/*++ BUILD Version: 0001 Increment this if a change has global effects Copyright (c) 1993-1999 Microsoft Corporation Module Name: imagehlp.x Abstract: Used with hextract.exe, build imagehlp.h and dbghelp.h. As imagehlp.h, this module defines the prototypes and constants required for the image help routines. As dbghelp.h, it also contains debugging support routines that are redistributable. Revision History: --*/ // HEXTRACT: begin_imagehlp begin_dbghelp hide_line // As a general principal always call the 64 bit version // of every API, if a choice exists. The 64 bit version // works great on 32 bit platforms, and is forward // compatible to 64 bit platforms. #ifdef _WIN64 #ifndef _IMAGEHLP64 #define _IMAGEHLP64 #endif #endif // HEXTRACT: end_dbghelp hide_line #ifndef WINTRUST_H #include #endif // HEXTRACT: begin_dbghelp hide_line #ifdef __cplusplus extern "C" { #endif #ifdef _IMAGEHLP_SOURCE_ #define IMAGEAPI __stdcall #define DBHLP_DEPRECIATED #else #define IMAGEAPI DECLSPEC_IMPORT __stdcall #if (_MSC_VER >= 1300) && !defined(MIDL_PASS) #define DBHLP_DEPRECIATED __declspec(deprecated) #else #define DBHLP_DEPRECIATED #endif #endif #define DBHLPAPI IMAGEAPI #define IMAGE_SEPARATION (64*1024) typedef struct _LOADED_IMAGE { PSTR ModuleName; HANDLE hFile; PUCHAR MappedAddress; #ifdef _IMAGEHLP64 PIMAGE_NT_HEADERS64 FileHeader; #else PIMAGE_NT_HEADERS32 FileHeader; #endif PIMAGE_SECTION_HEADER LastRvaSection; ULONG NumberOfSections; PIMAGE_SECTION_HEADER Sections; ULONG Characteristics; BOOLEAN fSystemImage; BOOLEAN fDOSImage; LIST_ENTRY Links; ULONG SizeOfImage; } LOADED_IMAGE, *PLOADED_IMAGE; #define MAX_SYM_NAME 2000 // HEXTRACT: end_dbghelp hide_line BOOL IMAGEAPI BindImage( IN PSTR ImageName, IN PSTR DllPath, IN PSTR SymbolPath ); typedef enum _IMAGEHLP_STATUS_REASON { BindOutOfMemory, BindRvaToVaFailed, BindNoRoomInImage, BindImportModuleFailed, BindImportProcedureFailed, BindImportModule, BindImportProcedure, BindForwarder, BindForwarderNOT, BindImageModified, BindExpandFileHeaders, BindImageComplete, BindMismatchedSymbols, BindSymbolsNotUpdated, BindImportProcedure32, BindImportProcedure64, BindForwarder32, BindForwarder64, BindForwarderNOT32, BindForwarderNOT64 } IMAGEHLP_STATUS_REASON; typedef BOOL (__stdcall *PIMAGEHLP_STATUS_ROUTINE)( IMAGEHLP_STATUS_REASON Reason, PSTR ImageName, PSTR DllName, ULONG_PTR Va, ULONG_PTR Parameter ); typedef BOOL (__stdcall *PIMAGEHLP_STATUS_ROUTINE32)( IMAGEHLP_STATUS_REASON Reason, PSTR ImageName, PSTR DllName, ULONG Va, ULONG_PTR Parameter ); typedef BOOL (__stdcall *PIMAGEHLP_STATUS_ROUTINE64)( IMAGEHLP_STATUS_REASON Reason, PSTR ImageName, PSTR DllName, ULONG64 Va, ULONG_PTR Parameter ); BOOL IMAGEAPI BindImageEx( IN DWORD Flags, IN PSTR ImageName, IN PSTR DllPath, IN PSTR SymbolPath, IN PIMAGEHLP_STATUS_ROUTINE StatusRoutine ); #define BIND_NO_BOUND_IMPORTS 0x00000001 #define BIND_NO_UPDATE 0x00000002 #define BIND_ALL_IMAGES 0x00000004 #define BIND_CACHE_IMPORT_DLLS 0x00000008 // Cache dll's across // calls to BindImageEx // (same as NT 3.1->NT 4.0) #define BIND_REPORT_64BIT_VA 0x00000010 BOOL IMAGEAPI ReBaseImage( IN