From patchwork Wed Feb 22 21:12:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Viktor Prutyanov X-Patchwork-Id: 13149603 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 490A4C61DA4 for ; Wed, 22 Feb 2023 21:13:53 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pUwQD-0000UV-19; Wed, 22 Feb 2023 16:13:05 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pUwQB-0000Tr-JK for qemu-devel@nongnu.org; Wed, 22 Feb 2023 16:13:03 -0500 Received: from mail-lf1-x132.google.com ([2a00:1450:4864:20::132]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pUwQ8-0005Bp-1t for qemu-devel@nongnu.org; Wed, 22 Feb 2023 16:13:03 -0500 Received: by mail-lf1-x132.google.com with SMTP id f41so11756491lfv.13 for ; Wed, 22 Feb 2023 13:12:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=daynix-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=pVi/U26AhZf/rbBLtYfoyTLQ+an6palKbfw2UihlUPo=; b=OXU5mg4EQ2yeYRIge77rTV8eUPRqjtViqOio7U45Axr6BrRxD2AR2sKnSp/C/KUaIJ qVfMvTxWgujBzJyTUAkVnzT65mcNOMXliSqReos8Au9N6vyPglThLgTKPmquL/gZFc/g 2gTBqz1IO5lrDQEKX8cVfOX4NBY5vL+h9ieJQ9KFs79GqsaZigKczE2zpk5T6GuQFX3L Msq8k3Ui/lMgm+1J3x5+dXaNMGBkUC4lRwt7/tqc/vSwSVAdkIsWIlo3lLP3ZyHO8zxO X2rM6bTl2ceFGblYlwVll0ejXxlXCQr5luNLcmgup872IeJEYMD9EOcqygEW8c3yMDEM C2ow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pVi/U26AhZf/rbBLtYfoyTLQ+an6palKbfw2UihlUPo=; b=yzMYwJ4FX9ng3XmBHwxPbWXgETNX6VGrnL0ERp5MBUMBgNsmJmcEpLXu/X6QZT/bd6 sQoWO4Iy9+OU8pEcsKTUj2Qf/k5BNi6Y8P37q8VuYGbtfuCyPc1ST2YIhKlqnnCHrLtL GHJQIvK0WLYaa5raLnksGt3mBH3be5gL8N4xEH07pGKmJDB6O2/YsguF9So4d/IXi3yC Bpi6JI/cVQZMCk/0jfknD4PIpr5ZJyRS8tXtpR2bWvCGumPhI3n+cPQa5M1PUFCGUBv0 aNW8qqp2ka9FDhbk6UbuXA/bAOPbnXuWTzfcQWaWExQs3dr/zNmAgl/nxxlpUc5HayJu FOZw== X-Gm-Message-State: AO0yUKVpR9ByqLf8xxwm9eizcF+487lZ4YUhngaonvnqc3/wv8WB5jKV ARHhmTVfq7cTWCX1JfuK5tHvuw== X-Google-Smtp-Source: AK7set8w93icGHqmELxBSjeMEAT0WK7s0bNIyrN5jLIQXCASczzyMZiWH1cVWYKo49PIXxKfS+tAzg== X-Received: by 2002:a19:ac0a:0:b0:4b5:a207:8d70 with SMTP id g10-20020a19ac0a000000b004b5a2078d70mr3451154lfc.5.1677100377776; Wed, 22 Feb 2023 13:12:57 -0800 (PST) Received: from vp-pc.. (46-138-232-132.dynamic.spd-mgts.ru. [46.138.232.132]) by smtp.gmail.com with ESMTPSA id v15-20020ac2558f000000b004db0d97b053sm330068lfg.137.2023.02.22.13.12.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Feb 2023 13:12:57 -0800 (PST) From: Viktor Prutyanov To: annie.li@oracle.com, pbonzini@redhat.com, peter.maydell@linaro.org Cc: viktor.prutyanov@phystech.edu, yuri.benditovich@daynix.com, yan@daynix.com, qemu-devel@nongnu.org, viktor@daynix.com Subject: [PATCH v2 1/3] contrib/elf2dmp: fix code style Date: Thu, 23 Feb 2023 00:12:44 +0300 Message-Id: <20230222211246.883679-2-viktor@daynix.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20230222211246.883679-1-viktor@daynix.com> References: <20230222211246.883679-1-viktor@daynix.com> MIME-Version: 1.0 Received-SPF: none client-ip=2a00:1450:4864:20::132; envelope-from=viktor@daynix.com; helo=mail-lf1-x132.