/* $Id: DBGCRemoteKd.cpp 96407 2022-08-22 17:43:14Z vboxsync $ */ /** @file * DBGC - Debugger Console, Windows Kd Remote Stub. */ /* * Copyright (C) 2020-2022 Oracle and/or its affiliates. * * This file is part of VirtualBox base platform packages, as * available from https://www.virtualbox.org. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation, in version 3 of the * License. * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . * * SPDX-License-Identifier: GPL-3.0-only */ /********************************************************************************************************************************* * Header Files * *********************************************************************************************************************************/ #include #include #include /* VMR3GetVM() */ #include /* HMR3IsEnabled */ #include /* NEMR3IsEnabled */ #include #include #include #include #include #include #include #include #include #include #include #include #include "DBGCInternal.h" /********************************************************************************************************************************* * Defined Constants And Macros * *********************************************************************************************************************************/ /** Number of milliseconds we wait for new data to arrive when a new packet was detected. */ #define DBGC_KD_RECV_TIMEOUT_MS UINT32_C(1000) /** NT status code - Success. */ #define NTSTATUS_SUCCESS 0 /** NT status code - buffer overflow. */ #define NTSTATUS_BUFFER_OVERFLOW UINT32_C(0x80000005) /** NT status code - operation unsuccesful. */ #define NTSTATUS_UNSUCCESSFUL UINT32_C(0xc0000001) /** NT status code - operation not implemented. */ #define NTSTATUS_NOT_IMPLEMENTED UINT32_C(0xc0000002) /** NT status code - Object not found. */ #define NTSTATUS_NOT_FOUND UINT32_C(0xc0000225) /** Offset where the KD version block pointer is stored in the KPCR. * From: https://www.geoffchappell.com/studies/windows/km/ntoskrnl/structs/kprcb/amd64.htm */ #define KD_KPCR_VERSION_BLOCK_ADDR_OFF 0x34 /********************************************************************************************************************************* * Structures and Typedefs * *********************************************************************************************************************************/ /** * KD packet header as sent over the wire. */ typedef struct KDPACKETHDR { /** Packet signature (leader) - defines the type of packet. */ uint32_t u32Signature; /** Packet (sub) type. */ uint16_t u16SubType; /** Size of the packet body in bytes.*/ uint16_t cbBody; /** Packet ID. */ uint32_t idPacket; /** Checksum of the packet body. */ uint32_t u32ChkSum; } KDPACKETHDR; AssertCompileSize(KDPACKETHDR, 16); /** Pointer to a packet header. */ typedef KDPACKETHDR *PKDPACKETHDR; /** Pointer to a const packet header. */ typedef const KDPACKETHDR *PCKDPACKETHDR; /** Signature for a data packet. */ #define KD_PACKET_HDR_SIGNATURE_DATA UINT32_C(0x30303030) /** First byte for a data packet header. */ #define KD_PACKET_HDR_SIGNATURE_DATA_BYTE 0x30 /** Signature for a control packet. */ #define KD_PACKET_HDR_SIGNATURE_CONTROL UINT32_C(0x69696969) /** First byte for a control packet header. */ #define KD_PACKET_HDR_SIGNATURE_CONTROL_BYTE 0x69 /** Signature for a breakin packet. */ #define KD_PACKET_HDR_SIGNATURE_BREAKIN UINT32_C(0x62626262) /** First byte for a breakin packet header. */ #define KD_PACKET_HDR_SIGNATURE_BREAKIN_BYTE 0x62 /** @name Packet sub types. * @{ */ #define KD_PACKET_HDR_SUB_TYPE_STATE_CHANGE32 UINT16_C(1) #define KD_PACKET_HDR_SUB_TYPE_STATE_MANIPULATE UINT16_C(2) #define KD_PACKET_HDR_SUB_TYPE_DEBUG_IO UINT16_C(3) #define KD_PACKET_HDR_SUB_TYPE_ACKNOWLEDGE UINT16_C(4) #define KD_PACKET_HDR_SUB_TYPE_RESEND UINT16_C(5) #define KD_PACKET_HDR_SUB_TYPE_RESET UINT16_C(6) #define KD_PACKET_HDR_SUB_TYPE_STATE_CHANGE64 UINT16_C(7) #define KD_PACKET_HDR_SUB_TYPE_POLL_BREAKIN UINT16_C(8) #define KD_PACKET_HDR_SUB_TYPE_TRACE_IO UINT16_C(9) #define KD_PACKET_HDR_SUB_TYPE_CONTROL_REQUEST UINT16_C(10) #define KD_PACKET_HDR_SUB_TYPE_FILE_IO UINT16_C(11) #define KD_PACKET_HDR_SUB_TYPE_MAX UINT16_C(12) /** @} */ /** Initial packet ID value. */ #define KD_PACKET_HDR_ID_INITIAL UINT32_C(0x80800800) /** Packet ID value after a resync. */ #define KD_PACKET_HDR_ID_RESET UINT32_C(0x80800000) /** Trailing byte of a packet. */ #define KD_PACKET_TRAILING_BYTE 0xaa /** Maximum number of parameters in the exception record. */ #define KDPACKETEXCP_PARMS_MAX 15 /** * 64bit exception record. */ typedef struct KDPACKETEXCP64 { /** The exception code identifying the excpetion. */ uint32_t u32ExcpCode; /** Flags associated with the exception. */ uint32_t u32ExcpFlags; /** Pointer to a chained exception record. */ uint64_t u64PtrExcpRecNested; /** Address where the exception occurred. */ uint64_t u64PtrExcpAddr; /** Number of parameters in the exception information array. */ uint32_t cExcpParms; /** Alignment. */ uint32_t u32Alignment; /** Exception parameters array. */ uint64_t au64ExcpParms[KDPACKETEXCP_PARMS_MAX]; } KDPACKETEXCP64; AssertCompileSize(KDPACKETEXCP64, 152); /** Pointer to an exception record. */ typedef KDPACKETEXCP64 *PKDPACKETEXCP64; /** Pointer to a const exception record. */ typedef const KDPACKETEXCP64 *PCKDPACKETEXCP64; /** * amd64 NT context structure. */ typedef struct NTCONTEXT64 { /** The P[1-6]Home members. */ uint64_t au64PHome[6]; /** Context flags indicating the valid bits, see NTCONTEXT_F_XXX. */ uint32_t fContext; /** MXCSR register. */ uint32_t u32RegMxCsr; /** CS selector. */ uint16_t u16SegCs; /** DS selector. */ uint16_t u16SegDs; /** ES selector. */ uint16_t u16SegEs; /** FS selector. */ uint16_t u16SegFs; /** GS selector. */ uint16_t u16SegGs; /** SS selector. */ uint16_t u16SegSs; /** EFlags register. */ uint32_t u32RegEflags; /** DR0 register. */ uint64_t u64RegDr0; /** DR1 register. */ uint64_t u64RegDr1; /** DR2 register. */ uint64_t u64RegDr2; /** DR3 register. */ uint64_t u64RegDr3; /** DR6 register. */ uint64_t u64RegDr6; /** DR7 register. */ uint64_t u64RegDr7; /** RAX register. */ uint64_t u64RegRax; /** RCX register. */ uint64_t u64RegRcx; /** RDX register. */ uint64_t u64RegRdx; /** RBX register. */ uint64_t u64RegRbx; /** RSP register. */ uint64_t u64RegRsp; /** RBP register. */ uint64_t u64RegRbp; /** RSI register. */ uint64_t u64RegRsi; /** RDI register. */ uint64_t u64RegRdi; /** R8 register. */ uint64_t u64RegR8; /** R9 register. */ uint64_t u64RegR9; /** R10 register. */ uint64_t u64RegR10; /** R11 register. */ uint64_t u64RegR11; /** R12 register. */ uint64_t u64RegR12; /** R13 register. */ uint64_t u64RegR13; /** R14 register. */ uint64_t u64RegR14; /** R15 register. */ uint64_t u64RegR15; /** RIP register. */ uint64_t u64RegRip; /** Extended floating point save area. */ X86FXSTATE FxSave; /** AVX(?) vector registers. */ RTUINT128U aRegsVec[26]; /** Vector control register. */ uint64_t u64RegVecCtrl; /** Debug control. */ uint64_t u64DbgCtrl; /** @todo lbr */ uint64_t u64LastBrToRip; uint64_t u64LastBrFromRip; uint64_t u64LastExcpToRip; uint64_t u64LastExcpFromRip; } NTCONTEXT64; AssertCompileSize(NTCONTEXT64, 1232); AssertCompileMemberOffset(NTCONTEXT64, FxSave, 0x100); AssertCompileMemberOffset(NTCONTEXT64, aRegsVec, 0x300); /** Pointer to an amd64 NT context. */ typedef NTCONTEXT64 *PNTCONTEXT64; /** Pointer to a const amd64 NT context. */ typedef const NTCONTEXT64 *PCNTCONTEXT64; /** * 64bit [GI]DT descriptor. */ typedef struct NTKCONTEXTDESC64 { /** Alignment. */ uint16_t au16Alignment[3]; /** Limit. */ uint16_t u16Limit; /** Base address. */ uint64_t u64PtrBase; } NTKCONTEXTDESC64; AssertCompileSize(NTKCONTEXTDESC64, 2 * 8); /** Pointer to a 64bit [GI]DT descriptor. */ typedef NTKCONTEXTDESC64 *PNTKCONTEXTDESC64; /** Pointer to a const 64bit [GI]DT descriptor. */ typedef const NTKCONTEXTDESC64 *PCNTKCONTEXTDESC64; /** * Kernel context as queried by KD_PACKET_MANIPULATE_REQ_READ_CTRL_SPACE */ typedef struct NTKCONTEXT64 { /** CR0 register. */ uint64_t u64RegCr0; /** CR2 register. */ uint64_t u64RegCr2; /** CR3 register. */ uint64_t u64RegCr3; /** CR4 register. */ uint64_t u64RegCr4; /** DR0 register. */ uint64_t u64RegDr0; /** DR1 register. */ uint64_t u64RegDr1; /** DR2 register. */ uint64_t u64RegDr2; /** DR3 register. */ uint64_t u64RegDr3; /** DR6 register. */ uint64_t u64RegDr6; /** DR7 register. */ uint64_t u64RegDr7; /** GDTR. */ NTKCONTEXTDESC64 Gdtr; /** IDTR. */ NTKCONTEXTDESC64 Idtr; /** TR register. */ uint16_t u16RegTr; /** LDTR register. */ uint16_t u16RegLdtr; /** MXCSR register. */ uint32_t u32RegMxCsr; /** Debug control. */ uint64_t u64DbgCtrl; /** @todo lbr */ uint64_t u64LastBrToRip; uint64_t u64LastBrFromRip; uint64_t u64LastExcpToRip; uint64_t u64LastExcpFromRip; /** CR8 register. */ uint64_t u64RegCr8; /** GS base MSR register. */ uint64_t u64MsrGsBase; /** Kernel GS base MSR register. */ uint64_t u64MsrKernelGsBase; /** STAR MSR register. */ uint64_t u64MsrStar; /** LSTAR MSR register. */ uint64_t u64MsrLstar; /** CSTAR MSR register. */ uint64_t u64MsrCstar; /** SFMASK MSR register. */ uint64_t u64MsrSfMask; /** XCR0 register. */ uint64_t u64RegXcr0; /** Standard context. */ NTCONTEXT64 Ctx; } NTKCONTEXT64; AssertCompileMemberOffset(NTKCONTEXT64, Ctx, 224); /** Pointer to an amd64 NT context. */ typedef NTKCONTEXT64 *PNTKCONTEXT64; /** Pointer to a const amd64 NT context. */ typedef const NTKCONTEXT64 *PCNTKCONTEXT64; /** * 32bit context FPU save area. */ typedef struct NTCONTEXT32_FPU_SAVE_AREA { uint32_t u32CtrlWord; uint32_t u32StatusWord; uint32_t u32TagWord; uint32_t u32ErrorOff; uint32_t u32ErrorSel; uint32_t u32DataOff; uint32_t u32DataSel; uint8_t abRegArea[80]; uint32_t u32Cr0Npx; } NTCONTEXT32_FPU_SAVE_AREA; /** Pointer to an 32bit context FPU save area. */ typedef NTCONTEXT32_FPU_SAVE_AREA *PNTCONTEXT32_FPU_SAVE_AREA; /** Pointer to a const 32bit context FPU save area. */ typedef const NTCONTEXT32_FPU_SAVE_AREA *PCNTCONTEXT32_FPU_SAVE_AREA; /** * i386 NT context structure. */ typedef struct NTCONTEXT32 { /** Context flags indicating the valid bits, see NTCONTEXT_F_XXX. */ uint32_t fContext; /** DR0 register. */ uint32_t u32RegDr0; /** DR1 register. */ uint32_t u32RegDr1; /** DR2 register. */ uint32_t u32RegDr2; /** DR3 register. */ uint32_t u32RegDr3; /** DR6 register. */ uint32_t u32RegDr6; /** DR7 register. */ uint32_t u32RegDr7; /** Floating point save area. */ NTCONTEXT32_FPU_SAVE_AREA FloatSave; /** GS segment. */ uint32_t u32SegGs; /** FS segment. */ uint32_t u32SegFs; /** ES segment. */ uint32_t u32SegEs; /** DS segment. */ uint32_t u32SegDs; /** EDI register. */ uint32_t u32RegEdi; /** ESI register. */ uint32_t u32RegEsi; /** EBX register. */ uint32_t u32RegEbx; /** EDX register. */ uint32_t u32RegEdx; /** ECX register. */ uint32_t u32RegEcx; /** EAX register. */ uint32_t u32RegEax; /** EBP register. */ uint32_t u32RegEbp; /** EIP register. */ uint32_t u32RegEip; /** CS segment. */ uint32_t u32SegCs; /** EFLAGS register. */ uint32_t u32RegEflags; /** ESP register. */ uint32_t u32RegEsp; /** SS segment. */ uint32_t u32SegSs; /** @todo Extended registers */ uint8_t abRegsExtended[512]; } NTCONTEXT32; AssertCompileSize(NTCONTEXT32, 716); /** Pointer to an i386 NT context. */ typedef NTCONTEXT32 *PNTCONTEXT32; /** Pointer to a const i386 NT context. */ typedef const NTCONTEXT32 *PCNTCONTEXT32; /** * 32bit [GI]DT descriptor. */ typedef struct NTKCONTEXTDESC32 { /** Alignment. */ uint16_t u16Alignment; /** Limit. */ uint16_t u16Limit; /** Base address. */ uint32_t u32PtrBase; } NTKCONTEXTDESC32; AssertCompileSize(NTKCONTEXTDESC32, 2 * 4); /** Pointer to an 32bit [GI]DT descriptor. */ typedef NTKCONTEXTDESC32 *PNTKCONTEXTDESC32; /** Pointer to a const 32bit [GI]DT descriptor. */ typedef const NTKCONTEXTDESC32 *PCNTKCONTEXTDESC32; /** * 32bit Kernel context as queried by KD_PACKET_MANIPULATE_REQ_READ_CTRL_SPACE */ typedef struct NTKCONTEXT32 { /** CR0 register. */ uint32_t u32RegCr0; /** CR2 register. */ uint32_t u32RegCr2; /** CR3 register. */ uint32_t u32RegCr3; /** CR4 register. */ uint32_t u32RegCr4; /** DR0 register. */ uint32_t u32RegDr0; /** DR1 register. */ uint32_t u32RegDr1; /** DR2 register. */ uint32_t u32RegDr2; /** DR3 register. */ uint32_t u32RegDr3; /** DR6 register. */ uint32_t u32RegDr6; /** DR7 register. */ uint32_t u32RegDr7; /** GDTR. */ NTKCONTEXTDESC32 Gdtr; /** IDTR. */ NTKCONTEXTDESC32 Idtr; /** TR register. */ uint16_t u16RegTr; /** LDTR register. */ uint16_t u16RegLdtr; /** Padding. */ uint8_t abPad[24]; } NTKCONTEXT32; AssertCompileSize(NTKCONTEXT32, 84); /** Pointer to an i386 NT context. */ typedef NTKCONTEXT32 *PNTKCONTEXT32; /** Pointer to a const i386 NT context. */ typedef const NTKCONTEXT32 *PCNTKCONTEXT32; /** x86 context. */ #define NTCONTEXT_F_X86 UINT32_C(0x00010000) /** AMD64 context. */ #define NTCONTEXT_F_AMD64 UINT32_C(0x00100000) /** Control registers valid (CS, (R)SP, (R)IP, FLAGS and BP). */ #define NTCONTEXT_F_CONTROL RT_BIT_32(0) /** Integer registers valid. */ #define NTCONTEXT_F_INTEGER RT_BIT_32(1) /** Segment registers valid. */ #define NTCONTEXT_F_SEGMENTS RT_BIT_32(2) /** Floating point registers valid. */ #define NTCONTEXT_F_FLOATING_POINT RT_BIT_32(3) /** Debug registers valid. */ #define NTCONTEXT_F_DEBUG RT_BIT_32(4) /** Extended registers valid (x86 only). */ #define NTCONTEXT_F_EXTENDED RT_BIT_32(5) /** Full x86 context valid. */ #define NTCONTEXT32_F_FULL (NTCONTEXT_F_X86 | NTCONTEXT_F_CONTROL | NTCONTEXT_F_INTEGER | NTCONTEXT_F_SEGMENTS) /** Full amd64 context valid. */ #define NTCONTEXT64_F_FULL (NTCONTEXT_F_AMD64 | NTCONTEXT_F_CONTROL | NTCONTEXT_F_INTEGER | NTCONTEXT_F_SEGMENTS) /** * 32bit exception record. */ typedef struct KDPACKETEXCP32 { /** The exception code identifying the excpetion. */ uint32_t u32ExcpCode; /** Flags associated with the exception. */ uint32_t u32ExcpFlags; /** Pointer to a chained exception record. */ uint32_t u32PtrExcpRecNested; /** Address where the exception occurred. */ uint32_t u32PtrExcpAddr; /** Number of parameters in the exception information array. */ uint32_t cExcpParms; /** Exception parameters array. */ uint32_t au32ExcpParms[KDPACKETEXCP_PARMS_MAX]; } KDPACKETEXCP32; AssertCompileSize(KDPACKETEXCP32, 80); /** Pointer to an exception record. */ typedef KDPACKETEXCP32 *PKDPACKETEXCP32; /** Pointer to a const exception record. */ typedef const KDPACKETEXCP32 *PCKDPACKETEXCP32; /** @name Exception codes. * @{ */ /** A breakpoint was hit. */ #define KD_PACKET_EXCP_CODE_BKPT UINT32_C(0x80000003) /** An instruction was single stepped. */ #define KD_PACKET_EXCP_CODE_SINGLE_STEP UINT32_C(0x80000004) /** @} */ /** Maximum number of bytes in the instruction stream. */ #define KD_PACKET_CTRL_REPORT_INSN_STREAM_MAX 16 /** * 64bit control report record. */ typedef struct KDPACKETCTRLREPORT64 { /** Value of DR6. */ uint64_t u64RegDr6; /** Value of DR7. */ uint64_t u64RegDr7; /** EFLAGS. */ uint32_t u32RegEflags; /** Number of instruction bytes in the instruction stream. */ uint16_t cbInsnStream; /** Report flags. */ uint16_t fFlags; /** The instruction stream. */ uint8_t abInsn[KD_PACKET_CTRL_REPORT_INSN_STREAM_MAX]; /** CS selector. */ uint16_t u16SegCs; /** DS selector. */ uint16_t u16SegDs; /** ES selector. */ uint16_t u16SegEs; /** FS selector. */ uint16_t u16SegFs; } KDPACKETCTRLREPORT64; AssertCompileSize(KDPACKETCTRLREPORT64, 2 * 8 + 4 + 2 * 2 + 16 + 4 * 2); /** Pointer to a control report record. */ typedef KDPACKETCTRLREPORT64 *PKDPACKETCTRLREPORT64; /** Pointer to a const control report record. */ typedef const KDPACKETCTRLREPORT64 *PCKDPACKETCTRLREPORT64; /** * 64bit state change packet body. */ typedef struct KDPACKETSTATECHANGE64 { /** The new state. */ uint32_t u32StateNew; /** The processor level. */ uint16_t u16CpuLvl; /** The processor ID generating the state change. */ uint16_t idCpu; /** Number of processors in the system. */ uint32_t cCpus; /** Alignment. */ uint32_t u32Alignment; /** The thread ID currently executing when the state change occurred. */ uint64_t idThread; /** Program counter of the thread. */ uint64_t u64RipThread; /** Data