You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2471 lines
65 KiB
2471 lines
65 KiB
// |
|
// |
|
// Copyright (c) 2002 Microsoft Corporation. All rights reserved. |
|
// |
|
// The use and distribution terms for this software are contained in the file |
|
// named license.txt, which can be found in the root of this distribution. |
|
// By using this software in any fashion, you are agreeing to be bound by the |
|
// terms of this license. |
|
// |
|
// You must not remove this notice, or any other, from this software. |
|
// |
|
// |
|
// ==--== |
|
/*++ BUILD Version: 0001 Increment this if a change has global effects |
|
|
|
Module Name: |
|
|
|
dbghelp.h |
|
|
|
Abstract: |
|
|
|
This module defines the prototypes and constants required for the image |
|
help routines. |
|
|
|
Contains debugging support routines that are redistributable. |
|
|
|
Revision History: |
|
|
|
--*/ |
|
|
|
#ifndef _DBGHELP_ |
|
#define _DBGHELP_ |
|
|
|
#if _MSC_VER > 1020 |
|
#pragma once |
|
#endif |
|
|
|
|
|
// As a general principal always call the 64 bit version |
|
// of every API, if a choice exists. The 64 bit version |
|
// works great on 32 bit platforms, and is forward |
|
// compatible to 64 bit platforms. |
|
|
|
|
|
|
|
#if __cplusplus |
|
extern "C" { |
|
#endif |
|
|
|
#if _IMAGEHLP_SOURCE_ |
|
#define IMAGEAPI __stdcall |
|
#define DBHLP_DEPRECIATED |
|
#else |
|
#define IMAGEAPI DECLSPEC_IMPORT __stdcall |
|
#define DBHLP_DEPRECIATED DECLSPEC_DEPRECATED |
|
#endif |
|
#define DBHLPAPI IMAGEAPI |
|
|
|
#define IMAGE_SEPARATION (64*1024) |
|
|
|
typedef struct _LOADED_IMAGE { |
|
PSTR ModuleName; |
|
HANDLE hFile; |
|
PUCHAR MappedAddress; |
|
#if _IMAGEHLP64 |
|
PIMAGE_NT_HEADERS64 FileHeader; |
|
#else |
|
PIMAGE_NT_HEADERS32 FileHeader; |
|
#endif |
|
PIMAGE_SECTION_HEADER LastRvaSection; |
|
ULONG NumberOfSections; |
|
PIMAGE_SECTION_HEADER Sections; |
|
ULONG Characteristics; |
|
BOOLEAN fSystemImage; |
|
BOOLEAN fDOSImage; |
|
LIST_ENTRY Links; |
|
ULONG SizeOfImage; |
|
} LOADED_IMAGE, *PLOADED_IMAGE; |
|
|
|
|
|
|
|
HANDLE |
|
IMAGEAPI |
|
FindDebugInfoFile ( |
|
PSTR FileName, |
|
PSTR SymbolPath, |
|
PSTR DebugFilePath |
|
); |
|
|
|
typedef BOOL |
|
(CALLBACK *PFIND_DEBUG_FILE_CALLBACK)( |
|
HANDLE FileHandle, |
|
PSTR FileName, |
|
PVOID CallerData |
|
); |
|
|
|
HANDLE |
|
IMAGEAPI |
|
FindDebugInfoFileEx ( |
|
PSTR FileName, |
|
PSTR SymbolPath, |
|
PSTR DebugFilePath, |
|
PFIND_DEBUG_FILE_CALLBACK Callback, |
|
PVOID CallerData |
|
); |
|
|
|
typedef BOOL |
|
(CALLBACK *PFINDFILEINPATHCALLBACK)( |
|
PSTR filename, |
|
PVOID context |
|
); |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymFindFileInPath( |
|
HANDLE hprocess, |
|
LPSTR SearchPath, |
|
LPSTR FileName, |
|
PVOID id, |
|
DWORD two, |
|
DWORD three, |
|
DWORD flags, |
|
LPSTR FilePath, |
|
PFINDFILEINPATHCALLBACK callback, |
|
PVOID context |
|
); |
|
|
|
HANDLE |
|
IMAGEAPI |
|
FindExecutableImage( |
|
PSTR FileName, |
|
PSTR SymbolPath, |
|
PSTR ImageFilePath |
|
); |
|
|
|
typedef BOOL |
|
(CALLBACK *PFIND_EXE_FILE_CALLBACK)( |
|
HANDLE FileHandle, |
|
PSTR FileName, |
|
PVOID CallerData |
|
); |
|
|
|
HANDLE |
|
IMAGEAPI |
|
FindExecutableImageEx( |
|
PSTR FileName, |
|
PSTR SymbolPath, |
|
PSTR ImageFilePath, |
|
PFIND_EXE_FILE_CALLBACK Callback, |
|
PVOID CallerData |
|
); |
|
|
|
PIMAGE_NT_HEADERS |
|
IMAGEAPI |
|
ImageNtHeader ( |
|
IN PVOID Base |
|
); |
|
|
|
PVOID |
|
IMAGEAPI |
|
ImageDirectoryEntryToDataEx ( |
|
IN PVOID Base, |
|
IN BOOLEAN MappedAsImage, |
|
IN USHORT DirectoryEntry, |
|
OUT PULONG Size, |
|
OUT PIMAGE_SECTION_HEADER *FoundHeader OPTIONAL |
|
); |
|
|
|
PVOID |
|
IMAGEAPI |
|
ImageDirectoryEntryToData ( |
|
IN PVOID Base, |
|
IN BOOLEAN MappedAsImage, |
|
IN USHORT DirectoryEntry, |
|
OUT PULONG Size |
|
); |
|
|
|
PIMAGE_SECTION_HEADER |
|
IMAGEAPI |
|
ImageRvaToSection( |
|
IN PIMAGE_NT_HEADERS NtHeaders, |
|
IN PVOID Base, |
|
IN ULONG Rva |
|
); |
|
|
|
PVOID |
|
IMAGEAPI |
|
ImageRvaToVa( |
|
IN PIMAGE_NT_HEADERS NtHeaders, |
|
IN PVOID Base, |
|
IN ULONG Rva, |
|
IN OUT PIMAGE_SECTION_HEADER *LastRvaSection |
|
); |
|
|
|
// Symbol server exports |
|
|
|
typedef BOOL (*PSYMBOLSERVERPROC)(LPCSTR, LPCSTR, PVOID, DWORD, DWORD, LPSTR); |
|
typedef BOOL (*PSYMBOLSERVEROPENPROC)(VOID); |
|
typedef BOOL (*PSYMBOLSERVERCLOSEPROC)(VOID); |
|
typedef BOOL (*PSYMBOLSERVERSETOPTIONSPROC)(UINT_PTR, ULONG64); |
|
typedef BOOL (CALLBACK *PSYMBOLSERVERCALLBACKPROC)(UINT_PTR action, ULONG64 data, ULONG64 context); |
|
typedef UINT_PTR (*PSYMBOLSERVERGETOPTIONSPROC)(); |
|
|
|
#define SSRVOPT_CALLBACK 0x01 |
|
#define SSRVOPT_DWORD 0x02 |
|
#define SSRVOPT_DWORDPTR 0x04 |
|
#define SSRVOPT_GUIDPTR 0x08 |
|
#define SSRVOPT_OLDGUIDPTR 0x10 |
|
#define SSRVOPT_UNATTENDED 0x20 |
|
#define SSRVOPT_NOCOPY 0x40 |
|
#define SSRVOPT_PARENTWIN 0x80 |
|
#define SSRVOPT_RESET ((ULONG_PTR)-1) |
|
|
|
#define SSRVACTION_TRACE 1 |
|
|
|
|
|
|
|
typedef struct _IMAGE_DEBUG_INFORMATION { |
|
LIST_ENTRY List; |
|
DWORD ReservedSize; |
|
PVOID ReservedMappedBase; |
|
USHORT ReservedMachine; |
|
USHORT ReservedCharacteristics; |
|
DWORD ReservedCheckSum; |
|
DWORD ImageBase; |
|
DWORD SizeOfImage; |
|
|
|
DWORD ReservedNumberOfSections; |
|
PIMAGE_SECTION_HEADER ReservedSections; |
|
|
|
DWORD ReservedExportedNamesSize; |
|
PSTR ReservedExportedNames; |
|
|
|
DWORD ReservedNumberOfFunctionTableEntries; |
|
PIMAGE_FUNCTION_ENTRY ReservedFunctionTableEntries; |
|
DWORD ReservedLowestFunctionStartingAddress; |
|
DWORD ReservedHighestFunctionEndingAddress; |
|
|
|
DWORD ReservedNumberOfFpoTableEntries; |
|
PFPO_DATA ReservedFpoTableEntries; |
|
|
|
DWORD SizeOfCoffSymbols; |
|
PIMAGE_COFF_SYMBOLS_HEADER CoffSymbols; |
|
|
|
DWORD ReservedSizeOfCodeViewSymbols; |
|
PVOID ReservedCodeViewSymbols; |
|
|
|
PSTR ImageFilePath; |
|
PSTR ImageFileName; |
|
PSTR ReservedDebugFilePath; |
|
|
|
DWORD ReservedTimeDateStamp; |
|
|
|
BOOL ReservedRomImage; |
|
PIMAGE_DEBUG_DIRECTORY ReservedDebugDirectory; |
|
DWORD ReservedNumberOfDebugDirectories; |
|
|
|
DWORD ReservedOriginalFunctionTableBaseAddress; |
|
|
|
DWORD Reserved[ 2 ]; |
|
|
|
} IMAGE_DEBUG_INFORMATION, *PIMAGE_DEBUG_INFORMATION; |
|
|
|
|
|
PIMAGE_DEBUG_INFORMATION |
|
IMAGEAPI |
|
MapDebugInformation( |
|
HANDLE FileHandle, |
|
PSTR FileName, |
|
PSTR SymbolPath, |
|
DWORD ImageBase |
|
); |
|
|
|
BOOL |
|
IMAGEAPI |
|
UnmapDebugInformation( |
|
PIMAGE_DEBUG_INFORMATION DebugInfo |
|
); |
|
|
|
|
|
BOOL |
|
IMAGEAPI |
|
SearchTreeForFile( |
|
PSTR RootPath, |
|
PSTR InputPathName, |
|
PSTR OutputPathBuffer |
|
); |
|
|
|
BOOL |
|
IMAGEAPI |
|
MakeSureDirectoryPathExists( |
|
PCSTR DirPath |
|
); |
|
|
|
// |
|
// UnDecorateSymbolName Flags |
|
// |
|
|
|
#define UNDNAME_COMPLETE (0x0000) // Enable full undecoration |
|
#define UNDNAME_NO_LEADING_UNDERSCORES (0x0001) // Remove leading underscores from MS extended keywords |
|
#define UNDNAME_NO_MS_KEYWORDS (0x0002) // Disable expansion of MS extended keywords |
|
#define UNDNAME_NO_FUNCTION_RETURNS (0x0004) // Disable expansion of return type for primary declaration |
|
#define UNDNAME_NO_ALLOCATION_MODEL (0x0008) // Disable expansion of the declaration model |
|
#define UNDNAME_NO_ALLOCATION_LANGUAGE (0x0010) // Disable expansion of the declaration language specifier |
|
#define UNDNAME_NO_MS_THISTYPE (0x0020) // NYI Disable expansion of MS keywords on the 'this' type for primary declaration |
|
#define UNDNAME_NO_CV_THISTYPE (0x0040) // NYI Disable expansion of CV modifiers on the 'this' type for primary declaration |
|
#define UNDNAME_NO_THISTYPE (0x0060) // Disable all modifiers on the 'this' type |
|
#define UNDNAME_NO_ACCESS_SPECIFIERS (0x0080) // Disable expansion of access specifiers for members |
|
#define UNDNAME_NO_THROW_SIGNATURES (0x0100) // Disable expansion of 'throw-signatures' for functions and pointers to functions |
|
#define UNDNAME_NO_MEMBER_TYPE (0x0200) // Disable expansion of 'static' or 'virtual'ness of members |
|
#define UNDNAME_NO_RETURN_UDT_MODEL (0x0400) // Disable expansion of MS model for UDT returns |
