#include <rtl.h>#include <debug.h>
Include dependency graph for unwind.c:
Go to the source code of this file.
Classes | |
| union | _UNWIND_CODE |
| struct | _UNWIND_INFO |
Typedefs | |
| typedef unsigned char | UBYTE |
| typedef union _UNWIND_CODE | UNWIND_CODE |
| typedef union _UNWIND_CODE * | PUNWIND_CODE |
| typedef struct _UNWIND_INFO | UNWIND_INFO |
| typedef struct _UNWIND_INFO * | PUNWIND_INFO |
Macro Definition Documentation
◆ NDEBUG
◆ UNWIND_HISTORY_TABLE_GLOBAL
◆ UNWIND_HISTORY_TABLE_LOCAL
◆ UNWIND_HISTORY_TABLE_NONE
◆ UWOP_ALLOC_LARGE
◆ UWOP_ALLOC_SMALL
◆ UWOP_EPILOG
◆ UWOP_PUSH_MACHFRAME
◆ UWOP_PUSH_NONVOL
◆ UWOP_SAVE_NONVOL
◆ UWOP_SAVE_NONVOL_FAR
◆ UWOP_SAVE_XMM128
◆ UWOP_SAVE_XMM128_FAR
◆ UWOP_SET_FPREG
◆ UWOP_SPARE_CODE
Typedef Documentation
◆ PUNWIND_CODE
| typedef union _UNWIND_CODE * PUNWIND_CODE |
◆ PUNWIND_INFO
| typedef struct _UNWIND_INFO * PUNWIND_INFO |
◆ UBYTE
◆ UNWIND_CODE
| typedef union _UNWIND_CODE UNWIND_CODE |
◆ UNWIND_INFO
| typedef struct _UNWIND_INFO UNWIND_INFO |
Function Documentation
◆ GetEstablisherFrame()
|
static |
https://docs.microsoft.com/en-us/cpp/build/unwind-data-definitions-in-c
Definition at line 433 of file unwind.c.
437{
439
440 /* Check if we have a frame register */
441 if (UnwindInfo->FrameRegister == 0)
442 {
443 /* No frame register means we use Rsp */
445 }
446
447 if ((CodeOffset >= UnwindInfo->SizeOfProlog) ||
448 ((UnwindInfo->Flags & UNW_FLAG_CHAININFO) != 0))
449 {
451 UnwindInfo->FrameOffset * 16;
452 }
453
454 /* Loop all unwind ops */
456 i < UnwindInfo->CountOfCodes;
458 {
459 /* Skip codes past our code offset */
461 {
462 continue;
463 }
464
465 /* Check for SET_FPREG */
467 {
469 UnwindInfo->FrameOffset * 16;
470 }
471 }
472
474}
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
Definition: compobj.c:4795
static __inline ULONG UnwindOpSlots(_In_ UNWIND_CODE UnwindCode)
Definition: unwind.c:177
Referenced by RtlVirtualUnwind().
◆ GetReg()
Definition at line 237 of file unwind.c.
240{
242}
Referenced by GetEstablisherFrame(), RtlpTryToUnwindEpilog(), and RtlVirtualUnwind().
◆ GetXmmReg()
◆ PopReg()
|
static |
Definition at line 247 of file unwind.c.
251{
254}
static __inline void SetRegFromStackValue(_Inout_ PCONTEXT Context, _Inout_opt_ PKNONVOLATILE_CONTEXT_POINTERS ContextPointers, _In_ BYTE Reg, _In_ PDWORD64 ValuePointer)
Definition: unwind.c:221
Referenced by RtlpTryToUnwindEpilog(), and RtlVirtualUnwind().
◆ RtlGetCallersAddress()
RtlGetCallersAddress http://undocumented.ntinternals.net/UserMode/Undocumented%20Functions/Debug/RtlGetCallersAddress.html
Definition at line 1135 of file unwind.c.
1138{
1139 PVOID Callers[4];
1141
1142 /* Get callers:
1143 * RtlWalkFrameChain -> RtlGetCallersAddress -> x -> y */
1145
1148
1149 return;
1150}
Definition: nsiface.idl:2307
_In_opt_ PENTER_STATE_SYSTEM_HANDLER _In_opt_ PVOID _In_ LONG _In_opt_ LONG volatile * Number
Definition: ntpoapi.h:207
ULONG NTAPI RtlWalkFrameChain(OUT PVOID *Callers, IN ULONG Count, IN ULONG Flags)
Definition: unwind.c:1020
◆ RtlGetUnwindContext()
Definition at line 1206 of file unwind.c.
1209{
1210 KNONVOLATILE_CONTEXT_POINTERS ContextPointers;
1212
1213 /* Capture pointers to the non-volatiles up to the target frame */
1214 RtlpCaptureNonVolatileContextPointers(&ContextPointers, TargetFrame);
1215
1216 /* Copy the nonvolatiles from the captured locations */
1218 {
1219 Context->Rbx = *ContextPointers.Rbx;
1220 Context->Rsi = *ContextPointers.Rsi;
1221 Context->Rdi = *ContextPointers.Rdi;
1222 Context->R12 = *ContextPointers.R12;
1223 Context->R13 = *ContextPointers.R13;
1224 Context->R14 = *ContextPointers.R14;
1225 Context->R15 = *ContextPointers.R15;
1226 }
1228 {
1229 Context->Xmm6 = *ContextPointers.Xmm6;
1230 Context->Xmm7 = *ContextPointers.Xmm7;
1231 Context->Xmm8 = *ContextPointers.Xmm8;
1232 Context->Xmm9 = *ContextPointers.Xmm9;
1233 Context->Xmm10 = *ContextPointers.Xmm10;
1234 Context->Xmm11 = *ContextPointers.Xmm11;
1235 Context->Xmm12 = *ContextPointers.Xmm12;
1236 Context->Xmm13 = *ContextPointers.Xmm13;
1237 Context->Xmm14 = *ContextPointers.Xmm14;
1238 Context->Xmm15 = *ContextPointers.Xmm15;
1239 }
1240}
static VOID RtlpCaptureNonVolatileContextPointers(_Out_ PKNONVOLATILE_CONTEXT_POINTERS NonvolatileContextPointers, _In_ ULONG64 TargetFrame)
Definition: unwind.c:1154
Referenced by KiGetTrapContextInternal().
