📄 w2k_img.h
字号:
#define PDB_PAGE_SIZE_1K 0x0400 // bytes per page
#define PDB_PAGE_SIZE_2K 0x0800
#define PDB_PAGE_SIZE_4K 0x1000
#define PDB_PAGE_SHIFT_1K 10 // log2 (PDB_PAGE_SIZE_*)
#define PDB_PAGE_SHIFT_2K 11
#define PDB_PAGE_SHIFT_4K 12
#define PDB_PAGE_COUNT_1K 0xFFFF // page number < PDB_PAGE_COUNT_*
#define PDB_PAGE_COUNT_2K 0xFFFF
#define PDB_PAGE_COUNT_4K 0x7FFF
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
typedef struct _PDB_HEADER
{
PDB_SIGNATURE Signature; // PDB_SIGNATURE_200
DWORD dPageSize; // 0x0400, 0x0800, 0x1000
WORD wStartPage; // 0x0009, 0x0005, 0x0002
WORD wFilePages; // file size / dPageSize
PDB_STREAM RootStream; // stream directory
WORD awRootPages []; // pages containing PDB_ROOT
}
PDB_HEADER, *PPDB_HEADER, **PPPDB_HEADER;
#define PDB_HEADER_ sizeof (PDB_HEADER)
// -----------------------------------------------------------------
#define PDB_PUB32 0x1009
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
typedef struct _PDB_PUBSYM
{
OMF_HEADER Header;
DWORD dReserved;
DWORD dOffset;
WORD wSegment; // 1-based section index
OMF_NAME Name; // zero-padded to next DWORD
}
PDB_PUBSYM, *PPDB_PUBSYM, **PPPDB_PUBSYM;
#define PDB_PUBSYM_ sizeof (PDB_PUBSYM)
#define PDB_PUBSYM_SIZE(_p) \
((DWORD) (_p)->Header.wRecordSize + sizeof (WORD))
#define PDB_PUBSYM_NEXT(_p) \
((PPDB_PUBSYM) ((PBYTE) (_p) + PDB_PUBSYM_SIZE (_p)))
// =================================================================
// OMAP STRUCTURES
// =================================================================
typedef struct _OMAP_TO_SRC
{
DWORD dTarget;
DWORD dSource;
}
OMAP_TO_SRC, *POMAP_TO_SRC, **PPOMAP_TO_SRC;
#define OMAP_TO_SRC_ sizeof (OMAP_TO_SRC)
// -----------------------------------------------------------------
typedef struct _OMAP_FROM_SRC
{
DWORD dSource;
DWORD dTarget;
}
OMAP_FROM_SRC, *POMAP_FROM_SRC, **PPOMAP_FROM_SRC;
#define OMAP_FROM_SRC_ sizeof (OMAP_FROM_SRC)
// =================================================================
// OTHER STRUCTURES
// =================================================================
typedef struct _IMG_DBG
{
IMAGE_SEPARATE_DEBUG_HEADER Header;
IMAGE_SECTION_HEADER aSections [];
}
IMG_DBG, *PIMG_DBG, **PPIMG_DBG;
#define IMG_DBG_ sizeof (IMG_DBG)
#define IMG_DBG__(_n) (IMG_DBG_ + ((_n) * IMAGE_SECTION_HEADER_))
#define IMG_DBG_DATA(_p,_d) \
((PVOID) ((PBYTE) (_p) + (_d)->PointerToRawData))
// -----------------------------------------------------------------
typedef struct _IMG_PDB
{
PDB_HEADER Header;
}
IMG_PDB, *PIMG_PDB, **PPIMG_PDB;
#define IMG_PDB_ sizeof (IMG_PDB)
#define IMG_PDB__(_n) (IMG_PDB_ + ((_n) * sizeof (WORD)))
// -----------------------------------------------------------------
typedef union _IMG_PUBSYM
{
OMF_HEADER Header; // CV_PUB32 or PDB_PUB32
CV_PUBSYM CvPubSym;
PDB_PUBSYM PdbPubSym;
}
IMG_PUBSYM, *PIMG_PUBSYM, **PPIMG_PUBSYM;
#define IMG_PUBSYM_ sizeof (IMG_PUBSYM)
#define IMG_PUBSYM_SIZE(_p) \
((DWORD) (_p)->Header.wRecordSize + sizeof (WORD))
#define IMG_PUBSYM_NEXT(_p) \
((PIMG_PUBSYM) ((PBYTE) (_p) + IMG_PUBSYM_SIZE (_p)))
// -----------------------------------------------------------------
typedef struct _IMG_SYMBOL
{
PIMG_PUBSYM pip;
DWORD dSection;
DWORD dRaw;
DWORD dBias;
DWORD dSource;
DWORD dTarget;
DWORD dOffset;
DWORD dRelative;
PVOID pBase;
PVOID pAddress;
DWORD dConvention; // IMG_CONVENTION_*
DWORD dStack;
BYTE abName [256];
}
IMG_SYMBOL, *PIMG_SYMBOL, **PPIMG_SYMBOL;
#define IMG_SYMBOL_ sizeof (IMG_SYMBOL)
// -----------------------------------------------------------------
typedef struct _IMG_ENTRY
{
DWORD dSection; // 1-based section number
PVOID pAddress; // symbol address
DWORD dConvention; // calling convention IMG_CONVENTION_*
DWORD dStack; // number of argument stack bytes
BOOL fExported; // TRUE if exported symbol
BOOL fSpecial; // TRUE if special symbol
BYTE abSection [IMAGE_SIZEOF_SHORT_NAME+4]; // section name
BYTE abSymbol [256]; // undecorated symbol name
BYTE abDecorated [256]; // decorated symbol name
}
IMG_ENTRY, *PIMG_ENTRY, **PPIMG_ENTRY;
#define IMG_ENTRY_ sizeof (IMG_ENTRY)
// -----------------------------------------------------------------
typedef struct _IMG_INDEX
{
PIMG_ENTRY apEntries [1];
}
IMG_INDEX, *PIMG_INDEX, **PPIMG_INDEX;
#define IMG_INDEX_ sizeof (IMG_INDEX)
#define IMG_INDEX__(_n) ((_n) * IMG_INDEX_)
// -----------------------------------------------------------------
typedef struct _IMG_TABLE
{
DWORD dSize; // table size in bytes
DWORD dSections; // number of sections
DWORD dSymbols; // number of symbols
DWORD dTimeStamp; // module time stamp (sec since 1-1-1970)
DWORD dCheckSum; // module checksum
PVOID pBase; // module base address
PIMG_INDEX piiAddress; // entries sorted by address
PIMG_INDEX piiName; // entries sorted by name
PIMG_INDEX piiNameIC; // entries sorted by name (ignore case)
BOOL fUnicode; // character format
union
{
TBYTE atPath [MAX_PATH]; // .dbg file path
BYTE abPath [MAX_PATH]; // .dbg file path (ANSI)
WORD awPath [MAX_PATH]; // .dbg file path (Unicode)
};
IMG_ENTRY aEntries []; // symbol info array
}
IMG_TABLE, *PIMG_TABLE, **PPIMG_TABLE;
#define IMG_TABLE_ sizeof (IMG_TABLE)
#define IMG_TABLE__(_n) \
(IMG_TABLE_ + ((_n) * IMG_ENTRY_) + (3 * IMG_INDEX__ (_n)))
// -----------------------------------------------------------------
typedef struct _IMG_INFO
{
PVOID pBase;
PIMAGE_SEPARATE_DEBUG_HEADER pHeader;
PIMAGE_SECTION_HEADER pSections;
PBYTE pbExports;
PIMAGE_DEBUG_DIRECTORY pDirectories;
PCV_DATA pCvData;
PFPO_DATA pFpoEntries;
PIMAGE_DEBUG_MISC pMiscEntries;
POMAP_TO_SRC pOmapToSrc;
POMAP_FROM_SRC pOmapFromSrc;
DWORD dSize;
DWORD dSections;
DWORD dExports;
DWORD dDirectories;
DWORD dCvData;
DWORD dFpoEntries;
DWORD dMiscEntries;
DWORD dOmapToSrc;
DWORD dOmapFromSrc;
BOOL fUnicode;
union
{
TBYTE atPath [MAX_PATH];
BYTE abPath [MAX_PATH];
WORD awPath [MAX_PATH];
};
IMG_DBG DbgFile;
}
IMG_INFO, *PIMG_INFO, **PPIMG_INFO;
#define IMG_INFO_ sizeof (IMG_INFO)
#define IMG_INFO_PREFIX ((DWORD) &(((PIMG_INFO) 0)->DbgFile))
// -----------------------------------------------------------------
typedef struct _IMG_TIME
{
WORD wYear;
BYTE bMonth;
BYTE bDay;
BYTE bHour;
BYTE bMinute;
BYTE bSecond;
BYTE bDayOfWeek;
}
IMG_TIME, *PIMG_TIME, **PPIMG_TIME;
#define IMG_TIME_ sizeof (IMG_TIME)
// -----------------------------------------------------------------
typedef struct _IMG_CONTEXT
{
union
{
PBYTE pbExtension;
PWORD pwExtension;
};
union
{
PBYTE pbBuffer;
PWORD pwBuffer;
};
DWORD dBuffer;
}
IMG_CONTEXT, *PIMG_CONTEXT, **PPIMG_CONTEXT;
#define IMG_CONTEXT_ sizeof (IMG_CONTEXT)
// =================================================================
// CALLBACK TYPES
// =================================================================
typedef DWORD (CALLBACK *IMG_CALLBACKA) (PBYTE pbModule,
PBYTE pbPath,
DWORD dPath,
PVOID pContext);
typedef DWORD (CALLBACK *IMG_CALLBACKW) (PWORD pwModule,
PWORD pwPath,
DWORD dPath,
PVOID pContext);
// =================================================================
// KERNEL MODULE INFORMATION
// =================================================================
#ifndef SystemModuleInformation
// -----------------------------------------------------------------
#define SystemModuleInformation 11 // SYSTEMINFOCLASS
#define MAXIMUM_FILENAME_LENGTH 256
#define PAGE_SIZE 4096
// -----------------------------------------------------------------
typedef LONG NTSTATUS, *PNTSTATUS, **PPNTSTATUS;
typedef NTSTATUS (NTAPI *NTPROC) ();
#define STATUS_SUCCESS ((NTSTATUS) 0x00000000)
#define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS) 0xC0000004)
// -----------------------------------------------------------------
NTSTATUS NTAPI
NtQuerySystemInformation (DWORD SystemInformationClass,
PVOID SystemInformation,
DWORD SystemInformationLength,
PDWORD ReturnLength);
// -----------------------------------------------------------------
typedef struct _MODULE_INFO
{
DWORD dReserved1;
DWORD dReserved2;
PVOID pBase;
DWORD dSize;
DWORD dFlags;
WORD wIndex;
WORD wRank;
WORD wLoadCount;
WORD wNameOffset;
BYTE abPath [MAXIMUM_FILENAME_LENGTH];
}
MODULE_INFO, *PMODULE_INFO, **PPMODULE_INFO;
#define MODULE_INFO_ sizeof (MODULE_INFO)
// -----------------------------------------------------------------
typedef struct _MODULE_LIST
{
DWORD dModules;
MODULE_INFO aModules [];
}
MODULE_LIST, *PMODULE_LIST, **PPMODULE_LIST;
#define MODULE_LIST_ sizeof (MODULE_LIST)
// -----------------------------------------------------------------
#endif // #ifndef SystemModuleInformation
// =================================================================
// CONDITIONAL ANSI/UNICODE SYMBOLS
// =================================================================
#ifdef UNICODE
#define imgBox imgBoxW
#define imgAnsiMatch imgAnsiMatchW
#define imgTimeDay imgTimeDayW
#define imgPathRoot imgPathRootW
#define imgPathName imgPathNameW
#define imgPathCanonical imgPathCanonicalW
#define imgPathCurrent imgPathCurrentW
#define imgPathWindows imgPathWindowsW
#define imgPathVariable imgPathVariableW
#define imgPathEnumerate imgPathEnumerateW
#define imgPathSymbols imgPathSymbolsW
#define imgPathCallback imgPathCallbackW
#define imgPathSymbolsEx imgPathSymbolsExW
#define imgPathDbg imgPathDbgW
#define imgPathPdb imgPathPdbW
#define imgFileOpen imgFileOpenW
#define imgFileNew imgFileNewW
#define imgFileTest imgFileTestW
#define imgFileLoad imgFileLoadW
#define imgFileSave imgFileSaveW
#define imgCvPdb imgCvPdbW
#define imgDbgLoad imgDbgLoadW
#define imgPdbLoad imgPdbLoadW
#define imgPdbStreamEx imgPdbStreamExW
#define imgInfoLoad imgInfoLoadW
#define imgInfoType imgInfoTypeW
#define imgTableLoad imgTableLoadW
#define imgModuleFind imgModuleFindW
#define imgModuleBase imgModuleBaseW
#else // #ifdef UNICODE
#define imgBox imgBoxA
#define imgAnsiMatch imgAnsiMatchA
#define imgTimeDay imgTimeDayA
#define imgPathRoot imgPathRootA
#define imgPathName imgPathNameA
#define imgPathCanonical imgPathCanonicalA
#define imgPathCurrent imgPathCurrentA
#define imgPathWindows imgPathWindowsA
#define imgPathVariable imgPathVariableA
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -