From 2efc087cd4f70c07523b82941259a5d2597b4460 Mon Sep 17 00:00:00 2001 From: Jari Vetoniemi Date: Thu, 18 Oct 2018 21:37:02 +0300 Subject: Add some tools --- contrib/brute-map.bash | 16 ++++++++++++++++ contrib/winedbg-map | 10 ++++++++++ contrib/winedbg-pid | 4 ++++ contrib/winedbg-procmap | 18 ++++++++++++++++++ contrib/winedbg-share | 10 ++++++++++ 5 files changed, 58 insertions(+) create mode 100755 contrib/brute-map.bash create mode 100755 contrib/winedbg-map create mode 100755 contrib/winedbg-pid create mode 100755 contrib/winedbg-procmap create mode 100755 contrib/winedbg-share (limited to 'contrib') diff --git a/contrib/brute-map.bash b/contrib/brute-map.bash new file mode 100755 index 0000000..a7a735c --- /dev/null +++ b/contrib/brute-map.bash @@ -0,0 +1,16 @@ +#!/bin/bash +# usage: ./brute-map.bash pid file [window-size] +# Sometimes region offsets aren't available, but we know that some regions map a file +# Fix the region offsets by bruteforcing the offsets from a known file +while read -r region; do + offset=$(printf '%d' "0x$(awk '{print $3}' <<<"$region")") + if ((offset == 0)); then + offset=$(binsearch <(proc-region-rw "$1" read <<<"$region" 2>/dev/null | bintrim) $3 < "$2") + fi + if ((offset != 0)); then + hex=$(printf '%.8x' "$offset") + awk '{printf "%s %s %s %s %s %s\n", $1, $2, "'"$hex"'", $4, $5, $6, $7}' <<<"$region" + else + printf '%s\n' "$region" + fi +done diff --git a/contrib/winedbg-map b/contrib/winedbg-map new file mode 100755 index 0000000..d257c64 --- /dev/null +++ b/contrib/winedbg-map @@ -0,0 +1,10 @@ +#!/bin/sh +# usage: winedbg-map wpid +# Get windows process map information + +# --file doesn't work for some reason +winedbg << EOF | sed 's/Wine-dbg>//g' | tail -n +3 +attach $1 +info map +detach +EOF diff --git a/contrib/winedbg-pid b/contrib/winedbg-pid new file mode 100755 index 0000000..0c04115 --- /dev/null +++ b/contrib/winedbg-pid @@ -0,0 +1,4 @@ +#!/bin/sh +# usage: winedbg-pid process-name +# Get windows process id with process name +winedbg --command 'info process' | awk '/'"${@:-0xdeadbeef}"'/ { print strtonum("0x"$1) }' diff --git a/contrib/winedbg-procmap b/contrib/winedbg-procmap new file mode 100755 index 0000000..3922150 --- /dev/null +++ b/contrib/winedbg-procmap @@ -0,0 +1,18 @@ +#!/bin/sh +# usage: winedbg-procmap wpid +# Convert winedbg's share and map information into /proc//maps compatible format +# NOTE: since there's no map offsets you may need to use the brute-map.bash tool as well + +tmpdir="$(mktemp -d)" +trap 'rm -rf "$tmpdir"' EXIT +winedbg-share "$1" > "$tmpdir/share" +winedbg-map "$1" > "$tmpdir/map" + +awk '{print substr($2, 1, length($2)-1); print $3; print $5}' < "$tmpdir/share" |\ +while { + read -r start + read -r end + read -r name +}; do + awk '(strtonum(0x'"$start"') <= strtonum("0x"$1) && strtonum(0x'"$end"') >= strtonum("0x"$2)) { printf "%s-%s rwxp 00000000 00:00 0 %s\n", $1, $2, "'"$name"'" }' < "$tmpdir/map" +done diff --git a/contrib/winedbg-share b/contrib/winedbg-share new file mode 100755 index 0000000..66dc8ff --- /dev/null +++ b/contrib/winedbg-share @@ -0,0 +1,10 @@ +#!/bin/sh +# usage: winedbg-share wpid +# Get windows process share information + +# --file doesn't work for some reason +winedbg << EOF | sed 's/Wine-dbg>//g' | tail -n +3 +attach $1 +info share +detach +EOF -- cgit v1.2.3