Tuesday, September 25, 2018

A vnode pager and a shared libraries cache.

A step by step description to find a vnode backing a memory mapping for a particular address. Lets find a vnode behind 0x0007fff51b41000 address which according to vmmap output belongs to /usr/lib/libSystem.B.dylib mapping for a __TEXT segment
Let's locate a task, ping in this case.
(lldb) showalltasks
task                 vm_map               ipc_space            #acts flags    pid       process             io_policy  wq_state  command             
....
0xffffff803e0ce7a0   0xffffff803e957200   0xffffff803e93a9c0       1 D        594   0xffffff803fc986d0                -1 -1 -1    ping
Next we inspect its ```vmmap``
(lldb) showmapvme 0xffffff803e957200
vm_map             pmap               size                    #ents              rsize              start:end               
0xffffff803e957200 0xffffff803e954c90 0x00000001051cd000         37                202 0x00000001087f3000:0x00007fffffe00000
entry                           start:end                      #pgs tag.kmod prot&flags object             offset            
0xffffff803eb47640 0x00000001087f3000:0x00000001087f9000          6   0      57         0xffffff8045dd5700 0x0               
0xffffff803eb47910 0x00000001087f9000:0x00000001087fa000          1   0      37         0xffffff8044538800 0x0               
0xffffff803eb47050 0x00000001087fa000:0x000000010880a000         16   0      37         0xffffff8044538000 0x0               
0xffffff803f789550 0x000000010880a000:0x000000010880e000          4   0      17n        0xffffff8044538500 0x7000            
0xffffff803f789be0 0x000000010880e000:0x0000000108810000          2  73      37         0xffffff8044538200 0x0               
0xffffff803ef8e550 0x0000000108810000:0x0000000108811000          1   1      17n        0xffffff8044538900 0x0               
0xffffff803ad2b320 0x0000000108811000:0x0000000108812000          1   1      37n        0xffffff8044538900 0x1000            
0xffffff803f789e10 0x0000000108812000:0x0000000108813000          1   1      07         0xffffff8044538900 0x2000            
0xffffff803690c820 0x0000000108813000:0x0000000108817000          4   1      37n        0xffffff8044538900 0x3000            
0xffffff803f789000 0x0000000108817000:0x0000000108818000          1   1      07         0xffffff8044538900 0x7000            
0xffffff803690ca00 0x0000000108818000:0x0000000108819000          1   1      07         0x0000000000000000 0x0               
0xffffff803ef8eb90 0x0000000108819000:0x000000010881d000          4   1      37n        0xffffff8044538100 0x0               
0xffffff803ef8e230 0x000000010881d000:0x000000010881e000          1   1      07         0x0000000000000000 0x5000            
0xffffff80367b6140 0x000000010881e000:0x000000010881f000          1   1      17         0xffffff8044538a00 0x0               
0xffffff803d1e72d0 0x000000010881f000:0x0000000108820000          1   0      13         0xffffff80368b8400 0x0               
------------------ 0x0000000108820000:0x000000011852a000      64778
0xffffff803f789230 0x000000011852a000:0x0000000118575000         75   0      57         0xffffff8045dd5b00 0x0               
0xffffff803f789dc0 0x0000000118575000:0x0000000118578000          3   0      37         0xffffff8044538700 0x0               
0xffffff803f7895f0 0x0000000118578000:0x00000001185ad000         53   0      37         0xffffff8044538400 0x0               
0xffffff803f7895a0 0x00000001185ad000:0x00000001185c8000         27   0      17n        0xffffff8035f2e300 0x4f000           
------------------ 0x00000001185c8000:0x00007fb925c00000 34284295736
0xffffff80367b6230 0x00007fb925c00000:0x00007fb925d00000        256   7      37n        0xffffff8044538b00 0x0               
0xffffff803d1e7320 0x00007fb925d00000:0x00007fb925e00000        256   7      37n        0xffffff8044537f00 0x0               
0xffffff803f9ee3c0 0x00007fb925e00000:0x00007fb925f00000        256   7      37         0xffffff8044537e00 0x0               
------------------ 0x00007fb925f00000:0x00007fb926000000        256
0xffffff803ad2bd70 0x00007fb926000000:0x00007fb926800000       2048   2      37         0xffffff8044538c00 0x0               
0xffffff803f9eeaf0 0x00007fb926800000:0x00007fb927000000       2048   2      37n        0xffffff8044537200 0x0               
------------------ 0x00007fb927000000:0x00007ffee340d000   73122829
0xffffff803f789730 0x00007ffee340d000:0x00007ffee6c0d000      14336  30      07         0x0000000000000000 0x0               
0xffffff803f789a50 0x00007ffee6c0d000:0x00007ffee740d000       2048  30      37         0xffffff8044538600 0x0               
------------------ 0x00007ffee740d000:0x00007fff00000000     101363
0xffffff803f789d20 0x00007fff00000000:0x00007fff80000000     524288  32      17snp      submap:0xffffff8035fa3600 0x0               
0xffffff803ad2b000 0x00007fff80000000:0x00007fff8be00000      48640  35      17sn       submap:0xffffff8035fa3600 0x80000000        
0xffffff803ad2b2d0 0x00007fff8be00000:0x00007fff8c000000        512  35      37         0xffffff8044538e00 0x0               
0xffffff803ad2b780 0x00007fff8c000000:0x00007fff8c200000        512  35      17sn       submap:0xffffff8035fa3600 0x8c000000        
0xffffff803ad2b280 0x00007fff8c200000:0x00007fff8c400000        512  35      37         0xffffff8044538f00 0x0               
0xffffff803f7899b0 0x00007fff8c400000:0x00007fff8c600000        512  35      37         0xffffff8044538d00 0x0               
0xffffff803f789d70 0x00007fff8c600000:0x00007fff8c69b000        155  35      37         0xffffff8044538300 0x0               
0xffffff803f789960 0x00007fff8c69b000:0x00007fffc0000000     211301  35      17sn       submap:0xffffff8035fa3600 0x8c69b000        
0xffffff803f789aa0 0x00007fffc0000000:0x00007fffffe00000     261632  32      17snp      submap:0xffffff8035fa3600 0xc0000000        
0xffffff803f789fa0 0x00007fffffe00000:0x00007fffffe01000          1   0      11s        submap:0xffffff802d4e1a20 0x0               
------------------ 0x00007fffffe01000:0x00007fffffeb6000        181
0xffffff803f7892d0 0x00007fffffeb6000:0x00007fffffeb7000          1   0      55s        submap:0xffffff802d4e1c20 0x0
The address we are looking for belongs to a range backed by a submap 0xffffff8035fa3600. Let's inspect this submap.
(lldb) showmapvme -v 0xffffff8035fa3600
vm_map             pmap               size                    #ents              rsize              start:end               
0xffffff8035fa3600 0xffffff80353d9598 0x0000000045704000         62              34581 0x0000000000000000:0x00000000ffe00000
entry                           start:end                      #pgs tag.kmod prot&flags object             offset            
------------------ 0x0000000000000000:0x0000000024192000     147858
0xffffff8036052780 0x0000000024192000:0x000000005421f000     196749   0      55n        0xffffff8035fa4500 0x0               
------------------ 0x000000005421f000:0x0000000084192000     196467
0xffffff803b1f9690 0x0000000084192000:0x0000000084200000        110   0      33n        0xffffff8035fa4500 0x3008d000        
0xffffff803b1f9f50 0x0000000084200000:0x0000000084400000        512   0      33n        0xffffff8035fa4500 0x300fb000        
0xffffff803621f960 0x0000000084400000:0x0000000084600000        512   0      33n        0xffffff8035fa4500 0x302fb000        
