Skip to content

Commit

Permalink
remote exception pointers
Browse files Browse the repository at this point in the history
  • Loading branch information
@xiaopengli89
xiaopengli89 committed Dec 19, 2024
1 parent 6c5077a commit 0f0aa6c
Show file tree
Hide file tree
Showing 2 changed files with 87 additions and 6 deletions.
1 change: 1 addition & 0 deletions Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ windows = { version = "0.58.0", features = [
"Win32_System_Threading",
"Win32_System_Kernel",
"Win32_Security",
"Win32_System_Memory",
] }

[profile.release]
Expand Down
92 changes: 86 additions & 6 deletions src/windows.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,10 @@ use std::{
ptr,
};
use windows::{
core::PCWSTR,
core::{Free, PCWSTR},
Win32::{
Foundation, Security,
System::{Diagnostics::Debug, Threading},
System::{Diagnostics::Debug, Memory, Threading},
},
};

Expand All @@ -34,6 +34,7 @@ pub unsafe fn inspect(pid: i32, catch_exit: bool, output: &mut File) {
)
.unwrap();
let mut ctx: crash_context::CONTEXT = mem::zeroed();
// TODO: wow64
ctx.ContextFlags = Debug::CONTEXT_FULL_AMD64.0;
Debug::GetThreadContext(thread_h, &mut ctx as *mut _ as _).unwrap();

Expand All @@ -42,10 +43,11 @@ pub unsafe fn inspect(pid: i32, catch_exit: bool, output: &mut File) {
process_id: event.dwProcessId,
thread_id: event.dwThreadId,
exception_code: event.u.Exception.ExceptionRecord.ExceptionCode.0,
exception_pointers: &mut crash_context::EXCEPTION_POINTERS {
ExceptionRecord: &mut event.u.Exception.ExceptionRecord as *mut _ as _,
ContextRecord: &mut ctx,
},
exception_pointers: transfer_remote_exception_pointers(
process_id,
&event.u.Exception.ExceptionRecord,
&ctx,
) as _,
},
None,
output,
Expand Down Expand Up @@ -81,6 +83,84 @@ pub unsafe fn inspect(pid: i32, catch_exit: bool, output: &mut File) {
}
}

// TODO: wow64
fn transfer_remote_exception_pointers(
process_id: u32,
record: &Debug::EXCEPTION_RECORD,
context: &crash_context::CONTEXT,
) -> *mut Debug::EXCEPTION_POINTERS {
unsafe {
let mut h = Threading::OpenProcess(
Threading::PROCESS_VM_OPERATION | Threading::PROCESS_VM_WRITE,
false,
process_id,
)
.unwrap();

let record_size = mem::size_of_val(record);
let record_remote_ptr = Memory::VirtualAllocEx(
h,
None,
record_size,
Memory::MEM_COMMIT | Memory::MEM_RESERVE,
Memory::PAGE_READWRITE,
);
assert!(!record_remote_ptr.is_null());
Debug::WriteProcessMemory(
h,
record_remote_ptr,
record as *const _ as _,
record_size,
None,
)
.unwrap();

let context_size = mem::size_of_val(context);
let context_remote_ptr = Memory::VirtualAllocEx(
h,
None,
context_size,
Memory::MEM_COMMIT | Memory::MEM_RESERVE,
Memory::PAGE_READWRITE,
);
assert!(!context_remote_ptr.is_null());
Debug::WriteProcessMemory(
h,
context_remote_ptr,
context as *const _ as _,
context_size,
None,
)
.unwrap();

let exception_pointers = Debug::EXCEPTION_POINTERS {
ExceptionRecord: record_remote_ptr as _,
ContextRecord: context_remote_ptr as _,
};
let exception_pointers_size = mem::size_of_val(&exception_pointers);
let exception_pointers_remote_ptr = Memory::VirtualAllocEx(
h,
None,
exception_pointers_size,
Memory::MEM_COMMIT | Memory::MEM_RESERVE,
Memory::PAGE_READWRITE,
);
assert!(!exception_pointers_remote_ptr.is_null());
Debug::WriteProcessMemory(
h,
exception_pointers_remote_ptr,
&exception_pointers as *const _ as _,
exception_pointers_size,
None,
)
.unwrap();

h.free();

exception_pointers_remote_ptr as _
}
}

fn enable_privileges(name: PCWSTR) {
unsafe {
let mut token_handle: Foundation::HANDLE = mem::zeroed();
Expand Down

0 comments on commit 0f0aa6c

Please sign in to comment.