kdb_symbols.c File Reference

#include <ntoskrnl.h>
#include <debug.h>

Include dependency graph for kdb_symbols.c:

Go to the source code of this file.

Classes
struct	_IMAGE_SYMBOL_INFO_CACHE

Macros
#define	NDEBUG

Typedefs
typedef struct _IMAGE_SYMBOL_INFO_CACHE	IMAGE_SYMBOL_INFO_CACHE
typedef struct _IMAGE_SYMBOL_INFO_CACHE *	PIMAGE_SYMBOL_INFO_CACHE

Functions
static BOOLEAN	KdbpSymSearchModuleList (IN PLIST_ENTRY current_entry, IN PLIST_ENTRY end_entry, IN PLONG Count, IN PVOID Address, IN INT Index, OUT PLDR_DATA_TABLE_ENTRY *pLdrEntry)
BOOLEAN	KdbpSymFindModule (IN PVOID Address OPTIONAL, IN INT Index OPTIONAL, OUT PLDR_DATA_TABLE_ENTRY *pLdrEntry)
	Find a module... More...
static PCHAR NTAPI	KdbpSymUnicodeToAnsi (IN PUNICODE_STRING Unicode, OUT PCHAR Ansi, IN ULONG Length)
BOOLEAN	KdbSymPrintAddress (IN PVOID Address, IN PCONTEXT Context)
	Print address... More...
_Use_decl_annotations_ VOID NTAPI	LoadSymbolsRoutine (_In_ PVOID Context)
	The symbol loader thread routine. This opens the image file for reading and loads the symbols section from there. More...
VOID	KdbSymProcessSymbols (_Inout_ PLDR_DATA_TABLE_ENTRY LdrEntry, _In_ BOOLEAN Load)
	Load symbols from image mapping. If this fails,. More...
VOID NTAPI	KdbDebugPrint (PCH Message, ULONG Length)
VOID NTAPI	KdbInitialize (PKD_DISPATCH_TABLE DispatchTable, ULONG BootPhase)
	Initializes the KDB symbols implementation. More...

Variables
static BOOLEAN	LoadSymbols
static LIST_ENTRY	SymbolsToLoad
static KSPIN_LOCK	SymbolsToLoadLock
static KEVENT	SymbolsToLoadEvent
static KSTART_ROUTINE	LoadSymbolsRoutine

Macro Definition Documentation

NDEBUG

#define NDEBUG

Definition at line 15 of file kdb_symbols.c.

Typedef Documentation

IMAGE_SYMBOL_INFO_CACHE

typedef struct _IMAGE_SYMBOL_INFO_CACHE IMAGE_SYMBOL_INFO_CACHE

PIMAGE_SYMBOL_INFO_CACHE

typedef struct _IMAGE_SYMBOL_INFO_CACHE * PIMAGE_SYMBOL_INFO_CACHE

Function Documentation

KdbDebugPrint()

VOID NTAPI KdbDebugPrint	(	PCH	Message,
		ULONG	Length
	)

Definition at line 335 of file kdb_symbols.c.

{
    /* Nothing here */
}

Referenced by KdbInitialize().

KdbInitialize()

VOID NTAPI KdbInitialize	(	PKD_DISPATCH_TABLE	DispatchTable,
		ULONG	BootPhase
	)

Initializes the KDB symbols implementation.

Parameters

DispatchTable	Pointer to the KD dispatch table
BootPhase	Phase of initialization

Definition at line 350 of file kdb_symbols.c.

{
    PCHAR p1, p2;
    SHORT Found = FALSE;
    CHAR YesNo;

    DPRINT("KdbSymInit() BootPhase=%d\n", BootPhase);

    LoadSymbols = FALSE;

#if DBG
    /* Load symbols only if we have 96Mb of RAM or more */
    if (MmNumberOfPhysicalPages >= 0x6000)
        LoadSymbols = TRUE;
#endif

    if (BootPhase == 0)
    {
        /* Write out the functions that we support for now */
        DispatchTable->KdpInitRoutine = KdbInitialize;
        DispatchTable->KdpPrintRoutine = KdbDebugPrint;

        /* Register as a Provider */
        InsertTailList(&KdProviders, &DispatchTable->KdProvidersList);

        /* Perform actual initialization of symbol module */
        //NtoskrnlModuleObject->PatchInformation = NULL;
        //LdrHalModuleObject->PatchInformation = NULL;

        /* Check the command line for /LOADSYMBOLS, /NOLOADSYMBOLS,
        * /LOADSYMBOLS={YES|NO}, /NOLOADSYMBOLS={YES|NO} */
        ASSERT(KeLoaderBlock);
        p1 = KeLoaderBlock->LoadOptions;
        while ('\0' != *p1 && NULL != (p2 = strchr(p1, '/')))
        {
            p2++;
            Found = 0;
            if (0 == _strnicmp(p2, "LOADSYMBOLS", 11))
            {
                Found = +1;
                p2 += 11;
            }
            else if (0 == _strnicmp(p2, "NOLOADSYMBOLS", 13))
            {
                Found = -1;
                p2 += 13;
            }
            if (0 != Found)
            {
                while (isspace(*p2))
                {
                    p2++;
                }
                if ('=' == *p2)
                {
                    p2++;
                    while (isspace(*p2))
                    {
                        p2++;
                    }
                    YesNo = toupper(*p2);
                    if ('N' == YesNo || 'F' == YesNo || '0' == YesNo)
                    {
                        Found = -1 * Found;
                    }
                }
                LoadSymbols = (0 < Found);
            }
            p1 = p2;
        }
    }
    else if ((BootPhase == 1) && LoadSymbols)
    {
        HANDLE Thread;
        NTSTATUS Status;
        KIRQL OldIrql;

        /* Launch our worker thread */
        InitializeListHead(&SymbolsToLoad);
        KeInitializeSpinLock(&SymbolsToLoadLock);
        KeInitializeEvent(&SymbolsToLoadEvent, SynchronizationEvent, FALSE);

        Status = PsCreateSystemThread(&Thread, THREAD_ALL_ACCESS, NULL, NULL, NULL, LoadSymbolsRoutine, NULL);
        if (!NT_SUCCESS(Status))
        {
            DPRINT1("Failed starting symbols loader thread: 0x%08x\n", Status);
            LoadSymbols = FALSE;
            return;
        }

        RosSymInitKernelMode();

        KeAcquireSpinLock(&PsLoadedModuleSpinLock, &OldIrql);

        PLIST_ENTRY ListEntry = PsLoadedModuleList.Flink;
        while (ListEntry != &PsLoadedModuleList)
        {
            PLDR_DATA_TABLE_ENTRY LdrEntry = CONTAINING_RECORD(ListEntry, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks);
            KdbSymProcessSymbols(LdrEntry, TRUE);
            ListEntry = ListEntry->Flink;
        }

        KeReleaseSpinLock(&PsLoadedModuleSpinLock, OldIrql);
    }
}

KdbpSymFindModule()

BOOLEAN KdbpSymFindModule	(	IN PVOID Address	OPTIONAL,
		IN INT Index	OPTIONAL,
		OUT PLDR_DATA_TABLE_ENTRY *	pLdrEntry
	)

Find a module...

Parameters

Address	If Address is not NULL the module containing Address is searched.
Name	If Name is not NULL the module named Name will be searched.
Index	If Index is >= 0 the Index'th module will be returned.
pLdrEntry	Pointer to a PLDR_DATA_TABLE_ENTRY which is filled.

Return values

TRUE	Module was found, pLdrEntry was filled.
FALSE	No module was found.

Definition at line 75 of file kdb_symbols.c.

{
    LONG Count = 0;
    PEPROCESS CurrentProcess;

    /* First try to look up the module in the kernel module list. */
    KeAcquireSpinLockAtDpcLevel(&PsLoadedModuleSpinLock);
    if(KdbpSymSearchModuleList(PsLoadedModuleList.Flink,
                               &PsLoadedModuleList,
                               &Count,
                               Address,
                               Index,
                               pLdrEntry))
    {
        KeReleaseSpinLockFromDpcLevel(&PsLoadedModuleSpinLock);
        return TRUE;
    }
    KeReleaseSpinLockFromDpcLevel(&PsLoadedModuleSpinLock);

    /* That didn't succeed. Try the module list of the current process now. */
    CurrentProcess = PsGetCurrentProcess();

    if(!CurrentProcess || !CurrentProcess->Peb || !CurrentProcess->Peb->Ldr)
        return FALSE;

    return KdbpSymSearchModuleList(CurrentProcess->Peb->Ldr->InLoadOrderModuleList.Flink,
                                   &CurrentProcess->Peb->Ldr->InLoadOrderModuleList,
                                   &Count,
                                   Address,
                                   Index,
                                   pLdrEntry);
}

Referenced by KdbpCmdMod(), KdbSymPrintAddress(), and KdSendPacket().

KdbpSymSearchModuleList()

static BOOLEAN KdbpSymSearchModuleList ( IN PLIST_ENTRY  current_entry, IN PLIST_ENTRY  end_entry, IN PLONG  Count, IN PVOID  Address, IN INT  Index, OUT PLDR_DATA_TABLE_ENTRY *  pLdrEntry  )

static

Definition at line 38 of file kdb_symbols.c.

{
    while (current_entry && current_entry != end_entry)
    {
        *pLdrEntry = CONTAINING_RECORD(current_entry, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks);

        if ((Address && Address >= (PVOID)(*pLdrEntry)->DllBase && Address < (PVOID)((ULONG_PTR)(*pLdrEntry)->DllBase + (*pLdrEntry)->SizeOfImage)) ||
            (Index >= 0 && (*Count)++ == Index))
        {
            return TRUE;
        }

        current_entry = current_entry->Flink;
    }

    return FALSE;
}

Referenced by KdbpSymFindModule().

KdbpSymUnicodeToAnsi()

static PCHAR NTAPI KdbpSymUnicodeToAnsi ( IN PUNICODE_STRING  Unicode, OUT PCHAR  Ansi, IN ULONG  Length  )

static

Definition at line 114 of file kdb_symbols.c.

{
    PCHAR p;
    PWCHAR pw;
    ULONG i;

    /* Set length and normalize it */
    i = Unicode->Length / sizeof(WCHAR);
    i = min(i, Length - 1);

    /* Set source and destination, and copy */
    pw = Unicode->Buffer;
    p = Ansi;
    while (i--) *p++ = (CHAR)*pw++;

    /* Null terminate and return */
    *p = ANSI_NULL;
    return Ansi;
}

Referenced by KdbSymPrintAddress().

KdbSymPrintAddress()

BOOLEAN KdbSymPrintAddress	(	IN PVOID	Address,
		IN PCONTEXT	Context
	)

Print address...

Tries to lookup line number, file name and function name for the given address and prints it. If no such information is found the address is printed in the format <module: offset>, otherwise the format will be <module: offset (filename:linenumber (functionname))>

Return values

TRUE	Module containing Address was found, Address was printed.
FALSE	No module containing Address was found, nothing was printed.

Definition at line 148 of file kdb_symbols.c.

{
    PLDR_DATA_TABLE_ENTRY LdrEntry;
    ULONG_PTR RelativeAddress;
    BOOLEAN Printed = FALSE;
    CHAR ModuleNameAnsi[64];

    if (!KdbpSymFindModule(Address, -1, &LdrEntry))
        return FALSE;

    RelativeAddress = (ULONG_PTR)Address - (ULONG_PTR)LdrEntry->DllBase;

    KdbpSymUnicodeToAnsi(&LdrEntry->BaseDllName,
                        ModuleNameAnsi,
                        sizeof(ModuleNameAnsi));

    if (LdrEntry->PatchInformation)
    {
        ULONG LineNumber;
        CHAR FileName[256];
        CHAR FunctionName[256];

        if (RosSymGetAddressInformation(LdrEntry->PatchInformation, RelativeAddress, &LineNumber, FileName, FunctionName))
        {
            STRING str;
            /* Use KdpPrintString because KdpDprintf is limited wrt string size */
            KdpDprintf("<%s:%x (", ModuleNameAnsi, RelativeAddress);
            str.Buffer = FileName;
            str.Length = (USHORT)strnlen(FileName, sizeof(FileName));
            str.MaximumLength = sizeof(FileName);
            KdpPrintString(&str);
            KdpDprintf(":%d (%s))>", LineNumber, FunctionName);

            Printed = TRUE;
        }
    }

    if (!Printed)
    {
        /* Just print module & address */
        KdpDprintf("<%s:%x>", ModuleNameAnsi, RelativeAddress);
    }

    return TRUE;
}

Referenced by KdbpCliMainLoop(), KdbpCmdBackTrace(), KdbpCmdDisassembleX(), KdbpPrintAddressInCode(), and KeRosDumpStackFrameArray().

KdbSymProcessSymbols()

VOID KdbSymProcessSymbols	(	_Inout_ PLDR_DATA_TABLE_ENTRY	LdrEntry,
		_In_ BOOLEAN	Load
	)

Load symbols from image mapping. If this fails,.

Parameters

LdrEntry

The entry to load symbols from

Definition at line 298 of file kdb_symbols.c.

{
    if (!LoadSymbols)
        return;

    /* Check if this is unload */
    if (!Load)
    {
        /* Did we process it */
        if (LdrEntry->PatchInformation)
        {
            RosSymDelete(LdrEntry->PatchInformation);
            LdrEntry->PatchInformation = NULL;
        }
        return;
    }

    if (RosSymCreateFromMem(LdrEntry->DllBase, LdrEntry->SizeOfImage, (PROSSYM_INFO*)&LdrEntry->PatchInformation))
    {
        return;
    }

    /* Add a ref until we really process it */
    LdrEntry->LoadCount++;

    /* Tell our worker thread to read from it */
    KeAcquireSpinLockAtDpcLevel(&SymbolsToLoadLock);
    InsertTailList(&SymbolsToLoad, &LdrEntry->InInitializationOrderLinks);
    KeReleaseSpinLockFromDpcLevel(&SymbolsToLoadLock);

    KeSetEvent(&SymbolsToLoadEvent, IO_NO_INCREMENT, FALSE);
}

Referenced by KdbInitialize(), and KdSendPacket().

LoadSymbolsRoutine()

_Use_decl_annotations_ VOID NTAPI LoadSymbolsRoutine

(

_In_ PVOID

Context

)

The symbol loader thread routine. This opens the image file for reading and loads the symbols section from there.

Note

We must do this because KdbSymProcessSymbols is called at high IRQL and we can't set the event from here

Parameters

Context

Unused

Definition at line 209 of file kdb_symbols.c.

{
    UNREFERENCED_PARAMETER(Context);

    while (TRUE)
    {
        PLIST_ENTRY ListEntry;
        NTSTATUS Status = KeWaitForSingleObject(&SymbolsToLoadEvent, WrKernel, KernelMode, FALSE, NULL);
        if (!NT_SUCCESS(Status))
        {
            DPRINT1("KeWaitForSingleObject failed?! 0x%08x\n", Status);
            LoadSymbols = FALSE;
            return;
        }

        while ((ListEntry = ExInterlockedRemoveHeadList(&SymbolsToLoad, &SymbolsToLoadLock)))
        {
            PLDR_DATA_TABLE_ENTRY LdrEntry = CONTAINING_RECORD(ListEntry, LDR_DATA_TABLE_ENTRY, InInitializationOrderLinks);
            HANDLE FileHandle;
            OBJECT_ATTRIBUTES Attrib;
            IO_STATUS_BLOCK Iosb;
            InitializeObjectAttributes(&Attrib, &LdrEntry->FullDllName, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);
            DPRINT1("Trying %wZ\n", &LdrEntry->FullDllName);
            Status = ZwOpenFile(&FileHandle,
                                FILE_READ_ACCESS | SYNCHRONIZE,
                                &Attrib,
                                &Iosb,
                                FILE_SHARE_READ,
                                FILE_SYNCHRONOUS_IO_NONALERT);
            if (!NT_SUCCESS(Status))
            {
                /* Try system paths */
                static const UNICODE_STRING System32Dir = RTL_CONSTANT_STRING(L"\\SystemRoot\\system32\\");
                UNICODE_STRING ImagePath;
                WCHAR ImagePathBuffer[256];
                RtlInitEmptyUnicodeString(&ImagePath, ImagePathBuffer, sizeof(ImagePathBuffer));
                RtlCopyUnicodeString(&ImagePath, &System32Dir);
                RtlAppendUnicodeStringToString(&ImagePath, &LdrEntry->BaseDllName);
                InitializeObjectAttributes(&Attrib, &ImagePath, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);
                DPRINT1("Trying %wZ\n", &ImagePath);
                Status = ZwOpenFile(&FileHandle,
                                    FILE_READ_ACCESS | SYNCHRONIZE,
                                    &Attrib,
                                    &Iosb,
                                    FILE_SHARE_READ,
                                    FILE_SYNCHRONOUS_IO_NONALERT);
                if (!NT_SUCCESS(Status))
                {
                    static const UNICODE_STRING DriversDir= RTL_CONSTANT_STRING(L"\\SystemRoot\\system32\\drivers\\");

                    RtlInitEmptyUnicodeString(&ImagePath, ImagePathBuffer, sizeof(ImagePathBuffer));
                    RtlCopyUnicodeString(&ImagePath, &DriversDir);
                    RtlAppendUnicodeStringToString(&ImagePath, &LdrEntry->BaseDllName);
                    InitializeObjectAttributes(&Attrib, &ImagePath, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);
                    DPRINT1("Trying %wZ\n", &ImagePath);
                    Status = ZwOpenFile(&FileHandle,
                                        FILE_READ_ACCESS | SYNCHRONIZE,
                                        &Attrib,
                                        &Iosb,
                                        FILE_SHARE_READ,
                                        FILE_SYNCHRONOUS_IO_NONALERT);
                }
            }

            if (!NT_SUCCESS(Status))
            {
                DPRINT1("Failed opening file %wZ (%wZ) for reading symbols (0x%08x)\n", &LdrEntry->FullDllName, &LdrEntry->BaseDllName, Status);
                /* We took a ref previously */
                MmUnloadSystemImage(LdrEntry);
                continue;
            }

            /* Hand it to Rossym */
            if (!RosSymCreateFromFile(&FileHandle, (PROSSYM_INFO*)&LdrEntry->PatchInformation))
                LdrEntry->PatchInformation = NULL;

            /* We're done for this one. */
            NtClose(FileHandle);
            MmUnloadSystemImage(LdrEntry);
        }
    }
}

Variable Documentation

LoadSymbols

BOOLEAN LoadSymbols

static

Definition at line 29 of file kdb_symbols.c.

Referenced by KdbInitialize(), KdbSymProcessSymbols(), LoadSymbolsRoutine(), and MiLoadImageSection().

LoadSymbolsRoutine

KSTART_ROUTINE LoadSymbolsRoutine

static

Definition at line 196 of file kdb_symbols.c.

Referenced by KdbInitialize().

SymbolsToLoad

LIST_ENTRY SymbolsToLoad

static

Definition at line 30 of file kdb_symbols.c.

Referenced by KdbInitialize(), KdbSymProcessSymbols(), and LoadSymbolsRoutine().

SymbolsToLoadEvent

KEVENT SymbolsToLoadEvent

static

Definition at line 32 of file kdb_symbols.c.

Referenced by KdbInitialize(), KdbSymProcessSymbols(), and LoadSymbolsRoutine().

SymbolsToLoadLock

KSPIN_LOCK SymbolsToLoadLock

static

Definition at line 31 of file kdb_symbols.c.

Referenced by KdbInitialize(), KdbSymProcessSymbols(), and LoadSymbolsRoutine().