|
1
|
1 /* BUILD Version: 0001 Increment this if a change has global effects
|
|
|
2
|
|
|
3 Copyright (c) Microsoft Corporation. All rights reserved.
|
|
|
4
|
|
|
5 Module Name:
|
|
|
6
|
|
|
7 dbghelp.h
|
|
|
8
|
|
|
9 Abstract:
|
|
|
10
|
|
|
11 This module defines the prototypes and constants required for the image
|
|
|
12 help routines.
|
|
|
13
|
|
|
14 Contains debugging support routines that are redistributable.
|
|
|
15
|
|
|
16 Revision History:
|
|
|
17
|
|
|
18 --*/
|
|
|
19
|
|
|
20 //#ifndef _DBGHELP_
|
|
|
21 //#define _DBGHELP_
|
|
|
22 module win32.dbghelp;
|
|
|
23
|
|
|
24 import win32.windef;
|
|
|
25 import win32.winver;
|
|
|
26
|
|
|
27 // As a general principal always call the 64 bit version
|
|
|
28 // of every API, if a choice exists. The 64 bit version
|
|
|
29 // works great on 32 bit platforms, and is forward
|
|
|
30 // compatible to 64 bit platforms.
|
|
|
31
|
|
|
32 version(Win64) {
|
|
|
33 version = _IMAGEHLP64;
|
|
|
34 }
|
|
|
35
|
|
|
36
|
|
|
37 extern(Windows) {
|
|
|
38
|
|
|
39 /+
|
|
|
40 #ifdef _IMAGEHLP_SOURCE_
|
|
|
41 #define IMAGEAPI __stdcall
|
|
|
42 #define DBHLP_DEPRECIATED
|
|
|
43 #else
|
|
|
44 #define IMAGEAPI DECLSPEC_IMPORT __stdcall
|
|
|
45 #if (_MSC_VER >= 1300) && !defined(MIDL_PASS)
|
|
|
46 #define DBHLP_DEPRECIATED __declspec(deprecated)
|
|
|
47 #else
|
|
|
48 #define DBHLP_DEPRECIATED
|
|
|
49 #endif
|
|
|
50 #endif
|
|
|
51
|
|
|
52 #define DBHLPAPI IMAGEAPI
|
|
|
53
|
|
|
54 #define IMAGE_SEPARATION (64*1024)
|
|
|
55
|
|
|
56 typedef struct _LOADED_IMAGE {
|
|
|
57 PSTR ModuleName;
|
|
|
58 HANDLE hFile;
|
|
|
59 PUCHAR MappedAddress;
|
|
|
60 #ifdef _IMAGEHLP64
|
|
|
61 PIMAGE_NT_HEADERS64 FileHeader;
|
|
|
62 #else
|
|
|
63 PIMAGE_NT_HEADERS32 FileHeader;
|
|
|
64 #endif
|
|
|
65 PIMAGE_SECTION_HEADER LastRvaSection;
|
|
|
66 ULONG NumberOfSections;
|
|
|
67 PIMAGE_SECTION_HEADER Sections;
|
|
|
68 ULONG Characteristics;
|
|
|
69 BOOLEAN fSystemImage;
|
|
|
70 BOOLEAN fDOSImage;
|
|
|
71 LIST_ENTRY Links;
|
|
|
72 ULONG SizeOfImage;
|
|
|
73 } LOADED_IMAGE, *PLOADED_IMAGE;
|
|
|
74
|
|
|
75 #define MAX_SYM_NAME 2000
|
|
|
76
|
|
|
77
|
|
|
78 HANDLE
|
|
|
79 IMAGEAPI
|
|
|
80 FindDebugInfoFile (
|
|
|
81 PSTR FileName,
|
|
|
82 PSTR SymbolPath,
|
|
|
83 PSTR DebugFilePath
|
|
|
84 );
|
|
|
85
|
|
|
86 typedef BOOL
|
|
|
87 (CALLBACK *PFIND_DEBUG_FILE_CALLBACK)(
|
|
|
88 HANDLE FileHandle,
|
|
|
89 PSTR FileName,
|
|
|
90 PVOID CallerData
|
|
|
91 );
|
|
|
92
|
|
|
93 HANDLE
|
|
|
94 IMAGEAPI
|
|
|
95 FindDebugInfoFileEx (
|
|
|
96 PSTR FileName,
|
|
|
97 PSTR SymbolPath,
|
|
|
98 PSTR DebugFilePath,
|
|
|
99 PFIND_DEBUG_FILE_CALLBACK Callback,
|
|
|
100 PVOID CallerData
|
|
|
101 );
|
|
|
102
|
|
|
103 typedef BOOL
|
|
|
104 (CALLBACK *PFINDFILEINPATHCALLBACK)(
|
|
|
105 PSTR filename,
|
|
|
106 PVOID context
|
|
|
107 );
|
|
|
108
|
|
|
109 BOOL
|
|
|
110 IMAGEAPI
|
|
|
111 SymFindFileInPath(
|
|
|
112 HANDLE hprocess,
|
|
|
113 LPSTR SearchPath,
|
|
|
114 LPSTR FileName,
|
|
|
115 PVOID id,
|
|
|
116 DWORD two,
|
|
|
117 DWORD three,
|
|
|
118 DWORD flags,
|
|
|
119 LPSTR FoundFile,
|
|
|
120 PFINDFILEINPATHCALLBACK callback,
|
|
|
121 PVOID context
|
|
|
122 );
|
|
|
123
|
|
|
124 HANDLE
|
|
|
125 IMAGEAPI
|
|
|
126 FindExecutableImage(
|
|
|
127 PSTR FileName,
|
|
|
128 PSTR SymbolPath,
|
|
|
129 PSTR ImageFilePath
|
|
|
130 );
|
|
|
131
|
|
|
132 typedef BOOL
|
|
|
133 (CALLBACK *PFIND_EXE_FILE_CALLBACK)(
|
|
|
134 HANDLE FileHandle,
|
|
|
135 PSTR FileName,
|
|
|
136 PVOID CallerData
|
|
|
137 );
|
|
|
138
|
|
|
139 HANDLE
|
|
|
140 IMAGEAPI
|
|
|
141 FindExecutableImageEx(
|
|
|
142 PSTR FileName,
|
|
|
143 PSTR SymbolPath,
|
|
|
144 PSTR ImageFilePath,
|
|
|
145 PFIND_EXE_FILE_CALLBACK Callback,
|
|
|
146 PVOID CallerData
|
|
|
147 );
|
|
|
148
|
|
|
149 PIMAGE_NT_HEADERS
|
|
|
150 IMAGEAPI
|
|
|
151 ImageNtHeader (
|
|
|
152 IN PVOID Base
|
|
|
153 );
|
|
|
154
|
|
|
155 PVOID
|
|
|
156 IMAGEAPI
|
|
|
157 ImageDirectoryEntryToDataEx (
|
|
|
158 IN PVOID Base,
|
|
|
159 IN BOOLEAN MappedAsImage,
|
|
|
160 IN USHORT DirectoryEntry,
|
|
|
161 OUT PULONG Size,
|
|
|
162 OUT PIMAGE_SECTION_HEADER *FoundHeader OPTIONAL
|
|
|
163 );
|
|
|
164
|
|
|
165 PVOID
|
|
|
166 IMAGEAPI
|
|
|
167 ImageDirectoryEntryToData (
|
|
|
168 IN PVOID Base,
|
|
|
169 IN BOOLEAN MappedAsImage,
|
|
|
170 IN USHORT DirectoryEntry,
|
|
|
171 OUT PULONG Size
|
|
|
172 );
|
|
|
173
|
|
|
174 PIMAGE_SECTION_HEADER
|
|
|
175 IMAGEAPI
|
|
|
176 ImageRvaToSection(
|
|
|
177 IN PIMAGE_NT_HEADERS NtHeaders,
|
|
|
178 IN PVOID Base,
|
|
|
179 IN ULONG Rva
|
|
|
180 );
|
|
|
181
|
|
|
182 PVOID
|
|
|
183 IMAGEAPI
|
|
|
184 ImageRvaToVa(
|
|
|
185 IN PIMAGE_NT_HEADERS NtHeaders,
|
|
|
186 IN PVOID Base,
|
|
|
187 IN ULONG Rva,
|
|
|
188 IN OUT PIMAGE_SECTION_HEADER *LastRvaSection
|
|
|
189 );
|
|
|
190
|
|
|
191 // Symbol server exports
|
|
|
192
|
|
|
193 typedef BOOL (WINAPI *PSYMBOLSERVERPROC)(LPCSTR, LPCSTR, PVOID, DWORD, DWORD, LPSTR);
|
|
|
194 typedef BOOL (WINAPI *PSYMBOLSERVEROPENPROC)(VOID);
|
|
|
195 typedef BOOL (WINAPI *PSYMBOLSERVERCLOSEPROC)(VOID);
|
|
|
196 typedef BOOL (WINAPI *PSYMBOLSERVERSETOPTIONSPROC)(UINT_PTR, ULONG64);
|
|
|
197 typedef BOOL (CALLBACK WINAPI *PSYMBOLSERVERCALLBACKPROC)(UINT_PTR action, ULONG64 data, ULONG64 context);
|
|
|
198 typedef UINT_PTR (WINAPI *PSYMBOLSERVERGETOPTIONSPROC)();
|
|
|
199 typedef BOOL (WINAPI *PSYMBOLSERVERPINGPROC)(LPCSTR);
|
|
|
200
|
|
|
201 #define SSRVOPT_CALLBACK 0x001
|
|
|
202 #define SSRVOPT_DWORD 0x002
|
|
|
203 #define SSRVOPT_DWORDPTR 0x004
|
|
|
204 #define SSRVOPT_GUIDPTR 0x008
|
|
|
205 #define SSRVOPT_OLDGUIDPTR 0x010
|
|
|
206 #define SSRVOPT_UNATTENDED 0x020
|
|
|
207 #define SSRVOPT_NOCOPY 0x040
|
|
|
208 #define SSRVOPT_PARENTWIN 0x080
|
|
|
209 #define SSRVOPT_PARAMTYPE 0x100
|
|
|
210 #define SSRVOPT_SECURE 0x200
|
|
|
211 #define SSRVOPT_TRACE 0x400
|
|
|
212 #define SSRVOPT_RESET ((ULONG_PTR)-1)
|
|
|
213
|
|
|
214 #define SSRVACTION_TRACE 1
|
|
|
215
|
|
|
216
|
|
|
217 #ifndef _WIN64
|
|
|
218 // This api won't be ported to Win64 - Fix your code.
|
|
|
219
|
|
|
220 typedef struct _IMAGE_DEBUG_INFORMATION {
|
|
|
221 LIST_ENTRY List;
|
|
|
222 DWORD ReservedSize;
|
|
|
223 PVOID ReservedMappedBase;
|
|
|
224 USHORT ReservedMachine;
|
|
|
225 USHORT ReservedCharacteristics;
|
|
|
226 DWORD ReservedCheckSum;
|
|
|
227 DWORD ImageBase;
|
|
|
228 DWORD SizeOfImage;
|
|
|
229
|
|
|
230 DWORD ReservedNumberOfSections;
|
|
|
231 PIMAGE_SECTION_HEADER ReservedSections;
|
|
|
232
|
|
|
233 DWORD ReservedExportedNamesSize;
|
|
|
234 PSTR ReservedExportedNames;
|
|
|
235
|
|
|
236 DWORD ReservedNumberOfFunctionTableEntries;
|
|
|
237 PIMAGE_FUNCTION_ENTRY ReservedFunctionTableEntries;
|
|
|
238 DWORD ReservedLowestFunctionStartingAddress;
|
|
|
239 DWORD ReservedHighestFunctionEndingAddress;
|
|
|
240
|
|
|
241 DWORD ReservedNumberOfFpoTableEntries;
|
|
|
242 PFPO_DATA ReservedFpoTableEntries;
|
|
|
243
|
|
|
244 DWORD SizeOfCoffSymbols;
|
|
|
245 PIMAGE_COFF_SYMBOLS_HEADER CoffSymbols;
|
|
|
246
|
|
|
247 DWORD ReservedSizeOfCodeViewSymbols;
|
|
|
248 PVOID ReservedCodeViewSymbols;
|
|
|
249
|
|
|
250 PSTR ImageFilePath;
|
|
|
251 PSTR ImageFileName;
|
|
|
252 PSTR ReservedDebugFilePath;
|
|
|
253
|
|
|
254 DWORD ReservedTimeDateStamp;
|
|
|
255
|
|
|
256 BOOL ReservedRomImage;
|
|
|
257 PIMAGE_DEBUG_DIRECTORY ReservedDebugDirectory;
|
|
|
258 DWORD ReservedNumberOfDebugDirectories;
|
|
|
259
|
|
|
260 DWORD ReservedOriginalFunctionTableBaseAddress;
|
|
|
261
|
|
|
262 DWORD Reserved[ 2 ];
|
|
|
263
|
|
|
264 } IMAGE_DEBUG_INFORMATION, *PIMAGE_DEBUG_INFORMATION;
|
|
|
265
|
|
|
266
|
|
|
267 PIMAGE_DEBUG_INFORMATION
|
|
|
268 IMAGEAPI
|
|
|
269 MapDebugInformation(
|
|
|
270 HANDLE FileHandle,
|
|
|
271 PSTR FileName,
|
|
|
272 PSTR SymbolPath,
|
|
|
273 DWORD ImageBase
|
|
|
274 );
|
|
|
275
|
|
|
276 BOOL
|
|
|
277 IMAGEAPI
|
|
|
278 UnmapDebugInformation(
|
|
|
279 PIMAGE_DEBUG_INFORMATION DebugInfo
|
|
|
280 );
|
|
|
281
|
|
|
282 #endif
|
|
|
283
|
|
|
284 BOOL
|
|
|
285 IMAGEAPI
|
|
|
286 SearchTreeForFile(
|
|
|
287 PSTR RootPath,
|
|
|
288 PSTR InputPathName,
|
|
|
289 PSTR OutputPathBuffer
|
|
|
290 );
|
|
|
291
|
|
|
292 typedef BOOL
|
|
|
293 (CALLBACK *PENUMDIRTREE_CALLBACK)(
|
|
|
294 LPCSTR FilePath,
|
|
|
295 PVOID CallerData
|
|
|
296 );
|
|
|
297
|
|
|
298 BOOL
|
|
|
299 IMAGEAPI
|
|
|
300 EnumDirTree(
|
|
|
301 HANDLE hProcess,
|
|
|
302 PSTR RootPath,
|
|
|
303 PSTR InputPathName,
|
|
|
304 PSTR OutputPathBuffer,
|
|
|
305 PENUMDIRTREE_CALLBACK Callback,
|
|
|
306 PVOID CallbackData
|
|
|
307 );
|
|
|
308
|
|
|
309 BOOL
|
|
|
310 IMAGEAPI
|
|
|
311 MakeSureDirectoryPathExists(
|
|
|
312 PCSTR DirPath
|
|
|
313 );
|
|
|
314
|
|
|
315 //
|
|
|
316 // UnDecorateSymbolName Flags
|
|
|
317 //
|
|
|
318
|
|
|
319 #define UNDNAME_COMPLETE (0x0000) // Enable full undecoration
|
|
|
320 #define UNDNAME_NO_LEADING_UNDERSCORES (0x0001) // Remove leading underscores from MS extended keywords
|
|
|
321 #define UNDNAME_NO_MS_KEYWORDS (0x0002) // Disable expansion of MS extended keywords
|
|
|
322 #define UNDNAME_NO_FUNCTION_RETURNS (0x0004) // Disable expansion of return type for primary declaration
|
|
|
323 #define UNDNAME_NO_ALLOCATION_MODEL (0x0008) // Disable expansion of the declaration model
|
|
|
324 #define UNDNAME_NO_ALLOCATION_LANGUAGE (0x0010) // Disable expansion of the declaration language specifier
|
|
|
325 #define UNDNAME_NO_MS_THISTYPE (0x0020) // NYI Disable expansion of MS keywords on the 'this' type for primary declaration
|
|
|
326 #define UNDNAME_NO_CV_THISTYPE (0x0040) // NYI Disable expansion of CV modifiers on the 'this' type for primary declaration
|
|
|
327 #define UNDNAME_NO_THISTYPE (0x0060) // Disable all modifiers on the 'this' type
|
|
|
328 #define UNDNAME_NO_ACCESS_SPECIFIERS (0x0080) // Disable expansion of access specifiers for members
|
|
|
329 #define UNDNAME_NO_THROW_SIGNATURES (0x0100) // Disable expansion of 'throw-signatures' for functions and pointers to functions
|
|
|
330 #define UNDNAME_NO_MEMBER_TYPE (0x0200) // Disable expansion of 'static' or 'virtual'ness of members
|
|
|
331 #define UNDNAME_NO_RETURN_UDT_MODEL (0x0400) // Disable expansion of MS model for UDT returns
|
|
|
332 #define UNDNAME_32_BIT_DECODE (0x0800) // Undecorate 32-bit decorated names
|
|
|
333 #define UNDNAME_NAME_ONLY (0x1000) // Crack only the name for primary declaration;
|
|
|
334 // return just [scope::]name. Does expand template params
|
|
|
335 #define UNDNAME_NO_ARGUMENTS (0x2000) // Don't undecorate arguments to function
|
|
|
336 #define UNDNAME_NO_SPECIAL_SYMS (0x4000) // Don't undecorate special names (v-table, vcall, vector xxx, metatype, etc)
