📄 symbolhandler.pas.svn-base
字号:
unit symbolhandler;
interface
uses classes,windows,imagehlp,psapi,sysutils,syncobjs,tlhelp32{$ifndef autoassemblerdll},cefuncproc,newkernelhandler{$endif};
{$ifdef autoassemblerdll}
var
processid: dword;
processhandle: thandle;
Type TMemoryRegion = record
BaseAddress: Dword;
MemorySize: Dword;
IsChild: boolean;
startaddress: pointer;
end;
type TMemoryregions = array of tmemoryregion;
{$endif}
type symexception=class(Exception);
type TUserdefinedsymbol=record
symbolname: string;
address: dword;
end;
type TModuleInfo=record
modulename: string;
baseaddress: dword;
basesize: dword;
end;
type TUserdefinedSymbolCallback=procedure;
type
TSymbolloaderthread=class(tthread)
private
symbolprocesshandle: thandle;
targetself: boolean;
thisprocesshandle: thandle;
thisprocessid: dword;
procedure LoadDriverSymbols;
procedure LoadDLLSymbols;
public
isloading: boolean;
symbolsloaded: boolean;
kernelsymbols: boolean;
dllsymbols: boolean;
searchpath: string;
procedure execute; override;
constructor create(targetself, CreateSuspended: boolean);
destructor destroy; override;
end;
TSymHandler=class
private
symbolloaderthread: TSymbolloaderthread;
lastmodulelistupdate: integer;
modulelistpos: integer;
modulelist: array of TModuleInfo;
symbolloadervalid: TMultiReadExclusiveWriteSynchronizer;
modulelistMREW: TMultiReadExclusiveWriteSynchronizer;
userdefinedsymbolspos: integer;
userdefinedsymbols: array of TUserdefinedsymbol;
userdefinedsymbolsMREW: TMultireadExclusiveWriteSynchronizer;
fshowmodules: boolean; //--determines what is returned by getnamefromaddress
fshowsymbols: boolean; ///
UserdefinedSymbolCallback: TUserdefinedSymbolCallback;
searchpath: string;
function getusedprocesshandle :thandle;
function getusedprocessid:dword;
function getisloaded:boolean;
procedure setshowmodules(x: boolean);
procedure setshowsymbols(x: boolean);
public
kernelsymbols: boolean;
dllsymbols: boolean;
locked: boolean;
targetself: boolean;
property showmodules: boolean read fshowmodules write setshowmodules;
property showsymbols: boolean read fshowsymbols write setshowsymbols;
property usedprocesshandle: thandle read getusedprocesshandle;
property usedprocessid: dword read getusedprocessid;
property isloaded: boolean read getisloaded;
procedure waitforsymbolsloaded;
procedure reinitialize;
procedure loadmodulelist;
procedure fillMemoryRegionsWithModuleData(var mr: TMemoryregions; startaddress: dword; size: dword);
procedure getModuleList(list: tstrings);
function getmodulebyaddress(address: dword; var mi: TModuleInfo):BOOLEAN;
function getmodulebyname(modulename: string; var mi: TModuleInfo):BOOLEAN;
function getNameFromAddress(address:dword):string; overload;
function getNameFromAddress(address:dword;symbols:boolean; modules: boolean):string; overload;
function getAddressFromName(name: string):dword; overload;
function getAddressFromName(name: string; waitforsymbols: boolean):dword; overload;
function getsearchpath:string;
procedure setsearchpath(path:string);
//userdefined symbols
function DeleteUserdefinedSymbol(symbolname:string):boolean;
function GetUserdefinedSymbolByName(symbolname:string):dword;
function GetUserdefinedSymbolByAddress(address:dword):string;
procedure AddUserdefinedSymbol(address: dword; symbolname: string);
procedure EnumerateUserdefinedSymbols(list:tstrings);
function ParseAsPointer(s: string; list:tstrings): boolean;
function GetAddressFromPointer(s: string; var error: boolean):dword;
procedure RegisterUserdefinedSymbolCallback(callback: TUserdefinedSymbolCallback);
constructor create;
destructor destroy; override;
end;
var symhandler: TSymhandler;
selfsymhandler: TSymhandler; //symhandler object for CE itself
implementation
uses assemblerunit;
procedure TSymbolloaderthread.LoadDLLSymbols;
var need:dword;
x: PPointerArray;
i: integer;
count: integer;
modulename: pchar;
begin
EnumProcessModules(thisprocesshandle,nil,0,need);
getmem(x,need);
try
if EnumProcessModules(thisprocesshandle,@x[0],need,need) then
begin
count:=need div 4;
getmem(modulename,200);
try
for i:=0 to count-1 do
begin
GetModuleFileNameEx(thisprocesshandle,dword(x[i]),modulename,200);
symLoadModule(thisprocesshandle,0,pchar(modulename),nil,dword(x[i]),0);
end;
finally
freemem(modulename);
end;
end;
finally
freemem(x);
end;
end;
procedure TSymbolloaderthread.LoadDriverSymbols;
var need:dword;
x: PPointerArray;
i: integer;
count: integer;
drivername: pchar;
nearest: dword; //nearest other driver (AFTER win32k.sys)
begin
EnumDevicedrivers(nil,0,need);
getmem(x,need);
try
if enumDevicedrivers(@x[0],need,need) then
begin
count:=need div 4;
getmem(drivername,200);
try
for i:=0 to count-1 do
begin
GetDevicedriverFileName(x[i],drivername,200);
//add drive letter
symLoadModule(thisprocesshandle,0,pchar(drivername),nil,dword(x[i]),0);
end;
finally
freemem(drivername);
end;
end;
finally
freemem(x);
end;
end;
procedure TSymbolloaderthread.execute;
begin
try
SymbolsLoaded:=false;
if symbolprocesshandle<>0 then Symcleanup(symbolprocesshandle); //cleanup first
SymbolsLoaded:=SymInitialize(thisprocesshandle,nil,true);
symsetoptions(symgetoptions or SYMOPT_CASE_INSENSITIVE);
symsetsearchpath(processhandle,pchar(searchpath));
if kernelsymbols then LoadDriverSymbols;
LoadDLLSymbols;
symbolprocesshandle:=processhandle;
finally
isloading:=false;
end;
end;
destructor TSymbolloaderthread.destroy;
begin
//close the symbol handler for this processhandle
if symbolprocesshandle<>0 then Symcleanup(symbolprocesshandle);
inherited destroy;
end;
constructor TSymbolloaderthread.create(targetself, CreateSuspended: boolean);
var
processid: dword;
processhandle: thandle;
begin
self.targetself:=targetself;
{$ifdef autoassemblerdll}
processid:=symbolhandler.ProcessID;
processhandle:=symbolhandler.processhandle;
{$else}
if targetself then
begin
processid:=getcurrentprocessid;
processhandle:=getcurrentprocess;
end
else
begin
processid:=cefuncproc.ProcessID;
processhandle:=cefuncproc.ProcessHandle;
end;
{$endif}
thisprocesshandle:=processhandle;
thisprocessid:=processid;
isloading:=true;
SymbolsLoaded:=false;
inherited create(CreateSuspended);
end;
function TSymhandler.getisloaded:boolean;
begin
symbolloadervalid.beginread;
if symbolloaderthread<>nil then
result:=not symbolloaderthread.isloading
else
result:=false;
symbolloadervalid.endread;
end;
procedure TSymhandler.RegisterUserdefinedSymbolCallback(callback: TUserdefinedSymbolCallback);
begin
UserdefinedSymbolCallback:=callback;
end;
procedure TSymhandler.setshowmodules(x: boolean);
begin
if locked then raise symexception.Create('You can''t change this setting at the moment');
fshowmodules:=x;
end;
procedure TSymhandler.setshowsymbols(x: boolean);
begin
if locked then raise symexception.Create('You can''t change this setting at the moment');
fshowsymbols:=x;
end;
function TSymhandler.getusedprocessid:dword;
begin
symbolloadervalid.beginread;
if symbolloaderthread<>nil then
result:=symbolloaderthread.thisprocessid
else
result:=0;
symbolloadervalid.endread;
end;
function TSymhandler.getusedprocesshandle:thandle;
begin
symbolloadervalid.beginread;
if symbolloaderthread<>nil then
result:=symbolloaderthread.thisprocesshandle
else
result:=0;
symbolloadervalid.endread;
end;
procedure TSymhandler.reinitialize;
var previousprocesshandle: thandle;
begin
loadmodulelist;
symbolloadervalid.BeginWrite;
if symbolloaderthread<>nil then
begin
symbolloaderthread.Terminate;
symbolloaderthread.WaitFor; //wait till it's done
symbolloaderthread.Free;
end;
symbolloaderthread:=tsymbolloaderthread.Create(targetself,true);
symbolloaderthread.kernelsymbols:=kernelsymbols;
symbolloaderthread.searchpath:=searchpath;
symbolloaderthread.Resume;
symbolloadervalid.EndWrite;
end;
procedure TSymhandler.Waitforsymbolsloaded;
begin
symbolloadervalid.beginread;
if symbolloaderthread<>nil then
symbolloaderthread.WaitFor;
symbolloadervalid.endread;
end;
function TSymhandler.DeleteUserdefinedSymbol(symbolname:string):boolean;
var i,j: integer;
begin
result:=false;
userdefinedsymbolsMREW.beginwrite;
for i:=0 to userdefinedsymbolspos-1 do
if uppercase(userdefinedsymbols[i].symbolname)=uppercase(symbolname) then
begin
//found it, now move up all the others and decrease the list
for j:=i to userdefinedsymbolspos-2 do
