jwaimagehlp.pas

比较全面的win32api开发包

function ImageNtHeader(Base: PVOID): PIMAGE_NT_HEADERS; stdcall;
{$EXTERNALSYM ImageNtHeader}

function ImageDirectoryEntryToDataEx(Base: PVOID; MappedAsImage: ByteBool;
  DirectoryEntry: USHORT; var Size: ULONG; var FoundHeader: PIMAGE_SECTION_HEADER): PVOID; stdcall;
{$EXTERNALSYM ImageDirectoryEntryToDataEx}

function ImageDirectoryEntryToData(Base: PVOID; MappedAsImage: ByteBool;
  DirectoryEntry: USHORT; var Size: ULONG): PVOID; stdcall;
{$EXTERNALSYM ImageDirectoryEntryToData}

function ImageRvaToSection(NtHeaders: PIMAGE_NT_HEADERS; Base: PVOID; Rva: ULONG): PIMAGE_SECTION_HEADER; stdcall;
{$EXTERNALSYM ImageRvaToSection}

function ImageRvaToVa(NtHeaders: PIMAGE_NT_HEADERS; Base: PVOID; Rva: ULONG;
  var LastRvaSection: PIMAGE_SECTION_HEADER): PVOID; stdcall;
{$EXTERNALSYM ImageRvaToVa}

// Symbol server exports

type
  PSYMBOLSERVERPROC = function (a1, a2: LPCSTR; a3: PVOID; a4, a5: DWORD; a6: LPSTR): BOOL; stdcall;
  {$EXTERNALSYM PSYMBOLSERVERPROC}
  PSYMBOLSERVEROPENPROC = function: BOOL; stdcall;
  {$EXTERNALSYM PSYMBOLSERVEROPENPROC}
  PSYMBOLSERVERCLOSEPROC = function: BOOL; stdcall;
  {$EXTERNALSYM PSYMBOLSERVERCLOSEPROC}
  PSYMBOLSERVERSETOPTIONSPROC = function (a1: UINT_PTR; a2: ULONG64): BOOL; stdcall;
  {$EXTERNALSYM PSYMBOLSERVERSETOPTIONSPROC}
  PSYMBOLSERVERCALLBACKPROC = function (action: UINT_PTR; data: ULONG64; context: ULONG64): BOOL; stdcall;
  {$EXTERNALSYM PSYMBOLSERVERCALLBACKPROC}
  PSYMBOLSERVERGETOPTIONSPROC = function: UINT_PTR; stdcall;
  {$EXTERNALSYM PSYMBOLSERVERGETOPTIONSPROC}
  PSYMBOLSERVERPINGPROC = function (a1: LPCSTR): BOOL; stdcall;
  {$EXTERNALSYM PSYMBOLSERVERPINGPROC}

const
  SSRVOPT_CALLBACK   = $01;
  {$EXTERNALSYM SSRVOPT_CALLBACK}
  SSRVOPT_DWORD      = $02;
  {$EXTERNALSYM SSRVOPT_DWORD}
  SSRVOPT_DWORDPTR   = $04;
  {$EXTERNALSYM SSRVOPT_DWORDPTR}
  SSRVOPT_GUIDPTR    = $08;
  {$EXTERNALSYM SSRVOPT_GUIDPTR}
  SSRVOPT_OLDGUIDPTR = $10;
  {$EXTERNALSYM SSRVOPT_OLDGUIDPTR}
  SSRVOPT_UNATTENDED = $20;
  {$EXTERNALSYM SSRVOPT_UNATTENDED}
  SSRVOPT_RESET      = ULONG_PTR(-1);
  {$EXTERNALSYM SSRVOPT_RESET}

  SSRVACTION_TRACE   = 1;
  {$EXTERNALSYM SSRVACTION_TRACE}

// This api won't be ported to Win64 - Fix your code.

type
  PIMAGE_DEBUG_INFORMATION = ^IMAGE_DEBUG_INFORMATION;
  {$EXTERNALSYM PIMAGE_DEBUG_INFORMATION}
  _IMAGE_DEBUG_INFORMATION = record
    List: LIST_ENTRY;
    ReservedSize: DWORD;
    ReservedMappedBase: PVOID;
    ReservedMachine: USHORT;
    ReservedCharacteristics: USHORT;
    ReservedCheckSum: DWORD;
    ImageBase: DWORD;
    SizeOfImage: DWORD;
    ReservedNumberOfSections: DWORD;
    ReservedSections: PIMAGE_SECTION_HEADER;
    ReservedExportedNamesSize: DWORD;
    ReservedExportedNames: PSTR;
    ReservedNumberOfFunctionTableEntries: DWORD;
    ReservedFunctionTableEntries: PIMAGE_FUNCTION_ENTRY;
    ReservedLowestFunctionStartingAddress: DWORD;
    ReservedHighestFunctionEndingAddress: DWORD;
    ReservedNumberOfFpoTableEntries: DWORD;
    ReservedFpoTableEntries: PFPO_DATA;
    SizeOfCoffSymbols: DWORD;
    CoffSymbols: PIMAGE_COFF_SYMBOLS_HEADER;
    ReservedSizeOfCodeViewSymbols: DWORD;
    ReservedCodeViewSymbols: PVOID;
    ImageFilePath: PSTR;
    ImageFileName: PSTR;
    ReservedDebugFilePath: PSTR;
    ReservedTimeDateStamp: DWORD;
    ReservedRomImage: BOOL;
    ReservedDebugDirectory: PIMAGE_DEBUG_DIRECTORY;
    ReservedNumberOfDebugDirectories: DWORD;
    ReservedOriginalFunctionTableBaseAddress: DWORD;
    Reserved: array [0..1] of DWORD;
  end;
  {$EXTERNALSYM _IMAGE_DEBUG_INFORMATION}
  IMAGE_DEBUG_INFORMATION = _IMAGE_DEBUG_INFORMATION;
  {$EXTERNALSYM IMAGE_DEBUG_INFORMATION}
  TImageDebugInformation = IMAGE_DEBUG_INFORMATION;
  PImageDebugInformation = PIMAGE_DEBUG_INFORMATION;

function MapDebugInformation(FileHandle: HANDLE; FileName, SymbolPath: PSTR;
  ImageBase: DWORD): PIMAGE_DEBUG_INFORMATION; stdcall;
{$EXTERNALSYM MapDebugInformation}

function UnmapDebugInformation(DebugInfo: PIMAGE_DEBUG_INFORMATION): BOOL; stdcall;
{$EXTERNALSYM UnmapDebugInformation}

function SearchTreeForFile(RootPath, InputPathName, OutputPathBuffer: PSTR): BOOL; stdcall;
{$EXTERNALSYM SearchTreeForFile}

type
  PENUMDIRTREE_CALLBACK = function (FilePath: LPCSTR; CallerData: PVOID): BOOL; stdcall;
  {$EXTERNALSYM PENUMDIRTREE_CALLBACK}
  PEnumDirTreeCallback = PENUMDIRTREE_CALLBACK;

function EnumDirTree(hProcess: HANDLE; RootPath, InputPathName, OutputPathBuffer: PSTR;
  Callback: PENUMDIRTREE_CALLBACK; CallbackData: PVOID): BOOL; stdcall;
{$EXTERNALSYM EnumDirTree}

function MakeSureDirectoryPathExists(DirPath: PCSTR): BOOL; stdcall;
{$EXTERNALSYM MakeSureDirectoryPathExists}

//
// UnDecorateSymbolName Flags
//

const
  UNDNAME_COMPLETE               = ($0000); // Enable full undecoration
  {$EXTERNALSYM UNDNAME_COMPLETE}
  UNDNAME_NO_LEADING_UNDERSCORES = ($0001); // Remove leading underscores from MS extended keywords
  {$EXTERNALSYM UNDNAME_NO_LEADING_UNDERSCORES}
  UNDNAME_NO_MS_KEYWORDS         = ($0002); // Disable expansion of MS extended keywords
  {$EXTERNALSYM UNDNAME_NO_MS_KEYWORDS}
  UNDNAME_NO_FUNCTION_RETURNS    = ($0004); // Disable expansion of return type for primary declaration
  {$EXTERNALSYM UNDNAME_NO_FUNCTION_RETURNS}
  UNDNAME_NO_ALLOCATION_MODEL    = ($0008); // Disable expansion of the declaration model
  {$EXTERNALSYM UNDNAME_NO_ALLOCATION_MODEL}
  UNDNAME_NO_ALLOCATION_LANGUAGE = ($0010); // Disable expansion of the declaration language specifier
  {$EXTERNALSYM UNDNAME_NO_ALLOCATION_LANGUAGE}
  UNDNAME_NO_MS_THISTYPE         = ($0020); // NYI Disable expansion of MS keywords on the 'this' type for primary declaration
  {$EXTERNALSYM UNDNAME_NO_MS_THISTYPE}
  UNDNAME_NO_CV_THISTYPE         = ($0040); // NYI Disable expansion of CV modifiers on the 'this' type for primary declaration
  {$EXTERNALSYM UNDNAME_NO_CV_THISTYPE}
  UNDNAME_NO_THISTYPE            = ($0060); // Disable all modifiers on the 'this' type
  {$EXTERNALSYM UNDNAME_NO_THISTYPE}
  UNDNAME_NO_ACCESS_SPECIFIERS   = ($0080); // Disable expansion of access specifiers for members
  {$EXTERNALSYM UNDNAME_NO_ACCESS_SPECIFIERS}
  UNDNAME_NO_THROW_SIGNATURES    = ($0100); // Disable expansion of 'throw-signatures' for functions and pointers to functions
  {$EXTERNALSYM UNDNAME_NO_THROW_SIGNATURES}
  UNDNAME_NO_MEMBER_TYPE         = ($0200); // Disable expansion of 'static' or 'virtual'ness of members
  {$EXTERNALSYM UNDNAME_NO_MEMBER_TYPE}
  UNDNAME_NO_RETURN_UDT_MODEL    = ($0400); // Disable expansion of MS model for UDT returns
  {$EXTERNALSYM UNDNAME_NO_RETURN_UDT_MODEL}
  UNDNAME_32_BIT_DECODE          = ($0800); // Undecorate 32-bit decorated names
  {$EXTERNALSYM UNDNAME_32_BIT_DECODE}
  UNDNAME_NAME_ONLY              = ($1000); // Crack only the name for primary declaration;
  {$EXTERNALSYM UNDNAME_NAME_ONLY}
                                                                                                   //  return just [scope::]name.  Does expand template params
  UNDNAME_NO_ARGUMENTS    = ($2000); // Don't undecorate arguments to function
  {$EXTERNALSYM UNDNAME_NO_ARGUMENTS}
  UNDNAME_NO_SPECIAL_SYMS = ($4000); // Don't undecorate special names (v-table, vcall, vector xxx, metatype, etc)
  {$EXTERNALSYM UNDNAME_NO_SPECIAL_SYMS}

function UnDecorateSymbolName(DecoratedName: PCSTR; UnDecoratedName: PSTR;
  UndecoratedLength: DWORD; Flags: DWORD): DWORD; stdcall;
{$EXTERNALSYM UnDecorateSymbolName}

//
// these values are used for synthesized file types
// that can be passed in as image headers instead of
// the standard ones from ntimage.h
//

const
  DBHHEADER_DEBUGDIRS    = $1;
  {$EXTERNALSYM DBHHEADER_DEBUGDIRS}

type
  _MODLOAD_DATA = record
    ssize: DWORD;                  // size of this struct
    ssig: DWORD;                   // signature identifying the passed data
    data: PVOID;                   // pointer to passed data
    size: DWORD;                   // size of passed data
    flags: DWORD;                  // options
  end;
  {$EXTERNALSYM _MODLOAD_DATA}
  MODLOAD_DATA = _MODLOAD_DATA;
  {$EXTERNALSYM MODLOAD_DATA}
  PMODLOAD_DATA = ^MODLOAD_DATA;
  {$EXTERNALSYM PMODLOAD_DATA}
  TModLoadData = MODLOAD_DATA;
  PModLoadData = PMODLOAD_DATA;

//
// StackWalking API
//

type
  ADDRESS_MODE = (
    AddrMode1616,
    AddrMode1632,
    AddrModeReal,
    AddrModeFlat);
  {$EXTERNALSYM ADDRESS_MODE}
  TAddressMode = ADDRESS_MODE;

