void LogPointerDebug(CPointer* pvThis, char* szMethod)
{
#ifdef DEBUG_POINTER
#ifdef DEBUG
char* szEmbeddingClass;
char* szEmbeddingName;
char* szEmbeddingIndex;
char* szEmbeddingAddress;
CObject* pcEmbedding;
pcEmbedding = pvThis->Embedding();
if (pcEmbedding != NULL)
{
szEmbeddingClass = pcEmbedding->ClassName();
szEmbeddingIndex = IndexToString(pcEmbedding->GetOI());
szEmbeddingName = pcEmbedding->GetName();
szEmbeddingAddress = PointerToString(pcEmbedding);
gcLogger.Debug2(PointerToString(pvThis), "->", szMethod, " [Embedding ", szEmbeddingClass, ": ", szEmbeddingIndex, " ", szEmbeddingName, " (", szEmbeddingAddress, ")]", NULL);
}
else
{
gcLogger.Debug2(PointerToString(pvThis), "->", szMethod, " [Embedding NULL]", NULL);
}
#endif // DEBUG
#endif // DEBUG_POINTER
}
void
CreatePlatformParams( char*** argv ,
int* argc ,
struct android_app* state )
{
// right now we have 1 param
// Each key is an entry and each value is an entry
*argv = (char**) malloc( 2 * sizeof(char**) );
*argc = 2;
// create the android_app param
argv[ 0 ] = AllocString( "-android_app" );
argv[ 1 ] = PointerToString( state );
}
void CEmbeddedObject::PrintObject(CChars* psz, BOOL bEmbedded)
{
int iDistToRoot;
int iDistToStack;
psz->Append(PointerToString(this));
psz->Append(" [");
iDistToRoot = GetDistToRoot();
if (iDistToRoot >= 0 && iDistToRoot <= 9)
{
psz->Append(" ");
}
psz->Append(iDistToRoot);
iDistToStack = GetDistToStack();
if (iDistToStack != UNKNOWN_DIST_TO_STACK)
{
psz->Append(",");
psz->Append(iDistToStack);
}
psz->Append("]:");
if (bEmbedded)
{
psz->Append("(");
}
psz->Append(ClassName());
psz->Append("(");
psz->Append(ClassSize());
psz->Append(") Index:");
psz->Append(GetOI());
if (IsNamed())
{
psz->Append(" Name:");
psz->Append(GetName());
}
psz->Append(" Froms:");
psz->Append(CEmbeddedObject::NumHeapFroms());
psz->Append(",");
psz->Append(CEmbeddedObject::NumStackFroms());
if (bEmbedded)
{
psz->Append(")");
}
}
CAndroidSystemLogger::CAndroidSystemLogger( void )
: CILogger() ,
m_tag() ,
m_logFunc( NULL )
{GUCEF_TRACE;
m_tag = "GUCEF:AndroidSystemLogger:" + PointerToString( this );
// We load the log module dynamically to avoid adding dependencies
void* logModule = LoadModuleDynamicly( "log.so" );
if ( NULL != logModule )
{
// Find the address of the Android log function
void* funcAddr = GetFunctionAddress( logModule ,
"__android_log_write" ,
sizeof(android_LogPriority)+(2*sizeof(char*)) ).objPtr;
if ( NULL != funcAddr )
{
m_logFunc = funcAddr;
}
}
}
void LogObjectDestruction(CBaseObject* pcObject, char* szMethod)
{
#ifdef DEBUG_OBJECT_ALLOCATION
#ifdef DEBUG
char* szClass;
char* szName;
char* szIndex;
char* szAddress;
if (pcObject != NULL)
{
szClass = pcObject->ClassName();
szIndex = IndexToString(pcObject->GetOI());
szName = pcObject->GetName();
szAddress = PointerToString(pcObject);
gcLogger.Debug2(szMethod, "Kill ", szClass, ": ", szIndex, " ", szName, " (", szAddress, ")]", NULL);
}
else
{
gcLogger.Debug2(szMethod, "Kill NULL]", NULL);
}
#endif // DEBUG
#endif // DEBUG_OBJECT_ALLOCATION
}
bool
CDStoreCodecPlugin::Link( void* modulePtr ,
TPluginMetaDataPtr pluginMetaData )
{GUCEF_TRACE;
if ( IsLoaded() ) return false;
_sohandle = modulePtr;
if ( NULL != _sohandle )
{
GUCEF_SYSTEM_LOG( LOGLEVEL_NORMAL, "DStoreCodecPlugin: Linking API using module pointer: " + PointerToString( modulePtr ) );
_fptable[ DSTOREPLUG_INIT ] = GetFunctionAddress( _sohandle ,
"DSTOREPLUG_Init" ,
1*sizeof(void*) ).funcPtr;
_fptable[ DSTOREPLUG_SHUTDOWN ] = GetFunctionAddress( _sohandle ,
"DSTOREPLUG_Shutdown" ,
1*sizeof(void*) ).funcPtr;
_fptable[ DSTOREPLUG_NAME ] = GetFunctionAddress( _sohandle ,
"DSTOREPLUG_Name" ,
1*sizeof(void*) ).funcPtr;
_fptable[ DSTOREPLUG_COPYRIGHT ] = GetFunctionAddress( _sohandle ,
"DSTOREPLUG_Copyright" ,
1*sizeof(void*) ).funcPtr;
_fptable[ DSTOREPLUG_VERSION ] = GetFunctionAddress( _sohandle ,
"DSTOREPLUG_Version" ,
1*sizeof(void*) ).funcPtr;
_fptable[ DSTOREPLUG_TYPE ] = GetFunctionAddress( _sohandle ,
"DSTOREPLUG_Type" ,
1*sizeof(void*) ).funcPtr;
_fptable[ DSTOREPLUG_DEST_FILE_OPEN ] = GetFunctionAddress( _sohandle ,
"DSTOREPLUG_Dest_File_Open" ,
3*sizeof(void*) ).funcPtr;
_fptable[ DSTOREPLUG_DEST_FILE_CLOSE ] = GetFunctionAddress( _sohandle ,
"DSTOREPLUG_Dest_File_Close" ,
2*sizeof(void*) ).funcPtr;
_fptable[ DSTOREPLUG_BEGIN_NODE_STORE ] = GetFunctionAddress( _sohandle ,
"DSTOREPLUG_Begin_Node_Store" ,
3*sizeof(void*)+8 ).funcPtr;
_fptable[ DSTOREPLUG_END_NODE_STORE ] = GetFunctionAddress( _sohandle ,
"DSTOREPLUG_End_Node_Store" ,
3*sizeof(void*)+8 ).funcPtr;
_fptable[ DSTOREPLUG_STORE_NODE_ATT ] = GetFunctionAddress( _sohandle ,
"DSTOREPLUG_Store_Node_Att" ,
5*sizeof(void*)+12 ).funcPtr;
_fptable[ DSTOREPLUG_BEGIN_NODE_CHILDREN ] = GetFunctionAddress( _sohandle ,
"DSTOREPLUG_Begin_Node_Children" ,
3*sizeof(void*) ).funcPtr;
_fptable[ DSTOREPLUG_END_NODE_CHILDREN ] = GetFunctionAddress( _sohandle ,
"DSTOREPLUG_End_Node_Children" ,
3*sizeof(void*) ).funcPtr;
_fptable[ DSTOREPLUG_SRC_FILE_OPEN ] = GetFunctionAddress( _sohandle ,
"DSTOREPLUG_Src_File_Open" ,
2*sizeof(void*) ).funcPtr;
_fptable[ DSTOREPLUG_SRC_FILE_CLOSE ] = GetFunctionAddress( _sohandle ,
"DSTOREPLUG_Src_File_Close" ,
2*sizeof(void*) ).funcPtr;
_fptable[ DSTOREPLUG_SET_READ_HANDLERS ] = GetFunctionAddress( _sohandle ,
"DSTOREPLUG_Set_Read_Handlers" ,
4*sizeof(void*) ).funcPtr;
_fptable[ DSTOREPLUG_START_READING ] = GetFunctionAddress( _sohandle ,
"DSTOREPLUG_Start_Reading" ,
2*sizeof(void*) ).funcPtr;
if ( ( _fptable[ DSTOREPLUG_INIT ] == NULL ) ||
( _fptable[ DSTOREPLUG_SHUTDOWN ] == NULL ) ||
( _fptable[ DSTOREPLUG_NAME ] == NULL ) ||
( _fptable[ DSTOREPLUG_COPYRIGHT ] == NULL ) ||
( _fptable[ DSTOREPLUG_VERSION ] == NULL ) ||
( _fptable[ DSTOREPLUG_TYPE ] == NULL ) ||
( _fptable[ DSTOREPLUG_DEST_FILE_OPEN ] == NULL ) ||
( _fptable[ DSTOREPLUG_DEST_FILE_CLOSE ] == NULL ) ||
( _fptable[ DSTOREPLUG_BEGIN_NODE_STORE ] == NULL ) ||
( _fptable[ DSTOREPLUG_END_NODE_STORE ] == NULL ) ||
( _fptable[ DSTOREPLUG_STORE_NODE_ATT ] == NULL ) ||
( _fptable[ DSTOREPLUG_BEGIN_NODE_CHILDREN ] == NULL ) ||
( _fptable[ DSTOREPLUG_END_NODE_CHILDREN ] == NULL ) ||
( _fptable[ DSTOREPLUG_SRC_FILE_OPEN ] == NULL ) ||
( _fptable[ DSTOREPLUG_SRC_FILE_CLOSE ] == NULL ) ||
( _fptable[ DSTOREPLUG_SET_READ_HANDLERS ] == NULL ) ||
( _fptable[ DSTOREPLUG_START_READING ] == NULL ) )
{
memset( _fptable, NULL, sizeof(anyPointer) * DSTOREPLUG_LASTFPTR );
_sohandle = NULL;
GUCEF_ERROR_LOG( LOGLEVEL_NORMAL, "Invalid codec module: One or more functions could not be located in the module " + PointerToString( modulePtr ) );
return false;
}
/*
* Intialize the plugin module
*/
UInt32 statusCode = ( (TDSTOREPLUGFPTR_Init) _fptable[ DSTOREPLUG_INIT ] )( &_plugdata );
if ( statusCode > 0 )
{
// We have loaded & linked our plugin module
GUCEF_SYSTEM_LOG( LOGLEVEL_NORMAL, "DStoreCodecPlugin: Successfully loaded module and invoked Init() which returned status " +
Int32ToString( statusCode ) + " using module: " + PointerToString( modulePtr ) );
GUCEF_SYSTEM_LOG( LOGLEVEL_NORMAL, " - Name: " + GetName() );
GUCEF_SYSTEM_LOG( LOGLEVEL_NORMAL, " - Copyright/EULA: " + GetCopyright() );
// Copy the given metadata and update it with info from the actual module
m_metaData = new CPluginMetaData( *pluginMetaData );
m_metaData->SetDescription( GetDescription() );
m_metaData->SetCopyright( GetCopyright() );
m_metaData->SetVersion( GetVersion() );
return true;
}
else
{
memset( _fptable, NULL, sizeof(anyPointer) * DSTOREPLUG_LASTFPTR );
_sohandle = NULL;
_plugdata = NULL;
GUCEF_ERROR_LOG( LOGLEVEL_NORMAL, "Initialization routine reported an error for module " + PointerToString( modulePtr ) );
return false;
}
}
return false;
}
void CBaseObject::ValidateObjectsThisIn(void)
{
CChars sz;
if (IsEmbedded())
{
if (mpcObjectsThisIn != NULL)
{
sz.Init();
PrintObject(&sz, IsEmbedded());
gcLogger.Error2(__METHOD__, " Object {", sz.Text(), "} should not have ObjectsThisIn [", PointerToString(mpcObjectsThisIn), "] set.", NULL);
sz.Kill();
}
}
else
{
if (mpcObjectsThisIn == NULL)
{
sz.Init();
PrintObject(&sz, IsEmbedded());
gcLogger.Error2(__METHOD__, " Object {", sz.Text(), "} should have ObjectsThisIn [NULL] set.", NULL);
sz.Kill();
}
}
}
void CBaseObject::ValidateAllocation(void)
{
BOOL bDistToStackZero;
BOOL bAllocateCalled;
BOOL bInObjects;
BOOL bAllSame;
CChars sz;
bDistToStackZero = GetDistToStack() == 0;
bAllocateCalled = miFlags & OBJECT_FLAGS_CALLED_ALLOCATE;
bAllocateCalled = FixBool(bAllocateCalled);
bInObjects = IsAllocatedInObjects();
bAllSame = !bDistToStackZero == bAllocateCalled == bInObjects;
if (!bAllSame)
{
sz.Init();
PrintObject(&sz, IsEmbedded());
gcLogger.Error2(__METHOD__, " Object {", sz.Text(), "} should not have a dist to stack of [", IntToString(GetDistToStack()), "] and flag OBJECT_FLAGS_CALLED_ALLOCATE [", IntToString(bAllocateCalled), "] and be allocated in Objects [0x", PointerToString(GetObjects()), "].", NULL);
sz.Kill();
}
}
static std::wstring Microsoft::VisualStudio::CppUnitTestFramework::ToString<DummyResourceManager>(DummyResourceManager* value)
{
return PointerToString(L"DummyResourceManager", value);
}
std::wstring Microsoft::VisualStudio::CppUnitTestFramework::ToString<SingletonTestType>(SingletonTestType* value)
{
return PointerToString(L"SingletonTestType", value);
}
/************************************************************************
*************************************** PgDumpTimerTable
*************************************************************************
Description:
All PatchGuard 2 related timers will wear the "suspect" sttribute.
ATTENTION: The code uses undocumented kernel APIs. Please keep in mind
that you shouldn't change the code logic and remember that during
enumeration your code will run at DISPATCH_LEVEL!
*/
NTSTATUS PgDumpTimerTable()
{
KIRQL OldIrql;
ULONG Index;
PKSPIN_LOCK_QUEUE LockQueue;
PKTIMER_TABLE_ENTRY TimerListHead;
PLIST_ENTRY TimerList;
PKTIMER Timer;
PKDPC TimerDpc;
CHAR LogEntryText[2048];
NTSTATUS Result = STATUS_SUCCESS;
HANDLE hLogFile;
UNICODE_STRING LogFileName;
OBJECT_ATTRIBUTES ObjAttr;
IO_STATUS_BLOCK IOStatus;
ULONG LogEntryTextLen;
SINGLE_LIST_ENTRY LogListHead = {NULL};
PSINGLE_LIST_ENTRY LogList;
LOGENTRY* LogEntry;
ASSERT(KeGetCurrentIrql() == PASSIVE_LEVEL);
/*
Open log file...
*/
RtlInitUnicodeString(&LogFileName, L"\\??\\C:\\patchguard.log");
InitializeObjectAttributes(
&ObjAttr,
&LogFileName,
OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE,
NULL, NULL)
if(!NT_SUCCESS(Result = ZwCreateFile(
&hLogFile,
GENERIC_WRITE,
&ObjAttr,
&IOStatus,
NULL,
FILE_ATTRIBUTE_NORMAL,
FILE_SHARE_READ,
FILE_OVERWRITE_IF,
FILE_SYNCHRONOUS_IO_NONALERT | FILE_NON_DIRECTORY_FILE,
NULL, 0)))
{
KdPrint(("\r\n" "ERROR: Unable to open file \"\\??\\C:\\patchguard.log\". (NTSTATUS: 0x%p)\r\n", (void*)Result));
return Result;
}
/*
Lock the dispatcher database and loop through the timer list...
*/
Result = STATUS_SUCCESS;
OldIrql = KiAcquireDispatcherLockRaiseToSynch();
for(Index = 0; Index < TIMER_TABLE_SIZE; Index++)
{
// we have to emulate the windows timer bug "Index & 0xFF" for this to work...
LockQueue = KeTimerIndexToLockQueue((UCHAR)(Index & 0xFF));
KeAcquireQueuedSpinLockAtDpcLevel(LockQueue);
// now we can work with the timer list...
TimerListHead = &KiTimerTableListHead[Index];
TimerList = TimerListHead->Entry.Flink;
while(TimerList != (PLIST_ENTRY)TimerListHead)
{
Timer = CONTAINING_RECORD(TimerList, KTIMER, TimerListEntry);
TimerDpc = PgDeobfuscateTimerDpc(Timer);
TimerList = TimerList->Flink;
if(TimerDpc != NULL)
{
memset(LogEntryText, 0, sizeof(LogEntryText));
LogEntryTextLen = _snprintf(LogEntryText, sizeof(LogEntryText) - 1,
"<timer address=\"%p\" index=\"%d\" period=\"0x%p\" hand=\"%d\" duetime=\"0x%p\">\r\n"
"%s"
" <dpc>\r\n"
" <DeferredContext value=\"0x%p\">%s</DeferredContext>\r\n"
" <DeferredRoutine>0x%p</DeferredRoutine>\r\n"
" <DpcListBlink value=\"0x%p\">%s</DpcListBlink>\r\n"
" <DpcListFlink value=\"0x%p\">%s</DpcListFlink>\r\n"
" <DpcData value=\"0x%p\">%s</DpcData>\r\n"
" <Importance>%d</Importance>\r\n"
" <Number>%d</Number>\r\n"
" <SystemArgument1 value=\"0x%p\">%s</SystemArgument1>\r\n"
" <SystemArgument2 value=\"0x%p\">%s</SystemArgument2>\r\n"
" <Type>%d</Type>\r\n"
" </dpc>\r\n"
"</timer>\r\n\r\n",
Timer,
Index,
(ULONGLONG)Timer->Period,
(ULONG)Timer->Header.Hand,
Timer->DueTime.QuadPart,
PgIsPatchGuardContext(TimerDpc->DeferredContext)?" <SUSPECT>true</SUSPECT>\t\n":"",
TimerDpc->DeferredContext, PointerToString(TimerDpc->DeferredContext),
TimerDpc->DeferredRoutine,
TimerDpc->DpcListEntry.Blink, PointerToString(TimerDpc->DpcListEntry.Blink),
TimerDpc->DpcListEntry.Flink, PointerToString(TimerDpc->DpcListEntry.Flink),
TimerDpc->DpcData, PointerToString(TimerDpc->DpcData),
(ULONG)TimerDpc->Importance,
(ULONG)TimerDpc->Number,
TimerDpc->SystemArgument1, PointerToString(TimerDpc->SystemArgument1),
TimerDpc->SystemArgument2, PointerToString(TimerDpc->SystemArgument2),
(ULONG)TimerDpc->Type
);
// allocate memory and add log entry to list...
if((LogEntry = (LOGENTRY*)ExAllocatePool(NonPagedPool, sizeof(LOGENTRY) + LogEntryTextLen + 1)) == NULL)
{
KeReleaseQueuedSpinLockFromDpcLevel(LockQueue);
Result = STATUS_NO_MEMORY;
DbgPrint("\r\n" "WARNING: Not enough non-paged memory to write suspect timer to file. Aborting enumeration...\r\n");
break;
}
LogEntry->Text = (CHAR*)(LogEntry + 1);
LogEntry->Length = LogEntryTextLen;
memcpy(LogEntry->Text, LogEntryText, LogEntryTextLen);
PushEntryList(&LogListHead, &LogEntry->List);
}
}
KeReleaseQueuedSpinLockFromDpcLevel(LockQueue);
}
KiReleaseDispatcherLockFromSynchLevel();
KiExitDispatcher(OldIrql);
KdPrint(("\r\n" "INFORMATION: Completed PatchGuard scan...\r\n"));
/*
Loop through the log entries and flush them to disk...
In case of an error during enumeration this actually won't write any
files, but just free allocated memory...
*/
LogList = PopEntryList(&LogListHead);
while(LogList != NULL)
{
LogEntry = CONTAINING_RECORD(LogList, LOGENTRY, List);
if(NT_SUCCESS(Result))
{
Result = ZwWriteFile(
hLogFile,
NULL, NULL, NULL,
&IOStatus,
LogEntry->Text,
LogEntry->Length,
NULL, NULL);
}
ExFreePool(LogEntry);
LogList = PopEntryList(&LogListHead);
}
ZwClose(hLogFile);
return Result;
}
BOOL CObjects::Remove(CArrayBlockObjectPtr* papcKilled)
{
int i;
int iNumElements;
CBaseObject* pcKilled;
CBaseObject* pcContainer;
//No embedded objects should be in the list papcKilled.
iNumElements = papcKilled->NumElements();
if (iNumElements == 0)
{
return TRUE;
}
for (i = 0; i < iNumElements; i++)
{
pcKilled = *papcKilled->Get(i);
if (pcKilled->IsEmbedded())
{
pcContainer = pcKilled->GetEmbeddingContainer();
gcLogger.Error2(__METHOD__, " Object of class [", pcKilled->ClassName(), "] is marked for killing but is embedded in object with index [", IndexToString(pcContainer->GetOI()),"] of class [", pcContainer->ClassName(), "].", NULL);
return FALSE;
}
else if (!pcKilled->IsAllocatedInObjects())
{
gcLogger.Error2(__METHOD__, " Object of class [", pcKilled->ClassName(), "] is marked for killing but is not allocated in Objects [0x", PointerToString(this),"].", NULL);
return FALSE;
}
}
for (i = 0; i < iNumElements; i++)
{
pcKilled = *papcKilled->Get(i);
pcKilled->RemoveAllPointerTosDontKill();
}
KillDontFreeObjects(papcKilled);
FreeObjects(papcKilled);
return TRUE;
}
