T min_max(T min, T max) { U<T> udis(min, max); return udis(_mt); }
bool WDbgArk::FindDbgkLkmdCallbackArray() { if ( m_system_ver->GetStrictVer() <= VISTA_SP2_VER ) { out << wa::showplus << __FUNCTION__ << ": unsupported Windows version" << endlout; return false; } unsigned __int64 symbol_offset = 0; if ( m_sym_cache->GetSymbolOffset("nt!DbgkLkmdCallbackArray", true, &symbol_offset) ) return true; unsigned __int64 offset = 0; if ( !m_sym_cache->GetSymbolOffset("nt!DbgkLkmdUnregisterCallback", true, &offset) ) { err << wa::showminus << __FUNCTION__ << ": can't find nt!DbgkLkmdUnregisterCallback" << endlerr; return false; } std::unique_ptr<WDbgArkUdis> udis(new WDbgArkUdis(0, offset, MAX_INSN_LENGTH * 20)); if ( !udis->IsInited() ) { err << wa::showminus << __FUNCTION__ << ": can't init Udis class" << endlerr; return false; } unsigned __int64 ret_address = 0; while ( udis->Disassemble() ) { if ( !m_is_cur_machine64 && udis->InstructionLength() == 5 && udis->InstructionMnemonic() == UD_Imov && udis->InstructionOperand(0)->type == UD_OP_REG ) { ret_address = static_cast<unsigned __int64>(udis->InstructionOperand(1)->lval.udword); break; } else if ( m_is_cur_machine64 && udis->InstructionLength() == 7 && udis->InstructionMnemonic() == UD_Ilea && udis->InstructionOperand(0)->type == UD_OP_REG ) { ret_address = udis->InstructionOffset() + udis->InstructionOperand(1)->lval.sdword +\ udis->InstructionLength(); break; } } if ( !ret_address ) { err << wa::showminus << __FUNCTION__ << ": disassembly failed" << endlerr; return false; } std::stringstream string_value; string_value << std::hex << std::showbase << ret_address; try { ret_address = g_Ext->EvalExprU64(string_value.str().c_str()); } catch (const ExtStatusException &Ex) { err << wa::showminus << __FUNCTION__ << ": " << Ex.GetMessage() << endlerr; return false; } // do not reload nt module after that DEBUG_MODULE_AND_ID id; HRESULT hresult = m_Symbols3->AddSyntheticSymbol(ret_address, m_PtrSize, "DbgkLkmdCallbackArray", DEBUG_ADDSYNTHSYM_DEFAULT, &id); if ( !SUCCEEDED(hresult) ) { err << wa::showminus << __FUNCTION__ << ": failed to add synthetic symbol DbgkLkmdCallbackArray" << endlerr; } else { m_synthetic_symbols.push_back(id); return true; } return false; }