📄 imagehlp.h
字号:
VOID
);
LPAPI_VERSION
IMAGEAPI
ImagehlpApiVersionEx(
LPAPI_VERSION AppVersion
);
DWORD
IMAGEAPI
GetTimestampForLoadedLibrary(
HMODULE Module
);
//
// typedefs for function pointers
//
typedef BOOL
(CALLBACK *PSYM_ENUMMODULES_CALLBACK64)(
PSTR ModuleName,
DWORD64 BaseOfDll,
PVOID UserContext
);
typedef BOOL
(CALLBACK *PSYM_ENUMSYMBOLS_CALLBACK64)(
PSTR SymbolName,
DWORD64 SymbolAddress,
ULONG SymbolSize,
PVOID UserContext
);
typedef BOOL
(CALLBACK *PSYM_ENUMSYMBOLS_CALLBACK64W)(
PWSTR SymbolName,
DWORD64 SymbolAddress,
ULONG SymbolSize,
PVOID UserContext
);
typedef BOOL
(CALLBACK *PENUMLOADED_MODULES_CALLBACK64)(
PSTR ModuleName,
DWORD64 ModuleBase,
ULONG ModuleSize,
PVOID UserContext
);
typedef BOOL
(CALLBACK *PSYMBOL_REGISTERED_CALLBACK64)(
HANDLE hProcess,
ULONG ActionCode,
ULONG64 CallbackData,
ULONG64 UserContext
);
typedef
PVOID
(CALLBACK *PSYMBOL_FUNCENTRY_CALLBACK)(
HANDLE hProcess,
DWORD AddrBase,
PVOID UserContext
);
typedef
PVOID
(CALLBACK *PSYMBOL_FUNCENTRY_CALLBACK64)(
HANDLE hProcess,
ULONG64 AddrBase,
ULONG64 UserContext
);
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define PSYM_ENUMMODULES_CALLBACK PSYM_ENUMMODULES_CALLBACK64
#define PSYM_ENUMSYMBOLS_CALLBACK PSYM_ENUMSYMBOLS_CALLBACK64
#define PSYM_ENUMSYMBOLS_CALLBACKW PSYM_ENUMSYMBOLS_CALLBACK64W
#define PENUMLOADED_MODULES_CALLBACK PENUMLOADED_MODULES_CALLBACK64
#define PSYMBOL_REGISTERED_CALLBACK PSYMBOL_REGISTERED_CALLBACK64
#define PSYMBOL_FUNCENTRY_CALLBACK PSYMBOL_FUNCENTRY_CALLBACK64
#else
typedef BOOL
(CALLBACK *PSYM_ENUMMODULES_CALLBACK)(
PSTR ModuleName,
ULONG BaseOfDll,
PVOID UserContext
);
typedef BOOL
(CALLBACK *PSYM_ENUMSYMBOLS_CALLBACK)(
PSTR SymbolName,
ULONG SymbolAddress,
ULONG SymbolSize,
PVOID UserContext
);
typedef BOOL
(CALLBACK *PSYM_ENUMSYMBOLS_CALLBACKW)(
PWSTR SymbolName,
ULONG SymbolAddress,
ULONG SymbolSize,
PVOID UserContext
);
typedef BOOL
(CALLBACK *PENUMLOADED_MODULES_CALLBACK)(
PSTR ModuleName,
ULONG ModuleBase,
ULONG ModuleSize,
PVOID UserContext
);
typedef BOOL
(CALLBACK *PSYMBOL_REGISTERED_CALLBACK)(
HANDLE hProcess,
ULONG ActionCode,
PVOID CallbackData,
PVOID UserContext
);
#endif
//
// symbol flags
//
#define SYMF_OMAP_GENERATED 0x00000001
#define SYMF_OMAP_MODIFIED 0x00000002
//
// symbol type enumeration
//
typedef enum {
SymNone,
SymCoff,
SymCv,
SymPdb,
SymExport,
SymDeferred,
SymSym // .sym file
} SYM_TYPE;
//
// symbol data structure
//
typedef struct _IMAGEHLP_SYMBOL64 {
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_SYMBOL64)
DWORD64 Address; // virtual address including dll base address
DWORD Size; // estimated size of symbol, can be zero
DWORD Flags; // info about the symbols, see the SYMF defines
DWORD MaxNameLength; // maximum size of symbol name in 'Name'
CHAR Name[1]; // symbol name (null terminated string)
} IMAGEHLP_SYMBOL64, *PIMAGEHLP_SYMBOL64;
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define IMAGEHLP_SYMBOL IMAGEHLP_SYMBOL64
#define PIMAGEHLP_SYMBOL PIMAGEHLP_SYMBOL64
#else
typedef struct _IMAGEHLP_SYMBOL {
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_SYMBOL)
DWORD Address; // virtual address including dll base address
DWORD Size; // estimated size of symbol, can be zero
DWORD Flags; // info about the symbols, see the SYMF defines
DWORD MaxNameLength; // maximum size of symbol name in 'Name'
CHAR Name[1]; // symbol name (null terminated string)
} IMAGEHLP_SYMBOL, *PIMAGEHLP_SYMBOL;
#endif
//
// module data structure
//
typedef struct _IMAGEHLP_MODULE64 {
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE64)
DWORD64 BaseOfImage; // base load address of module
DWORD ImageSize; // virtual size of the loaded module
DWORD TimeDateStamp; // date/time stamp from pe header
DWORD CheckSum; // checksum from the pe header
DWORD NumSyms; // number of symbols in the symbol table
SYM_TYPE SymType; // type of symbols loaded
CHAR ModuleName[32]; // module name
CHAR ImageName[256]; // image name
CHAR LoadedImageName[256]; // symbol file name
} IMAGEHLP_MODULE64, *PIMAGEHLP_MODULE64;
typedef struct _IMAGEHLP_MODULE64W {
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE64)
DWORD64 BaseOfImage; // base load address of module
DWORD ImageSize; // virtual size of the loaded module
DWORD TimeDateStamp; // date/time stamp from pe header
DWORD CheckSum; // checksum from the pe header
DWORD NumSyms; // number of symbols in the symbol table
SYM_TYPE SymType; // type of symbols loaded
WCHAR ModuleName[32]; // module name
WCHAR ImageName[256]; // image name
WCHAR LoadedImageName[256]; // symbol file name
} IMAGEHLP_MODULEW64, *PIMAGEHLP_MODULEW64;
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define IMAGEHLP_MODULE IMAGEHLP_MODULE64
#define PIMAGEHLP_MODULE PIMAGEHLP_MODULE64
#define IMAGEHLP_MODULEW IMAGEHLP_MODULEW64
#define PIMAGEHLP_MODULEW PIMAGEHLP_MODULEW64
#else
typedef struct _IMAGEHLP_MODULE {
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE)
DWORD BaseOfImage; // base load address of module
DWORD ImageSize; // virtual size of the loaded module
DWORD TimeDateStamp; // date/time stamp from pe header
DWORD CheckSum; // checksum from the pe header
DWORD NumSyms; // number of symbols in the symbol table
SYM_TYPE SymType; // type of symbols loaded
CHAR ModuleName[32]; // module name
CHAR ImageName[256]; // image name
CHAR LoadedImageName[256]; // symbol file name
} IMAGEHLP_MODULE, *PIMAGEHLP_MODULE;
typedef struct _IMAGEHLP_MODULEW {
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE)
DWORD BaseOfImage; // base load address of module
DWORD ImageSize; // virtual size of the loaded module
DWORD TimeDateStamp; // date/time stamp from pe header
DWORD CheckSum; // checksum from the pe header
DWORD NumSyms; // number of symbols in the symbol table
SYM_TYPE SymType; // type of symbols loaded
WCHAR ModuleName[32]; // module name
WCHAR ImageName[256]; // image name
