1 //===- KillTheDoctor - Prevent Dr. Watson from stopping tests ---*- C++ -*-===//
2 //
3 //                     The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 // This program provides an extremely hacky way to stop Dr. Watson from starting
11 // due to unhandled exceptions in child processes.
12 //
13 // This simply starts the program named in the first positional argument with
14 // the arguments following it under a debugger. All this debugger does is catch
15 // any unhandled exceptions thrown in the child process and close the program
16 // (and hopefully tells someone about it).
17 //
18 // This also provides another really hacky method to prevent assert dialog boxes
19 // from popping up. When --no-user32 is passed, if any process loads user32.dll,
20 // we assume it is trying to call MessageBoxEx and terminate it. The proper way
21 // to do this would be to actually set a break point, but there's quite a bit
22 // of code involved to get the address of MessageBoxEx in the remote process's
23 // address space due to Address space layout randomization (ASLR). This can be
24 // added if it's ever actually needed.
25 //
26 // If the subprocess exits for any reason other than successful termination, -1
27 // is returned. If the process exits normally the value it returned is returned.
28 //
29 // I hate Windows.
30 //
31 //===----------------------------------------------------------------------===//
32 
33 #include "llvm/ADT/STLExtras.h"
34 #include "llvm/ADT/SmallString.h"
35 #include "llvm/ADT/SmallVector.h"
36 #include "llvm/ADT/StringExtras.h"
37 #include "llvm/ADT/StringRef.h"
38 #include "llvm/ADT/Twine.h"
39 #include "llvm/Support/CommandLine.h"
40 #include "llvm/Support/ManagedStatic.h"
41 #include "llvm/Support/Path.h"
42 #include "llvm/Support/PrettyStackTrace.h"
43 #include "llvm/Support/Signals.h"
44 #include "llvm/Support/WindowsError.h"
45 #include "llvm/Support/raw_ostream.h"
46 #include "llvm/Support/type_traits.h"
47 #include <algorithm>
48 #include <cerrno>
49 #include <cstdlib>
50 #include <map>
51 #include <string>
52 #include <system_error>
53 
54 // These includes must be last.
55 #include <Windows.h>
56 #include <WinError.h>
57 #include <Dbghelp.h>
58 #include <psapi.h>
59 
60 using namespace llvm;
61 
62 #undef max
63 
64 namespace {
65   cl::opt<std::string> ProgramToRun(cl::Positional,
66     cl::desc("<program to run>"));
67   cl::list<std::string>  Argv(cl::ConsumeAfter,
68     cl::desc("<program arguments>..."));
69   cl::opt<bool> TraceExecution("x",
70     cl::desc("Print detailed output about what is being run to stderr."));
71   cl::opt<unsigned> Timeout("t", cl::init(0),
72     cl::desc("Set maximum runtime in seconds. Defaults to infinite."));
73   cl::opt<bool> NoUser32("no-user32",
74     cl::desc("Terminate process if it loads user32.dll."));
75 
76   StringRef ToolName;
77 
78   template <typename HandleType>
79   class ScopedHandle {
80     typedef typename HandleType::handle_type handle_type;
81 
82     handle_type Handle;
83 
84   public:
ScopedHandle()85     ScopedHandle()
86       : Handle(HandleType::GetInvalidHandle()) {}
87 
ScopedHandle(handle_type handle)88     explicit ScopedHandle(handle_type handle)
89       : Handle(handle) {}
90 
~ScopedHandle()91     ~ScopedHandle() {
92       HandleType::Destruct(Handle);
93     }
94 
operator =(handle_type handle)95     ScopedHandle& operator=(handle_type handle) {
96       // Cleanup current handle.
97       if (!HandleType::isValid(Handle))
98         HandleType::Destruct(Handle);
99       Handle = handle;
100       return *this;
101     }
102 
operator bool() const103     operator bool() const {
104       return HandleType::isValid(Handle);
105     }
106 
operator handle_type()107     operator handle_type() {
108       return Handle;
109     }
110   };
111 
112   // This implements the most common handle in the Windows API.
113   struct CommonHandle {
114     typedef HANDLE handle_type;
115 
GetInvalidHandle__anonbc66c40b0111::CommonHandle116     static handle_type GetInvalidHandle() {
117       return INVALID_HANDLE_VALUE;
118     }
119 
Destruct__anonbc66c40b0111::CommonHandle120     static void Destruct(handle_type Handle) {
121       ::CloseHandle(Handle);
122     }
123 
isValid__anonbc66c40b0111::CommonHandle124     static bool isValid(handle_type Handle) {
125       return Handle != GetInvalidHandle();
126     }
127   };
128 
129   struct FileMappingHandle {
130     typedef HANDLE handle_type;
131 
GetInvalidHandle__anonbc66c40b0111::FileMappingHandle132     static handle_type GetInvalidHandle() {
133       return NULL;
134     }
135 
Destruct__anonbc66c40b0111::FileMappingHandle136     static void Destruct(handle_type Handle) {
137       ::CloseHandle(Handle);
138     }
139 
isValid__anonbc66c40b0111::FileMappingHandle140     static bool isValid(handle_type Handle) {
141       return Handle != GetInvalidHandle();
142     }
143   };
144 
145   struct MappedViewOfFileHandle {
146     typedef LPVOID handle_type;
147 
GetInvalidHandle__anonbc66c40b0111::MappedViewOfFileHandle148     static handle_type GetInvalidHandle() {
149       return NULL;
150     }
151 
Destruct__anonbc66c40b0111::MappedViewOfFileHandle152     static void Destruct(handle_type Handle) {
153       ::UnmapViewOfFile(Handle);
154     }
155 
isValid__anonbc66c40b0111::MappedViewOfFileHandle156     static bool isValid(handle_type Handle) {
157       return Handle != GetInvalidHandle();
158     }
159   };
160 
161   struct ProcessHandle : CommonHandle {};
162   struct ThreadHandle  : CommonHandle {};
163   struct TokenHandle   : CommonHandle {};
164   struct FileHandle    : CommonHandle {};
165 
166   typedef ScopedHandle<FileMappingHandle>       FileMappingScopedHandle;
167   typedef ScopedHandle<MappedViewOfFileHandle>  MappedViewOfFileScopedHandle;
168   typedef ScopedHandle<ProcessHandle>           ProcessScopedHandle;
169   typedef ScopedHandle<ThreadHandle>            ThreadScopedHandle;
170   typedef ScopedHandle<TokenHandle>             TokenScopedHandle;
171   typedef ScopedHandle<FileHandle>              FileScopedHandle;
172 }
173 
windows_error(DWORD E)174 static std::error_code windows_error(DWORD E) { return mapWindowsError(E); }
175 
GetFileNameFromHandle(HANDLE FileHandle,std::string & Name)176 static std::error_code GetFileNameFromHandle(HANDLE FileHandle,
177                                              std::string &Name) {
178   char Filename[MAX_PATH+1];
179   bool Success = false;
180   Name.clear();
181 
182   // Get the file size.
183   LARGE_INTEGER FileSize;
184   Success = ::GetFileSizeEx(FileHandle, &FileSize);
185 
186   if (!Success)
187     return windows_error(::GetLastError());
188 
189   // Create a file mapping object.
190   FileMappingScopedHandle FileMapping(
191     ::CreateFileMappingA(FileHandle,
192                          NULL,
193                          PAGE_READONLY,
194                          0,
195                          1,
196                          NULL));
197 
198   if (!FileMapping)
199     return windows_error(::GetLastError());
200 
201   // Create a file mapping to get the file name.
202   MappedViewOfFileScopedHandle MappedFile(
203     ::MapViewOfFile(FileMapping, FILE_MAP_READ, 0, 0, 1));
204 
205   if (!MappedFile)
206     return windows_error(::GetLastError());
207 
208   Success = ::GetMappedFileNameA(::GetCurrentProcess(),
209                                 MappedFile,
210                                 Filename,
211                                 array_lengthof(Filename) - 1);
212 
213   if (!Success)
214     return windows_error(::GetLastError());
215   else {
216     Name = Filename;
217     return std::error_code();
218   }
219 }
220 
221 /// @brief Find program using shell lookup rules.
222 /// @param Program This is either an absolute path, relative path, or simple a
223 ///        program name. Look in PATH for any programs that match. If no
224 ///        extension is present, try all extensions in PATHEXT.
225 /// @return If ec == errc::success, The absolute path to the program. Otherwise
226 ///         the return value is undefined.
FindProgram(const std::string & Program,std::error_code & ec)227 static std::string FindProgram(const std::string &Program,
228                                std::error_code &ec) {
229   char PathName[MAX_PATH + 1];
230   typedef SmallVector<StringRef, 12> pathext_t;
231   pathext_t pathext;
232   // Check for the program without an extension (in case it already has one).
233   pathext.push_back("");
234   SplitString(std::getenv("PATHEXT"), pathext, ";");
235 
236   for (pathext_t::iterator i = pathext.begin(), e = pathext.end(); i != e; ++i){
237     SmallString<5> ext;
238     for (std::size_t ii = 0, e = i->size(); ii != e; ++ii)
239       ext.push_back(::tolower((*i)[ii]));
240     LPCSTR Extension = NULL;
241     if (ext.size() && ext[0] == '.')
242       Extension = ext.c_str();
243     DWORD length = ::SearchPathA(NULL,
244                                  Program.c_str(),
245                                  Extension,
246                                  array_lengthof(PathName),
247                                  PathName,
248                                  NULL);
249     if (length == 0)
250       ec = windows_error(::GetLastError());
251     else if (length > array_lengthof(PathName)) {
252       // This may have been the file, return with error.
253       ec = windows_error(ERROR_BUFFER_OVERFLOW);
254       break;
255     } else {
256       // We found the path! Return it.
257       ec = std::error_code();
258       break;
259     }
260   }
261 
262   // Make sure PathName is valid.
263   PathName[MAX_PATH] = 0;
264   return PathName;
265 }
266 
ExceptionCodeToString(DWORD ExceptionCode)267 static StringRef ExceptionCodeToString(DWORD ExceptionCode) {
268   switch(ExceptionCode) {
269   case EXCEPTION_ACCESS_VIOLATION: return "EXCEPTION_ACCESS_VIOLATION";
270   case EXCEPTION_ARRAY_BOUNDS_EXCEEDED:
271     return "EXCEPTION_ARRAY_BOUNDS_EXCEEDED";
272   case EXCEPTION_BREAKPOINT: return "EXCEPTION_BREAKPOINT";
273   case EXCEPTION_DATATYPE_MISALIGNMENT:
274     return "EXCEPTION_DATATYPE_MISALIGNMENT";
275   case EXCEPTION_FLT_DENORMAL_OPERAND: return "EXCEPTION_FLT_DENORMAL_OPERAND";
276   case EXCEPTION_FLT_DIVIDE_BY_ZERO: return "EXCEPTION_FLT_DIVIDE_BY_ZERO";
277   case EXCEPTION_FLT_INEXACT_RESULT: return "EXCEPTION_FLT_INEXACT_RESULT";
278   case EXCEPTION_FLT_INVALID_OPERATION:
279     return "EXCEPTION_FLT_INVALID_OPERATION";
280   case EXCEPTION_FLT_OVERFLOW: return "EXCEPTION_FLT_OVERFLOW";
281   case EXCEPTION_FLT_STACK_CHECK: return "EXCEPTION_FLT_STACK_CHECK";
282   case EXCEPTION_FLT_UNDERFLOW: return "EXCEPTION_FLT_UNDERFLOW";
283   case EXCEPTION_ILLEGAL_INSTRUCTION: return "EXCEPTION_ILLEGAL_INSTRUCTION";
284   case EXCEPTION_IN_PAGE_ERROR: return "EXCEPTION_IN_PAGE_ERROR";
285   case EXCEPTION_INT_DIVIDE_BY_ZERO: return "EXCEPTION_INT_DIVIDE_BY_ZERO";
286   case EXCEPTION_INT_OVERFLOW: return "EXCEPTION_INT_OVERFLOW";
287   case EXCEPTION_INVALID_DISPOSITION: return "EXCEPTION_INVALID_DISPOSITION";
288   case EXCEPTION_NONCONTINUABLE_EXCEPTION:
289     return "EXCEPTION_NONCONTINUABLE_EXCEPTION";
290   case EXCEPTION_PRIV_INSTRUCTION: return "EXCEPTION_PRIV_INSTRUCTION";
291   case EXCEPTION_SINGLE_STEP: return "EXCEPTION_SINGLE_STEP";
292   case EXCEPTION_STACK_OVERFLOW: return "EXCEPTION_STACK_OVERFLOW";
293   default: return "<unknown>";
294   }
295 }
296 
main(int argc,char ** argv)297 int main(int argc, char **argv) {
298   // Print a stack trace if we signal out.
299   sys::PrintStackTraceOnErrorSignal(argv[0]);
300   PrettyStackTraceProgram X(argc, argv);
301   llvm_shutdown_obj Y;  // Call llvm_shutdown() on exit.
302 
303   ToolName = argv[0];
304 
305   cl::ParseCommandLineOptions(argc, argv, "Dr. Watson Assassin.\n");
306   if (ProgramToRun.size() == 0) {
307     cl::PrintHelpMessage();
308     return -1;
309   }
310 
311   if (Timeout > std::numeric_limits<uint32_t>::max() / 1000) {
312     errs() << ToolName << ": Timeout value too large, must be less than: "
313                        << std::numeric_limits<uint32_t>::max() / 1000
314                        << '\n';
315     return -1;
316   }
317 
318   std::string CommandLine(ProgramToRun);
319 
320   std::error_code ec;
321   ProgramToRun = FindProgram(ProgramToRun, ec);
322   if (ec) {
323     errs() << ToolName << ": Failed to find program: '" << CommandLine
324            << "': " << ec.message() << '\n';
325     return -1;
326   }
327 
328   if (TraceExecution)
329     errs() << ToolName << ": Found Program: " << ProgramToRun << '\n';
330 
331   for (const std::string &Arg : Argv) {
332     CommandLine.push_back(' ');
333     CommandLine.append(Arg);
334   }
335 
336   if (TraceExecution)
337     errs() << ToolName << ": Program Image Path: " << ProgramToRun << '\n'
338            << ToolName << ": Command Line: " << CommandLine << '\n';
339 
340   STARTUPINFOA StartupInfo;
341   PROCESS_INFORMATION ProcessInfo;
342   std::memset(&StartupInfo, 0, sizeof(StartupInfo));
343   StartupInfo.cb = sizeof(StartupInfo);
344   std::memset(&ProcessInfo, 0, sizeof(ProcessInfo));
345 
346   // Set error mode to not display any message boxes. The child process inherits
347   // this.
348   ::SetErrorMode(SEM_FAILCRITICALERRORS | SEM_NOGPFAULTERRORBOX);
349   ::_set_error_mode(_OUT_TO_STDERR);
350 
351   BOOL success = ::CreateProcessA(ProgramToRun.c_str(),
352                             LPSTR(CommandLine.c_str()),
353                                   NULL,
354                                   NULL,
355                                   FALSE,
356                                   DEBUG_PROCESS,
357                                   NULL,
358                                   NULL,
359                                   &StartupInfo,
360                                   &ProcessInfo);
361   if (!success) {
362     errs() << ToolName << ": Failed to run program: '" << ProgramToRun << "': "
363            << std::error_code(windows_error(::GetLastError())).message()
364            << '\n';
365     return -1;
366   }
367 
368   // Make sure ::CloseHandle is called on exit.
369   std::map<DWORD, HANDLE> ProcessIDToHandle;
370 
371   DEBUG_EVENT DebugEvent;
372   std::memset(&DebugEvent, 0, sizeof(DebugEvent));
373   DWORD dwContinueStatus = DBG_CONTINUE;
374 
375   // Run the program under the debugger until either it exits, or throws an
376   // exception.
377   if (TraceExecution)
378     errs() << ToolName << ": Debugging...\n";
379 
380   while(true) {
381     DWORD TimeLeft = INFINITE;
382     if (Timeout > 0) {
383       FILETIME CreationTime, ExitTime, KernelTime, UserTime;
384       ULARGE_INTEGER a, b;
385       success = ::GetProcessTimes(ProcessInfo.hProcess,
386                                   &CreationTime,
387                                   &ExitTime,
388                                   &KernelTime,
389                                   &UserTime);
390       if (!success) {
391         ec = windows_error(::GetLastError());
392 
393         errs() << ToolName << ": Failed to get process times: "
394                << ec.message() << '\n';
395         return -1;
396       }
397       a.LowPart = KernelTime.dwLowDateTime;
398       a.HighPart = KernelTime.dwHighDateTime;
399       b.LowPart = UserTime.dwLowDateTime;
400       b.HighPart = UserTime.dwHighDateTime;
401       // Convert 100-nanosecond units to milliseconds.
402       uint64_t TotalTimeMiliseconds = (a.QuadPart + b.QuadPart) / 10000;
403       // Handle the case where the process has been running for more than 49
404       // days.
405       if (TotalTimeMiliseconds > std::numeric_limits<uint32_t>::max()) {
406         errs() << ToolName << ": Timeout Failed: Process has been running for"
407                               "more than 49 days.\n";
408         return -1;
409       }
410 
411       // We check with > instead of using Timeleft because if
412       // TotalTimeMiliseconds is greater than Timeout * 1000, TimeLeft would
413       // underflow.
414       if (TotalTimeMiliseconds > (Timeout * 1000)) {
415         errs() << ToolName << ": Process timed out.\n";
416         ::TerminateProcess(ProcessInfo.hProcess, -1);
417         // Otherwise other stuff starts failing...
418         return -1;
419       }
420 
421       TimeLeft = (Timeout * 1000) - static_cast<uint32_t>(TotalTimeMiliseconds);
422     }
423     success = WaitForDebugEvent(&DebugEvent, TimeLeft);
424 
425     if (!success) {
426       DWORD LastError = ::GetLastError();
427       ec = windows_error(LastError);
428 
429       if (LastError == ERROR_SEM_TIMEOUT || LastError == WSAETIMEDOUT) {
430         errs() << ToolName << ": Process timed out.\n";
431         ::TerminateProcess(ProcessInfo.hProcess, -1);
432         // Otherwise other stuff starts failing...
433         return -1;
434       }
435 
436       errs() << ToolName << ": Failed to wait for debug event in program: '"
437              << ProgramToRun << "': " << ec.message() << '\n';
438       return -1;
439     }
440 
441     switch(DebugEvent.dwDebugEventCode) {
442     case CREATE_PROCESS_DEBUG_EVENT:
443       // Make sure we remove the handle on exit.
444       if (TraceExecution)
445         errs() << ToolName << ": Debug Event: CREATE_PROCESS_DEBUG_EVENT\n";
446       ProcessIDToHandle[DebugEvent.dwProcessId] =
447         DebugEvent.u.CreateProcessInfo.hProcess;
448       ::CloseHandle(DebugEvent.u.CreateProcessInfo.hFile);
449       break;
450     case EXIT_PROCESS_DEBUG_EVENT: {
451         if (TraceExecution)
452           errs() << ToolName << ": Debug Event: EXIT_PROCESS_DEBUG_EVENT\n";
453 
454         // If this is the process we originally created, exit with its exit
455         // code.
456         if (DebugEvent.dwProcessId == ProcessInfo.dwProcessId)
457           return DebugEvent.u.ExitProcess.dwExitCode;
458 
459         // Otherwise cleanup any resources we have for it.