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Originally elf2dmp were added with some code style issues, especially in pe.h header, and some were introduced by 2d0fc797faaa73fbc1d30f5f9e90407bf3dd93f0. Fix them now. Signed-off-by: Viktor Prutyanov --- contrib/elf2dmp/addrspace.c | 1 + contrib/elf2dmp/main.c | 9 ++-- contrib/elf2dmp/pe.h | 100 ++++++++++++++++++------------------ 3 files changed, 57 insertions(+), 53 deletions(-) diff --git a/contrib/elf2dmp/addrspace.c b/contrib/elf2dmp/addrspace.c index 53ded17061..0b04cba00e 100644 --- a/contrib/elf2dmp/addrspace.c +++ b/contrib/elf2dmp/addrspace.c @@ -11,6 +11,7 @@ static struct pa_block *pa_space_find_block(struct pa_space *ps, uint64_t pa) { size_t i; + for (i = 0; i < ps->block_nr; i++) { if (ps->block[i].paddr <= pa && pa <= ps->block[i].paddr + ps->block[i].size) { diff --git a/contrib/elf2dmp/main.c b/contrib/elf2dmp/main.c index d77b8f98f7..9224764239 100644 --- a/contrib/elf2dmp/main.c +++ b/contrib/elf2dmp/main.c @@ -282,14 +282,16 @@ static int fill_header(WinDumpHeader64 *hdr, struct pa_space *ps, }; for (i = 0; i < ps->block_nr; i++) { - h.PhysicalMemoryBlock.NumberOfPages += ps->block[i].size / ELF2DMP_PAGE_SIZE; + h.PhysicalMemoryBlock.NumberOfPages += + ps->block[i].size / ELF2DMP_PAGE_SIZE; h.PhysicalMemoryBlock.Run[i] = (WinDumpPhyMemRun64) { .BasePage = ps->block[i].paddr / ELF2DMP_PAGE_SIZE, .PageCount = ps->block[i].size / ELF2DMP_PAGE_SIZE, }; } - h.RequiredDumpSpace += h.PhysicalMemoryBlock.NumberOfPages << ELF2DMP_PAGE_BITS; + h.RequiredDumpSpace += + h.PhysicalMemoryBlock.NumberOfPages << ELF2DMP_PAGE_BITS; *hdr = h; @@ -299,7 +301,8 @@ static int fill_header(WinDumpHeader64 *hdr, struct pa_space *ps, static int fill_context(KDDEBUGGER_DATA64 *kdbg, struct va_space *vs, QEMU_Elf *qe) { - int i; + int i; + for (i = 0; i < qe->state_nr; i++) { uint64_t Prcb; uint64_t Context; diff --git a/contrib/elf2dmp/pe.h b/contrib/elf2dmp/pe.h index c2a4a6ba7c..807d006364 100644 --- a/contrib/elf2dmp/pe.h +++ b/contrib/elf2dmp/pe.h @@ -33,70 +33,70 @@ typedef struct IMAGE_DOS_HEADER { } __attribute__ ((packed)) IMAGE_DOS_HEADER; typedef struct IMAGE_FILE_HEADER { - uint16_t Machine; - uint16_t NumberOfSections; - uint32_t TimeDateStamp; - uint32_t PointerToSymbolTable; - uint32_t NumberOfSymbols; - uint16_t SizeOfOptionalHeader; - uint16_t Characteristics; + uint16_t Machine; + uint16_t NumberOfSections; + uint32_t TimeDateStamp; + uint32_t PointerToSymbolTable; + uint32_t NumberOfSymbols; + uint16_t SizeOfOptionalHeader; + uint16_t Characteristics; } __attribute__ ((packed)) IMAGE_FILE_HEADER; typedef struct IMAGE_DATA_DIRECTORY { - uint32_t VirtualAddress; - uint32_t Size; + uint32_t VirtualAddress; + uint32_t Size; } __attribute__ ((packed)) IMAGE_DATA_DIRECTORY; #define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16 typedef struct IMAGE_OPTIONAL_HEADER64 { - uint16_t Magic; /* 0x20b */ - uint8_t MajorLinkerVersion; - uint8_t MinorLinkerVersion; - uint32_t SizeOfCode; - uint32_t SizeOfInitializedData; - uint32_t SizeOfUninitializedData; - uint32_t AddressOfEntryPoint; - uint32_t BaseOfCode; - uint64_t ImageBase; - uint32_t SectionAlignment; - uint32_t FileAlignment; - uint16_t MajorOperatingSystemVersion; - uint16_t MinorOperatingSystemVersion; - uint16_t MajorImageVersion; - uint16_t MinorImageVersion; - uint16_t MajorSubsystemVersion; - uint16_t MinorSubsystemVersion; - uint32_t Win32VersionValue; - uint32_t SizeOfImage; - uint32_t SizeOfHeaders; - uint32_t CheckSum; - uint16_t Subsystem; - uint16_t DllCharacteristics; - uint64_t SizeOfStackReserve; - uint64_t SizeOfStackCommit; - uint64_t SizeOfHeapReserve; - uint64_t SizeOfHeapCommit; - uint32_t LoaderFlags; - uint32_t NumberOfRvaAndSizes; - IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; + uint16_t Magic; /* 0x20b */ + uint8_t MajorLinkerVersion; + uint8_t MinorLinkerVersion; + uint32_t SizeOfCode; + uint32_t SizeOfInitializedData; + uint32_t SizeOfUninitializedData; + uint32_t AddressOfEntryPoint; + uint32_t BaseOfCode; + uint64_t ImageBase; + uint32_t SectionAlignment; + uint32_t FileAlignment; + uint16_t MajorOperatingSystemVersion; + uint16_t MinorOperatingSystemVersion; + uint16_t MajorImageVersion; + uint16_t MinorImageVersion; + uint16_t MajorSubsystemVersion; + uint16_t MinorSubsystemVersion; + uint32_t Win32VersionValue; + uint32_t SizeOfImage; + uint32_t SizeOfHeaders; + uint32_t CheckSum; + uint16_t Subsystem; + uint16_t DllCharacteristics; + uint64_t SizeOfStackReserve; + uint64_t SizeOfStackCommit; + uint64_t SizeOfHeapReserve; + uint64_t SizeOfHeapCommit; + uint32_t LoaderFlags; + uint32_t NumberOfRvaAndSizes; + IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; } __attribute__ ((packed)) IMAGE_OPTIONAL_HEADER64; typedef struct IMAGE_NT_HEADERS64 { - uint32_t Signature; - IMAGE_FILE_HEADER FileHeader; - IMAGE_OPTIONAL_HEADER64 OptionalHeader; + uint32_t Signature; + IMAGE_FILE_HEADER FileHeader; + IMAGE_OPTIONAL_HEADER64 OptionalHeader; } __attribute__ ((packed)) IMAGE_NT_HEADERS64; typedef struct IMAGE_DEBUG_DIRECTORY { - uint32_t Characteristics; - uint32_t TimeDateStamp; - uint16_t MajorVersion; - uint16_t MinorVersion; - uint32_t Type; - uint32_t SizeOfData; - uint32_t AddressOfRawData; - uint32_t PointerToRawData; + uint32_t Characteristics; + uint32_t TimeDateStamp; + uint16_t MajorVersion; + uint16_t MinorVersion; + uint32_t Type; + uint32_t SizeOfData; + uint32_t AddressOfRawData; + uint32_t PointerToRawData; } __attribute__ ((packed)) IMAGE_DEBUG_DIRECTORY; #define IMAGE_DEBUG_TYPE_CODEVIEW 2 From patchwork Wed Feb 22 21:12:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Viktor Prutyanov X-Patchwork-Id: 13149602 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 60901C636D6 for ; Wed, 22 Feb 2023 21:13:52 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pUwQD-0000WF-V0; Wed, 22 Feb 2023 16:13:05 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pUwQB-0000U1-Vh for qemu-devel@nongnu.org; Wed, 22 Feb 2023 16:13:03 -0500 Received: from mail-lf1-x12e.google.com ([2a00:1450:4864:20::12e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pUwQ9-0005Bt-Vy for qemu-devel@nongnu.org; Wed, 22 Feb 2023 16:13:03 -0500 Received: by mail-lf1-x12e.google.com with SMTP id m6so11857506lfq.5 for ; Wed, 22 Feb 2023 13:13:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=daynix-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=PlrYiP/Rjyh6JuAfva8PKq43r8eygmT1KPq0YjpxGiU=; b=oYd+CFyHKL66WbVmlHq7ScXxCrCJhRqWuRPvyN2R6F2+V7Wu6a4/MFyvLBRGVZ/ds8 VwBsLS7T/EhqB0InUCbswj6t+AInkJpRtTeTNmNdfOQVs+oUERMZHHRPpo4pyzBSvHT9 bRvkUzXUOB+I38tSWrt//F0zfSGtXdKzM042BSyQTXYb/0sXbxSPfip/JVnYw20TCuj5 cAiQDKEnQMZA+nJezXekLO2p7pj7u8ampwvftjQ95TNUqv7T8M7rFj57+BwB8G2p3Zyw ncnckNjwYXTPT7eWyHZqbnlgxcCwVCo/oF6fgZPCe9696reWIaY0zbXCM9fpI+gAiWiO iyKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=PlrYiP/Rjyh6JuAfva8PKq43r8eygmT1KPq0YjpxGiU=; b=u5DWn9oECLsJ876/VmDqNpYJKRSccDfiQRkQhA3+Ls/TxNrHPrWEwHcgOjwpNr4LLk hD4LiEr6PixHAQ8/sVFb7VBu6hkKcJULZoPxKPF9R3QlrdqRFBLbLVt3ckQ1vaIxoNnT 82B3TI2qA98nQ85aQ6Hy+x8uHYknaqaMmpk8RGmUnluE2WUtNCiMvtAyHYLkgtsjNDdT ejX8YmeNdlr7P66/80iMLuhWRcRXcDt6DqCLRrQjmZdBmUqlXV0YmiCVMS3XCy4T56Uk JQI49tA0yXU1xgYesP7qlD+S1XlKNmicXCmZku9JmX8oBdj+EiVrC49ScJcNBKAgS8GT f0bA== X-Gm-Message-State: AO0yUKXAuU0YUSj/4viwbJ2zLSuDavft//J68kPy8CVP8Bg6KlrSFKX/ /PAZ/ranOci9F0PfoW2O0QlCVg== X-Google-Smtp-Source: AK7set++dPKiaAqS4l3XgbefDVQNvUvub6xiFbCjmH5ol2EuwW2dr7CV9bxS9wYanq8MQFv5NqtNgg== X-Received: by 2002:ac2:5df1:0:b0:4db:18da:1bc9 with SMTP id z17-20020ac25df1000000b004db18da1bc9mr3452323lfq.60.1677100378887; Wed, 22 Feb 2023 13:12:58 -0800 (PST) Received: from vp-pc.. (46-138-232-132.dynamic.spd-mgts.ru. [46.138.232.132]) by smtp.gmail.com with ESMTPSA id v15-20020ac2558f000000b004db0d97b053sm330068lfg.137.2023.02.22.13.12.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Feb 2023 13:12:58 -0800 (PST) From: Viktor Prutyanov To: annie.li@oracle.com, pbonzini@redhat.com, peter.maydell@linaro.org Cc: viktor.prutyanov@phystech.edu, yuri.benditovich@daynix.com, yan@daynix.com, qemu-devel@nongnu.org, viktor@daynix.com Subject: [PATCH v2 2/3] contrib/elf2dmp: move PE dir search to pe_get_data_dir_entry Date: Thu, 23 Feb 2023 00:12:45 +0300 Message-Id: <20230222211246.883679-3-viktor@daynix.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20230222211246.883679-1-viktor@daynix.com> References: <20230222211246.883679-1-viktor@daynix.com> MIME-Version: 1.0 Received-SPF: none client-ip=2a00:1450:4864:20::12e; envelope-from=viktor@daynix.com; helo=mail-lf1-x12e.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Move out PE directory search functionality to be reused not only for Debug Directory processing but for arbitrary PE directory. Signed-off-by: Viktor Prutyanov --- contrib/elf2dmp/main.c | 71 +++++++++++++++++++++++++----------------- 1 file changed, 42 insertions(+), 29 deletions(-) diff --git a/contrib/elf2dmp/main.c b/contrib/elf2dmp/main.c index 9224764239..2f6028d8eb 100644 --- a/contrib/elf2dmp/main.c +++ b/contrib/elf2dmp/main.c @@ -333,6 +333,45 @@ static int fill_context(KDDEBUGGER_DATA64 *kdbg, return 0; } +static int pe_get_data_dir_entry(uint64_t base, void *start_addr, int idx, + void *entry, size_t size, struct va_space *vs) +{ + const char e_magic[2] = "MZ"; + const char Signature[4] = "PE\0\0"; + IMAGE_DOS_HEADER *dos_hdr = start_addr; + IMAGE_NT_HEADERS64 nt_hdrs; + IMAGE_FILE_HEADER *file_hdr = &nt_hdrs.FileHeader; + IMAGE_OPTIONAL_HEADER64 *opt_hdr = &nt_hdrs.OptionalHeader; + IMAGE_DATA_DIRECTORY *data_dir = nt_hdrs.OptionalHeader.DataDirectory; + + QEMU_BUILD_BUG_ON(sizeof(*dos_hdr) >= ELF2DMP_PAGE_SIZE); + + if (memcmp(&dos_hdr->e_magic, e_magic, sizeof(e_magic))) { + return 1; + } + + if (va_space_rw(vs, base + dos_hdr->e_lfanew, + &nt_hdrs, sizeof(nt_hdrs), 0)) { + return 1; + } + + if (memcmp(&nt_hdrs.Signature, Signature, sizeof(Signature)) || + file_hdr->Machine != 0x8664 || opt_hdr->Magic != 0x020b) { + return 1; + } + + if (va_space_rw(vs, + base + data_dir[idx].VirtualAddress, + entry, size, 0)) { + return 1; + } + + printf("Data directory entry #%d: RVA = 0x%08"PRIx32"\n", idx, + (uint32_t)data_dir[idx].VirtualAddress); + + return 0; +} + static int write_dump(struct pa_space *ps, WinDumpHeader64 *hdr, const char *name) { @@ -369,42 +408,16 @@ static int write_dump(struct pa_space *ps, static int pe_get_pdb_symstore_hash(uint64_t base, void *start_addr, char *hash, struct va_space *vs) { - const char e_magic[2] = "MZ"; - const char Signature[4] = "PE\0\0"; const char sign_rsds[4] = "RSDS"; - IMAGE_DOS_HEADER *dos_hdr = start_addr; - IMAGE_NT_HEADERS64 nt_hdrs; - IMAGE_FILE_HEADER *file_hdr = &nt_hdrs.FileHeader; - IMAGE_OPTIONAL_HEADER64 *opt_hdr = &nt_hdrs.OptionalHeader; - IMAGE_DATA_DIRECTORY *data_dir = nt_hdrs.OptionalHeader.DataDirectory; IMAGE_DEBUG_DIRECTORY debug_dir; OMFSignatureRSDS rsds; char *pdb_name; size_t pdb_name_sz; size_t i; - QEMU_BUILD_BUG_ON(sizeof(*dos_hdr) >= ELF2DMP_PAGE_SIZE); - - if (memcmp(&dos_hdr->e_magic, e_magic, sizeof(e_magic))) { - return 1; - } - - if (va_space_rw(vs, base + dos_hdr->e_lfanew, - &nt_hdrs, sizeof(nt_hdrs), 0)) { - return 1; - } - - if (memcmp(&nt_hdrs.Signature, Signature, sizeof(Signature)) || - file_hdr->Machine != 0x8664 || opt_hdr->Magic != 0x020b) { - return 1; - } - - printf("Debug Directory RVA = 0x%08"PRIx32"\n", - (uint32_t)data_dir[IMAGE_FILE_DEBUG_DIRECTORY].VirtualAddress); - - if (va_space_rw(vs, - base + data_dir[IMAGE_FILE_DEBUG_DIRECTORY].VirtualAddress, - &debug_dir, sizeof(debug_dir), 0)) { + if (pe_get_data_dir_entry(base, start_addr, IMAGE_FILE_DEBUG_DIRECTORY, + &debug_dir, sizeof(debug_dir), vs)) { + eprintf("Failed to get Debug Directory\n"); return 1; } From patchwork Wed Feb 22 21:12:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Viktor Prutyanov X-Patchwork-Id: 13149604 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 55B85C64EC7 for ; Wed, 22 Feb 2023 21:13:53 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pUwQE-0000WG-0C; Wed, 22 Feb 2023 16:13:06 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pUwQD-0000UY-3a for qemu-devel@nongnu.org; Wed, 22 Feb 2023 16:13:05 -0500 Received: from mail-lf1-x134.google.com ([2a00:1450:4864:20::134]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pUwQA-0005C0-33 for qemu-devel@nongnu.org; Wed, 22 Feb 2023 16:13:04 -0500 Received: by mail-lf1-x134.google.com with SMTP id w27so11840571lfu.4 for ; Wed, 22 Feb 2023 13:13:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=daynix-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=STNqBdWWCIs1BpepAXzTgFwj1FLlfxlkFnmzBHiqxqw=; b=KhyVzxpKN16d3kxd1ueB+uXuvzfZWJJO2XUGLR8v7zYdPfHsZ750+PG7fuWOFbCV8Q 0n+bayl8niTfEgRUOfeyZtOIs6aQr/RTMX4f9MEgYLlOFOjU9jc+4u+Vvpm2BkS6UWL4 5plWOn6ProHZICOsZsDmIiyGyN74UcQ6VdH26XI6dLxeVbNh0NrKTKaIqNaWpMIptS5V Cb+I+lYf1b6ZNMmfk7tvWGO5MUXOyjPnd1ThGFSxHsJNofK+qFwaBzwCKRzzJHcjP6O6 7rl984yaKg0MkCB3b/jbw33DOsD66SXVE7j0x6b2M01ouoRjVm3KzrJNwyzAKokl5guR wC+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=STNqBdWWCIs1BpepAXzTgFwj1FLlfxlkFnmzBHiqxqw=; b=DeyfJjkTaznzZJWrW8lmif5RXj0TmC7W3vqhtkgGjsfNMwy8fOMYmjPc5cbrJzg5ZD s4zVfBe078nqyQQPG7zCexzBn6gd6itFwb6SZshcH8cxs/La9GrbyZf6hjPaj9YB2r7g eiZ/CsBzsN9lOm9L6wmNyu11bmxDIDNXqw9y2hjE1B5P5yvoW1cO+nnsrcyQMiXACLUe js2VJScuhaC+v5ToWWq4sBpTlyoZdqM32FAMsK3Lbj3iGi7IAt5mqeN0sCmiqijbBmYl wdL+4JNJ9eytP2NgqcSBe2FS114F/oUFlC/6d2ArWrkvrS2j1HwRwSnEUmFLi5mj4vvw Kojw== X-Gm-Message-State: AO0yUKVGg2fFAR/nrmfgOJcQ9rjpRhTz/kGgML95o/MHXZKltO3J0pOc taGQBfh+HJch0fKRTpfzVNcHQw== X-Google-Smtp-Source: AK7set9znTgxkrXbv4u6CI+qbTwYLBUajtAv80NZobnHjMUMcQNTplH9EH//V9YQkptXCvhJZWV/Cg== X-Received: by 2002:ac2:52bc:0:b0:4dc:4afe:1622 with SMTP id r28-20020ac252bc000000b004dc4afe1622mr3647640lfm.42.1677100380007; Wed, 22 Feb 2023 13:13:00 -0800 (PST) Received: from vp-pc.. (46-138-232-132.dynamic.spd-mgts.ru. [46.138.232.132]) by smtp.gmail.com with ESMTPSA id v15-20020ac2558f000000b004db0d97b053sm330068lfg.137.2023.02.22.13.12.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Feb 2023 13:12:59 -0800 (PST) From: Viktor Prutyanov To: annie.li@oracle.com, pbonzini@redhat.com, peter.maydell@linaro.org Cc: viktor.prutyanov@phystech.edu, yuri.benditovich@daynix.com, yan@daynix.com, qemu-devel@nongnu.org, viktor@daynix.com Subject: [PATCH v2 3/3] contrib/elf2dmp: add PE name check and Windows Server 2022 support Date: Thu, 23 Feb 2023 00:12:46 +0300 Message-Id: <20230222211246.883679-4-viktor@daynix.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20230222211246.883679-1-viktor@daynix.com> References: <20230222211246.883679-1-viktor@daynix.com> MIME-Version: 1.0 Received-SPF: none client-ip=2a00:1450:4864:20::134; envelope-from=viktor@daynix.com; helo=mail-lf1-x134.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Since its inception elf2dmp has checked MZ signatures within an address space above IDT[0] interrupt vector and took first PE image found as Windows Kernel. But in Windows Server 2022 memory dump this address space range is full of invalid PE fragments and the tool must check that PE image is 'ntoskrnl.exe' actually. So, introduce additional validation by checking image name from Export Directory against 'ntoskrnl.exe'. Signed-off-by: Viktor Prutyanov Tested-by: Yuri Benditovich --- contrib/elf2dmp/main.c | 28 ++++++++++++++++++++++++++-- contrib/elf2dmp/pe.h | 15 +++++++++++++++ 2 files changed, 41 insertions(+), 2 deletions(-) diff --git a/contrib/elf2dmp/main.c b/contrib/elf2dmp/main.c index 2f6028d8eb..89f0c69ab0 100644 --- a/contrib/elf2dmp/main.c +++ b/contrib/elf2dmp/main.c @@ -17,6 +17,7 @@ #define SYM_URL_BASE "https://msdl.microsoft.com/download/symbols/" #define PDB_NAME "ntkrnlmp.pdb" +#define PE_NAME "ntoskrnl.exe" #define INITIAL_MXCSR 0x1f80 @@ -405,6 +406,25 @@ static int write_dump(struct pa_space *ps, return fclose(dmp_file); } +static bool pe_check_export_name(uint64_t base, void *start_addr, + struct va_space *vs) +{ + IMAGE_EXPORT_DIRECTORY export_dir; + const char *pe_name; + + if (pe_get_data_dir_entry(base, start_addr, IMAGE_FILE_EXPORT_DIRECTORY, + &export_dir, sizeof(export_dir), vs)) { + return false; + } + + pe_name = va_space_resolve(vs, base + export_dir.Name); + if (!pe_name) { + return false; + } + + return !strcmp(pe_name, PE_NAME); +} + static int pe_get_pdb_symstore_hash(uint64_t base, void *start_addr, char *hash, struct va_space *vs) { @@ -489,6 +509,7 @@ int main(int argc, char *argv[]) uint64_t KdDebuggerDataBlock; KDDEBUGGER_DATA64 *kdbg; uint64_t KdVersionBlock; + bool kernel_found = false; if (argc != 3) { eprintf("usage:\n\t%s elf_file dmp_file\n", argv[0]); @@ -536,11 +557,14 @@ int main(int argc, char *argv[]) } if (*(uint16_t *)nt_start_addr == 0x5a4d) { /* MZ */ - break; + if (pe_check_export_name(KernBase, nt_start_addr, &vs)) { + kernel_found = true; + break; + } } } - if (!nt_start_addr) { + if (!kernel_found) { eprintf("Failed to find NT kernel image\n"); err = 1; goto out_ps; diff --git a/contrib/elf2dmp/pe.h b/contrib/elf2dmp/pe.h index 807d006364..71126af1ac 100644 --- a/contrib/elf2dmp/pe.h +++ b/contrib/elf2dmp/pe.h @@ -88,6 +88,20 @@ typedef struct IMAGE_NT_HEADERS64 { IMAGE_OPTIONAL_HEADER64 OptionalHeader; } __attribute__ ((packed)) IMAGE_NT_HEADERS64; +typedef struct IMAGE_EXPORT_DIRECTORY { + uint32_t Characteristics; + uint32_t TimeDateStamp; + uint16_t MajorVersion; + uint16_t MinorVersion; + uint32_t Name; + uint32_t Base; + uint32_t NumberOfFunctions; + uint32_t NumberOfNames; + uint32_t AddressOfFunctions; + uint32_t AddressOfNames; + uint32_t AddressOfNameOrdinals; +} __attribute__ ((packed)) IMAGE_EXPORT_DIRECTORY; + typedef struct IMAGE_DEBUG_DIRECTORY { uint32_t Characteristics; uint32_t TimeDateStamp; @@ -102,6 +116,7 @@ typedef struct IMAGE_DEBUG_DIRECTORY { #define IMAGE_DEBUG_TYPE_CODEVIEW 2 #endif +#define IMAGE_FILE_EXPORT_DIRECTORY 0 #define IMAGE_FILE_DEBUG_DIRECTORY 6 typedef struct guid_t {