gitlab.com/Raven-IO/raven-delve@v1.22.4/pkg/proc/native/dump_windows_amd64.go

gitlab.com/Raven-IO/raven-delve@v1.22.4/pkg/proc/native/dump_windows_amd64.go (about)

     1  package native
     2  
     3  import (
     4  	"errors"
     5  	"fmt"
     6  	"unsafe"
     7  
     8  	"gitlab.com/Raven-IO/raven-delve/pkg/elfwriter"
     9  	"gitlab.com/Raven-IO/raven-delve/pkg/proc"
    10  )
    11  
    12  func (p *nativeProcess) MemoryMap() ([]proc.MemoryMapEntry, error) {
    13  	var memoryMapError error
    14  	r := []proc.MemoryMapEntry{}
    15  
    16  	p.execPtraceFunc(func() {
    17  		is64 := true
    18  		if isWow64 := uint32(0); _IsWow64Process(p.os.hProcess, &isWow64) != 0 {
    19  			if isWow64 != 0 {
    20  				is64 = false
    21  			}
    22  		}
    23  
    24  		maxaddr := uint64(1 << 48) // windows64 uses only 48 bit addresses
    25  		if !is64 {
    26  			maxaddr = uint64(^uint32(0))
    27  		}
    28  
    29  		var meminfo _MEMORY_BASIC_INFORMATION
    30  
    31  		for addr := uint64(0); addr < maxaddr; addr += meminfo.RegionSize {
    32  			size := _VirtualQueryEx(p.os.hProcess, uintptr(addr), &meminfo, unsafe.Sizeof(meminfo))
    33  			if size == 0 {
    34  				// size == 0 is an error and the only error returned by VirtualQueryEx
    35  				// is when addr is above the highest address allocated for the
    36  				// application.
    37  				return
    38  			}
    39  			if size != unsafe.Sizeof(meminfo) {
    40  				memoryMapError = fmt.Errorf("bad size returned by _VirtualQueryEx: %d (expected %d)", size, unsafe.Sizeof(meminfo))
    41  				return
    42  			}
    43  			if addr+meminfo.RegionSize <= addr {
    44  				// this shouldn't happen
    45  				memoryMapError = errors.New("VirtualQueryEx wrapped around the address space or stuck")
    46  				return
    47  			}
    48  			if meminfo.State == _MEM_FREE || meminfo.State == _MEM_RESERVE {
    49  				continue
    50  			}
    51  			if meminfo.Protect&_PAGE_GUARD != 0 {
    52  				// reading from this range will result in an error.
    53  				continue
    54  			}
    55  
    56  			var mme proc.MemoryMapEntry
    57  			mme.Addr = addr
    58  			mme.Size = meminfo.RegionSize
    59  
    60  			switch meminfo.Protect & 0xff {
    61  			case _PAGE_EXECUTE:
    62  				mme.Exec = true
    63  			case _PAGE_EXECUTE_READ:
    64  				mme.Exec = true
    65  				mme.Read = true
    66  			case _PAGE_EXECUTE_READWRITE:
    67  				mme.Exec = true
    68  				mme.Read = true
    69  				mme.Write = true
    70  			case _PAGE_EXECUTE_WRITECOPY:
    71  				mme.Exec = true
    72  				mme.Read = true
    73  			case _PAGE_NOACCESS:
    74  			case _PAGE_READONLY:
    75  				mme.Read = true
    76  			case _PAGE_READWRITE:
    77  				mme.Read = true
    78  				mme.Write = true
    79  			case _PAGE_WRITECOPY:
    80  				mme.Read = true
    81  			}
    82  			r = append(r, mme)
    83  		}
    84  	})
    85  
    86  	return r, memoryMapError
    87  }
    88  
    89  func (p *nativeProcess) DumpProcessNotes(notes []elfwriter.Note, threadDone func()) (threadsDone bool, out []elfwriter.Note, err error) {
    90  	return false, notes, nil
    91  }