based on the state. */ union { /** Exception occurred data. */ struct { /** The exception record. */ KDPACKETEXCP64 ExcpRec; /** First chance(?). */ uint32_t u32FirstChance; } Exception; } u; /** The control report */ union { /** AMD64 control report. */ KDPACKETCTRLREPORT64 Amd64; } uCtrlReport; } KDPACKETSTATECHANGE64; //AssertCompileSize(KDPACKETSTATECHANGE64, 4 + 2 * 2 + 2 * 4 + 2 * 8 + sizeof(KDPACKETEXCP64) + 4 + sizeof(KDPACKETCTRLREPORT64)); /** Pointer to a 64bit state change packet body. */ typedef KDPACKETSTATECHANGE64 *PKDPACKETSTATECHANGE64; /** Pointer to a const 64bit state change packet body. */ typedef const KDPACKETSTATECHANGE64 *PCKDPACKETSTATECHANGE64; /** @name State change state types. * @{ */ /** Minimum state change type. */ #define KD_PACKET_STATE_CHANGE_MIN UINT32_C(0x00003030) /** An exception occured. */ #define KD_PACKET_STATE_CHANGE_EXCEPTION KD_PACKET_STATE_CHANGE_MIN /** Symbols were loaded(?). */ #define KD_PACKET_STATE_CHANGE_LOAD_SYMBOLS UINT32_C(0x00003031) /** Command string (custom command was executed?). */ #define KD_PACKET_STATE_CHANGE_CMD_STRING UINT32_C(0x00003032) /** Maximum state change type (exclusive). */ #define KD_PACKET_STATE_CHANGE_MAX UINT32_C(0x00003033) /** @} */ /** * Debug I/O payload. */ typedef struct KDPACKETDEBUGIO { /** Debug I/O payload type (KD_PACKET_DEBUG_IO_STRING). */ uint32_t u32Type; /** The processor level. */ uint16_t u16CpuLvl; /** The processor ID generating this packet. */ uint16_t idCpu; /** Type dependent data. */ union { /** Debug string sent. */ struct { /** Length of the string following in bytes. */ uint32_t cbStr; /** Some padding it looks like. */ uint32_t u32Pad; } Str; /** Debug prompt. */ struct { /** Length of prompt. */ uint32_t cbPrompt; /** Size of the string returned on success. */ uint32_t cbReturn; } Prompt; } u; } KDPACKETDEBUGIO; AssertCompileSize(KDPACKETDEBUGIO, 16); /** Pointer to a Debug I/O payload. */ typedef KDPACKETDEBUGIO *PKDPACKETDEBUGIO; /** Pointer to a const Debug I/O payload. */ typedef const KDPACKETDEBUGIO *PCKDPACKETDEBUGIO; /** @name Debug I/O types. * @{ */ /** Debug string output (usually DbgPrint() and friends). */ #define KD_PACKET_DEBUG_IO_STRING UINT32_C(0x00003230) /** Get debug string (DbgPrompt()). */ #define KD_PACKET_DEBUG_IO_GET_STRING UINT32_C(0x00003231) /** @} */ /** * 64bit get version manipulate payload. */ typedef struct KDPACKETMANIPULATE_GETVERSION64 { /** Major version. */ uint16_t u16VersMaj; /** Minor version. */ uint16_t u16VersMin; /** Protocol version. */ uint8_t u8VersProtocol; /** KD secondary version. */ uint8_t u8VersKdSecondary; /** Flags. */ uint16_t fFlags; /** Machine type. */ uint16_t u16MachineType; /** Maximum packet type. */ uint8_t u8MaxPktType; /** Maximum state change */ uint8_t u8MaxStateChange; /** Maximum manipulate request ID. */ uint8_t u8MaxManipulate; /** Some simulation flag. */ uint8_t u8Simulation; /** Padding. */ uint16_t u16Padding; /** Kernel base. */ uint64_t u64PtrKernBase; /** Pointer of the loaded module list head. */ uint64_t u64PtrPsLoadedModuleList; /** Pointer of the debugger data list. */ uint64_t u64PtrDebuggerDataList; } KDPACKETMANIPULATE_GETVERSION64; AssertCompileSize(KDPACKETMANIPULATE_GETVERSION64, 40); /** Pointer to a 64bit get version manipulate payload. */ typedef KDPACKETMANIPULATE_GETVERSION64 *PKDPACKETMANIPULATE_GETVERSION64; /** Pointer to a const 64bit get version manipulate payload. */ typedef const KDPACKETMANIPULATE_GETVERSION64 *PCKDPACKETMANIPULATE_GETVERSION64; /** @name Get version flags. * @{ */ /** Flag whether this is a multi processor kernel. */ #define KD_PACKET_MANIPULATE64_GET_VERSION_F_MP RT_BIT_32(0) /** Flag whether the pointer is 64bit. */ #define KD_PACKET_MANIPULATE64_GET_VERSION_F_PTR64 RT_BIT_32(2) /** @} */ /** * 64bit memory transfer manipulate payload. */ typedef struct KDPACKETMANIPULATE_XFERMEM64 { /** Target base address. */ uint64_t u64PtrTarget; /** Requested number of bytes to transfer*/ uint32_t cbXferReq; /** Number of bytes actually transferred (response). */ uint32_t cbXfered; /** Some padding?. */ uint64_t au64Pad[3]; } KDPACKETMANIPULATE_XFERMEM64; AssertCompileSize(KDPACKETMANIPULATE_XFERMEM64, 40); /** Pointer to a 64bit memory transfer manipulate payload. */ typedef KDPACKETMANIPULATE_XFERMEM64 *PKDPACKETMANIPULATE_XFERMEM64; /** Pointer to a const 64bit memory transfer manipulate payload. */ typedef const KDPACKETMANIPULATE_XFERMEM64 *PCKDPACKETMANIPULATE_XFERMEM64; /** * 64bit control space transfer manipulate payload. * * @note Same layout as the memory transfer but the pointer has a different meaning so * we moved it into a separate request structure. */ typedef struct KDPACKETMANIPULATE_XFERCTRLSPACE64 { /** Identifier of the item to transfer in the control space. */ uint64_t u64IdXfer; /** Requested number of bytes to transfer*/ uint32_t cbXferReq; /** Number of bytes actually transferred (response). */ uint32_t cbXfered; /** Some padding?. */ uint64_t au64Pad[3]; } KDPACKETMANIPULATE_XFERCTRLSPACE64; AssertCompileSize(KDPACKETMANIPULATE_XFERCTRLSPACE64, 40); /** Pointer to a 64bit memory transfer manipulate payload. */ typedef KDPACKETMANIPULATE_XFERCTRLSPACE64 *PKDPACKETMANIPULATE_XFERCTRLSPACE64; /** Pointer to a const 64bit memory transfer manipulate payload. */ typedef const KDPACKETMANIPULATE_XFERCTRLSPACE64 *PCKDPACKETMANIPULATE_XFERCTRLSPACE64; /** @name Known control space identifiers. * @{ */ /** Read/Write KPCR address. */ #define KD_PACKET_MANIPULATE64_CTRL_SPACE_ID_KPCR UINT64_C(0) /** Read/Write KPCRB address. */ #define KD_PACKET_MANIPULATE64_CTRL_SPACE_ID_KPCRB UINT64_C(1) /** Read/Write Kernel context. */ #define KD_PACKET_MANIPULATE64_CTRL_SPACE_ID_KCTX UINT64_C(2) /** Read/Write current kernel thread. */ #define KD_PACKET_MANIPULATE64_CTRL_SPACE_ID_KTHRD UINT64_C(3) /** @} */ /** * 64bit restore breakpoint manipulate payload. */ typedef struct KDPACKETMANIPULATE_RESTOREBKPT64 { /** The breakpoint handle to restore. */ uint32_t u32HndBkpt; /** Blows up the request to the required size. */ uint8_t abPad[36]; } KDPACKETMANIPULATE_RESTOREBKPT64; AssertCompileSize(KDPACKETMANIPULATE_RESTOREBKPT64, 40); /** Pointer to a 64bit restore breakpoint manipulate payload. */ typedef KDPACKETMANIPULATE_RESTOREBKPT64 *PKDPACKETMANIPULATE_RESTOREBKPT64; /** Pointer to a const 64bit restore breakpoint manipulate payload. */ typedef const KDPACKETMANIPULATE_RESTOREBKPT64 *PCKDPACKETMANIPULATE_RESTOREBKPT64; /** * 64bit write breakpoint manipulate payload. */ typedef struct KDPACKETMANIPULATE_WRITEBKPT64 { /** Where to write the breakpoint. */ uint64_t u64PtrBkpt; /** The breakpoint handle returned in the response. */ uint32_t u32HndBkpt; /** Blows up the request to the required size. */ uint8_t abPad[28]; } KDPACKETMANIPULATE_WRITEBKPT64; AssertCompileSize(KDPACKETMANIPULATE_WRITEBKPT64, 40); /** Pointer to a 64bit write breakpoint manipulate payload. */ typedef KDPACKETMANIPULATE_WRITEBKPT64 *PKDPACKETMANIPULATE_WRITEBKPT64; /** Pointer to a const 64bit write breakpoint manipulate payload. */ typedef const KDPACKETMANIPULATE_WRITEBKPT64 *PCKDPACKETMANIPULATE_WRITEBKPT64; /** * Context extended manipulate payload. */ typedef struct KDPACKETMANIPULATE_CONTEXTEX { /** Where to start copying the context. */ uint32_t offStart; /** Number of bytes to transfer. */ uint32_t cbXfer; /** Number of bytes actually transfered. */ uint32_t cbXfered; /** Blows up the request to the required size. */ uint8_t abPad[28]; } KDPACKETMANIPULATE_CONTEXTEX; AssertCompileSize(KDPACKETMANIPULATE_CONTEXTEX, 40); /** Pointer to a context extended manipulate payload. */ typedef KDPACKETMANIPULATE_CONTEXTEX *PKDPACKETMANIPULATE_CONTEXTEX; /** Pointer to a const context extended manipulate payload. */ typedef const KDPACKETMANIPULATE_CONTEXTEX *PCKDPACKETMANIPULATE_CONTEXTEX; /** * Continue manipulate payload. */ typedef struct KDPACKETMANIPULATE_CONTINUE { /** Continue (status?). */ uint32_t u32NtContSts; /** Blows up the request to the required size. */ uint8_t abPad[36]; } KDPACKETMANIPULATE_CONTINUE; AssertCompileSize(KDPACKETMANIPULATE_CONTINUE, 40); /** Pointer to a continue manipulate payload. */ typedef KDPACKETMANIPULATE_CONTINUE *PKDPACKETMANIPULATE_CONTINUE; /** Pointer to a const continue manipulate payload. */ typedef const KDPACKETMANIPULATE_CONTINUE *PCKDPACKETMANIPULATE_CONTINUE; /** * Continue 2 manipulate payload. */ typedef struct KDPACKETMANIPULATE_CONTINUE2 { /** Continue (status?). */ uint32_t u32NtContSts; /** Trace flag. */ uint32_t fTrace; /** Bitsize dependent data. */ union { /** 32bit. */ struct { /** DR7 value to continue with. */ uint32_t u32RegDr7; /** @todo (?) */ uint32_t u32SymCurStart; uint32_t u32SymCurEnd; } x86; /** 64bit. */ struct { /** DR7 value to continue with. */ uint64_t u64RegDr7; /** @todo (?) */ uint64_t u64SymCurStart; uint64_t u64SymCurEnd; } amd64; } u; /** Blows up the request to the required size. */ uint8_t abPad[8]; } KDPACKETMANIPULATE_CONTINUE2; AssertCompileSize(KDPACKETMANIPULATE_CONTINUE2, 40); /** Pointer to a continue 2 manipulate payload. */ typedef KDPACKETMANIPULATE_CONTINUE2 *PKDPACKETMANIPULATE_CONTINUE2; /** Pointer to a const continue 2 manipulate payload. */ typedef const KDPACKETMANIPULATE_CONTINUE2 *PCKDPACKETMANIPULATE_CONTINUE2; /** * Set context manipulate payload. */ typedef struct KDPACKETMANIPULATE_SETCONTEXT { /** Continue (status?). */ uint32_t u32CtxFlags; /** Blows up the request to the required size. */ uint8_t abPad[36]; } KDPACKETMANIPULATE_SETCONTEXT; AssertCompileSize(KDPACKETMANIPULATE_SETCONTEXT, 40); /** Pointer to a set context manipulate payload. */ typedef KDPACKETMANIPULATE_SETCONTEXT *PKDPACKETMANIPULATE_SETCONTEXT; /** Pointer to a const set context manipulate payload. */ typedef const KDPACKETMANIPULATE_SETCONTEXT *PCKDPACKETMANIPULATE_SETCONTEXT; /** * Query memory properties payload. */ typedef struct KDPACKETMANIPULATE_QUERYMEMORY { /** The address to query the properties for. */ uint64_t u64GCPtr; /** Reserved. */ uint64_t u64Rsvd; /** Address space type on return. */ uint32_t u32AddrSpace; /** Protection flags. */ uint32_t u32Flags; /** Blows up the request to the required size. */ uint8_t abPad[16]; } KDPACKETMANIPULATE_QUERYMEMORY; AssertCompileSize(KDPACKETMANIPULATE_QUERYMEMORY, 40); /** Pointer to a query memory properties payload. */ typedef KDPACKETMANIPULATE_QUERYMEMORY *PKDPACKETMANIPULATE_QUERYMEMORY; /** Pointer to a const query memory properties payload. */ typedef const KDPACKETMANIPULATE_QUERYMEMORY *PCKDPACKETMANIPULATE_QUERYMEMORY; /** @name Query memory address space identifiers. * @{ */ /** Process memory space. */ #define KD_PACKET_MANIPULATE64_QUERY_MEMORY_ADDR_SPACE_PROCESS UINT32_C(0) /** Session memory space. */ #define KD_PACKET_MANIPULATE64_QUERY_MEMORY_ADDR_SPACE_SESSION UINT32_C(1) /** Kernel memory space. */ #define KD_PACKET_MANIPULATE64_QUERY_MEMORY_ADDR_SPACE_KERNEL UINT32_C(2) /** @} */ /** @name Query memory address protection flags. * @{ */ /** Readable. */ #define KD_PACKET_MANIPULATE64_QUERY_MEMORY_ADDR_F_READ RT_BIT_32(0) /** Writable. */ #define KD_PACKET_MANIPULATE64_QUERY_MEMORY_ADDR_F_WRITE RT_BIT_32(1) /** Executable. */ #define KD_PACKET_MANIPULATE64_QUERY_MEMORY_ADDR_F_EXEC RT_BIT_32(2) /** Fixed address. */ #define KD_PACKET_MANIPULATE64_QUERY_MEMORY_ADDR_F_FIXED RT_BIT_32(3) /** @} */ /** * Search memory payload. */ typedef struct KDPACKETMANIPULATE_SEARCHMEMORY { /** The address to start searching at on input, found address on output. */ uint64_t u64GCPtr; /** Number of bytes to search. */ uint64_t cbSearch; /** Length of the pattern to search for following the payload. */ uint32_t cbPattern; /** Padding to the required size. */ uint32_t au32Pad[5]; } KDPACKETMANIPULATE_SEARCHMEMORY; AssertCompileSize(KDPACKETMANIPULATE_SEARCHMEMORY, 40); /** Pointer to a search memory properties payload. */ typedef KDPACKETMANIPULATE_SEARCHMEMORY *PKDPACKETMANIPULATE_SEARCHMEMORY; /** Pointer to a const search memory properties payload. */ typedef const KDPACKETMANIPULATE_SEARCHMEMORY *PCKDPACKETMANIPULATE_SEARCHMEMORY; /** * Manipulate request packet header (Same for 32bit and 64bit). */ typedef struct KDPACKETMANIPULATEHDR { /** The request to execute. */ uint32_t idReq; /** The processor level to execute the request on. */ uint16_t u16CpuLvl; /** The processor ID to execute the request on. */ uint16_t idCpu; /** Return status code. */ uint32_t u32NtStatus; /** Alignment. */ uint32_t u32Alignment; } KDPACKETMANIPULATEHDR; AssertCompileSize(KDPACKETMANIPULATEHDR, 3 * 4 + 2 * 2); /** Pointer to a manipulate request packet header. */ typedef KDPACKETMANIPULATEHDR *PKDPACKETMANIPULATEHDR; /** Pointer to a const manipulate request packet header. */ typedef const KDPACKETMANIPULATEHDR *PCPKDPACKETMANIPULATEHDR; /** * 64bit manipulate state request packet. */ typedef struct KDPACKETMANIPULATE64 { /** Header. */ KDPACKETMANIPULATEHDR Hdr; /** Request payloads. */ union { /** Get Version. */ KDPACKETMANIPULATE_GETVERSION64 GetVersion; /** Read/Write memory. */ KDPACKETMANIPULATE_XFERMEM64 XferMem; /** Continue. */ KDPACKETMANIPULATE_CONTINUE Continue; /** Continue2. */ KDPACKETMANIPULATE_CONTINUE2 Continue2; /** Set context. */ KDPACKETMANIPULATE_SETCONTEXT SetContext; /** Read/Write control space. */ KDPACKETMANIPULATE_XFERCTRLSPACE64 XferCtrlSpace; /** Restore breakpoint. */ KDPACKETMANIPULATE_RESTOREBKPT64 RestoreBkpt; /** Write breakpoint. */ KDPACKETMANIPULATE_WRITEBKPT64 WriteBkpt; /** Context extended. */ KDPACKETMANIPULATE_CONTEXTEX ContextEx; /** Query memory. */ KDPACKETMANIPULATE_QUERYMEMORY QueryMemory; /** Search memory. */ KDPACKETMANIPULATE_SEARCHMEMORY SearchMemory; } u; } KDPACKETMANIPULATE64; AssertCompileSize(KDPACKETMANIPULATE64, 16 + 40); /** Pointer to a 64bit manipulate state request packet. */ typedef KDPACKETMANIPULATE64 *PKDPACKETMANIPULATE64; /** Pointer to a const 64bit manipulate state request packet. */ typedef const KDPACKETMANIPULATE64 *PCKDPACKETMANIPULATE64; /** @name Manipulate requests. * @{ */ /** Minimum available request. */ #define KD_PACKET_MANIPULATE_REQ_MIN UINT32_C(0x00003130) /** Read virtual memory request. */ #define KD_PACKET_MANIPULATE_REQ_READ_VIRT_MEM KD_PACKET_MANIPULATE_REQ_MIN /** Write virtual memory request. */ #define KD_PACKET_MANIPULATE_REQ_WRITE_VIRT_MEM UINT32_C(0x00003131) /** Get context request. */ #define KD_PACKET_MANIPULATE_REQ_GET_CONTEXT UINT32_C(0x00003132) /** Set context request. */ #define KD_PACKET_MANIPULATE_REQ_SET_CONTEXT UINT32_C(0x00003133) /** Write breakpoint request. */ #define KD_PACKET_MANIPULATE_REQ_WRITE_BKPT UINT32_C(0x00003134) /** Restore breakpoint request. */ #define KD_PACKET_MANIPULATE_REQ_RESTORE_BKPT UINT32_C(0x00003135) /** Continue request. */ #define KD_PACKET_MANIPULATE_REQ_CONTINUE UINT32_C(0x00003136) /** Read control space request. */ #define KD_PACKET_MANIPULATE_REQ_READ_CTRL_SPACE UINT32_C(0x00003137) /** Write control space request. */ #define KD_PACKET_MANIPULATE_REQ_WRITE_CTRL_SPACE UINT32_C(0x00003138) /** Read I/O space request. */ #define KD_PACKET_MANIPULATE_REQ_READ_IO_SPACE UINT32_C(0x00003139) /** Write I/O space request. */ #define KD_PACKET_MANIPULATE_REQ_WRITE_IO_SPACE UINT32_C(0x0000313a) /** Reboot request. */ #define KD_PACKET_MANIPULATE_REQ_REBOOT UINT32_C(0x0000313b) /** continue 2nd version request. */ #define KD_PACKET_MANIPULATE_REQ_CONTINUE2 UINT32_C(0x0000313c) /** Read physical memory request. */ #define KD_PACKET_MANIPULATE_REQ_READ_PHYS_MEM UINT32_C(0x0000313d) /** Write physical memory request. */ #define KD_PACKET_MANIPULATE_REQ_WRITE_PHYS_MEM UINT32_C(0x0000313e) /** Query special calls request. */ #define KD_PACKET_MANIPULATE_REQ_QUERY_SPEC_CALLS UINT32_C(0x0000313f) /** Set special calls request. */ #define KD_PACKET_MANIPULATE_REQ_SET_SPEC_CALLS UINT32_C(0x00003140) /** Clear special calls request. */ #define KD_PACKET_MANIPULATE_REQ_CLEAR_SPEC_CALLS UINT32_C(0x00003141) /** Set internal breakpoint request. */ #define KD_PACKET_MANIPULATE_REQ_SET_INTERNAL_BKPT UINT32_C(0x00003142) /** Get internal breakpoint request. */ #define KD_PACKET_MANIPULATE_REQ_GET_INTERNAL_BKPT UINT32_C(0x00003143) /** Read I/O space extended request. */ #define KD_PACKET_MANIPULATE_REQ_READ_IO_SPACE_EX UINT32_C(0x00003144) /** Write I/O space extended request. */ #define KD_PACKET_MANIPULATE_REQ_WRITE_IO_SPACE_EX UINT32_C(0x00003145) /** Get version request. */ #define KD_PACKET_MANIPULATE_REQ_GET_VERSION UINT32_C(0x00003146) /** Write breakpoint extended request. */ #define KD_PACKET_MANIPULATE_REQ_WRITE_BKPT_EX UINT32_C(0x00003147) /** Restore breakpoint extended request. */ #define KD_PACKET_MANIPULATE_REQ_RESTORE_BKPT_EX UINT32_C(0x00003148) /** Cause a bugcheck request. */ #define KD_PACKET_MANIPULATE_REQ_CAUSE_BUGCHECK UINT32_C(0x00003149) /** Cause a bugcheck request. */ #define KD_PACKET_MANIPULATE_REQ_SWITCH_PROCESSOR UINT32_C(0x00003150) /** @todo 0x3151-0x3155 */ /** Search memory for a pattern request. */ #define KD_PACKET_MANIPULATE_REQ_SEARCH_MEMORY UINT32_C(0x00003156) /** @todo 0x3157-0x3159 */ /** Clear all internal breakpoints request. */ #define KD_PACKET_MANIPULATE_REQ_CLEAR_ALL_INTERNAL_BKPT UINT32_C(0x0000315a) /** Fill memory. */ #define KD_PACKET_MANIPULATE_REQ_FILL_MEMORY UINT32_C(0x0000315b) /** Query memory properties. */ #define KD_PACKET_MANIPULATE_REQ_QUERY_MEMORY UINT32_C(0x0000315c) /** @todo 0x315d, 0x315e */ /** Get context extended request. */ #define KD_PACKET_MANIPULATE_REQ_GET_CONTEXT_EX UINT32_C(0x0000315f) /** @todo 0x3160 */ /** Maximum available request (exclusive). */ #define KD_PACKET_MANIPULATE_REQ_MAX UINT32_C(0x00003161) /** @} */ /** * KD stub receive state. */ typedef enum KDRECVSTATE { /** Invalid state. */ KDRECVSTATE_INVALID = 0, /** Receiving the first byte of the packet header. */ KDRECVSTATE_PACKET_HDR_FIRST_BYTE, /** Receiving the second byte of the packet header. */ KDRECVSTATE_PACKET_HDR_SECOND_BYTE, /** Receiving the header. */ KDRECVSTATE_PACKET_HDR, /** Receiving the packet body. */ KDRECVSTATE_PACKET_BODY, /** Receiving the trailing byte. */ KDRECVSTATE_PACKET_TRAILER, /** Blow up the enum to 32bits for easier alignment of members in structs. */ KDRECVSTATE_32BIT_HACK = 0x7fffffff } KDRECVSTATE; /** * KD emulated hardware breakpoint. */ typedef struct KDCTXHWBP { /** The DBGF breakpoint handle if active, NIL_DBGFBP if not active. */ DBGFBP hDbgfBp; /** The linear address of the breakpoint if active. */ RTGCPTR GCPtrBp; /** Access type of the breakpoint, see X86_DR7_RW_*. */ uint8_t fAcc; /** Length flags of the breakpoint. */ uint8_t fLen; /** Flag whether it is a local breakpoint. */ bool fLocal; /** Flag whether it is a global breakpoint. */ bool fGlobal; /** Flag whether the breakpoint has triggered since the last time of the reset. */ bool fTriggered; } KDCTXHWBP; /** Pointer to an emulated hardware breakpoint. */ typedef KDCTXHWBP *PKDCTXHWBP; /** Pointer to a const emulated hardware breakpoint. */ typedef const KDCTXHWBP *PCKDCTXHWBP; /** * KD context data. */ typedef struct KDCTX { /** Internal debugger console data. */ DBGC Dbgc; /** Number of bytes received left for the current state. */ size_t cbRecvLeft; /** Pointer where to write the next received data. */ uint8_t *pbRecv; /** The current state when receiving a new packet. */ KDRECVSTATE enmState; /** The timeout waiting for new data. */ RTMSINTERVAL msRecvTimeout; /** Timestamp when we last received data from the remote end. */ uint64_t tsRecvLast; /** Packet header being received. */ union { KDPACKETHDR Fields; uint8_t ab[16]; } PktHdr; /** The next packet ID to send. */ uint32_t idPktNext; /** Offset into the body receive buffer. */ size_t offBodyRecv; /** Body data. */ uint8_t abBody[_4K]; /** The trailer byte storage. */ uint8_t bTrailer; /** Flag whether a breakin packet was received since the last time it was reset. */ bool fBreakinRecv; /** Flag whether we entered the native VBox hypervisor through a bugcheck request. */ bool fInVBoxDbg; /** Emulated hardware breakpoint handling. */ KDCTXHWBP aHwBp[4]; /** Flag whether a single step completed since last time this was cleared. */ bool fSingleStepped; /** Pointer to the OS digger WinNt interface if a matching guest was detected. */ PDBGFOSIWINNT pIfWinNt; /** Flag whether the detected guest is 32bit (false if 64bit). */ bool f32Bit; } KDCTX; /** Pointer to the KD context data. */ typedef KDCTX *PKDCTX; /** Pointer to const KD context data. */ typedef const KDCTX *PCKDCTX; /** Pointer to a KD context data pointer. */ typedef PKDCTX *PPKDCTX; /** Creates a possibly sign extended guest context pointer which is required for 32bit targets. */ #define KD_PTR_CREATE(a_pThis, a_GCPtr) ((a_pThis)->f32Bit && ((a_GCPtr) & RT_BIT_32(31)) ? (a_GCPtr) | UINT64_C(0xffffffff00000000) : (a_GCPtr)) /** Returns the value of a possibly sign extended guest context pointer received for 32bit targets. */ #define KD_PTR_GET(a_pThis, a_GCPtr) ((a_pThis)->f32Bit ? (a_GCPtr) & ~UINT64_C(0xffffffff00000000) : (a_GCPtr)) /********************************************************************************************************************************* * Internal Functions * *********************************************************************************************************************************/ static void dbgcKdCtxMsgSend(PKDCTX pThis, bool fWarning, const char *pszMsg); #ifdef LOG_ENABLED /** * Returns a human readable string of the given packet sub type. * * @returns Pointer to sub type string. * @param u16SubType The sub type to convert to a string. */ static const char *dbgcKdPktDumpSubTypeToStr(uint16_t u16SubType) { switch (u16SubType) { case KD_PACKET_HDR_SUB_TYPE_STATE_CHANGE32: return "StateChange32"; case KD_PACKET_HDR_SUB_TYPE_STATE_MANIPULATE: return "Manipulate"; case KD_PACKET_HDR_SUB_TYPE_DEBUG_IO: return "DebugIo"; case KD_PACKET_HDR_SUB_TYPE_ACKNOWLEDGE: return "Ack"; case KD_PACKET_HDR_SUB_TYPE_RESEND: return "Resend"; case KD_PACKET_HDR_SUB_TYPE_RESET: return "Reset"; case KD_PACKET_HDR_SUB_TYPE_STATE_CHANGE64: return "StateChange64"; case KD_PACKET_HDR_SUB_TYPE_POLL_BREAKIN: return "PollBreakin"; case KD_PACKET_HDR_SUB_TYPE_TRACE_IO: return "TraceIo"; case KD_PACKET_HDR_SUB_TYPE_CONTROL_REQUEST: return "ControlRequest"; case KD_PACKET_HDR_SUB_TYPE_FILE_IO: return "FileIo"; default: break; } return ""; } /** * Returns a human readable string of the given manipulate request ID. * * @returns nothing. * @param idReq Request ID (API number in KD speak). */ static const char *dbgcKdPktDumpManipulateReqToStr(uint32_t idReq) { switch (idReq) { case KD_PACKET_MANIPULATE_REQ_READ_VIRT_MEM: return "ReadVirtMem"; case KD_PACKET_MANIPULATE_REQ_WRITE_VIRT_MEM: return "WriteVirtMem"; case KD_PACKET_MANIPULATE_REQ_GET_CONTEXT: return "GetContext"; case KD_PACKET_MANIPULATE_REQ_SET_CONTEXT: return "SetContext"; case KD_PACKET_MANIPULATE_REQ_WRITE_BKPT: return "WriteBkpt"; case KD_PACKET_MANIPULATE_REQ_RESTORE_BKPT: return "RestoreBkpt"; case KD_PACKET_MANIPULATE_REQ_CONTINUE: return "Continue"; case KD_PACKET_MANIPULATE_REQ_READ_CTRL_SPACE: return "ReadCtrlSpace"; case KD_PACKET_MANIPULATE_REQ_WRITE_CTRL_SPACE: return "WriteCtrlSpace"; case KD_PACKET_MANIPULATE_REQ_READ_IO_SPACE: return "ReadIoSpace"; case KD_PACKET_MANIPULATE_REQ_WRITE_IO_SPACE: return "WriteIoSpace"; case KD_PACKET_MANIPULATE_REQ_REBOOT: return "Reboot"; case KD_PACKET_MANIPULATE_REQ_CONTINUE2: return "Continue2"; case KD_PACKET_MANIPULATE_REQ_READ_PHYS_MEM: return "ReadPhysMem"; case KD_PACKET_MANIPULATE_REQ_WRITE_PHYS_MEM: return "WritePhysMem"; case KD_PACKET_MANIPULATE_REQ_QUERY_SPEC_CALLS: return "QuerySpecCalls"; case KD_PACKET_MANIPULATE_REQ_SET_SPEC_CALLS: return "SetSpecCalls"; case KD_PACKET_MANIPULATE_REQ_CLEAR_SPEC_CALLS: return "ClrSpecCalls"; case KD_PACKET_MANIPULATE_REQ_SET_INTERNAL_BKPT: return "SetIntBkpt"; case KD_PACKET_MANIPULATE_REQ_GET_INTERNAL_BKPT: return "GetIntBkpt"; case KD_PACKET_MANIPULATE_REQ_READ_IO_SPACE_EX: return "ReadIoSpaceEx"; case KD_PACKET_MANIPULATE_REQ_WRITE_IO_SPACE_EX: return "WriteIoSpaceEx"; case KD_PACKET_MANIPULATE_REQ_GET_VERSION: return "GetVersion"; case KD_PACKET_MANIPULATE_REQ_CLEAR_ALL_INTERNAL_BKPT: return "ClrAllIntBkpt"; case KD_PACKET_MANIPULATE_REQ_GET_CONTEXT_EX: return "GetContextEx"; case KD_PACKET_MANIPULATE_REQ_QUERY_MEMORY: return "QueryMemory"; case KD_PACKET_MANIPULATE_REQ_CAUSE_BUGCHECK: return "CauseBugCheck"; case KD_PACKET_MANIPULATE_REQ_SWITCH_PROCESSOR: return "SwitchProcessor"; case KD_PACKET_MANIPULATE_REQ_SEARCH_MEMORY: return "SearchMemory"; default: break; } return ""; } /** * Dumps the content of a manipulate packet. * * @returns nothing. * @param pSgBuf S/G buffer containing the manipulate packet payload. */ static void dbgcKdPktDumpManipulate(PRTSGBUF pSgBuf) { KDPACKETMANIPULATEHDR Hdr; size_t cbCopied = RTSgBufCopyToBuf(pSgBuf, &Hdr, sizeof(Hdr)); if (cbCopied == sizeof(Hdr)) { const char *pszReq = dbgcKdPktDumpManipulateReqToStr(Hdr.idReq); Log3((" MANIPULATE(%#x (%s), %#x, %u, %#x)\n", Hdr.idReq, pszReq, Hdr.u16CpuLvl, Hdr.idCpu, Hdr.u32NtStatus)); switch (Hdr.idReq) { case KD_PACKET_MANIPULATE_REQ_READ_VIRT_MEM: case KD_PACKET_MANIPULATE_REQ_WRITE_VIRT_MEM: case KD_PACKET_MANIPULATE_REQ_READ_PHYS_MEM: case KD_PACKET_MANIPULATE_REQ_WRITE_PHYS_MEM: { KDPACKETMANIPULATE_XFERMEM64 XferMem64; cbCopied = RTSgBufCopyToBuf(pSgBuf, &XferMem64, sizeof(XferMem64)); if (cbCopied == sizeof(XferMem64)) { Log3((" u64PtrTarget: %RX64\n" " cbXferReq: %RX32\n" " cbXfered: %RX32\n", XferMem64.u64PtrTarget, XferMem64.cbXferReq, XferMem64.cbXfered)); } else Log3((" Payload to small, expected %u, got %zu\n", sizeof(XferMem64), cbCopied)); break; } case KD_PACKET_MANIPULATE_REQ_RESTORE_BKPT: { KDPACKETMANIPULATE_RESTOREBKPT64 RestoreBkpt64; cbCopied = RTSgBufCopyToBuf(pSgBuf, &RestoreBkpt64, sizeof(RestoreBkpt64)); if (cbCopied == sizeof(RestoreBkpt64)) Log3((" u32HndBkpt: %RX32\n", RestoreBkpt64.u32HndBkpt)); else Log3((" Payload to small, expected %u, got %zu\n", sizeof(RestoreBkpt64), cbCopied)); break; } case KD_PACKET_MANIPULATE_REQ_WRITE_BKPT: { KDPACKETMANIPULATE_WRITEBKPT64 WriteBkpt64; cbCopied = RTSgBufCopyToBuf(pSgBuf, &WriteBkpt64, sizeof(WriteBkpt64)); if (cbCopied == sizeof(WriteBkpt64)) Log3((" u64PtrBkpt: %RX64\n" " u32HndBkpt: %RX32\n", WriteBkpt64.u64PtrBkpt, WriteBkpt64.u32HndBkpt)); else Log3((" Payload to small, expected %u, got %zu\n", sizeof(WriteBkpt64), cbCopied)); break; } case KD_PACKET_MANIPULATE_REQ_CONTINUE: { KDPACKETMANIPULATE_CONTINUE Continue; cbCopied = RTSgBufCopyToBuf(pSgBuf, &Continue, sizeof(Continue)); if (cbCopied == sizeof(Continue)) Log3((" u32NtContSts: %RX32\n", Continue.u32NtContSts)); else Log3((" Payload to small, expected %u, got %zu\n", sizeof(Continue), cbCopied)); break; } case KD_PACKET_MANIPULATE_REQ_CONTINUE2: { KDPACKETMANIPULATE_CONTINUE2 Continue; cbCopied = RTSgBufCopyToBuf(pSgBuf, &Continue, sizeof(Continue)); if (cbCopied == sizeof(Continue)) Log3((" u32NtContSts: %RX32\n" " fTrace: %RX32\n", Continue.u32NtContSts, Continue.fTrace)); else Log3((" Payload to small, expected %u, got %zu\n", sizeof(Continue), cbCopied)); break; } case KD_PACKET_MANIPULATE_REQ_READ_CTRL_SPACE: case KD_PACKET_MANIPULATE_REQ_WRITE_CTRL_SPACE: { KDPACKETMANIPULATE_XFERCTRLSPACE64 XferCtrlSpace64; cbCopied = RTSgBufCopyToBuf(pSgBuf, &XferCtrlSpace64, sizeof(XferCtrlSpace64)); if (cbCopied == sizeof(XferCtrlSpace64)) { Log3((" u64IdXfer: %RX64\n" " cbXferReq: %RX32\n" " cbXfered: %RX32\n", XferCtrlSpace64.u64IdXfer, XferCtrlSpace64.cbXferReq, XferCtrlSpace64.cbXfered)); } else Log3((" Payload to small, expected %u, got %zu\n", sizeof(XferCtrlSpace64), cbCopied)); break; } case KD_PACKET_MANIPULATE_REQ_GET_CONTEXT_EX: { KDPACKETMANIPULATE_CONTEXTEX GetContextEx; cbCopied = RTSgBufCopyToBuf(pSgBuf, &GetContextEx, sizeof(GetContextEx)); if (cbCopied == sizeof(GetContextEx)) { Log3((" offStart: %RX32\n" " cbXferReq: %RX32\n" " cbXfered: %RX32\n", GetContextEx.offStart, GetContextEx.cbXfer, GetContextEx.cbXfered)); } else Log3((" Payload to small, expected %u, got %zu\n", sizeof(GetContextEx), cbCopied)); break; } case KD_PACKET_MANIPULATE_REQ_QUERY_MEMORY: { KDPACKETMANIPULATE_QUERYMEMORY QueryMemory; cbCopied = RTSgBufCopyToBuf(pSgBuf, &QueryMemory, sizeof(QueryMemory)); if (cbCopied == sizeof(QueryMemory)) { Log3((" u64GCPtr: %RX64\n" " u32AddrSpace: %RX32\n" " u32Flags: %RX32\n", QueryMemory.u64GCPtr, QueryMemory.u32AddrSpace, QueryMemory.u32Flags)); } else Log3((" Payload to small, expected %u, got %zu\n", sizeof(QueryMemory), cbCopied)); break; } case KD_PACKET_MANIPULATE_REQ_SEARCH_MEMORY: { KDPACKETMANIPULATE_SEARCHMEMORY SearchMemory; cbCopied = RTSgBufCopyToBuf(pSgBuf, &SearchMemory, sizeof(SearchMemory)); if (cbCopied == sizeof(SearchMemory)) { Log3((" u64GCPtr: %RX64\n" " cbSearch: %RX64\n" " cbPattern: %RX32\n", SearchMemory.u64GCPtr, SearchMemory.cbSearch, SearchMemory.cbPattern)); } else Log3((" Payload to small, expected %u, got %zu\n", sizeof(SearchMemory), cbCopied)); break; } case KD_PACKET_MANIPULATE_REQ_SWITCH_PROCESSOR: default: break; } } else Log3((" MANIPULATE(Header too small, expected %u, got %zu)\n", sizeof(Hdr), cbCopied)); } /** * Dumps the received packet to the debug log. * * @returns VBox status code. * @param pPktHdr The packet header to dump. * @param fRx Flag whether the packet was received (false indicates an outgoing packet). */ static void dbgcKdPktDump(PCKDPACKETHDR pPktHdr, PCRTSGSEG paSegs, uint32_t cSegs, bool fRx) { RTSGBUF SgBuf; RTSgBufInit(&SgBuf, paSegs, cSegs); Log3(("%s KDPKTHDR(%#x, %#x (%s), %u, %#x, %#x)\n", fRx ? "=>" : "<=", pPktHdr->u32Signature, pPktHdr->u16SubType, dbgcKdPktDumpSubTypeToStr(pPktHdr->u16SubType), pPktHdr->cbBody, pPktHdr->idPacket, pPktHdr->u32ChkSum)); switch (pPktHdr->u16SubType) { case KD_PACKET_HDR_SUB_TYPE_STATE_MANIPULATE: dbgcKdPktDumpManipulate(&SgBuf); break; default: break; } } #endif /** * Resets the emulated hardware breakpoint state to a state similar after a reboot. * * @returns nothing. * @param pThis The KD context. */ static void dbgcKdCtxHwBpReset(PKDCTX pThis) { pThis->fSingleStepped = false; for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aHwBp); i++) { PKDCTXHWBP pBp = &pThis->aHwBp[i]; if (pBp->hDbgfBp != NIL_DBGFBP) { int rc = DBGFR3BpClear(pThis->Dbgc.pUVM, pBp->hDbgfBp); AssertRC(rc); } pBp->hDbgfBp = NIL_DBGFBP; pBp->GCPtrBp = 0; pBp->fAcc = 0; pBp->fLen = 0; pBp->fLocal = false; pBp->fGlobal = false; pBp->fTriggered = false; } } /** * Updates the given breakpoint with the given properties. * * @returns VBox status code. * @param pThis The KD context. * @param pBp The breakpoint to update. * @param fAcc Access mode. * @param fLen Access length. * @param fGlobal Global breakpoint. * @param fLocal Local breakpoint. * @param GCPtrBp Linear address of the breakpoint. */ static int dbgcKdCtxHwBpUpdate(PKDCTX pThis, PKDCTXHWBP pBp, uint8_t fAcc, uint8_t fLen, bool fGlobal, bool fLocal, RTGCPTR GCPtrBp) { int rc = VINF_SUCCESS; /* Did anything actually change?. */ if ( pBp->fAcc != fAcc || pBp->fLen != fLen || pBp->fGlobal != fGlobal || pBp->fLocal != fLocal || pBp->GCPtrBp != GCPtrBp) { /* Clear the old breakpoint. */ if (pBp->hDbgfBp != NIL_DBGFBP) { rc = DBGFR3BpClear(pThis->Dbgc.pUVM, pBp->hDbgfBp); AssertRC(rc); pBp->hDbgfBp = NIL_DBGFBP; } pBp->fAcc = fAcc; pBp->fLen = fLen; pBp->fGlobal = fGlobal; pBp->fLocal = fLocal; pBp->GCPtrBp = GCPtrBp; if (pBp->fGlobal || pBp->fLocal) { DBGFADDRESS AddrBp; DBGFR3AddrFromFlat(pThis->Dbgc.pUVM, &AddrBp, GCPtrBp); uint8_t cb = 0; switch (pBp->fLen) { case X86_DR7_LEN_BYTE: cb = 1; break; case X86_DR7_LEN_WORD: cb = 2; break; case X86_DR7_LEN_DWORD: cb = 4; break; case X86_DR7_LEN_QWORD: cb = 8; break; default: AssertFailed(); return VERR_NET_PROTOCOL_ERROR; } rc = DBGFR3BpSetReg(pThis->Dbgc.pUVM, &AddrBp, 0 /*iHitTrigger*/, UINT64_MAX /*iHitDisable*/, pBp->fAcc, cb, &pBp->hDbgfBp); } } return rc; } /** * Updates emulated hardware breakpoints based on the written DR7 value. * * @returns VBox status code. * @param pThis The KD context. * @param uDr7 The DR7 value which is written. */ static int dbgcKdCtxHwBpDr7Update(PKDCTX pThis, uint32_t uDr7) { int rc = VINF_SUCCESS; for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aHwBp); i++) { PKDCTXHWBP pBp = &pThis->aHwBp[i]; uint8_t fAcc = X86_DR7_GET_RW(uDr7, i); uint8_t