├── .gitignore ├── images ├── loaded-minidump-screenshot-border.png ├── minidump-binary-view-type-screenshot-border.png └── minidump-segments-sections-screenshot-border.png ├── Cargo.toml ├── LICENSE ├── src ├── lib.rs ├── command.rs └── view.rs └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | /target 2 | /Cargo.lock 3 | -------------------------------------------------------------------------------- /images/loaded-minidump-screenshot-border.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cxiao/minidump_bn/HEAD/images/loaded-minidump-screenshot-border.png -------------------------------------------------------------------------------- /images/minidump-binary-view-type-screenshot-border.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cxiao/minidump_bn/HEAD/images/minidump-binary-view-type-screenshot-border.png -------------------------------------------------------------------------------- /images/minidump-segments-sections-screenshot-border.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cxiao/minidump_bn/HEAD/images/minidump-segments-sections-screenshot-border.png -------------------------------------------------------------------------------- /Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "minidump_bn" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [lib] 7 | crate-type = ["cdylib"] 8 | 9 | [dependencies] 10 | binaryninja = {git = "https://github.com/Vector35/binaryninja-api.git", tag = "stable/5.1.8104"} 11 | log = "0.4.17" 12 | minidump = "0.15.2" 13 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2023 Cindy Xiao 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /src/lib.rs: -------------------------------------------------------------------------------- 1 | use binaryninja::binary_view::BinaryView; 2 | use binaryninja::command::{register_command, Command}; 3 | use binaryninja::custom_binary_view::register_view_type; 4 | use binaryninja::logger::Logger; 5 | use log::{debug, LevelFilter}; 6 | 7 | mod command; 8 | mod view; 9 | 10 | struct PrintMemoryInformationCommand; 11 | 12 | impl Command for PrintMemoryInformationCommand { 13 | fn action(&self, binary_view: &BinaryView) { 14 | command::print_memory_information(binary_view); 15 | } 16 | 17 | fn valid(&self, _binary_view: &BinaryView) -> bool { 18 | true // TODO: Of course, the command will not always be valid! 19 | } 20 | } 21 | 22 | #[no_mangle] 23 | #[allow(non_snake_case)] 24 | pub extern "C" fn CorePluginInit() -> bool { 25 | Logger::new("minidump_bn") 26 | .with_level(LevelFilter::Trace) 27 | .init(); 28 | 29 | debug!("Registering minidump binary view type"); 30 | register_view_type("Minidump", "Minidump", view::MinidumpBinaryViewType::new); 31 | 32 | debug!("Registering minidump plugin commands"); 33 | register_command( 34 | "Minidump\\[DEBUG] Print Minidump Memory Information", 35 | "Print a human-readable description of the contents of the MinidumpMemoryInfoList stream in the loaded minidump", 36 | PrintMemoryInformationCommand {}, 37 | ); 38 | 39 | true 40 | } 41 | -------------------------------------------------------------------------------- /src/command.rs: -------------------------------------------------------------------------------- 1 | use std::str; 2 | 3 | use log::{debug, error, info}; 4 | use minidump::{Minidump, MinidumpMemoryInfoList}; 5 | 6 | use binaryninja::binary_view::{BinaryView, BinaryViewBase, BinaryViewExt}; 7 | 8 | use crate::view::DataBufferWrapper; 9 | 10 | pub fn print_memory_information(bv: &BinaryView) { 11 | debug!