923 lines
22 KiB
C
923 lines
22 KiB
C
/*++ BUILD Version: 0001 Increment this if a change has global effects
|
|
|
|
Copyright (c) 1993-1996 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
imagehlp.h
|
|
|
|
Abstract:
|
|
|
|
This module defines the prptotypes and constants required for the image
|
|
help routines.
|
|
|
|
Revision History:
|
|
|
|
--*/
|
|
|
|
#ifndef _IMAGEHLP_
|
|
#define _IMAGEHLP_
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
//
|
|
// Define checksum return codes.
|
|
//
|
|
|
|
#define CHECKSUM_SUCCESS 0
|
|
#define CHECKSUM_OPEN_FAILURE 1
|
|
#define CHECKSUM_MAP_FAILURE 2
|
|
#define CHECKSUM_MAPVIEW_FAILURE 3
|
|
#define CHECKSUM_UNICODE_FAILURE 4
|
|
|
|
// Define Splitsym flags.
|
|
|
|
#define SPLITSYM_REMOVE_PRIVATE 0x00000001 // Remove CV types/symbols and Fixup debug
|
|
// Used for creating .dbg files that ship
|
|
// as part of the product.
|
|
|
|
#define SPLITSYM_EXTRACT_ALL 0x00000002 // Extract all debug info from image.
|
|
// Normally, FPO is left in the image
|
|
// to allow stack traces through the code.
|
|
// Using this switch is similar to linking
|
|
// with -debug:none except the .dbg file
|
|
// exists...
|
|
|
|
#ifdef _IMAGEHLP_SOURCE_
|
|
#define IMAGEAPI __stdcall
|
|
#else
|
|
#define IMAGEAPI DECLSPEC_IMPORT __stdcall
|
|
#endif
|
|
|
|
//
|
|
// Define checksum function prototypes.
|
|
//
|
|
|
|
PIMAGE_NT_HEADERS
|
|
IMAGEAPI
|
|
CheckSumMappedFile (
|
|
LPVOID BaseAddress,
|
|
DWORD FileLength,
|
|
LPDWORD HeaderSum,
|
|
LPDWORD CheckSum
|
|
);
|
|
|
|
DWORD
|
|
IMAGEAPI
|
|
MapFileAndCheckSumA (
|
|
LPSTR Filename,
|
|
LPDWORD HeaderSum,
|
|
LPDWORD CheckSum
|
|
);
|
|
|
|
DWORD
|
|
IMAGEAPI
|
|
MapFileAndCheckSumW (
|
|
PWSTR Filename,
|
|
LPDWORD HeaderSum,
|
|
LPDWORD CheckSum
|
|
);
|
|
|
|
#ifdef UNICODE
|
|
#define MapFileAndCheckSum MapFileAndCheckSumW
|
|
#else
|
|
#define MapFileAndCheckSum MapFileAndCheckSumA
|
|
#endif // !UNICODE
|
|
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
TouchFileTimes (
|
|
HANDLE FileHandle,
|
|
LPSYSTEMTIME lpSystemTime
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
SplitSymbols (
|
|
LPSTR ImageName,
|
|
LPSTR SymbolsPath,
|
|
LPSTR SymbolFilePath,
|
|
DWORD Flags // Combination of flags above
|
|
);
|
|
|
|
HANDLE
|
|
IMAGEAPI
|
|
FindDebugInfoFile (
|
|
LPSTR FileName,
|
|
LPSTR SymbolPath,
|
|
LPSTR DebugFilePath
|
|
);
|
|
|
|
HANDLE
|
|
IMAGEAPI
|
|
FindExecutableImage(
|
|
LPSTR FileName,
|
|
LPSTR SymbolPath,
|
|
LPSTR ImageFilePath
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
UpdateDebugInfoFile(
|
|
LPSTR ImageFileName,
|
|
LPSTR SymbolPath,
|
|
LPSTR DebugFilePath,
|
|
PIMAGE_NT_HEADERS NtHeaders
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
UpdateDebugInfoFileEx(
|
|
LPSTR ImageFileName,
|
|
LPSTR SymbolPath,
|
|
LPSTR DebugFilePath,
|
|
PIMAGE_NT_HEADERS NtHeaders,
|
|
DWORD OldChecksum
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
BindImage(
|
|
IN LPSTR ImageName,
|
|
IN LPSTR DllPath,
|
|
IN LPSTR SymbolPath
|
|
);
|
|
|
|
typedef enum _IMAGEHLP_STATUS_REASON {
|
|
BindOutOfMemory,
|
|
BindRvaToVaFailed,
|
|
BindNoRoomInImage,
|
|
BindImportModuleFailed,
|
|
BindImportProcedureFailed,
|
|
BindImportModule,
|
|
BindImportProcedure,
|
|
BindForwarder,
|
|
BindForwarderNOT,
|
|
BindImageModified,
|
|
BindExpandFileHeaders,
|
|
BindImageComplete,
|
|
BindMismatchedSymbols,
|
|
BindSymbolsNotUpdated
|
|
} IMAGEHLP_STATUS_REASON;
|
|
|
|
typedef
|
|
BOOL
|
|
(__stdcall *PIMAGEHLP_STATUS_ROUTINE)(
|
|
IMAGEHLP_STATUS_REASON Reason,
|
|
LPSTR ImageName,
|
|
LPSTR DllName,
|
|
ULONG Va,
|
|
ULONG Parameter
|
|
);
|
|
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
BindImageEx(
|
|
IN DWORD Flags,
|
|
IN LPSTR ImageName,
|
|
IN LPSTR DllPath,
|
|
IN LPSTR SymbolPath,
|
|
IN PIMAGEHLP_STATUS_ROUTINE StatusRoutine
|
|
);
|
|
|
|
#define BIND_NO_BOUND_IMPORTS 0x00000001
|
|
#define BIND_NO_UPDATE 0x00000002
|
|
#define BIND_ALL_IMAGES 0x00000004
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
ReBaseImage(
|
|
IN LPSTR CurrentImageName,
|
|
IN LPSTR SymbolPath,
|
|
IN BOOL fReBase, // TRUE if actually rebasing, false if only summing
|
|
IN BOOL fRebaseSysfileOk, // TRUE is system images s/b rebased
|
|
IN BOOL fGoingDown, // TRUE if the image s/b rebased below the given base
|
|
IN ULONG CheckImageSize, // Max size allowed (0 if don't care)
|
|
OUT ULONG *OldImageSize, // Returned from the header
|
|
OUT ULONG *OldImageBase, // Returned from the header
|
|
OUT ULONG *NewImageSize, // Image size rounded to next separation boundary
|
|
IN OUT ULONG *NewImageBase, // (in) Desired new address.
|
|
// (out) Next address (actual if going down)
|
|
IN ULONG TimeStamp // new timestamp for image, if non-zero
|
|
);
|
|
|
|
#define IMAGE_SEPARATION (64*1024)
|
|
|
|
|
|
typedef struct _LOADED_IMAGE {
|
|
LPSTR ModuleName;
|
|
HANDLE hFile;
|
|
PUCHAR MappedAddress;
|
|
PIMAGE_NT_HEADERS FileHeader;
|
|
PIMAGE_SECTION_HEADER LastRvaSection;
|
|
ULONG NumberOfSections;
|
|
PIMAGE_SECTION_HEADER Sections;
|
|
ULONG Characteristics;
|
|
BOOLEAN fSystemImage;
|
|
BOOLEAN fDOSImage;
|
|
LIST_ENTRY Links;
|
|
ULONG SizeOfImage;
|
|
} LOADED_IMAGE, *PLOADED_IMAGE;
|
|
|
|
|
|
PLOADED_IMAGE
|
|
IMAGEAPI
|
|
ImageLoad(
|
|
LPSTR DllName,
|
|
LPSTR DllPath
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
ImageUnload(
|
|
PLOADED_IMAGE LoadedImage
|
|
);
|
|
|
|
PIMAGE_NT_HEADERS
|
|
IMAGEAPI
|
|
ImageNtHeader (
|
|
IN PVOID Base
|
|
);
|
|
|
|
PVOID
|
|
IMAGEAPI
|
|
ImageDirectoryEntryToData (