fLen = X86_DR7_GET_LEN(uDr7, i); bool fGlobal = (uDr7 & RT_BIT_32(1 + i * 2)) ? true : false; bool fLocal = (uDr7 & RT_BIT_32(i * 2)) ? true : false; int rc2 = dbgcKdCtxHwBpUpdate(pThis, pBp, fAcc, fLen, fGlobal, fLocal, pThis->aHwBp[i].GCPtrBp); if ( RT_FAILURE(rc2) && RT_SUCCESS(rc)) rc = rc2; } return rc; } /** * Updates the linear guest pointer for the given hardware breakpoint. * * @returns VBox status code. * @param pThis The KD context. * @param pBp The breakpoint to update. * @param GCPtrBp The linear breakpoint address. */ DECLINLINE(int) dbgcKdCtxHwBpGCPtrUpdate(PKDCTX pThis, PKDCTXHWBP pBp, RTGCPTR GCPtrBp) { return dbgcKdCtxHwBpUpdate(pThis, pBp, pBp->fAcc, pBp->fLen, pBp->fGlobal, pBp->fLocal, GCPtrBp); } /** * Calculates the DR7 value based on the emulated hardware breakpoint state and returns it. * * @returns The emulated DR7 value. * @param pThis The KD context. */ static uint32_t dbgcKdCtxHwBpDr7Get(PKDCTX pThis) { uint32_t uDr7 = 0; uDr7 |= X86_DR7_RW(0, pThis->aHwBp[0].fAcc); uDr7 |= X86_DR7_RW(1, pThis->aHwBp[1].fAcc); uDr7 |= X86_DR7_RW(2, pThis->aHwBp[2].fAcc); uDr7 |= X86_DR7_RW(3, pThis->aHwBp[3].fAcc); uDr7 |= X86_DR7_LEN(0, pThis->aHwBp[0].fLen); uDr7 |= X86_DR7_LEN(1, pThis->aHwBp[1].fLen); uDr7 |= X86_DR7_LEN(2, pThis->aHwBp[2].fLen); uDr7 |= X86_DR7_LEN(3, pThis->aHwBp[3].fLen); uDr7 |= pThis->aHwBp[0].fGlobal ? X86_DR7_G(0) : 0; uDr7 |= pThis->aHwBp[1].fGlobal ? X86_DR7_G(1) : 0; uDr7 |= pThis->aHwBp[2].fGlobal ? X86_DR7_G(2) : 0; uDr7 |= pThis->aHwBp[3].fGlobal ? X86_DR7_G(3) : 0; uDr7 |= pThis->aHwBp[0].fLocal ? X86_DR7_L(0) : 0; uDr7 |= pThis->aHwBp[1].fLocal ? X86_DR7_L(1) : 0; uDr7 |= pThis->aHwBp[2].fLocal ? X86_DR7_L(2) : 0; uDr7 |= pThis->aHwBp[3].fLocal ? X86_DR7_L(3) : 0; return uDr7; } /** * Updates emulated hardware breakpoints based on the written DR6 value. * * @returns nothing. * @param pThis The KD context. * @param uDr6 The DR7 value which is written. */ static void dbgcKdCtxHwBpDr6Update(PKDCTX pThis, uint32_t uDr6) { pThis->aHwBp[0].fTriggered = (uDr6 & X86_DR6_B0) ? true : false; pThis->aHwBp[1].fTriggered = (uDr6 & X86_DR6_B1) ? true : false; pThis->aHwBp[2].fTriggered = (uDr6 & X86_DR6_B2) ? true : false; pThis->aHwBp[3].fTriggered = (uDr6 & X86_DR6_B3) ? true : false; pThis->fSingleStepped = (uDr6 & X86_DR6_BS) ? true : false; } /** * Calculates the DR6 value based on the emulated hardware breakpoint state and returns it. * * @returns The emulated DR6 value. * @param pThis The KD context. */ static uint32_t dbgcKdCtxHwBpDr6Get(PKDCTX pThis) { uint32_t uDr6 = 0; if (pThis->aHwBp[0].fTriggered) uDr6 |= X86_DR6_B0; if (pThis->aHwBp[1].fTriggered) uDr6 |= X86_DR6_B1; if (pThis->aHwBp[2].fTriggered) uDr6 |= X86_DR6_B2; if (pThis->aHwBp[3].fTriggered) uDr6 |= X86_DR6_B3; if (pThis->fSingleStepped) uDr6 |= X86_DR6_BS; return uDr6; } /** * Wrapper for the I/O interface write callback. * * @returns Status code. * @param pThis The KD context. * @param pvPkt The packet data to send. * @param cbPkt Size of the packet in bytes. */ DECLINLINE(int) dbgcKdCtxWrite(PKDCTX pThis, const void *pvPkt, size_t cbPkt) { return pThis->Dbgc.pIo->pfnWrite(pThis->Dbgc.pIo, pvPkt, cbPkt, NULL /*pcbWritten*/); } /** * Fills in the given 64bit NT context structure with the requested values. * * @returns VBox status code. * @param pThis The KD context. * @param idCpu The CPU to query the context for. * @param pNtCtx The NT context structure to fill in. * @param fCtxFlags Combination of NTCONTEXT_F_XXX determining what to fill in. */ static int dbgcKdCtxQueryNtCtx64(PKDCTX pThis, VMCPUID idCpu, PNTCONTEXT64 pNtCtx, uint32_t fCtxFlags) { RT_BZERO(pNtCtx, sizeof(*pNtCtx)); pNtCtx->fContext = NTCONTEXT_F_AMD64; int rc = DBGFR3RegCpuQueryU32(pThis->Dbgc.pUVM, idCpu, DBGFREG_MXCSR, &pNtCtx->u32RegMxCsr); if ( RT_SUCCESS(rc) && fCtxFlags & NTCONTEXT_F_CONTROL) { rc = DBGFR3RegCpuQueryU16(pThis->Dbgc.pUVM, idCpu, DBGFREG_CS, &pNtCtx->u16SegCs); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU16(pThis->Dbgc.pUVM, idCpu, DBGFREG_SS, &pNtCtx->u16SegSs); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU64(pThis->Dbgc.pUVM, idCpu, DBGFREG_RIP, &pNtCtx->u64RegRip); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU64(pThis->Dbgc.pUVM, idCpu, DBGFREG_RSP, &pNtCtx->u64RegRsp); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU64(pThis->Dbgc.pUVM, idCpu, DBGFREG_RBP, &pNtCtx->u64RegRbp); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU32(pThis->Dbgc.pUVM, idCpu, DBGFREG_EFLAGS, &pNtCtx->u32RegEflags); if (RT_SUCCESS(rc)) pNtCtx->fContext |= NTCONTEXT_F_CONTROL; } if ( RT_SUCCESS(rc) && fCtxFlags & NTCONTEXT_F_INTEGER) { rc = DBGFR3RegCpuQueryU64(pThis->Dbgc.pUVM, idCpu, DBGFREG_RAX, &pNtCtx->u64RegRax); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU64(pThis->Dbgc.pUVM, idCpu, DBGFREG_RCX, &pNtCtx->u64RegRcx); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU64(pThis->Dbgc.pUVM, idCpu, DBGFREG_RDX, &pNtCtx->u64RegRdx); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU64(pThis->Dbgc.pUVM, idCpu, DBGFREG_RBX, &pNtCtx->u64RegRbx); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU64(pThis->Dbgc.pUVM, idCpu, DBGFREG_RSI, &pNtCtx->u64RegRsi); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU64(pThis->Dbgc.pUVM, idCpu, DBGFREG_RDI, &pNtCtx->u64RegRdi); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU64(pThis->Dbgc.pUVM, idCpu, DBGFREG_R8, &pNtCtx->u64RegR8); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU64(pThis->Dbgc.pUVM, idCpu, DBGFREG_R9, &pNtCtx->u64RegR9); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU64(pThis->Dbgc.pUVM, idCpu, DBGFREG_R10, &pNtCtx->u64RegR10); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU64(pThis->Dbgc.pUVM, idCpu, DBGFREG_R11, &pNtCtx->u64RegR11); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU64(pThis->Dbgc.pUVM, idCpu, DBGFREG_R12, &pNtCtx->u64RegR12); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU64(pThis->Dbgc.pUVM, idCpu, DBGFREG_R13, &pNtCtx->u64RegR13); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU64(pThis->Dbgc.pUVM, idCpu, DBGFREG_R14, &pNtCtx->u64RegR14); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU64(pThis->Dbgc.pUVM, idCpu, DBGFREG_R15, &pNtCtx->u64RegR15); if (RT_SUCCESS(rc)) pNtCtx->fContext |= NTCONTEXT_F_INTEGER; } if ( RT_SUCCESS(rc) && fCtxFlags & NTCONTEXT_F_SEGMENTS) { rc = DBGFR3RegCpuQueryU16(pThis->Dbgc.pUVM, idCpu, DBGFREG_DS, &pNtCtx->u16SegDs); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU16(pThis->Dbgc.pUVM, idCpu, DBGFREG_ES, &pNtCtx->u16SegEs); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU16(pThis->Dbgc.pUVM, idCpu, DBGFREG_FS, &pNtCtx->u16SegFs); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU16(pThis->Dbgc.pUVM, idCpu, DBGFREG_GS, &pNtCtx->u16SegGs); if (RT_SUCCESS(rc)) pNtCtx->fContext |= NTCONTEXT_F_SEGMENTS; } if ( RT_SUCCESS(rc) && fCtxFlags & NTCONTEXT_F_FLOATING_POINT) { /** @todo NTCONTEXT_F_FLOATING_POINT. */ } if ( RT_SUCCESS(rc) && fCtxFlags & NTCONTEXT_F_DEBUG) { /** @todo NTCONTEXT_F_DEBUG */ } return rc; } /** * Fills in the given 32bit NT context structure with the requested values. * * @returns VBox status code. * @param pThis The KD context. * @param idCpu The CPU to query the context for. * @param pNtCtx The NT context structure to fill in. * @param fCtxFlags Combination of NTCONTEXT_F_XXX determining what to fill in. */ static int dbgcKdCtxQueryNtCtx32(PKDCTX pThis, VMCPUID idCpu, PNTCONTEXT32 pNtCtx, uint32_t fCtxFlags) { RT_BZERO(pNtCtx, sizeof(*pNtCtx)); pNtCtx->fContext = NTCONTEXT_F_X86; int rc = VINF_SUCCESS; if (fCtxFlags & NTCONTEXT_F_CONTROL) { rc = DBGFR3RegCpuQueryU32(pThis->Dbgc.pUVM, idCpu, DBGFREG_CS, &pNtCtx->u32SegCs); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU32(pThis->Dbgc.pUVM, idCpu, DBGFREG_SS, &pNtCtx->u32SegSs); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU32(pThis->Dbgc.pUVM, idCpu, DBGFREG_EIP, &pNtCtx->u32RegEip); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU32(pThis->Dbgc.pUVM, idCpu, DBGFREG_ESP, &pNtCtx->u32RegEsp); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU32(pThis->Dbgc.pUVM, idCpu, DBGFREG_EBP, &pNtCtx->u32RegEbp); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU32(pThis->Dbgc.pUVM, idCpu, DBGFREG_EFLAGS, &pNtCtx->u32RegEflags); if (RT_SUCCESS(rc)) pNtCtx->fContext |= NTCONTEXT_F_CONTROL; } if ( RT_SUCCESS(rc) && fCtxFlags & NTCONTEXT_F_INTEGER) { rc = DBGFR3RegCpuQueryU32(pThis->Dbgc.pUVM, idCpu, DBGFREG_EAX, &pNtCtx->u32RegEax); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU32(pThis->Dbgc.pUVM, idCpu, DBGFREG_ECX, &pNtCtx->u32RegEcx); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU32(pThis->Dbgc.pUVM, idCpu, DBGFREG_EDX, &pNtCtx->u32RegEdx); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU32(pThis->Dbgc.pUVM, idCpu, DBGFREG_EBX, &pNtCtx->u32RegEbx); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU32(pThis->Dbgc.pUVM, idCpu, DBGFREG_ESI, &pNtCtx->u32RegEsi); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU32(pThis->Dbgc.pUVM, idCpu, DBGFREG_EDI, &pNtCtx->u32RegEdi); if (RT_SUCCESS(rc)) pNtCtx->fContext |= NTCONTEXT_F_INTEGER; } if ( RT_SUCCESS(rc) && fCtxFlags & NTCONTEXT_F_SEGMENTS) { rc = DBGFR3RegCpuQueryU32(pThis->Dbgc.pUVM, idCpu, DBGFREG_DS, &pNtCtx->u32SegDs); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU32(pThis->Dbgc.pUVM, idCpu, DBGFREG_ES, &pNtCtx->u32SegEs); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU32(pThis->Dbgc.pUVM, idCpu, DBGFREG_FS, &pNtCtx->u32SegFs); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU32(pThis->Dbgc.pUVM, idCpu, DBGFREG_GS, &pNtCtx->u32SegGs); if (RT_SUCCESS(rc)) pNtCtx->fContext |= NTCONTEXT_F_SEGMENTS; } if ( RT_SUCCESS(rc) && fCtxFlags & NTCONTEXT_F_FLOATING_POINT) { /** @todo NTCONTEXT_F_FLOATING_POINT. */ } if ( RT_SUCCESS(rc) && fCtxFlags & NTCONTEXT_F_DEBUG) { rc = DBGFR3RegCpuQueryU32(pThis->Dbgc.pUVM, idCpu, DBGFREG_DR0, &pNtCtx->u32RegDr0); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU32(pThis->Dbgc.pUVM, idCpu, DBGFREG_DR1, &pNtCtx->u32RegDr1); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU32(pThis->Dbgc.pUVM, idCpu, DBGFREG_DR3, &pNtCtx->u32RegDr3); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU32(pThis->Dbgc.pUVM, idCpu, DBGFREG_DR6, &pNtCtx->u32RegDr6); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU32(pThis->Dbgc.pUVM, idCpu, DBGFREG_DR7, &pNtCtx->u32RegDr7); if (RT_SUCCESS(rc)) pNtCtx->fContext |= NTCONTEXT_F_DEBUG; } return rc; } #define KD_REG_INIT(a_pszName, a_enmType, a_ValMember, a_Val) \ do \ { \ aRegsSet[idxReg].pszName = a_pszName; \ aRegsSet[idxReg].enmType = a_enmType; \ aRegsSet[idxReg].Val.a_ValMember = a_Val; \ idxReg++; \ } while (0) #define KD_REG_INIT_DTR(a_pszName, a_Base, a_Limit) \ do \ { \ aRegsSet[idxReg].pszName = a_pszName; \ aRegsSet[idxReg].enmType = DBGFREGVALTYPE_DTR; \ aRegsSet[idxReg].Val.dtr.u64Base = a_Base; \ aRegsSet[idxReg].Val.dtr.u32Limit = a_Limit; \ idxReg++; \ } while (0) #define KD_REG_INIT_U16(a_pszName, a_Val) KD_REG_INIT(a_pszName, DBGFREGVALTYPE_U16, u16, a_Val) #define KD_REG_INIT_U32(a_pszName, a_Val) KD_REG_INIT(a_pszName, DBGFREGVALTYPE_U32, u32, a_Val) #define KD_REG_INIT_U64(a_pszName, a_Val) KD_REG_INIT(a_pszName, DBGFREGVALTYPE_U64, u64, a_Val) /** * Writes the indicated values from the given context structure to the guests register set. * * @returns VBox status code. * @param pThis The KD context. * @param idCpu The CPU to query the context for. * @param pNtCtx The NT context structure to set. * @param fCtxFlags Combination of NTCONTEXT_F_XXX determining what to set. */ static int dbgcKdCtxSetNtCtx64(PKDCTX pThis, VMCPUID idCpu, PCNTCONTEXT64 pNtCtx, uint32_t fCtxFlags) { uint32_t idxReg = 0; DBGFREGENTRYNM aRegsSet[64]; /** @todo Verify that this is enough when fully implemented. */ KD_REG_INIT_U32("mxcsr", pNtCtx->u32RegMxCsr); if (fCtxFlags & NTCONTEXT_F_CONTROL) { #if 0 /** @todo CPUM returns VERR_NOT_IMPLEMENTED */ KD_REG_INIT_U16("cs", pNtCtx->u16SegCs); KD_REG_INIT_U16("ss", pNtCtx->u16SegSs); #endif KD_REG_INIT_U64("rip", pNtCtx->u64RegRip); KD_REG_INIT_U64("rsp", pNtCtx->u64RegRsp); KD_REG_INIT_U64("rbp", pNtCtx->u64RegRbp); KD_REG_INIT_U32("rflags", pNtCtx->u32RegEflags); } if (fCtxFlags & NTCONTEXT_F_INTEGER) { KD_REG_INIT_U64("rax", pNtCtx->u64RegRax); KD_REG_INIT_U64("rcx", pNtCtx->u64RegRcx); KD_REG_INIT_U64("rdx", pNtCtx->u64RegRdx); KD_REG_INIT_U64("rbx", pNtCtx->u64RegRbx); KD_REG_INIT_U64("rsi", pNtCtx->u64RegRsi); KD_REG_INIT_U64("rdi", pNtCtx->u64RegRdi); KD_REG_INIT_U64("r8", pNtCtx->u64RegR8); KD_REG_INIT_U64("r9", pNtCtx->u64RegR9); KD_REG_INIT_U64("r10", pNtCtx->u64RegR10); KD_REG_INIT_U64("r11", pNtCtx->u64RegR11); KD_REG_INIT_U64("r12", pNtCtx->u64RegR12); KD_REG_INIT_U64("r13", pNtCtx->u64RegR13); KD_REG_INIT_U64("r14", pNtCtx->u64RegR14); KD_REG_INIT_U64("r15", pNtCtx->u64RegR15); } if (fCtxFlags & NTCONTEXT_F_SEGMENTS) { #if 0 /** @todo CPUM returns VERR_NOT_IMPLEMENTED */ KD_REG_INIT_U16("ds", pNtCtx->u16SegDs); KD_REG_INIT_U16("es", pNtCtx->u16SegEs); KD_REG_INIT_U16("fs", pNtCtx->u16SegFs); KD_REG_INIT_U16("gs", pNtCtx->u16SegGs); #endif } if (fCtxFlags & NTCONTEXT_F_FLOATING_POINT) { /** @todo NTCONTEXT_F_FLOATING_POINT. */ } if (fCtxFlags & NTCONTEXT_F_DEBUG) dbgcKdCtxMsgSend(pThis, true /*fWarning*/, "Setting local DR registers does not work!"); return DBGFR3RegNmSetBatch(pThis->Dbgc.pUVM, idCpu, &aRegsSet[0], idxReg); } /** * Fills in the given 64bit NT kernel context structure with the requested values. * * @returns VBox status code. * @param pThis The KD context. * @param idCpu The CPU to query the context for. * @param pKNtCtx The NT context structure to fill in. * @param fCtxFlags Combination of NTCONTEXT_F_XXX determining what to fill in. */ static int dbgcKdCtxQueryNtKCtx64(PKDCTX pThis, VMCPUID idCpu, PNTKCONTEXT64 pKNtCtx, uint32_t fCtxFlags) { RT_BZERO(pKNtCtx, sizeof(*pKNtCtx)); int rc = DBGFR3RegCpuQueryU64(pThis->Dbgc.pUVM, idCpu, DBGFREG_CR0, &pKNtCtx->u64RegCr0); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU64(pThis->Dbgc.pUVM, idCpu, DBGFREG_CR2, &pKNtCtx->u64RegCr2); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU64(pThis->Dbgc.pUVM, idCpu, DBGFREG_CR3, &pKNtCtx->u64RegCr3); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU64(pThis->Dbgc.pUVM, idCpu, DBGFREG_CR4, &pKNtCtx->u64RegCr4); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU64(pThis->Dbgc.pUVM, idCpu, DBGFREG_CR8, &pKNtCtx->u64RegCr8); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU16(pThis->Dbgc.pUVM, idCpu, DBGFREG_GDTR_LIMIT, &pKNtCtx->Gdtr.u16Limit); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU64(pThis->Dbgc.pUVM, idCpu, DBGFREG_GDTR_BASE, &pKNtCtx->Gdtr.u64PtrBase); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU16(pThis->Dbgc.pUVM, idCpu, DBGFREG_IDTR_LIMIT, &pKNtCtx->Idtr.u16Limit); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU64(pThis->Dbgc.pUVM, idCpu, DBGFREG_IDTR_BASE, &pKNtCtx->Idtr.u64PtrBase); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU16(pThis->Dbgc.pUVM, idCpu, DBGFREG_TR, &pKNtCtx->u16RegTr); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU16(pThis->Dbgc.pUVM, idCpu, DBGFREG_LDTR, &pKNtCtx->u16RegLdtr); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU32(pThis->Dbgc.pUVM, idCpu, DBGFREG_MXCSR, &pKNtCtx->u32RegMxCsr); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU64(pThis->Dbgc.pUVM, idCpu, DBGFREG_MSR_K8_GS_BASE, &pKNtCtx->u64MsrGsBase); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU64(pThis->Dbgc.pUVM, idCpu, DBGFREG_MSR_K8_KERNEL_GS_BASE, &pKNtCtx->u64MsrKernelGsBase); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU64(pThis->Dbgc.pUVM, idCpu, DBGFREG_MSR_K6_STAR, &pKNtCtx->u64MsrStar); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU64(pThis->Dbgc.pUVM, idCpu, DBGFREG_MSR_K8_LSTAR, &pKNtCtx->u64MsrLstar); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU64(pThis->Dbgc.pUVM, idCpu, DBGFREG_MSR_K8_CSTAR, &pKNtCtx->u64MsrCstar); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU64(pThis->Dbgc.pUVM, idCpu, DBGFREG_MSR_K8_SF_MASK, &pKNtCtx->u64MsrSfMask); /** @todo XCR0 */ /* Get the emulated DR register state. */ pKNtCtx->u64RegDr0 = pThis->aHwBp[0].GCPtrBp; pKNtCtx->u64RegDr1 = pThis->aHwBp[1].GCPtrBp; pKNtCtx->u64RegDr2 = pThis->aHwBp[2].GCPtrBp; pKNtCtx->u64RegDr3 = pThis->aHwBp[3].GCPtrBp; pKNtCtx->u64RegDr6 = dbgcKdCtxHwBpDr6Get(pThis); pKNtCtx->u64RegDr7 = dbgcKdCtxHwBpDr7Get(pThis); if (RT_SUCCESS(rc)) rc = dbgcKdCtxQueryNtCtx64(pThis, idCpu, &pKNtCtx->Ctx, fCtxFlags); return rc; } /** * Fills in the given 32bit NT kernel context structure with the requested values. * * @returns VBox status code. * @param pThis The KD context. * @param idCpu The CPU to query the context for. * @param pKNtCtx The NT context structure to fill in. */ static int dbgcKdCtxQueryNtKCtx32(PKDCTX pThis, VMCPUID idCpu, PNTKCONTEXT32 pKNtCtx) { RT_BZERO(pKNtCtx, sizeof(*pKNtCtx)); int rc = DBGFR3RegCpuQueryU32(pThis->Dbgc.pUVM, idCpu, DBGFREG_CR0, &pKNtCtx->u32RegCr0); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU32(pThis->Dbgc.pUVM, idCpu, DBGFREG_CR2, &pKNtCtx->u32RegCr2); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU32(pThis->Dbgc.pUVM, idCpu, DBGFREG_CR3, &pKNtCtx->u32RegCr3); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU32(pThis->Dbgc.pUVM, idCpu, DBGFREG_CR4, &pKNtCtx->u32RegCr4); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU16(pThis->Dbgc.pUVM, idCpu, DBGFREG_GDTR_LIMIT, &pKNtCtx->Gdtr.u16Limit); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU32(pThis->Dbgc.pUVM, idCpu, DBGFREG_GDTR_BASE, &pKNtCtx->Gdtr.u32PtrBase); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU16(pThis->Dbgc.pUVM, idCpu, DBGFREG_IDTR_LIMIT, &pKNtCtx->Idtr.u16Limit); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU32(pThis->Dbgc.pUVM, idCpu, DBGFREG_IDTR_BASE, &pKNtCtx->Idtr.u32PtrBase); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU16(pThis->Dbgc.pUVM, idCpu, DBGFREG_TR, &pKNtCtx->u16RegTr); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU16(pThis->Dbgc.pUVM, idCpu, DBGFREG_LDTR, &pKNtCtx->u16RegLdtr); /* Get the emulated DR register state. */ pKNtCtx->u32RegDr0 = (uint32_t)pThis->aHwBp[0].GCPtrBp; pKNtCtx->u32RegDr1 = (uint32_t)pThis->aHwBp[1].GCPtrBp; pKNtCtx->u32RegDr2 = (uint32_t)pThis->aHwBp[2].GCPtrBp; pKNtCtx->u32RegDr3 = (uint32_t)pThis->aHwBp[3].GCPtrBp; pKNtCtx->u32RegDr6 = dbgcKdCtxHwBpDr6Get(pThis); pKNtCtx->u32RegDr7 = dbgcKdCtxHwBpDr7Get(pThis); return rc; } /** * Fills in the given 64bit NT kernel context structure with the requested values. * * @returns VBox status code. * @param pThis The KD context. * @param idCpu The CPU to query the context for. * @param pKNtCtx The NT context structure to fill in. * @param cbSet How many bytes of the context are valid. */ static int dbgcKdCtxSetNtKCtx64(PKDCTX pThis, VMCPUID idCpu, PCNTKCONTEXT64 pKNtCtx, size_t cbSet) { AssertReturn(cbSet >= RT_UOFFSETOF(NTKCONTEXT64, Ctx), VERR_INVALID_PARAMETER); uint32_t idxReg = 0; DBGFREGENTRYNM aRegsSet[64]; /** @todo Verify that this is enough when fully implemented. */ KD_REG_INIT_U64("cr0", pKNtCtx->u64RegCr0); KD_REG_INIT_U64("cr2", pKNtCtx->u64RegCr2); KD_REG_INIT_U64("cr3", pKNtCtx->u64RegCr3); KD_REG_INIT_U64("cr4", pKNtCtx->u64RegCr4); KD_REG_INIT_U64("cr8", pKNtCtx->u64RegCr8); KD_REG_INIT_DTR("gdtr", pKNtCtx->Gdtr.u64PtrBase, pKNtCtx->Gdtr.u16Limit); KD_REG_INIT_DTR("idtr", pKNtCtx->Idtr.u64PtrBase, pKNtCtx->Idtr.u16Limit); #if 0 /** @todo CPUM returns VERR_NOT_IMPLEMENTED */ KD_REG_INIT_U16("tr", pKNtCtx->u16RegTr); KD_REG_INIT_U16("ldtr", pKNtCtx->u16RegLdtr); #endif KD_REG_INIT_U32("mxcsr", pKNtCtx->u32RegMxCsr); KD_REG_INIT_U64("msr_gs_base", pKNtCtx->u64MsrGsBase); KD_REG_INIT_U64("krnl_gs_base", pKNtCtx->u64MsrKernelGsBase); KD_REG_INIT_U64("star", pKNtCtx->u64MsrStar); KD_REG_INIT_U64("lstar", pKNtCtx->u64MsrLstar); KD_REG_INIT_U64("cstar", pKNtCtx->u64MsrCstar); KD_REG_INIT_U64("sf_mask", pKNtCtx->u64MsrSfMask); int rc = DBGFR3RegNmSetBatch(pThis->Dbgc.pUVM, idCpu, &aRegsSet[0], idxReg); if ( RT_SUCCESS(rc) && cbSet > RT_UOFFSETOF(NTKCONTEXT64, Ctx)) /** @todo Probably wrong. */ rc = dbgcKdCtxSetNtCtx64(pThis, idCpu, &pKNtCtx->Ctx, pKNtCtx->Ctx.fContext); if (RT_SUCCESS(rc)) { /* Update emulated hardware breakpoint state. */ dbgcKdCtxHwBpDr6Update(pThis, (uint32_t)pKNtCtx->u64RegDr6); rc = dbgcKdCtxHwBpDr7Update(pThis, (uint32_t)pKNtCtx->u64RegDr7); if (RT_SUCCESS(rc)) rc = dbgcKdCtxHwBpGCPtrUpdate(pThis, &pThis->aHwBp[0], pKNtCtx->u64RegDr0); if (RT_SUCCESS(rc)) rc = dbgcKdCtxHwBpGCPtrUpdate(pThis, &pThis->aHwBp[1], pKNtCtx->u64RegDr1); if (RT_SUCCESS(rc)) rc = dbgcKdCtxHwBpGCPtrUpdate(pThis, &pThis->aHwBp[2], pKNtCtx->u64RegDr2); if (RT_SUCCESS(rc)) rc = dbgcKdCtxHwBpGCPtrUpdate(pThis, &pThis->aHwBp[3], pKNtCtx->u64RegDr3); } return rc; } #undef KD_REG_INIT_64 #undef KD_REG_INIT_32 #undef KD_REG_INIT_16 #undef KD_REG_INIT_DTR #undef KD_REG_INIT /** * Validates the given KD packet header. * * @returns Flag whether the packet header is valid, false if invalid. * @param pPktHdr The packet header to validate. */ static bool dbgcKdPktHdrValidate(PCKDPACKETHDR pPktHdr) { if ( pPktHdr->u32Signature != KD_PACKET_HDR_SIGNATURE_DATA && pPktHdr->u32Signature != KD_PACKET_HDR_SIGNATURE_CONTROL && pPktHdr->u32Signature != KD_PACKET_HDR_SIGNATURE_BREAKIN) return false; if (pPktHdr->u16SubType >= KD_PACKET_HDR_SUB_TYPE_MAX) return false; uint32_t idPacket = pPktHdr->idPacket & UINT32_C(0xfffffffe); if ( idPacket != KD_PACKET_HDR_ID_INITIAL && idPacket != KD_PACKET_HDR_ID_RESET && idPacket != 0 /* Happens on the very first packet */) return false; return true; } /** * Generates a checksum from the given buffer. * * @returns Generated checksum. * @param pv The data to generate a checksum from. * @param cb Number of bytes to checksum. */ static uint32_t dbgcKdPktChkSumGen(const void *pv, size_t cb) { const uint8_t *pb = (const uint8_t *)pv; uint32_t u32ChkSum = 0; while (cb--) u32ChkSum += *pb++; return u32ChkSum; } /** * Generates a checksum from the given segments. * * @returns Generated checksum. * @param paSegs Pointer to the array of segments containing the data. * @param cSegs Number of segments. * @param pcbChkSum Where to store the number of bytes checksummed, optional. */ static uint32_t dbgcKdPktChkSumGenSg(PCRTSGSEG paSegs, uint32_t cSegs, size_t *pcbChkSum) { size_t cbChkSum = 0; uint32_t u32ChkSum = 0; for (uint32_t i = 0; i < cSegs; i++) { u32ChkSum += dbgcKdPktChkSumGen(paSegs[i].pvSeg, paSegs[i].cbSeg); cbChkSum += paSegs[i].cbSeg; } if (pcbChkSum) *pcbChkSum = cbChkSum; return u32ChkSum; } /** * Waits for an acknowledgment. * * @returns VBox status code. * @param pThis The KD context. * @param msWait Maximum number of milliseconds to wait for an acknowledge. * @param pfResend Where to store the resend requested flag on success. */ static int dbgcKdCtxPktWaitForAck(PKDCTX pThis, RTMSINTERVAL msWait, bool *pfResend) { KDPACKETHDR PktAck; uint8_t *pbCur = (uint8_t *)&PktAck; size_t cbLeft = sizeof(PktAck); uint64_t tsStartMs = RTTimeMilliTS(); int rc = VINF_SUCCESS; LogFlowFunc(("pThis=%p msWait=%u pfResend=%p\n", pThis, msWait, pfResend)); RT_ZERO(PktAck); /* There might be breakin packets in the queue, read until we get something else. */ while ( msWait && RT_SUCCESS(rc)) { if (pThis->Dbgc.pIo->pfnInput(pThis->Dbgc.pIo, msWait)) { size_t cbRead = 0; rc = pThis->Dbgc.pIo->pfnRead(pThis->Dbgc.pIo, pbCur, 1, &cbRead); if ( RT_SUCCESS(rc) && cbRead == 1) { uint64_t tsSpanMs = RTTimeMilliTS() - tsStartMs; msWait -= RT_MIN(msWait, tsSpanMs); tsStartMs = RTTimeMilliTS(); if (*pbCur == KD_PACKET_HDR_SIGNATURE_BREAKIN_BYTE) pThis->fBreakinRecv = true; else { pbCur++; cbLeft--; break; } } } else rc = VERR_TIMEOUT; } if ( RT_SUCCESS(rc) && !msWait) rc = VERR_TIMEOUT; if (RT_SUCCESS(rc)) { while ( msWait && RT_SUCCESS(rc) && cbLeft) { if (pThis->Dbgc.pIo->pfnInput(pThis->Dbgc.pIo, msWait)) { size_t cbRead = 0; rc = pThis->Dbgc.pIo->pfnRead(pThis->Dbgc.pIo, pbCur, cbLeft, &cbRead); if (RT_SUCCESS(rc)) { uint64_t tsSpanMs = RTTimeMilliTS() - tsStartMs; msWait -= RT_MIN(msWait, tsSpanMs); tsStartMs = RTTimeMilliTS(); cbLeft -= cbRead; pbCur += cbRead; } } else rc = VERR_TIMEOUT; } if (RT_SUCCESS(rc)) { if (PktAck.u32Signature == KD_PACKET_HDR_SIGNATURE_CONTROL) { if (PktAck.u16SubType == KD_PACKET_HDR_SUB_TYPE_ACKNOWLEDGE) rc = VINF_SUCCESS; else if (PktAck.u16SubType == KD_PACKET_HDR_SUB_TYPE_RESEND) { *pfResend = true; rc = VINF_SUCCESS; } else rc = VERR_NET_PROTOCOL_ERROR; } else rc = VERR_NET_PROTOCOL_ERROR; } } LogFlowFunc(("returns rc=%Rrc *pfResend=%RTbool\n", rc, *pfResend)); return rc; } /** * Sends the given packet header and optional segmented body (the trailing byte is sent automatically). * * @returns VBox status code. * @param pThis The KD context. * @param u32Signature The signature to send. * @param u16SubType The sub type to send. * @param paSegs Pointer to the array of segments to send in the body, optional. * @param cSegs Number of segments. * @param fAck Flag whether to wait for an acknowledge. */ static int dbgcKdCtxPktSendSg(PKDCTX pThis, uint32_t u32Signature, uint16_t u16SubType, PCRTSGSEG paSegs, uint32_t cSegs, bool fAck) { int rc = VINF_SUCCESS; uint32_t cRetriesLeft = 3; uint8_t bTrailer = KD_PACKET_TRAILING_BYTE; KDPACKETHDR Hdr; size_t cbChkSum = 0; uint32_t u32ChkSum = dbgcKdPktChkSumGenSg(paSegs, cSegs, &cbChkSum); Hdr.u32Signature = u32Signature; Hdr.u16SubType = u16SubType; Hdr.cbBody = (uint16_t)cbChkSum; Hdr.idPacket = pThis->idPktNext; Hdr.u32ChkSum = u32ChkSum; #ifdef LOG_ENABLED dbgcKdPktDump(&Hdr, paSegs, cSegs, false /*fRx*/); #endif while (cRetriesLeft--) { bool fResend = false; rc = dbgcKdCtxWrite(pThis, &Hdr, sizeof(Hdr)); if ( RT_SUCCESS(rc) && paSegs && cSegs) { for (uint32_t i = 0; i < cSegs && RT_SUCCESS(rc); i++) rc = dbgcKdCtxWrite(pThis, paSegs[i].pvSeg, paSegs[i].cbSeg); if (RT_SUCCESS(rc)) rc = dbgcKdCtxWrite(pThis, &bTrailer, sizeof(bTrailer)); } if (RT_SUCCESS(rc)) { if (fAck) rc = dbgcKdCtxPktWaitForAck(pThis, 10 * 1000, &fResend); if ( RT_SUCCESS(rc) && !fResend) break; } } return rc; } /** * Sends the given packet header and optional body (the trailing byte is sent automatically). * * @returns VBox status code. * @param pThis The KD context. * @param u32Signature The signature to send. * @param u16SubType The sub type to send. * @param pvBody The body to send, optional. * @param cbBody Body size in bytes. * @param fAck Flag whether to wait for an acknowledge. */ DECLINLINE(int) dbgcKdCtxPktSend(PKDCTX pThis, uint32_t u32Signature, uint16_t u16SubType, const void *pvBody, size_t cbBody, bool fAck) { RTSGSEG Seg; Seg.pvSeg = (void *)pvBody; Seg.cbSeg = cbBody; return dbgcKdCtxPktSendSg(pThis, u32Signature, u16SubType, cbBody ? &Seg : NULL, cbBody ? 1 : 0, fAck); } /** * Sends a resend packet answer. * * @returns VBox status code. * @param pThis The KD context. */ DECLINLINE(int) dbgcKdCtxPktSendResend(PKDCTX pThis) { return dbgcKdCtxPktSend(pThis, KD_PACKET_HDR_SIGNATURE_CONTROL, KD_PACKET_HDR_SUB_TYPE_RESEND, NULL /*pvBody*/, 0 /*cbBody*/, false /*fAck*/); } /** * Sends a resend packet answer. * * @returns VBox status code. * @param pThis The KD context. */ DECLINLINE(int) dbgcKdCtxPktSendReset(PKDCTX pThis) { pThis->idPktNext = KD_PACKET_HDR_ID_INITIAL; return dbgcKdCtxPktSend(pThis, KD_PACKET_HDR_SIGNATURE_CONTROL, KD_PACKET_HDR_SUB_TYPE_RESET, NULL /*pvBody*/, 0 /*cbBody*/, false /*fAck*/); } /** * Sends an acknowledge packet answer. * * @returns VBox status code. * @param pThis The KD context. */ DECLINLINE(int) dbgcKdCtxPktSendAck(PKDCTX pThis) { return dbgcKdCtxPktSend(pThis, KD_PACKET_HDR_SIGNATURE_CONTROL, KD_PACKET_HDR_SUB_TYPE_ACKNOWLEDGE, NULL /*pvBody*/, 0 /*cbBody*/, false /*fAck*/); } /** * Resets the packet receive state machine. * * @returns nothing. * @param pThis The KD context. */ static void dbgcKdCtxPktRecvReset(PKDCTX pThis) { pThis->enmState = KDRECVSTATE_PACKET_HDR_FIRST_BYTE; pThis->pbRecv = &pThis->PktHdr.ab[0]; pThis->cbRecvLeft = sizeof(pThis->PktHdr.ab[0]); pThis->msRecvTimeout = RT_INDEFINITE_WAIT; pThis->tsRecvLast = RTTimeMilliTS(); } /** * Sends a Debug I/O string packet. * * @returns VBox status code. * @param pThis The KD context data. * @param idCpu The CPU ID generating this packet. * @param pachChars The characters to send (ASCII). * @param cbChars Number of characters to send. */ static int dbgcKdCtxDebugIoStrSend(PKDCTX pThis, VMCPUID idCpu, const char *pachChars, size_t cbChars) { KDPACKETDEBUGIO DebugIo; RT_ZERO(DebugIo); /* Fix your damn log strings if this exceeds 4GB... */ if (cbChars != (uint32_t)cbChars) return VERR_BUFFER_OVERFLOW; DebugIo.u32Type = KD_PACKET_DEBUG_IO_STRING; DebugIo.u16CpuLvl = 0x6; DebugIo.idCpu = (uint16_t)idCpu; DebugIo.u.Str.cbStr = (uint32_t)cbChars; RTSGSEG aRespSegs[2]; aRespSegs[0].pvSeg = &DebugIo; aRespSegs[0].cbSeg = sizeof(DebugIo); aRespSegs[1].pvSeg = (void *)pachChars; aRespSegs[1].cbSeg = cbChars; int rc = dbgcKdCtxPktSendSg(pThis, KD_PACKET_HDR_SIGNATURE_DATA, KD_PACKET_HDR_SUB_TYPE_DEBUG_IO, &aRespSegs[0], RT_ELEMENTS(aRespSegs), true /*fAck*/); if (RT_SUCCESS(rc)) pThis->idPktNext ^= 0x1; return rc; } /** * Sends a message to the remotes end. * * @returns nothing. * @param pThis The KD context data. * @param fWarning Flag whether this is a warning or an informational message. * @param pszMsg The message to send. */ static void dbgcKdCtxMsgSend(PKDCTX pThis, bool fWarning, const char *pszMsg) { size_t cchMsg = strlen(pszMsg); KDPACKETDEBUGIO DebugIo; RT_ZERO(DebugIo); DebugIo.u32Type = KD_PACKET_DEBUG_IO_STRING; DebugIo.u16CpuLvl = 0x6; DebugIo.idCpu = 0; RTSGSEG aRespSegs[5]; aRespSegs[0].pvSeg = &DebugIo; aRespSegs[0].cbSeg = sizeof(DebugIo); aRespSegs[1].pvSeg = (void *)"VBoxDbg "; aRespSegs[1].cbSeg = sizeof("VBoxDbg ") - 1; if (fWarning) { aRespSegs[2].pvSeg = (void *)"WARNING "; aRespSegs[2].cbSeg = sizeof("WARNING ") - 1; } else { aRespSegs[2].pvSeg = (void *)"INFO "; aRespSegs[2].cbSeg = sizeof("INFO ") - 1; } aRespSegs[3].pvSeg = (void *)pszMsg; aRespSegs[3].cbSeg = cchMsg; aRespSegs[4].pvSeg = (void *)"\r\n"; aRespSegs[4].cbSeg = 2; DebugIo.u.Str.cbStr = (uint32_t)( aRespSegs[1].cbSeg + aRespSegs[2].cbSeg + aRespSegs[3].cbSeg + aRespSegs[4].cbSeg); int rc = dbgcKdCtxPktSendSg(pThis, KD_PACKET_HDR_SIGNATURE_DATA, KD_PACKET_HDR_SUB_TYPE_DEBUG_IO, &aRespSegs[0], RT_ELEMENTS(aRespSegs), true /*fAck*/); if (RT_SUCCESS(rc)) pThis->idPktNext ^= 0x1; } /** * Queries some user input from the remotes end. * * @returns VBox status code. * @param pThis The KD context data. * @param idCpu The CPU ID generating this packet. * @param pachPrompt The prompt to send (ASCII). * @param cbPrompt Number of characters to send for the prompt. * @param cbResponseMax Maximum size for the response. */ static int dbgcKdCtxDebugIoGetStrSend(PKDCTX pThis, VMCPUID idCpu, const char *pachPrompt, size_t cbPrompt, size_t cbResponseMax) { KDPACKETDEBUGIO DebugIo; RT_ZERO(DebugIo); /* Fix your damn log strings if this exceeds 4GB... */ if ( cbPrompt != (uint32_t)cbPrompt || cbResponseMax != (uint32_t)cbResponseMax) return VERR_BUFFER_OVERFLOW; DebugIo.u32Type = KD_PACKET_DEBUG_IO_GET_STRING; DebugIo.u16CpuLvl = 0x6; DebugIo.idCpu = (uint16_t)idCpu; DebugIo.u.Prompt.cbPrompt = (uint32_t)cbPrompt; DebugIo.u.Prompt.cbReturn = (uint32_t)cbResponseMax; RTSGSEG aRespSegs[2]; aRespSegs[0].pvSeg = &DebugIo; aRespSegs[0].cbSeg = sizeof(DebugIo); aRespSegs[1].pvSeg = (void *)pachPrompt; aRespSegs[1].cbSeg = cbPrompt; int rc = dbgcKdCtxPktSendSg(pThis, KD_PACKET_HDR_SIGNATURE_DATA, KD_PACKET_HDR_SUB_TYPE_DEBUG_IO, &aRespSegs[0], RT_ELEMENTS(aRespSegs), true /*fAck*/); if (RT_SUCCESS(rc)) pThis->idPktNext ^= 0x1; return rc; } /** * Sends a state change event packet. * * @returns VBox status code. * @param pThis The KD context data. * @param enmType The event type. */ static int dbgcKdCtxStateChangeSend(PKDCTX pThis, DBGFEVENTTYPE enmType) { LogFlowFunc(("pThis=%p enmType=%u\n", pThis, enmType)); /* Select the record to send based on the CPU mode. */ int rc = VINF_SUCCESS; KDPACKETSTATECHANGE64 StateChange64; RT_ZERO(StateChange64); StateChange64.u32StateNew = KD_PACKET_STATE_CHANGE_EXCEPTION; StateChange64.u16CpuLvl = 0x6; /** @todo Figure this one out. */ StateChange64.idCpu = pThis->Dbgc.idCpu; StateChange64.cCpus = (uint16_t)DBGFR3CpuGetCount(pThis->Dbgc.pUVM); rc = DBGFR3RegCpuQueryU64(pThis->Dbgc.pUVM, pThis->Dbgc.idCpu, DBGFREG_RIP, &StateChange64.u64RipThread); if (RT_SUCCESS(rc)) { DBGFADDRESS AddrRip; DBGFR3AddrFromFlat(pThis->Dbgc.pUVM, &AddrRip, StateChange64.u64RipThread); StateChange64.u64RipThread = KD_PTR_CREATE(pThis, StateChange64.u64RipThread); /** @todo Properly fill in the exception record. */ switch (enmType) { case DBGFEVENT_HALT_DONE: case DBGFEVENT_BREAKPOINT: case DBGFEVENT_BREAKPOINT_IO: case DBGFEVENT_BREAKPOINT_MMIO: case DBGFEVENT_BREAKPOINT_HYPER: StateChange64.u.Exception.ExcpRec.u32ExcpCode = KD_PACKET_EXCP_CODE_BKPT; break; case DBGFEVENT_STEPPED: case DBGFEVENT_STEPPED_HYPER: pThis->fSingleStepped = true; /* For emulation of DR6. */ StateChange64.u.Exception.ExcpRec.u32ExcpCode = KD_PACKET_EXCP_CODE_SINGLE_STEP; break; default: AssertMsgFailed(("Invalid DBGF event type for state change %d!