VOID KdbSymProcessSymbols( IN PLDR_DATA_TABLE_ENTRY LdrEntry) { if (!LoadSymbols) { LdrEntry->PatchInformation = NULL; return; } /* Remove symbol info if it already exists */ if (LdrEntry->PatchInformation) { KdbpSymRemoveCachedFile(LdrEntry->PatchInformation); } /* Error loading symbol info, try to load it from file */ KdbpSymLoadModuleSymbols(&LdrEntry->FullDllName, (PROSSYM_INFO*)&LdrEntry->PatchInformation); if (!LdrEntry->PatchInformation) { // HACK: module dll names don't identify the real files UNICODE_STRING SystemRoot; UNICODE_STRING ModuleNameCopy; RtlInitUnicodeString(&SystemRoot, L"\\SystemRoot\\System32\\Drivers\\"); ModuleNameCopy.Length = 0; ModuleNameCopy.MaximumLength = LdrEntry->BaseDllName.MaximumLength + SystemRoot.MaximumLength; ModuleNameCopy.Buffer = ExAllocatePool(NonPagedPool, SystemRoot.MaximumLength + LdrEntry->BaseDllName.MaximumLength); RtlCopyUnicodeString(&ModuleNameCopy, &SystemRoot); RtlCopyMemory (ModuleNameCopy.Buffer + ModuleNameCopy.Length / sizeof(WCHAR), LdrEntry->BaseDllName.Buffer, LdrEntry->BaseDllName.Length); ModuleNameCopy.Length += LdrEntry->BaseDllName.Length; KdbpSymLoadModuleSymbols(&ModuleNameCopy, (PROSSYM_INFO*)&LdrEntry->PatchInformation); if (!LdrEntry->PatchInformation) { SystemRoot.Length -= strlen("Drivers\\") * sizeof(WCHAR); RtlCopyUnicodeString(&ModuleNameCopy, &SystemRoot); RtlCopyMemory (ModuleNameCopy.Buffer + ModuleNameCopy.Length / sizeof(WCHAR), LdrEntry->BaseDllName.Buffer, LdrEntry->BaseDllName.Length); ModuleNameCopy.Length += LdrEntry->BaseDllName.Length; KdbpSymLoadModuleSymbols(&ModuleNameCopy, (PROSSYM_INFO*)&LdrEntry->PatchInformation); } RtlFreeUnicodeString(&ModuleNameCopy); } /* It already added symbols to cache */ DPRINT("Installed symbols: %wZ@%p-%p %p\n", &LdrEntry->BaseDllName, LdrEntry->DllBase, (PVOID)(LdrEntry->SizeOfImage + (ULONG_PTR)LdrEntry->DllBase), LdrEntry->PatchInformation); }
VOID KdbSymProcessSymbols( IN PLDR_DATA_TABLE_ENTRY LdrEntry) { if (!LoadSymbols) { LdrEntry->PatchInformation = NULL; return; } /* Remove symbol info if it already exists */ if (LdrEntry->PatchInformation) KdbpSymRemoveCachedFile(LdrEntry->PatchInformation); /* Load new symbol information */ if (! RosSymCreateFromMem(LdrEntry->DllBase, LdrEntry->SizeOfImage, (PROSSYM_INFO*)&LdrEntry->PatchInformation)) { /* Error loading symbol info, try to load it from file */ KdbpSymLoadModuleSymbols(&LdrEntry->FullDllName, (PROSSYM_INFO*)&LdrEntry->PatchInformation); /* It already added symbols to cache */ } else { /* Add file to cache */ KdbpSymAddCachedFile(&LdrEntry->FullDllName, LdrEntry->PatchInformation); } DPRINT("Installed symbols: %wZ@%p-%p %p\n", &LdrEntry->BaseDllName, LdrEntry->DllBase, (PVOID)(LdrEntry->SizeOfImage + (ULONG_PTR)LdrEntry->DllBase), LdrEntry->PatchInformation); }