Start adding support for Minidump (header-only)

app/dump/mdmp.d

@@ -0,0 +1,163 @@
+/// Minidump dumper
+///
+/// Authors: dd86k <dd@dax.moe>
+/// Copyright: © dd86k <dd@dax.moe>
+/// License: BSD-3-Clause
+module dump.mdmp;
+
+import adbg.disassembler.core;
+import adbg.object.server;
+import adbg.object.machines;
+import adbg.object.format.mdmp;
+import adbg.utils.date : ctime32;
+import adbg.include.windows.winnt;
+import dumper;
+import utils : realstring;
+
+int dump_minidump(ref Dumper dump, adbg_object_t *o) {
+ if (dump.selected_headers())
+ dump_minidump_headers(dump, o);
+
+ //if (dump.selected_debug())
+ // dump_minidump_debug(dump, o);
+
+ return 0;
+}
+
+private:
+
+void dump_minidump_headers(ref Dumper dump, adbg_object_t *o) {
+ print_header("Header");
+ with (o.i.mdmp.header) {
+ print_x32("Signature", Signature);
+ print_x16("Magic", Magic);
+ print_u16("Version", Version);
+ print_x32("StreamCount", StreamCount);
+ print_x32("StreamRva", StreamRva);
+ print_x32("Checksum", Checksum);
+ print_x32("Timestamp", Timestamp, ctime32(Timestamp));
+ print_flags64("Flags", Flags,
+ "WithDataSegs".ptr, MiniDumpWithDataSegs,
+ "WithFullMemory".ptr, MiniDumpWithFullMemory,
+ "WithHandleData".ptr, MiniDumpWithHandleData,
+ "FilterMemory".ptr, MiniDumpFilterMemory,
+ "ScanMemory".ptr, MiniDumpScanMemory,
+ "WithUnloadedModules".ptr, MiniDumpWithUnloadedModules,
+ "WithIndirectlyReferencedMemory".ptr, MiniDumpWithIndirectlyReferencedMemory,
+ "FilterModulePaths".ptr, MiniDumpFilterModulePaths,
+ "WithProcessThreadData".ptr, MiniDumpWithProcessThreadData,
+ "WithPrivateReadWriteMemory".ptr, MiniDumpWithPrivateReadWriteMemory,
+ "WithoutOptionalData".ptr, MiniDumpWithoutOptionalData,
+ "WithFullMemoryInfo".ptr, MiniDumpWithFullMemoryInfo,
+ "WithThreadInfo".ptr, MiniDumpWithThreadInfo,
+ "WithCodeSegs".ptr, MiniDumpWithCodeSegs,
+ "WithoutAuxiliaryState".ptr, MiniDumpWithoutAuxiliaryState,
+ "WithFullAuxiliaryState".ptr, MiniDumpWithFullAuxiliaryState,
+ "WithPrivateWriteCopyMemory".ptr, MiniDumpWithPrivateWriteCopyMemory,
+ "IgnoreInaccessibleMemory".ptr, MiniDumpIgnoreInaccessibleMemory,
+ "WithTokenInformation".ptr, MiniDumpWithTokenInformation,
+ "WithModuleHeaders".ptr, MiniDumpWithModuleHeaders,
+ "FilterTriage".ptr, MiniDumpFilterTriage,
+ "WithAvxXStateContext".ptr, MiniDumpWithAvxXStateContext,
+ "WithIptTrace".ptr, MiniDumpWithIptTrace,
+ "ScanInaccessiblePartialPages".ptr, MiniDumpScanInaccessiblePartialPages,
+ "FilterWriteCombinedMemory".ptr, MiniDumpFilterWriteCombinedMemory,
+ null);
+ }
+}
+
+void dump_minidump_debug(ref Dumper dump, adbg_object_t *o) {
+ print_header("Debug");
+
+ uint cnt = o.i.mdmp.header.StreamCount;
+ uint off = o.i.mdmp.header.StreamRva;
+ mdmp_directory_entry *dir = void;
+ if (adbg_object_offsetl(o, cast(void**)&dir, off, cnt * mdmp_directory_entry.sizeof)) {
+ print_string("error", "Directory outside file bounds");
+ return;
+ }
+
+ for (uint i; i < cnt; ++i) {
+ mdmp_directory_entry *entry = &dir[i];
+
+ with (entry) {
+ print_x32("StreamType", StreamType);
+ print_x32("Size", Size);
+ print_x32("Rva", Rva);
+ }
+
+ switch (entry.StreamType) {
+ case ThreadListStream:
+ print_header("Threadlist");
+
+ mdmp_threadlist *tlist = void;
+ if (adbg_object_offsetl(o, cast(void**)&tlist,
+ entry.Rva, uint.sizeof + mdmp_thread.sizeof)) {
+ print_string("warning", "Threadlist.Rva points outbound");
+ continue;
+ }
+ for (uint ti; ti < tlist.Count; ++ti) {
+ mdmp_thread *thread = &tlist.Threads.ptr[ti];
+ print_section(ti);
+ print_x32("ID", thread.ID);
+ print_x32("SuspendCount", thread.SuspendCount);
+ print_x32("PriorityClass", thread.PriorityClass);
+ print_x32("Priority", thread.Priority);
+ print_x64("Teb", thread.Teb);
+
+ CONTEXT_X86 *context = void;
+ if (adbg_object_offsetl(o, cast(void**)&context,
+ thread.ThreadContext.Rva, thread.ThreadContext.Size)) {
+ print_string("warning", "Thread.Context.Rva points outbound");
+ continue;
+ }
+
+ print_x32("Eip", context.Eip);
+ }
+ break;
+ case ModuleListStream:
+ break;
+ case MemoryListStream:
+ break;
+ case ExceptionStream:
+ break;
+ case SystemInfoStream:
+ break;
+ case ThreadExListStream:
+ break;
+ case Memory64ListStream:
+ break;
+ case CommentStreamA:
+ break;
+ case CommentStreamW:
+ break;
+ case HandleDataStream:
+ break;
+ case FunctionTableStream:
+ break;
+ case UnloadedModuleListStream:
+ break;
+ case MiscInfoStream:
+ break;
+ case MemoryInfoListStream:
+ break;
+ case ThreadInfoListStream:
+ break;
+ case HandleOperationListStream:
+ break;
+ case TokenStream:
+ break;
+ case JavaScriptDataStream:
+ break;
+ case SystemMemoryInfoStream:
+ break;
+ case ProcessVmCountersStream:
+ break;
+ case IptTraceStream:
+ break;
+ case ThreadNamesStream:
+ break;
+ default: continue;
+ }
+ }
+}

