📄 w2k_dbg.c
字号:
PDBG_INDEX WINAPI dbgModuleIndex (PDBG_PROCESS pdp,
DWORD dSort,
BOOL fReverse)
{
return dbgIndexCreateEx (dbgModuleList (pdp),
OFFSET (DBG_MODULE, dNext ),
OFFSET (DBG_MODULE, pBase ),
OFFSET (DBG_MODULE, dSize ),
MAXDWORD,
OFFSET (DBG_MODULE, awPath),
OFFSET (DBG_MODULE, dFile ),
dSort, fReverse);
}
// =================================================================
// DRIVER MANAGEMENT
// =================================================================
PPVOID WINAPI dbgDriverAddresses (PDWORD pdCount)
{
DWORD dSize;
DWORD dCount = 0;
PPVOID ppList = NULL;
dSize = SIZE_MINIMUM * sizeof (PVOID);
while ((ppList = dbgMemoryCreate (dSize)) != NULL)
{
if (EnumDeviceDrivers (ppList, dSize, &dCount) &&
(dCount < dSize))
{
dCount /= sizeof (PVOID);
break;
}
dCount = 0;
ppList = dbgMemoryDestroy (ppList);
if ((dSize <<= 1) > (SIZE_MAXIMUM * sizeof (PVOID))) break;
}
if (pdCount != NULL) *pdCount = dCount;
return ppList;
}
// -----------------------------------------------------------------
PDBG_LIST WINAPI dbgDriverAdd (PDBG_LIST pdl,
PVOID pBase)
{
PDBG_DRIVER pdd;
WORD awPath [MAX_PATH];
DWORD dPath, dFile, dData;
PDBG_LIST pdl1 = pdl;
if (pBase != NULL)
{
dPath = GetDeviceDriverFileName (pBase, awPath, MAX_PATH);
}
else
{
dData = 0;
}
awPath [dPath++] = 0;
dFile = dbgPathFile (awPath);
dData = dbgMemoryAlignEx (DBG_DRIVER_, dPath);
if ((pdl1 = dbgListResize (pdl, dData)) != NULL)
{
pdd = (PDBG_DRIVER) (pdl1->abData + pdl1->dOffset);
pdd->dNext = dData;
pdd->pBase = pBase;
pdd->dFile = dFile;
lstrcpy (pdd->awPath, awPath);
if (dbgBaseModule (awPath + dFile, &pdd->dSize) == NULL)
{
dPath = dbgPathDriver (pdd->awPath + pdd->dFile,
awPath, MAX_PATH);
if (dPath && (dPath < MAX_PATH))
{
dbgBaseModule (awPath, &pdd->dSize);
}
}
dbgListNext (pdl1, dData, TRUE);
}
return pdl1;
}
// -----------------------------------------------------------------
PDBG_LIST WINAPI dbgDriverList (void)
{
PPVOID ppDrivers;
DWORD dDrivers, i;
PDBG_LIST pdl = NULL;
if ((ppDrivers = dbgDriverAddresses (&dDrivers)) != NULL)
{
pdl = dbgListCreate ();
for (i = 0; (pdl != NULL) && (i < dDrivers); i++)
{
pdl = dbgDriverAdd (pdl, ppDrivers [i]);
}
dbgMemoryDestroy (ppDrivers);
}
return dbgListFinish (pdl);
}
// -----------------------------------------------------------------
PDBG_INDEX WINAPI dbgDriverIndex (PWORD pwImage,
DWORD dSort,
BOOL fReverse)
{
return dbgIndexCreateEx ((pwImage != NULL
? dbgListLoad (pwImage)
: dbgDriverList ()),
OFFSET (DBG_DRIVER, dNext ),
OFFSET (DBG_DRIVER, pBase ),
OFFSET (DBG_DRIVER, dSize ),
MAXDWORD,
OFFSET (DBG_DRIVER, awPath),
OFFSET (DBG_DRIVER, dFile ),
dSort, fReverse);
}
// =================================================================
// SYMBOL MANAGEMENT
// =================================================================
BOOL CALLBACK dbgSymbolCallback (PSTR psSymbolName,
DWORD dSymbolAddress,
DWORD dSymbolSize,
PPDBG_LIST ppdl)
{
PDBG_LIST pdl;
PDBG_SYMBOL pds;
DWORD dName, dData, i;
BOOL fOk = FALSE;
if (ppdl != NULL)
{
pdl = *ppdl;
dName = lstrlenA (psSymbolName) + 1;
dData = dbgMemoryAlignEx (DBG_SYMBOL_, dName);
if ((pdl = dbgListResize (pdl, dData)) != NULL)
{
pds = (PDBG_SYMBOL) (pdl->abData + pdl->dOffset);
pds->dNext = dData;
pds->dSize = dSymbolSize;
pds->pBase = (PVOID) dSymbolAddress;
for (i = 0; i < dName; i++)
{
pds->awName [i] = psSymbolName [i];
}
dbgListNext (pdl, dData, TRUE);
fOk = TRUE;
}
*ppdl = pdl;
}
return fOk;
}
// -----------------------------------------------------------------
PLOADED_IMAGE WINAPI dbgSymbolLoad (PWORD pwPath,
PVOID pBase,
HANDLE hProcess)
{
WORD awPath [MAX_PATH];
PBYTE pbPath;
DWORD dPath;
PLOADED_IMAGE pli = NULL;
if ((pbPath = dbgStringAnsi (pwPath, NULL)) != NULL)
{
if (((pli = ImageLoad (pbPath, NULL)) == NULL) &&
(dPath = dbgPathDriver (pwPath, awPath, MAX_PATH)) &&
(dPath < MAX_PATH))
{
dbgMemoryDestroy (pbPath);
if ((pbPath = dbgStringAnsi (awPath, NULL)) != NULL)
{
pli = ImageLoad (pbPath, NULL);
}
}
if ((pli != NULL)
&&
(!SymLoadModule (hProcess, pli->hFile, pbPath, NULL,
(DWORD_PTR) pBase, pli->SizeOfImage)))
{
ImageUnload (pli);
pli = NULL;
}
dbgMemoryDestroy (pbPath);
}
return pli;
}
// -----------------------------------------------------------------
PLOADED_IMAGE WINAPI dbgSymbolUnload (PLOADED_IMAGE pli,
PVOID pBase,
HANDLE hProcess)
{
if (pli != NULL)
{
SymUnloadModule (hProcess, (DWORD_PTR) pBase);
ImageUnload (pli);
}
return NULL;
}
// -----------------------------------------------------------------
PDBG_LIST WINAPI dbgSymbolList (PWORD pwPath,
PVOID pBase)
{
PLOADED_IMAGE pli;
HANDLE hProcess = GetCurrentProcess ();
PDBG_LIST pdl = NULL;
if ((pwPath != NULL) &&
SymInitialize (hProcess, NULL, FALSE))
{
if ((pli = dbgSymbolLoad (pwPath, pBase, hProcess)) != NULL)
{
if ((pdl = dbgListCreate ()) != NULL)
{
SymEnumerateSymbols (hProcess, (DWORD_PTR) pBase,
dbgSymbolCallback, &pdl);
}
dbgSymbolUnload (pli, pBase, hProcess);
}
SymCleanup (hProcess);
}
return dbgListFinish (pdl);
}
// -----------------------------------------------------------------
PDBG_INDEX WINAPI dbgSymbolIndex (PWORD pwPath,
PVOID pBase,
PWORD pwImage,
DWORD dSort,
BOOL fReverse)
{
return dbgIndexCreateEx ((pwImage != NULL
? dbgListLoad (pwImage)
: dbgSymbolList (pwPath, pBase)),
OFFSET (DBG_SYMBOL, dNext ),
OFFSET (DBG_SYMBOL, pBase ),
OFFSET (DBG_SYMBOL, dSize ),
MAXDWORD,
OFFSET (DBG_SYMBOL, awName),
MAXDWORD,
dSort, fReverse);
}
// -----------------------------------------------------------------
PDBG_SYMBOL WINAPI dbgSymbolLookup (PDBG_INDEX pdi,
PVOID pAddress,
PDWORD pdOffset)
{
DWORD dAddress, dBase, i, j, k;
DWORD dOffset = 0;
PDBG_SYMBOL pds = NULL;
if (pdi != NULL)
{
dAddress = (DWORD_PTR) pAddress;
for (i = 0, j = k = MAXDWORD; i < pdi->dEntries; i++)
{
dBase = (DWORD_PTR) pdi->ppds [i]->pBase;
if (dBase && (dBase + pdi->ppds [i]->dSize) &&
(dAddress >= dBase) && (dAddress - dBase < k))
{
j = i;
k = dAddress - dBase;
}
}
if (j != MAXDWORD)
{
dOffset = k;
pds = pdi->ppds [j];
}
}
if (pdOffset != NULL) *pdOffset = dOffset;
return pds;
}
// =================================================================
// BASE ADDRESS INQUIRY
// =================================================================
PVOID WINAPI dbgBaseModule (PWORD pwPath,
PDWORD pdSize)
{
MODULEINFO mi;
HMODULE hModule;
DWORD dSize = 0;
PVOID pBase = NULL;
if ((pwPath != NULL)
&&
((hModule = LoadLibraryEx (pwPath, NULL,
DONT_RESOLVE_DLL_REFERENCES))
!= NULL))
{
if (GetModuleInformation (GetCurrentProcess (), hModule,
&mi, sizeof (mi)))
{
pBase = mi.lpBaseOfDll;
dSize = mi.SizeOfImage;
}
FreeLibrary (hModule);
}
if (pdSize != NULL) *pdSize = dSize;
return pBase;
}
// -----------------------------------------------------------------
PVOID WINAPI dbgBaseDriver (PWORD pwPath,
PDWORD pdSize)
{
PDBG_LIST pdl;
PDBG_DRIVER pdd;
PWORD pwName;
DWORD i;
DWORD dSize = 0;
PVOID pBase = NULL;
if (pwPath != NULL)
{
pwName = pwPath + dbgPathFile (pwPath);
if ((pdl = dbgDriverList ()) != NULL)
{
pdd = (PDBG_DRIVER) (pdl->abData + pdl->dFirst);
for (i = 0; i < pdl->dEntries; i++)
{
if (!lstrcmpi (pwName, pdd->awPath + pdd->dFile))
{
pBase = pdd->pBase;
dSize = pdd->dSize;
break;
}
pdd = (PDBG_DRIVER) ((PBYTE) pdd + pdd->dNext);
}
dbgListDestroy (pdl);
}
}
if (pdSize != NULL) *pdSize = dSize;
return pBase;
}
// =================================================================
// DLL MANAGEMENT
// =================================================================
BOOL WINAPI DllMain (HINSTANCE hInstance,
DWORD dReason,
PVOID pReserved)
{
BOOL fOk = TRUE;
switch (dReason)
{
case DLL_PROCESS_ATTACH:
{
InitializeCriticalSection (&gcsMemory);
break;
}
case DLL_PROCESS_DETACH:
{
DeleteCriticalSection (&gcsMemory);
break;
}
}
return fOk;
}
// =================================================================
// END OF PROGRAM
// =================================================================
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -