void CrDumpOptionalHeader64(LPVOID Data, DWORD CheckSum)
{
DWORD i;
PIMAGE_OPTIONAL_HEADER64 Optional64 = (PIMAGE_OPTIONAL_HEADER64)Data;
PIMAGE_DATA_DIRECTORY DataDirectories, DataDirectory;
printf("\n### IMAGE_OPTIONAL_HEADER64 ###\n");
printf(" Magic: 0x%04X\n", Optional64->Magic);
printf(" LinkerVersion: %u.%u\n", Optional64->MajorLinkerVersion, Optional64->MinorLinkerVersion);
printf(" SizeOfCode: 0x%08lX (%lu)\n", Optional64->SizeOfCode, Optional64->SizeOfCode);
printf(" SizeOfInitializedData: 0x%08lX (%lu)\n", Optional64->SizeOfInitializedData, Optional64->SizeOfInitializedData);
printf(" SizeOfUninitializedData: 0x%08lX (%lu)\n", Optional64->SizeOfUninitializedData, Optional64->SizeOfUninitializedData);
printf(" AddressOfEntryPoint: 0x%08lX\n", Optional64->AddressOfEntryPoint);
printf(" BaseOfCode: 0x%08lX\n", Optional64->BaseOfCode);
printf(" ImageBase: 0x%08lX%08lX\n", HILONG(Optional64->ImageBase), LOLONG(Optional64->ImageBase));
printf(" SectionAlignment: 0x%08lX\n", Optional64->SectionAlignment);
printf(" FileAlignment: 0x%08lX\n", Optional64->FileAlignment);
printf(" OperatingSystemVersion: %u.%u\n", Optional64->MajorOperatingSystemVersion, Optional64->MinorOperatingSystemVersion);
printf(" ImageVersion: %u.%u\n", Optional64->MajorImageVersion, Optional64->MinorImageVersion);
printf(" SubsystemVersion: %u.%u\n", Optional64->MajorSubsystemVersion, Optional64->MinorSubsystemVersion);
printf(" Win32VersionValue: 0x%08lX\n", Optional64->Win32VersionValue);
printf(" SizeOfImage: 0x%08lX (%lu)\n", Optional64->SizeOfImage, Optional64->SizeOfImage);
printf(" SizeOfHeaders: 0x%08lX (%lu)\n", Optional64->SizeOfHeaders, Optional64->SizeOfHeaders);
#ifndef NO_CHECKSUM
printf(" CheckSum: 0x%08lX (%s)\n", Optional64->CheckSum, (Optional64->CheckSum == 0 || Optional64->CheckSum == CheckSum ? "valid" : "invalid"));
#else
printf(" CheckSum: 0x%08lX\n", Optional64->CheckSum);
#endif
printf(" Subsystem: 0x%04X (%s)\n", Optional64->Subsystem, CrGetSubsystemString(Optional64->Subsystem));
printf(" DllCharacteristics: 0x%04X (%s)\n", Optional64->DllCharacteristics, CrGetDllCharacteristicsString(Optional64->DllCharacteristics));
char a[64];
_i64toa(Optional64->SizeOfStackReserve, a, 10);
printf(" SizeOfStackReserve: 0x%08lX%08lX (%s)\n", HILONG(Optional64->SizeOfStackReserve), LOLONG(Optional64->SizeOfStackReserve), a);
_i64toa(Optional64->SizeOfStackCommit, a, 10);
printf(" SizeOfStackCommit: 0x%08lX%08lX (%s)\n", HILONG(Optional64->SizeOfStackCommit), LOLONG(Optional64->SizeOfStackCommit), a);
_i64toa(Optional64->SizeOfHeapReserve, a, 10);
printf(" SizeOfHeapReserve: 0x%08lX%08lX (%s)\n", HILONG(Optional64->SizeOfHeapReserve), LOLONG(Optional64->SizeOfHeapReserve), a);
_i64toa(Optional64->SizeOfHeapCommit, a, 10);
printf(" SizeOfHeapCommit: 0x%08lX%08lX (%s)\n", HILONG(Optional64->SizeOfHeapCommit), LOLONG(Optional64->SizeOfHeapCommit), a);
printf(" LoaderFlags: 0x%08lX\n", Optional64->LoaderFlags);
printf(" NumberOfRvaAndSizes: 0x%08lX (%lu)\n", Optional64->NumberOfRvaAndSizes, Optional64->NumberOfRvaAndSizes);
printf("\n ### Directory Entries ###\n");
DataDirectories = Optional64->DataDirectory;
for (i = 0; i < IMAGE_NUMBEROF_DIRECTORY_ENTRIES; ++i)
{
DataDirectory = &DataDirectories[i];
if (DataDirectory->VirtualAddress != 0 || DataDirectory->Size != 0)
{
CrDumpDataDirectory(DataDirectory, i);
}
}
}
BOOL CR_Module::DumpDisAsm64(CR_DisAsmInfo64& info)
{
printf("\n### DISASSEMBLY ###\n\n");
info.Entrances().sort();
info.Entrances().unique();
const std::size_t size = info.Entrances().size();
for (std::size_t i = 0; i < size; ++i)
{
CR_CodeFunc64 *cf =
info.MapAddrToCodeFunc()[info.Entrances()[i]].get();
assert(cf);
if (cf->Flags() & FF_IGNORE)
continue;
const char *pszName = FuncNameFromVA64(cf->Addr());
if (pszName)
printf(";; Function %s @ L%08lX%08lX\n", pszName,
HILONG(cf->Addr()), LOLONG(cf->Addr()));
else
printf(";; Function L%08lX%08lX\n", HILONG(cf->Addr()), LOLONG(cf->Addr()));
if (cf->FuncType() == FT_JUMPERFUNC)
printf("ft = FT_JUMPERFUNC, ");
else if (cf->FuncType() == FT_RETURNONLY)
printf("ft = FT_RETURNONLY, ");
else
printf("ft = FT_64BITFUNC, ");
printf("SizeOfStackArgs == %d\n", cf->SizeOfStackArgs());
DumpDisAsmFunc64(info, info.Entrances()[i]);
if (pszName)
printf(";; End of Function %s @ L%08lX%08lX\n\n", pszName,
HILONG(cf->Addr()), LOLONG(cf->Addr()));
else
printf(";; End of Function L%08lX%08lX\n\n",
HILONG(cf->Addr()), LOLONG(cf->Addr()));
}
return TRUE;
}
void CR_Module::DumpImportSymbols()
{
PIMAGE_IMPORT_DESCRIPTOR descs;
CR_StringSet dll_names;
CR_DeqSet<CR_ImportSymbol> symbols;
descs = ImportDescriptors();
if (descs == NULL)
return;
printf("\n### IMPORTS ###\n");
printf(" Characteristics: 0x%08lX\n", descs->Characteristics);
printf(" TimeDateStamp: 0x%08lX (%s)\n", descs->TimeDateStamp,
CrGetTimeStampString(descs->TimeDateStamp));
printf(" ForwarderChain: 0x%08lX\n", descs->ForwarderChain);
printf(" Name: 0x%08lX (%s)\n", descs->Name, reinterpret_cast<char *>(GetData(descs->Name)));
printf(" \n");
if (!_GetImportDllNames(dll_names))
return;
for (DWORD i = 0; i < dll_names.size(); ++i)
{
printf(" %s\n", dll_names[i].c_str());
if (Is64Bit())
printf(" RVA VA HINT FUNCTION NAME\n");
else
printf(" RVA VA HINT FUNCTION NAME\n");
if (_GetImportSymbols(i, symbols))
{
for (DWORD j = 0; j < symbols.size(); j++)
{
if (Is64Bit())
{
CR_Addr64 addr = VA64FromRVA(symbols[j].dwRVA);
printf(" %08lX %08lX%08lX ", symbols[j].dwRVA,
HILONG(addr), LOLONG(addr));
}
else if (Is32Bit())
{
CR_Addr32 addr = VA32FromRVA(symbols[j].dwRVA);
printf(" %08lX %08lX ", symbols[j].dwRVA, addr);
}
if (symbols[j].Name.wImportByName)
printf("%4X %s\n", symbols[j].wHint, symbols[j].pszName);
else
printf("Ordinal %d\n", symbols[j].Name.wOrdinal);
}
printf(" \n");
}
}
}
BOOL apiTerminateThreadEx(HANDLE hThread, DWORD dwExitCode, LPCSTR asFile, int anLine)
{
ConEmuThreadInfo* pThread = NULL;
for (INT_PTR c = THREADS_LOG_SIZE; --c >= 0;)
{
if (g_Threads[c].bActive && (g_Threads[c].hThread == hThread))
{
pThread = (g_Threads+c);
pThread->nExitCode = dwExitCode;
pThread->bTerminated = TRUE;
pThread->nEndTick = GetTickCount();
g_TerminatedThreadIdx = LOLONG(c);
}
}
#ifndef __GNUC__
#pragma warning( push )
#pragma warning( disable : 6258 )
#endif
if (!pThread)
{
//TODO: Log or Assert on terminate unknown thread
_ASSERTE(FALSE && "TerminateThread-ing unknown thread")
gh_UnknownTerminatedThread = hThread;
}
BOOL bRc = ::TerminateThread(hThread, dwExitCode);
#ifndef __GNUC__
#pragma warning( pop )
#endif
if (pThread)
{
LPCSTR pszName = strrchr(asFile, L'\\'); if (pszName) pszName++; else pszName = asFile;
char szKiller[30]; lstrcpynA(szKiller, pszName, countof(szKiller));
_ASSERTE((countof(szKiller)+8) < countof(pThread->sKiller));
sprintf_c(pThread->sKiller, "%s:%i", szKiller, anLine);
pThread->bActive = FALSE;
}
return bRc;
}
BOOL CR_Module::DumpDisAsmFunc64(CR_DisAsmInfo64& info, CR_Addr64 func)
{
auto end = info.MapAddrToOpCode().end();
for (auto it = info.MapAddrToOpCode().begin(); it != end; it++)
{
CR_OpCode64 *oc = it->second.get();
assert(oc);
if (func != 0 && !oc->FuncAddrs().Contains(func))
continue;
printf("L%08lX%08lX: ", HILONG(oc->Addr()), LOLONG(oc->Addr()));
CrDumpCodes(oc->Codes(), 64);
switch (oc->Operands().size())
{
case 3:
printf("%s %s,%s,%s\n", oc->Name().c_str(),
oc->Operand(0)->Text().c_str(), oc->Operand(1)->Text().c_str(),
oc->Operand(2)->Text().c_str());
break;
case 2:
printf("%s %s,%s\n", oc->Name().c_str(),
oc->Operand(0)->Text().c_str(), oc->Operand(1)->Text().c_str());
break;
case 1:
printf("%s %s\n", oc->Name().c_str(),
oc->Operand(0)->Text().c_str());
break;
case 0:
printf("%s\n", oc->Name().c_str());
break;
}
}
return TRUE;
}
void CR_Module::DumpDelayLoad()
{
if (DelayLoadDescriptors().empty())
{
LoadDelayLoad();
if (DelayLoadDescriptors().empty())
return;
}
printf("\n### DELAY LOAD ###\n");
const std::size_t size = DelayLoadDescriptors().size();
DWORD rva;
if (Is64Bit())
{
CR_Addr64 addr;
for (std::size_t i = 0; i < size; ++i)
{
printf(" ### Descr #%u ###\n", static_cast<int>(i));
printf(" NAME %-8s %-8s\n", "RVA", "VA");
rva = DelayLoadDescriptors()[i].grAttrs;
addr = VA64FromRVA(rva);
printf(" Attrs: %08lX %08lX%08lX\n", rva, HILONG(addr), LOLONG(addr));
rva = DelayLoadDescriptors()[i].rvaDLLName;
addr = VA64FromRVA(rva);
printf(" DLL Name: %s\n", (LPCSTR)(LoadedImage() + rva));
printf(" : %08lX %08lX%08lX\n", rva, HILONG(addr), LOLONG(addr));
rva = DelayLoadDescriptors()[i].rvaHmod;
addr = VA64FromRVA(rva);
printf(" Module: %08lX %08lX%08lX\n", rva, HILONG(addr), LOLONG(addr));
rva = DelayLoadDescriptors()[i].rvaIAT;
addr = VA64FromRVA(rva);
printf(" IAT: %08lX %08lX%08lX\n", rva, HILONG(addr), LOLONG(addr));
rva = DelayLoadDescriptors()[i].rvaINT;
addr = VA64FromRVA(rva);
printf(" INT: %08lX %08lX%08lX\n", rva, HILONG(addr), LOLONG(addr));
rva = DelayLoadDescriptors()[i].rvaBoundIAT;
addr = VA64FromRVA(rva);
printf(" BoundIAT: %08lX %08lX%08lX\n", rva, HILONG(addr), LOLONG(addr));
rva = DelayLoadDescriptors()[i].rvaUnloadIAT;
addr = VA64FromRVA(rva);
printf(" UnloadIAT: %08lX %08lX%08lX\n", rva, HILONG(addr), LOLONG(addr));
const char *pszTime = CrGetTimeStampString(DelayLoadDescriptors()[i].dwTimeStamp);
printf(" dwTimeStamp: 0x%08lX (%s)",
DelayLoadDescriptors()[i].dwTimeStamp, pszTime);
}
}
else if (Is32Bit())
{
CR_Addr32 addr;
for (std::size_t i = 0; i < size; ++i)
{
printf(" ### Descr #%u ###\n", static_cast<int>(i));
printf(" NAME %-8s %-8s\n", "RVA", "VA");
rva = DelayLoadDescriptors()[i].grAttrs;
addr = VA32FromRVA(rva);
printf(" Attrs: %08lX %08lX\n", rva, addr);
rva = DelayLoadDescriptors()[i].rvaDLLName;
addr = VA32FromRVA(rva);
printf(" DLL Name: %s\n", (LPCSTR)(LoadedImage() + rva));
printf(" : %08lX %08lX\n", rva, addr);
rva = DelayLoadDescriptors()[i].rvaHmod;
addr = VA32FromRVA(rva);
printf(" Module: %08lX %08lX\n", rva, addr);
rva = DelayLoadDescriptors()[i].rvaIAT;
addr = VA32FromRVA(rva);
printf(" IAT: %08lX %08lX\n", rva, addr);
rva = DelayLoadDescriptors()[i].rvaINT;
addr = VA32FromRVA(rva);
printf(" INT: %08lX %08lX\n", rva, addr);
rva = DelayLoadDescriptors()[i].rvaBoundIAT;
addr = VA32FromRVA(rva);
printf(" BoundIAT: %08lX %08lX\n", rva, addr);
rva = DelayLoadDescriptors()[i].rvaUnloadIAT;
addr = VA32FromRVA(rva);
printf(" UnloadIAT: %08lX %08lX\n", rva, addr);
const char *pszTime = CrGetTimeStampString(DelayLoadDescriptors()[i].dwTimeStamp);
printf(" dwTimeStamp: 0x%08lX (%s)",
DelayLoadDescriptors()[i].dwTimeStamp, pszTime);
}
}
printf("\n\n");
}
void CR_Module::DumpExportSymbols()
{
PIMAGE_EXPORT_DIRECTORY pDir = ExportDirectory();
if (pDir == NULL)
return;
//DWORD dwNumberOfNames = pDir->NumberOfNames;
//DWORD dwAddressOfFunctions = pDir->AddressOfFunctions;
//DWORD dwAddressOfNames = pDir->AddressOfNames;
//DWORD dwAddressOfOrdinals = pDir->AddressOfNameOrdinals;
//LPDWORD pEAT = (LPDWORD)GetData(dwAddressOfFunctions);
//LPDWORD pENPT = (LPDWORD)GetData(dwAddressOfNames);
//LPWORD pOT = (LPWORD)GetData(dwAddressOfOrdinals);
printf("\n### EXPORTS ###\n");
printf(" Characteristics: 0x%08lX\n", pDir->Characteristics);
printf(" TimeDateStamp: 0x%08lX (%s)\n", pDir->TimeDateStamp, CrGetTimeStampString(pDir->TimeDateStamp));
printf(" Version: %u.%u\n", pDir->MajorVersion, pDir->MinorVersion);
printf(" Name: 0x%08lX (%s)\n", pDir->Name, reinterpret_cast<char *>(GetData(pDir->Name)));
printf(" Base: 0x%08lX (%lu)\n", pDir->Base, pDir->Base);
printf(" NumberOfFunctions: 0x%08lX (%lu)\n", pDir->NumberOfFunctions, pDir->NumberOfFunctions);
printf(" NumberOfNames: 0x%08lX (%lu)\n", pDir->NumberOfNames, pDir->NumberOfNames);
printf(" AddressOfFunctions: 0x%08lX\n", pDir->AddressOfFunctions);
printf(" AddressOfNames: 0x%08lX\n", pDir->AddressOfNames);
printf(" AddressOfNameOrdinals: 0x%08lX\n", pDir->AddressOfNameOrdinals);
printf(" \n");
printf(" %-50s %-5s ; %-8s %-8s\n", "FUNCTION NAME", "ORDI.", "RVA", "VA");
for (DWORD i = 0; i < ExportSymbols().size(); ++i)
{
CR_ExportSymbol& symbol = ExportSymbols()[i];
if (symbol.dwRVA)
{
if (Is64Bit())
{
CR_Addr64 va = VA64FromRVA(symbol.dwRVA);
if (symbol.pszName)
printf(" %-50s @%-4lu ; %08lX %08lX%08lX\n",
symbol.pszName, symbol.dwOrdinal, symbol.dwRVA,
HILONG(va), LOLONG(va));
else
printf(" %-50s @%-4lu ; %08lX %08lX%08lX\n",
"(No Name)", symbol.dwOrdinal, symbol.dwRVA,
HILONG(va), LOLONG(va));
}
else if (Is32Bit())
{
CR_Addr32 va = VA32FromRVA(symbol.dwRVA);
if (symbol.pszName)
printf(" %-50s @%-4lu ; %08lX %08lX\n",
symbol.pszName, symbol.dwOrdinal, symbol.dwRVA, va);
else
printf(" %-50s @%-4lu ; %08lX %08lX\n",
"(No Name)", symbol.dwOrdinal, symbol.dwRVA, va);
}
}
else
{
if (symbol.pszName)
printf(" %-50s @%-4lu ; (forwarded to %s)\n",
"(No Name)", symbol.dwOrdinal, symbol.pszForwarded);
else
printf(" %-50s @%-4lu ; (forwarded to %s)\n",
"(No Name)", symbol.dwOrdinal, symbol.pszForwarded);
}
}
printf("\n\n");
}
