Commit graph

58 commits

Author SHA1 Message Date
Timo Kreuzer
74014e74c0 [NTOS:KDBG] Improve x64 stack trace printing 2022-08-04 16:15:24 +02:00
Timo Kreuzer
fe777bb52f [NTOS:KDBG] Nuke KdbEnter and KdbpCliModuleLoaded
They are not used anymore. Also clean up some obsolete prototypes.
2022-07-20 23:57:42 +02:00
Timo Kreuzer
31a5fa61bb [NTOS:KDBG] Add KdbpPrintUnicodeString
Calling normal unicode functions is not allowed at IRQL > APC_LEVEL, so calling _vsnprintf with unicode parameters from KDBG is invalid.
2022-07-20 23:57:42 +02:00
Timo Kreuzer
253362509e [KDBG] Fix x64 KDBG 2022-07-20 23:57:42 +02:00
George Bișoc
3bc2d590a1
[NTOSKRNL] Regroup the pool allocation tags in one dedicated place
We have a special file, tag.h, which serves as a place to store whatever kernel pool allocation tag yet we still have some tags sparse over the kernel code... So just re-group them in one unique place.
2021-12-27 18:57:03 +01:00
Jérôme Gardou
835c30232e [NTOS:KD][NTOS:KD64][NTOS:KDBG] Fix IRQL & spinlock use
KD64: Raise to HIGH_LEVEL when entering trap
KDBG: lower to DISPATCH_LEVEL when applying IRQL hack & use a worker thread to load symbols
KD&KDBG: Actually unload symbols when required
2021-06-29 11:49:20 +02:00
Jérôme Gardou
608032bd08 [NTOS:KD64][NTOS:KDBG] Fix spinlocks use
Raise IRQL before entering debugger, so that KeAcquireSpinLockAtDpcLevel works as expected.
 - HIGH_LEVEL since we don't know where we are coming from.

Do not try to read debug symbol from files in KDBG.
 - There is no reason that this works if Mm didn't map it in the first place.
2021-06-29 11:49:20 +02:00
Jérôme Gardou
66dea86d68 [NTOS:KDBG] Use internal KdpDPrintf instead of DbgPrint
DbgPrint is implemented through a breakpoint, and then KD tries to recursively
lock its own spinlock. Call a lower level routine instead.
2021-06-29 11:49:20 +02:00
Victor Perevertkin
34593d933b
[FORMATTING][NTOS][HAL][DRIVERS][SDK] Fix trailing spaces 2021-06-11 15:33:08 +03:00
Jérôme Gardou
b97d5fd2f7 [NTOS:KDBG] Fix invalid DBG print 2021-04-28 15:58:01 +02:00
Jérôme Gardou
3726b992ed [NTOS:KDBG] Begin port for amd64.
Not really functional, but it prints debug output.
Take this as an opportunity to add consistancy between some i386 & amd64 intrinsics
2021-04-28 13:10:23 +02:00
Hervé Poussineau
baa47fa5e0 [NTOS:KD] Use a PCONTEXT instead of a PKTRAP_FRAME in KDBG 2020-11-16 08:55:03 +01:00
Hervé Poussineau
ba37323a62 [NTOS:KD] Move some declarations where they belong 2020-11-16 08:55:03 +01:00
Hervé Poussineau
1bee6bb8f3 [NTOS:KD] Remove invalid configuration (not _WINKD_ on amd64)
This was not working, as the file ntoskrnl/kd/amd64/kd.c was non-existent.
2020-11-16 08:55:02 +01:00
Hervé Poussineau
083cf05f7b [NTOS:KDBG] Remove useless file 2020-11-16 08:55:02 +01:00
Serge Gautherie
b910409a4a
[NTOS:KDBG] Add some missing OBJ_KERNEL_HANDLE
CORE-10207
2020-11-14 12:00:24 +01:00
Michael Stamper
b43e4c981e
[KDBG] Fixed handle leak in KdbpSymLoadModuleSymbols() when RosSymCreateFromFile() fails (#3184) 2020-09-14 21:48:06 +02:00
Hermès Bélusca-Maïto
46416a6238 [NTOS:KDBG] Adapt the formatting of the debug filter table display output to suit longer component names. 2020-07-18 18:16:21 +02:00
Hermès Bélusca-Maïto
7d3dac324e [NTOS][KDBG] Use macros to simplify initializing the debug filter tables. 2020-07-18 17:45:40 +02:00
Hermès Bélusca-Maïto
ceb58c821a [NTOS][SDK] Add new kernel debug filters that have been added in Win8 and Win10; they can be useful for us. 2020-07-18 17:45:40 +02:00
Hermès Bélusca-Maïto
b2eaf90557 [NTOS:KDBG] Minor code style fix. 2020-07-18 17:45:40 +02:00
Serge Gautherie
cf510c3e64
[NTOSKRNL] Sync some INIT_FUNCTION (#2824)
- Sync some INIT_FUNCTION with how they are used and what is already
  specified in the headers.
Addendum to commit 85e5b5be (r49445).

- KdbpGetCommandLineSettings(): Remove INIT_FUNCTION.
Fix MSVC 2015 x86 custom build:
"...\ntoskrnl\kdbg\kdb.c(1699): error C2983: 'KdbpGetCommandLineSettings': all declarations must have an identical __declspec(code_seg(...))"

And may also fix obscure bugs when entering into the KDBG debugger.
2020-05-23 16:05:58 +02:00
Serge Gautherie
1a83762ccc [REACTOS] Fix '\n.' typos 2020-02-23 12:35:50 +01:00
Hermès Bélusca-Maïto
d32e96d602
This was not meant to be committed!
This reverts commit 5e14dbd648.
2019-12-26 17:19:11 +01:00
Hermès Bélusca-Maïto
5e14dbd648
WIP kdbg work. 2019-12-26 13:53:50 +01:00
Hermès Bélusca-Maïto
40c57de728
[KDBG] If no parameters are given to the 'filter' command, display the list of available debug filter components. 2019-11-18 01:36:04 +01:00
Hermès Bélusca-Maïto
a890fc64d1
[NTOS:KD/KD64/KDBG] Share some code between our legacy KD/KDBG and KD64.
Our legacy KD module is slowly being phased out for the more recent KD64
Kernel Debugger that supports WinDbg, but at the same time we must retain
support for GCC debugging and the KDBG interface.

For the time being few #ifdef _WINKD_ have been introduced in KD64 so that
some of its code/data does not completely get shared yet with the legacy KD,
until the latter becomes phased out.

KD Modifications:
=================
- Remove the implementation of NtQueryDebugFilterState() /
  NtSetDebugFilterState() that now comes entirely from KD64.

- Remove KD variables that are now shared with KD64.

- Share common code with KD64: KdpMoveMemory(), KdpZeroMemory(),
  KdpCopyMemoryChunks(), KdpPrint(), KdpPrompt().

- KDBG: Remove the duplicated KdpCopyMemoryChunks() function.

- In KdpServiceDispatcher() and KdpEnterDebuggerException(), call the
  KdpPrint() worker function that correctly probes and captures its arguments.

- Temporarily stub out KdEnterDebugger() and KdExitDebugger() that is used
  by the shared code, until KD is removed and only the KD64 version of these
  functions remain.

- Re-implement the KD/KDBG KdpPrompt() function using a custom KdpPromptString()
  helper compatible with KD64, that is called by the KD64 implementation of
  KdpPrompt(). This KdpPromptString() helper now issues the prompt on all
  the KD loggers: e.g. if you use both at the same time COM-port and SCREEN
  debugging, the prompt will appear on both. Before that the prompt was always
  being displayed on COM port even if e.g. a SCREEN-only debug session was used...

- ppc_irq.c: Fix the prototype of KdpServiceDispatcher().

KD64 Fixes:
===========
- Initialize the MaximumLength member of the counted STRING variables
  before using them elsewhere.

- Get rid of alloca() within SEH block in KdpPrint() (addendum to 7b95fcf9).

- Add the ROS-specific handy dump commands in KdSystemDebugControl().
2019-11-17 23:21:54 +01:00
Hermès Bélusca-Maïto
6c1aac6948
[NTOS] Complete the support of Debug Filters. CORE-13529
- KD64: Update the list of supported Debug Filter Masks (KdComponentTable)
  with the more up-to-date one from KDBG, that includes some components
  that have been added in Vista+, but some of which we also use in ReactOS.

- NtQueryDebugFilterState(), NtSetDebugFilterState() and KdpPrint():
  Add the Vista+ behaviour or falling back to the DEFAULT component ID
  settings for unknown Components (compiled in only wheen NTDDI_VERSION >= NTDDI_VISTA).
  + Remove redundant comments and update these functions with SAL2 annotations.

- KDBG: Add extra documentation for the debug filter components list.

- CONFIG: Load all the supported Debug Filter Masks settings from the
  registry.
2019-11-17 23:21:53 +01:00
Hermès Bélusca-Maïto
9537653ee7
[NTOS:KD/KDBG] Code enhancements for KDBG/KD.
- Introduce KdpScreenAcquire() / KdpScreenRelease() helpers that allow
  to correctly acquire or release the screen when using INBV for
  "Screen-Mode" debugging.

- Introduce KdpAcquireLock() / KdpReleaseLock() helpers so as to reduce
  the copy-pasted code required when acquiring spin-locks in the KD debug
  logger functions.

- Close the opened KdpLogFileHandle file in the KdpInitDebugLog() logger
  in case we failed to create the logger writer thread.
  Also use explicit kernel-mode handle when opening the log file.

- static-ify some local variables, remove few hardcoded values, and
  minor formatting.

- Correctly define the INIT_FUNCTION's.
2019-11-17 23:21:50 +01:00
Hermès Bélusca-Maïto
d21ff0ed13
[NTOS:KDBG] Rewrite the TSS handling code in the backtrace function, removing limitations (and bugs) of the original code.
CORE-16448, PR #2003. Supersedes PR #1997.

This commit supersedes commit 6c5c7809 (r54503).

The original code was checking for the NMI or Double-Fault TSS by
comparing the current stack-traced EIP address with their corresponding
trap handler address ranges. That method was actually buggy because
nothing was ensuring that the trap handlers were in the "expected" order
in the kernel binary (and in memory).

Instead, we now can handle completely generic nested TSSes, instead of
just the NMI or the Double-Fault ones.
The way we proceed is by performing the full stack backtrace of the
current TSS, then once finished we check whether this TSS is nested
(has a parent). If so we change the (cached) current TSS to the latter,
restarting the backtrace at the parent TSS' latest EIP.

Examples of stack backtraces:
=============================

- General Protection fault:

<snip>

*** Fatal System Error: 0x0000007f
                       (0x0000000D,0x00000000,0x00000000,0x00000000)

Entered debugger on embedded INT3 at 0x0008:0x80953528.
kdb:> bt
Eip:
<ntoskrnl.exe:153529 (sdk/lib/rtl/i386/debug_asm.S:57 (RtlpBreakWithStatusInstruction))>
Frames:
<ntoskrnl.exe:899b0 (ntoskrnl/ke/bug.c:1136 (KeBugCheckWithTf))>
<ntoskrnl.exe:134826 (ntoskrnl/ke/i386/exp.c:1161 (KeRaiseUserException))>
<ntoskrnl.exe:19ae67 (ntoskrnl/ke/i386/traphdlr.c:1282 (KiTrap0DHandler))>
<ntoskrnl.exe:19a840 (:0 (KiTrap0D))>
<ntoskrnl.exe:1925e6 (ntoskrnl/include/internal/i386/intrin_i.h:45 (KiInitMachineDependent))>
<ntoskrnl.exe:187688 (ntoskrnl/ke/krnlinit.c:305 (KeInitSystem))>
<ntoskrnl.exe:17fb2f (ntoskrnl/ex/init.c:1621 (Phase1InitializationDiscard))>
<ntoskrnl.exe:3247f (ntoskrnl/ex/init.c:2019 (Phase1Initialization))>
<ntoskrnl.exe:11c079 (ntoskrnl/ps/thread.c:156 (PspSystemThreadStartup))>
<ntoskrnl.exe:135c8a (ntoskrnl/ke/i386/thrdini.c:78 (KiThreadStartup))>
<ntoskrnl.exe:11c040 (ntoskrnl/ps/thread.c:141 (PspSystemThreadStartup))>
<5d8950ec>
Couldn't access memory at 0x83E58959!

</snip>

- Double-fault (manually triggered by removing the GP handler):

Note how the backtrace explicitly specifies the crossed TSS boundaries,
and the trace in the parent TSS is indeed consistent with the previous
example. Note also that log2lines (used here to completely resolve the
trace) failed to see KiTrap08Handler(), which has been instead mistaken
for KiTrap09().

<snip>

*** Fatal System Error: 0x0000007f
                       (0x00000008,0x8009C000,0x00000000,0x00000000)

Entered debugger on embedded INT3 at 0x0008:0x80953528.
kdb:> bt
[Active TSS 0x0050 @ 0x80A10CA0]
Eip:
<ntoskrnl.exe:153529 (sdk/lib/rtl/i386/debug_asm.S:57 (RtlpBreakWithStatusInstruction))>
Frames:
<ntoskrnl.exe:899b0 (ntoskrnl/ke/bug.c:1136 (KeBugCheckWithTf))>
<ntoskrnl.exe:19a1d8 (ntoskrnl/ke/i386/traphdlr.c:917 (KiTrap09))>      // <-- Here, log2lines fails to see it's actually KiTrap08Handler.
<ntoskrnl.exe:19a145 (:0 (KiTrap08))>
[Parent TSS 0x0028 @ 0x8009C000]
<ntoskrnl.exe:1925e6 (ntoskrnl/include/internal/i386/intrin_i.h:45 (KiInitMachineDependent))>
<ntoskrnl.exe:187688 (ntoskrnl/ke/krnlinit.c:305 (KeInitSystem))>
<ntoskrnl.exe:17fb2f (ntoskrnl/ex/init.c:1621 (Phase1InitializationDiscard))>
<ntoskrnl.exe:3247f (ntoskrnl/ex/init.c:2019 (Phase1Initialization))>
<ntoskrnl.exe:11c079 (ntoskrnl/ps/thread.c:156 (PspSystemThreadStartup))>
<ntoskrnl.exe:135c8a (ntoskrnl/ke/i386/thrdini.c:78 (KiThreadStartup))>
<ntoskrnl.exe:11c040 (ntoskrnl/ps/thread.c:141 (PspSystemThreadStartup))>
<5d8950ec>
Couldn't access memory at 0x83E58959!

</snip>
2019-11-13 02:14:48 +01:00
Hermès Bélusca-Maïto
aff644a1a2
[NTOS:KD][KDBG] Get rid of kdmemsup.c as its functionality has been superseded by that implemented in mm/arm3/mmdbg.c.
- Import KdpCopyMemoryChunks() from kd64/kdapi.c, and re-implement
  KdbpSafeReadMemory() and KdbpSafeWriteMemory() around it.
  Note that these functions read virtual memory and are equivalent of
  the kd64 KdpReadVirtualMemory() and KdpWriteVirtualMemory()
  respectively.

- Get rid of the KdpEnableSafeMem() call in KdInitSystem().
- Adjust kd gdbstub.c wrapper in accordance.
2019-11-03 23:46:52 +01:00
Hermès Bélusca-Maïto
8826ee8ff7
[NTOS:KDBG] Enhance the 'tss' command.
We allow specifying manually the TSS selector number or its descriptor address,
and dump more information from the associated KTSS structure.

Also add the KdbpRetrieveTss() helper to retrieve the PKTSS from its
corresponding selector number. It will also be useful for future improvements.
2019-11-03 05:08:40 +01:00
Hermès Bélusca-Maïto
dc0c721ff8
[NTOS:KDBG] Augment the 'cregs' command by also displaying the task segment register. Update the help message. 2019-11-03 05:08:39 +01:00
Hermès Bélusca-Maïto
89b44cfa07
[NTOS:KDBG] Use fixed-length hexadecimal printing for addresses. 2019-11-03 05:08:39 +01:00
Hermès Bélusca-Maïto
f0d59e745d
[NTOS:KDBG] Whitespace, minor code style and help-text style fixes. 2019-11-03 05:08:38 +01:00
Hermès Bélusca-Maïto
29f6d02945
[NTOS:KDBG] Fix the display type of GDT TRAPGATE32. 2019-11-01 19:12:27 +01:00
Hervé Poussineau
7390376753 Revert "[NTOS:KDBG] Use CONTEXT instead of KTRAP_FRAME"
This reverts commit e5bffe49da.

CORE-16231
2019-10-19 00:14:12 +02:00
Timo Kreuzer
3af7cb825f [NTOSKRNL] Replace overlapping strcopy with memmove
Fixes 4 GCC 8 warnings of the kind:
ntoskrnl/kdbg/kdb_cli.c:3015:21: error: 'strcpy' accessing 1 byte at offsets 0 and [0, 2147483647] may overlap 1 byte at offset 0 [-Werror=restrict]
                     strcpy(p2, p2 + j);
                     ^~~~~~~~~~~~~~~~~~
2019-07-20 13:56:18 +02:00
Hervé Poussineau
e5bffe49da [NTOS:KDBG] Use CONTEXT instead of KTRAP_FRAME
Change KdbpTrapFrameToKdbTrapFrame to prefer CONTEXT (if available) over
KTRAP_FRAME.
2019-05-23 11:04:40 +02:00
Hervé Poussineau
f7ec84eea0 [NTOS:KD] Remove some _WINDK_ usages
- Always include kd64.h
- Change KdpPrompt() prototype to be compatible between KDBG and _WINDK_
- Rename KdComponentTable to KdpComponentTable to prevent a conflict
- Add some functions stubs and global variables
2019-05-23 11:04:40 +02:00
Pierre Schweitzer
2991f6e76e
[NTOSKRNL] Add a first implementation of !handle command in KDBG
It allows dumping all the handles (filtered by PID/Process)
and it displays basic information about file and key handles
2019-02-09 13:46:35 +01:00
Pierre Schweitzer
25e14ae2a8
[NTOSKRNL] Fix !irpfind usage message 2019-01-06 13:00:43 +01:00
Pierre Schweitzer
47b48520b5
[NTOSKRNL] Reimplement !irpfind using !poolfind helpers
This allows avoiding one of the previous implementation limits:
leaked IRP not queued to a thread are now totally visible since
we look directly in the memory pool.
2019-01-06 12:49:57 +01:00
Pierre Schweitzer
12e579567c
[NTOSKRNL] Implement !poolfind command in KDBG
For now, it allows searching for pool allocations in
both paged and non paged pool.

It is based on Andreas Schuster work to identify POOL_HEADER
structures.
2019-01-06 11:56:38 +01:00
Pierre Schweitzer
d6dc1fd231
[NTOSKRNL] Add a raw implementation of !irpfind in kdbg
This is far from perfect, and totally doesn't match the
WinDBG way of doing it. Instead of browsing pool to find
matching 'IRP' tags, we just browse all the processes
to find the queued IRP. This requires the IRPs to be queued,
obviously, and will make us miss the leaked IRPs, for instance.

Proper way to do it would be to implement !poolfind and then
rely on its implementation to find our IRPs.

Perhaps later ;-)
2019-01-01 22:00:56 +01:00
Pierre Schweitzer
d35243d4e0
[NTOSKRNL] Quickly implement the !defwrites in KDBG 2018-02-09 12:16:29 +01:00
Pierre Schweitzer
cb52c82125
[NTOSKRNL] Implement (it's a bit raw for now!) the !filecache command in KDBG 2018-01-24 21:46:16 +01:00
Pierre Schweitzer
ca3143b9ab
[NTOSKRNL] Add support for verbose output in the !poolused command 2017-12-29 20:37:43 +01:00
Pierre Schweitzer
454e8738f2
[NTOSKRNL] Allow filtering !poolused output using a tag 2017-12-29 17:23:36 +01:00
Pierre Schweitzer
879d8f2104
[NTOSKRNL] Now that the memory dumper handles paged pool, make use of it in any situation 2017-12-29 17:23:36 +01:00