Windbg-ize output

Move closer to windbg's output. Might as well try to match something, and lord knows it wont be gdb.
yrp604 · Jun 23, 2019 · 0edf299 · 0edf299
1 parent 928155b
commit 0edf299
Show file tree

Hide file tree

Showing 4 changed files with 134 additions and 129 deletions.
diff --git a/README.md b/README.md
@@ -30,64 +30,75 @@ Rappel has two modes it can operate in. A pipe mode for one off things, a la
 
 ```
 $ echo "inc eax" | bin/rappel
-rax:0x0000000000000001  rbx:0x0000000000000000  rcx:0x0000000000000000  rdx:0x0000000000000000
-rsi:0x0000000000000000  rdi:0x0000000000000000  r8 :0x0000000000000000  r9 :0x0000000000000000
-r10:0x0000000000000000  r11:0x0000000000000000  r12:0x0000000000000000  r13:0x0000000000000000
-r14:0x0000000000000000  r15:0x0000000000000000
-rip:0x0000000000400003  rsp:0x00007fffffffee80  rbp:0x0000000000000000
-flags:0x0000000000000202 [CF: 0, ZF: 0, OF: 0, SF: 0, PF: 0, AF: 0]
+rax=0000000000000001 rbx=0000000000000000 rcx=0000000000000000
+rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
+rip=0000000000400004 rsp=00007ffc73019c20 rbp=0000000000000000
+ r8=0000000000000000  r9=0000000000000000 r10=0000000000000000
+r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
+r14=0000000000000000 r15=0000000000000000
+[cf:0, zf:0, of:0, sf:0, pf:0, af:0, df:0]
+cs=0033  ss=002b  ds=0000  es=0000  fs=0000  gs=0000            efl=00000202
 $
 ```
 
 Or an interactive mode:
 
 ```
 $ bin/rappel
-rax:0x0000000000000000  rbx:0x0000000000000000  rcx:0x0000000000000000  rdx:0x0000000000000000
-rsi:0x0000000000000000  rdi:0x0000000000000000  r8 :0x0000000000000000  r9 :0x0000000000000000
-r10:0x0000000000000000  r11:0x0000000000000000  r12:0x0000000000000000  r13:0x0000000000000000
-r14:0x0000000000000000  r15:0x0000000000000000
-rip:0x0000000000400001  rsp:0x00007fffffffee80  rbp:0x0000000000000000
-flags:0x0000000000000202 [CF: 0, ZF: 0, OF: 0, SF: 0, PF: 0, AF: 0]
+rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
+rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
+rip=0000000000400001 rsp=00007ffdedb264a0 rbp=0000000000000000
+ r8=0000000000000000  r9=0000000000000000 r10=0000000000000000
+r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
+r14=0000000000000000 r15=0000000000000000
+[cf:0, zf:0, of:0, sf:0, pf:0, af:0, df:0]
+cs=0033  ss=002b  ds=0000  es=0000  fs=0000  gs=0000            efl=00000202
 > inc rax
-rax:0x0000000000000001  rbx:0x0000000000000000  rcx:0x0000000000000000  rdx:0x0000000000000000
-rsi:0x0000000000000000  rdi:0x0000000000000000  r8 :0x0000000000000000  r9 :0x0000000000000000
-r10:0x0000000000000000  r11:0x0000000000000000  r12:0x0000000000000000  r13:0x0000000000000000
-r14:0x0000000000000000  r15:0x0000000000000000
-rip:0x0000000000400004  rsp:0x00007fffffffee80  rbp:0x0000000000000000
-flags:0x0000000000000202 [CF: 0, ZF: 0, OF: 0, SF: 0, PF: 0, AF: 0]
+rax=0000000000000001 rbx=0000000000000000 rcx=0000000000000000
+rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
+rip=0000000000400004 rsp=00007ffdedb264a0 rbp=0000000000000000
+ r8=0000000000000000  r9=0000000000000000 r10=0000000000000000
+r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
+r14=0000000000000000 r15=0000000000000000
+[cf:0, zf:0, of:0, sf:0, pf:0, af:0, df:0]
+cs=0033  ss=002b  ds=0000  es=0000  fs=0000  gs=0000            efl=00000202
 > push rax
-rax:0x0000000000000001  rbx:0x0000000000000000  rcx:0x0000000000000000  rdx:0x0000000000000000
-rsi:0x0000000000000000  rdi:0x0000000000000000  r8 :0x0000000000000000  r9 :0x0000000000000000
-r10:0x0000000000000000  r11:0x0000000000000000  r12:0x0000000000000000  r13:0x0000000000000000
-r14:0x0000000000000000  r15:0x0000000000000000
-rip:0x0000000000400002  rsp:0x00007fffffffee78  rbp:0x0000000000000000
-flags:0x0000000000000202 [CF: 0, ZF: 0, OF: 0, SF: 0, PF: 0, AF: 0]
+rax=0000000000000001 rbx=0000000000000000 rcx=0000000000000000
+rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
+rip=0000000000400002 rsp=00007ffdedb26498 rbp=0000000000000000
+ r8=0000000000000000  r9=0000000000000000 r10=0000000000000000
+r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
+r14=0000000000000000 r15=0000000000000000
+[cf:0, zf:0, of:0, sf:0, pf:0, af:0, df:0]
+cs=0033  ss=002b  ds=0000  es=0000  fs=0000  gs=0000            efl=00000202
 > pop rbx
-rax:0x0000000000000001  rbx:0x0000000000000001  rcx:0x0000000000000000  rdx:0x0000000000000000
-rsi:0x0000000000000000  rdi:0x0000000000000000  r8 :0x0000000000000000  r9 :0x0000000000000000
-r10:0x0000000000000000  r11:0x0000000000000000  r12:0x0000000000000000  r13:0x0000000000000000
-r14:0x0000000000000000  r15:0x0000000000000000
-rip:0x0000000000400002  rsp:0x00007fffffffee80  rbp:0x0000000000000000
-flags:0x0000000000000202 [CF: 0, ZF: 0, OF: 0, SF: 0, PF: 0, AF: 0]
+rax=0000000000000001 rbx=0000000000000001 rcx=0000000000000000
+rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
+rip=0000000000400002 rsp=00007ffdedb264a0 rbp=0000000000000000
+ r8=0000000000000000  r9=0000000000000000 r10=0000000000000000
+r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
+r14=0000000000000000 r15=0000000000000000
+[cf:0, zf:0, of:0, sf:0, pf:0, af:0, df:0]
+cs=0033  ss=002b  ds=0000  es=0000  fs=0000  gs=0000            efl=00000202
 > cmp rax, rbx
-rax:0x0000000000000001  rbx:0x0000000000000001  rcx:0x0000000000000000  rdx:0x0000000000000000
-rsi:0x0000000000000000  rdi:0x0000000000000000  r8 :0x0000000000000000  r9 :0x0000000000000000
-r10:0x0000000000000000  r11:0x0000000000000000  r12:0x0000000000000000  r13:0x0000000000000000
-r14:0x0000000000000000  r15:0x0000000000000000
-rip:0x0000000000400004  rsp:0x00007fffffffee80  rbp:0x0000000000000000
-flags:0x0000000000000246 [CF: 0, ZF: 1, OF: 0, SF: 0, PF: 0, AF: 0]
+rax=0000000000000001 rbx=0000000000000001 rcx=0000000000000000
+rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
+rip=0000000000400004 rsp=00007ffdedb264a0 rbp=0000000000000000
+ r8=0000000000000000  r9=0000000000000000 r10=0000000000000000
+r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
+r14=0000000000000000 r15=0000000000000000
+[cf:0, zf:1, of:0, sf:0, pf:1, af:0, df:0]
+cs=0033  ss=002b  ds=0000  es=0000  fs=0000  gs=0000            efl=00000246
 > ^D
 $
 ```
 
 x86 looks like:
 ```
 $ echo "nop" | bin/rappel
-eax:0x00000000  ebx:0x00000000  ecx:0x00000000  edx:0x00000000
-esi:0x00000000  edi:0x00000000
-eip:0x00400002  esp:0xffffdf10  ebp:0x00000000
-flags:0x00000202 [CF: 0, ZF: 0, OF: 0, SF: 0, PF: 0, AF: 0]
+eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
+eip=00400002 esp=ffc67240 ebp=00000000 [cf:0, zf:0, of:0, sf:0, pf:0, af:0, df:0]
+cs=0023  ss=002b  ds=002b  es=002b  fs=0000  gs=0000            efl=00000202
 $
 ```
 
