NTSTATUS DriverEntry (
IN PDRIVER_OBJECT pDriverObject,
IN PUNICODE_STRING pRegistryPath )
{
NTSTATUS status = STATUS_SUCCESS;
PVOID OldImageBase;
PVOID NewImageBase;
pDriverObject->DriverUnload = HelloDDKUnload;
KdPrint(("加载驱动成功!\n"));
OldImageBase = GetModuleBase("ntoskrnl.exe");
if(NULL != OldImageBase)
{
NewImageBase = KeLoadLibrary(L"\\??\\C:\\windows\\system32\\ntoskrnl.exe", OldImageBase);
}
else
{
OldImageBase = GetModuleBase("ntkrnlpa.exe");
NewImageBase = KeLoadLibrary(L"\\??\\C:\\windows\\system32\\ntkrnlpa.exe", OldImageBase);
}
FixNewKiServiceTable(NewImageBase, OldImageBase);
SetSysenterHook();
SetDebugPortDrxHook();
return status;
}
DWORD WINAPI MainScan(LPVOID lpParams) {
while (true) {
DWORD pID;
csWind = FindWindow(0, "Counter-Strike: Global Offensive");
GetWindowThreadProcessId(csWind, &pID);
csHandle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pID);
clientBase = GetModuleBase(pID, "client.dll");
while (true) {
if (updateEnts()) {
if ((GetKeyState(0x4B) & 0x100) != 0) {
if (localPlayer.cid > 0 && localPlayer.cid <= 64) {
if (players[localPlayer.cid - 1].team != 0 && players[localPlayer.cid - 1].team != localPlayer.team && (players[localPlayer.cid - 1].health > 0)) {
Sleep(25);
sim();
}
}
}
}
}
}
return 0;
}
static
BOOL BfdGetLineFromAddr(bfd *abfd, asymbol **syms, long symcount, DWORD dwAddress, LPTSTR lpFileName, DWORD nSize, LPDWORD lpLineNumber)
{
HMODULE hModule;
struct find_handle info;
if(!(hModule = (HMODULE) GetModuleBase(dwAddress)))
return FALSE;
info.pc = dwAddress;
if(!(bfd_get_file_flags (abfd) & HAS_SYMS) || !symcount)
return FALSE;
info.syms = syms;
info.found = FALSE;
bfd_map_over_sections (abfd, find_address_in_section, (PTR) &info);
if (info.found == FALSE || info.line == 0)
return FALSE;
assert(lpFileName && lpLineNumber);
lstrcpyn(lpFileName, info.filename, nSize);
*lpLineNumber = info.line;
return TRUE;
}
static
BOOL BfdGetSymFromAddr(bfd *abfd, asymbol **syms, long symcount, DWORD dwAddress, LPTSTR lpSymName, DWORD nSize)
{
HMODULE hModule;
struct find_handle info;
if(!(hModule = (HMODULE) GetModuleBase(dwAddress)))
return FALSE;
info.pc = dwAddress;
if(!(bfd_get_file_flags (abfd) & HAS_SYMS) || !symcount)
return FALSE;
info.syms = syms;
info.found = FALSE;
bfd_map_over_sections (abfd, find_address_in_section, (PTR) &info);
if (info.found == FALSE || info.line == 0)
return FALSE;
assert(lpSymName);
if(info.functionname == NULL && *info.functionname == '\0')
return FALSE;
lstrcpyn(lpSymName, info.functionname, nSize);
return TRUE;
}
HRESULT LLDBServices::GetModuleByIndex(
ULONG index,
PULONG64 base)
{
ULONG64 moduleBase = UINT64_MAX;
lldb::SBTarget target;
lldb::SBModule module;
target = m_debugger.GetSelectedTarget();
if (!target.IsValid())
{
goto exit;
}
module = target.GetModuleAtIndex(index);
if (!module.IsValid())
{
goto exit;
}
moduleBase = GetModuleBase(target, module);
exit:
if (base)
{
*base = moduleBase;
}
return moduleBase == UINT64_MAX ? E_FAIL : S_OK;
}
HRESULT
LLDBServices::GetModuleByModuleName(
PCSTR name,
ULONG startIndex,
PULONG index,
PULONG64 base)
{
ULONG64 moduleBase = UINT64_MAX;
ULONG moduleIndex = UINT32_MAX;
lldb::SBTarget target;
lldb::SBModule module;
lldb::SBFileSpec fileSpec;
fileSpec.SetFilename(name);
target = m_debugger.GetSelectedTarget();
if (!target.IsValid())
{
goto exit;
}
module = target.FindModule(fileSpec);
if (!module.IsValid())
{
goto exit;
}
moduleBase = GetModuleBase(target, module);
if (index)
{
int numModules = target.GetNumModules();
for (int mi = startIndex; mi < numModules; mi++)
{
lldb::SBModule mod = target.GetModuleAtIndex(mi);
if (module == mod)
{
moduleIndex = mi;
break;
}
}
}
exit:
if (index)
{
*index = moduleIndex;
}
if (base)
{
*base = moduleBase;
}
return moduleBase == UINT64_MAX ? E_FAIL : S_OK;
}
int SetupandLoad(){
//memset to ensure we dont have unusual char attributes at starting
memset(&Enemy, 0, sizeof(Character));
memset(&Player, 0, sizeof(Character));
//TODO temp hardcoding
Enemy.weaponRange = 6;
Player.weaponRange = 2.5;
//get access to dark souls memory
char * processName = "DARKSOULS.exe";
//get the process id from the name
int processId = GetProcessIdFromName(processName);
//open the handle
processHandle = OpenProcess(PROCESS_ALL_ACCESS, 0, processId);
//get the base address of the process and append all other addresses onto it
memorybase = GetModuleBase(processId, processName);
Enemy_base_add += memorybase;
player_base_add += memorybase;
ReadPointerEndAddresses(processHandle);
//start gui
guiStart();
//get current camera details to lock
readCamera(&processHandle, memorybase);
//load neural network and threads
int error = ReadyThreads();
if (error){
return error;
}
//TODO load vJoy driver(we ONLY want the driver loaded when program running)
//want to use controller input, instead of keyboard, as analog stick is more precise movement
int loadresult = loadvJoy(iInterface);
if (loadresult != 0){
return loadresult;
}
iReport.bDevice = (BYTE)iInterface;
ResetVJoyController();
//set window focus
HWND h = FindWindow(NULL, TEXT("DARK SOULS"));
SetForegroundWindow(h);
SetFocus(h);
return EXIT_SUCCESS;
}
int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShow)
{
PROCESSENTRY32 pe32;
HANDLE hSnapshot, hProcess;
int nStatus = 0;
// patch bytes
BYTE bPatch[5] = { 0x66, 0xB8, 0xFF, 0xFF, 0x90 };
// RC4 Key
char *szRC4Key = "KOrUPt";
// TamperProtectionPlugin.dll
char szTargetDll[] = "\xB3\x36\x2D\x49\x8F\xB1\x27\x51\x22\x0F\x6B\x6F\x8C\x55\x05\xC5\x0C\x84\x58\x64\xB5\xF9\x99\x90\x02\x1E";
// savmain.exe
char szTargetProcessName[] = "\x94\x36\x36\x54\x8B\xAA\x19\x0D\x28\x03\x6B";
// stealthly resolve API's that may be considered suspicous if seen in our import table
lpK32Base = GetK32Base();
pWriteProcessMemory = GetAPIAddress((HMODULE)lpK32Base, dwAPIHashTable[nWriteProcessMemory]);
pOpenProcess = GetAPIAddress((HMODULE)lpK32Base, dwAPIHashTable[nOpenProcess]);
// decrypt sensitive strings
