diff options
Diffstat (limited to 'toolkit/crashreporter/LoadLibraryRemote.cpp')
-rw-r--r-- | toolkit/crashreporter/LoadLibraryRemote.cpp | 459 |
1 files changed, 459 insertions, 0 deletions
diff --git a/toolkit/crashreporter/LoadLibraryRemote.cpp b/toolkit/crashreporter/LoadLibraryRemote.cpp new file mode 100644 index 0000000000..d0422edd08 --- /dev/null +++ b/toolkit/crashreporter/LoadLibraryRemote.cpp @@ -0,0 +1,459 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef __GNUC__ +// disable warnings about pointer <-> DWORD conversions +# pragma warning(disable : 4311 4312) +#endif + +#ifdef _WIN64 +# define POINTER_TYPE ULONGLONG +#else +# define POINTER_TYPE DWORD +#endif + +#include <windows.h> +#include <winnt.h> +#include <stdlib.h> +#ifdef DEBUG_OUTPUT +# include <stdio.h> +#endif + +#include "nsWindowsHelpers.h" + +typedef const unsigned char* FileView; + +template <> +class nsAutoRefTraits<FileView> { + public: + typedef FileView RawRef; + static FileView Void() { return nullptr; } + + static void Release(RawRef aView) { + if (nullptr != aView) UnmapViewOfFile(aView); + } +}; + +#ifndef IMAGE_SIZEOF_BASE_RELOCATION +// Vista SDKs no longer define IMAGE_SIZEOF_BASE_RELOCATION!? +# define IMAGE_SIZEOF_BASE_RELOCATION (sizeof(IMAGE_BASE_RELOCATION)) +#endif + +#include "LoadLibraryRemote.h" + +typedef struct { + PIMAGE_NT_HEADERS headers; + unsigned char* localCodeBase; + unsigned char* remoteCodeBase; + HMODULE* modules; + int numModules; +} MEMORYMODULE, *PMEMORYMODULE; + +typedef BOOL(WINAPI* DllEntryProc)(HINSTANCE hinstDLL, DWORD fdwReason, + LPVOID lpReserved); + +#define GET_HEADER_DICTIONARY(module, idx) \ + &(module)->headers->OptionalHeader.DataDirectory[idx] + +#ifdef DEBUG_OUTPUT +static void OutputLastError(const char* msg) { + char* tmp; + char* tmpmsg; + FormatMessageA(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | + FORMAT_MESSAGE_IGNORE_INSERTS, + nullptr, GetLastError(), + MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPSTR)&tmp, 0, + nullptr); + tmpmsg = (char*)LocalAlloc(LPTR, strlen(msg) + strlen(tmp) + 3); + sprintf(tmpmsg, "%s: %s", msg, tmp); + OutputDebugStringA(tmpmsg); + LocalFree(tmpmsg); + LocalFree(tmp); +} +#endif + +static void CopySections(const unsigned char* data, + PIMAGE_NT_HEADERS old_headers, PMEMORYMODULE module) { + int i; + unsigned char* codeBase = module->localCodeBase; + unsigned char* dest; + PIMAGE_SECTION_HEADER section = IMAGE_FIRST_SECTION(module->headers); + for (i = 0; i < module->headers->FileHeader.NumberOfSections; + i++, section++) { + dest = codeBase + section->VirtualAddress; + memset(dest, 0, section->Misc.VirtualSize); + if (section->SizeOfRawData) { + memcpy(dest, data + section->PointerToRawData, section->SizeOfRawData); + } + // section->Misc.PhysicalAddress = (POINTER_TYPE) module->remoteCodeBase + + // section->VirtualAddress; + } +} + +static bool CopyRegion(HANDLE hRemoteProcess, void* remoteAddress, + void* localAddress, DWORD size, DWORD protect) { + if (size > 0) { + // Copy the data from local->remote and set the memory protection + if (!VirtualAllocEx(hRemoteProcess, remoteAddress, size, MEM_COMMIT, + PAGE_READWRITE)) + return false; + + if (!WriteProcessMemory(hRemoteProcess, remoteAddress, localAddress, size, + nullptr)) { +#ifdef DEBUG_OUTPUT + OutputLastError("Error writing remote memory.\n"); +#endif + return false; + } + + DWORD oldProtect; + if (VirtualProtectEx(hRemoteProcess, remoteAddress, size, protect, + &oldProtect) == 0) { +#ifdef DEBUG_OUTPUT + OutputLastError("Error protecting memory page"); +#endif + return false; + } + } + return true; +} +// Protection flags for memory pages (Executable, Readable, Writeable) +static int ProtectionFlags[2][2][2] = { + { + // not executable + {PAGE_NOACCESS, PAGE_WRITECOPY}, + {PAGE_READONLY, PAGE_READWRITE}, + }, + { + // executable + {PAGE_EXECUTE, PAGE_EXECUTE_WRITECOPY}, + {PAGE_EXECUTE_READ, PAGE_EXECUTE_READWRITE}, + }, +}; + +static bool FinalizeSections(PMEMORYMODULE module, HANDLE hRemoteProcess) { +#ifdef DEBUG_OUTPUT + fprintf(stderr, "Finalizing sections: local base %p, remote base %p\n", + module->localCodeBase, module->remoteCodeBase); +#endif + + int i; + int numSections = module->headers->FileHeader.NumberOfSections; + + if (numSections < 1) return false; + + PIMAGE_SECTION_HEADER section = IMAGE_FIRST_SECTION(module->headers); + + // Copy any data before the first section (i.e. the image header) + if (!CopyRegion(hRemoteProcess, module->remoteCodeBase, module->localCodeBase, + section->VirtualAddress, PAGE_READONLY)) + return false; + + // loop through all sections and change access flags + for (i = 0; i < numSections; i++, section++) { + DWORD protect, size; + int executable = (section->Characteristics & IMAGE_SCN_MEM_EXECUTE) != 0; + int readable = (section->Characteristics & IMAGE_SCN_MEM_READ) != 0; + int writeable = (section->Characteristics & IMAGE_SCN_MEM_WRITE) != 0; + + // determine protection flags based on characteristics + protect = ProtectionFlags[executable][readable][writeable]; + if (section->Characteristics & IMAGE_SCN_MEM_NOT_CACHED) { + protect |= PAGE_NOCACHE; + } + + void* remoteAddress = module->remoteCodeBase + section->VirtualAddress; + void* localAddress = module->localCodeBase + section->VirtualAddress; + + // determine size of region + size = section->Misc.VirtualSize; +#ifdef DEBUG_OUTPUT + fprintf(stderr, + "Copying section %s to %p, size %x, executable %i readable %i " + "writeable %i\n", + section->Name, remoteAddress, size, executable, readable, + writeable); +#endif + if (!CopyRegion(hRemoteProcess, remoteAddress, localAddress, size, protect)) + return false; + } + return true; +} + +static void PerformBaseRelocation(PMEMORYMODULE module, SIZE_T delta) { + DWORD i; + unsigned char* codeBase = module->localCodeBase; + + PIMAGE_DATA_DIRECTORY directory = + GET_HEADER_DICTIONARY(module, IMAGE_DIRECTORY_ENTRY_BASERELOC); + if (directory->Size > 0) { + PIMAGE_BASE_RELOCATION relocation = + (PIMAGE_BASE_RELOCATION)(codeBase + directory->VirtualAddress); + for (; relocation->VirtualAddress > 0;) { + unsigned char* dest = codeBase + relocation->VirtualAddress; + unsigned short* relInfo = (unsigned short*)((unsigned char*)relocation + + IMAGE_SIZEOF_BASE_RELOCATION); + for (i = 0; + i < ((relocation->SizeOfBlock - IMAGE_SIZEOF_BASE_RELOCATION) / 2); + i++, relInfo++) { + DWORD* patchAddrHL; +#ifdef _WIN64 + ULONGLONG* patchAddr64; +#endif + int type, offset; + + // the upper 4 bits define the type of relocation + type = *relInfo >> 12; + // the lower 12 bits define the offset + offset = *relInfo & 0xfff; + + switch (type) { + case IMAGE_REL_BASED_ABSOLUTE: + // skip relocation + break; + + case IMAGE_REL_BASED_HIGHLOW: + // change complete 32 