0xffffff803b24baa0 0x0000000084600000:0x0000000084800000        512   0      33n        0xffffff8035fa4500 0x304fb000        
0xffffff803b24bb40 0x0000000084800000:0x0000000084a00000        512   0      33n        0xffffff8035fa4500 0x306fb000        
0xffffff803b24b910 0x0000000084a00000:0x0000000085400000       2560   0      33n        0xffffff8035fa4500 0x308fb000        
0xffffff803b24b8c0 0x0000000085400000:0x0000000085600000        512   0      33n        0xffffff8035fa4500 0x312fb000        
0xffffff8036b19410 0x0000000085600000:0x0000000085800000        512   0      33n        0xffffff8035fa4500 0x314fb000        
0xffffff803c9b10f0 0x0000000085800000:0x0000000085a00000        512   0      33n        0xffffff8035fa4500 0x316fb000        
0xffffff803621fb40 0x0000000085a00000:0x0000000085c00000        512   0      33n        0xffffff8035fa4500 0x318fb000        
0xffffff803621f690 0x0000000085c00000:0x0000000085e00000        512   0      33n        0xffffff8035fa4500 0x31afb000        
0xffffff80361cbc80 0x0000000085e00000:0x0000000086000000        512   0      33n        0xffffff8035fa4500 0x31cfb000        
0xffffff803621f370 0x0000000086000000:0x0000000086200000        512   0      33n        0xffffff8035fa4500 0x31efb000        
0xffffff803621f6e0 0x0000000086200000:0x0000000086400000        512   0      33n        0xffffff8035fa4500 0x320fb000        
0xffffff803621f0f0 0x0000000086400000:0x0000000086600000        512   0      33n        0xffffff8035fa4500 0x322fb000        
0xffffff8036052d20 0x0000000086600000:0x0000000086800000        512   0      33n        0xffffff8035fa4500 0x324fb000        
0xffffff803b24b9b0 0x0000000086800000:0x0000000086e00000       1536   0      33n        0xffffff8035fa4500 0x326fb000        
0xffffff8037bd0f00 0x0000000086e00000:0x0000000087000000        512   0      33n        0xffffff8035fa4500 0x32cfb000        
0xffffff8037fb1dc0 0x0000000087000000:0x0000000087200000        512   0      33n        0xffffff8035fa4500 0x32efb000        
0xffffff803687b190 0x0000000087200000:0x0000000087400000        512   0      33n        0xffffff8035fa4500 0x330fb000        
0xffffff80390b2f00 0x0000000087400000:0x0000000087600000        512   0      33n        0xffffff8035fa4500 0x332fb000        
0xffffff803621f550 0x0000000087600000:0x0000000087800000        512   0      33n        0xffffff8035fa4500 0x334fb000        
0xffffff803908a0a0 0x0000000087800000:0x0000000087c00000       1024   0      33n        0xffffff8035fa4500 0x336fb000        
0xffffff80375d5820 0x0000000087c00000:0x0000000087e00000        512   0      33n        0xffffff8035fa4500 0x33afb000        
0xffffff8037f0fb90 0x0000000087e00000:0x0000000088000000        512   0      33n        0xffffff8035fa4500 0x33cfb000        
0xffffff803724ddc0 0x0000000088000000:0x0000000088200000        512   0      33n        0xffffff8035fa4500 0x33efb000        
0xffffff803b11ac30 0x0000000088200000:0x0000000088400000        512   0      33n        0xffffff8035fa4500 0x340fb000        
0xffffff8036c39870 0x0000000088400000:0x0000000088600000        512   0      33n        0xffffff8035fa4500 0x342fb000        
0xffffff8038010500 0x0000000088600000:0x0000000088800000        512   0      33n        0xffffff8035fa4500 0x344fb000        
0xffffff8036c390f0 0x0000000088800000:0x0000000088a00000        512   0      33n        0xffffff8035fa4500 0x346fb000        
0xffffff8037c577d0 0x0000000088a00000:0x0000000088c00000        512   0      33n        0xffffff8035fa4500 0x348fb000        
0xffffff80390b2be0 0x0000000088c00000:0x0000000088e00000        512   0      33n        0xffffff8035fa4500 0x34afb000        
0xffffff803908a820 0x0000000088e00000:0x0000000089000000        512   0      33n        0xffffff8035fa4500 0x34cfb000        
0xffffff803b11ac80 0x0000000089000000:0x0000000089200000        512   0      33n        0xffffff8035fa4500 0x34efb000        
0xffffff803b24ba00 0x0000000089200000:0x0000000089400000        512   0      33n        0xffffff8035fa4500 0x350fb000        
0xffffff803621f410 0x0000000089400000:0x0000000089600000        512   0      33n        0xffffff8035fa4500 0x352fb000        
0xffffff803b24ba50 0x0000000089600000:0x0000000089800000        512   0      33n        0xffffff8035fa4500 0x354fb000        
0xffffff8037c57410 0x0000000089800000:0x0000000089a00000        512   0      33n        0xffffff8035fa4500 0x356fb000        
0xffffff8036922280 0x0000000089a00000:0x0000000089c00000        512   0      33n        0xffffff8035fa4500 0x358fb000        
0xffffff803843de10 0x0000000089c00000:0x0000000089e00000        512   0      33n        0xffffff8035fa4500 0x35afb000        
0xffffff803908a730 0x0000000089e00000:0x000000008a000000        512   0      33n        0xffffff8035fa4500 0x35cfb000        
0xffffff8037f42410 0x000000008a000000:0x000000008a200000        512   0      33n        0xffffff8035fa4500 0x35efb000        
0xffffff803cd14a50 0x000000008a200000:0x000000008a400000        512   0      33n        0xffffff8035fa4500 0x360fb000        
0xffffff803a407a00 0x000000008a400000:0x000000008a600000        512   0      33n        0xffffff8035fa4500 0x362fb000        
0xffffff803b24bbe0 0x000000008a600000:0x000000008a800000        512   0      33n        0xffffff8035fa4500 0x364fb000        
0xffffff803908aaa0 0x000000008a800000:0x000000008aa00000        512   0      33n        0xffffff8035fa4500 0x366fb000        
0xffffff803b24b4b0 0x000000008aa00000:0x000000008ac00000        512   0      33n        0xffffff8035fa4500 0x368fb000        
0xffffff80390b2140 0x000000008ac00000:0x000000008ae00000        512   0      33n        0xffffff8035fa4500 0x36afb000        
0xffffff803ad2ba00 0x000000008ae00000:0x000000008b200000       1024   0      33n        0xffffff8035fa4500 0x36cfb000        
0xffffff80390b2820 0x000000008b200000:0x000000008b400000        512   0      33n        0xffffff8035fa4500 0x370fb000        
0xffffff8037cc2280 0x000000008b400000:0x000000008b600000        512   0      33n        0xffffff8035fa4500 0x372fb000        
0xffffff80361cb6e0 0x000000008b600000:0x000000008b800000        512   0      33n        0xffffff8035fa4500 0x374fb000        
0xffffff80390b2af0 0x000000008b800000:0x000000008ba00000        512   0      33n        0xffffff8035fa4500 0x376fb000        
0xffffff803690c1e0 0x000000008ba00000:0x000000008bc00000        512   0      33n        0xffffff8035fa4500 0x378fb000        
0xffffff803680e460 0x000000008bc00000:0x000000008be00000        512   0      33n        0xffffff8035fa4500 0x37afb000        
0xffffff80361cbd20 0x000000008be00000:0x000000008c000000        512   0      33n        0xffffff8035fa4500 0x37cfb000        
0xffffff8036052a50 0x000000008c000000:0x000000008c200000        512   0      33n        0xffffff8035fa4500 0x37efb000        
0xffffff8037ce4c30 0x000000008c200000:0x000000008c400000        512   0      33n        0xffffff8035fa4500 0x380fb000        
0xffffff80360521e0 0x000000008c400000:0x000000008c600000        512   0      33n        0xffffff8035fa4500 0x382fb000        
0xffffff803621f5a0 0x000000008c600000:0x000000008c69b000        155   0      33n        0xffffff8035fa4500 0x384fb000        
------------------ 0x000000008c69b000:0x00000000c4192000     228087
0xffffff80360526e0 0x00000000c4192000:0x00000000d1300000      53614   0      11n        0xffffff8035fa4500 0x38596000        
------------------ 0x00000000d1300000:0x00000000ffe00000     191232
The address we are looking for is backed by a vm_object 0xffffff8035fa4500. Let's print it out.
(lldb) p *(vm_object_t)0xffffff8035fa4500
(vm_object) $49 = {
  memq = (next = 47704340, prev = 47704340)
  Lock = {
     = {
      lck_rw_shared_count = 0
      lck_rw_interlock = '\0'
      lck_rw_priv_excl = '\x01'
      lck_rw_want_upgrade = '\0'
      lck_rw_want_write = '\0'
      lck_r_waiting = '\0'
      lck_w_waiting = '\0'
      lck_rw_can_sleep = '\x01'
      lck_rw_padb6 = '\0'
      lck_rw_tag = 0
      lck_rw_owner = 0x0000000000000000
    }
     = (data = 553648128, lck_rw_pad4 = 0, lck_rw_pad8 = 0, lck_rw_pad12 = 0)
  }
  Lock_owner = 0x0000000000000000
  vo_un1 = (vou_size = 1164984320, vou_cache_pages_to_scan = 1164984320)
  memq_hint = 0x0000000000000000
  ref_count = 4877
  resident_page_count = 0
  wired_page_count = 0
  reusable_page_count = 0
  copy = 0x0000000000000000
  shadow = 0xffffff8035fa4300
  vo_un2 = {
    vou_shadow_offset = 0
    vou_cache_ts = 0
    vou_purgeable_owner = 0x0000000000000000
    vou_slide_info = 0x0000000000000000
  }
  pager = 0x0000000000000000
  paging_offset = 0
  pager_control = 0x0000000000000000
  copy_strategy = 4
  paging_in_progress = 0
  __object1_unused_bits = 0
  activity_in_progress = 0
  all_wanted = 0
  pager_created = 0
  pager_initialized = 0
  pager_ready = 0
  pager_trusted = 0
  can_persist = 0
  internal = 1
  private = 0
  pageout = 0
  alive = 1
  purgable = 3
  purgeable_only_by_kernel = 0
  purgeable_when_ripe = 0
  shadowed = 1
  true_share = 0
  terminating = 0
  named = 0
  shadow_severed = 0
  phys_contiguous = 0
  nophyscache = 0
  _object5_unused_bits = 0
  cached_list = {
    next = 0x0000000000000000
    prev = 0x0000000000000000
  }
  last_alloc = 0
  sequential = 0
  pages_created = 0
  pages_used = 0
  cow_hint = 0xffffffffffffffff
  wimg_bits = 128
  code_signed = 0
  transposed = 0
  mapping_in_progress = 0
  phantom_isssd = 0
  volatile_empty = 0
  volatile_fault = 0
  all_reusable = 0
  blocked_access = 0
  set_cache_attr = 0
  object_slid = 0
  purgeable_queue_type = 3
  purgeable_queue_group = 0
  io_tracking = 0
  no_tag_update = 0
  __object3_unused_bits = 0
  __object2_unused_bits = 0
  scan_collisions = '\0'
  wire_tag = 0
  __object4_unused_bits = ([0] = '\0', [1] = '\0')
  phantom_object_id = 0
  uplq = {
    next = 0xffffff8035fa45c0
    prev = 0xffffff8035fa45c0
  }
  objq = {
    next = 0x0000000000000000
    prev = 0x0000000000000000
  }
  task_objq = {
    next = 0x0000000000000000
    prev = 0x0000000000000000
  }
}
The pager is NULL and this object in turn is backed by a shadow object 0xffffff8035fa4300. Switch to this object.
(lldb) p *(vm_object_t)0xffffff8035fa4300
(vm_object) $50 = {
  memq = (next = 2148243131, prev = 2148236198)
  Lock = {
     = {
      lck_rw_shared_count = 0
      lck_rw_interlock = '\0'
      lck_rw_priv_excl = '\x01'
      lck_rw_want_upgrade = '\0'
      lck_rw_want_write = '\0'
      lck_r_waiting = '\0'
      lck_w_waiting = '\0'
      lck_rw_can_sleep = '\x01'
      lck_rw_padb6 = '\0'
      lck_rw_tag = 0
      lck_rw_owner = 0x0000000000000000
    }
     = (data = 553648128, lck_rw_pad4 = 0, lck_rw_pad8 = 0, lck_rw_pad12 = 0)
  }
  Lock_owner = 0x0000000000000000
  vo_un1 = (vou_size = 0, vou_cache_pages_to_scan = 0)
  memq_hint = 0xffffff80301495d0
  ref_count = 3
  resident_page_count = 116984
  wired_page_count = 0
  reusable_page_count = 0
  copy = 0xffffff8035fa4500
  shadow = 0x0000000000000000
  vo_un2 = {
    vou_shadow_offset = 18446743524858593968
    vou_cache_ts = 18446743524858593968
    vou_purgeable_owner = 0xffffff8035ef02b0
    vou_slide_info = 0xffffff8035ef02b0
  }
  pager = 0xffffff8035f3b8c0
  paging_offset = 0
  pager_control = 0xffffff80359d65a0
  copy_strategy = 2
  paging_in_progress = 0
  __object1_unused_bits = 0
  activity_in_progress = 0
  all_wanted = 0
  pager_created = 1
  pager_initialized = 1
  pager_ready = 1
  pager_trusted = 0
  can_persist = 1
  internal = 0
  private = 0
  pageout = 0
  alive = 1
  purgable = 3
  purgeable_only_by_kernel = 0
  purgeable_when_ripe = 0
  shadowed = 0
  true_share = 0
  terminating = 0
  named = 1
  shadow_severed = 0
  phys_contiguous = 0
  nophyscache = 0
  _object5_unused_bits = 0
  cached_list = {
    next = 0x0000000000000000
    prev = 0x0000000000000000
  }
  last_alloc = 836317184
  sequential = 0
  pages_created = 123988
  pages_used = 50061
  cow_hint = 0xffffffffffffffff
  wimg_bits = 128
  code_signed = 1
  transposed = 0
  mapping_in_progress = 0
  phantom_isssd = 0
  volatile_empty = 0
  volatile_fault = 0
  all_reusable = 0
  blocked_access = 0
  set_cache_attr = 0
  object_slid = 1
  purgeable_queue_type = 3
  purgeable_queue_group = 0
  io_tracking = 0
  no_tag_update = 0
  __object3_unused_bits = 0
  __object2_unused_bits = 0
  scan_collisions = '\0'
  wire_tag = 0
  __object4_unused_bits = ([0] = '\0', [1] = '\0')
  phantom_object_id = 5
  uplq = {
    next = 0xffffff8035fa43c0
    prev = 0xffffff8035fa43c0
  }
  objq = {
    next = 0x0000000000000000
    prev = 0x0000000000000000
  }
  task_objq = {
    next = 0x0000000000000000
    prev = 0x0000000000000000
  }
}
Now we have a valid pager. Let's inspect it.
(lldb) p *(memory_object_t)0xffffff8035f3b8c0
(memory_object) $51 = {
  mo_ikot = 11
  mo_pager_ops = 0xffffff80298cae70
  mo_control = 0xffffff80359d65a0
}
(lldb) p *((memory_object_t)0xffffff8035f3b8c0)->mo_pager_ops
(const memory_object_pager_ops) $52 = {
  memory_object_reference = 0xffffff8028dfcc10 (kernel.development`vnode_pager_reference at bsd_vm.c:648)
  memory_object_deallocate = 0xffffff8028dfcc80 (kernel.development`vnode_pager_deallocate at bsd_vm.c:663)
  memory_object_init = 0xffffff8028dfccf0 (kernel.development`vnode_pager_init at bsd_vm.c:402)
  memory_object_terminate = 0xffffff8028dfcd90 (kernel.development`vnode_pager_terminate at bsd_vm.c:688)
  memory_object_data_request = 0xffffff8028dfcda0 (kernel.development`vnode_pager_data_request at bsd_vm.c:620)
  memory_object_data_return = 0xffffff8028dfce70 (kernel.development`vnode_pager_data_return at bsd_vm.c:449)
  memory_object_data_initialize = 0xffffff8028dfcef0 (kernel.development`vnode_pager_data_initialize at bsd_vm.c:464)
  memory_object_data_unlock = 0xffffff8028dfcf10 (kernel.development`vnode_pager_data_unlock at bsd_vm.c:475)
  memory_object_synchronize = 0xffffff8028dfcf20 (kernel.development`vnode_pager_synchronize at bsd_vm.c:703)
  memory_object_map = 0xffffff8028dfcf40 (kernel.development`vnode_pager_map at bsd_vm.c:715)
  memory_object_last_unmap = 0xffffff8028dfcf90 (kernel.development`vnode_pager_last_unmap at bsd_vm.c:738)
  memory_object_data_reclaim = 0x0000000000000000
  memory_object_pager_name = 0xffffff8029515488 "vnode pager"
}
(lldb) p *((memory_object_t)0xffffff8035f3b8c0)->mo_control
(memory_object_control) $53 = {
  moc_ikot = 32
  moc_object = 0xffffff8035fa4300
}
This is a vnode_pager object. Now we cast the pager to vnode_pager type.
(lldb) p *(vnode_pager*)0xffffff8035f3b8c0
(vnode_pager) $55 = {
  vn_pgr_hdr = {
    mo_ikot = 11
    mo_pager_ops = 0xffffff80298cae70
    mo_control = 0xffffff80359d65a0
  }
  ref_count = 1
  vnode_handle = 0xffffff8035f112e8
}
Then print the vnode path.
(lldb) showvnodepath 0xffffff8035f112e8
/private/var/db/dyld/dyld_shared_cache_x86_64
As it was expected this is actually a vnode for a prelinked shared libraries cache file.
Posted by at No comments:

Sunday, January 14, 2018

A list of default macOS MAC policies

A list of default macOS MAC policies
(lldb) p mac_policy_list.entries[0].mpc
(mac_policy_conf *) $90 = 0xffffff7f823db4b8
(lldb) p *mac_policy_list.entries[0].mpc
(mac_policy_conf) $91 = {
  mpc_name = 0xffffff7f823d7f13 "AMFI"
  mpc_fullname = 0xffffff7f823d7f18 "Apple Mobile File Integrity"
  mpc_labelnames = 0xffffff7f823da6d0
  mpc_labelname_count = 1
  mpc_ops = 0xffffff7f823daa40
  mpc_loadtime_flags = 0
  mpc_field_off = 0xffffff7f823da9a0
  mpc_runtime_flags = 1
  mpc_list = 0x0000000000000000
  mpc_data = 0x0000000000000000
}
(lldb) p *mac_policy_list.entries[1].mpc
(mac_policy_conf) $92 = {
  mpc_name = 0xffffff7f82bda2fd "Sandbox"
  mpc_fullname = 0xffffff7f82bda53a "Seatbelt sandbox policy"
  mpc_labelnames = 0xffffff7f82be0110
  mpc_labelname_count = 1
  mpc_ops = 0xffffff7f82be0118
  mpc_loadtime_flags = 0
  mpc_field_off = 0xffffff7f82be1378
  mpc_runtime_flags = 1
  mpc_list = 0x0000000000000000
  mpc_data = 0x0000000000000000
}
(lldb) p *mac_policy_list.entries[2].mpc
(mac_policy_conf) $93 = {
  mpc_name = 0xffffff7f83d73fd4 "TMSafetyNet"
  mpc_fullname = 0xffffff7f83d73fe0 "Safety net for Time Machine"
  mpc_labelnames = 0xffffff7f83d74060
  mpc_labelname_count = 1
  mpc_ops = 0xffffff7f83d74068
  mpc_loadtime_flags = 2
  mpc_field_off = 0xffffff7f83d74be8
  mpc_runtime_flags = 1
  mpc_list = 0x0000000000000000
  mpc_data = 0x0000000000000000
}
(lldb) p *mac_policy_list.entries[3].mpc
(mac_policy_conf) $94 = {
  mpc_name = 0xffffff7f84159c06 "Quarantine"
  mpc_fullname = 0xffffff7f84159c7c "Quarantine policy"
  mpc_labelnames = 0xffffff7f8415a160
  mpc_labelname_count = 1
  mpc_ops = 0xffffff7f8415a168
  mpc_loadtime_flags = 0
  mpc_field_off = 0xffffff7f8415acfc
  mpc_runtime_flags = 1
  mpc_list = 0x0000000000000000
  mpc_data = 0x0000000000000000
}
Posted by at No comments:

Monday, September 25, 2017

Linux kernel debugging with GDB: getting a task running on a CPU

The current task is saved in per-cpu space for x86-64 and is accessed through the gs  register at current_task offset as
mov    %gs:0xd440,%rdx
(gdb) p/x &current_task
$63 = 0xd440
(gdb) p/x __per_cpu_offset[0]
$64 = 0xffff88001fc00000
(gdb) x/gx 0xffff88001fc00000+0xd440
0xffff88001fc0d440: 0xffff88001dea6a00
(gdb) p/d ((struct task_struct*)0xffff88001dea6a00)->pid
$67 = 243
(gdb) p/x ((struct task_struct*)0xffff88001dea6a00)->mm
$69 = 0xffff88001d1bc800
(gdb) p/x ((struct task_struct*)0xffff88001dea6a00)->active_mm
$70 = 0xffff88001d1bc800
(gdb) p/x __per_cpu_offset[2]
$73 = 0xffff88001fd00000
(gdb) x/gx 0xffff88001fd00000+0xd440
0xffff88001fd0d440: 0xffff88001f240000
(gdb) p/x ((struct task_struct*)0xffff88001f240000)->pid
$74 = 0x1
(gdb) lx-ps
0xffffffff81e104c0 <init_task> 0 swapper/0
0xffff88001f240000 1 systemd
0xffff88001f240d40 2 kthreadd
0xffff88001f2427c0 4 kworker/0:0H
0xffff88001f244240 6 mm_percpu_wq
0xffff88001f244f80 7 ksoftirqd/0
0xffff88001f245cc0 8 rcu_sched
0xffff88001f246a00 9 rcu_bh
0xffff88001f298000 10 migration/0
0xffff88001f298d40 11 watchdog/0
0xffff88001f29c240 12 cpuhp/0
0xffff88001f29cf80 13 cpuhp/1
0xffff88001f29dcc0 14 watchdog/1
0xffff88001f29ea00 15 migration/1
0xffff88001f2c8000 16 ksoftirqd/1
0xffff88001f2c9a80 18 kworker/1:0H
0xffff88001f2ca7c0 19 cpuhp/2
0xffff88001f2cb500 20 watchdog/2
0xffff88001f2cc240 21 migration/2
0xffff88001f2ccf80 22 ksoftirqd/2
0xffff88001f2cea00 24 kworker/2:0H
0xffff88001f310000 25 cpuhp/3
0xffff88001f310d40 26 watchdog/3
0xffff88001f311a80 27 migration/3
0xffff88001f3127c0 28 ksoftirqd/3
0xffff88001f314240 30 kworker/3:0H
0xffff88001f314f80 31 kdevtmpfs
0xffff88001f315cc0 32 netns
0xffff88001dc28000 34 khungtaskd
0xffff88001dc28d40 35 oom_reaper
0xffff88001dc29a80 36 writeback
0xffff88001dc2a7c0 37 kcompactd0
0xffff88001dc2b500 38 ksmd
0xffff88001dc2c240 39 crypto
0xffff88001dc2cf80 40 kintegrityd
0xffff88001dc2dcc0 41 bioset
0xffff88001dc2ea00 42 kblockd
0xffff88001dcd8000 43 ata_sff
0xffff88001dcd8d40 44 md
0xffff88001dcd9a80 45 edac-poller
0xffff88001dcda7c0 46 devfreq_wq
0xffff88001dcdb500 47 watchdogd
0xffff88001dcdc240 48 kworker/1:1
0xffff88001dcdcf80 49 kworker/2:1
0xffff88001dcddcc0 50 kworker/3:1
0xffff88001ddf8000 52 kauditd
0xffff88001ddf8d40 53 kswapd0
0xffff88001ddf9a80 54 bioset
0xffff88001ddfa7c0 55 ecryptfs-kthrea
0xffff88001dff0d40 72 kthrotld
0xffff88001dff1a80 73 acpi_thermal_pm
0xffff88001dff27c0 74 bioset
0xffff88001dff3500 75 bioset
0xffff88001dff4240 76 bioset
0xffff88001dff4f80 77 bioset
0xffff88001dff5cc0 78 bioset
0xffff88001dff6a00 79 bioset
0xffff88001dff0000 80 bioset
0xffff88001d660000 81 bioset
0xffff88001d660d40 82 scsi_eh_0
0xffff88001d661a80 83 scsi_tmf_0
0xffff88001d6627c0 84 scsi_eh_1
0xffff88001d663500 85 scsi_tmf_1
0xffff88001d718d40 91 ipv6_addrconf
0xffff88001d71dcc0 104 charger_manager
0xffff88001d71a7c0 105 bioset
0xffff88001d71ea00 106 bioset
0xffff88001d71c240 107 bioset
0xffff88001d719a80 110 jbd2/sda-8
0xffff88001d718000 111 ext4-rsv-conver
0xffff88001ddfdcc0 123 kworker/1:1H
0xffff88001ddfcf80 124 kworker/2:1H
0xffff88001ddfc240 127 kworker/0:1H
0xffff88001f350d40 135 kworker/3:2
0xffff88001dea4240 137 kworker/1:2
0xffff88001d0b0d40 140 systemd-journal
0xffff88001dea27c0 142 kworker/2:2
0xffff88001dea0d40 146 kworker/0:3
0xffff88001ded6a00 153 systemd-udevd
0xffff88001dea0000 156 kworker/3:1H
0xffff88001dea5cc0 227 cron
0xffff88001dea1a80 229 rsyslogd
0xffff88001ded0d40 235 in:imuxsock
0xffff88001ded0000 236 in:imklog
0xffff88001ded27c0 237 rs:main Q:Reg
0xffff88001ded1a80 233 agetty
0xffff88001c5d8d40 234 login
0xffff88001dea6a00 243 bash
0xffff88001dea3500 248 kworker/u8:2
0xffff88001c5d9a80 251 kworker/0:1
0xffff88001c5dc240 445 kworker/u8:1
0xffff88001c5ddcc0 452 kworker/u8:0
Posted by at No comments:
Labels: , , ,

Sunday, August 13, 2017

Unwinding a kernel mode stack for exception in Linux.

Generally GDB is unable to unwind a kernel call stack with an exception frame on it. The unwinding stops on an exception processing. For example
(gdb) bt
#0  delay_tsc (__loops=5241148) at ../arch/x86/lib/delay.c:78
#1  0xffffffff8134b532 in __delay (loops=<optimised out>) at ../arch/x86/lib/delay.c:160
#2  __const_udelay (xloops=<optimised out>) at ../arch/x86/lib/delay.c:174
#3  0xffffffff81132620 in panic (fmt=<optimised out>) at ../kernel/panic.c:297
#4  0xffffffff8101f080 in oops_end (flags=70, regs=0xffffc90000227c18, signr=9) at ../arch/x86/kernel/dumpstack.c:235
#5  0xffffffff8104d1c7 in no_context (regs=0xffffc90000227c18, error_code=0, address=8, signal=<optimised out>, si_code=<optimised out>) at ../arch/x86/mm/fault.c:867
#6  0xffffffff8104d456 in __bad_area_nosemaphore (regs=0xffffc90000227c18, error_code=0, address=8, vma=<optimised out>, si_code=196609) at ../arch/x86/mm/fault.c:953
#7  0xffffffff8104d59f in bad_area_nosemaphore (regs=<optimised out>, error_code=<optimised out>, address=<optimised out>, vma=<optimised out>) at ../arch/x86/mm/fault.c:960
#8  0xffffffff8104d8e7 in __do_page_fault (regs=0xffffc90000227c18, error_code=0, address=8) at ../arch/x86/mm/fault.c:1387
#9  0xffffffff8104dccc in do_page_fault (regs=<optimised out>, error_code=<optimised out>) at ../arch/x86/mm/fault.c:1508
#10 0xffffffff8193ecd2 in page_fault () at ../arch/x86/entry/entry_64.S:1005
#11 0xffff88001decdb40 in ?? ()
#12 0xffff88001c02ae48 in ?? ()
#13 0xffffc90000227d98 in ?? ()
#14 0xffff88001d733000 in ?? ()
#15 0xffffc90000227cf0 in ?? ()
#16 0xffff88001d733000 in ?? ()
#17 0xffff88001cd02510 in ?? ()
#18 0xffffc90000227e18 in ?? ()
#19 0x0000000000000000 in ?? ()
Linux has a structure struct pt_regs to save thread context state. A pointer to this strucrue is provided to an exception processing routine and contains a context of a thread when an exception happened. Using register values from this structure a call stack at the moment of exception can be captured with GDB.
(gdb) f 8
#8  0xffffffff8104d8e7 in __do_page_fault (regs=0xffffc90000227c18, error_code=0, address=8) at ../arch/x86/mm/fault.c:1387
1387    bad_area_nosemaphore(regs, error_code, address, NULL);
Having a valid regs pointer set register values.
(gdb) p/x *regs
$2 = {r15 = 0xffff88001decdb40, r14 = 0xffff88001c02ae48, r13 = 0xffffc90000227d98, r12 = 0xffff88001d733000, bp = 0xffffc90000227cf0, bx = 0xffff88001d733000, r11 = 0xffff88001cd02510, 
  r10 = 0xffffc90000227e18, r9 = 0x0, r8 = 0xffff88001fc9d180, ax = 0x0, cx = 0x0, dx = 0x1000, si = 0xffff88001d733000, di = 0xffffc90000227d00, orig_ax = 0xffffffffffffffff, ip = 0xffffffff811aa30c, 
  cs = 0x10, flags = 0x246, sp = 0xffffc90000227cc8, ss = 0x18}
(gdb) set $rsp=0xffffc90000227cc8
(gdb) set $rip=0xffffffff811aa30c.
(gdb) set $rbp=0xffffc90000227cf0
(gdb) set $rbx=0xffff88001d733000
(gdb) set $r15=0xffff88001decdb40
(gdb) set $r14=0xffff88001c02ae48
(gdb) set $r13=0xffffc90000227d98
(gdb) set $r12=0xffff88001d733000
(gdb) set $r11=0xffff88001cd02510
(gdb) set $r10=0xffffc90000227e18
(gdb) set $r9=0
(gdb) set $rsi=0xffff88001d733000
(gdb) set $rdi=0xffffc90000227d00
Now a call stack at the momemnt of exception can be examined.
(gdb) bt
#0  __read_once_size (size=<optimised out>, res=<optimised out>, p=<optimised out>) at ../include/linux/compiler.h:254
#1  __read_seqcount_begin (s=<optimised out>) at ../include/linux/seqlock.h:112
#2  raw_read_seqcount_begin (s=<optimised out>) at ../include/linux/seqlock.h:147
#3  read_seqcount_begin (s=<optimised out>) at ../include/linux/seqlock.h:164
#4  get_fs_root_rcu (root=<optimised out>, fs=<optimised out>) at ../fs/dcache.c:3222
#5  d_path (path=0xffffc90000227d00, buf=0xffff88001d733000 "", buflen=4096) at ../fs/dcache.c:3265
#6  0xffffffffc0000076 in redirfs_get_filename ()
#7  0xffffffffc0014121 in dummyflt_release (context=<optimised out>, args=0xffffc90000227d98) at /work/redirfs/src/dummyflt/dummyflt.c:104
#8  0xffffffffc000892e in rfs_precall_flts ()
#9  0xffffffffc0002a42 in rfs_release ()
#10 0xffffffff81193a7a in __fput (file=0xffff88001cd02500) at ../fs/file_table.c:209
#11 0xffffffff81193bb9 in ____fput (work=<optimised out>) at ../fs/file_table.c:245
#12 0xffffffff810758b9 in task_work_run () at ../kernel/task_work.c:116
#13 0xffffffff8105da35 in exit_task_work (task=<optimised out>) at ../include/linux/task_work.h:21
#14 do_exit (code=<optimised out>) at ../kernel/exit.c:878
#15 0xffffffff8105f14e in do_group_exit (exit_code=0) at ../kernel/exit.c:982
#16 0xffffffff8105f1bf in SYSC_exit_group (error_code=<optimised out>) at ../kernel/exit.c:993
#17 SyS_exit_group (error_code=<optimised out>) at ../kernel/exit.c:991
#18 0xffffffff8193d060 in entry_SYSCALL_64 () at ../arch/x86/entry/entry_64.S:203
#19 0x0000000000000000 in ?? ()

Posted by at No comments:
Labels: , , ,

Saturday, July 29, 2017

Windows developers' misconception about UNIX.

While reading osronline.com forum on Windows file system development I ran into a common misconception among Windows developers regarding UNIX design. http://osronline.com/cf.cfm?PageURL=showThread.CFM?link=285260
<QUOTE>
The essential difference between how the NT kernel works and how Unix was
designed is that NT caches streams of data (above the file system), whereas
on Unix data is cached at the block layer.
</QUOTE>
I spent 5 minutes to bust it.
This is true only for ancient *NIX kernels. Modern kernels use the same technique as NT with caching backed by file mapping structures.
For example below is a call stack from my test machine running the Linux kernel (4.12.2) when ext4 read operation (ext4_file_read_iter) called the "Linux cache manager" ( do_generic_file_read -> page_cache_sync_readahead ) to bring data in the cache backed by mapped file structures( struct address_space ) when processing the read() system call.
This resulted in a recursive call to mapping->a_ops->readpages into a file system's ext4_readpages . This is an analogue of a cached read in NT. Mac OS X uses the same caching by file mapping technique borrowed from BSD.
(gdb) bt
#0  ext4_readpages (file=0xffff88001d59b300, mapping=0xffff88001d1d56c0, pages=0xffffc90000817c30, nr_pages=1) at ../fs/ext4/inode.c:3308
#1  0xffffffff811b6288 in read_pages (gfp=<optimised out>, nr_pages=<optimised out>, pages=<optimised out>, filp=<optimised out>, mapping=<optimised out>) at ../mm/readahead.c:121
#2  __do_page_cache_readahead (mapping=<optimised out>, filp=<optimised out>, offset=1, nr_to_read=<optimised out>, lookahead_size=<optimised out>) at ../mm/readahead.c:199
#3  0xffffffff811b64b8 in ra_submit (ra=<optimised out>, ra=<optimised out>, ra=<optimised out>, filp=<optimised out>, mapping=<optimised out>) at ../mm/internal.h:66
#4  ondemand_readahead (mapping=0xffff88001d1d56c0, ra=0xffff88001d59b398, filp=0xffff88001d59b300, hit_readahead_marker=<optimised out>, offset=0, req_size=<optimised out>) at ../mm/readahead.c:478
#5  0xffffffff811b678e in page_cache_sync_readahead (mapping=<optimised out>, ra=<optimised out>, filp=<optimised out>, offset=<optimised out>, req_size=<optimised out>) at ../mm/readahead.c:510
#6  0xffffffff811a7a62 in do_generic_file_read (written=<optimised out>, iter=<optimised out>, ppos=<optimised out>, filp=<optimised out>) at ../mm/filemap.c:1813
#7  generic_file_read_iter (iocb=0x20000, iter=<optimised out>) at ../mm/filemap.c:2069
#8  0xffffffff812d1386 in ext4_file_read_iter (iocb=0xffff88001d59b300, to=0xffff88001d1d56c0) at ../fs/ext4/file.c:70
#9  0xffffffff81237680 in call_read_iter (file=<optimised out>, iter=<optimised out>, kio=<optimised out>) at ../include/linux/fs.h:1728
#10 new_sync_read (ppos=<optimised out>, len=<optimised out>, buf=<optimised out>, filp=<optimised out>) at ../fs/read_write.c:440
#11 __vfs_read (file=0xffff88001d59b300, buf=<optimised out>, count=<optimised out>, pos=0xffffc90000817f18) at ../fs/read_write.c:452
#12 0xffffffff81237cc3 in vfs_read (file=0xffff88001d59b300, buf=0x7fb92a0cb000 <error: Cannot access memory at address 0x7fb92a0cb000>, count=<optimised out>, pos=0xffffc90000817f18)
    at ../fs/read_write.c:473
#13 0xffffffff81239385 in SYSC_read (count=<optimised out>, buf=<optimised out>, fd=<optimised out>) at ../fs/read_write.c:589
#14 SyS_read (fd=<optimised out>, buf=140433251151872, count=131072) at ../fs/read_write.c:582
#15 0xffffffff818aaffb in entry_SYSCALL_64 () at ../arch/x86/entry/entry_64.S:203


(gdb) f 4
#4  ondemand_readahead (mapping=0xffff88001d1d56c0, ra=0xffff88001d59b398, filp=0xffff88001d59b300, hit_readahead_marker=<optimised out>, offset=0, req_size=<optimised out>) at ../mm/readahead.c:478
478  return ra_submit(ra, mapping, filp);

(gdb) p/x *mapping
$14 = {host = 0xffff88001d1d5548, page_tree = {gfp_mask = 0x1180020, rnode = 0x0}, tree_lock = {{rlock = {raw_lock = {val = {counter = 0x0}}}}}, i_mmap_writable = {counter = 0x0}, i_mmap = {
    rb_node = 0x0}, i_mmap_rwsem = {count = {counter = 0x0}, wait_list = {next = 0xffff88001d1d56f0, prev = 0xffff88001d1d56f0}, wait_lock = {raw_lock = {val = {counter = 0x0}}}, osq = {tail = {
        counter = 0x0}}, owner = 0x0}, nrpages = 0x0, nrexceptional = 0x0, writeback_index = 0x0, a_ops = 0xffffffff81a3a680, flags = 0x0, private_lock = {{rlock = {raw_lock = {val = {
            counter = 0x0}}}}}, gfp_mask = 0x14200ca, private_list = {next = 0xffff88001d1d5740, prev = 0xffff88001d1d5740}, private_data = 0x0}
            
(gdb) ptype mapping
type = struct address_space {
    struct inode *host;
    struct radix_tree_root page_tree;
    spinlock_t tree_lock;
    atomic_t i_mmap_writable;
    struct rb_root i_mmap;
    struct rw_semaphore i_mmap_rwsem;
    unsigned long nrpages;
    unsigned long nrexceptional;
    unsigned long writeback_index;
    const struct address_space_operations *a_ops;
    unsigned long flags;
    spinlock_t private_lock;
    gfp_t gfp_mask;
    struct list_head private_list;
    void *private_data;
} *

(gdb) f 1
#1  0xffffffff811b6288 in read_pages (gfp=<optimised out>, nr_pages=<optimised out>, pages=<optimised out>, filp=<optimised out>, mapping=<optimised out>) at ../mm/readahead.c:121
121   ret = mapping->a_ops->readpages(filp, mapping, pages, nr_pages);
(gdb) l
116  int ret;
117 
118  blk_start_plug(&plug);
119 
120  if (mapping->a_ops->readpages) {
121   ret = mapping->a_ops->readpages(filp, mapping, pages, nr_pages);
122   /* Clean up the remaining pages */
123   put_pages_list(pages);
124   goto out;
125  }

(gdb) f 9
#9  0xffffffff81237680 in call_read_iter (file=<optimised out>, iter=<optimised out>, kio=<optimised out>) at ../include/linux/fs.h:1728
1728  return file->f_op->read_iter(kio, iter);
(gdb) l
1723 } ____cacheline_aligned;
1724 
1725 static inline ssize_t call_read_iter(struct file *file, struct kiocb *kio,
1726          struct iov_iter *iter)
1727 {
1728  return file->f_op->read_iter(kio, iter);
1729 }
1730 
1731 static inline ssize_t call_write_iter(struct file *file, struct kiocb *kio,
1732           struct iov_iter *iter)
(gdb)

Posted by at No comments:
Labels: , , , , ,

Monday, July 3, 2017

FltCreateFile and top device.

