bool CDXGraph::Attach(IGraphBuilder * inGraphBuilder) { Release(); if (inGraphBuilder) { inGraphBuilder->AddRef(); mGraph = inGraphBuilder; AddToObjectTable(); return QueryInterfaces(); } return true; }
bool CDXGraph::Create(void) { CoInitialize(NULL); HRESULT hr; if (!mGraph) { // Create the Filter Graph Manager. hr = CoCreateInstance(CLSID_FilterGraph, NULL, CLSCTX_INPROC_SERVER, IID_IGraphBuilder, (void **)&mGraph); if (SUCCEEDED(hr)) { #ifdef _DEBUG AddToObjectTable(); #endif return QueryInterfaces(); } mGraph = 0; } return false; }
HRESULT CALLBACK st( _In_ PDEBUG_CLIENT DebugClient, _In_opt_ PCSTR args ) /*++ Routine Description: Displays system service table. Return Value: HRESULT Environment: Kernel mode. --*/ { HRESULT Status = S_OK; ULONG ProcessorType; ULONG PlatformId; ULONG Major; ULONG Minor; ULONG ServicePackNumber; ULONG64 KeServiceDescriptorTable; ULONG64 KiServiceLimit; ULONG64 ServiceTableBase; ULONG64 Address; ULONG64 ServiceAddress; ULONG64 PsNtosImageBase; ULONG64 NtosImageBase; ULONG64 NtosImageEnd; ULONG Limit; ULONG i; LONG Offset; ULONG BytesRead; CHAR ServiceName[MAX_PATH]; IMAGE_NT_HEADERS64 ImageNtHeaders; UNREFERENCED_PARAMETER(args); __try { if ((Status = QueryInterfaces(DebugClient)) != S_OK) { DebugControl->Output(DEBUG_OUTPUT_NORMAL, "Could not query interfaces.\n"); __leave; } if ((Status = IsKernelMode(DebugClient, __FUNCTION__)) != S_OK) { __leave; } if ((Status = DebugControl->GetActualProcessorType(&ProcessorType)) != S_OK) { DebugControl->Output(DEBUG_OUTPUT_NORMAL, "Could not get processor type.\n"); __leave; } if ((Status = DebugControl->GetSystemVersion(&PlatformId, &Major, &Minor, NULL, NULL, NULL, &ServicePackNumber, NULL, NULL, NULL)) != S_OK) { DebugControl->Output(DEBUG_OUTPUT_NORMAL, "Could not get system version.\n"); __leave; } if ((Status = DebugSymbols->GetOffsetByName("nt!KeServiceDescriptorTable", &KeServiceDescriptorTable)) != S_OK) { DebugControl->Output(DEBUG_OUTPUT_NORMAL, "Could not get address of nt!KeServiceDescriptorTable.\n"); __leave; } if ((Status = DebugSymbols->GetOffsetByName("nt!KiServiceLimit", &KiServiceLimit)) != S_OK) { DebugControl->Output(DEBUG_OUTPUT_NORMAL, "Could not get address of nt!KiServiceLimit.\n"); __leave; } if ((Status = DebugDataSpaces->ReadPointersVirtual(1, KeServiceDescriptorTable, &ServiceTableBase)) != S_OK) { DebugControl->Output(DEBUG_OUTPUT_NORMAL, "Could not read service table base.\n"); __leave; } if ((Status = DebugDataSpaces->ReadVirtual(KiServiceLimit, &Limit, sizeof(ULONG), &BytesRead)) != S_OK) { DebugControl->Output(DEBUG_OUTPUT_NORMAL, "Could not read service table limit.\n"); __leave; } if ((Status = DebugSymbols->GetOffsetByName("nt!PsNtosImageBase", &PsNtosImageBase)) != S_OK) { DebugControl->Output(DEBUG_OUTPUT_NORMAL, "Could not get address of nt!PsNtosImageBase.\n"); __leave; } if ((Status = DebugDataSpaces->ReadPointersVirtual(1, PsNtosImageBase, &NtosImageBase)) != S_OK) { DebugControl->Output(DEBUG_OUTPUT_NORMAL, "Could not read nt!PsNtosImageBase.\n"); __leave; } if ((Status = DebugDataSpaces->ReadImageNtHeaders(NtosImageBase, &ImageNtHeaders)) != S_OK) { DebugControl->Output(DEBUG_OUTPUT_NORMAL, "Could not read kernel image headers.\n"); __leave; } NtosImageEnd = NtosImageBase + ImageNtHeaders.OptionalHeader.SizeOfImage; Address = ServiceTableBase; DebugControl->Output(DEBUG_OUTPUT_NORMAL, "\n"); if (IMAGE_FILE_MACHINE_I386 == ProcessorType) { for (i = 0; i < Limit; i++, Address += sizeof(ULONG)) { ServiceName[0] = '\0'; if ((Status = DebugDataSpaces->ReadPointersVirtual(1, Address, &ServiceAddress)) != S_OK) { DebugControl->Output(DEBUG_OUTPUT_NORMAL, "Could not read memory.\n"); __leave; } DebugSymbols->GetNameByOffset(ServiceAddress, (PSTR)ServiceName, _countof(ServiceName), &BytesRead, NULL); DebugControl->ControlledOutput(DEBUG_OUTCTL_DML, DEBUG_OUTPUT_NORMAL, (ServiceAddress >= NtosImageBase && ServiceAddress < NtosImageEnd) ? "%03lx:\t%p\t%s\n" : "%03lx:<col fg=\"changed\">\t%p\t%s</col>\n", i, ServiceAddress, ServiceName); } } else if (IMAGE_FILE_MACHINE_AMD64 == ProcessorType) { for (i = 0; i < Limit; i++, Address += sizeof(ULONG)) { ServiceName[0] = '\0'; if ((Status = DebugDataSpaces->ReadVirtual(Address, &Offset, sizeof(Offset), &BytesRead)) != S_OK) { DebugControl->Output(DEBUG_OUTPUT_NORMAL, "Could not read memory.\n"); __leave; } if (Minor < 6000) { Offset &= ~0xF; } else { Offset >>= 4; } ServiceAddress = ServiceTableBase + Offset; DebugSymbols->GetNameByOffset(ServiceAddress, (PSTR)ServiceName, _countof(ServiceName), &BytesRead, NULL); DebugControl->ControlledOutput(DEBUG_OUTCTL_DML, DEBUG_OUTPUT_NORMAL, (ServiceAddress >= NtosImageBase && ServiceAddress < NtosImageEnd) ? "%03lx:\t%p\t%s\n" : "%03lx:<col fg=\"changed\">\t%p\t%s</col>\n", i, ServiceAddress, ServiceName); } } DebugControl->Output(DEBUG_OUTPUT_NORMAL, "\n"); } __finally { ReleaseInterfaces(); } return Status; }