|
|
IN PVOID Base,
|
|
IN BOOLEAN MappedAsImage,
|
|
IN USHORT DirectoryEntry,
|
|
OUT PULONG Size
|
|
);
|
|
|
|
PIMAGE_SECTION_HEADER
|
|
IMAGEAPI
|
|
ImageRvaToSection(
|
|
IN PIMAGE_NT_HEADERS NtHeaders,
|
|
IN PVOID Base,
|
|
IN ULONG Rva
|
|
);
|
|
|
|
PVOID
|
|
IMAGEAPI
|
|
ImageRvaToVa(
|
|
IN PIMAGE_NT_HEADERS NtHeaders,
|
|
IN PVOID Base,
|
|
IN ULONG Rva,
|
|
IN OUT PIMAGE_SECTION_HEADER *LastRvaSection
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
MapAndLoad(
|
|
LPSTR ImageName,
|
|
LPSTR DllPath,
|
|
PLOADED_IMAGE LoadedImage,
|
|
BOOL DotDll,
|
|
BOOL ReadOnly
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
GetImageConfigInformation(
|
|
PLOADED_IMAGE LoadedImage,
|
|
PIMAGE_LOAD_CONFIG_DIRECTORY ImageConfigInformation
|
|
);
|
|
|
|
DWORD
|
|
IMAGEAPI
|
|
GetImageUnusedHeaderBytes(
|
|
PLOADED_IMAGE LoadedImage,
|
|
LPDWORD SizeUnusedHeaderBytes
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
SetImageConfigInformation(
|
|
PLOADED_IMAGE LoadedImage,
|
|
PIMAGE_LOAD_CONFIG_DIRECTORY ImageConfigInformation
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
UnMapAndLoad(
|
|
PLOADED_IMAGE LoadedImage
|
|
);
|
|
|
|
typedef struct _IMAGE_DEBUG_INFORMATION {
|
|
LIST_ENTRY List;
|
|
DWORD Size;
|
|
PVOID MappedBase;
|
|
USHORT Machine;
|
|
USHORT Characteristics;
|
|
DWORD CheckSum;
|
|
DWORD ImageBase;
|
|
DWORD SizeOfImage;
|
|
|
|
DWORD NumberOfSections;
|
|
PIMAGE_SECTION_HEADER Sections;
|
|
|
|
DWORD ExportedNamesSize;
|
|
LPSTR ExportedNames;
|
|
|
|
DWORD NumberOfFunctionTableEntries;
|
|
PIMAGE_FUNCTION_ENTRY FunctionTableEntries;
|
|
DWORD LowestFunctionStartingAddress;
|
|
DWORD HighestFunctionEndingAddress;
|
|
|
|
DWORD NumberOfFpoTableEntries;
|
|
PFPO_DATA FpoTableEntries;
|
|
|
|
DWORD SizeOfCoffSymbols;
|
|
PIMAGE_COFF_SYMBOLS_HEADER CoffSymbols;
|
|
|
|
DWORD SizeOfCodeViewSymbols;
|
|
PVOID CodeViewSymbols;
|
|
|
|
LPSTR ImageFilePath;
|
|
LPSTR ImageFileName;
|
|
LPSTR DebugFilePath;
|
|
|
|
DWORD TimeDateStamp;
|
|
|
|
BOOL RomImage;
|
|
PIMAGE_DEBUG_DIRECTORY DebugDirectory;
|
|
DWORD NumberOfDebugDirectories;
|
|
|
|
DWORD Reserved[ 3 ];
|
|
|
|
} IMAGE_DEBUG_INFORMATION, *PIMAGE_DEBUG_INFORMATION;
|
|
|
|
|
|
PIMAGE_DEBUG_INFORMATION
|
|
IMAGEAPI
|
|
MapDebugInformation (
|
|
HANDLE FileHandle,
|
|
LPSTR FileName,
|
|
LPSTR SymbolPath,
|
|
DWORD ImageBase
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
UnmapDebugInformation(
|
|
PIMAGE_DEBUG_INFORMATION DebugInfo
|
|
);
|
|
|
|
HANDLE
|
|
IMAGEAPI
|
|
FindExecutableImage(
|
|
LPSTR FileName,
|
|
LPSTR SymbolPath,
|
|
LPSTR ImageFilePath
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
SearchTreeForFile(
|
|
LPSTR RootPath,
|
|
LPSTR InputPathName,
|
|
LPSTR OutputPathBuffer
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
MakeSureDirectoryPathExists(
|
|
LPCSTR DirPath
|
|
);
|
|
|
|
//
|
|
// UnDecorateSymbolName Flags
|
|
//
|
|
|
|
#define UNDNAME_COMPLETE (0x0000) // Enable full undecoration
|
|
#define UNDNAME_NO_LEADING_UNDERSCORES (0x0001) // Remove leading underscores from MS extended keywords
|
|
#define UNDNAME_NO_MS_KEYWORDS (0x0002) // Disable expansion of MS extended keywords
|
|
#define UNDNAME_NO_FUNCTION_RETURNS (0x0004) // Disable expansion of return type for primary declaration
|
|
#define UNDNAME_NO_ALLOCATION_MODEL (0x0008) // Disable expansion of the declaration model
|
|
#define UNDNAME_NO_ALLOCATION_LANGUAGE (0x0010) // Disable expansion of the declaration language specifier
|
|
#define UNDNAME_NO_MS_THISTYPE (0x0020) // NYI Disable expansion of MS keywords on the 'this' type for primary declaration
|
|
#define UNDNAME_NO_CV_THISTYPE (0x0040) // NYI Disable expansion of CV modifiers on the 'this' type for primary declaration
|
|
#define UNDNAME_NO_THISTYPE (0x0060) // Disable all modifiers on the 'this' type
|
|
#define UNDNAME_NO_ACCESS_SPECIFIERS (0x0080) // Disable expansion of access specifiers for members
|
|
#define UNDNAME_NO_THROW_SIGNATURES (0x0100) // Disable expansion of 'throw-signatures' for functions and pointers to functions
|
|
#define UNDNAME_NO_MEMBER_TYPE (0x0200) // Disable expansion of 'static' or 'virtual'ness of members
|
|
#define UNDNAME_NO_RETURN_UDT_MODEL (0x0400) // Disable expansion of MS model for UDT returns
|
|
#define UNDNAME_32_BIT_DECODE (0x0800) // Undecorate 32-bit decorated names
|
|
#define UNDNAME_NAME_ONLY (0x1000) // Crack only the name for primary declaration;
|
|
// return just [scope::]name. Does expand template params
|
|
#define UNDNAME_NO_ARGUMENTS (0x2000) // Don't undecorate arguments to function
|
|
#define UNDNAME_NO_SPECIAL_SYMS (0x4000) // Don't undecorate special names (v-table, vcall, vector xxx, metatype, etc)
|
|
|
|
DWORD
|
|
IMAGEAPI
|
|
WINAPI
|
|
UnDecorateSymbolName(
|
|
LPCSTR DecoratedName, // Name to undecorate
|
|
LPSTR UnDecoratedName, // If NULL, it will be allocated
|
|
DWORD UndecoratedLength, // The maximym length
|
|
DWORD Flags // See above.
|
|
);
|
|
|
|
//
|
|
// StackWalking API
|
|
//
|
|
|
|
typedef enum {
|
|
AddrMode1616,
|
|
AddrMode1632,
|
|
AddrModeReal,
|
|
AddrModeFlat
|
|
} ADDRESS_MODE;
|
|
|
|
typedef struct _tagADDRESS {
|
|
DWORD Offset;
|
|
WORD Segment;
|
|
ADDRESS_MODE Mode;
|
|
} ADDRESS, *LPADDRESS;
|
|
|
|
|
|
//
|
|
// This structure is included in the STACKFRAME structure,
|
|
// and is used to trace through usermode callbacks in a thread's
|
|
// kernel stack. The values must be copied by the kernel debugger
|
|
// from the DBGKD_GET_VERSION and WAIT_STATE_CHANGE packets.
