📄 jwaimagehlp.pas
字号:
function SymEnumerateSymbols64(hProcess: HANDLE; BaseOfDll: DWORD64;
EnumSymbolsCallback: PSYM_ENUMSYMBOLS_CALLBACK64; UserContext: PVOID): BOOL; stdcall;
{$EXTERNALSYM SymEnumerateSymbols64}
function SymEnumerateSymbolsW64(hProcess: HANDLE; BaseOfDll: DWORD64;
EnumSymbolsCallback: PSYM_ENUMSYMBOLS_CALLBACK64W; UserContext: PVOID): BOOL; stdcall;
{$EXTERNALSYM SymEnumerateSymbolsW64}
function SymEnumerateSymbols(hProcess: HANDLE; BaseOfDll: DWORD;
EnumSymbolsCallback: PSYM_ENUMSYMBOLS_CALLBACK; UserContext: PVOID): BOOL; stdcall;
{$EXTERNALSYM SymEnumerateSymbols}
function SymEnumerateSymbolsW(hProcess: HANDLE; BaseOfDll: DWORD;
EnumSymbolsCallback: PSYM_ENUMSYMBOLS_CALLBACKW; UserContext: PVOID): BOOL; stdcall;
{$EXTERNALSYM SymEnumerateSymbolsW}
function EnumerateLoadedModules64(hProcess: HANDLE; EnumLoadedModulesCallback: PENUMLOADED_MODULES_CALLBACK64;
UserContext: PVOID): BOOL; stdcall;
{$EXTERNALSYM EnumerateLoadedModules64}
function EnumerateLoadedModules(hProcess: HANDLE; EnumLoadedModulesCallback: PENUMLOADED_MODULES_CALLBACK;
UserContext: PVOID): BOOL; stdcall;
{$EXTERNALSYM EnumerateLoadedModules}
function SymFunctionTableAccess64(hProcess: HANDLE; AddrBase: DWORD64): PVOID; stdcall;
{$EXTERNALSYM SymFunctionTableAccess64}
function SymFunctionTableAccess(hProcess: HANDLE; AddrBase: DWORD): PVOID; stdcall;
{$EXTERNALSYM SymFunctionTableAccess}
function SymGetModuleInfo64(hProcess: HANDLE; qwAddr: DWORD64;
var ModuleInfo: IMAGEHLP_MODULE64): BOOL; stdcall;
{$EXTERNALSYM SymGetModuleInfo64}
function SymGetModuleInfoW64(hProcess: HANDLE; qwAddr: DWORD64;
var ModuleInfo: IMAGEHLP_MODULEW64): BOOL; stdcall;
{$EXTERNALSYM SymGetModuleInfoW64}
function SymGetModuleInfo(hProcess: HANDLE; dwAddr: DWORD;
var ModuleInfo: IMAGEHLP_MODULE): BOOL; stdcall;
{$EXTERNALSYM SymGetModuleInfo}
function SymGetModuleInfoW(hProcess: HANDLE; dwAddr: DWORD;
var ModuleInfo: IMAGEHLP_MODULEW): BOOL; stdcall;
{$EXTERNALSYM SymGetModuleInfoW}
function SymGetModuleBase64(hProcess: HANDLE; qwAddr: DWORD64): DWORD64; stdcall;
{$EXTERNALSYM SymGetModuleBase64}
function SymGetModuleBase(hProcess: HANDLE; dwAddr: DWORD): DWORD; stdcall;
{$EXTERNALSYM SymGetModuleBase}
function SymGetSymNext64(hProcess: HANDLE; var Symbol: IMAGEHLP_SYMBOL64): BOOL; stdcall;
{$EXTERNALSYM SymGetSymNext64}
