WINDOWS_PROFIL_T* CreateWindowsProfileFromPdbFile(char *pPdbFilePath)
{
PDB_PARSER_T PdbParserHandle;
if (PdbOpenPdb(&PdbParserHandle, pPdbFilePath)){
uint64_t off_KiWaitAlways = 0;
uint64_t off_KiWaitNever = 0;
uint64_t off_KdpDataBlockEncoded = 0;
uint64_t off_KdDebuggerDataBlock = 0;
uint64_t off_KdVersionBlock = 0;
uint64_t off_KiDivideErrorFault = 0;
uint64_t off_KiTrap00 = 0;
uint64_t off_KdpDebuggerDataListHead = 0;
PdbGetSymbolsRVA(&PdbParserHandle, "KiWaitAlways", &off_KiWaitAlways);
PdbGetSymbolsRVA(&PdbParserHandle, "KiWaitNever", &off_KiWaitNever);
PdbGetSymbolsRVA(&PdbParserHandle, "KdpDataBlockEncoded", &off_KdpDataBlockEncoded);
PdbGetSymbolsRVA(&PdbParserHandle, "KdDebuggerDataBlock", &off_KdDebuggerDataBlock);
PdbGetSymbolsRVA(&PdbParserHandle, "KdVersionBlock", &off_KdVersionBlock);
PdbGetSymbolsRVA(&PdbParserHandle, "KiDivideErrorFault", &off_KiDivideErrorFault);
PdbGetSymbolsRVA(&PdbParserHandle, "KiTrap00", &off_KiTrap00);
PdbGetSymbolsRVA(&PdbParserHandle, "KdpDebuggerDataListHead", &off_KdpDebuggerDataListHead);
//todo remove malloc !
WINDOWS_PROFIL_T *pCurrentWindowsProfil = (WINDOWS_PROFIL_T*)malloc(sizeof(WINDOWS_PROFIL_T));
pCurrentWindowsProfil->pGUID = "{TODO}";
pCurrentWindowsProfil->pVersionName = "TODO"; //nt!NtBuildLabEx
pCurrentWindowsProfil->KiWaitAlwaysOffset = off_KiWaitAlways;
pCurrentWindowsProfil->KiWaitNeverOffset = off_KiWaitNever;
pCurrentWindowsProfil->KdpDataBlockEncodedOffset = off_KdpDataBlockEncoded;
pCurrentWindowsProfil->KdDebuggerDataBlockOffset = off_KdDebuggerDataBlock;
pCurrentWindowsProfil->KdVersionBlockOffset = off_KdVersionBlock;
pCurrentWindowsProfil->KiDivideErrorFaultOffset = off_KiDivideErrorFault;
pCurrentWindowsProfil->KiTrap00Offset = off_KiTrap00;
pCurrentWindowsProfil->KdpDebuggerDataListHeadOffset = off_KdpDebuggerDataListHead;
pCurrentWindowsProfil->bClearKdDebuggerDataBlock = true;
PdbClose(&PdbParserHandle);
return pCurrentWindowsProfil;
}
else{
printf("Failed to open ntkrnlmp.pdb\n");
}
return NULL;
}
int main(int argc, char** argv)
{
PDB_FILE* pdb;
if (!ParseCommandLine(argc, argv))
{
PrintHelp();
return 1;
}
pdb = PdbOpen(g_pdbFile);
if (!pdb)
{
fprintf(stderr, "Failed to open pdb file %s\n", argv[argc - 1]);
return 2;
}
fprintf(stderr, "Successfully opened pdb.\n");
fprintf(stderr, "This file contains %d streams.\n", PdbGetStreamCount(pdb));
if (g_dumpStream)
{
uint8_t buff[512];
uint32_t chunkSize;
uint32_t bytesRemaining;
PDB_STREAM* stream = PdbStreamOpen(pdb, g_dumpStreamId);
if (!stream)
{
PdbClose(pdb);
fprintf(stderr, "Failed to open stream %d.\n", g_dumpStreamId);
return 3;
}
bytesRemaining = PdbStreamGetSize(stream);
while (bytesRemaining)
{
if (bytesRemaining > 512)
chunkSize = 512;
else
chunkSize = bytesRemaining;
if (!PdbStreamRead(stream, buff, chunkSize))
{
PdbStreamClose(stream);
PdbClose(pdb);
fprintf(stderr, "Failed to read stream.\n");
return 4;
}
if (fwrite(buff, 1, chunkSize, stdout) != chunkSize)
{
PdbStreamClose(stream);
PdbClose(pdb);
fprintf(stderr, "Failed to write to stdout.\n");
return 5;
}
bytesRemaining -= chunkSize;
}
}
if (g_dumpType)
{
// Attempt to initialize the types subsystem
PDB_TYPES* types = PdbTypesOpen(pdb);
if (!types)
{
fprintf(stderr, "Failed to open pdb types.\n");
PdbClose(pdb);
return 6;
}
if (g_dumpAllTypes)
PdbTypesEnumerate(types, NULL);
else
PdbTypesPrint(types, g_type, NULL);
PdbTypesClose(types);
}
PdbClose(pdb);
return 0;
}