From e0cdfe3c14b2aa55422fb02ba4c32e644d953d69 Mon Sep 17 00:00:00 2001 From: Hannes Domani Date: Mon, 23 Dec 2019 16:38:13 +0100 Subject: [PATCH] Add type for $_tlb->process_environment_block->process_parameters The type then looks like this: (gdb) pt $_tlb->process_environment_block->process_parameters type = struct rtl_user_process_parameters { DWORD32 maximum_length; DWORD32 length; DWORD32 flags; DWORD32 debug_flags; void *console_handle; DWORD32 console_flags; void *standard_input; void *standard_output; void *standard_error; unicode_string current_directory; void *current_directory_handle; unicode_string dll_path; unicode_string image_path_name; unicode_string command_line; void *environment; DWORD32 starting_x; DWORD32 starting_y; DWORD32 count_x; DWORD32 count_y; DWORD32 count_chars_x; DWORD32 count_chars_y; DWORD32 fill_attribute; DWORD32 window_flags; DWORD32 show_window_flags; unicode_string window_title; unicode_string desktop_info; unicode_string shell_info; unicode_string runtime_data; } * It's mainly useful to get the current directory, or the full command line: (gdb) p $_tlb->process_environment_block->process_parameters->current_directory $1 = { length = 26, maximum_length = 520, buffer = 0xe36c8 L"C:\\src\\tests\\" } (gdb) p $_tlb->process_environment_block->process_parameters->command_line $2 = { length = 94, maximum_length = 96, buffer = 0xe32aa L"\"C:\\gdb\\build64\\gdb-git\\gdb\\gdb.exe\" access.exe" } The type names are all lowercase because the existing types created by windows_get_tlb_type are also lowercase. Type unicode_string is documented at [1]. The official documentation [2] for rtl_user_process_parameters is limited, so I've used this other page [3]. [1] https://docs.microsoft.com/en-us/windows/win32/api/ntdef/ns-ntdef-_unicode_string [2] https://docs.microsoft.com/en-us/windows/win32/api/winternl/ns-winternl-rtl_user_process_parameters [3] https://www.nirsoft.net/kernel_struct/vista/RTL_USER_PROCESS_PARAMETERS.html gdb/ChangeLog: 2020-01-16 Hannes Domani * windows-tdep.c (windows_get_tlb_type): Add rtl_user_process_parameters type. --- gdb/ChangeLog | 5 ++++ gdb/windows-tdep.c | 61 +++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 65 insertions(+), 1 deletion(-) diff --git a/gdb/ChangeLog b/gdb/ChangeLog index fe8972e47f0..cc3a43cf2d7 100644 --- a/gdb/ChangeLog +++ b/gdb/ChangeLog @@ -1,3 +1,8 @@ +2020-01-16 Hannes Domani + + * windows-tdep.c (windows_get_tlb_type): + Add rtl_user_process_parameters type. + 2020-01-16 Pedro Alves Norbert Lange diff --git a/gdb/windows-tdep.c b/gdb/windows-tdep.c index 12438e87af3..1fc27485818 100644 --- a/gdb/windows-tdep.c +++ b/gdb/windows-tdep.c @@ -165,6 +165,8 @@ windows_get_tlb_type (struct gdbarch *gdbarch) struct type *peb_type, *peb_ptr_type, *list_type; struct type *module_list_ptr_type; struct type *tib_type, *seh_type, *tib_ptr_type, *seh_ptr_type; + struct type *word_type, *wchar_type, *wchar_ptr_type; + struct type *uni_str_type, *rupp_type, *rupp_ptr_type; /* Do not rebuild type if same gdbarch as last time. */ if (last_tlb_type && last_gdbarch == gdbarch) @@ -174,7 +176,13 @@ windows_get_tlb_type (struct gdbarch *gdbarch) 1, "DWORD_PTR"); dword32_type = arch_integer_type (gdbarch, 32, 1, "DWORD32"); + word_type = arch_integer_type (gdbarch, 16, + 1, "WORD"); + wchar_type = arch_integer_type (gdbarch, 16, + 1, "wchar_t"); void_ptr_type = lookup_pointer_type (builtin_type (gdbarch)->builtin_void); + wchar_ptr_type = arch_pointer_type (gdbarch, gdbarch_ptr_bit (gdbarch), + NULL, wchar_type); /* list entry */ @@ -219,6 +227,57 @@ windows_get_tlb_type (struct gdbarch *gdbarch) NULL); TYPE_TARGET_TYPE (peb_ldr_ptr_type) = peb_ldr_type; + /* struct UNICODE_STRING */ + uni_str_type = arch_composite_type (gdbarch, "unicode_string", + TYPE_CODE_STRUCT); + + append_composite_type_field (uni_str_type, "length", word_type); + append_composite_type_field (uni_str_type, "maximum_length", word_type); + append_composite_type_field_aligned (uni_str_type, "buffer", + wchar_ptr_type, + TYPE_LENGTH (wchar_ptr_type)); + + /* struct _RTL_USER_PROCESS_PARAMETERS */ + rupp_type = arch_composite_type (gdbarch, "rtl_user_process_parameters", + TYPE_CODE_STRUCT); + + append_composite_type_field (rupp_type, "maximum_length", dword32_type); + append_composite_type_field (rupp_type, "length", dword32_type); + append_composite_type_field (rupp_type, "flags", dword32_type); + append_composite_type_field (rupp_type, "debug_flags", dword32_type); + append_composite_type_field (rupp_type, "console_handle", void_ptr_type); + append_composite_type_field (rupp_type, "console_flags", dword32_type); + append_composite_type_field_aligned (rupp_type, "standard_input", + void_ptr_type, + TYPE_LENGTH (void_ptr_type)); + append_composite_type_field (rupp_type, "standard_output", void_ptr_type); + append_composite_type_field (rupp_type, "standard_error", void_ptr_type); + append_composite_type_field (rupp_type, "current_directory", uni_str_type); + append_composite_type_field (rupp_type, "current_directory_handle", + void_ptr_type); + append_composite_type_field (rupp_type, "dll_path", uni_str_type); + append_composite_type_field (rupp_type, "image_path_name", uni_str_type); + append_composite_type_field (rupp_type, "command_line", uni_str_type); + append_composite_type_field (rupp_type, "environment", void_ptr_type); + append_composite_type_field (rupp_type, "starting_x", dword32_type); + append_composite_type_field (rupp_type, "starting_y", dword32_type); + append_composite_type_field (rupp_type, "count_x", dword32_type); + append_composite_type_field (rupp_type, "count_y", dword32_type); + append_composite_type_field (rupp_type, "count_chars_x", dword32_type); + append_composite_type_field (rupp_type, "count_chars_y", dword32_type); + append_composite_type_field (rupp_type, "fill_attribute", dword32_type); + append_composite_type_field (rupp_type, "window_flags", dword32_type); + append_composite_type_field (rupp_type, "show_window_flags", dword32_type); + append_composite_type_field_aligned (rupp_type, "window_title", + uni_str_type, + TYPE_LENGTH (void_ptr_type)); + append_composite_type_field (rupp_type, "desktop_info", uni_str_type); + append_composite_type_field (rupp_type, "shell_info", uni_str_type); + append_composite_type_field (rupp_type, "runtime_data", uni_str_type); + + rupp_ptr_type = arch_pointer_type (gdbarch, gdbarch_ptr_bit (gdbarch), + NULL, rupp_type); + /* struct process environment block */ peb_type = arch_composite_type (gdbarch, NULL, TYPE_CODE_STRUCT); @@ -229,7 +288,7 @@ windows_get_tlb_type (struct gdbarch *gdbarch) append_composite_type_field (peb_type, "mutant", void_ptr_type); append_composite_type_field (peb_type, "image_base_address", void_ptr_type); append_composite_type_field (peb_type, "ldr", peb_ldr_ptr_type); - append_composite_type_field (peb_type, "process_parameters", void_ptr_type); + append_composite_type_field (peb_type, "process_parameters", rupp_ptr_type); append_composite_type_field (peb_type, "sub_system_data", void_ptr_type); append_composite_type_field (peb_type, "process_heap", void_ptr_type); append_composite_type_field (peb_type, "fast_peb_lock", void_ptr_type); -- 2.30.2