win: support x64 reading x86 (wow64)

snapshot/win/process_reader_win.cc

 // Copyright 2015 The Crashpad Authors. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
@@ skipping 98 matching lines @@
   }
   return handle;
 }
 
 // It's necessary to suspend the thread to grab CONTEXT. SuspendThread has a
 // side-effect of returning the SuspendCount of the thread on success, so we
 // fill out these two pieces of semi-unrelated data in the same function.
 template <class Traits>
 bool FillThreadContextAndSuspendCount(HANDLE thread_handle,
                                       ProcessReaderWin::Thread* thread,
-                                      ProcessSuspensionState suspension_state) {
+                                      ProcessSuspensionState suspension_state,
+                                      bool is_64_reading_32) {
   // Don't suspend the thread if it's this thread. This is really only for test
   // binaries, as we won't be walking ourselves, in general.
   bool is_current_thread = thread->id ==
                            reinterpret_cast<process_types::TEB<Traits>*>(
                                NtCurrentTeb())->ClientId.UniqueThread;
 
-  // TODO(scottmg): Handle cross-bitness in this function.
-
   if (is_current_thread) {
     DCHECK(suspension_state == ProcessSuspensionState::kRunning);
     thread->suspend_count = 0;
-    RtlCaptureContext(&thread->context);
+    DCHECK(!is_64_reading_32);
+    RtlCaptureContext(&thread->context.native);
   } else {
     DWORD previous_suspend_count = SuspendThread(thread_handle);
     if (previous_suspend_count == -1) {
-      PLOG(ERROR) << "SuspendThread failed";
+      PLOG(ERROR) << "SuspendThread";
       return false;
     }
     DCHECK(previous_suspend_count > 0 ||
            suspension_state == ProcessSuspensionState::kRunning);
     thread->suspend_count =
         previous_suspend_count -
         (suspension_state == ProcessSuspensionState::kSuspended ? 1 : 0);
 
     memset(&thread->context, 0, sizeof(thread->context));
-    thread->context.ContextFlags = CONTEXT_ALL;
-    if (!GetThreadContext(thread_handle, &thread->context)) {
-      PLOG(ERROR) << "GetThreadContext failed";
-      return false;
+#if defined(ARCH_CPU_32_BITS)
+    const bool is_native = true;
+#elif defined(ARCH_CPU_64_BITS)
+    const bool is_native = !is_64_reading_32;
+    if (is_64_reading_32) {
+      thread->context.wow64.ContextFlags = CONTEXT_ALL;
+      if (!Wow64GetThreadContext(thread_handle, &thread->context.wow64)) {
+        PLOG(ERROR) << "Wow64GetThreadContext";
+        return false;
+      }
+    }
+#endif
+    if (is_native) {
+      thread->context.native.ContextFlags = CONTEXT_ALL;
+      if (!GetThreadContext(thread_handle, &thread->context.native)) {
+        PLOG(ERROR) << "GetThreadContext";
+        return false;
+      }
     }
 
     if (!ResumeThread(thread_handle)) {
-      PLOG(ERROR) << "ResumeThread failed";
+      PLOG(ERROR) << "ResumeThread";
       return false;
     }
   }
 
   return true;
 }
 
 }  // namespace
 
 ProcessReaderWin::Thread::Thread()
@@ skipping 72 matching lines @@
 }
 
 const std::vector<ProcessReaderWin::Thread>& ProcessReaderWin::Threads() {
   INITIALIZATION_STATE_DCHECK_VALID(initialized_);
 
   if (initialized_threads_)
     return threads_;
 
   initialized_threads_ = true;
 
-  if (process_info_.Is64Bit())
-    ReadThreadData<process_types::internal::Traits64>();
-  else
-    ReadThreadData<process_types::internal::Traits32>();
+#if defined(ARCH_CPU_64_BITS)
+  ReadThreadData<process_types::internal::Traits64>(process_info_.IsWow64());
+#else
+  ReadThreadData<process_types::internal::Traits32>(false);
+#endif
 
   return threads_;
 }
 
 const std::vector<ProcessInfo::Module>& ProcessReaderWin::Modules() {
   INITIALIZATION_STATE_DCHECK_VALID(initialized_);
 
   if (!process_info_.Modules(&modules_)) {
     LOG(ERROR) << "couldn't retrieve modules";
   }
 
   return modules_;
 }
 
 template <class Traits>
-void ProcessReaderWin::ReadThreadData() {
+void ProcessReaderWin::ReadThreadData(bool is_64_reading_32) {
   DCHECK(threads_.empty());
 
   scoped_ptr<uint8_t[]> buffer;
   process_types::SYSTEM_PROCESS_INFORMATION<Traits>* process_information =
       GetProcessInformation<Traits>(process_, &buffer);
   if (!process_information)
     return;
 
   for (unsigned long i = 0; i < process_information->NumberOfThreads; ++i) {
     const process_types::SYSTEM_THREAD_INFORMATION<Traits>& thread_info =
         process_information->Threads[i];
     ProcessReaderWin::Thread thread;
     thread.id = thread_info.ClientId.UniqueThread;
 
     ScopedKernelHANDLE thread_handle(OpenThread(thread_info));
     if (!thread_handle.is_valid())
       continue;
 
-    if (!FillThreadContextAndSuspendCount<Traits>(
-            thread_handle.get(), &thread, suspension_state_)) {
+    if (!FillThreadContextAndSuspendCount<Traits>(thread_handle.get(),
+                                                  &thread,
+                                                  suspension_state_,
+                                                  is_64_reading_32)) {
       continue;
     }
 
     // TODO(scottmg): I believe we could reverse engineer the PriorityClass from
     // the Priority, BasePriority, and
     // https://msdn.microsoft.com/en-us/library/windows/desktop/ms685100 .
     // MinidumpThreadWriter doesn't handle it yet in any case, so investigate
     // both of those at the same time if it's useful.
     thread.priority_class = NORMAL_PRIORITY_CLASS;
 
     thread.priority = thread_info.Priority;
 
     process_types::THREAD_BASIC_INFORMATION<Traits> thread_basic_info;
     NTSTATUS status = crashpad::NtQueryInformationThread(
         thread_handle.get(),
         static_cast<THREADINFOCLASS>(ThreadBasicInformation),
         &thread_basic_info,
         sizeof(thread_basic_info),
         nullptr);
     if (!NT_SUCCESS(status)) {
       NTSTATUS_LOG(ERROR, status) << "NtQueryInformationThread";
       continue;
     }
 
     // Read the TIB (Thread Information Block) which is the first element of the
     // TEB, for its stack fields.
     process_types::NT_TIB<Traits> tib;
-    if (ReadMemory(thread_basic_info.TebBaseAddress, sizeof(tib), &tib)) {
+    thread.teb = thread_basic_info.TebBaseAddress;
+    if (ReadMemory(thread.teb, sizeof(tib), &tib)) {
+      WinVMAddress base = 0;
+      WinVMAddress limit = 0;
+      // If we're reading a WOW64 process, then the TIB we just retrieved is the
+      // x64 one. The first word of the x64 TIB points at the x86 TIB. See
+      // https://msdn.microsoft.com/en-us/library/dn424783.aspx
+      if (is_64_reading_32) {
+        process_types::NT_TIB<process_types::internal::Traits32> tib32;
+        thread.teb = tib.Wow64Teb;
+        if (ReadMemory(thread.teb, sizeof(tib32), &tib32)) {
+          base = tib32.StackBase;
+          limit = tib32.StackLimit;
+        }
+      } else {
+        base = tib.StackBase;
+        limit = tib.StackLimit;
+      }
+
       // Note, "backwards" because of direction of stack growth.
-      thread.stack_region_address = tib.StackLimit;
-      if (tib.StackLimit > tib.StackBase) {
-        LOG(ERROR) << "invalid stack range: " << tib.StackBase << " - "
-                   << tib.StackLimit;
+      thread.stack_region_address = limit;
+      if (limit > base) {
+        LOG(ERROR) << "invalid stack range: " << base << " - " << limit;
         thread.stack_region_size = 0;
       } else {
-        thread.stack_region_size = tib.StackBase - tib.StackLimit;
+        thread.stack_region_size = base - limit;
       }
     }
     threads_.push_back(thread);
   }
 }
 
 }  // namespace crashpad