symbols.c

来自「一个类似与Windows环境下的softice的源代码」· C语言 代码 · 共 1,948 行 · 第 1/5 页

	LPSTR pElfStr;
	Elf32_Shdr* pElfShdr;
    PICE_SYMBOLFILE_HEADER* pSymbols;

#ifndef ACTIVATE_SYMBOL_LOOKUP
	return FALSE;
#endif // ACTIVATE_SYMBOL_LOOKUP

	ENTER_FUNC();

#if 0
    if(ulValue < TASK_SIZE)
    {
    	LEAVE_FUNC();
        return FALSE;
    }
#endif // 0

    pSymbols = FindSymbolTableForModule(ulValue);
	if(pSymbols && pmodule_list)
	{
        struct module* pModTemp;

		DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "looking up symbols\n");
        pMod = pmodule_list;
        do
        {
            if(!pMod->size)
                pModTemp = &fake_kernel_module;
            else
                pModTemp = pMod;

			if(ulValue>=((ULONG)pModTemp+sizeof(struct module)) && ulValue<((ULONG)pModTemp+pModTemp->size-sizeof(struct module)))
			{
				if(PICE_strcmpi((LPSTR)pModTemp->name,pSymbols->name) == 0)
				{
					DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "found symbols for module %s @ %p\n", pModTemp->name, pSymbols);

					pElfSym = (Elf32_Sym*)((ULONG)pSymbols+pSymbols->ulOffsetToGlobals);
					pElfStr = (LPSTR)((ULONG)pSymbols+pSymbols->ulOffsetToGlobalsStrings);
					pElfShdr = (Elf32_Shdr*)((ULONG)pSymbols+pSymbols->ulOffsetToHeaders);

					DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "pElfSym = %p\n", pElfSym);
					DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "pElfStr = %p\n", pElfStr);
					DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "pElfShdr = %p\n", pElfShdr);

					DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "%s has %u symbols\n", pSymbols->name,pSymbols->ulSizeOfGlobals/sizeof(Elf32_Sym));

					for(i=0;i<(pSymbols->ulSizeOfGlobals/sizeof(Elf32_Sym));i++)
					{
						if((ELF32_ST_BIND(pElfSym->st_info)==STB_GLOBAL || ELF32_ST_BIND(pElfSym->st_info)==STB_LOCAL || ELF32_ST_BIND(pElfSym->st_info)==STB_WEAK)  &&
						   (ELF32_ST_TYPE(pElfSym->st_info)==STT_OBJECT || ELF32_ST_TYPE(pElfSym->st_info)==STT_FUNC) && 
						   (pElfSym->st_shndx<SHN_LORESERVE || pElfSym->st_shndx==SHN_ABS || pElfSym->st_shndx==SHN_COMMON))
						{
							LPSTR pName = &pElfStr[pElfSym->st_name];
							ULONG start,end;

							DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "pName = %x\n", (ULONG)pName);

							if(!IsAddressValid((ULONG)pName) )
							{
								DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "pName is not a valid pointer\n");
								return FALSE;
							}

							DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "pName = %s\n", pName);

							if(!IsRangeValid((ULONG)pElfSym,sizeof(Elf32_Sym) ) )
							{
								DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "pElfSym = %x is not a valid pointer\n", (ULONG)pElfSym);
								return FALSE;
							}

							DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "pModTemp = %x\n", (ULONG)pModTemp);
                            if(pModTemp != &fake_kernel_module)
                            {
								Elf32_Shdr* pElfShdrThis = (Elf32_Shdr*)pElfShdr + pElfSym->st_shndx;

								DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "module is not kernel\n");

								DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "pElfShdr[%x] = %x\n", pElfSym->st_shndx,(ULONG)pElfShdrThis);

								if(!IsRangeValid((ULONG)pElfShdrThis,sizeof(Elf32_Shdr)) )
								{
									DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "pElfShdr[%x] = %p is not a valid pointer\n", pElfSym->st_shndx, pElfShdrThis);
									return FALSE;
								}

							    start = ((ULONG)pModTemp+pElfShdrThis->sh_offset);
								DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "start [1] = %x\n", start);

							    start = (start+pElfShdrThis->sh_addralign)&~(pElfShdrThis->sh_addralign-1);
								DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "start [2] = %x\n", start);

							    start += pElfSym->st_value;
								DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "start [3] = %x\n", start);
                            }
                            else
                            {
								DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "module is kernel\n");
                                start = pElfSym->st_value;
								DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "start [1] = %x\n", start);
                            }

							end = start+pElfSym->st_size;
							DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "end = %x\n", end);

							if(ulValue>=start && ulValue<end)
							{
							    DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "[%u] %.8X %.8X %.8X %.8X %.8X %.8X %.8X\n", 
										pElfSym->st_shndx,
										((ULONG)pModTemp+pElfShdr[pElfSym->st_shndx].sh_offset),
										pElfShdr[pElfSym->st_shndx].sh_addr,
										pElfShdr[pElfSym->st_shndx].sh_offset,
										pElfShdr[pElfSym->st_shndx].sh_size,
										pElfShdr[pElfSym->st_shndx].sh_type,
										pElfShdr[pElfSym->st_shndx].sh_link,
										pElfShdr[pElfSym->st_shndx].sh_addralign);
								DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "in section [%u] %8x value = %x module struct %x (%x)\n", pElfSym->st_shndx,pElfShdr[pElfSym->st_shndx].sh_offset,ulValue,sizeof(struct module),((sizeof(struct module)+0x10)&~0x0F));
								DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "[%u] %32s %.8X %.8X %.8X %.8X %.8X %.8X\n", i,pName,pElfSym->st_name,pElfSym->st_value,pElfSym->st_info,pElfSym->st_other,pElfSym->st_size,pElfSym->st_shndx);
								DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "start %x end %x\n", start,end);
								*pFind = temp3;
								if(ulValue-start)
									PICE_sprintf(temp3, "%s!%s+%x", pModTemp->name,pName,ulValue-start);
								else
									PICE_sprintf(temp3, "%s!%s", pModTemp->name,pName);
								return TRUE;
							}

						}
						pElfSym++;
					}
				}
			}
        }while((pMod = pMod->next));
	}
	else
	{
	    pSymbols = FindSymbolTableForProcess(ulValue);
		if(pSymbols)
		{
			pElfSym = (Elf32_Sym*)((ULONG)pSymbols+pSymbols->ulOffsetToGlobals);
			pElfStr = (LPSTR)((ULONG)pSymbols+pSymbols->ulOffsetToGlobalsStrings);
			pElfShdr = (Elf32_Shdr*)((ULONG)pSymbols+pSymbols->ulOffsetToHeaders);

			DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "pElfSym = %p\n", pElfSym);
			DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "pElfStr = %p\n", pElfStr);
			DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "pElfShdr = %p\n", pElfShdr);

			DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "%s has %u symbols\n", pSymbols->name, pSymbols->ulSizeOfGlobals/sizeof(Elf32_Sym));

			for(i=0;i<(pSymbols->ulSizeOfGlobals/sizeof(Elf32_Sym));i++)
			{
				if((ELF32_ST_BIND(pElfSym->st_info)==STB_GLOBAL || ELF32_ST_BIND(pElfSym->st_info)==STB_LOCAL || ELF32_ST_BIND(pElfSym->st_info)==STB_WEAK)  &&
				   (ELF32_ST_TYPE(pElfSym->st_info)==STT_OBJECT || ELF32_ST_TYPE(pElfSym->st_info)==STT_FUNC) && 
				   (pElfSym->st_shndx<SHN_LORESERVE || pElfSym->st_shndx==SHN_ABS || pElfSym->st_shndx==SHN_COMMON))
				{
					LPSTR pName = &pElfStr[pElfSym->st_name];
					ULONG start,end;

					DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "pName = %x\n", (ULONG)pName);

					if(!IsAddressValid((ULONG)pName) )
					{
						DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "pName is not a valid pointer\n");
						return FALSE;
					}

					DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "pName = %s\n", pName);

					if(!IsRangeValid((ULONG)pElfSym,sizeof(Elf32_Sym) ) )
					{
						DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "pElfSym = %x is not a valid pointer\n", (ULONG)pElfSym);
						return FALSE;
					}

                    {
						Elf32_Shdr* pElfShdrThis = (Elf32_Shdr*)pElfShdr + pElfSym->st_shndx;

						DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "module is not kernel\n");

						DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "pElfShdr[%x] = %x\n", pElfSym->st_shndx,(ULONG)pElfShdrThis);

						if(!IsRangeValid((ULONG)pElfShdrThis,sizeof(Elf32_Shdr)) )
						{
							DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "pElfShdr[%x] = %p is not a valid pointer\n", pElfSym->st_shndx, pElfShdrThis);
							return FALSE;
						}

						start = ((ULONG)pElfShdrThis->sh_offset);
						DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "start [1] = %x\n", start);

						start = (start+pElfShdrThis->sh_addralign)&~(pElfShdrThis->sh_addralign-1);
						DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "start [2] = %x\n", start);

						start += pElfSym->st_value;
						DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "start [3] = %x\n", start);
                    }

					end = TASK_SIZE;
					DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "end = %x\n", end);

					if(ulValue>=start && ulValue<end)
					{
						DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "[%u] %.8X %.8X %.8X %.8X %.8X %.8X %.8X\n", 
								pElfSym->st_shndx,
								((ULONG)pElfShdr[pElfSym->st_shndx].sh_offset),
								pElfShdr[pElfSym->st_shndx].sh_addr,
								pElfShdr[pElfSym->st_shndx].sh_offset,
								pElfShdr[pElfSym->st_shndx].sh_size,
								pElfShdr[pElfSym->st_shndx].sh_type,
								pElfShdr[pElfSym->st_shndx].sh_link,
								pElfShdr[pElfSym->st_shndx].sh_addralign);
						DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "in section [%u] %8x value = %x module struct %x (%x)\n", pElfSym->st_shndx,pElfShdr[pElfSym->st_shndx].sh_offset,ulValue,sizeof(struct module),((sizeof(struct module)+0x10)&~0x0F));
						DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "[%u] %32s %.8X %.8X %.8X %.8X %.8X %.8X\n", i,pName,pElfSym->st_name,pElfSym->st_value,pElfSym->st_info,pElfSym->st_other,pElfSym->st_size,pElfSym->st_shndx);
						DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "start %x end %x\n", start,end);
						*pFind = temp3;
						if(ulValue-start)
							PICE_sprintf(temp3, "%s!%s+%x", current->comm,pName,ulValue-start);
						else
							PICE_sprintf(temp3, "%s!%s", current->comm,pName);
						return TRUE;
					}

				}
				pElfSym++;
			}
		}
	}

    if(pSystemMap && ulValue >= TASK_SIZE && ulValue < kernel_end)
    {
        p = pSystemMap;
        // while we bound in System.map
        while(p<((LPSTR)pSystemMap+ulSystemMapSize))
        {
            // make a temp ptr to the line we can change
            pStartOfLine = p;
            // will read the hex value and return a pointer to the symbol name
            if(ScanExportLine(p,&ulCurrentValue,&pStartOfLine))
            {
                if(ulValue>=ulCurrentValue && (ulValue-ulCurrentValue)<ulMinValue)
                {
                    // save away our info for later
                    ulMinValue = ulValue-ulCurrentValue;
                    pSymbolName = pStartOfLine;
                    bResult = TRUE;
                    *pFind = temp3;
					if(ulMinValue==0)
						break;
                }
            }
            // increment pointer to next line
            p = pStartOfLine;
            while(*p!=0 && *p!=0x0a)p++;
                p++;
        }
        if(bResult)
        {
            // copy symbol name to temp string
            for(i=0;pSymbolName[i]!=0 && pSymbolName[i]!=0x0a;i++)
                temp[i] = pSymbolName[i];
            temp[i] = 0;
            // decide if we need to append an offset
            if(ulMinValue)
                PICE_sprintf(temp3, "vmlinux!%s+%.8X", temp,ulMinValue);
            else
                PICE_sprintf(temp3, "vmlinux!%s", temp);
        }
    }

    if(pmodule_list && ulMinValue!=0)
    {
        pMod = pmodule_list;
        do
        {
			if(ulValue>=((ULONG)pMod+sizeof(struct module)) && ulValue<((ULONG)pMod+pMod->size-sizeof(struct module)))
            {
			    if(pMod->syms)
			    {
				    for(i=0;i<pMod->nsyms;i++)
				    {
					    ulCurrentValue = pMod->syms[i].value;
					    if(ulValue>=ulCurrentValue && (LONG)(ulValue-ulCurrentValue)<ulMinValue)
					    {
						    ulMinValue = ulValue-ulCurrentValue;

						    if(ulValue-ulCurrentValue)
							    PICE_sprintf(temp3, "%s!%s+%.8X", pMod->name,pMod->syms[i].name,ulValue-ulCurrentValue);
						    else
							    PICE_sprintf(temp3, "%s!%s", pMod->name,pMod->syms[i].name);
						    bResult = TRUE;
						    *pFind = temp3;
						    if(ulMinValue == 0)
							    break;
					    }
				    }
			    }

			    // this could be near entry and cleanup of a module
			    ulCurrentValue = (ULONG)pMod->init;
                if(ulCurrentValue)
                {
			        if(ulValue>=ulCurrentValue && (LONG)(ulValue-ulCurrentValue)<ulMinValue)
			        {
				        ulMinValue = ulValue-ulCurrentValue;

				        if(ulValue-ulCurrentValue)
					        PICE_sprintf(temp3, "%s!init_module+%.8X", pMod->name,ulValue-ulCurrentValue);
				        else
					        PICE_sprintf(temp3, "%s!init_module", pMod->name);
				        bResult = TRUE;
				        *pFind = temp3;
				        if(ulMinValue == 0)
					        break;
			        }
                }

                ulCurrentValue = (ULONG)pMod->cleanup;
                if(ulCurrentValue)
                {
			        if(ulValue>=ulCurrentValue && (LONG)(ulValue-ulCurrentValue)<ulMinValue)
			        {
				        ulMinValue = ulValue-ulCurrentValue;

				        if(ulValue-ulCurrentValue)
					        PICE_sprintf(temp3, "%s!cleanup_module+%.8X", pMod->name,ulValue-ulCurrentValue);
				        else
					        PICE_sprintf(temp3, "%s!cleanup_module", pMod->name);
				        bResult = TRUE;
				        *pFind = temp3;
				        if(ulMinValue == 0)
					        break;
			        }
                }
            }
        }while((pMod = pMod->next));
    }

	LEAVE_FUNC();

	return bResult;
}

//************************************************************************* 
// FindFunctionByAddress() 
// 
//************************************************************************* 
LPSTR FindFunctionByAddress(ULONG ulValue, PULONG pulstart, PULONG pulend)
{
	Elf32_Sym *pElfSym;
	LPSTR pElfStr;
	Elf32_Shdr *pElfShdr;
	struct module *pMod;
	struct module *pModTemp;
	int i;
    PICE_SYMBOLFILE_HEADER* pSymbols;
    ULONG start_mod, end_mod;

    ENTER_FUNC();
#ifndef ACTIVATE_SYMBOL_LOOKUP
	return NULL;
#endif // !ACTIVATE_SYMBOL_LOOKUP

    pSymbols = FindSymbolTableForModule(ulValue);
    DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "symbols @ %x\n", (ULONG)pSymbols);
	if(pSymbols && pmodule_list)
	{
		DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "looking up symbol\n");
        pMod = pmodule_list;
        do
        {
			if(pMod->size)
            {
                pModTemp = pMod;
                start_mod = (ULONG)pModTemp+sizeof(struct module);
                end_mod = (ULONG)pModTemp+pModTemp->size;
            }
            else
            {
                pModTemp = &fake_kernel_module;
                start_mod = (ULONG)KERNEL_START+sizeof(struct module);
                end_mod = (ULONG)KERNEL_START+pModTemp->size;
            }

            DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "is it %s for %08uX\n", pModTemp->name, ulValue);

			if(ulValue>=start_mod && ulValue<end_mod)
			{
                DPRINT(PICE_DEBUG, DBT_SYMBOLS, DBL_INFO, "address matches %s\n", pModTemp->name);