|
|
//
|
|
typedef struct _KDHELP {
|
|
|
|
//
|
|
// address of kernel thread object, as provided in the
|
|
// WAIT_STATE_CHANGE packet.
|
|
//
|
|
DWORD Thread;
|
|
|
|
//
|
|
// offset in thread object to pointer to the current callback frame
|
|
// in kernel stack.
|
|
//
|
|
DWORD ThCallbackStack;
|
|
|
|
//
|
|
// offsets to values in frame:
|
|
//
|
|
// address of next callback frame
|
|
DWORD NextCallback;
|
|
|
|
// address of saved frame pointer (if applicable)
|
|
DWORD FramePointer;
|
|
|
|
//
|
|
// Address of the kernel function that calls out to user mode
|
|
//
|
|
DWORD KiCallUserMode;
|
|
|
|
//
|
|
// Address of the user mode dispatcher function
|
|
//
|
|
DWORD KeUserCallbackDispatcher;
|
|
|
|
} KDHELP, *PKDHELP;
|
|
|
|
|
|
typedef struct _tagSTACKFRAME {
|
|
ADDRESS AddrPC; // program counter
|
|
ADDRESS AddrReturn; // return address
|
|
ADDRESS AddrFrame; // frame pointer
|
|
ADDRESS AddrStack; // stack pointer
|
|
LPVOID FuncTableEntry; // pointer to pdata/fpo or NULL
|
|
DWORD Params[4]; // possible arguments to the function
|
|
BOOL Far; // WOW far call
|
|
BOOL Virtual; // is this a virtual frame?
|
|
DWORD Reserved[3]; // used internally by StackWalk api
|
|
KDHELP KdHelp;
|
|
} STACKFRAME, *LPSTACKFRAME;
|
|
|
|
typedef
|
|
BOOL
|
|
(__stdcall *PREAD_PROCESS_MEMORY_ROUTINE)(
|
|
HANDLE hProcess,
|
|
LPCVOID lpBaseAddress,
|
|
LPVOID lpBuffer,
|
|
DWORD nSize,
|
|
LPDWORD lpNumberOfBytesRead
|
|
);
|
|
|
|
typedef
|
|
LPVOID
|
|
(__stdcall *PFUNCTION_TABLE_ACCESS_ROUTINE)(
|
|
HANDLE hProcess,
|
|
DWORD AddrBase
|
|
);
|
|
|
|
typedef
|
|
DWORD
|
|
(__stdcall *PGET_MODULE_BASE_ROUTINE)(
|
|
HANDLE hProcess,
|
|
DWORD ReturnAddress
|
|
);
|
|
|
|
|
|
typedef
|
|
DWORD
|
|
(__stdcall *PTRANSLATE_ADDRESS_ROUTINE)(
|
|
HANDLE hProcess,
|
|
HANDLE hThread,
|
|
LPADDRESS lpaddr
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
StackWalk(
|
|
DWORD MachineType,
|
|
HANDLE hProcess,
|
|
HANDLE hThread,
|
|
LPSTACKFRAME StackFrame,
|
|
LPVOID ContextRecord,
|
|
PREAD_PROCESS_MEMORY_ROUTINE ReadMemoryRoutine,
|
|
PFUNCTION_TABLE_ACCESS_ROUTINE FunctionTableAccessRoutine,
|
|
PGET_MODULE_BASE_ROUTINE GetModuleBaseRoutine,
|
|
PTRANSLATE_ADDRESS_ROUTINE TranslateAddress
|
|
);
|
|
|
|
#define API_VERSION_NUMBER 5
|
|
|
|
typedef struct API_VERSION {
|
|
USHORT MajorVersion;
|
|
USHORT MinorVersion;
|
|
USHORT Revision;
|
|
USHORT Reserved;
|
|
} API_VERSION, *LPAPI_VERSION;
|
|
|
|
LPAPI_VERSION
|
|
IMAGEAPI
|
|
ImagehlpApiVersion(
|
|
VOID
|
|
);
|
|
|
|
LPAPI_VERSION
|
|
IMAGEAPI
|
|
ImagehlpApiVersionEx(
|
|
LPAPI_VERSION AppVersion
|
|
);
|
|
|
|
DWORD
|
|
IMAGEAPI
|
|
GetTimestampForLoadedLibrary(
|
|
HMODULE Module
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