◆ RtlLookupFunctionEntry()
| PRUNTIME_FUNCTION NTAPI RtlLookupFunctionEntry | ( | IN DWORD64 | ControlPc, |
| OUT PDWORD64 | ImageBase, | ||
| OUT PUNWIND_HISTORY_TABLE | HistoryTable | ||
| ) |
Locates the RUNTIME_FUNCTION entry corresponding to a code address. https://learn.microsoft.com/en-us/windows/win32/api/winnt/nf-winnt-rtllookupfunctionentry.
RtlLookupFunctionEntry
- Todo:
- Implement HistoryTable
Definition at line 124 of file unwind.c.
128{
129 PRUNTIME_FUNCTION FunctionTable, FunctionEntry;
130 ULONG TableLength;
131 ULONG IndexLo, IndexHi, IndexMid;
132
133 /* Find the corresponding table */
135
136 /* If no table is found, try dynamic function tables */
138 {
140 }
141
142 /* Use relative virtual address */
143 ControlPc -= *ImageBase;
144
145 /* Do a binary search */
146 IndexLo = 0;
147 IndexHi = TableLength;
148 while (IndexHi > IndexLo)
149 {
150 IndexMid = (IndexLo + IndexHi) / 2;
151 FunctionEntry = &FunctionTable[IndexMid];
152
153 if (ControlPc < FunctionEntry->BeginAddress)
154 {
155 /* Continue search in lower half */
156 IndexHi = IndexMid;
157 }
158 else if (ControlPc >= FunctionEntry->EndAddress)
159 {
160 /* Continue search in upper half */
161 IndexLo = IndexMid + 1;
162 }
163 else
164 {
165 /* ControlPc is within limits, return entry */
166 return FunctionEntry;
167 }
168 }
169
170 /* Nothing found, return NULL */
172}
PRUNTIME_FUNCTION NTAPI RtlpLookupDynamicFunctionEntry(_In_ DWORD64 ControlPc, _Out_ PDWORD64 ImageBase, _In_ PUNWIND_HISTORY_TABLE HistoryTable)
Definition: dynfntbl.c:275
PRUNTIME_FUNCTION NTAPI RtlLookupFunctionTable(IN DWORD64 ControlPc, OUT PDWORD64 ImageBase, OUT PULONG Length)
Locates the table of RUNTIME_FUNCTION entries for a code address.
Definition: unwind.c:82
Referenced by RtlpCaptureNonVolatileContextPointers(), RtlpUnwindInternal(), and RtlWalkFrameChain().
◆ RtlLookupFunctionTable()
| PRUNTIME_FUNCTION NTAPI RtlLookupFunctionTable | ( | IN DWORD64 | ControlPc, |
| OUT PDWORD64 | ImageBase, | ||
| OUT PULONG | Length | ||
| ) |
Locates the table of RUNTIME_FUNCTION entries for a code address.
RtlLookupFunctionTable
- Parameters
-
ControlPc Address of the code, for which the table should be searched. ImageBase Pointer to a DWORD64 that receives the base address of the corresponding executable image. Length Pointer to an ULONG that receives the number of table entries present in the table.
Definition at line 82 of file unwind.c.
86{
89
90 /* Find corresponding file header from code address */
92 {
93 /* Nothing found */
95 }
96
97 /* Locate the exception directory */
99 TRUE,
101 &Size);
102
103 /* Return the number of entries */
105
106 /* Return the address of the table */
108}
PVOID NTAPI RtlPcToFileHeader(IN PVOID PcValue, PVOID *BaseOfImage)
Definition: libsupp.c:658
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
Definition: wdfdevice.h:4539
Referenced by RtlLookupFunctionEntry().
◆ RtlpCaptureNonVolatileContextPointers()
|
static |
Definition at line 1154 of file unwind.c.
1157{
1159 PRUNTIME_FUNCTION FunctionEntry;
1160 ULONG64 ImageBase;
1161 PVOID HandlerData;
1163
1164 /* Zero out the nonvolatile context pointers */
1166
1167 /* Capture the current context */
1169
1170 do
1171 {
1172 /* Make sure nothing fishy is going on. Currently this is for kernel mode only. */
1175
1176 /* Look up the function entry */
1179 {
1180 /* Do a virtual unwind to the caller and capture saved non-volatiles */
1181 RtlVirtualUnwind(UNW_FLAG_EHANDLER,
1182 ImageBase,
1183 Context.Rip,
1184 FunctionEntry,
1185 &Context,
1186 &HandlerData,
1187 &EstablisherFrame,
1188 NonvolatileContextPointers);
1189
1191 }
1192 else
1193 {
1195 Context.Rsp += 8;
1196 }
1197
1198 /* Continue until we reach user mode */
1200
1201 /* If the caller did the right thing, we should get past the target frame */
1203}
NTSYSAPI VOID NTAPI RtlCaptureContext(_Out_ PCONTEXT ContextRecord)
Definition: nt_native.h:1409
PEXCEPTION_ROUTINE NTAPI RtlVirtualUnwind(_In_ ULONG HandlerType, _In_ ULONG64 ImageBase, _In_ ULONG64 ControlPc, _In_ PRUNTIME_FUNCTION FunctionEntry, _Inout_ PCONTEXT Context, _Outptr_ PVOID *HandlerData, _Out_ PULONG64 EstablisherFrame, _Inout_opt_ PKNONVOLATILE_CONTEXT_POINTERS ContextPointers)
Definition: unwind.c:478
PRUNTIME_FUNCTION NTAPI RtlLookupFunctionEntry(IN DWORD64 ControlPc, OUT PDWORD64 ImageBase, OUT PUNWIND_HISTORY_TABLE HistoryTable)
Locates the RUNTIME_FUNCTION entry corresponding to a code address. https://learn....
