* Copyright (c) 2011-2019 Google, Inc. All rights reserved.
* Copyright (c) 2005-2008 VMware, Inc. All rights reserved.
* **********************************************************/
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* * Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* * Neither the name of VMware, Inc. nor the names of its contributors may be
* used to endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL VMWARE, INC. OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
* DAMAGE.
*/
* drmarker.h
*
* shared between core/gui nodemgr, functions to tell if a process is running
* under dr and pass information out of the running process
*/
#ifndef _DRMARKER_H_
#define _DRMARKER_H_
#ifdef __cplusplus
extern "C" {
#endif
#define L_DR_MARKER_HOOKED_DLL L"ntdll.dll"
#ifdef UNICODE
# define DR_MARKER_HOOKED_DLL L_DR_MARKER_HOOKED_DLL
#else
# define DR_MARKER_HOOKED_DLL "ntdll.dll"
#endif
#define DR_MARKER_HOOKED_FUNCTION KiUserCallbackDispatcher
#define DR_MARKER_HOOKED_FUNCTION_ARGS \
(IN PVOID Unknown1, IN PVOID Unknown2, IN PVOID Unknown3)
#define DR_MARKER_HOOKED_FUNCTION_STRING STRINGIFY(DR_MARKER_HOOKED_FUNCTION)
enum {
DR_MARKER_RELEASE_BUILD = 0x1,
DR_MARKER_DEBUG_BUILD = 0x2,
DR_MARKER_PROFILE_BUILD = 0x4,
DR_MARKER_BUILD_TYPES =
DR_MARKER_RELEASE_BUILD | DR_MARKER_DEBUG_BUILD | DR_MARKER_PROFILE_BUILD
};
#define DR_MARKER_VERSION_1 1
#define DR_MARKER_VERSION_2 2
* marker location code to work.
*/
#define WINDBG_CMD_MAX_LEN 3072
* should only be field addtions. NO DELETIONS ALLOWED; to obsolete
* fields fill it with an invalid value. Also, each change should
* result in the DR_MARKER_VERSION_CURRENT being increased.
* FIXME: use size to denote a newer structures in future; same issue needs to
* be handled for hotp_policy_status_table.
*/
struct _dr_statistics_t;
typedef struct _dr_marker_t {
uint magic1;
uint magic2;
uint magic3;
uint magic4;
uint flags;
uint build_num;
uint dr_marker_version;
void *dr_base_addr;
void *dr_generic_nudge_target;
void *dr_hotp_policy_status_table;
struct _dr_statistics_t *stats;
* tools/windbg-scripts/load_syms hardcodes the offset of this field.
*/
char windbg_cmds[WINDBG_CMD_MAX_LEN];
* into DR are added */
} dr_marker_t;
enum { DR_MARKER_FOUND = 0, DR_MARKER_NOT_FOUND = 1, DR_MARKER_ERROR = 2 };
int
read_and_verify_dr_marker(HANDLE process, dr_marker_t *marker);
#ifndef X64
int
read_and_verify_dr_marker_64(HANDLE process, dr_marker_t *marker);
#endif
bool
dr_marker_verify(HANDLE process, dr_marker_t *marker);
#if !defined(NOT_DYNAMORIO_CORE) && !defined(NOT_DYNAMORIO_CORE_PROPER)
void
init_dr_marker(dr_marker_t *marker);
#endif
#ifdef __cplusplus
}
#endif
#endif