📄 symbols.c
字号:
/*++
Copyright (c) 1998-2001 Klaus P. Gerlicher
Module ModuleName:
symbols.c
Abstract:
Environment:
Kernel mode only
Author:
Klaus P. Gerlicher
Reactos Port by Eugene Ingerman
Revision History:
19-Aug-1998: created
15-Nov-2000: general cleanup of source files
Copyright notice:
This file may be distributed under the terms of the GNU Public License.
--*/
////////////////////////////////////////////////////
// INCLUDES
////
#include "remods.h"
#include "precomp.h"
#include "stab_gnu.h"
#include <ntdll/ldr.h>
#include <ntdll/rtl.h>
#include <internal/ps.h>
#include <internal/ob.h>
#include <internal/module.h>
#define NDEBUG
#include <debug.h>
PVOID pExports=0;
ULONG ulExportLen=0;
LOCAL_VARIABLE local_vars[512];
PICE_SYMBOLFILE_HEADER* apSymbols[32]={NULL,};
ULONG ulNumSymbolsLoaded=0;
ULONG kernel_end=0;
char tempSym[1024]; // temp buffer for output
PULONG LocalRegs[]=
{
&CurrentEAX,
&CurrentECX,
&CurrentEDX,
&CurrentEBX,
&CurrentESP,
&CurrentEBP,
&CurrentESI,
&CurrentEDI,
&CurrentEIP,
&CurrentEFL
};
typedef struct _VRET
{
ULONG value;
ULONG type;
ULONG father_type;
ULONG error;
ULONG file;
ULONG size;
ULONG address;
char name[256];
char type_name[256];
BOOLEAN bPtrType;
BOOLEAN bStructType;
BOOLEAN bArrayType;
PICE_SYMBOLFILE_HEADER* pSymbols;
}VRET,*PVRET;
ULONG ulIndex;
LPSTR pExpression;
VRET vr;
VRET vrStructMembers[1024];
ULONG ulNumStructMembers;
BOOLEAN Expression(PVRET pvr);
LIST_ENTRY *pModuleListHead = NULL;
extern PDIRECTORY_OBJECT *pNameSpaceRoot;
extern PDEBUG_MODULE pdebug_module_tail;
extern PDEBUG_MODULE pdebug_module_head;
PVOID HEADER_TO_BODY(POBJECT_HEADER obj)
{
return(((void *)obj)+sizeof(OBJECT_HEADER)-sizeof(COMMON_BODY_HEADER));
}
POBJECT_HEADER BODY_TO_HEADER(PVOID body)
{
PCOMMON_BODY_HEADER chdr = (PCOMMON_BODY_HEADER)body;
return(CONTAINING_RECORD((&(chdr->Type)),OBJECT_HEADER,Type));
}
/*-----------------12/26/2001 7:59PM----------------
* FreeModuleList - free list allocated with InitModuleList. Must
* be called at passive irql.
* --------------------------------------------------*/
VOID FreeModuleList( PDEBUG_MODULE pm )
{
PDEBUG_MODULE pNext = pm;
ENTER_FUNC();
while( pNext ){
pNext = pm->next;
ExFreePool( pm );
}
LEAVE_FUNC();
}
/*-----------------12/26/2001 7:58PM----------------
* InitModuleList - creates linked list of length len for debugger. Can't be
* called at elevated IRQL
* --------------------------------------------------*/
BOOLEAN InitModuleList( PDEBUG_MODULE *ppmodule, ULONG len )
{
ULONG i;
PDEBUG_MODULE pNext = NULL, pm = *ppmodule;
ENTER_FUNC();
ASSERT(pm==NULL);
for(i=1;i<=len;i++){
pm = (PDEBUG_MODULE)ExAllocatePool( NonPagedPool, sizeof( DEBUG_MODULE ) );
if( !pm ){
FreeModuleList(pNext);
return FALSE;
}
pm->next = pNext;
pm->size = 0;
pm->BaseAddress = NULL;
//DbgPrint("len1: %d\n", pm->name.Length);
pNext = pm;
}
*ppmodule = pm;
LEAVE_FUNC();
return TRUE;
}
BOOLEAN ListUserModules( PPEB peb )
{
PLIST_ENTRY UserModuleListHead;
PLIST_ENTRY Entry;
PLDR_DATA_TABLE_ENTRY Module;
PPEB_LDR_DATA Ldr;
ENTER_FUNC();
Ldr = peb->Ldr;
if( Ldr && IsAddressValid((ULONG)Ldr)){
UserModuleListHead = &Ldr->InLoadOrderModuleList;
ASSERT(IsAddressValid((ULONG)UserModuleListHead));
Entry = UserModuleListHead->Flink;
while (Entry != UserModuleListHead)
{
Module = CONTAINING_RECORD(Entry, LDR_DATA_TABLE_ENTRY, InLoadOrderModuleList);
//DbgPrint("Module: %x, BaseAddress: %x\n", Module, Module->BaseAddress);
DPRINT((0,"FullName: %S, BaseName: %S, Length: %ld, EntryPoint: %x, BaseAddress: %x\n", Module->FullDllName.Buffer,
Module->BaseDllName.Buffer, Module->SizeOfImage, Module->EntryPoint, Module->BaseAddress ));
pdebug_module_tail->size = Module->SizeOfImage;
pdebug_module_tail->BaseAddress = Module->BaseAddress;
pdebug_module_tail->EntryPoint = (PVOID)(Module->EntryPoint);
ASSERT(Module->BaseDllName.Length<DEBUG_MODULE_NAME_LEN); //name length is limited
PICE_wcscpy( pdebug_module_tail->name, Module->BaseDllName.Buffer );
pdebug_module_tail = pdebug_module_tail->next;
Entry = Entry->Flink;
}
}
LEAVE_FUNC();
return TRUE;
}
POBJECT FindDriverObjectDirectory( void )
{
PLIST_ENTRY current;
POBJECT_HEADER current_obj;
PDIRECTORY_OBJECT pd;
ENTER_FUNC();
if( pNameSpaceRoot && *pNameSpaceRoot ){
current = (*pNameSpaceRoot)->head.Flink;
while (current!=(&((*pNameSpaceRoot)->head)))
{
current_obj = CONTAINING_RECORD(current,OBJECT_HEADER,Entry);
DPRINT((0,"Scanning %S\n",current_obj->Name.Buffer));
if (_wcsicmp(current_obj->Name.Buffer, L"Modules")==0)
{
pd=HEADER_TO_BODY(current_obj);
DPRINT((0,"Found it %x\n",pd));
return pd;
}
current = current->Flink;
}
}
LEAVE_FUNC();
return NULL;
}
BOOLEAN ListDriverModules( void )
{
PLIST_ENTRY current_entry;
PMODULE_OBJECT current;
POBJECT_HEADER current_obj;
ENTER_FUNC();
ASSERT( pModuleListHead );
current_entry = pModuleListHead->Flink;
while (current_entry != (pModuleListHead)){
current = CONTAINING_RECORD(current_entry,MODULE_OBJECT,ListEntry);
DPRINT((0,"FullName: %S, BaseName: %S, Length: %ld, EntryPoint: %x\n", current->FullName.Buffer,
current->BaseName.Buffer, current->Length, current->EntryPoint ));
pdebug_module_tail->BaseAddress = current->Base;
pdebug_module_tail->size = current->Length;
PICE_wcscpy( pdebug_module_tail->name, current->BaseName.Buffer);
pdebug_module_tail->EntryPoint = current->EntryPoint;
pdebug_module_tail = pdebug_module_tail->next;
if (current && _wcsicmp(current->BaseName.Buffer, L"ntoskrnl")==0)
{
kernel_end = (ULONG)current->Base + current->Length;
}
current_entry = current_entry->Flink;
}
LEAVE_FUNC();
return TRUE;
}
BOOLEAN BuildModuleList( void )
{
PPEB peb;
PEPROCESS tsk;
ENTER_FUNC();
pdebug_module_tail = pdebug_module_head;
tsk = IoGetCurrentProcess();
ASSERT(IsAddressValid((ULONG)tsk));
if( tsk ){
peb = tsk->Peb;
if( peb ){
if( !ListUserModules( peb ) ){
LEAVE_FUNC();
return FALSE;
}
}
}
if( !ListDriverModules() ){
LEAVE_FUNC();
return FALSE;
}
LEAVE_FUNC();
return TRUE;
}
//*************************************************************************
// IsModuleLoaded()
//
//*************************************************************************
PDEBUG_MODULE IsModuleLoaded(LPSTR p)
{
PDEBUG_MODULE pd;
ENTER_FUNC();
DPRINT((0,"IsModuleLoaded(%s)\n",p));
if(BuildModuleList())
{
pd = pdebug_module_head;
do
{
char temp[DEBUG_MODULE_NAME_LEN];
DPRINT((0,"module (%x) %S\n",pd->size,pd->name));
CopyWideToAnsi(temp,pd->name);
if(pd->size && PICE_strcmpi(p,temp) == 0)
{
DPRINT((0,"module %S is loaded!\n",pd->name));
LEAVE_FUNC();
return pd;
}
}while((pd = pd->next)!=pdebug_module_tail);
}
LEAVE_FUNC();
return NULL;
}
//*************************************************************************
// ScanExports()
//
//*************************************************************************
BOOLEAN ScanExports(const char *pFind,PULONG pValue)
{
char temp[256];
LPSTR pStr=NULL;
LPSTR pExp = pExports;
BOOLEAN bResult = FALSE;
ENTER_FUNC();
DPRINT((0,"ScanExports pValue: %x\n", pValue));
nomatch:
if(pExports)
pStr = strstr(pExp,pFind);
if(pStr)
{
LPSTR p;
ULONG state;
LPSTR pOldStr = pStr;
for(;(*pStr!=0x0a && *pStr!=0x0d) && (ULONG)pStr>=(ULONG)pExports;pStr--);
pStr++;
p = temp;
for(;(*pStr!=0x0a && *pStr!=0x0d);)*p++=*pStr++;
*p=0;
p = (LPSTR) PICE_strtok(temp," ");
state=0;
while(p)
{
switch(state)
{
case 0:
ConvertTokenToHex(p,pValue);
break;
case 1:
break;
case 2:
if(strcmp(p,pFind)!=0)
{
DPRINT((0,"Not: %s\n", p));
pExp = pOldStr+1;
goto nomatch;
}
state = -1;
bResult = TRUE;
DPRINT((0,"%s @ %x\n",pFind,*pValue));
goto exit;
break;
}
state++;
p = (char*) PICE_strtok(NULL," ");
}
}
exit:
DPRINT((0,"%s %x @ %x\n",pFind,pValue,*pValue));
LEAVE_FUNC();
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -