Magic-Mirror/radare2
1
0
Fork 0
mirror of https://github.com/radareorg/radare2.git synced 2025-04-02 17:43:59 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Expose r_w32_ function APIs instead of global symbols ##windows

Browse Source 
* This fixes some long standing bugs related to linker problems
This commit is contained in:
pancake 2021-08-27 02:48:37 +02:00 committed by pancake
parent ba375f5702
commit fd8e97034b
10 changed files with 359 additions and 321 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
libr/debug/p/native/maps/windows_maps.c
View File

@ -79,10 +79,7 @@ R_API RList *r_w32_dbg_modules(RDebug *dbg) {
MODULEENTRY32 me;
RList *list = r_list_newf ((RListFree)r_debug_map_free);
DWORD flags = TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32;
if (!w32_CreateToolhelp32Snapshot) {
return NULL;
}
HANDLE h_mod_snap = w32_CreateToolhelp32Snapshot (flags, dbg->pid);
HANDLE h_mod_snap = CreateToolhelp32Snapshot (flags, dbg->pid);
if (h_mod_snap == INVALID_HANDLE_VALUE) {
// Suppress if process is still initializing
@ -221,21 +218,13 @@ static void proc_mem_img(HANDLE h_proc, RList *map_list, RList *mod_list, RWinMo
add_map_reg (map_list, mod->map->name, mbi);
}
} else {
if (!mod->map) {
add_map_reg (map_list, "", mbi);
} else {
add_map_reg (map_list, mod->map->name, mbi);
}
add_map_reg (map_list, mod->map? mod->map->name: "", mbi);
}
}
static void proc_mem_map(HANDLE h_proc, RList *map_list, MEMORY_BASIC_INFORMATION *mbi) {
TCHAR f_name[MAX_PATH + 1];
DWORD len = 0;
if (w32_GetMappedFileName) {
w32_GetMappedFileName (h_proc, mbi->BaseAddress, f_name, MAX_PATH);
}
DWORD len = r_w32_GetMappedFileName (h_proc, mbi->BaseAddress, f_name, MAX_PATH);
if (len > 0) {
char *f_name_ = r_sys_conv_win_to_utf8 (f_name);
add_map_reg (map_list, f_name_, mbi);

178
libr/debug/p/native/w32.c
View File

@ -37,16 +37,11 @@ static inline int w32_h2p(HANDLE h) {
}
int w32_first_thread(int pid) {
HANDLE th;
HANDLE thid;
THREADENTRY32 te32;
te32.dwSize = sizeof (THREADENTRY32);
if (!w32_OpenThread) {
eprintf("w32_thread_list: no w32_OpenThread?\n");
return -1;
}
th = CreateToolhelp32Snapshot (TH32CS_SNAPTHREAD, pid);
HANDLE th = CreateToolhelp32Snapshot (TH32CS_SNAPTHREAD, pid);
if (th == INVALID_HANDLE_VALUE) {
eprintf ("w32_thread_list: invalid handle\n");
return -1;
@ -59,7 +54,7 @@ int w32_first_thread(int pid) {
do {
/* get all threads of process */
if (te32.th32OwnerProcessID == pid) {
thid = w32_OpenThread (THREAD_ALL_ACCESS, 0, te32.th32ThreadID);
thid = OpenThread (THREAD_ALL_ACCESS, 0, te32.th32ThreadID);
if (!thid) {
r_sys_perror ("w32_first_thread/OpenThread");
goto err_load_th;
@ -147,7 +142,7 @@ static char *get_file_name_from_handle (HANDLE handle_file) {
}
/* Create a file mapping to get the file name. */
map = MapViewOfFile (handle_file_map, FILE_MAP_READ, 0, 0, 1);
if (!map || !w32_GetMappedFileName (GetCurrentProcess (), map, filename, MAX_PATH)) {
if (!map || !r_w32_GetMappedFileName (GetCurrentProcess (), map, filename, MAX_PATH)) {
goto err_get_file_name_from_handle;
}
TCHAR temp_buffer[512];
@ -264,7 +259,7 @@ static void r_debug_lstThreadAdd (DWORD pid, DWORD tid, HANDLE hThread, LPVOID
lstThreadPtr->hThread = hThread;
lstThreadPtr->lpThreadLocalBase = lpThreadLocalBase;
lstThreadPtr->lpStartAddress = lpStartAddress;
if (w32_NtQueryInformationThread && w32_NtQueryInformationThread (hThread, 0x9 /*ThreadQuerySetWin32StartAddress*/, &startAddress, sizeof (PVOID), NULL) == 0) {
if (!r_w32_NtQueryInformationThread (hThread, CONST_ThreadQuerySetWin32StartAddress, &startAddress, sizeof (PVOID), NULL)) {
lstThreadPtr->lpThreadEntryPoint = startAddress;
}
return;
@ -444,7 +439,7 @@ bool is_pe_hdr(unsigned char *pe_hdr) {
}
static HANDLE w32_open_thread(int pid, int tid) {
HANDLE thread = w32_OpenThread (THREAD_ALL_ACCESS, 0, tid);
HANDLE thread = OpenThread (THREAD_ALL_ACCESS, 0, tid);
if (thread == INVALID_HANDLE_VALUE) {
r_sys_perror ("w32_open_thread/OpenThread");
}
@ -452,46 +447,43 @@ static HANDLE w32_open_thread(int pid, int tid) {
}
RList *w32_thread_list(int pid, RList *list) {
HANDLE th;
HANDLE thid;
THREADENTRY32 te32;
te32.dwSize = sizeof(THREADENTRY32);
te32.dwSize = sizeof (THREADENTRY32);
if (!w32_OpenThread) {
eprintf("w32_thread_list: no w32_OpenThread?\n");
return list;
}
th = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, pid);
if(th == INVALID_HANDLE_VALUE || !Thread32First (th, &te32))
HANDLE th = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, pid);
if (th == INVALID_HANDLE_VALUE || !Thread32First (th, &te32)) {
goto err_load_th;
do {
// get all threads of process
if (te32.th32OwnerProcessID == pid) {
// open a new handler
// XXX: fd leak?
}
do {
// get all threads of process
if (te32.th32OwnerProcessID == pid) {
// open a new handler
// XXX: fd leak?
#if 0
75 typedef struct tagTHREADENTRY32 {
76 DWORD dwSize;
77 DWORD cntUsage;
78 DWORD th32ThreadID;
79 DWORD th32OwnerProcessID;
80 LONG tpBasePri;
81 LONG tpDeltaPri;
82 DWORD dwFlags;
83 };
75 typedef struct tagTHREADENTRY32 {
76 DWORD dwSize;
77 DWORD cntUsage;
78 DWORD th32ThreadID;
79 DWORD th32OwnerProcessID;
80 LONG tpBasePri;
81 LONG tpDeltaPri;
82 DWORD dwFlags;
83 };
#endif
thid = w32_OpenThread (THREAD_ALL_ACCESS, 0, te32.th32ThreadID);
if (!thid) {
r_sys_perror ("w32_thread_list/OpenThread");
goto err_load_th;
}
r_list_append (list, r_debug_pid_new ("???", te32.th32ThreadID, 0, 's', 0));
}
} while (Thread32Next (th, &te32));
thid = OpenThread (THREAD_ALL_ACCESS, 0, te32.th32ThreadID);
if (!thid) {
r_sys_perror ("w32_thread_list/OpenThread");
goto err_load_th;
}
r_list_append (list, r_debug_pid_new ("???", te32.th32ThreadID, 0, 's', 0));
}
} while (Thread32Next (th, &te32));
err_load_th:
if(th != INVALID_HANDLE_VALUE)
CloseHandle (th);
if (th != INVALID_HANDLE_VALUE) {
CloseHandle (th);
}
return list;
}
@ -499,22 +491,15 @@ static RDebugPid *build_debug_pid(PROCESSENTRY32 *pe) {
TCHAR image_name[MAX_PATH + 1];
DWORD length = MAX_PATH;
RDebugPid *ret;
char *name;
HANDLE process = w32_OpenProcess (0x1000, //PROCESS_QUERY_LIMITED_INFORMATION,
FALSE, pe->th32ProcessID);
// PROCESS_QUERY_LIMITED_INFORMATION,
HANDLE process = OpenProcess (0x1000, FALSE, pe->th32ProcessID);
*image_name = '\0';
if (process) {
if (w32_QueryFullProcessImageName) {
w32_QueryFullProcessImageName (process, 0, image_name, &length);
}
r_w32_QueryFullProcessImageName (process, 0, image_name, &length);
CloseHandle(process);
}
if (*image_name) {
name = r_sys_conv_win_to_utf8 (image_name);
} else {
name = r_sys_conv_win_to_utf8 (pe->szExeFile);
}
char *name = r_sys_conv_win_to_utf8 (*image_name? image_name: pe->szExeFile);
ret = r_debug_pid_new (name, pe->th32ProcessID, 0, 's', 0);
free (name);
return ret;
@ -550,16 +535,14 @@ RList *w32_pids(int pid, RList *list) {
}
bool w32_terminate_process(RDebug *dbg, int pid) {
HANDLE h_proc = w32_OpenProcess(PROCESS_TERMINATE | SYNCHRONIZE , FALSE, pid);
HANDLE h_proc = OpenProcess (PROCESS_TERMINATE | SYNCHRONIZE , FALSE, pid);
bool ret = false;
if (!h_proc) {
r_sys_perror ("w32_terminate_process/OpenProcess");
goto err_w32_terminate_process;
}
/* stop debugging if we are still attached */
if (w32_DebugActiveProcessStop) {
w32_DebugActiveProcessStop (pid); //DebugActiveProcessStop (pid);
}
DebugActiveProcessStop (pid);
if (TerminateProcess (h_proc, 1) == 0) {
r_sys_perror ("e32_terminate_process/TerminateProcess");
goto err_w32_terminate_process;
@ -585,13 +568,13 @@ err_w32_terminate_process:
void w32_break_process(void *d) {
RDebug *dbg = (RDebug *)d;
HANDLE h_proc = w32_OpenProcess (PROCESS_ALL_ACCESS, FALSE, dbg->pid);
HANDLE h_proc = OpenProcess (PROCESS_ALL_ACCESS, FALSE, dbg->pid);
if (!h_proc) {
r_sys_perror ("w32_break_process/w32_OpenProcess");
r_sys_perror ("w32_break_process/OpenProcess");
goto err_w32_break_process;
}
if (!w32_DebugBreakProcess (h_proc)) {
r_sys_perror ("w32_break_process/w32_DebugBreakProcess");
if (!r_w32_DebugBreakProcess (h_proc)) {
r_sys_perror ("w32_break_process/DebugBreakProcess");
goto err_w32_break_process;
}
err_w32_break_process:
@ -610,51 +593,48 @@ static int GetAVX(HANDLE hThread, ut128 xmm[16], ut128 ymm[16]) {
ut128 * Ymm = NULL;
void * buffer = NULL;
PCONTEXT Context;
if (w32_GetEnabledXStateFeatures == (ut64 (WINAPI *) ())-1) {
return 0;
}
// Check for AVX extension
FeatureMask = w32_GetEnabledXStateFeatures();
FeatureMask = r_w32_GetEnabledXStateFeatures ();
if ((FeatureMask & XSTATE_MASK_AVX) == 0) {
return 0;
}
Success = w32_InitializeContext(NULL, CONTEXT_ALL | CONTEXT_XSTATE, NULL, &ContextSize);
if ((Success == TRUE) || (GetLastError() != ERROR_INSUFFICIENT_BUFFER)) {
Success = r_w32_InitializeContext (NULL, CONTEXT_ALL | CONTEXT_XSTATE, NULL, &ContextSize);
if (Success || (GetLastError() != ERROR_INSUFFICIENT_BUFFER)) {
return 0;
}
buffer = malloc(ContextSize);
buffer = malloc (ContextSize);
if (buffer == NULL) {
return 0;
}
Success = w32_InitializeContext(buffer, CONTEXT_ALL | CONTEXT_XSTATE, &Context, &ContextSize);
if (Success == FALSE) {
Success = r_w32_InitializeContext (buffer, CONTEXT_ALL | CONTEXT_XSTATE, &Context, &ContextSize);
if (!Success) {
free(buffer);
return 0;
}
Success = w32_SetXStateFeaturesMask(Context, XSTATE_MASK_AVX);
if (Success == FALSE) {
Success = r_w32_SetXStateFeaturesMask (Context, XSTATE_MASK_AVX);
if (!Success) {
free(buffer);
return 0;
}
Success = GetThreadContext(hThread, Context);
if (Success == FALSE) {
Success = GetThreadContext (hThread, Context);
if (!Success) {
free(buffer);
return 0;
}
Success = w32_GetXStateFeaturesMask(Context, &FeatureMask);
if (Success == FALSE) {
Success = r_w32_GetXStateFeaturesMask (Context, &FeatureMask);
if (!Success) {
free(buffer);
return 0;
}
Xmm = (ut128 *)w32_LocateXStateFeature(Context, XSTATE_LEGACY_SSE, &FeatureLength);
nRegs = FeatureLength / sizeof(*Xmm);
Xmm = (ut128 *)r_w32_LocateXStateFeature(Context, XSTATE_LEGACY_SSE, &FeatureLength);
nRegs = FeatureLength / sizeof (*Xmm);
for (Index = 0; Index < nRegs; Index++) {
ymm[Index].High = 0;
xmm[Index].High = 0;
ymm[Index].Low = 0;
xmm[Index].Low = 0;
}
if (Xmm != NULL) {
if (Xmm) {
for (Index = 0; Index < nRegs; Index++) {
xmm[Index].High = Xmm[Index].High;
xmm[Index].Low = Xmm[Index].Low;
@ -662,13 +642,13 @@ static int GetAVX(HANDLE hThread, ut128 xmm[16], ut128 ymm[16]) {
}
if ((FeatureMask & XSTATE_MASK_AVX) != 0) {
// check for AVX initialization and get the pointer.
Ymm = (ut128 *)w32_LocateXStateFeature(Context, XSTATE_AVX, NULL);
Ymm = (ut128 *)r_w32_LocateXStateFeature (Context, XSTATE_AVX, NULL);
for (Index = 0; Index < nRegs; Index++) {
ymm[Index].High = Ymm[Index].High;
ymm[Index].Low = Ymm[Index].Low;
}
}
free(buffer);
free (buffer);
return nRegs;
}
@ -788,13 +768,12 @@ static int w32_reg_read(RDebug *dbg, int type, ut8 *buf, int size) {
static int w32_reg_write(RDebug *dbg, int type, const ut8* buf, int size) {
BOOL ret = false;
HANDLE thread;
#if _MSC_VER
CONTEXT ctx;
#else
CONTEXT ctx __attribute__((aligned (16)));
#endif
thread = w32_open_thread (dbg->pid, dbg->tid);
HANDLE thread = w32_open_thread (dbg->pid, dbg->tid);
ctx.ContextFlags = CONTEXT_ALL;
GetThreadContext (thread, &ctx);
// on windows we dont need check type alway read/write full arena
@ -862,37 +841,30 @@ static void w32_info_user(RDebug *dbg, RDebugInfo *rdi) {
rdi->usr = r_sys_conv_win_to_utf8 (usr);
}
err_w32_info_user:
if (h_proc) {
CloseHandle (h_proc);
}
if (h_tok) {
CloseHandle (h_tok);
}
free (usr);
free (usr_dom);
free (tok_usr);
if (h_proc) {
CloseHandle (h_proc);
}
if (h_tok) {
CloseHandle (h_tok);
}
free (usr);
free (usr_dom);
free (tok_usr);
}
static void w32_info_exe(RDebug *dbg, RDebugInfo *rdi) {
LPTSTR path = NULL;
HANDLE h_proc;
DWORD len;
if (!w32_QueryFullProcessImageName) {
return;
}
h_proc = OpenProcess (PROCESS_QUERY_INFORMATION, FALSE, dbg->pid);
HANDLE h_proc = OpenProcess (PROCESS_QUERY_INFORMATION, FALSE, dbg->pid);
if (!h_proc) {
r_sys_perror ("w32_info_exe/OpenProcess");
goto err_w32_info_exe;
}
path = (LPTSTR)malloc (MAX_PATH + 1);
LPTSTR path = (LPTSTR)malloc (MAX_PATH + 1);
if (!path) {
perror ("w32_info_exe/malloc path");
goto err_w32_info_exe;
}
len = MAX_PATH;
if (w32_QueryFullProcessImageName (h_proc, 0, path, &len)) {
DWORD len = MAX_PATH;
if (r_w32_QueryFullProcessImageName (h_proc, 0, path, &len)) {
path[len] = '\0';
rdi->exe = r_sys_conv_win_to_utf8 (path);
} else {

86
libr/debug/p/native/windows/windows_debug.c
View File

@ -43,8 +43,8 @@ static PTHREAD_ITEM __r_debug_thread_add(RDebug *dbg, DWORD pid, DWORD tid, HAND
if (!dbg->threads) {
dbg->threads = r_list_newf (free);
}
if (!lpStartAddress && w32_NtQueryInformationThread) {
w32_NtQueryInformationThread (hThread, 9, &lpStartAddress, sizeof (LPVOID), NULL);
if (!lpStartAddress) {
r_w32_NtQueryInformationThread (hThread, 9, &lpStartAddress, sizeof (LPVOID), NULL);
}
THREAD_ITEM th = {
pid,
@ -168,37 +168,33 @@ static int __get_avx(HANDLE th, ut128 xmm[16], ut128 ymm[16]) {
ut64 featuremask = 0;
ut128 *newxmm = NULL;
ut128 *newymm = NULL;
void *buffer = NULL;
PCONTEXT ctx;
if (!w32_GetEnabledXStateFeatures) {
return 0;
}
// Check for AVX extension
featuremask = w32_GetEnabledXStateFeatures ();
featuremask = r_w32_GetEnabledXStateFeatures ();
if ((featuremask & XSTATE_MASK_AVX) == 0) {
return 0;
}
if ((w32_InitializeContext (NULL, CONTEXT_ALL | CONTEXT_XSTATE, NULL, &ctxsize)) || (GetLastError () != ERROR_INSUFFICIENT_BUFFER)) {
if ((r_w32_InitializeContext (NULL, CONTEXT_ALL | CONTEXT_XSTATE, NULL, &ctxsize)) || (GetLastError () != ERROR_INSUFFICIENT_BUFFER)) {
return 0;
}
buffer = malloc (ctxsize);
void *buffer = malloc (ctxsize);
if (!buffer) {
return 0;
}
if (!w32_InitializeContext (buffer, CONTEXT_ALL | CONTEXT_XSTATE, &ctx, &ctxsize)) {
if (!r_w32_InitializeContext (buffer, CONTEXT_ALL | CONTEXT_XSTATE, &ctx, &ctxsize)) {
goto err_get_avx;
}
if (!w32_SetXStateFeaturesMask (ctx, XSTATE_MASK_AVX)) {
if (!r_w32_SetXStateFeaturesMask (ctx, XSTATE_MASK_AVX)) {
goto err_get_avx;
}
// TODO: Use __get_thread_context
if (!GetThreadContext (th, ctx)) {
goto err_get_avx;
}
if (w32_GetXStateFeaturesMask (ctx, &featuremask)) {
if (r_w32_GetXStateFeaturesMask (ctx, &featuremask)) {
goto err_get_avx;
}
newxmm = (ut128 *)w32_LocateXStateFeature (ctx, XSTATE_LEGACY_SSE, &featurelen);
newxmm = (ut128 *)r_w32_LocateXStateFeature (ctx, XSTATE_LEGACY_SSE, &featurelen);
nregs = featurelen / sizeof(*newxmm);
for (index = 0; index < nregs; index++) {
ymm[index].High = 0;
@ -214,7 +210,7 @@ static int __get_avx(HANDLE th, ut128 xmm[16], ut128 ymm[16]) {
}
if ((featuremask & XSTATE_MASK_AVX) != 0) {
// check for AVX initialization and get the pointer.
newymm = (ut128 *)w32_LocateXStateFeature (ctx, XSTATE_AVX, NULL);
newymm = (ut128 *)r_w32_LocateXStateFeature (ctx, XSTATE_AVX, NULL);
if (!newymm) {
goto err_get_avx;
}
@ -318,7 +314,7 @@ int w32_reg_read(RDebug *dbg, int type, ut8 *buf, int size) {
if (dbg->bits == R_SYS_BITS_64) {
flags |= THREAD_QUERY_INFORMATION;
}
th = w32_OpenThread (flags, FALSE, dbg->tid);
th = OpenThread (flags, FALSE, dbg->tid);
if (!th && alive) {
r_sys_perror ("w32_reg_read/OpenThread");
}
@ -360,7 +356,7 @@ int w32_reg_write(RDebug *dbg, int type, const ut8 *buf, int size) {
if (dbg->bits == R_SYS_BITS_64) {
flags |= THREAD_QUERY_INFORMATION;
}
HANDLE th = w32_OpenThread (flags, FALSE, dbg->tid);
HANDLE th = OpenThread (flags, FALSE, dbg->tid);
if (!th) {
r_sys_perror ("w32_reg_write/OpenThread");
return false;
@ -388,13 +384,7 @@ int w32_attach(RDebug *dbg, int pid) {
if (wrap->pi.hProcess) {
return wrap->pi.dwThreadId;
}
if (!w32_OpenProcess) {
r_w32_init ();
if (!w32_OpenProcess) {
return pid;
}
}
HANDLE ph = w32_OpenProcess (w32_PROCESS_ALL_ACCESS, FALSE, pid);
HANDLE ph = OpenProcess (w32_PROCESS_ALL_ACCESS, FALSE, pid);
if (!ph) {
return -1;
}
@ -452,7 +442,7 @@ static char *__get_file_name_from_handle(HANDLE handle_file) {
}
/* Create a file mapping to get the file name. */
map = MapViewOfFile (handle_file_map, FILE_MAP_READ, 0, 0, 1);
if (!map || !w32_GetMappedFileName || !w32_GetMappedFileName (GetCurrentProcess (), map, filename, MAX_PATH)) {
if (!map || !r_w32_GetMappedFileName (GetCurrentProcess (), map, filename, MAX_PATH)) {
R_FREE (filename);
goto err_get_file_name_from_handle;
}
@ -504,10 +494,7 @@ static char *__resolve_path(HANDLE ph, HANDLE mh) {
// TODO: add maximum path length support
const DWORD maxlength = MAX_PATH;
TCHAR filename[MAX_PATH];
DWORD length = 0;
if (w32_GetModuleFileNameEx) {
length = w32_GetModuleFileNameEx (ph, mh, filename, maxlength);
}
DWORD length = r_w32_GetModuleFileNameEx (ph, mh, filename, maxlength);
if (length > 0) {
return r_sys_conv_win_to_utf8 (filename);
}
@ -516,9 +503,7 @@ static char *__resolve_path(HANDLE ph, HANDLE mh) {
return name;
}
// Upon failure fallback to w32_GetProcessImageFileName
if (w32_GetProcessImageFileName) {
length = w32_GetProcessImageFileName (mh, filename, maxlength);
}
length = r_w32_GetProcessImageFileName (mh, filename, maxlength);
if (length < 1) {
return NULL;
}
@ -639,14 +624,7 @@ int w32_select(RDebug *dbg, int pid, int tid) {
PTHREAD_ITEM th = __find_thread (dbg, tid);
if (tid && dbg->threads && !th) {
if (!w32_OpenThread) {
r_w32_init ();
if (!w32_OpenThread) {
eprintf("w32_OpenThread is not in kernel32\n");
return -1;
}
}
HANDLE handler = w32_OpenThread (w32_THREAD_ALL_ACCESS, FALSE, tid);
HANDLE handler = OpenThread (w32_THREAD_ALL_ACCESS, FALSE, tid);
if (handler) {
th = __r_debug_thread_add (dbg, pid, tid, handler, 0, 0, FALSE);
}
@ -713,7 +691,7 @@ void w32_break_process(void *user) {
if (dbg->corebind.cfggeti (dbg->corebind.core, "dbg.threads")) {
w32_select (dbg, wrap->pi.dwProcessId, -1); // Suspend all threads
} else {
if (!w32_DebugBreakProcess (wrap->pi.hProcess)) {
if (!r_w32_DebugBreakProcess (wrap->pi.hProcess)) {
r_sys_perror ("w32_break_process/DebugBreakProcess");
eprintf("Could not interrupt program, attempt to press Ctrl-C in the program's console.\n");
}
@ -1009,7 +987,7 @@ RDebugReasonType w32_dbg_wait(RDebug *dbg, int pid) {
if (th) {
wrap->pi.hThread = th->hThread;
} else {
HANDLE th = w32_OpenThread (w32_THREAD_ALL_ACCESS, FALSE, tid);
HANDLE th = OpenThread (w32_THREAD_ALL_ACCESS, FALSE, tid);
wrap->pi.hThread = th;
__r_debug_thread_add (dbg, pid, tid, th, 0, 0, __is_thread_alive (dbg, tid));
}
@ -1128,18 +1106,15 @@ int w32_map_protect(RDebug *dbg, ut64 addr, int size, int perms) {
}
RList *w32_thread_list(RDebug *dbg, int pid, RList *list) {
if (!w32_CreateToolhelp32Snapshot) {
return NULL;
}
// pid is not respected for TH32CS_SNAPTHREAD flag
HANDLE th = w32_CreateToolhelp32Snapshot (TH32CS_SNAPTHREAD, 0);
HANDLE th = CreateToolhelp32Snapshot (TH32CS_SNAPTHREAD, 0);
if (th == INVALID_HANDLE_VALUE) {
r_sys_perror ("w32_thread_list/CreateToolhelp32Snapshot");
return list;
}
THREADENTRY32 te;
te.dwSize = sizeof (te);
HANDLE ph = w32_OpenProcess (PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid);
HANDLE ph = OpenProcess (PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid);
if (Thread32First (th, &te)) {
// TODO: export this code to its own function?
char *path = NULL;
@ -1284,7 +1259,7 @@ static RDebugPid *__build_debug_pid(int pid, int ppid, HANDLE ph, const TCHAR* n
char *path = NULL;
int uid = -1;
if (!ph) {
ph = w32_OpenProcess (PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid);
ph = OpenProcess (PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid);
if (ph) {
path = __resolve_path (ph, NULL);
DWORD sid;
@ -1313,10 +1288,7 @@ static RDebugPid *__build_debug_pid(int pid, int ppid, HANDLE ph, const TCHAR* n
}
RList *w32_pid_list(RDebug *dbg, int pid, RList *list) {
if (!w32_CreateToolhelp32Snapshot) {
return NULL;
}
HANDLE sh = w32_CreateToolhelp32Snapshot (TH32CS_SNAPPROCESS, pid);
HANDLE sh = CreateToolhelp32Snapshot (TH32CS_SNAPPROCESS, pid);
if (sh == INVALID_HANDLE_VALUE) {
r_sys_perror ("w32_pid_list/CreateToolhelp32Snapshot");
return list;
@ -1360,14 +1332,14 @@ RList *w32_desc_list(int pid) {
if (!ret) {
return NULL;
}
if (!(ph = w32_OpenProcess (PROCESS_DUP_HANDLE, FALSE, pid))) {
if (!(ph = OpenProcess (PROCESS_DUP_HANDLE, FALSE, pid))) {
r_sys_perror ("win_desc_list/OpenProcess");
r_list_free (ret);
return NULL;
}
handleInfo = (PSYSTEM_HANDLE_INFORMATION)malloc (handleInfoSize);
#define SystemHandleInformation 16
while ((status = w32_NtQuerySystemInformation (SystemHandleInformation, handleInfo, handleInfoSize, NULL)) == STATUS_INFO_LENGTH_MISMATCH) {
while ((status = r_w32_NtQuerySystemInformation (SystemHandleInformation, handleInfo, handleInfoSize, NULL)) == STATUS_INFO_LENGTH_MISMATCH) {
handleInfoSize *= 2;
void *tmp = realloc (handleInfo, (size_t)handleInfoSize);
if (tmp) {
@ -1390,10 +1362,10 @@ RList *w32_desc_list(int pid) {
if (handle.ProcessId != pid) {
continue;
}
if (w32_NtDuplicateObject (ph, (HANDLE)handle.Handle, GetCurrentProcess (), &dupHandle, 0, 0, 0)) {
if (r_w32_NtDuplicateObject (ph, (HANDLE)handle.Handle, GetCurrentProcess (), &dupHandle, 0, 0, 0)) {
continue;
}
if (w32_NtQueryObject (dupHandle, 2, objectTypeInfo, 0x1000, NULL)) {
if (r_w32_NtQueryObject (dupHandle, 2, objectTypeInfo, 0x1000, NULL)) {
CloseHandle (dupHandle);
continue;
}
@ -1415,12 +1387,12 @@ RList *w32_desc_list(int pid) {
if (!objectNameInfo) {
break;
}
if (w32_NtQueryObject (dupHandle, 1, objectNameInfo, 0x1000, &returnLength)) {
if (r_w32_NtQueryObject (dupHandle, 1, objectNameInfo, 0x1000, &returnLength)) {
void *tmp = realloc (objectNameInfo, returnLength);
if (tmp) {
objectNameInfo = tmp;
}
if (w32_NtQueryObject (dupHandle, 1, objectNameInfo, returnLength, NULL)) {
if (r_w32_NtQueryObject (dupHandle, 1, objectNameInfo, returnLength, NULL)) {
free (objectNameInfo);
CloseHandle (dupHandle);
continue;

53
libr/include/r_util/r_w32.h
View File

@ -12,30 +12,39 @@ extern "C" {
#ifndef NTSTATUS
#define NTSTATUS DWORD
#undef TEXT
#define TEXT(x) (TCHAR*)(x)
#endif
R_API DWORD (*w32_GetProcessImageFileName)(HANDLE,LPSTR,DWORD);
R_API DWORD (*w32_GetModuleBaseName)(HANDLE, HMODULE, LPTSTR, DWORD);
R_API BOOL (*w32_GetModuleInformation)(HANDLE, HMODULE, LPMODULEINFO, DWORD);
R_API BOOL (*w32_DebugActiveProcessStop)(DWORD);
R_API HANDLE (*w32_OpenThread)(DWORD, BOOL, DWORD);
R_API BOOL (*w32_DebugBreakProcess)(HANDLE);
R_API DWORD (*w32_GetThreadId)(HANDLE); // Vista
R_API DWORD (*w32_GetProcessId)(HANDLE); // XP
R_API HANDLE (*w32_OpenProcess)(DWORD, BOOL, DWORD);
R_API BOOL (*w32_QueryFullProcessImageName)(HANDLE, DWORD, LPTSTR, PDWORD);
R_API DWORD (*w32_GetMappedFileName)(HANDLE, LPVOID, LPTSTR, DWORD);
R_API NTSTATUS (*w32_NtQuerySystemInformation)(ULONG, PVOID, ULONG, PULONG);
R_API NTSTATUS (*w32_NtQueryInformationThread)(HANDLE, ULONG, PVOID, ULONG, PULONG);
R_API NTSTATUS (*w32_NtDuplicateObject)(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG);
R_API NTSTATUS (*w32_NtQueryObject)(HANDLE, ULONG, PVOID, ULONG, PULONG);
R_API ut64 (*w32_GetEnabledXStateFeatures)(void);
R_API BOOL (*w32_InitializeContext)(PVOID, DWORD, PCONTEXT*, PDWORD);
R_API BOOL (*w32_GetXStateFeaturesMask)(PCONTEXT Context, PDWORD64);
R_API PVOID (*w32_LocateXStateFeature)(PCONTEXT Context, DWORD, PDWORD);
R_API BOOL (*w32_SetXStateFeaturesMask)(PCONTEXT Context, DWORD64);
R_API DWORD (*w32_GetModuleFileNameEx)(HANDLE, HMODULE, LPTSTR, DWORD);
R_API HANDLE (*w32_CreateToolhelp32Snapshot)(DWORD, DWORD);
#if 0
#define WAPI(x) r_w32_##x
#define WAPI(GetMappedFileName)
// Plain Native APIs with no wraping needed
#define r_w32_GetMappedFileName GetMappedFileName
#endif
R_API DWORD r_w32_GetProcessImageFileName(HANDLE,LPSTR,DWORD);
R_API DWORD r_w32_GetModuleBaseName(HANDLE, HMODULE, LPTSTR, DWORD);
R_API BOOL r_w32_GetModuleInformation(HANDLE, HMODULE, LPMODULEINFO, DWORD);
// R_API BOOL r_w32_DebugActiveProcessStop(DWORD);
R_API BOOL r_w32_DebugBreakProcess(HANDLE);
R_API DWORD r_w32_GetThreadId(HANDLE); // Vista
R_API DWORD r_w32_GetProcessId(HANDLE); // XP
R_API HANDLE r_w32_OpenProcess(DWORD, BOOL, DWORD);
R_API BOOL r_w32_QueryFullProcessImageName(HANDLE, DWORD, LPTSTR, PDWORD);
R_API DWORD r_w32_GetMappedFileName(HANDLE, LPVOID, LPTSTR, DWORD);
R_API NTSTATUS r_w32_NtQuerySystemInformation(ULONG, PVOID, ULONG, PULONG);
R_API NTSTATUS r_w32_NtQueryInformationThread(HANDLE, ULONG, PVOID, ULONG, PULONG);
R_API NTSTATUS r_w32_NtDuplicateObject(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG);
R_API NTSTATUS r_w32_NtQueryObject(HANDLE, ULONG, PVOID, ULONG, PULONG);
R_API ut64 r_w32_GetEnabledXStateFeatures(void);
R_API BOOL r_w32_InitializeContext(PVOID, DWORD, PCONTEXT*, PDWORD);
R_API BOOL r_w32_GetXStateFeaturesMask(PCONTEXT Context, PDWORD64);
R_API PVOID r_w32_LocateXStateFeature(PCONTEXT Context, DWORD, PDWORD);
R_API BOOL r_w32_SetXStateFeaturesMask(PCONTEXT Context, DWORD64);
R_API DWORD r_w32_GetModuleFileNameEx(HANDLE, HMODULE, LPTSTR, DWORD);
#endif
#ifdef __cplusplus

2
libr/io/p/io_self.c
View File

@ -239,7 +239,7 @@ static int update_self_regions(RIO *io, int pid) {
perm |= mbi.Protect & PAGE_EXECUTE_READ ? R_PERM_RX : 0;
perm |= mbi.Protect & PAGE_EXECUTE_READWRITE ? R_PERM_RWX : 0;
perm = mbi.Protect & PAGE_NOACCESS ? 0 : perm;
if (perm && w32_GetMappedFileName && !w32_GetMappedFileName (h, (LPVOID) mbi.BaseAddress, name, name_size)) {
if (perm && !r_w32_GetMappedFileName (h, (LPVOID) mbi.BaseAddress, name, name_size)) {
name[0] = '\0';
}
self_sections[self_sections_count].from = (ut64) mbi.BaseAddress;

11
libr/io/p/io_w32dbg.c
View File

@ -95,13 +95,6 @@ static bool __plugin_open(RIO *io, const char *file, bool many) {
return !strncmp (file, "w32dbg://", 9);
}
// mingw32 toolchain doesnt have this symbol
static HANDLE (WINAPI *r2_OpenThread)(
DWORD dwDesiredAccess,
BOOL bInheritHandle,
DWORD dwThreadId
) = NULL;
static int __w32_first_thread(int pid) {
HANDLE th;
HANDLE thid;
@ -119,9 +112,7 @@ static int __w32_first_thread(int pid) {
do {
/* get all threads of process */
if (te32.th32OwnerProcessID == pid) {
r2_OpenThread = OpenThread;
thid = r2_OpenThread
? r2_OpenThread (THREAD_ALL_ACCESS, 0, te32.th32ThreadID) : NULL;
thid = OpenThread (THREAD_ALL_ACCESS, 0, te32.th32ThreadID);
if (!thid) {
r_sys_perror ("__w32_first_thread/OpenThread");
goto err_first_th;

16
libr/util/format.c
View File

@ -21,6 +21,22 @@
#define MUSTSEEJSON (mode & R_PRINT_JSON && mode & R_PRINT_ISFIELD)
#define MUSTSEESTRUCT (mode & R_PRINT_STRUCT)
// FOR MINGW only
#if __MINGW32__
// gmtime_r can be defined by mingw
#ifndef gmtime_r
static struct tm* gmtime_r(const time_t* t, struct tm* r) {
// gmtime is threadsafe in windows because it uses TLS
struct tm *theTm = gmtime(t);
if (theTm) {
*r = *theTm;
return r;
}
return 0;
}
#endif // gmtime_r
#endif
//this define is used as a way to acknowledge when updateAddr should take len
//as real len of the buffer
#define THRESHOLD (-4444)

35
libr/util/sys.c
View File

@ -1085,29 +1085,16 @@ R_API int r_sys_run_rop(const ut8 *buf, int len) {
return 0;
}
R_API char *r_sys_pid_to_path(int pid) {
#if __WINDOWS__
// TODO: add maximum path length support
HANDLE processHandle;
// w32 specific API
R_API char *r_w32_handle_to_path(HANDLE processHandle) {
const DWORD maxlength = MAX_PATH;
TCHAR filename[MAX_PATH];
char *result = NULL;
processHandle = OpenProcess (PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid);
if (!processHandle) {
eprintf ("r_sys_pid_to_path: Cannot open process.\n");
return NULL;
}
DWORD length = 0;
if (w32_GetModuleFileNameEx) {
length = w32_GetModuleFileNameEx (processHandle, NULL, filename, maxlength);
}
DWORD length = r_w32_GetModuleFileNameEx (processHandle, NULL, filename, maxlength);
if (length == 0) {
// Upon failure fallback to GetProcessImageFileName
if (w32_GetProcessImageFileName) {
length = w32_GetProcessImageFileName (processHandle, filename, maxlength);
}
CloseHandle (processHandle);
length = r_w32_GetProcessImageFileName (processHandle, filename, maxlength);
if (length == 0) {
eprintf ("r_sys_pid_to_path: Error calling GetProcessImageFileName\n");
return NULL;
@ -1175,10 +1162,22 @@ R_API char *r_sys_pid_to_path(int pid) {
free (name);
free (tmp);
} else {
CloseHandle (processHandle);
result = r_sys_conv_win_to_utf8 (filename);
}
return result;
}
#endif
R_API char *r_sys_pid_to_path(int pid) {
#if __WINDOWS__
HANDLE processHandle = OpenProcess (PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid);
if (!processHandle) {
// eprintf ("r_sys_pid_to_path: Cannot open process.\n");
return NULL;
}
char *filename = r_w32_handle_to_path (processHandle);
CloseHandle (processHandle);
return filename;
#elif __APPLE__
#if __POWERPC__
#pragma message("TODO getpidproc")

4
libr/util/time.c
View File

@ -12,7 +12,11 @@
R_API ut64 r_time_now(void) {
ut64 ret;
struct timeval now;
#if __MINGW32__
mingw_gettimeofday (&now, NULL);
#else
gettimeofday (&now, NULL);
#endif
ret = now.tv_sec * R_USEC_PER_SEC;
ret += now.tv_usec;
return ret;

278
libr/util/w32.c
View File

@ -6,30 +6,175 @@
#if __WINDOWS__
#include <windows.h>
DWORD (*w32_GetProcessImageFileName)(HANDLE,LPSTR,DWORD) = NULL;
DWORD (*w32_GetModuleBaseName)(HANDLE, HMODULE, LPTSTR, DWORD) = NULL;
BOOL (*w32_GetModuleInformation)(HANDLE, HMODULE, LPMODULEINFO, DWORD) = NULL;
BOOL (*w32_DebugActiveProcessStop)(DWORD) = NULL;
HANDLE (*w32_OpenThread)(DWORD, BOOL, DWORD) = NULL;
BOOL (*w32_DebugBreakProcess)(HANDLE) = NULL;
DWORD (*w32_GetThreadId)(HANDLE) = NULL; // Vista
DWORD (*w32_GetProcessId)(HANDLE) = NULL; // XP
HANDLE (*w32_OpenProcess)(DWORD, BOOL, DWORD) = NULL;
BOOL (*w32_QueryFullProcessImageName)(HANDLE, DWORD, LPTSTR, PDWORD) = NULL;
DWORD (*w32_GetMappedFileName)(HANDLE, LPVOID, LPTSTR, DWORD) = NULL;
NTSTATUS (*w32_NtQuerySystemInformation)(ULONG, PVOID, ULONG, PULONG) = NULL;
NTSTATUS (*w32_NtQueryInformationThread)(HANDLE, ULONG, PVOID, ULONG, PULONG) = NULL;
NTSTATUS (*w32_NtDuplicateObject)(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG) = NULL;
NTSTATUS (*w32_NtQueryObject)(HANDLE, ULONG, PVOID, ULONG, PULONG) = NULL;
#if 1
static DWORD (*w32_GetThreadId)(HANDLE) = NULL; // Vista
static DWORD (*w32_GetProcessId)(HANDLE) = NULL; // XP
// fpu access API
ut64 (*w32_GetEnabledXStateFeatures)(void) = NULL;
BOOL (*w32_InitializeContext)(PVOID, DWORD, PCONTEXT*, PDWORD) = NULL;
BOOL (*w32_GetXStateFeaturesMask)(PCONTEXT Context, PDWORD64) = NULL;
PVOID (*w32_LocateXStateFeature)(PCONTEXT Context, DWORD, PDWORD) = NULL;
BOOL (*w32_SetXStateFeaturesMask)(PCONTEXT Context, DWORD64) = NULL;
DWORD (*w32_GetModuleFileNameEx)(HANDLE, HMODULE, LPTSTR, DWORD) = NULL;
HANDLE (*w32_CreateToolhelp32Snapshot)(DWORD, DWORD) = NULL;
static BOOL (*w32_InitializeContext)(PVOID, DWORD, PCONTEXT*, PDWORD) = NULL;
// static BOOL (*w32_GetXStateFeaturesMask)(PCONTEXT Context, PDWORD64) = NULL;
#endif
static inline HANDLE w32_loadlib(const char *name, const char *libname) {
HANDLE lib = GetModuleHandle (TEXT (name));
if (!lib) {
lib = LoadLibrary (TEXT (libname));
if (!lib) {
eprintf ("Cannot load psapi.dll. Aborting\n");
return (HANDLE)(size_t)0;
}
}
return lib;
}
R_API NTSTATUS r_w32_NtQuerySystemInformation(ULONG a, PVOID b, ULONG c, PULONG d) {
static NTSTATUS (*x)(ULONG, PVOID, ULONG, PULONG) = NULL;
if (!x) {
HANDLE lib = w32_loadlib ("ntdll", "ntdll.dll");
x = (NTSTATUS (*)(ULONG, PVOID, ULONG, PULONG)) GetProcAddress (lib, W32_TCALL ("NtQuerySystemInformation"));
}
return x? x (a, b, c, d): 0;
}
// XP1
R_API BOOL r_w32_DebugBreakProcess(HANDLE a) {
static BOOL (*x)(HANDLE) = NULL;
if (!x) {
HANDLE lib = w32_loadlib ("kernel32", "kernel32.dll");
x = (BOOL (*)(HANDLE)) GetProcAddress (lib, W32_TCALL ("DebugBreakProcess"));
}
return x? x (a): false;
}
R_API BOOL r_w32_SetXStateFeaturesMask(PCONTEXT a, DWORD64 b) {
static BOOL (*x)(PCONTEXT, DWORD64) = NULL;
if (!x) {
HANDLE lib = w32_loadlib ("kernel32", "kernel32.dll");
x = (BOOL (*)(PCONTEXT, DWORD64)) GetProcAddress (lib, W32_TCALL ("SetXStateFeaturesMask"));
}
return x? x (a, b): 0;
}
R_API PVOID r_w32_LocateXStateFeature(PCONTEXT a, DWORD b, PDWORD c) {
static PVOID (*x)(PCONTEXT, DWORD, PDWORD) = NULL;
if (!x) {
HANDLE lib = w32_loadlib ("kernel32", "kernel32.dll");
x = (PVOID (*)(PCONTEXT, DWORD, PDWORD)) GetProcAddress (lib, W32_TCALL ("LocateXStateFeature"));
}
return x? x (a, b, c): 0;
}
R_API BOOL r_w32_GetXStateFeaturesMask(PCONTEXT a, PDWORD64 b) {
static BOOL (*x)(PCONTEXT, PDWORD64) = NULL;
if (!x) {
HANDLE lib = w32_loadlib ("kernel32", "kernel32.dll");
x = (BOOL (*)(PCONTEXT, PDWORD64)) GetProcAddress (lib, W32_TCALL ("GetXStateFeaturesMask"));
}
return x? x (a, b): 0;
}
R_API NTSTATUS r_w32_NtDuplicateObject(HANDLE a, HANDLE b, HANDLE c, PHANDLE d, ACCESS_MASK e, ULONG f, ULONG g) {
static NTSTATUS (*x)(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG) = NULL;
if (!x) {
HANDLE lib = w32_loadlib ("ntdll", "ntdll.dll");
x = (NTSTATUS (*)(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG)) GetProcAddress (lib, W32_TCALL ("NtDuplicateObject"));
}
return x? x (a, b, c, d, e, f, g): 0;
}
// api to retrieve YMM from w7 sp1
R_API ut64 r_w32_GetEnabledXStateFeatures(void) {
static ut64 (*x)(void) = NULL;
if (!x) {
HANDLE lib = w32_loadlib ("kernel32", "kernel32.dll");
x = (ut64 (*)(void)) GetProcAddress (lib, W32_TCALL ("GetEnabledXStateFeatures"));
}
return x? x (): 0;
}
R_API BOOL r_w32_InitializeContext(PVOID a, DWORD b, PCONTEXT* c, PDWORD d) {
static BOOL (*x) (PVOID, DWORD, PCONTEXT*, PDWORD) = NULL;
if (!x) {
HANDLE lib = w32_loadlib ("ntdll", "ntdll.dll");
x = (BOOL (*) (PVOID, DWORD, PCONTEXT*, PDWORD))
GetProcAddress (lib, W32_TCALL ("InitializeContext"));
}
return x? x (a, b, c, d): 0;
}
R_API NTSTATUS r_w32_NtQueryInformationThread(HANDLE a, ULONG b, PVOID c, ULONG d, PULONG e) {
static NTSTATUS (*x)(HANDLE, ULONG, PVOID, ULONG, PULONG) = NULL;
if (!x) {
HANDLE lib = w32_loadlib ("ntdll", "ntdll.dll");
x = (NTSTATUS (*)(HANDLE, ULONG, PVOID, ULONG, PULONG))
GetProcAddress (lib, W32_TCALL ("NtQueryInformationThread"));
}
return x? x (a, b, c, d, e): 0;
}
// Requires Windows XP
R_API DWORD r_w32_GetModuleFileNameEx(HANDLE a, HMODULE b, LPTSTR c, DWORD d) {
static DWORD (*x)(HANDLE, HMODULE, LPTSTR, DWORD) = NULL;
if (!x) {
HANDLE lib = w32_loadlib ("psapi", "psapi.dll");
x = (DWORD (*)(HANDLE, HMODULE, LPTSTR, DWORD))
GetProcAddress (lib, W32_TCALL ("GetModuleFileNameEx"));
}
return x? x (a, b, c, d): 0;
}
R_API BOOL r_w32_QueryFullProcessImageName(HANDLE h, DWORD p, LPTSTR s, PDWORD l) {
static DWORD (*x)(HANDLE, DWORD, LPTSTR, PDWORD) = NULL;
if (!x) {
HANDLE lib = w32_loadlib ("kernel32", "kernel32.dll");
x = (DWORD (*)(HANDLE, DWORD, LPTSTR, PDWORD))
GetProcAddress (lib, W32_TCALL ("QueryFullProcessImageName"));
}
return x? x (h, p, s, l): 0;
}
R_API DWORD r_w32_GetMappedFileName(HANDLE h, LPVOID p, LPTSTR s, DWORD l) {
static DWORD (*x)(HANDLE, LPVOID, LPTSTR, DWORD) = NULL;
if (!x) {
HANDLE lib = w32_loadlib ("psapi", "psapi.dll");
x = (DWORD (*)(HANDLE, LPVOID, LPTSTR, DWORD))
GetProcAddress (lib, W32_TCALL ("GetMappedFileName"));
}
return x? x (h, p, s, l): 0;
}
R_API DWORD r_w32_NtQueryObject(HANDLE a, ULONG b, PVOID c, ULONG d, PULONG e) {
static NTSTATUS (*x)(HANDLE, ULONG, PVOID, ULONG, PULONG) = NULL;
if (!x) {
HANDLE lib = w32_loadlib ("ntdll", "ntdll.dll");
x = (NTSTATUS (*)(HANDLE, ULONG, PVOID, ULONG, PULONG)) GetProcAddress(lib,"NtQueryObject");
}
return x? x (a, b, c, d , e): 0;
}
R_API DWORD r_w32_GetProcessImageFileName(HANDLE a, LPSTR b, DWORD c) {
static DWORD (*x)(HANDLE,LPSTR,DWORD) = NULL;
if (!x) {
HANDLE lib = w32_loadlib ("psapi", "psapi.dll");
x = (DWORD (*)(HANDLE, LPSTR, DWORD))
GetProcAddress (lib, W32_TCALL ("GetProcessImageFileName"));
}
return x ? x (a, b, c): 0;
}
#if 0
// Requires Windows XP
static inline HANDLE r_w32_CreateToolhelp32Snapshot(DWORD a, DWORD b) {
static HANDLE (*x)(DWORD, DWORD) = NULL;
if (!x) {
HANDLE lib = w32_loadlib ("kernel32", "kernel32.dll");
x = (DWORD (*)(HANDLE, LPVOID, LPTSTR, DWORD))
GetProcAddress (lib, W32_TCALL ("CreateToolhelp32Snapshot"));
}
return x? x(h, p, s, l): INVALID_HANDLE_VALUE;
}
#endif
#if 0
static bool setup_debug_privileges(bool b) {
HANDLE tok;
if (!OpenProcessToken (GetCurrentProcess (), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &tok)) {
@ -50,6 +195,7 @@ static bool setup_debug_privileges(bool b) {
CloseHandle (tok);
return ret;
}
#endif
static bool setup_debug_privilege_noarg(void) {
/////////////////////////////////////////////////////////
@ -88,30 +234,15 @@ static bool setup_debug_privilege_noarg(void) {
}
R_API bool r_w32_init(void) {
HANDLE lib;
if (w32_DebugActiveProcessStop) {
// return false;
}
// escalate privs (required for win7/vista)
setup_debug_privilege_noarg();
lib = GetModuleHandle (TEXT ("kernel32"));
if (!lib) {
lib = LoadLibrary (TEXT("kernel32.dll"));
if (!lib) {
eprintf ("Cannot load kernel32.dll. Aborting\n");
return false;
}
}
setup_debug_privilege_noarg ();
HANDLE lib = w32_loadlib ("kernel32", "kernel32.dll");
// lookup function pointers for portability
w32_DebugActiveProcessStop = (BOOL (*)(DWORD))GetProcAddress (lib, "DebugActiveProcessStop");
w32_OpenThread = (HANDLE (*)(DWORD, BOOL, DWORD))GetProcAddress (lib, "OpenThread");
w32_OpenProcess = (HANDLE (*)(DWORD, BOOL, DWORD))GetProcAddress (lib, "OpenProcess");
// w32_OpenProcess = (HANDLE (*)(DWORD, BOOL, DWORD))GetProcAddress (lib, "OpenProcess");
w32_DebugBreakProcess = (BOOL (*)(HANDLE))
GetProcAddress (lib, "DebugBreakProcess");
w32_CreateToolhelp32Snapshot = (HANDLE (*)(DWORD, DWORD))
GetProcAddress (lib, "CreateToolhelp32Snapshot");
// w32_DebugBreakProcess = (BOOL (*)(HANDLE)) GetProcAddress (lib, "DebugBreakProcess");
// Windows XP
// w32_CreateToolhelp32Snapshot = (HANDLE (*)(DWORD, DWORD)) GetProcAddress (lib, "CreateToolhelp32Snapshot");
// only windows vista :(
w32_GetThreadId = (DWORD (*)(HANDLE))
@ -119,61 +250,16 @@ R_API bool r_w32_init(void) {
// from xp1
w32_GetProcessId = (DWORD (*)(HANDLE))
GetProcAddress (lib, "GetProcessId");
w32_QueryFullProcessImageName = (BOOL (*)(HANDLE, DWORD, LPTSTR, PDWORD))
GetProcAddress (lib, W32_TCALL ("QueryFullProcessImageName"));
// api to retrieve YMM from w7 sp1
w32_GetEnabledXStateFeatures = (ut64 (*) (void))
GetProcAddress(lib, "GetEnabledXStateFeatures");
w32_InitializeContext = (BOOL (*) (PVOID, DWORD, PCONTEXT*, PDWORD))
GetProcAddress(lib, "InitializeContext");
w32_GetXStateFeaturesMask = (BOOL (*) (PCONTEXT Context, PDWORD64))
GetProcAddress(lib, "GetXStateFeaturesMask");
w32_LocateXStateFeature = (PVOID (*) (PCONTEXT Context, DWORD ,PDWORD))
GetProcAddress(lib, "LocateXStateFeature");
w32_SetXStateFeaturesMask = (BOOL (*) (PCONTEXT Context, DWORD64))
GetProcAddress(lib, "SetXStateFeaturesMask");
lib = GetModuleHandle (TEXT ("psapi"));
if (!lib) {
lib = LoadLibrary (TEXT("psapi.dll"));
if (!lib) {
eprintf ("Cannot load psapi.dll. Aborting\n");
return false;
}
}
w32_GetMappedFileName = (DWORD (*)(HANDLE, LPVOID, LPTSTR, DWORD))
GetProcAddress (lib, W32_TCALL ("GetMappedFileName"));
w32_GetModuleBaseName = (DWORD (*)(HANDLE, HMODULE, LPTSTR, DWORD))
GetProcAddress (lib, W32_TCALL ("GetModuleBaseName"));
w32_GetProcessImageFileName = (DWORD (*)(HANDLE, LPSTR, DWORD))
GetProcAddress (lib, W32_TCALL ("GetProcessImageFileName"));
w32_GetModuleInformation = (BOOL (*)(HANDLE, HMODULE, LPMODULEINFO, DWORD))
GetProcAddress (lib, "GetModuleInformation");
w32_GetModuleFileNameEx = (DWORD (*)(HANDLE, HMODULE, LPTSTR, DWORD))
GetProcAddress (lib, W32_TCALL ("GetModuleFileNameEx"));
lib = GetModuleHandle (TEXT ("ntdll"));
if (!lib) {
lib = LoadLibrary (TEXT("ntdll.dll"));
}
w32_NtQuerySystemInformation = (NTSTATUS (*)(ULONG, PVOID, ULONG, PULONG))
GetProcAddress (lib, "NtQuerySystemInformation");
w32_NtDuplicateObject = (NTSTATUS (*)(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG))
GetProcAddress (lib, "NtDuplicateObject");
w32_NtQueryObject = (NTSTATUS (*)(HANDLE, ULONG, PVOID, ULONG, PULONG))
GetProcAddress(lib,"NtQueryObject");
w32_NtQueryInformationThread = (NTSTATUS (*)(HANDLE, ULONG, PVOID, ULONG, PULONG))
GetProcAddress (lib, "NtQueryInformationThread");
if (!w32_DebugActiveProcessStop || !w32_OpenThread || !w32_DebugBreakProcess ||
!w32_GetModuleBaseName || !w32_GetModuleInformation) {
// OOPS!
eprintf ("debug_init_calls:\n"
"DebugActiveProcessStop: 0x%p\n"
"OpenThread: 0x%p\n"
"DebugBreakProcess: 0x%p\n"
"GetThreadId: 0x%p\n",
w32_DebugActiveProcessStop, w32_OpenThread, w32_DebugBreakProcess, w32_GetThreadId);
return false;
}
// w32_GetXStateFeaturesMask = (BOOL (*) (PCONTEXT Context, PDWORD64)) GetProcAddress(lib, "GetXStateFeaturesMask");
// w32_LocateXStateFeature = (PVOID (*) (PCONTEXT Context, DWORD ,PDWORD)) GetProcAddress(lib, "LocateXStateFeature");
lib = w32_loadlib ("ntdll", "ntdll.dll");
// w32_NtQuerySystemInformation = (NTSTATUS (*)(ULONG, PVOID, ULONG, PULONG)) GetProcAddress (lib, "NtQuerySystemInformation");
//w32_NtDuplicateObject = (NTSTATUS (*)(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG)) GetProcAddress (lib, "NtDuplicateObject");
// w32_NtQueryInformationThread = (NTSTATUS (*)(HANDLE, ULONG, PVOID, ULONG, PULONG))
// GetProcAddress (lib, "NtQueryInformationThread");
return true;
}