|
|
|
337
|
|
|
338 DWORD
|
|
|
339 IMAGEAPI
|
|
|
340 WINAPI
|
|
|
341 UnDecorateSymbolName(
|
|
|
342 PCSTR DecoratedName, // Name to undecorate
|
|
|
343 PSTR UnDecoratedName, // If NULL, it will be allocated
|
|
|
344 DWORD UndecoratedLength, // The maximym length
|
|
|
345 DWORD Flags // See above.
|
|
|
346 );
|
|
|
347
|
|
|
348
|
|
|
349 //
|
|
|
350 // these values are used for synthesized file types
|
|
|
351 // that can be passed in as image headers instead of
|
|
|
352 // the standard ones from ntimage.h
|
|
|
353 //
|
|
|
354
|
|
|
355 #define DBHHEADER_DEBUGDIRS 0x1
|
|
|
356
|
|
|
357 typedef struct _MODLOAD_DATA {
|
|
|
358 DWORD ssize; // size of this struct
|
|
|
359 DWORD ssig; // signature identifying the passed data
|
|
|
360 PVOID data; // pointer to passed data
|
|
|
361 DWORD size; // size of passed data
|
|
|
362 DWORD flags; // options
|
|
|
363 } MODLOAD_DATA, *PMODLOAD_DATA;
|
|
|
364
|
|
|
365 //
|
|
|
366 // StackWalking API
|
|
|
367 //
|
|
|
368
|
|
|
369 typedef enum {
|
|
|
370 AddrMode1616,
|
|
|
371 AddrMode1632,
|
|
|
372 AddrModeReal,
|
|
|
373 AddrModeFlat
|
|
|
374 } ADDRESS_MODE;
|
|
|
375
|
|
|
376 typedef struct _tagADDRESS64 {
|
|
|
377 DWORD64 Offset;
|
|
|
378 WORD Segment;
|
|
|
379 ADDRESS_MODE Mode;
|
|
|
380 } ADDRESS64, *LPADDRESS64;
|
|
|
381
|
|
|
382 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
|
|
383 #define ADDRESS ADDRESS64
|
|
|
384 #define LPADDRESS LPADDRESS64
|
|
|
385 #else
|
|
|
386 typedef struct _tagADDRESS {
|
|
|
387 DWORD Offset;
|
|
|
388 WORD Segment;
|
|
|
389 ADDRESS_MODE Mode;
|
|
|
390 } ADDRESS, *LPADDRESS;
|
|
|
391
|
|
|
392 __inline
|
|
|
393 void
|
|
|
394 Address32To64(
|
|
|
395 LPADDRESS a32,
|
|
|
396 LPADDRESS64 a64
|
|
|
397 )
|
|
|
398 {
|
|
|
399 a64->Offset = (ULONG64)(LONG64)(LONG)a32->Offset;
|
|
|
400 a64->Segment = a32->Segment;
|
|
|
401 a64->Mode = a32->Mode;
|
|
|
402 }
|
|
|
403
|
|
|
404 __inline
|
|
|
405 void
|
|
|
406 Address64To32(
|
|
|
407 LPADDRESS64 a64,
|
|
|
408 LPADDRESS a32
|
|
|
409 )
|
|
|
410 {
|
|
|
411 a32->Offset = (ULONG)a64->Offset;
|
|
|
412 a32->Segment = a64->Segment;
|
|
|
413 a32->Mode = a64->Mode;
|
|
|
414 }
|
|
|
415 #endif
|
|
|
416
|
|
|
417 //
|
|
|
418 // This structure is included in the STACKFRAME structure,
|
|
|
419 // and is used to trace through usermode callbacks in a thread's
|
|
|
420 // kernel stack. The values must be copied by the kernel debugger
|
|
|
421 // from the DBGKD_GET_VERSION and WAIT_STATE_CHANGE packets.
|
|
|
422 //
|
|
|
423
|
|
|
424 //
|
|
|
425 // New KDHELP structure for 64 bit system support.
|
|
|
426 // This structure is preferred in new code.
|
|
|
427 //
|
|
|
428 typedef struct _KDHELP64 {
|
|
|
429
|
|
|
430 //
|
|
|
431 // address of kernel thread object, as provided in the
|
|
|
432 // WAIT_STATE_CHANGE packet.
|
|
|
433 //
|
|
|
434 DWORD64 Thread;
|
|
|
435
|
|
|
436 //
|
|
|
437 // offset in thread object to pointer to the current callback frame
|
|
|
438 // in kernel stack.
|
|
|
439 //
|
|
|
440 DWORD ThCallbackStack;
|
|
|
441
|
|
|
442 //
|
|
|
443 // offset in thread object to pointer to the current callback backing
|
|
|
444 // store frame in kernel stack.
|
|
|
445 //
|
|
|
446 DWORD ThCallbackBStore;
|
|
|
447
|
|
|
448 //
|
|
|
449 // offsets to values in frame:
|
|
|
450 //
|
|
|
451 // address of next callback frame
|
|
|
452 DWORD NextCallback;
|
|
|
453
|
|
|
454 // address of saved frame pointer (if applicable)
|
|
|
455 DWORD FramePointer;
|
|
|
456
|
|
|
457
|
|
|
458 //
|
|
|
459 // Address of the kernel function that calls out to user mode
|
|
|
460 //
|
|
|
461 DWORD64 KiCallUserMode;
|
|
|
462
|
|
|
463 //
|
|
|
464 // Address of the user mode dispatcher function
|
|
|
465 //
|
|
|
466 DWORD64 KeUserCallbackDispatcher;
|
|
|
467
|
|
|
468 //
|
|
|
469 // Lowest kernel mode address
|
|
|
470 //
|
|
|
471 DWORD64 SystemRangeStart;
|
|
|
472
|
|
|
473 DWORD64 Reserved[8];
|
|
|
474
|
|
|
475 } KDHELP64, *PKDHELP64;
|
|
|
476
|
|
|
477 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
|
|
478 #define KDHELP KDHELP64
|
|
|
479 #define PKDHELP PKDHELP64
|
|
|
480 #else
|
|
|
481 typedef struct _KDHELP {
|
|
|
482
|
|
|
483 //
|
|
|
484 // address of kernel thread object, as provided in the
|
|
|
485 // WAIT_STATE_CHANGE packet.
|
|
|
486 //
|
|
|
487 DWORD Thread;
|
|
|
488
|
|
|
489 //
|
|
|
490 // offset in thread object to pointer to the current callback frame
|
|
|
491 // in kernel stack.
|
|
|
492 //
|
|
|
493 DWORD ThCallbackStack;
|
|
|
494
|
|
|
495 //
|
|
|
496 // offsets to values in frame:
|
|
|
497 //
|
|
|
498 // address of next callback frame
|
|
|
499 DWORD NextCallback;
|
|
|
500
|
|
|
501 // address of saved frame pointer (if applicable)
|
|
|
502 DWORD FramePointer;
|
|
|
503
|
|
|
504 //
|
|
|
505 // Address of the kernel function that calls out to user mode
|
|
|
506 //
|
|
|
507 DWORD KiCallUserMode;
|
|
|
508
|
|
|
509 //
|
|
|
510 // Address of the user mode dispatcher function
|
|
|
511 //
|
|
|
512 DWORD KeUserCallbackDispatcher;
|
|
|
513
|
|
|
514 //
|
|
|
515 // Lowest kernel mode address
|
|
|
516 //
|
|
|
517 DWORD SystemRangeStart;
|
|
|
518
|
|
|
519 //
|
|
|
520 // offset in thread object to pointer to the current callback backing
|
|
|
521 // store frame in kernel stack.
|
|
|
522 //
|
|
|
523 DWORD ThCallbackBStore;
|
|
|
524
|
|
|
525 DWORD Reserved[8];
|
|
|
526
|
|
|
527 } KDHELP, *PKDHELP;
|
|
|
528
|
|
|
529 __inline
|
|
|
530 void
|
|
|
531 KdHelp32To64(
|
|
|
532 PKDHELP p32,
|
|
|
533 PKDHELP64 p64
|
|
|
534 )
|
|
|
535 {
|
|
|
536 p64->Thread = p32->Thread;
|
|
|
537 p64->ThCallbackStack = p32->ThCallbackStack;
|
|
|
538 p64->NextCallback = p32->NextCallback;
|
|
|
539 p64->FramePointer = p32->FramePointer;
|
|
|
540 p64->KiCallUserMode = p32->KiCallUserMode;
|
|
|
541 p64->KeUserCallbackDispatcher = p32->KeUserCallbackDispatcher;
|
|
|
542 p64->SystemRangeStart = p32->SystemRangeStart;
|
|
|
543 }
|
|
|
544 #endif
|
|
|
545
|
|
|
546 typedef struct _tagSTACKFRAME64 {
|
|
|
547 ADDRESS64 AddrPC; // program counter
|
|
|
548 ADDRESS64 AddrReturn; // return address
|
|
|
549 ADDRESS64 AddrFrame; // frame pointer
|
|
|
550 ADDRESS64 AddrStack; // stack pointer
|
|
|
551 ADDRESS64 AddrBStore; // backing store pointer
|
|
|
552 PVOID FuncTableEntry; // pointer to pdata/fpo or NULL
|
|
|
553 DWORD64 Params[4]; // possible arguments to the function
|
|
|
554 BOOL Far; // WOW far call
|
|
|
555 BOOL Virtual; // is this a virtual frame?
|
|
|
556 DWORD64 Reserved[3];
|
|
|
557 KDHELP64 KdHelp;
|
|
|
558 } STACKFRAME64, *LPSTACKFRAME64;
|
|
|
559
|
|
|
560 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
|
|
561 #define STACKFRAME STACKFRAME64
|
|
|
562 #define LPSTACKFRAME LPSTACKFRAME64
|
|
|
563 #else
|
|
|
564 typedef struct _tagSTACKFRAME {
|
|
|
565 ADDRESS AddrPC; // program counter
|
|
|
566 ADDRESS AddrReturn; // return address
|
|
|
567 ADDRESS AddrFrame; // frame pointer
|
|
|
568 ADDRESS AddrStack; // stack pointer
|
|
|
569 PVOID FuncTableEntry; // pointer to pdata/fpo or NULL
|
|
|
570 DWORD Params[4]; // possible arguments to the function
|
|
|
571 BOOL Far; // WOW far call
|
|
|
572 BOOL Virtual; // is this a virtual frame?
|
|
|
573 DWORD Reserved[3];
|
|
|
574 KDHELP KdHelp;
|
|
|
575 ADDRESS AddrBStore; // backing store pointer
|
|
|
576 } STACKFRAME, *LPSTACKFRAME;
|
|
|
577 #endif
|
|
|
578
|
|
|
579
|
|
|
580 typedef
|
|
|
581 BOOL
|
|
|
582 (__stdcall *PREAD_PROCESS_MEMORY_ROUTINE64)(
|
|
|
583 HANDLE hProcess,
|
|
|
584 DWORD64 qwBaseAddress,
|
|
|
585 PVOID lpBuffer,
|
|
|
586 DWORD nSize,
|
|
|
587 LPDWORD lpNumberOfBytesRead
|
|
|
588 );
|
|
|
589
|
|
|
590 typedef
|
|
|
591 PVOID
|
|
|
592 (__stdcall *PFUNCTION_TABLE_ACCESS_ROUTINE64)(
|
|
|
593 HANDLE hProcess,
|
|
|
594 DWORD64 AddrBase
|
|
|
595 );
|
|
|
596
|
|
|
597 typedef
|
|
|
598 DWORD64
|
|
|
599 (__stdcall *PGET_MODULE_BASE_ROUTINE64)(
|
|
|
600 HANDLE hProcess,
|
|
|
601 DWORD64 Address
|
|
|
602 );
|
|
|
603
|
|
|
604 typedef
|
|
|
605 DWORD64
|
|
|
606 (__stdcall *PTRANSLATE_ADDRESS_ROUTINE64)(
|
|
|
607 HANDLE hProcess,
|
|
|
608 HANDLE hThread,
|
|
|
609 LPADDRESS64 lpaddr
|
|
|
610 );
|
|
|
611
|
|
|
612 BOOL
|
|
|
613 IMAGEAPI
|
|
|
614 StackWalk64(
|
|
|
615 DWORD MachineType,
|
|
|
616 HANDLE hProcess,
|
|
|
617 HANDLE hThread,
|
|
|
618 LPSTACKFRAME64 StackFrame,
|
|
|
619 PVOID ContextRecord,
|
|
|
620 PREAD_PROCESS_MEMORY_ROUTINE64 ReadMemoryRoutine,
|
|
|
621 PFUNCTION_TABLE_ACCESS_ROUTINE64 FunctionTableAccessRoutine,
|
|
|
622 PGET_MODULE_BASE_ROUTINE64 GetModuleBaseRoutine,
|
|
|
623 PTRANSLATE_ADDRESS_ROUTINE64 TranslateAddress
|
|
|
624 );
|
|
|
625
|
|
|
626 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
|
|
627
|
|
|
628 #define PREAD_PROCESS_MEMORY_ROUTINE PREAD_PROCESS_MEMORY_ROUTINE64
|
|
|
629 #define PFUNCTION_TABLE_ACCESS_ROUTINE PFUNCTION_TABLE_ACCESS_ROUTINE64
|
|
|
630 #define PGET_MODULE_BASE_ROUTINE PGET_MODULE_BASE_ROUTINE64
|
|
|
631 #define PTRANSLATE_ADDRESS_ROUTINE PTRANSLATE_ADDRESS_ROUTINE64
|
|
|
632
|
|
|
633 #define StackWalk StackWalk64
|
|
|
634
|
|
|
635 #else
|
|
|
636
|
|
|
637 typedef
|
|
|
638 BOOL
|
|
|
639 (__stdcall *PREAD_PROCESS_MEMORY_ROUTINE)(
|
|
|
640 HANDLE hProcess,
|
|
|
641 DWORD lpBaseAddress,
|
|
|
642 PVOID lpBuffer,
|
|
|
643 DWORD nSize,
|
|
|
644 PDWORD lpNumberOfBytesRead
|
|
|
645 );
|
|
|
646
|
|
|
647 typedef
|
|
|
648 PVOID
|
|
|
649 (__stdcall *PFUNCTION_TABLE_ACCESS_ROUTINE)(
|
|
|
650 HANDLE hProcess,
|
|
|
651 DWORD AddrBase
|
|
|
652 );
|
|
|
653
|
|
|
654 typedef
|
|
|
655 DWORD
|
|
|
656 (__stdcall *PGET_MODULE_BASE_ROUTINE)(
|
|
|
657 HANDLE hProcess,
|
|
|
658 DWORD Address
|
|
|
659 );
|
|
|
660
|
|
|
661 typedef
|
|
|
662 DWORD
|
|
|
663 (__stdcall *PTRANSLATE_ADDRESS_ROUTINE)(
|
|
|
664 HANDLE hProcess,
|
|
|
665 HANDLE hThread,
|
|
|
666 LPADDRESS lpaddr
|
|
|
667 );
|
|
|
668
|
|
|
669 BOOL
|
|
|
670 IMAGEAPI
|
|
|
671 StackWalk(
|
|
|
672 DWORD MachineType,
|
|
|
673 HANDLE hProcess,
|
|
|
674 HANDLE hThread,
|
|
|
675 LPSTACKFRAME StackFrame,
|
|
|
676 PVOID ContextRecord,
|
|
|
677 PREAD_PROCESS_MEMORY_ROUTINE ReadMemoryRoutine,
|
|
|
678 PFUNCTION_TABLE_ACCESS_ROUTINE FunctionTableAccessRoutine,
|
|
|
679 PGET_MODULE_BASE_ROUTINE GetModuleBaseRoutine,
|
|
|
680 PTRANSLATE_ADDRESS_ROUTINE TranslateAddress
|
|
|
681 );
|
|
|
682
|
|
|
683 #endif
|
|
|
684
|
|
|
685
|
|
|
686 #define API_VERSION_NUMBER 9
|
|
|
687
|
|
|
688 typedef struct API_VERSION {
|
|
|
689 USHORT MajorVersion;
|
|
|
690 USHORT MinorVersion;
|
|
|
691 USHORT Revision;
|
|
|
692 USHORT Reserved;
|
|
|
693 } API_VERSION, *LPAPI_VERSION;
|
|
|
694
|
|
|
695 LPAPI_VERSION
|
|
|
696 IMAGEAPI
|
|
|
697 ImagehlpApiVersion(
|
|
|
698 VOID
|
|
|
699 );
|
|
|
700
|
|
|
701 LPAPI_VERSION
|
|
|
702 IMAGEAPI
|
|
|
703 ImagehlpApiVersionEx(
|
|
|
704 LPAPI_VERSION AppVersion
|
|
|
705 );
|
|
|
706
|
|
|
707 DWORD
|
|
|
708 IMAGEAPI
|
|
|
709 GetTimestampForLoadedLibrary(
|
|
|
710 HMODULE Module
|
|
|
711 );
|
|
|
712
|
|
|
713 //
|
|
|
714 // typedefs for function pointers
|
|
|
715 //
|
|
|
716 typedef BOOL
|
|
|
717 (CALLBACK *PSYM_ENUMMODULES_CALLBACK64)(
|
|
|
718 PSTR ModuleName,
|
|
|
719 DWORD64 BaseOfDll,
|
|
|
720 PVOID UserContext
|
|
|
721 );
|
|
|
722
|
|
|
723 typedef BOOL
|
|
|
724 (CALLBACK *PSYM_ENUMSYMBOLS_CALLBACK64)(
|
|
|
725 PSTR SymbolName,
|
|
|
726 DWORD64 SymbolAddress,
|
|
|
727 ULONG SymbolSize,
|
|
|
728 PVOID UserContext
|
|
|
729 );
|
|
|
730
|
|
|
731 typedef BOOL
|
|
|
732 (CALLBACK *PSYM_ENUMSYMBOLS_CALLBACK64W)(
|
|
|
733 PWSTR SymbolName,
|
|
|
734 DWORD64 SymbolAddress,
|
|
|
735 ULONG SymbolSize,
|
|
|
736 PVOID UserContext
|
|
|
737 );
|
|
|
738
|
|
|
739 typedef BOOL
|
|
|
740 (CALLBACK *PENUMLOADED_MODULES_CALLBACK64)(
|
|
|
741 PSTR ModuleName,
|
|
|
742 DWORD64 ModuleBase,
|
|
|
743 ULONG ModuleSize,
|
|
|
744 PVOID UserContext
|
|
|
745 );
|
|
|
746
|
|
|
747 typedef BOOL
|
|
|
748 (CALLBACK *PSYMBOL_REGISTERED_CALLBACK64)(
|
|
|
749 HANDLE hProcess,
|
|
|
750 ULONG ActionCode,
|
|
|
751 ULONG64 CallbackData,
|
|
|
752 ULONG64 UserContext
|
|
|
753 );
|
|
|
754
|
|
|
755 typedef
|
|
|
756 PVOID
|
|
|
757 (CALLBACK *PSYMBOL_FUNCENTRY_CALLBACK)(
|
|
|
758 HANDLE hProcess,
|
|
|
759 DWORD AddrBase,
|
|
|
760 PVOID UserContext
|
|
|
761 );
|
|
|
762
|
|
|
763 typedef
|
|
|
764 PVOID
|
|
|
765 (CALLBACK *PSYMBOL_FUNCENTRY_CALLBACK64)(
|
|
|
766 HANDLE hProcess,
|
|
|
767 ULONG64 AddrBase,
|
|
|
768 ULONG64 UserContext
|
|
|
769 );
|
|
|
770
|
|
|
771 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
|
|
772
|
|
|
773 #define PSYM_ENUMMODULES_CALLBACK PSYM_ENUMMODULES_CALLBACK64
|
|
|
774 #define PSYM_ENUMSYMBOLS_CALLBACK PSYM_ENUMSYMBOLS_CALLBACK64
|
|
|
775 #define PSYM_ENUMSYMBOLS_CALLBACKW PSYM_ENUMSYMBOLS_CALLBACK64W
|
|
|
776 #define PENUMLOADED_MODULES_CALLBACK PENUMLOADED_MODULES_CALLBACK64
|
|
|