("Printing memory information"); 12 | if let Some(minidump_bv) = bv.parent_view() { 13 | if let Ok(read_buffer) = minidump_bv.read_buffer(0, minidump_bv.len() as usize) { 14 | let read_buffer = DataBufferWrapper::new(read_buffer); 15 | if let Ok(minidump_obj) = Minidump::read(read_buffer) { 16 | if let Ok(memory_info_list) = minidump_obj.get_stream::() { 17 | let mut memory_info_list_writer = Vec::new(); 18 | match memory_info_list.print(&mut memory_info_list_writer) { 19 | Ok(_) => { 20 | if let Ok(memory_info_str) = str::from_utf8(&memory_info_list_writer) { 21 | info!("{memory_info_str}"); 22 | } else { 23 | error!("Could not convert the memory information description from minidump into a valid string"); 24 | } 25 | } 26 | Err(_) => { 27 | error!("Could not get memory information from minidump"); 28 | } 29 | } 30 | } else { 31 | error!( 32 | "Could not parse a valid MinidumpMemoryInfoList stream from the minidump" 33 | ); 34 | } 35 | } else { 36 | error!("Could not parse a valid minidump file from the parent binary view's data buffer"); 37 | } 38 | } else { 39 | error!("Could not read data from parent binary view"); 40 | } 41 | } else { 42 | error!("Could not get the parent binary view"); 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Binary Ninja Minidump Loader 2 | 3 | A Minidump memory dump loader plugin for Binary Ninja. 4 | 5 | (As of [addae9e](https://github.com/cxiao/minidump_bn/tree/addae9e1d208800806e53bb19b9c3272e4f7527e), this has been merged into the official Vector35/binaryninja-api repo as a Rust API example ([PR](https://github.com/Vector35/binaryninja-api/pull/3915), [link to code](https://github.com/Vector35/binaryninja-api/tree/dev/rust/examples/minidump))) 6 | 7 | ![Screenshot of Binary Ninja using the "Minidump" Binary View, with a minidump loaded and the virtual addresses of the memory segments of the minidump showing in the Memory Map window](images/loaded-minidump-screenshot-border.png) 8 | 9 | This plugin adds a new _Minidump_ binary view type. When a binary with the magic number `MDMP` is opened, this plugin will automatically try to load in the binary as a minidump, and create a new _Minidump_ binary view to view the contents. 10 | 11 | The architecture is determined automatically from the platform information embedded in the minidump. 12 | 13 | ![Screenshot showing the Minidump binary view type in the dropdown list of available binary views for an open binary](images/minidump-binary-view-type-screenshot-border.png) 14 | 15 | The loaded minidump's memory regions and modules can be navigated via the _Memory Map_ window. In the _Minidump_ binary view, the meanings of "Segments" and "Sections" in the Memory Map window are modified to mean the following: 16 | 17 | - The memory regions in the minidump are loaded as _Segments_. The _Data Offset_ and _Data Length_ fields of each segment are the corresponding addresses in the minidump file where the data for that memory region is located. 18 | - The modules in the minidump are loaded as _Sections_, with the name of each section being the path to the module. 19 | 20 | ![Screenshot showing the Memory Map window with the loaded minidump's memory segments and modules (i.e. "sections")](images/minidump-segments-sections-screenshot-border.png) 21 | 22 | ## Supported Minidump Types 23 | 24 | This plugin currently only supports loading minidump files generated by the Windows [`MiniDumpWriteDump` API](https://learn.microsoft.com/en-us/windows/win32/api/minidumpapiset/nf-minidumpapiset-minidumpwritedump). 25 | 26 | This includes dumps generated from: 27 | 28 | - The [`.dump` command](https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/-dump--create-dump-file-) in WinDbg. 29 | - The `.dump` command in Binary Ninja's debugger for Windows targets (which uses the same debugging engine as WinDbg). 30 | 31 | For both of the above, it's recommended to generate a full dump: 32 | 33 | ``` 34 | .dump /ma dumpfile.dmp 35 | ``` 36 | 37 | - The [`minidump` command](https://help.x64dbg.com/en/latest/commands/memory-operations/minidump.html) in x64dbg. 38 | 39 | ``` 40 | minidump dumpfile.dmp 41 | ``` 42 | 43 | - Right clicking on a listed process and then clicking "Create dump file" / "Create full dump" from Windows Task Manager, Process Hacker, Sysinternals Process Explorer, etc... 44 | 45 | ## Unsupported Features (for now) 46 | 47 | - Loading Minidump files from platforms or APIs other than Windows' `MinidumpWriteDump`, such as those generated by [Google Breakpad](https://chromium.googlesource.com/breakpad/breakpad/). 48 | - Loading and applyng debug information from the minidump file. In Windows minidump files, `MinidumpModuleList` streams contain information about the PDB file which contains the debug information for the module; this isn't currently read or applied, however. 49 | - Integration with Binary Ninja's built-in debugger. Minidump files can contain information about threads, register values, and stack frames, and it would be nice in the future for minidump files to be loadable back into the debugger in order to resume a debugging session. This isn't currently done, however. 50 | 51 | ## Building and Installing 52 | 53 | This plugin currently needs to be built from source, then copied into your user plugin folder. 54 | 55 | ``` 56 | cargo build --release 57 | cp target/release/libminidump_bn.so ~/.binaryninja/plugins/ 58 | ``` 59 | 60 | The code in this plugin targets the `stable/5.1.8104` tag of the [Binary Ninja Rust API](https://github.com/Vector35/binaryninja-api/tree/stable/5.1.8104/rust). 61 | 62 | If you would like to update the Binary Ninja Rust API dependency to target a different version of Binja, edit this line in `Cargo.toml`, and specify a tag, branch, or commit to target ([Cargo documentation for how to do this](https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html#choice-of-commit)): 63 | 64 | ``` 65 | [dependencies] 66 | binaryninja = {git = "https://github.com/Vector35/binaryninja-api.git", tag = "stable/5.1.8104"} 67 | ``` 68 | 69 | Then: 70 | 71 | ``` 72 | cargo update -p binaryninja 73 | cargo build --release 74 | ``` 75 | -------------------------------------------------------------------------------- /src/view.rs: -------------------------------------------------------------------------------- 1 | use std::collections::HashMap; 2 | use std::ops::{Deref, Range}; 3 | use std::sync::Arc; 4 | 5 | use binaryninja::section::Section; 6 | use binaryninja::segment::{Segment, SegmentFlags}; 7 | use log::{debug, error, info, warn}; 8 | use minidump::format::MemoryProtection; 9 | use minidump::{ 10 | Minidump, MinidumpMemory64List, MinidumpMemoryInfoList, MinidumpMemoryList, MinidumpModuleList, 11 | MinidumpStream, MinidumpSystemInfo, Module, 12 | }; 13 | 14 | use binaryninja::architecture::Architecture; 15 | use binaryninja::binary_view::{BinaryView, BinaryViewBase, BinaryViewExt}; 16 | use binaryninja::custom_binary_view::{ 17 | BinaryViewType, BinaryViewTypeBase, CustomBinaryView, CustomBinaryViewType, CustomView, 18 | CustomViewBuilder, 19 | }; 20 | use binaryninja::data_buffer::DataBuffer; 21 | use binaryninja::platform::Platform; 22 | use binaryninja::Endianness; 23 | 24 | type BinaryViewResult = binaryninja::binary_view::Result; 25 | 26 | /// A wrapper around a `binaryninja::databuffer::DataBuffer`, from which a `[u8]` buffer can be obtained 27 | /// to pass to `minidump::Minidump::read`. 28 | /// 29 | /// This code is taken from [`dwarfdump`](https://github.com/Vector35/binaryninja-api/blob/9d8bc846bd213407fb1a7a19af2a96f17501ac3b/rust/examples/dwarfdump/src/lib.rs#L81) 30 | /// in the Rust API examples. 31 | #[derive(Clone)] 32 | pub struct DataBufferWrapper { 33 | inner: Arc, 34 | } 35 | 36 | impl DataBufferWrapper { 37 | pub fn new(buf: DataBuffer) -> Self { 38 | DataBufferWrapper { 39 | inner: Arc::new(buf), 40 | } 41 | } 42 | } 43 | 44 | impl Deref for DataBufferWrapper { 45 | type Target = [u8]; 46 | fn deref(&self) -> &Self::Target { 47 | self.inner.get_data() 48 | } 49 | } 50 | 51 | /// The _Minidump_ binary view type, which the Rust plugin registers with the Binary Ninja core 52 | /// (via `binaryninja::custombinaryview::register_view_type`) as a possible binary view 53 | /// that can be applied to opened binaries. 54 | /// 55 | /// If this view type is valid for an opened binary (determined by `is_valid_for`), 56 | /// the Binary Ninja core then uses this view type to create an actual instance of the _Minidump_ 57 | /// binary view (via `create_custom_view`). 58 | pub struct MinidumpBinaryViewType { 59 | view_type: BinaryViewType, 60 | } 61 | 62 | impl MinidumpBinaryViewType { 63 | pub fn new(view_type: BinaryViewType) -> Self { 64 | MinidumpBinaryViewType { 65 | view_type: view_type, 66 | } 67 | } 68 | } 69 | 70 | impl AsRef for MinidumpBinaryViewType { 71 | fn as_ref(&self) -> &BinaryViewType { 72 | &self.view_type 73 | } 74 | } 75 | 76 | impl BinaryViewTypeBase for MinidumpBinaryViewType { 77 | fn is_deprecated(&self) -> bool { 78 | false 79 | } 80 | 81 | fn is_valid_for(&self, data: &BinaryView) -> bool { 82 | let mut magic_number = Vec::::new(); 83 | data.read_into_vec(&mut magic_number, 0, 4); 84 | 85 | magic_number == b"MDMP" 86 | } 87 | } 88 | 89 | impl CustomBinaryViewType for MinidumpBinaryViewType { 90 | fn create_custom_view<'builder>( 91 | &self, 92 | data: &BinaryView, 93 | builder: CustomViewBuilder<'builder, Self>, 94 | ) -> BinaryViewResult> { 95 | debug!("Creating MinidumpBinaryView from registered MinidumpBinaryViewType"); 96 | 97 | let binary_view = builder.create::(data, ()); 98 | binary_view 99 | } 100 | } 101 | 102 | #[derive(Debug)] 103 | struct SegmentData { 104 | rva_range: Range, 105 | mapped_addr_range: Range, 106 | } 107 | 108 | impl SegmentData { 109 | fn from_addresses_and_size(rva: u64, mapped_addr: u64, size: u64) -> Self { 110 | SegmentData { 111 | rva_range: Range { 112 | start: rva, 113 | end: rva + size, 114 | }, 115 | mapped_addr_range: Range { 116 | start: mapped_addr, 117 | end: mapped_addr + size, 118 | }, 119 | } 120 | } 121 | } 122 | 123 | #[derive(Debug)] 124 | struct SegmentMemoryProtection { 125 | readable: bool, 126 | writable: bool, 127 | executable: bool, 128 | } 129 | 130 | /// An instance of the actual _Minidump_ custom binary view. 131 | /// This contains the main logic to load the memory segments inside a minidump file into the binary view. 132 | pub struct MinidumpBinaryView { 133 | /// The handle to the "real" BinaryView object, in the Binary Ninja core. 134 | inner: binaryninja::rc::Ref, 135 | } 136 | 137 | impl MinidumpBinaryView { 138 | fn new(view: &BinaryView) -> Self { 139 | MinidumpBinaryView { 140 | inner: view.to_owned(), 141 | } 142 | } 143 | 144 | fn init(&self) -> BinaryViewResult<()> { 145 | let parent_view = self.parent_view().ok_or(())?; 146 | let read_buffer = parent_view.read_buffer(0, parent_view.len() as usize)?; 147 | let read_buffer = DataBufferWrapper::new(read_buffer); 148 | 149 | if let Ok(minidump_obj) = Minidump::read(read_buffer) { 150 | // Architecture, platform information 151 | if let Ok(minidump_system_info) = minidump_obj.get_stream::() { 152 | if let Some(platform) = MinidumpBinaryView::translate_minidump_platform( 153 | minidump_system_info.cpu, 154 | minidump_obj.endian, 155 | minidump_system_info.os, 156 | ) { 157 | self.set_default_platform(&platform); 158 | } else { 159 | error!( 160 | "Could not parse valid system information from minidump: could not map system information in MinidumpSystemInfo stream (arch {:?}, endian {:?}, os {:?}) to a known architecture", 161 | minidump_system_info.cpu, 162 | minidump_obj.endian, 163 | minidump_system_info.os, 164 | ); 165 | return Err(()); 166 | } 167 | } else { 168 | error!("Could not parse system information from minidump: could not find a valid MinidumpSystemInfo stream"); 169 | return Err(()); 170 | } 171 | 172 | // Memory segments 173 | let mut segment_data = Vec::::new(); 174 | 175 | // Memory segments in a full memory dump (MinidumpMemory64List) 176 | // Grab the shared base RVA for all entries in the MinidumpMemory64List, 177 | // since the minidump crate doesn't expose this to us 178 | if let Ok(raw_stream) = minidump_obj.get_raw_stream(MinidumpMemory64List::STREAM_TYPE) { 179 | if let Ok(base_rva_array) = raw_stream[8..16].try_into() { 180 | let base_rva = u64::from_le_bytes(base_rva_array); 181 | debug!("Found BaseRVA value {:#x}", base_rva); 182 | 183 | if let Ok(minidump_memory_list) = 184 | minidump_obj.get_stream::() 185 | { 186 | let mut current_rva = base_rva; 187 | for memory_segment in minidump_memory_list.iter() { 188 | debug!( 189 | "Found memory segment at RVA {:#x} with virtual address {:#x} and size {:#x}", 190 | current_rva, 191 | memory_segment.base_address, 192 | memory_segment.size, 193 | ); 194 | segment_data.push(SegmentData::from_addresses_and_size( 195 | current_rva.clone(), 196 | memory_segment.base_address, 197 | memory_segment.size, 198 | )); 199 | current_rva = current_rva + memory_segment.size; 200 | } 201 | } 202 | } else { 203 | error!("Could not parse BaseRVA value shared by all entries in the MinidumpMemory64List stream") 204 | } 205 | } else { 206 | warn!("Could not read memory from minidump: could not find a valid MinidumpMemory64List stream. This minidump may not be a full memory dump. Trying to find partial dump memory from a MinidumpMemoryList now..."); 207 | // Memory segments in a regular memory dump (MinidumpMemoryList), 208 | // i.e. one that does not include the full process memory data. 209 | if let Ok(minidump_memory_list) = minidump_obj.get_stream::() { 210 | for memory_segment in minidump_memory_list.by_addr() { 211 | debug!( 212 | "Found memory segment at RVA {:#x} with virtual address {:#x} and size {:#x}", 213 | memory_segment.desc.memory.rva, 214 | memory_segment.base_address, 215 | memory_segment.size 216 | ); 217 | segment_data.push(SegmentData::from_addresses_and_size( 218 | memory_segment.desc.memory.rva as u64, 219 | memory_segment.base_address, 220 | memory_segment.size, 221 | )); 222 | } 223 | } else { 224 | error!("Could not read any memory from minidump: could not find a valid MinidumpMemory64List stream or a valid MinidumpMemoryList stream."); 225 | } 226 | } 227 | 228 | // Memory protection information 229 | let mut segment_protection_data = HashMap::new(); 230 | 231 | if let Ok(minidump_memory_info_list) = 232 | minidump_obj.get_stream::() 233 | { 234 | for memory_info in minidump_memory_info_list.iter() { 235 | if let Some(memory_range) = memory_info.memory_range() { 236 | debug!( 237 | "Found memory protection info for memory segment ranging from virtual address {:#x} to {:#x}: {:#?}", 238 | memory_range.start, 239 | memory_range.end, 240 | memory_info.protection 241 | ); 242 | segment_protection_data.insert( 243 | // The range returned to us by MinidumpMemoryInfoList is an 244 | // end-inclusive range_map::Range; we need to add 1 to 245 | // the end index to make it into an end-exclusive std::ops::Range. 246 | Range { 247 | start: memory_range.start, 248 | end: memory_range.end + 1, 249 | }, 250 | memory_info.protection, 251 | ); 252 | } 253 | } 254 | } 255 | 256 | for segment in segment_data.iter() { 257 | if let Some(segment_protection) = 258 | segment_protection_data.get(&segment.mapped_addr_range) 259 | { 260 | let segment_memory_protection = 261 | MinidumpBinaryView::translate_memory_protection(*segment_protection); 262 | 263 | info!