function SymGetSymNext(hProcess: HANDLE; var Symbol: IMAGEHLP_SYMBOL): BOOL; stdcall;
{$EXTERNALSYM SymGetSymNext}
function SymGetSymPrev64(hProcess: HANDLE; var Symbol: IMAGEHLP_SYMBOL64): BOOL; stdcall;
{$EXTERNALSYM SymGetSymPrev64}
function SymGetSymPrev(hProcess: HANDLE; var Symbol: IMAGEHLP_SYMBOL): BOOL; stdcall;
{$EXTERNALSYM SymGetSymPrev}
function SymGetLineFromAddr64(hProcess: HANDLE; qwAddr: DWORD64;
var pdwDisplacement: DWORD; var Line64: IMAGEHLP_LINE64): BOOL; stdcall;
{$EXTERNALSYM SymGetLineFromAddr64}
function SymGetLineFromAddr(hProcess: HANDLE; dwAddr: DWORD;
var pdwDisplacement: DWORD; var Line: IMAGEHLP_LINE): BOOL; stdcall;
{$EXTERNALSYM SymGetLineFromAddr}
function SymGetLineFromName64(hProcess: HANDLE; ModuleName: PSTR; FileName: PSTR;
dwLineNumber: DWORD; var plDisplacement: LONG; var Line: IMAGEHLP_LINE64): BOOL; stdcall;
{$EXTERNALSYM SymGetLineFromName64}
function SymGetLineFromName(hProcess: HANDLE; ModuleName: PSTR; FileName: PSTR;
dwLineNumber: DWORD; var plDisplacement: LONG; var Line: IMAGEHLP_LINE): BOOL; stdcall;
{$EXTERNALSYM SymGetLineFromName}
function SymGetLineNext64(hProcess: HANDLE; var Line: IMAGEHLP_LINE64): BOOL; stdcall;
{$EXTERNALSYM SymGetLineNext64}
function SymGetLineNext(hProcess: HANDLE; var Line: IMAGEHLP_LINE): BOOL; stdcall;
{$EXTERNALSYM SymGetLineNext}
function SymGetLinePrev64(hProcess: HANDLE; var Line: IMAGEHLP_LINE64): BOOL; stdcall;
{$EXTERNALSYM SymGetLinePrev64}
function SymGetLinePrev(hProcess: HANDLE; var Line: IMAGEHLP_LINE): BOOL; stdcall;
{$EXTERNALSYM SymGetLinePrev}
function SymMatchFileName(FileName, Match: PSTR; var FileNameStop, MatchStop: PSTR): BOOL; stdcall;
{$EXTERNALSYM SymMatchFileName}
function SymInitialize(hProcess: HANDLE; UserSearchPath: PSTR; fInvadeProcess: BOOL): BOOL; stdcall;
{$EXTERNALSYM SymInitialize}
function SymGetSearchPath(hProcess: HANDLE; SearchPath: PSTR; SearchPathLength: DWORD): BOOL; stdcall;
{$EXTERNALSYM SymGetSearchPath}
function SymSetSearchPath(hProcess: HANDLE; SearchPath: PSTR): BOOL; stdcall;
{$EXTERNALSYM SymSetSearchPath}
function SymLoadModule64(hProcess, hFile: HANDLE; ImageName, ModuleName: PSTR;
BaseOfDll: DWORD64; SizeOfDll: DWORD): DWORD64; stdcall;
{$EXTERNALSYM SymLoadModule64}
const
SLMFLAG_VIRTUAL = $1;
{$EXTERNALSYM SLMFLAG_VIRTUAL}
function SymLoadModuleEx(hProcess, hFile: HANDLE; ImageName, ModuleName: PSTR; BaseOfDll: DWORD64;
DllSize: DWORD; Data: PMODLOAD_DATA; Flag: DWORD): DWORD64; stdcall;
{$EXTERNALSYM SymLoadModuleEx}
function SymLoadModule(hProcess, hFile: HANDLE; ImageName, ModuleName: PSTR;
BaseOfDll: DWORD; SizeOfDll: DWORD): DWORD; stdcall;
{$EXTERNALSYM SymLoadModule}
function SymUnloadModule64(hProcess: HANDLE; BaseOfDll: DWORD64): BOOL; stdcall;
{$EXTERNALSYM SymUnloadModule64}
function SymUnloadModule(hProcess: HANDLE; BaseOfDll: DWORD): BOOL; stdcall;
{$EXTERNALSYM SymUnloadModule}
function SymUnDName64(const sym: IMAGEHLP_SYMBOL64; UnDecName: PSTR;
UnDecNameLength: DWORD): BOOL; stdcall;
{$EXTERNALSYM SymUnDName64}
function SymUnDName(const sym: IMAGEHLP_SYMBOL; UnDecName: PSTR;
UnDecNameLength: DWORD): BOOL; stdcall;
{$EXTERNALSYM SymUnDName}
function SymRegisterCallback64(hProcess: HANDLE; CallbackFunction: PSYMBOL_REGISTERED_CALLBACK64;
UserContext: ULONG64): BOOL; stdcall;
{$EXTERNALSYM SymRegisterCallback64}
function SymRegisterFunctionEntryCallback64(hProcess: HANDLE; CallbackFunction: PSYMBOL_FUNCENTRY_CALLBACK64;
UserContext: ULONG64): BOOL; stdcall;
{$EXTERNALSYM SymRegisterFunctionEntryCallback64}
function SymRegisterCallback(hProcess: HANDLE; CallbackFunction: PSYMBOL_REGISTERED_CALLBACK;
UserContext: PVOID): BOOL; stdcall;
{$EXTERNALSYM SymRegisterCallback}
function SymRegisterFunctionEntryCallback(hProcess: HANDLE; CallbackFunction: PSYMBOL_FUNCENTRY_CALLBACK;
UserContext: PVOID): BOOL; stdcall;
{$EXTERNALSYM SymRegisterFunctionEntryCallback}
type
PIMAGEHLP_SYMBOL_SRC = ^IMAGEHLP_SYMBOL_SRC;
{$EXTERNALSYM PIMAGEHLP_SYMBOL_SRC}
_IMAGEHLP_SYMBOL_SRC = record
sizeofstruct: DWORD;
type_: DWORD;
file_: array [0..MAX_PATH - 1] of Char;
end;
{$EXTERNALSYM _IMAGEHLP_SYMBOL_SRC}
IMAGEHLP_SYMBOL_SRC = _IMAGEHLP_SYMBOL_SRC;
{$EXTERNALSYM IMAGEHLP_SYMBOL_SRC}
TImageHlpSymbolSrc = IMAGEHLP_SYMBOL_SRC;
PImageHlpSymbolSrc = PIMAGEHLP_SYMBOL_SRC;
PMODULE_TYPE_INFO = ^MODULE_TYPE_INFO;
{$EXTERNALSYM PMODULE_TYPE_INFO}
_MODULE_TYPE_INFO = record
dataLength: USHORT;
leaf: USHORT;
data: array [0..0] of BYTE;
end;
{$EXTERNALSYM _MODULE_TYPE_INFO}
MODULE_TYPE_INFO = _MODULE_TYPE_INFO;
{$EXTERNALSYM MODULE_TYPE_INFO}
TModuleTypeInfo = MODULE_TYPE_INFO;
PModuleTypeInfo = PMODULE_TYPE_INFO;
type
PSYMBOL_INFO = ^SYMBOL_INFO;
{$EXTERNALSYM PSYMBOL_INFO}
_SYMBOL_INFO = record
SizeOfStruct: ULONG;
TypeIndex: ULONG; // Type Index of symbol
Reserved: array [0..1] of ULONG64;
Info: ULONG;
Size: ULONG;
ModBase: ULONG64; // Base Address of module comtaining this symbol
Flags: ULONG;
Value: ULONG64; // Value of symbol, ValuePresent should be 1
Address: ULONG64; // Address of symbol including base address of module
Register_: ULONG; // register holding value or pointer to value
Scope: ULONG; // scope of the symbol
Tag: ULONG; // pdb classification
NameLen: ULONG; // Actual length of name
MaxNameLen: ULONG;
Name: array [0..0] of CHAR; // Name of symbol
end;
{$EXTERNALSYM _SYMBOL_INFO}
SYMBOL_INFO = _SYMBOL_INFO;
{$EXTERNALSYM SYMBOL_INFO}
TSymbolInfo = SYMBOL_INFO;
PSymbolInfo = PSYMBOL_INFO;
_SYMBOL_INFO_PACKAGE = record
si: SYMBOL_INFO;
name: array [0..MAX_SYM_NAME] of CHAR;
end;
{$EXTERNALSYM _SYMBOL_INFO_PACKAGE}
SYMBOL_INFO_PACKAGE = _SYMBOL_INFO_PACKAGE;
{$EXTERNALSYM SYMBOL_INFO_PACKAGE}
PSYMBOL_INFO_PACKAGE = ^SYMBOL_INFO_PACKAGE;
{$EXTERNALSYM PSYMBOL_INFO_PACKAGE}
TSymbolInfoPackage = SYMBOL_INFO_PACKAGE;
PSymbolInfoPackage = PSYMBOL_INFO_PACKAGE;
PIMAGEHLP_STACK_FRAME = ^IMAGEHLP_STACK_FRAME;
{$EXTERNALSYM PIMAGEHLP_STACK_FRAME}
_IMAGEHLP_STACK_FRAME = record
InstructionOffset: ULONG64;
ReturnOffset: ULONG64;
FrameOffset: ULONG64;
StackOffset: ULONG64;
BackingStoreOffset: ULONG64;
FuncTableEntry: ULONG64;
Params: array [0..3] of ULONG64;
Reserved: array [0..4] of ULONG64;
Virtual_: BOOL;
Reserved2: ULONG;
end;
{$EXTERNALSYM _IMAGEHLP_STACK_FRAME}
IMAGEHLP_STACK_FRAME = _IMAGEHLP_STACK_FRAME;
{$EXTERNALSYM IMAGEHLP_STACK_FRAME}
TImageHlpStackFrame = IMAGEHLP_STACK_FRAME;
PImageHlpStackFrame = PIMAGEHLP_STACK_FRAME;
IMAGEHLP_CONTEXT = LPVOID;
{$EXTERNALSYM IMAGEHLP_CONTEXT}
PIMAGEHLP_CONTEXT = ^IMAGEHLP_CONTEXT;
{$EXTERNALSYM PIMAGEHLP_CONTEXT}
TImageHlpContext = IMAGEHLP_CONTEXT;
PImageHlpContext = PIMAGEHLP_CONTEXT;
function SymSetContext(hProcess: HANDLE; StackFrame: PIMAGEHLP_STACK_FRAME; Context: PIMAGEHLP_CONTEXT): BOOL; stdcall;
{$EXTERNALSYM SymSetContext}
function SymFromAddr(hProcess: HANDLE; Address: DWORD64; Displacement: PDWORD64; Symbol: PSYMBOL_INFO): BOOL; stdcall;
{$EXTERNALSYM SymFromAddr}
// While SymFromName will provide a symbol from a name,
// SymEnumSymbols can provide the same matching information
// for ALL symbols with a matching name, even regular
// expressions. That way you can search across modules
// and differentiate between identically named symbols.
function SymFromName(hProcess: HANDLE; Name: LPSTR; Symbol: PSYMBOL_INFO): BOOL; stdcall;
{$EXTERNALSYM SymFromName}
type
PSYM_ENUMERATESYMBOLS_CALLBACK = function (pSymInfo: PSYMBOL_INFO; SymbolSize: ULONG; UserContext: PVOID): BOOL; stdcall;
{$EXTERNALSYM PSYM_ENUMERATESYMBOLS_CALLBACK}
PSymEnumerateSymbolsCallback = PSYM_ENUMERATESYMBOLS_CALLBACK;
function SymEnumSymbols(hProcess: HANDLE; BaseOfDll: ULONG64; Mask: PCSTR; EnumSymbolsCallback: PSYM_ENUMERATESYMBOLS_CALLBACK; UserContext: PVOID): BOOL; stdcall;
{$EXTERNALSYM SymEnumSymbols}
function SymEnumSymbolsForAddr(hProcess: HANDLE; Address: DWORD64;
EnumSymbolsCallback: PSYM_ENUMERATESYMBOLS_CALLBACK; UserContext: PVOID): BOOL; stdcall;
{$EXTERNALSYM SymEnumSymbolsForAddr}
type
_IMAGEHLP_SYMBOL_TYPE_INFO = (
TI_GET_SYMTAG,
TI_GET_SYMNAME,
TI_GET_LENGTH,
TI_GET_TYPE,
TI_GET_TYPEID,
TI_GET_BASETYPE,
TI_GET_ARRAYINDEXTYPEID,
TI_FINDCHILDREN,
TI_GET_DATAKIND,
TI_GET_ADDRESSOFFSET,
TI_GET_OFFSET,
TI_GET_VALUE,
TI_GET_COUNT,
TI_GET_CHILDRENCOUNT,
TI_GET_BITPOSITION,
TI_GET_VIRTUALBASECLASS,
TI_GET_VIRTUALTABLESHAPEID,
TI_GET_VIRTUALBASEPOINTEROFFSET,
TI_GET_CLASSPARENTID,
TI_GET_NESTED,
TI_GET_SYMINDEX,
TI_GET_LEXICALPARENT,
TI_GET_ADDRESS,
TI_GET_THISADJUST,
TI_GET_UDTKIND,
TI_IS_EQUIV_TO,
TI_GET_CALLING_CONVENTION);
{$EXTERNALSYM _IMAGEHLP_SYMBOL_TYPE_INFO}
IMAGEHLP_SYMBOL_TYPE_INFO = _IMAGEHLP_SYMBOL_TYPE_INFO;
{$EXTERNALSYM IMAGEHLP_SYMBOL_TYPE_INFO}
TImageHlpSymbolTypeInfo = IMAGEHLP_SYMBOL_TYPE_INFO;
PTI_FINDCHILDREN_PARAMS = ^TI_FINDCHILDREN_PARAMS;
{$EXTERNALSYM PTI_FINDCHILDREN_PARAMS}
_TI_FINDCHILDREN_PARAMS = record
Count: ULONG;
Start: ULONG;
ChildId: array [0..0] of ULONG;
end;
{$EXTERNALSYM _TI_FINDCHILDREN_PARAMS}
TI_FINDCHILDREN_PARAMS = _TI_FINDCHILDREN_PARAMS;
{$EXTERNALSYM TI_FINDCHILDREN_PARAMS}
TTiFindChildrenParams = TI_FINDCHILDREN_PARAMS;
PTiFindChildrenParams = PTI_FINDCHILDREN_PARAMS;
function SymGetTypeInfo(hProcess: HANDLE; ModBase: DWORD64; TypeId: ULONG; GetType: IMAGEHLP_SYMBOL_TYPE_INFO; pInfo: PVOID): BOOL; stdcall;
{$EXTERNALSYM SymGetTypeInfo}
function SymEnumTypes(hProcess: HANDLE; BaseOfDll: ULONG64; EnumSymbolsCallback: PSYM_ENUMERATESYMBOLS_CALLBACK; UserContext: PVOID): BOOL; stdcall;
{$EXTERNALSYM SymEnumTypes}
function SymGetTypeFromName(hProcess: HANDLE; BaseOfDll: ULONG64; Name: LPSTR; Symbol: PSYMBOL_INFO): BOOL; stdcall;
{$EXTERNALSYM SymGetTypeFromName}
function SymAddSymbol(hProcess: HANDLE; BaseOfDll: ULONG64; Name: PCSTR; Address: DWORD64; Size, Flags: DWORD): BOOL; stdcall;
{$EXTERNALSYM SymAddSymbol}
function SymDeleteSymbol(hProcess: HANDLE; BaseOfDll: ULONG64; Name: PCSTR; Address: DWORD64; Flags: DWORD): BOOL; stdcall;
{$EXTERNALSYM SymDeleteSymbol}
//
// Full user-mode dump creation.
//
type⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -