1492 lines
40 KiB
C
1492 lines
40 KiB
C
|
/*++ BUILD Version: 0001 Increment this if a change has global effects
|
||
|
|
||
|
Copyright (c) 1990-1999 Microsoft Corporation
|
||
|
|
||
|
Module Name:
|
||
|
|
||
|
dbghelp.h
|
||
|
|
||
|
Abstract:
|
||
|
|
||
|
This module defines the prototypes and constants required for the image
|
||
|
help routines.
|
||
|
|
||
|
Contains debugging support routines that are redistributable.
|
||
|
|
||
|
Revision History:
|
||
|
|
||
|
--*/
|
||
|
|
||
|
#ifndef _DBGHELP_
|
||
|
#pragma option push -b -a8 -pc -A- /*P_O_Push*/
|
||
|
#define _DBGHELP_
|
||
|
|
||
|
#if _MSC_VER > 1020
|
||
|
#pragma once
|
||
|
#endif
|
||
|
|
||
|
|
||
|
#ifdef _WIN64
|
||
|
#ifndef _IMAGEHLP64
|
||
|
#define _IMAGEHLP64
|
||
|
#endif
|
||
|
#endif
|
||
|
|
||
|
|
||
|
#ifdef __cplusplus
|
||
|
extern "C" {
|
||
|
#endif
|
||
|
|
||
|
#ifdef _IMAGEHLP_SOURCE_
|
||
|
#define IMAGEAPI __stdcall
|
||
|
#else
|
||
|
#define IMAGEAPI DECLSPEC_IMPORT __stdcall
|
||
|
#endif
|
||
|
|
||
|
#define IMAGE_SEPARATION (64*1024)
|
||
|
|
||
|
typedef struct _LOADED_IMAGE {
|
||
|
PSTR ModuleName;
|
||
|
HANDLE hFile;
|
||
|
PUCHAR MappedAddress;
|
||
|
#ifdef _IMAGEHLP64
|
||
|
PIMAGE_NT_HEADERS64 FileHeader;
|
||
|
#else
|
||
|
PIMAGE_NT_HEADERS32 FileHeader;
|
||
|
#endif
|
||
|
PIMAGE_SECTION_HEADER LastRvaSection;
|
||
|
ULONG NumberOfSections;
|
||
|
PIMAGE_SECTION_HEADER Sections;
|
||
|
ULONG Characteristics;
|
||
|
BOOLEAN fSystemImage;
|
||
|
BOOLEAN fDOSImage;
|
||
|
LIST_ENTRY Links;
|
||
|
ULONG SizeOfImage;
|
||
|
} LOADED_IMAGE, *PLOADED_IMAGE;
|
||
|
|
||
|
|
||
|
|
||
|
HANDLE
|
||
|
IMAGEAPI
|
||
|
FindDebugInfoFile (
|
||
|
PSTR FileName,
|
||
|
PSTR SymbolPath,
|
||
|
PSTR DebugFilePath
|
||
|
);
|
||
|
|
||
|
typedef BOOL
|
||
|
(CALLBACK *PFIND_DEBUG_FILE_CALLBACK)(
|
||
|
HANDLE FileHandle,
|
||
|
PSTR FileName,
|
||
|
PVOID CallerData
|
||
|
);
|
||
|
|
||
|
HANDLE
|
||
|
IMAGEAPI
|
||
|
FindDebugInfoFileEx (
|
||
|
PSTR FileName,
|
||
|
PSTR SymbolPath,
|
||
|
PSTR DebugFilePath,
|
||
|
PFIND_DEBUG_FILE_CALLBACK Callback,
|
||
|
PVOID CallerData
|
||
|
);
|
||
|
|
||
|
HANDLE
|
||
|
IMAGEAPI
|
||
|
FindExecutableImage(
|
||
|
PSTR FileName,
|
||
|
PSTR SymbolPath,
|
||
|
PSTR ImageFilePath
|
||
|
);
|
||
|
|
||
|
PIMAGE_NT_HEADERS
|
||
|
IMAGEAPI
|
||
|
ImageNtHeader (
|
||
|
IN PVOID Base
|
||
|
);
|
||
|
|
||
|
PVOID
|
||
|
IMAGEAPI
|
||
|
ImageDirectoryEntryToDataEx (
|
||
|
IN PVOID Base,
|
||
|
IN BOOLEAN MappedAsImage,
|
||
|
IN USHORT DirectoryEntry,
|
||
|
OUT PULONG Size,
|
||
|
OUT PIMAGE_SECTION_HEADER *FoundHeader OPTIONAL
|
||
|
);
|
||
|
|
||
|
PVOID
|
||
|
IMAGEAPI
|
||
|
ImageDirectoryEntryToData (
|
||
|
IN PVOID Base,
|
||
|
IN BOOLEAN MappedAsImage,
|
||
|
IN USHORT DirectoryEntry,
|
||
|
OUT PULONG Size
|
||
|
);
|
||
|
|
||
|
PIMAGE_SECTION_HEADER
|
||
|
IMAGEAPI
|
||
|
ImageRvaToSection(
|
||
|
IN PIMAGE_NT_HEADERS NtHeaders,
|
||
|
IN PVOID Base,
|
||
|
IN ULONG Rva
|
||
|
);
|
||
|
|
||
|
PVOID
|
||
|
IMAGEAPI
|
||
|
ImageRvaToVa(
|
||
|
IN PIMAGE_NT_HEADERS NtHeaders,
|
||
|
IN PVOID Base,
|
||
|
IN ULONG Rva,
|
||
|
IN OUT PIMAGE_SECTION_HEADER *LastRvaSection
|
||
|
);
|
||
|
|
||
|
// Symbol server export
|
||
|
|
||
|
typedef BOOL (*PSYMBOLSERVERPROC)(LPCSTR, LPCSTR, DWORD, DWORD, DWORD, LPSTR);
|
||
|
typedef BOOL (*PSYMBOLSERVEROPENPROC)(VOID);
|
||
|
typedef BOOL (*PSYMBOLSERVERCLOSEPROC)(VOID);
|
||
|
|
||
|
#ifndef _WIN64
|
||
|
// This api won't be ported to Win64 - Fix your code.
