gpt4 book ai didi

windows - 实现 DebugExtensionProvideValue 会破坏 WinDbg 内部状态?

转载 作者:可可西里 更新时间:2023-11-01 09:36:53 30 4
gpt4 key购买 nike

我正在实现 DebugExtensionProvideValue在我的扩展中,这样我就可以提供自定义伪寄存器。它在 CDB 中完美运行,最初在 WinDbg 中运行良好,但在停止调试并打开一个新的可执行文件后,发生了一些事情,WinDbg 最终处于一种奇怪的不可用状态。

当您触发问题时,WinDbg 将此消息打印到命令窗口:

Unable to deliver callback, 3131

发生这种情况后,WinDbg 似乎会在命令窗口中打印两次所有输出!

我的扩展代码很简单:

EXTERN_C HRESULT CALLBACK DebugExtensionProvideValue(PDEBUG_CLIENT Client, ULONG Flags, IN PCWSTR Name, OUT PULONG64 Value, OUT PULONG64 TypeModBase, OUT PULONG TypeId, OUT PULONG TypeFlags)
{
HRESULT hr = HRESULT_FROM_WIN32(ERROR_NOT_FOUND);
if (!Name || !Value || !TypeFlags)
{
hr = E_INVALIDARG;
}
else if (0 == lstrcmpiW(Name, L"$$test"))
{
*Value = 0xDeadCafeBabeBeefULL;
*TypeFlags = DEBUG_EXT_PVTYPE_IS_VALUE;
if (TypeId) *TypeId = 0; // Where are these types defined?
if (TypeModBase) *TypeModBase = 0;
hr = S_OK;
}
#if 0 // <-- ** Setting this to != 0 fixes the problem **
Client->Release(); // This does not feel right but it does seem to be required!
#endif
return hr;
}

EXTERN_C HRESULT CALLBACK DebugExtensionQueryValueNames(PDEBUG_CLIENT Client, ULONG Flags, OUT PWSTR Buffer, ULONG BufferChars, OUT PULONG BufferNeeded)
{
static const WCHAR pseregs[] = L"$$test\0";
if (BufferNeeded) *BufferNeeded = ARRAYSIZE(pseregs);
memcpy(Buffer, pseregs, min(sizeof(pseregs), BufferChars*sizeof(*Buffer)));
return ARRAYSIZE(pseregs) > BufferChars ? S_FALSE : S_OK;
}

EXTERN_C HRESULT CALLBACK DebugExtensionInitialize(OUT PULONG Version, OUT PULONG Flags)
{
*Version = DEBUG_EXTENSION_VERSION(1, 0), *Flags = 0;
return S_OK;
}

重现问题看起来像这样:

0:000> $$ Press Ctrl+E to open a executable, I'm going to open WinVer.exe
0:000> .load c:\test\myext.dll
0:000> ?@$$test
Evaluate expression: -2401039830915039505 = deadcafe`babebeef
0:000> $$ Press Shift+F5 to stop debugging
0:000> $$ Press Ctrl+E and open a executable again, WinDbg will now print "Unable to deliver callback, 3131"

我能够想出一个似乎确实有效的解决方法,但它感觉不对,因为我必须发布一个我从未 QI 或 AddRef 的接口(interface)。在我进行的最少测试中,这个 hack 似乎从来没有崩溃过,通过查看 IDebugClients refcount,它在多次调用中看起来确实是正确的。

据我所知,您无法停止调试并在 CDB 中打开一个新的 .exe,因此问题似乎只会发生在 WinDbg 中。

是我做错了什么还是 DbgEng 中有错误?

最佳答案

@安德斯

我花了一些时间在不同的代码路径中检查它,似乎在 dbgeng ClientListCapture/Find/fill/list/FindExt 中存在错误
增加的引用计数似乎没有减少,导致引用累积在每次关闭和打开时添加多个回调

我使用的代码路径是设置扩展类的 m_ProvidedValue 成员

请注意,我还添加了代码来解决下面的其他两个查询 TypeId 和 TypeModBase

#include <engextcpp.cpp>
ExtProvidedValue pval[];
class EXT_CLASS : public ExtExtension {
public:
void
handler (
_In_ ULONG Flags, _In_ PCWSTR ValueName, _Out_ PULONG64 Value,
_Out_ PULONG64 TypeModBase, _Out_ PULONG TypeId, _Out_ PULONG TypeFlags
) {

DEBUG_CACHED_SYMBOL_INFO Info;
ZeroMemory(&Info, sizeof(Info));
PCSTR Type = "ntdll!_LDR_DATA_TABLE_ENTRY";
HRESULT Status = E_FAIL;
if((Status = m_Symbols->GetSymbolTypeId(Type,&Info.Id,&Info.ModBase)) != S_OK) {
ThrowStatus(Status, "Unable to get type ID of '%s'", Type);
}
if (0 == lstrcmpiW(ValueName, L"$$test")) {
if(Value) { *Value = 0xDeadCafeBabeBeefULL; }
if(TypeModBase) { *TypeModBase = Info.ModBase; }
if(TypeId) { *TypeId = Info.Id; }
if(TypeFlags) { *TypeFlags = DEBUG_EXT_PVTYPE_IS_POINTER; }
}
};
HRESULT Initialize(void) {
this->m_ProvidedValues = pval;
return S_OK;
}
};
EXT_DECLARE_GLOBALS();
ExtProvideValueMethod mymethod = (ExtProvideValueMethod)&Extension::handler;
ExtProvidedValue pval[] = {L"$$test\0",mymethod,NULL,NULL};

def文件包含

EXPORTS
DebugExtensionInitialize
DebugExtensionQueryValueNames
DebugExtensionProvideValue
help

编译链接enterprise wdk如下

@echo off
IF "%donesetup%" == "" ( pushd .. )
IF "%donesetup%" == "" ( cd /d E:\ewdk )
IF "%donesetup%" == "" ( @call launchbuildenv.cmd )
IF "%donesetup%" == "" ( popd )
IF "%donesetup%" == "" ( set "donesetup=donesetup" )

IF "%INCLUDE%" == "" ( set "INCLUDE=%vcinstalldir%include;%windowssdkdir%Include\10.0.10586.0\ucrt;%windowssdkdir%Include\10.0.10586.0\um;%windowssdkdir%Include\10.0.10586.0\shared;%windowssdkdir%Debuggers\inc;" )
IF "%LIB%" == "" ( set "LIB=%vcinstalldir%\LIB;%WINDOWSSDKDIR%Lib\10.0.10586.0\ucrt\x86;%WINDOWSSDKDIR%Lib\10.0.10586.0\um\x86;%windowssdkdir%Debuggers\lib\x86")
IF "%LINKLIBS%" == "" ( set "LINKLIBS=user32.lib kernel32.lib dbgeng.lib dbghelp.lib" )



cl /LD /nologo /W3 /Zi /EHsc pstest.cpp /link /DEF:pstest.def /RELEASE %linklibs%

move /y pstest.dll "e:\ewdk\Program Files\Windows Kits\10\Debuggers\x86\winext"\.

加载扩展到windbg和调用结果

Microsoft (R) Windows Debugger Version 10.0.10586.567 X86

0:000> .load pstest
0:000> ? @$$test (masm Evaluate)

Evaluate expression: -2401039830915039505 = deadcafe`babebeef
0:000> ?? @$$test (c++ Evaluate note the use of TypeId and TypeModbase
results in a type Display instead of a Int64 value)

struct _LDR_DATA_TABLE_ENTRY * 0xbabebeef
+0x000 InLoadOrderLinks : _LIST_ENTRY
+0x008 InMemoryOrderLinks : _LIST_ENTRY
+0x010 InInitializationOrderLinks : _LIST_ENTRY
+0x018 DllBase : ????
+0x01c EntryPoint : ????
+0x020 SizeOfImage : ??
+0x024 FullDllName : _UNICODE_STRING
+0x02c BaseDllName : _UNICODE_STRING
+0x034 Flags : ??
+0x038 LoadCount : ??
+0x03a TlsIndex : ??
+0x03c HashLinks : _LIST_ENTRY
+0x03c SectionPointer : ????
+0x040 CheckSum : ??
+0x044 TimeDateStamp : ??
+0x044 LoadedImports : ????
+0x048 EntryPointActivationContext : ????
+0x04c PatchInformation : ????
+0x050 ForwarderLinks : _LIST_ENTRY
+0x058 ServiceTagLinks : _LIST_ENTRY
+0x060 StaticLinks : _LIST_ENTRY
+0x068 ContextInformation : ????
+0x06c OriginalBase : ??
+0x070 LoadTime : _LARGE_INTEGER

如果我按 Shift+f5 和 ctrl+e,windbg 会提示它无法传递回调,正如你发布的那样
如果重复 shift +f5/ctrl+e/load/invoke 的过程
投诉的数量不断增加,导致 windbg 挂起
尝试在挂起的调用堆栈中处理 PendingMessages

关于windows - 实现 DebugExtensionProvideValue 会破坏 WinDbg 内部状态?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/37417335/

30 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com