| $$ ********************************************************** |
| $$ Copyright (c) 2011-2013 Google, Inc. All rights reserved. |
| $$ ********************************************************** |
| |
| $$ Redistribution and use in source and binary forms, with or without |
| $$ modification, are permitted provided that the following conditions are met: |
| $$ |
| $$ * Redistributions of source code must retain the above copyright notice, |
| $$ this list of conditions and the following disclaimer. |
| $$ |
| $$ * Redistributions in binary form must reproduce the above copyright notice, |
| $$ this list of conditions and the following disclaimer in the documentation |
| $$ and/or other materials provided with the distribution. |
| $$ |
| $$ * Neither the name of Google, Inc. nor the names of its contributors may be |
| $$ used to endorse or promote products derived from this software without |
| $$ specific prior written permission. |
| $$ |
| $$ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" |
| $$ AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| $$ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| $$ ARE DISCLAIMED. IN NO EVENT SHALL VMWARE, INC. OR CONTRIBUTORS BE LIABLE |
| $$ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| $$ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR |
| $$ SERVICES LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION) HOWEVER |
| $$ CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| $$ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| $$ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH |
| $$ DAMAGE. |
| |
| $$ Loads symbols for DynamoRIO and all libraries loaded by its private loader. |
| $$ For use in 64-bit windbg on a 32-bit WOW64 process. |
| |
| $$ The 32-bit ntdll used to show up as "ntdll32" but now it seems to be |
| $$ "ntdll_<base>" so we search for it. We skip the 5 tokens after addr. |
| .foreach /ps 5 (loc { x ntdll_*!KiUserCallbackDispatcher}) { r $t0= loc } |
| r $t0=(dwo(@$t0+1) + @$t0+5) |
| $$ Truncate to support WOW64 usage |
| r $t0=(@$t0 & 0xffffffff) |
| r $t1=((dwo(@$t0+1) + @$t0+5) & 0xfffff000) |
| |
| $$ Check magic values to avoid executing random command w/o DynamoRIO |
| .if (dwo(@$t1) = b1d2ae58) { |
| .if (dwo(@$t1 + 4) = ca50c356) { |
| .if (dwo(@$t1 + 8) = 63000089) { |
| .if (dwo(@$t1 + c) = 3fa898f0) { |
| aS /c ${/v:loadpriv} .printf "%ma", @$t1 + 2c |
| .block { ${loadpriv} } |
| ad ${/v:loadpriv} |
| } .else { |
| .echo "DynamoRIO not detected" |
| } |
| } .else { |
| .echo "DynamoRIO not detected" |
| } |
| } .else { |
| .echo "DynamoRIO not detected" |
| } |
| } .else { |
| .echo "DynamoRIO not detected" |
| } |