WCHAR LoadedImageName[256]; // symbol file name
} IMAGEHLP_MODULEW, *PIMAGEHLP_MODULEW;
#endif
//
// source file line data structure
//
typedef struct _IMAGEHLP_LINE64 {
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_LINE64)
PVOID Key; // internal
DWORD LineNumber; // line number in file
PCHAR FileName; // full filename
DWORD64 Address; // first instruction of line
} IMAGEHLP_LINE64, *PIMAGEHLP_LINE64;
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define IMAGEHLP_LINE IMAGEHLP_LINE64
#define PIMAGEHLP_LINE PIMAGEHLP_LINE64
#else
typedef struct _IMAGEHLP_LINE {
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_LINE)
PVOID Key; // internal
DWORD LineNumber; // line number in file
PCHAR FileName; // full filename
DWORD Address; // first instruction of line
} IMAGEHLP_LINE, *PIMAGEHLP_LINE;
#endif
//
// data structures used for registered symbol callbacks
//
#define CBA_DEFERRED_SYMBOL_LOAD_START 0x00000001
#define CBA_DEFERRED_SYMBOL_LOAD_COMPLETE 0x00000002
#define CBA_DEFERRED_SYMBOL_LOAD_FAILURE 0x00000003
#define CBA_SYMBOLS_UNLOADED 0x00000004
#define CBA_DUPLICATE_SYMBOL 0x00000005
#define CBA_READ_MEMORY 0x00000006
#define CBA_DEBUG_INFO 0x10000000
typedef struct _IMAGEHLP_CBA_READ_MEMORY {
DWORD64 addr; // address to read from
PVOID buf; // buffer to read to
DWORD bytes; // amount of bytes to read
DWORD *bytesread; // pointer to store amount of bytes read
} IMAGEHLP_CBA_READ_MEMORY, *PIMAGEHLP_CBA_READ_MEMORY;
typedef struct _IMAGEHLP_DEFERRED_SYMBOL_LOAD64 {
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DEFERRED_SYMBOL_LOAD64)
DWORD64 BaseOfImage; // base load address of module
DWORD CheckSum; // checksum from the pe header
DWORD TimeDateStamp; // date/time stamp from pe header
CHAR FileName[MAX_PATH]; // symbols file or image name
BOOLEAN Reparse; // load failure reparse
} IMAGEHLP_DEFERRED_SYMBOL_LOAD64, *PIMAGEHLP_DEFERRED_SYMBOL_LOAD64;
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define IMAGEHLP_DEFERRED_SYMBOL_LOAD IMAGEHLP_DEFERRED_SYMBOL_LOAD64
#define PIMAGEHLP_DEFERRED_SYMBOL_LOAD PIMAGEHLP_DEFERRED_SYMBOL_LOAD64
#else
typedef struct _IMAGEHLP_DEFERRED_SYMBOL_LOAD {
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DEFERRED_SYMBOL_LOAD)
DWORD BaseOfImage; // base load address of module
DWORD CheckSum; // checksum from the pe header
DWORD TimeDateStamp; // date/time stamp from pe header
CHAR FileName[MAX_PATH]; // symbols file or image name
BOOLEAN Reparse; // load failure reparse
} IMAGEHLP_DEFERRED_SYMBOL_LOAD, *PIMAGEHLP_DEFERRED_SYMBOL_LOAD;
#endif
typedef struct _IMAGEHLP_DUPLICATE_SYMBOL64 {
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DUPLICATE_SYMBOL64)
DWORD NumberOfDups; // number of duplicates in the Symbol array
PIMAGEHLP_SYMBOL64 Symbol; // array of duplicate symbols
DWORD SelectedSymbol; // symbol selected (-1 to start)
} IMAGEHLP_DUPLICATE_SYMBOL64, *PIMAGEHLP_DUPLICATE_SYMBOL64;
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define IMAGEHLP_DUPLICATE_SYMBOL IMAGEHLP_DUPLICATE_SYMBOL64
#define PIMAGEHLP_DUPLICATE_SYMBOL PIMAGEHLP_DUPLICATE_SYMBOL64
#else
typedef struct _IMAGEHLP_DUPLICATE_SYMBOL {
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DUPLICATE_SYMBOL)
DWORD NumberOfDups; // number of duplicates in the Symbol array
PIMAGEHLP_SYMBOL Symbol; // array of duplicate symbols
DWORD SelectedSymbol; // symbol selected (-1 to start)
} IMAGEHLP_DUPLICATE_SYMBOL, *PIMAGEHLP_DUPLICATE_SYMBOL;
#endif
//
// options that are set/returned by SymSetOptions() & SymGetOptions()
// these are used as a mask
//
#define SYMOPT_CASE_INSENSITIVE 0x00000001
#define SYMOPT_UNDNAME 0x00000002
#define SYMOPT_DEFERRED_LOADS 0x00000004
#define SYMOPT_NO_CPP 0x00000008
#define SYMOPT_LOAD_LINES 0x00000010
#define SYMOPT_OMAP_FIND_NEAREST 0x00000020
#define SYMOPT_DEBUG 0x80000000
DWORD
IMAGEAPI
SymSetOptions(
IN DWORD SymOptions
);
DWORD
IMAGEAPI
SymGetOptions(
VOID
);
BOOL
IMAGEAPI
SymCleanup(
IN HANDLE hProcess
);
BOOL
IMAGEAPI
SymEnumerateModules64(
IN HANDLE hProcess,
IN PSYM_ENUMMODULES_CALLBACK64 EnumModulesCallback,
IN PVOID UserContext
);
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define SymEnumerateModules SymEnumerateModules64
#else
BOOL
IMAGEAPI
SymEnumerateModules(
IN HANDLE hProcess,
IN PSYM_ENUMMODULES_CALLBACK EnumModulesCallback,
IN PVOID UserContext
);
#endif
BOOL
IMAGEAPI
SymEnumerateSymbols64(
IN HANDLE hProcess,
IN DWORD64 BaseOfDll,
IN PSYM_ENUMSYMBOLS_CALLBACK64 EnumSymbolsCallback,
IN PVOID UserContext
);
BOOL
IMAGEAPI
SymEnumerateSymbolsW64(
IN HANDLE hProcess,
IN DWORD64 BaseOfDll,
IN PSYM_ENUMSYMBOLS_CALLBACK64W EnumSymbolsCallback,
IN PVOID UserContext
);
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define SymEnumerateSymbols SymEnumerateSymbols64
#define SymEnumerateSymbolsW SymEnumerateSymbolsW64
#else
BOOL
IMAGEAPI
SymEnumerateSymbols(
IN HANDLE hProcess,
IN DWORD BaseOfDll,
IN PSYM_ENUMSYMBOLS_CALLBACK EnumSymbolsCallback,
IN PVOID UserContext
);
BOOL
IMAGEAPI
SymEnumerateSymbolsW(
IN HANDLE hProcess,
IN DWORD BaseOfDll,
IN PSYM_ENUMSYMBOLS_CALLBACKW EnumSymbolsCallback,
IN PVOID UserContext
);
#endif
BOOL
IMAGEAPI
EnumerateLoadedModules64(
IN HANDLE hProcess,
IN PENUMLOADED_MODULES_CALLBACK64 EnumLoadedModulesCallback,
IN PVOID UserContext
);
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define EnumerateLoadedModules EnumerateLoadedModules64
#else
BOOL
IMAGEAPI
EnumerateLoadedModules(
IN HANDLE hProcess,
IN PENUMLOADED_MODULES_CALLBACK EnumLoadedModulesCallback,
IN PVOID UserContext
);
#endif
PVOID
IMAGEAPI
SymFunctionTableAccess64(
HANDLE hProcess,
DWORD64 AddrBase
);
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define SymFunctionTableAccess SymFunctionTableAccess64
#else
PVOID
IMAGEAPI
SymFunctionTableAccess(
HANDLE hProcess,
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -