summaryrefslogtreecommitdiffstats
path: root/src/VBox/Debugger/DBGCDumpImage.cpp
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/VBox/Debugger/DBGCDumpImage.cpp807
1 files changed, 807 insertions, 0 deletions
diff --git a/src/VBox/Debugger/DBGCDumpImage.cpp b/src/VBox/Debugger/DBGCDumpImage.cpp
new file mode 100644
index 00000000..73042b80
--- /dev/null
+++ b/src/VBox/Debugger/DBGCDumpImage.cpp
@@ -0,0 +1,807 @@
+/* $Id: DBGCDumpImage.cpp $ */
+/** @file
+ * DBGC - Debugger Console, Native Commands.
+ */
+
+/*
+ * Copyright (C) 2006-2022 Oracle and/or its affiliates.
+ *
+ * This file is part of VirtualBox base platform packages, as
+ * available from https://www.virtualbox.org.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, in version 3 of the
+ * License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses>.
+ *
+ * SPDX-License-Identifier: GPL-3.0-only
+ */
+
+
+/*********************************************************************************************************************************
+* Header Files *
+*********************************************************************************************************************************/
+#define LOG_GROUP LOG_GROUP_DBGC
+#include <VBox/dbg.h>
+#include <VBox/vmm/dbgf.h>
+#include <VBox/param.h>
+#include <iprt/errcore.h>
+#include <VBox/log.h>
+
+#include <iprt/assert.h>
+#include <iprt/ctype.h>
+#include <iprt/dir.h>
+#include <iprt/env.h>
+#include <iprt/ldr.h>
+#include <iprt/mem.h>
+#include <iprt/path.h>
+#include <iprt/string.h>
+#include <iprt/formats/mz.h>
+#include <iprt/formats/pecoff.h>
+#include <iprt/formats/elf32.h>
+#include <iprt/formats/elf64.h>
+#include <iprt/formats/codeview.h>
+#include <iprt/formats/mach-o.h>
+
+#include "DBGCInternal.h"
+
+
+/*********************************************************************************************************************************
+* Structures and Typedefs *
+*********************************************************************************************************************************/
+/**
+ * PE dumper instance.
+ */
+typedef struct DUMPIMAGEPE
+{
+ /** Pointer to the image base address variable. */
+ PCDBGCVAR pImageBase;
+ /** Pointer to the file header. */
+ PCIMAGE_FILE_HEADER pFileHdr;
+ /** Pointer to the NT headers. */
+ union
+ {
+ PCIMAGE_NT_HEADERS32 pNt32;
+ PCIMAGE_NT_HEADERS64 pNt64;
+ void *pv;
+ } u;
+ /** Pointer to the section headers. */
+ PCIMAGE_SECTION_HEADER paShdrs;
+ /** Number of section headers. */
+ unsigned cShdrs;
+ /** Number of RVA and sizes (data directory entries). */
+ unsigned cDataDir;
+ /** Pointer to the data directory. */
+ PCIMAGE_DATA_DIRECTORY paDataDir;
+
+ /** The command descriptor (for failing the command). */
+ PCDBGCCMD pCmd;
+} DUMPIMAGEPE;
+/** Pointer to a PE dumper instance. */
+typedef DUMPIMAGEPE *PDUMPIMAGEPE;
+
+
+/** Helper for translating flags. */
+typedef struct
+{
+ uint32_t fFlag;
+ const char *pszNm;
+} DBGCDUMPFLAGENTRY;
+#define FLENT(a_Define) { a_Define, #a_Define }
+
+
+/*********************************************************************************************************************************
+* Internal Functions *
+*********************************************************************************************************************************/
+extern FNDBGCCMD dbgcCmdDumpImage; /* See DBGCCommands.cpp. */
+
+
+/** Stringifies a 32-bit flag value. */
+static void dbgcDumpImageFlags32(PDBGCCMDHLP pCmdHlp, uint32_t fFlags, DBGCDUMPFLAGENTRY const *paEntries, size_t cEntries)
+{
+ for (size_t i = 0; i < cEntries; i++)
+ if (fFlags & paEntries[i].fFlag)
+ DBGCCmdHlpPrintf(pCmdHlp, " %s", paEntries[i].pszNm);
+}
+
+
+/*********************************************************************************************************************************
+* PE *
+*********************************************************************************************************************************/
+
+static const char *dbgcPeMachineName(uint16_t uMachine)
+{
+ switch (uMachine)
+ {
+ case IMAGE_FILE_MACHINE_I386 : return "I386";
+ case IMAGE_FILE_MACHINE_AMD64 : return "AMD64";
+ case IMAGE_FILE_MACHINE_UNKNOWN : return "UNKNOWN";
+ case IMAGE_FILE_MACHINE_BASIC_16 : return "BASIC_16";
+ case IMAGE_FILE_MACHINE_BASIC_16_TV : return "BASIC_16_TV";
+ case IMAGE_FILE_MACHINE_IAPX16 : return "IAPX16";
+ case IMAGE_FILE_MACHINE_IAPX16_TV : return "IAPX16_TV";
+ //case IMAGE_FILE_MACHINE_IAPX20 : return "IAPX20";
+ //case IMAGE_FILE_MACHINE_IAPX20_TV : return "IAPX20_TV";
