package ghidra.file.formats.dump.pagedump;

import com.sun.jna.platform.win32.WinUser;
import ghidra.app.util.Option;
import ghidra.app.util.OptionUtils;
import ghidra.app.util.bin.StructConverter;
import ghidra.app.util.bin.format.pdb2.pdbreader.AbstractPdb;
import ghidra.app.util.bin.format.pdb2.pdbreader.PdbException;
import ghidra.app.util.bin.format.pdb2.pdbreader.PdbParser;
import ghidra.app.util.bin.format.pdb2.pdbreader.PdbReaderOptions;
import ghidra.app.util.importer.MessageLog;
import ghidra.app.util.opinion.PeLoader;
import ghidra.app.util.pdb.pdbapplicator.DefaultPdbApplicator;
import ghidra.app.util.pdb.pdbapplicator.PdbApplicatorControl;
import ghidra.app.util.pdb.pdbapplicator.PdbApplicatorOptions;
import ghidra.file.formats.dump.DumpData;
import ghidra.file.formats.dump.DumpFile;
import ghidra.file.formats.dump.DumpFileReader;
import ghidra.file.formats.dump.cmd.ModuleToPeHelper;
import ghidra.framework.store.local.UnknownFolderItem;
import ghidra.pcode.emu.SparseAddressRangeMap;
import ghidra.program.model.data.ArrayDataType;
import ghidra.program.model.data.CategoryPath;
import ghidra.program.model.data.DataType;
import ghidra.program.model.data.ProgramBasedDataTypeManager;
import ghidra.program.model.data.StructureDataType;
import ghidra.program.model.data.TerminatedUnicodeDataType;
import ghidra.util.Msg;
import ghidra.util.exception.CancelledException;
import ghidra.util.exception.DuplicateNameException;
import ghidra.util.task.TaskMonitor;
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.compress.archivers.tar.TarConstants;

/* loaded from: input_file:ghidra/file/formats/dump/pagedump/Pagedump.class */
public class Pagedump extends DumpFile {
    public static final String DEBUG_DATA_PATH_OPTION_NAME = "Debug Data Path (e.g. /path/to/ntoskrnl.pdb)";
    public static final String DEBUG_DATA_PATH_OPTION_DEFAULT = "";
    public static long ETHREAD_PID_OFFSET;
    public static long ETHREAD_TID_OFFSET;
    public static final int OFFSET_HEADER = 0;
    public static final int OFFSET_TRIAGE = 4096;
    public static final int DUMP_TYPE_UNKNOWN = 0;
    public static final int DUMP_TYPE_FULL = 1;
    public static final int DUMP_TYPE_SUMMARY = 2;
    public static final int DUMP_TYPE_HEADER = 3;
    public static final int DUMP_TYPE_TRIAGE = 4;
    public static final int DUMP_TYPE_BITMAP_FULL = 5;
    public static final int DUMP_TYPE_BITMAP_KERNEL = 6;
    public static final int DUMP_TYPE_AUTOMATIC = 7;
    public static final int SIGNATURE = 1162297680;
    public static final int SIG_FULL = 1347241030;
    public static final int SIG_SUMMARY = 1347241043;
    public static final int SIG_VALID1 = 1347245124;
    public static final int SIG_VALID2 = 1347245124;
    public static final int PAGE_SIZE = 4096;
    public static final int MACHINE_TYPE_OFFSET32 = 32;
    public static final int MACHINE_TYPE_OFFSET64 = 48;
    public static final int TRIAGE_DUMP_CONTEXT = 1;
    public static final int TRIAGE_DUMP_EXCEPTION = 2;
    public static final int TRIAGE_DUMP_PRCB = 4;
    public static final int TRIAGE_DUMP_PROCESS = 8;
    public static final int TRIAGE_DUMP_THREAD = 16;
    public static final int TRIAGE_DUMP_STACK = 32;
    public static final int TRIAGE_DUMP_DRIVER_LIST = 64;
    public static final int TRIAGE_DUMP_BROKEN_DRIVER = 128;
    public static final int TRIAGE_DUMP_BASIC_INFO = 255;
    public static final int TRIAGE_DUMP_MMINFO = 256;
    public static final int TRIAGE_DUMP_DATAPAGE = 512;
    public static final int TRIAGE_DUMP_DEBUGGER_DATA = 1024;
    public static final int TRIAGE_DUMP_DATA_BLOCKS = 2048;
    PagedumpFileHeader header;
    TriageDump triage;
    SummaryHeader summary;
    FullDumpHeader full;
    private CategoryPath categoryPath;
    private List<String> addins;
    private int base;
    private long pfnDB;
    Map<Integer, Long> pfnToVA;
    Map<Long, Long> VA2fileOffset;
    protected long cr3;
    private boolean createBlocks;
    private boolean is32Bit;
    private boolean isPAE;