userdefinedsymbols[j]:=userdefinedsymbols[j+1];
dec(userdefinedsymbolspos);
result:=true;
break;
end;
userdefinedsymbolsMREW.endwrite;
if assigned(UserdefinedSymbolCallback) then
UserdefinedSymbolCallback();
end;
function TSymhandler.GetUserdefinedSymbolByName(symbolname:string):dword;
var i:integer;
begin
result:=0;
userdefinedsymbolsMREW.beginread;
for i:=0 to userdefinedsymbolspos-1 do
if uppercase(userdefinedsymbols[i].symbolname)=uppercase(symbolname) then
begin
result:=userdefinedsymbols[i].address;
break;
end;
userdefinedsymbolsMREW.endread;
end;
function TSymhandler.GetUserdefinedSymbolByAddress(address:dword):string;
var i:integer;
begin
result:='';
userdefinedsymbolsMREW.beginread;
for i:=0 to userdefinedsymbolspos-1 do
if userdefinedsymbols[i].address=address then
begin
result:=userdefinedsymbols[i].symbolname;
break;
end;
userdefinedsymbolsMREW.endread;
end;
procedure TSymhandler.AddUserdefinedSymbol(address: dword; symbolname: string);
begin
if address=0 then raise symexception.Create('You can''t add a symbol with address 0');
if getuserdefinedsymbolbyname(symbolname)>0 then raise symexception.Create(symbolname+' already exists');
userdefinedsymbolsMREW.beginwrite;
try
if userdefinedsymbolspos+1>=length(userdefinedsymbols) then
setlength(userdefinedsymbols,length(userdefinedsymbols)*2);
userdefinedsymbols[userdefinedsymbolspos].address:=address;
userdefinedsymbols[userdefinedsymbolspos].symbolname:=symbolname;
inc(userdefinedsymbolspos);
if assigned(UserdefinedSymbolCallback) then
UserdefinedSymbolCallback();
finally
userdefinedsymbolsMREW.endwrite;
end;
end;
procedure TSymhandler.EnumerateUserdefinedSymbols(list:tstrings);
var i: integer;
begin
list.Clear;
userdefinedsymbolsMREW.BeginRead;
for i:=0 to userdefinedsymbolspos-1 do
list.Addobject(userdefinedsymbols[i].symbolname,pointer(userdefinedsymbols[i].address));
userdefinedsymbolsMREW.EndRead;
end;
procedure TSymhandler.fillMemoryRegionsWithModuleData(var mr: TMemoryregions; startaddress: dword; size: dword);
{
This routine will fill in a TMemoryRegions array with the base and startaddress of the modules it found
}
var currentaddress: dword;
mi: tmoduleinfo;
sizeleft: dword;
i: integer;
closest: integer;
ok: boolean;
begin
modulelistMREW.beginread;
try
if modulelistpos=0 then exit;
currentaddress:=startaddress;
sizeleft:=size;
while sizeleft>0 do
begin
//find a module with currentaddress if nothing found, find the one with the lowest base address after it
if getmodulebyaddress(currentaddress,mi) then
begin
setlength(mr,length(mr)+1);
mr[length(mr)-1].BaseAddress:=currentaddress;
mr[length(mr)-1].MemorySize:=mi.basesize-(currentaddress-mi.baseaddress);
if mr[length(mr)-1].MemorySize>sizeleft then
mr[length(mr)-1].MemorySize:=sizeleft;
sizeleft:=sizeleft-mr[length(mr)-1].MemorySize;
inc(currentaddress,mr[length(mr)-1].MemorySize);
end
else
begin
//move the currentaddress to the next module
closest:=-1;
for i:=0 to modulelistpos-1 do
begin
if modulelist[i].baseaddress>currentaddress then
begin
closest:=i;
break;
end;
end;
//first make sure there is a bigger module
for i:=0 to modulelistpos-1 do
if (modulelist[i].baseaddress>currentaddress) and (modulelist[i].baseaddress<modulelist[closest].baseaddress) then
closest:=i;
if modulelist[closest].baseaddress<currentaddress then exit; //nothing found
mi:=modulelist[closest];
inc(sizeleft,mi.baseaddress-currentaddress);
currentaddress:=mi.baseaddress;
end;
end;
finally
modulelistMREW.endread;
end;
end;
procedure TSymhandler.getModuleList(list: tstrings);
var i: integer;
begin
modulelistMREW.BeginRead;
for i:=0 to modulelistpos-1 do
list.AddObject(modulelist[i].modulename,tobject(modulelist[i].baseaddress));
modulelistMREW.EndRead;
end;
function TSymhandler.getmodulebyaddress(address: dword; var mi: TModuleInfo):BOOLEAN;
var i: integer;
begin
result:=false;
modulelistMREW.beginread;
for i:=0 to modulelistpos-1 do
if (address>=modulelist[i].baseaddress) and (address<modulelist[i].baseaddress+modulelist[i].basesize) then
begin
mi:=modulelist[i];
result:=true;
break;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -