subject:"\[Xen\-devel\] \[PATCH V2\] kdd.c\: Add support for initial handshake in KD protocol for Win 7, 8 and 10 \(64 bit\)"

RE: [Xen-devel] [PATCH V2] kdd.c: Add support for initial handshake in KD protocol for Win 7, 8 and 10 (64 bit)

2020-06-09 Thread Paul Durrant

De-htmling...

-
From: Xen-devel  On Behalf Of George 
Dunlap
Sent: 09 June 2020 15:42
To: Paul Durrant 
Cc: Wei Liu ; Tim Deegan ; Jenish Rakholiya 
; Ian Jackson ; Julian Tuminaro 
; George Dunlap ; xen-devel 
; Julian Tuminaro 
Subject: Re: [Xen-devel] [PATCH V2] kdd.c: Add support for initial handshake in 
KD protocol for Win 7, 8 and 10 (64 bit)



On Fri, Nov 15, 2019 at 1:31 PM Paul Durrant  wrote:
On Thu, 14 Nov 2019 at 04:57, Julian Tuminaro 
 wrote:
>
> From: Julian Tuminaro and Jenish Rakholiya  and mailto:rakholiyajenish...@gmail.com>
>
> Current implementation of find_os is based on the hard-coded values for
> different Windows version. It uses the value for get the address to
> start looking for DOS header in the given specified range. However, this
> is not scalable to all version of Windows as it will require us to keep
> adding new entries and also due to KASLR, chances of not hitting the PE
> header is significant. We implement a way for 64-bit systems to use IDT
> entry to get a valid exception/interrupt handler and then move back into
> the memory to find the valid DOS header. Since IDT entries are protected
> by PatchGuard, we think our assumption that IDT entries will not be
> corrupted is valid for our purpose. Once we have the image base, we
> search for the DBGKD_GET_VERSION64 structure type in .data section to
> get information required for handshake.
>
> Currently, this is a work in progress feature and current patch only
> supports the handshake and memory read/write on 64-bit systems.
>
> NOTE: This is the Updated version of the previous patch submitted
> NOTE: This has currently been only tested when debugging was not enabled
> on the guest Windows.
>
> Signed-off-by: Jenish Rakholiya 
> Signed-off-by: Julian Tuminaro 

LGTM.

Reviewed-by: Paul Durrant 

Paul, is this something worth adding a line to CHANGELOG about?

 -George
-

Yes, I'd completely forgotten this had fallen in the 4.14 timeline. I'll send a 
patch.

  Paul

Re: [Xen-devel] [PATCH V2] kdd.c: Add support for initial handshake in KD protocol for Win 7, 8 and 10 (64 bit)

2020-06-09 Thread George Dunlap

On Fri, Nov 15, 2019 at 1:31 PM Paul Durrant  wrote:

> On Thu, 14 Nov 2019 at 04:57, Julian Tuminaro 
> wrote:
> >
> > From: Julian Tuminaro and Jenish Rakholiya  and rakholiyajenish...@gmail.com>
> >
> > Current implementation of find_os is based on the hard-coded values for
> > different Windows version. It uses the value for get the address to
> > start looking for DOS header in the given specified range. However, this
> > is not scalable to all version of Windows as it will require us to keep
> > adding new entries and also due to KASLR, chances of not hitting the PE
> > header is significant. We implement a way for 64-bit systems to use IDT
> > entry to get a valid exception/interrupt handler and then move back into
> > the memory to find the valid DOS header. Since IDT entries are protected
> > by PatchGuard, we think our assumption that IDT entries will not be
> > corrupted is valid for our purpose. Once we have the image base, we
> > search for the DBGKD_GET_VERSION64 structure type in .data section to
> > get information required for handshake.
> >
> > Currently, this is a work in progress feature and current patch only
> > supports the handshake and memory read/write on 64-bit systems.
> >
> > NOTE: This is the Updated version of the previous patch submitted
> > NOTE: This has currently been only tested when debugging was not enabled
> > on the guest Windows.
> >
> > Signed-off-by: Jenish Rakholiya 
> > Signed-off-by: Julian Tuminaro 
>
> LGTM.
>
> Reviewed-by: Paul Durrant 
>

Paul, is this something worth adding a line to CHANGELOG about?

 -George

Re: [Xen-devel] [PATCH V2] kdd.c: Add support for initial handshake in KD protocol for Win 7, 8 and 10 (64 bit)

2019-11-29 Thread Doug Goldstein


On 11/13/19 10:55 PM, Julian Tuminaro wrote:


From: Julian Tuminaro and Jenish Rakholiya 

Current implementation of find_os is based on the hard-coded values for
different Windows version. It uses the value for get the address to
start looking for DOS header in the given specified range. However, this
is not scalable to all version of Windows as it will require us to keep
adding new entries and also due to KASLR, chances of not hitting the PE
header is significant. We implement a way for 64-bit systems to use IDT
entry to get a valid exception/interrupt handler and then move back into
the memory to find the valid DOS header. Since IDT entries are protected
by PatchGuard, we think our assumption that IDT entries will not be
corrupted is valid for our purpose. Once we have the image base, we
search for the DBGKD_GET_VERSION64 structure type in .data section to
get information required for handshake.

Currently, this is a work in progress feature and current patch only
supports the handshake and memory read/write on 64-bit systems.

NOTE: This is the Updated version of the previous patch submitted
NOTE: This has currently been only tested when debugging was not enabled
on the guest Windows.

Signed-off-by: Jenish Rakholiya 
Signed-off-by: Julian Tuminaro 
---


This commit has broken the build of the staging tree. For a full log 
see: https://gitlab.com/xen-project/xen/-/jobs/365398313#L5184 But the 
relevant bit is likely:


||

|gcc -m32 -march=i686 -DBUILD_ID -fno-strict-aliasing -std=gnu99 -Wall 
-Wstrict-prototypes -Wdeclaration-after-statement 
-Wno-unused-but-set-variable -Wno-unused-local-typedefs -O2 
-fomit-frame-pointer 
-D__XEN_INTERFACE_VERSION__=__XEN_LATEST_INTERFACE_VERSION__ -MMD -MF 
.kdd-xen.o.d -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE 
-D_LARGEFILE64_SOURCE -mno-tls-direct-seg-refs -Werror 
-I/builds/xen-project/xen/tools/debugger/kdd/../../../tools/libxc/include 
-I/builds/xen-project/xen/tools/debugger/kdd/../../../tools/libs/toollog/include 
-I/builds/xen-project/xen/tools/debugger/kdd/../../../tools/include 
-I/builds/xen-project/xen/tools/debugger/kdd/../../../tools/libs/foreignmemory/include 
-I/builds/xen-project/xen/tools/debugger/kdd/../../../tools/include 
-I/builds/xen-project/xen/tools/debugger/kdd/../../../tools/libs/devicemodel/include 
-I/builds/xen-project/xen/tools/debugger/kdd/../../../tools/include 
-I/builds/xen-project/xen/tools/debugger/kdd/../../../tools/include 
-D__XEN_TOOLS__ -DXC_WANT_COMPAT_MAP_FOREIGN_API -c -o kdd-xen.o kdd-xen.c |

|
In file included from kdd.c:53:0:
kdd.c: In function 'get_os_info_64':
kdd.c:616:35: error: cast to pointer from integer of different size 
[-Werror=int-to-pointer-cast]

 KDD_LOG(s, "idt0 addr: %p\n", (void *)idt0_addr);
|

___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Xen-devel] [PATCH V2] kdd.c: Add support for initial handshake in KD protocol for Win 7, 8 and 10 (64 bit)

2019-11-15 Thread Julien Grall

CC Wei's correct e-mail address.

On Sat, 16 Nov 2019, 05:44 Julien Grall,  wrote:

> Hi,
>
> I am not commenting on the code itself but the process.
>
> On Thu, 14 Nov 2019, 07:59 Julian Tuminaro, 
> wrote:
>
>> From: Julian Tuminaro and Jenish Rakholiya > and rakholiyajenish...@gmail.com>
>>
>
> AFAICT this is the first time we have such format for "From".
>
> We usually have one person listed per tag and I think we should stick with
> it.
>
> Otherwise this is possibly going to break tools like get_maintainers.pl
> that tends to also output the list of contributors (depending on the
> option) and stat tools.
>
> Although, I am not entirely sure how to encode 2 authors here. Maybe 2
> From tag?
>
>
>> Current implementation of find_os is based on the hard-coded values for
>> different Windows version. It uses the value for get the address to
>> start looking for DOS header in the given specified range. However, this
>> is not scalable to all version of Windows as it will require us to keep
>> adding new entries and also due to KASLR, chances of not hitting the PE
>> header is significant. We implement a way for 64-bit systems to use IDT
>> entry to get a valid exception/interrupt handler and then move back into
>> the memory to find the valid DOS header. Since IDT entries are protected
>> by PatchGuard, we think our assumption that IDT entries will not be
>> corrupted is valid for our purpose. Once we have the image base, we
>> search for the DBGKD_GET_VERSION64 structure type in .data section to
>> get information required for handshake.
>>
>> Currently, this is a work in progress feature and current patch only
>> supports the handshake and memory read/write on 64-bit systems.
>>
>> NOTE: This is the Updated version of the previous patch submitted
>
>
> This paragraph is not useful after committing. We tend to add them after
> "---" so it get stripped by git am.
>
> NOTE: This has currently been only tested when debugging was not enabled
>> on the guest Windows.
>
>
> This one is arguable, I think someone should have done the testing in most
> of the configurations before committing. So it can be put after "---" to
> inform the reviewer the state if the patch.
>
> Cheers,
>
>
>> Signed-off-by: Jenish Rakholiya 
>> Signed-off-by: Julian Tuminaro 
>> ---
>>  tools/debugger/kdd/kdd.c | 392 ---
>>  1 file changed, 366 insertions(+), 26 deletions(-)
>>
>> diff --git a/tools/debugger/kdd/kdd.c b/tools/debugger/kdd/kdd.c
>> index fb8c645355..6d3febefda 100644
>> --- a/tools/debugger/kdd/kdd.c
>> +++ b/tools/debugger/kdd/kdd.c
>> @@ -41,6 +41,7 @@
>>  #include 
>>  #include 
>>  #include 
>> +#include 
>>
>>  #include 
>>  #include 
>> @@ -51,6 +52,16 @@
>>
>>  #include "kdd.h"
>>
>> +/*
>> + * TODO: kdd_os is a type which is used to represent os array. Adding a
>> + * variable here would result in adding a new field to each element in
>> array.
>> + * However, since most of the fields are part of the same struct that we
>> are
>> + * trying to read from memory, we have added kddl to this structure. If
>> + * required, we can possibly separate the kddl value to someplace else
>> + *
>> + * We also use kddl of size uint32_t which is actually used to represent
>> the
>> + * offset from image base rather than actual address
>> + */
>>  /* Windows version details */
>>  typedef struct {
>>  uint32_t build;
>> @@ -62,6 +73,7 @@ typedef struct {
>>  uint32_t version;   /* +-> NtBuildNumber */
>>  uint32_t modules;   /* +-> PsLoadedModuleList */
>>  uint32_t prcbs; /* +-> KiProcessorBlock */
>> +uint32_t kddl;  /* +-> KdDebuggerList */
>>  } kdd_os;
>>
>>  /* State of the debugger stub */
>> @@ -85,6 +97,117 @@ typedef struct {
>>  kdd_os os; /* OS-specific magic
>> numbers */
>>  } kdd_state;
>>
>> +/**
>> + * @brief Structure to represent DBGKD_GET_VERSION64
>> + *
>> + * reference:
>> https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/wdbgexts/ns-wdbgexts-_dbgkd_get_version64
>> + */
>> +typedef struct {
>> +uint16_t MajorVersion; /* usually 0xf for free
>> build */
>> +uint16_t MinorVersion;  /* build number of
>> target OS */
>> +uint8_t ProtocolVersion; /* version of the debugger
>> protocol */
>> +uint8_t KdSecondaryVersion;  /* secondary version
>> number */
>> +uint16_t Flags;/* set of bit flags for the current debugging
>> session */
>> +uint16_t MachineType;  /* type of the target's
>> processor */
>> +uint8_t MaxPacketType; /* one plus the highest number for a
>> debugger */
>> + /* packet type recognized by the
>> target */
>> +uint8_t MaxStateChagne;   /* one plus the highest number for a
>> state */
>> +   /* change generated by the
>> target */
>> +uint8_t

Re: [Xen-devel] [PATCH V2] kdd.c: Add support for initial handshake in KD protocol for Win 7, 8 and 10 (64 bit)

2019-11-15 Thread Julien Grall

Hi,

I am not commenting on the code itself but the process.

On Thu, 14 Nov 2019, 07:59 Julian Tuminaro, 
wrote:

> From: Julian Tuminaro and Jenish Rakholiya  rakholiyajenish...@gmail.com>
>

AFAICT this is the first time we have such format for "From".

We usually have one person listed per tag and I think we should stick with
it.

Otherwise this is possibly going to break tools like get_maintainers.pl
that tends to also output the list of contributors (depending on the
option) and stat tools.

Although, I am not entirely sure how to encode 2 authors here. Maybe 2 From
tag?


> Current implementation of find_os is based on the hard-coded values for
> different Windows version. It uses the value for get the address to
> start looking for DOS header in the given specified range. However, this
> is not scalable to all version of Windows as it will require us to keep
> adding new entries and also due to KASLR, chances of not hitting the PE
> header is significant. We implement a way for 64-bit systems to use IDT
> entry to get a valid exception/interrupt handler and then move back into
> the memory to find the valid DOS header. Since IDT entries are protected
> by PatchGuard, we think our assumption that IDT entries will not be
> corrupted is valid for our purpose. Once we have the image base, we
> search for the DBGKD_GET_VERSION64 structure type in .data section to
> get information required for handshake.
>
> Currently, this is a work in progress feature and current patch only
> supports the handshake and memory read/write on 64-bit systems.
>
> NOTE: This is the Updated version of the previous patch submitted


This paragraph is not useful after committing. We tend to add them after
"---" so it get stripped by git am.

NOTE: This has currently been only tested when debugging was not enabled
> on the guest Windows.


This one is arguable, I think someone should have done the testing in most
of the configurations before committing. So it can be put after "---" to
inform the reviewer the state if the patch.

Cheers,


> Signed-off-by: Jenish Rakholiya 
> Signed-off-by: Julian Tuminaro 
> ---
>  tools/debugger/kdd/kdd.c | 392 ---
>  1 file changed, 366 insertions(+), 26 deletions(-)
>
> diff --git a/tools/debugger/kdd/kdd.c b/tools/debugger/kdd/kdd.c
> index fb8c645355..6d3febefda 100644
> --- a/tools/debugger/kdd/kdd.c
> +++ b/tools/debugger/kdd/kdd.c
> @@ -41,6 +41,7 @@
>  #include 
>  #include 
>  #include 
> +#include 
>
>  #include 
>  #include 
> @@ -51,6 +52,16 @@
>
>  #include "kdd.h"
>
> +/*
> + * TODO: kdd_os is a type which is used to represent os array. Adding a
> + * variable here would result in adding a new field to each element in
> array.
> + * However, since most of the fields are part of the same struct that we
> are
> + * trying to read from memory, we have added kddl to this structure. If
> + * required, we can possibly separate the kddl value to someplace else
> + *
> + * We also use kddl of size uint32_t which is actually used to represent
> the
> + * offset from image base rather than actual address
> + */
>  /* Windows version details */
>  typedef struct {
>  uint32_t build;
> @@ -62,6 +73,7 @@ typedef struct {
>  uint32_t version;   /* +-> NtBuildNumber */
>  uint32_t modules;   /* +-> PsLoadedModuleList */
>  uint32_t prcbs; /* +-> KiProcessorBlock */
> +uint32_t kddl;  /* +-> KdDebuggerList */
>  } kdd_os;
>
>  /* State of the debugger stub */
> @@ -85,6 +97,117 @@ typedef struct {
>  kdd_os os; /* OS-specific magic
> numbers */
>  } kdd_state;
>
> +/**
> + * @brief Structure to represent DBGKD_GET_VERSION64
> + *
> + * reference:
> https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/wdbgexts/ns-wdbgexts-_dbgkd_get_version64
> + */
> +typedef struct {
> +uint16_t MajorVersion; /* usually 0xf for free
> build */
> +uint16_t MinorVersion;  /* build number of target
> OS */
> +uint8_t ProtocolVersion; /* version of the debugger
> protocol */
> +uint8_t KdSecondaryVersion;  /* secondary version
> number */
> +uint16_t Flags;/* set of bit flags for the current debugging
> session */
> +uint16_t MachineType;  /* type of the target's
> processor */
> +uint8_t MaxPacketType; /* one plus the highest number for a
> debugger */
> + /* packet type recognized by the
> target */
> +uint8_t MaxStateChagne;   /* one plus the highest number for a
> state */
> +   /* change generated by the
> target */
> +uint8_t MaxManipulate;   /* one more that the highest number,
> recognized */
> +/* by the target, for a command to manipulate the
> target */
> +uint8_t Simulation;/* indication if target is in simulated
> execution */
> +

Re: [Xen-devel] [PATCH V2] kdd.c: Add support for initial handshake in KD protocol for Win 7, 8 and 10 (64 bit)

2019-11-15 Thread Wei Liu

Hi Julian and Jenish

I have queued this patch to my for-next branch based on Paul and Tim's
review.

Note that Xen is currently frozen. This patch will get committed once
the tree is open for new features.

Wei.

___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Xen-devel] [PATCH V2] kdd.c: Add support for initial handshake in KD protocol for Win 7, 8 and 10 (64 bit)

2019-11-15 Thread Paul Durrant

On Thu, 14 Nov 2019 at 04:57, Julian Tuminaro  wrote:
>
> From: Julian Tuminaro and Jenish Rakholiya  rakholiyajenish...@gmail.com>
>
> Current implementation of find_os is based on the hard-coded values for
> different Windows version. It uses the value for get the address to
> start looking for DOS header in the given specified range. However, this
> is not scalable to all version of Windows as it will require us to keep
> adding new entries and also due to KASLR, chances of not hitting the PE
> header is significant. We implement a way for 64-bit systems to use IDT
> entry to get a valid exception/interrupt handler and then move back into
> the memory to find the valid DOS header. Since IDT entries are protected
> by PatchGuard, we think our assumption that IDT entries will not be
> corrupted is valid for our purpose. Once we have the image base, we
> search for the DBGKD_GET_VERSION64 structure type in .data section to
> get information required for handshake.
>
> Currently, this is a work in progress feature and current patch only
> supports the handshake and memory read/write on 64-bit systems.
>
> NOTE: This is the Updated version of the previous patch submitted
> NOTE: This has currently been only tested when debugging was not enabled
> on the guest Windows.
>
> Signed-off-by: Jenish Rakholiya 
> Signed-off-by: Julian Tuminaro 

LGTM.

Reviewed-by: Paul Durrant 

> ---
>  tools/debugger/kdd/kdd.c | 392 ---
>  1 file changed, 366 insertions(+), 26 deletions(-)
>
> diff --git a/tools/debugger/kdd/kdd.c b/tools/debugger/kdd/kdd.c
> index fb8c645355..6d3febefda 100644
> --- a/tools/debugger/kdd/kdd.c
> +++ b/tools/debugger/kdd/kdd.c
> @@ -41,6 +41,7 @@
>  #include 
>  #include 
>  #include 
> +#include 
>
>  #include 
>  #include 
> @@ -51,6 +52,16 @@
>
>  #include "kdd.h"
>
> +/*
> + * TODO: kdd_os is a type which is used to represent os array. Adding a
> + * variable here would result in adding a new field to each element in array.
> + * However, since most of the fields are part of the same struct that we are
> + * trying to read from memory, we have added kddl to this structure. If
> + * required, we can possibly separate the kddl value to someplace else
> + *
> + * We also use kddl of size uint32_t which is actually used to represent the
> + * offset from image base rather than actual address
> + */
>  /* Windows version details */
>  typedef struct {
>  uint32_t build;
> @@ -62,6 +73,7 @@ typedef struct {
>  uint32_t version;   /* +-> NtBuildNumber */
>  uint32_t modules;   /* +-> PsLoadedModuleList */
>  uint32_t prcbs; /* +-> KiProcessorBlock */
> +uint32_t kddl;  /* +-> KdDebuggerList */
>  } kdd_os;
>
>  /* State of the debugger stub */
> @@ -85,6 +97,117 @@ typedef struct {
>  kdd_os os; /* OS-specific magic numbers 
> */
>  } kdd_state;
>
> +/**
> + * @brief Structure to represent DBGKD_GET_VERSION64
> + *
> + * reference: 
> https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/wdbgexts/ns-wdbgexts-_dbgkd_get_version64
> + */
> +typedef struct {
> +uint16_t MajorVersion; /* usually 0xf for free build 
> */
> +uint16_t MinorVersion;  /* build number of target OS 
> */
> +uint8_t ProtocolVersion; /* version of the debugger protocol 
> */
> +uint8_t KdSecondaryVersion;  /* secondary version number 
> */
> +uint16_t Flags;/* set of bit flags for the current debugging session 
> */
> +uint16_t MachineType;  /* type of the target's processor 
> */
> +uint8_t MaxPacketType; /* one plus the highest number for a debugger 
> */
> + /* packet type recognized by the target 
> */
> +uint8_t MaxStateChagne;   /* one plus the highest number for a state 
> */
> +   /* change generated by the target 
> */
> +uint8_t MaxManipulate;   /* one more that the highest number, recognized 
> */
> +/* by the target, for a command to manipulate the target 
> */
> +uint8_t Simulation;/* indication if target is in simulated execution 
> */
> +uint16_t Unused[1];
> +uint64_t KernBase;   /* base address of the kernel image 
> */
> +uint64_t PsLoadedModuleList; /* value of the kernel variable 
> */
> +   /* PsLoadedModuleList 
> */
> +uint64_t DebuggerDataList;   /* value of the kernel variable 
> */
> +  /* KdDebuggerDataBlock 
> */
> +} PACKED DBGKD_GET_VERSION64;
> +
> +/**
> + * @brief Structure to represent the section in PE headers
> + *
> + * reference: 
> https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#section-table-section-headers
> + */
> +typedef struct {
> +uint8_t

Re: [Xen-devel] [PATCH V2] kdd.c: Add support for initial handshake in KD protocol for Win 7, 8 and 10 (64 bit)

2019-11-14 Thread Tim Deegan

Hi,

At 23:55 -0500 on 13 Nov (1573689341), Julian Tuminaro wrote:
> From: Julian Tuminaro and Jenish Rakholiya  rakholiyajenish...@gmail.com>
> 
> Current implementation of find_os is based on the hard-coded values for
> different Windows version. It uses the value for get the address to
> start looking for DOS header in the given specified range. However, this
> is not scalable to all version of Windows as it will require us to keep
> adding new entries and also due to KASLR, chances of not hitting the PE
> header is significant. We implement a way for 64-bit systems to use IDT
> entry to get a valid exception/interrupt handler and then move back into
> the memory to find the valid DOS header. Since IDT entries are protected
> by PatchGuard, we think our assumption that IDT entries will not be
> corrupted is valid for our purpose. Once we have the image base, we
> search for the DBGKD_GET_VERSION64 structure type in .data section to
> get information required for handshake.

Thanks for the updates, this looks good!

Reviewed-by: Tim Deegan 


___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[Xen-devel] [PATCH V2] kdd.c: Add support for initial handshake in KD protocol for Win 7, 8 and 10 (64 bit)

2019-11-13 Thread Julian Tuminaro

From: Julian Tuminaro and Jenish Rakholiya 

Current implementation of find_os is based on the hard-coded values for
different Windows version. It uses the value for get the address to
start looking for DOS header in the given specified range. However, this
is not scalable to all version of Windows as it will require us to keep
adding new entries and also due to KASLR, chances of not hitting the PE
header is significant. We implement a way for 64-bit systems to use IDT
entry to get a valid exception/interrupt handler and then move back into
the memory to find the valid DOS header. Since IDT entries are protected
by PatchGuard, we think our assumption that IDT entries will not be
corrupted is valid for our purpose. Once we have the image base, we
search for the DBGKD_GET_VERSION64 structure type in .data section to
get information required for handshake.

Currently, this is a work in progress feature and current patch only
supports the handshake and memory read/write on 64-bit systems.

NOTE: This is the Updated version of the previous patch submitted
NOTE: This has currently been only tested when debugging was not enabled
on the guest Windows.

Signed-off-by: Jenish Rakholiya 
Signed-off-by: Julian Tuminaro 
---
 tools/debugger/kdd/kdd.c | 392 ---
 1 file changed, 366 insertions(+), 26 deletions(-)

diff --git a/tools/debugger/kdd/kdd.c b/tools/debugger/kdd/kdd.c
index fb8c645355..6d3febefda 100644
--- a/tools/debugger/kdd/kdd.c
+++ b/tools/debugger/kdd/kdd.c
@@ -41,6 +41,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include 
 #include 
@@ -51,6 +52,16 @@
 
 #include "kdd.h"
 
+/*
+ * TODO: kdd_os is a type which is used to represent os array. Adding a
+ * variable here would result in adding a new field to each element in array.
+ * However, since most of the fields are part of the same struct that we are
+ * trying to read from memory, we have added kddl to this structure. If
+ * required, we can possibly separate the kddl value to someplace else
+ *
+ * We also use kddl of size uint32_t which is actually used to represent the
+ * offset from image base rather than actual address
+ */
 /* Windows version details */
 typedef struct {
 uint32_t build; 
@@ -62,6 +73,7 @@ typedef struct {
 uint32_t version;   /* +-> NtBuildNumber */
 uint32_t modules;   /* +-> PsLoadedModuleList */
 uint32_t prcbs; /* +-> KiProcessorBlock */
+uint32_t kddl;  /* +-> KdDebuggerList */
 } kdd_os;
 
 /* State of the debugger stub */
@@ -85,6 +97,117 @@ typedef struct {
 kdd_os os; /* OS-specific magic numbers */
 } kdd_state;
 
+/**
+ * @brief Structure to represent DBGKD_GET_VERSION64
+ *
+ * reference: 
https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/wdbgexts/ns-wdbgexts-_dbgkd_get_version64
+ */
+typedef struct {
+uint16_t MajorVersion; /* usually 0xf for free build */
+uint16_t MinorVersion;  /* build number of target OS */
+uint8_t ProtocolVersion; /* version of the debugger protocol */
+uint8_t KdSecondaryVersion;  /* secondary version number */
+uint16_t Flags;/* set of bit flags for the current debugging session */
+uint16_t MachineType;  /* type of the target's processor */
+uint8_t MaxPacketType; /* one plus the highest number for a debugger */
+ /* packet type recognized by the target */
+uint8_t MaxStateChagne;   /* one plus the highest number for a state */
+   /* change generated by the target */
+uint8_t MaxManipulate;   /* one more that the highest number, recognized */
+/* by the target, for a command to manipulate the target */
+uint8_t Simulation;/* indication if target is in simulated execution */
+uint16_t Unused[1];
+uint64_t KernBase;   /* base address of the kernel image */
+uint64_t PsLoadedModuleList; /* value of the kernel variable */
+   /* PsLoadedModuleList */
+uint64_t DebuggerDataList;   /* value of the kernel variable */
+  /* KdDebuggerDataBlock */
+} PACKED DBGKD_GET_VERSION64;
+
+/**
+ * @brief Structure to represent the section in PE headers
+ *
+ * reference: 
https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#section-table-section-headers
+ */
+typedef struct {
+uint8_t Name[8];/* name of section */
+uint32_t VirtualSize;   /* total size of section in memory */
+uint32_t VirtualAddr;   /* offset from image base */
+uint32_t SizeOfRawData; /* size of section in for object files */
+uint32_t PointerToRawData;  /* file pointer to first page in COFF */
+uint32_t

RE: [Xen-devel] [PATCH V2] kdd.c: Add support for initial handshake in KD protocol for Win 7, 8 and 10 (64 bit)

Re: [Xen-devel] [PATCH V2] kdd.c: Add support for initial handshake in KD protocol for Win 7, 8 and 10 (64 bit)

Re: [Xen-devel] [PATCH V2] kdd.c: Add support for initial handshake in KD protocol for Win 7, 8 and 10 (64 bit)

Re: [Xen-devel] [PATCH V2] kdd.c: Add support for initial handshake in KD protocol for Win 7, 8 and 10 (64 bit)

Re: [Xen-devel] [PATCH V2] kdd.c: Add support for initial handshake in KD protocol for Win 7, 8 and 10 (64 bit)

Re: [Xen-devel] [PATCH V2] kdd.c: Add support for initial handshake in KD protocol for Win 7, 8 and 10 (64 bit)

Re: [Xen-devel] [PATCH V2] kdd.c: Add support for initial handshake in KD protocol for Win 7, 8 and 10 (64 bit)

Re: [Xen-devel] [PATCH V2] kdd.c: Add support for initial handshake in KD protocol for Win 7, 8 and 10 (64 bit)

[Xen-devel] [PATCH V2] kdd.c: Add support for initial handshake in KD protocol for Win 7, 8 and 10 (64 bit)

9 matches

Site Navigation

Mail list logo

Footer information