|
||
|
|
||
|
typedef struct _IMAGE_DEBUG_INFORMATION {
|
||
|
LIST_ENTRY List;
|
||
|
DWORD ReservedSize;
|
||
|
PVOID ReservedMappedBase;
|
||
|
USHORT ReservedMachine;
|
||
|
USHORT ReservedCharacteristics;
|
||
|
DWORD ReservedCheckSum;
|
||
|
DWORD ImageBase;
|
||
|
DWORD SizeOfImage;
|
||
|
|
||
|
DWORD ReservedNumberOfSections;
|
||
|
PIMAGE_SECTION_HEADER ReservedSections;
|
||
|
|
||
|
DWORD ReservedExportedNamesSize;
|
||
|
PSTR ReservedExportedNames;
|
||
|
|
||
|
DWORD ReservedNumberOfFunctionTableEntries;
|
||
|
PIMAGE_FUNCTION_ENTRY ReservedFunctionTableEntries;
|
||
|
DWORD ReservedLowestFunctionStartingAddress;
|
||
|
DWORD ReservedHighestFunctionEndingAddress;
|
||
|
|
||
|
DWORD ReservedNumberOfFpoTableEntries;
|
||
|
PFPO_DATA ReservedFpoTableEntries;
|
||
|
|
||
|
DWORD SizeOfCoffSymbols;
|
||
|
PIMAGE_COFF_SYMBOLS_HEADER CoffSymbols;
|
||
|
|
||
|
DWORD ReservedSizeOfCodeViewSymbols;
|
||
|
PVOID ReservedCodeViewSymbols;
|
||
|
|
||
|
PSTR ImageFilePath;
|
||
|
PSTR ImageFileName;
|
||
|
PSTR ReservedDebugFilePath;
|
||
|
|
||
|
DWORD ReservedTimeDateStamp;
|
||
|
|
||
|
BOOL ReservedRomImage;
|
||
|
PIMAGE_DEBUG_DIRECTORY ReservedDebugDirectory;
|
||
|
DWORD ReservedNumberOfDebugDirectories;
|
||
|
|
||
|
DWORD ReservedOriginalFunctionTableBaseAddress;
|
||
|
|
||
|
DWORD Reserved[ 2 ];
|
||
|
|
||
|
} IMAGE_DEBUG_INFORMATION, *PIMAGE_DEBUG_INFORMATION;
|
||
|
|
||
|
|
||
|
PIMAGE_DEBUG_INFORMATION
|
||
|
IMAGEAPI
|
||
|
MapDebugInformation(
|
||
|
HANDLE FileHandle,
|
||
|
PSTR FileName,
|
||
|
PSTR SymbolPath,
|
||
|
DWORD ImageBase
|
||
|
);
|
||
|
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
UnmapDebugInformation(
|
||
|
PIMAGE_DEBUG_INFORMATION DebugInfo
|
||
|
);
|
||
|
|
||
|
#endif
|
||
|
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SearchTreeForFile(
|
||
|
PSTR RootPath,
|
||
|
PSTR InputPathName,
|
||
|
PSTR OutputPathBuffer
|
||
|
);
|
||
|
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
MakeSureDirectoryPathExists(
|
||
|
PCSTR DirPath
|
||
|
);
|
||
|
|
||
|
//
|
||
|
// UnDecorateSymbolName Flags
|
||
|
//
|
||
|
|
||
|
#define UNDNAME_COMPLETE (0x0000) // Enable full undecoration
|
||
|
#define UNDNAME_NO_LEADING_UNDERSCORES (0x0001) // Remove leading underscores from MS extended keywords
|
||
|
#define UNDNAME_NO_MS_KEYWORDS (0x0002) // Disable expansion of MS extended keywords
|
||
|
#define UNDNAME_NO_FUNCTION_RETURNS (0x0004) // Disable expansion of return type for primary declaration
|
||
|
#define UNDNAME_NO_ALLOCATION_MODEL (0x0008) // Disable expansion of the declaration model
|
||
|
#define UNDNAME_NO_ALLOCATION_LANGUAGE (0x0010) // Disable expansion of the declaration language specifier
|
||
|
#define UNDNAME_NO_MS_THISTYPE (0x0020) // NYI Disable expansion of MS keywords on the 'this' type for primary declaration
|
||
|
#define UNDNAME_NO_CV_THISTYPE (0x0040) // NYI Disable expansion of CV modifiers on the 'this' type for primary declaration
|
||
|
#define UNDNAME_NO_THISTYPE (0x0060) // Disable all modifiers on the 'this' type
|
||
|
#define UNDNAME_NO_ACCESS_SPECIFIERS (0x0080) // Disable expansion of access specifiers for members
|
||
|
#define UNDNAME_NO_THROW_SIGNATURES (0x0100) // Disable expansion of 'throw-signatures' for functions and pointers to functions
|
||
|
#define UNDNAME_NO_MEMBER_TYPE (0x0200) // Disable expansion of 'static' or 'virtual'ness of members
|
||
|
#define UNDNAME_NO_RETURN_UDT_MODEL (0x0400) // Disable expansion of MS model for UDT returns
|
||
|
#define UNDNAME_32_BIT_DECODE (0x0800) // Undecorate 32-bit decorated names
|
||
|
#define UNDNAME_NAME_ONLY (0x1000) // Crack only the name for primary declaration;
|
||
|
// return just [scope::]name. Does expand template params
|
||
|
#define UNDNAME_NO_ARGUMENTS (0x2000) // Don't undecorate arguments to function
|
||
|
#define UNDNAME_NO_SPECIAL_SYMS (0x4000) // Don't undecorate special names (v-table, vcall, vector xxx, metatype, etc)
|
||
|
|
||
|
DWORD
|
||
|
IMAGEAPI
|
||
|
WINAPI
|
||
|
UnDecorateSymbolName(
|
||
|
PCSTR DecoratedName, // Name to undecorate
|
||
|
PSTR UnDecoratedName, // If NULL, it will be allocated
|
||
|
DWORD UndecoratedLength, // The maximym length
|
||
|
DWORD Flags // See above.
|
||
|
);
|
||
|
|
||
|
//
|
||
|
// StackWalking API
|
||
|
//
|
||
|
|
||
|
typedef enum {
|
||
|
AddrMode1616,
|
||
|
AddrMode1632,
|
||
|
AddrModeReal,
|
||
|
AddrModeFlat
|
||
|
} ADDRESS_MODE;
|
||
|
|
||
|
typedef struct _tagADDRESS64 {
|
||
|
DWORD64 Offset;
|
||
|
WORD Segment;
|
||
|
ADDRESS_MODE Mode;
|
||
|
} ADDRESS64, *LPADDRESS64;
|
||
|
|
||
|
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
||
|
#define ADDRESS ADDRESS64
|
||
|
#define LPADDRESS LPADDRESS64
|
||
|
#else
|
||
|
typedef struct _tagADDRESS {
|
||
|
DWORD Offset;
|
||
|
WORD Segment;
|
||
|
ADDRESS_MODE Mode;
|
||
|
} ADDRESS, *LPADDRESS;
|
||
|
|
||
|
__inline
|
||
|
void
|
||
|
Address32To64(
|
||
|
LPADDRESS a32,
|
||
|
LPADDRESS64 a64
|
||
|
)
|
||
|
{
|
||
|
a64->Offset = (ULONG64)(LONG64)(LONG)a32->Offset;
|
||
|
a64->Segment = a32->Segment;
|
||
|
a64->Mode = a32->Mode;
|
||
|
}
|
||
|
|
||
|
__inline
|
||
|
void
|
||
|
Address64To32(
|
||
|
LPADDRESS64 a64,
|
||
|
LPADDRESS a32
|
||
|
)
|
||
|
{
|
||
|
a32->Offset = (ULONG)a64->Offset;
|
||
|
a32->Segment = a64->Segment;
|
||
|
a32->Mode = a64->Mode;
|
||
|
}
|
||
|
#endif
|
||
|
|
||
|
//
|
||
|
// This structure is included in the STACKFRAME structure,
|
||
|
// and is used to trace through usermode callbacks in a thread's
|
||
|
// kernel stack. The values must be copied by the kernel debugger
|
||
|
// from the DBGKD_GET_VERSION and WAIT_STATE_CHANGE packets.
|
||
|
//
|
||
|
|
||
|
//
|
||
|
// New KDHELP structure for 64 bit system support.
|
||
|
// This structure is preferred in new code.
|
||
|
//
|
||
|
typedef struct _KDHELP64 {
|
||
|
|
||
|
//
|
||
|
// address of kernel thread object, as provided in the
|
||
|
// WAIT_STATE_CHANGE packet.
|
||
|
//
|
||
|
DWORD64 Thread;
|
||
|
|
||
|
//
|
||
|
// offset in thread object to pointer to the current callback frame
|
||
|
// in kernel stack.
|
||
|
//
|
||
|
DWORD ThCallbackStack;
|
||
|
|
||
|
//
|
||
|
// offset in thread object to pointer to the current callback backing
|
||
|
// store frame in kernel stack.
|
||
|
//
|
||
|
DWORD ThCallbackBStore;
|
||
|
|
||
|
//
|
||
|
// offsets to values in frame:
|
||
|
//
|
||
|
// address of next callback frame
|
||
|
DWORD NextCallback;
|
||
|
|
||
|
// address of saved frame pointer (if applicable)
|
||
|
DWORD FramePointer;
|
||
|
|
||
|
|
||
|
//
|
||
|
// Address of the kernel function that calls out to user mode
|
||
|
//
|
||
|
DWORD64 KiCallUserMode;
|
||
|
|
||
|
//
|
||
|
// Address of the user mode dispatcher function
|
||
|
//
|
||
|
DWORD64 KeUserCallbackDispatcher;
|
||
|
|
||
|
//
|
||
|
// Lowest kernel mode address
|
||
|
//
|
||
|
DWORD64 SystemRangeStart;
|
||
|
|
||
|
DWORD64 Reserved[8];
|
||
|
|
||
|
} KDHELP64, *PKDHELP64;
|
||
|
|
||
|
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
||
|
#define KDHELP KDHELP64
|
||
|
#define PKDHELP PKDHELP64
|
||
|
#else
|
||
|
typedef struct _KDHELP {
|
||
|
|
||
|
//
|
||
|
// address of kernel thread object, as provided in the
|
||
|
// WAIT_STATE_CHANGE packet.
|
||
|
//
|
||
|
DWORD Thread;
|
||
|
|
||
|
//
|
||
|
// offset in thread object to pointer to the current callback frame
|
||
|
// in kernel stack.
|
||
|
//
|
||
|
DWORD ThCallbackStack;
|
||
|
|
||
|
//
|
||
|
// offsets to values in frame:
|
||
|
//
|
||
|
// address of next callback frame
|
||
|
DWORD NextCallback;
|
||
|
|
||
|
// address of saved frame pointer (if applicable)
|
||
|
DWORD FramePointer;
|
||
|
|
||
|
//
|
||
|
// Address of the kernel function that calls out to user mode
|
||
|
//
|
||
|
DWORD KiCallUserMode;
|
||
|
|
||
|
//
|
||
|
// Address of the user mode dispatcher function
|
||
|
//
|
||
|
DWORD KeUserCallbackDispatcher;
|
||
|
|
||
|
//
|
||
|
// Lowest kernel mode address
|
||
|
//
|
||
|
DWORD SystemRangeStart;
|
||
|
|
||
|
//
|
||
|
// offset in thread object to pointer to the current callback backing
|
||
|
// store frame in kernel stack.
|
||
|
//
|
||
|
DWORD ThCallbackBStore;
|
||
|
|
||
|
DWORD Reserved[8];
|
||
|
|
||
|
} KDHELP, *PKDHELP;
|
||
|
|
||
|
__inline
|
||
|
void
|
||
|
KdHelp32To64(
|
||
|
PKDHELP p32,
|
||
|
PKDHELP64 p64
|
||
|
)
|
||
|
{
|
||
|
p64->Thread = p32->Thread;
|
||
|
p64->ThCallbackStack = p32->ThCallbackStack;
|
||
|
p64->NextCallback = p32->NextCallback;
|
||
|
p64->FramePointer = p32->FramePointer;
|
||
|
p64->KiCallUserMode = p32->KiCallUserMode;
|
||
|
p64->KeUserCallbackDispatcher = p32->KeUserCallbackDispatcher;
|
||
|
p64->SystemRangeStart = p32->SystemRangeStart;
|
||
|
}
|
||
|
#endif
|
||
|
|
||
|
typedef struct _tagSTACKFRAME64 {
|
||
|
ADDRESS64 AddrPC; // program counter
|
||
|
ADDRESS64 AddrReturn; // return address
|
||
|
ADDRESS64 AddrFrame; // frame pointer
|
||
|
ADDRESS64 AddrStack; // stack pointer
|
||
|
ADDRESS64 AddrBStore; // backing store pointer
|
||
|
PVOID FuncTableEntry; // pointer to pdata/fpo or NULL
|
||
|
DWORD64 Params[4]; // possible arguments to the function
|
||
|
BOOL Far; // WOW far call
|
||
|
BOOL Virtual; // is this a virtual frame?
|
||
|
DWORD64 Reserved[3];
|
||
|
KDHELP64 KdHelp;
|
||
|
} STACKFRAME64, *LPSTACKFRAME64;
|
||
|
|
||
|
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
||
|
#define STACKFRAME STACKFRAME64
|
||
|
#define LPSTACKFRAME LPSTACKFRAME64
|
||
|
#else
|
||
|
typedef struct _tagSTACKFRAME {
|
||
|
ADDRESS AddrPC; // program counter
|
||
|
ADDRESS AddrReturn; // return address
|
||
|
ADDRESS AddrFrame; // frame pointer
|
||
|
ADDRESS AddrStack; // stack pointer
|
||
|
PVOID FuncTableEntry; // pointer to pdata/fpo or NULL
|
||
|
DWORD Params[4]; // possible arguments to the function
|
||
|
BOOL Far; // WOW far call
|
||
|
BOOL Virtual; // is this a virtual frame?
|
||
|
DWORD Reserved[3];
|
||
|
KDHELP KdHelp;
|
||
|
ADDRESS AddrBStore; // backing store pointer
|
||
|
} STACKFRAME, *LPSTACKFRAME;
|
||
|
#endif
|
||
|
|
||
|
|
||
|
typedef
|
||
|
BOOL
|
||
|
(__stdcall *PREAD_PROCESS_MEMORY_ROUTINE64)(
|
||
|
HANDLE hProcess,
|
||
|
DWORD64 qwBaseAddress,
|
||
|
PVOID lpBuffer,
|
||
|
DWORD nSize,
|
||
|
LPDWORD lpNumberOfBytesRead
|
||
|
);
|
||
|
|
||
|
typedef
|
||
|
PVOID
|
||
|
(__stdcall *PFUNCTION_TABLE_ACCESS_ROUTINE64)(
|
||
|
HANDLE hProcess,
|
||
|
DWORD64 AddrBase
|
||
|
);
|
||
|
|
||
|
typedef
|
||
|
DWORD64
|
||
|
(__stdcall *PGET_MODULE_BASE_ROUTINE64)(
|
||
|
HANDLE hProcess,
|
||
|
DWORD64 Address
|
||
|
);
|
||
|
|
||
|
typedef
|
||
|
DWORD64
|
||
|
(__stdcall *PTRANSLATE_ADDRESS_ROUTINE64)(
|
||
|
HANDLE hProcess,
|
||
|
HANDLE hThread,
|
||
|
LPADDRESS64 lpaddr
|
||
|
);
|
||
|
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
StackWalk64(
|
||
|
DWORD MachineType,
|
||
|
HANDLE hProcess,
|
||
|
HANDLE hThread,
|
||
|
LPSTACKFRAME64 StackFrame,
|
||
|
PVOID ContextRecord,
|
||
|
PREAD_PROCESS_MEMORY_ROUTINE64 ReadMemoryRoutine,
|
||
|
PFUNCTION_TABLE_ACCESS_ROUTINE64 FunctionTableAccessRoutine,
|
||
|
PGET_MODULE_BASE_ROUTINE64 GetModuleBaseRoutine,
|
||
|
PTRANSLATE_ADDRESS_ROUTINE64 TranslateAddress
|
||
|
);
|
||
|
|
||
|
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
||
|
|
||
|
#define PREAD_PROCESS_MEMORY_ROUTINE PREAD_PROCESS_MEMORY_ROUTINE64
|
||
|
#define PFUNCTION_TABLE_ACCESS_ROUTINE PFUNCTION_TABLE_ACCESS_ROUTINE64
|
||
|
#define PGET_MODULE_BASE_ROUTINE PGET_MODULE_BASE_ROUTINE64
|
||
|
#define PTRANSLATE_ADDRESS_ROUTINE PTRANSLATE_ADDRESS_ROUTINE64
|
||
|
|
||
|
#define StackWalk StackWalk64
|
||
|
|
||
|
#else
|
||
|
|
||
|
typedef
|
||
|
BOOL
|
||
|
(__stdcall *PREAD_PROCESS_MEMORY_ROUTINE)(
|
||
|
HANDLE hProcess,
|
||
