Exemple #1
0
    bool FindGlobalSymbolAddress(Module* mainMod, const char* symbol, Address64& symaddr)
    {
        HRESULT hr = S_OK;
        RefPtr<MagoST::ISession> session;

        if ( !mainMod->GetSymbolSession( session ) )
            return false;

        MagoST::EnumNamedSymbolsData enumData = { 0 };

        hr = session->FindFirstSymbol( MagoST::SymHeap_GlobalSymbols, symbol, strlen(symbol), enumData );
        if ( hr != S_OK )
            hr = session->FindFirstSymbol( MagoST::SymHeap_StaticSymbols, symbol, strlen(symbol), enumData );
        if ( hr != S_OK )
            hr = session->FindFirstSymbol( MagoST::SymHeap_PublicSymbols, symbol, strlen(symbol), enumData );
        if ( hr != S_OK )
            return false;

        MagoST::SymHandle handle;

        hr = session->GetCurrentSymbol( enumData, handle );
        if ( FAILED( hr ) )
            return false;

        MagoST::SymInfoData infoData = { 0 };
        MagoST::ISymbolInfo* symInfo = NULL;

        hr = session->GetSymbolInfo( handle, infoData, symInfo );
        if ( FAILED( hr ) )
            return false;

        uint16_t section = 0;
        uint32_t offset = 0;

        if ( !symInfo->GetAddressSegment( section ) 
            || !symInfo->GetAddressOffset( offset ) )
            return false;

        uint64_t addr = session->GetVAFromSecOffset( section, offset );
        if ( addr == 0 )
            return false;

        symaddr = (Address64) addr;
        return true;
    }
    bool FindUserEntryPoint( Module* mainMod, Address& entryPoint )
    {
        HRESULT hr = S_OK;
        RefPtr<MagoST::ISession> session;

        if ( !mainMod->GetSymbolSession( session ) )
            return false;

        MagoST::EnumNamedSymbolsData enumData = { 0 };

        hr = session->FindFirstSymbol( MagoST::SymHeap_GlobalSymbols, "D main", 6, enumData );
        if ( hr != S_OK )
            return false;

        MagoST::SymHandle handle;

        hr = session->GetCurrentSymbol( enumData, handle );
        if ( FAILED( hr ) )
            return false;

        MagoST::SymInfoData infoData = { 0 };
        MagoST::ISymbolInfo* symInfo = NULL;

        hr = session->GetSymbolInfo( handle, infoData, symInfo );
        if ( FAILED( hr ) )
            return false;

        uint16_t section = 0;
        uint32_t offset = 0;

        if ( !symInfo->GetAddressSegment( section ) 
            || !symInfo->GetAddressOffset( offset ) )
            return false;

        uint64_t addr = session->GetVAFromSecOffset( section, offset );
        if ( addr == 0 )
            return false;

        entryPoint = (Address) addr;
        return true;
    }
Exemple #3
0
    bool EventCallback::FindThunk( 
        MagoST::ISession* session, uint16_t section, uint32_t offset, AddressRange64& thunkRange )
    {
        HRESULT hr = S_OK;
        MagoST::SymHandle symHandle;

        hr = session->FindOuterSymbolByAddr( MagoST::SymHeap_GlobalSymbols, section, offset, symHandle );
        if ( hr != S_OK )
        {
            hr = session->FindOuterSymbolByAddr( 
                MagoST::SymHeap_StaticSymbols, section, offset, symHandle );
        }
        if ( hr == S_OK )
        {
            MagoST::SymInfoData infoData;
            MagoST::ISymbolInfo* symInfo = NULL;

            hr = session->GetSymbolInfo( symHandle, infoData, symInfo );
            if ( hr == S_OK )
            {
                if ( symInfo->GetSymTag() == MagoST::SymTagThunk )
                {
                    uint32_t length = 0;
                    symInfo->GetAddressOffset( offset );
                    symInfo->GetAddressSegment( section );
                    symInfo->GetLength( length );

                    uint64_t addr = session->GetVAFromSecOffset( section, offset );
                    thunkRange.Begin = (Address64) addr;
                    thunkRange.End = (Address64) addr + length - 1;
                    return true;
                }
            }
        }

        return false;
    }