Skip to content

Commit

Permalink
Raw dump only
Browse files Browse the repository at this point in the history
  • Loading branch information
VivianNK committed Mar 26, 2024
1 parent 968f75b commit 68e37e9
Show file tree
Hide file tree
Showing 5 changed files with 400 additions and 0 deletions.
37 changes: 37 additions & 0 deletions AdvLoggerPkg/Application/Windows/AdvLoggerDumpWin.sln
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 17
VisualStudioVersion = 17.8.34330.188
MinimumVisualStudioVersion = 10.0.40219.1
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "AdvLoggerDumpWin", "AdvLoggerDumpWin\AdvLoggerDumpWin.vcxproj", "{F983380B-B6C4-44EE-8835-0137E0876321}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|ARM64 = Debug|ARM64
Debug|x64 = Debug|x64
Debug|x86 = Debug|x86
Release|ARM64 = Release|ARM64
Release|x64 = Release|x64
Release|x86 = Release|x86
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{F983380B-B6C4-44EE-8835-0137E0876321}.Debug|ARM64.ActiveCfg = Debug|ARM64
{F983380B-B6C4-44EE-8835-0137E0876321}.Debug|ARM64.Build.0 = Debug|ARM64
{F983380B-B6C4-44EE-8835-0137E0876321}.Debug|x64.ActiveCfg = Debug|x64
{F983380B-B6C4-44EE-8835-0137E0876321}.Debug|x64.Build.0 = Debug|x64
{F983380B-B6C4-44EE-8835-0137E0876321}.Debug|x86.ActiveCfg = Debug|Win32
{F983380B-B6C4-44EE-8835-0137E0876321}.Debug|x86.Build.0 = Debug|Win32
{F983380B-B6C4-44EE-8835-0137E0876321}.Release|ARM64.ActiveCfg = Release|ARM64
{F983380B-B6C4-44EE-8835-0137E0876321}.Release|ARM64.Build.0 = Release|ARM64
{F983380B-B6C4-44EE-8835-0137E0876321}.Release|x64.ActiveCfg = Release|x64
{F983380B-B6C4-44EE-8835-0137E0876321}.Release|x64.Build.0 = Release|x64
{F983380B-B6C4-44EE-8835-0137E0876321}.Release|x86.ActiveCfg = Release|Win32
{F983380B-B6C4-44EE-8835-0137E0876321}.Release|x86.Build.0 = Release|Win32
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {514003CD-1327-488E-9C4E-8761C728A1E3}
EndGlobalSection
EndGlobal
Original file line number Diff line number Diff line change
@@ -0,0 +1,160 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Import Project="..\packages\Microsoft.Windows.CppWinRT.2.0.240111.5\build\native\Microsoft.Windows.CppWinRT.props" Condition="Exists('..\packages\Microsoft.Windows.CppWinRT.2.0.240111.5\build\native\Microsoft.Windows.CppWinRT.props')" />
<PropertyGroup Label="Globals">
<CppWinRTOptimized>true</CppWinRTOptimized>
<CppWinRTRootNamespaceAutoMerge>true</CppWinRTRootNamespaceAutoMerge>
<CppWinRTGenerateWindowsMetadata>true</CppWinRTGenerateWindowsMetadata>
<MinimalCoreWin>true</MinimalCoreWin>
<VCProjectVersion>15.0</VCProjectVersion>
<ProjectGuid>{f983380b-b6c4-44ee-8835-0137e0876321}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>AdvLoggerDumpWin</RootNamespace>
<WindowsTargetPlatformVersion Condition=" '$(WindowsTargetPlatformVersion)' == '' ">10.0</WindowsTargetPlatformVersion>
<WindowsTargetPlatformMinVersion>10.0.17134.0</WindowsTargetPlatformMinVersion>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|ARM64">
<Configuration>Debug</Configuration>
<Platform>ARM64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|ARM64">
<Configuration>Release</Configuration>
<Platform>ARM64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<PlatformToolset>v143</PlatformToolset>
<PlatformToolset Condition="'$(VisualStudioVersion)' == '16.0'">v142</PlatformToolset>
<PlatformToolset Condition="'$(VisualStudioVersion)' == '15.0'">v141</PlatformToolset>
<PlatformToolset Condition="'$(VisualStudioVersion)' == '14.0'">v140</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)'=='Debug'" Label="Configuration">
<UseDebugLibraries>true</UseDebugLibraries>
<LinkIncremental>true</LinkIncremental>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)'=='Release'" Label="Configuration">
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<LinkIncremental>true</LinkIncremental>
</PropertyGroup>
<PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<UseOfMfc>Static</UseOfMfc>
</PropertyGroup>
<PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<UseOfMfc>Static</UseOfMfc>
</PropertyGroup>
<PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
<UseOfMfc>Static</UseOfMfc>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Label="Shared">
</ImportGroup>
<ImportGroup Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets">