|
#define UNDNAME_32_BIT_DECODE (0x0800) // Undecorate 32-bit decorated names |
|
#define UNDNAME_NAME_ONLY (0x1000) // Crack only the name for primary declaration; |
|
// return just [scope::]name. Does expand template params |
|
#define UNDNAME_NO_ARGUMENTS (0x2000) // Don't undecorate arguments to function |
|
#define UNDNAME_NO_SPECIAL_SYMS (0x4000) // Don't undecorate special names (v-table, vcall, vector xxx, metatype, etc) |
|
|
|
DWORD |
|
IMAGEAPI |
|
WINAPI |
|
UnDecorateSymbolName( |
|
PCSTR DecoratedName, // Name to undecorate |
|
PSTR UnDecoratedName, // If NULL, it will be allocated |
|
DWORD UndecoratedLength, // The maximym length |
|
DWORD Flags // See above. |
|
); |
|
|
|
|
|
// |
|
// these values are used for synthesized file types |
|
// that can be passed in as image headers instead of |
|
// the standard ones from ntimage.h |
|
// |
|
|
|
#define DBHHEADER_DEBUGDIRS 0x1 |
|
|
|
typedef struct _DBGHELP_MODLOAD_DATA { |
|
DWORD ssize; // size of this struct |
|
DWORD ssig; // signature identifying the passed data |
|
PVOID data; // pointer to passed data |
|
DWORD size; // size of passed data |
|
DWORD flags; // options |
|
} MODLOAD_DATA, *PMODLOAD_DATA; |
|
|
|
// |
|
// StackWalking API |
|
// |
|
|
|
typedef enum { |
|
AddrMode1616, |
|
AddrMode1632, |
|
AddrModeReal, |
|
AddrModeFlat |
|
} ADDRESS_MODE; |
|
|
|
typedef struct _tagADDRESS64 { |
|
DWORD64 Offset; |
|
WORD Segment; |
|
ADDRESS_MODE Mode; |
|
} ADDRESS64, *LPADDRESS64; |
|
|
|
#if !_IMAGEHLP_SOURCE_ && _IMAGEHLP64 |
|
#define ADDRESS ADDRESS64 |
|
#define LPADDRESS LPADDRESS64 |
|
#else |
|
typedef struct _tagADDRESS { |
|
DWORD Offset; |
|
WORD Segment; |
|
ADDRESS_MODE Mode; |
|
} ADDRESS, *LPADDRESS; |
|
|
|
__inline |
|
void |
|
Address32To64( |
|
LPADDRESS a32, |
|
LPADDRESS64 a64 |
|
) |
|
{ |
|
a64->Offset = (ULONG64)(LONG64)(LONG)a32->Offset; |
|
a64->Segment = a32->Segment; |
|
a64->Mode = a32->Mode; |
|
} |
|
|
|
__inline |
|
void |
|
Address64To32( |
|
LPADDRESS64 a64, |
|
LPADDRESS a32 |
|
) |
|
{ |
|
a32->Offset = (ULONG)a64->Offset; |
|
a32->Segment = a64->Segment; |
|
a32->Mode = a64->Mode; |
|
} |
|
#endif |
|
|
|
// |
|
// This structure is included in the STACKFRAME structure, |
|
// and is used to trace through usermode callbacks in a thread's |
|
// kernel stack. The values must be copied by the kernel debugger |
|
// from the DBGKD_GET_VERSION and WAIT_STATE_CHANGE packets. |
|
// |
|
|
|
// |
|
// New KDHELP structure for 64 bit system support. |
|
// This structure is preferred in new code. |
|
// |
|
typedef struct _KDHELP64 { |
|
|
|
// |
|
// address of kernel thread object, as provided in the |
|
// WAIT_STATE_CHANGE packet. |
|
// |
|
DWORD64 Thread; |
|
|
|
// |
|
// offset in thread object to pointer to the current callback frame |
|
// in kernel stack. |
|
// |
|
DWORD ThCallbackStack; |
|
|
|
// |
|
// offset in thread object to pointer to the current callback backing |
|
// store frame in kernel stack. |
|
// |
|
DWORD ThCallbackBStore; |
|
|
|
// |
|
// offsets to values in frame: |
|
// |
|
// address of next callback frame |
|
DWORD NextCallback; |
|
|
|
// address of saved frame pointer (if applicable) |
|
DWORD FramePointer; |
|
|
|
|
|
// |
|
// Address of the kernel function that calls out to user mode |
|
// |
|
DWORD64 KiCallUserMode; |
|
|
|
// |
|
// Address of the user mode dispatcher function |
|
// |
|
DWORD64 KeUserCallbackDispatcher; |
|
|
|
// |
|
// Lowest kernel mode address |
|
// |
|
DWORD64 SystemRangeStart; |
|
|
|
DWORD64 Reserved[8]; |
|
|
|
} KDHELP64, *PKDHELP64; |
|
|
|
#if !_IMAGEHLP_SOURCE_ && _IMAGEHLP64 |
|
#define KDHELP KDHELP64 |
|
#define PKDHELP PKDHELP64 |
|
#else |
|
typedef struct _KDHELP { |
|
|
|
// |
|
// address of kernel thread object, as provided in the |
|
// WAIT_STATE_CHANGE packet. |
|
// |
|
DWORD Thread; |
|
|
|
// |
|
// offset in thread object to pointer to the current callback frame |
|
// in kernel stack. |
|
// |
|
DWORD ThCallbackStack; |
|
|
|
// |
|
// offsets to values in frame: |
|
// |
|
// address of next callback frame |
|
DWORD NextCallback; |
|
|
|
// address of saved frame pointer (if applicable) |
|
DWORD FramePointer; |
|
|
|
// |
|
// Address of the kernel function that calls out to user mode |
|
// |
|
DWORD KiCallUserMode; |
|
|
|
// |
|
// Address of the user mode dispatcher function |
|
// |
|
DWORD KeUserCallbackDispatcher; |
|
|
|
// |
|
// Lowest kernel mode address |
|
// |
|
DWORD SystemRangeStart; |
|
|
|
// |
|
// offset in thread object to pointer to the current callback backing |
|
// store frame in kernel stack. |
|
// |
|
DWORD ThCallbackBStore; |
|
|
|
DWORD Reserved[8]; |
|
|
|
} KDHELP, *PKDHELP; |
|
|
|
__inline |
|
void |
|
KdHelp32To64( |
|
PKDHELP p32, |
|
PKDHELP64 p64 |
|
) |
|
{ |
|
p64->Thread = p32->Thread; |
|
p64->ThCallbackStack = p32->ThCallbackStack; |
|
p64->NextCallback = p32->NextCallback; |
|
p64->FramePointer = p32->FramePointer; |
|
p64->KiCallUserMode = p32->KiCallUserMode; |
|
p64->KeUserCallbackDispatcher = p32->KeUserCallbackDispatcher; |
|
p64->SystemRangeStart = p32->SystemRangeStart; |
|
} |
|
#endif |
|
|
|
typedef struct _tagSTACKFRAME64 { |
|
ADDRESS64 AddrPC; // program counter |
|
ADDRESS64 AddrReturn; // return address |
|
ADDRESS64 AddrFrame; // frame pointer |
|
ADDRESS64 AddrStack; // stack pointer |
|
ADDRESS64 AddrBStore; // backing store pointer |
|
PVOID FuncTableEntry; // pointer to pdata/fpo or NULL |
|
DWORD64 Params[4]; // possible arguments to the function |
|
BOOL Far; // WOW far call |
|
BOOL Virtual; // is this a virtual frame? |
|
DWORD64 Reserved[3]; |
|
KDHELP64 KdHelp; |
|
} STACKFRAME64, *LPSTACKFRAME64; |
|
|
|
#if !_IMAGEHLP_SOURCE_ && _IMAGEHLP64 |
|
#define STACKFRAME STACKFRAME64 |
|
#define LPSTACKFRAME LPSTACKFRAME64 |
|
#else |
|
typedef struct _tagSTACKFRAME { |
|
ADDRESS AddrPC; // program counter |
|
ADDRESS AddrReturn; // return address |
|
ADDRESS AddrFrame; // frame pointer |
|
ADDRESS AddrStack; // stack pointer |
|
PVOID FuncTableEntry; // pointer to pdata/fpo or NULL |
|
DWORD Params[4]; // possible arguments to the function |
|
BOOL Far; // WOW far call |
|
BOOL Virtual; // is this a virtual frame? |
|
DWORD Reserved[3]; |
|
KDHELP KdHelp; |
|
ADDRESS AddrBStore; // backing store pointer |
|
} STACKFRAME, *LPSTACKFRAME; |
|
#endif |
|
|
|
|
|
typedef |
|
BOOL |
|
(__stdcall *PREAD_PROCESS_MEMORY_ROUTINE64)( |
|
HANDLE hProcess, |
|
DWORD64 qwBaseAddress, |
|
PVOID lpBuffer, |
|
DWORD nSize, |
|
LPDWORD lpNumberOfBytesRead |
|
); |
|
|
|
typedef |
|
PVOID |
|
(__stdcall *PFUNCTION_TABLE_ACCESS_ROUTINE64)( |
|
HANDLE hProcess, |
|
DWORD64 AddrBase |
|
); |
|
|
|
typedef |
|
DWORD64 |
|
(__stdcall *PGET_MODULE_BASE_ROUTINE64)( |
|
HANDLE hProcess, |
|
DWORD64 Address |
|
); |
|
|
|
typedef |
|
DWORD64 |
|
(__stdcall *PTRANSLATE_ADDRESS_ROUTINE64)( |
|
HANDLE hProcess, |
|
HANDLE hThread, |
|
LPADDRESS64 lpaddr |
|
); |
|
|
|
BOOL |
|
IMAGEAPI |
|
StackWalk64( |
|
DWORD MachineType, |
|
HANDLE hProcess, |
|
HANDLE hThread, |
|
LPSTACKFRAME64 StackFrame, |
|
PVOID ContextRecord, |
|
PREAD_PROCESS_MEMORY_ROUTINE64 ReadMemoryRoutine, |
|
PFUNCTION_TABLE_ACCESS_ROUTINE64 FunctionTableAccessRoutine, |
|
PGET_MODULE_BASE_ROUTINE64 GetModuleBaseRoutine, |
|
PTRANSLATE_ADDRESS_ROUTINE64 TranslateAddress |
|
); |
|
|
|
#if !_IMAGEHLP_SOURCE_ && _IMAGEHLP64 |
|
|
|
#define PREAD_PROCESS_MEMORY_ROUTINE PREAD_PROCESS_MEMORY_ROUTINE64 |
|
#define PFUNCTION_TABLE_ACCESS_ROUTINE PFUNCTION_TABLE_ACCESS_ROUTINE64 |
|
#define PGET_MODULE_BASE_ROUTINE PGET_MODULE_BASE_ROUTINE64 |
|
#define PTRANSLATE_ADDRESS_ROUTINE PTRANSLATE_ADDRESS_ROUTINE64 |
|
|
|
#define StackWalk StackWalk64 |
|
|
|
#else |
|
|
|
typedef |
|
BOOL |
|
(__stdcall *PREAD_PROCESS_MEMORY_ROUTINE)( |
|
HANDLE hProcess, |
|
DWORD lpBaseAddress, |
|
PVOID lpBuffer, |
|
DWORD nSize, |
|
PDWORD lpNumberOfBytesRead |
|
); |
|
|
|
typedef |
|
PVOID |
|
(__stdcall *PFUNCTION_TABLE_ACCESS_ROUTINE)( |
|
HANDLE hProcess, |
|
DWORD AddrBase |
|
); |
|
|
|
typedef |
|
DWORD |
|
(__stdcall *PGET_MODULE_BASE_ROUTINE)( |
|
HANDLE hProcess, |
|
DWORD Address |
|
); |
|
|
|
typedef |
|
DWORD |
|
(__stdcall *PTRANSLATE_ADDRESS_ROUTINE)( |
|
HANDLE hProcess, |
|
HANDLE hThread, |
|
LPADDRESS lpaddr |
|
); |
|
|
|
BOOL |
|
IMAGEAPI |
|
StackWalk( |
|
DWORD MachineType, |
|
HANDLE hProcess, |
|
HANDLE hThread, |
|
LPSTACKFRAME StackFrame, |
|
PVOID ContextRecord, |
|
PREAD_PROCESS_MEMORY_ROUTINE ReadMemoryRoutine, |
|
PFUNCTION_TABLE_ACCESS_ROUTINE FunctionTableAccessRoutine, |
|
PGET_MODULE_BASE_ROUTINE GetModuleBaseRoutine, |
|
PTRANSLATE_ADDRESS_ROUTINE TranslateAddress |
|
); |
|
|
|
#endif |
|
|
|
|
|
#define API_VERSION_NUMBER 9 |
|
|
|
typedef struct API_VERSION { |
|
USHORT MajorVersion; |
|
USHORT MinorVersion; |
|
USHORT Revision; |
|
USHORT Reserved; |
|
} API_VERSION, *LPAPI_VERSION; |
|
|
|
LPAPI_VERSION |
|
IMAGEAPI |
|
ImagehlpApiVersion( |
|
VOID |
|
); |
|
|
|
LPAPI_VERSION |
|
IMAGEAPI |
|
ImagehlpApiVersionEx( |
|
LPAPI_VERSION AppVersion |
|
); |
|
|
|
DWORD |
|
IMAGEAPI |
|
GetTimestampForLoadedLibrary( |
|
HMODULE Module |
|
); |
|
|
|
// |
|
// typedefs for function pointers |
|
// |
|
typedef BOOL |
|
(CALLBACK *PSYM_ENUMMODULES_CALLBACK64)( |
|
PSTR ModuleName, |
|
DWORD64 BaseOfDll, |
|
PVOID UserContext |
|
); |
|
|
|
typedef BOOL |
|
(CALLBACK *PSYM_ENUMSYMBOLS_CALLBACK64)( |
|
PSTR SymbolName, |
|
DWORD64 SymbolAddress, |
|
ULONG SymbolSize, |
|
PVOID UserContext |
|
); |
|
|
|
typedef BOOL |
|
(CALLBACK *PSYM_ENUMSYMBOLS_CALLBACK64W)( |
|
PWSTR SymbolName, |
|
DWORD64 SymbolAddress, |
|
ULONG SymbolSize, |
|
PVOID UserContext |
|
); |
|
|
|
typedef BOOL |
|
(CALLBACK *PENUMLOADED_MODULES_CALLBACK64)( |
|
PSTR ModuleName, |
|
DWORD64 ModuleBase, |
|
ULONG ModuleSize, |
|
PVOID UserContext |
|
); |
|
|
|
typedef BOOL |
|
(CALLBACK *PSYMBOL_REGISTERED_CALLBACK64)( |
|
HANDLE hProcess, |
|
ULONG ActionCode, |
|
ULONG64 CallbackData, |
|
ULONG64 UserContext |
|
); |
|
|
|
typedef |
|
PVOID |
|
(CALLBACK *PSYMBOL_FUNCENTRY_CALLBACK)( |
|
HANDLE hProcess, |
|
DWORD AddrBase, |
|
PVOID UserContext |
|
); |
|
|
|
typedef |
|
PVOID |
|
(CALLBACK *PSYMBOL_FUNCENTRY_CALLBACK64)( |
|
HANDLE hProcess, |
|
ULONG64 AddrBase, |
|
ULONG64 UserContext |
|
); |
|
|
|
#if !_IMAGEHLP_SOURCE_ && _IMAGEHLP64 |
|
|
|
#define PSYM_ENUMMODULES_CALLBACK PSYM_ENUMMODULES_CALLBACK64 |
|
#define PSYM_ENUMSYMBOLS_CALLBACK PSYM_ENUMSYMBOLS_CALLBACK64 |
|
#define PSYM_ENUMSYMBOLS_CALLBACKW PSYM_ENUMSYMBOLS_CALLBACK64W |
|
#define PENUMLOADED_MODULES_CALLBACK PENUMLOADED_MODULES_CALLBACK64 |
|
#define PSYMBOL_REGISTERED_CALLBACK PSYMBOL_REGISTERED_CALLBACK64 |
|
#define PSYMBOL_FUNCENTRY_CALLBACK PSYMBOL_FUNCENTRY_CALLBACK64 |
|
|
|
#else |
|
|
|
typedef BOOL |
|
(CALLBACK *PSYM_ENUMMODULES_CALLBACK)( |
|
PSTR ModuleName, |
|
ULONG BaseOfDll, |
|
PVOID UserContext |
|
); |
|
|
|
typedef BOOL |
|
(CALLBACK *PSYM_ENUMSYMBOLS_CALLBACK)( |
|
PSTR SymbolName, |
|
ULONG SymbolAddress, |
|
ULONG SymbolSize, |
|
PVOID UserContext |
|
); |
|
|
|
typedef BOOL |
|
(CALLBACK *PSYM_ENUMSYMBOLS_CALLBACKW)( |
|
PWSTR SymbolName, |
|
ULONG SymbolAddress, |
|
ULONG SymbolSize, |
|
PVOID UserContext |
|
); |
|
|
|
typedef BOOL |
|
(CALLBACK *PENUMLOADED_MODULES_CALLBACK)( |
|
PSTR ModuleName, |
|
ULONG ModuleBase, |
|
ULONG ModuleSize, |
|
PVOID UserContext |
|
); |
|
|
|
typedef BOOL |
|
(CALLBACK *PSYMBOL_REGISTERED_CALLBACK)( |
|
HANDLE hProcess, |
|
ULONG ActionCode, |
|
PVOID CallbackData, |
|
PVOID UserContext |
|
); |
|
|
|
#endif |
|
|
|
|
|
// |
|
// symbol flags |
|
// |
|
|
|
#define SYMF_OMAP_GENERATED 0x00000001 |
|
#define SYMF_OMAP_MODIFIED 0x00000002 |
|
#ifndef _DBGHELP_USER_GENERATED_SYMBOLS_NOTSUPPORTED |
|
#define SYMF_USER_GENERATED 0x00000004 |
|
#endif // !_DBGHELP_USER_GENERATED_SYMBOLS_NOTSUPPORTED |
|
#define SYMF_REGISTER 0x00000008 |
|
#define SYMF_REGREL 0x00000010 |
|
#define SYMF_FRAMEREL 0x00000020 |
|
#define SYMF_PARAMETER 0x00000040 |
|
#define SYMF_LOCAL 0x00000080 |
|
#define SYMF_CONSTANT 0x00000100 |
|
#define SYMF_EXPORT 0x00000200 |
|
#define SYMF_FORWARDER 0x00000400 |
|
#define SYMF_FUNCTION 0x00000800 |
|
#define SYMF_VIRTUAL 0x00001000 |
|
// |
|
// symbol type enumeration |
|
// |
|
typedef enum { |
|
SymNone = 0, |
|
SymCoff, |
|
SymCv, |
|
SymPdb, |
|
SymExport, |
|
SymDeferred, |
|
SymSym, // .sym file |
|
SymDia, |
|
NumSymTypes |
|
} SYM_TYPE; |
|
|
|
// |
|
// symbol data structure |
|
// |
|
|
|
typedef struct _IMAGEHLP_SYMBOL64 { |
|
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_SYMBOL64) |
|
DWORD64 Address; // virtual address including dll base address |
|
DWORD Size; // estimated size of symbol, can be zero |
|
DWORD Flags; // info about the symbols, see the SYMF defines |
|
DWORD MaxNameLength; // maximum size of symbol name in 'Name' |
|
CHAR Name[1]; // symbol name (null terminated string) |
|
} IMAGEHLP_SYMBOL64, *PIMAGEHLP_SYMBOL64; |
|
|
|
#if !_IMAGEHLP_SOURCE_ && _IMAGEHLP64 |
|
#define IMAGEHLP_SYMBOL IMAGEHLP_SYMBOL64 |
|
#define PIMAGEHLP_SYMBOL PIMAGEHLP_SYMBOL64 |
|
#else |
|
typedef struct _IMAGEHLP_SYMBOL { |
|
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_SYMBOL) |
|
DWORD Address; // virtual address including dll base address |
|
DWORD Size; // estimated size of symbol, can be zero |
|
DWORD Flags; // info about the symbols, see the SYMF defines |
|
DWORD MaxNameLength; // maximum size of symbol name in 'Name' |
|
CHAR Name[1]; // symbol name (null terminated string) |
|
} IMAGEHLP_SYMBOL, *PIMAGEHLP_SYMBOL; |
|
#endif |
|
|
|
// |
|
// module data structure |
|
// |
|
|
|
typedef struct _IMAGEHLP_MODULE64 { |
|
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE64) |
|
DWORD64 BaseOfImage; // base load address of module |
|
DWORD ImageSize; // virtual size of the loaded module |
|
DWORD TimeDateStamp; // date/time stamp from pe header |
|
DWORD CheckSum; // checksum from the pe header |
|
DWORD NumSyms; // number of symbols in the symbol table |
|
SYM_TYPE SymType; // type of symbols loaded |
|
CHAR ModuleName[32]; // module name |
|
CHAR ImageName[256]; // image name |
|
CHAR LoadedImageName[256]; // symbol file name |
|
} IMAGEHLP_MODULE64, *PIMAGEHLP_MODULE64; |
|
|
|
typedef struct _IMAGEHLP_MODULE64W { |
|
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE64) |
|
DWORD64 BaseOfImage; // base load address of module |
|
DWORD ImageSize; // virtual size of the loaded module |
|
DWORD TimeDateStamp; // date/time stamp from pe header |
|
DWORD CheckSum; // checksum from the pe header |
|
DWORD NumSyms; // number of symbols in the symbol table |
|
SYM_TYPE SymType; // type of symbols loaded |
|
WCHAR ModuleName[32]; // module name |
|
WCHAR ImageName[256]; // image name |
|
WCHAR LoadedImageName[256]; // symbol file name |
|
} IMAGEHLP_MODULEW64, *PIMAGEHLP_MODULEW64; |
|
|
|
#if !_IMAGEHLP_SOURCE_ && _IMAGEHLP64 |
|
#define IMAGEHLP_MODULE IMAGEHLP_MODULE64 |
|
#define PIMAGEHLP_MODULE PIMAGEHLP_MODULE64 |
|
#define IMAGEHLP_MODULEW IMAGEHLP_MODULEW64 |
|
#define PIMAGEHLP_MODULEW PIMAGEHLP_MODULEW64 |
|
#else |
|
typedef struct _IMAGEHLP_MODULE { |
|
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE) |
|
DWORD BaseOfImage; // base load address of module |
|
DWORD ImageSize; // virtual size of the loaded module |
|
DWORD TimeDateStamp; // date/time stamp from pe header |
|
DWORD CheckSum; // checksum from the pe header |
|
DWORD NumSyms; // number of symbols in the symbol table |
|
SYM_TYPE SymType; // type of symbols loaded |
|
CHAR ModuleName[32]; // module name |
|
CHAR ImageName[256]; // image name |
|
CHAR LoadedImageName[256]; // symbol file name |
|
} IMAGEHLP_MODULE, *PIMAGEHLP_MODULE; |
|
|
|
typedef struct _IMAGEHLP_MODULEW { |
|
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE) |
|
DWORD BaseOfImage; // base load address of module |
|
DWORD ImageSize; // virtual size of the loaded module |
|
DWORD TimeDateStamp; // date/time stamp from pe header |
|
DWORD CheckSum; // checksum from the pe header |
|
DWORD NumSyms; // number of symbols in the symbol table |
|
SYM_TYPE SymType; // type of symbols loaded |
|
WCHAR ModuleName[32]; // module name |
|
WCHAR ImageName[256]; // image name |
|
WCHAR LoadedImageName[256]; // symbol file name |
|
} IMAGEHLP_MODULEW, *PIMAGEHLP_MODULEW; |
|
#endif |
|
|
|
// |
|
// source file line data structure |
|
// |
|
|
|
typedef struct _IMAGEHLP_LINE64 { |
|
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_LINE64) |
|
PVOID Key; // internal |
|
DWORD LineNumber; // line number in file |
|
PCHAR FileName; // full filename |
|
DWORD64 Address; // first instruction of line |
|
} IMAGEHLP_LINE64, *PIMAGEHLP_LINE64; |
|
|
|
#if !_IMAGEHLP_SOURCE_ && _IMAGEHLP64 |
|
#define IMAGEHLP_LINE IMAGEHLP_LINE64 |
|
#define PIMAGEHLP_LINE PIMAGEHLP_LINE64 |
|
#else |
|
typedef struct _IMAGEHLP_LINE { |
|
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_LINE) |
|
PVOID Key; // internal |
|
DWORD LineNumber; // line number in file |
|
PCHAR FileName; // full filename |
|
DWORD Address; // first instruction of line |
|
} IMAGEHLP_LINE, *PIMAGEHLP_LINE; |
|
#endif |
|
|
|
// |
|
// source file structure |
|
// |
|
|
|
typedef struct _SOURCEFILE { |
|
DWORD64 ModBase; // base address of loaded module |
|
PCHAR FileName; // full filename of source |
|
} SOURCEFILE, *PSOURCEFILE; |
|
|
|
// |
|
// data structures used for registered symbol callbacks |
|
// |
|
|
|
#define CBA_DEFERRED_SYMBOL_LOAD_START 0x00000001 |
|
#define CBA_DEFERRED_SYMBOL_LOAD_COMPLETE 0x00000002 |
|
#define CBA_DEFERRED_SYMBOL_LOAD_FAILURE 0x00000003 |
|
#define CBA_SYMBOLS_UNLOADED 0x00000004 |
|
#define CBA_DUPLICATE_SYMBOL 0x00000005 |
|
#define CBA_READ_MEMORY 0x00000006 |
|
#define CBA_DEFERRED_SYMBOL_LOAD_CANCEL 0x00000007 |
|
#define CBA_SET_OPTIONS 0x00000008 |
|
#define CBA_EVENT 0x00000010 |
|
#define CBA_DEBUG_INFO 0x10000000 |
|
|
|
typedef struct _IMAGEHLP_CBA_READ_MEMORY { |
|
DWORD64 addr; // address to read from |
|
PVOID buf; // buffer to read to |
|
DWORD bytes; // amount of bytes to read |
|
DWORD *bytesread; // pointer to store amount of bytes read |
|
} IMAGEHLP_CBA_READ_MEMORY, *PIMAGEHLP_CBA_READ_MEMORY; |
|
|
|
enum { |
|
sevInfo = 0, |
|
sevProblem, |
|
sevAttn, |
|
sevFatal, |
|
sevMax // unused |
|
}; |
|
|
|
typedef struct _IMAGEHLP_CBA_EVENT { |
|
DWORD severity; // values from sevInfo to sevFatal |
|
DWORD code; // numerical code IDs the error |
|
PCHAR desc; // may contain a text description of the error |
|
PVOID object; // value dependant upon the error code |
|
} IMAGEHLP_CBA_EVENT, *PIMAGEHLP_CBA_EVENT; |
|
|
|
typedef struct _IMAGEHLP_DEFERRED_SYMBOL_LOAD64 { |
|
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DEFERRED_SYMBOL_LOAD64) |
|
DWORD64 BaseOfImage; // base load address of module |
|
DWORD CheckSum; // checksum from the pe header |
|
DWORD TimeDateStamp; // date/time stamp from pe header |
|
CHAR FileName[MAX_PATH]; // symbols file or image name |
|
BOOLEAN Reparse; // load failure reparse |
|
} IMAGEHLP_DEFERRED_SYMBOL_LOAD64, *PIMAGEHLP_DEFERRED_SYMBOL_LOAD64; |
|
|
|
#if !_IMAGEHLP_SOURCE_ && _IMAGEHLP64 |
|
#define IMAGEHLP_DEFERRED_SYMBOL_LOAD IMAGEHLP_DEFERRED_SYMBOL_LOAD64 |
|
#define PIMAGEHLP_DEFERRED_SYMBOL_LOAD PIMAGEHLP_DEFERRED_SYMBOL_LOAD64 |
|
#else |
|
typedef struct _IMAGEHLP_DEFERRED_SYMBOL_LOAD { |
|
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DEFERRED_SYMBOL_LOAD) |
|
DWORD BaseOfImage; // base load address of module |
|
DWORD CheckSum; // checksum from the pe header |
|
DWORD TimeDateStamp; // date/time stamp from pe header |
|
CHAR FileName[MAX_PATH]; // symbols file or image name |
|
BOOLEAN Reparse; // load failure reparse |
|
} IMAGEHLP_DEFERRED_SYMBOL_LOAD, *PIMAGEHLP_DEFERRED_SYMBOL_LOAD; |
|
#endif |
|
|
|
typedef struct _IMAGEHLP_DUPLICATE_SYMBOL64 { |
|
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DUPLICATE_SYMBOL64) |
|
DWORD NumberOfDups; // number of duplicates in the Symbol array |
|
PIMAGEHLP_SYMBOL64 Symbol; // array of duplicate symbols |
|
DWORD SelectedSymbol; // symbol selected (-1 to start) |
|
} IMAGEHLP_DUPLICATE_SYMBOL64, *PIMAGEHLP_DUPLICATE_SYMBOL64; |
|
|
|
#if !_IMAGEHLP_SOURCE_ && _IMAGEHLP64 |
|
#define IMAGEHLP_DUPLICATE_SYMBOL IMAGEHLP_DUPLICATE_SYMBOL64 |
|
#define PIMAGEHLP_DUPLICATE_SYMBOL PIMAGEHLP_DUPLICATE_SYMBOL64 |
|
#else |
|
typedef struct _IMAGEHLP_DUPLICATE_SYMBOL { |
|
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DUPLICATE_SYMBOL) |
|
DWORD NumberOfDups; // number of duplicates in the Symbol array |
|
PIMAGEHLP_SYMBOL Symbol; // array of duplicate symbols |
|
DWORD SelectedSymbol; // symbol selected (-1 to start) |
|
} IMAGEHLP_DUPLICATE_SYMBOL, *PIMAGEHLP_DUPLICATE_SYMBOL; |
|
#endif |
|
|
|
// If dbghelp ever needs to display graphical UI, it will use this as the parent window. |
|
|
|
BOOL |
|
SymSetParentWindow( |
|
HWND hwnd |
|
); |
|
|
|
// |
|
// options that are set/returned by SymSetOptions() & SymGetOptions() |
|
// these are used as a mask |
|
// |
|
#define SYMOPT_CASE_INSENSITIVE 0x00000001 |
|
#define SYMOPT_UNDNAME 0x00000002 |
|
#define SYMOPT_DEFERRED_LOADS 0x00000004 |
|
#define SYMOPT_NO_CPP 0x00000008 |
|
#define SYMOPT_LOAD_LINES 0x00000010 |
|
#define SYMOPT_OMAP_FIND_NEAREST 0x00000020 |
|
#define SYMOPT_LOAD_ANYTHING 0x00000040 |
|
#define SYMOPT_IGNORE_CVREC 0x00000080 |
|
#define SYMOPT_NO_UNQUALIFIED_LOADS 0x00000100 |
|
#define SYMOPT_FAIL_CRITICAL_ERRORS 0x00000200 |
|
#define SYMOPT_EXACT_SYMBOLS 0x00000400 |
|
#define SYMOPT_INCLUDE_32BIT_MODULES 0x00002000 |
|
|
|
#define SYMOPT_DEBUG 0x80000000 |
|
|
|
DWORD |
|
IMAGEAPI |
|
SymSetOptions( |
|
IN DWORD SymOptions |
|
); |
|
|
|
DWORD |
|
IMAGEAPI |
|
SymGetOptions( |
|
VOID |
|
); |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymCleanup( |
|
IN HANDLE hProcess |
|
); |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymMatchString( |
|
IN LPSTR string, |
|
IN LPSTR expression, |
|
IN BOOL fCase |
|
); |
|
|
|
typedef BOOL |
|
(CALLBACK *PSYM_ENUMSOURCFILES_CALLBACK)( |
|
PSOURCEFILE pSourceFile, |
|
PVOID UserContext |
|
); |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymEnumSourceFiles( |
|
IN HANDLE hProcess, |
|
IN ULONG64 ModBase, |
|
IN LPSTR Mask, |
|
IN PSYM_ENUMSOURCFILES_CALLBACK cbSrcFiles, |
|
IN PVOID UserContext |
|
); |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymEnumerateModules64( |
|
IN HANDLE hProcess, |
|
IN PSYM_ENUMMODULES_CALLBACK64 EnumModulesCallback, |
|
IN PVOID UserContext |
|
); |
|
|
|
#if !_IMAGEHLP_SOURCE_ && _IMAGEHLP64 |
|
#define SymEnumerateModules SymEnumerateModules64 |
|
#else |
|
BOOL |
|
IMAGEAPI |
|
SymEnumerateModules( |
|
IN HANDLE hProcess, |
|
IN PSYM_ENUMMODULES_CALLBACK EnumModulesCallback, |
|
IN PVOID UserContext |
|
); |
|
#endif |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymEnumerateSymbols64( |
|
IN HANDLE hProcess, |
|
IN DWORD64 BaseOfDll, |
|
IN PSYM_ENUMSYMBOLS_CALLBACK64 EnumSymbolsCallback, |
|
IN PVOID UserContext |
|
); |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymEnumerateSymbolsW64( |
|
IN HANDLE hProcess, |
|
IN DWORD64 BaseOfDll, |
|
IN PSYM_ENUMSYMBOLS_CALLBACK64W EnumSymbolsCallback, |
|
IN PVOID UserContext |
|
); |
|
|
|
#if !_IMAGEHLP_SOURCE_ && _IMAGEHLP64 |
|
#define SymEnumerateSymbols SymEnumerateSymbols64 |
|
#define SymEnumerateSymbolsW SymEnumerateSymbolsW64 |
|
#else |
|
BOOL |
|
IMAGEAPI |
|
SymEnumerateSymbols( |
|
IN HANDLE hProcess, |
|
IN DWORD BaseOfDll, |
|
IN PSYM_ENUMSYMBOLS_CALLBACK EnumSymbolsCallback, |
|
IN PVOID UserContext |
|
); |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymEnumerateSymbolsW( |
|
IN HANDLE hProcess, |
|
IN DWORD BaseOfDll, |
|
IN PSYM_ENUMSYMBOLS_CALLBACKW EnumSymbolsCallback, |
|
IN PVOID UserContext |
|
); |
|
#endif |
|
|
|
BOOL |
|
IMAGEAPI |
|
EnumerateLoadedModules64( |
|
IN HANDLE hProcess, |
|
IN PENUMLOADED_MODULES_CALLBACK64 EnumLoadedModulesCallback, |
|
IN PVOID UserContext |
|
); |
|
|
|
#if !_IMAGEHLP_SOURCE_ && _IMAGEHLP64 |
|
#define EnumerateLoadedModules EnumerateLoadedModules64 |
|
#else |
|
BOOL |
|
IMAGEAPI |
|
EnumerateLoadedModules( |
|
IN HANDLE hProcess, |
|
IN PENUMLOADED_MODULES_CALLBACK EnumLoadedModulesCallback, |
|
IN PVOID UserContext |
|
); |
|
#endif |
|
|
|
PVOID |
|
IMAGEAPI |
|
SymFunctionTableAccess64( |
|
HANDLE hProcess, |
|
DWORD64 AddrBase |
|
); |
|
|
|
#if !_IMAGEHLP_SOURCE_ && _IMAGEHLP64 |
|
#define SymFunctionTableAccess SymFunctionTableAccess64 |
|
#else |
|
PVOID |
|
IMAGEAPI |
|
SymFunctionTableAccess( |
|
HANDLE hProcess, |
|
DWORD AddrBase |
|
); |
|
#endif |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymGetModuleInfo64( |
|
IN HANDLE hProcess, |
|
IN DWORD64 qwAddr, |
|
OUT PIMAGEHLP_MODULE64 ModuleInfo |
|
); |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymGetModuleInfoW64( |
|
IN HANDLE hProcess, |
|
IN DWORD64 qwAddr, |
|
OUT PIMAGEHLP_MODULEW64 ModuleInfo |
|
); |
|
|
|
#if !_IMAGEHLP_SOURCE_ && _IMAGEHLP64 |
|
#define SymGetModuleInfo SymGetModuleInfo64 |
|
#define SymGetModuleInfoW SymGetModuleInfoW64 |
|
#else |
|
BOOL |
|
IMAGEAPI |
|
SymGetModuleInfo( |
|
IN HANDLE hProcess, |
|
IN DWORD dwAddr, |
|
OUT PIMAGEHLP_MODULE ModuleInfo |
|
); |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymGetModuleInfoW( |
|
IN HANDLE hProcess, |
|
IN DWORD dwAddr, |
|
OUT PIMAGEHLP_MODULEW ModuleInfo |
|
); |
|
#endif |
|
|
|
DWORD64 |
|
IMAGEAPI |
|
SymGetModuleBase64( |
|
IN HANDLE hProcess, |
|
IN DWORD64 qwAddr |
|
); |
|
|
|
#if !_IMAGEHLP_SOURCE_ && _IMAGEHLP64 |
|
#define SymGetModuleBase SymGetModuleBase64 |
|
#else |
|
DWORD |
|
IMAGEAPI |
|
SymGetModuleBase( |
|
IN HANDLE hProcess, |
|
IN DWORD dwAddr |
|
); |
|
#endif |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymGetSymNext64( |
|
IN HANDLE hProcess, |
|
IN OUT PIMAGEHLP_SYMBOL64 Symbol |
|
); |
|
|
|
#if !_IMAGEHLP_SOURCE_ && _IMAGEHLP64 |
|
#define SymGetSymNext SymGetSymNext64 |
|
#else |
|
BOOL |
|
IMAGEAPI |
|
SymGetSymNext( |
|
IN HANDLE hProcess, |
|
IN OUT PIMAGEHLP_SYMBOL Symbol |
|
); |
|
#endif |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymGetSymPrev64( |
|
IN HANDLE hProcess, |
|
IN OUT PIMAGEHLP_SYMBOL64 Symbol |
|
); |
|
|
|
#if !_IMAGEHLP_SOURCE_ && _IMAGEHLP64 |
|
#define SymGetSymPrev SymGetSymPrev64 |
|
#else |
|
BOOL |
|
IMAGEAPI |
|
SymGetSymPrev( |
|
IN HANDLE hProcess, |
|
IN OUT PIMAGEHLP_SYMBOL Symbol |
|
); |
|
#endif |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymGetLineFromAddr64( |
|
IN HANDLE hProcess, |
|
IN DWORD64 qwAddr, |
|
OUT PDWORD pdwDisplacement, |
|
OUT PIMAGEHLP_LINE64 Line |
|
); |
|
|
|
#if !_IMAGEHLP_SOURCE_ && _IMAGEHLP64 |
|
#define SymGetLineFromAddr SymGetLineFromAddr64 |
|
#else |
|
BOOL |
|
IMAGEAPI |
|
SymGetLineFromAddr( |
|
IN HANDLE hProcess, |
|
IN DWORD dwAddr, |
|
OUT PDWORD pdwDisplacement, |
|
OUT PIMAGEHLP_LINE Line |
|
); |
|
#endif |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymGetLineFromName64( |
|
IN HANDLE hProcess, |
|
IN PSTR ModuleName, |
|
IN PSTR FileName, |
|
IN DWORD dwLineNumber, |
|
OUT PLONG plDisplacement, |
|
IN OUT PIMAGEHLP_LINE64 Line |
|
); |
|
|
|
#if !_IMAGEHLP_SOURCE_ && _IMAGEHLP64 |
|
#define SymGetLineFromName SymGetLineFromName64 |
|
#else |
|
BOOL |
|
IMAGEAPI |
|
SymGetLineFromName( |
|
IN HANDLE hProcess, |
|
IN PSTR ModuleName, |
|
IN PSTR FileName, |
|
IN DWORD dwLineNumber, |
|
OUT PLONG plDisplacement, |
|
IN OUT PIMAGEHLP_LINE Line |
|
); |
|
#endif |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymGetLineNext64( |
|
IN HANDLE hProcess, |
|
IN OUT PIMAGEHLP_LINE64 Line |
|
); |
|
|
|
#if !_IMAGEHLP_SOURCE_ && _IMAGEHLP64 |
|
#define SymGetLineNext SymGetLineNext64 |
|
#else |
|
BOOL |
|
IMAGEAPI |
|
SymGetLineNext( |
|
IN HANDLE hProcess, |
|
IN OUT PIMAGEHLP_LINE Line |
|
); |
|
#endif |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymGetLinePrev64( |
|
IN HANDLE hProcess, |
|
IN OUT PIMAGEHLP_LINE64 Line |
|
); |
|
|
|
#if !_IMAGEHLP_SOURCE_ && _IMAGEHLP64 |
|
#define SymGetLinePrev SymGetLinePrev64 |
|
#else |
|
BOOL |
|
IMAGEAPI |
|
SymGetLinePrev( |
|
IN HANDLE hProcess, |
|
IN OUT PIMAGEHLP_LINE Line |
|
); |
|
#endif |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymMatchFileName( |
|
IN PSTR FileName, |
|
IN PSTR Match, |
|
OUT PSTR *FileNameStop, |
|
OUT PSTR *MatchStop |
|
); |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymInitialize( |
|
IN HANDLE hProcess, |
|
IN PSTR UserSearchPath, |
|
IN BOOL fInvadeProcess |
|
); |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymGetSearchPath( |
|
IN HANDLE hProcess, |
|
OUT PSTR SearchPath, |
|
IN DWORD SearchPathLength |
|
); |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymSetSearchPath( |
|
IN HANDLE hProcess, |
|
IN PSTR SearchPath |
|
); |
|
|
|
DWORD64 |
|
IMAGEAPI |
|
SymLoadModule64( |
|
IN HANDLE hProcess, |
|
IN HANDLE hFile, |
|
IN PSTR ImageName, |
|
IN PSTR ModuleName, |
|
IN DWORD64 BaseOfDll, |
|
IN DWORD SizeOfDll |
|
); |
|
|
|
#define SLMFLAG_VIRTUAL 0x1 |
|
|
|
DWORD64 |
|
IMAGEAPI |
|
SymLoadModuleEx( |
|
IN HANDLE hProcess, |
|
IN HANDLE hFile, |
|
IN PSTR ImageName, |
|
IN PSTR ModuleName, |
|
IN DWORD64 BaseOfDll, |
|
IN DWORD DllSize, |
|
IN PMODLOAD_DATA Data, |
|
IN DWORD Flags |
|
); |
|
|
|
#if !_IMAGEHLP_SOURCE_ && _IMAGEHLP64 |
|
#define SymLoadModule SymLoadModule64 |
|
#else |
|
DWORD |
|
IMAGEAPI |
|
SymLoadModule( |
|
IN HANDLE hProcess, |
|
IN HANDLE hFile, |
|
IN PSTR ImageName, |
|
IN PSTR ModuleName, |
|
IN DWORD BaseOfDll, |
|
IN DWORD SizeOfDll |
|
); |
|
#endif |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymUnloadModule64( |
|
IN HANDLE hProcess, |
|
IN DWORD64 BaseOfDll |
|
); |
|
|
|
#if !_IMAGEHLP_SOURCE_ && _IMAGEHLP64 |
|
#define SymUnloadModule SymUnloadModule64 |
|
#else |
|
BOOL |
|
IMAGEAPI |
|
SymUnloadModule( |
|
IN HANDLE hProcess, |
|
IN DWORD BaseOfDll |
|
); |
|
#endif |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymUnDName64( |
|
IN PIMAGEHLP_SYMBOL64 sym, // Symbol to undecorate |
|
OUT PSTR UnDecName, // Buffer to store undecorated name in |
|
IN DWORD UnDecNameLength // Size of the buffer |
|
); |
|
|
|
#if !_IMAGEHLP_SOURCE_ && _IMAGEHLP64 |
|
#define SymUnDName SymUnDName64 |
|
#else |
|
BOOL |
|
IMAGEAPI |
|
SymUnDName( |
|
IN PIMAGEHLP_SYMBOL sym, // Symbol to undecorate |
|
OUT PSTR UnDecName, // Buffer to store undecorated name in |
|
IN DWORD UnDecNameLength // Size of the buffer |
|
); |
|
#endif |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymRegisterCallback64( |
|
IN HANDLE hProcess, |
|
IN PSYMBOL_REGISTERED_CALLBACK64 CallbackFunction, |
|
IN ULONG64 UserContext |
|
); |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymRegisterFunctionEntryCallback64( |
|
IN HANDLE hProcess, |
|
IN PSYMBOL_FUNCENTRY_CALLBACK64 CallbackFunction, |
|
IN ULONG64 UserContext |
|
); |
|
|
|
#if !_IMAGEHLP_SOURCE_ && _IMAGEHLP64 |
|
#define SymRegisterCallback SymRegisterCallback64 |
|
#define SymRegisterFunctionEntryCallback SymRegisterFunctionEntryCallback64 |
|
#else |
|
BOOL |
|
IMAGEAPI |
|
SymRegisterCallback( |
|
IN HANDLE hProcess, |
|
IN PSYMBOL_REGISTERED_CALLBACK CallbackFunction, |
|
IN PVOID UserContext |
|
); |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymRegisterFunctionEntryCallback( |
|
IN HANDLE hProcess, |
|
IN PSYMBOL_FUNCENTRY_CALLBACK CallbackFunction, |
|
IN PVOID UserContext |
|
); |
|
#endif |
|
|
|
|
|
typedef struct _IMAGEHLP_SYMBOL_SRC { |
|
DWORD sizeofstruct; |
|
DWORD type; |
|
char file[MAX_PATH]; |
|
} IMAGEHLP_SYMBOL_SRC, *PIMAGEHLP_SYMBOL_SRC; |
|
|
|
typedef struct _MODULE_TYPE_INFO { // AKA TYPTYP |
|
USHORT dataLength; |
|
USHORT leaf; |
|
BYTE data[1]; |
|
} MODULE_TYPE_INFO, *PMODULE_TYPE_INFO; |
|
|
|
#define IMAGEHLP_SYMBOL_INFO_VALUEPRESENT 1 |
|
#define IMAGEHLP_SYMBOL_INFO_REGISTER SYMF_REGISTER // 0x0008 |
|
#define IMAGEHLP_SYMBOL_INFO_REGRELATIVE SYMF_REGREL // 0x0010 |
|
#define IMAGEHLP_SYMBOL_INFO_FRAMERELATIVE SYMF_FRAMEREL // 0x0020 |
|
#define IMAGEHLP_SYMBOL_INFO_PARAMETER SYMF_PARAMETER // 0x0040 |
|
#define IMAGEHLP_SYMBOL_INFO_LOCAL SYMF_LOCAL // 0x0080 |
|
#define IMAGEHLP_SYMBOL_INFO_CONSTANT SYMF_CONSTANT // 0x0100 |
|
#define IMAGEHLP_SYMBOL_FUNCTION SYMF_FUNCTION // 0x0800 |
|
#define IMAGEHLP_SYMBOL_VIRTUAL SYMF_VIRTUAL // 0x1000 |
|
|
|
typedef struct _SYMBOL_INFO { |
|
ULONG SizeOfStruct; |
|
ULONG TypeIndex; // Type Index of symbol |
|
ULONG64 Reserved[2]; |
|
ULONG Reserved2; |
|
ULONG Size; |
|
ULONG64 ModBase; // Base Address of module comtaining this symbol |
|
ULONG Flags; |
|
ULONG64 Value; // Value of symbol, ValuePresent should be 1 |
|
ULONG64 Address; // Address of symbol including base address of module |
|
ULONG Register; // register holding value or pointer to value |
|
ULONG Scope; // scope of the symbol |
|
ULONG Tag; // pdb classification |
|
ULONG NameLen; // Actual length of name |
|
ULONG MaxNameLen; |
|
CHAR Name[1]; // Name of symbol |
|
} SYMBOL_INFO, *PSYMBOL_INFO; |
|
|
|
typedef struct _IMAGEHLP_STACK_FRAME |
|
{ |
|
ULONG64 InstructionOffset; |
|
ULONG64 ReturnOffset; |
|
ULONG64 FrameOffset; |
|
ULONG64 StackOffset; |
|
ULONG64 BackingStoreOffset; |
|
ULONG64 FuncTableEntry; |
|
ULONG64 Params[4]; |
|
ULONG64 Reserved[5]; |
|
BOOL Virtual; |
|
ULONG Reserved2; |
|
} IMAGEHLP_STACK_FRAME, *PIMAGEHLP_STACK_FRAME; |
|
|
|
typedef VOID IMAGEHLP_CONTEXT, *PIMAGEHLP_CONTEXT; |
|
|
|
|
|
ULONG |
|
IMAGEAPI |
|
SymSetContext( |
|
HANDLE hProcess, |
|
PIMAGEHLP_STACK_FRAME StackFrame, |
|
PIMAGEHLP_CONTEXT Context |
|
); |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymFromAddr( |
|
IN HANDLE hProcess, |
|
IN DWORD64 Address, |
|
OUT PDWORD64 Displacement, |
|
IN OUT PSYMBOL_INFO Symbol |
|
); |
|
|
|
// While SymFromName will provide a symbol from a name, |
|
// SymEnumSymbols can provide the same matching information |
|
// for ALL symbols with a matching name, even regular |
|
// expressions. That way you can search across modules |
|
// and differentiate between identically named symbols. |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymFromName( |
|
IN HANDLE hProcess, |
|
IN LPSTR Name, |
|
OUT PSYMBOL_INFO Symbol |
|
); |
|
|
|
typedef BOOL |
|
(CALLBACK *PSYM_ENUMERATESYMBOLS_CALLBACK)( |
|
PSYMBOL_INFO pSymInfo, |
|
ULONG SymbolSize, |
|
PVOID UserContext |
|
); |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymEnumSymbols( |
|
IN HANDLE hProcess, |
|
IN ULONG64 BaseOfDll, |
|
IN PCSTR Mask, |
|
IN PSYM_ENUMERATESYMBOLS_CALLBACK EnumSymbolsCallback, |
|
IN PVOID UserContext |
|
); |
|
|
|
typedef enum _IMAGEHLP_SYMBOL_TYPE_INFO { |
|
TI_GET_SYMTAG, |
|
TI_GET_SYMNAME, |
|
TI_GET_LENGTH, |
|
TI_GET_TYPE, |
|
TI_GET_TYPEID, |
|
TI_GET_BASETYPE, |
|
TI_GET_ARRAYINDEXTYPEID, |
|
TI_FINDCHILDREN, |
|
TI_GET_DATAKIND, |
|
TI_GET_ADDRESSOFFSET, |
|
TI_GET_OFFSET, |
|
TI_GET_VALUE, |
|
TI_GET_COUNT, |
|
TI_GET_CHILDRENCOUNT, |
|
TI_GET_BITPOSITION, |
|
TI_GET_VIRTUALBASECLASS, |
|
TI_GET_VIRTUALTABLESHAPEID, |
|
TI_GET_VIRTUALBASEPOINTEROFFSET, |
|
TI_GET_CLASSPARENTID, |
|
TI_GET_NESTED, |
|
TI_GET_SYMINDEX, |
|
TI_GET_LEXICALPARENT, |
|
TI_GET_ADDRESS, |
|
TI_GET_THISADJUST, |
|
} IMAGEHLP_SYMBOL_TYPE_INFO; |
|
|
|
typedef struct _TI_FINDCHILDREN_PARAMS { |
|
ULONG Count; |
|
ULONG Start; |
|
ULONG ChildId[1]; |
|
} TI_FINDCHILDREN_PARAMS; |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymGetTypeInfo( |
|
IN HANDLE hProcess, |
|
IN DWORD64 ModBase, |
|
IN ULONG TypeId, |
|
IN IMAGEHLP_SYMBOL_TYPE_INFO GetType, |
|
OUT PVOID pInfo |
|
); |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymEnumTypes( |
|
IN HANDLE hProcess, |
|
IN ULONG64 BaseOfDll, |
|
IN PSYM_ENUMERATESYMBOLS_CALLBACK EnumSymbolsCallback, |
|
IN PVOID UserContext |
|
); |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymGetTypeFromName( |
|
IN HANDLE hProcess, |
|
IN ULONG64 BaseOfDll, |
|
IN LPSTR Name, |
|
OUT PSYMBOL_INFO Symbol |
|
); |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymAddSymbol( |
|
IN HANDLE hProcess, |
|
IN ULONG64 BaseOfDll, |
|
IN PCSTR Name, |
|
IN DWORD64 Address, |
|
IN DWORD Size, |
|
IN DWORD Flags |
|
); |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymDeleteSymbol( |
|
IN HANDLE hProcess, |
|
IN ULONG64 BaseOfDll, |
|
IN PCSTR Name, |
|
IN DWORD64 Address, |
|
IN DWORD Flags |
|
); |
|
|
|
// |
|
// Full user-mode dump creation. |
|
// |
|
|
|
typedef BOOL (WINAPI *PDBGHELP_CREATE_USER_DUMP_CALLBACK)( |
|
DWORD DataType, |
|
PVOID* Data, |
|
LPDWORD DataLength, |
|
PVOID UserData |
|
); |
|
|
|
BOOL |
|
WINAPI |
|
DbgHelpCreateUserDump( |
|
IN LPSTR FileName, |
|
IN PDBGHELP_CREATE_USER_DUMP_CALLBACK Callback, |
|
IN PVOID UserData |
|
); |
|
|
|
BOOL |
|
WINAPI |
|
DbgHelpCreateUserDumpW( |
|
IN LPWSTR FileName, |
|
IN PDBGHELP_CREATE_USER_DUMP_CALLBACK Callback, |
|
IN PVOID UserData |
|
); |
|
|
|
// ----------------------------------------------------------------- |
|
// The following 4 legacy APIs are fully supported, but newer |
|
// ones are recommended. SymFromName and SymFromAddr provide |
|
// much more detailed info on the returned symbol. |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymGetSymFromAddr64( |
|
IN HANDLE hProcess, |
|
IN DWORD64 qwAddr, |
|
OUT PDWORD64 pdwDisplacement, |
|
OUT PIMAGEHLP_SYMBOL64 Symbol |
|
); |
|
|
|
#if !_IMAGEHLP_SOURCE_ && _IMAGEHLP64 |
|
#define SymGetSymFromAddr SymGetSymFromAddr64 |
|
#else |
|
BOOL |
|
IMAGEAPI |
|
SymGetSymFromAddr( |
|
IN HANDLE hProcess, |
|
IN DWORD dwAddr, |
|
OUT PDWORD pdwDisplacement, |
|
OUT PIMAGEHLP_SYMBOL Symbol |
|
); |
|
#endif |
|
|
|
// While following two APIs will provide a symbol from a name, |
|
// SymEnumSymbols can provide the same matching information |
|
// for ALL symbols with a matching name, even regular |
|
// expressions. That way you can search across modules |
|
// and differentiate between identically named symbols. |
|
|
|
BOOL |
|
IMAGEAPI |
|
SymGetSymFromName64( |
|
IN HANDLE hProcess, |
|
IN PSTR Name, |
|
OUT PIMAGEHLP_SYMBOL64 Symbol |
|
); |
|
|
|
#if !_IMAGEHLP_SOURCE_ && _IMAGEHLP64 |
|
#define SymGetSymFromName SymGetSymFromName64 |
|
#else |
|
BOOL |
|
IMAGEAPI |
|
SymGetSymFromName( |
|
IN HANDLE hProcess, |
|
IN PSTR Name, |
|
OUT PIMAGEHLP_SYMBOL Symbol |
|
); |
|
#endif |
|
|
|
|
|
// ----------------------------------------------------------------- |
|
// The following APIs exist only for backwards compatibility |
|
// with a pre-release version documented in an MSDN release. |
|
|
|
// You should use SymFindFileInPath if you want to maintain |
|
// future compatibility. |
|
|
|
DBHLP_DEPRECIATED |
|
BOOL |
|
IMAGEAPI |
|
FindFileInPath( |
|
HANDLE hprocess, |
|
LPSTR SearchPath, |
|
LPSTR FileName, |
|
PVOID id, |
|
DWORD two, |
|
DWORD three, |
|
DWORD flags, |
|
LPSTR FilePath |
|
); |
|
|
|
// You should use SymFindFileInPath if you want to maintain |
|
// future compatibility. |
|
|
|
DBHLP_DEPRECIATED |
|
BOOL |
|
IMAGEAPI |
|
FindFileInSearchPath( |
|
HANDLE hprocess, |
|
LPSTR SearchPath, |
|
LPSTR FileName, |
|
DWORD one, |
|
DWORD two, |
|
DWORD three, |
|
LPSTR FilePath |
|
); |
|
|
|
DBHLP_DEPRECIATED |
|
BOOL |
|
IMAGEAPI |
|
SymEnumSym( |
|
IN HANDLE hProcess, |
|
IN ULONG64 BaseOfDll, |
|
IN PSYM_ENUMERATESYMBOLS_CALLBACK EnumSymbolsCallback, |
|
IN PVOID UserContext |
|
); |
|
|
|
|
|
#include <pshpack4.h> |
|
|
|
#pragma warning(disable:4200) // Zero length array |
|
|
|
|
|
#define MINIDUMP_SIGNATURE ('PMDM') |
|
#define MINIDUMP_VERSION (42899) |
|
typedef DWORD RVA; |
|
typedef ULONG64 RVA64; |
|
|
|
typedef struct _MINIDUMP_LOCATION_DESCRIPTOR { |
|
ULONG32 DataSize; |
|
RVA Rva; |
|
} MINIDUMP_LOCATION_DESCRIPTOR; |
|
|
|
typedef struct _MINIDUMP_LOCATION_DESCRIPTOR64 { |
|
ULONG64 DataSize; |
|
RVA64 Rva; |
|
} MINIDUMP_LOCATION_DESCRIPTOR64; |
|
|
|
|
|
typedef struct _MINIDUMP_MEMORY_DESCRIPTOR { |
|
ULONG64 StartOfMemoryRange; |
|
MINIDUMP_LOCATION_DESCRIPTOR Memory; |
|
} MINIDUMP_MEMORY_DESCRIPTOR, *PMINIDUMP_MEMORY_DESCRIPTOR; |
|
|
|
// DESCRIPTOR64 is used for full-memory minidumps where |
|
// all of the raw memory is laid out sequentially at the |
|
// end of the dump. There is no need for individual RVAs |
|
// as the RVA is the base RVA plus the sum of the preceeding |
|
// data blocks. |
|
typedef struct _MINIDUMP_MEMORY_DESCRIPTOR64 { |
|
ULONG64 StartOfMemoryRange; |
|
ULONG64 DataSize; |
|
} MINIDUMP_MEMORY_DESCRIPTOR64, *PMINIDUMP_MEMORY_DESCRIPTOR64; |
|
|
|
|
|
typedef struct _MINIDUMP_HEADER { |
|
ULONG32 Signature; |
|
ULONG32 Version; |
|
ULONG32 NumberOfStreams; |
|
RVA StreamDirectoryRva; |
|
ULONG32 CheckSum; |
|
union { |
|
ULONG32 Reserved; |
|
ULONG32 TimeDateStamp; |
|
}; |
|
ULONG64 Flags; |
|
} MINIDUMP_HEADER, *PMINIDUMP_HEADER; |
|
|
|
// |
|
// The MINIDUMP_HEADER field StreamDirectoryRva points to |
|
// an array of MINIDUMP_DIRECTORY structures. |
|
// |
|
|
|
typedef struct _MINIDUMP_DIRECTORY { |
|
ULONG32 StreamType; |
|
MINIDUMP_LOCATION_DESCRIPTOR Location; |
|
} MINIDUMP_DIRECTORY, *PMINIDUMP_DIRECTORY; |
|
|
|
|
|
typedef struct _MINIDUMP_STRING { |
|
ULONG32 Length; // Length in bytes of the string |
|
WCHAR Buffer [0]; // Variable size buffer |
|
} MINIDUMP_STRING, *PMINIDUMP_STRING; |
|
|
|
|
|
|
|
// |
|
// The MINIDUMP_DIRECTORY field StreamType may be one of the following types. |
|
// Types will be added in the future, so if a program reading the minidump |
|
// header encounters a stream type it does not understand it should ignore |
|
// the data altogether. Any tag above LastReservedStream will not be used by |
|
// the system and is reserved for program-specific information. |
|
// |
|
|
|
typedef enum _MINIDUMP_STREAM_TYPE { |
|
|
|
UnusedStream = 0, |
|
ReservedStream0 = 1, |
|
ReservedStream1 = 2, |
|
ThreadListStream = 3, |
|
ModuleListStream = 4, |
|
MemoryListStream = 5, |
|
ExceptionStream = 6, |
|
SystemInfoStream = 7, |
|
ThreadExListStream = 8, |
|
Memory64ListStream = 9, |
|
CommentStreamA = 10, |
|
CommentStreamW = 11, |
|
HandleDataStream = 12, |
|
FunctionTableStream = 13, |
|
|
|
LastReservedStream = 0xffff |
|
|
|
} MINIDUMP_STREAM_TYPE; |
|
|
|
|
|
// |
|
// The minidump system information contains processor and |
|
// Operating System specific information. |
|
// |
|
|
|
typedef struct _MINIDUMP_SYSTEM_INFO { |
|
|
|
// |
|
// ProcessorArchitecture, ProcessorLevel and ProcessorRevision are all |
|
// taken from the SYSTEM_INFO structure obtained by GetSystemInfo( ). |
|
// |
|
|
|
USHORT ProcessorArchitecture; |
|
USHORT ProcessorLevel; |
|
USHORT ProcessorRevision; |
|
|
|
USHORT Reserved0; // Reserved for future use. Must be zero. |
|
|
|
// |
|
// MajorVersion, MinorVersion, BuildNumber, PlatformId and |
|
// CSDVersion are all taken from the OSVERSIONINFO structure |
|
// returned by GetVersionEx( ). |
|
// |
|
|
|
ULONG32 MajorVersion; |
|
ULONG32 MinorVersion; |
|
ULONG32 BuildNumber; |
|
ULONG32 PlatformId; |
|
|
|
// |
|
// RVA to a CSDVersion string in the string table. |
|
// |
|
|
|
RVA CSDVersionRva; |
|
|
|
ULONG32 Reserved1; // Reserved for future use. |
|
|
|
// |
|
// CPU information is obtained from one of two places. |
|
// |
|
// 1) On x86 computers, CPU_INFORMATION is obtained from the CPUID |
|
// instruction. You must use the X86 portion of the union for X86 |
|
// computers. |
|
// |
|
// 2) On non-x86 architectures, CPU_INFORMATION is obtained by calling |
|
// IsProcessorFeatureSupported(). |
|
// |
|
|
|
union _CPU_INFORMATION { |
|
|
|
// |
|
// X86 platforms use CPUID function to obtain processor information. |
|
// |
|
|
|
struct { |
|
|
|
// |
|
// CPUID Subfunction 0, register EAX (VendorId [0]), |
|
// EBX (VendorId [1]) and ECX (VendorId [2]). |
|
// |
|
|
|
ULONG32 VendorId [ 3 ]; |
|
|
|
// |
|
// CPUID Subfunction 1, register EAX |
|
// |
|
|
|
ULONG32 VersionInformation; |
|
|
|
// |
|
// CPUID Subfunction 1, register EDX |
|
// |
|
|
|
ULONG32 FeatureInformation; |
|
|
|
|
|
// |
|
// CPUID, Subfunction 80000001, register EBX. This will only |
|
// be obtained if the vendor id is "AuthenticAMD". |
|
// |
|
|
|
ULONG32 AMDExtendedCpuFeatures; |
|
|
|
} X86CpuInfo; |
|
|
|
// |
|
// Non-x86 platforms use processor feature flags. |
|
// |
|
|
|
struct { |
|
|
|
ULONG64 ProcessorFeatures [ 2 ]; |
|
|
|
} OtherCpuInfo; |
|
|
|
} Cpu; |
|
|
|
} MINIDUMP_SYSTEM_INFO, *PMINIDUMP_SYSTEM_INFO; |
|
|
|
typedef union _CPU_INFORMATION CPU_INFORMATION, *PCPU_INFORMATION; |
|
|
|
|
|
// |
|
// The minidump thread contains standard thread |
|
// information plus an RVA to the memory for this |
|
// thread and an RVA to the CONTEXT structure for |
|
// this thread. |
|
// |
|
|
|
|
|
// |
|
// ThreadId must be 4 bytes on all architectures. |
|
// |
|
|
|
C_ASSERT (sizeof ( ((PPROCESS_INFORMATION)0)->dwThreadId ) == 4); |
|
|
|
typedef struct _MINIDUMP_THREAD { |
|
ULONG32 ThreadId; |
|
ULONG32 SuspendCount; |
|
ULONG32 PriorityClass; |
|
ULONG32 Priority; |
|
ULONG64 Teb; |
|
MINIDUMP_MEMORY_DESCRIPTOR Stack; |
|
MINIDUMP_LOCATION_DESCRIPTOR ThreadContext; |
|
} MINIDUMP_THREAD, *PMINIDUMP_THREAD; |
|
|
|
// |
|
// The thread list is a container of threads. |
|
// |
|
|
|
typedef struct _MINIDUMP_THREAD_LIST { |
|
ULONG32 NumberOfThreads; |
|
MINIDUMP_THREAD Threads [0]; |
|
} MINIDUMP_THREAD_LIST, *PMINIDUMP_THREAD_LIST; |
|
|
|
|
|
typedef struct _MINIDUMP_THREAD_EX { |
|
ULONG32 ThreadId; |
|
ULONG32 SuspendCount; |
|
ULONG32 PriorityClass; |
|
ULONG32 Priority; |
|
ULONG64 Teb; |
|
MINIDUMP_MEMORY_DESCRIPTOR Stack; |
|
MINIDUMP_LOCATION_DESCRIPTOR ThreadContext; |
|
MINIDUMP_MEMORY_DESCRIPTOR BackingStore; |
|
} MINIDUMP_THREAD_EX, *PMINIDUMP_THREAD_EX; |
|
|
|
// |
|
// The thread list is a container of threads. |
|
// |
|
|
|
typedef struct _MINIDUMP_THREAD_EX_LIST { |
|
ULONG32 NumberOfThreads; |
|
MINIDUMP_THREAD_EX Threads [0]; |
|
} MINIDUMP_THREAD_EX_LIST, *PMINIDUMP_THREAD_EX_LIST; |
|
|
|
|
|
// |
|
// The MINIDUMP_EXCEPTION is the same as EXCEPTION on Win64. |
|
// |
|
|
|
typedef struct _MINIDUMP_EXCEPTION { |
|
ULONG32 ExceptionCode; |
|
ULONG32 ExceptionFlags; |
|
ULONG64 ExceptionRecord; |
|
ULONG64 ExceptionAddress; |
|
ULONG32 NumberParameters; |
|
ULONG32 __unusedAlignment; |
|
ULONG64 ExceptionInformation [ EXCEPTION_MAXIMUM_PARAMETERS ]; |
|
} MINIDUMP_EXCEPTION, *PMINIDUMP_EXCEPTION; |
|
|
|
|
|
// |
|
// The exception information stream contains the id of the thread that caused |
|
// the exception (ThreadId), the exception record for the exception |
|
// (ExceptionRecord) and an RVA to the thread context where the exception |
|
// occured. |
|
// |
|
|
|
typedef struct MINIDUMP_EXCEPTION_STREAM { |
|
ULONG32 ThreadId; |
|
ULONG32 __alignment; |
|
MINIDUMP_EXCEPTION ExceptionRecord; |
|
MINIDUMP_LOCATION_DESCRIPTOR ThreadContext; |
|
} MINIDUMP_EXCEPTION_STREAM, *PMINIDUMP_EXCEPTION_STREAM; |
|
|
|
|
|
// |
|
// The MINIDUMP_MODULE contains information about a |
|
// a specific module. It includes the CheckSum and |
|
// the TimeDateStamp for the module so the module |
|
// can be reloaded during the analysis phase. |
|
// |
|
|
|
typedef struct _MINIDUMP_MODULE { |
|
ULONG64 BaseOfImage; |
|
ULONG32 SizeOfImage; |
|
ULONG32 CheckSum; |
|
ULONG32 TimeDateStamp; |
|
RVA ModuleNameRva; |
|
VS_FIXEDFILEINFO VersionInfo; |
|
MINIDUMP_LOCATION_DESCRIPTOR CvRecord; |
|
MINIDUMP_LOCATION_DESCRIPTOR MiscRecord; |
|
ULONG64 Reserved0; // Reserved for future use. |
|
ULONG64 Reserved1; // Reserved for future use. |
|
} MINIDUMP_MODULE, *PMINIDUMP_MODULE; |
|
|
|
|
|
// |
|
// The minidump module list is a container for modules. |
|
// |
|
|
|
typedef struct _MINIDUMP_MODULE_LIST { |
|
ULONG32 NumberOfModules; |
|
MINIDUMP_MODULE Modules [ 0 ]; |
|
} MINIDUMP_MODULE_LIST, *PMINIDUMP_MODULE_LIST; |
|
|
|
|
|
// |
|
// Memory Ranges |
|
// |
|
|
|
typedef struct _MINIDUMP_MEMORY_LIST { |
|
ULONG32 NumberOfMemoryRanges; |
|
MINIDUMP_MEMORY_DESCRIPTOR MemoryRanges [0]; |
|
} MINIDUMP_MEMORY_LIST, *PMINIDUMP_MEMORY_LIST; |
|
|
|
typedef struct _MINIDUMP_MEMORY64_LIST { |
|
ULONG64 NumberOfMemoryRanges; |
|
RVA64 BaseRva; |
|
MINIDUMP_MEMORY_DESCRIPTOR64 MemoryRanges [0]; |
|
} MINIDUMP_MEMORY64_LIST, *PMINIDUMP_MEMORY64_LIST; |
|
|
|
|
|
// |
|
// Support for user supplied exception information. |
|
// |
|
|
|
typedef struct _MINIDUMP_EXCEPTION_INFORMATION { |
|
DWORD ThreadId; |
|
PEXCEPTION_POINTERS ExceptionPointers; |
|
BOOL ClientPointers; |
|
} MINIDUMP_EXCEPTION_INFORMATION, *PMINIDUMP_EXCEPTION_INFORMATION; |
|
|
|
|
|
// |
|
// Support for capturing system handle state at the time of the dump. |
|
// |
|
|
|
typedef struct _MINIDUMP_HANDLE_DESCRIPTOR { |
|
ULONG64 Handle; |
|
RVA TypeNameRva; |
|
RVA ObjectNameRva; |
|
ULONG32 Attributes; |
|
ULONG32 GrantedAccess; |
|
ULONG32 HandleCount; |
|
ULONG32 PointerCount; |
|
} MINIDUMP_HANDLE_DESCRIPTOR, *PMINIDUMP_HANDLE_DESCRIPTOR; |
|
|
|
typedef struct _MINIDUMP_HANDLE_DATA_STREAM { |
|
ULONG32 SizeOfHeader; |
|
ULONG32 SizeOfDescriptor; |
|
ULONG32 NumberOfDescriptors; |
|
ULONG32 Reserved; |
|
} MINIDUMP_HANDLE_DATA_STREAM, *PMINIDUMP_HANDLE_DATA_STREAM; |
|
|
|
|
|
// |
|
// Support for capturing dynamic function table state at the time of the dump. |
|
// |
|
|
|
typedef struct _MINIDUMP_FUNCTION_TABLE_DESCRIPTOR { |
|
ULONG64 MinimumAddress; |
|
ULONG64 MaximumAddress; |
|
ULONG64 BaseAddress; |
|
ULONG32 EntryCount; |
|
ULONG32 SizeOfAlignPad; |
|
} MINIDUMP_FUNCTION_TABLE_DESCRIPTOR, *PMINIDUMP_FUNCTION_TABLE_DESCRIPTOR; |
|
|
|
typedef struct _MINIDUMP_FUNCTION_TABLE_STREAM { |
|
ULONG32 SizeOfHeader; |
|
ULONG32 SizeOfDescriptor; |
|
ULONG32 SizeOfNativeDescriptor; |
|
ULONG32 SizeOfFunctionEntry; |
|
ULONG32 NumberOfDescriptors; |
|
ULONG32 SizeOfAlignPad; |
|
} MINIDUMP_FUNCTION_TABLE_STREAM, *PMINIDUMP_FUNCTION_TABLE_STREAM; |
|
|
|
|
|
// |
|
// Support for arbitrary user-defined information. |
|
// |
|
|
|
typedef struct _MINIDUMP_USER_RECORD { |
|
ULONG32 Type; |
|
MINIDUMP_LOCATION_DESCRIPTOR Memory; |
|
} MINIDUMP_USER_RECORD, *PMINIDUMP_USER_RECORD; |
|
|
|
|
|
typedef struct _MINIDUMP_USER_STREAM { |
|
ULONG32 Type; |
|
ULONG BufferSize; |
|
PVOID Buffer; |
|
|
|
} MINIDUMP_USER_STREAM, *PMINIDUMP_USER_STREAM; |
|
|
|
|
|
typedef struct _MINIDUMP_USER_STREAM_INFORMATION { |
|
ULONG UserStreamCount; |
|
PMINIDUMP_USER_STREAM UserStreamArray; |
|
} MINIDUMP_USER_STREAM_INFORMATION, *PMINIDUMP_USER_STREAM_INFORMATION; |
|
|
|
// |
|
// Callback support. |
|
// |
|
|
|
typedef enum _MINIDUMP_CALLBACK_TYPE { |
|
ModuleCallback, |
|
ThreadCallback, |
|
ThreadExCallback, |
|
IncludeThreadCallback, |
|
IncludeModuleCallback, |
|
} MINIDUMP_CALLBACK_TYPE; |
|
|
|
|
|
typedef struct _MINIDUMP_THREAD_CALLBACK { |
|
ULONG ThreadId; |
|
HANDLE ThreadHandle; |
|
CONTEXT Context; |
|
ULONG SizeOfContext; |
|
ULONG64 StackBase; |
|
ULONG64 StackEnd; |
|
} MINIDUMP_THREAD_CALLBACK, *PMINIDUMP_THREAD_CALLBACK; |
|
|
|
|
|
typedef struct _MINIDUMP_THREAD_EX_CALLBACK { |
|
ULONG ThreadId; |
|
HANDLE ThreadHandle; |
|
CONTEXT Context; |
|
ULONG SizeOfContext; |
|
ULONG64 StackBase; |
|
ULONG64 StackEnd; |
|
ULONG64 BackingStoreBase; |
|
ULONG64 BackingStoreEnd; |
|
} MINIDUMP_THREAD_EX_CALLBACK, *PMINIDUMP_THREAD_EX_CALLBACK; |
|
|
|
|
|
typedef struct _MINIDUMP_INCLUDE_THREAD_CALLBACK { |
|
ULONG ThreadId; |
|
} MINIDUMP_INCLUDE_THREAD_CALLBACK, *PMINIDUMP_INCLUDE_THREAD_CALLBACK; |
|
|
|
|
|
typedef enum _THREAD_WRITE_FLAGS { |
|
ThreadWriteThread = 0x0001, |
|
ThreadWriteStack = 0x0002, |
|
ThreadWriteContext = 0x0004, |
|
ThreadWriteBackingStore = 0x0008, |
|
ThreadWriteInstructionWindow = 0x0010 |
|
} THREAD_WRITE_FLAGS; |
|
|
|
typedef struct _MINIDUMP_MODULE_CALLBACK { |
|
PWCHAR FullPath; |
|
ULONG64 BaseOfImage; |
|
ULONG SizeOfImage; |
|
ULONG CheckSum; |
|
ULONG TimeDateStamp; |
|
VS_FIXEDFILEINFO VersionInfo; |
|
PVOID CvRecord; |
|
ULONG SizeOfCvRecord; |
|
PVOID MiscRecord; |
|
ULONG SizeOfMiscRecord; |
|
} MINIDUMP_MODULE_CALLBACK, *PMINIDUMP_MODULE_CALLBACK; |
|
|
|
|
|
typedef struct _MINIDUMP_INCLUDE_MODULE_CALLBACK { |
|
ULONG64 BaseOfImage; |
|
} MINIDUMP_INCLUDE_MODULE_CALLBACK, *PMINIDUMP_INCLUDE_MODULE_CALLBACK; |
|
|
|
|
|
typedef enum _MODULE_WRITE_FLAGS { |
|
ModuleWriteModule = 0x0001, |
|
ModuleWriteDataSeg = 0x0002, |
|
ModuleWriteMiscRecord = 0x0004, |
|
ModuleWriteCvRecord = 0x0008, |
|
ModuleReferencedByMemory = 0x0010 |
|
} MODULE_WRITE_FLAGS; |
|
|
|
|
|
typedef struct _MINIDUMP_CALLBACK_INPUT { |
|
ULONG ProcessId; |
|
HANDLE ProcessHandle; |
|
ULONG CallbackType; |
|
union { |
|
MINIDUMP_THREAD_CALLBACK Thread; |
|
MINIDUMP_THREAD_EX_CALLBACK ThreadEx; |
|
MINIDUMP_MODULE_CALLBACK Module; |
|
MINIDUMP_INCLUDE_THREAD_CALLBACK IncludeThread; |
|
MINIDUMP_INCLUDE_MODULE_CALLBACK IncludeModule; |
|
}; |
|
} MINIDUMP_CALLBACK_INPUT, *PMINIDUMP_CALLBACK_INPUT; |
|
|
|
typedef struct _MINIDUMP_CALLBACK_OUTPUT { |
|
union { |
|
ULONG ModuleWriteFlags; |
|
ULONG ThreadWriteFlags; |
|
}; |
|
} MINIDUMP_CALLBACK_OUTPUT, *PMINIDUMP_CALLBACK_OUTPUT; |
|
|
|
|
|
// |
|
// A normal minidump contains just the information |
|
// necessary to capture stack traces for all of the |
|
// existing threads in a process. |
|
// |
|
// A minidump with data segments includes all of the data |
|
// sections from loaded modules in order to capture |
|
// global variable contents. This can make the dump much |
|
// larger if many modules have global data. |
|
// |
|
// A minidump with full memory includes all of the accessible |
|
// memory in the process and can be very large. A minidump |
|
// with full memory always has the raw memory data at the end |
|
// of the dump so that the initial structures in the dump can |
|
// be mapped directly without having to include the raw |
|
// memory information. |
|
// |
|
// Stack and backing store memory can be filtered to remove |
|
// data unnecessary for stack walking. This can improve |
|
// compression of stacks and also deletes data that may |
|
// be private and should not be stored in a dump. |
|
// Memory can also be scanned to see what modules are |
|
// referenced by stack and backing store memory to allow |
|
// omission of other modules to reduce dump size. |
|
// In either of these modes the ModuleReferencedByMemory flag |
|
// is set for all modules referenced before the base |
|
// module callbacks occur. |
|
// |
|
|
|
typedef enum _MINIDUMP_TYPE { |
|
MiniDumpNormal = 0x0000, |
|
MiniDumpWithDataSegs = 0x0001, |
|
MiniDumpWithFullMemory = 0x0002, |
|
MiniDumpWithHandleData = 0x0004, |
|
MiniDumpFilterMemory = 0x0008, |
|
MiniDumpScanMemory = 0x0010, |
|
} MINIDUMP_TYPE; |
|
|
|
|
|
// |
|
// The minidump callback should modify the FieldsToWrite parameter to reflect |
|
// what portions of the specified thread or module should be written to the |
|
// file. |
|
// |
|
|
|
typedef |
|
BOOL |
|
(WINAPI * MINIDUMP_CALLBACK_ROUTINE) ( |
|
IN PVOID CallbackParam, |
|
IN CONST PMINIDUMP_CALLBACK_INPUT CallbackInput, |
|
IN OUT PMINIDUMP_CALLBACK_OUTPUT CallbackOutput |
|
); |
|
|
|
typedef struct _MINIDUMP_CALLBACK_INFORMATION { |
|
MINIDUMP_CALLBACK_ROUTINE CallbackRoutine; |
|
PVOID CallbackParam; |
|
} MINIDUMP_CALLBACK_INFORMATION, *PMINIDUMP_CALLBACK_INFORMATION; |
|
|
|
|
|
|
|
//++ |
|
// |
|
// PVOID |
|
// RVA_TO_ADDR( |
|
// PVOID Mapping, |
|
// ULONG Rva |
|
// ) |
|
// |
|
// Routine Description: |
|
// |
|
// Map an RVA that is contained within a mapped file to it's associated |
|
// flat address. |
|
// |
|
// Arguments: |
|
// |
|
// Mapping - Base address of mapped file containing the RVA. |
|
// |
|
// Rva - An Rva to fixup. |
|
// |
|
// Return Values: |
|
// |
|
// A pointer to the desired data. |
|
// |
|
//-- |
|
|
|
#define RVA_TO_ADDR(Mapping,Rva) ((PVOID)(((ULONG_PTR) (Mapping)) + (Rva))) |
|
|
|
BOOL |
|
WINAPI |
|
MiniDumpWriteDump( |
|
IN HANDLE hProcess, |
|
IN DWORD ProcessId, |
|
IN HANDLE hFile, |
|
IN MINIDUMP_TYPE DumpType, |
|
IN CONST PMINIDUMP_EXCEPTION_INFORMATION ExceptionParam, OPTIONAL |
|
IN CONST PMINIDUMP_USER_STREAM_INFORMATION UserStreamParam, OPTIONAL |
|
IN CONST PMINIDUMP_CALLBACK_INFORMATION CallbackParam OPTIONAL |
|
); |
|
|
|
BOOL |
|
WINAPI |
|
MiniDumpReadDumpStream( |
|
IN PVOID BaseOfDump, |
|
IN ULONG StreamNumber, |
|
OUT PMINIDUMP_DIRECTORY * Dir, OPTIONAL |
|
OUT PVOID * StreamPointer, OPTIONAL |
|
OUT ULONG * StreamSize OPTIONAL |
|
); |
|
|
|
#include <poppack.h> |
|
|
|
#if __cplusplus |
|
} |
|
#endif |
|
|
|
|
|
#endif // _DBGHELP_
|
|
|