RemovePrivateCvSymbolic(
|
|
PCHAR DebugData,
|
|
PCHAR * NewDebugData,
|
|
ULONG * NewDebugSize
|
|
);
|
|
|
|
VOID
|
|
IMAGEAPI
|
|
RemoveRelocations(
|
|
PCHAR ImageName
|
|
);
|
|
|
|
//
|
|
// typedefs for function pointers
|
|
//
|
|
typedef BOOL
|
|
(CALLBACK *PSYM_ENUMMODULES_CALLBACK)(
|
|
LPSTR ModuleName,
|
|
ULONG BaseOfDll,
|
|
PVOID UserContext
|
|
);
|
|
|
|
typedef BOOL
|
|
(CALLBACK *PSYM_ENUMSYMBOLS_CALLBACK)(
|
|
LPSTR SymbolName,
|
|
ULONG SymbolAddress,
|
|
ULONG SymbolSize,
|
|
PVOID UserContext
|
|
);
|
|
|
|
typedef BOOL
|
|
(CALLBACK *PENUMLOADED_MODULES_CALLBACK)(
|
|
LPSTR ModuleName,
|
|
ULONG ModuleBase,
|
|
ULONG ModuleSize,
|
|
PVOID UserContext
|
|
);
|
|
|
|
typedef BOOL
|
|
(CALLBACK *PSYMBOL_REGISTERED_CALLBACK)(
|
|
HANDLE hProcess,
|
|
ULONG ActionCode,
|
|
PVOID CallbackData,
|
|
PVOID UserContext
|
|
);
|
|
|
|
//
|
|
// symbol flags
|
|
//
|
|
#define SYMF_OMAP_GENERATED 0x00000001
|
|
#define SYMF_OMAP_MODIFIED 0x00000002
|
|
|
|
//
|
|
// symbol type enumeration
|
|
//
|
|
typedef enum {
|
|
SymNone,
|
|
SymCoff,
|
|
SymCv,
|
|
SymPdb,
|
|
SymExport,
|
|
SymDeferred,
|
|
SymSym // .sym file
|
|
} SYM_TYPE;
|
|
|
|
//
|
|
// symbol data structure
|
|
//
|
|
typedef struct _IMAGEHLP_SYMBOL {
|
|
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_SYMBOL)
|
|
DWORD Address; // virtual address including dll base address
|
|
DWORD Size; // estimated size of symbol, can be zero
|
|
DWORD Flags; // info about the symbols, see the SYMF defines
|
|
DWORD MaxNameLength; // maximum size of symbol name in 'Name'
|
|
CHAR Name[1]; // symbol name (null terminated string)
|
|
} IMAGEHLP_SYMBOL, *PIMAGEHLP_SYMBOL;
|
|
|
|
//
|
|
// module data structure
|
|
//
|
|
typedef struct _IMAGEHLP_MODULE {
|
|
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE)
|
|
DWORD BaseOfImage; // base load address of module
|
|
DWORD ImageSize; // virtual size of the loaded module
|
|
DWORD TimeDateStamp; // date/time stamp from pe header
|
|
DWORD CheckSum; // checksum from the pe header
|
|
DWORD NumSyms; // number of symbols in the symbol table
|
|
SYM_TYPE SymType; // type of symbols loaded
|
|
CHAR ModuleName[32]; // module name
|
|
CHAR ImageName[256]; // image name
|
|
CHAR LoadedImageName[256]; // symbol file name
|
|
} IMAGEHLP_MODULE, *PIMAGEHLP_MODULE;
|
|
|
|
//
|
|
// data structures used for registered symbol callbacks
|
|
//
|
|
|
|
#define CBA_DEFERRED_SYMBOL_LOAD_START 0x00000001
|
|
#define CBA_DEFERRED_SYMBOL_LOAD_COMPLETE 0x00000002
|
|
#define CBA_DEFERRED_SYMBOL_LOAD_FAILURE 0x00000003
|
|
#define CBA_SYMBOLS_UNLOADED 0x00000004
|
|
#define CBA_DUPLICATE_SYMBOL 0x00000005
|
|
|
|
typedef struct _IMAGEHLP_DEFERRED_SYMBOL_LOAD {
|
|
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DEFERRED_SYMBOL_LOAD)
|
|
DWORD BaseOfImage; // base load address of module
|
|
DWORD CheckSum; // checksum from the pe header
|
|
DWORD TimeDateStamp; // date/time stamp from pe header
|
|
CHAR FileName[MAX_PATH]; // symbols file or image name
|
|
} IMAGEHLP_DEFERRED_SYMBOL_LOAD, *PIMAGEHLP_DEFERRED_SYMBOL_LOAD;
|
|
|
|
typedef struct _IMAGEHLP_DUPLICATE_SYMBOL {
|
|
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DUPLICATE_SYMBOL)
|
|
DWORD NumberOfDups; // number of duplicates in the Symbol array
|
|
PIMAGEHLP_SYMBOL Symbol; // array of duplicate symbols
|
|
ULONG SelectedSymbol; // symbol selected (-1 to start)
|
|
} IMAGEHLP_DUPLICATE_SYMBOL, *PIMAGEHLP_DUPLICATE_SYMBOL;
|
|
|
|
|
|
//
|
|
// options that are set/returned by SymSetOptions() & SymGetOptions()
|
|
// these are used as a mask
|
|
//
|
|
#define SYMOPT_CASE_INSENSITIVE 0x00000001
|
|
#define SYMOPT_UNDNAME 0x00000002
|
|
#define SYMOPT_DEFERRED_LOADS 0x00000004
|
|
#define SYMOPT_NO_CPP 0x00000008
|
|
|
|
|
|
DWORD
|
|
IMAGEAPI
|
|
SymSetOptions(
|
|
IN DWORD SymOptions
|
|
);
|
|
|
|
DWORD
|
|
IMAGEAPI
|
|
SymGetOptions(
|
|
VOID
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
SymCleanup(
|
|
IN HANDLE hProcess
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
SymEnumerateModules(
|
|
IN HANDLE hProcess,
|
|
IN PSYM_ENUMMODULES_CALLBACK EnumModulesCallback,
|
|
IN PVOID UserContext
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
SymEnumerateSymbols(
|
|
IN HANDLE hProcess,
|
|
IN DWORD BaseOfDll,
|
|
IN PSYM_ENUMSYMBOLS_CALLBACK EnumSymbolsCallback,
|
|
IN PVOID UserContext
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
EnumerateLoadedModules(
|
|
IN HANDLE hProcess,
|
|
IN PENUMLOADED_MODULES_CALLBACK EnumLoadedModulesCallback,
|
|
IN PVOID UserContext
|
|
);
|
|
|
|
LPVOID
|
|
IMAGEAPI
|
|
SymFunctionTableAccess(
|
|
HANDLE hProcess,
|
|
DWORD AddrBase
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
SymGetModuleInfo(
|
|
IN HANDLE hProcess,
|
|
IN DWORD dwAddr,
|
|
OUT PIMAGEHLP_MODULE ModuleInfo
|
|
);
|
|
|
|
DWORD
|
|
IMAGEAPI
|
|
SymGetModuleBase(
|
|
IN HANDLE hProcess,
|
|
IN DWORD dwAddr
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
SymGetSymFromAddr(
|
|
IN HANDLE hProcess,
|
|
IN DWORD dwAddr,
|
|
OUT PDWORD pdwDisplacement,
|
|
OUT PIMAGEHLP_SYMBOL Symbol
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
SymGetSymFromName(
|
|
IN HANDLE hProcess,
|
|
IN LPSTR Name,
|
|
OUT PIMAGEHLP_SYMBOL Symbol
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
SymGetSymNext(
|
|
IN HANDLE hProcess,
|
|
IN OUT PIMAGEHLP_SYMBOL Symbol
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
SymGetSymPrev(
|
|
IN HANDLE hProcess,
|
|
IN OUT PIMAGEHLP_SYMBOL Symbol
