ragweed 0.2.3-java → 0.2.4-java

data/lib/ragweed/debuggertux.rb

@@ -2,20 +2,20 @@ require ::File.join(::File.dirname(__FILE__),'wraptux')
 
 module Ragweed; end
 
-## Debugger class for Linux
-## You can use this class in 2 ways:
-##
-## (1) You can create instances of Debuggertux and use them to set and handle
-##     breakpoints.
-##
-## (2) If you want to do more advanced event handling, you can subclass from
-##     debugger and define your own on_whatever events. If you handle an event
-##     that Debuggertux already handles, call "super", too.
+# Debugger class for Linux
+# You can use this class in 2 ways:
+#
+# (1) You can create instances of Debuggertux and use them to set and handle
+#     breakpoints.
+#
+# (2) If you want to do more advanced event handling, you can subclass from
+#     debugger and define your own on_whatever events. If you handle an event
+#     that Debuggertux already handles, call "super", too.
 class Ragweed::Debuggertux
   attr_reader :pid, :status, :exited, :signal
   attr_accessor :breakpoints, :mapped_regions, :process, :use_ptrace_for_search
 
-  ## Class to handle installing/uninstalling breakpoints
+  # Class to handle installing/uninstalling breakpoints
   class Breakpoint
 
     INT3 = 0xCC
@@ -23,10 +23,10 @@ class Ragweed::Debuggertux
     attr_accessor :orig, :bppid, :function, :installed
     attr_reader :addr
 
-    ## ip: insertion point
-    ## callable: lambda to be called when breakpoint is hit
-    ## p: process ID
-    ## name: name of breakpoint
+    # ip: insertion point
+    # callable: lambda to be called when breakpoint is hit
+    # p: process ID
+    # name: name of breakpoint
     def initialize(ip, callable, p, name = "")
 	  @bppid = p
       @function = name
@@ -59,9 +59,9 @@ class Ragweed::Debuggertux
     def call(*args); @callable.call(*args) if @callable != nil; end
   end
 
-  ## init object
-  ## p: pid of process to be debugged
-  ## opts: default options for automatically doing things (attach and install)
+  # init object
+  # p: pid of process to be debugged
+  # opts: default options for automatically doing things (attach and install)
   def initialize(pid, opts) ## Debuggertux Class
     if p.to_i.kind_of? Fixnum
       @pid = pid.to_i
@@ -109,13 +109,13 @@ class Ragweed::Debuggertux
     @installed = false
   end
 
-  ## This has not been fully tested yet
+  # This has not been fully tested yet
   def set_options(option)
     r = Ragweed::Wraptux::ptrace(Ragweed::Wraptux::Ptrace::SETOPTIONS, @pid, 0, option)
   end
 
-  ## Attach calls install_bps so dont forget to call breakpoint_set
-  ## BEFORE attach or explicitly call install_bps
+  # Attach calls install_bps so dont forget to call breakpoint_set
+  # BEFORE attach or explicitly call install_bps
   def attach(opts=@opts)
     r = Ragweed::Wraptux::ptrace(Ragweed::Wraptux::Ptrace::ATTACH, @pid, 0, 0)
     if r != -1
@@ -127,10 +127,10 @@ class Ragweed::Debuggertux
     end
   end
 
-  ## This method returns a hash of mapped regions
-  ## The hash is also stored as @mapped_regions
-  ## key = Start address of region
-  ## value = Size of the region
+  # This method returns a hash of mapped regions
+  # The hash is also stored as @mapped_regions
+  # key = Start address of region
+  # value = Size of the region
   def mapped
     @mapped_regions.clear if @mapped_regions
     File.open("/proc/#{pid}/maps") do |f|
@@ -160,7 +160,7 @@ class Ragweed::Debuggertux
   end
   alias mapping_name get_mapping_name
 
-  ## Return a range via mapping name
+  # Return a range via mapping name
   def get_mapping_by_name(name, exact = true)
     ret = []
     File.open("/proc/#{pid}/maps") do |f|
@@ -180,20 +180,20 @@ class Ragweed::Debuggertux
   end
   alias mapping_by_name get_mapping_by_name
 
-  ## Helper method for retrieving stack range
+  # Helper method for retrieving stack range
   def get_stack_range
     get_mapping_by_name('[stack]')
   end
   alias stack_range get_stack_range
 
