cleanups + tests

0vercl0k · 0vercl0k · commit 67667cb0d1dd · 2025-08-24T13:27:55.000-07:00
diff --git a/src/gxa.rs b/src/gxa.rs
@@ -19,7 +19,7 @@ use std::ops::AddAssign;
 use std::str::FromStr;
 
 use crate::pxe::Pfn;
-use crate::structs::Page;
+use crate::structs::PageKind;
 
 /// A bunch of useful methods to manipulate 64-bit addresses of
 /// any kind.
@@ -47,7 +47,7 @@ pub trait Gxa: Sized + Default + Copy + From<u64> {
         Self::from(
             self.page_align()
                 .u64()
-                .checked_add(Page::size())
+                .checked_add(PageKind::Normal.size())
                 .expect("Cannot overflow"),
         )
     }
diff --git a/src/lib.rs b/src/lib.rs
@@ -12,6 +12,6 @@ pub use bits::Bits;
 pub use error::{AddrTranslationError, KdmpParserError, PxeNotPresent, Result};
 pub use gxa::{Gpa, Gva, Gxa};
 pub use map::{MappedFileReader, Reader};
-pub use parse::KernelDumpParser;
+pub use parse::{KernelDumpParser, TranslationDetails};
 pub use pxe::{Pfn, Pxe, PxeFlags};
-pub use structs::{Context, DumpType, Header64};
+pub use structs::{Context, DumpType, Header64, PageKind};
diff --git a/src/parse.rs b/src/parse.rs
@@ -16,40 +16,12 @@ use crate::gxa::Gxa;
 use crate::map::{MappedFileReader, Reader};
 use crate::structs::{
     BmpHeader64, Context, DUMP_HEADER64_EXPECTED_SIGNATURE, DUMP_HEADER64_EXPECTED_VALID_DUMP,
-    DumpType, ExceptionRecord64, FullRdmpHeader64, Header64, HugePage, KdDebuggerData64,
-    KernelRdmpHeader64, LargePage, LdrDataTableEntry, ListEntry, Page, PfnRange, PhysmemDesc,
-    PhysmemMap, PhysmemRun, UnicodeString, read_struct,
+    DumpType, ExceptionRecord64, FullRdmpHeader64, Header64, KdDebuggerData64, KernelRdmpHeader64,
+    LdrDataTableEntry, ListEntry, PageKind, PfnRange, PhysmemDesc, PhysmemMap, PhysmemRun,
+    UnicodeString, read_struct,
 };
 use crate::{AddrTranslationError, Gpa, Gva, KdmpParserError, Pfn, Pxe};
 
-/// The kind of physical page.
-#[derive(Debug, Clone, Copy, PartialEq, Eq)]
-pub enum PageKind {
-    /// A normal 4kb page.
-    Normal,
-    /// A large 2mb page.
-    Large,
-    /// A huge 1gb page.
-    Huge,
-}
-
-impl PageKind {
-    /// Size in bytes of the page.
-    pub fn size(&self) -> u64 {
-        match self {
-            Self::Normal => Page::size(),
-            Self::Large => LargePage::size(),
-            Self::Huge => HugePage::size(),
-        }
-    }
-
-    pub fn page_offset_of(&self, addr: u64) -> u64 {
-        let mask = self.size() - 1;
-
-        addr & mask
-    }
-}
-
 /// The details related to a virtual to physical address translation.
 #[derive(Debug)]
 pub struct TranslationDetails {
@@ -71,7 +43,7 @@ pub struct TranslationDetails {
 
 impl TranslationDetails {
     pub fn new(pfn: Pfn, offset: u64, page_kind: PageKind, pxes: &[Pxe]) -> Self {
-        let readable = pxes.iter().all(Pxe::readable);
+        let readable = pxes.iter().all(Pxe::present);
         let writable = pxes.iter().all(Pxe::writable);
         let executable = pxes.iter().all(Pxe::executable);
         let user_accessible = pxes.iter().all(Pxe::user_accessible);
@@ -103,7 +75,7 @@ fn gpa_from_bitmap(bitmap_idx: u64, bit_idx: usize) -> Option<Gpa> {
 }
 
 fn gpa_from_pfn_range(pfn_range: &PfnRange, page_idx: u64) -> Option<Gpa> {
-    let offset = page_idx.checked_mul(Page::size())?;
+    let offset = page_idx.checked_mul(PageKind::Normal.size())?;
 
     Some(Pfn::new(pfn_range.page_file_number).gpa_with_offset(offset))
 }
@@ -574,7 +546,7 @@ impl KernelDumpParser {
             // So let's figure out the maximum amount of bytes we can read off this page.
             // Either, we read it until its end, or we stop if the user wants us to read
             // less.
-            let left_in_page = (Page::size() - gpa.offset()) as usize;
+            let left_in_page = (PageKind::Normal.size() - gpa.offset()) as usize;
             let amount_wanted = min(amount_left, left_in_page);
             // Figure out where we should read into.
             let slice = &mut buf[total_read..total_read + amount_wanted];
@@ -653,7 +625,7 @@ impl KernelDumpParser {
         let pd_base = pdpte.pfn.gpa();
         if pdpte.large_page() {
             let page_kind = PageKind::Huge;
-            let offset = page_kind.page_offset_of(gva.u64());
+            let offset = page_kind.page_offset(gva.u64());
             return Ok(TranslationDetails::new(pdpte.pfn, offset, page_kind, &[
                 pml4e, pdpte,
             ]));
@@ -671,7 +643,7 @@ impl KernelDumpParser {
         let pt_base = pde.pfn.gpa();
         if pde.large_page() {
             let page_kind = PageKind::Large;
-            let offset = page_kind.page_offset_of(gva.u64());
+            let offset = page_kind.page_offset(gva.u64());
             return Ok(TranslationDetails::new(
                 pde.pfn,
                 offset,
@@ -691,7 +663,7 @@ impl KernelDumpParser {
         }
 
         let page_kind = PageKind::Normal;
-        let offset = page_kind.page_offset_of(gva.u64());
+        let offset = page_kind.page_offset(gva.u64());
 
         Ok(TranslationDetails::new(pte.pfn, offset, page_kind, &[
             pml4e, pdpte, pde, pte,
@@ -936,7 +908,7 @@ impl KernelDumpParser {
 
                 // Move the page offset along.
                 page_offset = page_offset
-                    .checked_add(Page::size())
+                    .checked_add(PageKind::Normal.size())
                     .ok_or(KdmpParserError::PageOffsetOverflow(run_idx, page_idx))?;
             }
         }
@@ -984,7 +956,7 @@ impl KernelDumpParser {
 
                 let insert = physmem.insert(pa, page_offset);
                 debug_assert!(insert.is_none());
-                page_offset = page_offset.checked_add(Page::size()).ok_or(
+                page_offset = page_offset.checked_add(PageKind::Normal.size()).ok_or(
                     KdmpParserError::BitmapPageOffsetOverflow(bitmap_idx, bit_idx),
                 )?;
             }
@@ -1072,7 +1044,7 @@ impl KernelDumpParser {
                 let insert = physmem.insert(gpa, page_offset);
                 debug_assert!(insert.is_none());
                 page_offset = page_offset
-                    .checked_add(Page::size())
+                    .checked_add(PageKind::Normal.size())
                     .ok_or(KdmpParserError::Overflow("w/ page_offset"))?;
             }
 