RC4((unsigned char *)szTargetDll, (unsigned char *)szRC4Key, strlen(szTargetDll), strlen(szRC4Key));
RC4((unsigned char *)szTargetProcessName, (unsigned char *)szRC4Key, strlen(szTargetProcessName), strlen(szRC4Key));
// find process and patch accordingly
pe32.dwSize = sizeof(PROCESSENTRY32);
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if(hSnapshot != INVALID_HANDLE_VALUE){
if(Process32First(hSnapshot, &pe32)){
do{
if(stricmp(pe32.szExeFile, szTargetProcessName) == 0){
hProcess = sOpenProcess(PROCESS_VM_WRITE | PROCESS_VM_OPERATION, TRUE, pe32.th32ProcessID);
if(hProcess){
DWORD dwBaseAddress = GetModuleBase(szTargetDll, pe32.th32ProcessID);
DWORD dwPatchAddress = dwBaseAddress + (0x7924 ^ 0xFDFD); // = 0x84D9 = offset
sWriteProcessMemory(hProcess, (BYTE *)dwPatchAddress, bPatch, 5, NULL);
CloseHandle(hProcess);
}
break;
}
}while(Process32Next(hSnapshot, &pe32));
}
CloseHandle(hSnapshot);
}
return nStatus;
}
char* getSC2Info(HANDLE sc2_handle, uint32_t &base_address, uint32_t &build) {
char* sc2_exe_path = (char*)malloc(MAX_PROC_NAME_SIZE);
if(GetModuleFileNameEx(sc2_handle, 0, sc2_exe_path, MAX_PROC_NAME_SIZE)==0) {
printf("ERROR %d: Unable to retrieve executable file name", GetLastError());
return NULL;
}
DWORD infoSize = GetFileVersionInfoSize(sc2_exe_path, 0);
void *infoBuffer = malloc(infoSize);
VS_FIXEDFILEINFO *sc2VersionInfo;
GetFileVersionInfo(sc2_exe_path, 0, infoSize, infoBuffer);
VerQueryValue(infoBuffer, "\\", (LPVOID*)&sc2VersionInfo, 0);
build = sc2VersionInfo->dwFileVersionLS & 0xffff;
free(infoBuffer);
DWORD proc_id = GetProcessId(sc2_handle);
base_address = GetModuleBase(proc_id, "SC2.exe");
return sc2_exe_path;
}
static ULONG_ADDR CheckAddress(void* address)
{
ULONG_ADDR dwAddress = (ULONG_ADDR)(GC_ULONG_PTR)address;
GetModuleBase(GetSymHandle(), dwAddress);
return dwAddress;
}
static
void GenerateExceptionReport(PEXCEPTION_POINTERS pExceptionInfo)
{
PEXCEPTION_RECORD pExceptionRecord = pExceptionInfo->ExceptionRecord;
TCHAR szModule[MAX_PATH];
HMODULE hModule;
PCONTEXT pContext;
// Start out with a banner
rprintf(_T("-------------------\r\n\r\n"));
{
const TCHAR *lpDayOfWeek[] = {
_T("Sunday"),
_T("Monday"),
_T("Tuesday"),
_T("Wednesday"),
_T("Thursday"),
_T("Friday"),
_T("Saturday")
};
const TCHAR *lpMonth[] = {
NULL,
_T("January"),
_T("February"),
_T("March"),
_T("April"),
_T("May"),
_T("June"),
_T("July"),
_T("August"),
_T("September"),
_T("October"),
_T("November"),
_T("December")
};
SYSTEMTIME SystemTime;
GetLocalTime(&SystemTime);
rprintf(_T("Error occured on %s, %s %i, %i at %02i:%02i:%02i.\r\n\r\n"),
lpDayOfWeek[SystemTime.wDayOfWeek],
lpMonth[SystemTime.wMonth],
SystemTime.wDay,
SystemTime.wYear,
SystemTime.wHour,
SystemTime.wMinute,
SystemTime.wSecond
);
}
// Dump a generic info header
dbgDumpHeader(hReportFile);
// First print information about the type of fault
rprintf(_T("\r\n%s caused "), GetModuleFileName(NULL, szModule, MAX_PATH) ? szModule : "Application");
switch(pExceptionRecord->ExceptionCode)
{
case EXCEPTION_ACCESS_VIOLATION:
rprintf(_T("an Access Violation"));
break;
case EXCEPTION_ARRAY_BOUNDS_EXCEEDED:
rprintf(_T("an Array Bound Exceeded"));
break;
case EXCEPTION_BREAKPOINT:
rprintf(_T("a Breakpoint"));
break;
case EXCEPTION_DATATYPE_MISALIGNMENT:
rprintf(_T("a Datatype Misalignment"));
break;
case EXCEPTION_FLT_DENORMAL_OPERAND:
rprintf(_T("a Float Denormal Operand"));
break;
case EXCEPTION_FLT_DIVIDE_BY_ZERO:
rprintf(_T("a Float Divide By Zero"));
break;
case EXCEPTION_FLT_INEXACT_RESULT:
rprintf(_T("a Float Inexact Result"));
break;
case EXCEPTION_FLT_INVALID_OPERATION:
rprintf(_T("a Float Invalid Operation"));
break;
case EXCEPTION_FLT_OVERFLOW:
rprintf(_T("a Float Overflow"));
break;
case EXCEPTION_FLT_STACK_CHECK:
rprintf(_T("a Float Stack Check"));
break;
case EXCEPTION_FLT_UNDERFLOW:
rprintf(_T("a Float Underflow"));
break;
case EXCEPTION_GUARD_PAGE:
rprintf(_T("a Guard Page"));
break;
case EXCEPTION_ILLEGAL_INSTRUCTION:
rprintf(_T("an Illegal Instruction"));
break;
case EXCEPTION_IN_PAGE_ERROR:
rprintf(_T("an In Page Error"));
break;
case EXCEPTION_INT_DIVIDE_BY_ZERO:
rprintf(_T("an Integer Divide By Zero"));
break;
case EXCEPTION_INT_OVERFLOW:
rprintf(_T("an Integer Overflow"));
break;
case EXCEPTION_INVALID_DISPOSITION:
rprintf(_T("an Invalid Disposition"));
break;
case EXCEPTION_INVALID_HANDLE:
rprintf(_T("an Invalid Handle"));
break;
case EXCEPTION_NONCONTINUABLE_EXCEPTION:
rprintf(_T("a Noncontinuable Exception"));
break;
case EXCEPTION_PRIV_INSTRUCTION:
rprintf(_T("a Privileged Instruction"));
break;
case EXCEPTION_SINGLE_STEP:
rprintf(_T("a Single Step"));
break;
case EXCEPTION_STACK_OVERFLOW:
rprintf(_T("a Stack Overflow"));
break;
case DBG_CONTROL_C:
rprintf(_T("a Control+C"));
break;
case DBG_CONTROL_BREAK:
rprintf(_T("a Control+Break"));
break;
case DBG_TERMINATE_THREAD:
rprintf(_T("a Terminate Thread"));
break;
case DBG_TERMINATE_PROCESS:
rprintf(_T("a Terminate Process"));
break;
case RPC_S_UNKNOWN_IF:
rprintf(_T("an Unknown Interface"));
break;
case RPC_S_SERVER_UNAVAILABLE:
rprintf(_T("a Server Unavailable"));
break;
default:
/*
static TCHAR szBuffer[512] = { 0 };
// If not one of the "known" exceptions, try to get the string
// from NTDLL.DLL's message table.
FormatMessage(FORMAT_MESSAGE_IGNORE_INSERTS | FORMAT_MESSAGE_FROM_HMODULE,
GetModuleHandle(_T("NTDLL.DLL")),
dwCode, 0, szBuffer, sizeof(szBuffer), 0);
*/
rprintf(_T("an Unknown [0x%lX] Exception"), pExceptionRecord->ExceptionCode);
break;
}
// Now print information about where the fault occured
rprintf(_T(" at location %08x"), (DWORD) pExceptionRecord->ExceptionAddress);
if((hModule = (HMODULE) GetModuleBase((DWORD) pExceptionRecord->ExceptionAddress)) && GetModuleFileName(hModule, szModule, sizeof(szModule)))
rprintf(_T(" in module %s"), szModule);
// If the exception was an access violation, print out some additional information, to the error log and the debugger.
if(pExceptionRecord->ExceptionCode == EXCEPTION_ACCESS_VIOLATION && pExceptionRecord->NumberParameters >= 2)
rprintf(" %s location %08x", pExceptionRecord->ExceptionInformation[0] ? "Writing to" : "Reading from", pExceptionRecord->ExceptionInformation[1]);
rprintf(".\r\n\r\n");
dbgDumpLog(hReportFile);
pContext = pExceptionInfo->ContextRecord;
#ifdef _M_IX86 // Intel Only!
// Show the registers
rprintf(_T("Registers:\r\n"));
if(pContext->ContextFlags & CONTEXT_INTEGER)
rprintf(
_T("eax=%08lx ebx=%08lx ecx=%08lx edx=%08lx esi=%08lx edi=%08lx\r\n"),
pContext->Eax,
pContext->Ebx,
pContext->Ecx,
pContext->Edx,
pContext->Esi,
pContext->Edi
);
if(pContext->ContextFlags & CONTEXT_CONTROL)
rprintf(
_T("eip=%08lx esp=%08lx ebp=%08lx iopl=%1lx %s %s %s %s %s %s %s %s %s %s\r\n"),
pContext->Eip,
pContext->Esp,
pContext->Ebp,
(pContext->EFlags >> 12) & 3, // IOPL level value
pContext->EFlags & 0x00100000 ? "vip" : " ", // VIP (virtual interrupt pending)
pContext->EFlags & 0x00080000 ? "vif" : " ", // VIF (virtual interrupt flag)
pContext->EFlags & 0x00000800 ? "ov" : "nv", // VIF (virtual interrupt flag)
pContext->EFlags & 0x00000400 ? "dn" : "up", // OF (overflow flag)
pContext->EFlags & 0x00000200 ? "ei" : "di", // IF (interrupt enable flag)
pContext->EFlags & 0x00000080 ? "ng" : "pl", // SF (sign flag)
pContext->EFlags & 0x00000040 ? "zr" : "nz", // ZF (zero flag)
pContext->EFlags & 0x00000010 ? "ac" : "na", // AF (aux carry flag)
pContext->EFlags & 0x00000004 ? "po" : "pe", // PF (parity flag)
pContext->EFlags & 0x00000001 ? "cy" : "nc" // CF (carry flag)
);
if(pContext->ContextFlags & CONTEXT_SEGMENTS)
{
rprintf(
_T("cs=%04lx ss=%04lx ds=%04lx es=%04lx fs=%04lx gs=%04lx"),
pContext->SegCs,
pContext->SegSs,
pContext->SegDs,
pContext->SegEs,
pContext->SegFs,
pContext->SegGs,
pContext->EFlags
);
if(pContext->ContextFlags & CONTEXT_CONTROL)
rprintf(
_T(" efl=%08lx"),
pContext->EFlags
);
}
else
if(pContext->ContextFlags & CONTEXT_CONTROL)
rprintf(
_T(" efl=%08lx"),
pContext->EFlags
);
rprintf(_T("\r\n\r\n"));
#endif
// FIXME: We *never* return from the below call!
StackBackTrace(GetCurrentProcess(), GetCurrentThread(), pContext);
rprintf(_T("\r\n\r\n"));
}
static
BOOL StackBackTrace(HANDLE hProcess, HANDLE hThread, PCONTEXT pContext)
{
STACKFRAME StackFrame;
HMODULE hModule = NULL;
TCHAR szModule[MAX_PATH];
#ifdef HAVE_BFD
bfd *abfd = NULL;
asymbol **syms = NULL; // The symbol table.
long symcount = 0; // Number of symbols in `syms'.
#endif /* HAVE_BFD */
assert(!bSymInitialized);
j_SymSetOptions(/* SYMOPT_UNDNAME | */ SYMOPT_LOAD_LINES);
if(j_SymInitialize(hProcess, NULL, TRUE))
bSymInitialized = TRUE;
memset( &StackFrame, 0, sizeof(StackFrame) );
// Initialize the STACKFRAME structure for the first call. This is only
// necessary for Intel CPUs, and isn't mentioned in the documentation.
StackFrame.AddrPC.Offset = pContext->Eip;
StackFrame.AddrPC.Mode = AddrModeFlat;
StackFrame.AddrStack.Offset = pContext->Esp;
StackFrame.AddrStack.Mode = AddrModeFlat;
StackFrame.AddrFrame.Offset = pContext->Ebp;
StackFrame.AddrFrame.Mode = AddrModeFlat;
rprintf( _T("Call stack:\r\n") );
if(0)
rprintf( _T("AddrPC AddrReturn AddrFrame AddrStack\r\n") );
while ( 1 )
{
BOOL bSuccess = FALSE;
#ifdef HAVE_BFD
const HMODULE hPrevModule = hModule;
#endif /* HAVE_BFD */
TCHAR szSymName[512] = _T("");
TCHAR szFileName[MAX_PATH] = _T("");
DWORD LineNumber = 0;
if(bSymInitialized)
{
if(!j_StackWalk(
IMAGE_FILE_MACHINE_I386,
hProcess,
hThread,
&StackFrame,
pContext,
NULL,
j_SymFunctionTableAccess,
j_SymGetModuleBase,
NULL
)
)
break;
}
else
{
if(!IntelStackWalk(
IMAGE_FILE_MACHINE_I386,
hProcess,
hThread,
&StackFrame,
pContext,
NULL,
NULL,
NULL,
NULL
)
)
break;
}
// Basic sanity check to make sure the frame is OK. Bail if not.
if ( 0 == StackFrame.AddrFrame.Offset )
break;
if(0)
{
rprintf(
_T("%08lX %08lX %08lX %08lX\r\n"),
StackFrame.AddrPC.Offset,
StackFrame.AddrReturn.Offset,
StackFrame.AddrFrame.Offset,
StackFrame.AddrStack.Offset
);
rprintf(
_T("%08lX %08lX %08lX %08lX\r\n"),
StackFrame.Params[0],
StackFrame.Params[1],
StackFrame.Params[2],
StackFrame.Params[3]
);
}
rprintf( _T("%08lX"), StackFrame.AddrPC.Offset);
if((hModule = (HMODULE) GetModuleBase(StackFrame.AddrPC.Offset)) && GetModuleFileName(hModule, szModule, sizeof(szModule)))
{
#ifndef HAVE_BFD
rprintf( _T(" %s:ModulBase %08lX"), szModule, hModule);
#else /* HAVE_BFD */
rprintf( _T(" %s:%08lX"), szModule, StackFrame.AddrPC.Offset);
if(hModule != hPrevModule)
{
if(syms)
{
GlobalFree(syms);
syms = NULL;
symcount = 0;
}
if(abfd)
bfd_close(abfd);
if((abfd = bfd_openr (szModule, NULL)))
if(bfd_check_format(abfd, bfd_object))
{
bfd_vma adjust_section_vma = 0;
/* If we are adjusting section VMA's, change them all now. Changing
the BFD information is a hack. However, we must do it, or
bfd_find_nearest_line will not do the right thing. */
if ((adjust_section_vma = (bfd_vma) hModule - pe_data(abfd)->pe_opthdr.ImageBase))
{
asection *s;
for (s = abfd->sections; s != NULL; s = s->next)
{
s->vma += adjust_section_vma;
s->lma += adjust_section_vma;
}
}
if(bfd_get_file_flags(abfd) & HAS_SYMS)
/* Read in the symbol table. */
slurp_symtab(abfd, &syms, &symcount);
}
}
if(!bSuccess && abfd && syms && symcount)
if((bSuccess = BfdGetSymFromAddr(abfd, syms, symcount, StackFrame.AddrPC.Offset, szSymName, 512)))
{
/*
framepointer = StackFrame.AddrFrame.Offset;
hprocess = hProcess;
*/
BfdDemangleSymName(szSymName, szSymName, 512);
rprintf( _T(" %s"), szSymName);
if(BfdGetLineFromAddr(abfd, syms, symcount, StackFrame.AddrPC.Offset, szFileName, MAX_PATH, &LineNumber))
rprintf( _T(" %s:%ld"), szFileName, LineNumber);
}
#endif /* HAVE_BFD */
if(!bSuccess && bSymInitialized)
if((bSuccess = ImagehlpGetSymFromAddr(hProcess, StackFrame.AddrPC.Offset, szSymName, 512)))
{
rprintf( _T(" %s"), szSymName);
ImagehlpDemangleSymName(szSymName, szSymName, 512);
if(ImagehlpGetLineFromAddr(hProcess, StackFrame.AddrPC.Offset, szFileName, MAX_PATH, &LineNumber))
rprintf( _T(" %s:%ld"), szFileName, LineNumber);
}
if(!bSuccess)
if((bSuccess = PEGetSymFromAddr(hProcess, StackFrame.AddrPC.Offset, szSymName, 512)))
rprintf( _T(" %s"), szSymName);
}
rprintf(_T("\r\n"));
}
#ifdef HAVE_BFD
if(syms)
{
GlobalFree(syms);
syms = NULL;
symcount = 0;
}
if(abfd)
bfd_close(abfd);
#endif /* HAVE_BFD */
if(bSymInitialized)
{
if(!j_SymCleanup(hProcess))
assert(0);
bSymInitialized = FALSE;
}
return TRUE;
}
static
BOOL PEGetSymFromAddr(HANDLE hProcess, DWORD dwAddress, LPTSTR lpSymName, DWORD nSize)
{
HMODULE hModule;
PIMAGE_NT_HEADERS pNtHdr;
IMAGE_NT_HEADERS NtHdr;
PIMAGE_SECTION_HEADER pSection;
DWORD dwNearestAddress = 0, dwNearestName;
int i;
if(!(hModule = (HMODULE) GetModuleBase(dwAddress)))
return FALSE;
{
PIMAGE_DOS_HEADER pDosHdr;
LONG e_lfanew;
// Point to the DOS header in memory
pDosHdr = (PIMAGE_DOS_HEADER)hModule;
// From the DOS header, find the NT (PE) header
if(!ReadProcessMemory(hProcess, &pDosHdr->e_lfanew, &e_lfanew, sizeof(e_lfanew), NULL))
return FALSE;
pNtHdr = (PIMAGE_NT_HEADERS)((DWORD)hModule + (DWORD)e_lfanew);
if(!ReadProcessMemory(hProcess, pNtHdr, &NtHdr, sizeof(IMAGE_NT_HEADERS), NULL))
return FALSE;
}
pSection = (PIMAGE_SECTION_HEADER) ((DWORD)pNtHdr + sizeof(DWORD) + sizeof(IMAGE_FILE_HEADER) + NtHdr.FileHeader.SizeOfOptionalHeader);
// Look for export section
for (i = 0; i < NtHdr.FileHeader.NumberOfSections; i++, pSection++)
{
IMAGE_SECTION_HEADER Section;
PIMAGE_EXPORT_DIRECTORY pExportDir = NULL;
BYTE ExportSectionName[IMAGE_SIZEOF_SHORT_NAME] = {'.', 'e', 'd', 'a', 't', 'a', '\0', '\0'};
if(!ReadProcessMemory(hProcess, pSection, &Section, sizeof(IMAGE_SECTION_HEADER), NULL))
return FALSE;
if(memcmp(Section.Name, ExportSectionName, IMAGE_SIZEOF_SHORT_NAME) == 0)
pExportDir = (PIMAGE_EXPORT_DIRECTORY) Section.VirtualAddress;
else if ((NtHdr.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress >= Section.VirtualAddress) && (NtHdr.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress < (Section.VirtualAddress + Section.SizeOfRawData)))