Definition: unwind.c:124
Referenced by RtlGetUnwindContext(), and RtlSetUnwindContext().
◆ RtlpExecuteHandlerForUnwindHandler()
| EXCEPTION_DISPOSITION RtlpExecuteHandlerForUnwindHandler | ( | _Inout_ PEXCEPTION_RECORD | ExceptionRecord, |
| _In_ PVOID | EstablisherFrame, | ||
| _Inout_ PCONTEXT | ContextRecord, | ||
| _In_ PDISPATCHER_CONTEXT | DispatcherContext | ||
| ) |
Definition at line 665 of file unwind.c.
670{
671 /* Get a pointer to the register home space for RtlpExecuteHandlerForUnwind */
673
674 /* Get the ExceptionFlags value, which was saved in the home space */
676
677 /* Get the DispatcherContext, which was saved in the home space */
679
680 /* Check if the original call to RtlpExecuteHandlerForUnwind was an unwind */
682 {
683 /* Check if the current call to this function is due to unwinding */
685 {
686 /* We are unwinding over the call to a termination handler. This
687 could be due to an exception or longjmp. We need to make sure
688 to not run this termination handler again. To achieve that,
689 we copy the contents of the original dispatcher context back
690 over the current dispatcher context and return
691 ExceptionCollidedUnwind. RtlUnwindInternal will take the
692 original context, and continue unwing there. */
693 *DispatcherContext = *PreviousDispatcherContext;
695 }
696 }
697
698 // TODO: properly handle nested exceptions
699
701}
struct _DISPATCHER_CONTEXT * PDISPATCHER_CONTEXT
_IRQL_requires_same_ _In_ PVOID _Inout_ struct _CONTEXT _In_ PVOID DispatcherContext
Definition: ntbasedef.h:667
Definition: ketypes.h:1126
◆ RtlpIsStackPointerValid()
|
static |
Definition at line 654 of file unwind.c.
658{
659 return (StackPointer >= LowLimit) &&
660 (StackPointer < HighLimit) &&
661 ((StackPointer & 7) == 0);
662}
Referenced by RtlpUnwindInternal().
◆ RtlpLookupDynamicFunctionEntry()
| PRUNTIME_FUNCTION NTAPI RtlpLookupDynamicFunctionEntry | ( | _In_ DWORD64 | ControlPc, |
| _Out_ PDWORD64 | ImageBase, | ||
| _In_ PUNWIND_HISTORY_TABLE | HistoryTable | ||
| ) |
Definition at line 275 of file dynfntbl.c.
279{
280 PLIST_ENTRY listLink;
281 PDYNAMIC_FUNCTION_TABLE dynamicTable;
282 PRUNTIME_FUNCTION functionTable, foundEntry = NULL;
284 DWORD64 ipOffset;
286
288
289 /* Loop all tables to find the one matching ControlPc */
291 listLink != &RtlpDynamicFunctionTableList;
292 listLink = listLink->Flink)
293 {
295
297 (ControlPc < dynamicTable->MaximumAddress))
298 {
299 /* Check if there is a callback */
302 {
304
305 *ImageBase = dynamicTable->BaseAddress;
308 }
309
310 /* Loop all entries in the function table */
311 functionTable = dynamicTable->FunctionTable;
312 ipOffset = ControlPc - dynamicTable->BaseAddress;
314 {
315 /* Check if this entry contains the address */
317 (ipOffset < functionTable[i].EndAddress))
318 {
319 foundEntry = &functionTable[i];
320 *ImageBase = dynamicTable->BaseAddress;
322 }
323 }
324 }
325 }
326
327Exit:
328
330
331 return foundEntry;
332}
static __inline VOID AcquireDynamicFunctionTableLockShared()
Definition: dynfntbl.c:82
static __inline VOID ReleaseDynamicFunctionTableLockShared()
Definition: dynfntbl.c:89
PRUNTIME_FUNCTION(CALLBACK * PGET_RUNTIME_FUNCTION_CALLBACK)(DWORD_PTR, PVOID)
Definition: rtlsupportapi.h:56
Definition: dynfntbl.c:42
Definition: typedefs.h:120
Definition: http.c:7252
Referenced by RtlLookupFunctionEntry().
◆ RtlpRestoreContextInternal()
Referenced by RtlRestoreContext().
◆ RtlpTryToUnwindEpilog()
|
static |
Helper function that tries to unwind epilog instructions.
RtlpTryToUnwindEpilog
- Returns
- TRUE if we have been in an epilog and it could be unwound. FALSE if the instructions were not allowed for an epilog. https://docs.microsoft.com/en-us/cpp/build/unwind-procedure https://docs.microsoft.com/en-us/cpp/build/prolog-and-epilog
Definition at line 304 of file unwind.c.
310{
311 CONTEXT LocalContext;
312 BYTE *InstrPtr;
313 DWORD Instr;
314 BYTE Reg, Mod;
315 ULONG64 EndAddress;
316
317 /* Make a local copy of the context */
318 LocalContext = *Context;
319
320 InstrPtr = (BYTE*)ControlPc;
321
322 /* Check if first instruction of epilog is "add rsp, x" */
323 Instr = *(DWORD*)InstrPtr;
324 if ( (Instr & 0x00fffdff) == 0x00c48148 )
325 {
326 if ( (Instr & 0x0000ff00) == 0x8300 )
327 {
328 /* This is "add rsp, 0x??" */
329 LocalContext.Rsp += Instr >> 24;
330 InstrPtr += 4;
331 }
332 else
333 {
334 /* This is "add rsp, 0x???????? */
335 LocalContext.Rsp += *(DWORD*)(InstrPtr + 3);
336 InstrPtr += 7;
337 }
338 }
339 /* Check if first instruction of epilog is "lea rsp, ..." */
340 else if ( (Instr & 0x38fffe) == 0x208d48 )
341 {
342 /* Get the register */
343 Reg = (Instr >> 16) & 0x7;
344
345 /* REX.R */
346 Reg += (Instr & 1) * 8;
347
348 LocalContext.Rsp = GetReg(&LocalContext, Reg);
349
350 /* Get addressing mode */
351 Mod = (Instr >> 22) & 0x3;
352 if (Mod == 0)
353 {
354 /* No displacement */
355 InstrPtr += 3;
356 }
357 else if (Mod == 1)
358 {
359 /* 1 byte displacement */
361 InstrPtr += 4;
362 }
363 else if (Mod == 2)
364 {
365 /* 4 bytes displacement */
366 LocalContext.Rsp += *(LONG*)(InstrPtr + 3);
367 InstrPtr += 7;
368 }
369 }
370
371 /* Loop the following instructions before the ret */
372 EndAddress = FunctionEntry->EndAddress + ImageBase - 1;
374 {
375 Instr = *(DWORD*)InstrPtr;
376
377 /* Check for a simple pop */
378 if ( (Instr & 0xf8) == 0x58 )
379 {
380 /* Opcode pops a basic register from stack */
381 Reg = Instr & 0x7;
382 PopReg(&LocalContext, ContextPointers, Reg);
383 InstrPtr++;
384 continue;
385 }
386
387 /* Check for REX + pop */
388 if ( (Instr & 0xf8fb) == 0x5841 )
389 {
390 /* Opcode is pop r8 .. r15 */
391 Reg = ((Instr >> 8) & 0x7) + 8;
392 PopReg(&LocalContext, ContextPointers, Reg);
393 InstrPtr += 2;
394 continue;
395 }
396
397 /* Opcode not allowed for Epilog */
399 }
400
401 // check for popfq
402
403 // also allow end with jmp imm, jmp [target], iretq
404
405 /* Check if we are at the ret instruction */
407 {
408 /* If we went past the end of the function, something is broken! */
411 }
412
413 /* Make sure this is really a ret instruction */
414 if (*InstrPtr != 0xc3)
415 {
417 }
418
419 /* Unwind is finished, pop new Rip from Stack */
420 LocalContext.Rip = *(DWORD64*)LocalContext.Rsp;
422
423 *Context = LocalContext;
425}
static __inline void PopReg(_Inout_ PCONTEXT Context, _Inout_opt_ PKNONVOLATILE_CONTEXT_POINTERS ContextPointers, _In_ BYTE Reg)
Definition: unwind.c:247
Referenced by RtlVirtualUnwind().
◆ RtlpUnwindInternal()
| BOOLEAN NTAPI RtlpUnwindInternal | ( | _In_opt_ PVOID | TargetFrame, |
| _In_opt_ PVOID | TargetIp, | ||
| _In_ PEXCEPTION_RECORD | ExceptionRecord, | ||
| _In_ PVOID | ReturnValue, | ||
| _In_ PCONTEXT | ContextRecord, | ||
| _In_opt_ struct _UNWIND_HISTORY_TABLE * | HistoryTable, | ||
| _In_ ULONG | HandlerType | ||
| ) |
- Remarks
- The implementation is based on the description in this blog: http://www.nynaeve.net/?p=106
Differences to the desciption: - Instead of using 2 pointers to the unwind context and previous context, that are being swapped and the context copied, the unwind context is kept in the local context and copied back into the context passed in by the caller.
- See also
- http://www.nynaeve.net/?p=106
TODO: Handle DPC stack
TODO
TODO: Check for DPC stack
Definition at line 717 of file unwind.c.
725{
727 PEXCEPTION_ROUTINE ExceptionRoutine;
729 PRUNTIME_FUNCTION FunctionEntry;
730 ULONG_PTR StackLow, StackHigh;
732 CONTEXT UnwindContext;
733
734 /* Get the current stack limits */
735 RtlpGetStackLimits(&StackLow, &StackHigh);
736
737 /* If we have a target frame, then this is our high limit */
739 {
740 StackHigh = (ULONG64)TargetFrame + 1;
741 }
742
743 /* Copy the context */
744 UnwindContext = *ContextRecord;
745
746 /* Set up the constant fields of the dispatcher context */
747 DispatcherContext.ContextRecord =
749 DispatcherContext.HistoryTable = HistoryTable;
751
752 /* Start looping */
754 {
756 {
758 }
759
760 /* Lookup the FunctionEntry for the current RIP */
763 {
764 /* No function entry, so this must be a leaf function. Pop the return address from the stack.