  LPADDRESS64 = ^ADDRESS64;
  {$EXTERNALSYM PADDRESS64}
  _tagADDRESS64 = record
    Offset: DWORD64;
    Segment: WORD;
    Mode: ADDRESS_MODE;
  end;
  {$EXTERNALSYM _tagADDRESS64}
  ADDRESS64 = _tagADDRESS64;
  {$EXTERNALSYM ADDRESS64}
  TAddress64 = ADDRESS64;
  PAddress64 = LPADDRESS64;

  LPADDRESS = ^ADDRESS;
  {$EXTERNALSYM PADDRESS}
  _tagADDRESS = record
    Offset: DWORD;
    Segment: WORD;
    Mode: ADDRESS_MODE;
  end;
  {$EXTERNALSYM _tagADDRESS}
  ADDRESS = _tagADDRESS;
  {$EXTERNALSYM ADDRESS}
  TAddress = ADDRESS;
  PAddress = LPADDRESS;

procedure Address32To64(a32: LPADDRESS; a64: LPADDRESS64);
{$EXTERNALSYM Address32To64}

procedure Address64To32(a64: LPADDRESS64; a32: LPADDRESS);
{$EXTERNALSYM Address64To32}

//
// This structure is included in the STACKFRAME structure,
// and is used to trace through usermode callbacks in a thread's
// kernel stack.  The values must be copied by the kernel debugger
// from the DBGKD_GET_VERSION and WAIT_STATE_CHANGE packets.
//

//
// New KDHELP structure for 64 bit system support.
// This structure is preferred in new code.
//

type
  PKDHELP64 = ^KDHELP64;
  {$EXTERNALSYM PKDHELP64}
  _KDHELP64 = record
    //
    // address of kernel thread object, as provided in the
    // WAIT_STATE_CHANGE packet.
    //
    Thread: DWORD64;
    //
    // offset in thread object to pointer to the current callback frame
    // in kernel stack.
    //
    ThCallbackStack: DWORD;
    //
    // offset in thread object to pointer to the current callback backing
    // store frame in kernel stack.
    //
    ThCallbackBStore: DWORD;
    //
    // offsets to values in frame:
    //
    // address of next callback frame
    NextCallback: DWORD;
    // address of saved frame pointer (if applicable)
    FramePointer: DWORD;
    //
    // Address of the kernel function that calls out to user mode
    //
    KiCallUserMode: DWORD64;
    //
    // Address of the user mode dispatcher function
    //
    KeUserCallbackDispatcher: DWORD64;
    //
    // Lowest kernel mode address
    //
    SystemRangeStart: DWORD64;
    Reserved: array [0..7] of DWORD64;
  end;
  {$EXTERNALSYM _KDHELP64}
  KDHELP64 = _KDHELP64;
  {$EXTERNALSYM KDHELP64}
  TKdHelp64 = KDHELP64;
  //PKdHelp64 = PKDHELP64;

  PKDHELP = ^KDHELP;
  {$EXTERNALSYM PKDHELP}
  _KDHELP = record
    //
    // address of kernel thread object, as provided in the
    // WAIT_STATE_CHANGE packet.
    //
    Thread: DWORD;
    //
    // offset in thread object to pointer to the current callback frame
    // in kernel stack.
    //
    ThCallbackStack: DWORD;
    //
    // offsets to values in frame:
    //
    // address of next callback frame
    NextCallback: DWORD;
    // address of saved frame pointer (if applicable)
    FramePointer: DWORD;
    //
    // Address of the kernel function that calls out to user mode
    //
    KiCallUserMode: DWORD;
    //
    // Address of the user mode dispatcher function
    //
    KeUserCallbackDispatcher: DWORD;
    //
    // Lowest kernel mode address
    //
    SystemRangeStart: DWORD;
    //
    // offset in thread object to pointer to the current callback backing
    // store frame in kernel stack.
    //
    ThCallbackBStore: DWORD;
    Reserved: array [0..7] of DWORD;
  end;
  {$EXTERNALSYM _KDHELP}
  KDHELP = _KDHELP;
  {$EXTERNALSYM KDHELP}