gitlab.com/Raven-IO/raven-delve@v1.22.4/pkg/proc/core/windows_amd64_minidump.go (about)

     1  package core
     2  
     3  import (
     4  	"gitlab.com/Raven-IO/raven-delve/pkg/logflags"
     5  	"gitlab.com/Raven-IO/raven-delve/pkg/proc"
     6  	"gitlab.com/Raven-IO/raven-delve/pkg/proc/core/minidump"
     7  	"gitlab.com/Raven-IO/raven-delve/pkg/proc/winutil"
     8  )
     9  
    10  func readAMD64Minidump(minidumpPath, exePath string) (*process, proc.Thread, error) {
    11  	var logfn func(string, ...interface{})
    12  	if logflags.Minidump() {
    13  		logfn = logflags.MinidumpLogger().Infof
    14  	}
    15  
    16  	mdmp, err := minidump.Open(minidumpPath, logfn)
    17  	if err != nil {
    18  		if _, isNotAMinidump := err.(minidump.ErrNotAMinidump); isNotAMinidump {
    19  			return nil, nil, ErrUnrecognizedFormat
    20  		}
    21  		return nil, nil, err
    22  	}
    23  
    24  	memory := &SplicedMemory{}
    25  
    26  	for i := range mdmp.MemoryRanges {
    27  		m := &mdmp.MemoryRanges[i]
    28  		memory.Add(m, m.Addr, uint64(len(m.Data)))
    29  	}
    30  
    31  	entryPoint := uint64(0)
    32  	if len(mdmp.Modules) > 0 {
    33  		entryPoint = mdmp.Modules[0].BaseOfImage
    34  	}
    35  
    36  	p := &process{
    37  		mem:         memory,
    38  		Threads:     map[int]*thread{},
    39  		bi:          proc.NewBinaryInfo("windows", "amd64"),
    40  		entryPoint:  entryPoint,
    41  		breakpoints: proc.NewBreakpointMap(),
    42  		pid:         int(mdmp.Pid),
    43  	}
    44  
    45  	for i := range mdmp.Threads {
    46  		th := &mdmp.Threads[i]
    47  		p.Threads[int(th.ID)] = &thread{&windowsAMD64Thread{th}, p, proc.CommonThread{}}
    48  	}
    49  	var currentThread proc.Thread
    50  	if len(mdmp.Threads) > 0 {
    51  		currentThread = p.Threads[int(mdmp.Threads[0].ID)]
    52  	}
    53  	return p, currentThread, nil
    54  }
    55  
    56  type windowsAMD64Thread struct {
    57  	th *minidump.Thread
    58  }
    59  
    60  func (th *windowsAMD64Thread) pid() int {
    61  	return int(th.th.ID)
    62  }
    63  
    64  func (th *windowsAMD64Thread) registers() (proc.Registers, error) {
    65  	return winutil.NewAMD64Registers(&th.th.Context, th.th.TEB), nil
    66  }