@@ -121,45 +132,44 @@ PC:  0x0000000000400004	SP:  0x0000007fedb9be40	PS:  0x0000000000000000
 Someone asked about xmm registers. If you pass `-x` it will dump out quite a bit of info.
 
 ```
-> inc rax
 GP Regs:
-rax: 0x0000000000000001 rbx: 0x0000000000000000 rcx: 0x0000000000000000 rdx: 0x0000000000000000
-rsi: 0x0000000000000000 rdi: 0x0000000000000000 r8 : 0x0000000000000000 r9 : 0x0000000000000000
-r10: 0x0000000000000000 r11: 0x0000000000000000 r12: 0x0000000000000000 r13: 0x0000000000000000
-r14: 0x0000000000000000 r15: 0x0000000000000000
-cs: 0x0000000000000033  ss: 0x000000000000002b  ds: 0x0000000000000000
-es: 0x0000000000000000  fs: 0x0000000000000000  gs: 0x0000000000000000
-rip: 0x0000000000400004 rsp: 0x00007fffffffee80 rbp: 0x0000000000000000
-flags: 0x0000000000000202 [cf:0, zf:0, of:0, sf:0, pf:0, af:0]
+rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
+rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
+rip=0000000000400001 rsp=00007ffca03d9370 rbp=0000000000000000
+ r8=0000000000000000  r9=0000000000000000 r10=0000000000000000
+r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
+r14=0000000000000000 r15=0000000000000000
+[cf:0, zf:0, of:0, sf:0, pf:0, af:0, df:0]
+cs=0033  ss=002b  ds=0000  es=0000  fs=0000  gs=0000            efl=00000202
 FP Regs:
-rip: 0x0000000000000000 rdp: 0x0000000000000000 mxcsr: 0x00001f80       mxcsr_mask:0x00000000
-cwd: 0x037f     swd: 0x0000     ftw: 0x0000     fop: 0x0000
+rip: 0000000000000000   rdp: 0000000000000000   mxcsr: 00001f80 mxcsr_mask:0000ffff
+cwd: 037f       swd: 0000       ftw: 0000       fop: 0000
 st_space:
-0x00:   0x00000000      0x00000000      0x00000000      0x00000000
-0x10:   0x00000000      0x00000000      0x00000000      0x00000000
-0x20:   0x00000000      0x00000000      0x00000000      0x00000000
-0x30:   0x00000000      0x00000000      0x00000000      0x00000000
-0x40:   0x00000000      0x00000000      0x00000000      0x00000000
-0x50:   0x00000000      0x00000000      0x00000000      0x00000000
-0x60:   0x00000000      0x00000000      0x00000000      0x00000000
-0x70:   0x00000000      0x00000000      0x00000000      0x00000000
+0x00:   00000000        00000000        00000000        00000000
+0x10:   00000000        00000000        00000000        00000000
+0x20:   00000000        00000000        00000000        00000000
+0x30:   00000000        00000000        00000000        00000000
+0x40:   00000000        00000000        00000000        00000000
+0x50:   00000000        00000000        00000000        00000000
+0x60:   00000000        00000000        00000000        00000000
+0x70:   00000000        00000000        00000000        00000000
 xmm_space:
-0x00:   0x00000000      0x00000000      0x00000000      0x00000000
-0x10:   0x00000000      0x00000000      0x00000000      0x00000000
-0x20:   0x00000000      0x00000000      0x00000000      0x00000000
-0x30:   0x00000000      0x00000000      0x00000000      0x00000000
-0x40:   0x00000000      0x00000000      0x00000000      0x00000000
-0x50:   0x00000000      0x00000000      0x00000000      0x00000000
-0x60:   0x00000000      0x00000000      0x00000000      0x00000000
-0x70:   0x00000000      0x00000000      0x00000000      0x00000000
-0x80:   0x00000000      0x00000000      0x00000000      0x00000000
-0x90:   0x00000000      0x00000000      0x00000000      0x00000000
-0xa0:   0x00000000      0x00000000      0x00000000      0x00000000
-0xb0:   0x00000000      0x00000000      0x00000000      0x00000000
-0xc0:   0x00000000      0x00000000      0x00000000      0x00000000
-0xd0:   0x00000000      0x00000000      0x00000000      0x00000000
-0xe0:   0x00000000      0x00000000      0x00000000      0x00000000
-0xf0:   0x00000000      0x00000000      0x00000000      0x00000000
+0x00:   00000000        00000000        00000000        00000000
+0x10:   00000000        00000000        00000000        00000000
+0x20:   00000000        00000000        00000000        00000000
+0x30:   00000000        00000000        00000000        00000000
+0x40:   00000000        00000000        00000000        00000000
+0x50:   00000000        00000000        00000000        00000000
+0x60:   00000000        00000000        00000000        00000000
+0x70:   00000000        00000000        00000000        00000000
+0x80:   00000000        00000000        00000000        00000000
+0x90:   00000000        00000000        00000000        00000000
+0xa0:   00000000        00000000        00000000        00000000
+0xb0:   00000000        00000000        00000000        00000000
+0xc0:   00000000        00000000        00000000        00000000
+0xd0:   00000000        00000000        00000000        00000000
+0xe0:   00000000        00000000        00000000        00000000
+0xf0:   00000000        00000000        00000000        00000000
 ```
 