|
DWORD lpBaseAddress,
|
||
|
PVOID lpBuffer,
|
||
|
DWORD nSize,
|
||
|
PDWORD lpNumberOfBytesRead
|
||
|
);
|
||
|
|
||
|
typedef
|
||
|
PVOID
|
||
|
(__stdcall *PFUNCTION_TABLE_ACCESS_ROUTINE)(
|
||
|
HANDLE hProcess,
|
||
|
DWORD AddrBase
|
||
|
);
|
||
|
|
||
|
typedef
|
||
|
DWORD
|
||
|
(__stdcall *PGET_MODULE_BASE_ROUTINE)(
|
||
|
HANDLE hProcess,
|
||
|
DWORD Address
|
||
|
);
|
||
|
|
||
|
typedef
|
||
|
DWORD
|
||
|
(__stdcall *PTRANSLATE_ADDRESS_ROUTINE)(
|
||
|
HANDLE hProcess,
|
||
|
HANDLE hThread,
|
||
|
LPADDRESS lpaddr
|
||
|
);
|
||
|
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
StackWalk(
|
||
|
DWORD MachineType,
|
||
|
HANDLE hProcess,
|
||
|
HANDLE hThread,
|
||
|
LPSTACKFRAME StackFrame,
|
||
|
PVOID ContextRecord,
|
||
|
PREAD_PROCESS_MEMORY_ROUTINE ReadMemoryRoutine,
|
||
|
PFUNCTION_TABLE_ACCESS_ROUTINE FunctionTableAccessRoutine,
|
||
|
PGET_MODULE_BASE_ROUTINE GetModuleBaseRoutine,
|
||
|
PTRANSLATE_ADDRESS_ROUTINE TranslateAddress
|
||
|
);
|
||
|
|
||
|
#endif
|
||
|
|
||
|
|
||
|
#define API_VERSION_NUMBER 9
|
||
|
|
||
|
typedef struct API_VERSION {
|
||
|
USHORT MajorVersion;
|
||
|
USHORT MinorVersion;
|
||
|
USHORT Revision;
|
||
|
USHORT Reserved;
|
||
|
} API_VERSION, *LPAPI_VERSION;
|
||
|
|
||
|
LPAPI_VERSION
|
||
|
IMAGEAPI
|
||
|
ImagehlpApiVersion(
|
||
|
VOID
|
||
|
);
|
||
|
|
||
|
LPAPI_VERSION
|
||
|
IMAGEAPI
|
||
|
ImagehlpApiVersionEx(
|
||
|
LPAPI_VERSION AppVersion
|
||
|
);
|
||
|
|
||
|
DWORD
|
||
|
IMAGEAPI
|
||
|
GetTimestampForLoadedLibrary(
|
||
|
HMODULE Module
|
||
|
);
|
||
|
|
||
|
//
|
||
|
// typedefs for function pointers
|
||
|
//
|
||
|
typedef BOOL
|
||
|
(CALLBACK *PSYM_ENUMMODULES_CALLBACK64)(
|
||
|
PSTR ModuleName,
|
||
|
DWORD64 BaseOfDll,
|
||
|
PVOID UserContext
|
||
|
);
|
||
|
|
||
|
typedef BOOL
|
||
|
(CALLBACK *PSYM_ENUMSYMBOLS_CALLBACK64)(
|
||
|
PSTR SymbolName,
|
||
|
DWORD64 SymbolAddress,
|
||
|
ULONG SymbolSize,
|
||
|
PVOID UserContext
|
||
|
);
|
||
|
|
||
|
typedef BOOL
|
||
|
(CALLBACK *PSYM_ENUMSYMBOLS_CALLBACK64W)(
|
||
|
PWSTR SymbolName,
|
||
|
DWORD64 SymbolAddress,
|
||
|
ULONG SymbolSize,
|
||
|
PVOID UserContext
|
||
|
);
|
||
|
|
||
|
typedef BOOL
|
||
|
(CALLBACK *PENUMLOADED_MODULES_CALLBACK64)(
|
||
|
PSTR ModuleName,
|
||
|
DWORD64 ModuleBase,
|
||
|
ULONG ModuleSize,
|
||
|
PVOID UserContext
|
||
|
);
|
||
|
|
||
|
typedef BOOL
|
||
|
(CALLBACK *PSYMBOL_REGISTERED_CALLBACK64)(
|
||
|
HANDLE hProcess,
|
||
|
ULONG ActionCode,
|
||
|
ULONG64 CallbackData,
|
||
|
ULONG64 UserContext
|
||
|
);
|
||
|
|
||
|
typedef
|
||
|
PVOID
|
||
|
(CALLBACK *PSYMBOL_FUNCENTRY_CALLBACK)(
|
||
|
HANDLE hProcess,
|
||
|
DWORD AddrBase,
|
||
|
PVOID UserContext
|
||
|
);
|
||
|
|
||
|
typedef
|
||
|
PVOID
|
||
|
(CALLBACK *PSYMBOL_FUNCENTRY_CALLBACK64)(
|
||
|
HANDLE hProcess,
|
||
|
ULONG64 AddrBase,
|
||
|
ULONG64 UserContext
|
||
|
);
|
||
|
|
||
|
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
||
|
|
||
|
#define PSYM_ENUMMODULES_CALLBACK PSYM_ENUMMODULES_CALLBACK64
|
||
|
#define PSYM_ENUMSYMBOLS_CALLBACK PSYM_ENUMSYMBOLS_CALLBACK64
|
||
|
#define PSYM_ENUMSYMBOLS_CALLBACKW PSYM_ENUMSYMBOLS_CALLBACK64W
|
||
|
#define PENUMLOADED_MODULES_CALLBACK PENUMLOADED_MODULES_CALLBACK64
|
||
|
#define PSYMBOL_REGISTERED_CALLBACK PSYMBOL_REGISTERED_CALLBACK64
|
||
|
#define PSYMBOL_FUNCENTRY_CALLBACK PSYMBOL_FUNCENTRY_CALLBACK64
|
||
|
|
||
|
#else
|
||
|
|
||
|
typedef BOOL
|
||
|
(CALLBACK *PSYM_ENUMMODULES_CALLBACK)(
|
||
|
PSTR ModuleName,
|
||
|
ULONG BaseOfDll,
|
||
|
PVOID UserContext
|
||
|
);
|
||
|
|
||
|
typedef BOOL
|
||
|
(CALLBACK *PSYM_ENUMSYMBOLS_CALLBACK)(
|
||
|
PSTR SymbolName,
|
||
|
ULONG SymbolAddress,
|
||
|
ULONG SymbolSize,
|
||
|
PVOID UserContext
|
||
|
);
|
||
|
|
||
|
typedef BOOL
|
||
|
(CALLBACK *PSYM_ENUMSYMBOLS_CALLBACKW)(
|
||
|
PWSTR SymbolName,
|
||
|
ULONG SymbolAddress,
|
||
|
ULONG SymbolSize,
|
||
|
PVOID UserContext
|
||
|
);
|
||
|
|
||
|
typedef BOOL
|
||
|
(CALLBACK *PENUMLOADED_MODULES_CALLBACK)(
|
||
|
PSTR ModuleName,
|
||
|
ULONG ModuleBase,
|
||
|
ULONG ModuleSize,
|
||
|
PVOID UserContext
|
||
|
);
|
||
|
|
||
|
typedef BOOL
|
||
|
(CALLBACK *PSYMBOL_REGISTERED_CALLBACK)(
|
||
|
HANDLE hProcess,
|
||
|
ULONG ActionCode,
|
||
|
PVOID CallbackData,
|
||
|
PVOID UserContext
|
||
|
);
|
||
|
|
||
|
#endif
|
||
|
|
||
|
|
||
|
//
|
||
|
// symbol flags
|
||
|
//
|
||
|
|
||
|
#define SYMF_OMAP_GENERATED 0x00000001
|
||
|
#define SYMF_OMAP_MODIFIED 0x00000002
|
||
|
|
||
|
//
|
||
|
// symbol type enumeration
|
||
|
//
|
||
|
typedef enum {
|
||
|
SymNone,
|
||
|
SymCoff,
|
||
|
SymCv,
|
||
|
SymPdb,
|
||
|
SymExport,
|
||
|
SymDeferred,
|
||
|
SymSym // .sym file
|
||
|
} SYM_TYPE;
|
||
|
|
||
|
//
|
||
|
// symbol data structure
|
||
|
//
|
||
|
|
||
|
typedef struct _IMAGEHLP_SYMBOL64 {
|
||
|
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_SYMBOL64)
|
||
|
DWORD64 Address; // virtual address including dll base address
|
||
|
DWORD Size; // estimated size of symbol, can be zero
|
||
|
DWORD Flags; // info about the symbols, see the SYMF defines
|
||
|
DWORD MaxNameLength; // maximum size of symbol name in 'Name'
|
||
|
CHAR Name[1]; // symbol name (null terminated string)
|
||
|
} IMAGEHLP_SYMBOL64, *PIMAGEHLP_SYMBOL64;
|
||
|
|
||
|
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
||
|
#define IMAGEHLP_SYMBOL IMAGEHLP_SYMBOL64
|
||
|
#define PIMAGEHLP_SYMBOL PIMAGEHLP_SYMBOL64
|
||
|
#else
|
||
|
typedef struct _IMAGEHLP_SYMBOL {
|
||
|
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_SYMBOL)
|
||
|
DWORD Address; // virtual address including dll base address
|
||
|
DWORD Size; // estimated size of symbol, can be zero
|
||
|
DWORD Flags; // info about the symbols, see the SYMF defines
|
||
|
DWORD MaxNameLength; // maximum size of symbol name in 'Name'
|
||
|
CHAR Name[1]; // symbol name (null terminated string)
|
||
|
} IMAGEHLP_SYMBOL, *PIMAGEHLP_SYMBOL;
|
||
|
#endif
|
||
|
|
||
|
//
|
||
|
// module data structure
|
||
|
//
|
||
|
|
||
|
typedef struct _IMAGEHLP_MODULE64 {
|
||
|
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE64)
|
||
|
DWORD64 BaseOfImage; // base load address of module
|
||
|
DWORD ImageSize; // virtual size of the loaded module
|
||
|
DWORD TimeDateStamp; // date/time stamp from pe header
|
||
|
DWORD CheckSum; // checksum from the pe header
|
||
|
DWORD NumSyms; // number of symbols in the symbol table
|
||
|
SYM_TYPE SymType; // type of symbols loaded
|
||
|
CHAR ModuleName[32]; // module name
|
||
|
CHAR ImageName[256]; // image name
|
||
|
CHAR LoadedImageName[256]; // symbol file name
|
||
|
} IMAGEHLP_MODULE64, *PIMAGEHLP_MODULE64;
|
||
|
|
||
|
typedef struct _IMAGEHLP_MODULE64W {
|
||
|
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE64)
|
||
|
DWORD64 BaseOfImage; // base load address of module
|
||
|
DWORD ImageSize; // virtual size of the loaded module
|
||
|
DWORD TimeDateStamp; // date/time stamp from pe header
|
||
|
DWORD CheckSum; // checksum from the pe header
|
||
|
DWORD NumSyms; // number of symbols in the symbol table
|
||
|
SYM_TYPE SymType; // type of symbols loaded
|
||
|
WCHAR ModuleName[32]; // module name
|
||
|
WCHAR ImageName[256]; // image name
|
||
|
WCHAR LoadedImageName[256]; // symbol file name
|
||
|
} IMAGEHLP_MODULEW64, *PIMAGEHLP_MODULEW64;
|
||
|
|
||
|
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
||
|
#define IMAGEHLP_MODULE IMAGEHLP_MODULE64
|
||
|
#define PIMAGEHLP_MODULE PIMAGEHLP_MODULE64
|
||
|
#define IMAGEHLP_MODULEW IMAGEHLP_MODULEW64
|
||
|
#define PIMAGEHLP_MODULEW PIMAGEHLP_MODULEW64
|
||
|
#else
|
||
|
typedef struct _IMAGEHLP_MODULE {
|
||
|
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE)
|
||
|
DWORD BaseOfImage; // base load address of module
|
||
|
DWORD ImageSize; // virtual size of the loaded module
|
||
|
DWORD TimeDateStamp; // date/time stamp from pe header
|
||
|
DWORD CheckSum; // checksum from the pe header
|
||
|
DWORD NumSyms; // number of symbols in the symbol table
|
||
|
SYM_TYPE SymType; // type of symbols loaded
|
||
|
CHAR ModuleName[32]; // module name
|
||
|
CHAR ImageName[256]; // image name
|
||
|
CHAR LoadedImageName[256]; // symbol file name
|
||
|
} IMAGEHLP_MODULE, *PIMAGEHLP_MODULE;
|
||
|
|
||
|
typedef struct _IMAGEHLP_MODULEW {
|
||
|
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE)
|
||
|
DWORD BaseOfImage; // base load address of module
|
||
|
DWORD ImageSize; // virtual size of the loaded module
|
||
|
DWORD TimeDateStamp; // date/time stamp from pe header
|
||
|
DWORD CheckSum; // checksum from the pe header
|
||
|
DWORD NumSyms; // number of symbols in the symbol table
|
||
|
SYM_TYPE SymType; // type of symbols loaded
|
||
|
WCHAR ModuleName[32]; // module name
|
||
|
WCHAR ImageName[256]; // image name
|
||
|
WCHAR LoadedImageName[256]; // symbol file name
|
||
|
} IMAGEHLP_MODULEW, *PIMAGEHLP_MODULEW;
|
||
|
#endif
|
||
|
|
||
|
//
|
||
|
// source file line data structure
|
||
|
//
|
||
|
|
||
|
typedef struct _IMAGEHLP_LINE64 {
|
||
|
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_LINE64)
|
||
|
PVOID Key; // internal
|
||
|
DWORD LineNumber; // line number in file
|
||
|
PCHAR FileName; // full filename
|
||
|
DWORD64 Address; // first instruction of line
|
||
|
} IMAGEHLP_LINE64, *PIMAGEHLP_LINE64;
|
||
|
|
||
|
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
||
|
#define IMAGEHLP_LINE IMAGEHLP_LINE64
|
||
|
#define PIMAGEHLP_LINE PIMAGEHLP_LINE64
|
||
|
#else
|
||
|
typedef struct _IMAGEHLP_LINE {
|
||
|
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_LINE)
|
||
|
PVOID Key; // internal
|
||
|
DWORD LineNumber; // line number in file
|
||
|
PCHAR FileName; // full filename
|
||
|
DWORD Address; // first instruction of line
|
||
|
} IMAGEHLP_LINE, *PIMAGEHLP_LINE;
|
||
|
#endif
|
||
|
|
||
|
//
|
||
|
// data structures used for registered symbol callbacks
|
||
|
//
|
||
|
|
||
|
#define CBA_DEFERRED_SYMBOL_LOAD_START 0x00000001
|
||
|
#define CBA_DEFERRED_SYMBOL_LOAD_COMPLETE 0x00000002
|
||
|
#define CBA_DEFERRED_SYMBOL_LOAD_FAILURE 0x00000003
|
||
|
#define CBA_SYMBOLS_UNLOADED 0x00000004
|
||
|
#define CBA_DUPLICATE_SYMBOL 0x00000005
|
||
|
#define CBA_READ_MEMORY 0x00000006
|
||
|
#define CBA_DEBUG_INFO 0x10000000
|
||
|
|
||
|
typedef struct _IMAGEHLP_CBA_READ_MEMORY {
|
||
|
DWORD64 addr; // address to read from
|
||
|
PVOID buf; // buffer to read to
|
||
|
DWORD bytes; // amount of bytes to read
|
||
|
DWORD *bytesread; // pointer to store amount of bytes read
|
||
|
} IMAGEHLP_CBA_READ_MEMORY, *PIMAGEHLP_CBA_READ_MEMORY;
|
||
|
|
||
|
typedef struct _IMAGEHLP_DEFERRED_SYMBOL_LOAD64 {
|
||
|
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DEFERRED_SYMBOL_LOAD64)
|
||
|
DWORD64 BaseOfImage; // base load address of module
|
||
|
DWORD CheckSum; // checksum from the pe header
|
||
|
DWORD TimeDateStamp; // date/time stamp from pe header
|
||
|
CHAR FileName[MAX_PATH]; // symbols file or image name
|
||
|
BOOLEAN Reparse; // load failure reparse
|
||
|
} IMAGEHLP_DEFERRED_SYMBOL_LOAD64, *PIMAGEHLP_DEFERRED_SYMBOL_LOAD64;
|
||
|
|
||
|
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
||
|
#define IMAGEHLP_DEFERRED_SYMBOL_LOAD IMAGEHLP_DEFERRED_SYMBOL_LOAD64
|
||
|
#define PIMAGEHLP_DEFERRED_SYMBOL_LOAD PIMAGEHLP_DEFERRED_SYMBOL_LOAD64
|
||
|
#else
|
||
|
typedef struct _IMAGEHLP_DEFERRED_SYMBOL_LOAD {
|
||
|
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DEFERRED_SYMBOL_LOAD)
|
||
|
DWORD BaseOfImage; // base load address of module
|
||
|
DWORD CheckSum; // checksum from the pe header
|
||
|
DWORD TimeDateStamp; // date/time stamp from pe header
|
||
|
CHAR FileName[MAX_PATH]; // symbols file or image name
|
||
|
BOOLEAN Reparse; // load failure reparse
|
||
|
} IMAGEHLP_DEFERRED_SYMBOL_LOAD, *PIMAGEHLP_DEFERRED_SYMBOL_LOAD;
|
||
|
#endif
|
||
|
|
||
|
typedef struct _IMAGEHLP_DUPLICATE_SYMBOL64 {
|
||
|
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DUPLICATE_SYMBOL64)
|
||
|
DWORD NumberOfDups; // number of duplicates in the Symbol array
|
||
|
PIMAGEHLP_SYMBOL64 Symbol; // array of duplicate symbols
|
||
|
DWORD SelectedSymbol; // symbol selected (-1 to start)
|
||
|
} IMAGEHLP_DUPLICATE_SYMBOL64, *PIMAGEHLP_DUPLICATE_SYMBOL64;
|
||
|
|
||
|
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
||
|
#define IMAGEHLP_DUPLICATE_SYMBOL IMAGEHLP_DUPLICATE_SYMBOL64
|
||
|
#define PIMAGEHLP_DUPLICATE_SYMBOL PIMAGEHLP_DUPLICATE_SYMBOL64
|
||
|
#else
|
||
|
typedef struct _IMAGEHLP_DUPLICATE_SYMBOL {
|
||
|
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DUPLICATE_SYMBOL)
|
||
|
DWORD NumberOfDups; // number of duplicates in the Symbol array
|
||
|
PIMAGEHLP_SYMBOL Symbol; // array of duplicate symbols
|
||
|
DWORD SelectedSymbol; // symbol selected (-1 to start)
|
||
|
} IMAGEHLP_DUPLICATE_SYMBOL, *PIMAGEHLP_DUPLICATE_SYMBOL;
|
||
|
#endif
|
||
|
|
||
|
|
||
|
//
|
||
|
// options that are set/returned by SymSetOptions() & SymGetOptions()
|
||
|
// these are used as a mask
|
||
|
//
|
||
|
#define SYMOPT_CASE_INSENSITIVE 0x00000001
|
||
|
#define SYMOPT_UNDNAME 0x00000002
|
||
|
#define SYMOPT_DEFERRED_LOADS 0x00000004
|
||
|
#define SYMOPT_NO_CPP 0x00000008
|
||
|
#define SYMOPT_LOAD_LINES 0x00000010
|
||
|
#define SYMOPT_OMAP_FIND_NEAREST 0x00000020
|
||
|
#define SYMOPT_DEBUG 0x80000000
|
||
|
|
||
|
|
||
|
DWORD
|
||
|
IMAGEAPI
|
||
|
SymSetOptions(
|
||
|
IN DWORD SymOptions
|
||
|
);
|
||
|
|
||
|
DWORD
|
||
|
IMAGEAPI
|
||
|
SymGetOptions(
|
||
|
VOID
|
||
|
);
|
||
|
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymCleanup(
|
||
|
IN HANDLE hProcess
|
||
|
);
|
||
|
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymEnumerateModules64(
|
||
|
IN HANDLE hProcess,
|
||
|
IN PSYM_ENUMMODULES_CALLBACK64 EnumModulesCallback,
|
||
|
IN PVOID UserContext
|
||
|
);
|
||
|
|
||
|
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
||
|
#define SymEnumerateModules SymEnumerateModules64
|
||
|
#else
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymEnumerateModules(
|
||
|
IN HANDLE hProcess,
|
||
|
IN PSYM_ENUMMODULES_CALLBACK EnumModulesCallback,
|
||
|
IN PVOID UserContext
|
||
|
);
|
||
|
#endif
|
||
|
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymEnumerateSymbols64(
|
||
|
IN HANDLE hProcess,
|
||
|
IN DWORD64 BaseOfDll,
|
||
|
IN PSYM_ENUMSYMBOLS_CALLBACK64 EnumSymbolsCallback,
|
||
|
IN PVOID UserContext
|
||
|
);
|
||
|
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymEnumerateSymbolsW64(
|
||
|
IN HANDLE hProcess,
|
||
|
IN DWORD64 BaseOfDll,
|
||
|
IN PSYM_ENUMSYMBOLS_CALLBACK64W EnumSymbolsCallback,
|
||
|
IN PVOID UserContext
|
||
|
);
|
||
|
|
||
|
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
||
|
#define SymEnumerateSymbols SymEnumerateSymbols64
|
||
|
#define SymEnumerateSymbolsW SymEnumerateSymbolsW64
|
||
|
#else
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymEnumerateSymbols(
|
||
|
IN HANDLE hProcess,
|
||
|
IN DWORD BaseOfDll,
|
||
|
IN PSYM_ENUMSYMBOLS_CALLBACK EnumSymbolsCallback,
|
||
|
IN PVOID UserContext
|
||
|
);
|
||
|
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymEnumerateSymbolsW(
|
||
|
IN HANDLE hProcess,
|
||
|
IN DWORD BaseOfDll,
|
||
|
IN PSYM_ENUMSYMBOLS_CALLBACKW EnumSymbolsCallback,
|
||
|
IN PVOID UserContext
|
||
|
);
|
||
|
#endif
|
||
|
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
EnumerateLoadedModules64(
|
||
|
IN HANDLE hProcess,
|
||
|
IN PENUMLOADED_MODULES_CALLBACK64 EnumLoadedModulesCallback,
|
||
|
IN PVOID UserContext
|
||
|
);
|
||
|
|
||
|
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
||
|
#define EnumerateLoadedModules EnumerateLoadedModules64
|
||
|
#else
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
EnumerateLoadedModules(
|
||
|
IN HANDLE hProcess,
|
||
|
IN PENUMLOADED_MODULES_CALLBACK EnumLoadedModulesCallback,
|
||
|
IN PVOID UserContext
|
||
|
);
|
||
|
#endif
|
||
|
|
||
|
PVOID
|
||
|
IMAGEAPI
|
||
|
SymFunctionTableAccess64(
|
||
|
HANDLE hProcess,
|
||
|
DWORD64 AddrBase
|
||
|
);
|
||
|
|
||
|
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
||
|
#define SymFunctionTableAccess SymFunctionTableAccess64
|
||
|
#else
|
||
|
PVOID
|
||
|
IMAGEAPI
|
||
|
SymFunctionTableAccess(
|
||
|
HANDLE hProcess,
|
||
|
DWORD AddrBase
|
||
|
);
|
||
|
#endif
|
||
|
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymGetModuleInfo64(
|
||
|
IN HANDLE hProcess,
|
||
|
IN DWORD64 qwAddr,
|
||
|