777 #define PSYMBOL_REGISTERED_CALLBACK PSYMBOL_REGISTERED_CALLBACK64
|
|
|
778 #define PSYMBOL_FUNCENTRY_CALLBACK PSYMBOL_FUNCENTRY_CALLBACK64
|
|
|
779
|
|
|
780 #else
|
|
|
781
|
|
|
782 typedef BOOL
|
|
|
783 (CALLBACK *PSYM_ENUMMODULES_CALLBACK)(
|
|
|
784 PSTR ModuleName,
|
|
|
785 ULONG BaseOfDll,
|
|
|
786 PVOID UserContext
|
|
|
787 );
|
|
|
788
|
|
|
789 typedef BOOL
|
|
|
790 (CALLBACK *PSYM_ENUMSYMBOLS_CALLBACK)(
|
|
|
791 PSTR SymbolName,
|
|
|
792 ULONG SymbolAddress,
|
|
|
793 ULONG SymbolSize,
|
|
|
794 PVOID UserContext
|
|
|
795 );
|
|
|
796
|
|
|
797 typedef BOOL
|
|
|
798 (CALLBACK *PSYM_ENUMSYMBOLS_CALLBACKW)(
|
|
|
799 PWSTR SymbolName,
|
|
|
800 ULONG SymbolAddress,
|
|
|
801 ULONG SymbolSize,
|
|
|
802 PVOID UserContext
|
|
|
803 );
|
|
|
804
|
|
|
805 typedef BOOL
|
|
|
806 (CALLBACK *PENUMLOADED_MODULES_CALLBACK)(
|
|
|
807 PSTR ModuleName,
|
|
|
808 ULONG ModuleBase,
|
|
|
809 ULONG ModuleSize,
|
|
|
810 PVOID UserContext
|
|
|
811 );
|
|
|
812
|
|
|
813 typedef BOOL
|
|
|
814 (CALLBACK *PSYMBOL_REGISTERED_CALLBACK)(
|
|
|
815 HANDLE hProcess,
|
|
|
816 ULONG ActionCode,
|
|
|
817 PVOID CallbackData,
|
|
|
818 PVOID UserContext
|
|
|
819 );
|
|
|
820
|
|
|
821 #endif
|
|
|
822
|
|
|
823
|
|
|
824 //
|
|
|
825 // flags found in SYMBOL_INFO.Flags
|
|
|
826 //
|
|
|
827
|
|
|
828 #define SYMFLAG_VALUEPRESENT 0x00000001
|
|
|
829 #define SYMFLAG_REGISTER 0x00000008
|
|
|
830 #define SYMFLAG_REGREL 0x00000010
|
|
|
831 #define SYMFLAG_FRAMEREL 0x00000020
|
|
|
832 #define SYMFLAG_PARAMETER 0x00000040
|
|
|
833 #define SYMFLAG_LOCAL 0x00000080
|
|
|
834 #define SYMFLAG_CONSTANT 0x00000100
|
|
|
835 #define SYMFLAG_EXPORT 0x00000200
|
|
|
836 #define SYMFLAG_FORWARDER 0x00000400
|
|
|
837 #define SYMFLAG_FUNCTION 0x00000800
|
|
|
838 #define SYMFLAG_VIRTUAL 0x00001000
|
|
|
839 #define SYMFLAG_THUNK 0x00002000
|
|
|
840 #define SYMFLAG_TLSREL 0x00004000
|
|
|
841
|
|
|
842 //
|
|
|
843 // symbol type enumeration
|
|
|
844 //
|
|
|
845 typedef enum {
|
|
|
846 SymNone = 0,
|
|
|
847 SymCoff,
|
|
|
848 SymCv,
|
|
|
849 SymPdb,
|
|
|
850 SymExport,
|
|
|
851 SymDeferred,
|
|
|
852 SymSym, // .sym file
|
|
|
853 SymDia,
|
|
|
854 SymVirtual,
|
|
|
855 NumSymTypes
|
|
|
856 } SYM_TYPE;
|
|
|
857
|
|
|
858 //
|
|
|
859 // symbol data structure
|
|
|
860 //
|
|
|
861
|
|
|
862 typedef struct _IMAGEHLP_SYMBOL64 {
|
|
|
863 DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_SYMBOL64)
|
|
|
864 DWORD64 Address; // virtual address including dll base address
|
|
|
865 DWORD Size; // estimated size of symbol, can be zero
|
|
|
866 DWORD Flags; // info about the symbols, see the SYMF defines
|
|
|
867 DWORD MaxNameLength; // maximum size of symbol name in 'Name'
|
|
|
868 CHAR Name[1]; // symbol name (null terminated string)
|
|
|
869 } IMAGEHLP_SYMBOL64, *PIMAGEHLP_SYMBOL64;
|
|
|
870
|
|
|
871 typedef struct _IMAGEHLP_SYMBOL64_PACKAGE {
|
|
|
872 IMAGEHLP_SYMBOL64 sym;
|
|
|
873 CHAR name[MAX_SYM_NAME + 1];
|
|
|
874 } IMAGEHLP_SYMBOL64_PACKAGE, *PIMAGEHLP_SYMBOL64_PACKAGE;
|
|
|
875
|
|
|
876 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
|
|
877
|
|
|
878 #define IMAGEHLP_SYMBOL IMAGEHLP_SYMBOL64
|
|
|
879 #define PIMAGEHLP_SYMBOL PIMAGEHLP_SYMBOL64
|
|
|
880 #define IMAGEHLP_SYMBOL_PACKAGE IMAGEHLP_SYMBOL64_PACKAGE
|
|
|
881 #define PIMAGEHLP_SYMBOL_PACKAGE PIMAGEHLP_SYMBOL64_PACKAGE
|
|
|
882
|
|
|
883 #else
|
|
|
884
|
|
|
885 typedef struct _IMAGEHLP_SYMBOL {
|
|
|
886 DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_SYMBOL)
|
|
|
887 DWORD Address; // virtual address including dll base address
|
|
|
888 DWORD Size; // estimated size of symbol, can be zero
|
|
|
889 DWORD Flags; // info about the symbols, see the SYMF defines
|
|
|
890 DWORD MaxNameLength; // maximum size of symbol name in 'Name'
|
|
|
891 CHAR Name[1]; // symbol name (null terminated string)
|
|
|
892 } IMAGEHLP_SYMBOL, *PIMAGEHLP_SYMBOL;
|
|
|
893
|
|
|
894 typedef struct _IMAGEHLP_SYMBOL_PACKAGE {
|
|
|
895 IMAGEHLP_SYMBOL sym;
|
|
|
896 CHAR name[MAX_SYM_NAME + 1];
|
|
|
897 } IMAGEHLP_SYMBOL_PACKAGE, *PIMAGEHLP_SYMBOL_PACKAGE;
|
|
|
898
|
|
|
899 #endif
|
|
|
900
|
|
|
901 //
|
|
|
902 // module data structure
|
|
|
903 //
|
|
|
904
|
|
|
905 typedef struct _IMAGEHLP_MODULE64 {
|
|
|
906 DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE64)
|
|
|
907 DWORD64 BaseOfImage; // base load address of module
|
|
|
908 DWORD ImageSize; // virtual size of the loaded module
|
|
|
909 DWORD TimeDateStamp; // date/time stamp from pe header
|
|
|
910 DWORD CheckSum; // checksum from the pe header
|
|
|
911 DWORD NumSyms; // number of symbols in the symbol table
|
|
|
912 SYM_TYPE SymType; // type of symbols loaded
|
|
|
913 CHAR ModuleName[32]; // module name
|
|
|
914 CHAR ImageName[256]; // image name
|
|
|
915 CHAR LoadedImageName[256]; // symbol file name
|
|
|
916 } IMAGEHLP_MODULE64, *PIMAGEHLP_MODULE64;
|
|
|
917
|
|
|
918 typedef struct _IMAGEHLP_MODULE64W {
|
|
|
919 DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE64)
|
|
|
920 DWORD64 BaseOfImage; // base load address of module
|
|
|
921 DWORD ImageSize; // virtual size of the loaded module
|
|
|
922 DWORD TimeDateStamp; // date/time stamp from pe header
|
|
|
923 DWORD CheckSum; // checksum from the pe header
|
|
|
924 DWORD NumSyms; // number of symbols in the symbol table
|
|
|
925 SYM_TYPE SymType; // type of symbols loaded
|
|
|
926 WCHAR ModuleName[32]; // module name
|
|
|
927 WCHAR ImageName[256]; // image name
|
|
|
928 WCHAR LoadedImageName[256]; // symbol file name
|
|
|
929 } IMAGEHLP_MODULEW64, *PIMAGEHLP_MODULEW64;
|
|
|
930
|
|
|
931 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
|
|
932 #define IMAGEHLP_MODULE IMAGEHLP_MODULE64
|
|
|
933 #define PIMAGEHLP_MODULE PIMAGEHLP_MODULE64
|
|
|
934 #define IMAGEHLP_MODULEW IMAGEHLP_MODULEW64
|
|
|
935 #define PIMAGEHLP_MODULEW PIMAGEHLP_MODULEW64
|
|
|
936 #else
|
|
|
937 typedef struct _IMAGEHLP_MODULE {
|
|
|
938 DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE)
|
|
|
939 DWORD BaseOfImage; // base load address of module
|
|
|
940 DWORD ImageSize; // virtual size of the loaded module
|
|
|
941 DWORD TimeDateStamp; // date/time stamp from pe header
|
|
|
942 DWORD CheckSum; // checksum from the pe header
|
|
|
943 DWORD NumSyms; // number of symbols in the symbol table
|
|
|
944 SYM_TYPE SymType; // type of symbols loaded
|
|
|
945 CHAR ModuleName[32]; // module name
|
|
|
946 CHAR ImageName[256]; // image name
|
|
|
947 CHAR LoadedImageName[256]; // symbol file name
|
|
|
948 } IMAGEHLP_MODULE, *PIMAGEHLP_MODULE;
|
|
|
949
|
|
|
950 typedef struct _IMAGEHLP_MODULEW {
|
|
|
951 DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE)
|
|
|
952 DWORD BaseOfImage; // base load address of module
|
|
|
953 DWORD ImageSize; // virtual size of the loaded module
|
|
|
954 DWORD TimeDateStamp; // date/time stamp from pe header
|
|
|
955 DWORD CheckSum; // checksum from the pe header
|
|
|
956 DWORD NumSyms; // number of symbols in the symbol table
|
|
|
957 SYM_TYPE SymType; // type of symbols loaded
|
|
|
958 WCHAR ModuleName[32]; // module name
|
|
|
959 WCHAR ImageName[256]; // image name
|
|
|
960 WCHAR LoadedImageName[256]; // symbol file name
|
|
|
961 } IMAGEHLP_MODULEW, *PIMAGEHLP_MODULEW;
|
|
|
962 #endif
|
|
|
963
|
|
|
964 //
|
|
|
965 // source file line data structure
|
|
|
966 //
|
|
|
967
|
|
|
968 typedef struct _IMAGEHLP_LINE64 {
|
|
|
969 DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_LINE64)
|
|
|
970 PVOID Key; // internal
|
|
|
971 DWORD LineNumber; // line number in file
|
|
|
972 PCHAR FileName; // full filename
|
|
|
973 DWORD64 Address; // first instruction of line
|
|
|
974 } IMAGEHLP_LINE64, *PIMAGEHLP_LINE64;
|
|
|
975
|
|
|
976 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
|
|
977 #define IMAGEHLP_LINE IMAGEHLP_LINE64
|
|
|
978 #define PIMAGEHLP_LINE PIMAGEHLP_LINE64
|
|
|
979 #else
|
|
|
980 typedef struct _IMAGEHLP_LINE {
|
|
|
981 DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_LINE)
|
|
|
982 PVOID Key; // internal
|
|
|
983 DWORD LineNumber; // line number in file
|
|
|
984 PCHAR FileName; // full filename
|
|
|
985 DWORD Address; // first instruction of line
|
|
|
986 } IMAGEHLP_LINE, *PIMAGEHLP_LINE;
|
|
|
987 #endif
|
|
|
988
|
|
|
989 //
|
|
|
990 // source file structure
|
|
|
991 //
|
|
|
992
|
|
|
993 typedef struct _SOURCEFILE {
|
|
|
994 DWORD64 ModBase; // base address of loaded module
|
|
|
995 PCHAR FileName; // full filename of source
|
|
|
996 } SOURCEFILE, *PSOURCEFILE;
|
|
|
997
|
|
|
998 //
|
|
|
999 // data structures used for registered symbol callbacks
|
|
|
1000 //
|
|
|
1001
|
|
|
1002 #define CBA_DEFERRED_SYMBOL_LOAD_START 0x00000001
|
|
|
1003 #define CBA_DEFERRED_SYMBOL_LOAD_COMPLETE 0x00000002
|
|
|
1004 #define CBA_DEFERRED_SYMBOL_LOAD_FAILURE 0x00000003
|
|
|
1005 #define CBA_SYMBOLS_UNLOADED 0x00000004
|
|
|
1006 #define CBA_DUPLICATE_SYMBOL 0x00000005
|
|
|
1007 #define CBA_READ_MEMORY 0x00000006
|
|
|
1008 #define CBA_DEFERRED_SYMBOL_LOAD_CANCEL 0x00000007
|
|
|
1009 #define CBA_SET_OPTIONS 0x00000008
|
|
|
1010 #define CBA_EVENT 0x00000010
|
|
|
1011 #define CBA_DEFERRED_SYMBOL_LOAD_PARTIAL 0x00000020
|
|
|
1012 #define CBA_DEBUG_INFO 0x10000000
|
|
|
1013
|
|
|
1014 typedef struct _IMAGEHLP_CBA_READ_MEMORY {
|
|
|
1015 DWORD64 addr; // address to read from
|
|
|
1016 PVOID buf; // buffer to read to
|
|
|
1017 DWORD bytes; // amount of bytes to read
|
|
|
1018 DWORD *bytesread; // pointer to store amount of bytes read
|
|
|
1019 } IMAGEHLP_CBA_READ_MEMORY, *PIMAGEHLP_CBA_READ_MEMORY;
|
|
|
1020
|
|
|
1021 enum {
|
|
|
1022 sevInfo = 0,
|
|
|
1023 sevProblem,
|
|
|
1024 sevAttn,
|
|
|
1025 sevFatal,
|
|
|
1026 sevMax // unused
|
|
|
1027 };
|
|
|
1028
|
|
|
1029 typedef struct _IMAGEHLP_CBA_EVENT {
|
|
|
1030 DWORD severity; // values from sevInfo to sevFatal
|
|
|
1031 DWORD code; // numerical code IDs the error
|
|
|
1032 PCHAR desc; // may contain a text description of the error
|
|
|
1033 PVOID object; // value dependant upon the error code
|
|
|
1034 } IMAGEHLP_CBA_EVENT, *PIMAGEHLP_CBA_EVENT;
|
|
|
1035
|
|
|
1036 typedef struct _IMAGEHLP_DEFERRED_SYMBOL_LOAD64 {
|
|
|
1037 DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DEFERRED_SYMBOL_LOAD64)
|
|
|
1038 DWORD64 BaseOfImage; // base load address of module
|
|
|
1039 DWORD CheckSum; // checksum from the pe header
|
|
|
1040 DWORD TimeDateStamp; // date/time stamp from pe header
|
|
|
1041 CHAR FileName[MAX_PATH]; // symbols file or image name
|
|
|
1042 BOOLEAN Reparse; // load failure reparse
|
|
|
1043 HANDLE hFile; // file handle, if passed
|
|
|
1044 DWORD Flags; //
|
|
|
1045 } IMAGEHLP_DEFERRED_SYMBOL_LOAD64, *PIMAGEHLP_DEFERRED_SYMBOL_LOAD64;
|
|
|
1046
|
|
|
1047 #define DSLFLAG_MISMATCHED_PDB 0x1
|
|
|
1048 #define DSLFLAG_MISMATCHED_DBG 0x2
|
|
|
1049
|
|
|
1050 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
|
|
1051 #define IMAGEHLP_DEFERRED_SYMBOL_LOAD IMAGEHLP_DEFERRED_SYMBOL_LOAD64
|
|
|
1052 #define PIMAGEHLP_DEFERRED_SYMBOL_LOAD PIMAGEHLP_DEFERRED_SYMBOL_LOAD64
|
|
|
1053 #else
|
|
|
1054 typedef struct _IMAGEHLP_DEFERRED_SYMBOL_LOAD {
|
|
|
1055 DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DEFERRED_SYMBOL_LOAD)
|
|
|
1056 DWORD BaseOfImage; // base load address of module
|
|
|
1057 DWORD CheckSum; // checksum from the pe header
|
|
|
1058 DWORD TimeDateStamp; // date/time stamp from pe header
|
|
|
1059 CHAR FileName[MAX_PATH]; // symbols file or image name
|
|
|
1060 BOOLEAN Reparse; // load failure reparse
|
|
|
1061 HANDLE hFile; // file handle, if passed
|
|
|
1062 } IMAGEHLP_DEFERRED_SYMBOL_LOAD, *PIMAGEHLP_DEFERRED_SYMBOL_LOAD;
|
|
|
1063 #endif
|
|
|
1064
|
|
|
1065 typedef struct _IMAGEHLP_DUPLICATE_SYMBOL64 {
|
|
|
1066 DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DUPLICATE_SYMBOL64)
|
|
|
1067 DWORD NumberOfDups; // number of duplicates in the Symbol array
|
|
|
1068 PIMAGEHLP_SYMBOL64 Symbol; // array of duplicate symbols
|
|
|
1069 DWORD SelectedSymbol; // symbol selected (-1 to start)
|
|
|
1070 } IMAGEHLP_DUPLICATE_SYMBOL64, *PIMAGEHLP_DUPLICATE_SYMBOL64;
|
|
|
1071
|
|
|
1072 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
|
|
1073 #define IMAGEHLP_DUPLICATE_SYMBOL IMAGEHLP_DUPLICATE_SYMBOL64
|
|
|
1074 #define PIMAGEHLP_DUPLICATE_SYMBOL PIMAGEHLP_DUPLICATE_SYMBOL64
|
|
|
1075 #else
|
|
|
1076 typedef struct _IMAGEHLP_DUPLICATE_SYMBOL {
|
|
|
1077 DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DUPLICATE_SYMBOL)
|
|
|
1078 DWORD NumberOfDups; // number of duplicates in the Symbol array
|
|
|
1079 PIMAGEHLP_SYMBOL Symbol; // array of duplicate symbols
|
|
|
1080 DWORD SelectedSymbol; // symbol selected (-1 to start)
|
|
|
1081 } IMAGEHLP_DUPLICATE_SYMBOL, *PIMAGEHLP_DUPLICATE_SYMBOL;
|
|
|
1082 #endif
|
|
|
1083
|
|
|
1084 // If dbghelp ever needs to display graphical UI, it will use this as the parent window.
|
|
|
1085
|
|
|
1086 BOOL
|
|
|
1087 SymSetParentWindow(
|
|
|
1088 HWND hwnd
|
|
|
1089 );
|
|
|
1090
|
|
|
1091 //
|
|
|
1092 // options that are set/returned by SymSetOptions() & SymGetOptions()
|
|
|
1093 // these are used as a mask
|
|
|
1094 //
|
|
|
1095 #define SYMOPT_CASE_INSENSITIVE 0x00000001
|
|
|
1096 #define SYMOPT_UNDNAME 0x00000002
|
|
|
1097 #define SYMOPT_DEFERRED_LOADS 0x00000004
|
|
|
1098 #define SYMOPT_NO_CPP 0x00000008
|
|
|
1099 #define SYMOPT_LOAD_LINES 0x00000010
|
|
|
1100 #define SYMOPT_OMAP_FIND_NEAREST 0x00000020
|
|
|
1101 #define SYMOPT_LOAD_ANYTHING 0x00000040
|
|
|
1102 #define SYMOPT_IGNORE_CVREC 0x00000080
|
|
|
1103 #define SYMOPT_NO_UNQUALIFIED_LOADS 0x00000100
|
|
|
1104 #define SYMOPT_FAIL_CRITICAL_ERRORS 0x00000200
|
|
|
1105 #define SYMOPT_EXACT_SYMBOLS 0x00000400
|
|
|
1106 #define SYMOPT_ALLOW_ABSOLUTE_SYMBOLS 0x00000800
|
|
|
1107 #define SYMOPT_IGNORE_NT_SYMPATH 0x00001000
|
|
|
1108 #define SYMOPT_INCLUDE_32BIT_MODULES 0x00002000
|
|
|
1109 #define SYMOPT_PUBLICS_ONLY 0x00004000
|
|
|
1110 #define SYMOPT_NO_PUBLICS 0x00008000
|
|
|
1111 #define SYMOPT_AUTO_PUBLICS 0x00010000
|
|
|
1112 #define SYMOPT_NO_IMAGE_SEARCH 0x00020000
|
|
|
1113 #define SYMOPT_SECURE 0x00040000
|
|
|
1114
|
|
|
1115 #define SYMOPT_DEBUG 0x80000000
|
|
|
1116
|
|
|
1117 DWORD
|
|
|
1118 IMAGEAPI
|
|
|
1119 SymSetOptions(
|
|
|
1120 IN DWORD SymOptions
|
|
|
1121 );
|
|
|
1122
|
|
|
1123 DWORD
|
|
|
1124 IMAGEAPI
|
|
|
1125 SymGetOptions(
|
|
|
1126 VOID
|
|
|
1127 );
|
|
|
1128
|
|
|
1129 BOOL
|
|
|
1130 IMAGEAPI
|
|
|
1131 SymCleanup(
|
|
|
1132 IN HANDLE hProcess
|
|
|
1133 );
|
|
|
1134
|
|
|
1135 BOOL
|
|
|
1136 IMAGEAPI
|
|
|
1137 SymMatchString(
|
|
|
1138 IN LPSTR string,
|
|
|
1139 IN LPSTR expression,
|
|
|
1140 IN BOOL fCase
|
|
|
1141 );
|
|
|
1142
|
|
|
1143 typedef BOOL
|
|
|
1144 (CALLBACK *PSYM_ENUMSOURCFILES_CALLBACK)(
|
|
|
1145 PSOURCEFILE pSourceFile,
|
|
|
1146 PVOID UserContext
|
|
|
1147 );
|
|
|
1148
|
|
|
1149 BOOL
|
|
|
1150 IMAGEAPI
|
|
|
1151 SymEnumSourceFiles(
|
|
|
1152 IN HANDLE hProcess,
|
|
|
1153 IN ULONG64 ModBase,
|
|
|
1154 IN LPSTR Mask,
|
|
|
1155 IN PSYM_ENUMSOURCFILES_CALLBACK cbSrcFiles,
|
|
|
1156 IN PVOID UserContext
|
|
|
1157 );
|
|
|
1158
|
|
|
1159 BOOL
|
|
|
1160 IMAGEAPI
|
|
|
1161 SymEnumerateModules64(
|
|
|
1162 IN HANDLE hProcess,
|
|
|
1163 IN PSYM_ENUMMODULES_CALLBACK64 EnumModulesCallback,
|
|
|
1164 IN PVOID UserContext
|
|
|
1165 );
|
|
|
1166
|
|
|
1167 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
|
|
1168 #define SymEnumerateModules SymEnumerateModules64
|
|
|
1169 #else
|
|
|
1170 BOOL
|
|
|
1171 IMAGEAPI
|
|
|
1172 SymEnumerateModules(
|
|
|
1173 IN HANDLE hProcess,
|
|
|
1174 IN PSYM_ENUMMODULES_CALLBACK EnumModulesCallback,
|
|
|
1175 IN PVOID UserContext
|
|
|
1176 );
|
|
|
1177 #endif
|
|
|
1178
|
|
|
1179 BOOL
|
|
|
1180 IMAGEAPI
|
|
|
1181 SymEnumerateSymbols64(
|
|
|
1182 IN HANDLE hProcess,
|
|
|
1183 IN DWORD64 BaseOfDll,
|
|
|
1184 IN PSYM_ENUMSYMBOLS_CALLBACK64 EnumSymbolsCallback,
|
|
|
1185 IN PVOID UserContext
|
|
|
1186 );
|
|
|
1187
|
|
|
1188 BOOL
|
|
|
1189 IMAGEAPI
|
|
|
1190 SymEnumerateSymbolsW64(
|
|
|
1191 IN HANDLE hProcess,
|
|
|
1192 IN DWORD64 BaseOfDll,
|
|
|
1193 IN PSYM_ENUMSYMBOLS_CALLBACK64W EnumSymbolsCallback,
|
|
|
1194 IN PVOID UserContext
|
|
|
1195 );
|
|
|
1196
|
|
|
1197 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
|
|
1198 #define SymEnumerateSymbols SymEnumerateSymbols64
|
|
|
1199 #define SymEnumerateSymbolsW SymEnumerateSymbolsW64
|
|
|
1200 #else
|
|
|
1201 BOOL
|
|
|
1202 IMAGEAPI
|
|
|
1203 SymEnumerateSymbols(
|
|
|
1204 IN HANDLE hProcess,
|
|
|
1205 IN DWORD BaseOfDll,
|
|
|
1206 IN PSYM_ENUMSYMBOLS_CALLBACK EnumSymbolsCallback,
|
|
|
1207 IN PVOID UserContext
|
|
|
1208 );
|
|
|
1209
|
|
|
1210 BOOL
|
|
|
1211 IMAGEAPI
|
|
|
1212 SymEnumerateSymbolsW(
|
|
|
1213 IN HANDLE hProcess,
|
|
|
1214 IN DWORD BaseOfDll,
|
|
|
1215 IN PSYM_ENUMSYMBOLS_CALLBACKW EnumSymbolsCallback,
|
|
|
1216 IN PVOID UserContext
|
|
|
1217 );
|
|
|
1218 #endif
|
|
|
1219
|
|
|
1220 BOOL
|
|
|
1221 IMAGEAPI
|
|
|
1222 EnumerateLoadedModules64(
|
|
|
1223 IN HANDLE hProcess,
|
|
|
1224 IN PENUMLOADED_MODULES_CALLBACK64 EnumLoadedModulesCallback,
|
|
|
1225 IN PVOID UserContext
|
|
|
1226 );
|
|
|
1227
|
|
|
1228 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
|
|
1229 #define EnumerateLoadedModules EnumerateLoadedModules64
|
|
|
1230 #else
|
|
|
1231 BOOL
|
|
|
1232 IMAGEAPI
|
|
|
1233 EnumerateLoadedModules(
|
|
|
1234 IN HANDLE hProcess,
|
|
|
1235 IN PENUMLOADED_MODULES_CALLBACK EnumLoadedModulesCallback,
|
|
|
1236 IN PVOID UserContext
|
|
|
1237 );
|
|
|
1238 #endif
|
|
|
1239
|
|
|
1240 PVOID
|
|
|
1241 IMAGEAPI
|
|
|
1242 SymFunctionTableAccess64(
|
|
|
1243 HANDLE hProcess,
|
|
|
1244 DWORD64 AddrBase
|
|
|
1245 );
|
|
|
1246
|
|
|
1247 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
|
|
1248 #define SymFunctionTableAccess SymFunctionTableAccess64
|
|
|
1249 #else
|
|
|
1250 PVOID
|
|
|
1251 IMAGEAPI
|
|
|
1252 SymFunctionTableAccess(
|
|
|
1253 HANDLE hProcess,
|
|
|
1254 DWORD AddrBase
|
|
|
1255 );
|
|
|
1256 #endif
|
|
|
1257
|
|
|
1258 BOOL
|
|
|
1259 IMAGEAPI
|
|
|
1260 SymGetModuleInfo64(
|
|
|
1261 IN HANDLE hProcess,
|
|
|
1262 IN DWORD64 qwAddr,
|
|
|
1263 OUT PIMAGEHLP_MODULE64 ModuleInfo
|
|
|
1264 );
|
|
|
1265
|
|
|
1266 BOOL
|
|
|
1267 IMAGEAPI
|
|
|
1268 SymGetModuleInfoW64(
|
|
|
1269 IN HANDLE hProcess,
|
|
|
1270 IN DWORD64 qwAddr,
|
|
|
1271 OUT PIMAGEHLP_MODULEW64 ModuleInfo
|
|
|
1272 );
|
|
|
1273
|
|
|
1274 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
|
|
1275 #define SymGetModuleInfo SymGetModuleInfo64
|
|
|
1276 #define SymGetModuleInfoW SymGetModuleInfoW64
|
|
|
1277 #else
|
|
|
1278 BOOL
|
|
|
1279 IMAGEAPI
|
|
|
1280 SymGetModuleInfo(
|
|
|
1281 IN HANDLE hProcess,
|
|
|
1282 IN DWORD dwAddr,
|
|
|
1283 OUT PIMAGEHLP_MODULE ModuleInfo
|
|
|
1284 );
|
|
|
1285
|
|
|
1286 BOOL
|
|
|
1287 IMAGEAPI
|
|
|
1288 SymGetModuleInfoW(
|
|
|
1289 IN HANDLE hProcess,
|
|
|
1290 IN DWORD dwAddr,
|
|
|
1291 OUT PIMAGEHLP_MODULEW ModuleInfo
|
|
|
1292 );
|
|
|
1293 #endif
|
|
|
1294
|
|
|
1295 DWORD64
|
|
|
1296 IMAGEAPI
|
|
|
1297 SymGetModuleBase64(
|
|
|
1298 IN HANDLE hProcess,
|
|
|
1299 IN DWORD64 qwAddr
|
|
|
1300 );
|
|
|
1301
|
|
|
1302 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
|
|
1303 #define SymGetModuleBase SymGetModuleBase64
|
|
|
1304 #else
|
|
|
1305 DWORD
|
|
|
1306 IMAGEAPI
|
|
|
1307 SymGetModuleBase(
|
|
|
1308 IN HANDLE hProcess,
|
|
|
1309 IN DWORD dwAddr
|
|
|
1310 );
|
|
|
1311 #endif
|
|
|
1312
|
|
|
1313 BOOL
|
|
|
1314 IMAGEAPI
|
|
|
1315 SymGetSymNext64(
|
|
|
1316 IN HANDLE hProcess,
|
|
|
1317 IN OUT PIMAGEHLP_SYMBOL64 Symbol
|
|
|
1318 );
|
|
|
1319
|
|
|
1320 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
|
|
1321 #define SymGetSymNext SymGetSymNext64
|
|
|
1322 #else
|
|
|
1323 BOOL
|
|
|
1324 IMAGEAPI
|
|
|
1325 SymGetSymNext(
|
|
|
1326 IN HANDLE hProcess,
|
|
|
1327 IN OUT PIMAGEHLP_SYMBOL Symbol
|
|
|
1328 );
|
|
|
1329 #endif
|
|
|
1330
|
|
|
1331 BOOL
|
|
|
1332 IMAGEAPI
|
|
|
1333 SymGetSymPrev64(
|
|
|
1334 IN HANDLE hProcess,
|
|
|
1335 IN OUT PIMAGEHLP_SYMBOL64 Symbol
|
|
|
1336 );
|
|
|
1337
|
|
|
1338 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
|
|
1339 #define SymGetSymPrev SymGetSymPrev64
|
|
|
1340 #else
|
|
|
1341 BOOL
|
|
|
1342 IMAGEAPI
|
|
|
1343 SymGetSymPrev(
|
|
|
1344 IN HANDLE hProcess,
|
|
|
1345 IN OUT PIMAGEHLP_SYMBOL Symbol
|
|
|
1346 );
|
|
|
1347 #endif
|
|
|
1348
|
|
|
1349 BOOL
|
|
|
1350 IMAGEAPI
|
|
|
1351 SymGetLineFromAddr64(
|
|
|
1352 IN HANDLE hProcess,
|
|
|
1353 IN DWORD64 qwAddr,
|
|
|
1354 OUT PDWORD pdwDisplacement,
|
|
|
1355 OUT PIMAGEHLP_LINE64 Line64
|
|
|
1356 );
|
|
|
1357
|
|
|
1358 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
|
|
1359 #define SymGetLineFromAddr SymGetLineFromAddr64
|
|
|
1360 #else
|
|
|
1361 BOOL
|
|
|
1362 IMAGEAPI
|
|
|
1363 SymGetLineFromAddr(
|
|
|
1364 IN HANDLE hProcess,
|
|
|
1365 IN DWORD dwAddr,
|
|
|
1366 OUT PDWORD pdwDisplacement,
|
|
|
1367 OUT PIMAGEHLP_LINE Line
|
|
|
1368 );
|
|
|
1369 #endif
|
|
|
1370
|
|
|
1371 BOOL
|
|
|
1372 IMAGEAPI
|
|
|
1373 SymGetLineFromName64(
|
|
|
1374 IN HANDLE hProcess,
|
|
|
1375 IN PSTR ModuleName,
|
|
|
1376 IN PSTR FileName,
|
|
|
1377 IN DWORD dwLineNumber,
|
|
|
1378 OUT PLONG plDisplacement,
|
|
|
1379 IN OUT PIMAGEHLP_LINE64 Line
|
|
|
1380 );
|
|
|
1381
|
|
|
1382 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
|
|
1383 #define SymGetLineFromName SymGetLineFromName64
|
|
|
1384 #else
|
|
|
1385 BOOL
|
|
|
1386 IMAGEAPI
|
|
|
1387 SymGetLineFromName(
|
|
|
1388 IN HANDLE hProcess,
|
|
|
1389 IN PSTR ModuleName,
|
|
|
1390 IN PSTR FileName,
|
|
|
1391 IN DWORD dwLineNumber,
|
|
|
1392 OUT PLONG plDisplacement,
|
|
|
1393 IN OUT PIMAGEHLP_LINE Line
|
|
|
1394 );
|
|
|
1395 #endif
|
|
|
1396
|
|
|
1397 BOOL
|
|
|
1398 IMAGEAPI
|
|
|
1399 SymGetLineNext64(
|
|
|
1400 IN HANDLE hProcess,
|
|
|
1401 IN OUT PIMAGEHLP_LINE64 Line
|
|
|
1402 );
|
|
|
1403
|
|
|
1404 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
|
|
1405 #define SymGetLineNext SymGetLineNext64
|
|
|
1406 #else
|
|
|
1407 BOOL
|
|
|
1408 IMAGEAPI
|
|
|
1409 SymGetLineNext(
|
|
|
1410 IN HANDLE hProcess,
|
|
|
1411 IN OUT PIMAGEHLP_LINE Line
|
|
|
1412 );
|
|
|
1413 #endif
|
|
|
1414
|
|
|
1415 BOOL
|
|
|
1416 IMAGEAPI
|
|
|
1417 SymGetLinePrev64(
|
|
|
1418 IN HANDLE hProcess,
|
|
|
1419 IN OUT PIMAGEHLP_LINE64 Line
|
|
|
1420 );
|
|
|
1421
|
|
|
1422 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
|
|
1423 #define SymGetLinePrev SymGetLinePrev64
|
|
|
1424 #else
|
|
|
1425 BOOL
|
|
|
1426 IMAGEAPI
|
|
|
1427 SymGetLinePrev(
|
|
|
1428 IN HANDLE hProcess,
|
|
|
1429 IN OUT PIMAGEHLP_LINE Line
|
|
|
1430 );
|
|
|
1431 #endif
|
|
|
1432
|
|
|
1433 BOOL
|
|
|
1434 IMAGEAPI
|
|
|
1435 SymMatchFileName(
|
|
|
1436 IN PSTR FileName,
|
|
|
1437 IN PSTR Match,
|
|
|
1438 OUT PSTR *FileNameStop,
|
|
|
1439 OUT PSTR *MatchStop
|
|
|
1440 );
|
|
|
1441
|
|
|
1442 BOOL
|
|
|
1443 IMAGEAPI
|
|
|
1444 SymInitialize(
|
|
|
1445 IN HANDLE hProcess,
|
|
|
1446 IN PSTR UserSearchPath,
|
|
|
1447 IN BOOL fInvadeProcess
|
|
|
1448 );
|
|
|
1449
|
|
|
1450 BOOL
|
|
|
1451 IMAGEAPI
|
|
|
1452 SymGetSearchPath(
|
|
|
1453 IN HANDLE hProcess,
|
|
|
1454 OUT PSTR SearchPath,
|
|
|
1455 IN DWORD SearchPathLength
|
|
|
1456 );
|
|
|
1457
|
|
|
1458 BOOL
|
|
|
1459 IMAGEAPI
|
|
|
1460 SymSetSearchPath(
|
|
|
1461 IN HANDLE hProcess,
|
|
|
1462 IN PSTR SearchPath
|
|
|
1463 );
|
|
|
1464
|
|
|
1465 DWORD64
|
|
|
1466 IMAGEAPI
|
|
|
1467 SymLoadModule64(
|
|
|
1468 IN HANDLE hProcess,
|
|
|
1469 IN HANDLE hFile,
|
|
|
1470 IN PSTR ImageName,
|
|
|
1471 IN PSTR ModuleName,
|
|
|
1472 IN DWORD64 BaseOfDll,
|
|
|
1473 IN DWORD SizeOfDll
|
|
|
1474 );
|
|
|
1475
|
|
|
1476 #define SLMFLAG_VIRTUAL 0x1
|
|
|
1477
|
|
|
1478 DWORD64
|
|
|
1479 IMAGEAPI
|
|
|
1480 SymLoadModuleEx(
|
|
|
1481 IN HANDLE hProcess,
|
|
|
1482 IN HANDLE hFile,
|
|
|
1483 IN PSTR ImageName,
|
|
|
1484 IN PSTR ModuleName,
|
|
|
1485 IN DWORD64 BaseOfDll,
|
|
|
1486 IN DWORD DllSize,
|
|
|
1487 IN PMODLOAD_DATA Data,
|
|
|
1488 IN DWORD Flags
|
|
|
1489 );
|
|
|
1490
|
|
|
1491 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
|
|
1492 #define SymLoadModule SymLoadModule64
|
|
|
1493 #else
|
|
|
1494 DWORD
|
|
|
1495 IMAGEAPI
|
|
|
1496 SymLoadModule(
|
|
|
1497 IN HANDLE hProcess,
|
|
|
1498 IN HANDLE hFile,
|
|
|
1499 IN PSTR ImageName,
|
|
|
1500 IN PSTR ModuleName,
|
|
|
1501 IN DWORD BaseOfDll,
|
|
|
1502 IN DWORD SizeOfDll
|
|
|
1503 );
|
|
|
1504 #endif
|
|
|
1505
|
|
|
1506 BOOL
|
|
|
1507 IMAGEAPI
|
|
|
1508 SymUnloadModule64(
|
|
|
1509 IN HANDLE hProcess,
|
|
|
1510 IN DWORD64 BaseOfDll
|
|
|
1511 );
|
|
|
1512
|
|
|
1513 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
|
|
1514 #define SymUnloadModule SymUnloadModule64
|
|
|
1515 #else
|
|
|
1516 BOOL
|
|
|
1517 IMAGEAPI
|
|
|
1518 SymUnloadModule(
|
|
|
1519 IN HANDLE hProcess,
|
|
|
1520 IN DWORD BaseOfDll
|
|
|
1521 );
|
|
|
1522 #endif
|
|
|
1523
|
|
|
1524 BOOL
|
|
|
1525 IMAGEAPI
|
|
|
1526 SymUnDName64(
|
|
|
1527 IN PIMAGEHLP_SYMBOL64 sym, // Symbol to undecorate
|
|
|
1528 OUT PSTR UnDecName, // Buffer to store undecorated name in
|
|
|
1529 IN DWORD UnDecNameLength // Size of the buffer
|
|
|
1530 );
|
|
|
1531
|
|
|
1532 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
|
|
1533 #define SymUnDName SymUnDName64
|
|
|
1534 #else
|
|
|
1535 BOOL
|
|
|
1536 IMAGEAPI
|
|
|
1537 SymUnDName(
|
|
|
1538 IN PIMAGEHLP_SYMBOL sym, // Symbol to undecorate
|
|
|
1539 OUT PSTR UnDecName, // Buffer to store undecorated name in
|
|
|
1540 IN DWORD UnDecNameLength // Size of the buffer
|
|
|
1541 );
|
|
|
1542 #endif
|
|
|
1543
|
|
|
1544 BOOL
|
|
|
1545 IMAGEAPI
|
|
|
1546 SymRegisterCallback64(
|
|
|
1547 IN HANDLE hProcess,
|
|
|
1548 IN PSYMBOL_REGISTERED_CALLBACK64 CallbackFunction,
|
|
|
1549 IN ULONG64 UserContext
|
|
|
1550 );
|
|
|
1551
|
|
|
1552 BOOL
|
|
|
1553 IMAGEAPI
|
|
|
1554 SymRegisterFunctionEntryCallback64(
|
|
|
1555 IN HANDLE hProcess,
|
|
|
1556 IN PSYMBOL_FUNCENTRY_CALLBACK64 CallbackFunction,
|
|
|
1557 IN ULONG64 UserContext
|
|
|
1558 );
|
|
|
1559
|
|
|
1560 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
|
|
1561 #define SymRegisterCallback SymRegisterCallback64
|
|
|
1562 #define SymRegisterFunctionEntryCallback SymRegisterFunctionEntryCallback64
|
|
|
1563 #else
|
|
|
1564 BOOL
|
|
|
1565 IMAGEAPI
|
|
|
1566 SymRegisterCallback(
|
|
|
1567 IN HANDLE hProcess,
|
|
|
1568 IN PSYMBOL_REGISTERED_CALLBACK CallbackFunction,
|
|
|
1569 IN PVOID UserContext
|
|
|
1570 );
|
|
|
1571
|
|
|
1572 BOOL
|
|
|
1573 IMAGEAPI
|
|
|
1574 SymRegisterFunctionEntryCallback(
|
|
|
1575 IN HANDLE hProcess,
|
|
|
1576 IN PSYMBOL_FUNCENTRY_CALLBACK CallbackFunction,
|
|
|
1577 IN PVOID UserContext
|
|
|
1578 );
|
|
|
1579 #endif
|
|
|
1580
|
|
|
1581
|
|
|
1582 typedef struct _IMAGEHLP_SYMBOL_SRC {
|
|
|
1583 DWORD sizeofstruct;
|
|
|
1584 DWORD type;
|
|
|
1585 char file[MAX_PATH];
|
|
|
1586 } IMAGEHLP_SYMBOL_SRC, *PIMAGEHLP_SYMBOL_SRC;
|
|
|
1587
|
|
|
1588 typedef struct _MODULE_TYPE_INFO { // AKA TYPTYP
|
|
|
1589 USHORT dataLength;
|
|
|
1590 USHORT leaf;
|
|
|
1591 BYTE data[1];
|
|
|
1592 } MODULE_TYPE_INFO, *PMODULE_TYPE_INFO;
|
|
|
1593
|
|
|
1594 typedef struct _SYMBOL_INFO {
|
|
|
1595 ULONG SizeOfStruct;
|
|
|
1596 ULONG TypeIndex; // Type Index of symbol
|
|
|
1597 ULONG64 Reserved[2];
|
|
|
1598 ULONG info;
|
|
|
1599 ULONG Size;
|
|
|
1600 ULONG64 ModBase; // Base Address of module comtaining this symbol
|
|
|
1601 ULONG Flags;
|
|
|
1602 ULONG64 Value; // Value of symbol, ValuePresent should be 1
|
|
|
1603 ULONG64 Address; // Address of symbol including base address of module
|
|
|
1604 ULONG Register; // register holding value or pointer to value
|
|
|
1605 ULONG Scope; // scope of the symbol
|
|
|
1606 ULONG Tag; // pdb classification
|
|
|
1607 ULONG NameLen; // Actual length of name
|
|
|
1608 ULONG MaxNameLen;
|
|
|
1609 CHAR Name[1]; // Name of symbol
|
|
|
1610 } SYMBOL_INFO, *PSYMBOL_INFO;
|
|
|
1611
|
|
|
1612 typedef struct _SYMBOL_INFO_PACKAGE {
|
|
|
1613 SYMBOL_INFO si;
|
|
|
1614 CHAR name[MAX_SYM_NAME + 1];
|
|
|
1615 } SYMBOL_INFO_PACKAGE, *PSYMBOL_INFO_PACKAGE;
|
|
|
1616
|
|
|
1617 typedef struct _IMAGEHLP_STACK_FRAME
|
|
|
1618 {
|
|
|
1619 ULONG64 InstructionOffset;
|
|
|
1620 ULONG64 ReturnOffset;
|
|
|
1621 ULONG64 FrameOffset;
|
|
|
1622 ULONG64 StackOffset;
|
|
|
1623 ULONG64 BackingStoreOffset;
|
|
|
1624 ULONG64 FuncTableEntry;
|
|
|
1625 ULONG64 Params[4];
|
|
|
1626 ULONG64 Reserved[5];
|
|
|
1627 BOOL Virtual;
|
|
|
1628 ULONG Reserved2;
|
|
|
1629 } IMAGEHLP_STACK_FRAME, *PIMAGEHLP_STACK_FRAME;
|
|
|
1630
|
|
|
1631 typedef VOID IMAGEHLP_CONTEXT, *PIMAGEHLP_CONTEXT;
|
|
|
1632
|
|
|
1633
|
|
|
1634 BOOL
|
|
|
1635 IMAGEAPI
|
|
|
1636 SymSetContext(
|
|
|
1637 HANDLE hProcess,
|
|
|
1638 PIMAGEHLP_STACK_FRAME StackFrame,
|
|
|
1639 PIMAGEHLP_CONTEXT Context
|
|
|
1640 );
|
|
|
1641
|
|
|
1642 BOOL
|
|
|
1643 IMAGEAPI
|
|
|
1644 SymFromAddr(
|
|
|
1645 IN HANDLE hProcess,
|
|
|
1646 IN DWORD64 Address,
|
|
|
1647 OUT PDWORD64 Displacement,
|
|
|
1648 IN OUT PSYMBOL_INFO Symbol
|
|
|
1649 );
|
|
|
1650
|
|
|
1651 // While SymFromName will provide a symbol from a name,
|
|
|
1652 // SymEnumSymbols can provide the same matching information
|
|
|
1653 // for ALL symbols with a matching name, even regular
|
|
|
1654 // expressions. That way you can search across modules
|
|
|
1655 // and differentiate between identically named symbols.
|
|
|
1656
|
|
|
1657 BOOL
|
|
|
1658 IMAGEAPI
|
|
|
1659 SymFromName(
|
|
|
1660 IN HANDLE hProcess,
|
|
|
1661 IN LPSTR Name,
|
|
|
1662 OUT PSYMBOL_INFO Symbol
|
|
|
1663 );
|
|
|
1664
|
|
|
1665 typedef BOOL
|
|
|
1666 (CALLBACK *PSYM_ENUMERATESYMBOLS_CALLBACK)(
|
|
|
1667 PSYMBOL_INFO pSymInfo,
|
|
|
1668 ULONG SymbolSize,
|
|
|
1669 PVOID UserContext
|
|
|
1670 );
|
|
|
1671
|
|
|
1672 BOOL
|
|
|
1673 IMAGEAPI
|
|
|
1674 SymEnumSymbols(
|
|
|
1675 IN HANDLE hProcess,
|
|
|
1676 IN ULONG64 BaseOfDll,
|
|
|
1677 IN PCSTR Mask,
|
|
|
1678 IN PSYM_ENUMERATESYMBOLS_CALLBACK EnumSymbolsCallback,
|
|
|
1679 IN PVOID UserContext
|
|
|
1680 );
|
|
|
1681
|
|
|
1682 BOOL
|
|
|
1683 IMAGEAPI
|
|
|
1684 SymEnumSymbolsForAddr(
|
|
|
1685 IN HANDLE hProcess,
|
|
|
1686 IN DWORD64 Address,
|
|
|
1687 IN PSYM_ENUMERATESYMBOLS_CALLBACK EnumSymbolsCallback,
|
|
|
1688 IN PVOID UserContext
|
|
|
1689 );
|
|
|
1690
|
|
|
1691 typedef enum _IMAGEHLP_SYMBOL_TYPE_INFO {
|
|
|
1692 TI_GET_SYMTAG,
|
|
|
1693 TI_GET_SYMNAME,
|
|
|
1694 TI_GET_LENGTH,
|
|
|
1695 TI_GET_TYPE,
|
|
|
1696 TI_GET_TYPEID,
|
|
|
1697 TI_GET_BASETYPE,
|
|
|
1698 TI_GET_ARRAYINDEXTYPEID,
|
|
|
1699 TI_FINDCHILDREN,
|
|
|
1700 TI_GET_DATAKIND,
|
|
|
1701 TI_GET_ADDRESSOFFSET,
|
|
|
1702 TI_GET_OFFSET,
|
|
|
1703 TI_GET_VALUE,
|
|
|
1704 TI_GET_COUNT,
|
|
|
1705 TI_GET_CHILDRENCOUNT,
|
|
|
1706 TI_GET_BITPOSITION,
|
|
|
1707 TI_GET_VIRTUALBASECLASS,
|
|
|
1708 TI_GET_VIRTUALTABLESHAPEID,
|
|
|
1709 TI_GET_VIRTUALBASEPOINTEROFFSET,
|
|
|
1710 TI_GET_CLASSPARENTID,
|
|
|
1711 TI_GET_NESTED,
|
|
|
1712 TI_GET_SYMINDEX,
|
|
|
1713 TI_GET_LEXICALPARENT,
|
|
|
1714 TI_GET_ADDRESS,
|
|
|
1715 TI_GET_THISADJUST,
|
|
|
1716 TI_GET_UDTKIND,
|
|
|
1717 TI_IS_EQUIV_TO,
|
|
|
1718 TI_GET_CALLING_CONVENTION,
|
|
|
1719 } IMAGEHLP_SYMBOL_TYPE_INFO;
|
|
|
1720
|
|
|
1721 typedef struct _TI_FINDCHILDREN_PARAMS {
|
|
|
1722 ULONG Count;
|
|
|
1723 ULONG Start;
|
|
|
1724 ULONG ChildId[1];
|
|
|
1725 } TI_FINDCHILDREN_PARAMS;
|
|
|
1726
|
|
|
1727 BOOL
|
|
|
1728 IMAGEAPI
|
|
|
1729 SymGetTypeInfo(
|
|
|
1730 IN HANDLE hProcess,
|
|
|
1731 IN DWORD64 ModBase,
|
|
|
1732 IN ULONG TypeId,
|
|
|
1733 IN IMAGEHLP_SYMBOL_TYPE_INFO GetType,
|
|
|
1734 OUT PVOID pInfo
|
|
|
1735 );
|
|
|
1736
|
|
|
1737 BOOL
|
|
|
1738 IMAGEAPI
|
|
|
1739 SymEnumTypes(
|
|
|
1740 IN HANDLE hProcess,
|
|
|
1741 IN ULONG64 BaseOfDll,
|
|
|
1742 IN PSYM_ENUMERATESYMBOLS_CALLBACK EnumSymbolsCallback,
|
|
|
1743 IN PVOID UserContext
|
|
|
1744 );
|
|
|
1745
|
|
|
1746 BOOL
|
|
|
1747 IMAGEAPI
|
|
|
1748 SymGetTypeFromName(
|
|
|
1749 IN HANDLE hProcess,
|
|
|
1750 IN ULONG64 BaseOfDll,
|
|
|
1751 IN LPSTR Name,
|
|
|
1752 OUT PSYMBOL_INFO Symbol
|
|
|
1753 );
|
|
|
1754
|
|
|
1755 BOOL
|
|
|
1756 IMAGEAPI
|
|
|
1757 SymAddSymbol(
|
|
|
1758 IN HANDLE hProcess,
|
|
|
1759 IN ULONG64 BaseOfDll,
|
|
|
1760 IN PCSTR Name,
|
|
|
1761 IN DWORD64 Address,
|
|
|
1762 IN DWORD Size,
|
|
|
1763 IN DWORD Flags
|
|
|
1764 );
|
|
|
1765
|
|
|
1766 BOOL
|
|
|
1767 IMAGEAPI
|
|
|
1768 SymDeleteSymbol(
|
|
|
1769 IN HANDLE hProcess,
|
|
|
1770 IN ULONG64 BaseOfDll,
|
|
|
1771 IN PCSTR Name,
|
|
|
1772 IN DWORD64 Address,
|
|
|
1773 IN DWORD Flags
|
|
|
1774 );
|
|
|
1775
|
|
|
1776 //
|
|
|
1777 // Full user-mode dump creation.
|
|
|
1778 //
|
|
|
1779
|
|
|
1780 typedef BOOL (WINAPI *PDBGHELP_CREATE_USER_DUMP_CALLBACK)(
|
|
|
1781 DWORD DataType,
|
|
|
1782 PVOID* Data,
|
|
|
1783 LPDWORD DataLength,
|
|
|
1784 PVOID UserData
|
|
|
1785 );
|
|
|
1786
|
|
|
1787 BOOL
|
|
|
1788 WINAPI
|
|
|
1789 DbgHelpCreateUserDump(
|
|
|
1790 IN LPSTR FileName,
|
|
|
1791 IN PDBGHELP_CREATE_USER_DUMP_CALLBACK Callback,
|
|
|
1792 IN PVOID UserData
|
|
|
1793 );
|
|
|
1794
|
|
|
1795 BOOL
|
|
|
1796 WINAPI
|
|
|
1797 DbgHelpCreateUserDumpW(
|
|
|
1798 IN LPWSTR FileName,
|
|
|
1799 IN PDBGHELP_CREATE_USER_DUMP_CALLBACK Callback,
|
|
|
1800 IN PVOID UserData
|
|
|
1801 );
|
|
|
1802
|
|
|
1803 // -----------------------------------------------------------------
|
|
|
1804 // The following 4 legacy APIs are fully supported, but newer
|
|
|
1805 // ones are recommended. SymFromName and SymFromAddr provide
|
|
|
1806 // much more detailed info on the returned symbol.
|
|
|
1807
|
|
|
1808 BOOL
|
|
|
1809 IMAGEAPI
|
|
|
1810 SymGetSymFromAddr64(
|
|
|
1811 IN HANDLE hProcess,
|
|
|
1812 IN DWORD64 qwAddr,
|
|
|
1813 OUT PDWORD64 pdwDisplacement,
|
|
|
1814 OUT PIMAGEHLP_SYMBOL64 Symbol
|
|
|
1815 );
|
|
|
1816
|
|
|
1817 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
|
|
1818 #define SymGetSymFromAddr SymGetSymFromAddr64
|
|
|
1819 #else
|
|
|
1820 BOOL
|
|
|
1821 IMAGEAPI
|
|
|
1822 SymGetSymFromAddr(
|
|
|
1823 IN HANDLE hProcess,
|
|
|
1824 IN DWORD dwAddr,
|
|
|
1825 OUT PDWORD pdwDisplacement,
|
|
|
1826 OUT PIMAGEHLP_SYMBOL Symbol
|
|
|
1827 );
|
|
|
1828 #endif
|
|
|
1829
|
|
|
1830 // While following two APIs will provide a symbol from a name,
|
|
|
1831 // SymEnumSymbols can provide the same matching information
|
|
|
1832 // for ALL symbols with a matching name, even regular
|
|
|
1833 // expressions. That way you can search across modules
|
|
|
1834 // and differentiate between identically named symbols.
|
|
|
1835
|
|
|
1836 BOOL
|
|
|
1837 IMAGEAPI
|
|
|
1838 SymGetSymFromName64(
|
|
|
1839 IN HANDLE hProcess,
|
|
|
1840 IN PSTR Name,
|
|
|
1841 OUT PIMAGEHLP_SYMBOL64 Symbol
|
|
|
1842 );
|
|
|
1843
|
|
|
1844 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
|
|
1845 #define SymGetSymFromName SymGetSymFromName64
|
|
|
1846 #else
|
|
|
1847 BOOL
|
|
|
1848 IMAGEAPI
|
|
|
1849 SymGetSymFromName(
|
|
|
1850 IN HANDLE hProcess,
|
|
|
1851 IN PSTR Name,
|
|
|
1852 OUT PIMAGEHLP_SYMBOL Symbol
|
|
|
1853 );
|
|
|
1854 #endif
|
|
|
1855
|
|
|
1856
|
|
|
1857 // -----------------------------------------------------------------
|
|
|
1858 // The following APIs exist only for backwards compatibility
|
|
|
1859 // with a pre-release version documented in an MSDN release.
|
|
|
1860
|
|
|
1861 // You should use SymFindFileInPath if you want to maintain
|
|
|
1862 // future compatibility.
|
|
|
1863
|
|
|
1864 DBHLP_DEPRECIATED
|
|
|
1865 BOOL
|
|
|
1866 IMAGEAPI
|
|
|
1867 FindFileInPath(
|
|
|
1868 HANDLE hprocess,
|
|
|
1869 LPSTR SearchPath,
|
|
|
1870 LPSTR FileName,
|
|
|
1871 PVOID id,
|
|
|
1872 DWORD two,
|
|
|
1873 DWORD three,
|
|
|
1874 DWORD flags,
|
|
|
1875 LPSTR FilePath
|
|
|
1876 );
|
|
|
1877
|
|
|
1878 // You should use SymFindFileInPath if you want to maintain
|
|
|
1879 // future compatibility.
|
|
|
1880
|
|
|
1881 DBHLP_DEPRECIATED
|
|
|
1882 BOOL
|
|
|
1883 IMAGEAPI
|
|
|
1884 FindFileInSearchPath(
|
|
|
1885 HANDLE hprocess,
|
|
|
1886 LPSTR SearchPath,
|
|
|
1887 LPSTR FileName,
|
|
|
1888 DWORD one,
|
|
|
1889 DWORD two,
|
|
|
1890 DWORD three,
|
|
|
1891 LPSTR FilePath
|
|
|
1892 );
|
|
|
1893
|
|
|
1894 DBHLP_DEPRECIATED
|
|
|
1895 BOOL
|
|
|
1896 IMAGEAPI
|
|
|
1897 SymEnumSym(
|
|
|
1898 IN HANDLE hProcess,
|
|
|
1899 IN ULONG64 BaseOfDll,
|
|
|
1900 IN PSYM_ENUMERATESYMBOLS_CALLBACK EnumSymbolsCallback,
|
|
|
1901 IN PVOID UserContext
|
|
|
1902 );
|
|
|
1903
|
|
|
1904 // These values should not be used.
|
|
|
1905 // They have been replaced by SYMFLAG_ values.
|
|
|
1906
|
|
|
1907 #define SYMF_OMAP_GENERATED 0x00000001
|
|
|
1908 #define SYMF_OMAP_MODIFIED 0x00000002
|
|
|
1909 #define SYMF_REGISTER 0x00000008
|
|
|
1910 #define SYMF_REGREL 0x00000010
|
|
|
1911 #define SYMF_FRAMEREL 0x00000020
|
|
|
1912 #define SYMF_PARAMETER 0x00000040
|
|
|
1913 #define SYMF_LOCAL 0x00000080
|
|
|
1914 #define SYMF_CONSTANT 0x00000100
|
|
|
1915 #define SYMF_EXPORT 0x00000200
|
|
|
1916 #define SYMF_FORWARDER 0x00000400
|
|
|
1917 #define SYMF_FUNCTION 0x00000800
|
|
|
1918 #define SYMF_VIRTUAL 0x00001000
|
|
|
1919 #define SYMF_THUNK 0x00002000
|
|
|
1920 #define SYMF_TLSREL 0x00004000
|
|
|
1921
|
|
|
1922 // These values should also not be used.
|
|
|
1923 // They have been replaced by SYMFLAG_ values.
|
|
|
1924
|
|
|
1925 #define IMAGEHLP_SYMBOL_INFO_VALUEPRESENT 1
|
|
|
1926 #define IMAGEHLP_SYMBOL_INFO_REGISTER SYMF_REGISTER // 0x0008
|
|
|
1927 #define IMAGEHLP_SYMBOL_INFO_REGRELATIVE SYMF_REGREL // 0x0010
|
|
|
1928 #define IMAGEHLP_SYMBOL_INFO_FRAMERELATIVE SYMF_FRAMEREL // 0x0020
|
|
|
1929 #define IMAGEHLP_SYMBOL_INFO_PARAMETER SYMF_PARAMETER // 0x0040
|
|
|
1930 #define IMAGEHLP_SYMBOL_INFO_LOCAL SYMF_LOCAL // 0x0080
|
|
|
1931 #define IMAGEHLP_SYMBOL_INFO_CONSTANT SYMF_CONSTANT // 0x0100
|
|
|
1932 #define IMAGEHLP_SYMBOL_FUNCTION SYMF_FUNCTION // 0x0800
|
|
|
1933 #define IMAGEHLP_SYMBOL_VIRTUAL SYMF_VIRTUAL // 0x1000
|
|
|
1934 #define IMAGEHLP_SYMBOL_THUNK SYMF_THUNK // 0x2000
|
|
|
1935 #define IMAGEHLP_SYMBOL_INFO_TLSRELATIVE SYMF_TLSREL // 0x4000
|
|
|
1936
|
|
|
1937
|
|
|
1938 #include <pshpack4.h>
|
|
|
1939
|
|
|
1940 #pragma warning(disable:4200) // Zero length array
|
|
|
1941
|
|
|
1942
|
|
|
1943 #define MINIDUMP_SIGNATURE ('PMDM')
|
|
|
1944 #define MINIDUMP_VERSION (42899)
|
|
|
1945 +/
|
|
|
1946
|
|
|
1947 alias DWORD RVA;
|
|
|
1948 alias ULONG64 RVA64;
|
|
|
1949
|
|
|
1950 struct MINIDUMP_LOCATION_DESCRIPTOR {
|
|
|
1951 ULONG32 DataSize;
|
|
|
1952 RVA Rva;
|
|
|
1953 }
|
|
|
1954
|
|
|
1955 struct MINIDUMP_LOCATION_DESCRIPTOR64 {
|
|
|
1956 ULONG64 DataSize;
|
|
|
1957 RVA64 Rva;
|
|
|
1958 }
|
|
|
1959
|
|
|
1960 struct MINIDUMP_MEMORY_DESCRIPTOR {
|
|
|
1961 ULONG64 StartOfMemoryRange;
|
|
|
1962 MINIDUMP_LOCATION_DESCRIPTOR Memory;
|
|
|
1963 }
|
|
|
1964 alias MINIDUMP_MEMORY_DESCRIPTOR* PMINIDUMP_MEMORY_DESCRIPTOR;
|
|
|
1965
|
|
|
1966 // DESCRIPTOR64 is used for full-memory minidumps where
|
|
|
1967 // all of the raw memory is laid out sequentially at the
|
|
|
1968 // end of the dump. There is no need for individual RVAs
|
|
|
1969 // as the RVA is the base RVA plus the sum of the preceeding
|
|
|
1970 // data blocks.
|
|
|
1971 struct MINIDUMP_MEMORY_DESCRIPTOR64 {
|
|
|
1972 ULONG64 StartOfMemoryRange;
|
|
|
1973 ULONG64 DataSize;
|
|
|
1974 }
|
|
|
1975 alias MINIDUMP_MEMORY_DESCRIPTOR64* PMINIDUMP_MEMORY_DESCRIPTOR64;
|
|
|
1976
|
|
|
1977
|
|
|
1978 struct MINIDUMP_HEADER {
|
|
|
1979 ULONG32 Signature;
|
|
|
1980 ULONG32 Version;
|
|
|
1981 ULONG32 NumberOfStreams;
|
|
|
1982 RVA StreamDirectoryRva;
|
|
|
1983 ULONG32 CheckSum;
|
|
|
1984 union {
|
|
|
1985 ULONG32 Reserved;
|
|
|
1986 ULONG32 TimeDateStamp;
|
|
|
1987 };
|
|
|
1988 ULONG64 Flags;
|
|
|
1989 }
|
|
|
1990 alias MINIDUMP_HEADER* PMINIDUMP_HEADER;
|
|
|
1991
|
|
|
1992 //
|
|
|
1993 // The MINIDUMP_HEADER field StreamDirectoryRva points to
|
|
|
1994 // an array of MINIDUMP_DIRECTORY structures.
|
|
|
1995 //
|
|
|
1996
|
|
|
1997 struct MINIDUMP_DIRECTORY {
|
|
|
1998 ULONG32 StreamType;
|
|
|
1999 MINIDUMP_LOCATION_DESCRIPTOR Location;
|
|
|
2000 }
|
|
|
2001 alias MINIDUMP_DIRECTORY* PMINIDUMP_DIRECTORY;
|
|
|
2002
|
|
|
2003
|
|
|
2004 struct MINIDUMP_STRING {
|
|
|
2005 ULONG32 Length; // Length in bytes of the string
|
|
|
2006 WCHAR Buffer [0]; // Variable size buffer
|
|
|
2007 }
|
|
|
2008 alias MINIDUMP_STRING* PMINIDUMP_STRING;
|
|
|
2009
|
|
|
2010 //
|
|
|
2011 // The MINIDUMP_DIRECTORY field StreamType may be one of the following types.
|
|
|
2012 // Types will be added in the future, so if a program reading the minidump
|
|
|
2013 // header encounters a stream type it does not understand it should ignore
|
|
|
2014 // the data altogether. Any tag above LastReservedStream will not be used by
|
|
|
2015 // the system and is reserved for program-specific information.
|
|
|
2016 //
|
|
|
2017
|
|
|
2018 enum MINIDUMP_STREAM_TYPE {
|
|
|
2019
|
|
|
2020 UnusedStream = 0,
|
|
|
2021 ReservedStream0 = 1,
|
|
|
2022 ReservedStream1 = 2,
|
|
|
2023 ThreadListStream = 3,
|
|
|
2024 ModuleListStream = 4,
|
|
|
2025 MemoryListStream = 5,
|
|
|
2026 ExceptionStream = 6,
|
|
|
2027 SystemInfoStream = 7,
|
|
|
2028 ThreadExListStream = 8,
|
|
|
2029 Memory64ListStream = 9,
|
|
|
2030 CommentStreamA = 10,
|
|
|
2031 CommentStreamW = 11,
|
|
|
2032 HandleDataStream = 12,
|
|
|
2033 FunctionTableStream = 13,
|
|
|
2034 UnloadedModuleListStream = 14,
|
|
|
2035 MiscInfoStream = 15,
|
|
|
2036
|
|
|
2037 LastReservedStream = 0xffff
|
|
|
2038
|
|
|
2039 }
|
|
|
2040
|
|
|
2041
|
|
|
2042 //
|
|
|
2043 // The minidump system information contains processor and
|
|
|
2044 // Operating System specific information.