bit address + patchAddrHL = (DWORD*)(dest + offset); + *patchAddrHL += delta; + break; + +#ifdef _WIN64 + case IMAGE_REL_BASED_DIR64: + patchAddr64 = (ULONGLONG*)(dest + offset); + *patchAddr64 += delta; + break; +#endif + + default: + // printf("Unknown relocation: %d\n", type); + break; + } + } + + // advance to next relocation block + relocation = (PIMAGE_BASE_RELOCATION)(((char*)relocation) + + relocation->SizeOfBlock); + } + } +} + +static int BuildImportTable(PMEMORYMODULE module) { + int result = 1; + unsigned char* codeBase = module->localCodeBase; + + PIMAGE_DATA_DIRECTORY directory = + GET_HEADER_DICTIONARY(module, IMAGE_DIRECTORY_ENTRY_IMPORT); + if (directory->Size > 0) { + PIMAGE_IMPORT_DESCRIPTOR importDesc = + (PIMAGE_IMPORT_DESCRIPTOR)(codeBase + directory->VirtualAddress); + PIMAGE_IMPORT_DESCRIPTOR importEnd = + (PIMAGE_IMPORT_DESCRIPTOR)(codeBase + directory->VirtualAddress + + directory->Size); + + for (; importDesc < importEnd && importDesc->Name; importDesc++) { + POINTER_TYPE* thunkRef; + FARPROC* funcRef; + HMODULE handle = GetModuleHandleA((LPCSTR)(codeBase + importDesc->Name)); + if (handle == nullptr) { +#if DEBUG_OUTPUT + OutputLastError("Can't load library"); +#endif + result = 0; + break; + } + + module->modules = (HMODULE*)realloc( + module->modules, (module->numModules + 1) * (sizeof(HMODULE))); + if (module->modules == nullptr) { + result = 0; + break; + } + + module->modules[module->numModules++] = handle; + if (importDesc->OriginalFirstThunk) { + thunkRef = (POINTER_TYPE*)(codeBase + importDesc->OriginalFirstThunk); + funcRef = (FARPROC*)(codeBase + importDesc->FirstThunk); + } else { + // no hint table + thunkRef = (POINTER_TYPE*)(codeBase + importDesc->FirstThunk); + funcRef = (FARPROC*)(codeBase + importDesc->FirstThunk); + } + for (; *thunkRef; thunkRef++, funcRef++) { + if (IMAGE_SNAP_BY_ORDINAL(*thunkRef)) { + *funcRef = + (FARPROC)GetProcAddress(handle, (LPCSTR)IMAGE_ORDINAL(*thunkRef)); + } else { + PIMAGE_IMPORT_BY_NAME thunkData = + (PIMAGE_IMPORT_BY_NAME)(codeBase + (*thunkRef)); + *funcRef = (FARPROC)GetProcAddress(handle, (LPCSTR)&thunkData->Name); + } + if (*funcRef == 0) { + result = 0; + break; + } + } + + if (!result) { + break; + } + } + } + + return result; +} + +static void* MemoryGetProcAddress(PMEMORYMODULE module, const char* name); + +void* LoadRemoteLibraryAndGetAddress(HANDLE hRemoteProcess, + const WCHAR* library, const char* symbol) { + // Map the DLL into memory + nsAutoHandle hLibrary(CreateFile(library, GENERIC_READ, FILE_SHARE_READ, + nullptr, OPEN_EXISTING, + FILE_ATTRIBUTE_NORMAL, nullptr)); + if (INVALID_HANDLE_VALUE == hLibrary) { +#if DEBUG_OUTPUT + OutputLastError("Couldn't CreateFile the library.\n"); +#endif + return nullptr; + } + + nsAutoHandle hMapping( + CreateFileMapping(hLibrary, nullptr, PAGE_READONLY, 0, 0, nullptr)); + if (!hMapping) { +#if DEBUG_OUTPUT + OutputLastError("Couldn't CreateFileMapping.\n"); +#endif + return nullptr; + } + + nsAutoRef<FileView> data( + (const unsigned char*)MapViewOfFile(hMapping, FILE_MAP_READ, 0, 0, 0)); + if (!data) { +#if DEBUG_OUTPUT + OutputLastError("Couldn't MapViewOfFile.\n"); +#endif + return nullptr; + } + + SIZE_T locationDelta; + + PIMAGE_DOS_HEADER dos_header = (PIMAGE_DOS_HEADER)data.get(); + if (dos_header->e_magic != IMAGE_DOS_SIGNATURE) { +#if DEBUG_OUTPUT + OutputDebugStringA("Not a valid executable file.