📄 jwaimagehlp.pas
字号:
TKdHelp = KDHELP;
//PKdHelp = PKDHELP;
procedure KdHelp32To64(p32: PKDHELP; p64: PKDHELP64);
{$EXTERNALSYM KdHelp32To64}
type
LPSTACKFRAME64 = ^STACKFRAME64;
{$EXTERNALSYM LPSTACKFRAME64}
_tagSTACKFRAME64 = record
AddrPC: ADDRESS64; // program counter
AddrReturn: ADDRESS64; // return address
AddrFrame: ADDRESS64; // frame pointer
AddrStack: ADDRESS64; // stack pointer
AddrBStore: ADDRESS64; // backing store pointer
FuncTableEntry: PVOID; // pointer to pdata/fpo or NULL
Params: array [0..3] of DWORD64; // possible arguments to the function
Far: BOOL; // WOW far call
Virtual: BOOL; // is this a virtual frame?
Reserved: array [0..2] of DWORD64;
KdHelp: KDHELP64;
end;
{$EXTERNALSYM _tagSTACKFRAME64}
STACKFRAME64 = _tagSTACKFRAME64;
{$EXTERNALSYM STACKFRAME64}
TStackFrame64 = STACKFRAME64;
PStackFrame64 = LPSTACKFRAME64;
LPSTACKFRAME = ^STACKFRAME;
{$EXTERNALSYM LPSTACKFRAME}
_tagSTACKFRAME = record
AddrPC: ADDRESS; // program counter
AddrReturn: ADDRESS; // return address
AddrFrame: ADDRESS; // frame pointer
AddrStack: ADDRESS; // stack pointer
FuncTableEntry: PVOID; // pointer to pdata/fpo or NULL
Params: array [0..3] of DWORD; // possible arguments to the function
Far: BOOL; // WOW far call
Virtual: BOOL; // is this a virtual frame?
Reserved: array [0..2] of DWORD;
KdHelp: KDHELP;
AddrBStore: ADDRESS; // backing store pointer
end;
{$EXTERNALSYM _tagSTACKFRAME}
STACKFRAME = _tagSTACKFRAME;
{$EXTERNALSYM STACKFRAME}
TStackFrame = STACKFRAME;
PStackFrame = LPSTACKFRAME;
PREAD_PROCESS_MEMORY_ROUTINE64 = function (hProcess: HANDLE; qwBaseAddress: DWORD64;
lpBuffer: PVOID; nSize: DWORD; var lpNumberOfBytesRead: DWORD): BOOL; stdcall;
{$EXTERNALSYM PREAD_PROCESS_MEMORY_ROUTINE64}
PReadProcessMemoryRoutine64 = PREAD_PROCESS_MEMORY_ROUTINE64;
PFUNCTION_TABLE_ACCESS_ROUTINE64 = function (hProcess: HANDLE;
AddrBase: DWORD64): PVOID; stdcall;
{$EXTERNALSYM PFUNCTION_TABLE_ACCESS_ROUTINE64}
PFunctionTableAccessRoutine64 = PFUNCTION_TABLE_ACCESS_ROUTINE64;
PGET_MODULE_BASE_ROUTINE64 = function (hProcess: HANDLE;
Address: DWORD64): DWORD64; stdcall;
{$EXTERNALSYM PGET_MODULE_BASE_ROUTINE64}
PGetModuleBaseRoutine64 = PGET_MODULE_BASE_ROUTINE64;
PTRANSLATE_ADDRESS_ROUTINE64 = function (hProcess: HANDLE; hThread: HANDLE;
const lpaddr: ADDRESS64): DWORD64; stdcall;
{$EXTERNALSYM PTRANSLATE_ADDRESS_ROUTINE64}