|
|
|
2045 //
|
|
|
2046
|
|
|
2047 /+
|
|
|
2048 #if defined(_MSC_VER)
|
|
|
2049 #if _MSC_VER >= 800
|
|
|
2050 #if _MSC_VER >= 1200
|
|
|
2051 #pragma warning(push)
|
|
|
2052 #endif
|
|
|
2053 #pragma warning(disable:4201) /* Nameless struct/union */
|
|
|
2054 #endif
|
|
|
2055 #endif
|
|
|
2056 +/
|
|
|
2057
|
|
|
2058 struct MINIDUMP_SYSTEM_INFO {
|
|
|
2059
|
|
|
2060 //
|
|
|
2061 // ProcessorArchitecture, ProcessorLevel and ProcessorRevision are all
|
|
|
2062 // taken from the SYSTEM_INFO structure obtained by GetSystemInfo( ).
|
|
|
2063 //
|
|
|
2064
|
|
|
2065 USHORT ProcessorArchitecture;
|
|
|
2066 USHORT ProcessorLevel;
|
|
|
2067 USHORT ProcessorRevision;
|
|
|
2068
|
|
|
2069 union {
|
|
|
2070 USHORT Reserved0;
|
|
|
2071 struct {
|
|
|
2072 UCHAR NumberOfProcessors;
|
|
|
2073 UCHAR ProductType;
|
|
|
2074 };
|
|
|
2075 };
|
|
|
2076
|
|
|
2077 //
|
|
|
2078 // MajorVersion, MinorVersion, BuildNumber, PlatformId and
|
|
|
2079 // CSDVersion are all taken from the OSVERSIONINFO structure
|
|
|
2080 // returned by GetVersionEx( ).
|
|
|
2081 //
|
|
|
2082
|
|
|
2083 ULONG32 MajorVersion;
|
|
|
2084 ULONG32 MinorVersion;
|
|
|
2085 ULONG32 BuildNumber;
|
|
|
2086 ULONG32 PlatformId;
|
|
|
2087
|
|
|
2088 //
|
|
|
2089 // RVA to a CSDVersion string in the string table.
|
|
|
2090 //
|
|
|
2091
|
|
|
2092 RVA CSDVersionRva;
|
|
|
2093
|
|
|
2094 union {
|
|
|
2095 ULONG32 Reserved1;
|
|
|
2096 struct {
|
|
|
2097 USHORT SuiteMask;
|
|
|
2098 USHORT Reserved2;
|
|
|
2099 };
|
|
|
2100 };
|
|
|
2101
|
|
|
2102 //
|
|
|
2103 // CPU information is obtained from one of two places.
|
|
|
2104 //
|
|
|
2105 // 1) On x86 computers, CPU_INFORMATION is obtained from the CPUID
|
|
|
2106 // instruction. You must use the X86 portion of the union for X86
|
|
|
2107 // computers.
|
|
|
2108 //
|
|
|
2109 // 2) On non-x86 architectures, CPU_INFORMATION is obtained by calling
|
|
|
2110 // IsProcessorFeatureSupported().
|
|
|
2111 //
|
|
|
2112
|
|
|
2113 union CPU_INFORMATION {
|
|
|
2114
|
|
|
2115 //
|
|
|
2116 // X86 platforms use CPUID function to obtain processor information.
|
|
|
2117 //
|
|
|
2118
|
|
|
2119 struct _X86CpuInfo_t {
|
|
|
2120
|
|
|
2121 //
|
|
|
2122 // CPUID Subfunction 0, register EAX (VendorId [0]),
|
|
|
2123 // EBX (VendorId [1]) and ECX (VendorId [2]).
|
|
|
2124 //
|
|
|
2125
|
|
|
2126 ULONG32 VendorId [ 3 ];
|
|
|
2127
|
|
|
2128 //
|
|
|
2129 // CPUID Subfunction 1, register EAX
|
|
|
2130 //
|
|
|
2131
|
|
|
2132 ULONG32 VersionInformation;
|
|
|
2133
|
|
|
2134 //
|
|
|
2135 // CPUID Subfunction 1, register EDX
|
|
|
2136 //
|
|
|
2137
|
|
|
2138 ULONG32 FeatureInformation;
|
|
|
2139
|
|
|
2140
|
|
|
2141 //
|
|
|
2142 // CPUID, Subfunction 80000001, register EBX. This will only
|
|
|
2143 // be obtained if the vendor id is "AuthenticAMD".
|
|
|
2144 //
|
|
|
2145
|
|
|
2146 ULONG32 AMDExtendedCpuFeatures;
|
|
|
2147
|
|
|
2148 }
|
|
|
2149 _X86CpuInfo_t X86CpuInfo;
|
|
|
2150
|
|
|
2151 //
|
|
|
2152 // Non-x86 platforms use processor feature flags.
|
|
|
2153 //
|
|
|
2154
|
|
|
2155 struct _OtherCpuInfo_t {
|
|
|
2156
|
|
|
2157 ULONG64 ProcessorFeatures [ 2 ];
|
|
|
2158
|
|
|
2159 }
|
|
|
2160 _OtherCpuInfo_t OtherCpuInfo;
|
|
|
2161
|
|
|
2162 }
|
|
|
2163 CPU_INFORMATION Cpu;
|
|
|
2164
|
|
|
2165 }
|
|
|
2166 alias MINIDUMP_SYSTEM_INFO* PMINIDUMP_SYSTEM_INFO;
|
|
|
2167 alias MINIDUMP_SYSTEM_INFO.CPU_INFORMATION* PCPU_INFORMATION;
|
|
|
2168
|
|
|
2169 /+
|
|
|
2170 #if defined(_MSC_VER)
|
|
|
2171 #if _MSC_VER >= 800
|
|
|
2172 #if _MSC_VER >= 1200
|
|
|
2173 #pragma warning(pop)
|
|
|
2174 #else
|
|
|
2175 #pragma warning(disable:4201) /* Nameless struct/union */
|
|
|
2176 #endif
|
|
|
2177 #endif
|
|
|
2178 #endif
|
|
|
2179 +/
|
|
|
2180
|
|
|
2181 //
|
|
|
2182 // The minidump thread contains standard thread
|
|
|
2183 // information plus an RVA to the memory for this
|
|
|
2184 // thread and an RVA to the CONTEXT structure for
|
|
|
2185 // this thread.
|
|
|
2186 //
|
|
|
2187
|
|
|
2188
|
|
|
2189 //
|
|
|
2190 // ThreadId must be 4 bytes on all architectures.
|
|
|
2191 //
|
|
|
2192
|
|
|
2193 //C_ASSERT (sizeof ( ((PPROCESS_INFORMATION)0)->dwThreadId ) == 4);
|
|
|
2194
|
|
|
2195 struct MINIDUMP_THREAD {
|
|
|
2196 ULONG32 ThreadId;
|
|
|
2197 ULONG32 SuspendCount;
|
|
|
2198 ULONG32 PriorityClass;
|
|
|
2199 ULONG32 Priority;
|
|
|
2200 ULONG64 Teb;
|
|
|
2201 MINIDUMP_MEMORY_DESCRIPTOR Stack;
|
|
|
2202 MINIDUMP_LOCATION_DESCRIPTOR ThreadContext;
|
|
|
2203 }
|
|
|
2204 alias MINIDUMP_THREAD* PMINIDUMP_THREAD;
|
|
|
2205
|
|
|
2206 //
|
|
|
2207 // The thread list is a container of threads.
|
|
|
2208 //
|
|
|
2209
|
|
|
2210 struct MINIDUMP_THREAD_LIST {
|
|
|
2211 ULONG32 NumberOfThreads;
|
|
|
2212 MINIDUMP_THREAD Threads [0];
|
|
|
2213 }
|
|
|
2214 alias MINIDUMP_THREAD_LIST* PMINIDUMP_THREAD_LIST;
|
|
|
2215
|
|
|
2216
|
|
|
2217 struct MINIDUMP_THREAD_EX {
|
|
|
2218 ULONG32 ThreadId;
|
|
|
2219 ULONG32 SuspendCount;
|
|
|
2220 ULONG32 PriorityClass;
|
|
|
2221 ULONG32 Priority;
|
|
|
2222 ULONG64 Teb;
|
|
|
2223 MINIDUMP_MEMORY_DESCRIPTOR Stack;
|
|
|
2224 MINIDUMP_LOCATION_DESCRIPTOR ThreadContext;
|
|
|
2225 MINIDUMP_MEMORY_DESCRIPTOR BackingStore;
|
|
|
2226 }
|
|
|
2227 alias MINIDUMP_THREAD_EX* PMINIDUMP_THREAD_EX;
|
|
|
2228
|
|
|
2229 //
|
|
|
2230 // The thread list is a container of threads.
|
|
|
2231 //
|
|
|
2232
|
|
|
2233 struct MINIDUMP_THREAD_EX_LIST {
|
|
|
2234 ULONG32 NumberOfThreads;
|
|
|
2235 MINIDUMP_THREAD_EX Threads [0];
|
|
|
2236 }
|
|
|
2237 alias MINIDUMP_THREAD_EX_LIST* PMINIDUMP_THREAD_EX_LIST;
|
|
|
2238
|
|
|
2239
|
|
|
2240 //
|
|
|
2241 // The MINIDUMP_EXCEPTION is the same as EXCEPTION on Win64.
|
|
|
2242 //
|
|
|
2243
|
|
|
2244 struct MINIDUMP_EXCEPTION {
|
|
|
2245 ULONG32 ExceptionCode;
|
|
|
2246 ULONG32 ExceptionFlags;
|
|
|
2247 ULONG64 ExceptionRecord;
|
|
|
2248 ULONG64 ExceptionAddress;
|
|
|
2249 ULONG32 NumberParameters;
|
|
|
2250 ULONG32 __unusedAlignment;
|
|
|
2251 ULONG64 ExceptionInformation [ EXCEPTION_MAXIMUM_PARAMETERS ];
|
|
|
2252 }
|
|
|
2253 alias MINIDUMP_EXCEPTION* PMINIDUMP_EXCEPTION;
|
|
|
2254
|
|
|
2255
|
|
|
2256 //
|
|
|
2257 // The exception information stream contains the id of the thread that caused
|
|
|
2258 // the exception (ThreadId), the exception record for the exception
|
|
|
2259 // (ExceptionRecord) and an RVA to the thread context where the exception
|
|
|
2260 // occured.
|
|
|
2261 //
|
|
|
2262
|
|
|
2263 struct MINIDUMP_EXCEPTION_STREAM {
|
|
|
2264 ULONG32 ThreadId;
|
|
|
2265 ULONG32 __alignment;
|
|
|
2266 MINIDUMP_EXCEPTION ExceptionRecord;
|
|
|
2267 MINIDUMP_LOCATION_DESCRIPTOR ThreadContext;
|
|
|
2268 }
|
|
|
2269 alias MINIDUMP_EXCEPTION_STREAM* PMINIDUMP_EXCEPTION_STREAM;
|
|
|
2270
|
|
|
2271
|
|
|
2272 //
|
|
|
2273 // The MINIDUMP_MODULE contains information about a
|
|
|
2274 // a specific module. It includes the CheckSum and
|
|
|
2275 // the TimeDateStamp for the module so the module
|
|
|
2276 // can be reloaded during the analysis phase.
|
|
|
2277 //
|
|
|
2278
|
|
|
2279 struct MINIDUMP_MODULE {
|
|
|
2280 ULONG64 BaseOfImage;
|
|
|
2281 ULONG32 SizeOfImage;
|
|
|
2282 ULONG32 CheckSum;
|
|
|
2283 ULONG32 TimeDateStamp;
|
|
|
2284 RVA ModuleNameRva;
|
|
|
2285 VS_FIXEDFILEINFO VersionInfo;
|
|
|
2286 MINIDUMP_LOCATION_DESCRIPTOR CvRecord;
|
|
|
2287 MINIDUMP_LOCATION_DESCRIPTOR MiscRecord;
|
|
|
2288 ULONG64 Reserved0; // Reserved for future use.
|
|
|
2289 ULONG64 Reserved1; // Reserved for future use.
|
|
|
2290 }
|
|
|
2291 alias MINIDUMP_MODULE* PMINIDUMP_MODULE;
|
|
|
2292
|
|
|
2293
|
|
|
2294 //
|
|
|
2295 // The minidump module list is a container for modules.
|
|
|
2296 //
|
|
|
2297
|
|
|
2298 struct MINIDUMP_MODULE_LIST {
|
|
|
2299 ULONG32 NumberOfModules;
|
|
|
2300 MINIDUMP_MODULE Modules [ 0 ];
|
|
|
2301 }
|
|
|
2302 alias MINIDUMP_MODULE_LIST* PMINIDUMP_MODULE_LIST;
|
|
|
2303
|
|
|
2304
|
|
|
2305 //
|
|
|
2306 // Memory Ranges
|
|
|
2307 //
|
|
|
2308
|
|
|
2309 struct MINIDUMP_MEMORY_LIST {
|
|
|
2310 ULONG32 NumberOfMemoryRanges;
|
|
|
2311 MINIDUMP_MEMORY_DESCRIPTOR MemoryRanges [0];
|
|
|
2312 }
|
|
|
2313 alias MINIDUMP_MEMORY_LIST* PMINIDUMP_MEMORY_LIST;
|
|
|
2314
|
|
|
2315 struct MINIDUMP_MEMORY64_LIST {
|
|
|
2316 ULONG64 NumberOfMemoryRanges;
|
|
|
2317 RVA64 BaseRva;
|
|
|
2318 MINIDUMP_MEMORY_DESCRIPTOR64 MemoryRanges [0];
|
|
|
2319 }
|
|
|
2320 alias MINIDUMP_MEMORY64_LIST* PMINIDUMP_MEMORY64_LIST;
|
|
|
2321
|
|
|
2322
|
|
|
2323 //
|
|
|
2324 // Support for user supplied exception information.
|
|
|
2325 //
|
|
|
2326
|
|
|
2327 struct MINIDUMP_EXCEPTION_INFORMATION {
|
|
|
2328 DWORD ThreadId;
|
|
|
2329 PEXCEPTION_POINTERS ExceptionPointers;
|
|
|
2330 BOOL ClientPointers;
|
|
|
2331 };
|
|
|
2332 alias MINIDUMP_EXCEPTION_INFORMATION* PMINIDUMP_EXCEPTION_INFORMATION;
|
|
|
2333
|
|
|
2334 //
|
|
|
2335 // Support for capturing system handle state at the time of the dump.
|
|
|
2336 //
|
|
|
2337
|
|
|
2338 struct MINIDUMP_HANDLE_DESCRIPTOR {
|
|
|
2339 ULONG64 Handle;
|
|
|
2340 RVA TypeNameRva;
|
|
|
2341 RVA ObjectNameRva;
|
|
|
2342 ULONG32 Attributes;
|
|
|
2343 ULONG32 GrantedAccess;
|
|
|
2344 ULONG32 HandleCount;
|
|
|
2345 ULONG32 PointerCount;
|
|
|
2346 }
|
|
|
2347 alias MINIDUMP_HANDLE_DESCRIPTOR* PMINIDUMP_HANDLE_DESCRIPTOR;
|
|
|
2348
|
|
|
2349 struct MINIDUMP_HANDLE_DATA_STREAM {
|
|
|
2350 ULONG32 SizeOfHeader;
|
|
|
2351 ULONG32 SizeOfDescriptor;
|
|
|
2352 ULONG32 NumberOfDescriptors;
|
|
|
2353 ULONG32 Reserved;
|
|
|
2354 }
|
|
|
2355 alias MINIDUMP_HANDLE_DATA_STREAM* PMINIDUMP_HANDLE_DATA_STREAM;
|
|
|
2356
|
|
|
2357
|
|
|
2358 //
|
|
|
2359 // Support for capturing dynamic function table state at the time of the dump.
|
|
|
2360 //
|
|
|
2361
|
|
|
2362 struct MINIDUMP_FUNCTION_TABLE_DESCRIPTOR {
|
|
|
2363 ULONG64 MinimumAddress;
|
|
|
2364 ULONG64 MaximumAddress;
|
|
|
2365 ULONG64 BaseAddress;
|
|
|
2366 ULONG32 EntryCount;
|
|
|
2367 ULONG32 SizeOfAlignPad;
|
|
|
2368 }
|
|
|
2369 alias MINIDUMP_FUNCTION_TABLE_DESCRIPTOR* PMINIDUMP_FUNCTION_TABLE_DESCRIPTOR;
|
|
|
2370
|
|
|
2371 struct MINIDUMP_FUNCTION_TABLE_STREAM {
|
|
|
2372 ULONG32 SizeOfHeader;
|
|
|
2373 ULONG32 SizeOfDescriptor;
|
|
|
2374 ULONG32 SizeOfNativeDescriptor;
|
|
|
2375 ULONG32 SizeOfFunctionEntry;
|
|
|
2376 ULONG32 NumberOfDescriptors;
|
|
|
2377 ULONG32 SizeOfAlignPad;
|
|
|
2378 }
|
|
|
2379 alias MINIDUMP_FUNCTION_TABLE_STREAM* PMINIDUMP_FUNCTION_TABLE_STREAM;
|
|
|
2380
|
|
|
2381
|
|
|
2382 //
|
|
|
2383 // The MINIDUMP_UNLOADED_MODULE contains information about a
|
|
|
2384 // a specific module that was previously loaded but no
|
|
|
2385 // longer is. This can help with diagnosing problems where
|
|
|
2386 // callers attempt to call code that is no longer loaded.
|
|
|
2387 //
|
|
|
2388
|
|
|
2389 struct MINIDUMP_UNLOADED_MODULE {
|
|
|
2390 ULONG64 BaseOfImage;
|
|
|
2391 ULONG32 SizeOfImage;
|
|
|
2392 ULONG32 CheckSum;
|
|
|
2393 ULONG32 TimeDateStamp;
|
|
|
2394 RVA ModuleNameRva;
|
|
|
2395 }
|
|
|
2396 alias MINIDUMP_UNLOADED_MODULE* PMINIDUMP_UNLOADED_MODULE;
|
|
|
2397
|
|
|
2398
|
|
|
2399 //
|
|
|
2400 // The minidump unloaded module list is a container for unloaded modules.
|
|
|
2401 //
|
|
|
2402
|
|
|
2403 struct MINIDUMP_UNLOADED_MODULE_LIST {
|
|
|
2404 ULONG32 SizeOfHeader;
|
|
|
2405 ULONG32 SizeOfEntry;
|
|
|
2406 ULONG32 NumberOfEntries;
|
|
|
2407 }
|
|
|
2408 alias MINIDUMP_UNLOADED_MODULE_LIST* PMINIDUMP_UNLOADED_MODULE_LIST;
|
|
|
2409
|
|
|
2410
|
|
|
2411 //
|
|
|
2412 // The miscellaneous information stream contains a variety
|
|
|
2413 // of small pieces of information. A member is valid if
|
|
|
2414 // it's within the available size and its corresponding
|
|
|
2415 // bit is set.
|
|
|
2416 //
|
|
|
2417
|
|
|
2418 enum : uint {
|
|
|
2419 MINIDUMP_MISC1_PROCESS_ID = 0x00000001,
|
|
|
2420 MINIDUMP_MISC1_PROCESS_TIMES
|
|
|
2421 }
|
|
|
2422
|
|
|
2423 struct MINIDUMP_MISC_INFO {
|
|
|
2424 ULONG32 SizeOfInfo;
|
|
|
2425 ULONG32 Flags1;
|
|
|
2426 ULONG32 ProcessId;
|
|
|
2427 ULONG32 ProcessCreateTime;
|
|
|
2428 ULONG32 ProcessUserTime;
|
|
|
2429 ULONG32 ProcessKernelTime;
|
|
|
2430 }
|
|
|
2431 alias MINIDUMP_MISC_INFO* PMINIDUMP_MISC_INFO;
|
|
|
2432
|
|
|
2433
|
|
|
2434 //
|
|
|
2435 // Support for arbitrary user-defined information.
|
|
|
2436 //
|
|
|
2437
|
|
|
2438 struct MINIDUMP_USER_RECORD {
|
|
|
2439 ULONG32 Type;
|
|
|
2440 MINIDUMP_LOCATION_DESCRIPTOR Memory;
|
|
|
2441 }
|
|
|
2442 alias MINIDUMP_USER_RECORD* PMINIDUMP_USER_RECORD;
|
|
|
2443
|
|
|
2444
|
|
|
2445 struct MINIDUMP_USER_STREAM {
|
|
|
2446 ULONG32 Type;
|
|
|
2447 ULONG BufferSize;
|
|
|
2448 PVOID Buffer;
|
|
|
2449 }
|
|
|
2450 alias MINIDUMP_USER_STREAM* PMINIDUMP_USER_STREAM;
|
|
|
2451
|
|
|
2452 struct MINIDUMP_USER_STREAM_INFORMATION {
|
|
|
2453 ULONG UserStreamCount;
|
|
|
2454 PMINIDUMP_USER_STREAM UserStreamArray;
|
|
|
2455 }
|
|
|
2456 alias MINIDUMP_USER_STREAM_INFORMATION* PMINIDUMP_USER_STREAM_INFORMATION;
|
|
|
2457
|
|
|
2458 //
|
|
|
2459 // Callback support.
|
|
|
2460 //
|
|
|
2461
|
|
|
2462 enum MINIDUMP_CALLBACK_TYPE {
|
|
|
2463 ModuleCallback,
|
|
|
2464 ThreadCallback,
|
|
|
2465 ThreadExCallback,
|
|
|
2466 IncludeThreadCallback,
|
|
|
2467 IncludeModuleCallback,
|
|
|
2468 }
|
|
|
2469
|
|
|
2470
|
|
|
2471 struct MINIDUMP_THREAD_CALLBACK {
|
|
|
2472 ULONG ThreadId;
|
|
|
2473 HANDLE ThreadHandle;
|
|
|
2474 CONTEXT Context;
|
|
|
2475 ULONG SizeOfContext;
|
|
|
2476 ULONG64 StackBase;
|
|
|
2477 ULONG64 StackEnd;
|
|
|
2478 }
|
|
|
2479 alias MINIDUMP_THREAD_CALLBACK* PMINIDUMP_THREAD_CALLBACK;
|
|
|
2480
|
|
|
2481 struct MINIDUMP_THREAD_EX_CALLBACK {
|
|
|
2482 ULONG ThreadId;
|
|
|
2483 HANDLE ThreadHandle;
|
|
|
2484 CONTEXT Context;
|
|
|
2485 ULONG SizeOfContext;
|
|
|
2486 ULONG64 StackBase;
|
|
|
2487 ULONG64 StackEnd;
|
|
|
2488 ULONG64 BackingStoreBase;
|
|
|
2489 ULONG64 BackingStoreEnd;
|
|
|
2490 }
|
|
|
2491 alias MINIDUMP_THREAD_EX_CALLBACK* PMINIDUMP_THREAD_EX_CALLBACK;
|
|
|
2492
|
|
|
2493
|
|
|
2494 struct MINIDUMP_INCLUDE_THREAD_CALLBACK {
|
|
|
2495 ULONG ThreadId;
|
|
|
2496 }
|
|
|
2497 alias MINIDUMP_INCLUDE_THREAD_CALLBACK* PMINIDUMP_INCLUDE_THREAD_CALLBACK;
|
|
|
2498
|
|
|
2499
|
|
|
2500 enum THREAD_WRITE_FLAGS {
|
|
|
2501 ThreadWriteThread = 0x0001,
|
|
|
2502 ThreadWriteStack = 0x0002,
|
|
|
2503 ThreadWriteContext = 0x0004,
|
|
|
2504 ThreadWriteBackingStore = 0x0008,
|
|
|
2505 ThreadWriteInstructionWindow = 0x0010,
|
|
|
2506 ThreadWriteThreadData = 0x0020,
|
|
|
2507 }
|
|
|
2508
|
|
|
2509 struct MINIDUMP_MODULE_CALLBACK {
|
|
|
2510 PWCHAR FullPath;
|
|
|
2511 ULONG64 BaseOfImage;
|
|
|
2512 ULONG SizeOfImage;
|
|
|
2513 ULONG CheckSum;
|
|
|
2514 ULONG TimeDateStamp;
|
|
|
2515 VS_FIXEDFILEINFO VersionInfo;
|
|
|
2516 PVOID CvRecord;
|
|
|
2517 ULONG SizeOfCvRecord;
|
|
|
2518 PVOID MiscRecord;
|
|
|
2519 ULONG SizeOfMiscRecord;
|
|
|
2520 }
|
|
|
2521 alias MINIDUMP_MODULE_CALLBACK* PMINIDUMP_MODULE_CALLBACK;
|
|
|
2522
|
|
|
2523
|
|
|
2524 struct MINIDUMP_INCLUDE_MODULE_CALLBACK {
|
|
|
2525 ULONG64 BaseOfImage;
|
|
|
2526 }
|
|
|
2527 alias MINIDUMP_INCLUDE_MODULE_CALLBACK* PMINIDUMP_INCLUDE_MODULE_CALLBACK;
|
|
|
2528
|
|
|
2529
|
|
|
2530 enum MODULE_WRITE_FLAGS {
|
|
|
2531 ModuleWriteModule = 0x0001,
|
|
|
2532 ModuleWriteDataSeg = 0x0002,
|
|
|
2533 ModuleWriteMiscRecord = 0x0004,
|
|
|
2534 ModuleWriteCvRecord = 0x0008,
|
|
|
2535 ModuleReferencedByMemory = 0x0010
|
|
|
2536 }
|
|
|
2537
|
|
|
2538 struct MINIDUMP_CALLBACK_INPUT {
|
|
|
2539 ULONG ProcessId;
|
|
|
2540 HANDLE ProcessHandle;
|
|
|
2541 ULONG CallbackType;
|
|
|
2542 union {
|
|
|
2543 MINIDUMP_THREAD_CALLBACK Thread;
|
|
|
2544 MINIDUMP_THREAD_EX_CALLBACK ThreadEx;
|
|
|
2545 MINIDUMP_MODULE_CALLBACK Module;
|
|
|
2546 MINIDUMP_INCLUDE_THREAD_CALLBACK IncludeThread;
|
|
|
2547 MINIDUMP_INCLUDE_MODULE_CALLBACK IncludeModule;
|
|
|
2548 };
|
|
|
2549 }
|
|
|
2550 alias MINIDUMP_CALLBACK_INPUT* PMINIDUMP_CALLBACK_INPUT;
|
|
|
2551
|
|
|
2552 struct MINIDUMP_CALLBACK_OUTPUT {
|
|
|
2553 union {
|
|
|
2554 ULONG ModuleWriteFlags;
|
|
|
2555 ULONG ThreadWriteFlags;
|
|
|
2556 };
|
|
|
2557 }
|
|
|
2558 alias MINIDUMP_CALLBACK_OUTPUT* PMINIDUMP_CALLBACK_OUTPUT;
|
|
|
2559
|
|
|
2560
|
|
|
2561 //
|
|
|
2562 // A normal minidump contains just the information
|
|
|
2563 // necessary to capture stack traces for all of the
|
|
|
2564 // existing threads in a process.
|
|
|
2565 //
|
|
|
2566 // A minidump with data segments includes all of the data
|
|
|
2567 // sections from loaded modules in order to capture
|
|
|
2568 // global variable contents. This can make the dump much
|
|
|
2569 // larger if many modules have global data.
|
|
|
2570 //
|
|
|
2571 // A minidump with full memory includes all of the accessible
|
|
|
2572 // memory in the process and can be very large. A minidump
|
|
|
2573 // with full memory always has the raw memory data at the end
|
|
|
2574 // of the dump so that the initial structures in the dump can
|
|
|
2575 // be mapped directly without having to include the raw
|
|
|
2576 // memory information.
|
|
|
2577 //
|
|
|
2578 // Stack and backing store memory can be filtered to remove
|
|
|
2579 // data unnecessary for stack walking. This can improve
|
|
|
2580 // compression of stacks and also deletes data that may
|
|
|
2581 // be private and should not be stored in a dump.
|
|
|
2582 // Memory can also be scanned to see what modules are
|
|
|
2583 // referenced by stack and backing store memory to allow
|
|
|
2584 // omission of other modules to reduce dump size.
|
|
|
2585 // In either of these modes the ModuleReferencedByMemory flag
|
|
|
2586 // is set for all modules referenced before the base
|
|
|
2587 // module callbacks occur.
|
|
|
2588 //
|
|
|
2589 // On some operating systems a list of modules that were
|
|
|
2590 // recently unloaded is kept in addition to the currently
|
|
|
2591 // loaded module list. This information can be saved in
|
|
|
2592 // the dump if desired.
|
|
|
2593 //
|
|
|
2594 // Stack and backing store memory can be scanned for referenced
|
|
|
2595 // pages in order to pick up data referenced by locals or other
|
|
|
2596 // stack memory. This can increase the size of a dump significantly.
|
|
|
2597 //
|
|
|
2598 // Module paths may contain undesired information such as user names
|
|
|
2599 // or other important directory names so they can be stripped. This
|
|
|
2600 // option reduces the ability to locate the proper image later
|
|
|
2601 // and should only be used in certain situations.
|
|
|
2602 //
|
|
|
2603 // Complete operating system per-process and per-thread information can
|
|
|
2604 // be gathered and stored in the dump.
|
|
|
2605 //
|
|
|
2606 // The virtual address space can be scanned for various types
|
|
|
2607 // of memory to be included in the dump.
|
|
|
2608 //
|
|
|
2609
|
|
|
2610
|
|
|
2611 enum MINIDUMP_TYPE {
|
|
|
2612 MiniDumpNormal = 0x0000,
|
|
|
2613 MiniDumpWithDataSegs = 0x0001,
|
|
|
2614 MiniDumpWithFullMemory = 0x0002,
|
|
|
2615 MiniDumpWithHandleData = 0x0004,
|
|
|
2616 MiniDumpFilterMemory = 0x0008,
|
|
|
2617 MiniDumpScanMemory = 0x0010,
|
|
|
2618 MiniDumpWithUnloadedModules = 0x0020,
|
|
|
2619 MiniDumpWithIndirectlyReferencedMemory = 0x0040,
|
|
|
2620 MiniDumpFilterModulePaths = 0x0080,
|
|
|
2621 MiniDumpWithProcessThreadData = 0x0100,
|
|
|
2622 MiniDumpWithPrivateReadWriteMemory = 0x0200,
|
|
|
2623 };
|
|
|
2624
|
|
|
2625
|
|
|
2626 //
|
|
|
2627 // The minidump callback should modify the FieldsToWrite parameter to reflect
|
|
|
2628 // what portions of the specified thread or module should be written to the
|
|
|
2629 // file.
|
|
|
2630 //
|
|
|
2631
|
|
|
2632
|
|
|
2633 alias BOOL function (
|
|
|
2634 PVOID CallbackParam,
|
|
|
2635 PMINIDUMP_CALLBACK_INPUT CallbackInput,
|
|
|
2636 PMINIDUMP_CALLBACK_OUTPUT CallbackOutput
|
|
|
2637 )
|
|
|
2638 MINIDUMP_CALLBACK_ROUTINE;
|
|
|
2639
|
|
|
2640 struct MINIDUMP_CALLBACK_INFORMATION {
|
|
|
2641 MINIDUMP_CALLBACK_ROUTINE CallbackRoutine;
|
|
|
2642 PVOID CallbackParam;
|
|
|
2643 }
|
|
|
2644 alias MINIDUMP_CALLBACK_INFORMATION* PMINIDUMP_CALLBACK_INFORMATION;
|
|
|
2645
|
|
|
2646 //
|
|
|
2647 //
|
|
|
2648 // PVOID
|
|
|
2649 // RVA_TO_ADDR(
|
|
|
2650 // PVOID Mapping,
|
|
|
2651 // ULONG Rva
|
|
|
2652 // )
|
|
|
2653 //
|
|
|
2654 // Routine Description:
|
|
|
2655 //
|
|
|
2656 // Map an RVA that is contained within a mapped file to it's associated
|
|
|
2657 // flat address.
|
|
|
2658 //
|
|
|
2659 // Arguments:
|
|
|
2660 //
|
|
|
2661 // Mapping - Base address of mapped file containing the RVA.
|
|
|
2662 //
|
|
|
2663 // Rva - An Rva to fixup.
|
|
|
2664 //
|
|
|
2665 // Return Values:
|
|
|
2666 //
|
|
|
2667 // A pointer to the desired data.
|
|
|
2668 //
|
|
|
2669 //--
|
|
|
2670
|
|
|
2671 //#define RVA_TO_ADDR(Mapping,Rva) ((PVOID)(((ULONG_PTR) (Mapping)) + (Rva)))
|
|
|
2672
|
|
|
2673 BOOL
|
|
|
2674 MiniDumpWriteDump(
|
|
|
2675 HANDLE hProcess,
|
|
|
2676 DWORD ProcessId,
|
|
|
2677 HANDLE hFile,
|
|
|
2678 MINIDUMP_TYPE DumpType,
|
|
|
2679 PMINIDUMP_EXCEPTION_INFORMATION ExceptionParam,
|
|
|
2680 PMINIDUMP_USER_STREAM_INFORMATION UserStreamParam,
|
|
|
2681 PMINIDUMP_CALLBACK_INFORMATION CallbackParam
|
|
|
2682 );
|
|
|
2683
|
|
|
2684 BOOL
|
|
|
2685 MiniDumpReadDumpStream(
|
|
|
2686 PVOID BaseOfDump,
|
|
|
2687 ULONG StreamNumber,
|
|
|
2688 PMINIDUMP_DIRECTORY * Dir,
|
|
|
2689 PVOID * StreamPointer,
|
|
|
2690 ULONG * StreamSize
|
|
|
2691 );
|
|
|
2692
|
|
|
2693 //#include <poppack.h>
|
|
|
2694
|
|
|
2695 }
|
|
|
2696
|
|
|
2697
|
|
|
2698 //#endif // _DBGHELP_
|
