Chromium Code Reviews Chromium Code Reviews
Issue 1360863006:
win: Add more memory regions to gathering of PEB (Closed)
Base URL: https://chromium.googlesource.com/crashpad/crashpad@save-peb| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Crashpad Authors. All rights reserved. | 1 // Copyright 2015 The Crashpad Authors. All rights reserved. |
| 2 // | 2 // |
| 3 // Licensed under the Apache License, Version 2.0 (the "License"); | 3 // Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 // you may not use this file except in compliance with the License. | 4 // you may not use this file except in compliance with the License. |
| 5 // You may obtain a copy of the License at | 5 // You may obtain a copy of the License at |
| 6 // | 6 // |
| 7 // http://www.apache.org/licenses/LICENSE-2.0 | 7 // http://www.apache.org/licenses/LICENSE-2.0 |
| 8 // | 8 // |
| 9 // Unless required by applicable law or agreed to in writing, software | 9 // Unless required by applicable law or agreed to in writing, software |
| 10 // distributed under the License is distributed on an "AS IS" BASIS, | 10 // distributed under the License is distributed on an "AS IS" BASIS, |
| 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 // See the License for the specific language governing permissions and | 12 // See the License for the specific language governing permissions and |
| 13 // limitations under the License. | 13 // limitations under the License. |
| 14 | 14 |
| 15 #include "snapshot/win/process_snapshot_win.h" | 15 #include "snapshot/win/process_snapshot_win.h" |
| 16 | 16 |
| 17 #include <algorithm> | |
| 18 | |
| 17 #include "base/logging.h" | 19 #include "base/logging.h" |
| 18 #include "snapshot/win/module_snapshot_win.h" | 20 #include "snapshot/win/module_snapshot_win.h" |
| 19 #include "util/win/registration_protocol_win.h" | 21 #include "util/win/registration_protocol_win.h" |
| 20 #include "util/win/time.h" | 22 #include "util/win/time.h" |
| 21 | 23 |
| 22 namespace crashpad { | 24 namespace crashpad { |
| 23 | 25 |
| 24 ProcessSnapshotWin::ProcessSnapshotWin() | 26 ProcessSnapshotWin::ProcessSnapshotWin() |
| 25 : ProcessSnapshot(), | 27 : ProcessSnapshot(), |
| 26 system_(), | 28 system_(), |
| (...skipping 14 matching lines...) Expand all Loading... | |
| 41 bool ProcessSnapshotWin::Initialize(HANDLE process, | 43 bool ProcessSnapshotWin::Initialize(HANDLE process, |
| 42 ProcessSuspensionState suspension_state) { | 44 ProcessSuspensionState suspension_state) { |
| 43 INITIALIZATION_STATE_SET_INITIALIZING(initialized_); | 45 INITIALIZATION_STATE_SET_INITIALIZING(initialized_); |
| 44 | 46 |
| 45 GetTimeOfDay(&snapshot_time_); | 47 GetTimeOfDay(&snapshot_time_); |
| 46 | 48 |
| 47 if (!process_reader_.Initialize(process, suspension_state)) | 49 if (!process_reader_.Initialize(process, suspension_state)) |
| 48 return false; | 50 return false; |
| 49 | 51 |
| 50 system_.Initialize(&process_reader_); | 52 system_.Initialize(&process_reader_); |
| 51 WinVMAddress peb_address; | 53 |
| 52 WinVMSize peb_size; | 54 if (process_reader_.Is64Bit()) |
| 53 process_reader_.GetProcessInfo().Peb(&peb_address, &peb_size); | 55 InitializePebData<process_types::internal::Traits64>(); |
| 54 peb_.Initialize(&process_reader_, peb_address, peb_size); | 56 else |
| 57 InitializePebData<process_types::internal::Traits32>(); | |
| 55 | 58 |
| 56 InitializeThreads(); | 59 InitializeThreads(); |
| 57 InitializeModules(); | 60 InitializeModules(); |
| 58 | 61 |
| 59 INITIALIZATION_STATE_SET_VALID(initialized_); | 62 INITIALIZATION_STATE_SET_VALID(initialized_); |
| 60 return true; | 63 return true; |
| 61 } | 64 } |
| 62 | 65 |
| 63 bool ProcessSnapshotWin::InitializeException( | 66 bool ProcessSnapshotWin::InitializeException( |
| 64 WinVMAddress exception_information_address) { | 67 WinVMAddress exception_information_address) { |
| (...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 179 return modules; | 182 return modules; |
| 180 } | 183 } |
| 181 | 184 |
| 182 const ExceptionSnapshot* ProcessSnapshotWin::Exception() const { | 185 const ExceptionSnapshot* ProcessSnapshotWin::Exception() const { |
| 183 return exception_.get(); | 186 return exception_.get(); |
| 184 } | 187 } |
| 185 | 188 |
| 186 std::vector<const MemorySnapshot*> ProcessSnapshotWin::ExtraMemory() const { | 189 std::vector<const MemorySnapshot*> ProcessSnapshotWin::ExtraMemory() const { |
| 187 INITIALIZATION_STATE_DCHECK_VALID(initialized_); | 190 INITIALIZATION_STATE_DCHECK_VALID(initialized_); |
| 188 std::vector<const MemorySnapshot*> extra_memory; | 191 std::vector<const MemorySnapshot*> extra_memory; |
| 189 extra_memory.push_back(&peb_); | 192 for (const auto& peb_memory : peb_memory_) |
| 193 extra_memory.push_back(peb_memory); | |
| 190 return extra_memory; | 194 return extra_memory; |
| 191 } | 195 } |
| 192 | 196 |
| 193 void ProcessSnapshotWin::InitializeThreads() { | 197 void ProcessSnapshotWin::InitializeThreads() { |
| 194 const std::vector<ProcessReaderWin::Thread>& process_reader_threads = | 198 const std::vector<ProcessReaderWin::Thread>& process_reader_threads = |
| 195 process_reader_.Threads(); | 199 process_reader_.Threads(); |
| 196 for (const ProcessReaderWin::Thread& process_reader_thread : | 200 for (const ProcessReaderWin::Thread& process_reader_thread : |
| 197 process_reader_threads) { | 201 process_reader_threads) { |
| 198 auto thread = make_scoped_ptr(new internal::ThreadSnapshotWin()); | 202 auto thread = make_scoped_ptr(new internal::ThreadSnapshotWin()); |
| 199 if (thread->Initialize(&process_reader_, process_reader_thread)) { | 203 if (thread->Initialize(&process_reader_, process_reader_thread)) { |
| 200 threads_.push_back(thread.release()); | 204 threads_.push_back(thread.release()); |
| 201 } | 205 } |
| 202 } | 206 } |
| 203 } | 207 } |
| 204 | 208 |
| 205 void ProcessSnapshotWin::InitializeModules() { | 209 void ProcessSnapshotWin::InitializeModules() { |
| 206 const std::vector<ProcessInfo::Module>& process_reader_modules = | 210 const std::vector<ProcessInfo::Module>& process_reader_modules = |
| 207 process_reader_.Modules(); | 211 process_reader_.Modules(); |
| 208 for (const ProcessInfo::Module& process_reader_module : | 212 for (const ProcessInfo::Module& process_reader_module : |
| 209 process_reader_modules) { | 213 process_reader_modules) { |
| 210 auto module = make_scoped_ptr(new internal::ModuleSnapshotWin()); | 214 auto module = make_scoped_ptr(new internal::ModuleSnapshotWin()); |
| 211 if (module->Initialize(&process_reader_, process_reader_module)) { | 215 if (module->Initialize(&process_reader_, process_reader_module)) { |
| 212 modules_.push_back(module.release()); | 216 modules_.push_back(module.release()); |
| 213 } | 217 } |
| 214 } | 218 } |
| 215 } | 219 } |
| 216 | 220 |
| 221 template <class Traits> | |
| 222 void ProcessSnapshotWin::InitializePebData() { | |
| 223 WinVMAddress peb_address; | |
| 224 WinVMSize peb_size; | |
| 225 process_reader_.GetProcessInfo().Peb(&peb_address, &peb_size); | |
| 226 AddMemorySnapshot(peb_address, peb_size, &peb_memory_); | |
| 227 | |
| 228 process_types::PEB<Traits> peb_data; | |
| 229 if (!process_reader_.ReadMemory(peb_address, peb_size, &peb_data)) { | |
| 230 LOG(ERROR) << "ReadMemory PEB"; | |
| 231 return; | |
| 232 } | |
| 233 | |
| 234 process_types::PEB_LDR_DATA<Traits> peb_ldr_data; | |
| 235 AddMemorySnapshot(peb_data.Ldr, sizeof(peb_ldr_data), &peb_memory_); | |
| 236 if (!process_reader_.ReadMemory( | |
| 237 peb_data.Ldr, sizeof(peb_ldr_data), &peb_ldr_data)) { | |
| 238 LOG(ERROR) << "ReadMemory PEB_LDR_DATA"; | |
| 239 } else { | |
| 240 // Walk the LDR structure to retrieve its pointed-to data. | |
| 241 AddMemorySnapshotForLdrLIST_ENTRY( | |
|
Mark Mentovai
2015/10/01 19:05:47
Do the elements in the three lists point to the sa
scottmg
2015/10/01 20:17:01
It seems I'm writing more and more of the coalesci
| |
| 242 peb_ldr_data.InLoadOrderModuleList, | |
| 243 offsetof(process_types::LDR_DATA_TABLE_ENTRY<Traits>, InLoadOrderLinks), | |
| 244 &peb_memory_); | |
| 245 AddMemorySnapshotForLdrLIST_ENTRY( | |
| 246 peb_ldr_data.InMemoryOrderModuleList, | |
| 247 offsetof(process_types::LDR_DATA_TABLE_ENTRY<Traits>, | |
| 248 InMemoryOrderLinks), | |
| 249 &peb_memory_); | |
| 250 AddMemorySnapshotForLdrLIST_ENTRY( | |
| 251 peb_ldr_data.InInitializationOrderModuleList, | |
| 252 offsetof(process_types::LDR_DATA_TABLE_ENTRY<Traits>, | |
| 253 InInitializationOrderLinks), | |
| 254 &peb_memory_); | |
| 255 } | |
| 256 | |
| 257 process_types::RTL_USER_PROCESS_PARAMETERS<Traits> process_parameters; | |
| 258 if (!process_reader_.ReadMemory(peb_data.ProcessParameters, | |
| 259 sizeof(process_parameters), | |
| 260 &process_parameters)) { | |
| 261 LOG(ERROR) << "ReadMemory RTL_USER_PROCESS_PARAMETERS"; | |
| 262 return; | |
| 263 } | |
| 264 AddMemorySnapshot( | |
| 265 peb_data.ProcessParameters, sizeof(process_parameters), &peb_memory_); | |
| 266 | |
| 267 AddMemorySnapshotForUNICODE_STRING( | |
| 268 process_parameters.CurrentDirectory.DosPath, &peb_memory_); | |
| 269 AddMemorySnapshotForUNICODE_STRING(process_parameters.DllPath, &peb_memory_); | |
| 270 AddMemorySnapshotForUNICODE_STRING(process_parameters.ImagePathName, | |
| 271 &peb_memory_); | |
| 272 AddMemorySnapshotForUNICODE_STRING(process_parameters.CommandLine, | |
| 273 &peb_memory_); | |
| 274 AddMemorySnapshotForUNICODE_STRING(process_parameters.WindowTitle, | |
| 275 &peb_memory_); | |
| 276 AddMemorySnapshotForUNICODE_STRING(process_parameters.DesktopInfo, | |
| 277 &peb_memory_); | |
| 278 AddMemorySnapshotForUNICODE_STRING(process_parameters.ShellInfo, | |
| 279 &peb_memory_); | |
| 280 AddMemorySnapshotForUNICODE_STRING(process_parameters.RuntimeData, | |
| 281 &peb_memory_); | |
| 282 AddMemorySnapshot( | |
| 283 process_parameters.Environment, | |
| 284 DetermineSizeOfEnvironmentBlock(process_parameters.Environment), | |
| 285 &peb_memory_); | |
| 286 } | |
| 287 | |
| 288 void ProcessSnapshotWin::AddMemorySnapshot( | |
| 289 WinVMAddress address, | |
| 290 WinVMSize size, | |
| 291 PointerVector<internal::MemorySnapshotWin>* into) { | |
| 292 if (size == 0) | |
| 293 return; | |
| 294 | |
| 295 // Ensure that the entire range is readable. TODO(scottmg): Consider | |
| 296 // generalizing this as part of | |
| 297 // https://code.google.com/p/crashpad/issues/detail?id=59. | |
|
Mark Mentovai
2015/10/01 19:05:47
I read this bug and liked the terminology you used
scottmg
2015/10/01 20:17:01
Yeah, I confused myself for a bit with ExtraMemory
| |
| 298 auto ranges = process_reader_.GetProcessInfo().GetReadableRanges( | |
| 299 CheckedRange<WinVMAddress, WinVMSize>(address, size)); | |
| 300 if (ranges.size() != 1) | |
| 301 return; | |
|
Mark Mentovai
2015/10/01 19:05:47
Maybe these early returns should log something. Wh
scottmg
2015/10/01 20:17:01
Done.
| |
| 302 if (ranges[0].base() != address || ranges[0].size() != size) | |
| 303 return; | |
| 304 | |
| 305 internal::MemorySnapshotWin* memory_snapshot = | |
| 306 new internal::MemorySnapshotWin(); | |
| 307 memory_snapshot->Initialize(&process_reader_, address, size); | |
| 308 into->push_back(memory_snapshot); | |
| 309 } | |
| 310 | |
| 311 template <class Traits> | |
| 312 void ProcessSnapshotWin::AddMemorySnapshotForUNICODE_STRING( | |
| 313 const process_types::UNICODE_STRING<Traits>& us, | |
| 314 PointerVector<internal::MemorySnapshotWin>* into) { | |
| 315 AddMemorySnapshot(us.Buffer, us.Length, into); | |
| 316 } | |
| 317 | |
| 318 template <class Traits> | |
| 319 void ProcessSnapshotWin::AddMemorySnapshotForLdrLIST_ENTRY( | |
| 320 const process_types::LIST_ENTRY<Traits>& le, size_t offset_of_member, | |
| 321 PointerVector<internal::MemorySnapshotWin>* into) { | |
| 322 // Walk the doubly-linked list of entries, adding the list memory itself, as | |
| 323 // well as pointed-to strings. | |
| 324 Traits::Pointer last = le.Blink; | |
| 325 process_types::LDR_DATA_TABLE_ENTRY<Traits> entry; | |
| 326 Traits::Pointer cur = le.Flink; | |
| 327 for (;;) { | |
| 328 // |cur| is the pointer to LIST_ENTRY embedded in the LDR_DATA_TABLE_ENTRY. | |
| 329 // So we need to offset back to the beginning of the structure. | |
| 330 if (!process_reader_.ReadMemory( | |
| 331 cur - offset_of_member, sizeof(entry), &entry)) { | |
| 332 return; | |
| 333 } | |
| 334 AddMemorySnapshot(cur - offset_of_member, sizeof(entry), into); | |
| 335 AddMemorySnapshotForUNICODE_STRING(entry.FullDllName, into); | |
| 336 AddMemorySnapshotForUNICODE_STRING(entry.BaseDllName, into); | |
| 337 | |
| 338 process_types::LIST_ENTRY<Traits>* links = | |
| 339 reinterpret_cast<process_types::LIST_ENTRY<Traits>*>( | |
| 340 reinterpret_cast<unsigned char*>(&entry) + offset_of_member); | |
| 341 cur = links->Flink; | |
| 342 if (cur == last) | |
| 343 break; | |
| 344 } | |
| 345 } | |
| 346 | |
| 347 WinVMSize ProcessSnapshotWin::DetermineSizeOfEnvironmentBlock( | |
| 348 WinVMAddress start_of_environment_block) { | |
| 349 // http://blogs.msdn.com/b/oldnewthing/archive/2010/02/03/9957320.aspx On | |
| 350 // newer OSs there's no stated limit, but in practice grabbing 32k characters | |
| 351 // should be more than enough. | |
| 352 std::wstring env_block; | |
| 353 env_block.resize(32768); | |
| 354 WinVMSize bytes_read = process_reader_.ReadAvailableMemory( | |
| 355 start_of_environment_block, | |
| 356 env_block.size() * sizeof(env_block[0]), | |
| 357 &env_block[0]); | |
| 358 env_block.resize( | |
| 359 static_cast<unsigned int>(bytes_read / sizeof(env_block[0]))); | |
| 360 const wchar_t terminator[] = { 0, 0 }; | |
| 361 size_t at = env_block.find(std::wstring(terminator, arraysize(terminator))); | |
| 362 if (at != std::wstring::npos) | |
| 363 env_block.resize(at + arraysize(terminator)); | |
| 364 | |
| 365 return env_block.size() * sizeof(env_block[0]); | |
| 366 } | |
| 367 | |
| 217 } // namespace crashpad | 368 } // namespace crashpad |
| OLD | NEW |