765 Note: this can happen after the first frame as the result of an exception */
766 UnwindContext.Rip = *(DWORD64*)UnwindContext.Rsp;
768
770 {
771 /* Copy the context back for the next iteration */
772 *ContextRecord = UnwindContext;
773 }
774 continue;
775 }
776
777 /* Save Rip before the virtual unwind */
778 DispatcherContext.ControlPc = UnwindContext.Rip;
779
780 /* Do a virtual unwind to get the next frame */
782 ImageBase,
783 UnwindContext.Rip,
784 FunctionEntry,
785 &UnwindContext,
786 &DispatcherContext.HandlerData,
787 &EstablisherFrame,
788 NULL);
789
790 /* Check, if we are still within the stack boundaries */
792 (EstablisherFrame >= StackHigh) ||
793 (EstablisherFrame & 7))
794 {
796
797 /* If we are handling an exception, we are done here. */
799 {
800 ExceptionRecord->ExceptionFlags |= EXCEPTION_STACK_INVALID;
802 }
803
804 __debugbreak();
806 }
807
808 /* Check if we have an exception routine */
810 {
811 /* Check if this is the target frame */
813 {
814 /* Set flag to inform the language handler */
815 ExceptionRecord->ExceptionFlags |= EXCEPTION_TARGET_UNWIND;
816 }
817
818 /* Log the exception if it's enabled */
819 RtlpCheckLogException(ExceptionRecord,
820 &UnwindContext,
821 &DispatcherContext,
823
824 /* Set up the variable fields of the dispatcher context */
825 DispatcherContext.ImageBase = ImageBase;
826 DispatcherContext.FunctionEntry = FunctionEntry;
827 DispatcherContext.LanguageHandler = ExceptionRoutine;
829 DispatcherContext.ScopeIndex = 0;
830
831 /* Store the return value in the unwind context */
833
834 /* Loop all nested handlers */
835 do
836 {
837 /* Call the language specific handler */
840 ContextRecord,
841 &DispatcherContext);
842
843 /* Clear exception flags for the next iteration */
844 ExceptionRecord->ExceptionFlags &= ~(EXCEPTION_TARGET_UNWIND |
846
847 /* Check if we do exception handling */
849 {
851 {
852 /* Check if it was non-continuable */
854 {
855 __debugbreak();
857 }
858
859 /* Execution continues */
861 }
863 {
865 __debugbreak();
866 }
867 }
868
870 {
871 /* We collided with another unwind, so we need to continue
872 "after" the handler, skipping the termination handler
873 that resulted in this unwind. The installed handler has
874 already copied the original dispatcher context, we now
875 need to copy back the original context. */
877
878 /* The original context was from "before" the unwind, so we
879 need to do an additional virtual unwind to restore the
880 unwind contxt. */
882 DispatcherContext.ImageBase,
883 UnwindContext.Rip,
884 DispatcherContext.FunctionEntry,
885 &UnwindContext,
886 &DispatcherContext.HandlerData,
887 &EstablisherFrame,
888 NULL);
889
890 /* Restore the context pointer and establisher frame. */
891 DispatcherContext.ContextRecord = &UnwindContext;
893
894 /* Set the exception flags to indicate that we collided
895 with an unwind and continue the handler loop, which
896 will run any additional handlers from the previous
897 unwind. */
898 ExceptionRecord->ExceptionFlags |= EXCEPTION_COLLIDED_UNWIND;
899 continue;
900 }
901
902 /* This must be ExceptionContinueSearch now */
904 {
905 __debugbreak();
907 }
909 }
910
911 /* Check, if we have left our stack (8.) */
913 (EstablisherFrame > StackHigh) ||
914 (EstablisherFrame & 7))
915 {
917 __debugbreak();
918
920 {
922 }
923 else
924 {
926 }
927 }
928
930 {
931 break;
932 }
933
935 {
936 /* We have successfully unwound a frame. Copy the unwind context back. */
937 *ContextRecord = UnwindContext;
938 }
939 }
940
942 {
944 }
945
946 /* Set the return value */
948
949 /* Restore the context */
951
952 /* Should never get here! */
955}
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn UINT32 *TableIdx UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE ACPI_HANDLE ACPI_HANDLE *OutHandle ACPI_HANDLE *OutHandle void *Context void *Context ACPI_EVENT_HANDLER Handler UINT32 UINT32 ACPI_GPE_HANDLER void *Context UINT32 HandlerType
Definition: acpixf.h:817
VOID NTAPI RtlpCheckLogException(IN PEXCEPTION_RECORD ExceptionRecord, IN PCONTEXT ContextRecord, IN PVOID ContextData, IN ULONG Size)
Definition: libsupp.c:203
VOID NTAPI RtlpGetStackLimits(OUT PULONG_PTR LowLimit, OUT PULONG_PTR HighLimit)
Definition: libsupp.c:337
enum _EXCEPTION_DISPOSITION EXCEPTION_DISPOSITION
#define EXCEPTION_NONCONTINUABLE_EXCEPTION
Definition: minwinbase.h:61
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Reserved_ ULONG _In_opt_ PUNICODE_STRING _In_ ULONG _Out_opt_ PULONG Disposition
Definition: cmfuncs.h:56
NTSYSAPI NTSTATUS NTAPI ZwRaiseException(_In_ PEXCEPTION_RECORD ExceptionRecord, _In_ PCONTEXT Context, _In_ BOOLEAN SearchFrames)
DECLSPEC_NORETURN NTSYSAPI VOID NTAPI RtlRaiseStatus(_In_ NTSTATUS Status)
_IRQL_requires_same_ _In_ PVOID _Inout_ struct _CONTEXT * ContextRecord
Definition: ntbasedef.h:666
EXCEPTION_DISPOSITION NTAPI RtlpExecuteHandlerForUnwind(_Inout_ struct _EXCEPTION_RECORD *ExceptionRecord, _In_ PVOID EstablisherFrame, _Inout_ struct _CONTEXT *ContextRecord, _In_ PVOID DispatcherContext)
VOID RtlRestoreContext(_In_ PCONTEXT ContextRecord, _In_ PEXCEPTION_RECORD ExceptionRecord)
Definition: unwind.c:1284
static __inline BOOL RtlpIsStackPointerValid(_In_ ULONG64 StackPointer, _In_ ULONG64 LowLimit, _In_ ULONG64 HighLimit)
Definition: unwind.c:654
Referenced by RtlDispatchException(), and RtlUnwindEx().