460         std::map<DWORD, HANDLE>::iterator ExitingProcess =
461           ProcessIDToHandle.find(DebugEvent.dwProcessId);
462         if (ExitingProcess == ProcessIDToHandle.end()) {
463           errs() << ToolName << ": Got unknown process id!\n";
464           return -1;
465         }
466         ::CloseHandle(ExitingProcess->second);
467         ProcessIDToHandle.erase(ExitingProcess);
468       }
469       break;
470     case CREATE_THREAD_DEBUG_EVENT:
471       ::CloseHandle(DebugEvent.u.CreateThread.hThread);
472       break;
473     case LOAD_DLL_DEBUG_EVENT: {
474         // Cleanup the file handle.
475         FileScopedHandle DLLFile(DebugEvent.u.LoadDll.hFile);
476         std::string DLLName;
477         ec = GetFileNameFromHandle(DLLFile, DLLName);
478         if (ec) {
479           DLLName = "<failed to get file name from file handle> : ";
480           DLLName += ec.message();
481         }
482         if (TraceExecution) {
483           errs() << ToolName << ": Debug Event: LOAD_DLL_DEBUG_EVENT\n";
484           errs().indent(ToolName.size()) << ": DLL Name : " << DLLName << '\n';
485         }
486 
487         if (NoUser32 && sys::path::stem(DLLName) == "user32") {
488           // Program is loading user32.dll, in the applications we are testing,
489           // this only happens if an assert has fired. By now the message has
490           // already been printed, so simply close the program.
491           errs() << ToolName << ": user32.dll loaded!\n";
492           errs().indent(ToolName.size())
493                  << ": This probably means that assert was called. Closing "
494                     "program to prevent message box from popping up.\n";
495           dwContinueStatus = DBG_CONTINUE;
496           ::TerminateProcess(ProcessIDToHandle[DebugEvent.dwProcessId], -1);
497           return -1;
498         }
499       }
500       break;
501     case EXCEPTION_DEBUG_EVENT: {
502         // Close the application if this exception will not be handled by the
503         // child application.
504         if (TraceExecution)
505           errs() << ToolName << ": Debug Event: EXCEPTION_DEBUG_EVENT\n";
506 
507         EXCEPTION_DEBUG_INFO  &Exception = DebugEvent.u.Exception;
508         if (Exception.dwFirstChance > 0) {
509           if (TraceExecution) {
510             errs().indent(ToolName.size()) << ": Debug Info : ";
511             errs() << "First chance exception at "
512                    << Exception.ExceptionRecord.ExceptionAddress
513                    << ", exception code: "
514                    << ExceptionCodeToString(
515                         Exception.ExceptionRecord.ExceptionCode)
516                    << " (" << Exception.ExceptionRecord.ExceptionCode << ")\n";
517           }
518           dwContinueStatus = DBG_EXCEPTION_NOT_HANDLED;
519         } else {
520           errs() << ToolName << ": Unhandled exception in: " << ProgramToRun
521                  << "!\n";
522                  errs().indent(ToolName.size()) << ": location: ";
523                  errs() << Exception.ExceptionRecord.ExceptionAddress
524                         << ", exception code: "
525                         << ExceptionCodeToString(
526                             Exception.ExceptionRecord.ExceptionCode)
527                         << " (" << Exception.ExceptionRecord.ExceptionCode
528                         << ")\n";
529           dwContinueStatus = DBG_CONTINUE;
530           ::TerminateProcess(ProcessIDToHandle[DebugEvent.dwProcessId], -1);
531           return -1;
532         }
533       }
534       break;
535     default:
536       // Do nothing.
537       if (TraceExecution)
538         errs() << ToolName << ": Debug Event: <unknown>\n";
539       break;
540     }
541 
542     success = ContinueDebugEvent(DebugEvent.dwProcessId,
543                                  DebugEvent.dwThreadId,
544                                  dwContinueStatus);
545     if (!success) {
546       ec = windows_error(::GetLastError());
547       errs() << ToolName << ": Failed to continue debugging program: '"
548              << ProgramToRun << "': " << ec.message() << '\n';
549       return -1;
550     }
551 
552     dwContinueStatus = DBG_CONTINUE;
553   }
554 
555   assert(0 && "Fell out of debug loop. This shouldn't be possible!");
556   return -1;
557 }
558