1    :  // Copyright 2016 Google Inc. All Rights Reserved.
   2    :  //
   3    :  // Licensed under the Apache License, Version 2.0 (the "License");
   4    :  // you may not use this file except in compliance with the License.
   5    :  // You may obtain a copy of the License at
   6    :  //
   7    :  //     http://www.apache.org/licenses/LICENSE-2.0
   8    :  //
   9    :  // Unless required by applicable law or agreed to in writing, software
  10    :  // distributed under the License is distributed on an "AS IS" BASIS,
  11    :  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12    :  // See the License for the specific language governing permissions and
  13    :  // limitations under the License.
  14    :  
  15    :  #include "syzygy/refinery/analyzers/teb_analyzer.h"
  16    :  
  17    :  #include <winnt.h>
  18    :  #include <winternl.h>  // For _TEB.
  19    :  
  20    :  #include <vector>
  21    :  
  22    :  #include "gtest/gtest.h"
  23    :  #include "syzygy/common/unittest_util.h"
  24    :  #include "syzygy/refinery/unittest_util.h"
  25    :  #include "syzygy/refinery/analyzers/analysis_runner.h"
  26    :  #include "syzygy/refinery/analyzers/analyzer_util.h"
  27    :  #include "syzygy/refinery/analyzers/memory_analyzer.h"
  28    :  #include "syzygy/refinery/analyzers/module_analyzer.h"
  29    :  #include "syzygy/refinery/process_state/process_state.h"
  30    :  #include "syzygy/refinery/process_state/process_state_util.h"
  31    :  #include "syzygy/refinery/symbols/symbol_provider.h"
  32    :  
  33  m :  namespace refinery {
  34    :  
  35  m :  namespace {
  36    :  
  37  m :  bool AnalyzeMinidump(const base::FilePath& minidump_path,
  38  m :                       ProcessState* process_state) {
  39  m :    minidump::FileMinidump minidump;
  40  m :    if (!minidump.Open(minidump_path))
  41  m :      return false;
  42    :  
  43  m :    AnalysisRunner runner;
  44  m :    runner.AddAnalyzer(
  45  m :        std::move(std::unique_ptr<Analyzer>(new refinery::MemoryAnalyzer())));
  46  m :    runner.AddAnalyzer(
  47  m :        std::move(std::unique_ptr<Analyzer>(new refinery::ModuleAnalyzer())));
  48  m :    runner.AddAnalyzer(
  49  m :        std::move(std::unique_ptr<Analyzer>(new refinery::TebAnalyzer())));
  50    :  
  51  m :    SimpleProcessAnalysis analysis(process_state);
  52  m :    analysis.set_symbol_provider(new SymbolProvider());
  53    :  
  54  m :    return runner.Analyze(minidump, analysis) == Analyzer::ANALYSIS_COMPLETE;
  55  m :  }
  56    :  
  57  m :  class TebAnalyzerTest : public testing::Test {
  58  m :   public:
  59  m :    void SetUp() override {
  60  m :      ASSERT_NO_FATAL_FAILURE(testing::Test::SetUp());
  61  m :      ASSERT_TRUE(scoped_symbol_path_.Setup());
  62  m :    }
  63    :  
  64  m :   private:
  65  m :    testing::ScopedSymbolPath scoped_symbol_path_;
  66  m :  };
  67    :  
  68  m :  }  // namespace
  69    :  
  70  m :  TEST_F(TebAnalyzerTest, AnalyzeTeb) {
  71  m :    testing::ScopedMinidump minidump;
  72    :  
  73  m :    ASSERT_TRUE(
  74  m :        minidump.GenerateMinidump(testing::ScopedMinidump::kMinidumpWithData));
  75    :  
  76  m :    ProcessState process_state;
  77  m :    ASSERT_TRUE(AnalyzeMinidump(minidump.minidump_path(), &process_state));
  78    :  
  79  m :    TypedBlockLayerPtr typed_block_layer;
  80  m :    ASSERT_TRUE(process_state.FindLayer(&typed_block_layer));
  81    :  
  82  m :    Address teb_addr = reinterpret_cast<Address>(NtCurrentTeb());
  83  m :    std::vector<TypedBlockRecordPtr> blocks;
  84  m :    typed_block_layer->GetRecordsAt(teb_addr, &blocks);
  85  m :    ASSERT_EQ(1u, blocks.size());
  86    :  
  87  m :    TypedBlockRecordPtr teb_block = blocks[0];
  88  m :    EXPECT_EQ("_TEB", teb_block->data().data_name());
  89    :    // The winternl.h TEB declaration exposes a subset of the structure.
  90  m :    EXPECT_LE(sizeof(_TEB), teb_block->range().size());
  91  m :  }
  92    :  
  93  m :  }  // namespace refinery