<Import Project="PropertySheet.props" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<ItemDefinitionGroup>
<ClCompile>
<PrecompiledHeader>NotUsing</PrecompiledHeader>
<PrecompiledHeaderFile>
</PrecompiledHeaderFile>
<PrecompiledHeaderOutputFile>
</PrecompiledHeaderOutputFile>
<PreprocessorDefinitions>_CONSOLE;WIN32_LEAN_AND_MEAN;WINRT_LEAN_AND_MEAN;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<WarningLevel>Level4</WarningLevel>
<AdditionalOptions>%(AdditionalOptions) /permissive- /bigobj</AdditionalOptions>
</ClCompile>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)'=='Debug'">
<ClCompile>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<DebugInformationFormat Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">ProgramDatabase</DebugInformationFormat>
<RuntimeLibrary Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">MultiThreadedDebugDLL</RuntimeLibrary>
<FunctionLevelLinking Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</FunctionLevelLinking>
<DebugInformationFormat Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ProgramDatabase</DebugInformationFormat>
<FunctionLevelLinking Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">false</FunctionLevelLinking>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateWindowsMetadata>false</GenerateWindowsMetadata>
<UACExecutionLevel Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">RequireAdministrator</UACExecutionLevel>
<UACExecutionLevel Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">RequireAdministrator</UACExecutionLevel>
<GenerateDebugInformation Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</GenerateDebugInformation>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Platform)'=='Win32'">
<ClCompile>
<PreprocessorDefinitions>WIN32;%(PreprocessorDefinitions)</PreprocessorDefinitions>
</ClCompile>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)'=='Release'">
<ClCompile>
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary Condition="'$(Configuration)|$(Platform)'=='Release|x64'">MultiThreaded</RuntimeLibrary>
<RuntimeLibrary Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">MultiThreaded</RuntimeLibrary>
<BasicRuntimeChecks Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Default</BasicRuntimeChecks>
<WholeProgramOptimization Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</WholeProgramOptimization>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<EnableCOMDATFolding>false</EnableCOMDATFolding>
<OptimizeReferences>
</OptimizeReferences>
<GenerateWindowsMetadata>false</GenerateWindowsMetadata>
<LinkTimeCodeGeneration Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
</LinkTimeCodeGeneration>
<UACExecutionLevel Condition="'$(Configuration)|$(Platform)'=='Release|x64'">RequireAdministrator</UACExecutionLevel>
</Link>
</ItemDefinitionGroup>
<ItemGroup>
<ClInclude Include="main.h" />
</ItemGroup>
<ItemGroup>
<ClCompile Include="main.cpp" />
</ItemGroup>
<ItemGroup>
<None Include="packages.config" />
<None Include="PropertySheet.props" />
<None Include="ReadMe.md" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
<Import Project="..\packages\Microsoft.Windows.CppWinRT.2.0.240111.5\build\native\Microsoft.Windows.CppWinRT.targets" Condition="Exists('..\packages\Microsoft.Windows.CppWinRT.2.0.240111.5\build\native\Microsoft.Windows.CppWinRT.targets')" />
</ImportGroup>
<Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild">
<PropertyGroup>
<ErrorText>This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
</PropertyGroup>
<Error Condition="!Exists('..\packages\Microsoft.Windows.CppWinRT.2.0.240111.5\build\native\Microsoft.Windows.CppWinRT.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Microsoft.Windows.CppWinRT.2.0.240111.5\build\native\Microsoft.Windows.CppWinRT.props'))" />
<Error Condition="!Exists('..\packages\Microsoft.Windows.CppWinRT.2.0.240111.5\build\native\Microsoft.Windows.CppWinRT.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Microsoft.Windows.CppWinRT.2.0.240111.5\build\native\Microsoft.Windows.CppWinRT.targets'))" />
</Target>
</Project>
32 changes: 32 additions & 0 deletions AdvLoggerPkg/Application/Windows/AdvLoggerDumpWin/ReadMe.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
# AdvLoggerPkg - AdvLoggerDumpWin
AdvLoggerDumpWin is used to retrieve the advanced UEFI debug log stored in system memory.

## About
If the Advanced Logger is enabled, the debug log is stored in memory and is available through the UEFI
Variable store.
This tool creates a Windows executable that writes the UEFI variable data to a binary log file. As the
log in memory has additional metadata and alignment structure, DecodeUefiLog.py (in AdvLoggerPkg)
parses the in-memory UefiLog to a text stream and writes the decoded log to a local file. The Python
script can be used to both retrieve the log and decode it.
AdvLoggerDumpWin is able to be used in systems without Python.

## Usage:
With administrator privileges, run the executable.
In an administrator command prompt:
```
AdvLoggerDumpWin.exe
```
The program creates a new log file `new_logfile.bin` in the current directory.


## Building
To build the project, open the solution file in Visual Studio.
Ensure you have the necessary dependencies.
* Microsoft.Windows.CppWinRT package
* Windows SDK
* VS build tools


## Copyright
Copyright (C) Microsoft Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent
161 changes: 161 additions & 0 deletions AdvLoggerPkg/Application/Windows/AdvLoggerDumpWin/main.cpp
Original file line number Diff line number Diff line change
@@ -0,0 +1,161 @@
#include "main.h"
#include <Windows.h>
#include <shellapi.h>
#include <stdio.h>
#include <sstream>
#include <iostream>
#include <fstream>

using namespace winrt;
using namespace Windows::Foundation;
using namespace std;

//
// Elevate current process system environment privileges to access UEFI variables
//
static int ElevateCurrentPrivileges()
{
HANDLE ProcessHandle = GetCurrentProcess();
DWORD DesiredAccess = TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY;;
HANDLE hProcessToken;
TOKEN_PRIVILEGES tp;
LUID luid;
int Status = 0;

if (!LookupPrivilegeValue(NULL, L"SeSystemEnvironmentPrivilege", &luid)) {
Status = GetLastError();
cout << "Failed to lookup privilege value. Errno " << Status << endl;
return Status;
}

if (!OpenProcessToken(ProcessHandle, DesiredAccess, &hProcessToken)) {
Status = GetLastError();
cout << "Failed to open process token. Errno " << Status << endl;
return Status;
}

tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

if (!AdjustTokenPrivileges(hProcessToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES)NULL, (PDWORD)NULL)) {
Status = GetLastError();
cout << "Failed to adjust token privileges. Errno " << Status << endl;
return Status;
}

if (GetLastError() == ERROR_NOT_ALL_ASSIGNED) {
Status = (int)ERROR_NOT_ALL_ASSIGNED;
cout << "The token does not have the specified privilege. Errno " << Status << endl;
return Status;
}

CloseHandle(ProcessHandle);
return SUCCESS;
}

//
// Create log file by retrieving AdvancedLogger variables from UEFI interface
//
int ReadLogFromUefiInterface(fstream& lfile)
{
int Status = 0;
int i = 0;
DWORD length = 0;
DWORD err = 0;

stringstream varName;
char* varBuffer = (char *) malloc(MAX_VAR_LENGTH + 1);

// string to LPCWSTR conversion
string tmpGuid = "{a021bf2b-34ed-4a98-859c-420ef94f3e94}";
wstring tmpGuidW = wstring(tmpGuid.begin(), tmpGuid.end());
LPCWSTR guid = tmpGuidW.c_str();

//
// Parse variables by index until reached end of log
//
while (Status == 0) {
string tmpVarName = "V" + to_string(i);
wstring tmpVarNameW = wstring(tmpVarName.begin(), tmpVarName.end());
LPCWSTR varNameConst = tmpVarNameW.c_str();

// Retrieve one advanced logger indexed variable via kernel32 API
length = GetFirmwareEnvironmentVariableW(varNameConst, guid, varBuffer, MAX_VAR_LENGTH);

if (length == 0) {
err = GetLastError();

// If error is ERROR_NOT_FOUND (203), reached end of variables
if (err != 203) {
Status = EFI_ERROR;
cout << "Error reading variable " << tmpVarName << " errno: " << err << endl;
return Status;
}
else {
Status = (int)err;
}
}

if (Status == 0) {
i += 1;
streamsize varSize = (streamsize)length;
lfile.write(varBuffer, varSize);
if (lfile.fail()) {
cout << "Failed to write to file\n";
Status = CONS_ERROR;
return Status;
}
}
else if (i == 0) {
cout << "No variables found.\n";
return Status;
}
else {
cout << i << " variables read. " << lfile.tellg() << " chars written.\n";
}

if (varBuffer) {
ZeroMemory(varBuffer, MAX_VAR_LENGTH);
}
}

free(varBuffer);
return SUCCESS;
}

int main()
{
fstream logfile;
const char* newRawFilename = ".\\new_logfile.bin";
int Status = 0;

Status = ElevateCurrentPrivileges();
if (Status !=0) {
cout << "Failed to elevate privileges, errno:" << Status << endl;
return Status;
}

// Create new binary logfile
logfile.open(newRawFilename, ios::out | ios::binary);
if (!logfile) {
cout << "Error opening file.\n";
Status = FILE_ERROR;
return Status;
}

Status = ReadLogFromUefiInterface(logfile);
if (Status != SUCCESS) {
cerr << "Error reading log, exiting.\n";
return LOG_ERROR;
}

logfile.close();
if (logfile.fail()) {
cout << "Error closing file.\n";
return FILE_ERROR;
}

return SUCCESS;
}

Loading

0 comments on commit 68e37e9

Please sign in to comment.