+ case IMAGE_FILE_MACHINE_I8086 : return "I8086";
+ case IMAGE_FILE_MACHINE_I8086_TV : return "I8086_TV";
+ case IMAGE_FILE_MACHINE_I286_SMALL : return "I286_SMALL";
+ case IMAGE_FILE_MACHINE_MC68 : return "MC68";
+ //case IMAGE_FILE_MACHINE_MC68_WR : return "MC68_WR";
+ case IMAGE_FILE_MACHINE_MC68_TV : return "MC68_TV";
+ case IMAGE_FILE_MACHINE_MC68_PG : return "MC68_PG";
+ //case IMAGE_FILE_MACHINE_I286_LARGE : return "I286_LARGE";
+ case IMAGE_FILE_MACHINE_U370_WR : return "U370_WR";
+ case IMAGE_FILE_MACHINE_AMDAHL_470_WR: return "AMDAHL_470_WR";
+ case IMAGE_FILE_MACHINE_AMDAHL_470_RO: return "AMDAHL_470_RO";
+ case IMAGE_FILE_MACHINE_U370_RO : return "U370_RO";
+ case IMAGE_FILE_MACHINE_R4000 : return "R4000";
+ case IMAGE_FILE_MACHINE_WCEMIPSV2 : return "WCEMIPSV2";
+ case IMAGE_FILE_MACHINE_VAX_WR : return "VAX_WR";
+ case IMAGE_FILE_MACHINE_VAX_RO : return "VAX_RO";
+ case IMAGE_FILE_MACHINE_SH3 : return "SH3";
+ case IMAGE_FILE_MACHINE_SH3DSP : return "SH3DSP";
+ case IMAGE_FILE_MACHINE_SH4 : return "SH4";
+ case IMAGE_FILE_MACHINE_SH5 : return "SH5";
+ case IMAGE_FILE_MACHINE_ARM : return "ARM";
+ case IMAGE_FILE_MACHINE_THUMB : return "THUMB";
+ case IMAGE_FILE_MACHINE_ARMNT : return "ARMNT";
+ case IMAGE_FILE_MACHINE_AM33 : return "AM33";
+ case IMAGE_FILE_MACHINE_POWERPC : return "POWERPC";
+ case IMAGE_FILE_MACHINE_POWERPCFP : return "POWERPCFP";
+ case IMAGE_FILE_MACHINE_IA64 : return "IA64";
+ case IMAGE_FILE_MACHINE_MIPS16 : return "MIPS16";
+ case IMAGE_FILE_MACHINE_MIPSFPU : return "MIPSFPU";
+ case IMAGE_FILE_MACHINE_MIPSFPU16 : return "MIPSFPU16";
+ case IMAGE_FILE_MACHINE_EBC : return "EBC";
+ case IMAGE_FILE_MACHINE_M32R : return "M32R";
+ case IMAGE_FILE_MACHINE_ARM64 : return "ARM64";
+ }
+ return "??";
+}
+
+
+static const char *dbgcPeDataDirName(unsigned iDir)
+{
+ switch (iDir)
+ {
+ case IMAGE_DIRECTORY_ENTRY_EXPORT: return "EXPORT";
+ case IMAGE_DIRECTORY_ENTRY_IMPORT: return "IMPORT";
+ case IMAGE_DIRECTORY_ENTRY_RESOURCE: return "RESOURCE";
+ case IMAGE_DIRECTORY_ENTRY_EXCEPTION: return "EXCEPTION";
+ case IMAGE_DIRECTORY_ENTRY_SECURITY: return "SECURITY";
+ case IMAGE_DIRECTORY_ENTRY_BASERELOC: return "BASERELOC";
+ case IMAGE_DIRECTORY_ENTRY_DEBUG: return "DEBUG";
+ case IMAGE_DIRECTORY_ENTRY_ARCHITECTURE: return "ARCHITECTURE";
+ case IMAGE_DIRECTORY_ENTRY_GLOBALPTR: return "GLOBALPTR";
+ case IMAGE_DIRECTORY_ENTRY_TLS: return "TLS";
+ case IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG: return "LOAD_CONFIG";
+ case IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT: return "BOUND_IMPORT";
+ case IMAGE_DIRECTORY_ENTRY_IAT: return "IAT";
+ case IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT: return "DELAY_IMPORT";
+ case IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR: return "COM_DESCRIPTOR";
+ }
+ return "??";
+}
+
+
+static const char *dbgPeDebugTypeName(uint32_t uType)
+{
+ switch (uType)
+ {
+ case IMAGE_DEBUG_TYPE_UNKNOWN: return "UNKNOWN";
+ case IMAGE_DEBUG_TYPE_COFF: return "COFF";
+ case IMAGE_DEBUG_TYPE_CODEVIEW: return "CODEVIEW";
+ case IMAGE_DEBUG_TYPE_FPO: return "FPO";
+ case IMAGE_DEBUG_TYPE_MISC: return "MISC";
+ case IMAGE_DEBUG_TYPE_EXCEPTION: return "EXCEPTION";
+ case IMAGE_DEBUG_TYPE_FIXUP: return "FIXUP";
+ case IMAGE_DEBUG_TYPE_OMAP_TO_SRC: return "OMAP_TO_SRC";
+ case IMAGE_DEBUG_TYPE_OMAP_FROM_SRC: return "OMAP_FROM_SRC";
+ case IMAGE_DEBUG_TYPE_BORLAND: return "BORLAND";
+ case IMAGE_DEBUG_TYPE_RESERVED10: return "RESERVED10";
+ case IMAGE_DEBUG_TYPE_CLSID: return "CLSID";
+ case IMAGE_DEBUG_TYPE_VC_FEATURE: return "VC_FEATURE";
+ case IMAGE_DEBUG_TYPE_POGO: return "POGO";
+ case IMAGE_DEBUG_TYPE_ILTCG: return "ILTCG";
+ case IMAGE_DEBUG_TYPE_MPX: return "MPX";
+ case IMAGE_DEBUG_TYPE_REPRO: return "REPRO";
+ }
+ return "??";
+}
+
+
+static int dbgcDumpImagePeDebugDir(PDUMPIMAGEPE pThis, PDBGCCMDHLP pCmdHlp, PCDBGCVAR pDataAddr, uint32_t cbData)
+{
+ uint32_t cEntries = cbData / sizeof(IMAGE_DEBUG_DIRECTORY);
+ for (uint32_t i = 0; i < cEntries; i++)
+ {
+ /*
+ * Read the entry into memory.
+ */
+ DBGCVAR DbgDirAddr;
+ int rc = DBGCCmdHlpEval(pCmdHlp, &DbgDirAddr, "%DV + %#RX32", pDataAddr, i * sizeof(IMAGE_DEBUG_DIRECTORY));
+ if (RT_FAILURE(rc))
+ return DBGCCmdHlpFailRc(pCmdHlp, pThis->pCmd, rc, "DBGCCmdHlpEval failed on debug entry %u", i);
+
+ IMAGE_DEBUG_DIRECTORY DbgDir;
+ rc = DBGCCmdHlpMemRead(pCmdHlp, &DbgDir, sizeof(DbgDir), &DbgDirAddr, NULL);
+ if (RT_FAILURE(rc))
+ return DBGCCmdHlpFailRc(pCmdHlp, pThis->pCmd, rc, "Failed to read %zu at %Dv", sizeof(DbgDir), &DbgDirAddr);
+
+ /*
+ * Dump it.
+ */
+ DBGCVAR DebugDataAddr = *pThis->pImageBase;
+ rc = DBGCCmdHlpEval(pCmdHlp, &DebugDataAddr, "%DV + %#RX32", pThis->pImageBase, DbgDir.AddressOfRawData);
+ DBGCCmdHlpPrintf(pCmdHlp, " Debug[%u]: %Dv/%08RX32 LB %06RX32 %u (%s) v%u.%u file=%RX32 ts=%08RX32 fl=%RX32\n",
+ i, &DebugDataAddr, DbgDir.AddressOfRawData, DbgDir.SizeOfData, DbgDir.Type,
+ dbgPeDebugTypeName(DbgDir.Type), DbgDir.MajorVersion, DbgDir.MinorVersion, DbgDir.PointerToRawData,
+ DbgDir.TimeDateStamp, DbgDir.Characteristics);
+ union
+ {
+ uint8_t abPage[0x1000];
+ CVPDB20INFO Pdb20;
+ CVPDB70INFO Pdb70;
+ IMAGE_DEBUG_MISC Misc;
+ } uBuf;
+ RT_ZERO(uBuf);
+
+ if (DbgDir.Type == IMAGE_DEBUG_TYPE_CODEVIEW)
+ {
+ if ( DbgDir.SizeOfData < sizeof(uBuf)
+ && DbgDir.SizeOfData > 16
+ && DbgDir.AddressOfRawData > 0
+ && RT_SUCCESS(rc))
+ {
+ rc = DBGCCmdHlpMemRead(pCmdHlp, &uBuf, DbgDir.SizeOfData, &DebugDataAddr, NULL);
+ if (RT_FAILURE(rc))
+ return DBGCCmdHlpFailRc(pCmdHlp, pThis->pCmd, rc, "Failed to read %zu at %Dv",
+ DbgDir.SizeOfData, &DebugDataAddr);
+
+ if ( uBuf.Pdb20.u32Magic == CVPDB20INFO_MAGIC
+ && uBuf.Pdb20.offDbgInfo == 0
+ && DbgDir.SizeOfData > RT_UOFFSETOF(CVPDB20INFO, szPdbFilename) )
+ DBGCCmdHlpPrintf(pCmdHlp, " PDB2.0: ts=%08RX32 age=%RX32 %s\n",
+ uBuf.Pdb20.uTimestamp, uBuf.Pdb20.uAge, uBuf.Pdb20.szPdbFilename);
+ else if ( uBuf.Pdb20.u32Magic == CVPDB70INFO_MAGIC
+ && DbgDir.SizeOfData > RT_UOFFSETOF(CVPDB70INFO, szPdbFilename) )
+ DBGCCmdHlpPrintf(pCmdHlp, " PDB7.0: %RTuuid age=%u %s\n",
+ &uBuf.Pdb70.PdbUuid, uBuf.Pdb70.uAge, uBuf.Pdb70.szPdbFilename);
+ else
+ DBGCCmdHlpPrintf(pCmdHlp, " Unknown PDB/codeview magic: %.8Rhxs\n", uBuf.abPage);
+ }
+ }
+ else if (DbgDir.Type == IMAGE_DEBUG_TYPE_MISC)
+ {
+ if ( DbgDir.SizeOfData < sizeof(uBuf)
+ && DbgDir.SizeOfData > RT_UOFFSETOF(IMAGE_DEBUG_MISC, Data)
+ && DbgDir.AddressOfRawData > 0
+ && RT_SUCCESS(rc) )
+ {
+ rc = DBGCCmdHlpMemRead(pCmdHlp, &uBuf, DbgDir.SizeOfData, &DebugDataAddr, NULL);
+ if (RT_FAILURE(rc))
+ return DBGCCmdHlpFailRc(pCmdHlp, pThis->pCmd, rc, "Failed to read %zu at %Dv",
+ DbgDir.SizeOfData, &DebugDataAddr);
+
+ if ( uBuf.Misc.DataType == IMAGE_DEBUG_MISC_EXENAME
+ && uBuf.Misc.Length == DbgDir.SizeOfData)
+ {
+ if (!uBuf.Misc.Unicode)
+ DBGCCmdHlpPrintf(pCmdHlp, " Misc DBG: ts=%RX32 %s\n",
+ DbgDir.TimeDateStamp, (const char *)&uBuf.Misc.Data[0]);
+ else
+ DBGCCmdHlpPrintf(pCmdHlp, " Misc DBG: ts=%RX32 %ls\n",
+ DbgDir.TimeDateStamp, (PCRTUTF16)&uBuf.Misc.Data[0]);
+ }
+ }
+ }
+ }
+ return VINF_SUCCESS;
+}
+
+
+static int dbgcDumpImagePeDataDirs(PDUMPIMAGEPE pThis, PDBGCCMDHLP pCmdHlp, unsigned cDataDirs, PCIMAGE_DATA_DIRECTORY paDataDirs)
+{
+ int rcRet = VINF_SUCCESS;
+ for (unsigned i = 0; i < cDataDirs; i++)
+ {
+ if (paDataDirs[i].Size || paDataDirs[i].VirtualAddress)
+ {
+ DBGCVAR DataAddr = *pThis->pImageBase;
+ DBGCCmdHlpEval(pCmdHlp, &DataAddr, "%DV + %#RX32", pThis->pImageBase, paDataDirs[i].VirtualAddress);
+ DBGCCmdHlpPrintf(pCmdHlp, "DataDir[%02u]: %Dv/%08RX32 LB %08RX32 %s\n",
+ i, &DataAddr, paDataDirs[i].VirtualAddress, paDataDirs[i].Size, dbgcPeDataDirName(i));
+ int rc = VINF_SUCCESS;
+ if ( i == IMAGE_DIRECTORY_ENTRY_DEBUG
+ && paDataDirs[i].Size >= sizeof(IMAGE_DEBUG_DIRECTORY))
+ rc = dbgcDumpImagePeDebugDir(pThis, pCmdHlp, &DataAddr, paDataDirs[i].Size);
