Lab
/
cosmopolitan
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
cosmopolitan/tool/viz/printpeb.c

535 lines
28 KiB
C
Raw Normal View History

Initial import
2020-06-15 14:18:57 +00:00
/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│
vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi
Copyright 2020 Justine Alexandra Roberts Tunney
Change license
2020-12-28 01:18:44 +00:00
Permission to use, copy, modify, and/or distribute this software for
any purpose with or without fee is hereby granted, provided that the
above copyright notice and this permission notice appear in all copies.
Initial import
2020-06-15 14:18:57 +00:00
Change license
2020-12-28 01:18:44 +00:00
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
Initial import
2020-06-15 14:18:57 +00:00
*/
Improve documentation The Cosmo API documentation page is pretty good now https://justine.lol/cosmopolitan/documentation.html
2020-12-27 15:02:35 +00:00
#include "libc/bits/safemacros.h"
Initial import
2020-06-15 14:18:57 +00:00
#include "libc/calls/calls.h"
#include "libc/calls/internal.h"
#include "libc/dce.h"
#include "libc/log/log.h"
#include "libc/nt/dll.h"
#include "libc/nt/enum/filetype.h"
#include "libc/nt/enum/startf.h"
#include "libc/nt/files.h"
#include "libc/nt/process.h"
#include "libc/nt/runtime.h"
#include "libc/nt/struct/ldr.h"
#include "libc/nt/struct/ldrdatatableentry.h"
#include "libc/nt/struct/linkedlist.h"
#include "libc/nt/struct/peb.h"
#include "libc/nt/struct/systeminfo.h"
#include "libc/nt/struct/teb.h"
#include "libc/nt/struct/unicodestring.h"
#include "libc/runtime/runtime.h"
#include "libc/stdio/stdio.h"
#include "libc/sysv/consts/madv.h"
#include "libc/sysv/consts/o.h"
#include "tool/decode/lib/flagger.h"
#include "tool/decode/lib/idname.h"
char *GetString(struct NtUnicodeString *s) {
static char buf[1024];
unsigned len = min(sizeof(buf) - 1, s->Length);
for (unsigned i = 0; i < len; ++i) {
buf[i] = (unsigned char)s->Data[i];
}
buf[len] = '\0';
return &buf[0];
}
int NextBestThing(void) {
int64_t fd = open("/proc/self/maps", O_RDONLY);
posix_fadvise(fd, 0, 0, MADV_SEQUENTIAL);
ssize_t wrote;
while ((wrote = copyfd(fd, NULL, 1, NULL, 1024 * 64, 0)) != -1) {
if (wrote == 0) break;
}
close(fd);
return 0;
}
const struct IdName kNtStartfFlagNames[] = {
{kNtStartfUseshowwindow, "kNtStartfUseshowwindow"},
{kNtStartfUsesize, "kNtStartfUsesize"},
{kNtStartfUseposition, "kNtStartfUseposition"},
{kNtStartfUsecountchars, "kNtStartfUsecountchars"},
{kNtStartfUsefillattribute, "kNtStartfUsefillattribute"},
{kNtStartfRunfullscreen, "kNtStartfRunfullscreen"},
{kNtStartfForceonfeedback, "kNtStartfForceonfeedback"},
{kNtStartfForceofffeedback, "kNtStartfForceofffeedback"},
{kNtStartfUsestdhandles, "kNtStartfUsestdhandles"},
{kNtStartfUsehotkey, "kNtStartfUsehotkey"},
{kNtStartfTitleislinkname, "kNtStartfTitleislinkname"},
{kNtStartfTitleisappid, "kNtStartfTitleisappid"},
{kNtStartfPreventpinning, "kNtStartfPreventpinning"},
{kNtStartfUntrustedsource, "kNtStartfUntrustedsource"},
{0, 0},
};
void PrintStartupInfo(void) {
Add x86_64-linux-gnu emulator I wanted a tiny scriptable meltdown proof way to run userspace programs and visualize how program execution impacts memory. It helps to explain how things like Actually Portable Executable works. It can show you how the GCC generated code is going about manipulating matrices and more. I didn't feel fully comfortable with Qemu and Bochs because I'm not smart enough to understand them. I wanted something like gVisor but with much stronger levels of assurances. I wanted a single binary that'll run, on all major operating systems with an embedded GPL barrier ZIP filesystem that is tiny enough to transpile to JavaScript and run in browsers too. https://justine.storage.googleapis.com/emulator625.mp4