app/dump/package.d

@@ -16,4 +16,5 @@ public import
  dump.macho,
  dump.pdb70,
  dump.pdb20,
- dump.ar;
+ dump.ar,
+ dump.mdmp;

app/dumper.d

@@ -139,7 +139,7 @@ int app_dump() {
  print_string("format", adbg_object_name(o));
  print_string("short_name", adbg_object_short_name(o));
 
- switch (o.format) with (AdbgObject) {
+ final switch (o.format) with (AdbgObject) {
  case mz: return dump_mz(dump, o);
  case ne: return dump_ne(dump, o);
  case pe: return dump_pe(dump, o);
@@ -149,7 +149,8 @@ int app_dump() {
  case pdb20: return dump_pdb20(dump, o);
  case pdb70: return dump_pdb70(dump, o);
  case archive: return dump_archive(dump, o);
- default: assert(0, "Invalid object type"); // Raw/unknown
+ case mdmp: return dump_minidump(dump, o);
+ case raw: assert(0, "Unknown object type"); // Raw/unknown
  }
 }
 

src/adbg/include/windows/winnt.d

@@ -5,6 +5,153 @@
 /// License: BSD-3-Clause
 module adbg.include.windows.winnt;
 
+// These are redefined for dumps.
+
+enum MAXIMUM_SUPPORTED_EXTENSION_X86 = 512;
+
+struct FLOATING_SAVE_AREA_X86 {
+ uint ControlWord;
+ uint StatusWord;
+ uint TagWord;
+ uint ErrorOffset;
+ uint ErrorSelector;
+ uint DataOffset;
+ uint DataSelector;
+ ubyte[80] RegisterArea;
+ uint Cr0NpxState;
+}
+
+struct CONTEXT_X86 {
+ uint ContextFlags;
+ uint Dr0;
+ uint Dr1;
+ uint Dr2;
+ uint Dr3;
+ uint Dr6;
+ uint Dr7;
+ FLOATING_SAVE_AREA_X86 FloatSave;
+ uint SegGs;
+ uint SegFs;
+ uint SegEs;
+ uint SegDs;
+ uint Edi;
+ uint Esi;
+ uint Ebx;
+ uint Edx;
+ uint Ecx;
+ uint Eax;
+ uint Ebp;
+ uint Eip;
+ uint SegCs;
+ uint EFlags;
+ uint Esp;
+ uint SegSs;
+ ubyte[MAXIMUM_SUPPORTED_EXTENSION_X86] ExtendedRegisters;
+}
+
+align(16) struct M128A
+{
+ ulong Low;
+ long High;
+}
+alias M128A* PM128A;
+
+struct XMM_SAVE_AREA32
+{
+ ushort ControlWord;
+ ushort StatusWord;
+ ubyte TagWord;
+ ubyte Reserved1;
+ ushort ErrorOpcode;
+ uint ErrorOffset;
+ ushort ErrorSelector;
+ ushort Reserved2;
+ uint DataOffset;
+ ushort DataSelector;
+ ushort Reserved3;
+ uint MxCsr;
+ uint MxCsr_Mask;
+ M128A[8] FloatRegisters;
+ M128A[16] XmmRegisters;
+ ubyte[96] Reserved4;
+}
+alias XMM_SAVE_AREA32 PXMM_SAVE_AREA32;
+
+align(16) struct CONTEXT_X64
+{
+ ulong P1Home;
+ ulong P2Home;
+ ulong P3Home;
+ ulong P4Home;
+ ulong P5Home;
+ ulong P6Home;
+ uint ContextFlags;
+ uint MxCsr;
+ ushort SegCs;
+ ushort SegDs;
+ ushort SegEs;
+ ushort SegFs;
+ ushort SegGs;
+ ushort SegSs;
+ uint EFlags;
+ ulong Dr0;
+ ulong Dr1;
+ ulong Dr2;
+ ulong Dr3;
+ ulong Dr6;
+ ulong Dr7;
+ ulong Rax;
+ ulong Rcx;
+ ulong Rdx;
+ ulong Rbx;
+ ulong Rsp;
+ ulong Rbp;
+ ulong Rsi;
+ ulong Rdi;
+ ulong R8;
+ ulong R9;
+ ulong R10;
+ ulong R11;
+ ulong R12;
+ ulong R13;
+ ulong R14;
+ ulong R15;
+ ulong Rip;
+ union
+ {
+ XMM_SAVE_AREA32 FltSave;
+ XMM_SAVE_AREA32 FloatSave;
+ struct
+ {
+ M128A[2] Header;
+ M128A[8] Legacy;
+ M128A Xmm0;
+ M128A Xmm1;
+ M128A Xmm2;
+ M128A Xmm3;
+ M128A Xmm4;
+ M128A Xmm5;
+ M128A Xmm6;
+ M128A Xmm7;
+ M128A Xmm8;
+ M128A Xmm9;
+ M128A Xmm10;
+ M128A Xmm11;
+ M128A Xmm12;
+ M128A Xmm13;
+ M128A Xmm14;
+ M128A Xmm15;
+ }
+ }
+ M128A[26] VectorRegister;
+ ulong VectorControl;
+ ulong DebugControl;
+ ulong LastBranchToRip;
+ ulong LastBranchFromRip;
+ ulong LastExceptionToRip;
+ ulong LastExceptionFromRip;
+}
+
 version (Windows):
 
 public import core.sys.windows.winnt;