PTranslateAddressRoutine64 = PTRANSLATE_ADDRESS_ROUTINE64;
function StackWalk64(MachineType: DWORD; hProcess: HANDLE; hThread: HANDLE;
var StackFrame: STACKFRAME64; ContextRecord: PVOID;
ReadMemoryRoutine: PREAD_PROCESS_MEMORY_ROUTINE64;
FunctionTableAccessRoutine: PFUNCTION_TABLE_ACCESS_ROUTINE64;
GetModuleBaseRoutine: PGET_MODULE_BASE_ROUTINE64;
TranslateAddress: PTRANSLATE_ADDRESS_ROUTINE64): BOOL; stdcall;
{$EXTERNALSYM StackWalk64}
type
PREAD_PROCESS_MEMORY_ROUTINE = function (hProcess: HANDLE;
lpBaseAddress: DWORD; lpBuffer: PVOID; nSize: DWORD;
var lpNumberOfBytesRead: DWORD): BOOL; stdcall;
{$EXTERNALSYM PREAD_PROCESS_MEMORY_ROUTINE}
PreadProcessMemoryRoutine = PREAD_PROCESS_MEMORY_ROUTINE;
PFUNCTION_TABLE_ACCESS_ROUTINE = function (hProcess: HANDLE; AddrBase: DWORD): PVOID; stdcall;
{$EXTERNALSYM PFUNCTION_TABLE_ACCESS_ROUTINE}
PFunctionTableAccessRoutine = PFUNCTION_TABLE_ACCESS_ROUTINE;
PGET_MODULE_BASE_ROUTINE = function (hProcess: HANDLE; Address: DWORD): DWORD; stdcall;
{$EXTERNALSYM PGET_MODULE_BASE_ROUTINE}
PGetModuleBaseRoutine = PGET_MODULE_BASE_ROUTINE;
PTRANSLATE_ADDRESS_ROUTINE = function (hProcess: HANDLE; hThread: HANDLE;
const lpaddr: ADDRESS): DWORD; stdcall;
{$EXTERNALSYM PTRANSLATE_ADDRESS_ROUTINE}
PTranslateAddressRoutine = PTRANSLATE_ADDRESS_ROUTINE;
function StackWalk(MachineType: DWORD; hProcess: HANDLE; hThread: HANDLE;
var StackFrame: STACKFRAME; ContextRecord: PVOID;
ReadMemoryRoutine: PREAD_PROCESS_MEMORY_ROUTINE;
FunctionTableAccessRoutine: PFUNCTION_TABLE_ACCESS_ROUTINE;
GetModuleBaseRoutine: PGET_MODULE_BASE_ROUTINE;
TranslateAddress: PTRANSLATE_ADDRESS_ROUTINE): BOOL; stdcall;
{$EXTERNALSYM StackWalk}
const
API_VERSION_NUMBER = 9;
{$EXTERNALSYM API_VERSION_NUMBER}
type
LPAPI_VERSION = ^API_VERSION;
{$EXTERNALSYM LPAPI_VERSION}
API_VERSION = record
MajorVersion: USHORT;
MinorVersion: USHORT;
Revision: USHORT;
Reserved: USHORT;
end;
{$EXTERNALSYM API_VERSION}
TApiVersion = API_VERSION;
PApiVersion = LPAPI_VERSION;
function ImagehlpApiVersion: LPAPI_VERSION; stdcall;
{$EXTERNALSYM ImagehlpApiVersion}
function ImagehlpApiVersionEx(const AppVersion: API_VERSION): LPAPI_VERSION; stdcall;
{$EXTERNALSYM ImagehlpApiVersionEx}
function GetTimestampForLoadedLibrary(Module: HMODULE): DWORD; stdcall;
{$EXTERNALSYM GetTimestampForLoadedLibrary}
//
// typedefs for function pointers
//
type