    public Pagedump(DumpFileReader dumpFileReader, ProgramBasedDataTypeManager programBasedDataTypeManager, List<Option> list, TaskMonitor taskMonitor) throws IOException {
        super(dumpFileReader, programBasedDataTypeManager, list, taskMonitor);
        this.categoryPath = new CategoryPath("/ntkrnlmp.pdb");
        this.addins = new ArrayList();
        this.pfnToVA = new HashMap();
        this.VA2fileOffset = new HashMap();
        this.createBlocks = true;
        this.is32Bit = false;
        this.isPAE = false;
        this.addins.add("ntoskrnl");
        this.addins.add("ntkrnlmp");
        this.program.setExecutableFormat(PeLoader.PE_NAME);
        initManagerList(this.addins);
        this.createBlocks = OptionUtils.getBooleanOptionValue(DumpFile.CREATE_MEMORY_BLOCKS_OPTION_NAME, list, true);
        String str = (String) OptionUtils.getOption(DEBUG_DATA_PATH_OPTION_NAME, list, "");
        if (!str.equals("")) {
            loadKernelPDB(str, taskMonitor);
        }
        this.header = new PagedumpFileHeader(dumpFileReader, 0L, this);
        this.cr3 = this.header.getDirectoryTableBase();
        this.is32Bit = this.header.is32Bit();
        this.isPAE = this.header.getPaeEnabled() != 0;
        long length = this.header.toDataType().getLength();
        addInteriorAddressObject("DumpHeader", 0L, 0L, length);
        this.data.add(new DumpData(0L, this.header.toDataType()));
        PhysicalMemoryDescriptor physicalMemoryBlockBuffer = this.header.getPhysicalMemoryBlockBuffer();
        if (physicalMemoryBlockBuffer != null) {
            loadPhysicalMemoryRuns(physicalMemoryBlockBuffer);
        }
        switch (this.header.getDumpType()) {
            case 1:
            case 5:
            case 6:
                long j = length;
                switch (dumpFileReader.readInt(length)) {
                    case SIG_FULL /* 1347241030 */:
                    case SIG_SUMMARY /* 1347241043 */:
                        this.full = new FullDumpHeader(dumpFileReader, length);
                        this.data.add(new DumpData(length, this.full.toDataType()));
                        this.data.add(new DumpData(this.full.getHeaderSize(), "Physical_Memory", 0));
                        j = (int) this.full.getHeaderSize();
                        addInteriorAddressObject("DumpHeader", length, length, j - length);
                        if (this.createBlocks) {
                            mapPages(taskMonitor);
                        }
                        walkPsLoadedModules();
                        break;
                    case 1347245124:
                        dumpFileReader.readNextInt();
                        break;
                }
                addInteriorAddressObject(UnknownFolderItem.UNKNOWN_CONTENT_TYPE, j, j, dumpFileReader.length() - j);
                return;
            case 2:
            case 3:
            default:
                return;
            case 4:
                this.triage = new TriageDump(dumpFileReader, length);
                this.data.add(new DumpData(length, this.triage.toDataType()));
                addInteriorAddressObject("DumpHeader", length, length, this.triage.getSizeOfDump());
                long sizeOfDump = length + this.triage.getSizeOfDump();
                addInteriorAddressObject(UnknownFolderItem.UNKNOWN_CONTENT_TYPE, sizeOfDump, sizeOfDump, dumpFileReader.length() - sizeOfDump);
                buildKernelStructures();
                return;
        }
    }

    private void loadKernelPDB(String str, TaskMonitor taskMonitor) {
        Iterator<String> it = this.addins.iterator();
        while (it.hasNext()) {
            if (this.managerList.containsKey(it.next())) {
                return;
            }
        }
        File file = new File(str);
        if (file.exists()) {
            PdbReaderOptions pdbReaderOptions = new PdbReaderOptions();
            PdbApplicatorOptions pdbApplicatorOptions = new PdbApplicatorOptions();
            pdbApplicatorOptions.setProcessingControl(PdbApplicatorControl.DATA_TYPES_ONLY);
            try {
                AbstractPdb parse = PdbParser.parse(file, pdbReaderOptions, taskMonitor);
                try {
                    taskMonitor.setMessage("PDB: Parsing " + String.valueOf(file) + "...");
                    parse.deserialize();
                    new DefaultPdbApplicator(parse, this.program, this.program.getDataTypeManager(), this.program.getImageBase(), pdbApplicatorOptions, taskMonitor, (MessageLog) null).applyNoAnalysisState();
                    if (parse != null) {
                        parse.close();
                    }
                } finally {
                }
            } catch (PdbException | CancelledException | IOException e) {
                Msg.error(this, e.getMessage());
            }
        }
    }

    private void loadPhysicalMemoryRuns(PhysicalMemoryDescriptor physicalMemoryDescriptor) throws IOException {
        int i = 1;
        for (PhysicalMemoryRun physicalMemoryRun : physicalMemoryDescriptor.getRuns()) {
            long pageCount = physicalMemoryRun.getPageCount() * 4096;
            boolean z = pageCount + ((long) (i * 4096)) > this.reader.length();
            this.data.add(new DumpData(i * 4096, new ArrayDataType(StructConverter.BYTE, (int) (z ? this.reader.length() - (i * 4096) : pageCount), 1)));
            i = (int) (i + physicalMemoryRun.getPageCount());
            if (z) {
                return;
            }
        }
    }

    private void buildKernelStructures() throws IOException {
        DataType typeFromArchive;
        if ((this.header.getMiniDumpFields() & 256) > 0) {
            long mmOffset = this.triage.getMmOffset();
            this.reader.setPointerIndex(mmOffset);
            this.data.add(new DumpData(mmOffset, new TriageStorage(this.reader, this.reader.getPointerIndex()).toDataType()));
        }
        if ((this.header.getMiniDumpFields() & 4) > 0) {
            addDumpData(this.triage.getPrcbOffset(), "_KPRCB", this.categoryPath);
        }
        if ((this.header.getMiniDumpFields() & 8) > 0) {
            addDumpData(this.triage.getProcessOffset(), "_EPROCESS", this.categoryPath);
        }
        if ((this.header.getMiniDumpFields() & 16) > 0) {
            addDumpData(this.triage.getThreadOffset(), "_ETHREAD", this.categoryPath);
        }
        if ((this.header.getMiniDumpFields() & 32) > 0) {
            int pointerSize = this.reader.getPointerSize();
            this.data.add(new DumpData(this.triage.getCallStackOffset(), new ArrayDataType(pointerSize == 4 ? StructConverter.DWORD : StructConverter.QWORD, this.triage.getCallStackSize() / pointerSize, pointerSize), "CALL_STACK"));
        }
        if ((this.header.getMiniDumpFields() & 64) > 0) {
            long driverListOffset = this.triage.getDriverListOffset();
            this.reader.setPointerIndex(driverListOffset);
            if (this.triage.getDriverCount() > 0) {
                DataType dataType = null;
                for (int i = 0; i < this.triage.getDriverCount(); i++) {
                    LoadedDriver loadedDriver = new LoadedDriver(this.reader, this.reader.getPointerIndex());
                    dataType = loadedDriver.toDataType();
                    String readUnicodeString = this.reader.readUnicodeString(loadedDriver.getNameOffset() + 4);
                    addModule(readUnicodeString, loadedDriver.getDllBase(), i, loadedDriver.getSizeOfImage());
                    addExteriorAddressObject(readUnicodeString, 0L, loadedDriver.getDllBase(), loadedDriver.getSizeOfImage());
                }
                this.data.add(new DumpData(driverListOffset, new ArrayDataType(dataType, this.triage.getDriverCount(), dataType.getLength()), "LOADED_DRIVERS"));
            } else {
                this.data.add(new DumpData(driverListOffset, "LOADED_DRIVERS", 0));
            }
        }
        if ((this.header.getMiniDumpFields() & 128) > 0) {
            long unloadedDriversOffset = this.triage.getUnloadedDriversOffset();
            this.reader.setPointerIndex(unloadedDriversOffset);
            long readNextLong = this.reader.readNextLong();
            StructureDataType structureDataType = new StructureDataType("UNLOADED_DRIVERS", 0);
            structureDataType.add(StructConverter.QWORD, 8, "NumberOfUnloadedDrivers", null);
            if (readNextLong > 0) {
                DataType dataType2 = null;
                for (int i2 = 0; i2 < readNextLong; i2++) {
                    UnloadedDriver unloadedDriver = new UnloadedDriver(this.reader, this.reader.getPointerIndex());
                    dataType2 = unloadedDriver.toDataType();
                    if (unloadedDriver.getStartAddress() != 0) {
                        addExteriorAddressObject(unloadedDriver.getName(), 0L, unloadedDriver.getStartAddress(), unloadedDriver.getSize());
                    }
                }
                structureDataType.add(new ArrayDataType(dataType2, (int) readNextLong, dataType2.getLength()), dataType2.getLength() * ((int) readNextLong), "UnloadedDrivers", null);
            }
            this.data.add(new DumpData(unloadedDriversOffset, structureDataType));
        }
        long stringPoolOffset = this.triage.getStringPoolOffset();
        long stringPoolSize = stringPoolOffset + this.triage.getStringPoolSize();
        this.data.add(new DumpData(stringPoolOffset, "STRING_POOL", this.triage.getStringPoolSize()));
        while (stringPoolOffset < stringPoolSize) {
            int readInt = this.reader.readInt(stringPoolOffset);
            this.data.add(new DumpData(stringPoolOffset, StructConverter.DWORD, "", false, false));
            if (readInt == 0 || readInt == -1) {
                break;
            }
            long j = stringPoolOffset + 4;
            DumpData dumpData = new DumpData(j, new TerminatedUnicodeDataType(), "", false, false);
            dumpData.setSize((readInt * 2) + 2);
            this.data.add(dumpData);
            stringPoolOffset = (((j + dumpData.getSize()) + 7) / 8) * 8;
        }
        if ((this.header.getMiniDumpFields() & 1024) > 0) {
            long debuggerDataOffset = this.triage.getDebuggerDataOffset();
            this.reader.setPointerIndex(debuggerDataOffset);
            this.data.add(new DumpData(debuggerDataOffset, new KdDebuggerData(this.reader, this.reader.getPointerIndex()).toDataType()));
        }
        if (this.createBlocks && (this.header.getMiniDumpFields() & 2048) > 0) {
            long dataBlocksOffset = this.triage.getDataBlocksOffset();
            this.reader.setPointerIndex(dataBlocksOffset);
            DataType dataType3 = null;
            for (int i3 = 0; i3 < this.triage.getDataBlocksCount(); i3++) {
                TriageDataBlock triageDataBlock = new TriageDataBlock(this.reader, this.reader.getPointerIndex());
                addInteriorAddressObject("Memory", triageDataBlock.getOffset(), triageDataBlock.getAddress(), triageDataBlock.getSize());
                this.VA2fileOffset.put(Long.valueOf(triageDataBlock.getAddress()), Long.valueOf(triageDataBlock.getOffset()));
                dataType3 = triageDataBlock.toDataType();
            }
            if (dataType3 != null && this.triage.getDataBlocksCount() > 0) {
                this.data.add(new DumpData(dataBlocksOffset, new ArrayDataType(dataType3, this.triage.getDataBlocksCount(), dataType3.getLength()), "DATA_BLOCKS"));
            }
        }
        if ((this.header.getMiniDumpFields() & 1) <= 0 || this.header.getContextOffset() <= 0 || (typeFromArchive = getTypeFromArchive(new CategoryPath("/winnt.h"), "CONTEXT")) == null) {
            return;
        }
        setProgramContext(this.header.getContextOffset(), typeFromArchive, "(active)");
    }

    private void walkPsLoadedModules() {
        try {
            long readPointer = this.reader.readPointer(virtualToRva(this.header.getPsLoadedModuleList()));
            this.reader.setPointerIndex(virtualToRva(readPointer));
            ArrayList arrayList = new ArrayList();
            while (true) {
                KldrDataTableEntry kldrDataTableEntry = new KldrDataTableEntry(this.reader, this.reader.getPointerIndex());
                this.data.add(new DumpData(readPointer, kldrDataTableEntry.toDataType()));
                long fullDllName = kldrDataTableEntry.getFullDllName();
                if (fullDllName != 0) {
                    addExteriorAddressObject(this.reader.readUnicodeString(virtualToRva(fullDllName)), 0L, kldrDataTableEntry.getDllBase(), kldrDataTableEntry.getSizeOfImage());
                }
                readPointer = kldrDataTableEntry.getList_Flink();
                if (arrayList.contains(Long.valueOf(readPointer))) {
                    return;
                }
                arrayList.add(Long.valueOf(readPointer));
                this.reader.setPointerIndex(virtualToRva(readPointer));
            }
        } catch (DuplicateNameException e) {
            Msg.error(this, "Duplicate name");
        } catch (IOException e2) {
            Msg.error(this, e2.getMessage());
        }
    }

    private void mapPages(TaskMonitor taskMonitor) throws IOException {
        this.base = (int) this.full.getHeaderSize();
        walkPfnDB();
        taskMonitor.setMessage("Adding pages");
        taskMonitor.initialize(this.pfnToVA.keySet().size());
        int i = 0;
        for (Integer num : this.pfnToVA.keySet()) {
            if (this.full.PFN2RVA(num) == null) {
                Msg.error(this, "no rva for " + Long.toHexString(num.intValue()));
            } else {
                addInteriorAddressObject("Memory", fileOffset(num.intValue()), this.pfnToVA.get(num).longValue(), 4096L);
                int i2 = i;
                i++;
                taskMonitor.setProgress(i2);
            }
        }
        taskMonitor.setMessage("Pages added");
    }

    public PagedumpFileHeader getFileHeader() {
        return this.header;
    }

    public TriageDump getTriageDump() {
        return this.triage;
    }

    public boolean usesPreloadedLists() {
        return this.header.getDumpType() != 1;
    }

    public static String getMachineType(DumpFileReader dumpFileReader) throws IOException {
        return Integer.toHexString(new PagedumpFileHeader(dumpFileReader, 0L).getMachineImageType());
    }

    @Override // ghidra.file.formats.dump.DumpFile
    public void analyze(TaskMonitor taskMonitor) {
        if (OptionUtils.getBooleanOptionValue(DumpFile.ANALYZE_EMBEDDED_OBJECTS_OPTION_NAME, this.options, ANALYZE_EMBEDDED_OBJECTS_OPTION_DEFAULT)) {
            ModuleToPeHelper.queryModules(this.program, taskMonitor);
        }
    }

    private long valueAt(long j) {
        try {
            return this.reader.readLong(j);
        } catch (IOException e) {
            Msg.error(this, e.getMessage());
            return -1L;
        }
    }

    private void walkPfnDB() throws IOException {
        this.pfnDB = this.header.getPfnTableBase();
        for (Integer num : this.full.pfnKeySet()) {
            long virtualToRva = virtualToRva(this.pfnDB + (num.intValue() * 48));
            if (virtualToRva >= 0) {
                this.pfnToVA.put(num, Long.valueOf((new MmPfn(this.reader, virtualToRva).getPteAddress() << 9) | (-281474976710656L)));
            }
        }
    }

    private long virtualToRva(long j) {
        if (this.triage != null) {
            return this.VA2fileOffset.get(Long.valueOf(j)).longValue();
        }
        int i = (int) (this.cr3 >> 12);
        int i2 = (!this.is32Bit || this.isPAE) ? 12 + 9 : 12 + 10;
        int i3 = ((!this.is32Bit || this.isPAE) ? i2 + 9 : i2 + 10) + 9;
        int i4 = (!this.is32Bit || this.isPAE) ? 511 : WinUser.CF_GDIOBJLAST;
        long j2 = j & SparseAddressRangeMap.OFF_MASK;
        long j3 = (j >> i3) & i4;
        int i5 = (int) (((j >> 12) & i4) * 8);
        long valueAt = valueAt(fileOffset(valueToPfn(valueAt(fileOffset(valueToPfn(valueAt(fileOffset(i) + ((int) (j3 * 8))))) + ((int) (((j >> r12) & i4) * 8))))) + ((int) (((j >> i2) & i4) * 8)));
        int valueToPfn = valueToPfn(valueAt);
        int valueToFlags = valueToFlags(valueAt);
        long fileOffset = fileOffset(valueToPfn);
        return isLargePage(valueToFlags) ? fileOffset + (j & TarConstants.MAXID) : fileOffset(valueToPfn(valueAt(fileOffset + i5))) + j2;
    }

    private long fileOffset(int i) {
        if (this.full.PFN2RVA(Integer.valueOf(i)) == null) {
            return -1L;
        }
        return (r0.intValue() * 4096) + this.base;
    }

    private int valueToPfn(long j) {
        return (int) ((j >> 12) & (-1));
    }

    private int valueToFlags(long j) {
        return (int) (j & SparseAddressRangeMap.OFF_MASK);
    }

    private boolean isLargePage(int i) {
        return (i & 128) > 0;
    }

    public static Collection<? extends Option> getDefaultOptions(DumpFileReader dumpFileReader) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new Option(DEBUG_DATA_PATH_OPTION_NAME, "", String.class, "-loader-debugDataFilePath"));
        arrayList.addAll(DumpFile.getDefaultOptions(dumpFileReader));
        return arrayList;
    }
}
