|
|
|
|
@@ -69,7 +69,11 @@ class StackwalkerX86Fixture {
|
|
|
|
|
// Give the two modules reasonable standard locations and names
|
|
|
|
|
// for tests to play with.
|
|
|
|
|
module1(0x40000000, 0x10000, "module1", "version1"),
|
|
|
|
|
module2(0x50000000, 0x10000, "module2", "version2") {
|
|
|
|
|
module2(0x50000000, 0x10000, "module2", "version2"),
|
|
|
|
|
module3(0x771d0000, 0x180000, "module3", "version3"),
|
|
|
|
|
module4(0x75f90000, 0x46000, "module4", "version4"),
|
|
|
|
|
module5(0x75730000, 0x110000, "module5", "version5"),
|
|
|
|
|
module6(0x647f0000, 0x1ba8000, "module6", "version6") {
|
|
|
|
|
// Identify the system as a Linux system.
|
|
|
|
|
system_info.os = "Linux";
|
|
|
|
|
system_info.os_short = "linux";
|
|
|
|
|
@@ -83,6 +87,10 @@ class StackwalkerX86Fixture {
|
|
|
|
|
// Create some modules with some stock debugging information.
|
|
|
|
|
modules.Add(&module1);
|
|
|
|
|
modules.Add(&module2);
|
|
|
|
|
modules.Add(&module3);
|
|
|
|
|
modules.Add(&module4);
|
|
|
|
|
modules.Add(&module5);
|
|
|
|
|
modules.Add(&module6);
|
|
|
|
|
|
|
|
|
|
// By default, none of the modules have symbol info; call
|
|
|
|
|
// SetModuleSymbols to override this.
|
|
|
|
|
@@ -122,6 +130,10 @@ class StackwalkerX86Fixture {
|
|
|
|
|
MockMemoryRegion stack_region;
|
|
|
|
|
MockCodeModule module1;
|
|
|
|
|
MockCodeModule module2;
|
|
|
|
|
MockCodeModule module3;
|
|
|
|
|
MockCodeModule module4;
|
|
|
|
|
MockCodeModule module5;
|
|
|
|
|
MockCodeModule module6;
|
|
|
|
|
MockCodeModules modules;
|
|
|
|
|
MockSymbolSupplier supplier;
|
|
|
|
|
BasicSourceLineResolver resolver;
|
|
|
|
|
@@ -196,6 +208,7 @@ TEST_F(GetCallerFrame, Traditional) {
|
|
|
|
|
frames = call_stack.frames();
|
|
|
|
|
ASSERT_EQ(2U, frames->size());
|
|
|
|
|
|
|
|
|
|
{ // To avoid reusing locals by mistake
|
|
|
|
|
StackFrameX86 *frame0 = static_cast<StackFrameX86 *>(frames->at(0));
|
|
|
|
|
EXPECT_EQ(StackFrame::FRAME_TRUST_CONTEXT, frame0->trust);
|
|
|
|
|
EXPECT_EQ(StackFrameX86::CONTEXT_VALID_ALL, frame0->context_validity);
|
|
|
|
|
@@ -203,7 +216,9 @@ TEST_F(GetCallerFrame, Traditional) {
|
|
|
|
|
EXPECT_EQ(0x4000c7a5U, frame0->context.eip);
|
|
|
|
|
EXPECT_EQ(frame0_ebp.Value(), frame0->context.ebp);
|
|
|
|
|
EXPECT_EQ(NULL, frame0->windows_frame_info);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
{ // To avoid reusing locals by mistake
|
|
|
|
|
StackFrameX86 *frame1 = static_cast<StackFrameX86 *>(frames->at(1));
|
|
|
|
|
EXPECT_EQ(StackFrame::FRAME_TRUST_FP, frame1->trust);
|
|
|
|
|
ASSERT_EQ((StackFrameX86::CONTEXT_VALID_EIP
|
|
|
|
|
@@ -215,6 +230,7 @@ TEST_F(GetCallerFrame, Traditional) {
|
|
|
|
|
EXPECT_EQ(frame1_ebp.Value(), frame1->context.ebp);
|
|
|
|
|
EXPECT_EQ(NULL, frame1->windows_frame_info);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Walk a traditional frame, but use a bogus %ebp value, forcing a scan
|
|
|
|
|
// of the stack for something that looks like a return address.