( 264 | "Adding memory segment at virtual address {:#x} to {:#x}, from data range {:#x} to {:#x}, with protections readable {}, writable {}, executable {}", 265 | segment.mapped_addr_range.start, 266 | segment.mapped_addr_range.end, 267 | segment.rva_range.start, 268 | segment.rva_range.end, 269 | segment_memory_protection.readable, 270 | segment_memory_protection.writable, 271 | segment_memory_protection.executable, 272 | ); 273 | 274 | let segment_flags = SegmentFlags::new() 275 | .readable(segment_memory_protection.readable) 276 | .writable(segment_memory_protection.writable) 277 | .executable(segment_memory_protection.executable); 278 | 279 | self.add_segment( 280 | Segment::builder(segment.mapped_addr_range.clone()) 281 | .parent_backing(segment.rva_range.clone()) 282 | .is_auto(true) 283 | .flags(segment_flags), 284 | ); 285 | } else { 286 | warn!( 287 | "Could not find memory protection information for memory segment from {:#x} to {:#x}; segment will be added as readable, writable, and executable (RWX)", segment.mapped_addr_range.start, 288 | segment.mapped_addr_range.end, 289 | ); 290 | 291 | let segment_flags = SegmentFlags::new() 292 | .readable(true) 293 | .writable(true) 294 | .executable(true); 295 | 296 | self.add_segment( 297 | Segment::builder(segment.mapped_addr_range.clone()) 298 | .parent_backing(segment.rva_range.clone()) 299 | // In order to allow the user to actually edit the segment 300 | // and manually adjust the permissions here to the correct ones, 301 | // we need to set `is_auto` to false. 302 | .is_auto(false) 303 | .flags(segment_flags), 304 | ); 305 | } 306 | } 307 | 308 | // Module information 309 | // This stretches the concept a bit, but we can add each module as a 310 | // separate "section" of the binary. 311 | // Sections can be named, and can span multiple segments. 312 | if let Ok(minidump_module_list) = minidump_obj.get_stream::() { 313 | for module_info in minidump_module_list.by_addr() { 314 | info!( 315 | "Found module with name {} at virtual address {:#x} with size {:#x}", 316 | module_info.name, 317 | module_info.base_address(), 318 | module_info.size(), 319 | ); 320 | let module_address_range = Range { 321 | start: module_info.base_address(), 322 | end: module_info.base_address() + module_info.size(), 323 | }; 324 | self.add_section( 325 | Section::builder(module_info.name.clone(), module_address_range) 326 | .is_auto(true), 327 | ); 328 | } 329 | } else { 330 | warn!("Could not find valid module information in minidump: could not find a valid MinidumpModuleList stream"); 331 | } 332 | } else { 333 | error!("Could not parse data as minidump"); 334 | return Err(()); 335 | } 336 | Ok(()) 337 | } 338 | 339 | fn translate_minidump_platform( 340 | minidump_cpu_arch: minidump::system_info::Cpu, 341 | minidump_endian: minidump::Endian, 342 | minidump_os: minidump::system_info::Os, 343 | ) -> Option> { 344 | match minidump_os { 345 | minidump::system_info::Os::Windows => match minidump_cpu_arch { 346 | minidump::system_info::Cpu::Arm64 => Platform::by_name("windows-aarch64"), 347 | minidump::system_info::Cpu::Arm => Platform::by_name("windows-armv7"), 348 | minidump::system_info::Cpu::X86 => Platform::by_name("windows-x86"), 349 | minidump::system_info::Cpu::X86_64 => Platform::by_name("windows-x86_64"), 350 | _ => None, 351 | }, 352 | minidump::system_info::Os::MacOs => match minidump_cpu_arch { 353 | minidump::system_info::Cpu::Arm64 => Platform::by_name("mac-aarch64"), 354 | minidump::system_info::Cpu::Arm => Platform::by_name("mac-armv7"), 355 | minidump::system_info::Cpu::X86 => Platform::by_name("mac-x86"), 356 | minidump::system_info::Cpu::X86_64 => Platform::by_name("mac-x86_64"), 357 | _ => None, 358 | }, 359 | minidump::system_info::Os::Linux => match minidump_cpu_arch { 360 | minidump::system_info::Cpu::Arm64 => Platform::by_name("linux-aarch64"), 361 | minidump::system_info::Cpu::Arm => Platform::by_name("linux-armv7"), 362 | minidump::system_info::Cpu::X86 => Platform::by_name("linux-x86"), 363 | minidump::system_info::Cpu::X86_64 => Platform::by_name("linux-x86_64"), 364 | minidump::system_info::Cpu::Ppc => match minidump_endian { 365 | minidump::Endian::Little => Platform::by_name("linux-ppc32_le"), 366 | minidump::Endian::Big => Platform::by_name("linux-ppc32"), 367 | }, 368 | minidump::system_info::Cpu::Ppc64 => match minidump_endian { 369 | minidump::Endian::Little => Platform::by_name("linux-ppc64_le"), 370 | minidump::Endian::Big => Platform::by_name("linux-ppc64"), 371 | }, 372 | _ => None, 373 | }, 374 | minidump::system_info::Os::NaCl => None, 375 | minidump::system_info::Os::Android => None, 376 | minidump::system_info::Os::Ios => None, 377 | minidump::system_info::Os::Ps3 => None, 378 | minidump::system_info::Os::Solaris => None, 379 | _ => None, 380 | } 381 | } 382 | 383 | fn translate_memory_protection( 384 | minidump_memory_protection: MemoryProtection, 385 | ) -> SegmentMemoryProtection { 386 | let (readable, writable, executable) = match minidump_memory_protection { 387 | MemoryProtection::PAGE_NOACCESS => (false, false, false), 388 | MemoryProtection::PAGE_READONLY => (true, false, false), 389 | MemoryProtection::PAGE_READWRITE => (true, true, false), 390 | MemoryProtection::PAGE_WRITECOPY => (true, true, false), 391 | MemoryProtection::PAGE_EXECUTE => (false, false, true), 392 | MemoryProtection::PAGE_EXECUTE_READ => (true, false, true), 393 | MemoryProtection::PAGE_EXECUTE_READWRITE => (true, true, true), 394 | MemoryProtection::PAGE_EXECUTE_WRITECOPY => (true, true, true), 395 | MemoryProtection::ACCESS_MASK => (false, false, false), 396 | MemoryProtection::PAGE_GUARD => (false, false, false), 397 | MemoryProtection::PAGE_NOCACHE => (false, false, false), 398 | MemoryProtection::PAGE_WRITECOMBINE => (false, false, false), 399 | _ => (false, false, false), 400 | }; 401 | SegmentMemoryProtection { 402 | readable, 403 | writable, 404 | executable, 405 | } 406 | } 407 | } 408 | 409 | impl AsRef for MinidumpBinaryView { 410 | fn as_ref(&self) -> &BinaryView { 411 | &self.inner 412 | } 413 | } 414 | 415 | impl BinaryViewBase for MinidumpBinaryView { 416 | fn address_size(&self) -> usize { 417 | if let Some(plat) = self.default_platform() { 418 | plat.arch().address_size() 419 | } else { 420 | error!("Could not determine platform, assuming address size of 4"); 421 | 4 422 | } 423 | } 424 | 425 | fn default_endianness(&self) -> Endianness { 426 | if let Some(plat) = self.default_platform() { 427 | plat.arch().endianness() 428 | } else { 429 | error!("Could not determine platform, assuming little endian"); 430 | Endianness::LittleEndian 431 | } 432 | } 433 | 434 | fn entry_point(&self) -> u64 { 435 | // TODO: We should fill this out with a real entry point. 436 | // This can be done by getting the main module of the minidump 437 | // with MinidumpModuleList::main_module, 438 | // then parsing the PE metadata of the main module to find its entry point(s). 439 | 0 440 | } 441 | } 442 | 443 | unsafe impl CustomBinaryView for MinidumpBinaryView { 444 | type Args = (); 445 | 446 | fn new(handle: &BinaryView, _args: &Self::Args) -> BinaryViewResult { 447 | Ok(MinidumpBinaryView::new(handle)) 448 | } 449 | 450 | fn init(&mut self, _args: Self::Args) -> BinaryViewResult<()> { 451 | MinidumpBinaryView::init(self) 452 | } 453 | } 454 | --------------------------------------------------------------------------------