://github.com/radareorg/radare2.git synced 2024-10-07 18:43:45 +00:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity

Storing thread entrypoint

Browse Source
This commit is contained in:
scrapbird 2018-06-27 00:06:19 +12:00 committed by radare
parent c3ec296214
commit 518f980f66
4 changed files with 30 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
libr/debug/p/debug_windbg.c
View File

@ -202,7 +202,7 @@ static int r_debug_windbg_select(int pid, int tid) {
static RList *r_debug_windbg_threads(RDebug *dbg, int pid) {
RListIter *it;
RDebugPid *p;
WindThread *t;
RList *ret = r_list_newf (free);
if (!ret) {
@ -214,15 +214,15 @@ static RList *r_debug_windbg_threads(RDebug *dbg, int pid) {
return NULL;
}
r_list_foreach (threads, it, p) {
r_list_foreach (threads, it, t) {
RDebugPid *newpid = R_NEW0 (RDebugPid);
if (!newpid) {
r_list_free (ret);
return NULL;
}
newpid->pid = p->pid;
newpid->status = p->status;
newpid->runnable = p->runnable;
newpid->pid = t->uniqueid;
newpid->status = t->status;
newpid->runnable = t->runnable;
r_list_append (ret, newpid);
}

38
shlr/windbg/profiles.h
View File

@ -1,76 +1,76 @@
Profile XP_SP2_X86 = {
2600, 2, 32, 1,
{ 0x0088,0x0084,0x01b0,0x0174,0x011c,0x0190,0x0018,0x0008,0x0010,0x0038,0x0000,0x022c,0x0224,0x01ec,0x0004 },
{ 0x0088,0x0084,0x01b0,0x0174,0x011c,0x0190,0x0018,0x0008,0x0010,0x0038,0x0000,0x022c,0x0228,0x01ec,0x0004 },
};
Profile XP_SP3_X86 = {
2600, 3, 32, 1,
{ 0x0088,0x0084,0x01b0,0x0174,0x011c,0x0190,0x0018,0x0008,0x0010,0x0038,0x0000,0x022c,0x0224,0x01ec,0x0004 },
{ 0x0088,0x0084,0x01b0,0x0174,0x011c,0x0190,0x0018,0x0008,0x0010,0x0038,0x0000,0x022c,0x0228,0x01ec,0x0004 },
};
Profile WIN7_SP0_X86 = {
7601, 0, 32, 0,
{ 0x00b8,0x00b4,0x01a8,0x016c,0x0278,0x0188,0x0018,0x0008,0x0010,0x0038,0x0000,0x0268,0x0218,0x022c,0x0004 },
{ 0x00b8,0x00b4,0x01a8,0x016c,0x0278,0x0188,0x0018,0x0008,0x0010,0x0038,0x0000,0x0268,0x0260,0x022c,0x0004 },
};
Profile WIN7_SP1_X86 = {
7601, 1, 32, 0,
{ 0x00b8,0x00b4,0x01a8,0x016c,0x0278,0x0188,0x0018,0x0008,0x0010,0x0038,0x0000,0x0268,0x0218,0x022c,0x0004 },
{ 0x00b8,0x00b4,0x01a8,0x016c,0x0278,0x0188,0x0018,0x0008,0x0010,0x0038,0x0000,0x0268,0x0260,0x022c,0x0004 },
};
Profile WIN7_SP0_X64 = {
7601, 0, 64, 0,
{ 0x0188,0x0180,0x0338,0x02e0,0x0448,0x0308,0x0028,0x0010,0x0020,0x0060,0x0000,0x0420,0x0388,0x03b0,0x0008 },
{ 0x0188,0x0180,0x0338,0x02e0,0x0448,0x0308,0x0028,0x0010,0x0020,0x0060,0x0000,0x0420,0x0410,0x03b0,0x0008 },
};
Profile WIN7_SP1_X64 = {
7601, 1, 64, 0,
{ 0x0188,0x0180,0x0338,0x02e0,0x0448,0x0308,0x0028,0x0010,0x0020,0x0060,0x0000,0x0420,0x0388,0x03b0,0x0008 },
{ 0x0188,0x0180,0x0338,0x02e0,0x0448,0x0308,0x0028,0x0010,0x0020,0x0060,0x0000,0x0420,0x0410,0x03b0,0x0008 },
};
Profile WIN10_RS1_X64 = { // Windows 10 (Anniversary Update)
14393, 0, 64, 0,
{ 0x02f0,0x02e8,0x03f8,0x0450,0x0620,0x0488,0x0028,0x0010,0x0020,0x0060,0x0000,0x0698,0x0608,0x0630,0x0008 },
{ 0x02f0,0x02e8,0x03f8,0x0450,0x0620,0x0488,0x0028,0x0010,0x0020,0x0060,0x0000,0x0698,0x0688,0x0630,0x0008 },
};
Profile WIN10_RS4_X64 = { // Windows 10 (April 2018 Update)
17134, 0, 64, 0,
{ 0x02e8,0x02e0,0x03f8,0x0450,0x0628,0x0488,0x0028,0x0010,0x0020,0x0060,0x0000,0x06a8,0x0610,0x0638,0x0008 },
{ 0x02e8,0x02e0,0x03f8,0x0450,0x0628,0x0488,0x0028,0x0010,0x0020,0x0060,0x0000,0x06a8,0x0690,0x0638,0x0008 },
};
Profile VISTA_SP0_X86 = {
6000, 0, 32, 0,
{ 0x00a0,0x009c,0x0188,0x014c,0x0238,0x0168,0x0018,0x0008,0x0010,0x0038,0x0000,0x0248,0x01f8,0x020c,0x0004 },
{ 0x00a0,0x009c,0x0188,0x014c,0x0238,0x0168,0x0018,0x0008,0x0010,0x0038,0x0000,0x0248,0x0240,0x020c,0x0004 },
};
Profile VISTA_SP0_X64 = {
6000, 0, 64, 0,
{ 0x00e8,0x00e0,0x0290,0x0238,0x0380,0x0260,0x0028,0x0010,0x0020,0x0060,0x0000,0x03f0,0x0358,0x0380,0x0008 },
{ 0x00e8,0x00e0,0x0290,0x0238,0x0380,0x0260,0x0028,0x0010,0x0020,0x0060,0x0000,0x03f0,0x03e0,0x0380,0x0008 },
};
Profile VISTA_SP1_X86 = {
6000, 1, 32, 0,
{ 0x00a0,0x009c,0x0188,0x014c,0x0238,0x0168,0x0018,0x0008,0x0010,0x0038,0x0000,0x0248,0x01f8,0x020c,0x0004 },
{ 0x00a0,0x009c,0x0188,0x014c,0x0238,0x0168,0x0018,0x0008,0x0010,0x0038,0x0000,0x0248,0x0240,0x020c,0x0004 },
};
Profile VISTA_SP1_X64 = {
6000, 1, 64, 0,
{ 0x00e8,0x00e0,0x0290,0x0238,0x0380,0x0260,0x0028,0x0010,0x0020,0x0060,0x0000,0x03f0,0x0358,0x0380,0x0008 },
{ 0x00e8,0x00e0,0x0290,0x0238,0x0380,0x0260,0x0028,0x0010,0x0020,0x0060,0x0000,0x03f0,0x03e0,0x0380,0x0008 },
};
Profile VISTA_SP2_X86 = {
6002, 2, 32, 0,
{ 0x00a0,0x009c,0x0188,0x014c,0x0238,0x0168,0x0018,0x0008,0x0010,0x0038,0x0000,0x0248,0x01f8,0x020c,0x0004 },
{ 0x00a0,0x009c,0x0188,0x014c,0x0238,0x0168,0x0018,0x0008,0x0010,0x0038,0x0000,0x0248,0x0240,0x020c,0x0004 },
};
Profile VISTA_SP2_X64 = {
6002, 2, 64, 0,
{ 0x00e8,0x00e0,0x0290,0x0238,0x0380,0x0260,0x0028,0x0010,0x0020,0x0060,0x0000,0x03f0,0x0358,0x0380,0x0008 },
{ 0x00e8,0x00e0,0x0290,0x0238,0x0380,0x0260,0x0028,0x0010,0x0020,0x0060,0x0000,0x03f0,0x03e0,0x0380,0x0008 },
};
Profile WIN2003_SP0_X86 = {
3790, 0, 32, 0,
{ 0x0088,0x0084,0x0190,0x0154,0x0258,0x0170,0x0018,0x0008,0x0010,0x0038,0x0000,0x0234,0x022c,0x01f4,0x0004 },
{ 0x0088,0x0084,0x0190,0x0154,0x0258,0x0170,0x0018,0x0008,0x0010,0x0038,0x0000,0x0234,0x0230,0x01f4,0x0004 },
};
Profile WIN2003_SP1_X86 = {
3790, 1, 32, 0,
{ 0x0098,0x0094,0x01a0,0x0164,0x0250,0x0180,0x0018,0x0008,0x0010,0x0038,0x0000,0x0224,0x021c,0x01e4,0x0004 },
{ 0x0098,0x0094,0x01a0,0x0164,0x0250,0x0180,0x0018,0x0008,0x0010,0x0038,0x0000,0x0224,0x0220,0x01e4,0x0004 },
};
Profile WIN2003_SP1_X64 = {
3790, 1, 64, 0,
{ 0x00e0,0x00d8,0x02c0,0x0268,0x0398,0x0290,0x0028,0x0010,0x0020,0x0060,0x0000,0x03e8,0x03d8,0x0370,0x0008 },
{ 0x00e0,0x00d8,0x02c0,0x0268,0x0398,0x0290,0x0028,0x0010,0x0020,0x0060,0x0000,0x03e8,0x03e0,0x0370,0x0008 },
};
Profile WIN2003_SP2_X86 = {
3790, 2, 32, 0,
{ 0x0098,0x0094,0x01a0,0x0164,0x0250,0x0180,0x0018,0x0008,0x0010,0x0038,0x0000,0x0224,0x021c,0x01e4,0x0004 },
{ 0x0098,0x0094,0x01a0,0x0164,0x0250,0x0180,0x0018,0x0008,0x0010,0x0038,0x0000,0x0224,0x0220,0x01e4,0x0004 },
};
Profile WIN2003_SP2_X64 = {
3790, 2, 64, 0,
{ 0x00e0,0x00d8,0x02c0,0x0268,0x0398,0x0290,0x0028,0x0010,0x0020,0x0060,0x0000,0x03d0,0x03c0,0x0358,0x0008 },
{ 0x00e0,0x00d8,0x02c0,0x0268,0x0398,0x0290,0x0028,0x0010,0x0020,0x0060,0x0000,0x03d0,0x03c8,0x0358,0x0008 },
};

4
shlr/windbg/windbg.c
View File

@ -415,6 +415,9 @@ RList *windbg_list_threads(WindCtx *ctx) {
// Adjust the ptr so that it points to the ETHREAD base
ptr -= O_(ET_ThreadListEntry);
ut64 entrypoint = 0;
windbg_read_at (ctx, (uint8_t *) &entrypoint, ptr + O_(ET_Win32StartAddress), 4 << ctx->is_x64);
ut64 uniqueid = 0;
windbg_read_at (ctx, (uint8_t *) &uniqueid, ptr + O_(ET_Cid) + O_(C_UniqueThread), 4 << ctx->is_x64);
if (uniqueid) {
@ -423,6 +426,7 @@ RList *windbg_list_threads(WindCtx *ctx) {
thread->status = 's';
thread->runnable = true;
thread->ethread = ptr;
thread->entrypoint = entrypoint;
r_list_append (ret, thread);
}

3
shlr/windbg/windbg.h
View File

@ -35,6 +35,7 @@ typedef struct WindThread {
bool runnable;
char status;
ut64 ethread;
ut64 entrypoint;
} WindThread;
enum {
@ -56,7 +57,7 @@ enum {
R_ImagePathName, // RTL_USER_PROCESS_PARAMETERS
ET_Tcb, // ETHREAD
ET_ThreadListEntry, // ETHREAD
ET_StartAddress, // ETHREAD
ET_Win32StartAddress, // ETHREAD
ET_Cid, // ETHREAD
C_UniqueThread, // CLIENT_ID
O_Max,