\n", enmType)); } StateChange64.u.Exception.ExcpRec.cExcpParms = 3; StateChange64.u.Exception.u32FirstChance = 0x1; /** @todo Properly fill in the control report. */ rc = DBGFR3RegCpuQueryU64(pThis->Dbgc.pUVM, pThis->Dbgc.idCpu, DBGFREG_DR6, &StateChange64.uCtrlReport.Amd64.u64RegDr6); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU64(pThis->Dbgc.pUVM, pThis->Dbgc.idCpu, DBGFREG_DR7, &StateChange64.uCtrlReport.Amd64.u64RegDr7); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU32(pThis->Dbgc.pUVM, pThis->Dbgc.idCpu, DBGFREG_RFLAGS, &StateChange64.uCtrlReport.Amd64.u32RegEflags); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU16(pThis->Dbgc.pUVM, pThis->Dbgc.idCpu, DBGFREG_CS, &StateChange64.uCtrlReport.Amd64.u16SegCs); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU16(pThis->Dbgc.pUVM, pThis->Dbgc.idCpu, DBGFREG_DS, &StateChange64.uCtrlReport.Amd64.u16SegDs); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU16(pThis->Dbgc.pUVM, pThis->Dbgc.idCpu, DBGFREG_ES, &StateChange64.uCtrlReport.Amd64.u16SegEs); if (RT_SUCCESS(rc)) rc = DBGFR3RegCpuQueryU16(pThis->Dbgc.pUVM, pThis->Dbgc.idCpu, DBGFREG_FS, &StateChange64.uCtrlReport.Amd64.u16SegFs); /* Read instruction bytes. */ StateChange64.uCtrlReport.Amd64.cbInsnStream = sizeof(StateChange64.uCtrlReport.Amd64.abInsn); rc = DBGFR3MemRead(pThis->Dbgc.pUVM, pThis->Dbgc.idCpu, &AddrRip, &StateChange64.uCtrlReport.Amd64.abInsn[0], StateChange64.uCtrlReport.Amd64.cbInsnStream); if (RT_SUCCESS(rc)) { pThis->idPktNext = KD_PACKET_HDR_ID_INITIAL; rc = dbgcKdCtxPktSend(pThis, KD_PACKET_HDR_SIGNATURE_DATA, KD_PACKET_HDR_SUB_TYPE_STATE_CHANGE64, &StateChange64, sizeof(StateChange64), false /*fAck*/); } } LogFlowFunc(("returns %Rrc\n", rc)); return rc; } /** * Processes a get version 64 request. * * @returns VBox status code. * @param pThis The KD context. * @param pPktManip The manipulate packet request. */ static int dbgcKdCtxPktManipulate64GetVersion(PKDCTX pThis, PCKDPACKETMANIPULATE64 pPktManip) { KDPACKETMANIPULATE64 Resp; RT_ZERO(Resp); /* Fill in the generic part. */ Resp.Hdr.idReq = KD_PACKET_MANIPULATE_REQ_GET_VERSION; Resp.Hdr.u16CpuLvl = pPktManip->Hdr.u16CpuLvl; Resp.Hdr.idCpu = pPktManip->Hdr.idCpu; Resp.Hdr.u32NtStatus = NTSTATUS_SUCCESS; /* Build our own response in case there is no Windows interface available. */ uint32_t NtBuildNumber = 0x0f2800; /* Used when there is no NT interface available, which probably breaks symbol loading. */ bool f32Bit = false; if (pThis->pIfWinNt) { int rc = pThis->pIfWinNt->pfnQueryVersion(pThis->pIfWinNt, pThis->Dbgc.pUVM, VMMR3GetVTable(), NULL /*puVersMajor*/, NULL /*puVersMinor*/, &NtBuildNumber, &f32Bit); if (RT_SUCCESS(rc)) rc = pThis->pIfWinNt->pfnQueryKernelPtrs(pThis->pIfWinNt, pThis->Dbgc.pUVM, VMMR3GetVTable(), &Resp.u.GetVersion.u64PtrKernBase, &Resp.u.GetVersion.u64PtrPsLoadedModuleList); } /* Fill in the request specific part. */ Resp.u.GetVersion.u16VersMaj = NtBuildNumber >> 16; Resp.u.GetVersion.u16VersMin = NtBuildNumber & UINT32_C(0xffff); Resp.u.GetVersion.u8VersProtocol = 0x6; /* From a Windows 10 guest. */ Resp.u.GetVersion.u8VersKdSecondary = pThis->f32Bit ? 0 : 0x2; /* amd64 has a versioned context (0 and 1 are obsolete). */ Resp.u.GetVersion.fFlags = KD_PACKET_MANIPULATE64_GET_VERSION_F_MP; Resp.u.GetVersion.u8MaxPktType = KD_PACKET_HDR_SUB_TYPE_MAX; Resp.u.GetVersion.u8MaxStateChange = KD_PACKET_STATE_CHANGE_MAX - KD_PACKET_STATE_CHANGE_MIN; Resp.u.GetVersion.u8MaxManipulate = KD_PACKET_MANIPULATE_REQ_MAX - KD_PACKET_MANIPULATE_REQ_MIN; Resp.u.GetVersion.u64PtrDebuggerDataList = 0; if (f32Bit) { Resp.u.GetVersion.u16MachineType = IMAGE_FILE_MACHINE_I386; Resp.u.GetVersion.u64PtrKernBase = KD_PTR_CREATE(pThis, Resp.u.GetVersion.u64PtrKernBase); Resp.u.GetVersion.u64PtrPsLoadedModuleList = KD_PTR_CREATE(pThis, Resp.u.GetVersion.u64PtrPsLoadedModuleList); } else { Resp.u.GetVersion.u16MachineType = IMAGE_FILE_MACHINE_AMD64; Resp.u.GetVersion.fFlags |= KD_PACKET_MANIPULATE64_GET_VERSION_F_PTR64; } return dbgcKdCtxPktSend(pThis, KD_PACKET_HDR_SIGNATURE_DATA, KD_PACKET_HDR_SUB_TYPE_STATE_MANIPULATE, &Resp, sizeof(Resp), true /*fAck*/); } /** * Processes a read memory 64 request. * * @returns VBox status code. * @param pThis The KD context. * @param pPktManip The manipulate packet request. */ static int dbgcKdCtxPktManipulate64ReadMem(PKDCTX pThis, PCKDPACKETMANIPULATE64 pPktManip) { KDPACKETMANIPULATEHDR RespHdr; KDPACKETMANIPULATE_XFERMEM64 XferMem64; uint8_t abMem[_4K]; RT_ZERO(RespHdr); RT_ZERO(XferMem64); DBGFADDRESS AddrRead; uint32_t cbRead = RT_MIN(sizeof(abMem), pPktManip->u.XferMem.cbXferReq); if (pPktManip->Hdr.idReq == KD_PACKET_MANIPULATE_REQ_READ_VIRT_MEM) DBGFR3AddrFromFlat(pThis->Dbgc.pUVM, &AddrRead, KD_PTR_GET(pThis, pPktManip->u.XferMem.u64PtrTarget)); else DBGFR3AddrFromPhys(pThis->Dbgc.pUVM, &AddrRead, KD_PTR_GET(pThis, pPktManip->u.XferMem.u64PtrTarget)); RTSGSEG aRespSegs[3]; uint32_t cSegs = 2; /* Gets incremented when read is successful. */ RespHdr.idReq = pPktManip->Hdr.idReq; RespHdr.u16CpuLvl = pPktManip->Hdr.u16CpuLvl; RespHdr.idCpu = pPktManip->Hdr.idCpu; RespHdr.u32NtStatus = NTSTATUS_SUCCESS; XferMem64.u64PtrTarget = pPktManip->u.XferMem.u64PtrTarget; XferMem64.cbXferReq = pPktManip->u.XferMem.cbXferReq; XferMem64.cbXfered = (uint32_t)cbRead; aRespSegs[0].pvSeg = &RespHdr; aRespSegs[0].cbSeg = sizeof(RespHdr); aRespSegs[1].pvSeg = &XferMem64; aRespSegs[1].cbSeg = sizeof(XferMem64); int rc = DBGFR3MemRead(pThis->Dbgc.pUVM, pThis->Dbgc.idCpu, &AddrRead, &abMem[0], cbRead); if (RT_SUCCESS(rc)) { cSegs++; aRespSegs[2].pvSeg = &abMem[0]; aRespSegs[2].cbSeg = cbRead; } else RespHdr.u32NtStatus = NTSTATUS_UNSUCCESSFUL; /** @todo Convert to an appropriate NT status code. */ return dbgcKdCtxPktSendSg(pThis, KD_PACKET_HDR_SIGNATURE_DATA, KD_PACKET_HDR_SUB_TYPE_STATE_MANIPULATE, &aRespSegs[0], cSegs, true /*fAck*/); } /** * Processes a write memory 64 request. * * @returns VBox status code. * @param pThis The KD context. * @param pPktManip The manipulate packet request. */ static int dbgcKdCtxPktManipulate64WriteMem(PKDCTX pThis, PCKDPACKETMANIPULATE64 pPktManip) { KDPACKETMANIPULATEHDR RespHdr; KDPACKETMANIPULATE_XFERMEM64 XferMem64; RT_ZERO(RespHdr); RT_ZERO(XferMem64); DBGFADDRESS AddrWrite; const void *pv = &pThis->abBody[sizeof(*pPktManip)]; /* Data comes directly after the manipulate state body. */ uint32_t cbWrite = RT_MIN(sizeof(pThis->abBody) - sizeof(*pPktManip), pPktManip->u.XferMem.cbXferReq); if (pPktManip->Hdr.idReq == KD_PACKET_MANIPULATE_REQ_WRITE_VIRT_MEM) DBGFR3AddrFromFlat(pThis->Dbgc.pUVM, &AddrWrite, KD_PTR_GET(pThis, pPktManip->u.XferMem.u64PtrTarget)); else DBGFR3AddrFromPhys(pThis->Dbgc.pUVM, &AddrWrite, KD_PTR_GET(pThis, pPktManip->u.XferMem.u64PtrTarget)); RTSGSEG aRespSegs[2]; uint32_t cSegs = 2; RespHdr.idReq = pPktManip->Hdr.idReq; RespHdr.u16CpuLvl = pPktManip->Hdr.u16CpuLvl; RespHdr.idCpu = pPktManip->Hdr.idCpu; RespHdr.u32NtStatus = NTSTATUS_SUCCESS; XferMem64.u64PtrTarget = pPktManip->u.XferMem.u64PtrTarget; XferMem64.cbXferReq = pPktManip->u.XferMem.cbXferReq; XferMem64.cbXfered = (uint32_t)cbWrite; aRespSegs[0].pvSeg = &RespHdr; aRespSegs[0].cbSeg = sizeof(RespHdr); aRespSegs[1].pvSeg = &XferMem64; aRespSegs[1].cbSeg = sizeof(XferMem64); int rc = DBGFR3MemWrite(pThis->Dbgc.pUVM, pThis->Dbgc.idCpu, &AddrWrite, pv, cbWrite); if (RT_FAILURE(rc)) RespHdr.u32NtStatus = NTSTATUS_UNSUCCESSFUL; /** @todo Convert to an appropriate NT status code. */ return dbgcKdCtxPktSendSg(pThis, KD_PACKET_HDR_SIGNATURE_DATA, KD_PACKET_HDR_SUB_TYPE_STATE_MANIPULATE, &aRespSegs[0], cSegs, true /*fAck*/); } /** * Processes a continue request. * * @returns VBox status code. * @param pThis The KD context. * @param pPktManip The manipulate packet request. */ static int dbgcKdCtxPktManipulate64Continue(PKDCTX pThis, PCKDPACKETMANIPULATE64 pPktManip) { RT_NOREF(pPktManip); int rc = VINF_SUCCESS; /* No response, just resume. */ if (DBGFR3IsHalted(pThis->Dbgc.pUVM, VMCPUID_ALL)) rc = DBGFR3Resume(pThis->Dbgc.pUVM, VMCPUID_ALL); return rc; } /** * Processes a continue request. * * @returns VBox status code. * @param pThis The KD context. * @param pPktManip The manipulate packet request. */ static int dbgcKdCtxPktManipulate64Continue2(PKDCTX pThis, PCKDPACKETMANIPULATE64 pPktManip) { int rc = VINF_SUCCESS; /* Update DR7. */ if (pThis->f32Bit) rc = dbgcKdCtxHwBpDr7Update(pThis, pPktManip->u.Continue2.u.x86.u32RegDr7); else rc = dbgcKdCtxHwBpDr7Update(pThis, (uint32_t)pPktManip->u.Continue2.u.amd64.u64RegDr7); /* Resume if not single stepping, the single step will get a state change when the VM stepped. */ if (pPktManip->u.Continue2.fTrace) { PDBGFADDRESS pStackPop = NULL; RTGCPTR cbStackPop = 0; rc = DBGFR3StepEx(pThis->Dbgc.pUVM, pThis->Dbgc.idCpu, DBGF_STEP_F_INTO, NULL, pStackPop, cbStackPop, 1 /*cMaxSteps*/); } else if (DBGFR3IsHalted(pThis->Dbgc.pUVM, VMCPUID_ALL)) rc = DBGFR3Resume(pThis->Dbgc.pUVM, VMCPUID_ALL); return rc; } /** * Processes a set context request. * * @returns VBox status code. * @param pThis The KD context. * @param pPktManip The manipulate packet request. */ static int dbgcKdCtxPktManipulate64SetContext(PKDCTX pThis, PCKDPACKETMANIPULATE64 pPktManip) { KDPACKETMANIPULATEHDR RespHdr; KDPACKETMANIPULATE_SETCONTEXT SetContext; RT_ZERO(RespHdr); RT_ZERO(SetContext); PCNTCONTEXT64 pNtCtx = (PCNTCONTEXT64)&pThis->abBody[sizeof(*pPktManip)]; /* Data comes directly after the manipulate state body. */ RTSGSEG aRespSegs[2]; uint32_t cSegs = 2; RespHdr.idReq = pPktManip->Hdr.idReq; RespHdr.u16CpuLvl = pPktManip->Hdr.u16CpuLvl; RespHdr.idCpu = pPktManip->Hdr.idCpu; RespHdr.u32NtStatus = NTSTATUS_SUCCESS; /** @todo What do these flags mean? Can't be the context state to set because the valid one is * in NTCONTEXT64::fContext (observed with WinDbg). */ SetContext.u32CtxFlags = pPktManip->u.SetContext.u32CtxFlags; aRespSegs[0].pvSeg = &RespHdr; aRespSegs[0].cbSeg = sizeof(RespHdr); aRespSegs[1].pvSeg = &SetContext; aRespSegs[1].cbSeg = sizeof(SetContext); int rc = dbgcKdCtxSetNtCtx64(pThis, pPktManip->Hdr.idCpu, pNtCtx, pNtCtx->fContext); if (RT_FAILURE(rc)) RespHdr.u32NtStatus = NTSTATUS_UNSUCCESSFUL; /** @todo Convert to an appropriate NT status code. */ return dbgcKdCtxPktSendSg(pThis, KD_PACKET_HDR_SIGNATURE_DATA, KD_PACKET_HDR_SUB_TYPE_STATE_MANIPULATE, &aRespSegs[0], cSegs, true /*fAck*/); } /** * Processes a read control space 64 request. * * @returns VBox status code. * @param pThis The KD context. * @param pPktManip The manipulate packet request. */ static int dbgcKdCtxPktManipulate64ReadCtrlSpace(PKDCTX pThis, PCKDPACKETMANIPULATE64 pPktManip) { KDPACKETMANIPULATEHDR RespHdr; KDPACKETMANIPULATE_XFERCTRLSPACE64 XferCtrlSpace64; uint8_t abResp[sizeof(NTKCONTEXT64)]; uint32_t cbData = 0; RT_ZERO(RespHdr); RT_ZERO(XferCtrlSpace64); RT_ZERO(abResp); RTSGSEG aRespSegs[3]; uint32_t cSegs = 2; /* Gets incremented when read is successful. */ RespHdr.idReq = KD_PACKET_MANIPULATE_REQ_READ_CTRL_SPACE; RespHdr.u16CpuLvl = pPktManip->Hdr.u16CpuLvl; RespHdr.idCpu = pPktManip->Hdr.idCpu; RespHdr.u32NtStatus = NTSTATUS_SUCCESS; XferCtrlSpace64.u64IdXfer = pPktManip->u.XferCtrlSpace.u64IdXfer; XferCtrlSpace64.cbXferReq = pPktManip->u.XferCtrlSpace.cbXferReq; aRespSegs[0].pvSeg = &RespHdr; aRespSegs[0].cbSeg = sizeof(RespHdr); aRespSegs[1].pvSeg = &XferCtrlSpace64; aRespSegs[1].cbSeg = sizeof(XferCtrlSpace64); int rc = VINF_SUCCESS; if (pThis->f32Bit) { if (pPktManip->u.XferCtrlSpace.u64IdXfer == sizeof(NTCONTEXT32)) { /* Queries the kernel context. */ rc = dbgcKdCtxQueryNtKCtx32(pThis, RespHdr.idCpu, (PNTKCONTEXT32)&abResp[0]); if (RT_SUCCESS(rc)) cbData = sizeof(NTKCONTEXT32); } } else { switch (pPktManip->u.XferCtrlSpace.u64IdXfer) { case KD_PACKET_MANIPULATE64_CTRL_SPACE_ID_KPCR: { if (pThis->pIfWinNt) { RTGCUINTPTR GCPtrKpcr = 0; rc = pThis->pIfWinNt->pfnQueryKpcrForVCpu(pThis->pIfWinNt, pThis->Dbgc.pUVM, VMMR3GetVTable(), RespHdr.idCpu, &GCPtrKpcr, NULL /*pKpcrb*/); if (RT_SUCCESS(rc)) memcpy(&abResp[0], &GCPtrKpcr, sizeof(GCPtrKpcr)); } cbData = sizeof(RTGCUINTPTR); break; } case KD_PACKET_MANIPULATE64_CTRL_SPACE_ID_KPCRB: { if (pThis->pIfWinNt) { RTGCUINTPTR GCPtrKpcrb = 0; rc = pThis->pIfWinNt->pfnQueryKpcrForVCpu(pThis->pIfWinNt, pThis->Dbgc.pUVM, VMMR3GetVTable(), RespHdr.idCpu, NULL /*pKpcr*/, &GCPtrKpcrb); if (RT_SUCCESS(rc)) memcpy(&abResp[0], &GCPtrKpcrb, sizeof(GCPtrKpcrb)); } cbData = sizeof(RTGCUINTPTR); break; } case KD_PACKET_MANIPULATE64_CTRL_SPACE_ID_KCTX: { rc = dbgcKdCtxQueryNtKCtx64(pThis, RespHdr.idCpu, (PNTKCONTEXT64)&abResp[0], NTCONTEXT64_F_FULL); if (RT_SUCCESS(rc)) cbData = sizeof(NTKCONTEXT64); break; } case KD_PACKET_MANIPULATE64_CTRL_SPACE_ID_KTHRD: { if (pThis->pIfWinNt) { RTGCUINTPTR GCPtrCurThrd = 0; rc = pThis->pIfWinNt->pfnQueryCurThrdForVCpu(pThis->pIfWinNt, pThis->Dbgc.pUVM, VMMR3GetVTable(), RespHdr.idCpu, &GCPtrCurThrd); if (RT_SUCCESS(rc)) memcpy(&abResp[0], &GCPtrCurThrd, sizeof(GCPtrCurThrd)); } cbData = sizeof(RTGCUINTPTR); break; } default: rc = VERR_NOT_SUPPORTED; break; } } if ( RT_SUCCESS(rc) && cbData) { XferCtrlSpace64.cbXfered = RT_MIN(cbData, XferCtrlSpace64.cbXferReq); cSegs++; aRespSegs[2].pvSeg = &abResp[0]; aRespSegs[2].cbSeg = cbData; } else if (RT_FAILURE(rc)) RespHdr.u32NtStatus = NTSTATUS_UNSUCCESSFUL; /** @todo Convert to an appropriate NT status code. */ return dbgcKdCtxPktSendSg(pThis, KD_PACKET_HDR_SIGNATURE_DATA, KD_PACKET_HDR_SUB_TYPE_STATE_MANIPULATE, &aRespSegs[0], cSegs, true /*fAck*/); } /** * Processes a write control space 64 request. * * @returns VBox status code. * @param pThis The KD context. * @param pPktManip The manipulate packet request. */ static int dbgcKdCtxPktManipulate64WriteCtrlSpace(PKDCTX pThis, PCKDPACKETMANIPULATE64 pPktManip) { KDPACKETMANIPULATEHDR RespHdr; KDPACKETMANIPULATE_XFERCTRLSPACE64 XferCtrlSpace64; uint32_t cbData = 0; RT_ZERO(RespHdr); RT_ZERO(XferCtrlSpace64); RTSGSEG aRespSegs[2]; RespHdr.idReq = KD_PACKET_MANIPULATE_REQ_WRITE_CTRL_SPACE; RespHdr.u16CpuLvl = pPktManip->Hdr.u16CpuLvl; RespHdr.idCpu = pPktManip->Hdr.idCpu; RespHdr.u32NtStatus = NTSTATUS_SUCCESS; XferCtrlSpace64.u64IdXfer = pPktManip->u.XferCtrlSpace.u64IdXfer; XferCtrlSpace64.cbXferReq = pPktManip->u.XferCtrlSpace.cbXferReq; aRespSegs[0].pvSeg = &RespHdr; aRespSegs[0].cbSeg = sizeof(RespHdr); aRespSegs[1].pvSeg = &XferCtrlSpace64; aRespSegs[1].cbSeg = sizeof(XferCtrlSpace64); int rc = VINF_SUCCESS; switch (pPktManip->u.XferCtrlSpace.u64IdXfer) { case KD_PACKET_MANIPULATE64_CTRL_SPACE_ID_KCTX: { PCNTKCONTEXT64 pNtKCtx = (PCNTKCONTEXT64)&pThis->abBody[sizeof(*pPktManip)]; /* Data comes directly after the manipulate state body. */ rc = dbgcKdCtxSetNtKCtx64(pThis, RespHdr.idCpu, pNtKCtx, XferCtrlSpace64.cbXferReq); if (RT_SUCCESS(rc)) cbData = RT_MIN(XferCtrlSpace64.cbXferReq, sizeof(NTKCONTEXT64)); break; } case KD_PACKET_MANIPULATE64_CTRL_SPACE_ID_KPCR: case KD_PACKET_MANIPULATE64_CTRL_SPACE_ID_KPCRB: case KD_PACKET_MANIPULATE64_CTRL_SPACE_ID_KTHRD: default: rc = VERR_NOT_SUPPORTED; break; } if (RT_FAILURE(rc)) RespHdr.u32NtStatus = NTSTATUS_UNSUCCESSFUL; /** @todo Convert to an appropriate NT status code. */ else XferCtrlSpace64.cbXfered = cbData; return dbgcKdCtxPktSendSg(pThis, KD_PACKET_HDR_SIGNATURE_DATA, KD_PACKET_HDR_SUB_TYPE_STATE_MANIPULATE, &aRespSegs[0], RT_ELEMENTS(aRespSegs), true /*fAck*/); } /** * Processes a restore breakpoint 64 