void KImageModule::EnumerateSymbols(bool bForPogy)
{
m_nCount = 0;
m_bForPogy = bForPogy;
SymEnumerateSymbols(m_hProcess, m_imagebase_loaded, ::EnumSymbolsCallback, this);
Output("%d total syscalls found\n\n", m_nCount);
}
VOID
DumpSymbols(
PDEBUGPACKET dp
)
{
IMAGEHLP_MODULE mi;
if (SymGetModuleInfo( dp->hProcess, 0, &mi )) {
lprintf( MSG_SYMBOL_TABLE );
do {
lprintfs( "%s\r\n\r\n", mi.ImageName );
SymEnumerateSymbols( dp->hProcess, mi.BaseOfImage, SymbolEnumFunc, NULL );
} while( SymGetModuleInfo( dp->hProcess, (DWORD)-1, &mi ));
}
}
PPROFBLK SetupProfiling(LPCTSTR ptchFileName)
{
PVOID ImageBase;
PPROFBLK pProfBlk;
PPROFBLK pPrevProfBlk;
ULONG ulBlkOff;
LPCSTR ptchImageName;
TCHAR atchImageName [256];
PIMAGE_NT_HEADERS pImageNtHeader;
IMAGEHLP_MODULE ModuleInfo;
// Skip directory name
if ( (ptchImageName = strrchr(ptchFileName, '\\')) )
ptchImageName++;
else
ptchImageName = (PTCHAR)ptchFileName;
// Make uppercase copy
_strupr (strcpy (atchImageName, ptchImageName));
// Don't profile CAP
if ( !strcmp (atchImageName, CAPDLL) )
return NULL;
// Search prof blk list for matching image name
pPrevProfBlk = NULL;
ulBlkOff = ulLocProfBlkOff;
while (ulBlkOff != 0)
{
pPrevProfBlk = MKPPROFBLK(ulBlkOff);
// If found image, no need to set up new block
if (!strcmp((PCHAR)pPrevProfBlk->atchImageName, atchImageName))
return FALSE;
ulBlkOff = pPrevProfBlk->ulNxtBlk;
}
try // Accessing new block can cause an access fault
// which will extend the allocation
{
// Place block at next available offset
pProfBlk = MKPPROFBLK(*pulProfBlkBase);
// Fill in initial values
pProfBlk->ImageBase =0;
pProfBlk->CodeStart = 0;
pProfBlk->CodeLength = 0;
pProfBlk->iSymCnt = 0;
pProfBlk->State = BLKSTATE_ASSIGNED;
pProfBlk->ulNxtBlk = 0;
strcpy ((TCHAR *) pProfBlk->atchImageName, atchImageName);
// Link to previous block or initial block offset
if (pPrevProfBlk)
pPrevProfBlk->ulNxtBlk = *pulProfBlkBase;
else
ulLocProfBlkOff = *pulProfBlkBase;
// Load module symbols
ImageBase = GetModuleHandle(ptchImageName);
SymLoadModule(hThisProcess, NULL, (LPSTR)ptchFileName,
(LPSTR)ptchImageName, (DWORD)ImageBase, 0);
if (ImageBase != NULL)
{
pProfBlk->ImageBase = ImageBase;
// Get code start address
if ((pImageNtHeader = ImageNtHeader(ImageBase)) != NULL)
{
pProfBlk->CodeStart = (PULONG)((TCHAR *)ImageBase +
pImageNtHeader->OptionalHeader.BaseOfCode);
}
else
{
// If can't get code start, use imagebase as next best guess
pProfBlk->CodeStart = ImageBase;
}
#if defined(MIPS) && !defined(MIPS_VC40_INTERFACE)
// Enumerate symbols to find adress of _penter
fPenterFound = FALSE;
SymEnumerateSymbols(hThisProcess, (DWORD)ImageBase,
FindPenterCallback, (PVOID)pProfBlk);
#endif // MIPS && !MIPS_VC40_INTERFACE
// Get module info for symbols count
SymGetModuleInfo(hThisProcess, (DWORD)ImageBase, &ModuleInfo);
pProfBlk->iSymCnt = ModuleInfo.NumSyms;
// Determine location for symbols and symbol names
pProfSymb = (PSYMINFO)(&pProfBlk->atchImageName[strlen(atchImageName) + 1]);
pProfBlk->ulSym = (PTCHAR)pProfSymb - (PTCHAR)pulProfBlkBase;
pcProfSymbName = (PTCHAR)&pProfSymb[ModuleInfo.NumSyms];
// Now enumerate symbols to build up symbol table
ulMaxSymbAddr = (ULONG)pProfBlk->CodeStart;
SymEnumerateSymbols(hThisProcess, (DWORD)ImageBase,
SymbolEnumCallback, (PVOID)pProfBlk);
// Set symbol range based on max symbol address encountered
if (ulMaxSymbAddr > (ULONG)pProfBlk->CodeStart)
pProfBlk->CodeLength = ulMaxSymbAddr - (ULONG)pProfBlk->CodeStart;
// Update pointer to available space
*pulProfBlkBase = (ULONG)(pcProfSymbName - (PTCHAR)pulProfBlkBase);
// Unload the module
SymUnloadModule(hThisProcess, (DWORD)ImageBase);
// Do any requested import/export patching
PatchDll (ptchPatchImports, ptchPatchCallers, bCallersToPatch,
atchImageName, ImageBase);
}
else
{
// No symbols - Update offset to next free space
*pulProfBlkBase = (ULONG)&pProfBlk->atchImageName[strlen(atchImageName) + 1]
-(ULONG)pulProfBlkBase;
} // ImageBase != NULL
}
//
// + : transfer control to the handler (EXCEPTION_EXECUTE_HANDLER)
// 0 : continue search (EXCEPTION_CONTINUE_SEARCH)
// - : dismiss exception & continue (EXCEPTION_CONTINUE_EXECUTION)
//
except ( AccessXcptFilter (GetExceptionCode(), GetExceptionInformation(), COMMIT_SIZE))
{
// Should never get here since filter never returns
// EXCEPTION_EXECUTE_HANDLER.
CapDbgPrint ("CAP: DoDllInitializations() - *LOGIC ERROR* - "
"Inside the EXCEPT: (xcpt=0x%lx)\n", GetExceptionCode());
} // end of TRY/EXCEPT
return pProfBlk;
}
int getDebugInfo(char* fname)
{
HANDLE Self;
DWORD moduleAddr;
IMAGEHLP_MODULE moduleInfo;
namesSize = 1;
maxDebug = CodeSize + 10000;
hasDebug = calloc(maxDebug, sizeof(int));
names = calloc(MAX_NAMES_SIZE,1);
nonCode = calloc(MAX_NONCODE_SIZE,sizeof(Sym));
nonCodeCount = 0;
Self = GetCurrentProcess();
SymSetOptions(SYMOPT_LOAD_LINES);
if(!SymInitialize(Self,NULL,FALSE)) {
printf("Failed to initialize Sym \n");
return -1;
}
printf("Trying to load with base = %08X\n",imageBase);
// moduleAddr = SymLoadModule(Self,NULL,fname,NULL,imageBase+BASE_SHIFT,0);
moduleAddr = SymLoadModule(Self,NULL,fname,NULL,0,0);
if(!moduleAddr) {
printf("Error: %n",GetLastError());
return -1;
}
moduleInfo.SizeOfStruct = sizeof(IMAGEHLP_MODULE);
if(SymGetModuleInfo(Self,moduleAddr,&moduleInfo)) {
printf("ImageSize : %d \n",moduleInfo.ImageSize);
printf("NumSyms : %d \n",moduleInfo.NumSyms);
printf("SymType : ");
switch (moduleInfo.SymType) {
case SymNone : printf("No symbols are loaded \n");
break;
case SymCoff : printf("COFF symbols \n");
break;
case SymCv : printf("CodeView symbols \n");
break;
case SymPdb : printf("pdb file \n");
break;
case SymExport : printf("Symbols generated from a DLL's export table\n");
break;
case SymDeferred : printf("The library has not yet attempted to load symbols.\n");
break;
case SymSym : printf(".SYM file \n");
break;
default: printf("Unknown value for SymType : %d\n",moduleInfo.SymType);
}
printf("ModuleName : %s\n",moduleInfo.ModuleName);
printf("ImageName : %s\n",moduleInfo.ImageName);
printf("LoadedImageName : %s\n",moduleInfo.LoadedImageName);
printf("LoadedImageBase : %08X\n",moduleInfo.BaseOfImage);
}
SymEnumerateSymbols(Self,moduleAddr,SymbolEnumumeration,NULL);
SymUnloadModule(Self,moduleAddr);
SymCleanup(Self);
return 0;
}