+ if (RT_FAILURE(rc) && RT_SUCCESS(rcRet))
+ rcRet = rc;
+ }
+ }
+ return rcRet;
+}
+
+
+static int dbgcDumpImagePeSectionHdrs(PDUMPIMAGEPE pThis, PDBGCCMDHLP pCmdHlp, unsigned cShdrs, PCIMAGE_SECTION_HEADER paShdrs)
+{
+ for (unsigned i = 0; i < cShdrs; i++)
+ {
+ DBGCVAR SectAddr = *pThis->pImageBase;
+ DBGCCmdHlpEval(pCmdHlp, &SectAddr, "%DV + %#RX32", pThis->pImageBase, paShdrs[i].VirtualAddress);
+ DBGCCmdHlpPrintf(pCmdHlp, "Section[%02u]: %Dv/%08RX32 LB %08RX32 %.8s\n",
+ i, &SectAddr, paShdrs[i].VirtualAddress, paShdrs[i].Misc.VirtualSize, paShdrs[i].Name);
+ }
+ return VINF_SUCCESS;
+}
+
+
+static int dbgcDumpImagePeOptHdr32(PDUMPIMAGEPE pThis, PDBGCCMDHLP pCmdHlp, PCIMAGE_NT_HEADERS32 pNtHdrs)
+{
+ RT_NOREF(pThis, pCmdHlp, pNtHdrs);
+ return VINF_SUCCESS;
+}
+
+static int dbgcDumpImagePeOptHdr64(PDUMPIMAGEPE pThis, PDBGCCMDHLP pCmdHlp, PCIMAGE_NT_HEADERS64 pNtHdrs)
+{
+ RT_NOREF(pThis, pCmdHlp, pNtHdrs);
+ return VINF_SUCCESS;
+}
+
+
+static int dbgcDumpImagePe(PCDBGCCMD pCmd, PDBGCCMDHLP pCmdHlp, PCDBGCVAR pImageBase,
+ PCDBGCVAR pPeHdrAddr, PCIMAGE_FILE_HEADER pFileHdr)
+{
+ /*
+ * Dump file header fields.
+ */
+ DBGCCmdHlpPrintf(pCmdHlp, "%Dv: PE image - %#x (%s), %u sections\n", pImageBase, pFileHdr->Machine,
+ dbgcPeMachineName(pFileHdr->Machine), pFileHdr->NumberOfSections);
+ DBGCCmdHlpPrintf(pCmdHlp, "Characteristics: %#06x", pFileHdr->Characteristics);
+ if (pFileHdr->Characteristics & IMAGE_FILE_RELOCS_STRIPPED) DBGCCmdHlpPrintf(pCmdHlp, " RELOCS_STRIPPED");
+ if (pFileHdr->Characteristics & IMAGE_FILE_EXECUTABLE_IMAGE) DBGCCmdHlpPrintf(pCmdHlp, " EXECUTABLE_IMAGE");
+ if (pFileHdr->Characteristics & IMAGE_FILE_LINE_NUMS_STRIPPED) DBGCCmdHlpPrintf(pCmdHlp, " LINE_NUMS_STRIPPED");
+ if (pFileHdr->Characteristics & IMAGE_FILE_LOCAL_SYMS_STRIPPED) DBGCCmdHlpPrintf(pCmdHlp, " LOCAL_SYMS_STRIPPED");
+ if (pFileHdr->Characteristics & IMAGE_FILE_AGGRESIVE_WS_TRIM) DBGCCmdHlpPrintf(pCmdHlp, " AGGRESIVE_WS_TRIM");
+ if (pFileHdr->Characteristics & IMAGE_FILE_LARGE_ADDRESS_AWARE) DBGCCmdHlpPrintf(pCmdHlp, " LARGE_ADDRESS_AWARE");
+ if (pFileHdr->Characteristics & IMAGE_FILE_16BIT_MACHINE) DBGCCmdHlpPrintf(pCmdHlp, " 16BIT_MACHINE");
+ if (pFileHdr->Characteristics & IMAGE_FILE_BYTES_REVERSED_LO) DBGCCmdHlpPrintf(pCmdHlp, " BYTES_REVERSED_LO");
+ if (pFileHdr->Characteristics & IMAGE_FILE_32BIT_MACHINE) DBGCCmdHlpPrintf(pCmdHlp, " 32BIT_MACHINE");
+ if (pFileHdr->Characteristics & IMAGE_FILE_DEBUG_STRIPPED) DBGCCmdHlpPrintf(pCmdHlp, " DEBUG_STRIPPED");
+ if (pFileHdr->Characteristics & IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP) DBGCCmdHlpPrintf(pCmdHlp, " REMOVABLE_RUN_FROM_SWAP");
+ if (pFileHdr->Characteristics & IMAGE_FILE_NET_RUN_FROM_SWAP) DBGCCmdHlpPrintf(pCmdHlp, " NET_RUN_FROM_SWAP");
+ if (pFileHdr->Characteristics & IMAGE_FILE_SYSTEM) DBGCCmdHlpPrintf(pCmdHlp, " SYSTEM");
+ if (pFileHdr->Characteristics & IMAGE_FILE_DLL) DBGCCmdHlpPrintf(pCmdHlp, " DLL");
+ if (pFileHdr->Characteristics & IMAGE_FILE_UP_SYSTEM_ONLY) DBGCCmdHlpPrintf(pCmdHlp, " UP_SYSTEM_ONLY");
+ if (pFileHdr->Characteristics & IMAGE_FILE_BYTES_REVERSED_HI) DBGCCmdHlpPrintf(pCmdHlp, " BYTES_REVERSED_HI");
+ DBGCCmdHlpPrintf(pCmdHlp, "\n");
+
+ /*
+ * Allocate memory for all the headers, including section headers, and read them into memory.
+ */
+ size_t offSHdrs = pFileHdr->SizeOfOptionalHeader + sizeof(*pFileHdr) + sizeof(uint32_t);
+ size_t cbHdrs = offSHdrs + pFileHdr->NumberOfSections * sizeof(IMAGE_SECTION_HEADER);
+ if (cbHdrs > _2M)
+ return DBGCCmdHlpFail(pCmdHlp, pCmd, "%Dv: headers too big: %zu.\n", pImageBase, cbHdrs);
+
+ void *pvBuf = RTMemTmpAllocZ(cbHdrs);
+ if (!pvBuf)
+ return DBGCCmdHlpFail(pCmdHlp, pCmd, "%Dv: failed to allocate %zu bytes.\n", pImageBase, cbHdrs);
+ int rc = DBGCCmdHlpMemRead(pCmdHlp, pvBuf, cbHdrs, pPeHdrAddr, NULL);
+ if (RT_SUCCESS(rc))
+ {
+ DUMPIMAGEPE This;
+ RT_ZERO(This);
+ This.pImageBase = pImageBase;
+ This.pFileHdr = pFileHdr;
+ This.u.pv = pvBuf;
+ This.cShdrs = pFileHdr->NumberOfSections;
+ This.paShdrs = (PCIMAGE_SECTION_HEADER)((uintptr_t)pvBuf + offSHdrs);
+ This.pCmd = pCmd;
+
+ if (pFileHdr->SizeOfOptionalHeader == sizeof(IMAGE_OPTIONAL_HEADER32))
+ {
+ This.paDataDir = This.u.pNt32->OptionalHeader.DataDirectory;
+ This.cDataDir = This.u.pNt32->OptionalHeader.NumberOfRvaAndSizes;
+ rc = dbgcDumpImagePeOptHdr32(&This, pCmdHlp, This.u.pNt32);
+ }
+ else if (pFileHdr->SizeOfOptionalHeader == sizeof(IMAGE_OPTIONAL_HEADER64))
+ {
+ This.paDataDir = This.u.pNt64->OptionalHeader.DataDirectory;
+ This.cDataDir = This.u.pNt64->OptionalHeader.NumberOfRvaAndSizes;
+ rc = dbgcDumpImagePeOptHdr64(&This, pCmdHlp, This.u.pNt64);
+ }
+ else
+ rc = DBGCCmdHlpFail(pCmdHlp, pCmd, "%Dv: Unsupported optional header size: %#x\n",
+ pImageBase, pFileHdr->SizeOfOptionalHeader);
+
+ int rc2 = dbgcDumpImagePeSectionHdrs(&This, pCmdHlp, This.cShdrs, This.paShdrs);
+ if (RT_FAILURE(rc2) && RT_SUCCESS(rc))
+ rc = rc2;
+
+ rc2 = dbgcDumpImagePeDataDirs(&This, pCmdHlp, This.cDataDir, This.paDataDir);
+ if (RT_FAILURE(rc2) && RT_SUCCESS(rc))
+ rc = rc2;
+ }
+ else
+ rc = DBGCCmdHlpFailRc(pCmdHlp, pCmd, rc, "%Dv: Failed to read %zu at %Dv", pImageBase, cbHdrs, pPeHdrAddr);
+ RTMemTmpFree(pvBuf);
+ return rc;
+}
+
+
+/*********************************************************************************************************************************
+* ELF *
+*********************************************************************************************************************************/
+
+static int dbgcDumpImageElf(PCDBGCCMD pCmd, PDBGCCMDHLP pCmdHlp, PCDBGCVAR pImageBase)
+{
+ RT_NOREF_PV(pCmd);
+ DBGCCmdHlpPrintf(pCmdHlp, "%Dv: ELF image dumping not implemented yet.\n", pImageBase);
+ return VINF_SUCCESS;
+}
+
+
+/*********************************************************************************************************************************
+* Mach-O *
+*********************************************************************************************************************************/
+
+static const char *dbgcMachoFileType(uint32_t uType)
+{
+ switch (uType)
+ {
+ case MH_OBJECT: return "MH_OBJECT";
+ case MH_EXECUTE: return "MH_EXECUTE";
+ case MH_FVMLIB: return "MH_FVMLIB";
+ case MH_CORE: return "MH_CORE";
+ case MH_PRELOAD: return "MH_PRELOAD";
+ case MH_DYLIB: return "MH_DYLIB";
+ case MH_DYLINKER: return "MH_DYLINKER";
+ case MH_BUNDLE: return "MH_BUNDLE";
+ case MH_DYLIB_STUB: return "MH_DYLIB_STUB";
+ case MH_DSYM: return "MH_DSYM";
+ case MH_KEXT_BUNDLE: return "MH_KEXT_BUNDLE";
+ }
+ return "??";
+}
+
+
+static const char *dbgcMachoCpuType(int32_t iType, int32_t iSubType)
+{
+ switch (iType)
+ {
+ case CPU_TYPE_ANY: return "CPU_TYPE_ANY";
+ case CPU_TYPE_VAX: return "VAX";
+ case CPU_TYPE_MC680x0: return "MC680x0";
+ case CPU_TYPE_X86: return "X86";
+ case CPU_TYPE_X86_64:
+ switch (iSubType)
+ {
+ case CPU_SUBTYPE_X86_64_ALL: return "X86_64/ALL64";
+ }
+ return "X86_64";
+ case CPU_TYPE_MC98000: return "MC98000";
+ case CPU_TYPE_HPPA: return "HPPA";
+ case CPU_TYPE_MC88000: return "MC88000";
+ case CPU_TYPE_SPARC: return "SPARC";
+ case CPU_TYPE_I860: return "I860";
+ case CPU_TYPE_POWERPC: return "POWERPC";
+ case CPU_TYPE_POWERPC64: return "POWERPC64";
+
+ }
+ return "??";
+}
+
+
+static const char *dbgcMachoLoadCommand(uint32_t uCmd)
+{
+ switch (uCmd)
+ {
+ RT_CASE_RET_STR(LC_SEGMENT_32);
+ RT_CASE_RET_STR(LC_SYMTAB);
+ RT_CASE_RET_STR(LC_SYMSEG);
+ RT_CASE_RET_STR(LC_THREAD);
+ RT_CASE_RET_STR(LC_UNIXTHREAD);
+ RT_CASE_RET_STR(LC_LOADFVMLIB);
+ RT_CASE_RET_STR(LC_IDFVMLIB);
+ RT_CASE_RET_STR(LC_IDENT);
+ RT_CASE_RET_STR(LC_FVMFILE);
+ RT_CASE_RET_STR(LC_PREPAGE);
+ RT_CASE_RET_STR(LC_DYSYMTAB);
+ RT_CASE_RET_STR(LC_LOAD_DYLIB);
+ RT_CASE_RET_STR(LC_ID_DYLIB);
+ RT_CASE_RET_STR(LC_LOAD_DYLINKER);
+ RT_CASE_RET_STR(LC_ID_DYLINKER);
+ RT_CASE_RET_STR(LC_PREBOUND_DYLIB);
+ RT_CASE_RET_STR(LC_ROUTINES);
+ RT_CASE_RET_STR(LC_SUB_FRAMEWORK);
+ RT_CASE_RET_STR(LC_SUB_UMBRELLA);
+ RT_CASE_RET_STR(LC_SUB_CLIENT);
+ RT_CASE_RET_STR(LC_SUB_LIBRARY);
+ RT_CASE_RET_STR(LC_TWOLEVEL_HINTS);
+ RT_CASE_RET_STR(LC_PREBIND_CKSUM);
+ RT_CASE_RET_STR(LC_LOAD_WEAK_DYLIB);
+ RT_CASE_RET_STR(LC_SEGMENT_64);
+ RT_CASE_RET_STR(LC_ROUTINES_64);
+ RT_CASE_RET_STR(LC_UUID);
+ RT_CASE_RET_STR(LC_RPATH);
+ RT_CASE_RET_STR(LC_CODE_SIGNATURE);
+ RT_CASE_RET_STR(LC_SEGMENT_SPLIT_INFO);
+ RT_CASE_RET_STR(LC_REEXPORT_DYLIB);
+ RT_CASE_RET_STR(LC_LAZY_LOAD_DYLIB);
+ RT_CASE_RET_STR(LC_ENCRYPTION_INFO);
+ RT_CASE_RET_STR(LC_DYLD_INFO);
+ RT_CASE_RET_STR(LC_DYLD_INFO_ONLY);
+ RT_CASE_RET_STR(LC_LOAD_UPWARD_DYLIB);
+ RT_CASE_RET_STR(LC_VERSION_MIN_MACOSX);
+ RT_CASE_RET_STR(LC_VERSION_MIN_IPHONEOS);
+ RT_CASE_RET_STR(LC_FUNCTION_STARTS);
+ RT_CASE_RET_STR(LC_DYLD_ENVIRONMENT);
+ RT_CASE_RET_STR(LC_MAIN);
+ RT_CASE_RET_STR(LC_DATA_IN_CODE);
+ RT_CASE_RET_STR(LC_SOURCE_VERSION);
+ RT_CASE_RET_STR(LC_DYLIB_CODE_SIGN_DRS);
+ RT_CASE_RET_STR(LC_ENCRYPTION_INFO_64);
+ RT_CASE_RET_STR(LC_LINKER_OPTION);
+ RT_CASE_RET_STR(LC_LINKER_OPTIMIZATION_HINT);
+ RT_CASE_RET_STR(LC_VERSION_MIN_TVOS);
+ RT_CASE_RET_STR(LC_VERSION_MIN_WATCHOS);
+ RT_CASE_RET_STR(LC_NOTE);
+ RT_CASE_RET_STR(LC_BUILD_VERSION);
+ }
+ return "??";
+}
+
+
+static const char *dbgcMachoProt(uint32_t fProt)
+{
+ switch (fProt)
+ {
+ case VM_PROT_NONE: return "---";
+ case VM_PROT_READ: return "r--";
+ case VM_PROT_READ | VM_PROT_WRITE: return "rw-";
+ case VM_PROT_READ | VM_PROT_EXECUTE: return "r-x";
+ case VM_PROT_READ | VM_PROT_WRITE | VM_PROT_EXECUTE: return "rwx";
+ case VM_PROT_WRITE: return "-w-";
+ case VM_PROT_WRITE | VM_PROT_EXECUTE: return "-wx";
+ case VM_PROT_EXECUTE: return "-w-";
+ }
+ return "???";
+}
+
+
+static int dbgcDumpImageMachO(PCDBGCCMD pCmd, PDBGCCMDHLP pCmdHlp, PCDBGCVAR pImageBase, mach_header_64_t const *pHdr)
+{
+#define ENTRY(a_Define) { a_Define, #a_Define }
+ RT_NOREF_PV(pCmd);
+
+ /*
+ * Header:
+ */
+ DBGCCmdHlpPrintf(pCmdHlp, "%Dv: Mach-O image (%s bit) - %s (%u) - %s (%#x / %#x)\n",
+ pImageBase, pHdr->magic == IMAGE_MACHO64_SIGNATURE ? "64" : "32",
+ dbgcMachoFileType(pHdr->filetype), pHdr->filetype,
+ dbgcMachoCpuType(pHdr->cputype, pHdr->cpusubtype), pHdr->cputype, pHdr->cpusubtype);
+
+ DBGCCmdHlpPrintf(pCmdHlp, "%Dv: Flags: %#x", pImageBase, pHdr->flags);
+ static DBGCDUMPFLAGENTRY const s_aHdrFlags[] =
+ {
+ FLENT(MH_NOUNDEFS), FLENT(MH_INCRLINK),
+ FLENT(MH_DYLDLINK), FLENT(MH_BINDATLOAD),
+ FLENT(MH_PREBOUND), FLENT(MH_SPLIT_SEGS),
+ FLENT(MH_LAZY_INIT), FLENT(MH_TWOLEVEL),
+ FLENT(MH_FORCE_FLAT), FLENT(MH_NOMULTIDEFS),
+ FLENT(MH_NOFIXPREBINDING), FLENT(MH_PREBINDABLE),
+ FLENT(MH_ALLMODSBOUND), FLENT(MH_SUBSECTIONS_VIA_SYMBOLS),
+ FLENT(MH_CANONICAL), FLENT(MH_WEAK_DEFINES),
+ FLENT(MH_BINDS_TO_WEAK), FLENT(MH_ALLOW_STACK_EXECUTION),
+ FLENT(MH_ROOT_SAFE), FLENT(MH_SETUID_SAFE),
+ FLENT(MH_NO_REEXPORTED_DYLIBS), FLENT(MH_PIE),
+ FLENT(MH_DEAD_STRIPPABLE_DYLIB), FLENT(MH_HAS_TLV_DESCRIPTORS),
+ FLENT(MH_NO_HEAP_EXECUTION),
+ };
+ dbgcDumpImageFlags32(pCmdHlp, pHdr->flags, s_aHdrFlags, RT_ELEMENTS(s_aHdrFlags));
+ DBGCCmdHlpPrintf(pCmdHlp, "\n");
+ if (pHdr->reserved != 0 && pHdr->magic == IMAGE_MACHO64_SIGNATURE)
+ DBGCCmdHlpPrintf(pCmdHlp, "%Dv: Reserved header field: %#x\n", pImageBase, pHdr->reserved);
+
+ /*
+ * And now the load commands.