pExportDir = (PIMAGE_EXPORT_DIRECTORY) NtHdr.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
if(pExportDir)
{
IMAGE_EXPORT_DIRECTORY ExportDir;
if(!ReadProcessMemory(hProcess, (PVOID)((DWORD)hModule + (DWORD)pExportDir), &ExportDir, sizeof(IMAGE_EXPORT_DIRECTORY), NULL))
return FALSE;
{
PDWORD *AddressOfFunctions = alloca(ExportDir.NumberOfFunctions*sizeof(PDWORD));
int j;
if(!ReadProcessMemory(hProcess, (PVOID)((DWORD)hModule + (DWORD)ExportDir.AddressOfFunctions), AddressOfFunctions, ExportDir.NumberOfFunctions*sizeof(PDWORD), NULL))
return FALSE;
for(j = 0; j < ExportDir.NumberOfNames; ++j)
{
DWORD pFunction = (DWORD)hModule + (DWORD)AddressOfFunctions[j];
//ReadProcessMemory(hProcess, (DWORD) hModule + (DWORD) (&ExportDir.AddressOfFunctions[j]), &pFunction, sizeof(pFunction), NULL);
if(pFunction <= dwAddress && pFunction > dwNearestAddress)
{
dwNearestAddress = pFunction;
if(!ReadProcessMemory(hProcess, (PVOID)((DWORD)hModule + (DWORD)(&ExportDir.AddressOfNames)[j]), &dwNearestName, sizeof(dwNearestName), NULL))
return FALSE;
dwNearestName = (DWORD) hModule + dwNearestName;
}
}
}
}
}
if(!dwNearestAddress)
return FALSE;
if(!ReadProcessMemory(hProcess, (PVOID)dwNearestName, lpSymName, nSize, NULL))
return FALSE;
lpSymName[nSize - 1] = 0;
return TRUE;
}
HRESULT
LLDBServices::GetModuleNames(
ULONG index,
ULONG64 base,
PSTR imageNameBuffer,
ULONG imageNameBufferSize,
PULONG imageNameSize,
PSTR moduleNameBuffer,
ULONG moduleNameBufferSize,
PULONG moduleNameSize,
PSTR loadedImageNameBuffer,
ULONG loadedImageNameBufferSize,
PULONG loadedImageNameSize)
{
lldb::SBTarget target;
lldb::SBFileSpec fileSpec;
HRESULT hr = S_OK;
target = m_debugger.GetSelectedTarget();
if (!target.IsValid())
{
hr = E_FAIL;
goto exit;
}
if (index != DEBUG_ANY_ID)
{
lldb::SBModule module = target.GetModuleAtIndex(index);
if (module.IsValid())
{
fileSpec = module.GetFileSpec();
}
}
else
{
int numModules = target.GetNumModules();
for (int mi = 0; mi < numModules; mi++)
{
lldb::SBModule module = target.GetModuleAtIndex(mi);
if (module.IsValid())
{
ULONG64 moduleBase = GetModuleBase(target, module);
if (base == moduleBase)
{
fileSpec = module.GetFileSpec();
break;
}
}
}
}
if (!fileSpec.IsValid())
{
hr = E_FAIL;
goto exit;
}
exit:
if (imageNameBuffer)
{
int size = fileSpec.GetPath(imageNameBuffer, imageNameBufferSize);
if (imageNameSize)
{
*imageNameSize = size;
}
}
if (moduleNameBuffer)
{
const char *fileName = fileSpec.GetFilename();
if (fileName == NULL)
{
fileName = "";
}
stpncpy(moduleNameBuffer, fileName, moduleNameBufferSize);
if (moduleNameSize)
{
*moduleNameSize = strlen(fileName);
}
}
if (loadedImageNameBuffer)
{
int size = fileSpec.GetPath(loadedImageNameBuffer, loadedImageNameBufferSize);
if (loadedImageNameSize)
{
*loadedImageNameSize = size;
}
}
return hr;
}
