|
8 | 8 | #include "debugger.h" |
9 | 9 | #include "patches.h" |
10 | 10 | #include "threading.h" |
| 11 | +#include "thread.h" |
11 | 12 | #include "module.h" |
12 | 13 |
|
13 | 14 | #define PAGE_SHIFT (12) |
@@ -70,7 +71,7 @@ void MemUpdateMap() |
70 | 71 | while(numBytes); |
71 | 72 | } |
72 | 73 |
|
73 | | - //process file sections |
| 74 | + // Process file sections |
74 | 75 | int pagecount = (int)pageVector.size(); |
75 | 76 | char curMod[MAX_MODULE_SIZE] = ""; |
76 | 77 | for(int i = pagecount - 1; i > -1; i--) |
@@ -140,6 +141,50 @@ void MemUpdateMap() |
140 | 141 | } |
141 | 142 | } |
142 | 143 |
|
| 144 | + // Get a list of threads for information about Kernel/PEB/TEB/Stack ranges |
| 145 | + THREADLIST threadList; |
| 146 | + ThreadGetList(&threadList); |
| 147 | + |
| 148 | + for (auto & page : pageVector) |
| 149 | + { |
| 150 | + const duint pageBase = (duint)page.mbi.BaseAddress; |
| 151 | + const duint pageSize = (duint)page.mbi.RegionSize; |
| 152 | + |
| 153 | + // Check for windows specific data |
| 154 | + if (pageBase == 0x7FFE0000) |
| 155 | + { |
| 156 | + strcpy_s(page.info, "KUSER_SHARED_DATA"); |
| 157 | + continue; |
| 158 | + } |
| 159 | + |
| 160 | + // Check in threads |
| 161 | + for (int i = 0; i < threadList.count; i++) |
| 162 | + { |
| 163 | + duint tebBase = threadList.list[i].BasicInfo.ThreadLocalBase; |
| 164 | + DWORD threadId = threadList.list[i].BasicInfo.ThreadId; |
| 165 | + |
| 166 | + // Mark TEB |
| 167 | + if (pageBase == tebBase) |
| 168 | + { |
| 169 | + sprintf_s(page.info, "Thread %X TEB", threadId); |
| 170 | + break; |
| 171 | + } |
| 172 | + |
| 173 | + // Read the TEB to get stack information |
| 174 | + TEB teb; |
| 175 | + if (!ThreadGetTeb(tebBase, &teb)) |
| 176 | + continue; |
| 177 | + |
| 178 | + // The stack will be a specific range only, not always the base address |
| 179 | + duint stackAddr = (duint)teb.Tib.StackLimit; |
| 180 | + |
| 181 | + if (stackAddr >= pageBase && stackAddr < (pageBase + pageSize)) |
| 182 | + sprintf_s(page.info, "Thread %X Stack", threadId); |
| 183 | + } |
| 184 | + } |
| 185 | + |
| 186 | + BridgeFree(threadList.list); |
| 187 | + |
143 | 188 | // Convert the vector to a map |
144 | 189 | EXCLUSIVE_ACQUIRE(LockMemoryPages); |
145 | 190 | memoryPages.clear(); |
|
0 commit comments