PSYM_ENUMMODULES_CALLBACK64 = function (ModuleName: PSTR; BaseOfDll: DWORD64;
UserContext: PVOID): BOOL; stdcall;
{$EXTERNALSYM PSYM_ENUMMODULES_CALLBACK64}
PSymEnummodulesCallback64 = PSYM_ENUMMODULES_CALLBACK64;
PSYM_ENUMSYMBOLS_CALLBACK64 = function (SymbolName: PSTR; SymbolAddress: DWORD64;
SymbolSize: ULONG; UserContext: PVOID): BOOL; stdcall;
{$EXTERNALSYM PSYM_ENUMSYMBOLS_CALLBACK64}
PSymEnumsymbolsCallback64 = PSYM_ENUMSYMBOLS_CALLBACK64;
PSYM_ENUMSYMBOLS_CALLBACK64W = function (SymbolName: PWSTR;
SymbolAddress: DWORD64; SymbolSize: ULONG; UserContext: PVOID): BOOL; stdcall;
{$EXTERNALSYM PSYM_ENUMSYMBOLS_CALLBACK64W}
PSymEnumsymbolsCallback64w = PSYM_ENUMSYMBOLS_CALLBACK64W;
PENUMLOADED_MODULES_CALLBACK64 = function (ModuleName: PSTR;
ModuleBase: DWORD64; ModuleSize: ULONG; UserContext: PVOID): BOOL; stdcall;
{$EXTERNALSYM PENUMLOADED_MODULES_CALLBACK64}
PSnumloadedModulesCallback64 = PENUMLOADED_MODULES_CALLBACK64;
PSYMBOL_REGISTERED_CALLBACK64 = function (hProcess: HANDLE; ActionCode: ULONG;
CallbackData: ULONG64; UserContext: ULONG64): BOOL; stdcall;
{$EXTERNALSYM PSYMBOL_REGISTERED_CALLBACK64}
PSymbolRegisteredCallback64 = PSYMBOL_REGISTERED_CALLBACK64;
PSYMBOL_FUNCENTRY_CALLBACK = function (hProcess: HANDLE; AddrBase: DWORD;
UserContext: PVOID): PVOID; stdcall;
{$EXTERNALSYM PSYMBOL_FUNCENTRY_CALLBACK}
PSymbolFuncentryCallback = PSYMBOL_FUNCENTRY_CALLBACK;
PSYMBOL_FUNCENTRY_CALLBACK64 = function (hProcess: HANDLE; AddrBase: ULONG64;
UserContext: ULONG64): PVOID; stdcall;
{$EXTERNALSYM PSYMBOL_FUNCENTRY_CALLBACK64}
PSymbolFuncentryCallback64 = PSYMBOL_FUNCENTRY_CALLBACK64;
PSYM_ENUMMODULES_CALLBACK = function (ModuleName: PSTR; BaseOfDll: ULONG;
UserContext: PVOID): BOOL; stdcall;
{$EXTERNALSYM PSYM_ENUMMODULES_CALLBACK}
PSymEnummodulesCallback = PSYM_ENUMMODULES_CALLBACK;
PSYM_ENUMSYMBOLS_CALLBACK = function (SymbolName: PSTR; SymbolAddress: ULONG;
SymbolSize: ULONG; UserContext: PVOID): BOOL; stdcall;
{$EXTERNALSYM PSYM_ENUMSYMBOLS_CALLBACK}
PSymEnumsymbolsCallback = PSYM_ENUMSYMBOLS_CALLBACK;
PSYM_ENUMSYMBOLS_CALLBACKW = function (SymbolName: PWSTR; SymbolAddress: ULONG;
SymbolSize: ULONG; UserContext: PVOID): BOOL; stdcall;
{$EXTERNALSYM PSYM_ENUMSYMBOLS_CALLBACKW}
PSymEnumsymbolsCallbackw = PSYM_ENUMSYMBOLS_CALLBACKW;
PENUMLOADED_MODULES_CALLBACK = function (ModuleName: PSTR; ModuleBase: ULONG;
ModuleSize: ULONG; UserContext: PVOID): BOOL; stdcall;
{$EXTERNALSYM PENUMLOADED_MODULES_CALLBACK}
PEnumloadedModulesCallback = PENUMLOADED_MODULES_CALLBACK;
PSYMBOL_REGISTERED_CALLBACK = function (hProcess: HANDLE; ActionCode: ULONG;
CallbackData: PVOID; UserContext: PVOID): BOOL; stdcall;
{$EXTERNALSYM PSYMBOL_REGISTERED_CALLBACK}
PSymbolRegisteredCallback = PSYMBOL_REGISTERED_CALLBACK;
//
// flags found in SYMBOL_INFO.Flags
//
const
SYMFLAG_VALUEPRESENT = $00000001;
{$EXTERNALSYM SYMFLAG_VALUEPRESENT}
SYMFLAG_REGISTER = $00000008;
{$EXTERNALSYM SYMFLAG_REGISTER}
SYMFLAG_REGREL = $00000010;
{$EXTERNALSYM SYMFLAG_REGREL}
SYMFLAG_FRAMEREL = $00000020;
{$EXTERNALSYM SYMFLAG_FRAMEREL}
SYMFLAG_PARAMETER = $00000040;
{$EXTERNALSYM SYMFLAG_PARAMETER}
SYMFLAG_LOCAL = $00000080;
{$EXTERNALSYM SYMFLAG_LOCAL}
SYMFLAG_CONSTANT = $00000100;
{$EXTERNALSYM SYMFLAG_CONSTANT}
SYMFLAG_EXPORT = $00000200;
{$EXTERNALSYM SYMFLAG_EXPORT}
SYMFLAG_FORWARDER = $00000400;
{$EXTERNALSYM SYMFLAG_FORWARDER}
SYMFLAG_FUNCTION = $00000800;
{$EXTERNALSYM SYMFLAG_FUNCTION}
SYMFLAG_VIRTUAL = $00001000;
{$EXTERNALSYM SYMFLAG_VIRTUAL}
SYMFLAG_THUNK = $00002000;
{$EXTERNALSYM SYMFLAG_THUNK}
SYMFLAG_TLSREL = $00004000;
{$EXTERNALSYM SYMFLAG_TLSREL}
//
// symbol type enumeration
//
type
SYM_TYPE = (
SymNone,
SymCoff,
SymCv,
SymPdb,
SymExport,
SymDeferred,
SymSym, // .sym file
SymDia,
SymVirtual,
NumSymTypes);
{$EXTERNALSYM SYM_TYPE}
TSymType = SYM_TYPE;
//
// symbol data structure
//
PIMAGEHLP_SYMBOL64 = ^IMAGEHLP_SYMBOL64;
{$EXTERNALSYM PIMAGEHLP_SYMBOL64}
_IMAGEHLP_SYMBOL64 = record
SizeOfStruct: DWORD; // set to sizeof(IMAGEHLP_SYMBOL64)
Address: DWORD64; // virtual address including dll base address
Size: DWORD; // estimated size of symbol, can be zero
Flags: DWORD; // info about the symbols, see the SYMF defines
MaxNameLength: DWORD; // maximum size of symbol name in 'Name'
Name: array [0..0] of CHAR; // symbol name (null terminated string)
end;
{$EXTERNALSYM _IMAGEHLP_SYMBOL64}
IMAGEHLP_SYMBOL64 = _IMAGEHLP_SYMBOL64;
{$EXTERNALSYM IMAGEHLP_SYMBOL64}
TImageHlpSymbol64 = IMAGEHLP_SYMBOL64;
PImageHlpSymbol64 = PIMAGEHLP_SYMBOL64;
_IMAGEHLP_SYMBOL64_PACKAGE = record
sym: IMAGEHLP_SYMBOL64;
name: array [0..MAX_SYM_NAME] of CHAR;
end;
{$EXTERNALSYM _IMAGEHLP_SYMBOL64_PACKAGE}
IMAGEHLP_SYMBOL64_PACKAGE = _IMAGEHLP_SYMBOL64_PACKAGE;
{$EXTERNALSYM IMAGEHLP_SYMBOL64_PACKAGE}