-  ## Helper method for retrieving heap range
+  # Helper method for retrieving heap range
   def get_heap_range
     get_mapping_by_name('[heap]')
   end
   alias heap_range get_heap_range
 
-  ## Parse procfs and create a hash containing
-  ## a listing of each mapped shared object
+  # Parse procfs and create a hash containing
+  # a listing of each mapped shared object
   def self.shared_libraries(p)
     raise "pid is 0" if p.to_i == 0
 
@@ -226,8 +226,8 @@ class Ragweed::Debuggertux
     self.class.shared_libraries(@pid)
   end
 
-  ## Search a specific page for a value
-  ## Should be used by most search methods
+  # Search a specific page for a value
+  # Should be used by most search methods
   def search_page(base, max, val, &block)
     loc = []
     if self.use_ptrace_for_search == true
@@ -292,17 +292,17 @@ class Ragweed::Debuggertux
     loc    
   end
 
-  ## Search the heap for a value, returns an array of matches
+  # Search the heap for a value, returns an array of matches
   def search_heap(val, &block)
     search_mem_by_name('heap', &block)
   end
 
-  ## Search the stack for a value, returns an array of matches
+  # Search the stack for a value, returns an array of matches
   def search_stack(val, &block)
     search_mem_by_name('stack', &block)
   end
 
-  ## Search all mapped regions for a value
+  # Search all mapped regions for a value
   def search_process(val, &block)
     loc = []
     self.mapped
@@ -329,10 +329,10 @@ class Ragweed::Debuggertux
     ret = Ragweed::Wraptux::ptrace(Ragweed::Wraptux::Ptrace::STEP, @pid, 1, 0)
   end
 
-  ## Adds a breakpoint to be installed
-  ## ip: Insertion point
-  ## name: name of breakpoint
-  ## callable: object to .call at breakpoint
+  # Adds a breakpoint to be installed
+  # ip: Insertion point
+  # name: name of breakpoint
+  # callable: object to .call at breakpoint
   def breakpoint_set(ip, name="", callable=nil, &block)
     if not callable and block_given?
       callable = block
@@ -342,15 +342,15 @@ class Ragweed::Debuggertux
     @breakpoints[ip] = bp
   end
 
-  ## Remove a breakpoint by ip
+  # Remove a breakpoint by ip
   def breakpoint_clear(ip)
     bp = @breakpoints[ip]
     return nil if bp.nil?
     bp.uninstall
   end
 
-  ## loop for wait()
-  ## times: the number of wait calls to make
+  # loop for wait()
+  # times: the number of wait calls to make
   def loop(times=nil)
     if times.kind_of? Numeric
       times.times do
@@ -369,11 +369,11 @@ class Ragweed::Debuggertux
     ((status) & 0x7f)
   end
 
-  ## This wait must be smart, it has to wait for a signal
-  ## when SIGTRAP is received we need to see if one of our
-  ## breakpoints has fired. If it has then execute the block
-  ## originally stored with it. If its a different signal,
-  ## then process it accordingly and move on
+  # This wait must be smart, it has to wait for a signal
+  # when SIGTRAP is received we need to see if one of our
+  # breakpoints has fired. If it has then execute the block
+  # originally stored with it. If its a different signal,
+  # then process it accordingly and move on
   def wait(opts = 0)
     r, status = Ragweed::Wraptux::waitpid(@pid, opts)
     wstatus = wtermsig(status)
@@ -471,53 +471,67 @@ class Ragweed::Debuggertux
     Ragweed::Wraptux::ptrace(Ragweed::Wraptux::Ptrace::SETREGS, @pid, 0, regs.to_ptr.address)
   end
 
-  ## Here we need to do something about the bp
-  ## we just hit. We have a block to execute.
-  ## Remember if you implement this on your own
-  ## make sure to call super, and also realize
-  ## EIP won't look correct until this runs
+  # Here we need to do something about the bp
+  # we just hit. We have a block to execute.
+  # Remember if you implement this on your own
+  # make sure to call super, and also realize
+  # EIP won't look correct until this runs
   def on_breakpoint
     r = get_registers
     eip = r.eip
     eip -= 1
 
-    ## Call the block associated with the breakpoint
+    # Call the block associated with the breakpoint
     @breakpoints[eip].call(r, self)
 
-    ## The block may have called breakpoint_clear
+    # The block may have called breakpoint_clear
     del = true if !@breakpoints[eip].installed?
 