diff --git a/src/pxe.rs b/src/pxe.rs
@@ -120,12 +120,12 @@ impl Pxe {
     ///     Pfn::new(0x6d600),
     ///     PxeFlags::Present
     /// );
-    /// assert_eq!(p.present(), true);
+    /// assert!(p.present());
     /// let np = Pxe::new(
     ///     Pfn::new(0x1337),
     ///     PxeFlags::UserAccessible
     /// );
-    /// assert_eq!(np.present(), false);
+    /// assert!(!np.present());
     /// # }
     /// ```
     pub fn present(&self) -> bool {
@@ -143,12 +143,12 @@ impl Pxe {
     ///     Pfn::new(0x6d600),
     ///     PxeFlags::LargePage
     /// );
-    /// assert_eq!(p.large_page(), true);
+    /// assert!(p.large_page());
     /// let np = Pxe::new(
     ///     Pfn::new(0x1337),
     ///     PxeFlags::UserAccessible
     /// );
-    /// assert_eq!(np.large_page(), false);
+    /// assert!(!np.large_page());
     /// # }
     /// ```
     pub fn large_page(&self) -> bool {
@@ -164,26 +164,61 @@ impl Pxe {
     /// # fn main() {
     /// let p = Pxe::from(0x166B7880);
     /// let np = Pxe::from(0xA000000077AF867);
-    /// assert_eq!(p.transition(), true);
-    /// assert_eq!(np.transition(), false);
+    /// assert!(p.transition());
+    /// assert!(!np.transition());
     /// # }
     /// ```
     pub fn transition(&self) -> bool {
         !self.present() && self.flags.contains(PxeFlags::Transition)
     }
 
-    pub fn readable(&self) -> bool {
-        self.present()
-    }
-
+    /// Is the memory described by this [`Pxe`] writable?
+    ///
+    /// # Examples
+    ///
+    /// ```
+    /// # use kdmp_parser::{Pxe, PxeFlags, Pfn};
+    /// # fn main() {
+    /// let w = Pxe::from(0x2709063);
+    /// let ro = Pxe::from(0x8A00000002C001A1);
+    /// assert!(w.writable());
+    /// assert!(!ro.writable());
+    /// # }
+    /// ```
     pub fn writable(&self) -> bool {
         self.flags.contains(PxeFlags::Writable)
     }
 
+    /// Is the memory described by this [`Pxe`] executable?
+    ///
+    /// # Examples
+    ///
+    /// ```
+    /// # use kdmp_parser::{Pxe, PxeFlags, Pfn};
+    /// # fn main() {
+    /// let x = Pxe::from(0x270a063);
+    /// let nx = Pxe::from(0x8A00000002C001A1);
+    /// assert!(x.executable());
+    /// assert!(!nx.executable());
+    /// # }
+    /// ```
     pub fn executable(&self) -> bool {
         !self.flags.contains(PxeFlags::NoExecute)
     }
 
+    /// Is the memory described by this [`Pxe`] accessible by user-mode?
+    ///
+    /// # Examples
+    ///
+    /// ```
+    /// # use kdmp_parser::{Pxe, PxeFlags, Pfn};
+    /// # fn main() {
+    /// let u = Pxe::from(0x8000000F34E5025);
+    /// let s = Pxe::from(0x270A063);
+    /// assert!(u.user_accessible());
+    /// assert!(!s.user_accessible());
+    /// # }
+    /// ```
     pub fn user_accessible(&self) -> bool {
         self.flags.contains(PxeFlags::UserAccessible)
     }
diff --git a/src/structs.rs b/src/structs.rs
@@ -7,32 +7,32 @@ use std::{io, mem, slice};
 use crate::error::Result;
 use crate::{Gpa, KdmpParserError, Reader};
 
-/// A page.
-pub struct Page;
-
-impl Page {
-    /// Get the size of a memory page.
-    pub const fn size() -> u64 {
-        0x1_000
-    }
+/// The different kind of physical pages.
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+pub enum PageKind {
+    /// A normal 4kb page.
+    Normal,
+    /// A large 2mb page.
+    Large,
+    /// A huge 1gb page.
+    Huge,
 }
 
-/// A large page.
-pub struct LargePage;
-
-impl LargePage {
-    /// Get the size of a large memory page.
-    pub const fn size() -> u64 {
-        2 * 1_024 * 1_024
+impl PageKind {
+    /// Size in bytes of the page.
+    pub fn size(&self) -> u64 {
+        match self {
+            Self::Normal => 4 * 1_024,
+            Self::Large => 2 * 1_024 * 1_024,
+            Self::Huge => 1_024 * 1_024 * 1_024,
+        }
     }
-}
 
-pub struct HugePage;
+    /// Extract the page offset of `addr`.
+    pub fn page_offset(&self, addr: u64) -> u64 {
+        let mask = self.size() - 1;
 
-impl HugePage {
-    /// Get the size of a huge memory page.
-    pub const fn size() -> u64 {
-        1_024 * 1_024 * 1_024
+        addr & mask
     }
 }
 
@@ -213,13 +213,13 @@ pub struct PhysmemRun {
 impl PhysmemRun {
     /// Calculate a physical address from a run and an index.
     ///
-    /// The formulae is: (`base_page` + `page_idx`) * `Page::size()`.
+    /// The formulae is: (`base_page` + `page_idx`) * `PageKind::Normal.size()`.
     pub fn phys_addr(&self, page_idx: u64) -> Option<Gpa> {
         debug_assert!(page_idx < self.page_count);
 
         self.base_page
             .checked_add(page_idx)?
-            .checked_mul(Page::size())
+            .checked_mul(PageKind::Normal.size())
             .map(Gpa::new)
     }
 }
diff --git a/tests/regression.rs b/tests/regression.rs
@@ -5,7 +5,7 @@ use std::fs::File;
 use std::ops::Range;
 use std::path::PathBuf;
 
-use kdmp_parser::{AddrTranslationError, Gpa, Gva, KdmpParserError, KernelDumpParser};
+use kdmp_parser::{AddrTranslationError, Gpa, Gva, KdmpParserError, KernelDumpParser, PageKind};
 use serde::Deserialize;
 
 /// Convert an hexadecimal encoded integer string into a `u64`.
@@ -544,4 +544,29 @@ fn regressions() {
         0x00, 0x74, 0x00, 0x69, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x42, 0x00, 0x72, 0x00, 0x6f, 0x00,
         0x6b, 0x00, 0x65, 0x00
     ]);
+
+    // Read from the middle of a large page.
+    // ```text
+    // 32.1: kd> !pte nt
+    //                                            VA fffff80122800000
+    // PXE at FFFFF5FAFD7EBF80    PPE at FFFFF5FAFD7F0020    PDE at FFFFF5FAFE0048A0    PTE at FFFFF5FC00914000
+    // contains 0000000002709063  contains 000000000270A063  contains 8A000000048001A1  contains 0000000000000000
+    // pfn 2709      ---DA--KWEV  pfn 270a      ---DA--KWEV  pfn 4800      -GL-A--KR-V  LARGE PAGE pfn 4800
+    // ```
+    let parser = KernelDumpParser::new(&wow64.file).unwrap();
+    let tr = parser
+        .virt_translate_with_dtb(0xfffff80122800000.into(), 0x5dc6f000.into())
+        .unwrap();
+    assert!(matches!(tr.page_kind, PageKind::Large));
+    assert!(matches!(tr.pfn.u64(), 0x4800));
+    let mut buffer = [0; 0x10];
+    assert!(
+        parser
+            .virt_read_exact(Gva::new(0xfffff80122800000 + 0x100000), &mut buffer)
+            .is_ok()
+    );
+    assert_eq!(buffer, [
+        0x54, 0x3a, 0x65, 0x00, 0xbc, 0x82, 0x0c, 0x00, 0x5c, 0x3a, 0x65, 0x00, 0x86, 0x3b, 0x65,
+        0x00
+    ]);
 }