request. * * @returns VBox status code. * @param pThis The KD context. * @param pPktManip The manipulate packet request. */ static int dbgcKdCtxPktManipulate64RestoreBkpt(PKDCTX pThis, PCKDPACKETMANIPULATE64 pPktManip) { KDPACKETMANIPULATEHDR RespHdr; KDPACKETMANIPULATE_RESTOREBKPT64 RestoreBkpt64; RT_ZERO(RespHdr); RT_ZERO(RestoreBkpt64); RTSGSEG aRespSegs[2]; RespHdr.idReq = KD_PACKET_MANIPULATE_REQ_RESTORE_BKPT; RespHdr.u16CpuLvl = pPktManip->Hdr.u16CpuLvl; RespHdr.idCpu = pPktManip->Hdr.idCpu; RespHdr.u32NtStatus = NTSTATUS_SUCCESS; RestoreBkpt64.u32HndBkpt = pPktManip->u.RestoreBkpt.u32HndBkpt; aRespSegs[0].pvSeg = &RespHdr; aRespSegs[0].cbSeg = sizeof(RespHdr); aRespSegs[1].pvSeg = &RestoreBkpt64; aRespSegs[1].cbSeg = sizeof(RestoreBkpt64); int rc = DBGFR3BpClear(pThis->Dbgc.pUVM, pPktManip->u.RestoreBkpt.u32HndBkpt); if (RT_SUCCESS(rc)) { rc = dbgcBpDelete(&pThis->Dbgc, pPktManip->u.RestoreBkpt.u32HndBkpt); AssertRC(rc); } else if (rc != VERR_DBGF_BP_NOT_FOUND) RespHdr.u32NtStatus = NTSTATUS_UNSUCCESSFUL; return dbgcKdCtxPktSendSg(pThis, KD_PACKET_HDR_SIGNATURE_DATA, KD_PACKET_HDR_SUB_TYPE_STATE_MANIPULATE, &aRespSegs[0], RT_ELEMENTS(aRespSegs), true /*fAck*/); } /** * Processes a write breakpoint 64 request. * * @returns VBox status code. * @param pThis The KD context. * @param pPktManip The manipulate packet request. */ static int dbgcKdCtxPktManipulate64WriteBkpt(PKDCTX pThis, PCKDPACKETMANIPULATE64 pPktManip) { KDPACKETMANIPULATEHDR RespHdr; KDPACKETMANIPULATE_WRITEBKPT64 WriteBkpt64; RT_ZERO(RespHdr); RT_ZERO(WriteBkpt64); RTSGSEG aRespSegs[2]; RespHdr.idReq = KD_PACKET_MANIPULATE_REQ_WRITE_BKPT; RespHdr.u16CpuLvl = pPktManip->Hdr.u16CpuLvl; RespHdr.idCpu = pPktManip->Hdr.idCpu; RespHdr.u32NtStatus = NTSTATUS_SUCCESS; aRespSegs[0].pvSeg = &RespHdr; aRespSegs[0].cbSeg = sizeof(RespHdr); aRespSegs[1].pvSeg = &WriteBkpt64; aRespSegs[1].cbSeg = sizeof(WriteBkpt64); WriteBkpt64.u64PtrBkpt = pPktManip->u.WriteBkpt.u64PtrBkpt; DBGFADDRESS BpAddr; DBGFR3AddrFromFlat(pThis->Dbgc.pUVM, &BpAddr, KD_PTR_GET(pThis, pPktManip->u.WriteBkpt.u64PtrBkpt)); int rc = DBGFR3BpSetInt3(pThis->Dbgc.pUVM, pThis->Dbgc.idCpu, &BpAddr, 1 /*iHitTrigger*/, UINT64_MAX /*iHitDisable*/, &WriteBkpt64.u32HndBkpt); if (RT_SUCCESS(rc)) { rc = dbgcBpAdd(&pThis->Dbgc, WriteBkpt64.u32HndBkpt, NULL /*pszCmd*/); if (RT_FAILURE(rc)) DBGFR3BpClear(pThis->Dbgc.pUVM, WriteBkpt64.u32HndBkpt); } else RespHdr.u32NtStatus = NTSTATUS_UNSUCCESSFUL; return dbgcKdCtxPktSendSg(pThis, KD_PACKET_HDR_SIGNATURE_DATA, KD_PACKET_HDR_SUB_TYPE_STATE_MANIPULATE, &aRespSegs[0], RT_ELEMENTS(aRespSegs), true /*fAck*/); } /** * Processes a get context extended 64 request. * * @returns VBox status code. * @param pThis The KD context. * @param pPktManip The manipulate packet request. */ static int dbgcKdCtxPktManipulate64GetContextEx(PKDCTX pThis, PCKDPACKETMANIPULATE64 pPktManip) { KDPACKETMANIPULATEHDR RespHdr; KDPACKETMANIPULATE_CONTEXTEX ContextEx; union { NTCONTEXT64 v64; NTCONTEXT32 v32; } NtCtx; RT_ZERO(RespHdr); RT_ZERO(ContextEx); RT_ZERO(NtCtx); RTSGSEG aRespSegs[3]; uint32_t cSegs = 2; RespHdr.idReq = KD_PACKET_MANIPULATE_REQ_GET_CONTEXT_EX; RespHdr.u16CpuLvl = pPktManip->Hdr.u16CpuLvl; RespHdr.idCpu = pPktManip->Hdr.idCpu; RespHdr.u32NtStatus = NTSTATUS_UNSUCCESSFUL; ContextEx.offStart = pPktManip->u.ContextEx.offStart; ContextEx.cbXfer = pPktManip->u.ContextEx.cbXfer; ContextEx.cbXfered = 0; aRespSegs[0].pvSeg = &RespHdr; aRespSegs[0].cbSeg = sizeof(RespHdr); aRespSegs[1].pvSeg = &ContextEx; aRespSegs[1].cbSeg = sizeof(ContextEx); int rc = VINF_SUCCESS; uint32_t cbCtx = pThis->f32Bit ? sizeof(NtCtx.v32) : sizeof(NtCtx.v64); if (pThis->f32Bit) dbgcKdCtxQueryNtCtx32(pThis, pPktManip->Hdr.idCpu, &NtCtx.v32, NTCONTEXT32_F_FULL); else dbgcKdCtxQueryNtCtx64(pThis, pPktManip->Hdr.idCpu, &NtCtx.v64, NTCONTEXT64_F_FULL); if ( RT_SUCCESS(rc) && pPktManip->u.ContextEx.offStart < cbCtx) { RespHdr.u32NtStatus = NTSTATUS_SUCCESS; ContextEx.cbXfered = RT_MIN(cbCtx - ContextEx.offStart, ContextEx.cbXfer); aRespSegs[2].pvSeg = (uint8_t *)&NtCtx + ContextEx.offStart; aRespSegs[2].cbSeg = ContextEx.cbXfered; cSegs++; } return dbgcKdCtxPktSendSg(pThis, KD_PACKET_HDR_SIGNATURE_DATA, KD_PACKET_HDR_SUB_TYPE_STATE_MANIPULATE, &aRespSegs[0], cSegs, true /*fAck*/); } /** * Processes a query memory 64 request. * * @returns VBox status code. * @param pThis The KD context. * @param pPktManip The manipulate packet request. */ static int dbgcKdCtxPktManipulate64QueryMemory(PKDCTX pThis, PCKDPACKETMANIPULATE64 pPktManip) { KDPACKETMANIPULATEHDR RespHdr; KDPACKETMANIPULATE_QUERYMEMORY QueryMemory; RT_ZERO(RespHdr); RT_ZERO(QueryMemory); RTSGSEG aRespSegs[2]; RespHdr.idReq = KD_PACKET_MANIPULATE_REQ_QUERY_MEMORY; RespHdr.u16CpuLvl = pPktManip->Hdr.u16CpuLvl; RespHdr.idCpu = pPktManip->Hdr.idCpu; RespHdr.u32NtStatus = NTSTATUS_SUCCESS; /** @todo Need DBGF API to query protection and privilege level from guest page tables. */ QueryMemory.u64GCPtr = pPktManip->u.QueryMemory.u64GCPtr; QueryMemory.u32AddrSpace = KD_PACKET_MANIPULATE64_QUERY_MEMORY_ADDR_SPACE_KERNEL; QueryMemory.u32Flags = KD_PACKET_MANIPULATE64_QUERY_MEMORY_ADDR_F_READ | KD_PACKET_MANIPULATE64_QUERY_MEMORY_ADDR_F_WRITE | KD_PACKET_MANIPULATE64_QUERY_MEMORY_ADDR_F_EXEC; aRespSegs[0].pvSeg = &RespHdr; aRespSegs[0].cbSeg = sizeof(RespHdr); aRespSegs[1].pvSeg = &QueryMemory; aRespSegs[1].cbSeg = sizeof(QueryMemory); return dbgcKdCtxPktSendSg(pThis, KD_PACKET_HDR_SIGNATURE_DATA, KD_PACKET_HDR_SUB_TYPE_STATE_MANIPULATE, &aRespSegs[0], RT_ELEMENTS(aRespSegs), true /*fAck*/); } /** * Processes a search memory 64 request. * * @returns VBox status code. * @param pThis The KD context. * @param pPktManip The manipulate packet request. */ static int dbgcKdCtxPktManipulate64SearchMemory(PKDCTX pThis, PCKDPACKETMANIPULATE64 pPktManip) { KDPACKETMANIPULATEHDR RespHdr; KDPACKETMANIPULATE_SEARCHMEMORY SearchMemory; RT_ZERO(RespHdr); RT_ZERO(SearchMemory); RTSGSEG aRespSegs[2]; RespHdr.idReq = KD_PACKET_MANIPULATE_REQ_SEARCH_MEMORY; RespHdr.u16CpuLvl = pPktManip->Hdr.u16CpuLvl; RespHdr.idCpu = pPktManip->Hdr.idCpu; RespHdr.u32NtStatus = NTSTATUS_SUCCESS; SearchMemory.u64GCPtr = pPktManip->u.SearchMemory.u64GCPtr; SearchMemory.cbSearch = pPktManip->u.SearchMemory.cbSearch; SearchMemory.cbPattern = pPktManip->u.SearchMemory.cbPattern; /* Validate the pattern length and start searching. */ if (pPktManip->u.SearchMemory.cbPattern < sizeof(pThis->abBody) - sizeof(*pPktManip)) { DBGFADDRESS StartAddress; DBGFADDRESS HitAddress; VMCPUID idCpu = pPktManip->Hdr.idCpu; DBGFR3AddrFromFlat(pThis->Dbgc.pUVM, &StartAddress, pPktManip->u.SearchMemory.u64GCPtr); /** @todo WindDbg sends CPU ID 32 sometimes, maybe that means continue search on last used CPU?. */ if (idCpu >= DBGFR3CpuGetCount(pThis->Dbgc.pUVM)) idCpu = pThis->Dbgc.idCpu; int rc = DBGFR3MemScan(pThis->Dbgc.pUVM, idCpu, &StartAddress, pPktManip->u.SearchMemory.cbSearch, 1, &pThis->abBody[sizeof(*pPktManip)], pPktManip->u.SearchMemory.cbPattern, &HitAddress); if (RT_SUCCESS(rc)) SearchMemory.u64GCPtr = HitAddress.FlatPtr; else if (rc == VERR_DBGF_MEM_NOT_FOUND) RespHdr.u32NtStatus = NTSTATUS_NOT_FOUND; else RespHdr.u32NtStatus = NTSTATUS_UNSUCCESSFUL; } else RespHdr.u32NtStatus = NTSTATUS_BUFFER_OVERFLOW; aRespSegs[0].pvSeg = &RespHdr; aRespSegs[0].cbSeg = sizeof(RespHdr); aRespSegs[1].pvSeg = &SearchMemory; aRespSegs[1].cbSeg = sizeof(SearchMemory); return dbgcKdCtxPktSendSg(pThis, KD_PACKET_HDR_SIGNATURE_DATA, KD_PACKET_HDR_SUB_TYPE_STATE_MANIPULATE, &aRespSegs[0], RT_ELEMENTS(aRespSegs), true /*fAck*/); } /** * Processes a cause bugcheck 64 request. * * @returns VBox status code. * @param pThis The KD context. * @param pPktManip The manipulate packet request. * * @note We abuse this request to initiate a native VBox debugger command prompt from the remote end * (There is monitor/Rcmd equivalent like with GDB unfortunately). */ static int dbgcKdCtxPktManipulate64CauseBugCheck(PKDCTX pThis, PCKDPACKETMANIPULATE64 pPktManip) { RT_NOREF(pPktManip); pThis->fInVBoxDbg = true; return dbgcKdCtxDebugIoGetStrSend(pThis, pThis->Dbgc.idCpu, "VBoxDbg>", sizeof("VBoxDbg>") - 1, 512 /*cbResponseMax*/); } /** * Processes a switch processor request. * * @returns VBox status code. * @param pThis The KD context. * @param pPktManip The manipulate packet request. */ static int dbgcKdCtxPktManipulate64SwitchProcessor(PKDCTX pThis, PCKDPACKETMANIPULATE64 pPktManip) { int rc = VINF_SUCCESS; if (RT_UNLIKELY(pPktManip->Hdr.idCpu >= DBGFR3CpuGetCount(pThis->Dbgc.pUVM))) { KDPACKETMANIPULATEHDR RespHdr; RT_ZERO(RespHdr); RespHdr.idReq = KD_PACKET_MANIPULATE_REQ_SWITCH_PROCESSOR; RespHdr.u16CpuLvl = pPktManip->Hdr.u16CpuLvl; RespHdr.idCpu = pPktManip->Hdr.idCpu; RespHdr.u32NtStatus = NTSTATUS_UNSUCCESSFUL; /** @todo Test this path. */ rc = dbgcKdCtxPktSend(pThis, KD_PACKET_HDR_SIGNATURE_DATA, KD_PACKET_HDR_SUB_TYPE_STATE_MANIPULATE, &RespHdr, sizeof(RespHdr), true /*fAck*/); } else { pThis->Dbgc.idCpu = pPktManip->Hdr.idCpu; rc = dbgcKdCtxStateChangeSend(pThis, DBGFEVENT_HALT_DONE); } return rc; } /** * Processes a manipulate packet. * * @returns VBox status code. * @param pThis The KD context. */ static int dbgcKdCtxPktManipulate64Process(PKDCTX pThis) { int rc = VINF_SUCCESS; PCKDPACKETMANIPULATE64 pPktManip = (PCKDPACKETMANIPULATE64)&pThis->abBody[0]; switch (pPktManip->Hdr.idReq) { case KD_PACKET_MANIPULATE_REQ_GET_VERSION: { rc = dbgcKdCtxPktManipulate64GetVersion(pThis, pPktManip); break; } case KD_PACKET_MANIPULATE_REQ_READ_VIRT_MEM: case KD_PACKET_MANIPULATE_REQ_READ_PHYS_MEM: { rc = dbgcKdCtxPktManipulate64ReadMem(pThis, pPktManip); break; } case KD_PACKET_MANIPULATE_REQ_WRITE_VIRT_MEM: case KD_PACKET_MANIPULATE_REQ_WRITE_PHYS_MEM: { rc = dbgcKdCtxPktManipulate64WriteMem(pThis, pPktManip); break; } case KD_PACKET_MANIPULATE_REQ_CONTINUE: { rc = dbgcKdCtxPktManipulate64Continue(pThis, pPktManip); break; } case KD_PACKET_MANIPULATE_REQ_CONTINUE2: { rc = dbgcKdCtxPktManipulate64Continue2(pThis, pPktManip); break; } case KD_PACKET_MANIPULATE_REQ_SET_CONTEXT: { rc = dbgcKdCtxPktManipulate64SetContext(pThis, pPktManip); break; } case KD_PACKET_MANIPULATE_REQ_READ_CTRL_SPACE: { rc = dbgcKdCtxPktManipulate64ReadCtrlSpace(pThis, pPktManip); break; } case KD_PACKET_MANIPULATE_REQ_WRITE_CTRL_SPACE: { rc = dbgcKdCtxPktManipulate64WriteCtrlSpace(pThis, pPktManip); break; } case KD_PACKET_MANIPULATE_REQ_RESTORE_BKPT: { rc = dbgcKdCtxPktManipulate64RestoreBkpt(pThis, pPktManip); break; } case KD_PACKET_MANIPULATE_REQ_WRITE_BKPT: { rc = dbgcKdCtxPktManipulate64WriteBkpt(pThis, pPktManip); break; } case KD_PACKET_MANIPULATE_REQ_CLEAR_ALL_INTERNAL_BKPT: /* WinDbg doesn't seem to expect an answer apart from the ACK here. */ break; case KD_PACKET_MANIPULATE_REQ_GET_CONTEXT_EX: { rc = dbgcKdCtxPktManipulate64GetContextEx(pThis, pPktManip); break; } case KD_PACKET_MANIPULATE_REQ_QUERY_MEMORY: { rc = dbgcKdCtxPktManipulate64QueryMemory(pThis, pPktManip); break; } case KD_PACKET_MANIPULATE_REQ_SEARCH_MEMORY: { rc = dbgcKdCtxPktManipulate64SearchMemory(pThis, pPktManip); break; } case KD_PACKET_MANIPULATE_REQ_CAUSE_BUGCHECK: { rc = dbgcKdCtxPktManipulate64CauseBugCheck(pThis, pPktManip); break; } case KD_PACKET_MANIPULATE_REQ_SWITCH_PROCESSOR: { rc = dbgcKdCtxPktManipulate64SwitchProcessor(pThis, pPktManip); break; } case KD_PACKET_MANIPULATE_REQ_REBOOT: { rc = VMR3Reset(pThis->Dbgc.pUVM); /* Doesn't expect an answer here. */ if ( RT_SUCCESS(rc) && DBGFR3IsHalted(pThis->Dbgc.pUVM, VMCPUID_ALL)) rc = DBGFR3Resume(pThis->Dbgc.pUVM, VMCPUID_ALL); break; } default: KDPACKETMANIPULATEHDR RespHdr; RT_ZERO(RespHdr); RespHdr.idReq = pPktManip->Hdr.idReq; RespHdr.u16CpuLvl = pPktManip->Hdr.u16CpuLvl; RespHdr.idCpu = pPktManip->Hdr.idCpu; RespHdr.u32NtStatus = NTSTATUS_NOT_IMPLEMENTED; rc = dbgcKdCtxPktSend(pThis, KD_PACKET_HDR_SIGNATURE_DATA, KD_PACKET_HDR_SUB_TYPE_STATE_MANIPULATE, &RespHdr, sizeof(RespHdr), true /*fAck*/); break; } return rc; } /** * Tries to detect the guest OS running in the VM looking specifically for the Windows NT kind. * * @returns Nothing. * @param pThis The KD context. */ static void dbgcKdCtxDetectGstOs(PKDCTX pThis) { pThis->pIfWinNt = NULL; /* Try detecting a Windows NT guest. */ char szName[64]; int rc = DBGFR3OSDetect(pThis->Dbgc.pUVM, szName, sizeof(szName)); if (RT_SUCCESS(rc)) { pThis->pIfWinNt = (PDBGFOSIWINNT)DBGFR3OSQueryInterface(pThis->Dbgc.pUVM, DBGFOSINTERFACE_WINNT); if (pThis->pIfWinNt) LogRel(("DBGC/Kd: Detected Windows NT guest OS (%s)\n", &szName[0])); else LogRel(("DBGC/Kd: Detected guest OS is not of the Windows NT kind (%s)\n", &szName[0])); } else { LogRel(("DBGC/Kd: Unable to detect any guest operating system type, rc=%Rrc\n", rc)); rc = VINF_SUCCESS; /* Try to continue nevertheless. */ } if (pThis->pIfWinNt) { rc = pThis->pIfWinNt->pfnQueryVersion(pThis->pIfWinNt, pThis->Dbgc.pUVM, VMMR3GetVTable(), NULL /*puVersMajor*/, NULL /*puVersMinor*/, NULL /*puBuildNumber*/, &pThis->f32Bit); AssertRC(rc); } else { /* * Try to detect bitness based on the current CPU mode which might fool us (32bit process running * inside of 64bit host). */ CPUMMODE enmMode = DBGCCmdHlpGetCpuMode(&pThis->Dbgc.CmdHlp); if (enmMode == CPUMMODE_PROTECTED) pThis->f32Bit = true; else if (enmMode == CPUMMODE_LONG) pThis->f32Bit = false; else LogRel(("DBGC/Kd: Heh, trying to debug real mode code with WinDbg are we? Good luck with that...\n")); } } /** * Processes a fully received packet. * * @returns VBox status code. * @param pThis The KD context. */ static int dbgcKdCtxPktProcess(PKDCTX pThis) { int rc = VINF_SUCCESS; pThis->fBreakinRecv = false; /* Verify checksum. */ if (dbgcKdPktChkSumGen(&pThis->abBody[0], pThis->PktHdr.Fields.cbBody) == pThis->PktHdr.Fields.u32ChkSum) { /** @todo Check packet id. */ if (pThis->PktHdr.Fields.u16SubType != KD_PACKET_HDR_SUB_TYPE_RESET) { pThis->idPktNext = pThis->PktHdr.Fields.idPacket; rc = dbgcKdCtxPktSendAck(pThis); } if (RT_SUCCESS(rc)) { #ifdef LOG_ENABLED RTSGSEG Seg; Seg.pvSeg = &pThis->abBody[0]; Seg.cbSeg = pThis->PktHdr.Fields.cbBody; dbgcKdPktDump(&pThis->PktHdr.Fields, &Seg, 1 /*cSegs*/, true /*fRx*/); #endif switch (pThis->PktHdr.Fields.u16SubType) { case KD_PACKET_HDR_SUB_TYPE_RESET: { dbgcKdCtxDetectGstOs(pThis); pThis->idPktNext = 0; rc = dbgcKdCtxPktSendReset(pThis); if (RT_SUCCESS(rc)) { rc = DBGFR3Halt(pThis->Dbgc.pUVM, VMCPUID_ALL); if (rc == VWRN_DBGF_ALREADY_HALTED) rc = dbgcKdCtxStateChangeSend(pThis, DBGFEVENT_HALT_DONE); } pThis->idPktNext = KD_PACKET_HDR_ID_RESET; break; } case KD_PACKET_HDR_SUB_TYPE_STATE_MANIPULATE: { pThis->idPktNext = pThis->PktHdr.Fields.idPacket ^ 0x1; rc = dbgcKdCtxPktManipulate64Process(pThis); break; } case KD_PACKET_HDR_SUB_TYPE_ACKNOWLEDGE: case KD_PACKET_HDR_SUB_TYPE_RESEND: { /* Don't do anything. */ rc = VINF_SUCCESS; break; } case KD_PACKET_HDR_SUB_TYPE_DEBUG_IO: { if (pThis->fInVBoxDbg) { pThis->idPktNext = pThis->PktHdr.Fields.idPacket ^ 0x1; /* Get the string and execute it. */ PCKDPACKETDEBUGIO pPktDbgIo = (PCKDPACKETDEBUGIO)&pThis->abBody[0]; if ( pPktDbgIo->u32Type == KD_PACKET_DEBUG_IO_GET_STRING && pPktDbgIo->u.Prompt.cbReturn <= sizeof(pThis->abBody) - sizeof(*pPktDbgIo) - 1) { if (pPktDbgIo->u.Prompt.cbReturn) { /* Terminate return value. */ pThis->abBody[sizeof(*pPktDbgIo) + pPktDbgIo->u.Prompt.cbReturn] = '\0'; const char *pszCmd = (const char *)&pThis->abBody[sizeof(*pPktDbgIo)]; /* Filter out 'exit' which is handled here directly and exits the debug loop. */ if (!strcmp(pszCmd, "exit")) pThis->fInVBoxDbg = false; else { rc = pThis->Dbgc.CmdHlp.pfnExec(&pThis->Dbgc.CmdHlp, pszCmd); if (RT_SUCCESS(rc)) rc = dbgcKdCtxDebugIoGetStrSend(pThis, pThis->Dbgc.idCpu, "VBoxDbg>", sizeof("VBoxDbg>") - 1, 512 /*cbResponseMax*/); else LogRel(("DBGC/Kd: Executing command \"%s\" failed with rc=%Rrc\n", pszCmd, rc)); } } else rc = dbgcKdCtxDebugIoGetStrSend(pThis, pThis->Dbgc.idCpu, "VBoxDbg>", sizeof("VBoxDbg>") - 1, 512 /*cbResponseMax*/); } else LogRel(("DBGC/Kd: Received invalid DEBUG_IO packet from remote end, ignoring\n")); } else LogRel(("DBGC/Kd: Received out of band DEBUG_IO packet from remote end, ignoring\n")); break; } default: rc = VERR_NOT_IMPLEMENTED; } } } else { pThis->idPktNext = pThis->PktHdr.Fields.idPacket; rc = dbgcKdCtxPktSendResend(pThis); } if (pThis->fBreakinRecv) { pThis->fBreakinRecv = false; rc = DBGFR3Halt(pThis->Dbgc.pUVM, VMCPUID_ALL); if (rc == VWRN_DBGF_ALREADY_HALTED) rc = dbgcKdCtxStateChangeSend(pThis, DBGFEVENT_HALT_DONE); } /* Next packet. */ dbgcKdCtxPktRecvReset(pThis); return rc; } /** * Processes the received data based on the current state. * * @returns VBox status code. * @param pThis The KD context. */ static int dbgcKdCtxRecvDataProcess(PKDCTX pThis) { int rc = VINF_SUCCESS; switch (pThis->enmState) { case KDRECVSTATE_PACKET_HDR_FIRST_BYTE: { /* Does it look like a valid packet start?. */ if ( pThis->PktHdr.ab[0] == KD_PACKET_HDR_SIGNATURE_DATA_BYTE || pThis->PktHdr.ab[0] == KD_PACKET_HDR_SIGNATURE_CONTROL_BYTE) { pThis->pbRecv = &pThis->PktHdr.ab[1]; pThis->cbRecvLeft = sizeof(pThis->PktHdr.ab[1]); pThis->enmState = KDRECVSTATE_PACKET_HDR_SECOND_BYTE; pThis->msRecvTimeout = DBGC_KD_RECV_TIMEOUT_MS; } else if (pThis->PktHdr.ab[0] == KD_PACKET_HDR_SIGNATURE_BREAKIN_BYTE) { rc = DBGFR3Halt(pThis->Dbgc.pUVM, VMCPUID_ALL); if (rc == VWRN_DBGF_ALREADY_HALTED) rc = dbgcKdCtxStateChangeSend(pThis, DBGFEVENT_HALT_DONE); dbgcKdCtxPktRecvReset(pThis); } /* else: Ignore and continue. */ break; } case KDRECVSTATE_PACKET_HDR_SECOND_BYTE: { /* * If the first and second byte differ there might be a single breakin * packet byte received and this is actually the start of a new packet. */ if (pThis->PktHdr.ab[0] != pThis->PktHdr.ab[1]) { if (pThis->PktHdr.ab[0] == KD_PACKET_HDR_SIGNATURE_BREAKIN_BYTE) { /* Halt the VM and rearrange the packet receiving state machine. */ LogFlow(("DbgKd: Halting VM!\n")); rc = DBGFR3Halt(pThis->Dbgc.pUVM, VMCPUID_ALL); pThis->PktHdr.ab[0] = pThis->PktHdr.ab[1]; /* Overwrite the first byte with the new start. */ pThis->pbRecv = &pThis->PktHdr.ab[1]; pThis->cbRecvLeft = sizeof(pThis->PktHdr.ab[1]); } else rc = VERR_NET_PROTOCOL_ERROR; /* Refuse talking to the remote end any further. */ } else { /* Normal packet receive continues with the rest of the header. */ pThis->pbRecv = &pThis->PktHdr.ab[2]; pThis->cbRecvLeft = sizeof(pThis->PktHdr.Fields) - 2; pThis->enmState = KDRECVSTATE_PACKET_HDR; } break; } case KDRECVSTATE_PACKET_HDR: { if ( dbgcKdPktHdrValidate(&pThis->PktHdr.Fields) && pThis->PktHdr.Fields.cbBody <= sizeof(pThis->abBody)) { /* Start receiving the body. */ if (pThis->PktHdr.Fields.cbBody) { pThis->pbRecv = &pThis->abBody[0]; pThis->cbRecvLeft = pThis->PktHdr.Fields.cbBody; pThis->enmState = KDRECVSTATE_PACKET_BODY; } else /* No body means no trailer byte it looks like. */ rc = dbgcKdCtxPktProcess(pThis); } else rc = VERR_NET_PROTOCOL_ERROR; break; } case KDRECVSTATE_PACKET_BODY: { pThis->enmState = KDRECVSTATE_PACKET_TRAILER; pThis->bTrailer = 0; pThis->pbRecv = &pThis->bTrailer; pThis->cbRecvLeft = sizeof(pThis->bTrailer); break; } case KDRECVSTATE_PACKET_TRAILER: { if (pThis->bTrailer == KD_PACKET_TRAILING_BYTE) rc = dbgcKdCtxPktProcess(pThis); else rc = VERR_NET_PROTOCOL_ERROR; break; } default: AssertMsgFailed(("Invalid receive state %d\n", pThis->enmState)); } return rc; } /** * Receive data and processes complete packets. * * @returns Status code. * @param pThis The KD context. */ static int dbgcKdCtxRecv(PKDCTX pThis) { int rc = VINF_SUCCESS; LogFlowFunc(("pThis=%p{.cbRecvLeft=%zu}\n", pThis, pThis->cbRecvLeft)); if (pThis->cbRecvLeft) { size_t cbRead = 0; rc = pThis->Dbgc.pIo->pfnRead(pThis->Dbgc.pIo, pThis->pbRecv, pThis->cbRecvLeft, &cbRead); if (RT_SUCCESS(rc)) { pThis->tsRecvLast = RTTimeMilliTS(); pThis->cbRecvLeft -= cbRead; pThis->pbRecv += cbRead; if (!pThis->cbRecvLeft) rc = dbgcKdCtxRecvDataProcess(pThis); } } LogFlowFunc(("returns rc=%Rrc\n", rc)); return rc; } /** * Processes debugger events. * * @returns VBox status code. * @param pThis The KD context data. * @param pEvent Pointer to event data. */ static int dbgcKdCtxProcessEvent(PKDCTX pThis, PCDBGFEVENT pEvent) { /* * Process the event. */ PDBGC pDbgc = &pThis->Dbgc; pThis->Dbgc.pszScratch = &pThis->Dbgc.achInput[0]; pThis->Dbgc.iArg = 0; int rc = VINF_SUCCESS; VMCPUID idCpuOld = pDbgc->idCpu; pDbgc->idCpu = pEvent->idCpu; switch (pEvent->enmType) { /* * The first part is events we have initiated with commands. */ case DBGFEVENT_HALT_DONE: { rc = dbgcKdCtxStateChangeSend(pThis, pEvent->enmType); break; } /* * The second part is events which can occur at any time. */ case DBGFEVENT_FATAL_ERROR: { rc = pDbgc->CmdHlp.pfnPrintf(&pDbgc->CmdHlp, NULL, "\ndbf event: Fatal error! (%s)\n", dbgcGetEventCtx(pEvent->enmCtx)); if (RT_SUCCESS(rc)) rc = pDbgc->CmdHlp.pfnExec(&pDbgc->CmdHlp, "r"); break; } case DBGFEVENT_BREAKPOINT: case DBGFEVENT_BREAKPOINT_IO: case DBGFEVENT_BREAKPOINT_MMIO: case DBGFEVENT_BREAKPOINT_HYPER: { rc = dbgcBpExec(pDbgc, pEvent->u.Bp.hBp); switch (rc) { case VERR_DBGC_BP_NOT_FOUND: rc = pDbgc->CmdHlp.pfnPrintf(&pDbgc->CmdHlp, NULL, "\ndbgf event: Unknown breakpoint %u! (%s)\n", pEvent->u.Bp.hBp, dbgcGetEventCtx(pEvent->enmCtx)); break; case VINF_DBGC_BP_NO_COMMAND: rc = pDbgc->CmdHlp.pfnPrintf(&pDbgc->CmdHlp, NULL, "\ndbgf event: Breakpoint %u! (%s)\n", pEvent->u.Bp.hBp, dbgcGetEventCtx(pEvent->enmCtx)); break; case VINF_BUFFER_OVERFLOW: rc = pDbgc->CmdHlp.pfnPrintf(&pDbgc->CmdHlp, NULL, "\ndbgf event: Breakpoint %u! Command too long to execute! (%s)\n", pEvent->u.Bp.hBp, dbgcGetEventCtx(pEvent->enmCtx)); break; default: break; } if (RT_SUCCESS(rc) && DBGFR3IsHalted(pDbgc->pUVM, VMCPUID_ALL)) { rc = pDbgc->CmdHlp.pfnExec(&pDbgc->CmdHlp, "r"); /* Set the resume flag to ignore the breakpoint when resuming execution. */ if ( RT_SUCCESS(rc) && pEvent->enmType == DBGFEVENT_BREAKPOINT) rc = pDbgc->CmdHlp.pfnExec(&pDbgc->CmdHlp, "r eflags.rf = 1"); } /* Figure out the breakpoint and set the triggered flag for emulation of DR6. */ for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aHwBp); i++) { if (pThis->aHwBp[i].hDbgfBp == pEvent->u.Bp.hBp) { pThis->aHwBp[i].fTriggered = true; break; } } rc = dbgcKdCtxStateChangeSend(pThis, pEvent->enmType); break; } case DBGFEVENT_STEPPED: case DBGFEVENT_STEPPED_HYPER: { pThis->fSingleStepped = true; /* For emulation of DR6. */ rc = dbgcKdCtxStateChangeSend(pThis, pEvent->enmType); break; } case DBGFEVENT_ASSERTION_HYPER: { rc = pDbgc->CmdHlp.pfnPrintf(&pDbgc->CmdHlp, NULL, "\ndbgf event: Hypervisor Assertion! (%s)\n" "%s" "%s" "\n", dbgcGetEventCtx(pEvent->enmCtx), pEvent->u.Assert.pszMsg1, pEvent->u.Assert.pszMsg2); if (RT_SUCCESS(rc)) rc = pDbgc->CmdHlp.pfnExec(&pDbgc->CmdHlp, "r"); break; } case DBGFEVENT_DEV_STOP: { rc = pDbgc->CmdHlp.pfnPrintf(&pDbgc->CmdHlp, NULL, "\n" "dbgf event: DBGFSTOP (%s)\n" "File: %s\n" "Line: %d\n" "Function: %s\n", dbgcGetEventCtx(pEvent->enmCtx), pEvent->u.Src.pszFile, pEvent->u.Src.uLine, pEvent->u.Src.pszFunction); if (RT_SUCCESS(rc) && pEvent->u.Src.pszMessage && *pEvent->u.Src.pszMessage) rc = pDbgc->CmdHlp.pfnPrintf(&pDbgc->CmdHlp, NULL, "Message: %s\n", pEvent->u.Src.pszMessage); if (RT_SUCCESS(rc)) rc = pDbgc->CmdHlp.pfnExec(&pDbgc->CmdHlp, "r"); break; } case DBGFEVENT_INVALID_COMMAND: { rc = pDbgc->CmdHlp.pfnPrintf(&pDbgc->CmdHlp, NULL, "\ndbgf/dbgc error: Invalid command event!\n"); break; } case DBGFEVENT_POWERING_OFF: { pThis->Dbgc.fReady = false; pThis->Dbgc.pIo->pfnSetReady(pThis->Dbgc.pIo, false); rc = VERR_GENERAL_FAILURE; break; } default: { /* * Probably a generic event. Look it up to find its name. */ PCDBGCSXEVT pEvtDesc = dbgcEventLookup(pEvent->enmType); if (pEvtDesc) { if (pEvtDesc->enmKind == kDbgcSxEventKind_Interrupt) { Assert(pEvtDesc->pszDesc); Assert(pEvent->u.Generic.cArgs == 1); rc = pDbgc->CmdHlp.pfnPrintf(&pDbgc->CmdHlp, NULL, "\ndbgf event: %s no %#llx! (%s)\n", pEvtDesc->pszDesc, pEvent->u.Generic.auArgs[0], pEvtDesc->pszName); } else if (pEvtDesc->fFlags & DBGCSXEVT_F_BUGCHECK) { Assert(pEvent->u.Generic.cArgs >= 5); char szDetails[512]; DBGFR3FormatBugCheck(pDbgc->pUVM, szDetails, sizeof(szDetails), pEvent->u.Generic.auArgs[0], pEvent->u.Generic.auArgs[1], pEvent->u.Generic.auArgs[2], pEvent->u.Generic.auArgs[3], pEvent->u.Generic.auArgs[4]); rc = pDbgc->CmdHlp.pfnPrintf(&pDbgc->CmdHlp, NULL, "\ndbgf event: %s %s%s!\n%s", pEvtDesc->pszName, pEvtDesc->pszDesc ? "- " : "", pEvtDesc->pszDesc ? pEvtDesc->pszDesc : "", szDetails); } else if ( (pEvtDesc->fFlags & DBGCSXEVT_F_TAKE_ARG) || pEvent->u.Generic.cArgs > 1 || ( pEvent->u.Generic.cArgs == 1 && pEvent->u.Generic.auArgs[0] != 0)) { if (pEvtDesc->pszDesc) rc = pDbgc->CmdHlp.pfnPrintf(&pDbgc->CmdHlp, NULL, "\ndbgf event: %s - %s!", pEvtDesc->pszName, pEvtDesc->pszDesc); else rc = pDbgc->CmdHlp.pfnPrintf(&pDbgc->CmdHlp, NULL, "\ndbgf event: %s!", pEvtDesc->pszName); if (pEvent->u.Generic.cArgs <= 1) rc = pDbgc->CmdHlp.pfnPrintf(&pDbgc->CmdHlp, NULL, " arg=%#llx\n", pEvent->u.Generic.auArgs[0]); else { for (uint32_t i = 0; i < pEvent->u.Generic.cArgs; i++) rc = pDbgc->CmdHlp.pfnPrintf(&pDbgc->CmdHlp, NULL, " args[%u]=%#llx", i, pEvent->u.Generic.auArgs[i]); rc = pDbgc->CmdHlp.pfnPrintf(&pDbgc->CmdHlp, NULL, "\n"); } } else { if (pEvtDesc->pszDesc) rc = pDbgc->CmdHlp.pfnPrintf(&pDbgc->CmdHlp, NULL, "\ndbgf event: %s - %s!\n", pEvtDesc->pszName, pEvtDesc->pszDesc); else rc = pDbgc->CmdHlp.pfnPrintf(&pDbgc->CmdHlp, NULL, "\ndbgf event: %s!\n", pEvtDesc->pszName); } } else rc = pDbgc->CmdHlp.pfnPrintf(&pDbgc->CmdHlp, NULL, "\ndbgf/dbgc error: Unknown event %d!\n", pEvent->enmType); break; } } pDbgc->idCpu = idCpuOld; return rc; } /** * Handle a receive timeout. * * @returns VBox status code. * @param pThis Pointer to the KD context. */ static int dbgcKdCtxRecvTimeout(PKDCTX pThis) { int rc = VINF_SUCCESS; LogFlowFunc(("pThis=%p\n", pThis)); /* * If a single breakin packet byte was received but the header is otherwise incomplete * the VM is halted and a state change will be sent in the event processing loop. */ if ( pThis->enmState == KDRECVSTATE_PACKET_HDR_SECOND_BYTE && pThis->PktHdr.ab[0] == KD_PACKET_HDR_SIGNATURE_BREAKIN_BYTE) { LogFlow(("DbgKd: Halting VM!\n")); rc = DBGFR3Halt(pThis->Dbgc.pUVM, VMCPUID_ALL); } else /* Send a reset packet */ /** @todo Figure out the semantics in this case exactly. */ rc = dbgcKdCtxPktSendReset(pThis); dbgcKdCtxPktRecvReset(pThis); LogFlowFunc(("rc=%Rrc\n", rc)); return rc; } /** * @copydoc DBGC::pfnOutput */ static DECLCALLBACK(int) dbgcKdOutput(void *pvUser, const char *pachChars, size_t cbChars) { PKDCTX pThis = (PKDCTX)pvUser; return dbgcKdCtxDebugIoStrSend(pThis, pThis->Dbgc.idCpu, pachChars, cbChars); } /** * Run the debugger console. * * @returns VBox status code. * @param pThis Pointer to the KD context. */ int dbgcKdRun(PKDCTX pThis) { /* * We're ready for commands now. */ pThis->Dbgc.fReady = true; pThis->Dbgc.pIo->pfnSetReady(pThis->Dbgc.pIo, true); /* * Main Debugger Loop. * * This loop will either block on waiting for input or on waiting on * debug events. If we're forwarding the log we cannot wait for long * before we must flush the log. */ int rc; for (;;) { rc = VERR_SEM_OUT_OF_TURN; if (pThis->Dbgc.pUVM) rc = DBGFR3QueryWaitable(pThis->Dbgc.pUVM); if (RT_SUCCESS(rc)) { /* * Wait for a debug event. */ DBGFEVENT Evt; rc = DBGFR3EventWait(pThis->Dbgc.pUVM, 32, &Evt); if (RT_SUCCESS(rc)) { rc = dbgcKdCtxProcessEvent(pThis, &Evt); if (RT_FAILURE(rc)) break; } else if (rc != VERR_TIMEOUT) break; /* * Check for input. */ if (pThis->Dbgc.pIo->pfnInput(pThis->Dbgc.pIo, 0)) { rc = dbgcKdCtxRecv(pThis); if (RT_FAILURE(rc)) break; } } else if (rc == VERR_SEM_OUT_OF_TURN) { /* * Wait for input. */ if (pThis->Dbgc.pIo->pfnInput(pThis->Dbgc.pIo, 1000)) { rc = dbgcKdCtxRecv(pThis); if (RT_FAILURE(rc)) break; } else if ( pThis->msRecvTimeout != RT_INDEFINITE_WAIT && (RTTimeMilliTS() - pThis->tsRecvLast >= pThis->msRecvTimeout)) rc = dbgcKdCtxRecvTimeout(pThis); } else break; } return rc; } /** * Creates a KD context instance with the given backend. * * @returns VBox status code. * @param ppKdCtx Where to store the pointer to the KD stub context instance on success. * @param pIo Pointer to the I/O callback table. * @param fFlags Flags controlling the behavior. */ static int dbgcKdCtxCreate(PPKDCTX ppKdCtx, PCDBGCIO pIo, unsigned fFlags) { /* * Validate input. */ AssertPtrReturn(pIo, VERR_INVALID_POINTER); AssertMsgReturn(!fFlags, ("%#x", fFlags), VERR_INVALID_PARAMETER); /* * Allocate and initialize. */ PKDCTX pThis = (PKDCTX)RTMemAllocZ(sizeof(*pThis)); if (!pThis) return VERR_NO_MEMORY; dbgcInitCmdHlp(&pThis->Dbgc); /* * This is compied from the native debug console (will be used for monitor commands) * in DBGCConsole.cpp. Try to keep both functions in sync. */ pThis->Dbgc.pIo = pIo; pThis->Dbgc.pfnOutput = dbgcKdOutput; pThis->Dbgc.pvOutputUser = pThis; pThis->Dbgc.pVM = NULL; pThis->Dbgc.pUVM = NULL; pThis->Dbgc.idCpu = 0; pThis->Dbgc.hDbgAs = DBGF_AS_GLOBAL; pThis->Dbgc.pszEmulation = "CodeView/WinDbg"; pThis->Dbgc.paEmulationCmds = &g_aCmdsCodeView[0]; pThis->Dbgc.cEmulationCmds = g_cCmdsCodeView; pThis->Dbgc.paEmulationFuncs = &g_aFuncsCodeView[0]; pThis->Dbgc.cEmulationFuncs = g_cFuncsCodeView; //pThis->Dbgc.fLog = false; pThis->Dbgc.fRegTerse = true; pThis->Dbgc.fStepTraceRegs = true; //pThis->Dbgc.cPagingHierarchyDumps = 0; //pThis->Dbgc.DisasmPos = {0}; //pThis->Dbgc.SourcePos = {0}; //pThis->Dbgc.DumpPos = {0}; pThis->Dbgc.pLastPos = &pThis->Dbgc.DisasmPos; //pThis->Dbgc.cbDumpElement = 0; //pThis->Dbgc.cVars = 0; //pThis->Dbgc.paVars = NULL; //pThis->Dbgc.pPlugInHead = NULL; //pThis->Dbgc.pFirstBp = NULL; //pThis->Dbgc.abSearch = {0}; //pThis->Dbgc.cbSearch = 0; pThis->Dbgc.cbSearchUnit = 1; pThis->Dbgc.cMaxSearchHits = 1; //pThis->Dbgc.SearchAddr = {0}; //pThis->Dbgc.cbSearchRange = 0; //pThis->Dbgc.uInputZero = 0; //pThis->Dbgc.iRead = 0; //pThis->Dbgc.iWrite = 0; //pThis->Dbgc.cInputLines = 0; //pThis->Dbgc.fInputOverflow = false; pThis->Dbgc.fReady = true; pThis->Dbgc.pszScratch = &pThis->Dbgc.achScratch[0]; //pThis->Dbgc.iArg = 0; //pThis->Dbgc.rcOutput = 0; //pThis->Dbgc.rcCmd = 0; //pThis->Dbgc.pszHistoryFile = NULL; //pThis->Dbgc.pszGlobalInitScript = NULL; //pThis->Dbgc.pszLocalInitScript = NULL; dbgcEvalInit(); pThis->fBreakinRecv = false; pThis->fInVBoxDbg = false; pThis->idPktNext = KD_PACKET_HDR_ID_INITIAL; pThis->pIfWinNt = NULL; pThis->f32Bit = false; dbgcKdCtxPktRecvReset(pThis); for (uint32_t i = 0; i < RT_ELEMENTS(pThis->aHwBp); i++) { PKDCTXHWBP pBp = &pThis->aHwBp[i]; pBp->hDbgfBp = NIL_DBGFBP; } dbgcKdCtxHwBpReset(pThis); *ppKdCtx = pThis; return VINF_SUCCESS; } /** * Destroys the given KD context. * * @returns nothing. * @param pThis The KD context to destroy. */ static void dbgcKdCtxDestroy(PKDCTX pThis) { AssertPtr(pThis); pThis->pIfWinNt = NULL; /* Detach from the VM. */ if (pThis->Dbgc.pUVM) DBGFR3Detach(pThis->Dbgc.pUVM); /* Free config strings. */ RTStrFree(pThis->Dbgc.pszGlobalInitScript); pThis->Dbgc.pszGlobalInitScript = NULL; RTStrFree(pThis->Dbgc.pszLocalInitScript); pThis->Dbgc.pszLocalInitScript = NULL; RTStrFree(pThis->Dbgc.pszHistoryFile); pThis->Dbgc.pszHistoryFile = NULL; /* Finally, free the instance memory. */ RTMemFree(pThis); } DECL_HIDDEN_CALLBACK(int) dbgcKdStubRunloop(PUVM pUVM, PCDBGCIO pIo, unsigned fFlags) { /* * Validate input. */ AssertPtrNullReturn(pUVM, VERR_INVALID_VM_HANDLE); PVM pVM = NULL; if (pUVM) { pVM = VMR3GetVM(pUVM); AssertPtrReturn(pVM, VERR_INVALID_VM_HANDLE); } /* * Allocate and initialize instance data */ PKDCTX pThis; int rc = dbgcKdCtxCreate(&pThis, pIo, fFlags); if (RT_FAILURE(rc)) return rc; if (!HMR3IsEnabled(pUVM) && !NEMR3IsEnabled(pUVM)) pThis->Dbgc.hDbgAs = DBGF_AS_RC_AND_GC_GLOBAL; /* * Attach to the specified VM. */ if (RT_SUCCESS(rc) && pUVM) { rc = DBGFR3Attach(pUVM); if (RT_SUCCESS(rc)) { pThis->Dbgc.pVM = pVM; pThis->Dbgc.pUVM = pUVM; pThis->Dbgc.idCpu = 0; } else rc = pThis->Dbgc.CmdHlp.pfnVBoxError(&pThis->Dbgc.CmdHlp, rc, "When trying to attach to VM %p\n", pThis->Dbgc.pVM); } /* * Load plugins. */ if (RT_SUCCESS(rc)) { if (pVM) DBGFR3PlugInLoadAll(pThis->Dbgc.pUVM); dbgcEventInit(&pThis->Dbgc); /* * Run the debugger main loop. */ rc = dbgcKdRun(pThis); dbgcEventTerm(&pThis->Dbgc); } /* * Cleanup console debugger session. */ dbgcKdCtxDestroy(pThis); return rc == VERR_DBGC_QUIT ? VINF_SUCCESS : rc; }