+ */
+ const uint32_t cCmds = pHdr->ncmds;
+ const uint32_t cbCmds = pHdr->sizeofcmds;
+ DBGCCmdHlpPrintf(pCmdHlp, "%Dv: %u load commands covering %#x bytes:\n", pImageBase, cCmds, cbCmds);
+ if (cbCmds > _16M)
+ return DBGCCmdHlpFailRc(pCmdHlp, pCmd, VERR_OUT_OF_RANGE,
+ "%Dv: Commands too big: %#x bytes, max 16MiB\n", pImageBase, cbCmds);
+
+ /* Calc address of the first command: */
+ const uint32_t cbHdr = pHdr->magic == IMAGE_MACHO64_SIGNATURE ? sizeof(mach_header_64_t) : sizeof(mach_header_32_t);
+ DBGCVAR Addr;
+ int rc = DBGCCmdHlpEval(pCmdHlp, &Addr, "%DV + %#RX32", pImageBase, cbHdr);
+ AssertRCReturn(rc, rc);
+
+ /* Read them into a temp buffer: */
+ uint8_t *pbCmds = (uint8_t *)RTMemTmpAllocZ(cbCmds);
+ if (!pbCmds)
+ return VERR_NO_TMP_MEMORY;
+
+ rc = DBGCCmdHlpMemRead(pCmdHlp, pbCmds, cbCmds, &Addr, NULL);
+ if (RT_SUCCESS(rc))
+ {
+ static const DBGCDUMPFLAGENTRY s_aSegFlags[] =
+ { FLENT(SG_HIGHVM), FLENT(SG_FVMLIB), FLENT(SG_NORELOC), FLENT(SG_PROTECTED_VERSION_1), };
+
+ /*
+ * Iterate the commands.
+ */
+ uint32_t offCmd = 0;
+ for (uint32_t iCmd = 0; iCmd < cCmds; iCmd++)
+ {
+ load_command_t const *pCurCmd = (load_command_t const *)&pbCmds[offCmd];
+ const uint32_t cbCurCmd = offCmd + sizeof(*pCurCmd) <= cbCmds ? pCurCmd->cmdsize : sizeof(*pCurCmd);
+ if (offCmd + cbCurCmd > cbCmds)
+ {
+ rc = DBGCCmdHlpFailRc(pCmdHlp, pCmd, VERR_OUT_OF_RANGE,
+ "%Dv: Load command #%u (offset %#x + %#x) is out of bounds! cmdsize=%u (%#x) cmd=%u\n",
+ pImageBase, iCmd, offCmd, cbHdr, cbCurCmd, cbCurCmd,
+ offCmd + RT_UOFFSET_AFTER(load_command_t, cmd) <= cbCmds ? pCurCmd->cmd : UINT32_MAX);
+ break;
+ }
+
+ DBGCCmdHlpPrintf(pCmdHlp, "%Dv: Load command #%u (offset %#x + %#x): %s (%u) LB %u\n",
+ pImageBase, iCmd, offCmd, cbHdr, dbgcMachoLoadCommand(pCurCmd->cmd), pCurCmd->cmd, cbCurCmd);
+ switch (pCurCmd->cmd)
+ {
+ case LC_SEGMENT_64:
+ if (cbCurCmd < sizeof(segment_command_64_t))
+ rc = DBGCCmdHlpFailRc(pCmdHlp, pCmd, VERR_LDRMACHO_BAD_LOAD_COMMAND,
+ "%Dv: LC_SEGMENT64 is too short!\n", pImageBase);
+ else
+ {
+ segment_command_64_t const *pSeg = (segment_command_64_t const *)pCurCmd;
+ DBGCCmdHlpPrintf(pCmdHlp, "%Dv: vmaddr: %016RX64 LB %08RX64 prot: %s(%x) maxprot: %s(%x) name: %.16s\n",
+ pImageBase, pSeg->vmaddr, pSeg->vmsize, dbgcMachoProt(pSeg->initprot), pSeg->initprot,
+ dbgcMachoProt(pSeg->maxprot), pSeg->maxprot, pSeg->segname);
+ DBGCCmdHlpPrintf(pCmdHlp, "%Dv: file: %016RX64 LB %08RX64 sections: %2u flags: %#x",
+ pImageBase, pSeg->fileoff, pSeg->filesize, pSeg->nsects, pSeg->flags);
+ dbgcDumpImageFlags32(pCmdHlp, pSeg->flags, s_aSegFlags, RT_ELEMENTS(s_aSegFlags));
+ DBGCCmdHlpPrintf(pCmdHlp, "\n");
+ if ( pSeg->nsects > _64K
+ || pSeg->nsects * sizeof(section_64_t) + sizeof(pSeg) > cbCurCmd)
+ rc = DBGCCmdHlpFailRc(pCmdHlp, pCmd, VERR_LDRMACHO_BAD_LOAD_COMMAND,
+ "%Dv: LC_SEGMENT64 is too short for all the sections!\n", pImageBase);
+ else
+ {
+ section_64_t const *paSec = (section_64_t const *)(pSeg + 1);
+ for (uint32_t iSec = 0; iSec < pSeg->nsects; iSec++)
+ {
+ DBGCCmdHlpPrintf(pCmdHlp,
+ "%Dv: Section #%u: %016RX64 LB %08RX64 align: 2**%-2u name: %.16s",
+ pImageBase, iSec, paSec[iSec].addr, paSec[iSec].size, paSec[iSec].align,
+ paSec[iSec].sectname);
+ if (strncmp(pSeg->segname, paSec[iSec].segname, sizeof(pSeg->segname)))
+ DBGCCmdHlpPrintf(pCmdHlp, "(in %.16s)", paSec[iSec].segname);
+ DBGCCmdHlpPrintf(pCmdHlp, "\n");
+
+ /// @todo Good night!
+ /// uint32_t offset;
+ /// uint32_t reloff;
+ /// uint32_t nreloc;
+ /// uint32_t flags;
+ /// /** For S_LAZY_SYMBOL_POINTERS, S_NON_LAZY_SYMBOL_POINTERS and S_SYMBOL_STUBS
+ /// * this is the index into the indirect symbol table. */
+ /// uint32_t reserved1;
+ /// uint32_t reserved2;
+ /// uint32_t reserved3;
+ ///
+ }
+ }
+ }
+ break;
+ }
+
+ /* Advance: */
+ offCmd += cbCurCmd;
+ }
+ }
+ else
+ rc = DBGCCmdHlpFailRc(pCmdHlp, pCmd, rc, "%Dv: Error reading load commands %Dv LB %#x\n",
+ pImageBase, &Addr, cbCmds);
+ RTMemTmpFree(pbCmds);
+ return rc;
+#undef ENTRY
+}
+
+
+/**
+ * @callback_method_impl{FNDBGCCMD, The 'dumpimage' command.}
+ */
+DECLCALLBACK(int) dbgcCmdDumpImage(PCDBGCCMD pCmd, PDBGCCMDHLP pCmdHlp, PUVM pUVM, PCDBGCVAR paArgs, unsigned cArgs)
+{
+ int rcRet = VINF_SUCCESS;
+ for (unsigned iArg = 0; iArg < cArgs; iArg++)
+ {
+ union
+ {
+ uint8_t ab[0x10];
+ IMAGE_DOS_HEADER DosHdr;
+ struct
+ {
+ uint32_t u32Magic;
+ IMAGE_FILE_HEADER FileHdr;
+ } Nt;
+ mach_header_64_t MachO64;
+ } uBuf;
+ DBGCVAR const ImageBase = paArgs[iArg];
+ int rc = DBGCCmdHlpMemRead(pCmdHlp, &uBuf.DosHdr, sizeof(uBuf.DosHdr), &ImageBase, NULL);
+ if (RT_SUCCESS(rc))
+ {
+ /*
+ * MZ.
+ */
+ if (uBuf.DosHdr.e_magic == IMAGE_DOS_SIGNATURE)
+ {
+ uint32_t offNewHdr = uBuf.DosHdr.e_lfanew;
+ if (offNewHdr < _256K && offNewHdr >= 16)
+ {
+ /* Look for new header. */
+ DBGCVAR NewHdrAddr;
+ rc = DBGCCmdHlpEval(pCmdHlp, &NewHdrAddr, "%DV + %#RX32", &ImageBase, offNewHdr);
+ if (RT_SUCCESS(rc))
+ {
+ rc = DBGCCmdHlpMemRead(pCmdHlp, &uBuf.Nt, sizeof(uBuf.Nt), &NewHdrAddr, NULL);
+ if (RT_SUCCESS(rc))
+ {
+ /* PE: */
+ if (uBuf.Nt.u32Magic == IMAGE_NT_SIGNATURE)
+ rc = dbgcDumpImagePe(pCmd, pCmdHlp, &ImageBase, &NewHdrAddr, &uBuf.Nt.FileHdr);
+ else
+ rc = DBGCCmdHlpFail(pCmdHlp, pCmd, "%Dv: Unknown new header magic: %.8Rhxs\n",
+ &ImageBase, uBuf.ab);
+ }
+ else
+ rc = DBGCCmdHlpFailRc(pCmdHlp, pCmd, rc, "%Dv: Failed to read %zu at %Dv",
+ &ImageBase, sizeof(uBuf.Nt), &NewHdrAddr);
+ }
+ else
+ rc = DBGCCmdHlpFailRc(pCmdHlp, pCmd, rc, "%Dv: Failed to calc address of new header", &ImageBase);
+ }
+ else
+ rc = DBGCCmdHlpFail(pCmdHlp, pCmd, "%Dv: MZ header but e_lfanew=%#RX32 is out of bounds (16..256K).\n",
+ &ImageBase, offNewHdr);
+ }
+ /*
+ * ELF.
+ */
+ else if (uBuf.ab[0] == ELFMAG0 && uBuf.ab[1] == ELFMAG1 && uBuf.ab[2] == ELFMAG2 && uBuf.ab[3] == ELFMAG3)
+ rc = dbgcDumpImageElf(pCmd, pCmdHlp, &ImageBase);
+ /*
+ * Mach-O.
+ */
+ else if ( uBuf.MachO64.magic == IMAGE_MACHO64_SIGNATURE
+ || uBuf.MachO64.magic == IMAGE_MACHO32_SIGNATURE )
+ rc = dbgcDumpImageMachO(pCmd, pCmdHlp, &ImageBase, &uBuf.MachO64);
+ /*
+ * Dunno.
+ */
+ else
+ rc = DBGCCmdHlpFail(pCmdHlp, pCmd, "%Dv: Unknown magic: %.8Rhxs\n", &ImageBase, uBuf.ab);
+ }
+ else
+ rc = DBGCCmdHlpFailRc(pCmdHlp, pCmd, rc, "%Dv: Failed to read %zu", &ImageBase, sizeof(uBuf.DosHdr));
+ if (RT_FAILURE(rc) && RT_SUCCESS(rcRet))
+ rcRet = rc;
+ }
+ RT_NOREF(pUVM);
+ return rcRet;
+}
+