DWORD DumpAddressInfo( PVOID pAddr, LPTSTR szBuf, DWORD dwLen) { if (g_pfnSymGetSymFromAddr == NULL || g_pfnSymGetLineFromAddr == NULL) return 0; InitSymEng( ); // Start looking up the exception address. PIMAGEHLP_SYMBOL pSym = (PIMAGEHLP_SYMBOL)&g_stSymbol; ZeroMemory(pSym , SYM_BUFF_SIZE ); pSym->SizeOfStruct = sizeof ( IMAGEHLP_SYMBOL ) ; pSym->MaxNameLength = SYM_BUFF_SIZE - sizeof ( IMAGEHLP_SYMBOL ) ; ZeroMemory ( &g_stLine , sizeof ( IMAGEHLP_LINE ) ) ; g_stLine.SizeOfStruct = sizeof ( IMAGEHLP_LINE ) ; DWORD dwDisp = 0; char szModPath[ MAX_PATH + 1 ]; if (!GetShortModuleNameFromAddr(pAddr, szModPath, MAX_PATH)) return 0; DWORD dwRet = 0; if (g_pfnSymGetSymFromAddr(GetCurrentProcess(), (DWORD)pAddr , &dwDisp, pSym) && g_pfnSymGetLineFromAddr ( GetCurrentProcess (), (DWORD)pAddr, &dwDisp , &g_stLine )) { dwRet = _snprintf(szBuf , dwLen, "%hs(%d) : %s ( %s )\n", g_stLine.FileName, g_stLine.LineNumber, pSym->Name, szModPath); } else { dwRet = _snprintf(szBuf , dwLen, "<no symbols> : 0x%08X ( %s )\n", pAddr, szModPath); } return (dwRet < 0 ? dwLen : dwRet); }
DWORD GetStackAddresses(CONTEXT* pContext, PVOID* ppAddr, DWORD dwMaxAddr) { DWORD dwAddr = dwMaxAddr; __try { // Initialize the symbol engine in case it is not initialized. InitSymEng ( ) ; if (NULL == g_pfnSymGetSymFromAddr || NULL == g_pfnStackWalk || NULL == g_pfnSymFunctionTableAccess || NULL == g_pfnSymGetModuleBase) return 0 ; HANDLE hProcess = GetCurrentProcess(); // Initialize the STACKFRAME structure. ZeroMemory ( &g_stFrame , sizeof ( STACKFRAME ) ) ; CONTEXT context = *pContext; #ifdef _X86_ g_stFrame.AddrPC.Offset = context.Eip ; g_stFrame.AddrPC.Mode = AddrModeFlat ; g_stFrame.AddrStack.Offset = context.Esp ; g_stFrame.AddrStack.Mode = AddrModeFlat ; g_stFrame.AddrFrame.Offset = context.Ebp ; g_stFrame.AddrFrame.Mode = AddrModeFlat ; #else g_stFrame.AddrPC.Offset = (DWORD)context.Fir ; g_stFrame.AddrPC.Mode = AddrModeFlat ; g_stFrame.AddrReturn.Offset = (DWORD)context.IntRa; g_stFrame.AddrReturn.Mode = AddrModeFlat ; g_stFrame.AddrStack.Offset = (DWORD)context.IntSp; g_stFrame.AddrStack.Mode = AddrModeFlat ; g_stFrame.AddrFrame.Offset = (DWORD)context.IntFp; g_stFrame.AddrFrame.Mode = AddrModeFlat ; #endif while(g_pfnStackWalk ( CH_MACHINE, hProcess, GetCurrentThread ( ), &g_stFrame, &context, NULL , g_pfnSymFunctionTableAccess , g_pfnSymGetModuleBase, NULL ) && g_stFrame.AddrFrame.Offset && dwAddr--) { *(ppAddr++) = (PVOID)g_stFrame.AddrPC.Offset; } } __except (EXCEPTION_EXECUTE_HANDLER) { } return dwMaxAddr - dwAddr; }
int SymEng_LoadModule(char *pszFile, DWORD64 *pdwBase) { static int iStatus = -1; if (iStatus < 0) { iStatus = InitSymEng(); if (iStatus < 0) return iStatus; } if (!(*pdwBase = SymLoadModule64(GetCurrentProcess(), 0, pszFile, 0, 0, 0))) { TRACE("SymLoadModule64 %s failed: %08X", pszFile, GetLastError()); return -3; } return 0; }