\n"); +#endif + return nullptr; + } + + PIMAGE_NT_HEADERS old_header = + (PIMAGE_NT_HEADERS)(data + dos_header->e_lfanew); + if (old_header->Signature != IMAGE_NT_SIGNATURE) { +#if DEBUG_OUTPUT + OutputDebugStringA("No PE header found.\n"); +#endif + return nullptr; + } + + // reserve memory for image of library in this process and the target process + unsigned char* localCode = (unsigned char*)VirtualAlloc( + nullptr, old_header->OptionalHeader.SizeOfImage, MEM_RESERVE | MEM_COMMIT, + PAGE_READWRITE); + if (!localCode) { +#if DEBUG_OUTPUT + OutputLastError("Can't reserve local memory."); +#endif + } + + unsigned char* remoteCode = (unsigned char*)VirtualAllocEx( + hRemoteProcess, nullptr, old_header->OptionalHeader.SizeOfImage, + MEM_RESERVE, PAGE_EXECUTE_READ); + if (!remoteCode) { +#if DEBUG_OUTPUT + OutputLastError("Can't reserve remote memory."); +#endif + } + + MEMORYMODULE result; + result.localCodeBase = localCode; + result.remoteCodeBase = remoteCode; + result.numModules = 0; + result.modules = nullptr; + + // copy PE header to code + memcpy(localCode, dos_header, + dos_header->e_lfanew + old_header->OptionalHeader.SizeOfHeaders); + result.headers = + reinterpret_cast<PIMAGE_NT_HEADERS>(localCode + dos_header->e_lfanew); + + // update position + result.headers->OptionalHeader.ImageBase = (POINTER_TYPE)remoteCode; + + // copy sections from DLL file block to new memory location + CopySections(data, old_header, &result); + + // adjust base address of imported data + locationDelta = (SIZE_T)(remoteCode - old_header->OptionalHeader.ImageBase); + if (locationDelta != 0) { + PerformBaseRelocation(&result, locationDelta); + } + + // load required dlls and adjust function table of imports + if (!BuildImportTable(&result)) { + return nullptr; + } + + // mark memory pages depending on section headers and release + // sections that are marked as "discardable" + if (!FinalizeSections(&result, hRemoteProcess)) { + return nullptr; + } + + return MemoryGetProcAddress(&result, symbol); +} + +static void* MemoryGetProcAddress(PMEMORYMODULE module, const char* name) { + unsigned char* localCodeBase = module->localCodeBase; + int idx = -1; + DWORD i, *nameRef; + WORD* ordinal; + PIMAGE_EXPORT_DIRECTORY exports; + PIMAGE_DATA_DIRECTORY directory = + GET_HEADER_DICTIONARY(module, IMAGE_DIRECTORY_ENTRY_EXPORT); + if (directory->Size == 0) { + // no export table found + return nullptr; + } + + exports = + (PIMAGE_EXPORT_DIRECTORY)(localCodeBase + directory->VirtualAddress); + if (exports->NumberOfNames == 0 || exports->NumberOfFunctions == 0) { + // DLL doesn't export anything + return nullptr; + } + + // search function name in list of exported names + nameRef = (DWORD*)(localCodeBase + exports->AddressOfNames); + ordinal = (WORD*)(localCodeBase + exports->AddressOfNameOrdinals); + for (i = 0; i < exports->NumberOfNames; i++, nameRef++, ordinal++) { + if (stricmp(name, (const char*)(localCodeBase + (*nameRef))) == 0) { + idx = *ordinal; + break; + } + } + + if (idx == -1) { + // exported symbol not found + return nullptr; + } + + if ((DWORD)idx > exports->NumberOfFunctions) { + // name <-> ordinal number don't match + return nullptr; + } + + // AddressOfFunctions contains the RVAs to the "real" functions + return module->remoteCodeBase + + (*(DWORD*)(localCodeBase + exports->AddressOfFunctions + (idx * 4))); +} |