win: Save contents of PEB to minidump

util/win/process_info.cc

 // Copyright 2015 The Crashpad Authors. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
@@ skipping 92 matching lines @@
   }
   return true;
 }
 
 }  // namespace
 
 template <class Traits>
 bool GetProcessBasicInformation(HANDLE process,
                                 bool is_wow64,
                                 ProcessInfo* process_info,
-                                WinVMAddress* peb_address) {
+                                WinVMAddress* peb_address,
+                                WinVMSize* peb_size) {
   ULONG bytes_returned;
   process_types::PROCESS_BASIC_INFORMATION<Traits> process_basic_information;
   NTSTATUS status =
       crashpad::NtQueryInformationProcess(process,
                                           ProcessBasicInformation,
                                           &process_basic_information,
                                           sizeof(process_basic_information),
                                           &bytes_returned);
   if (!NT_SUCCESS(status)) {
     NTSTATUS_LOG(ERROR, status) << "NtQueryInformationProcess";
@@ skipping 12 matching lines @@
       static_cast<DWORD>(process_basic_information.UniqueProcessId);
   process_info->inherited_from_process_id_ = static_cast<DWORD>(
       process_basic_information.InheritedFromUniqueProcessId);
 
   // We now want to read the PEB to gather the rest of our information. The
   // PebBaseAddress as returned above is what we want for 64-on-64 and 32-on-32,
   // but for Wow64, we want to read the 32 bit PEB (a Wow64 process has both).
   // The address of this is found by a second call to NtQueryInformationProcess.
   if (!is_wow64) {
     *peb_address = process_basic_information.PebBaseAddress;
+    *peb_size = sizeof(process_types::PEB<Traits>);
   } else {
     ULONG_PTR wow64_peb_address;
     status = crashpad::NtQueryInformationProcess(process,
                                                  ProcessWow64Information,
                                                  &wow64_peb_address,
                                                  sizeof(wow64_peb_address),
                                                  &bytes_returned);
     if (!NT_SUCCESS(status)) {
       NTSTATUS_LOG(ERROR, status), "NtQueryInformationProcess";
       return false;
     }
     if (bytes_returned != sizeof(wow64_peb_address)) {
       LOG(ERROR) << "NtQueryInformationProcess incorrect size";
       return false;
     }
     *peb_address = wow64_peb_address;
+    *peb_size = sizeof(process_types::PEB<process_types::internal::Traits32>);
   }
 
   return true;
 }
 
 template <class Traits>
 bool ReadProcessData(HANDLE process,
                      WinVMAddress peb_address_vmaddr,
                      ProcessInfo* process_info) {
   Traits::Pointer peb_address;
@@ skipping 81 matching lines @@
 ProcessInfo::Module::Module() : name(), dll_base(0), size(0), timestamp() {
 }
 
 ProcessInfo::Module::~Module() {
 }
 
 ProcessInfo::ProcessInfo()
     : process_id_(),
       inherited_from_process_id_(),
       command_line_(),
+      peb_address_(0),
+      peb_size_(0),
       modules_(),
       is_64_bit_(false),
       is_wow64_(false),
       initialized_() {
 }
 
 ProcessInfo::~ProcessInfo() {
 }
 
 bool ProcessInfo::Initialize(HANDLE process) {
@@ skipping 13 matching lines @@
         system_info.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_AMD64;
   }
 
 #if ARCH_CPU_32_BITS
   if (is_64_bit_) {
     LOG(ERROR) << "Reading x64 process from x86 process not supported";
     return false;
   }
 #endif
 
-  WinVMAddress peb_address;
 #if ARCH_CPU_64_BITS
   bool result = GetProcessBasicInformation<process_types::internal::Traits64>(
-      process, is_wow64_, this, &peb_address);
+      process, is_wow64_, this, &peb_address_, &peb_size_);
 #else
   bool result = GetProcessBasicInformation<process_types::internal::Traits32>(
-      process, false, this, &peb_address);
+      process, false, this, &peb_address_, &peb_size_);
 #endif  // ARCH_CPU_64_BITS
 
   if (!result) {
     LOG(ERROR) << "GetProcessBasicInformation failed";
     return false;
   }
 
   result = is_64_bit_ ? ReadProcessData<process_types::internal::Traits64>(
-                                 process, peb_address, this)
-                           : ReadProcessData<process_types::internal::Traits32>(
-                                 process, peb_address, this);
+                            process, peb_address_, this)
+                      : ReadProcessData<process_types::internal::Traits32>(
+                            process, peb_address_, this);
   if (!result) {
     LOG(ERROR) << "ReadProcessData failed";
     return false;
   }
 
   INITIALIZATION_STATE_SET_VALID(initialized_);
   return true;
 }
 
 bool ProcessInfo::Is64Bit() const {
@@ skipping 15 matching lines @@
   INITIALIZATION_STATE_DCHECK_VALID(initialized_);
   return inherited_from_process_id_;
 }
 
 bool ProcessInfo::CommandLine(std::wstring* command_line) const {
   INITIALIZATION_STATE_DCHECK_VALID(initialized_);
   *command_line = command_line_;
   return true;
 }
 
+void ProcessInfo::Peb(WinVMAddress* peb_address, WinVMSize* peb_size) const {
+  *peb_address = peb_address_;
+  *peb_size = peb_size_;
+}
+
 bool ProcessInfo::Modules(std::vector<Module>* modules) const {
   INITIALIZATION_STATE_DCHECK_VALID(initialized_);
   *modules = modules_;
   return true;
 }
 
 }  // namespace crashpad