Skip to content

Commit

Permalink
** WIP ** [NTOS:KDBG] Call KdGetVersion API on connection in order to…
Browse files Browse the repository at this point in the history 
… retrieve the KdDebuggerData block and some kernel pointers.

+ Fix the three UNIMPLEMENTED; usages in KdSend/ReceivePacket().
  • Loading branch information
@HBelusca
HBelusca committed Oct 15, 2024
1 parent 09f6c88 commit 335786f
Show file tree
Hide file tree
Showing 3 changed files with 58 additions and 10 deletions.
10 changes: 10 additions & 0 deletions ntoskrnl/kdbg/kdb.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,16 @@ typedef enum _KD_CONTINUE_TYPE

/* GLOBALS *******************************************************************/

extern ULONG_PTR NtosBase;
extern DBGKD_GET_VERSION64 KdVersion;
extern PKDDEBUGGER_DATA64 KdDebuggerData;
extern PLIST_ENTRY ProcessListHead;
extern PLIST_ENTRY ModuleListHead;
extern PFN_COUNT* NumberOfPhysicalPages;
//#define PsActiveProcessHead (*ProcessListHead)
//#define PsLoadedModuleList (*ModuleListHead)
//#define MmNumberOfPhysicalPages (*NumberOfPhysicalPages)

extern volatile PCHAR KdbInitFileBuffer;

extern PEPROCESS KdbCurrentProcess;
Expand Down
17 changes: 10 additions & 7 deletions ntoskrnl/kdbg/kdb_cli.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,8 +90,6 @@ BOOLEAN ExpKdbgExtDefWrites(ULONG Argc, PCHAR Argv[]);
BOOLEAN ExpKdbgExtIrpFind(ULONG Argc, PCHAR Argv[]);
BOOLEAN ExpKdbgExtHandle(ULONG Argc, PCHAR Argv[]);

extern char __ImageBase;

#ifdef __ROS_DWARF__
static BOOLEAN KdbpCmdPrintStruct(ULONG Argc, PCHAR Argv[]);
#endif
Expand Down Expand Up @@ -125,6 +123,13 @@ BOOLEAN
IN ULONG Argc,
IN PCH Argv[]);

ULONG_PTR NtosBase = 0;
DBGKD_GET_VERSION64 KdVersion = {0};
PKDDEBUGGER_DATA64 KdDebuggerData = NULL;
PLIST_ENTRY ProcessListHead = NULL;
PLIST_ENTRY ModuleListHead = NULL;
PFN_COUNT* NumberOfPhysicalPages = NULL;

static PKDBG_CLI_ROUTINE KdbCliCallbacks[10];
static BOOLEAN KdbUseIntelSyntax = FALSE; /* Set to TRUE for intel syntax */
static BOOLEAN KdbBreakOnModuleLoad = FALSE; /* Set to TRUE to break into KDB when a module is loaded */
Expand Down Expand Up @@ -1918,7 +1923,6 @@ KdbpCmdProc(
BOOLEAN ReferencedProcess = FALSE;
PCHAR State, pend, str1, str2;
ULONG_PTR ul;
extern LIST_ENTRY PsActiveProcessHead;

if (Argc >= 2 && _stricmp(Argv[1], "list") == 0)
{
Expand Down Expand Up @@ -1957,7 +1961,7 @@ KdbpCmdProc(

Entry = Entry->Flink;
}
while(Entry != &PsActiveProcessHead);
while (Entry != &PsActiveProcessHead);
}
else if (Argc >= 2 && _stricmp(Argv[1], "attach") == 0)
{
Expand Down Expand Up @@ -2067,9 +2071,8 @@ KdbpCmdMod(
{
if (!KdbpSymFindModule(NULL, 0, &LdrEntry))
{
ULONG_PTR ntoskrnlBase = (ULONG_PTR)__ImageBase;
KdbpPrint(" Base Size Name\n");
KdbpPrint(" %p %08x %s\n", (PVOID)ntoskrnlBase, 0, "ntoskrnl.exe");
KdbpPrint(" %p %08x %s\n", (PVOID)NtosBase, 0, "ntoskrnl.exe");
return TRUE;
}

Expand All @@ -2083,7 +2086,7 @@ KdbpCmdMod(
KdbpPrintUnicodeString(&LdrEntry->BaseDllName);
KdbpPrint("\n");

if(DisplayOnlyOneModule || !KdbpSymFindModule(NULL, i++, &LdrEntry))
if (DisplayOnlyOneModule || !KdbpSymFindModule(NULL, i++, &LdrEntry))
break;
}

Expand Down
41 changes: 38 additions & 3 deletions ntoskrnl/kdbg/kdbg.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,13 @@

/* GLOBALS *******************************************************************/

static ULONG KdbgNextApiNumber = DbgKdContinueApi;
///// static ULONG KdbgNextApiNumber = DbgKdContinueApi;
static ULONG KdbgNextApiNumber =
#ifdef KDBG
DbgKdGetVersionApi;
#else
DbgKdContinueApi;
#endif
static CONTEXT KdbgContext;
static EXCEPTION_RECORD64 KdbgExceptionRecord;
static BOOLEAN KdbgFirstChanceException;
Expand Down Expand Up @@ -85,6 +91,7 @@ KdSendPacket(
if (PacketType == PACKET_TYPE_KD_STATE_CHANGE64)
{
PDBGKD_ANY_WAIT_STATE_CHANGE WaitStateChange = (PDBGKD_ANY_WAIT_STATE_CHANGE)MessageHeader->Buffer;

if (WaitStateChange->NewState == DbgKdLoadSymbolsStateChange)
{
/* Load or unload symbols */
Expand All @@ -102,10 +109,13 @@ KdSendPacket(
KdbgFirstChanceException = WaitStateChange->u.Exception.FirstChance;
return;
}
// DbgKdCommandStringStateChange
KdbPrintf("%s: WaitState %d is UNIMPLEMENTED\n", __FUNCTION__, WaitStateChange->NewState);
}
else if (PacketType == PACKET_TYPE_KD_STATE_MANIPULATE)
{
PDBGKD_MANIPULATE_STATE64 ManipulateState = (PDBGKD_MANIPULATE_STATE64)MessageHeader->Buffer;

if (ManipulateState->ApiNumber == DbgKdGetContextApi)
{
KD_CONTINUE_TYPE Result;
Expand All @@ -117,6 +127,7 @@ KdSendPacket(
KeSetContextPc(&KdbgContext, KeGetContextPc(&KdbgContext) + 2);
}

/* Finally, enter KDBG proper */
Result = KdbEnterDebuggerException(&KdbgExceptionRecord,
KdbgContext.SegCs & 1,
&KdbgContext,
Expand All @@ -138,10 +149,26 @@ KdSendPacket(
KdbgNextApiNumber = DbgKdContinueApi;
return;
}
else if (ManipulateState->ApiNumber == DbgKdGetVersionApi)
{
PLIST_ENTRY DebuggerDataList;

/* Copy the relevant data */
RtlCopyMemory(&KdVersion, &ManipulateState->u.GetVersion64, sizeof(KdVersion));
DebuggerDataList = (PLIST_ENTRY)(ULONG_PTR)KdVersion.DebuggerDataList;
NtosBase = (ULONG_PTR)KdVersion.KernBase;
KdDebuggerData = CONTAINING_RECORD(DebuggerDataList->Flink, KDDEBUGGER_DATA64, Header.List);
ProcessListHead = (PLIST_ENTRY)*(ULONG_PTR*)&KdDebuggerData->PsActiveProcessHead;
ModuleListHead = (PLIST_ENTRY)*(ULONG_PTR*)&KdDebuggerData->PsLoadedModuleList;
NumberOfPhysicalPages = (PFN_COUNT*)*(ULONG_PTR*)&KdDebuggerData->MmNumberOfPhysicalPages;
/* Note that NtosBase is also == (ULONG_PTR)KdDebuggerData->KernBase; */

KdbgNextApiNumber = DbgKdContinueApi;
return;
}
}

KdbPrintf("%s: PacketType %d is UNIMPLEMENTED\n", __FUNCTION__, PacketType);
return;
}

KDSTATUS
Expand Down Expand Up @@ -176,7 +203,9 @@ KdReceivePacket(
if (PacketType == PACKET_TYPE_KD_STATE_MANIPULATE)
{
PDBGKD_MANIPULATE_STATE64 ManipulateState = (PDBGKD_MANIPULATE_STATE64)MessageHeader->Buffer;

RtlZeroMemory(MessageHeader->Buffer, MessageHeader->MaximumLength);

if (KdbgNextApiNumber == DbgKdGetContextApi)
{
ManipulateState->ApiNumber = DbgKdGetContextApi;
Expand All @@ -191,10 +220,16 @@ KdReceivePacket(
MessageData->Buffer = (PCHAR)&KdbgContext;
return KdPacketReceived;
}
else if (KdbgNextApiNumber == DbgKdGetVersionApi)
{
ManipulateState->ApiNumber = DbgKdGetVersionApi;
return KdPacketReceived;
}
else if (KdbgNextApiNumber != DbgKdContinueApi)
{
KdbPrintf("%s:%d is UNIMPLEMENTED\n", __FUNCTION__, __LINE__);
KdbPrintf("%s: ApiNumber %d is UNIMPLEMENTED\n", __FUNCTION__, KdbgNextApiNumber);
}

ManipulateState->ApiNumber = DbgKdContinueApi;
ManipulateState->u.Continue.ContinueStatus = KdbgContinueStatus;

Expand Down

0 comments on commit 335786f

Please sign in to comment.