◆ RtlRestoreContext()
| VOID RtlRestoreContext | ( | _In_ PCONTEXT | ContextRecord, |
| _In_ PEXCEPTION_RECORD | ExceptionRecord | ||
| ) |
Definition at line 1284 of file unwind.c.
1287{
1289 {
1291 (ExceptionRecord->NumberParameters >= 1))
1292 {
1294 // FIXME: This should be called through an asm wrapper to allow handling recursive unwinding
1296 }
1298 (ExceptionRecord->NumberParameters >= 1))
1299 {
1300 _JUMP_BUFFER* JumpBuffer = (_JUMP_BUFFER*)ExceptionRecord->ExceptionInformation[0];
1301 ContextRecord->Rbx = JumpBuffer->Rbx;
1302 ContextRecord->Rsp = JumpBuffer->Rsp;
1303 ContextRecord->Rbp = JumpBuffer->Rbp;
1304 ContextRecord->Rsi = JumpBuffer->Rsi;
1305 ContextRecord->Rdi = JumpBuffer->Rdi;
1306 ContextRecord->R12 = JumpBuffer->R12;
1307 ContextRecord->R13 = JumpBuffer->R13;
1308 ContextRecord->R14 = JumpBuffer->R14;
1309 ContextRecord->R15 = JumpBuffer->R15;
1310 ContextRecord->Rip = JumpBuffer->Rip;
1311 ContextRecord->MxCsr = JumpBuffer->MxCsr;
1312 ContextRecord->FltSave.MxCsr = JumpBuffer->MxCsr;
1313 ContextRecord->FltSave.ControlWord = JumpBuffer->FpCsr;
1324 }
1325 }
1326
1328}
Definition: compat.h:207
VOID RtlpRestoreContextInternal(_In_ PCONTEXT ContextRecord)
Referenced by RtlpUnwindInternal().
◆ RtlSetUnwindContext()
Definition at line 1243 of file unwind.c.
1246{
1247 KNONVOLATILE_CONTEXT_POINTERS ContextPointers;
1249
1250 /* Capture pointers to the non-volatiles up to the target frame */
1251 RtlpCaptureNonVolatileContextPointers(&ContextPointers, TargetFrame);
1252
1253 /* Copy the nonvolatiles to the captured locations */
1255 {
1256 *ContextPointers.Rbx = Context->Rbx;
1257 *ContextPointers.Rsi = Context->Rsi;
1258 *ContextPointers.Rdi = Context->Rdi;
1259 *ContextPointers.R12 = Context->R12;
1260 *ContextPointers.R13 = Context->R13;
1261 *ContextPointers.R14 = Context->R14;
1262 *ContextPointers.R15 = Context->R15;
1263 }
1265 {
1266 *ContextPointers.Xmm6 = Context->Xmm6;
1267 *ContextPointers.Xmm7 = Context->Xmm7;
1268 *ContextPointers.Xmm8 = Context->Xmm8;
1269 *ContextPointers.Xmm9 = Context->Xmm9;
1270 *ContextPointers.Xmm10 = Context->Xmm10;
1271 *ContextPointers.Xmm11 = Context->Xmm11;
1272 *ContextPointers.Xmm12 = Context->Xmm12;
1273 *ContextPointers.Xmm13 = Context->Xmm13;
1274 *ContextPointers.Xmm14 = Context->Xmm14;
1275 *ContextPointers.Xmm15 = Context->Xmm15;
1276 }
1277}
Referenced by KiSetTrapContextInternal().
◆ RtlUnwind()
| VOID NTAPI RtlUnwind | ( | _In_opt_ PVOID TargetFrame TargetFrame | , |
| _In_opt_ PVOID | TargetIp, | ||
| _In_opt_ PEXCEPTION_RECORD | ExceptionRecord, | ||
| _In_ PVOID | ReturnValue | ||
| ) |
Definition at line 1002 of file unwind.c.
1007{
1009
1010 RtlUnwindEx(TargetFrame,
1011 TargetIp,
1012 ExceptionRecord,
1013 ReturnValue,
1014 &Context,
1015 NULL);
1016}
VOID NTAPI RtlUnwindEx(_In_opt_ PVOID TargetFrame, _In_opt_ PVOID TargetIp, _In_opt_ PEXCEPTION_RECORD ExceptionRecord, _In_ PVOID ReturnValue, _In_ PCONTEXT ContextRecord, _In_opt_ struct _UNWIND_HISTORY_TABLE *HistoryTable)
Definition: unwind.c:959
◆ RtlUnwindEx()
| VOID NTAPI RtlUnwindEx | ( | _In_opt_ PVOID | TargetFrame, |
| _In_opt_ PVOID | TargetIp, | ||
| _In_opt_ PEXCEPTION_RECORD | ExceptionRecord, | ||
| _In_ PVOID | ReturnValue, | ||
| _In_ PCONTEXT | ContextRecord, | ||
| _In_opt_ struct _UNWIND_HISTORY_TABLE * | HistoryTable | ||
| ) |
Definition at line 959 of file unwind.c.
966{
967 EXCEPTION_RECORD LocalExceptionRecord;
968
969 /* Capture the current context */
971
972 /* Check if we have an exception record */
974 {
975 /* No exception record was passed, so set up a local one */
979 LocalExceptionRecord.NumberParameters = 0;
980 ExceptionRecord = &LocalExceptionRecord;
981 }
982
983 /* Set unwind flags */
984 ExceptionRecord->ExceptionFlags = EXCEPTION_UNWINDING;
986 {
987 ExceptionRecord->ExceptionFlags |= EXCEPTION_EXIT_UNWIND;
988 }
989
990 /* Call the internal function */
991 RtlpUnwindInternal(TargetFrame,
992 TargetIp,
993 ExceptionRecord,
994 ReturnValue,
995 ContextRecord,
996 HistoryTable,
997 UNW_FLAG_UHANDLER);
998}
struct _EXCEPTION_RECORD * ExceptionRecord
Definition: compat.h:210
BOOLEAN NTAPI RtlpUnwindInternal(_In_opt_ PVOID TargetFrame, _In_opt_ PVOID TargetIp, _In_ PEXCEPTION_RECORD ExceptionRecord, _In_ PVOID ReturnValue, _In_ PCONTEXT ContextRecord, _In_opt_ struct _UNWIND_HISTORY_TABLE *HistoryTable, _In_ ULONG HandlerType)
Definition: unwind.c:717
Referenced by RtlUnwind().
◆ RtlVirtualUnwind()
| PEXCEPTION_ROUTINE NTAPI RtlVirtualUnwind | ( | _In_ ULONG | HandlerType, |
| _In_ ULONG64 | ImageBase, | ||
| _In_ ULONG64 | ControlPc, | ||
| _In_ PRUNTIME_FUNCTION | FunctionEntry, | ||
| _Inout_ PCONTEXT | Context, | ||
| _Outptr_ PVOID * | HandlerData, | ||
| _Out_ PULONG64 | EstablisherFrame, | ||
| _Inout_opt_ PKNONVOLATILE_CONTEXT_POINTERS | ContextPointers | ||
| ) |
Definition at line 478 of file unwind.c.
487{
488 PUNWIND_INFO UnwindInfo;
489 ULONG_PTR ControlRva, CodeOffset;
491 UNWIND_CODE UnwindCode;
492 BYTE Reg;
493 PULONG LanguageHandler;
494
495 /* Get relative virtual address */
496 ControlRva = ControlPc - ImageBase;
497
498 /* Sanity checks */
499 if ( (ControlRva < FunctionEntry->BeginAddress) ||
500 (ControlRva >= FunctionEntry->EndAddress) )
501 {
503 }
504
505 /* Get a pointer to the unwind info */
506 UnwindInfo = RVA(ImageBase, FunctionEntry->UnwindData);
507
508 /* The language specific handler data follows the unwind info */
509 LanguageHandler = ALIGN_UP_POINTER_BY(&UnwindInfo->UnwindCode[UnwindInfo->CountOfCodes], sizeof(ULONG));
510
511 /* Calculate relative offset to function start */
512 CodeOffset = ControlRva - FunctionEntry->BeginAddress;
513
515
516 /* Check if we are in the function epilog and try to finish it */
518 {
520 {
521 /* There's no exception routine */
523 }
524 }
525
526 /* Skip all Ops with an offset greater than the current Offset */
527 i = 0;
528 while ((i < UnwindInfo->CountOfCodes) &&
530 {
532 }
533
534RepeatChainedInfo:
535
536 /* Process the remaining unwind ops */
537 while (i < UnwindInfo->CountOfCodes)
538 {
541 {
543 Reg = UnwindCode.OpInfo;
545 i++;
546 break;
547
550 {
553 i += 3;
554 }
555 else
556 {
559 i += 2;
560 }
561 break;
562
565 i++;
566 break;
567
569 Reg = UnwindInfo->FrameRegister;
571 i++;
572 break;
573
575 Reg = UnwindCode.OpInfo;
578 i += 2;
579 break;
580
582 Reg = UnwindCode.OpInfo;
585 i += 3;
586 break;
587
589 i += 1;
590 break;
591
594 i += 2;
595 break;
596
598 Reg = UnwindCode.OpInfo;
601 i += 2;
602 break;
603
605 Reg = UnwindCode.OpInfo;
608 i += 3;
609 break;
610
612 /* OpInfo is 1, when an error code was pushed, otherwise 0. */
614
615 /* Now pop the MACHINE_FRAME (RIP/RSP only. And yes, "magic numbers", deal with it) */
620 }
621 }
622
623 /* Check for chained info */
625 {
626 /* See https://docs.microsoft.com/en-us/cpp/build/exception-handling-x64?view=msvc-160#chained-unwind-info-structures */
627 FunctionEntry = (PRUNTIME_FUNCTION)&(UnwindInfo->UnwindCode[(UnwindInfo->CountOfCodes + 1) & ~1]);
628 UnwindInfo = RVA(ImageBase, FunctionEntry->UnwindData);
629 i = 0;
630 goto RepeatChainedInfo;
631 }
632
633 /* Unwind is finished, pop new Rip from Stack */
635 {
638 }
639
640Exit:
641
642 /* Check if we have a handler and return it */
644 {
645 *HandlerData = (LanguageHandler + 1);
647 }
648
650}
Definition: cpu_x86_64.c:61
Definition: cpu_x86_64.c:50
static ULONG64 GetEstablisherFrame(_In_ PCONTEXT Context, _In_ PUNWIND_INFO UnwindInfo, _In_ ULONG_PTR CodeOffset)
Definition: unwind.c:433
static __inline BOOLEAN RtlpTryToUnwindEpilog(_Inout_ PCONTEXT Context, _In_ ULONG64 ControlPc, _Inout_opt_ PKNONVOLATILE_CONTEXT_POINTERS ContextPointers, _In_ ULONG64 ImageBase, _In_ PRUNTIME_FUNCTION FunctionEntry)
Helper function that tries to unwind epilog instructions.
Definition: unwind.c:304
static __inline void SetXmmRegFromStackValue(_Out_ PCONTEXT Context, _Inout_opt_ PKNONVOLATILE_CONTEXT_POINTERS ContextPointers, _In_ BYTE Reg, _In_ M128A *ValuePointer)
Definition: unwind.c:270
Referenced by RtlpCaptureNonVolatileContextPointers(), RtlpUnwindInternal(), and RtlWalkFrameChain().
◆ RtlWalkFrameChain()
Definition at line 1020 of file unwind.c.
1023{
1026 ULONG64 StackLow, StackHigh;
1027 PVOID HandlerData;
1029 PRUNTIME_FUNCTION FunctionEntry;
1031
1033
1034 /* The upper bits in Flags define how many frames to skip */
1035 FramesToSkip = Flags >> 8;
1036
1037 /* Capture the current Context */
1039 ControlPc = Context.Rip;
1040
1041 /* Get the stack limits */
1042 RtlpGetStackLimits(&StackLow, &StackHigh);
1043
1044 _SEH2_TRY
1045 {
1046 /* Loop the frames */
1048 {
1049 /* Lookup the FunctionEntry for the current ControlPc */
1051
1052 /* Is this a leaf function? */
1053 if (!FunctionEntry)
1054 {
1058 }
1059 else
1060 {
1062 ImageBase,
1063 ControlPc,
1064 FunctionEntry,
1065 &Context,
1066 &HandlerData,
1067 &EstablisherFrame,
1068 NULL);
1069 DPRINT("normal funtion, new Rip = %p, new Rsp = %p\n", (PVOID)Context.Rip, (PVOID)Context.Rsp);
1070 }
1071
1072 /* Check if we are in kernel mode */
1074 {
1075 /* Check if we left the kernel range */
1077 {
1078 /* Bail out, unless user mode was requested */
1080 {
1081 break;
1082 }
1083
1084 /* We are in user mode now, get UM stack bounds */
1085 CurrentMode = UserMode;
1088 }
1089 }
1090
1091 /* Check (again) if we are in user mode now */
1093 {
1094 /* Check if we left the user range */
1096 (Context.Rip > 0x000007FFFFFEFFFFULL))
1097 {
1098 break;
1099 }
1100 }
1101
1102 /* Check, if we have left our stack */
1104 {
1105 break;
1106 }
1107
1108 /* Continue with new Rip */
1109 ControlPc = Context.Rip;
1110
1111 /* Save value, if we are past the frames to skip */
1113 {
1115 }
1116 }
1117 }
1119 {
1121 i = 0;
1122 }
1123 _SEH2_END;
1124
1127}
enum _MODE MODE
Referenced by RtlGetCallersAddress().
◆ SetReg()
Definition at line 210 of file unwind.c.
214{
216}
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING _Out_opt_ PUSHORT _Inout_opt_ PUNICODE_STRING Value
Definition: wdfregistry.h:413
Referenced by SetRegFromStackValue().
◆ SetRegFromStackValue()
|
static |
Definition at line 221 of file unwind.c.
226{
229 {
230 ContextPointers->IntegerContext[Reg] = ValuePointer;
231 }
232}
static __inline void SetReg(_Inout_ PCONTEXT Context, _In_ BYTE Reg, _In_ DWORD64 Value)
Definition: unwind.c:210
Referenced by PopReg(), and RtlVirtualUnwind().
◆ SetXmmReg()
◆ SetXmmRegFromStackValue()
|
static |
Definition at line 270 of file unwind.c.
275{
278 {
279 ContextPointers->FloatingContext[Reg] = ValuePointer;
280 }
281}
static __inline void SetXmmReg(_Inout_ PCONTEXT Context, _In_ BYTE Reg, _In_ M128A Value)
Definition: unwind.c:259
Referenced by RtlVirtualUnwind().
◆ UnwindOpSlots()
|
static |
Definition at line 177 of file unwind.c.
179{
181 {
182 0, // UWOP_PUSH_NONVOL
183 1, // UWOP_ALLOC_LARGE (or 3, special cased in lookup code)
184 0, // UWOP_ALLOC_SMALL
185 0, // UWOP_SET_FPREG
186 1, // UWOP_SAVE_NONVOL
187 2, // UWOP_SAVE_NONVOL_FAR
188 1, // UWOP_EPILOG // previously UWOP_SAVE_XMM
189 2, // UWOP_SPARE_CODE // previously UWOP_SAVE_XMM_FAR
190 1, // UWOP_SAVE_XMM128
191 2, // UWOP_SAVE_XMM128_FAR
192 0, // UWOP_PUSH_MACHFRAME
193 2, // UWOP_SET_FPREG_LARGE
194 };
195
197 (UnwindCode.OpInfo != 0))
198 {
199 return 3;
200 }
201 else
202 {
203 return UnwindOpExtraSlotTable[UnwindCode.UnwindOp] + 1;
204 }
205}
Referenced by GetEstablisherFrame(), and RtlVirtualUnwind().
