ReactOS 0.4.15-dev-7942-gd23573b
Classes | Macros | Typedefs | Functions
unwind.c File Reference
#include <rtl.h>
#include <debug.h>
Include dependency graph for unwind.c:

Go to the source code of this file.

Classes

union  _UNWIND_CODE
 
struct  _UNWIND_INFO
 

Macros

#define NDEBUG
 
#define UNWIND_HISTORY_TABLE_NONE   0
 
#define UNWIND_HISTORY_TABLE_GLOBAL   1
 
#define UNWIND_HISTORY_TABLE_LOCAL   2
 
#define UWOP_PUSH_NONVOL   0
 
#define UWOP_ALLOC_LARGE   1
 
#define UWOP_ALLOC_SMALL   2
 
#define UWOP_SET_FPREG   3
 
#define UWOP_SAVE_NONVOL   4
 
#define UWOP_SAVE_NONVOL_FAR   5
 
#define UWOP_EPILOG   6
 
#define UWOP_SPARE_CODE   7
 
#define UWOP_SAVE_XMM128   8
 
#define UWOP_SAVE_XMM128_FAR   9
 
#define UWOP_PUSH_MACHFRAME   10
 

Typedefs

typedef unsigned char UBYTE
 
typedef union _UNWIND_CODE UNWIND_CODE
 
typedef union _UNWIND_CODEPUNWIND_CODE
 
typedef struct _UNWIND_INFO UNWIND_INFO
 
typedef struct _UNWIND_INFOPUNWIND_INFO
 

Functions

PRUNTIME_FUNCTION NTAPI RtlLookupFunctionTable (IN DWORD64 ControlPc, OUT PDWORD64 ImageBase, OUT PULONG Length)
 Locates the table of RUNTIME_FUNCTION entries for a code address.
 
PRUNTIME_FUNCTION NTAPI RtlpLookupDynamicFunctionEntry (_In_ DWORD64 ControlPc, _Out_ PDWORD64 ImageBase, _In_ PUNWIND_HISTORY_TABLE HistoryTable)
 
PRUNTIME_FUNCTION NTAPI RtlLookupFunctionEntry (IN DWORD64 ControlPc, OUT PDWORD64 ImageBase, OUT PUNWIND_HISTORY_TABLE HistoryTable)
 Locates the RUNTIME_FUNCTION entry corresponding to a code address. http://msdn.microsoft.com/en-us/library/ms680597(VS.85).aspx.
 
static __inline ULONG UnwindOpSlots (_In_ UNWIND_CODE UnwindCode)
 
static __inline void SetReg (_Inout_ PCONTEXT Context, _In_ BYTE Reg, _In_ DWORD64 Value)
 
static __inline void SetRegFromStackValue (_Inout_ PCONTEXT Context, _Inout_opt_ PKNONVOLATILE_CONTEXT_POINTERS ContextPointers, _In_ BYTE Reg, _In_ PDWORD64 ValuePointer)
 
static __inline DWORD64 GetReg (_In_ PCONTEXT Context, _In_ BYTE Reg)
 
static __inline void PopReg (_Inout_ PCONTEXT Context, _Inout_opt_ PKNONVOLATILE_CONTEXT_POINTERS ContextPointers, _In_ BYTE Reg)
 
static __inline void SetXmmReg (_Inout_ PCONTEXT Context, _In_ BYTE Reg, _In_ M128A Value)
 
static __inline void SetXmmRegFromStackValue (_Out_ PCONTEXT Context, _Inout_opt_ PKNONVOLATILE_CONTEXT_POINTERS ContextPointers, _In_ BYTE Reg, _In_ M128A *ValuePointer)
 
static __inline M128A GetXmmReg (PCONTEXT Context, BYTE Reg)
 
static __inline BOOLEAN RtlpTryToUnwindEpilog (_Inout_ PCONTEXT Context, _In_ ULONG64 ControlPc, _Inout_opt_ PKNONVOLATILE_CONTEXT_POINTERS ContextPointers, _In_ ULONG64 ImageBase, _In_ PRUNTIME_FUNCTION FunctionEntry)
 Helper function that tries to unwind epilog instructions.
 
static ULONG64 GetEstablisherFrame (_In_ PCONTEXT Context, _In_ PUNWIND_INFO UnwindInfo, _In_ ULONG_PTR CodeOffset)
 
PEXCEPTION_ROUTINE NTAPI RtlVirtualUnwind (_In_ ULONG HandlerType, _In_ ULONG64 ImageBase, _In_ ULONG64 ControlPc, _In_ PRUNTIME_FUNCTION FunctionEntry, _Inout_ PCONTEXT Context, _Outptr_ PVOID *HandlerData, _Out_ PULONG64 EstablisherFrame, _Inout_opt_ PKNONVOLATILE_CONTEXT_POINTERS ContextPointers)
 
BOOLEAN NTAPI RtlpUnwindInternal (_In_opt_ PVOID TargetFrame, _In_opt_ PVOID TargetIp, _In_ PEXCEPTION_RECORD ExceptionRecord, _In_ PVOID ReturnValue, _In_ PCONTEXT ContextRecord, _In_opt_ struct _UNWIND_HISTORY_TABLE *HistoryTable, _In_ ULONG HandlerType)
 
VOID NTAPI RtlUnwindEx (_In_opt_ PVOID TargetFrame, _In_opt_ PVOID TargetIp, _In_opt_ PEXCEPTION_RECORD ExceptionRecord, _In_ PVOID ReturnValue, _In_ PCONTEXT ContextRecord, _In_opt_ struct _UNWIND_HISTORY_TABLE *HistoryTable)
 
VOID NTAPI RtlUnwind (_In_opt_ PVOID TargetFrame, _In_opt_ PVOID TargetIp, _In_opt_ PEXCEPTION_RECORD ExceptionRecord, _In_ PVOID ReturnValue)
 
ULONG NTAPI RtlWalkFrameChain (OUT PVOID *Callers, IN ULONG Count, IN ULONG Flags)
 
VOID NTAPI RtlGetCallersAddress (OUT PVOID *CallersAddress, OUT PVOID *CallersCaller)
 
static VOID RtlpCaptureNonVolatileContextPointers (_Out_ PKNONVOLATILE_CONTEXT_POINTERS NonvolatileContextPointers, _In_ ULONG64 TargetFrame)
 
VOID RtlSetUnwindContext (_In_ PCONTEXT Context, _In_ DWORD64 TargetFrame)
 
VOID RtlpRestoreContextInternal (_In_ PCONTEXT ContextRecord)
 
VOID RtlRestoreContext (_In_ PCONTEXT ContextRecord, _In_ PEXCEPTION_RECORD ExceptionRecord)
 

Macro Definition Documentation

◆ NDEBUG

#define NDEBUG

Definition at line 12 of file unwind.c.

◆ UNWIND_HISTORY_TABLE_GLOBAL

#define UNWIND_HISTORY_TABLE_GLOBAL   1

Definition at line 16 of file unwind.c.

◆ UNWIND_HISTORY_TABLE_LOCAL

#define UNWIND_HISTORY_TABLE_LOCAL   2

Definition at line 17 of file unwind.c.

◆ UNWIND_HISTORY_TABLE_NONE

#define UNWIND_HISTORY_TABLE_NONE   0

Definition at line 15 of file unwind.c.

◆ UWOP_ALLOC_LARGE

#define UWOP_ALLOC_LARGE   1

Definition at line 20 of file unwind.c.

◆ UWOP_ALLOC_SMALL

#define UWOP_ALLOC_SMALL   2

Definition at line 21 of file unwind.c.

◆ UWOP_EPILOG

#define UWOP_EPILOG   6

Definition at line 29 of file unwind.c.

◆ UWOP_PUSH_MACHFRAME

#define UWOP_PUSH_MACHFRAME   10

Definition at line 34 of file unwind.c.

◆ UWOP_PUSH_NONVOL

#define UWOP_PUSH_NONVOL   0

Definition at line 19 of file unwind.c.

◆ UWOP_SAVE_NONVOL

#define UWOP_SAVE_NONVOL   4

Definition at line 23 of file unwind.c.

◆ UWOP_SAVE_NONVOL_FAR

#define UWOP_SAVE_NONVOL_FAR   5

Definition at line 24 of file unwind.c.

◆ UWOP_SAVE_XMM128

#define UWOP_SAVE_XMM128   8

Definition at line 32 of file unwind.c.

◆ UWOP_SAVE_XMM128_FAR

#define UWOP_SAVE_XMM128_FAR   9

Definition at line 33 of file unwind.c.

◆ UWOP_SET_FPREG

#define UWOP_SET_FPREG   3

Definition at line 22 of file unwind.c.

◆ UWOP_SPARE_CODE

#define UWOP_SPARE_CODE   7

Definition at line 30 of file unwind.c.

Typedef Documentation

◆ PUNWIND_CODE

typedef union _UNWIND_CODE * PUNWIND_CODE

◆ PUNWIND_INFO

typedef struct _UNWIND_INFO * PUNWIND_INFO

◆ UBYTE

typedef unsigned char UBYTE

Definition at line 37 of file unwind.c.

◆ UNWIND_CODE

typedef union _UNWIND_CODE UNWIND_CODE

◆ UNWIND_INFO

typedef struct _UNWIND_INFO UNWIND_INFO

Function Documentation

◆ GetEstablisherFrame()

static ULONG64 GetEstablisherFrame ( _In_ PCONTEXT  Context,
_In_ PUNWIND_INFO  UnwindInfo,
_In_ ULONG_PTR  CodeOffset 
)
static

https://docs.microsoft.com/en-us/cpp/build/unwind-data-definitions-in-c

Definition at line 433 of file unwind.c.

437{
438 ULONG i;
439
440 /* Check if we have a frame register */
441 if (UnwindInfo->FrameRegister == 0)
442 {
443 /* No frame register means we use Rsp */
444 return Context->Rsp;
445 }
446
447 if ((CodeOffset >= UnwindInfo->SizeOfProlog) ||
448 ((UnwindInfo->Flags & UNW_FLAG_CHAININFO) != 0))
449 {
450 return GetReg(Context, UnwindInfo->FrameRegister) -
451 UnwindInfo->FrameOffset * 16;
452 }
453
454 /* Loop all unwind ops */
455 for (i = 0;
456 i < UnwindInfo->CountOfCodes;
457 i += UnwindOpSlots(UnwindInfo->UnwindCode[i]))
458 {
459 /* Skip codes past our code offset */
460 if (UnwindInfo->UnwindCode[i].CodeOffset > CodeOffset)
461 {
462 continue;
463 }
464
465 /* Check for SET_FPREG */
466 if (UnwindInfo->UnwindCode[i].UnwindOp == UWOP_SET_FPREG)
467 {
468 return GetReg(Context, UnwindInfo->FrameRegister) -
469 UnwindInfo->FrameOffset * 16;
470 }
471 }
472
473 return Context->Rsp;
474}
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
UNW_FLAG_CHAININFO
@ UNW_FLAG_CHAININFO
Definition: rsym64.h:111
ULONG
uint32_t ULONG
Definition: typedefs.h:59
UnwindOpSlots
static __inline ULONG UnwindOpSlots(_In_ UNWIND_CODE UnwindCode)
Definition: unwind.c:177
GetReg
static __inline DWORD64 GetReg(_In_ PCONTEXT Context, _In_ BYTE Reg)
Definition: unwind.c:237
UWOP_SET_FPREG
#define UWOP_SET_FPREG
Definition: unwind.c:22

Referenced by RtlVirtualUnwind().

◆ GetReg()

static __inline DWORD64 GetReg ( _In_ PCONTEXT  Context,
_In_ BYTE  Reg 
)
static

Definition at line 237 of file unwind.c.

240{
241 return ((DWORD64*)(&Context->Rax))[Reg];
242}
DWORD64
uint64_t DWORD64
Definition: typedefs.h:67

Referenced by GetEstablisherFrame(), RtlpTryToUnwindEpilog(), and RtlVirtualUnwind().

◆ GetXmmReg()

static __inline M128A GetXmmReg ( PCONTEXT  Context,
BYTE  Reg 
)
static

Definition at line 286 of file unwind.c.

287{
288 return ((M128A*)(&Context->Xmm0))[Reg];
289}
M128A
M128A
Definition: ketypes.h:937

◆ PopReg()

static __inline void PopReg ( _Inout_ PCONTEXT  Context,
_Inout_opt_ PKNONVOLATILE_CONTEXT_POINTERS  ContextPointers,
_In_ BYTE  Reg 
)
static

Definition at line 247 of file unwind.c.

251{
252 SetRegFromStackValue(Context, ContextPointers, Reg, (PDWORD64)Context->Rsp);
253 Context->Rsp += sizeof(DWORD64);
254}
PDWORD64
uint64_t * PDWORD64
Definition: typedefs.h:67
SetRegFromStackValue
static __inline void SetRegFromStackValue(_Inout_ PCONTEXT Context, _Inout_opt_ PKNONVOLATILE_CONTEXT_POINTERS ContextPointers, _In_ BYTE Reg, _In_ PDWORD64 ValuePointer)
Definition: unwind.c:221

Referenced by RtlpTryToUnwindEpilog(), and RtlVirtualUnwind().

◆ RtlGetCallersAddress()

VOID NTAPI RtlGetCallersAddress ( OUT PVOID CallersAddress,
OUT PVOID CallersCaller 
)

RtlGetCallersAddress http://undocumented.ntinternals.net/UserMode/Undocumented%20Functions/Debug/RtlGetCallersAddress.html

Definition at line 1038 of file unwind.c.

1041{
1042 PVOID Callers[4];
1043 ULONG Number;
1044
1045 /* Get callers:
1046 * RtlWalkFrameChain -> RtlGetCallersAddress -> x -> y */
1047 Number = RtlWalkFrameChain(Callers, 4, 0);
1048
1049 *CallersAddress = (Number >= 3) ? Callers[2] : NULL;
1050 *CallersCaller = (Number == 4) ? Callers[3] : NULL;
1051
1052 return;
1053}
NULL
#define NULL
Definition: types.h:112
Number
_In_opt_ PENTER_STATE_SYSTEM_HANDLER _In_opt_ PVOID _In_ LONG _In_opt_ LONG volatile * Number
Definition: ntpoapi.h:207
RtlWalkFrameChain
ULONG NTAPI RtlWalkFrameChain(OUT PVOID *Callers, IN ULONG Count, IN ULONG Flags)
Definition: unwind.c:930

◆ RtlLookupFunctionEntry()

PRUNTIME_FUNCTION NTAPI RtlLookupFunctionEntry ( IN DWORD64  ControlPc,
OUT PDWORD64  ImageBase,
OUT PUNWIND_HISTORY_TABLE  HistoryTable 
)

Locates the RUNTIME_FUNCTION entry corresponding to a code address. http://msdn.microsoft.com/en-us/library/ms680597(VS.85).aspx.

RtlLookupFunctionEntry

Todo:
Implement HistoryTable

Definition at line 124 of file unwind.c.

128{
129 PRUNTIME_FUNCTION FunctionTable, FunctionEntry;
130 ULONG TableLength;
131 ULONG IndexLo, IndexHi, IndexMid;
132
133 /* Find the corresponding table */
134 FunctionTable = RtlLookupFunctionTable(ControlPc, ImageBase, &TableLength);
135
136 /* If no table is found, try dynamic function tables */
137 if (!FunctionTable)
138 {
139 return RtlpLookupDynamicFunctionEntry(ControlPc, ImageBase, HistoryTable);
140 }
141
142 /* Use relative virtual address */
143 ControlPc -= *ImageBase;
144
145 /* Do a binary search */
146 IndexLo = 0;
147 IndexHi = TableLength;
148 while (IndexHi > IndexLo)
149 {
150 IndexMid = (IndexLo + IndexHi) / 2;
151 FunctionEntry = &FunctionTable[IndexMid];
152
153 if (ControlPc < FunctionEntry->BeginAddress)
154 {
155 /* Continue search in lower half */
156 IndexHi = IndexMid;
157 }
158 else if (ControlPc >= FunctionEntry->EndAddress)
159 {
160 /* Continue search in upper half */
161 IndexLo = IndexMid + 1;
162 }
163 else
164 {
165 /* ControlPc is within limits, return entry */
166 return FunctionEntry;
167 }
168 }
169
170 /* Nothing found, return NULL */
171 return NULL;
172}
_RUNTIME_FUNCTION
Definition: rsym64.h:89
RtlpLookupDynamicFunctionEntry
PRUNTIME_FUNCTION NTAPI RtlpLookupDynamicFunctionEntry(_In_ DWORD64 ControlPc, _Out_ PDWORD64 ImageBase, _In_ PUNWIND_HISTORY_TABLE HistoryTable)
Definition: dynfntbl.c:271
RtlLookupFunctionTable
PRUNTIME_FUNCTION NTAPI RtlLookupFunctionTable(IN DWORD64 ControlPc, OUT PDWORD64 ImageBase, OUT PULONG Length)
Locates the table of RUNTIME_FUNCTION entries for a code address.
Definition: unwind.c:82
FunctionTable
static WLX_DISPATCH_VERSION_1_4 FunctionTable
Definition: wlx.c:722

Referenced by RtlpCaptureNonVolatileContextPointers(), RtlpUnwindInternal(), and RtlWalkFrameChain().

◆ RtlLookupFunctionTable()

PRUNTIME_FUNCTION NTAPI RtlLookupFunctionTable ( IN DWORD64  ControlPc,
OUT PDWORD64  ImageBase,
OUT PULONG  Length 
)

Locates the table of RUNTIME_FUNCTION entries for a code address.

RtlLookupFunctionTable

Parameters
ControlPcAddress of the code, for which the table should be searched.
ImageBasePointer to a DWORD64 that receives the base address of the corresponding executable image.
LengthPointer to an ULONG that receives the number of table entries present in the table.

Definition at line 82 of file unwind.c.

86{
87 PVOID Table;
88 ULONG Size;
89
90 /* Find corresponding file header from code address */
91 if (!RtlPcToFileHeader((PVOID)ControlPc, (PVOID*)ImageBase))
92 {
93 /* Nothing found */
94 return NULL;
95 }
96
97 /* Locate the exception directory */
98 Table = RtlImageDirectoryEntryToData((PVOID)*ImageBase,
99 TRUE,
100 IMAGE_DIRECTORY_ENTRY_EXCEPTION,
101 &Size);
102
103 /* Return the number of entries */
104 *Length = Size / sizeof(RUNTIME_FUNCTION);
105
106 /* Return the address of the table */
107 return Table;
108}
TRUE
#define TRUE
Definition: types.h:120
RtlPcToFileHeader
PVOID NTAPI RtlPcToFileHeader(IN PVOID PcValue, PVOID *BaseOfImage)
Definition: libsupp.c:656
RtlImageDirectoryEntryToData
#define RtlImageDirectoryEntryToData
Definition: compat.h:809
Table
ASMGENDATA Table[]
Definition: genincdata.c:61
Length
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:102
IMAGE_DIRECTORY_ENTRY_EXCEPTION
#define IMAGE_DIRECTORY_ENTRY_EXCEPTION
Definition: pedump.c:262
RUNTIME_FUNCTION
struct _RUNTIME_FUNCTION RUNTIME_FUNCTION
Size
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
Definition: wdfdevice.h:4533

Referenced by RtlLookupFunctionEntry().

◆ RtlpCaptureNonVolatileContextPointers()

static VOID RtlpCaptureNonVolatileContextPointers ( _Out_ PKNONVOLATILE_CONTEXT_POINTERS  NonvolatileContextPointers,
_In_ ULONG64  TargetFrame 
)
static

Definition at line 1057 of file unwind.c.

1060{
1061 CONTEXT Context;
1062 PRUNTIME_FUNCTION FunctionEntry;
1063 ULONG64 ImageBase;
1064 PVOID HandlerData;
1065 ULONG64 EstablisherFrame;
1066
1067 /* Zero out the nonvolatile context pointers */
1068 RtlZeroMemory(NonvolatileContextPointers, sizeof(*NonvolatileContextPointers));
1069
1070 /* Capture the current context */
1071 RtlCaptureContext(&Context);
1072
1073 do
1074 {
1075 /* Make sure nothing fishy is going on. Currently this is for kernel mode only. */
1076 ASSERT((LONG64)Context.Rip < 0);
1077 ASSERT((LONG64)Context.Rsp < 0);
1078
1079 /* Look up the function entry */
1080 FunctionEntry = RtlLookupFunctionEntry(Context.Rip, &ImageBase, NULL);
1081 if (FunctionEntry != NULL)
1082 {
1083 /* Do a virtual unwind to the caller and capture saved non-volatiles */
1084 RtlVirtualUnwind(UNW_FLAG_EHANDLER,
1085 ImageBase,
1086 Context.Rip,
1087 FunctionEntry,
1088 &Context,
1089 &HandlerData,
1090 &EstablisherFrame,
1091 NonvolatileContextPointers);
1092
1093 ASSERT(EstablisherFrame != 0);
1094 }
1095 else
1096 {
1097 Context.Rip = *(PULONG64)Context.Rsp;
1098 Context.Rsp += 8;
1099 }
1100
1101 /* Continue until we reach user mode */
1102 } while ((LONG64)Context.Rip < 0);
1103
1104 /* If the caller did the right thing, we should get past the target frame */
1105 ASSERT(EstablisherFrame >= TargetFrame);
1106}
ASSERT
#define ASSERT(a)
Definition: mode.c:44
PULONG64
unsigned __int64 * PULONG64
Definition: imports.h:198
ULONG64
unsigned __int64 ULONG64
Definition: imports.h:198
RtlCaptureContext
NTSYSAPI VOID NTAPI RtlCaptureContext(_Out_ PCONTEXT ContextRecord)
EstablisherFrame
_IRQL_requires_same_ _In_ PVOID EstablisherFrame
Definition: ntbasedef.h:653
UNW_FLAG_EHANDLER
@ UNW_FLAG_EHANDLER
Definition: rsym64.h:109
_CONTEXT
Definition: nt_native.h:1406
LONG64
int64_t LONG64
Definition: typedefs.h:68
RtlZeroMemory
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
RtlVirtualUnwind
PEXCEPTION_ROUTINE NTAPI RtlVirtualUnwind(_In_ ULONG HandlerType, _In_ ULONG64 ImageBase, _In_ ULONG64 ControlPc, _In_ PRUNTIME_FUNCTION FunctionEntry, _Inout_ PCONTEXT Context, _Outptr_ PVOID *HandlerData, _Out_ PULONG64 EstablisherFrame, _Inout_opt_ PKNONVOLATILE_CONTEXT_POINTERS ContextPointers)
Definition: unwind.c:478
RtlLookupFunctionEntry
PRUNTIME_FUNCTION NTAPI RtlLookupFunctionEntry(IN DWORD64 ControlPc, OUT PDWORD64 ImageBase, OUT PUNWIND_HISTORY_TABLE HistoryTable)
Locates the RUNTIME_FUNCTION entry corresponding to a code address. http://msdn.microsoft....
Definition: unwind.c:124

Referenced by RtlSetUnwindContext().

◆ RtlpLookupDynamicFunctionEntry()

PRUNTIME_FUNCTION NTAPI RtlpLookupDynamicFunctionEntry ( _In_ DWORD64  ControlPc,
_Out_ PDWORD64  ImageBase,
_In_ PUNWIND_HISTORY_TABLE  HistoryTable 
)

Definition at line 271 of file dynfntbl.c.

275{
276 PLIST_ENTRY listLink;
277 PDYNAMIC_FUNCTION_TABLE dynamicTable;
278 PRUNTIME_FUNCTION functionTable, foundEntry = NULL;
279 PGET_RUNTIME_FUNCTION_CALLBACK callback;
280 ULONG i;
281
282 AcquireDynamicFunctionTableLockShared();
283
284 /* Loop all tables to find the one matching ControlPc */
285 for (listLink = RtlpDynamicFunctionTableList.Flink;
286 listLink != &RtlpDynamicFunctionTableList;
287 listLink = listLink->Flink)
288 {
289 dynamicTable = CONTAINING_RECORD(listLink, DYNAMIC_FUNCTION_TABLE, ListEntry);
290
291 if ((ControlPc >= dynamicTable->MinimumAddress) &&
292 (ControlPc < dynamicTable->MaximumAddress))
293 {
294 /* Check if there is a callback */
295 callback = dynamicTable->Callback;
296 if (callback != NULL)
297 {
298 PVOID context = dynamicTable->Context;
299
300 *ImageBase = dynamicTable->BaseAddress;
301 ReleaseDynamicFunctionTableLockShared();
302 return callback(ControlPc, context);
303 }
304
305 /* Loop all entries in the function table */
306 functionTable = dynamicTable->FunctionTable;
307 for (i = 0; i < dynamicTable->EntryCount; i++)
308 {
309 /* Check if this entry contains the address */
310 if ((ControlPc >= functionTable[i].BeginAddress) &&
311 (ControlPc < functionTable[i].EndAddress))
312 {
313 foundEntry = &functionTable[i];
314 *ImageBase = dynamicTable->BaseAddress;
315 goto Exit;
316 }
317 }
318 }
319 }
320
321Exit:
322
323 ReleaseDynamicFunctionTableLockShared();
324
325 return foundEntry;
326}
AcquireDynamicFunctionTableLockShared
static __inline VOID AcquireDynamicFunctionTableLockShared()
Definition: dynfntbl.c:82
ReleaseDynamicFunctionTableLockShared
static __inline VOID ReleaseDynamicFunctionTableLockShared()
Definition: dynfntbl.c:89
RtlpDynamicFunctionTableList
LIST_ENTRY RtlpDynamicFunctionTableList
Definition: dynfntbl.c:64
callback
static IPrintDialogCallback callback
Definition: printdlg.c:326
Exit
static void Exit(void)
Definition: sock.c:1330
_DYNAMIC_FUNCTION_TABLE
Definition: dynfntbl.c:42
_DYNAMIC_FUNCTION_TABLE::Callback
PGET_RUNTIME_FUNCTION_CALLBACK Callback
Definition: dynfntbl.c:49
_DYNAMIC_FUNCTION_TABLE::FunctionTable
PRUNTIME_FUNCTION FunctionTable
Definition: dynfntbl.c:44
_DYNAMIC_FUNCTION_TABLE::Context
PVOID Context
Definition: dynfntbl.c:50
_DYNAMIC_FUNCTION_TABLE::MinimumAddress
ULONG64 MinimumAddress
Definition: dynfntbl.c:46
_DYNAMIC_FUNCTION_TABLE::BaseAddress
ULONG64 BaseAddress
Definition: dynfntbl.c:48
_DYNAMIC_FUNCTION_TABLE::EntryCount
ULONG EntryCount
Definition: dynfntbl.c:53
_LIST_ENTRY
Definition: typedefs.h:120
_LIST_ENTRY::Flink
struct _LIST_ENTRY * Flink
Definition: typedefs.h:121
context
Definition: http.c:7252
CONTAINING_RECORD
#define CONTAINING_RECORD(address, type, field)
Definition: typedefs.h:260

Referenced by RtlLookupFunctionEntry().

◆ RtlpRestoreContextInternal()

VOID RtlpRestoreContextInternal ( _In_ PCONTEXT  ContextRecord)

Referenced by RtlRestoreContext().

◆ RtlpTryToUnwindEpilog()

static __inline BOOLEAN RtlpTryToUnwindEpilog ( _Inout_ PCONTEXT  Context,
_In_ ULONG64  ControlPc,
_Inout_opt_ PKNONVOLATILE_CONTEXT_POINTERS  ContextPointers,
_In_ ULONG64  ImageBase,
_In_ PRUNTIME_FUNCTION  FunctionEntry 
)
static

Helper function that tries to unwind epilog instructions.

RtlpTryToUnwindEpilog

Returns
TRUE if we have been in an epilog and it could be unwound. FALSE if the instructions were not allowed for an epilog. https://docs.microsoft.com/en-us/cpp/build/unwind-procedure https://docs.microsoft.com/en-us/cpp/build/prolog-and-epilog
Todo:
  • Test and compare with Windows behaviour

Definition at line 304 of file unwind.c.

310{
311 CONTEXT LocalContext;
312 BYTE *InstrPtr;
313 DWORD Instr;
314 BYTE Reg, Mod;
315 ULONG64 EndAddress;
316
317 /* Make a local copy of the context */
318 LocalContext = *Context;
319
320 InstrPtr = (BYTE*)ControlPc;
321
322 /* Check if first instruction of epilog is "add rsp, x" */
323 Instr = *(DWORD*)InstrPtr;
324 if ( (Instr & 0x00fffdff) == 0x00c48148 )
325 {
326 if ( (Instr & 0x0000ff00) == 0x8300 )
327 {
328 /* This is "add rsp, 0x??" */
329 LocalContext.Rsp += Instr >> 24;
330 InstrPtr += 4;
331 }
332 else
333 {
334 /* This is "add rsp, 0x???????? */
335 LocalContext.Rsp += *(DWORD*)(InstrPtr + 3);
336 InstrPtr += 7;
337 }
338 }
339 /* Check if first instruction of epilog is "lea rsp, ..." */
340 else if ( (Instr & 0x38fffe) == 0x208d48 )
341 {
342 /* Get the register */
343 Reg = (Instr >> 16) & 0x7;
344
345 /* REX.R */
346 Reg += (Instr & 1) * 8;
347
348 LocalContext.Rsp = GetReg(&LocalContext, Reg);
349
350 /* Get addressing mode */
351 Mod = (Instr >> 22) & 0x3;
352 if (Mod == 0)
353 {
354 /* No displacement */
355 InstrPtr += 3;
356 }
357 else if (Mod == 1)
358 {
359 /* 1 byte displacement */
360 LocalContext.Rsp += (LONG)(CHAR)(Instr >> 24);
361 InstrPtr += 4;
362 }
363 else if (Mod == 2)
364 {
365 /* 4 bytes displacement */
366 LocalContext.Rsp += *(LONG*)(InstrPtr + 3);
367 InstrPtr += 7;
368 }
369 }
370
371 /* Loop the following instructions before the ret */
372 EndAddress = FunctionEntry->EndAddress + ImageBase - 1;
373 while ((DWORD64)InstrPtr < EndAddress)
374 {
375 Instr = *(DWORD*)InstrPtr;
376
377 /* Check for a simple pop */
378 if ( (Instr & 0xf8) == 0x58 )
379 {
380 /* Opcode pops a basic register from stack */
381 Reg = Instr & 0x7;
382 PopReg(&LocalContext, ContextPointers, Reg);
383 InstrPtr++;
384 continue;
385 }
386
387 /* Check for REX + pop */
388 if ( (Instr & 0xf8fb) == 0x5841 )
389 {
390 /* Opcode is pop r8 .. r15 */
391 Reg = ((Instr >> 8) & 0x7) + 8;
392 PopReg(&LocalContext, ContextPointers, Reg);
393 InstrPtr += 2;
394 continue;
395 }
396
397 /* Opcode not allowed for Epilog */
398 return FALSE;
399 }
400
401 // check for popfq
402
403 // also allow end with jmp imm, jmp [target], iretq
404
405 /* Check if we are at the ret instruction */
406 if ((DWORD64)InstrPtr != EndAddress)
407 {
408 /* If we went past the end of the function, something is broken! */
409 ASSERT((DWORD64)InstrPtr <= EndAddress);
410 return FALSE;
411 }
412
413 /* Make sure this is really a ret instruction */
414 if (*InstrPtr != 0xc3)
415 {
416 return FALSE;
417 }
418
419 /* Unwind is finished, pop new Rip from Stack */
420 LocalContext.Rip = *(DWORD64*)LocalContext.Rsp;
421 LocalContext.Rsp += sizeof(DWORD64);
422
423 *Context = LocalContext;
424 return TRUE;
425}
FALSE
#define FALSE
Definition: types.h:117
DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95
LONG
long LONG
Definition: pedump.c:60
PopReg
static __inline void PopReg(_Inout_ PCONTEXT Context, _Inout_opt_ PKNONVOLATILE_CONTEXT_POINTERS ContextPointers, _In_ BYTE Reg)
Definition: unwind.c:247
CHAR
char CHAR
Definition: xmlstorage.h:175
BYTE
unsigned char BYTE
Definition: xxhash.c:193

Referenced by RtlVirtualUnwind().

◆ RtlpUnwindInternal()

BOOLEAN NTAPI RtlpUnwindInternal ( _In_opt_ PVOID  TargetFrame,
_In_opt_ PVOID  TargetIp,
_In_ PEXCEPTION_RECORD  ExceptionRecord,
_In_ PVOID  ReturnValue,
_In_ PCONTEXT  ContextRecord,
_In_opt_ struct _UNWIND_HISTORY_TABLE *  HistoryTable,
_In_ ULONG  HandlerType 
)
Remarks
The implementation is based on the description in this blog: http://www.nynaeve.net/?p=106 
Differences to the desciption:
- Instead of using 2 pointers to the unwind context and previous context,
  that are being swapped and the context copied, the unwind context is
  kept in the local context and copied back into the context passed in
  by the caller.
See also
http://www.nynaeve.net/?p=106

TODO: Handle DPC stack

TODO: call RtlpExecuteHandlerForUnwind instead

TODO

TODO

TODO: Check for DPC stack

Definition at line 665 of file unwind.c.

673{
674 DISPATCHER_CONTEXT DispatcherContext;
675 PEXCEPTION_ROUTINE ExceptionRoutine;
676 EXCEPTION_DISPOSITION Disposition;
677 PRUNTIME_FUNCTION FunctionEntry;
678 ULONG_PTR StackLow, StackHigh;
679 ULONG64 ImageBase, EstablisherFrame;
680 CONTEXT UnwindContext;
681
682 /* Get the current stack limits and registration frame */
683 RtlpGetStackLimits(&StackLow, &StackHigh);
684
685 /* If we have a target frame, then this is our high limit */
686 if (TargetFrame != NULL)
687 {
688 StackHigh = (ULONG64)TargetFrame + 1;
689 }
690
691 /* Copy the context */
692 UnwindContext = *ContextRecord;
693
694 /* Set up the constant fields of the dispatcher context */
695 DispatcherContext.ContextRecord = &UnwindContext;
696 DispatcherContext.HistoryTable = HistoryTable;
697 DispatcherContext.TargetIp = (ULONG64)TargetIp;
698
699 /* Start looping */
700 while (TRUE)
701 {
702 /* Lookup the FunctionEntry for the current RIP */
703 FunctionEntry = RtlLookupFunctionEntry(UnwindContext.Rip, &ImageBase, NULL);
704 if (FunctionEntry == NULL)
705 {
706 /* No function entry, so this must be a leaf function. Pop the return address from the stack.
707 Note: this can happen after the first frame as the result of an exception */
708 UnwindContext.Rip = *(DWORD64*)UnwindContext.Rsp;
709 UnwindContext.Rsp += sizeof(DWORD64);
710
711 /* Copy the context back for the next iteration */
712 *ContextRecord = UnwindContext;
713 continue;
714 }
715
716 /* Save Rip before the virtual unwind */
717 DispatcherContext.ControlPc = UnwindContext.Rip;
718
719 /* Do a virtual unwind to get the next frame */
720 ExceptionRoutine = RtlVirtualUnwind(HandlerType,
721 ImageBase,
722 UnwindContext.Rip,
723 FunctionEntry,
724 &UnwindContext,
725 &DispatcherContext.HandlerData,
726 &EstablisherFrame,
727 NULL);
728
729 /* Check, if we are still within the stack boundaries */
730 if ((EstablisherFrame < StackLow) ||
731 (EstablisherFrame >= StackHigh) ||
732 (EstablisherFrame & 7))
733 {
735
736 /* If we are handling an exception, we are done here. */
737 if (HandlerType == UNW_FLAG_EHANDLER)
738 {
739 ExceptionRecord->ExceptionFlags |= EXCEPTION_STACK_INVALID;
740 return FALSE;
741 }
742
743 __debugbreak();
744 RtlRaiseStatus(STATUS_BAD_STACK);
745 }
746
747 /* Check if we have an exception routine */
748 if (ExceptionRoutine != NULL)
749 {
750 /* Check if this is the target frame */
751 if (EstablisherFrame == (ULONG64)TargetFrame)
752 {
753 /* Set flag to inform the language handler */
754 ExceptionRecord->ExceptionFlags |= EXCEPTION_TARGET_UNWIND;
755 }
756
757 /* Log the exception if it's enabled */
758 RtlpCheckLogException(ExceptionRecord,
759 ContextRecord,
760 &DispatcherContext,
761 sizeof(DispatcherContext));
762
763 /* Set up the variable fields of the dispatcher context */
764 DispatcherContext.ImageBase = ImageBase;
765 DispatcherContext.FunctionEntry = FunctionEntry;
766 DispatcherContext.LanguageHandler = ExceptionRoutine;
767 DispatcherContext.EstablisherFrame = EstablisherFrame;
768 DispatcherContext.ScopeIndex = 0;
769
770 /* Store the return value in the unwind context */
771 UnwindContext.Rax = (ULONG64)ReturnValue;
772
773 /* Loop all nested handlers */
774 do
775 {
777 /* Call the language specific handler */
778 Disposition = ExceptionRoutine(ExceptionRecord,
779 (PVOID)EstablisherFrame,
780 ContextRecord,
781 &DispatcherContext);
782
783 /* Clear exception flags for the next iteration */
784 ExceptionRecord->ExceptionFlags &= ~(EXCEPTION_TARGET_UNWIND |
785 EXCEPTION_COLLIDED_UNWIND);
786
787 /* Check if we do exception handling */
788 if (HandlerType == UNW_FLAG_EHANDLER)
789 {
790 if (Disposition == ExceptionContinueExecution)
791 {
792 /* Check if it was non-continuable */
793 if (ExceptionRecord->ExceptionFlags & EXCEPTION_NONCONTINUABLE)
794 {
795 __debugbreak();
796 RtlRaiseStatus(EXCEPTION_NONCONTINUABLE_EXCEPTION);
797 }
798
799 /* Execution continues */
800 return TRUE;
801 }
802 else if (Disposition == ExceptionNestedException)
803 {
805 __debugbreak();
806 }
807 }
808
809 if (Disposition == ExceptionCollidedUnwind)
810 {
812 __debugbreak();
813 }
814
815 /* This must be ExceptionContinueSearch now */
816 if (Disposition != ExceptionContinueSearch)
817 {
818 __debugbreak();
819 RtlRaiseStatus(STATUS_INVALID_DISPOSITION);
820 }
821 } while (ExceptionRecord->ExceptionFlags & EXCEPTION_COLLIDED_UNWIND);
822 }
823
824 /* Check, if we have left our stack (8.) */
825 if ((EstablisherFrame < StackLow) ||
826 (EstablisherFrame > StackHigh) ||
827 (EstablisherFrame & 7))
828 {
830 __debugbreak();
831
832 if (UnwindContext.Rip == ContextRecord->Rip)
833 {
834 RtlRaiseStatus(STATUS_BAD_FUNCTION_TABLE);
835 }
836 else
837 {
838 ZwRaiseException(ExceptionRecord, ContextRecord, FALSE);
839 }
840 }
841
842 if (EstablisherFrame == (ULONG64)TargetFrame)
843 {
844 break;
845 }
846
847 /* We have successfully unwound a frame. Copy the unwind context back. */
848 *ContextRecord = UnwindContext;
849 }
850
851 if (ExceptionRecord->ExceptionCode != STATUS_UNWIND_CONSOLIDATE)
852 {
853 ContextRecord->Rip = (ULONG64)TargetIp;
854 }
855
856 /* Set the return value */
857 ContextRecord->Rax = (ULONG64)ReturnValue;
858
859 /* Restore the context */
860 RtlRestoreContext(ContextRecord, ExceptionRecord);
861
862 /* Should never get here! */
863 ASSERT(FALSE);
864 return FALSE;
865}
ReturnValue
UINT32 void void ** ReturnValue
Definition: acevents.h:216
HandlerType
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn UINT32 *TableIdx UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE ACPI_HANDLE ACPI_HANDLE *OutHandle ACPI_HANDLE *OutHandle void *Context void *Context ACPI_EVENT_HANDLER Handler UINT32 UINT32 ACPI_GPE_HANDLER void *Context UINT32 HandlerType
Definition: acpixf.h:817
RtlpCheckLogException
VOID NTAPI RtlpCheckLogException(IN PEXCEPTION_RECORD ExceptionRecord, IN PCONTEXT ContextRecord, IN PVOID ContextData, IN ULONG Size)
Definition: libsupp.c:201
RtlpGetStackLimits
VOID NTAPI RtlpGetStackLimits(OUT PULONG_PTR LowLimit, OUT PULONG_PTR HighLimit)
Definition: libsupp.c:335
ExceptionContinueSearch
@ ExceptionContinueSearch
Definition: compat.h:91
ExceptionCollidedUnwind
@ ExceptionCollidedUnwind
Definition: compat.h:93
ExceptionNestedException
@ ExceptionNestedException
Definition: compat.h:92
ExceptionContinueExecution
@ ExceptionContinueExecution
Definition: compat.h:90
PEXCEPTION_ROUTINE
EXCEPTION_ROUTINE * PEXCEPTION_ROUTINE
Definition: compat.h:709
EXCEPTION_DISPOSITION
enum _EXCEPTION_DISPOSITION EXCEPTION_DISPOSITION
__debugbreak
void __cdecl __debugbreak(void)
Definition: intrin_ppc.h:698
Disposition
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Reserved_ ULONG _In_opt_ PUNICODE_STRING _In_ ULONG _Out_opt_ PULONG Disposition
Definition: cmfuncs.h:56
ZwRaiseException
NTSYSAPI NTSTATUS NTAPI ZwRaiseException(_In_ PEXCEPTION_RECORD ExceptionRecord, _In_ PCONTEXT Context, _In_ BOOLEAN SearchFrames)
RtlRaiseStatus
DECLSPEC_NORETURN NTSYSAPI VOID NTAPI RtlRaiseStatus(_In_ NTSTATUS Status)
ContextRecord
_IRQL_requires_same_ _In_ PVOID _Inout_ struct _CONTEXT * ContextRecord
Definition: ntbasedef.h:654
DispatcherContext
_IRQL_requires_same_ _In_ PVOID _Inout_ struct _CONTEXT _In_ PVOID DispatcherContext
Definition: ntbasedef.h:655
STATUS_INVALID_DISPOSITION
#define STATUS_INVALID_DISPOSITION
Definition: ntstatus.h:275
STATUS_UNWIND_CONSOLIDATE
#define STATUS_UNWIND_CONSOLIDATE
Definition: ntstatus.h:220
STATUS_BAD_FUNCTION_TABLE
#define STATUS_BAD_FUNCTION_TABLE
Definition: ntstatus.h:491
STATUS_BAD_STACK
#define STATUS_BAD_STACK
Definition: ntstatus.h:277
_DISPATCHER_CONTEXT
Definition: ketypes.h:1100
EXCEPTION_NONCONTINUABLE
#define EXCEPTION_NONCONTINUABLE
Definition: stubs.h:23
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65
RtlRestoreContext
VOID RtlRestoreContext(_In_ PCONTEXT ContextRecord, _In_ PEXCEPTION_RECORD ExceptionRecord)
Definition: unwind.c:1140
EXCEPTION_NONCONTINUABLE_EXCEPTION
#define EXCEPTION_NONCONTINUABLE_EXCEPTION
Definition: winbase.h:328
EXCEPTION_STACK_INVALID
#define EXCEPTION_STACK_INVALID
Definition: rtltypes.h:157
EXCEPTION_TARGET_UNWIND
#define EXCEPTION_TARGET_UNWIND
Definition: rtltypes.h:159
EXCEPTION_COLLIDED_UNWIND
#define EXCEPTION_COLLIDED_UNWIND
Definition: rtltypes.h:160

Referenced by RtlDispatchException(), and RtlUnwindEx().

◆ RtlRestoreContext()

VOID RtlRestoreContext ( _In_ PCONTEXT  ContextRecord,
_In_ PEXCEPTION_RECORD  ExceptionRecord 
)

Definition at line 1140 of file unwind.c.

1143{
1144 if (ExceptionRecord != NULL)
1145 {
1146 if ((ExceptionRecord->ExceptionCode == STATUS_UNWIND_CONSOLIDATE) &&
1147 (ExceptionRecord->NumberParameters >= 1))
1148 {
1149 PVOID (*Consolidate)(EXCEPTION_RECORD*) = (PVOID)ExceptionRecord->ExceptionInformation[0];
1150 // FIXME: This should be called through an asm wrapper to allow handling recursive unwinding
1151 ContextRecord->Rip = (ULONG64)Consolidate(ExceptionRecord);
1152 }
1153 }
1154
1155 RtlpRestoreContextInternal(ContextRecord);
1156}
_EXCEPTION_RECORD
Definition: compat.h:207
PVOID
void * PVOID
Definition: typedefs.h:50
RtlpRestoreContextInternal
VOID RtlpRestoreContextInternal(_In_ PCONTEXT ContextRecord)

Referenced by RtlpUnwindInternal().

◆ RtlSetUnwindContext()

VOID RtlSetUnwindContext ( _In_ PCONTEXT  Context,
_In_ DWORD64  TargetFrame 
)

Definition at line 1109 of file unwind.c.

1112{
1113 KNONVOLATILE_CONTEXT_POINTERS ContextPointers;
1114
1115 /* Capture pointers to the non-volatiles up to the target frame */
1116 RtlpCaptureNonVolatileContextPointers(&ContextPointers, TargetFrame);
1117
1118 /* Copy the nonvolatiles to the captured locations */
1119 *ContextPointers.R12 = Context->R12;
1120 *ContextPointers.R13 = Context->R13;
1121 *ContextPointers.R14 = Context->R14;
1122 *ContextPointers.R15 = Context->R15;
1123 *ContextPointers.Xmm6 = Context->Xmm6;
1124 *ContextPointers.Xmm7 = Context->Xmm7;
1125 *ContextPointers.Xmm8 = Context->Xmm8;
1126 *ContextPointers.Xmm9 = Context->Xmm9;
1127 *ContextPointers.Xmm10 = Context->Xmm10;
1128 *ContextPointers.Xmm11 = Context->Xmm11;
1129 *ContextPointers.Xmm12 = Context->Xmm12;
1130 *ContextPointers.Xmm13 = Context->Xmm13;
1131 *ContextPointers.Xmm14 = Context->Xmm14;
1132 *ContextPointers.Xmm15 = Context->Xmm15;
1133}
RtlpCaptureNonVolatileContextPointers
static VOID RtlpCaptureNonVolatileContextPointers(_Out_ PKNONVOLATILE_CONTEXT_POINTERS NonvolatileContextPointers, _In_ ULONG64 TargetFrame)
Definition: unwind.c:1057

Referenced by KiSetTrapContextInternal().

◆ RtlUnwind()

VOID NTAPI RtlUnwind ( _In_opt_ PVOID TargetFrame TargetFrame  ,
_In_opt_ PVOID  TargetIp,
_In_opt_ PEXCEPTION_RECORD  ExceptionRecord,
_In_ PVOID  ReturnValue 
)

Definition at line 912 of file unwind.c.

917{
918 CONTEXT Context;
919
920 RtlUnwindEx(TargetFrame,
921 TargetIp,
922 ExceptionRecord,
923 ReturnValue,
924 &Context,
925 NULL);
926}
RtlUnwindEx
VOID NTAPI RtlUnwindEx(_In_opt_ PVOID TargetFrame, _In_opt_ PVOID TargetIp, _In_opt_ PEXCEPTION_RECORD ExceptionRecord, _In_ PVOID ReturnValue, _In_ PCONTEXT ContextRecord, _In_opt_ struct _UNWIND_HISTORY_TABLE *HistoryTable)
Definition: unwind.c:869

Referenced by _local_unwind(), and _SEH2GlobalUnwind().

◆ RtlUnwindEx()

VOID NTAPI RtlUnwindEx ( _In_opt_ PVOID  TargetFrame,
_In_opt_ PVOID  TargetIp,
_In_opt_ PEXCEPTION_RECORD  ExceptionRecord,
_In_ PVOID  ReturnValue,
_In_ PCONTEXT  ContextRecord,
_In_opt_ struct _UNWIND_HISTORY_TABLE *  HistoryTable 
)

Definition at line 869 of file unwind.c.

876{
877 EXCEPTION_RECORD LocalExceptionRecord;
878
879 /* Capture the current context */
880 RtlCaptureContext(ContextRecord);
881
882 /* Check if we have an exception record */
883 if (ExceptionRecord == NULL)
884 {
885 /* No exception record was passed, so set up a local one */
886 LocalExceptionRecord.ExceptionCode = STATUS_UNWIND;
887 LocalExceptionRecord.ExceptionAddress = (PVOID)ContextRecord->Rip;
888 LocalExceptionRecord.ExceptionRecord = NULL;
889 LocalExceptionRecord.NumberParameters = 0;
890 ExceptionRecord = &LocalExceptionRecord;
891 }
892
893 /* Set unwind flags */
894 ExceptionRecord->ExceptionFlags = EXCEPTION_UNWINDING;
895 if (TargetFrame == NULL)
896 {
897 ExceptionRecord->ExceptionFlags |= EXCEPTION_EXIT_UNWIND;
898 }
899
900 /* Call the internal function */
901 RtlpUnwindInternal(TargetFrame,
902 TargetIp,
903 ExceptionRecord,
904 ReturnValue,
905 ContextRecord,
906 HistoryTable,
907 UNW_FLAG_UHANDLER);
908}
STATUS_UNWIND
#define STATUS_UNWIND
Definition: ntstatus.h:276
UNW_FLAG_UHANDLER
@ UNW_FLAG_UHANDLER
Definition: rsym64.h:110
_EXCEPTION_RECORD::ExceptionRecord
struct _EXCEPTION_RECORD * ExceptionRecord
Definition: compat.h:210
_EXCEPTION_RECORD::ExceptionCode
DWORD ExceptionCode
Definition: compat.h:208
_EXCEPTION_RECORD::NumberParameters
DWORD NumberParameters
Definition: compat.h:212
_EXCEPTION_RECORD::ExceptionAddress
PVOID ExceptionAddress
Definition: compat.h:211
RtlpUnwindInternal
BOOLEAN NTAPI RtlpUnwindInternal(_In_opt_ PVOID TargetFrame, _In_opt_ PVOID TargetIp, _In_ PEXCEPTION_RECORD ExceptionRecord, _In_ PVOID ReturnValue, _In_ PCONTEXT ContextRecord, _In_opt_ struct _UNWIND_HISTORY_TABLE *HistoryTable, _In_ ULONG HandlerType)
Definition: unwind.c:665
EXCEPTION_EXIT_UNWIND
#define EXCEPTION_EXIT_UNWIND
Definition: rtltypes.h:156
EXCEPTION_UNWINDING
#define EXCEPTION_UNWINDING
Definition: rtltypes.h:155

Referenced by __C_specific_handler(), and RtlUnwind().

◆ RtlVirtualUnwind()

PEXCEPTION_ROUTINE NTAPI RtlVirtualUnwind ( _In_ ULONG  HandlerType,
_In_ ULONG64  ImageBase,
_In_ ULONG64  ControlPc,
_In_ PRUNTIME_FUNCTION  FunctionEntry,
_Inout_ PCONTEXT  Context,
_Outptr_ PVOID HandlerData,
_Out_ PULONG64  EstablisherFrame,
_Inout_opt_ PKNONVOLATILE_CONTEXT_POINTERS  ContextPointers 
)

Definition at line 478 of file unwind.c.

487{
488 PUNWIND_INFO UnwindInfo;
489 ULONG_PTR ControlRva, CodeOffset;
490 ULONG i, Offset;
491 UNWIND_CODE UnwindCode;
492 BYTE Reg;
493 PULONG LanguageHandler;
494
495 /* Get relative virtual address */
496 ControlRva = ControlPc - ImageBase;
497
498 /* Sanity checks */
499 if ( (ControlRva < FunctionEntry->BeginAddress) ||
500 (ControlRva >= FunctionEntry->EndAddress) )
501 {
502 return NULL;
503 }
504
505 /* Get a pointer to the unwind info */
506 UnwindInfo = RVA(ImageBase, FunctionEntry->UnwindData);
507
508 /* The language specific handler data follows the unwind info */
509 LanguageHandler = ALIGN_UP_POINTER_BY(&UnwindInfo->UnwindCode[UnwindInfo->CountOfCodes], sizeof(ULONG));
510
511 /* Calculate relative offset to function start */
512 CodeOffset = ControlRva - FunctionEntry->BeginAddress;
513
514 *EstablisherFrame = GetEstablisherFrame(Context, UnwindInfo, CodeOffset);
515
516 /* Check if we are in the function epilog and try to finish it */
517 if ((CodeOffset > UnwindInfo->SizeOfProlog) && (UnwindInfo->CountOfCodes > 0))
518 {
519 if (RtlpTryToUnwindEpilog(Context, ControlPc, ContextPointers, ImageBase, FunctionEntry))
520 {
521 /* There's no exception routine */
522 return NULL;
523 }
524 }
525
526 /* Skip all Ops with an offset greater than the current Offset */
527 i = 0;
528 while ((i < UnwindInfo->CountOfCodes) &&
529 (UnwindInfo->UnwindCode[i].CodeOffset > CodeOffset))
530 {
531 i += UnwindOpSlots(UnwindInfo->UnwindCode[i]);
532 }
533
534RepeatChainedInfo:
535
536 /* Process the remaining unwind ops */
537 while (i < UnwindInfo->CountOfCodes)
538 {
539 UnwindCode = UnwindInfo->UnwindCode[i];
540 switch (UnwindCode.UnwindOp)
541 {
542 case UWOP_PUSH_NONVOL:
543 Reg = UnwindCode.OpInfo;
544 PopReg(Context, ContextPointers, Reg);
545 i++;
546 break;
547
548 case UWOP_ALLOC_LARGE:
549 if (UnwindCode.OpInfo)
550 {
551 Offset = *(ULONG*)(&UnwindInfo->UnwindCode[i+1]);
552 Context->Rsp += Offset;
553 i += 3;
554 }
555 else
556 {
557 Offset = UnwindInfo->UnwindCode[i+1].FrameOffset;
558 Context->Rsp += Offset * 8;
559 i += 2;
560 }
561 break;
562
563 case UWOP_ALLOC_SMALL:
564 Context->Rsp += (UnwindCode.OpInfo + 1) * 8;
565 i++;
566 break;
567
568 case UWOP_SET_FPREG:
569 Reg = UnwindInfo->FrameRegister;
570 Context->Rsp = GetReg(Context, Reg) - UnwindInfo->FrameOffset * 16;
571 i++;
572 break;
573
574 case UWOP_SAVE_NONVOL:
575 Reg = UnwindCode.OpInfo;
576 Offset = UnwindInfo->UnwindCode[i + 1].FrameOffset;
577 SetRegFromStackValue(Context, ContextPointers, Reg, (DWORD64*)Context->Rsp + Offset);
578 i += 2;
579 break;
580
581 case UWOP_SAVE_NONVOL_FAR:
582 Reg = UnwindCode.OpInfo;
583 Offset = *(ULONG*)(&UnwindInfo->UnwindCode[i + 1]);
584 SetRegFromStackValue(Context, ContextPointers, Reg, (DWORD64*)Context->Rsp + Offset);
585 i += 3;
586 break;
587
588 case UWOP_EPILOG:
589 i += 1;
590 break;
591
592 case UWOP_SPARE_CODE:
593 ASSERT(FALSE);
594 i += 2;
595 break;
596
597 case UWOP_SAVE_XMM128:
598 Reg = UnwindCode.OpInfo;
599 Offset = UnwindInfo->UnwindCode[i + 1].FrameOffset;
600 SetXmmRegFromStackValue(Context, ContextPointers, Reg, (M128A*)Context->Rsp + Offset);
601 i += 2;
602 break;
603
604 case UWOP_SAVE_XMM128_FAR:
605 Reg = UnwindCode.OpInfo;
606 Offset = *(ULONG*)(&UnwindInfo->UnwindCode[i + 1]);
607 SetXmmRegFromStackValue(Context, ContextPointers, Reg, (M128A*)Context->Rsp + Offset);
608 i += 3;
609 break;
610
611 case UWOP_PUSH_MACHFRAME:
612 /* OpInfo is 1, when an error code was pushed, otherwise 0. */
613 Context->Rsp += UnwindCode.OpInfo * sizeof(DWORD64);
614
615 /* Now pop the MACHINE_FRAME (RIP/RSP only. And yes, "magic numbers", deal with it) */
616 Context->Rip = *(PDWORD64)(Context->Rsp + 0x00);
617 Context->Rsp = *(PDWORD64)(Context->Rsp + 0x18);
618 ASSERT((i + 1) == UnwindInfo->CountOfCodes);
619 goto Exit;
620 }
621 }
622
623 /* Check for chained info */
624 if (UnwindInfo->Flags & UNW_FLAG_CHAININFO)
625 {
626 /* See https://docs.microsoft.com/en-us/cpp/build/exception-handling-x64?view=msvc-160#chained-unwind-info-structures */
627 FunctionEntry = (PRUNTIME_FUNCTION)&(UnwindInfo->UnwindCode[(UnwindInfo->CountOfCodes + 1) & ~1]);
628 UnwindInfo = RVA(ImageBase, FunctionEntry->UnwindData);
629 i = 0;
630 goto RepeatChainedInfo;
631 }
632
633 /* Unwind is finished, pop new Rip from Stack */
634 if (Context->Rsp != 0)
635 {
636 Context->Rip = *(DWORD64*)Context->Rsp;
637 Context->Rsp += sizeof(DWORD64);
638 }
639
640Exit:
641
642 /* Check if we have a handler and return it */
643 if (UnwindInfo->Flags & (HandlerType & (UNW_FLAG_EHANDLER | UNW_FLAG_UHANDLER)))
644 {
645 *HandlerData = (LanguageHandler + 1);
646 return RVA(ImageBase, *LanguageHandler);
647 }
648
649 return NULL;
650}
RVA
#define RVA(m, b)
Definition: freeldr.h:28
Offset
_In_ ULONG _In_ ULONG Offset
Definition: ntddpcm.h:101
PRUNTIME_FUNCTION
struct _RUNTIME_FUNCTION * PRUNTIME_FUNCTION
_UNWIND_INFO
Definition: cpu_x86_64.c:61
_UNWIND_INFO::CountOfCodes
BYTE CountOfCodes
Definition: cpu_x86_64.c:65
_UNWIND_INFO::FrameRegister
BYTE FrameRegister
Definition: cpu_x86_64.c:66
_UNWIND_INFO::SizeOfProlog
BYTE SizeOfProlog
Definition: cpu_x86_64.c:64
_UNWIND_INFO::UnwindCode
UNWIND_CODE UnwindCode[1]
Definition: cpu_x86_64.c:68
_UNWIND_INFO::FrameOffset
BYTE FrameOffset
Definition: cpu_x86_64.c:67
_UNWIND_INFO::Flags
BYTE Flags
Definition: cpu_x86_64.c:63
PULONG
uint32_t * PULONG
Definition: typedefs.h:59
ALIGN_UP_POINTER_BY
#define ALIGN_UP_POINTER_BY(ptr, align)
Definition: umtypes.h:85
_UNWIND_CODE
Definition: cpu_x86_64.c:50
_UNWIND_CODE::UnwindOp
BYTE UnwindOp
Definition: cpu_x86_64.c:54
_UNWIND_CODE::CodeOffset
BYTE CodeOffset
Definition: cpu_x86_64.c:53
_UNWIND_CODE::FrameOffset
USHORT FrameOffset
Definition: cpu_x86_64.c:57
_UNWIND_CODE::OpInfo
BYTE OpInfo
Definition: cpu_x86_64.c:55
UWOP_EPILOG
#define UWOP_EPILOG
Definition: unwind.c:29
UWOP_SAVE_NONVOL
#define UWOP_SAVE_NONVOL
Definition: unwind.c:23
UWOP_SPARE_CODE
#define UWOP_SPARE_CODE
Definition: unwind.c:30
GetEstablisherFrame
static ULONG64 GetEstablisherFrame(_In_ PCONTEXT Context, _In_ PUNWIND_INFO UnwindInfo, _In_ ULONG_PTR CodeOffset)
Definition: unwind.c:433
UWOP_SAVE_NONVOL_FAR
#define UWOP_SAVE_NONVOL_FAR
Definition: unwind.c:24
UWOP_PUSH_MACHFRAME
#define UWOP_PUSH_MACHFRAME
Definition: unwind.c:34
UWOP_ALLOC_LARGE
#define UWOP_ALLOC_LARGE
Definition: unwind.c:20
RtlpTryToUnwindEpilog
static __inline BOOLEAN RtlpTryToUnwindEpilog(_Inout_ PCONTEXT Context, _In_ ULONG64 ControlPc, _Inout_opt_ PKNONVOLATILE_CONTEXT_POINTERS ContextPointers, _In_ ULONG64 ImageBase, _In_ PRUNTIME_FUNCTION FunctionEntry)
Helper function that tries to unwind epilog instructions.
Definition: unwind.c:304
UWOP_ALLOC_SMALL
#define UWOP_ALLOC_SMALL
Definition: unwind.c:21
UWOP_SAVE_XMM128
#define UWOP_SAVE_XMM128
Definition: unwind.c:32
SetXmmRegFromStackValue
static __inline void SetXmmRegFromStackValue(_Out_ PCONTEXT Context, _Inout_opt_ PKNONVOLATILE_CONTEXT_POINTERS ContextPointers, _In_ BYTE Reg, _In_ M128A *ValuePointer)
Definition: unwind.c:270
UWOP_SAVE_XMM128_FAR
#define UWOP_SAVE_XMM128_FAR
Definition: unwind.c:33
UWOP_PUSH_NONVOL
#define UWOP_PUSH_NONVOL
Definition: unwind.c:19

Referenced by RtlpCaptureNonVolatileContextPointers(), RtlpUnwindInternal(), and RtlWalkFrameChain().

◆ RtlWalkFrameChain()

ULONG NTAPI RtlWalkFrameChain ( OUT PVOID Callers,
IN ULONG  Count,
IN ULONG  Flags 
)

Definition at line 930 of file unwind.c.

933{
934 CONTEXT Context;
935 ULONG64 ControlPc, ImageBase, EstablisherFrame;
936 ULONG64 StackLow, StackHigh;
937 PVOID HandlerData;
938 ULONG i, FramesToSkip;
939 PRUNTIME_FUNCTION FunctionEntry;
940
941 DPRINT("Enter RtlWalkFrameChain\n");
942
943 /* The upper bits in Flags define how many frames to skip */
944 FramesToSkip = Flags >> 8;
945
946 /* Capture the current Context */
947 RtlCaptureContext(&Context);
948 ControlPc = Context.Rip;
949
950 /* Get the stack limits */
951 RtlpGetStackLimits(&StackLow, &StackHigh);
952
953 /* Check if we want the user-mode stack frame */
954 if (Flags & 1)
955 {
956 }
957
958 _SEH2_TRY
959 {
960 /* Loop the frames */
961 for (i = 0; i < FramesToSkip + Count; i++)
962 {
963 /* Lookup the FunctionEntry for the current ControlPc */
964 FunctionEntry = RtlLookupFunctionEntry(ControlPc, &ImageBase, NULL);
965
966 /* Is this a leaf function? */
967 if (!FunctionEntry)
968 {
969 Context.Rip = *(DWORD64*)Context.Rsp;
970 Context.Rsp += sizeof(DWORD64);
971 DPRINT("leaf funtion, new Rip = %p, new Rsp = %p\n", (PVOID)Context.Rip, (PVOID)Context.Rsp);
972 }
973 else
974 {
975 RtlVirtualUnwind(UNW_FLAG_NHANDLER,
976 ImageBase,
977 ControlPc,
978 FunctionEntry,
979 &Context,
980 &HandlerData,
981 &EstablisherFrame,
982 NULL);
983 DPRINT("normal funtion, new Rip = %p, new Rsp = %p\n", (PVOID)Context.Rip, (PVOID)Context.Rsp);
984 }
985
986 /* Check if we are in kernel mode */
987 if (RtlpGetMode() == KernelMode)
988 {
989 /* Check if we left the kernel range */
990 if (!(Flags & 1) && (Context.Rip < 0xFFFF800000000000ULL))
991 {
992 break;
993 }
994 }
995 else
996 {
997 /* Check if we left the user range */
998 if ((Context.Rip < 0x10000) ||
999 (Context.Rip > 0x000007FFFFFEFFFFULL))
1000 {
1001 break;
1002 }
1003 }
1004
1005 /* Check, if we have left our stack */
1006 if ((Context.Rsp <= StackLow) || (Context.Rsp >= StackHigh))
1007 {
1008 break;
1009 }
1010
1011 /* Continue with new Rip */
1012 ControlPc = Context.Rip;
1013
1014 /* Save value, if we are past the frames to skip */
1015 if (i >= FramesToSkip)
1016 {
1017 Callers[i - FramesToSkip] = (PVOID)ControlPc;
1018 }
1019 }
1020 }
1021 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1022 {
1023 DPRINT1("Exception while getting callers!\n");
1024 i = 0;
1025 }
1026 _SEH2_END;
1027
1028 DPRINT("RtlWalkFrameChain returns %ld\n", i);
1029 return i;
1030}
DPRINT1
#define DPRINT1
Definition: precomp.h:8
RtlpGetMode
KPROCESSOR_MODE NTAPI RtlpGetMode(VOID)
Definition: libsupp.c:53
_SEH2_END
#define _SEH2_END
Definition: filesup.c:22
_SEH2_TRY
#define _SEH2_TRY
Definition: filesup.c:19
UNW_FLAG_NHANDLER
#define UNW_FLAG_NHANDLER
Definition: gs_support.c:32
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
KernelMode
#define KernelMode
Definition: asm.h:34
Count
int Count
Definition: noreturn.cpp:7
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:34
DPRINT
#define DPRINT
Definition: sndvol32.h:71
Flags
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170

Referenced by RtlGetCallersAddress().

◆ SetReg()

static __inline void SetReg ( _Inout_ PCONTEXT  Context,
_In_ BYTE  Reg,
_In_ DWORD64  Value 
)
static

Definition at line 210 of file unwind.c.

214{
215 ((DWORD64*)(&Context->Rax))[Reg] = Value;
216}
Value
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING _Out_opt_ PUSHORT _Inout_opt_ PUNICODE_STRING Value
Definition: wdfregistry.h:413

Referenced by SetRegFromStackValue().

◆ SetRegFromStackValue()

static __inline void SetRegFromStackValue ( _Inout_ PCONTEXT  Context,
_Inout_opt_ PKNONVOLATILE_CONTEXT_POINTERS  ContextPointers,
_In_ BYTE  Reg,
_In_ PDWORD64  ValuePointer 
)
static

Definition at line 221 of file unwind.c.

226{
227 SetReg(Context, Reg, *ValuePointer);
228 if (ContextPointers != NULL)
229 {
230 ContextPointers->IntegerContext[Reg] = ValuePointer;
231 }
232}
SetReg
static __inline void SetReg(_Inout_ PCONTEXT Context, _In_ BYTE Reg, _In_ DWORD64 Value)
Definition: unwind.c:210

Referenced by PopReg(), and RtlVirtualUnwind().

◆ SetXmmReg()

static __inline void SetXmmReg ( _Inout_ PCONTEXT  Context,
_In_ BYTE  Reg,
_In_ M128A  Value 
)
static

Definition at line 259 of file unwind.c.

263{
264 ((M128A*)(&Context->Xmm0))[Reg] = Value;
265}

Referenced by SetXmmRegFromStackValue().

◆ SetXmmRegFromStackValue()

static __inline void SetXmmRegFromStackValue ( _Out_ PCONTEXT  Context,
_Inout_opt_ PKNONVOLATILE_CONTEXT_POINTERS  ContextPointers,
_In_ BYTE  Reg,
_In_ M128A ValuePointer 
)
static

Definition at line 270 of file unwind.c.

275{
276 SetXmmReg(Context, Reg, *ValuePointer);
277 if (ContextPointers != NULL)
278 {
279 ContextPointers->FloatingContext[Reg] = ValuePointer;
280 }
281}
SetXmmReg
static __inline void SetXmmReg(_Inout_ PCONTEXT Context, _In_ BYTE Reg, _In_ M128A Value)
Definition: unwind.c:259

Referenced by RtlVirtualUnwind().

◆ UnwindOpSlots()

static __inline ULONG UnwindOpSlots ( _In_ UNWIND_CODE  UnwindCode)
static

Definition at line 177 of file unwind.c.

179{
180 static const UCHAR UnwindOpExtraSlotTable[] =
181 {
182 0, // UWOP_PUSH_NONVOL
183 1, // UWOP_ALLOC_LARGE (or 3, special cased in lookup code)
184 0, // UWOP_ALLOC_SMALL
185 0, // UWOP_SET_FPREG
186 1, // UWOP_SAVE_NONVOL
187 2, // UWOP_SAVE_NONVOL_FAR
188 1, // UWOP_EPILOG // previously UWOP_SAVE_XMM
189 2, // UWOP_SPARE_CODE // previously UWOP_SAVE_XMM_FAR
190 1, // UWOP_SAVE_XMM128
191 2, // UWOP_SAVE_XMM128_FAR
192 0, // UWOP_PUSH_MACHFRAME
193 2, // UWOP_SET_FPREG_LARGE
194 };
195
196 if ((UnwindCode.UnwindOp == UWOP_ALLOC_LARGE) &&
197 (UnwindCode.OpInfo != 0))
198 {
199 return 3;
200 }
201 else
202 {
203 return UnwindOpExtraSlotTable[UnwindCode.UnwindOp] + 1;
204 }
205}
UCHAR
unsigned char UCHAR
Definition: xmlstorage.h:181

Referenced by GetEstablisherFrame(), and RtlVirtualUnwind().