imagehlp.h

来自「这是VCF框架的代码」· C头文件 代码 · 共 2,420 行 · 第 1/5 页

H
2,420
字号
12345
IMAGEAPIImageRvaToVa(    IN PIMAGE_NT_HEADERS NtHeaders,    IN PVOID Base,    IN ULONG Rva,    IN OUT PIMAGE_SECTION_HEADER *LastRvaSection    );// Symbol server exportstypedef BOOL (*PSYMBOLSERVERPROC)(LPCSTR, LPCSTR, PVOID, DWORD, DWORD, LPSTR);typedef BOOL (*PSYMBOLSERVEROPENPROC)(VOID);typedef BOOL (*PSYMBOLSERVERCLOSEPROC)(VOID);typedef BOOL (*PSYMBOLSERVERSETOPTIONSPROC)(UINT_PTR, ULONG64);typedef BOOL (CALLBACK *PSYMBOLSERVERCALLBACKPROC)(UINT_PTR action, ULONG64 data, ULONG64 context);typedef UINT_PTR (*PSYMBOLSERVERGETOPTIONSPROC)();#define SSRVOPT_CALLBACK    0x01#define SSRVOPT_DWORD       0x02#define SSRVOPT_DWORDPTR    0x04#define SSRVOPT_GUIDPTR     0x08#define SSRVOPT_OLDGUIDPTR  0x10#define SSRVOPT_UNATTENDED  0x20#define SSRVOPT_RESET    ((ULONG_PTR)-1)#define SSRVACTION_TRACE 1#ifndef _WIN64// This api won't be ported to Win64 - Fix your code.typedef struct _IMAGE_DEBUG_INFORMATION {    LIST_ENTRY List;    DWORD ReservedSize;    PVOID ReservedMappedBase;    USHORT ReservedMachine;    USHORT ReservedCharacteristics;    DWORD ReservedCheckSum;    DWORD ImageBase;    DWORD SizeOfImage;    DWORD ReservedNumberOfSections;    PIMAGE_SECTION_HEADER ReservedSections;    DWORD ReservedExportedNamesSize;    PSTR ReservedExportedNames;    DWORD ReservedNumberOfFunctionTableEntries;    PIMAGE_FUNCTION_ENTRY ReservedFunctionTableEntries;    DWORD ReservedLowestFunctionStartingAddress;    DWORD ReservedHighestFunctionEndingAddress;    DWORD ReservedNumberOfFpoTableEntries;    PFPO_DATA ReservedFpoTableEntries;    DWORD SizeOfCoffSymbols;    PIMAGE_COFF_SYMBOLS_HEADER CoffSymbols;    DWORD ReservedSizeOfCodeViewSymbols;    PVOID ReservedCodeViewSymbols;    PSTR ImageFilePath;    PSTR ImageFileName;    PSTR ReservedDebugFilePath;    DWORD ReservedTimeDateStamp;    BOOL  ReservedRomImage;    PIMAGE_DEBUG_DIRECTORY ReservedDebugDirectory;    DWORD ReservedNumberOfDebugDirectories;    DWORD ReservedOriginalFunctionTableBaseAddress;    DWORD Reserved[ 2 ];} IMAGE_DEBUG_INFORMATION, *PIMAGE_DEBUG_INFORMATION;PIMAGE_DEBUG_INFORMATIONIMAGEAPIMapDebugInformation(    HANDLE FileHandle,    PSTR FileName,    PSTR SymbolPath,    DWORD ImageBase    );BOOLIMAGEAPIUnmapDebugInformation(    PIMAGE_DEBUG_INFORMATION DebugInfo    );#endifBOOLIMAGEAPISearchTreeForFile(    PSTR RootPath,    PSTR InputPathName,    PSTR OutputPathBuffer    );BOOLIMAGEAPIMakeSureDirectoryPathExists(    PCSTR DirPath    );//// UnDecorateSymbolName Flags//#define UNDNAME_COMPLETE                 (0x0000)  // Enable full undecoration#define UNDNAME_NO_LEADING_UNDERSCORES   (0x0001)  // Remove leading underscores from MS extended keywords#define UNDNAME_NO_MS_KEYWORDS           (0x0002)  // Disable expansion of MS extended keywords#define UNDNAME_NO_FUNCTION_RETURNS      (0x0004)  // Disable expansion of return type for primary declaration#define UNDNAME_NO_ALLOCATION_MODEL      (0x0008)  // Disable expansion of the declaration model#define UNDNAME_NO_ALLOCATION_LANGUAGE   (0x0010)  // Disable expansion of the declaration language specifier#define UNDNAME_NO_MS_THISTYPE           (0x0020)  // NYI Disable expansion of MS keywords on the 'this' type for primary declaration#define