win: Capture some CRITICAL_SECTION debugging data

snapshot/win/process_snapshot_win.cc

 // Copyright 2015 The Crashpad Authors. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
@@ skipping 25 matching lines @@
       report_id_(),
       client_id_(),
       annotations_simple_map_(),
       snapshot_time_(),
       initialized_() {
 }
 
 ProcessSnapshotWin::~ProcessSnapshotWin() {
 }
 
-bool ProcessSnapshotWin::Initialize(HANDLE process,
-                                    ProcessSuspensionState suspension_state) {
+bool ProcessSnapshotWin::Initialize(
+    HANDLE process,
+    ProcessSuspensionState suspension_state,
+    WinVMAddress debug_critical_section_address) {
   INITIALIZATION_STATE_SET_INITIALIZING(initialized_);
 
   GetTimeOfDay(&snapshot_time_);
 
   if (!process_reader_.Initialize(process, suspension_state))
     return false;
 
   system_.Initialize(&process_reader_);
 
-  if (process_reader_.Is64Bit())
-    InitializePebData<process_types::internal::Traits64>();
-  else
-    InitializePebData<process_types::internal::Traits32>();
+  if (process_reader_.Is64Bit()) {
+    InitializePebData<process_types::internal::Traits64>(
+        debug_critical_section_address);
+  } else {
+    InitializePebData<process_types::internal::Traits32>(
+        debug_critical_section_address);
+  }
 
   InitializeThreads();
   InitializeModules();
 
   for (const MEMORY_BASIC_INFORMATION64& mbi :
        process_reader_.GetProcessInfo().MemoryInfo()) {
     memory_map_.push_back(new internal::MemoryMapRegionSnapshotWin(mbi));
   }
 
   INITIALIZATION_STATE_SET_VALID(initialized_);
@@ skipping 127 matching lines @@
     const {
   std::vector<const MemoryMapRegionSnapshot*> memory_map;
   for (const auto& item : memory_map_)
     memory_map.push_back(item);
   return memory_map;
 }
 
 std::vector<const MemorySnapshot*> ProcessSnapshotWin::ExtraMemory() const {
   INITIALIZATION_STATE_DCHECK_VALID(initialized_);
   std::vector<const MemorySnapshot*> extra_memory;
-  for (const auto& peb_memory : peb_memory_)
-    extra_memory.push_back(peb_memory);
+  for (const auto& em : extra_memory_)
+    extra_memory.push_back(em);
   return extra_memory;
 }
 
 void ProcessSnapshotWin::InitializeThreads() {
   const std::vector<ProcessReaderWin::Thread>& process_reader_threads =
       process_reader_.Threads();
   for (const ProcessReaderWin::Thread& process_reader_thread :
        process_reader_threads) {
     auto thread = make_scoped_ptr(new internal::ThreadSnapshotWin());
     if (thread->Initialize(&process_reader_, process_reader_thread)) {
       threads_.push_back(thread.release());
     }
   }
 }
 
 void ProcessSnapshotWin::InitializeModules() {
   const std::vector<ProcessInfo::Module>& process_reader_modules =
       process_reader_.Modules();
   for (const ProcessInfo::Module& process_reader_module :
        process_reader_modules) {
     auto module = make_scoped_ptr(new internal::ModuleSnapshotWin());
     if (module->Initialize(&process_reader_, process_reader_module)) {
       modules_.push_back(module.release());
     }
   }
 }
 
 template <class Traits>
-void ProcessSnapshotWin::InitializePebData() {
+void ProcessSnapshotWin::InitializePebData(
+    WinVMAddress debug_critical_section_address) {
   WinVMAddress peb_address;
   WinVMSize peb_size;
   process_reader_.GetProcessInfo().Peb(&peb_address, &peb_size);
-  AddMemorySnapshot(peb_address, peb_size, &peb_memory_);
+  AddMemorySnapshot(peb_address, peb_size, &extra_memory_);
 
   process_types::PEB<Traits> peb_data;
   if (!process_reader_.ReadMemory(peb_address, peb_size, &peb_data)) {
     LOG(ERROR) << "ReadMemory PEB";
     return;
   }
 
   process_types::PEB_LDR_DATA<Traits> peb_ldr_data;
-  AddMemorySnapshot(peb_data.Ldr, sizeof(peb_ldr_data), &peb_memory_);
+  AddMemorySnapshot(peb_data.Ldr, sizeof(peb_ldr_data), &extra_memory_);
   if (!process_reader_.ReadMemory(
           peb_data.Ldr, sizeof(peb_ldr_data), &peb_ldr_data)) {
     LOG(ERROR) << "ReadMemory PEB_LDR_DATA";
   } else {
     // Walk the LDR structure to retrieve its pointed-to data.
     AddMemorySnapshotForLdrLIST_ENTRY(
         peb_ldr_data.InLoadOrderModuleList,
         offsetof(process_types::LDR_DATA_TABLE_ENTRY<Traits>, InLoadOrderLinks),
-        &peb_memory_);
+        &extra_memory_);
     AddMemorySnapshotForLdrLIST_ENTRY(
         peb_ldr_data.InMemoryOrderModuleList,
         offsetof(process_types::LDR_DATA_TABLE_ENTRY<Traits>,
                  InMemoryOrderLinks),
-        &peb_memory_);
+        &extra_memory_);
     AddMemorySnapshotForLdrLIST_ENTRY(
         peb_ldr_data.InInitializationOrderModuleList,
         offsetof(process_types::LDR_DATA_TABLE_ENTRY<Traits>,
                  InInitializationOrderLinks),
-        &peb_memory_);
+        &extra_memory_);
   }
 
   process_types::RTL_USER_PROCESS_PARAMETERS<Traits> process_parameters;
   if (!process_reader_.ReadMemory(peb_data.ProcessParameters,
                                   sizeof(process_parameters),
                                   &process_parameters)) {
     LOG(ERROR) << "ReadMemory RTL_USER_PROCESS_PARAMETERS";
     return;
   }
   AddMemorySnapshot(
-      peb_data.ProcessParameters, sizeof(process_parameters), &peb_memory_);
+      peb_data.ProcessParameters, sizeof(process_parameters), &extra_memory_);
 
   AddMemorySnapshotForUNICODE_STRING(
-      process_parameters.CurrentDirectory.DosPath, &peb_memory_);
-  AddMemorySnapshotForUNICODE_STRING(process_parameters.DllPath, &peb_memory_);
+      process_parameters.CurrentDirectory.DosPath, &extra_memory_);
+  AddMemorySnapshotForUNICODE_STRING(process_parameters.DllPath,
+                                     &extra_memory_);
   AddMemorySnapshotForUNICODE_STRING(process_parameters.ImagePathName,
-                                     &peb_memory_);
+                                     &extra_memory_);
   AddMemorySnapshotForUNICODE_STRING(process_parameters.CommandLine,
-                                     &peb_memory_);
+                                     &extra_memory_);
   AddMemorySnapshotForUNICODE_STRING(process_parameters.WindowTitle,
-                                     &peb_memory_);
+                                     &extra_memory_);
   AddMemorySnapshotForUNICODE_STRING(process_parameters.DesktopInfo,
-                                     &peb_memory_);
+                                     &extra_memory_);
   AddMemorySnapshotForUNICODE_STRING(process_parameters.ShellInfo,
-                                     &peb_memory_);
+                                     &extra_memory_);
   AddMemorySnapshotForUNICODE_STRING(process_parameters.RuntimeData,
-                                     &peb_memory_);
+                                     &extra_memory_);
   AddMemorySnapshot(
       process_parameters.Environment,
       DetermineSizeOfEnvironmentBlock(process_parameters.Environment),
-      &peb_memory_);
+      &extra_memory_);
+
+  // Walk the loader lock which is directly referenced by the PEB. It may or may
+  // not have a .DebugInfo list, but typically doesn't. If it does, then we may
+  // walk the lock list more than once, but AddMemorySnapshot() will take care
+  // of deduplicating the added regions.
+  ReadLocks<Traits>(peb_data.LoaderLock, &extra_memory_);
+
+  // Traverse the locks with valid .DebugInfo if a starting point was supplied.
+  if (debug_critical_section_address)
+    ReadLocks<Traits>(debug_critical_section_address, &extra_memory_);
 }
 
 void ProcessSnapshotWin::AddMemorySnapshot(
     WinVMAddress address,
     WinVMSize size,
     PointerVector<internal::MemorySnapshotWin>* into) {
   if (size == 0)
     return;
 
   // Ensure that the entire range is readable. TODO(scottmg): Consider
@@ skipping 80 matching lines @@
   env_block.resize(
       static_cast<unsigned int>(bytes_read / sizeof(env_block[0])));
   const wchar_t terminator[] = { 0, 0 };
   size_t at = env_block.find(std::wstring(terminator, arraysize(terminator)));
   if (at != std::wstring::npos)
     env_block.resize(at + arraysize(terminator));
 
   return env_block.size() * sizeof(env_block[0]);
 }
 
+template <class Traits>
+void ProcessSnapshotWin::ReadLocks(
+    WinVMAddress start,
+    PointerVector<internal::MemorySnapshotWin>* into) {
+  // We're walking the RTL_CRITICAL_SECTION_DEBUG ProcessLocksList, but starting
+  // from an actual RTL_CRITICAL_SECTION, so start by getting to the first
+  // RTL_CRITICAL_SECTION_DEBUG.
+
+  process_types::RTL_CRITICAL_SECTION<Traits> critical_section;
+  if (!process_reader_.ReadMemory(
+          start, sizeof(critical_section), &critical_section)) {
+    LOG(ERROR) << "failed to read RTL_CRITICAL_SECTION";
+    return;
+  }
+
+  const decltype(critical_section.DebugInfo) kInvalid =
+      static_cast<decltype(critical_section.DebugInfo)>(-1);
+  if (critical_section.DebugInfo == kInvalid)
+    return;
+
+  WinVMAddress current = critical_section.DebugInfo;
+  do {
+    // Read the RTL_CRITICAL_SECTION_DEBUG structure to get ProcessLocksList.
+    process_types::RTL_CRITICAL_SECTION_DEBUG<Traits> critical_section_debug;
+    if (!process_reader_.ReadMemory(
+            current, sizeof(critical_section_debug), &critical_section_debug)) {
+      LOG(ERROR) << "failed to read RTL_CRITICAL_SECTION_DEBUG";
+      return;
+    }
+
+    // Add both RTL_CRITICAL_SECTION and RTL_CRITICAL_SECTION_DEBUG to the extra
+    // memory to be saved.
+    AddMemorySnapshot(current,
+                      sizeof(process_types::RTL_CRITICAL_SECTION_DEBUG<Traits>),
+                      into);
+    AddMemorySnapshot(critical_section_debug.CriticalSection,
+                      sizeof(process_types::RTL_CRITICAL_SECTION<Traits>),
+                      into);
+
+    if (critical_section_debug.ProcessLocksList.Flink == 0)

[Mark Mentovai, 2015/10/15 00:14:56]

You’ve only followed the Flinks, so you won’t catch anything that shows up in
the list before the starting point. Could you follow the Blinks first to back up
to the head of the list, and then follow the Flinks?

[scottmg, 2015/10/15 18:22:23]

Done. It seems to be a circular list, but I can't find anything that says for
sure that it is, so seems safest to do an initial Blink walk before Flink, even
if that means we end up walking the list twice.

+      break;
+
+    // Move to the next RTL_CRITICAL_SECTION_DEBUG by walking
+    // ProcessLocksList.Flink.
+    current = critical_section_debug.ProcessLocksList.Flink -
+              offsetof(process_types::RTL_CRITICAL_SECTION_DEBUG<Traits>,
+                       ProcessLocksList);
+  } while (current != critical_section.DebugInfo && current != kInvalid);
+}
+
 }  // namespace crashpad