1    :  // Copyright 2015 Google Inc. All Rights Reserved.
   2    :  //
   3    :  // Licensed under the Apache License, Version 2.0 (the "License");
   4    :  // you may not use this file except in compliance with the License.
   5    :  // You may obtain a copy of the License at
   6    :  //
   7    :  //     http://www.apache.org/licenses/LICENSE-2.0
   8    :  //
   9    :  // Unless required by applicable law or agreed to in writing, software
  10    :  // distributed under the License is distributed on an "AS IS" BASIS,
  11    :  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12    :  // See the License for the specific language governing permissions and
  13    :  // limitations under the License.
  14    :  
  15    :  #include "syzygy/refinery/analyzers/module_analyzer.h"
  16    :  
  17    :  #include <dbghelp.h>
  18    :  
  19    :  #include <string>
  20    :  #include <vector>
  21    :  
  22    :  #include "base/memory/scoped_ptr.h"
  23    :  #include "base/strings/utf_string_conversions.h"
  24    :  #include "syzygy/refinery/process_state/process_state_util.h"
  25    :  #include "syzygy/refinery/process_state/refinery.pb.h"
  26    :  
  27    :  namespace refinery {
  28    :  
  29    :  // static
  30    :  const char ModuleAnalyzer::kModuleAnalyzerName[] = "ModuleAnalyzer";
  31    :  
  32    :  Analyzer::AnalysisResult ModuleAnalyzer::Analyze(
  33    :      const minidump::Minidump& minidump,
  34  E :      ProcessState* process_state) {
  35  E :    DCHECK(process_state != nullptr);
  36    :  
  37    :    // Retrieve the unique module list stream.
  38    :    minidump::Minidump::Stream module_list =
  39  E :        minidump.FindNextStream(nullptr, ModuleListStream);
  40  E :    if (!module_list.IsValid())
  41  i :      return ANALYSIS_ERROR;
  42    :    minidump::Minidump::Stream offending_list =
  43  E :        minidump.FindNextStream(&module_list, ModuleListStream);
  44  E :    if (offending_list.IsValid())
  45  i :      return ANALYSIS_ERROR;
  46    :  
  47  E :    ULONG32 num_modules = 0;
  48  E :    if (!module_list.ReadElement(&num_modules))
  49  i :      return ANALYSIS_ERROR;
  50    :  
  51  E :    ModuleLayerAccessor layer_accessor(process_state);
  52    :  
  53  E :    for (size_t i = 0; i < num_modules; ++i) {
  54  E :      MINIDUMP_MODULE module = {};
  55  E :      if (!module_list.ReadElement(&module))
  56  i :        return ANALYSIS_ERROR;
  57    :  
  58  E :      AddressRange range(module.BaseOfImage, module.SizeOfImage);
  59  E :      if (!range.IsValid())
  60  i :        return ANALYSIS_ERROR;
  61    :  
  62    :      // Determine module's name.
  63  E :      MINIDUMP_LOCATION_DESCRIPTOR name_location = {};
  64    :      name_location.DataSize =
  65  E :          static_cast<ULONG32>(-1);  // Note: actual size is in the stream.
  66  E :      name_location.Rva = module.ModuleNameRva;
  67    :      minidump::Minidump::Stream name_stream =
  68  E :          minidump.GetStreamFor(name_location);
  69  E :      DCHECK(name_stream.IsValid());
  70  E :      std::wstring module_name;
  71  E :      if (!name_stream.ReadString(&module_name))
  72  i :        return ANALYSIS_ERROR;
  73    :  
  74    :      // TODO(manzagop): get version / debug info by also reading VersionInfo,
  75    :      // CvRecord and MiscRecord.
  76    :  
  77    :      layer_accessor.AddModuleRecord(range, module.CheckSum, module.TimeDateStamp,
  78  E :                                     module_name);
  79  E :    }
  80    :  
  81  E :    return ANALYSIS_COMPLETE;
  82  E :  }
  83    :  
  84    :  }  // namespace refinery