FltCreateFile calls IoCreateFileEx with IO_DRIVER_CREATE_CONTEXT.DeviceObjectHint pointing to the Filter Manager's filter object and then calls the lower registered filters. That allows the created file object to have TopDeviceObjectHint pointing to the Filter Manager's object.
 # Child-SP          RetAddr           Call Site
00 ffffe101`3fffebf8 fffff801`92125200 FLTMGR!FltpCreate
01 ffffe101`3fffec00 fffff801`9213058b nt!IopParseDevice+0x7f0
02 ffffe101`3fffedd0 fffff801`921340c0 nt!ObpLookupObjectName+0x46b
03 ffffe101`3fffefa0 fffff801`9213803a nt!ObOpenObjectByNameEx+0x1e0
04 ffffe101`3ffff0e0 fffff801`920b0eb4 nt!IopCreateFile+0x3aa
05 ffffe101`3ffff180 fffff808`485240d5 nt!IoCreateFileEx+0x124
06 ffffe101`3ffff210 fffff808`4853d32d FLTMGR!FltpCreateFile+0x1cd
07 ffffe101`3ffff310 fffff808`4b6a79f8 FLTMGR!FltCreateFile+0x8d
08 ffffe101`3ffff3a0 fffff808`484f4b4c avscan!AvPreCreate+0x378 [d:\work\avscan\filter\avscan.c @ 2106]
09 ffffe101`3ffff4b0 fffff808`484f46ec FLTMGR!FltpPerformPreCallbacks+0x2ec
0a ffffe101`3ffff5d0 fffff808`48526117 FLTMGR!FltpPassThroughInternal+0x8c
0b ffffe101`3ffff600 fffff801`92125200 FLTMGR!FltpCreate+0x2d7
0c ffffe101`3ffff6b0 fffff801`9213058b nt!IopParseDevice+0x7f0
0d ffffe101`3ffff880 fffff801`921340c0 nt!ObpLookupObjectName+0x46b
0e ffffe101`3ffffa50 fffff801`920c9e90 nt!ObOpenObjectByNameEx+0x1e0

0: kd> dt nt!_FILE_OBJECT ffff948c621a3330
   +0x000 Type             : 0n5
   +0x002 Size             : 0n216
   +0x008 DeviceObject     : 0xffff948c`60a3bc80 _DEVICE_OBJECT
   +0x010 Vpb              : 0xffff948c`60a556e0 _VPB
   +0x018 FsContext        : 0xffff948c`6111a740 Void
   +0x020 FsContext2       : 0xffff8483`76cf78f0 Void
   +0x028 SectionObjectPointer : (null) 
   +0x030 PrivateCacheMap  : (null) 
   +0x038 FinalStatus      : 0n0
   +0x040 RelatedFileObject : (null) 
   +0x048 LockOperation    : 0 ''
   +0x049 DeletePending    : 0 ''
   +0x04a ReadAccess       : 0x1 ''
   +0x04b WriteAccess      : 0 ''
   +0x04c DeleteAccess     : 0 ''
   +0x04d SharedRead       : 0x1 ''
   +0x04e SharedWrite      : 0x1 ''
   +0x04f SharedDelete     : 0x1 ''
   +0x050 Flags            : 0x40000
   +0x058 FileName         : _UNICODE_STRING "\"
   +0x068 CurrentByteOffset : _LARGE_INTEGER 0x0
   +0x070 Waiters          : 0
   +0x074 Busy             : 0
   +0x078 LastLock         : (null) 
   +0x080 Lock             : _KEVENT
   +0x098 Event            : _KEVENT
   +0x0b0 CompletionContext : (null) 
   +0x0b8 IrpListLock      : 0
   +0x0c0 IrpList          : _LIST_ENTRY [ 0xffff948c`621a33f0 - 0xffff948c`621a33f0 ]
   +0x0d0 FileObjectExtension : 0xffff948c`6226f1b0 Void
   
0: kd> dq 0xffff948c`6226f1b0
ffff948c`6226f1b0  00000000`00000000 00000000`00000000
ffff948c`6226f1c0  ffff948c`60dff0d0 00000000`00000000
ffff948c`6226f1d0  ffff948c`6243f2c0 00000000`00000000
ffff948c`6226f1e0  00000000`00000000 00000000`00000000
ffff948c`6226f1f0  00000000`00000000 00000000`00000000
ffff948c`6226f200  61436d4d`02120006 00000000`0000034c
ffff948c`6226f210  ffff8483`7535ed10 ffff948c`62161e28
ffff948c`6226f220  ffff948c`6221da78 00000000`00000000

0: kd> dq ffff948c`60dff0d0
ffff948c`60dff0d0  ffff948c`610734a0 00000000`00000000
ffff948c`60dff0e0  00000000`00000000 00000000`00000000
ffff948c`60dff0f0  65536d4d`02060003 6c8da38a`069a7123
ffff948c`60dff100  00000000`00000000 0000024e`49c8000a
ffff948c`60dff110  0000024e`49c80fff 00000000`00000000
ffff948c`60dff120  00000000`00000000 00000000`00000000
ffff948c`60dff130  00000000`00000000 00000000`00000000
ffff948c`60dff140  00000000`00000002 00000000`00000000

0: kd> !object ffff948c`610734a0
Object: ffff948c610734a0  Type: (ffff948c5e34eb00) Device
    ObjectHeader: ffff948c61073470 (new version)
    HandleCount: 0  PointerCount: 1
    
0: kd> !devstack ffff948c610734a0
  !DevObj           !DrvObj            !DevExt           ObjectName
> ffff948c610734a0  \FileSystem\FltMgr ffff948c610735f0  
  ffff948c61048060  \FileSystem\fastfatffff948c610481b0 
  
0: kd> !vpb 0xffff948c`60a556e0
Vpb at 0xffff948c60a556e0
Flags: 0x1 mounted 
DeviceObject: 0xffff948c61048060
RealDevice:   0xffff948c60a3bc80
RefCount: 8
Volume Label:
Posted by at No comments:
Labels: , , , , ,

Tuesday, June 27, 2017

C++ exceptions handling design.

A very informative article on exceptions handling design and implications for code optimizations.

C++ Exception Handling for IA-64

Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)