|
|
|
|
|
@@ -247,6 +263,7 @@ TEST_F(GetCallerFrame, TraditionalScan) {
|
|
|
|
|
frames = call_stack.frames();
|
|
|
|
|
ASSERT_EQ(2U, frames->size());
|
|
|
|
|
|
|
|
|
|
{ // To avoid reusing locals by mistake
|
|
|
|
|
StackFrameX86 *frame0 = static_cast<StackFrameX86 *>(frames->at(0));
|
|
|
|
|
EXPECT_EQ(StackFrame::FRAME_TRUST_CONTEXT, frame0->trust);
|
|
|
|
|
ASSERT_EQ(StackFrameX86::CONTEXT_VALID_ALL, frame0->context_validity);
|
|
|
|
|
@@ -255,7 +272,9 @@ TEST_F(GetCallerFrame, TraditionalScan) {
|
|
|
|
|
EXPECT_EQ(stack_section.start().Value(), frame0->context.esp);
|
|
|
|
|
EXPECT_EQ(0xd43eed6eU, frame0->context.ebp);
|
|
|
|
|
EXPECT_EQ(NULL, frame0->windows_frame_info);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
{ // To avoid reusing locals by mistake
|
|
|
|
|
StackFrameX86 *frame1 = static_cast<StackFrameX86 *>(frames->at(1));
|
|
|
|
|
EXPECT_EQ(StackFrame::FRAME_TRUST_SCAN, frame1->trust);
|
|
|
|
|
// I'd argue that CONTEXT_VALID_EBP shouldn't be here, since the
|
|
|
|
|
@@ -272,6 +291,7 @@ TEST_F(GetCallerFrame, TraditionalScan) {
|
|
|
|
|
EXPECT_EQ(0xd43eed6eU, frame1->context.ebp);
|
|
|
|
|
EXPECT_EQ(NULL, frame1->windows_frame_info);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Force scanning for a return address a long way down the stack
|
|
|
|
|
TEST_F(GetCallerFrame, TraditionalScanLongWay) {
|
|
|
|
|
@@ -304,6 +324,7 @@ TEST_F(GetCallerFrame, TraditionalScanLongWay) {
|
|
|
|
|
frames = call_stack.frames();
|
|
|
|
|
ASSERT_EQ(2U, frames->size());
|
|
|
|
|
|
|
|
|
|
{ // To avoid reusing locals by mistake
|
|
|
|
|
StackFrameX86 *frame0 = static_cast<StackFrameX86 *>(frames->at(0));
|
|
|
|
|
EXPECT_EQ(StackFrame::FRAME_TRUST_CONTEXT, frame0->trust);
|
|
|
|
|
ASSERT_EQ(StackFrameX86::CONTEXT_VALID_ALL, frame0->context_validity);
|
|
|
|
|
@@ -312,7 +333,9 @@ TEST_F(GetCallerFrame, TraditionalScanLongWay) {
|
|
|
|
|
EXPECT_EQ(stack_section.start().Value(), frame0->context.esp);
|
|
|
|
|
EXPECT_EQ(0xd43eed6eU, frame0->context.ebp);
|
|
|
|
|
EXPECT_EQ(NULL, frame0->windows_frame_info);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
{ // To avoid reusing locals by mistake
|
|
|
|
|
StackFrameX86 *frame1 = static_cast<StackFrameX86 *>(frames->at(1));
|
|
|
|
|
EXPECT_EQ(StackFrame::FRAME_TRUST_SCAN, frame1->trust);
|
|
|
|
|
// I'd argue that CONTEXT_VALID_EBP shouldn't be here, since the
|
|
|
|
|
@@ -329,6 +352,7 @@ TEST_F(GetCallerFrame, TraditionalScanLongWay) {
|
|
|
|
|
EXPECT_EQ(0xd43eed6eU, frame1->context.ebp);
|
|
|
|
|
EXPECT_EQ(NULL, frame1->windows_frame_info);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Use Windows frame data (a "STACK WIN 4" record, from a
|
|
|
|
|
// FrameTypeFrameData DIA record) to walk a stack frame.
|
|
|
|
|
@@ -371,6 +395,7 @@ TEST_F(GetCallerFrame, WindowsFrameData) {
|
|
|
|
|
frames = call_stack.frames();
|
|
|
|
|
ASSERT_EQ(2U, frames->size());
|
|
|
|
|
|
|
|
|
|
{ // To avoid reusing locals by mistake
|
|
|
|
|
StackFrameX86 *frame0 = static_cast<StackFrameX86 *>(frames->at(0));
|
|
|
|
|
EXPECT_EQ(StackFrame::FRAME_TRUST_CONTEXT, frame0->trust);
|
|
|
|
|
ASSERT_EQ(StackFrameX86::CONTEXT_VALID_ALL, frame0->context_validity);
|
|
|
|
|
@@ -379,7 +404,9 @@ TEST_F(GetCallerFrame, WindowsFrameData) {
|
|
|
|
|
EXPECT_EQ(stack_section.start().Value(), frame0->context.esp);
|
|
|
|
|
EXPECT_EQ(0xf052c1deU, frame0->context.ebp);
|
|
|
|
|
EXPECT_TRUE(frame0->windows_frame_info != NULL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
{ // To avoid reusing locals by mistake
|
|
|
|
|
StackFrameX86 *frame1 = static_cast<StackFrameX86 *>(frames->at(1));
|
|
|
|
|
EXPECT_EQ(StackFrame::FRAME_TRUST_CFI, frame1->trust);
|
|
|
|
|
ASSERT_EQ((StackFrameX86::CONTEXT_VALID_EIP
|
|
|
|
|
@@ -398,6 +425,7 @@ TEST_F(GetCallerFrame, WindowsFrameData) {
|
|
|
|
|
EXPECT_EQ(0x630891beU, frame1->context.edi);
|
|
|
|
|
EXPECT_EQ(NULL, frame1->windows_frame_info);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Use Windows frame data (a "STACK WIN 4" record, from a
|
|
|
|
|
// FrameTypeFrameData DIA record) to walk a stack frame where the stack
|
|
|
|
|
@@ -438,6 +466,7 @@ TEST_F(GetCallerFrame, WindowsFrameDataAligned) {
|
|
|
|
|
frames = call_stack.frames();
|
|
|
|
|
ASSERT_EQ(2U, frames->size());
|
|
|
|
|
|
|
|
|
|
{ // To avoid reusing locals by mistake
|
|
|
|
|
StackFrameX86 *frame0 = static_cast<StackFrameX86 *>(frames->at(0));
|
|
|
|
|
EXPECT_EQ(StackFrame::FRAME_TRUST_CONTEXT, frame0->trust);
|
|
|
|
|
ASSERT_EQ(StackFrameX86::CONTEXT_VALID_ALL, frame0->context_validity);
|
|
|
|
|
@@ -446,7 +475,9 @@ TEST_F(GetCallerFrame, WindowsFrameDataAligned) {
|
|
|
|
|
EXPECT_EQ(stack_section.start().Value(), frame0->context.esp);
|
|
|
|
|
EXPECT_EQ(0xf052c1deU, frame0->context.ebp);
|
|
|
|
|
EXPECT_TRUE(frame0->windows_frame_info != NULL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
{ // To avoid reusing locals by mistake
|
|
|
|
|
StackFrameX86 *frame1 = static_cast<StackFrameX86 *>(frames->at(1));
|
|
|
|
|
EXPECT_EQ(StackFrame::FRAME_TRUST_CFI, frame1->trust);
|
|
|
|
|
ASSERT_EQ((StackFrameX86::CONTEXT_VALID_EIP
|
|
|
|
|
@@ -459,6 +490,7 @@ TEST_F(GetCallerFrame, WindowsFrameDataAligned) {
|
|
|
|
|
EXPECT_EQ(frame1_ebp.Value(), frame1->context.ebp);
|
|
|
|
|
EXPECT_EQ(NULL, frame1->windows_frame_info);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Use Windows frame data (a "STACK WIN 4" record, from a
|
|
|
|
|
// FrameTypeFrameData DIA record) to walk a frame, and depend on the
|
|
|
|
|
@@ -516,6 +548,7 @@ TEST_F(GetCallerFrame, WindowsFrameDataParameterSize) {
|
|
|
|
|
frames = call_stack.frames();
|
|
|
|
|
ASSERT_EQ(3U, frames->size());
|
|
|
|
|
|
|
|
|
|
{ // To avoid reusing locals by mistake
|
|
|
|
|
StackFrameX86 *frame0 = static_cast<StackFrameX86 *>(frames->at(0));
|
|
|
|
|
EXPECT_EQ(StackFrame::FRAME_TRUST_CONTEXT, frame0->trust);
|
|
|
|
|
ASSERT_EQ(StackFrameX86::CONTEXT_VALID_ALL, frame0->context_validity);
|
|
|
|
|
@@ -531,8 +564,12 @@ TEST_F(GetCallerFrame, WindowsFrameDataParameterSize) {
|
|
|
|
|
ASSERT_TRUE(frame0->windows_frame_info != NULL);
|
|
|
|
|
EXPECT_EQ(WindowsFrameInfo::VALID_PARAMETER_SIZE,
|
|
|
|
|
frame0->windows_frame_info->valid);
|
|
|
|
|
EXPECT_EQ(WindowsFrameInfo::STACK_INFO_UNKNOWN,
|
|
|
|
|
frame0->windows_frame_info->type_);
|
|
|
|
|
EXPECT_EQ(12U, frame0->windows_frame_info->parameter_size);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
{ // To avoid reusing locals by mistake
|
|
|
|
|
StackFrameX86 *frame1 = static_cast<StackFrameX86 *>(frames->at(1));
|
|
|
|
|
EXPECT_EQ(StackFrame::FRAME_TRUST_FP, frame1->trust);
|
|
|
|
|
ASSERT_EQ((StackFrameX86::CONTEXT_VALID_EIP
|
|
|
|
|
@@ -548,10 +585,14 @@ TEST_F(GetCallerFrame, WindowsFrameDataParameterSize) {
|
|
|
|
|
EXPECT_EQ(0x5000aa85U, frame1->function_base);
|
|
|
|
|
ASSERT_TRUE(frame1->windows_frame_info != NULL);
|
|
|
|
|
EXPECT_EQ(WindowsFrameInfo::VALID_ALL, frame1->windows_frame_info->valid);
|
|
|
|
|
EXPECT_EQ(WindowsFrameInfo::STACK_INFO_FRAME_DATA,
|
|
|
|
|
frame1->windows_frame_info->type_);
|
|
|
|
|
// This should not see the 0xbeef parameter size from the FUNC
|
|
|
|
|
// record, but should instead see the STACK WIN record.
|
|
|
|
|
EXPECT_EQ(4U, frame1->windows_frame_info->parameter_size);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
{ // To avoid reusing locals by mistake
|
|
|
|
|
StackFrameX86 *frame2 = static_cast<StackFrameX86 *>(frames->at(2));
|
|
|
|
|
EXPECT_EQ(StackFrame::FRAME_TRUST_CFI, frame2->trust);
|
|
|
|
|
ASSERT_EQ((StackFrameX86::CONTEXT_VALID_EIP
|
|
|
|
|
@@ -567,6 +608,7 @@ TEST_F(GetCallerFrame, WindowsFrameDataParameterSize) {
|
|
|
|
|
EXPECT_EQ(NULL, frame2->module);
|
|
|
|
|
EXPECT_EQ(NULL, frame2->windows_frame_info);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Use Windows frame data (a "STACK WIN 4" record, from a
|
|
|
|
|
// FrameTypeFrameData DIA record) to walk a stack frame, where the
|
|
|
|
|
@@ -600,6 +642,7 @@ TEST_F(GetCallerFrame, WindowsFrameDataScan) {
|
|
|
|
|
frames = call_stack.frames();
|
|
|
|
|
ASSERT_EQ(2U, frames->size());
|
|
|
|
|
|
|
|
|
|
{ // To avoid reusing locals by mistake
|
|
|
|
|
StackFrameX86 *frame0 = static_cast<StackFrameX86 *>(frames->at(0));
|
|
|
|
|
EXPECT_EQ(StackFrame::FRAME_TRUST_CONTEXT, frame0->trust);
|
|
|
|
|
ASSERT_EQ(StackFrameX86::CONTEXT_VALID_ALL, frame0->context_validity);
|
|
|
|
|
@@ -608,7 +651,9 @@ TEST_F(GetCallerFrame, WindowsFrameDataScan) {
|
|
|
|
|
EXPECT_EQ(stack_section.start().Value(), frame0->context.esp);
|
|
|
|
|
EXPECT_EQ(0x2ae314cdU, frame0->context.ebp);
|
|
|
|
|
EXPECT_TRUE(frame0->windows_frame_info != NULL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
{ // To avoid reusing locals by mistake
|
|
|
|
|
StackFrameX86 *frame1 = static_cast<StackFrameX86 *>(frames->at(1));
|
|
|
|
|
EXPECT_EQ(StackFrame::FRAME_TRUST_SCAN, frame1->trust);
|
|
|
|
|
// I'd argue that CONTEXT_VALID_EBP shouldn't be here, since the walker
|
|
|
|
|
@@ -624,6 +669,7 @@ TEST_F(GetCallerFrame, WindowsFrameDataScan) {
|
|
|
|
|
EXPECT_EQ(frame1_esp.Value(), frame1->context.esp);
|
|
|
|
|
EXPECT_TRUE(frame1->windows_frame_info != NULL);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Use Windows frame data (a "STACK WIN 4" record, from a
|
|
|
|
|
// FrameTypeFrameData DIA record) to walk a stack frame, where the
|
|
|
|
|
@@ -679,6 +725,7 @@ TEST_F(GetCallerFrame, WindowsFrameDataBadEIPScan) {
|
|
|
|
|
frames = call_stack.frames();
|
|
|
|
|
ASSERT_EQ(2U, frames->size());
|
|
|
|
|
|
|
|
|
|
{ // To avoid reusing locals by mistake
|
|
|
|
|
StackFrameX86 *frame0 = static_cast<StackFrameX86 *>(frames->at(0));
|
|
|
|
|
EXPECT_EQ(StackFrame::FRAME_TRUST_CONTEXT, frame0->trust);
|
|
|
|
|
ASSERT_EQ(StackFrameX86::CONTEXT_VALID_ALL, frame0->context_validity);
|
|
|
|
|
@@ -687,7 +734,9 @@ TEST_F(GetCallerFrame, WindowsFrameDataBadEIPScan) {
|
|
|
|
|
EXPECT_EQ(stack_section.start().Value(), frame0->context.esp);
|
|
|
|
|
EXPECT_EQ(frame0_ebp.Value(), frame0->context.ebp);
|
|
|
|
|
EXPECT_TRUE(frame0->windows_frame_info != NULL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
{ // To avoid reusing locals by mistake
|
|
|
|
|
StackFrameX86 *frame1 = static_cast<StackFrameX86 *>(frames->at(1));
|
|
|
|
|
EXPECT_EQ(StackFrame::FRAME_TRUST_CFI_SCAN, frame1->trust);
|
|
|
|
|
// I'd argue that CONTEXT_VALID_EBP shouldn't be here, since the
|
|
|
|
|
@@ -704,6 +753,7 @@ TEST_F(GetCallerFrame, WindowsFrameDataBadEIPScan) {
|
|
|
|
|
EXPECT_EQ(frame1_ebp.Value(), frame1->context.ebp);
|
|
|
|
|
EXPECT_TRUE(frame1->windows_frame_info != NULL);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Use Windows FrameTypeFPO data to walk a stack frame for a function that
|
|
|
|
|
// does not modify %ebp from the value it had in the caller.
|
|
|
|
|
@@ -742,6 +792,7 @@ TEST_F(GetCallerFrame, WindowsFPOUnchangedEBP) {
|
|
|
|
|
frames = call_stack.frames();
|
|
|
|
|
ASSERT_EQ(2U, frames->size());
|
|
|
|
|
|
|
|
|
|
{ // To avoid reusing locals by mistake
|
|
|
|
|
StackFrameX86 *frame0 = static_cast<StackFrameX86 *>(frames->at(0));
|
|
|
|
|
EXPECT_EQ(StackFrame::FRAME_TRUST_CONTEXT, frame0->trust);
|
|
|
|
|
ASSERT_EQ(StackFrameX86::CONTEXT_VALID_ALL, frame0->context_validity);
|
|
|
|
|
@@ -756,8 +807,12 @@ TEST_F(GetCallerFrame, WindowsFPOUnchangedEBP) {
|
|
|
|
|
// produced a fully populated WindowsFrameInfo structure.
|
|
|
|
|
ASSERT_TRUE(frame0->windows_frame_info != NULL);
|
|
|
|
|
EXPECT_EQ(WindowsFrameInfo::VALID_ALL, frame0->windows_frame_info->valid);
|
|
|
|
|
EXPECT_EQ(WindowsFrameInfo::STACK_INFO_FPO,
|
|
|
|
|
frame0->windows_frame_info->type_);
|
|
|
|
|
EXPECT_EQ(0x10U, frame0->windows_frame_info->local_size);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
{ // To avoid reusing locals by mistake
|
|
|
|
|
StackFrameX86 *frame1 = static_cast<StackFrameX86 *>(frames->at(1));
|
|
|
|
|
EXPECT_EQ(StackFrame::FRAME_TRUST_CFI, frame1->trust);
|
|
|
|
|
ASSERT_EQ((StackFrameX86::CONTEXT_VALID_EIP
|
|
|
|
|
@@ -772,6 +827,7 @@ TEST_F(GetCallerFrame, WindowsFPOUnchangedEBP) {
|
|
|
|
|
EXPECT_EQ("", frame1->function_name);
|
|
|
|
|
EXPECT_EQ(NULL, frame1->windows_frame_info);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Use Windows FrameTypeFPO data to walk a stack frame for a function
|
|
|
|
|
// that uses %ebp for its own purposes, saving the value it had in the
|
|
|
|
|
@@ -812,6 +868,7 @@ TEST_F(GetCallerFrame, WindowsFPOUsedEBP) {
|
|
|
|
|
frames = call_stack.frames();
|
|
|
|
|
ASSERT_EQ(2U, frames->size());
|
|
|
|
|
|
|
|
|
|
{ // To avoid reusing locals by mistake
|
|
|
|
|
StackFrameX86 *frame0 = static_cast<StackFrameX86 *>(frames->at(0));
|
|
|
|
|
EXPECT_EQ(StackFrame::FRAME_TRUST_CONTEXT, frame0->trust);
|
|
|
|
|
ASSERT_EQ(StackFrameX86::CONTEXT_VALID_ALL, frame0->context_validity);
|
|
|
|
|
@@ -826,9 +883,13 @@ TEST_F(GetCallerFrame, WindowsFPOUsedEBP) {
|
|
|
|
|
// produced a fully populated WindowsFrameInfo structure.