 There are some other regsets the kernel exports via ptrace(), but they're dependent on kernel version, and didn't want to try to detect and adjust at runtime. If you want them, you should just need to add the storage in `proc_info_t`, edit `ptrace_collect_regs_<arch>()`, then add the display in the relevant `display` function.

diff --git a/arch/amd64/display_amd64.c b/arch/amd64/display_amd64.c
@@ -19,39 +19,28 @@ void display_amd64(
 
 	if (options.allregs) printf("GP Regs:\n");
 
-	PRINTREG64("rax: ", rax, regs, old_regs, "\t");
-	PRINTREG64("rbx: ", rbx, regs, old_regs, "\t");
-	PRINTREG64("rcx: ", rcx, regs, old_regs, "\t");
-	PRINTREG64("rdx: ", rdx, regs, old_regs, "\n");
+	PRINTREG64("rax=", rax, regs, old_regs, " ");
+	PRINTREG64("rbx=", rbx, regs, old_regs, " ");
+	PRINTREG64("rcx=", rcx, regs, old_regs, "\n");
 
-	PRINTREG64("rsi: ", rsi, regs, old_regs, "\t");
-	PRINTREG64("rdi: ", rdi, regs, old_regs, "\t");
-	PRINTREG64("r8 : ", r8 , regs, old_regs, "\t");
-	PRINTREG64("r9 : ", r9 , regs, old_regs, "\n");
+	PRINTREG64("rdx=", rdx, regs, old_regs, " ");
+	PRINTREG64("rsi=", rsi, regs, old_regs, " ");
+	PRINTREG64("rdi=", rdi, regs, old_regs, "\n");
 
-	PRINTREG64("r10: ", r10, regs, old_regs, "\t");
-	PRINTREG64("r11: ", r11, regs, old_regs, "\t");
-	PRINTREG64("r12: ", r12, regs, old_regs, "\t");
-	PRINTREG64("r13: ", r13, regs, old_regs, "\n");
+	PRINTREG64("rip=", rip, regs, old_regs, " ");
+	PRINTREG64("rsp=", rsp, regs, old_regs, " ");
+	PRINTREG64("rbp=", rbp, regs, old_regs, "\n");
 
-	PRINTREG64("r14: ", r14, regs, old_regs, "\t");
-	PRINTREG64("r15: ", r15, regs, old_regs, "\n");
+	PRINTREG64(" r8=", r8 , regs, old_regs, " ");
+	PRINTREG64(" r9=", r9 , regs, old_regs, " ");
+	PRINTREG64("r10=", r10, regs, old_regs, "\n");
 
-	if (options.allregs) {
-		PRINTREG64("cs : ", cs, regs, old_regs, "\t");
-		PRINTREG64("ss : ", ss, regs, old_regs, "\t");
-		PRINTREG64("ds : ",ds, regs, old_regs, "\n");
-
-		PRINTREG64("es : ", es, regs, old_regs, "\t");
-		PRINTREG64("fs : ", fs, regs, old_regs, "\t");
-		PRINTREG64("gs : ", gs, regs, old_regs, "\n");
-	}
+	PRINTREG64("r11=", r11, regs, old_regs, " ");
+	PRINTREG64("r12=", r12, regs, old_regs, " ");
+	PRINTREG64("r13=", r13, regs, old_regs, "\n");
 
-	PRINTREG64("rip: ", rip, regs, old_regs, "\t");
-	PRINTREG64("rsp: ", rsp, regs, old_regs, "\t");
-	PRINTREG64("rbp: ", rbp, regs, old_regs, "\n");
-
-	PRINTREG64("flags: ", eflags, regs, old_regs, " ");
+	PRINTREG64("r14=", r14, regs, old_regs, " ");
+	PRINTREG64("r15=", r15, regs, old_regs, "\n");
 
 	const uint8_t of = (regs->eflags & 0x800) >> 11;
 	const uint8_t old_of = (old_regs->eflags & 0x800) >> 11;
@@ -84,6 +73,15 @@ void display_amd64(
 	PRINTBIT("df:", df, old_df, "");
 	printf("]\n");
 
+	PRINTREG16("cs=", cs, regs, old_regs, "  ");
+	PRINTREG16("ss=", ss, regs, old_regs, "  ");
+	PRINTREG16("ds=", ds, regs, old_regs, "  ");
+
+	PRINTREG16("es=", es, regs, old_regs, "  ");
+	PRINTREG16("fs=", fs, regs, old_regs, "  ");
+	PRINTREG16("gs=", gs, regs, old_regs, "            ");
+	PRINTREG32("efl=", eflags, regs, old_regs, "\n");
+
 	if (options.allregs) {
 		printf("FP Regs:\n");
 		PRINTREG64("rip: ", rip, fpregs, old_fpregs, "\t");

diff --git a/arch/x86/display_x86.c b/arch/x86/display_x86.c
@@ -21,29 +21,16 @@ void display_x86(
 
 	if (options.allregs) printf("GP Regs:\n");
 
-	PRINTREG32("eax: ", eax, regs, old_regs, "\t");
-	PRINTREG32("ebx: ", ebx, regs, old_regs, "\t");
-	PRINTREG32("ecx: ", ecx, regs, old_regs, "\t");
-	PRINTREG32("edx: ", edx, regs, old_regs, "\n");
+	PRINTREG32("eax=", eax, regs, old_regs, " ");
+	PRINTREG32("ebx=", ebx, regs, old_regs, " ");
+	PRINTREG32("ecx=", ecx, regs, old_regs, " ");
+	PRINTREG32("edx=", edx, regs, old_regs, " ");
+	PRINTREG32("esi=", esi, regs, old_regs, " ");
+	PRINTREG32("edi=", edi, regs, old_regs, "\n");
 
-	PRINTREG32("esi: ", esi, regs, old_regs, "\t");
-	PRINTREG32("edi: ", edi, regs, old_regs, "\n");
-
-	PRINTREG32("eip: ", eip, regs, old_regs, "\t");
-	PRINTREG32("esp: ", esp, regs, old_regs, "\t");
-	PRINTREG32("ebp: ", ebp, regs, old_regs, "\n");
-
-	if (options.allregs) {
-		PRINTREG32("cs : ", xcs, regs, old_regs, "\t");
-		PRINTREG32("ss : ", xss, regs, old_regs, "\t");
-		PRINTREG32("ds : ", xds, regs, old_regs, "\n");
-
-		PRINTREG32("es : ", xss, regs, old_regs, "\t");
-		PRINTREG32("fs : ", xfs, regs, old_regs, "\t");
-		PRINTREG32("gs : ", xgs, regs, old_regs, "\n");
-	}
-
-    PRINTREG32("flags: ", eflags, regs, old_regs, " ");
+	PRINTREG32("eip=", eip, regs, old_regs, " ");
+	PRINTREG32("esp=", esp, regs, old_regs, " ");
+	PRINTREG32("ebp=", ebp, regs, old_regs, " ");
 
 	const uint8_t of = (regs->eflags & 0x800) >> 11;
 	const uint8_t old_of = (old_regs->eflags & 0x800) >> 11;
@@ -76,6 +63,16 @@ void display_x86(
 	PRINTBIT("df:", df, old_df, "");
 	printf("]\n");
 
+	PRINTREG16("cs=", xcs, regs, old_regs, "  ");
+	PRINTREG16("ss=", xss, regs, old_regs, "  ");
+	PRINTREG16("ds=", xds, regs, old_regs, "  ");
+
+	PRINTREG16("es=", xss, regs, old_regs, "  ");
+	PRINTREG16("fs=", xfs, regs, old_regs, "  ");
+	PRINTREG16("gs=", xgs, regs, old_regs, "            ");
+
+	PRINTREG32("efl=", eflags, regs, old_regs, "\n");
+
 
 	if (options.allregs) {
 		printf("FP Regs:\n");

diff --git a/include/common.h b/include/common.h
@@ -24,10 +24,10 @@ struct options_t {
 	char rappel_dir[PATH_MAX];
 };
 
-#define REGFMT64 "0x%016" PRIx64
-#define REGFMT32 "0x%08"  PRIx32
-#define REGFMT16 "0x%04"  PRIx16
-#define REGFMT8  "0x%02"  PRIx8
+#define REGFMT64 "%016" PRIx64
+#define REGFMT32 "%08"  PRIx32
+#define REGFMT16 "%04"  PRIx16
+#define REGFMT8  "%02"  PRIx8
 
 void mem_assign(
 		uint8_t *,