mirror of
https://github.com/reactos/reactos.git
synced 2025-01-03 21:09:19 +00:00
- Implement DbgkPostFakeModuleMessages.
- Stub MmGetFileNameForAddress but write documentation on how to implement it (thanks to Filip Navara). For now it always returns ntdll.dll as a testhack. svn path=/trunk/; revision=24609
This commit is contained in:
parent
6d08ee060e
commit
d8762edcd7
3 changed files with 123 additions and 5 deletions
|
@ -464,8 +464,103 @@ DbgkpPostFakeModuleMessages(IN PEPROCESS Process,
|
||||||
IN PETHREAD Thread,
|
IN PETHREAD Thread,
|
||||||
IN PDEBUG_OBJECT DebugObject)
|
IN PDEBUG_OBJECT DebugObject)
|
||||||
{
|
{
|
||||||
/* FIXME: TODO */
|
PPEB Peb = Process->Peb;
|
||||||
return STATUS_UNSUCCESSFUL;
|
PPEB_LDR_DATA LdrData;
|
||||||
|
PLDR_DATA_TABLE_ENTRY LdrEntry;
|
||||||
|
PLIST_ENTRY ListHead, NextEntry;
|
||||||
|
DBGKM_MSG ApiMessage;
|
||||||
|
PDBGKM_LOAD_DLL LoadDll = &ApiMessage.LoadDll;
|
||||||
|
ULONG i;
|
||||||
|
PIMAGE_NT_HEADERS NtHeader;
|
||||||
|
UNICODE_STRING ModuleName;
|
||||||
|
OBJECT_ATTRIBUTES ObjectAttributes;
|
||||||
|
IO_STATUS_BLOCK IoStatusBlock;
|
||||||
|
NTSTATUS Status;
|
||||||
|
PAGED_CODE();
|
||||||
|
|
||||||
|
/* Quit if there's no PEB */
|
||||||
|
if (!Peb) return STATUS_SUCCESS;
|
||||||
|
|
||||||
|
/* Get the Loader Data List */
|
||||||
|
LdrData = Peb->Ldr;
|
||||||
|
ListHead = &LdrData->InLoadOrderModuleList;
|
||||||
|
NextEntry = ListHead->Flink;
|
||||||
|
|
||||||
|
/* Loop the modules */
|
||||||
|
i = 0;
|
||||||
|
while ((NextEntry != ListHead) && (i < 500))
|
||||||
|
{
|
||||||
|
/* Get the entry */
|
||||||
|
LdrEntry = CONTAINING_RECORD(NextEntry,
|
||||||
|
LDR_DATA_TABLE_ENTRY,
|
||||||
|
InLoadOrderLinks);
|
||||||
|
|
||||||
|
/* Setup the API Message */
|
||||||
|
RtlZeroMemory(&ApiMessage, sizeof(DBGKM_MSG));
|
||||||
|
ApiMessage.ApiNumber = DbgKmLoadDllApi;
|
||||||
|
|
||||||
|
/* Set base and clear the name */
|
||||||
|
LoadDll->BaseOfDll = LdrEntry->DllBase;
|
||||||
|
LoadDll->NamePointer = NULL;
|
||||||
|
|
||||||
|
/* Get the NT Headers */
|
||||||
|
NtHeader = RtlImageNtHeader(LoadDll->BaseOfDll);
|
||||||
|
if (NtHeader)
|
||||||
|
{
|
||||||
|
/* Save debug data */
|
||||||
|
LoadDll->DebugInfoFileOffset = NtHeader->FileHeader.
|
||||||
|
PointerToSymbolTable;
|
||||||
|
LoadDll->DebugInfoSize = NtHeader->FileHeader.NumberOfSymbols;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Get the name of the DLL */
|
||||||
|
Status = MmGetFileNameForAddress(NtHeader, &ModuleName);
|
||||||
|
if (NT_SUCCESS(Status))
|
||||||
|
{
|
||||||
|
/* Setup the object attributes */
|
||||||
|
InitializeObjectAttributes(&ObjectAttributes,
|
||||||
|
&ModuleName,
|
||||||
|
OBJ_FORCE_ACCESS_CHECK |
|
||||||
|
OBJ_KERNEL_HANDLE |
|
||||||
|
OBJ_CASE_INSENSITIVE,
|
||||||
|
NULL,
|
||||||
|
NULL);
|
||||||
|
|
||||||
|
/* Open the file to get a handle to it */
|
||||||
|
Status = ZwOpenFile(&LoadDll->FileHandle,
|
||||||
|
GENERIC_READ | SYNCHRONIZE,
|
||||||
|
&ObjectAttributes,
|
||||||
|
&IoStatusBlock,
|
||||||
|
FILE_SHARE_READ |
|
||||||
|
FILE_SHARE_WRITE |
|
||||||
|
FILE_SHARE_DELETE,
|
||||||
|
FILE_SYNCHRONOUS_IO_NONALERT);
|
||||||
|
if (!NT_SUCCESS(Status)) LoadDll->FileHandle = NULL;
|
||||||
|
|
||||||
|
/* Free the name now */
|
||||||
|
ExFreePool(ModuleName.Buffer);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Send the fake module load message */
|
||||||
|
Status = DbgkpQueueMessage(Process,
|
||||||
|
Thread,
|
||||||
|
&ApiMessage,
|
||||||
|
2,
|
||||||
|
DebugObject);
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
|
{
|
||||||
|
/* Message send failed, close the file handle if we had one */
|
||||||
|
if (LoadDll->FileHandle) ObCloseHandle(LoadDll->FileHandle,
|
||||||
|
KernelMode);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Go to the next module */
|
||||||
|
NextEntry = NextEntry->Flink;
|
||||||
|
i++;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Return success */
|
||||||
|
return STATUS_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
NTSTATUS
|
NTSTATUS
|
||||||
|
|
|
@ -1315,6 +1315,12 @@ NTAPI
|
||||||
MmGetFileObjectForSection(
|
MmGetFileObjectForSection(
|
||||||
IN PROS_SECTION_OBJECT Section
|
IN PROS_SECTION_OBJECT Section
|
||||||
);
|
);
|
||||||
|
NTSTATUS
|
||||||
|
NTAPI
|
||||||
|
MmGetFileNameForAddress(
|
||||||
|
IN PVOID Address,
|
||||||
|
OUT PUNICODE_STRING ModuleName
|
||||||
|
);
|
||||||
|
|
||||||
PVOID
|
PVOID
|
||||||
NTAPI
|
NTAPI
|
||||||
|
|
|
@ -106,9 +106,26 @@ MmGetFileObjectForSection(IN PROS_SECTION_OBJECT Section)
|
||||||
return Section->FileObject; // Section->ControlArea->FileObject on NT
|
return Section->FileObject; // Section->ControlArea->FileObject on NT
|
||||||
}
|
}
|
||||||
|
|
||||||
|
NTSTATUS
|
||||||
|
NTAPI
|
||||||
|
MmGetFileNameForAddress(IN PVOID Address,
|
||||||
|
OUT PUNICODE_STRING ModuleName)
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
* FIXME: TODO.
|
||||||
|
* Filip says to get the MADDRESS_SPACE from EPROCESS,
|
||||||
|
* then use the MmMarea routines to locate the Marea that
|
||||||
|
* corresponds to the address. Then make sure it's a section
|
||||||
|
* view type (MEMORY_AREA_SECTION_VIEW) and use the marea's
|
||||||
|
* per-type union to get the .u.SectionView.Section pointer to
|
||||||
|
* the SECTION_OBJECT. Then we can use MmGetFileObjectForSection
|
||||||
|
* to get the FILE_OBJECT, from which we can then query the name
|
||||||
|
* to get the full filename (much like we do for creating the
|
||||||
|
* SeAuditName in EPROCESS.
|
||||||
|
*/
|
||||||
|
RtlCreateUnicodeString(ModuleName, L"C:\\ReactOS\\system32\\ntdll.dll");
|
||||||
|
return STATUS_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
/* Note: Mmsp prefix denotes "Memory Manager Section Private". */
|
/* Note: Mmsp prefix denotes "Memory Manager Section Private". */
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue