[PATCH 0/5] Improve dumper megion region selection
Jon Turney
jon.turney@dronecode.org.uk
Sat Jul 18 15:00:23 GMT 2020
Improve how dumper determines if a memory region should be dumped:
Currently we open and read the PE file for each module, and exclude regions
corresponding to sections marked 'DEBUGGING' or 'CODE'.
This doesn't work correctly if the DLL has been loaded to an address other
than the ImageBase recorded in the PE header. It fails to produce a useful
dump if there's a collision in excluded region addresses (which will always
occur on x86_64, as kernel32.dll has an ImageBase which collides with the
cygwin1.dll)
This probably also doesn't produce correct dumps if the protection on memory
regions corresponding to 'CODE' sections is manipulated using VirtualProtect().
Instead, dump memory region based on their type, protection and sharability:
- state is MEM_COMMIT (i.e. is not MEM_RESERVE or MEM_FREE), and
-- type is MEM_PRIVATE and protection allows reads (i.e. not a guardpage), or
-- type is MEM_IMAGE and attribute is non-sharable (i.e. it was WC, got
written to, and is now a RW copy)
Jon Turney (5):
Cygwin: Show details of all memory regions details in dumper debug
output
Cygwin: Remove reading of PE for section flags from dumper
Cygwin: Drop excluded regions list from dumper
Cygwin: Don't dump non-writable image regions
Cygwin: Use MEMORY_WORKING_SET_EX_INFORMATION in dumper
winsup/doc/utils.xml | 8 +-
winsup/utils/Makefile.in | 8 +-
winsup/utils/dumper.cc | 214 +++++++++++++++++++++++++++------------
winsup/utils/dumper.h | 19 ----
winsup/utils/parse_pe.cc | 107 --------------------
5 files changed, 155 insertions(+), 201 deletions(-)
delete mode 100644 winsup/utils/parse_pe.cc
--
2.27.0
More information about the Cygwin-patches
mailing list