tstNtQueryStuff.cpp revision 4a5c50434419b6801a8546f1a6b1603d96d809d7
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync * SUP Testcase - Exploring some NT Query APIs.
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync * Copyright (C) 2006-2012 Oracle Corporation
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync * This file is part of VirtualBox Open Source Edition (OSE), as
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync * available from http://www.virtualbox.org. This file is free software;
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync * you can redistribute it and/or modify it under the terms of the GNU
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync * General Public License (GPL) as published by the Free Software
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync * Foundation, in version 2 as it comes in the "COPYING" file of the
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync * The contents of this file may alternatively be used under the terms
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync * of the Common Development and Distribution License Version 1.0
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync * VirtualBox OSE distribution, in which case the provisions of the
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync * CDDL are applicable instead of those of the GPL.
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync * You may elect to license modified versions of this file under the
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync * terms and conditions of either the GPL or the CDDL or both.
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync/*******************************************************************************
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync* Header Files *
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync*******************************************************************************/
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsynctypedef enum
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsynctypedef struct
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsyncNTSYSAPI NTSTATUS NTAPI NtQueryVirtualMemory(IN HANDLE hProcess,
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync#define ProcessWow64Information ((PROCESSINFOCLASS)26)
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync#define ProcessDebugObjectHandle ((PROCESSINFOCLASS)30)
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync#define ProcessImageFileNameWin32 ((PROCESSINFOCLASS)43)
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync#define ProcessImageFileMapping ((PROCESSINFOCLASS)44)
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync/*******************************************************************************
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync* Structures and Typedefs *
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync*******************************************************************************/
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsynctypedef struct FLAGDESC
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync const char *psz;
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync/*******************************************************************************
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync* Global Variables *
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync*******************************************************************************/
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsyncstatic char *stringifyAppend(char *pszBuf, size_t *pcbBuf, const char *pszAppend, bool fWithSpace)
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsyncstatic char *stringifyAppendUnknownFlags(uint32_t fFlags, char *pszBuf, size_t *pcbBuf, bool fWithSpace)
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync RTStrPrintf(szTmp, sizeof(szTmp), "BIT(%d)", iBit);
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync pszBuf = stringifyAppend(pszBuf, pcbBuf, szTmp, fWithSpace);
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsyncstatic char *stringifyFlags(uint32_t fFlags, char *pszBuf, size_t cbBuf, PCFLAGDESC paFlagDesc, size_t cFlagDesc)
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync pszBuf = stringifyAppend(pszBuf, &cbBuf, paFlagDesc[i].psz, pszBuf != pszBufStart);
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync stringifyAppendUnknownFlags(fFlags, pszBuf, &cbBuf, pszBuf != pszBufStart);
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsyncstatic char *stringifyMemType(uint32_t fType, char *pszBuf, size_t cbBuf)
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync return stringifyFlags(fType, pszBuf, cbBuf, s_aMemTypes, RT_ELEMENTS(s_aMemTypes));
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsyncstatic char *stringifyMemState(uint32_t fState, char *pszBuf, size_t cbBuf)
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync return stringifyFlags(fState, pszBuf, cbBuf, s_aMemStates, RT_ELEMENTS(s_aMemStates));
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsyncstatic char *stringifyMemProt(uint32_t fProt, char *pszBuf, size_t cbBuf)
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync return stringifyFlags(fProt, pszBuf, cbBuf, s_aProtections, RT_ELEMENTS(s_aProtections));
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsyncstatic void tstQueryVirtualMemory(void)
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync MEMORY_BASIC_INFORMATION MemInfo = { 0, 0, 0, 0, 0, 0, 0 };
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync (void const *)uPtrWhere,
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync RTTestIPrintf(RTTESTLVL_ALWAYS, "%p: rcNt=%#x\n", uPtrWhere, rcNt);
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync /* stringify the memory state. */
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync RTTestIPrintf(RTTESTLVL_ALWAYS, "%p-%p %-8s %-8s %-12s",
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync MemInfo.BaseAddress, (uintptr_t)MemInfo.BaseAddress + MemInfo.RegionSize - 1,
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync stringifyMemType(MemInfo.Type, szMemType, sizeof(szMemType)),
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync stringifyMemState(MemInfo.State, szMemState, sizeof(szMemState)),
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync stringifyMemProt(MemInfo.Protect, szMemProt, sizeof(szMemProt))
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync RTTestIPrintf(RTTESTLVL_ALWAYS, " %p", MemInfo.AllocationBase);
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync RTTestIPrintf(RTTESTLVL_ALWAYS, " %s", stringifyMemProt(MemInfo.AllocationProtect, szAllocProt, sizeof(szAllocProt)));
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync RTTestIPrintf(RTTESTLVL_ALWAYS, " !Warning! Queried %p got BaseAddress=%p!\n",
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync /* Image or mapped, then try get a file name. */
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync if (MemInfo.Type == MEM_IMAGE || MemInfo.Type == MEM_MAPPED)
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync WCHAR awcPadding[UNICODE_STRING_MAX_CHARS + (sizeof(UNICODE_STRING_MAX_CHARS) + 1) / sizeof(WCHAR)];
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync uBuf.Core.SectionFileName.Length = UNICODE_STRING_MAX_CHARS * 2;
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync uBuf.Core.SectionFileName.MaximumLength = UNICODE_STRING_MAX_CHARS * 2;
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync uBuf.Core.SectionFileName.Buffer = &uBuf.Core.NameBuffer[0];
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync (void const *)uPtrWhere,
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync uBuf.Core.SectionFileName.Length / 2, uBuf.Core.SectionFileName.Buffer);
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync RTTestIPrintf(RTTESTLVL_ALWAYS, "%p: MemorySectionName - rcNt=%#x\n", uPtrWhere, rcNt);
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync RTTESTI_CHECK(rcNt == STATUS_FILE_INVALID && MemInfo.Type == MEM_MAPPED);
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync /* Advance. */
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync //cbAdvance = 0;
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync /* Basic info */
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync RTTESTI_CHECK_MSG(NT_SUCCESS(rcNt), ("rcNt=%#x\n", rcNt));
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync " UniqueProcessId = %#x (%6d)\n"
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync " PebBaseAddress = %p\n"
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync " Reserved1 = %p ExitStatus?\n"
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync " Reserved2a = %p AffinityMask?\n"
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync " Reserved2b = %p (%6d) BasePriority?\n"
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync " Reserved3 = %p (%6d) InheritedFromUniqueProcessId?\n"
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync BasicInfo.UniqueProcessId, BasicInfo.UniqueProcessId,
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync /* Debugger present? */
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync RTTESTI_CHECK_MSG(NT_SUCCESS(rcNt), ("rcNt=%#x\n", rcNt));
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync RTTestIPrintf(RTTESTLVL_ALWAYS, "ProcessDebugPort: %p\n", uPtr);
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync /* Debug object handle, whatever that is... */
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync RTTestIPrintf(RTTESTLVL_ALWAYS, "ProcessDebugObjectHandle: %p\n", uPtr);
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync RTTestIPrintf(RTTESTLVL_ALWAYS, "ProcessDebugObjectHandle: rcNt=%#x (STATUS_PORT_NOT_SET)\n", uPtr);
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync RTTESTI_CHECK_MSG(NT_SUCCESS(rcNt), ("rcNt=%#x\n", rcNt));
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync /* 32-bit app on 64-bit host? */
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync RTTESTI_CHECK_MSG(NT_SUCCESS(rcNt), ("rcNt=%#x\n", rcNt));
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync RTTestIPrintf(RTTESTLVL_ALWAYS, "ProcessWow64Information: %p\n", uPtr);
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync /* Process image name (NT). */
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync StrBuf.UniStr.Length = UNICODE_STRING_MAX_CHARS * 2;
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync StrBuf.UniStr.MaximumLength = UNICODE_STRING_MAX_CHARS * 2;
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync RTTESTI_CHECK_MSG(NT_SUCCESS(rcNt), ("rcNt=%#x\n", rcNt));
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync RTTestIPrintf(RTTESTLVL_ALWAYS, "ProcessImageFileName: len=%u\n %.*ls\n",
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync StrBuf.UniStr.Length, StrBuf.UniStr.Length, StrBuf.UniStr.Buffer);
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync /* Process image name (Win32). */
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync StrBuf.UniStr.Length = UNICODE_STRING_MAX_CHARS * 2;
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync StrBuf.UniStr.MaximumLength = UNICODE_STRING_MAX_CHARS * 2;
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync RTTESTI_CHECK_MSG(NT_SUCCESS(rcNt), ("rcNt=%#x\n", rcNt));
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync RTTestIPrintf(RTTESTLVL_ALWAYS, "ProcessImageFileNameWin32: len=%u\n %.*ls\n",
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync StrBuf.UniStr.Length, StrBuf.UniStr.Length, StrBuf.UniStr.Buffer);
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync /* Process image mapping. */
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync RTTestIPrintf(RTTESTLVL_ALWAYS, "ProcessImageFileMapping: %p\n", uPtr);
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync RTTestIPrintf(RTTESTLVL_ALWAYS, "ProcessImageFileMapping: rcNt=%#x (STATUS_OBJECT_TYPE_MISMATCH)\n", rcNt);
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync RTTestIFailed("ProcessImageFileMapping: rcNt=%#x\n", rcNt);
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync /* Handles. Broken for 64-bit input. */
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync RTTestIPrintf(RTTESTLVL_ALWAYS, "ProcessHandleCount: %#x (%d)\n", u32, u32);
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync RTTestIFailed("ProcessHandleCount: rcNt=%#x\n", rcNt);
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync /* Execute flags. */
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync#if 0 /* fails... wrong process handle? */
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync RTTestIPrintf(RTTESTLVL_ALWAYS, "ProcessExecuteFlags: %#p\n", u32);
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync RTTestIFailed("ProcessExecuteFlags: rcNt=%#x\n", rcNt);
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync /** @todo ProcessImageInformation */
739d6ae13d627830974df4bfba63c1d5fab987b7vboxsync RTEXITCODE rcExit = RTTestInitAndCreate("tstNtQueryStuff", &g_hTest);
4a5c50434419b6801a8546f1a6b1603d96d809d7vboxsync //tstQueryVirtualMemory();