2020-08-25 11:23:25 +00:00
printf("\n\
Initial import
2020-06-15 14:18:57 +00:00
\n\
new technology § startup info \n\
\n\
\n");
#define X(D, F) \
printf("%s.%-22s= " D "\n", "g_ntstartupinfo", #F, g_ntstartupinfo.F);
X("%u", cb);
X("%p", lpReserved);
X("%hs", lpDesktop);
X("%hs", lpTitle);
X("%u", dwX);
X("%u", dwY);
X("%u", dwXSize);
X("%u", dwYSize);
X("%u", dwXCountChars);
X("%u", dwYCountChars);
X("%u", dwFillAttribute);
printf("%s.%-22s: %s\n", "g_ntstartupinfo", "dwFlags",
Add x86_64-linux-gnu emulator I wanted a tiny scriptable meltdown proof way to run userspace programs and visualize how program execution impacts memory. It helps to explain how things like Actually Portable Executable works. It can show you how the GCC generated code is going about manipulating matrices and more. I didn't feel fully comfortable with Qemu and Bochs because I'm not smart enough to understand them. I wanted something like gVisor but with much stronger levels of assurances. I wanted a single binary that'll run, on all major operating systems with an embedded GPL barrier ZIP filesystem that is tiny enough to transpile to JavaScript and run in browsers too. https://justine.storage.googleapis.com/emulator625.mp4
2020-08-25 11:23:25 +00:00
RecreateFlags(kNtStartfFlagNames, g_ntstartupinfo.dwFlags));
Initial import
2020-06-15 14:18:57 +00:00
X("%hu", wShowWindow);
X("%hu", cbReserved2);
X("%s", lpReserved2);
X("%ld", hStdInput);
X("%ld", hStdOutput);
X("%ld", hStdError);
#undef X
}
void PrintSystemInfo(void) {
Add x86_64-linux-gnu emulator I wanted a tiny scriptable meltdown proof way to run userspace programs and visualize how program execution impacts memory. It helps to explain how things like Actually Portable Executable works. It can show you how the GCC generated code is going about manipulating matrices and more. I didn't feel fully comfortable with Qemu and Bochs because I'm not smart enough to understand them. I wanted something like gVisor but with much stronger levels of assurances. I wanted a single binary that'll run, on all major operating systems with an embedded GPL barrier ZIP filesystem that is tiny enough to transpile to JavaScript and run in browsers too. https://justine.storage.googleapis.com/emulator625.mp4
2020-08-25 11:23:25 +00:00
printf("\n\
Initial import
2020-06-15 14:18:57 +00:00
\n\
new technology § system info \n\
\n\
\n");
#define X(D, F) \
printf("%s.%-28s= " D "\n", "g_ntsysteminfo", #F, g_ntsysteminfo.F);
X("%08x", dwOemId);
X("%04hx", wProcessorArchitecture);
X("%d", dwPageSize);
X("%p", lpMinimumApplicationAddress);
X("%p", lpMaximumApplicationAddress);
X("%p", dwActiveProcessorMask);
X("%u", dwNumberOfProcessors);
X("%u", dwProcessorType);
X("%u", dwAllocationGranularity);
X("%hu", wProcessorLevel);
X("%hu", wProcessorRevision);
#undef X
}
Get Cosmopolitan into releasable state A new rollup tool now exists for flattening out the headers in a way that works better for our purposes than cpp. A lot of the API clutter has been removed. APIs that aren't a sure thing in terms of general recommendation are now marked internal. There's now a smoke test for the amalgamation archive and gigantic header file. So we can now guarantee you can use this project on the easiest difficulty setting without the gigantic repository. A website is being created, which is currently a work in progress: https://justine.storage.googleapis.com/cosmopolitan/index.html
2020-11-25 16:19:00 +00:00
const char *ft2str(int ft) {
Initial import
2020-06-15 14:18:57 +00:00
if (ft == kNtFileTypeUnknown) return "kNtFileTypeUnknown";
if (ft == kNtFileTypeDisk) return "kNtFileTypeDisk";
if (ft == kNtFileTypeChar) return "kNtFileTypeChar";
if (ft == kNtFileTypePipe) return "kNtFileTypePipe";
if (ft == kNtFileTypeRemote) return "kNtFileTypeRemote";
return "wut?";
}
void PrintStdioInfo(void) {
Add x86_64-linux-gnu emulator I wanted a tiny scriptable meltdown proof way to run userspace programs and visualize how program execution impacts memory. It helps to explain how things like Actually Portable Executable works. It can show you how the GCC generated code is going about manipulating matrices and more. I didn't feel fully comfortable with Qemu and Bochs because I'm not smart enough to understand them. I wanted something like gVisor but with much stronger levels of assurances. I wanted a single binary that'll run, on all major operating systems with an embedded GPL barrier ZIP filesystem that is tiny enough to transpile to JavaScript and run in browsers too. https://justine.storage.googleapis.com/emulator625.mp4
2020-08-25 11:23:25 +00:00
printf("\n\
Initial import
2020-06-15 14:18:57 +00:00
\n\
new technology § stdio info \n\
\n\
\n");
printf("%s: %ld (%s)\n", "g_fds.p[0].handle", g_fds.p[0].handle,
ft2str(GetFileType(g_fds.p[0].handle)));
printf("%s: %ld (%s)\n", "g_fds.p[1].handle", g_fds.p[1].handle,
ft2str(GetFileType(g_fds.p[1].handle)));
printf("%s: %ld (%s)\n", "g_fds.p[2].handle", g_fds.p[2].handle,
ft2str(GetFileType(g_fds.p[2].handle)));
}
void PrintTeb(void) {
GetCurrentProcessId();
SetLastError(0x1234);
Add x86_64-linux-gnu emulator I wanted a tiny scriptable meltdown proof way to run userspace programs and visualize how program execution impacts memory. It helps to explain how things like Actually Portable Executable works. It can show you how the GCC generated code is going about manipulating matrices and more. I didn't feel fully comfortable with Qemu and Bochs because I'm not smart enough to understand them. I wanted something like gVisor but with much stronger levels of assurances. I wanted a single binary that'll run, on all major operating systems with an embedded GPL barrier ZIP filesystem that is tiny enough to transpile to JavaScript and run in browsers too. https://justine.storage.googleapis.com/emulator625.mp4
2020-08-25 11:23:25 +00:00
printf("\n\
Initial import
2020-06-15 14:18:57 +00:00
\n\
new technology § teb? \n\
\n\
\n");
printf("gs:0x%02x: %-39s = 0x%lx\n", 0x00, "NtGetSeh()", _NtGetSeh());
printf("gs:0x%02x: %-39s = 0x%lx\n", 0x08, "NtGetStackHigh()",
_NtGetStackHigh());
printf("gs:0x%02x: %-39s = 0x%lx\n", 0x10, "NtGetStackLow()",
_NtGetStackLow());
printf("gs:0x%02x: %-39s = 0x%lx\n", 0x18, "_NtGetSubsystemTib()",
_NtGetSubsystemTib());
printf("gs:0x%02x: %-39s = 0x%lx\n", 0x20, "NtGetFib()", _NtGetFib());
printf("gs:0x%02x: %-39s = 0x%lx\n", 0x30, "NtGetTeb()", NtGetTeb());
printf("gs:0x%02x: %-39s = 0x%lx\n", 0x38, "NtGetEnv()", _NtGetEnv());
printf("gs:0x%02x: %-39s = 0x%lx\n", 0x40, "NtGetPid()", NtGetPid());
printf("gs:0x%02x: %-39s = 0x%lx\n", 0x48, "NtGetTid()", NtGetTid());
printf("gs:0x%02x: %-39s = 0x%lx\n", 0x50, "NtGetRpc()", _NtGetRpc());
printf("gs:0x%02x: %-39s = 0x%lx\n", 0x58, "NtGetTls()", _NtGetTls());
printf("gs:0x%02x: %-39s = 0x%lx\n", 0x60, "NtGetPeb()", NtGetPeb());
printf("gs:0x%02x: %-39s = 0x%lx\n", 0x68, "NtGetErr()", NtGetErr());
}
void PrintPeb(void) {
struct NtPeb *peb = NtGetPeb();
Add x86_64-linux-gnu emulator I wanted a tiny scriptable meltdown proof way to run userspace programs and visualize how program execution impacts memory. It helps to explain how things like Actually Portable Executable works. It can show you how the GCC generated code is going about manipulating matrices and more. I didn't feel fully comfortable with Qemu and Bochs because I'm not smart enough to understand them. I wanted something like gVisor but with much stronger levels of assurances. I wanted a single binary that'll run, on all major operating systems with an embedded GPL barrier ZIP filesystem that is tiny enough to transpile to JavaScript and run in browsers too. https://justine.storage.googleapis.com/emulator625.mp4
2020-08-25 11:23:25 +00:00
printf("\n\
Initial import
2020-06-15 14:18:57 +00:00
\n\
new technology § peb \n\
\n\
\n");
printf("0x%04x: %-40s = %u\n", offsetof(struct NtPeb, InheritedAddressSpace),
"InheritedAddressSpace", (unsigned)peb->InheritedAddressSpace);
printf("0x%04x: %-40s = %u\n",
offsetof(struct NtPeb, ReadImageFileExecOptions),
"ReadImageFileExecOptions", (unsigned)peb->ReadImageFileExecOptions);
printf("0x%04x: %-40s = %u\n", offsetof(struct NtPeb, BeingDebugged),
"BeingDebugged", (unsigned)peb->BeingDebugged);
printf("0x%04x: %-40s = %u\n", offsetof(struct NtPeb, __wut1), "__wut1",
(unsigned)peb->__wut1);
printf("0x%04x: %-40s = 0x%lx\n", offsetof(struct NtPeb, Mutant), "Mutant",
peb->Mutant);
printf("0x%04x: %-40s = 0x%lx\n", offsetof(struct NtPeb, ImageBaseAddress),
"ImageBaseAddress", peb->ImageBaseAddress);
/* struct NtLdr *Ldr; */
printf("0x%04x: %-40s = 0x%lx\n", offsetof(struct NtPeb, ProcessParameters),
"ProcessParameters", peb->ProcessParameters);
printf("0x%04x: %-40s = 0x%lx\n", offsetof(struct NtPeb, SubSystemData),
"SubSystemData", peb->SubSystemData);
printf("0x%04x: %-40s = 0x%lx\n", offsetof(struct NtPeb, ProcessHeap),
"ProcessHeap", peb->ProcessHeap);
printf("0x%04x: %-40s = 0x%lx\n", offsetof(struct NtPeb, FastPebLock),
"FastPebLock", peb->FastPebLock);
printf("0x%04x: %-40s = 0x%lx\n", offsetof(struct NtPeb, __wut3), "__wut3",
peb->__wut3);
printf("0x%04x: %-40s = 0x%lx\n", offsetof(struct NtPeb, __wut4), "__wut4",
peb->__wut4);
printf("0x%04x: %-40s = 0x%lx\n", offsetof(struct NtPeb, __wut5), "__wut5",
peb->__wut5);
printf("0x%04x: %-40s = 0x%lx\n", offsetof(struct NtPeb, KernelCallbackTable),
"KernelCallbackTable", peb->KernelCallbackTable);
printf("0x%04x: %-40s = 0x%lx\n", offsetof(struct NtPeb, UserSharedInfoPtr),
"UserSharedInfoPtr", peb->UserSharedInfoPtr);
printf("0x%04x: %-40s = 0x%x\n", offsetof(struct NtPeb, SystemReserved),
"SystemReserved", peb->SystemReserved);
printf("0x%04x: %-40s = 0x%x\n", offsetof(struct NtPeb, __wut6), "__wut6",
peb->__wut6);
printf("0x%04x: %-40s = 0x%lx\n", offsetof(struct NtPeb, __wut7), "__wut7",
peb->__wut7);
printf("0x%04x: %-40s = 0x%lx\n", offsetof(struct NtPeb, TlsExpansionCounter),
"TlsExpansionCounter", peb->TlsExpansionCounter);
printf("0x%04x: %-40s = 0x%lx\n", offsetof(struct NtPeb, TlsBitmap),
"TlsBitmap", peb->TlsBitmap);
printf("0x%04x: %-40s = 0x%x 0x%x\n", offsetof(struct NtPeb, TlsBitmapBits),
"TlsBitmapBits", peb->TlsBitmapBits[0], peb->TlsBitmapBits[1]);
printf("0x%04x: %-40s = 0x%lx\n",
offsetof(struct NtPeb, ReadOnlySharedMemoryBase),
"ReadOnlySharedMemoryBase", peb->ReadOnlySharedMemoryBase);
printf("0x%04x: %-40s = 0x%lx\n", offsetof(struct NtPeb, __wut8), "__wut8",
peb->__wut8);
printf("0x%04x: %-40s = 0x%lx\n",
offsetof(struct NtPeb, ReadOnlyStaticServerData),
"ReadOnlyStaticServerData", peb->ReadOnlyStaticServerData);
printf("0x%04x: %-40s = 0x%lx\n", offsetof(struct NtPeb, AnsiCodePageData),
"AnsiCodePageData", peb->AnsiCodePageData);
printf("0x%04x: %-40s = 0x%lx\n", offsetof(struct NtPeb, OemCodePageData),
"OemCodePageData", peb->OemCodePageData);
printf("0x%04x: %-40s = 0x%lx\n",
offsetof(struct NtPeb, UnicodeCaseTableData), "UnicodeCaseTableData",
peb->UnicodeCaseTableData);
printf("0x%04x: %-40s = 0x%x\n", offsetof(struct NtPeb, NumberOfProcessors),
"NumberOfProcessors", peb->NumberOfProcessors);
printf("0x%04x: %-40s = 0x%x\n", offsetof(struct NtPeb, NtGlobalFlag),
"NtGlobalFlag", peb->NtGlobalFlag);
printf("0x%04x: %-40s = %ld\n",
offsetof(struct NtPeb, CriticalSectionTimeout),
"CriticalSectionTimeout", peb->CriticalSectionTimeout);
printf("0x%04x: %-40s = 0x%lx\n", offsetof(struct NtPeb, HeapSegmentReserve),
"HeapSegmentReserve", peb->HeapSegmentReserve);
printf("0x%04x: %-40s = 0x%lx\n", offsetof(struct NtPeb, HeapSegmentCommit),
"HeapSegmentCommit", peb->HeapSegmentCommit);
printf("0x%04x: %-40s = 0x%lx\n",
offsetof(struct NtPeb, HeapDeCommitTotalFreeThreshold),
"HeapDeCommitTotalFreeThreshold", peb->HeapDeCommitTotalFreeThreshold);
printf("0x%04x: %-40s = 0x%lx\n",
offsetof(struct NtPeb, HeapDeCommitFreeBlockThreshold),
"HeapDeCommitFreeBlockThreshold", peb->HeapDeCommitFreeBlockThreshold);
printf("0x%04x: %-40s = 0x%x\n", offsetof(struct NtPeb, NumberOfHeaps),
"NumberOfHeaps", peb->NumberOfHeaps);
printf("0x%04x: %-40s = 0x%x\n", offsetof(struct NtPeb, MaximumNumberOfHeaps),
"MaximumNumberOfHeaps", peb->MaximumNumberOfHeaps);
printf("0x%04x: %-40s = 0x%lx\n", offsetof(struct NtPeb, ProcessHeaps),
"ProcessHeaps", peb->ProcessHeaps);
printf("0x%04x: %-40s = 0x%lx\n",
offsetof(struct NtPeb, GdiSharedHandleTable), "GdiSharedHandleTable",
peb->GdiSharedHandleTable);
printf("0x%04x: %-40s = 0x%lx\n",
offsetof(struct NtPeb, ProcessStarterHelper), "ProcessStarterHelper",
peb->ProcessStarterHelper);
printf("0x%04x: %-40s = 0x%lx\n", offsetof(struct NtPeb, GdiDCAttributeList),
"GdiDCAttributeList", peb->GdiDCAttributeList);
printf("0x%04x: %-40s = 0x%lx\n", offsetof(struct NtPeb, LoaderLock),
"LoaderLock", peb->LoaderLock);
printf("0x%04x: %-40s = 0x%x\n", offsetof(struct NtPeb, OSMajorVersion),
"OSMajorVersion", peb->OSMajorVersion);
printf("0x%04x: %-40s = 0x%x\n", offsetof(struct NtPeb, OSMinorVersion),
"OSMinorVersion", peb->OSMinorVersion);
printf("0x%04x: %-40s = %hu\n", offsetof(struct NtPeb, OSBuildNumber),
"OSBuildNumber", peb->OSBuildNumber);
printf("0x%04x: %-40s = %hu\n", offsetof(struct NtPeb, OSCSDVersion),
"OSCSDVersion", peb->OSCSDVersion);
printf("0x%04x: %-40s = 0x%x\n", offsetof(struct NtPeb, OSPlatformId),
"OSPlatformId", peb->OSPlatformId);
printf("0x%04x: %-40s = 0x%x\n", offsetof(struct NtPeb, ImageSubsystem),
"ImageSubsystem", peb->ImageSubsystem);
printf("0x%04x: %-40s = 0x%x\n",
offsetof(struct NtPeb, ImageSubsystemMajorVersion),
"ImageSubsystemMajorVersion", peb->ImageSubsystemMajorVersion);
printf("0x%04x: %-40s = 0x%lx\n",
offsetof(struct NtPeb, ImageSubsystemMinorVersion),
"ImageSubsystemMinorVersion", peb->ImageSubsystemMinorVersion);
printf("0x%04x: %-40s = 0x%lx\n",
offsetof(struct NtPeb, ImageProcessAffinityMask),
"ImageProcessAffinityMask", peb->ImageProcessAffinityMask);
printf("0x%04x: %-40s = 0x%lx\n",
offsetof(struct NtPeb, ActiveProcessAffinityMask),
"ActiveProcessAffinityMask", peb->ActiveProcessAffinityMask);
/* "0x%lx", GdiHandleBuffer[38 - __SIZEOF_POINTER__]; */
printf("0x%04x: %-40s = 0x%lx\n",
offsetof(struct NtPeb, PostProcessInitRoutine),
"PostProcessInitRoutine", peb->PostProcessInitRoutine);
printf("0x%04x: %-40s = 0x%lx\n", offsetof(struct NtPeb, TlsExpansionBitmap),
"TlsExpansionBitmap", peb->TlsExpansionBitmap);
/* "0x%x", TlsExpansionBitmapBits[32]; */
printf("0x%04x: %-40s = 0x%lx\n", offsetof(struct NtPeb, SessionId),
"SessionId", peb->SessionId);
printf("0x%04x: %-40s = 0x%lx\n", offsetof(struct NtPeb, AppCompatFlags),
"AppCompatFlags", peb->AppCompatFlags);
printf("0x%04x: %-40s = 0x%lx\n", offsetof(struct NtPeb, AppCompatFlagsUser),
"AppCompatFlagsUser", peb->AppCompatFlagsUser);
printf("0x%04x: %-40s = 0x%lx\n", offsetof(struct NtPeb, pShimData),
"pShimData", peb->pShimData);
printf("0x%04x: %-40s = 0x%lx\n", offsetof(struct NtPeb, AppCompatInfo),
"AppCompatInfo", peb->AppCompatInfo);
printf("0x%04x: %-40s = \"%s\"\n", offsetof(struct NtPeb, CSDVersion),
"CSDVersion", GetString(&peb->CSDVersion));
printf("0x%04x: %-40s = 0x%lx\n",
offsetof(struct NtPeb, ActivationContextData), "ActivationContextData",
peb->ActivationContextData);
printf("0x%04x: %-40s = 0x%lx\n",
offsetof(struct NtPeb, ProcessAssemblyStorageMap),
"ProcessAssemblyStorageMap", peb->ProcessAssemblyStorageMap);
printf("0x%04x: %-40s = 0x%lx\n",
offsetof(struct NtPeb, SystemDefaultActivationContextData),
"SystemDefaultActivationContextData",
peb->SystemDefaultActivationContextData);
printf("0x%04x: %-40s = 0x%lx\n",
offsetof(struct NtPeb, SystemAssemblyStorageMap),
"SystemAssemblyStorageMap", peb->SystemAssemblyStorageMap);
printf("0x%04x: %-40s = 0x%lx\n", offsetof(struct NtPeb, MinimumStackCommit),
"MinimumStackCommit", peb->MinimumStackCommit);
}
void PrintPebLdr(void) {
Add x86_64-linux-gnu emulator I wanted a tiny scriptable meltdown proof way to run userspace programs and visualize how program execution impacts memory. It helps to explain how things like Actually Portable Executable works. It can show you how the GCC generated code is going about manipulating matrices and more. I didn't feel fully comfortable with Qemu and Bochs because I'm not smart enough to understand them. I wanted something like gVisor but with much stronger levels of assurances. I wanted a single binary that'll run, on all major operating systems with an embedded GPL barrier ZIP filesystem that is tiny enough to transpile to JavaScript and run in browsers too. https://justine.storage.googleapis.com/emulator625.mp4
2020-08-25 11:23:25 +00:00
printf("\n\
Initial import
2020-06-15 14:18:57 +00:00
\n\
new technology § peb » ldr \n\
\n\
\n");
printf("0x%04x: %-40s = 0x%lx\n", offsetof(struct NtLdr, SizeOfThis),
"SizeOfThis", NtGetPeb()->Ldr->SizeOfThis);
printf("0x%04x: %-40s = 0x%lx\n", offsetof(struct NtLdr, IsInitialized),
"IsInitialized", NtGetPeb()->Ldr->IsInitialized);
printf("0x%04x: %-40s = 0x%lx\n", offsetof(struct NtLdr, SsHandle),
"SsHandle", NtGetPeb()->Ldr->SsHandle);
printf("0x%04x: %-40s = 0x%lx\n",
offsetof(struct NtLdr, InLoadOrderModuleList), "InLoadOrderModuleList",
NtGetPeb()->Ldr->InLoadOrderModuleList);
printf("0x%04x: %-40s = 0x%lx\n",
offsetof(struct NtLdr, InMemoryOrderModuleList),
"InMemoryOrderModuleList", NtGetPeb()->Ldr->InMemoryOrderModuleList);
printf("0x%04x: %-40s = 0x%lx\n",
offsetof(struct NtLdr, InInitOrderModuleList), "InInitOrderModuleList",
NtGetPeb()->Ldr->InInitOrderModuleList);
}
void PrintModulesLoadOrder(void) {
{
Add x86_64-linux-gnu emulator I wanted a tiny scriptable meltdown proof way to run userspace programs and visualize how program execution impacts memory. It helps to explain how things like Actually Portable Executable works. It can show you how the GCC generated code is going about manipulating matrices and more. I didn't feel fully comfortable with Qemu and Bochs because I'm not smart enough to understand them. I wanted something like gVisor but with much stronger levels of assurances. I wanted a single binary that'll run, on all major operating systems with an embedded GPL barrier ZIP filesystem that is tiny enough to transpile to JavaScript and run in browsers too. https://justine.storage.googleapis.com/emulator625.mp4
2020-08-25 11:23:25 +00:00
printf("\n\
Initial import
2020-06-15 14:18:57 +00:00
\n\
new technology § modules » load order \n\
\n\
\n");
struct NtLinkedList *head = &NtGetPeb()->Ldr->InLoadOrderModuleList;
struct NtLinkedList *ldr = head->Next;
do {
const struct NtLdrDataTableEntry *dll =
(const struct NtLdrDataTableEntry *)ldr;
/* struct NtLinkedList InLoadOrderLinks; /\* msdn:reserved *\/ */
/* struct NtLinkedList InMemoryOrderLinks; */
/* struct NtLinkedList InInitOrderLinks; /\* msdn:reserved *\/ */
printf("0x%p\n", ldr);
printf("0x%p vs. 0x%p\n", dll, GetModuleHandleW(dll->FullDllName.Data));
printf("0x%04x: %-40s = 0x%lx\n",
offsetof(struct NtLdrDataTableEntry, DllBase), "DllBase",
dll->DllBase);
printf("0x%04x: %-40s = 0x%lx\n",
offsetof(struct NtLdrDataTableEntry, EntryPoint), "EntryPoint",
dll->EntryPoint);
printf("0x%04x: %-40s = 0x%x\n",
offsetof(struct NtLdrDataTableEntry, SizeOfImage), "SizeOfImage",
dll->SizeOfImage);
printf("0x%04x: %-40s = \"%s\"\n",
offsetof(struct NtLdrDataTableEntry, FullDllName), "FullDllName",
GetString(&dll->FullDllName));
printf("0x%04x: %-40s = \"%s\"\n",
offsetof(struct NtLdrDataTableEntry, BaseDllName), "BaseDllName",
GetString(&dll->BaseDllName));
printf("0x%04x: %-40s = 0x%x\n",
offsetof(struct NtLdrDataTableEntry, Flags), "Flags", dll->Flags);
printf("0x%04x: %-40s = %hu\n",
offsetof(struct NtLdrDataTableEntry, Load_Count), "Load_Count",
dll->Load_Count);
printf("0x%04x: %-40s = %hu\n",
offsetof(struct NtLdrDataTableEntry, TlsIndex), "TlsIndex",
dll->TlsIndex);
/* union { */
/* struct NtLinkedList HashLinks; */
/* struct { */
/* void *SectionPointer; */
/* uint32_t CheckSum; */
/* }; */
/* }; */
/* union { */
/* void *LoadedImports; */
/* uint32_t TimeDateStamp; */
/* }; */
printf("0x%04x: %-40s = 0x%lx\n",
offsetof(struct NtLdrDataTableEntry, EntryPointActivationContext),
"EntryPointActivationContext", dll->EntryPointActivationContext);
printf("0x%04x: %-40s = 0x%lx\n",
offsetof(struct NtLdrDataTableEntry, PatchInformation),
"PatchInformation", dll->PatchInformation);
/* struct NtLinkedList ForwarderLinks; */
/* struct NtLinkedList ServiceTagLinks; */
/* struct NtLinkedList StaticLinks; */
printf("0x%04x: %-40s = 0x%lx\n",
offsetof(struct NtLdrDataTableEntry, ContextInformation),
"ContextInformation", dll->ContextInformation);
printf("0x%04x: %-40s = 0x%lx\n",
offsetof(struct NtLdrDataTableEntry, OriginalBase), "OriginalBase",
dll->OriginalBase);
printf("0x%04x: %-40s = %ld\n",
offsetof(struct NtLdrDataTableEntry, LoadTime), "LoadTime",
dll->LoadTime);
printf("\n");
} while ((ldr = ldr->Next) && ldr != head);
}
}
void PrintModulesMemoryOrder(void) {
{
Add x86_64-linux-gnu emulator I wanted a tiny scriptable meltdown proof way to run userspace programs and visualize how program execution impacts memory. It helps to explain how things like Actually Portable Executable works. It can show you how the GCC generated code is going about manipulating matrices and more. I didn't feel fully comfortable with Qemu and Bochs because I'm not smart enough to understand them. I wanted something like gVisor but with much stronger levels of assurances. I wanted a single binary that'll run, on all major operating systems with an embedded GPL barrier ZIP filesystem that is tiny enough to transpile to JavaScript and run in browsers too. https://justine.storage.googleapis.com/emulator625.mp4
2020-08-25 11:23:25 +00:00
printf("\n\
Initial import
2020-06-15 14:18:57 +00:00
\n\
new technology § modules » memory order \n\
\n\
\n");
struct NtLinkedList *head = &NtGetPeb()->Ldr->InMemoryOrderModuleList;
struct NtLinkedList *ldr = head->Next;
do {
const struct NtLdrDataTableEntry *dll =
(const struct NtLdrDataTableEntry *)ldr;
/* struct NtLinkedList InLoadOrderLinks; /\* msdn:reserved *\/ */
/* struct NtLinkedList InMemoryOrderLinks; */
/* struct NtLinkedList InInitOrderLinks; /\* msdn:reserved *\/ */
printf("0x%p\n", dll);
printf("0x%04x: %-40s = 0x%lx\n",
offsetof(struct NtLdrDataTableEntry, DllBase), "DllBase",
dll->DllBase);
printf("0x%04x: %-40s = 0x%lx\n",
offsetof(struct NtLdrDataTableEntry, EntryPoint), "EntryPoint",
dll->EntryPoint);
printf("0x%04x: %-40s = 0x%x\n",
offsetof(struct NtLdrDataTableEntry, SizeOfImage), "SizeOfImage",
dll->SizeOfImage);
printf("0x%04x: %-40s = \"%s\"\n",
offsetof(struct NtLdrDataTableEntry, FullDllName), "FullDllName",
GetString(&dll->FullDllName));
printf("0x%04x: %-40s = \"%s\"\n",
offsetof(struct NtLdrDataTableEntry, BaseDllName), "BaseDllName",
GetString(&dll->BaseDllName));
printf("0x%04x: %-40s = 0x%x\n",
offsetof(struct NtLdrDataTableEntry, Flags), "Flags", dll->Flags);
printf("0x%04x: %-40s = %hu\n",
offsetof(struct NtLdrDataTableEntry, Load_Count), "Load_Count",
dll->Load_Count);
printf("0x%04x: %-40s = %hu\n",
offsetof(struct NtLdrDataTableEntry, TlsIndex), "TlsIndex",
dll->TlsIndex);
/* /\* union { *\/ */
/* /\* struct NtLinkedList HashLinks; *\/ */
/* /\* struct { *\/ */
/* /\* void *SectionPointer; *\/ */
/* /\* uint32_t CheckSum; *\/ */
/* /\* }; *\/ */
/* /\* }; *\/ */
/* /\* union { *\/ */
/* /\* void *LoadedImports; *\/ */
/* /\* uint32_t TimeDateStamp; *\/ */
/* /\* }; *\/ */
/* printf("0x%04x: %-40s = 0x%lx\n", */
/* offsetof(struct NtLdrDataTableEntry,
* EntryPointActivationContext), */
/* "EntryPointActivationContext",
* dll->EntryPointActivationContext); */
/* printf("0x%04x: %-40s = 0x%lx\n", */
/* offsetof(struct NtLdrDataTableEntry, PatchInformation), */
/* "PatchInformation", dll->PatchInformation); */
/* /\* struct NtLinkedList ForwarderLinks; *\/ */
/* /\* struct NtLinkedList ServiceTagLinks; *\/ */
/* /\* struct NtLinkedList StaticLinks; *\/ */
/* printf("0x%04x: %-40s = 0x%lx\n", */
/* offsetof(struct NtLdrDataTableEntry, ContextInformation), */
/* "ContextInformation", dll->ContextInformation); */
/* printf("0x%04x: %-40s = 0x%lx\n", */
/* offsetof(struct NtLdrDataTableEntry, OriginalBase),
* "OriginalBase", */
/* dll->OriginalBase); */
/* printf("0x%04x: %-40s = %ld\n", */
/* offsetof(struct NtLdrDataTableEntry, LoadTime), "LoadTime", */
/* dll->LoadTime); */
printf("\n");
} while ((ldr = ldr->Next) && ldr != head);
}
}
int main(int argc, char *argv[]) {
showcrashreports();
if (IsLinux()) {
return NextBestThing();
}
if (!IsWindows()) {
fprintf(stderr, "error: this tool is intended for windows\n");
return 1;
}
PrintStartupInfo();
PrintSystemInfo();
PrintStdioInfo();
PrintTeb();
PrintPeb();
PrintPebLdr();
PrintModulesLoadOrder();
PrintModulesMemoryOrder();
return 0;
}