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
SymInitialize(
|
|
IN HANDLE hProcess,
|
|
IN LPSTR UserSearchPath,
|
|
IN BOOL fInvadeProcess
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
SymGetSearchPath(
|
|
IN HANDLE hProcess,
|
|
OUT LPSTR SearchPath,
|
|
IN DWORD SearchPathLength
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
SymSetSearchPath(
|
|
IN HANDLE hProcess,
|
|
IN LPSTR SearchPath
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
SymLoadModule(
|
|
IN HANDLE hProcess,
|
|
IN HANDLE hFile,
|
|
IN PSTR ImageName,
|
|
IN PSTR ModuleName,
|
|
IN DWORD BaseOfDll,
|
|
IN DWORD SizeOfDll
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
SymUnloadModule(
|
|
IN HANDLE hProcess,
|
|
IN DWORD BaseOfDll
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
SymUnDName(
|
|
IN PIMAGEHLP_SYMBOL sym, // Symbol to undecorate
|
|
OUT LPSTR UnDecName, // Buffer to store undecorated name in
|
|
IN DWORD UnDecNameLength // Size of the buffer
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
SymRegisterCallback(
|
|
IN HANDLE hProcess,
|
|
IN PSYMBOL_REGISTERED_CALLBACK CallbackFunction,
|
|
IN PVOID UserContext
|
|
);
|
|
|
|
// Image Integrity API's
|
|
|
|
#define CERT_PE_IMAGE_DIGEST_DEBUG_INFO 0x01
|
|
#define CERT_PE_IMAGE_DIGEST_RESOURCES 0x02
|
|
#define CERT_PE_IMAGE_DIGEST_ALL_IMPORT_INFO 0x04
|
|
|
|
#define CERT_SECTION_TYPE_ANY 0xFF // Any Certificate type
|
|
|
|
typedef PVOID DIGEST_HANDLE;
|
|
|
|
typedef BOOL (WINAPI *DIGEST_FUNCTION) (DIGEST_HANDLE refdata, PBYTE pData, DWORD dwLength);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
ImageGetDigestStream(
|
|
IN HANDLE FileHandle,
|
|
IN DWORD DigestLevel,
|
|
IN DIGEST_FUNCTION DigestFunction,
|
|
IN DIGEST_HANDLE DigestHandle
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
ImageAddCertificate(
|
|
IN HANDLE FileHandle,
|
|
IN LPWIN_CERTIFICATE Certificate,
|
|
OUT PDWORD Index
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
ImageRemoveCertificate(
|
|
IN HANDLE FileHandle,
|
|
IN DWORD Index
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
ImageEnumerateCertificates(
|
|
IN HANDLE FileHandle,
|
|
IN WORD TypeFilter,
|
|
OUT PDWORD CertificateCount,
|
|
IN OUT PDWORD Indices OPTIONAL,
|
|
IN OUT DWORD IndexCount OPTIONAL
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
ImageGetCertificateData(
|
|
IN HANDLE FileHandle,
|
|
IN DWORD CertificateIndex,
|
|
OUT LPWIN_CERTIFICATE Certificate,
|
|
IN OUT PDWORD RequiredLength
|
|
);
|
|
|
|
BOOL
|
|
IMAGEAPI
|
|
ImageGetCertificateHeader(
|
|
IN HANDLE FileHandle,
|
|
IN DWORD CertificateIndex,
|
|
IN OUT LPWIN_CERTIFICATE Certificateheader
|
|
);
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif // _IMAGEHLP_
|