UNDNAME_NO_CV_THISTYPE           (0x0040)  // NYI Disable expansion of CV modifiers on the 'this' type for primary declaration#define UNDNAME_NO_THISTYPE              (0x0060)  // Disable all modifiers on the 'this' type#define UNDNAME_NO_ACCESS_SPECIFIERS     (0x0080)  // Disable expansion of access specifiers for members#define UNDNAME_NO_THROW_SIGNATURES      (0x0100)  // Disable expansion of 'throw-signatures' for functions and pointers to functions#define UNDNAME_NO_MEMBER_TYPE           (0x0200)  // Disable expansion of 'static' or 'virtual'ness of members#define UNDNAME_NO_RETURN_UDT_MODEL      (0x0400)  // Disable expansion of MS model for UDT returns#define UNDNAME_32_BIT_DECODE            (0x0800)  // Undecorate 32-bit decorated names#define UNDNAME_NAME_ONLY                (0x1000)  // Crack only the name for primary declaration;                                                                                                   //  return just [scope::]name.  Does expand template params#define UNDNAME_NO_ARGUMENTS             (0x2000)  // Don't undecorate arguments to function#define UNDNAME_NO_SPECIAL_SYMS          (0x4000)  // Don't undecorate special names (v-table, vcall, vector xxx, metatype, etc)DWORDIMAGEAPIWINAPIUnDecorateSymbolName(    PCSTR   DecoratedName,         // Name to undecorate    PSTR    UnDecoratedName,       // If NULL, it will be allocated    DWORD    UndecoratedLength,     // The maximym length    DWORD    Flags                  // See above.    );//// these values are used for synthesized file types// that can be passed in as image headers instead of// the standard ones from ntimage.h//#define DBHHEADER_DEBUGDIRS     0x1typedef struct _DBGHELP_MODLOAD_DATA {    DWORD   ssize;                  // size of this struct    DWORD   ssig;                   // signature identifying the passed data    PVOID   data;                   // pointer to passed data    DWORD   size;                   // size of passed data    DWORD   flags;                  // options} MODLOAD_DATA, *PMODLOAD_DATA;//// StackWalking API//typedef enum {    AddrMode1616,    AddrMode1632,    AddrModeReal,    AddrModeFlat} ADDRESS_MODE;typedef struct _tagADDRESS64 {    DWORD64       Offset;    WORD          Segment;    ADDRESS_MODE  Mode;} ADDRESS64, *LPADDRESS64;#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)#define ADDRESS ADDRESS64#define LPADDRESS LPADDRESS64#elsetypedef struct _tagADDRESS {    DWORD         Offset;    WORD          Segment;    ADDRESS_MODE  Mode;} ADDRESS, *LPADDRESS;__inlinevoidAddress32To64(    LPADDRESS a32,    LPADDRESS64 a64    ){    a64->Offset = (ULONG64)(LONG64)(LONG)a32->Offset;    a64->Segment = a32->Segment;    a64->Mode = a32->Mode;}__inlinevoidAddress64To32(    LPADDRESS64 a64,    LPADDRESS a32    ){    a32->Offset = (ULONG)a64->Offset;    a32->Segment = a64->Segment;    a32->Mode = a64->Mode;}#endif//// This structure is included in the STACKFRAME structure,// and is used to trace through usermode callbacks in a thread's// kernel stack.  The values must be copied by the kernel debugger// from the DBGKD_GET_VERSION and WAIT_STATE_CHANGE packets.////// New KDHELP structure for 64 bit system support.// This structure is preferred in new code.//typedef struct _KDHELP64 {    //    // address of kernel thread object, as provided in the    // WAIT_STATE_CHANGE packet.    //    DWORD64   Thread;    //    // offset in thread object to pointer to the current callback frame    // in kernel stack.    //    DWORD   ThCallbackStack;    //    // offset in thread object to pointer to the current callback backing    // store frame in kernel stack.    //    DWORD   ThCallbackBStore;    //    // offsets to values in frame:    //    // address of next callback frame    DWORD   NextCallback;    // address of saved frame pointer (if applicable)    DWORD   FramePointer;    //    // Address of the kernel function that calls out to user mode    //    DWORD64   KiCallUserMode;    //    // Address of the user mode dispatcher function    //    DWORD64   KeUserCallbackDispatcher;    //    // Lowest kernel mode address    //    DWORD64   SystemRangeStart;    DWORD64  Reserved[8];} KDHELP64, *PKDHELP64;#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)#define KDHELP KDHELP64#define PKDHELP PKDHELP64#elsetypedef struct _KDHELP {    //    // address of kernel thread object, as provided in the    // WAIT_STATE_CHANGE packet.    //    DWORD   Thread;    //    // offset in thread object to pointer to the current callback frame    // in kernel stack.    //    DWORD   ThCallbackStack;    //    // offsets to values in frame:    //    // address of next callback frame    DWORD   NextCallback;    // address of saved frame pointer (if applicable)    DWORD   FramePointer;    //    // Address of the kernel function that calls out to user mode    //    DWORD   KiCallUserMode;    //    // Address of the user mode dispatcher function    //    DWORD   KeUserCallbackDispatcher;    //    // Lowest kernel mode address    //    DWORD   SystemRangeStart;    //    // offset in thread object to pointer to the current callback backing    // store frame in kernel stack.    //    DWORD   ThCallbackBStore;    DWORD  Reserved[8];} KDHELP, *PKDHELP;__inlinevoidKdHelp32To64(    PKDHELP p32,    PKDHELP64 p64    ){    p64->Thread = p32->Thread;    p64->ThCallbackStack = p32->ThCallbackStack;    p64->NextCallback = p32->NextCallback;    p64->FramePointer = p32->FramePointer;    p64->KiCallUserMode = p32->KiCallUserMode;    p64->KeUserCallbackDispatcher = p32->KeUserCallbackDispatcher;    p64->SystemRangeStart = p32->SystemRangeStart;}#endiftypedef struct _tagSTACKFRAME64 {    ADDRESS64   AddrPC;               // program counter    ADDRESS64   AddrReturn;           // return address    ADDRESS64   AddrFrame;            // frame pointer    ADDRESS64   AddrStack;            // stack pointer    ADDRESS64   AddrBStore;           // backing store pointer    PVOID       FuncTableEntry;       // pointer to pdata/fpo or NULL    DWORD64     Params[4];            // possible arguments to the function    BOOL        Far;                  // WOW far call    BOOL        Virtual;              // is this a virtual frame?    DWORD64     Reserved[3];    KDHELP64    KdHelp;} STACKFRAME64, *LPSTACKFRAME64;#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)#define STACKFRAME STACKFRAME64#define LPSTACKFRAME LPSTACKFRAME64#elsetypedef struct _tagSTACKFRAME {    ADDRESS     AddrPC;               // program counter    ADDRESS     AddrReturn;           // return address    ADDRESS     AddrFrame;            // frame pointer    ADDRESS     AddrStack;            // stack pointer    PVOID       FuncTableEntry;       // pointer to pdata/fpo or NULL    DWORD       Params[4];            // possible arguments to the function    BOOL        Far;                  // WOW far call    BOOL        Virtual;              // is this a virtual frame?    DWORD       Reserved[3];    KDHELP      KdHelp;    ADDRESS     AddrBStore;           // backing store pointer} STACKFRAME, *LPSTACKFRAME;#endiftypedefBOOL(__stdcall *PREAD_PROCESS_MEMORY_ROUTINE64)(    HANDLE      hProcess,    DWORD64     qwBaseAddress,    PVOID       lpBuffer,    DWORD       nSize,    LPDWORD     lpNumberOfBytesRead    );typedefPVOID(__stdcall *PFUNCTION_TABLE_ACCESS_ROUTINE64)(    HANDLE  hProcess,    DWORD64 AddrBase    );typedefDWORD64(__stdcall *PGET_MODULE_BASE_ROUTINE64)(    HANDLE  hProcess,    DWORD64 Address    );typedefDWORD64(__stdcall *PTRANSLATE_ADDRESS_ROUTINE64)(    HANDLE    hProcess,    HANDLE    hThread,    LPADDRESS64 lpaddr    );BOOLIMAGEAPIStackWalk64(    DWORD                             MachineType,    HANDLE                            hProcess,    HANDLE                            hThread,    LPSTACKFRAME64                    StackFrame,    PVOID                             ContextRecord,    PREAD_PROCESS_MEMORY_ROUTINE64    ReadMemoryRoutine,    PFUNCTION_TABLE_ACCESS_ROUTINE64  FunctionTableAccessRoutine,    PGET_MODULE_BASE_ROUTINE64        GetModuleBaseRoutine,    PTRANSLATE_ADDRESS_ROUTINE64      TranslateAddress    );#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)#define PREAD_PROCESS_MEMORY_ROUTINE PREAD_PROCESS_MEMORY_ROUTINE64#define PFUNCTION_TABLE_ACCESS_ROUTINE PFUNCTION_TABLE_ACCESS_ROUTINE64#define PGET_MODULE_BASE_ROUTINE PGET_MODULE_BASE_ROUTINE64#define PTRANSLATE_ADDRESS_ROUTINE PTRANSLATE_ADDRESS_ROUTINE64#define StackWalk StackWalk64#elsetypedefBOOL(__stdcall *PREAD_PROCESS_MEMORY_ROUTINE)(    HANDLE  hProcess,    DWORD   lpBaseAddress,    PVOID   lpBuffer,    DWORD   nSize,    PDWORD  lpNumberOfBytesRead    );typedefPVOID(__stdcall *PFUNCTION_TABLE_ACCESS_ROUTINE)(    HANDLE  hProcess,    DWORD   AddrBase    );typedefDWORD(__stdcall *PGET_MODULE_BASE_ROUTINE)(    HANDLE  hProcess,    DWORD   Address    );typedefDWORD(__stdcall *PTRANSLATE_ADDRESS_ROUTINE)(    HANDLE    hProcess,    HANDLE    hThread,    LPADDRESS lpaddr    );BOOLIMAGEAPIStackWalk(    DWORD                             MachineType,    HANDLE                            hProcess,    HANDLE                            hThread,    LPSTACKFRAME                      StackFrame,    PVOID                             ContextRecord,    PREAD_PROCESS_MEMORY_ROUTINE      ReadMemoryRoutine,    PFUNCTION_TABLE_ACCESS_ROUTINE    FunctionTableAccessRoutine,    PGET_MODULE_BASE_ROUTINE          GetModuleBaseRoutine,    PTRANSLATE_ADDRESS_ROUTINE        TranslateAddress    );#endif#define API_VERSION_NUMBER 9typedef struct API_VERSION {    USHORT  MajorVersion;
12345

imagehlp.h - 源码说明

本页面展示了「这是VCF框架的代码」中的 imagehlp.h 源码文件,采用 C头文件 编程语言编写,共 2,420 行代码。您可以在线阅读完整代码内容,也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫下载站收录了大量与VCF相关的技术资源,包括源代码、技术文档、电路图等,是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?