-    ## Uninstall and single step the bp
+    # Uninstall and single step the bp
     @breakpoints[eip].uninstall
     r.eip = eip
     set_registers(r)
     single_step
 
-    ## ptrace peektext returns -1 upon reinstallation of bp without calling
-    ## waitpid() if that occurs the breakpoint cannot be reinstalled
+    # ptrace peektext returns -1 upon reinstallation of bp without calling
+    # waitpid() if that occurs the breakpoint cannot be reinstalled
     Ragweed::Wraptux::waitpid(@pid, 0)
 
     if del == true
-        ## The breakpoint block may have called breakpoint_clear
+        # The breakpoint block may have called breakpoint_clear
         @breakpoints.delete(eip)
     else
         @breakpoints[eip].install
     end
   end
 
+  # @abstract
   def on_attach()              end
+  # @abstract
   def on_single_step()         end
+  # @abstract
   def on_continue()            end
+  # @abstract
   def on_exit()                end
+  # @abstract
   def on_signal()              end
+  # @abstract
   def on_sigint()              end
+  # @abstract
   def on_segv()                end
+  # @abstract
   def on_illegal_instruction() end
+  # @abstract
   def on_sigtrap()             end
+  # @abstract
   def on_fork_child(pid)       end
+  # @abstract
   def on_sigchild()            end
+  # @abstract
   def on_sigterm()             end
+  # @abstract
   def on_sigstop()             end
+  # @abstract
   def on_iot_trap()            end
 
   def print_registers

data/lib/ragweed/rasm/isa.rb

@@ -1,3 +1,4 @@
+module Ragweed; end
 ## ------------------------------------------------------------------------
 
 # Rasm: a half-assed X86 assembler.
@@ -9,7 +10,6 @@
 # to inject trampoline functions and detours into remote processes. This
 # is Ruby code; you'd never use it where performance matters. It's not
 # enough to write a decent compiler, but it's enough to fuck up programs.
-module Ragweed; end
 module Ragweed::Rasm
   class NotImp < RuntimeError; end
   class Insuff < RuntimeError; end

data/lib/ragweed/rasm.rb

@@ -1,6 +1,3 @@
-# Dir[File.expand_path("#{File.dirname(__FILE__)}/rasm/*.rb")].each do |file|
-#   require file
-# end
 module Ragweed; end
 module Ragweed::Rasm
 
@@ -49,8 +46,6 @@ module Ragweed::Rasm
         ::File.join(::File.dirname(fname), dir, '**', '*.rb'))
     
     Dir.glob(search_me).sort.each {|rb| require rb}
-    # require File.dirname(File.basename(__FILE__)) + "/#{x}"
-
   end
 end  # module Ragweed::Rasm
 

data/lib/ragweed/utils.rb

@@ -1,6 +1,6 @@
 require 'iconv'
 
-#do not rely on this extension to range. it'll be removed at some point.
+# @deprecated - unused this will be removed at some point.
 class Range
   module RangeExtensions
     def each_backwards
@@ -47,11 +47,11 @@ class Object
       end
     end
 
-    ## This is from Topher Cyll's Stupd IRB tricks
+    # This is from Topher Cyll's Stupd IRB tricks
     def mymethods
       (self.methods - self.class.superclass.methods).sort
     end
-    # self-evident
+
     def callable?; respond_to? :call; end
     def number?; kind_of? Numeric; end
 
@@ -69,9 +69,13 @@ class Object
 end
 
 class String
+  # to little endian 32bit integer
   def to_l32; unpack("L").first; end
+  # to big endian 32bit integer
   def to_b32; unpack("N").first; end
+  # to little endian 16bit short
   def to_l16; unpack("v").first; end
+  # to big endian 16bit short
   def to_b16; unpack("n").first; end
   def to_u8; self[0]; end
   def shift_l32; shift(4).to_l32; end

data/lib/ragweed/wrap32/hooks.rb

@@ -6,7 +6,7 @@ class Ragweed::Debugger32
   def hook(ip, nargs, callable=nil, &block)
 
     callable ||= block || lambda do |ev,ctx,dir,args|
-      #puts args.map{|a| "%08x" % a}.join(',')
+      # puts args.map{|a| "%08x" % a}.join(',')
     end
 
     breakpoint_set(ip) do |ev,ctx|
@@ -17,13 +17,13 @@ class Ragweed::Debugger32
         args = (1..nargs).map {|i| process.read32(ctx.esp + 4*i)}
       end
 
-      ## set exit bpoint
-      ## We cant always set a leave bp due to
-      ## calling conventions but we can avoid
-      ## a crash by setting a breakpoint on
-      ## the wrong address. So we attempt to
-      ## get an idea of where the instruction
-      ## is mapped.
+      # set exit bpoint
+      # We cant always set a leave bp due to
+      # calling conventions but we can avoid
+      # a crash by setting a breakpoint on
+      # the wrong address. So we attempt to
+      # get an idea of where the instruction
+      # is mapped.
       eip = ctx.eip
       if esp != 0 #and esp > (eip & 0xf0000000)
         breakpoint_set(esp) do |ev,ctx|
@@ -32,7 +32,7 @@ class Ragweed::Debugger32
         end.install
       end
 
-      ## Call the block sent to hook()
+      # Call the block sent to hook()
       callable.call(ev, ctx, :enter, args)
     end
   end

data/lib/ragweed/wrap32/process.rb

@@ -35,25 +35,22 @@ class Ragweed::Process
   def is_hex(s)
     s = s.strip
 
-    ## Strip leading 0s and 0x prefix
+    # Strip leading 0s and 0x prefix
     while s[0..1] == '0x' or s[0..1] == '00'
-        s = s[2..-1]
+      s = s[2..-1]
     end
 
     o = s
 
-    if s.hex.to_s(16) == o
-        return true
-    end
-        return false
+    s.hex.to_s(16) == o
   end
 
-  ## This only gets called for breakpoints in modules
-  ## that have just been loaded and detected by a LOAD_DLL
-  ## event. It is called from on_load_dll() -> deferred_install()
+  # This only gets called for breakpoints in modules
+  # that have just been loaded and detected by a LOAD_DLL
+  # event. It is called from on_load_dll() -> deferred_install()
   def get_deferred_proc_remote(name, handle, base_of_dll)
     if !name.kind_of?String
-        return name
+      return name
     end
 
     mod, meth = name.split "!"
@@ -64,7 +61,7 @@ class Ragweed::Process
 
     modh = handle
 
-    ## Location is an offset
+    # Location is an offset
     if is_hex(meth)
         baseaddr = 0
         modules.each do |m|
@@ -75,15 +72,15 @@ class Ragweed::Process
 
         ret = base_of_dll + meth.hex
     else
-        ## Location is a symbolic name
-        ## Win32 should have successfully loaded the DLL
+        # Location is a symbolic name
+        # Win32 should have successfully loaded the DLL
         ret = remote_call "kernel32!GetProcAddress", modh, meth
     end
     ret
   end
 
-  ## This only gets called for breakpoints
-  ## in modules that are already loaded
+  # This only gets called for breakpoints
+  # in modules that are already loaded
   def get_proc_remote(name)
     if !name.kind_of?String
         return name
@@ -95,11 +92,10 @@ class Ragweed::Process
         raise "can not set this breakpoint: #{name}"
     end
 
-#    modh = remote_call "kernel32!GetModuleHandleW", mod.to_utf16
     modh = remote_call "kernel32!GetModuleHandleA", mod
     raise "no such module #{ mod }" if not modh
 
-    ## Location is an offset
+    # Location is an offset
     if is_hex(meth)
         baseaddr = 0
         modules.each do |m|
@@ -109,26 +105,26 @@ class Ragweed::Process
             end
         end
 
-        ## Somehow the module does not appear to be
-        ## loaded. This should have been caught by
-        ## Process::is_breakpoint_deferred either way
-        ## Process::initialize should catch this return
+        # Somehow the module does not appear to be
+        # loaded. This should have been caught by
+        # Process::is_breakpoint_deferred either way
+        # Process::initialize should catch this return
         if baseaddr == 0 or baseaddr == -1
             return name
         end
 
         ret = baseaddr + meth.hex
     else
-        ## Location is a symbolic name
+        # Location is a symbolic name
         ret = remote_call "kernel32!GetProcAddress", modh, meth
     end
     ret
   end
 
-  ## Check if breakpoint location is deferred
-  ## This method expects a string 'module!function'
-  ## true is the module is not yet loaded
-  ## false is the module is loaded
+  # Check if breakpoint location is deferred
+  # This method expects a string 'module!function'
+  # true is the module is not yet loaded
+  # false is the module is loaded
   def is_breakpoint_deferred(ip)
     if !ip.kind_of? String
         return false
@@ -149,8 +145,8 @@ class Ragweed::Process
     return true
   end
 
-  ## Look up a process by name or regex, returning an array of all
-  ## matching processes, as objects.
+  # Look up a process by name or regex, returning an array of all
+  # matching processes, as objects.
   def self.by_name(n)
     n = Regexp.new(n) if not n.kind_of? Regexp
     p = []

data/lib/ragweed/wrap32/wrap32.rb

@@ -129,8 +129,8 @@ module Ragweed::Wrap32
     attach_function 'malloc', [ :long ], :long
     attach_function 'memcpy', [ :pointer, :pointer, :long ], :long
 
-    ## XXX This shouldnt be in psapi in win7, need to clean this up
-    ## XXX Also the unicode version should be supported, this is NOT complete
+    # XXX This shouldnt be in psapi in win7, need to clean this up
+    # XXX Also the unicode version should be supported, this is NOT complete
     ffi_lib 'psapi'
     ffi_convention :stdcall
     attach_function 'GetMappedFileNameA', [ :long, :long, :pointer, :long ], :long
@@ -201,7 +201,7 @@ module Ragweed::Wrap32
 
     # Read from a remote process given an address and length, returning a string.
     def read_process_memory(h, ptr, len)
-#      val = FFI::MemoryPointer.from_string("\x00" * len)
+      # val = FFI::MemoryPointer.from_string("\x00" * len)
       val = "\x00" * len
       r = Win.ReadProcessMemory(h, ptr.to_i, val, len, NULL)
       raise WinX.new(:read_process_memory) if r == 0
@@ -215,6 +215,7 @@ module Ragweed::Wrap32
         return val
     end
 
+    # @deprecated - will be replaced with a proper object
     def str2memory_basic_info(mbi)
       s = OpenStruct.new
       s.BaseAddress,
@@ -304,6 +305,7 @@ module Ragweed::Wrap32
       raise WinX.new(:wait_for_single_object) if r == -1
     end
 
+    # @deprecated - will be replaced with a proper object
     def str2process_info(str)
       ret = OpenStruct.new
       ret.dwSize,
@@ -337,6 +339,7 @@ module Ragweed::Wrap32
       end
     end
 
+    # @deprecated - will be replaced with a proper object
     def str2module_info(str)
       ret = OpenStruct.new
       ret.dwSize,
@@ -392,6 +395,7 @@ module Ragweed::Wrap32
       nil
     end
 
+    # @deprecated - will be replaced with a proper object
     def str2thread_info(str)
       ret = OpenStruct.new
       ret.dwSize,

data/lib/ragweed/wrap32.rb

@@ -1,6 +1,3 @@
-# Dir[File.expand_path("#{File.dirname(__FILE__)}/wrap32/*.rb")].each do |file|
-#   require file
-# end
 module Ragweed; end
 module Ragweed::Wrap32
 

data/lib/ragweed/wraposx/constants.rb

@@ -1,5 +1,7 @@
 module Ragweed; end
 module Ragweed::Wraposx;end
+
+# PTRACE request constants
 module Ragweed::Wraposx::Ptrace
   TRACE_ME = 0 # child declares it's being traced
   #(READ|WRITE)_[IDU] are not valid in OSX but defined in ptrace.h
@@ -22,10 +24,11 @@ module Ragweed::Wraposx::Ptrace
   FIRSTMACH = 32 # for machine-specific requests
 end
 
+# the Ruby module Signal also has this information.
+# in reality, that is a better source since it's based on the signals
+# available at the time ruby was compiled.
+# @deprecated - Just use ::Signal
 module Ragweed::Wraposx::Signal
-  # the Ruby module Signal also has this information.
-  # in reality, that is a better source since it's based on the signals
-  # available at the time ruby was compiled.
   SIGHUP = 1 # hangup
   SIGINT = 2 # interrupt
   SIGQUIT = 3 # quit
@@ -68,6 +71,7 @@ module Ragweed::Wraposx::Signal
   SIGUSR2 = 31 # user defined signal 2
 end
 
+# options for wait()
 module Ragweed::Wraposx::Wait
   NOHANG = 0x01 # [XSI] no hang in wait/no child to reap
   UNTRACED = 0x02 # [XSI] notify on stop, untraced child
@@ -78,8 +82,9 @@ module Ragweed::Wraposx::Wait
 end
 
 module Ragweed::Wraposx::Vm; end
+
+# vm_protect permission flags for memory spaces
 module Ragweed::Wraposx::Vm::Prot
-  # vm_protect permission flags for memory spaces
   READ = 0x1 #read permission
   WRITE = 0x2 #write permission
   EXECUTE = 0x4 #execute permission
@@ -87,8 +92,8 @@ module Ragweed::Wraposx::Vm::Prot
   ALL = 0x7 #all permissions
 end
 
+# share mode constants
 module Ragweed::Wraposx::Vm::Sm
-  # share mode constants
   COW = 1
   PRIVATE = 2
   EMPTY = 3
@@ -98,6 +103,7 @@ module Ragweed::Wraposx::Vm::Sm
   SHARED_ALIASED = 7
 end
 
+# dyld constants
 module Ragweed::Wraposx::Dl
   RTLD_LAZY = 0x1
   RTLD_NOW = 0x2

data/lib/ragweed/wraposx/kernelerrorx.rb

@@ -1,8 +1,7 @@
-# Exception objects for kernel errors likely in Wraposx
-# If this were a C extension I'd use #ifdef on each to only create the required ones.
-
 module Ragweed; end
 module Ragweed::Wraposx; end
+
+# Exception objects for kernel errors likely in Wraposx
 module Ragweed::Wraposx::KernelReturn
   SUCCESS =               { :value => 0, :message => 'Not an error'}
   INVALID_ADDRESS =       { :value => 1, :message => 'Specified address is not currently valid.'}

data/lib/ragweed/wraposx/region_info.rb

@@ -192,10 +192,10 @@ EOM
     end
   end
 
-  #define VM_REGION_BASIC_INFO_COUNT ((mach_msg_type_number_t) (sizeof(vm_region_basic_info_data_t)/sizeof(int)))
-  #define VM_REGION_BASIC_INFO_COUNT_64 ((mach_msg_type_number_t) (sizeof(vm_region_basic_info_data_64_t)/sizeof(int)))
-  #define VM_REGION_EXTENDED_INFO_COUNT   ((mach_msg_type_number_t) (sizeof(vm_region_extended_info_data_t)/sizeof(int)))
-  #define VM_REGION_TOP_INFO_COUNT ((mach_msg_type_number_t) (sizeof(vm_region_top_info_data_t)/sizeof(int)))
+  # define VM_REGION_BASIC_INFO_COUNT ((mach_msg_type_number_t) (sizeof(vm_region_basic_info_data_t)/sizeof(int)))
+  # define VM_REGION_BASIC_INFO_COUNT_64 ((mach_msg_type_number_t) (sizeof(vm_region_basic_info_data_64_t)/sizeof(int)))
+  # define VM_REGION_EXTENDED_INFO_COUNT   ((mach_msg_type_number_t) (sizeof(vm_region_extended_info_data_t)/sizeof(int)))
+  # define VM_REGION_TOP_INFO_COUNT ((mach_msg_type_number_t) (sizeof(vm_region_top_info_data_t)/sizeof(int)))
   FLAVORS = { REGION_BASIC_INFO => {:size => 30, :count => 8, :class => RegionBasicInfo},
       REGION_BASIC_INFO_64 => {:size => 30, :count => 9, :class => RegionBasicInfo64},
       REGION_EXTENDED_INFO => {:size => 32, :count => 8, :class => RegionExtendedInfo},

data/lib/ragweed/wraposx/thread_context.rb

@@ -355,6 +355,14 @@ EOM
       self.methods.include? mth || super
     end
 
+    def dump(&block)
+      case self[:tsh][:flavor]
+      when Ragweed::Wraposx::ThreadContext::X86_THREAD_STATE32
+        self[:uts][:ts32].dump(&block)
+      when Ragweed::Wraposx::ThreadContext::X86_THREAD_STATE64
+        self[:uts][:ts64].dump(&block)
+      end
+    end
   end
 
   # _STRUCT_X86_DEBUG_STATE32