PIMAGEHLP_SYMBOL64_PACKAGE = ^IMAGEHLP_SYMBOL64_PACKAGE;
{$EXTERNALSYM PIMAGEHLP_SYMBOL64_PACKAGE}
TImageHlpSymbol64Package = IMAGEHLP_SYMBOL64_PACKAGE;
PImageHlpSymbol64Package = PIMAGEHLP_SYMBOL64_PACKAGE;
//#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
//
//#define IMAGEHLP_SYMBOL IMAGEHLP_SYMBOL64
//#define PIMAGEHLP_SYMBOL PIMAGEHLP_SYMBOL64
//#define IMAGEHLP_SYMBOL_PACKAGE IMAGEHLP_SYMBOL64_PACKAGE
//#define PIMAGEHLP_SYMBOL_PACKAGE PIMAGEHLP_SYMBOL64_PACKAGE
//
//#else
PIMAGEHLP_SYMBOL = ^IMAGEHLP_SYMBOL;
{$EXTERNALSYM PIMAGEHLP_SYMBOL}
_IMAGEHLP_SYMBOL = record
SizeOfStruct: DWORD; // set to sizeof(IMAGEHLP_SYMBOL)
Address: DWORD; // virtual address including dll base address
Size: DWORD; // estimated size of symbol, can be zero
Flags: DWORD; // info about the symbols, see the SYMF defines
MaxNameLength: DWORD; // maximum size of symbol name in 'Name'
Name: array [0..0] of CHAR; // symbol name (null terminated string)
end;
{$EXTERNALSYM _IMAGEHLP_SYMBOL}
IMAGEHLP_SYMBOL = _IMAGEHLP_SYMBOL;
{$EXTERNALSYM IMAGEHLP_SYMBOL}
TImageHlpSymbol = IMAGEHLP_SYMBOL;
PImageHlpSymbol = PIMAGEHLP_SYMBOL;
_IMAGEHLP_SYMBOL_PACKAGE = record
sym: IMAGEHLP_SYMBOL;
name: array [0..MAX_SYM_NAME] of CHAR;
end;
{$EXTERNALSYM _IMAGEHLP_SYMBOL_PACKAGE}
IMAGEHLP_SYMBOL_PACKAGE = _IMAGEHLP_SYMBOL_PACKAGE;
{$EXTERNALSYM IMAGEHLP_SYMBOL_PACKAGE}
PIMAGEHLP_SYMBOL_PACKAGE = ^IMAGEHLP_SYMBOL_PACKAGE;
{$EXTERNALSYM PIMAGEHLP_SYMBOL_PACKAGE}
TImageHlpSymbolPackage = IMAGEHLP_SYMBOL_PACKAGE;
PImageHlpSymbolPackage = PIMAGEHLP_SYMBOL_PACKAGE;
//#endif
//
// module data structure
//
PIMAGEHLP_MODULE64 = ^IMAGEHLP_MODULE64;
{$EXTERNALSYM PIMAGEHLP_MODULE64}
_IMAGEHLP_MODULE64 = record
SizeOfStruct: DWORD; // set to sizeof(IMAGEHLP_MODULE64)
BaseOfImage: DWORD64; // base load address of module
ImageSize: DWORD; // virtual size of the loaded module
TimeDateStamp: DWORD; // date/time stamp from pe header
CheckSum: DWORD; // checksum from the pe header
NumSyms: DWORD; // number of symbols in the symbol table
SymType: SYM_TYPE; // type of symbols loaded
ModuleName: array [0..3] of CHAR; // module name
ImageName: array [0..255] of CHAR; // image name
LoadedImageName: array [0..255] of CHAR; // symbol file name
end;
{$EXTERNALSYM _IMAGEHLP_MODULE64}
IMAGEHLP_MODULE64 = _IMAGEHLP_MODULE64;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -