From 270282e9a465796005275ec27cf216d918209910 Mon Sep 17 00:00:00 2001 From: Jon Turney Date: Tue, 7 Jul 2020 20:54:27 +0100 Subject: [PATCH] Cygwin: Use MEMORY_WORKING_SET_EX_INFORMATION in dumper Use the (undocumented) MEMORY_WORKING_SET_EX_INFORMATION in dumper to determine if a MEM_IMAGE region is unsharable, and hence has been modified. After this, we will end up dumping memory regions where: - state is MEM_COMMIT (i.e. is not MEM_RESERVE or MEM_FREE), and -- type is MEM_PRIVATE and protection allows reads (i.e. not a guardpage), or -- type is MEM_IMAGE and attribute is non-sharable (i.e. it was WC, got written to, and is now a RW copy) --- winsup/doc/utils.xml | 8 ++--- winsup/utils/Makefile.in | 2 +- winsup/utils/dumper.cc | 63 ++++++++++++++++++++++++++++++++++++++-- 3 files changed, 65 insertions(+), 8 deletions(-) diff --git a/winsup/doc/utils.xml b/winsup/doc/utils.xml index 5f266bcb1..8b92bfdf1 100644 --- a/winsup/doc/utils.xml +++ b/winsup/doc/utils.xml @@ -524,11 +524,11 @@ error_start=x:\path\to\dumper.exe dumper exits, the target process is terminated too. To save space in the core dump, dumper doesn't - write those portions of target process' memory space that are loaded from - executable and dll files and are unchangeable, such as program code and - debug info. Instead, dumper saves paths to files which + write those portions of the target process's memory space that are loaded + from executable and dll files and are unchanged (e.g. program code). + Instead, dumper saves paths to the files which contain that data. When a core dump is loaded into gdb, it uses these - paths to load appropriate files. That means that if you create a core + paths to load the appropriate files. That means that if you create a core dump on one machine and try to debug it on another, you'll need to place identical copies of the executable and dlls in the same directories as on the machine where the core dump was created. diff --git a/winsup/utils/Makefile.in b/winsup/utils/Makefile.in index f9892fa1d..6bf4454c5 100644 --- a/winsup/utils/Makefile.in +++ b/winsup/utils/Makefile.in @@ -116,7 +116,7 @@ CYGWIN_BINS += dumper.exe dumper.o module_info.o: CXXFLAGS += -I$(top_srcdir)/include dumper.o: dumper.h dumper.exe: module_info.o -dumper.exe: CYGWIN_LDFLAGS += -lpsapi -lbfd -lintl -liconv -liberty ${ZLIB} +dumper.exe: CYGWIN_LDFLAGS += -lpsapi -lbfd -lintl -liconv -liberty ${ZLIB} -lntdll else all: warn_dumper endif diff --git a/winsup/utils/dumper.cc b/winsup/utils/dumper.cc index b96ee54cc..3af138b9e 100644 --- a/winsup/utils/dumper.cc +++ b/winsup/utils/dumper.cc @@ -266,6 +266,46 @@ void protect_dump(DWORD protect, char *buf) strcat (buf, pt[i]); } +typedef enum _MEMORY_INFORMATION_CLASS +{ + MemoryWorkingSetExInformation = 4, // MEMORY_WORKING_SET_EX_INFORMATION +} MEMORY_INFORMATION_CLASS; + +extern "C" +NTSTATUS +NtQueryVirtualMemory(HANDLE ProcessHandle, + LPVOID BaseAddress, + MEMORY_INFORMATION_CLASS MemoryInformationClass, + LPVOID MemoryInformation, + SIZE_T MemoryInformationLength, + SIZE_T *ReturnLength); + +typedef struct _MEMORY_WORKING_SET_EX_INFORMATION +{ + LPVOID VirtualAddress; + ULONG_PTR Long; +} MEMORY_WORKING_SET_EX_INFORMATION; + +#define MWSEI_ATTRIB_SHARED (0x1 << 15) + +static BOOL +getRegionAttributes(HANDLE hProcess, LPVOID address, DWORD &attribs) +{ + MEMORY_WORKING_SET_EX_INFORMATION mwsei = { address }; + NTSTATUS status = NtQueryVirtualMemory(hProcess, 0, + MemoryWorkingSetExInformation, + &mwsei, sizeof(mwsei), 0); + + if (!status) + { + attribs = mwsei.Long; + return TRUE; + } + + deb_printf("MemoryWorkingSetExInformation failed status %08x\n", status); + return FALSE; +} + int dumper::collect_memory_sections () { @@ -292,10 +332,27 @@ dumper::collect_memory_sections () int skip_region_p = 0; const char *disposition = "dumped"; - if ((mbi.Type & MEM_IMAGE) && !(mbi.Protect & (PAGE_EXECUTE_READWRITE | PAGE_READWRITE))) + if (mbi.Type & MEM_IMAGE) { - skip_region_p = 1; - disposition = "skipped due to non-writeable MEM_IMAGE"; + DWORD attribs = 0; + if (getRegionAttributes(hProcess, current_page_address, attribs)) + { + if (attribs & MWSEI_ATTRIB_SHARED) + { + skip_region_p = 1; + disposition = "skipped due to shared MEM_IMAGE"; + } + } + /* + The undocumented MemoryWorkingSetExInformation is allegedly + supported since XP, so should always succeed, but if it fails, + fallback to looking at region protection. + */ + else if (!(mbi.Protect & (PAGE_EXECUTE_READWRITE | PAGE_READWRITE))) + { + skip_region_p = 1; + disposition = "skipped due to non-writeable MEM_IMAGE"; + } } if (mbi.Protect & PAGE_NOACCESS)