From 8764d2a4ae15739c98e8ed6c678986e35496bcf4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Herm=C3=A8s=20B=C3=A9lusca-Ma=C3=AFto?= Date: Sat, 12 Oct 2024 21:44:21 +0200 Subject: [PATCH] ** wip ** New improvements --- ntoskrnl/kdbg/kdb.c | 52 +++++++++++++++++++++++------------------ ntoskrnl/kdbg/kdb_cli.c | 23 +++++++++--------- 2 files changed, 41 insertions(+), 34 deletions(-) diff --git a/ntoskrnl/kdbg/kdb.c b/ntoskrnl/kdbg/kdb.c index d8dbeea978a52..0e1506e34722b 100644 --- a/ntoskrnl/kdbg/kdb.c +++ b/ntoskrnl/kdbg/kdb.c @@ -1141,20 +1141,27 @@ KdbpAttachToProcess( return KdbpAttachToThread(Thread->Cid.UniqueThread); } -/*!\brief Calls the main loop ... - */ +/** + * @brief Calls the main interactive debugger loop. + **/ static VOID KdbpCallMainLoop(VOID) { KdbpCliMainLoop(KdbEnteredOnSingleStep); } -/*!\brief Internal function to enter KDB. +/** + * @brief + * Internal function to enter KDB and run the specified procedure. * * Disables interrupts, releases display ownership, ... - */ + * + * @param[in] Function + * The procedure to execute under the KDB environment. + **/ static VOID -KdbpInternalEnter(VOID) +KdbpInternalEnter( + _In_ VOID (*Function)(VOID)) { PETHREAD Thread; PVOID SavedInitialStack, SavedStackBase, SavedKernelStack; @@ -1178,7 +1185,7 @@ KdbpInternalEnter(VOID) // KdbPrintf("Switching to KDB stack 0x%08x-0x%08x (Current Stack is 0x%08x)\n", Thread->Tcb.StackLimit, Thread->Tcb.StackBase, Esp); - KdbpStackSwitchAndCall(KdbStack + KDB_STACK_SIZE - KDB_STACK_RESERVE, KdbpCallMainLoop); + KdbpStackSwitchAndCall(KdbStack + KDB_STACK_SIZE - KDB_STACK_RESERVE, Function); Thread->Tcb.InitialStack = SavedInitialStack; Thread->Tcb.StackBase = SavedStackBase; @@ -1482,23 +1489,22 @@ KdbEnterDebuggerException( } else if (ExceptionCode == STATUS_BREAKPOINT) { - if (KdbInitFileBuffer) - { - // FIXME? Should we do that call at the same place - // where we currently call KdbpInternalEnter? - // InterlockedIncrement(&KdbEntryCount); - KdbpCliInterpretInitFile(); - // InterlockedDecrement(&KdbEntryCount); - EnterConditionMet = FALSE; - goto continue_execution; /* return */ - } - if (!EnterConditionMet) + // if (KdbInitFileBuffer) + // EnterConditionMet = FALSE; + + /* Do the usual check and display banner only if we are entering + * because of a true breakpoint in code. Running the KDBinit file + * is also done via a breakpoint, but this is artificial. */ + if (!KdbInitFileBuffer) { - return kdHandleException; - } + if (!EnterConditionMet) + { + return kdHandleException; + } - KdbPrintf("\nEntered debugger on embedded INT3 at 0x%04x:0x%p.\n", - Context->SegCs & 0xffff, KeGetContextPc(Context)); + KdbPrintf("\nEntered debugger on embedded INT3 at 0x%04x:0x%p.\n", + Context->SegCs & 0xffff, KeGetContextPc(Context)); + } } else { @@ -1549,8 +1555,8 @@ KdbEnterDebuggerException( return kdHandleException; } - /* Call the main loop */ - KdbpInternalEnter(); + /* Enter KDBG proper and either run the KDBinit file or call the main loop */ + KdbpInternalEnter(KdbInitFileBuffer ? KdbpCliInterpretInitFile : KdbpCallMainLoop); /* Check if we should single step */ if (KdbNumSingleSteps > 0) diff --git a/ntoskrnl/kdbg/kdb_cli.c b/ntoskrnl/kdbg/kdb_cli.c index 7752526eb8f63..167414fc178ab 100644 --- a/ntoskrnl/kdbg/kdb_cli.c +++ b/ntoskrnl/kdbg/kdb_cli.c @@ -3359,8 +3359,9 @@ KdbpCliInterpretInitFile(VOID) return; /* Execute the commands in the init file */ - KdpDprintf("KDB: Executing KDBinit file...\n"); + KdbPuts("KDB: Executing KDBinit file...\n"); p1 = KdbInitFileBuffer; + //KdbInitFileBuffer = NULL; while (p1[0] != '\0') { i = strcspn(p1, "\r\n"); @@ -3378,8 +3379,8 @@ KdbpCliInterpretInitFile(VOID) if (strncmp(p2, "break", sizeof("break")-1) == 0 && (p2[sizeof("break")-1] == '\0' || isspace(p2[sizeof("break")-1]))) { - /* Break into the debugger */ - KdbpCliMainLoop(FALSE); // KdbpInternalEnter(); + /* Run the debugger loop (we have already broken into the debugger) */ + KdbpCliMainLoop(FALSE); } else if (p2[0] != '#' && p2[0] != '\0') /* Ignore empty lines and comments */ { @@ -3393,8 +3394,7 @@ KdbpCliInterpretInitFile(VOID) while (p1[0] == '\r' || p1[0] == '\n') p1++; } - KdpDprintf("KDB: KDBinit executed\n"); - KdbInitFileBuffer = NULL; + KdbPuts("KDB: KDBinit executed\n"); } /** @@ -3412,7 +3412,7 @@ KdbpCliInit(VOID) IO_STATUS_BLOCK Iosb; FILE_STANDARD_INFORMATION FileStdInfo; HANDLE hFile = NULL; - INT FileSize; + ULONG FileSize; PCHAR FileBuffer; /* Don't load the KDBinit file if its buffer is already lying around */ @@ -3451,7 +3451,7 @@ KdbpCliInit(VOID) FileSize = FileStdInfo.EndOfFile.u.LowPart; /* Allocate memory for the file */ - FileBuffer = ExAllocatePool(PagedPool, FileSize + 1); /* add 1 byte for terminating '\0' */ + FileBuffer = ExAllocatePool(NonPagedPool, FileSize + 1); /* Add 1 byte for terminating '\0' */ if (!FileBuffer) { ZwClose(hFile); @@ -3460,7 +3460,8 @@ KdbpCliInit(VOID) } /* Load file into memory */ - Status = ZwReadFile(hFile, NULL, NULL, NULL, &Iosb, FileBuffer, FileSize, NULL, NULL); + Status = ZwReadFile(hFile, NULL, NULL, NULL, &Iosb, + FileBuffer, FileSize, NULL, NULL); ZwClose(hFile); if (!NT_SUCCESS(Status) && (Status != STATUS_END_OF_FILE)) @@ -3473,10 +3474,10 @@ KdbpCliInit(VOID) FileSize = min(FileSize, (INT)Iosb.Information); FileBuffer[FileSize] = '\0'; - /* Interpret the init file by calling back into the debugger */ - KdbInitFileBuffer = FileBuffer; + /* Interpret the KDBinit file by calling back into the debugger */ + InterlockedExchangePointer((PVOID*)&KdbInitFileBuffer, FileBuffer); DbgBreakPointWithStatus(DBG_STATUS_CONTROL_C); - KdbInitFileBuffer = NULL; + InterlockedExchangePointer((PVOID*)&KdbInitFileBuffer, NULL); ExFreePool(FileBuffer);