snapshot/win/pe_image_reader.cc - Issue 1052813002: win: make CrashpadInfo retrievable

Side by Side Diff: snapshot/win/pe_image_reader.cc

Issue 1052813002: win: make CrashpadInfo retrievable (Closed) Base URL: https://chromium.googlesource.com/crashpad/crashpad@master

Patch Set: fix mac includes Created 5 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright 2015 The Crashpad Authors. All rights reserved.

	2 //

	3 // Licensed under the Apache License, Version 2.0 (the "License");

	4 // you may not use this file except in compliance with the License.

	5 // You may obtain a copy of the License at

	6 //

	7 // http://www.apache.org/licenses/LICENSE-2.0

	8 //

	9 // Unless required by applicable law or agreed to in writing, software

	10 // distributed under the License is distributed on an "AS IS" BASIS,

	11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

	12 // See the License for the specific language governing permissions and

	13 // limitations under the License.

	14

	15 #include "snapshot/win/pe_image_reader.h"

	16

	17 #include "client/crashpad_info.h"

	18 #include "snapshot/win/process_reader_win.h"

	19

	20 namespace crashpad {

	21

	22 PEImageReader::PEImageReader()

	23 : process_reader_(nullptr), address_(0), module_name_(), initialized_() {

	24 }

	25

	26 PEImageReader::~PEImageReader() {

	27 }

	28

	29 bool PEImageReader::Initialize(ProcessReaderWin* process_reader,

	30 uintptr_t address,

	31 const std::string& name) {

	32 INITIALIZATION_STATE_SET_INITIALIZING(initialized_);

	33

	34 process_reader_ = process_reader;

	35 address_ = address;

	36 module_name_ = name;

	37

	38 INITIALIZATION_STATE_SET_VALID(initialized_);

	39 return true;

	40 }

	41

	42 bool PEImageReader::GetCrashpadInfo(

	43 process_types::CrashpadInfo* crashpad_info) const {

	44 INITIALIZATION_STATE_DCHECK_VALID(initialized_);

	45

	46 IMAGE_SECTION_HEADER section;

	47 if (!GetSectionByName("CPADinfo", &section))

	48 return false;

	49

	50 if (section.Misc.VirtualSize < sizeof(process_types::CrashpadInfo)) {
	Mark Mentovai 2015/04/29 19:37:15 The documentation says “This field is valid only f The documentation says “This field is valid only for executable images and should be set to 0 for object files.” In this instance, executable images means modules loaded into a process and thus includes DLLs, right? This is just a sanity check, and there’s no need to rewrite this or add a comment as long as the answer is “yes.” scottmg 2015/04/30 03:31:31 That's right. The same structures are used for .ob Show quoted text On 2015/04/29 19:37:15, Mark Mentovai wrote: > The documentation says “This field is valid only for executable images and > should be set to 0 for object files.” In this instance, executable images means > modules loaded into a process and thus includes DLLs, right? This is just a > sanity check, and there’s no need to rewrite this or add a comment as long as > the answer is “yes.” That's right. The same structures are used for .obj and for PEs, and "executable images" means all of EXE, DLL, CPL, OCX, etc.
	51 LOG(WARNING) << "small crashpad info section size "
	Mark Mentovai 2015/04/29 19:37:15 "base/logging.h" "base/logging.h" scottmg 2015/04/30 03:31:32 Done. Show quoted text On 2015/04/29 19:37:15, Mark Mentovai wrote: > "base/logging.h" Done.
	52 << section.Misc.VirtualSize << ", " << module_name_;

	53 return false;

	54 }

	55

	56 uintptr_t crashpad_info_address = address_ + section.VirtualAddress;
	Mark Mentovai 2015/04/29 19:37:14 PE modules load completely contiguously in memory PE modules load completely contiguously in memory on Windows, right? You should check that the address and end are within the range of the module. See CheckedMachAddressRange from util/mac/checked_mach_address_range.h. (We don’t use it in exactly this way in the Mach-O reader on Mac because Mach-O modules can load discontiguously, but we use it for similar range checks.) If you can know the size of the image for GetSectionByName, it’d be good to check the reads in there to ensure that they’re in-range as well. scottmg 2015/04/30 03:31:31 Done. (I moved most of util/mac/checked_mach_addre Show quoted text On 2015/04/29 19:37:14, Mark Mentovai wrote: > PE modules load completely contiguously in memory on Windows, right? You should > check that the address and end are within the range of the module. See > CheckedMachAddressRange from util/mac/checked_mach_address_range.h. (We don’t > use it in exactly this way in the Mach-O reader on Mac because Mach-O modules > can load discontiguously, but we use it for similar range checks.) > > If you can know the size of the image for GetSectionByName, it’d be good to > check the reads in there to ensure that they’re in-range as well. Done. (I moved most of util/mac/checked_mach_address_range to util/numeric/ in doing so.)
	57 // TODO(scottmg): process_types for cross-bitness.

	58 if (!process_reader_->ReadMemory(crashpad_info_address,

	59 sizeof(process_types::CrashpadInfo),

	60 crashpad_info)) {

	61 LOG(WARNING) << "could not read crashpad info" << module_name_;
	Mark Mentovai 2015/04/29 19:37:15 Space before module_name. Same on line 67. Space before module_name. Same on line 67. scottmg 2015/04/30 03:31:31 Done. Show quoted text On 2015/04/29 19:37:15, Mark Mentovai wrote: > Space before module_name. Same on line 67. Done.
	62 return false;

	63 }

	64

	65 if (crashpad_info->signature != CrashpadInfo::kSignature \|\|

	66 crashpad_info->version < 1) {

	67 LOG(WARNING) << "unexpected crashpad info data" << module_name_;

	68 return false;

	69 }

	70

	71 return true;

	72 }

	73

	74 bool PEImageReader::GetSectionByName(const std::string& name,

	75 IMAGE_SECTION_HEADER* section) const {

	76 IMAGE_DOS_HEADER dos_header;

	77 if (!process_reader_->ReadMemory(

	78 address_, sizeof(IMAGE_DOS_HEADER), &dos_header)) {

	79 LOG(WARNING) << "could not read dos header";
	Mark Mentovai 2015/04/29 19:37:14 Might want to send module_name_ to the log stream Might want to send module_name_ to the log stream on the messages in this method. scottmg 2015/04/30 03:31:32 Done. Show quoted text On 2015/04/29 19:37:14, Mark Mentovai wrote: > Might want to send module_name_ to the log stream on the messages in this > method. Done.
	80 return false;

	81 }

	82

	83 // TODO(scottmg): This is reading a same-bitness sized structure.

	84 IMAGE_NT_HEADERS nt_headers;

	85 uintptr_t nt_headers_address = address_ + dos_header.e_lfanew;
	Mark Mentovai 2015/04/29 19:37:15 Validate dos_header.e_magic before proceeding. And Validate dos_header.e_magic before proceeding. And after reading this, validate nt_headers.Signature. scottmg 2015/04/30 03:31:32 Done. Show quoted text On 2015/04/29 19:37:15, Mark Mentovai wrote: > Validate dos_header.e_magic before proceeding. And after reading this, validate > nt_headers.Signature. Done.
	86 if (!process_reader_->ReadMemory(

	87 nt_headers_address, sizeof(IMAGE_NT_HEADERS), &nt_headers)) {

	88 LOG(WARNING) << "could not read nt headers";

	89 return false;

	90 }

	91

	92 uintptr_t first_section_address =

	93 nt_headers_address + FIELD_OFFSET(IMAGE_NT_HEADERS, OptionalHeader) +
	Mark Mentovai 2015/04/29 19:37:14 If this is the same as offsetof, that’s more stand If this is the same as offsetof, that’s more standard (although maybe not in Windows code?) scottmg 2015/04/30 03:31:32 Done. Show quoted text On 2015/04/29 19:37:14, Mark Mentovai wrote: > If this is the same as offsetof, that’s more standard (although maybe not in > Windows code?) Done.
	94 nt_headers.FileHeader.SizeOfOptionalHeader;

	95 for (DWORD i = 0; i < nt_headers.FileHeader.NumberOfSections; ++i) {

	96 uintptr_t section_address =

	97 first_section_address + sizeof(IMAGE_SECTION_HEADER) * i;

	98 if (!process_reader_->ReadMemory(

	99 section_address, sizeof(IMAGE_SECTION_HEADER), section)) {

	100 LOG(WARNING) << "could not read section " << i;

	101 return false;

	102 }

	103 if (strncmp(reinterpret_cast<const char*>(section->Name),
	Mark Mentovai 2015/04/29 19:37:15 <string.h> <string.h> scottmg 2015/04/30 03:31:32 Done. Show quoted text On 2015/04/29 19:37:15, Mark Mentovai wrote: > <string.h> Done.
	104 name.c_str(),
	Mark Mentovai 2015/04/29 19:37:15 The problem with using strncmp in this way: it als The problem with using strncmp in this way: it also matches a prefix of a too-long search string. Ideally this whole method would fail if name.size() >= sizeof(section->Name) instead of trying for a partial match. scottmg 2015/04/30 03:31:31 Good point, validated `name` at function entry. > Show quoted text On 2015/04/29 19:37:15, Mark Mentovai wrote: > The problem with using strncmp in this way: it also matches a prefix of a > too-long search string. Ideally this whole method would fail if name.size() >= > sizeof(section->Name) instead of trying for a partial match. Good point, validated `name` at function entry. > rather than >= as it's nul padded, but not necessarily nul terminated.
	105 IMAGE_SIZEOF_SHORT_NAME) == 0) {
	Mark Mentovai 2015/04/29 19:37:14 sizeof(section->Name) is more descriptive. sizeof(section->Name) is more descriptive. scottmg 2015/04/30 03:31:32 Done. Show quoted text On 2015/04/29 19:37:14, Mark Mentovai wrote: > sizeof(section->Name) is more descriptive. Done.
	106 return true;

	107 }

	108 }

	109

	110 return false;

	111 }

	112

	113 } // namespace crashpad

OLD	NEW

« snapshot/win/pe_image_reader.h ('K') | « snapshot/win/pe_image_reader.h ('k') | snapshot/win/process_reader_win.h » ('j') | snapshot/win/process_reader_win.cc » ('J')