技术宅的结界

 找回密码
 立即注册→加入我们

QQ登录

只需一步,快速开始

搜索
热搜: 下载 VB C 实现 编写
查看: 1077|回复: 0
收起左侧

实现windbg查看错误信息插件

[复制链接]

273

主题

451

帖子

4870

积分

用户组: 真·技术宅

UID
2
精华
61
威望
148 点
宅币
3687 个
贡献
131 次
宅之契约
0 份
在线时间
623 小时
注册时间
2014-1-25
发表于 2015-11-18 23:54:57 | 显示全部楼层 |阅读模式

欢迎访问技术宅的结界,请注册或者登录吧。

您需要 登录 才可以下载或查看,没有帐号?立即注册→加入我们

x
vs有个实用程序是 错误查找,可以显示错误值信息,windbg也有,然而却不好使,内核错误显示不出,不明白为啥越能提供方便的功能微软越做不好

下面是我写的插件用例:
0:000> !err
usage: !err [-c code][-l]
        Default code is $retreg;        l stands for Api LastError
example:!err -c C0000001                !err        !err -l
Kernel ErrorCode:
        MessageId:STATUS_UNSUCCESSFUL
        MesageText:{Operation Failed} The requested operation was unsuccessful.
0:000> reax=c0000002
0:000> !err
usage: !err [-c code][-l]
        Default code is $retreg;        l stands for Api LastError
example:!err -c C0000001                !err        !err -l
Kernel ErrorCode:
        MessageId:STATUS_NOT_IMPLEMENTED
        MesageText:{Not Implemented} The requested operation is not implemented.
0:000> !err -c 5
usage: !err [-c code][-l]
        Default code is $retreg;        l stands for Api LastError
example:!err -c C0000001                !err        !err -l
Windows ErrorCode:
        MessageId:ERROR_ACCESS_DENIED
        MesageText:Access is denied.
0:000> eb @@(&(_TEB*)(@$teb)->LastErrorValue) 6
0:000> !err -l
usage: !err [-c code][-l]
        Default code is $retreg;        l stands for Api LastError
example:!err -c C0000001                !err        !err -l
Windows ErrorCode:
        MessageId:ERROR_INVALID_HANDLE
        MesageText:The handle is invalid.

注意,!err可以根据参数解析指定错误号、GetLastError()错误号、Eax错误号

[C++] 纯文本查看 复制代码

ERRORINFO data1[]=//应用层
{
	{0, "ERROR_SUCCESS", "The operation completed successfully."},
	{1, "ERROR_INVALID_FUNCTION", "Incorrect function."},    // dderror
	{2, "ERROR_FILE_NOT_FOUND", "The system cannot find the file specified."},
	{3, "ERROR_PATH_NOT_FOUND", "The system cannot find the path specified."},
	{4, "ERROR_TOO_MANY_OPEN_FILES", "The system cannot open the file."}
	。。。。。。。。。。。。。。。。。
ERRORINFO data2[]=//内核层
{
	{0x00000000, "STATUS_WAIT_0", "STATUS_WAIT_0"},
	{0x00000001, "STATUS_WAIT_1", "STATUS_WAIT_1"},
	{0x00000002, "STATUS_WAIT_2", "STATUS_WAIT_2"},
	{0x00000003, "STATUS_WAIT_3", "STATUS_WAIT_3"},
	{0x0000003F, "STATUS_WAIT_63", "STATUS_WAIT_63"},
	{0x00000080, "STATUS_ABANDONED", "The success status codes 128 - 191 are reserved for wait completion status with an abandoned mutant object."},
	{0x00000080, "STATUS_ABANDONED_WAIT_0", "STATUS_ABANDONED_WAIT_0"},
	{0x000000BF, "STATUS_ABANDONED_WAIT_63", "STATUS_ABANDONED_WAIT_63"},

#include "DbgEng.h"
#include "errors.h"
#include <windows.h>

int GetOnlyParamVal(PCSTR& begin, PCSTR& end);

HRESULT CALLBACK
err(PDEBUG_CLIENT pDebugClient, PCSTR args)
{
	IDebugControl* pDebugControl;

	if (SUCCEEDED(pDebugClient->QueryInterface(__uuidof(IDebugControl), (void **)&pDebugControl)))
	{
		HRESULT result = 0;
		pDebugControl->Output(DEBUG_OUTPUT_NORMAL, "usage: !err [-c code][-l]\n");//不指定参数则自动判断内核态用户态错误
		pDebugControl->Output(DEBUG_OUTPUT_NORMAL, "\tDefault code is $retreg;	l stands for Api LastError\n");
		pDebugControl->Output(DEBUG_OUTPUT_NORMAL, "example:!err -c C0000001		!err	!err -l\n");

		ULONG ErrorCode = -1;
		DEBUG_VALUE value;

		PCSTR a;
		if (a = strstr(args, "-c"))
		{
			char exp[256]="";
			a += 2;
			PCSTR begin = a, end = a;
			int len = GetOnlyParamVal(begin, end);
			strncpy(exp, begin, len);
			exp[len] = '\0';
			if (SUCCEEDED(pDebugControl->Evaluate(exp, DEBUG_VALUE_INT32, &value, NULL)))
			{
				ErrorCode = value.I32;
			}
		}
		else if (strstr(args, "-l"))
		{
			if (SUCCEEDED(pDebugControl->Evaluate("@@((_TEB*)(@$teb)->LastErrorValue)", DEBUG_VALUE_INT32, &value, NULL)))
			{
				ErrorCode = value.I32;
			}
		}
		else
		{
			if (SUCCEEDED(pDebugControl->Evaluate("$retreg ", DEBUG_VALUE_INT32, &value, NULL)))
			{
				ErrorCode = value.I32;
			}
		}

		if (ErrorCode != -1)
		{
			int i;
			for (i = 0; i < sizeof(data1) / sizeof(data1[0]); i++)
			{
				if (ErrorCode == data1[i].ErrorCode)
				{
					pDebugControl->Output(DEBUG_OUTPUT_NORMAL, "Windows ErrorCode:\n\tMessageId:%s\n\tMesageText:%s\n",
						data1[i].MessageId, data1[i].MessageText);
				}
			}
			for (i = 0; i < sizeof(data2) / sizeof(data2[0]); i++)
			{
				if (ErrorCode == data2[i].ErrorCode)
				{
					pDebugControl->Output(DEBUG_OUTPUT_NORMAL, "Kernel ErrorCode:\n\tMessageId:%s\n\tMesageText:%s\n",
						data2[i].MessageId, data2[i].MessageText);
				}
			}
		}
		else
		{
			pDebugControl->Output(DEBUG_OUTPUT_NORMAL, "Cannot find this error value!\n");
		}
	}
	pDebugControl->Release();
	return S_OK;
}

回复

使用道具 举报

本版积分规则

QQ|申请友链||Archiver|手机版|小黑屋|技术宅的结界 ( 滇ICP备16008837号 )|网站地图  

GMT+8, 2020-7-16 12:28 , Processed in 0.088556 second(s), 29 queries , Gzip On.

Powered by Discuz! X3.4

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表