gitlab.com/Raven-IO/raven-delve@v1.22.4/pkg/proc/core/windows_amd64_minidump.go (about) 1 package core 2 3 import ( 4 "gitlab.com/Raven-IO/raven-delve/pkg/logflags" 5 "gitlab.com/Raven-IO/raven-delve/pkg/proc" 6 "gitlab.com/Raven-IO/raven-delve/pkg/proc/core/minidump" 7 "gitlab.com/Raven-IO/raven-delve/pkg/proc/winutil" 8 ) 9 10 func readAMD64Minidump(minidumpPath, exePath string) (*process, proc.Thread, error) { 11 var logfn func(string, ...interface{}) 12 if logflags.Minidump() { 13 logfn = logflags.MinidumpLogger().Infof 14 } 15 16 mdmp, err := minidump.Open(minidumpPath, logfn) 17 if err != nil { 18 if _, isNotAMinidump := err.(minidump.ErrNotAMinidump); isNotAMinidump { 19 return nil, nil, ErrUnrecognizedFormat 20 } 21 return nil, nil, err 22 } 23 24 memory := &SplicedMemory{} 25 26 for i := range mdmp.MemoryRanges { 27 m := &mdmp.MemoryRanges[i] 28 memory.Add(m, m.Addr, uint64(len(m.Data))) 29 } 30 31 entryPoint := uint64(0) 32 if len(mdmp.Modules) > 0 { 33 entryPoint = mdmp.Modules[0].BaseOfImage 34 } 35 36 p := &process{ 37 mem: memory, 38 Threads: map[int]*thread{}, 39 bi: proc.NewBinaryInfo("windows", "amd64"), 40 entryPoint: entryPoint, 41 breakpoints: proc.NewBreakpointMap(), 42 pid: int(mdmp.Pid), 43 } 44 45 for i := range mdmp.Threads { 46 th := &mdmp.Threads[i] 47 p.Threads[int(th.ID)] = &thread{&windowsAMD64Thread{th}, p, proc.CommonThread{}} 48 } 49 var currentThread proc.Thread 50 if len(mdmp.Threads) > 0 { 51 currentThread = p.Threads[int(mdmp.Threads[0].ID)] 52 } 53 return p, currentThread, nil 54 } 55 56 type windowsAMD64Thread struct { 57 th *minidump.Thread 58 } 59 60 func (th *windowsAMD64Thread) pid() int { 61 return int(th.th.ID) 62 } 63 64 func (th *windowsAMD64Thread) registers() (proc.Registers, error) { 65 return winutil.NewAMD64Registers(&th.th.Context, th.th.TEB), nil 66 }