OUT PIMAGEHLP_MODULE64 ModuleInfo
|
||
|
);
|
||
|
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymGetModuleInfoW64(
|
||
|
IN HANDLE hProcess,
|
||
|
IN DWORD64 qwAddr,
|
||
|
OUT PIMAGEHLP_MODULEW64 ModuleInfo
|
||
|
);
|
||
|
|
||
|
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
||
|
#define SymGetModuleInfo SymGetModuleInfo64
|
||
|
#define SymGetModuleInfoW SymGetModuleInfoW64
|
||
|
#else
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymGetModuleInfo(
|
||
|
IN HANDLE hProcess,
|
||
|
IN DWORD dwAddr,
|
||
|
OUT PIMAGEHLP_MODULE ModuleInfo
|
||
|
);
|
||
|
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymGetModuleInfoW(
|
||
|
IN HANDLE hProcess,
|
||
|
IN DWORD dwAddr,
|
||
|
OUT PIMAGEHLP_MODULEW ModuleInfo
|
||
|
);
|
||
|
#endif
|
||
|
|
||
|
DWORD64
|
||
|
IMAGEAPI
|
||
|
SymGetModuleBase64(
|
||
|
IN HANDLE hProcess,
|
||
|
IN DWORD64 qwAddr
|
||
|
);
|
||
|
|
||
|
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
||
|
#define SymGetModuleBase SymGetModuleBase64
|
||
|
#else
|
||
|
DWORD
|
||
|
IMAGEAPI
|
||
|
SymGetModuleBase(
|
||
|
IN HANDLE hProcess,
|
||
|
IN DWORD dwAddr
|
||
|
);
|
||
|
#endif
|
||
|
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymGetSymFromAddr64(
|
||
|
IN HANDLE hProcess,
|
||
|
IN DWORD64 qwAddr,
|
||
|
OUT PDWORD64 pdwDisplacement,
|
||
|
OUT PIMAGEHLP_SYMBOL64 Symbol
|
||
|
);
|
||
|
|
||
|
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
||
|
#define SymGetSymFromAddr SymGetSymFromAddr64
|
||
|
#else
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymGetSymFromAddr(
|
||
|
IN HANDLE hProcess,
|
||
|
IN DWORD dwAddr,
|
||
|
OUT PDWORD pdwDisplacement,
|
||
|
OUT PIMAGEHLP_SYMBOL Symbol
|
||
|
);
|
||
|
#endif
|
||
|
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymGetSymFromName64(
|
||
|
IN HANDLE hProcess,
|
||
|
IN PSTR Name,
|
||
|
OUT PIMAGEHLP_SYMBOL64 Symbol
|
||
|
);
|
||
|
|
||
|
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
||
|
#define SymGetSymFromName SymGetSymFromName64
|
||
|
#else
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymGetSymFromName(
|
||
|
IN HANDLE hProcess,
|
||
|
IN PSTR Name,
|
||
|
OUT PIMAGEHLP_SYMBOL Symbol
|
||
|
);
|
||
|
#endif
|
||
|
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymGetSymNext64(
|
||
|
IN HANDLE hProcess,
|
||
|
IN OUT PIMAGEHLP_SYMBOL64 Symbol
|
||
|
);
|
||
|
|
||
|
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
||
|
#define SymGetSymNext SymGetSymNext64
|
||
|
#else
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymGetSymNext(
|
||
|
IN HANDLE hProcess,
|
||
|
IN OUT PIMAGEHLP_SYMBOL Symbol
|
||
|
);
|
||
|
#endif
|
||
|
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymGetSymPrev64(
|
||
|
IN HANDLE hProcess,
|
||
|
IN OUT PIMAGEHLP_SYMBOL64 Symbol
|
||
|
);
|
||
|
|
||
|
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
||
|
#define SymGetSymPrev SymGetSymPrev64
|
||
|
#else
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymGetSymPrev(
|
||
|
IN HANDLE hProcess,
|
||
|
IN OUT PIMAGEHLP_SYMBOL Symbol
|
||
|
);
|
||
|
#endif
|
||
|
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymGetLineFromAddr64(
|
||
|
IN HANDLE hProcess,
|
||
|
IN DWORD64 qwAddr,
|
||
|
OUT PDWORD pdwDisplacement,
|
||
|
OUT PIMAGEHLP_LINE64 Line
|
||
|
);
|
||
|
|
||
|
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
||
|
#define SymGetLineFromAddr SymGetLineFromAddr64
|
||
|
#else
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymGetLineFromAddr(
|
||
|
IN HANDLE hProcess,
|
||
|
IN DWORD dwAddr,
|
||
|
OUT PDWORD pdwDisplacement,
|
||
|
OUT PIMAGEHLP_LINE Line
|
||
|
);
|
||
|
#endif
|
||
|
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymGetLineFromName64(
|
||
|
IN HANDLE hProcess,
|
||
|
IN PSTR ModuleName,
|
||
|
IN PSTR FileName,
|
||
|
IN DWORD dwLineNumber,
|
||
|
OUT PLONG plDisplacement,
|
||
|
IN OUT PIMAGEHLP_LINE64 Line
|
||
|
);
|
||
|
|
||
|
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
||
|
#define SymGetLineFromName SymGetLineFromName64
|
||
|
#else
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymGetLineFromName(
|
||
|
IN HANDLE hProcess,
|
||
|
IN PSTR ModuleName,
|
||
|
IN PSTR FileName,
|
||
|
IN DWORD dwLineNumber,
|
||
|
OUT PLONG plDisplacement,
|
||
|
IN OUT PIMAGEHLP_LINE Line
|
||
|
);
|
||
|
#endif
|
||
|
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymGetLineNext64(
|
||
|
IN HANDLE hProcess,
|
||
|
IN OUT PIMAGEHLP_LINE64 Line
|
||
|
);
|
||
|
|
||
|
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
||
|
#define SymGetLineNext SymGetLineNext64
|
||
|
#else
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymGetLineNext(
|
||
|
IN HANDLE hProcess,
|
||
|
IN OUT PIMAGEHLP_LINE Line
|
||
|
);
|
||
|
#endif
|
||
|
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymGetLinePrev64(
|
||
|
IN HANDLE hProcess,
|
||
|
IN OUT PIMAGEHLP_LINE64 Line
|
||
|
);
|
||
|
|
||
|
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
||
|
#define SymGetLinePrev SymGetLinePrev64
|
||
|
#else
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymGetLinePrev(
|
||
|
IN HANDLE hProcess,
|
||
|
IN OUT PIMAGEHLP_LINE Line
|
||
|
);
|
||
|
#endif
|
||
|
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymMatchFileName(
|
||
|
IN PSTR FileName,
|
||
|
IN PSTR Match,
|
||
|
OUT PSTR *FileNameStop,
|
||
|
OUT PSTR *MatchStop
|
||
|
);
|
||
|
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymInitialize(
|
||
|
IN HANDLE hProcess,
|
||
|
IN PSTR UserSearchPath,
|
||
|
IN BOOL fInvadeProcess
|
||
|
);
|
||
|
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymGetSearchPath(
|
||
|
IN HANDLE hProcess,
|
||
|
OUT PSTR SearchPath,
|
||
|
IN DWORD SearchPathLength
|
||
|
);
|
||
|
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymSetSearchPath(
|
||
|
IN HANDLE hProcess,
|
||
|
IN PSTR SearchPath
|
||
|
);
|
||
|
|
||
|
DWORD64
|
||
|
IMAGEAPI
|
||
|
SymLoadModule64(
|
||
|
IN HANDLE hProcess,
|
||
|
IN HANDLE hFile,
|
||
|
IN PSTR ImageName,
|
||
|
IN PSTR ModuleName,
|
||
|
IN DWORD64 BaseOfDll,
|
||
|
IN DWORD SizeOfDll
|
||
|
);
|
||
|
|
||
|
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
||
|
#define SymLoadModule SymLoadModule64
|
||
|
#else
|
||
|
DWORD
|
||
|
IMAGEAPI
|
||
|
SymLoadModule(
|
||
|
IN HANDLE hProcess,
|
||
|
IN HANDLE hFile,
|
||
|
IN PSTR ImageName,
|
||
|
IN PSTR ModuleName,
|
||
|
IN DWORD BaseOfDll,
|
||
|
IN DWORD SizeOfDll
|
||
|
);
|
||
|
#endif
|
||
|
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymUnloadModule64(
|
||
|
IN HANDLE hProcess,
|
||
|
IN DWORD64 BaseOfDll
|
||
|
);
|
||
|
|
||
|
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
||
|
#define SymUnloadModule SymUnloadModule64
|
||
|
#else
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymUnloadModule(
|
||
|
IN HANDLE hProcess,
|
||
|
IN DWORD BaseOfDll
|
||
|
);
|
||
|
#endif
|
||
|
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymUnDName64(
|
||
|
IN PIMAGEHLP_SYMBOL64 sym, // Symbol to undecorate
|
||
|
OUT PSTR UnDecName, // Buffer to store undecorated name in
|
||
|
IN DWORD UnDecNameLength // Size of the buffer
|
||
|
);
|
||
|
|
||
|
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
||
|
#define SymUnDName SymUnDName64
|
||
|
#else
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymUnDName(
|
||
|
IN PIMAGEHLP_SYMBOL sym, // Symbol to undecorate
|
||
|
OUT PSTR UnDecName, // Buffer to store undecorated name in
|
||
|
IN DWORD UnDecNameLength // Size of the buffer
|
||
|
);
|
||
|
#endif
|
||
|
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymRegisterCallback64(
|
||
|
IN HANDLE hProcess,
|
||
|
IN PSYMBOL_REGISTERED_CALLBACK64 CallbackFunction,
|
||
|
IN ULONG64 UserContext
|
||
|
);
|
||
|
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymRegisterFunctionEntryCallback64(
|
||
|
IN HANDLE hProcess,
|
||
|
IN PSYMBOL_FUNCENTRY_CALLBACK64 CallbackFunction,
|
||
|
IN ULONG64 UserContext
|
||
|
);
|
||
|
|
||
|
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
||
|
#define SymRegisterCallback SymRegisterCallback64
|
||
|
#define SymRegisterFunctionEntryCallback SymRegisterFunctionEntryCallback64
|
||
|
#else
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymRegisterCallback(
|
||
|
IN HANDLE hProcess,
|
||
|
IN PSYMBOL_REGISTERED_CALLBACK CallbackFunction,
|
||
|
IN PVOID UserContext
|
||
|
);
|
||
|
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymRegisterFunctionEntryCallback(
|
||
|
IN HANDLE hProcess,
|
||
|
IN PSYMBOL_FUNCENTRY_CALLBACK CallbackFunction,
|
||
|
IN PVOID UserContext
|
||
|
);
|
||
|
#endif
|
||
|
|
||
|
#ifdef __cplusplus
|
||
|
}
|
||
|
#endif
|
||
|
|
||
|
// Structure types
|
||
|
typedef enum IMAGEHLP_TYPES {
|
||
|
IMAGEHLP_TYPEID_INDEX = 1,
|
||
|
IMAGEHLP_TYPEID_NAME,
|
||
|
IMAGEHLP_TYPEID_IMAGEHLP_SYMBOL,
|
||
|
IMAGEHLP_TYPEID_IMAGEHLP_SYMBOL64,
|
||
|
IMAGEHLP_TYPEID_MODULE_TYPE_INFO,
|
||
|
IMAGEHLP_TYPEID_TYPE_ENUM_INFO,
|
||
|
} IMAGEHLP_TYPES;
|
||
|
|
||
|
typedef struct _MODULE_TYPE_INFO { // AKA TYPTYP
|
||
|
USHORT dataLength;
|
||
|
USHORT leaf;
|
||
|
BYTE data[1];
|
||
|
} MODULE_TYPE_INFO, *PMODULE_TYPE_INFO;
|
||
|
|
||
|
typedef BOOL
|
||
|
(CALLBACK *PSYMBOL_TYPE_NAME_CALLBACK)(
|
||
|
PSTR MatchedName,
|
||
|
ULONG typeIndex,
|
||
|
PVOID CallerData
|
||
|
);
|
||
|
|
||
|
typedef struct _TYPE_ENUM_INFO {
|
||
|
PVOID CallerData;
|
||
|
PSYMBOL_TYPE_NAME_CALLBACK CallbackRoutine;
|
||
|
} TYPE_ENUM_INFO, *PTYPE_ENUM_INFO;
|
||
|
|
||
|
|
||
|
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymGetModuleInfoEx64(
|
||
|
IN HANDLE hProcess,
|
||
|
IN DWORD64 Address,
|
||
|
IN IMAGEHLP_TYPES TypeIn,
|
||
|
IN PBYTE DataIn,
|
||
|
IN IMAGEHLP_TYPES TypeOut,
|
||
|
IN OUT PULONG SizeOut,
|
||
|
IN OUT PBYTE DataOut
|
||
|
);
|
||
|
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
||
|
#define SymGetModuleInfoEx SymGetModuleInfoEx64
|
||
|
#else
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymGetModuleInfoEx(
|
||
|
IN HANDLE hProcess,
|
||
|
IN DWORD Address,
|
||
|
IN IMAGEHLP_TYPES TypeIn,
|
||
|
IN PBYTE DataIn,
|
||
|
IN IMAGEHLP_TYPES TypeOut,
|
||
|
IN OUT PULONG SizeOut,
|
||
|
IN OUT PBYTE DataOut
|
||
|
);
|
||
|
#endif
|
||
|
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymGetSymbolInfo64(
|
||
|
IN HANDLE hProcess,
|
||
|
IN DWORD64 Address,
|
||
|
IN IMAGEHLP_TYPES TypeIn,
|
||
|
IN PBYTE DataIn,
|
||
|
IN IMAGEHLP_TYPES TypeOut,
|
||
|
IN OUT PULONG SizeOut,
|
||
|
IN OUT PBYTE DataOut
|
||
|
);
|
||
|
|
||
|
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
||
|
#define SymGetSymbolInfo SymGetSymbolInfo64
|
||
|
#else
|
||
|
BOOL
|
||
|
IMAGEAPI
|
||
|
SymGetSymbolInfo(
|
||
|
IN HANDLE hProcess,
|
||
|
IN DWORD Address,
|
||
|
IN IMAGEHLP_TYPES TypeIn,
|
||
|
IN PBYTE DataIn,
|
||
|
IN IMAGEHLP_TYPES TypeOut,
|
||
|
IN PULONG SizeOut,
|
||
|
IN OUT PBYTE DataOut
|
||
|
);
|
||
|
#endif
|
||
|
|
||
|
|
||
|
#pragma option pop /*P_O_Pop*/
|
||
|
#endif // _DGGHELP_
|