blob: 15440d9613aac492dd4889b5fee6637f22717441 [file] [log] [blame]
$$ **********************************************************
$$ Copyright (c) 2011-2013 Google, Inc. All rights reserved.
$$ **********************************************************
$$ Redistribution and use in source and binary forms, with or without
$$ modification, are permitted provided that the following conditions are met:
$$
$$ * Redistributions of source code must retain the above copyright notice,
$$ this list of conditions and the following disclaimer.
$$
$$ * Redistributions in binary form must reproduce the above copyright notice,
$$ this list of conditions and the following disclaimer in the documentation
$$ and/or other materials provided with the distribution.
$$
$$ * Neither the name of Google, Inc. nor the names of its contributors may be
$$ used to endorse or promote products derived from this software without
$$ specific prior written permission.
$$
$$ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
$$ AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
$$ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
$$ ARE DISCLAIMED. IN NO EVENT SHALL VMWARE, INC. OR CONTRIBUTORS BE LIABLE
$$ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
$$ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
$$ SERVICES LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION) HOWEVER
$$ CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
$$ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
$$ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
$$ DAMAGE.
$$ Loads symbols for DynamoRIO and all libraries loaded by its private loader.
$$ For use in 64-bit windbg on a 32-bit WOW64 process.
$$ The 32-bit ntdll used to show up as "ntdll32" but now it seems to be
$$ "ntdll_<base>" so we search for it. We skip the 5 tokens after addr.
.foreach /ps 5 (loc { x ntdll_*!KiUserCallbackDispatcher}) { r $t0= loc }
r $t0=(dwo(@$t0+1) + @$t0+5)
$$ Truncate to support WOW64 usage
r $t0=(@$t0 & 0xffffffff)
r $t1=((dwo(@$t0+1) + @$t0+5) & 0xfffff000)
$$ Check magic values to avoid executing random command w/o DynamoRIO
.if (dwo(@$t1) = b1d2ae58) {
.if (dwo(@$t1 + 4) = ca50c356) {
.if (dwo(@$t1 + 8) = 63000089) {
.if (dwo(@$t1 + c) = 3fa898f0) {
aS /c ${/v:loadpriv} .printf "%ma", @$t1 + 2c
.block { ${loadpriv} }
ad ${/v:loadpriv}
} .else {
.echo "DynamoRIO not detected"
}
} .else {
.echo "DynamoRIO not detected"
}
} .else {
.echo "DynamoRIO not detected"
}
} .else {
.echo "DynamoRIO not detected"
}