|
|
|
|
|
ASSERT_TRUE(frame0->windows_frame_info != NULL);
|
|
|
|
|
EXPECT_EQ(WindowsFrameInfo::VALID_ALL, frame0->windows_frame_info->valid);
|
|
|
|
|
EXPECT_EQ(WindowsFrameInfo::STACK_INFO_FPO,
|
|
|
|
|
frame0->windows_frame_info->type_);
|
|
|
|
|
EXPECT_EQ("", frame0->windows_frame_info->program_string);
|
|
|
|
|
EXPECT_TRUE(frame0->windows_frame_info->allocates_base_pointer);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
{ // To avoid reusing locals by mistake
|
|
|
|
|
StackFrameX86 *frame1 = static_cast<StackFrameX86 *>(frames->at(1));
|
|
|
|
|
EXPECT_EQ(StackFrame::FRAME_TRUST_CFI, frame1->trust);
|
|
|
|
|
ASSERT_EQ((StackFrameX86::CONTEXT_VALID_EIP
|
|
|
|
|
@@ -843,6 +904,153 @@ TEST_F(GetCallerFrame, WindowsFPOUsedEBP) {
|
|
|
|
|
EXPECT_EQ("", frame1->function_name);
|
|
|
|
|
EXPECT_EQ(NULL, frame1->windows_frame_info);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// This is a regression unit test which covers a bug which has to do with
|
|
|
|
|
// FPO-optimized Windows system call stubs in the context frame. There is
|
|
|
|
|
// a more recent Windows system call dispatch mechanism which differs from
|
|
|
|
|
// the one which is being tested here. The newer system call dispatch
|
|
|
|
|
// mechanism creates an extra context frame (KiFastSystemCallRet).
|
|
|
|
|
TEST_F(GetCallerFrame, WindowsFPOSystemCall) {
|
|
|
|
|
SetModuleSymbols(&module3, // ntdll.dll
|
|
|
|
|
"PUBLIC 1f8ac c ZwWaitForSingleObject\n"
|
|
|
|
|
"STACK WIN 0 1f8ac 1b 0 0 c 0 0 0 0 0\n");
|
|
|
|
|
SetModuleSymbols(&module4, // kernelbase.dll
|
|
|
|
|
"PUBLIC 109f9 c WaitForSingleObjectEx\n"
|
|
|
|
|
"PUBLIC 36590 0 _except_handler4\n"
|
|
|
|
|
"STACK WIN 4 109f9 df c 0 c c 48 0 1 $T0 $ebp = $eip "
|
|
|
|
|
"$T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L "
|
|
|
|
|
"$T0 .cbSavedRegs - = $P $T0 8 + .cbParams + =\n"
|
|
|
|
|
"STACK WIN 4 36590 154 17 0 10 0 14 0 1 $T0 $ebp = $eip "
|
|
|
|
|
"$T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 "
|
|
|
|
|
".cbSavedRegs - = $P $T0 8 + .cbParams + =\n");
|
|
|
|
|
SetModuleSymbols(&module5, // kernel32.dll
|
|
|
|
|
"PUBLIC 11136 8 WaitForSingleObject\n"
|
|
|
|
|
"PUBLIC 11151 c WaitForSingleObjectExImplementation\n"
|
|
|
|
|
"STACK WIN 4 11136 16 5 0 8 0 0 0 1 $T0 $ebp = $eip "
|
|
|
|
|
"$T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L "
|
|
|
|
|
"$T0 .cbSavedRegs - = $P $T0 8 + .cbParams + =\n"
|
|
|
|
|
"STACK WIN 4 11151 7a 5 0 c 0 0 0 1 $T0 $ebp = $eip "
|
|
|
|
|
"$T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L "
|
|
|
|
|
"$T0 .cbSavedRegs - = $P $T0 8 + .cbParams + =\n");
|
|
|
|
|
SetModuleSymbols(&module6, // chrome.dll
|
|
|
|
|
"FILE 7038 some_file_name.h\n"
|
|
|
|
|
"FILE 839776 some_file_name.cc\n"
|
|
|
|
|
"FUNC 217fda 17 4 function_217fda\n"
|
|
|
|
|
"217fda 4 102 839776\n"
|
|
|
|
|
"FUNC 217ff1 a 4 function_217ff1\n"
|
|
|
|
|
"217ff1 0 594 7038\n"
|
|
|
|
|
"217ff1 a 596 7038\n"
|
|
|
|
|
"STACK WIN 0 217ff1 a 0 0 4 0 0 0 0 0\n");
|
|
|
|
|
|
|
|
|
|
Label frame0_esp, frame1_esp;
|
|
|
|
|
Label frame1_ebp, frame2_ebp, frame3_ebp;
|
|
|
|
|
stack_section.start() = 0x002ff290;
|
|
|
|
|
stack_section
|
|
|
|
|
.Mark(&frame0_esp)
|
|
|
|
|
.D32(0x771ef8c1) // EIP in frame 0 (system call)
|
|
|
|
|
.D32(0x75fa0a91) // return address of frame 0
|
|
|
|
|
.Mark(&frame1_esp)
|
|
|
|
|
.D32(0x000017b0) // args to child
|
|
|
|
|
.D32(0x00000000)
|
|
|
|
|
.D32(0x002ff2d8)
|
|
|
|
|
.D32(0x88014a2e)
|
|
|
|
|
.D32(0x002ff364)
|
|
|
|
|
.D32(0x000017b0)
|
|
|
|
|
.D32(0x00000000)
|
|
|
|
|
.D32(0x00000024)
|
|
|
|
|
.D32(0x00000001)
|
|
|
|
|
.D32(0x00000000)
|
|
|
|
|
.D32(0x00000000)
|
|
|
|
|
.D32(0x00000000)
|
|
|
|
|
.D32(0x00000000)
|
|
|
|
|
.D32(0x00000000)
|
|
|
|
|
.D32(0x00000000)
|
|
|
|
|
.D32(0x00000000)
|
|
|
|
|
.D32(0x9e3b9800)
|
|
|
|
|
.D32(0xfffffff7)
|
|
|
|
|
.D32(0x00000000)
|
|
|
|
|
.D32(0x002ff2a4)
|
|
|
|
|
.D32(0x64a07ff1) // random value to be confused with a return address
|
|
|
|
|
.D32(0x002ff8dc)
|
|
|
|
|
.D32(0x75fc6590) // random value to be confused with a return address
|
|
|
|
|
.D32(0xfdd2c6ea)
|
|
|
|
|
.D32(0x00000000)
|
|
|
|
|
.Mark(&frame1_ebp)
|
|
|
|
|
.D32(frame2_ebp) // Child EBP
|
|
|
|
|
.D32(0x75741194) // return address of frame 1
|
|
|
|
|
.D32(0x000017b0) // args to child
|
|
|
|
|
.D32(0x0036ee80)
|
|
|
|
|
.D32(0x00000000)
|
|
|
|
|
.D32(0x65bc7d14)
|
|
|
|
|
.Mark(&frame2_ebp)
|
|
|
|
|
.D32(frame3_ebp) // Child EBP
|
|
|
|
|
.D32(0x75741148) // return address of frame 2
|
|
|
|
|
.D32(0x000017b0) // args to child
|
|
|
|
|
.D32(0x0036ee80)
|
|
|
|
|
.D32(0x00000000)
|
|
|
|
|
.Mark(&frame3_ebp)
|
|
|
|
|
.D32(0) // saved %ebp (stack end)
|
|
|
|
|
.D32(0); // saved %eip (stack end)
|
|
|
|
|
|
|
|
|
|
RegionFromSection();
|
|
|
|
|
raw_context.eip = 0x771ef8c1; // in ntdll::ZwWaitForSingleObject
|
|
|
|
|
raw_context.esp = stack_section.start().Value();
|
|
|
|
|
ASSERT_TRUE(raw_context.esp == frame0_esp.Value());
|
|
|
|
|
raw_context.ebp = frame1_ebp.Value();
|
|
|
|
|
|
|
|
|
|
StackwalkerX86 walker(&system_info, &raw_context, &stack_region, &modules,
|
|
|
|
|
&supplier, &resolver);
|
|
|
|
|
ASSERT_TRUE(walker.Walk(&call_stack));
|
|
|
|
|
frames = call_stack.frames();
|
|
|
|
|
|
|
|
|
|
ASSERT_EQ(4U, frames->size());
|
|
|
|
|
|
|
|
|
|
{ // To avoid reusing locals by mistake
|
|
|
|
|
StackFrameX86 *frame0 = static_cast<StackFrameX86 *>(frames->at(0));
|
|
|
|
|
EXPECT_EQ(StackFrame::FRAME_TRUST_CONTEXT, frame0->trust);
|
|
|
|
|
ASSERT_EQ(StackFrameX86::CONTEXT_VALID_ALL, frame0->context_validity);
|
|
|
|
|
EXPECT_EQ(0x771ef8c1U, frame0->instruction);
|
|
|
|
|
EXPECT_EQ(0x771ef8c1U, frame0->context.eip);
|
|
|
|
|
EXPECT_EQ(frame0_esp.Value(), frame0->context.esp);
|
|
|
|
|
EXPECT_EQ(frame1_ebp.Value(), frame0->context.ebp);
|
|
|
|
|
EXPECT_EQ(&module3, frame0->module);
|
|
|
|
|
EXPECT_EQ("ZwWaitForSingleObject", frame0->function_name);
|
|
|
|
|
// The STACK WIN record for module3!ZwWaitForSingleObject should have
|
|
|
|
|
// produced a fully populated WindowsFrameInfo structure.
|
|
|
|
|
ASSERT_TRUE(frame0->windows_frame_info != NULL);
|
|
|
|
|
EXPECT_EQ(WindowsFrameInfo::VALID_ALL, frame0->windows_frame_info->valid);
|
|
|
|
|
EXPECT_EQ(WindowsFrameInfo::STACK_INFO_FPO,
|
|
|
|
|
frame0->windows_frame_info->type_);
|
|
|
|
|
EXPECT_EQ("", frame0->windows_frame_info->program_string);
|
|
|
|
|
EXPECT_FALSE(frame0->windows_frame_info->allocates_base_pointer);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
{ // To avoid reusing locals by mistake
|
|
|
|
|
StackFrameX86 *frame1 = static_cast<StackFrameX86 *>(frames->at(1));
|
|
|
|
|
EXPECT_EQ(StackFrame::FRAME_TRUST_CFI, frame1->trust);
|
|
|
|
|
ASSERT_EQ((StackFrameX86::CONTEXT_VALID_EIP
|
|
|
|
|
| StackFrameX86::CONTEXT_VALID_ESP
|
|
|
|
|
| StackFrameX86::CONTEXT_VALID_EBP),
|
|
|
|
|
frame1->context_validity);
|
|
|
|
|
EXPECT_EQ(0x75fa0a91U, frame1->instruction + 1);
|
|
|
|
|
EXPECT_EQ(0x75fa0a91U, frame1->context.eip);
|
|
|
|
|
EXPECT_EQ(frame1_esp.Value(), frame1->context.esp);
|
|
|
|
|
EXPECT_EQ(frame1_ebp.Value(), frame1->context.ebp);
|
|
|
|
|
EXPECT_EQ(&module4, frame1->module);
|
|
|
|
|
EXPECT_EQ("WaitForSingleObjectEx", frame1->function_name);
|
|
|
|
|
// The STACK WIN record for module4!WaitForSingleObjectEx should have
|
|
|
|
|
// produced a fully populated WindowsFrameInfo structure.
|
|
|
|
|
ASSERT_TRUE(frame1->windows_frame_info != NULL);
|
|
|
|
|
EXPECT_EQ(WindowsFrameInfo::VALID_ALL, frame1->windows_frame_info->valid);
|
|
|
|
|
EXPECT_EQ(WindowsFrameInfo::STACK_INFO_FRAME_DATA,
|
|
|
|
|
frame1->windows_frame_info->type_);
|
|
|
|
|
EXPECT_EQ("$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L "
|
|
|
|
|
"$T0 .cbSavedRegs - = $P $T0 8 + .cbParams + =",
|
|
|
|
|
frame1->windows_frame_info->program_string);
|
|
|
|
|
EXPECT_FALSE(frame1->windows_frame_info->allocates_base_pointer);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
struct CFIFixture: public StackwalkerX86Fixture {
|
|
|
|
|
CFIFixture() {
|
|
|
|
|
@@ -897,6 +1105,7 @@ struct CFIFixture: public StackwalkerX86Fixture {
|
|
|
|
|
frames = call_stack.frames();
|
|
|
|
|
ASSERT_EQ(2U, frames->size());
|
|
|
|
|
|
|
|
|
|
{ // To avoid reusing locals by mistake
|
|
|
|
|
StackFrameX86 *frame0 = static_cast<StackFrameX86 *>(frames->at(0));
|
|
|
|
|
EXPECT_EQ(StackFrame::FRAME_TRUST_CONTEXT, frame0->trust);
|
|
|
|
|
ASSERT_EQ(StackFrameX86::CONTEXT_VALID_ALL, frame0->context_validity);
|
|
|
|
|
@@ -906,7 +1115,9 @@ struct CFIFixture: public StackwalkerX86Fixture {
|
|
|
|
|
ASSERT_EQ(WindowsFrameInfo::VALID_PARAMETER_SIZE,
|
|
|
|
|
frame0->windows_frame_info->valid);
|
|
|
|
|
ASSERT_TRUE(frame0->cfi_frame_info != NULL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
{ // To avoid reusing locals by mistake
|
|
|
|
|
StackFrameX86 *frame1 = static_cast<StackFrameX86 *>(frames->at(1));
|
|
|
|
|
EXPECT_EQ(StackFrame::FRAME_TRUST_CFI, frame1->trust);
|
|
|
|
|
ASSERT_EQ((StackFrameX86::CONTEXT_VALID_EIP |
|
|
|
|
|
@@ -924,6 +1135,7 @@ struct CFIFixture: public StackwalkerX86Fixture {
|
|
|
|
|
EXPECT_EQ(expected.edi, frame1->context.edi);
|
|
|
|
|
EXPECT_EQ("epictetus", frame1->function_name);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// The values the stack walker should find for the caller's registers.
|
|
|
|
|
MDRawContextX86 expected;
|
|
|
|
|
|
ivan.penkov@gmail.com