PSTR CurrentImageName, IN PSTR SymbolPath, IN BOOL fReBase, // TRUE if actually rebasing, false if only summing IN BOOL fRebaseSysfileOk, // TRUE is system images s/b rebased IN BOOL fGoingDown, // TRUE if the image s/b rebased below the given base IN ULONG CheckImageSize, // Max size allowed (0 if don't care) OUT ULONG *OldImageSize, // Returned from the header OUT ULONG_PTR *OldImageBase, // Returned from the header OUT ULONG *NewImageSize, // Image size rounded to next separation boundary IN OUT ULONG_PTR *NewImageBase, // (in) Desired new address. // (out) Next address (actual if going down) IN ULONG TimeStamp // new timestamp for image, if non-zero ); BOOL IMAGEAPI ReBaseImage64( IN PSTR CurrentImageName, IN PSTR SymbolPath, IN BOOL fReBase, // TRUE if actually rebasing, false if only summing IN BOOL fRebaseSysfileOk, // TRUE is system images s/b rebased IN BOOL fGoingDown, // TRUE if the image s/b rebased below the given base IN ULONG CheckImageSize, // Max size allowed (0 if don't care) OUT ULONG *OldImageSize, // Returned from the header OUT ULONG64 *OldImageBase, // Returned from the header OUT ULONG *NewImageSize, // Image size rounded to next separation boundary IN OUT ULONG64 *NewImageBase, // (in) Desired new address. // (out) Next address (actual if going down) IN ULONG TimeStamp // new timestamp for image, if non-zero ); // // Define checksum return codes. // #define CHECKSUM_SUCCESS 0 #define CHECKSUM_OPEN_FAILURE 1 #define CHECKSUM_MAP_FAILURE 2 #define CHECKSUM_MAPVIEW_FAILURE 3 #define CHECKSUM_UNICODE_FAILURE 4 // Define Splitsym flags. #define SPLITSYM_REMOVE_PRIVATE 0x00000001 // Remove CV types/symbols and Fixup debug // Used for creating .dbg files that ship // as part of the product. #define SPLITSYM_EXTRACT_ALL 0x00000002 // Extract all debug info from image. // Normally, FPO is left in the image // to allow stack traces through the code. // Using this switch is similar to linking // with -debug:none except the .dbg file // exists... #define SPLITSYM_SYMBOLPATH_IS_SRC 0x00000004 // The SymbolFilePath contains an alternate // path to locate the pdb. // // Define checksum function prototypes. // PIMAGE_NT_HEADERS IMAGEAPI CheckSumMappedFile ( PVOID BaseAddress, DWORD FileLength, PDWORD HeaderSum, PDWORD CheckSum ); DWORD IMAGEAPI MapFileAndCheckSumA ( PSTR Filename, PDWORD HeaderSum, PDWORD CheckSum ); DWORD IMAGEAPI MapFileAndCheckSumW ( PWSTR Filename, PDWORD HeaderSum, PDWORD CheckSum ); #ifdef UNICODE #define MapFileAndCheckSum MapFileAndCheckSumW #else #define MapFileAndCheckSum MapFileAndCheckSumA #endif // !UNICODE BOOL IMAGEAPI GetImageConfigInformation( PLOADED_IMAGE LoadedImage, PIMAGE_LOAD_CONFIG_DIRECTORY ImageConfigInformation ); DWORD IMAGEAPI GetImageUnusedHeaderBytes( PLOADED_IMAGE LoadedImage, PDWORD SizeUnusedHeaderBytes ); BOOL IMAGEAPI SetImageConfigInformation( PLOADED_IMAGE LoadedImage, PIMAGE_LOAD_CONFIG_DIRECTORY ImageConfigInformation ); // Image Integrity API's #define CERT_PE_IMAGE_DIGEST_DEBUG_INFO 0x01 #define CERT_PE_IMAGE_DIGEST_RESOURCES 0x02 #define CERT_PE_IMAGE_DIGEST_ALL_IMPORT_INFO 0x04 #define CERT_PE_IMAGE_DIGEST_NON_PE_INFO 0x08 // include data outside the PE image #define CERT_SECTION_TYPE_ANY 0xFF // Any Certificate type typedef PVOID DIGEST_HANDLE; typedef BOOL (WINAPI *DIGEST_FUNCTION) (DIGEST_HANDLE refdata, PBYTE pData, DWORD dwLength); BOOL IMAGEAPI ImageGetDigestStream( IN HANDLE FileHandle, IN DWORD DigestLevel, IN DIGEST_FUNCTION DigestFunction, IN DIGEST_HANDLE DigestHandle ); BOOL IMAGEAPI ImageAddCertificate( IN HANDLE FileHandle, IN LPWIN_CERTIFICATE Certificate, OUT PDWORD Index ); BOOL IMAGEAPI ImageRemoveCertificate( IN HANDLE FileHandle, IN DWORD Index ); BOOL IMAGEAPI ImageEnumerateCertificates( IN HANDLE FileHandle, IN WORD TypeFilter, OUT PDWORD CertificateCount, IN OUT PDWORD Indices OPTIONAL, IN OUT DWORD IndexCount OPTIONAL ); BOOL IMAGEAPI ImageGetCertificateData( IN HANDLE FileHandle, IN DWORD CertificateIndex, OUT LPWIN_CERTIFICATE Certificate, IN OUT PDWORD RequiredLength ); BOOL IMAGEAPI ImageGetCertificateHeader( IN HANDLE FileHandle, IN DWORD CertificateIndex, IN OUT LPWIN_CERTIFICATE Certificateheader ); PLOADED_IMAGE IMAGEAPI ImageLoad( PSTR DllName, PSTR DllPath ); BOOL IMAGEAPI ImageUnload( PLOADED_IMAGE LoadedImage ); BOOL IMAGEAPI MapAndLoad( PSTR ImageName, PSTR DllPath, PLOADED_IMAGE LoadedImage, BOOL DotDll, BOOL ReadOnly ); BOOL IMAGEAPI UnMapAndLoad( PLOADED_IMAGE LoadedImage ); BOOL IMAGEAPI TouchFileTimes ( HANDLE FileHandle, PSYSTEMTIME pSystemTime ); BOOL IMAGEAPI SplitSymbols ( PSTR ImageName, PSTR SymbolsPath, PSTR SymbolFilePath, DWORD Flags // Combination of flags above ); BOOL IMAGEAPI UpdateDebugInfoFile( PSTR ImageFileName, PSTR SymbolPath, PSTR DebugFilePath, PIMAGE_NT_HEADERS32 NtHeaders ); BOOL IMAGEAPI UpdateDebugInfoFileEx( PSTR ImageFileName, PSTR SymbolPath, PSTR DebugFilePath, PIMAGE_NT_HEADERS32 NtHeaders, DWORD OldChecksum ); // HEXTRACT: begin_dbghelp hide_line HANDLE IMAGEAPI FindDebugInfoFile ( PSTR FileName, PSTR SymbolPath, PSTR DebugFilePath ); typedef BOOL (CALLBACK *PFIND_DEBUG_FILE_CALLBACK)( HANDLE FileHandle, PSTR FileName, PVOID CallerData ); HANDLE IMAGEAPI FindDebugInfoFileEx ( PSTR FileName, PSTR SymbolPath, PSTR DebugFilePath, PFIND_DEBUG_FILE_CALLBACK Callback, PVOID CallerData ); typedef BOOL (CALLBACK *PFINDFILEINPATHCALLBACK)( PSTR filename, PVOID context ); BOOL IMAGEAPI SymFindFileInPath( HANDLE hprocess, LPSTR SearchPath, LPSTR FileName, PVOID id, DWORD two, DWORD three, DWORD flags, LPSTR FoundFile, PFINDFILEINPATHCALLBACK callback, PVOID context ); HANDLE IMAGEAPI FindExecutableImage( PSTR FileName, PSTR SymbolPath, PSTR ImageFilePath ); typedef BOOL (CALLBACK *PFIND_EXE_FILE_CALLBACK)( HANDLE FileHandle, PSTR FileName, PVOID CallerData ); HANDLE IMAGEAPI FindExecutableImageEx( PSTR FileName, PSTR SymbolPath, PSTR ImageFilePath, PFIND_EXE_FILE_CALLBACK Callback, PVOID CallerData ); PIMAGE_NT_HEADERS IMAGEAPI ImageNtHeader ( IN PVOID Base ); PVOID IMAGEAPI ImageDirectoryEntryToDataEx ( IN PVOID Base, IN BOOLEAN MappedAsImage, IN USHORT DirectoryEntry, OUT PULONG Size, OUT PIMAGE_SECTION_HEADER *FoundHeader OPTIONAL ); PVOID IMAGEAPI ImageDirectoryEntryToData ( IN PVOID Base, IN BOOLEAN MappedAsImage, IN USHORT DirectoryEntry, OUT PULONG Size ); PIMAGE_SECTION_HEADER IMAGEAPI ImageRvaToSection( IN PIMAGE_NT_HEADERS NtHeaders, IN PVOID Base, IN ULONG Rva ); PVOID IMAGEAPI ImageRvaToVa( IN PIMAGE_NT_HEADERS NtHeaders, IN PVOID Base, IN ULONG Rva, IN OUT PIMAGE_SECTION_HEADER *LastRvaSection ); // Symbol server exports typedef BOOL (WINAPI *PSYMBOLSERVERPROC)(LPCSTR, LPCSTR, PVOID, DWORD, DWORD, LPSTR); typedef BOOL (WINAPI *PSYMBOLSERVEROPENPROC)(VOID); typedef BOOL (WINAPI *PSYMBOLSERVERCLOSEPROC)(VOID); typedef BOOL (WINAPI *PSYMBOLSERVERSETOPTIONSPROC)(UINT_PTR, ULONG64); typedef BOOL (CALLBACK WINAPI *PSYMBOLSERVERCALLBACKPROC)(UINT_PTR action, ULONG64 data, ULONG64 context); typedef UINT_PTR (WINAPI *PSYMBOLSERVERGETOPTIONSPROC)(); typedef BOOL (WINAPI *PSYMBOLSERVERPINGPROC)(LPCSTR); #define SSRVOPT_CALLBACK 0x0001 #define SSRVOPT_DWORD 0x0002 #define SSRVOPT_DWORDPTR 0x0004 #define SSRVOPT_GUIDPTR 0x0008 #define SSRVOPT_OLDGUIDPTR 0x0010 #define SSRVOPT_UNATTENDED 0x0020 #define SSRVOPT_NOCOPY 0x0040 #define SSRVOPT_PARENTWIN 0x0080 #define SSRVOPT_PARAMTYPE 0x0100 #define SSRVOPT_SECURE 0x0200 #define SSRVOPT_TRACE 0x0400 #define SSRVOPT_SETCONTEXT 0x0800 #define SSRVOPT_PROXY 0x1000 #define SSRVOPT_DOWNSTREAM_STORE 0x2000 #define SSRVOPT_RESET ((ULONG_PTR)-1) #define SSRVACTION_TRACE 1 #define SSRVACTION_QUERYCANCEL 2 #define SSRVACTION_EVENT 3 #ifndef _WIN64 // This api won't be ported to Win64 - Fix your code. typedef struct _IMAGE_DEBUG_INFORMATION { LIST_ENTRY List; DWORD ReservedSize; PVOID ReservedMappedBase; USHORT ReservedMachine; USHORT ReservedCharacteristics; DWORD ReservedCheckSum; DWORD ImageBase; DWORD SizeOfImage; DWORD ReservedNumberOfSections; PIMAGE_SECTION_HEADER ReservedSections; DWORD ReservedExportedNamesSize; PSTR ReservedExportedNames; DWORD ReservedNumberOfFunctionTableEntries; PIMAGE_FUNCTION_ENTRY ReservedFunctionTableEntries; DWORD ReservedLowestFunctionStartingAddress; DWORD ReservedHighestFunctionEndingAddress; DWORD ReservedNumberOfFpoTableEntries; PFPO_DATA ReservedFpoTableEntries; DWORD SizeOfCoffSymbols; PIMAGE_COFF_SYMBOLS_HEADER CoffSymbols; DWORD ReservedSizeOfCodeViewSymbols; PVOID ReservedCodeViewSymbols; PSTR ImageFilePath; PSTR ImageFileName; PSTR ReservedDebugFilePath; DWORD ReservedTimeDateStamp; BOOL ReservedRomImage; PIMAGE_DEBUG_DIRECTORY ReservedDebugDirectory; DWORD ReservedNumberOfDebugDirectories; DWORD ReservedOriginalFunctionTableBaseAddress; DWORD Reserved[ 2 ]; } IMAGE_DEBUG_INFORMATION, *PIMAGE_DEBUG_INFORMATION; PIMAGE_DEBUG_INFORMATION IMAGEAPI MapDebugInformation( HANDLE FileHandle, PSTR FileName, PSTR SymbolPath, DWORD ImageBase ); BOOL IMAGEAPI UnmapDebugInformation( PIMAGE_DEBUG_INFORMATION DebugInfo ); #endif BOOL IMAGEAPI SearchTreeForFile( PSTR RootPath, PSTR InputPathName, PSTR OutputPathBuffer ); typedef BOOL (CALLBACK *PENUMDIRTREE_CALLBACK)( LPCSTR FilePath, PVOID CallerData ); BOOL IMAGEAPI EnumDirTree( HANDLE hProcess, PSTR RootPath, PSTR InputPathName, PSTR OutputPathBuffer, PENUMDIRTREE_CALLBACK Callback, PVOID CallbackData ); BOOL IMAGEAPI MakeSureDirectoryPathExists( PCSTR DirPath ); // // UnDecorateSymbolName Flags // #define UNDNAME_COMPLETE (0x0000) // Enable full undecoration #define UNDNAME_NO_LEADING_UNDERSCORES (0x0001) // Remove leading underscores from MS extended keywords #define UNDNAME_NO_MS_KEYWORDS (0x0002) // Disable expansion of MS extended keywords #define UNDNAME_NO_FUNCTION_RETURNS (0x0004) // Disable expansion of return type for primary declaration #define UNDNAME_NO_ALLOCATION_MODEL (0x0008) // Disable expansion of the declaration model #define UNDNAME_NO_ALLOCATION_LANGUAGE (0x0010) // Disable expansion of the declaration language specifier #define UNDNAME_NO_MS_THISTYPE (0x0020) // NYI Disable expansion of MS keywords on the 'this' type for primary declaration #define UNDNAME_NO_CV_THISTYPE (0x0040) // NYI Disable expansion of CV modifiers on the 'this' type for primary declaration #define UNDNAME_NO_THISTYPE (0x0060) // Disable all modifiers on the 'this' type #define UNDNAME_NO_ACCESS_SPECIFIERS (0x0080) // Disable expansion of access specifiers for members #define UNDNAME_NO_THROW_SIGNATURES (0x0100) // Disable expansion of 'throw-signatures' for functions and pointers to functions #define UNDNAME_NO_MEMBER_TYPE (0x0200) // Disable expansion of 'static' or 'virtual'ness of members #define UNDNAME_NO_RETURN_UDT_MODEL (0x0400) // Disable expansion of MS model for UDT returns #define UNDNAME_32_BIT_DECODE (0x0800) // Undecorate 32-bit decorated names #define UNDNAME_NAME_ONLY (0x1000) // Crack only the name for primary declaration; // return just [scope::]name. Does expand template params #define UNDNAME_NO_ARGUMENTS (0x2000) // Don't undecorate arguments to function #define UNDNAME_NO_SPECIAL_SYMS (0x4000) // Don't undecorate special names (v-table, vcall, vector xxx, metatype, etc) DWORD IMAGEAPI WINAPI UnDecorateSymbolName( PCSTR DecoratedName, // Name to undecorate PSTR UnDecoratedName, // If NULL, it will be allocated DWORD UndecoratedLength, // The maximym length DWORD Flags // See above. ); // // these values are used for synthesized file types // that can be passed in as image headers instead of // the standard ones from ntimage.h // #define DBHHEADER_DEBUGDIRS 0x1 typedef struct _MODLOAD_DATA { DWORD ssize; // size of this struct DWORD ssig; // signature identifying the passed data PVOID data; // pointer to passed data DWORD size; // size of passed data DWORD flags; // options } MODLOAD_DATA, *PMODLOAD_DATA; // // StackWalking API // typedef enum { AddrMode1616, AddrMode1632, AddrModeReal, AddrModeFlat } ADDRESS_MODE; typedef struct _tagADDRESS64 { DWORD64 Offset; WORD Segment; ADDRESS_MODE Mode; } ADDRESS64, *LPADDRESS64; #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64) #define ADDRESS ADDRESS64 #define LPADDRESS LPADDRESS64 #else typedef struct _tagADDRESS { DWORD Offset; WORD Segment; ADDRESS_MODE Mode; } ADDRESS, *LPADDRESS; __inline void Address32To64( LPADDRESS a32, LPADDRESS64 a64 ) { a64->Offset = (ULONG64)(LONG64)(LONG)a32->Offset; a64->Segment = a32->Segment; a64->Mode = a32->Mode; } __inline void Address64To32( LPADDRESS64 a64, LPADDRESS a32 ) { a32->Offset = (ULONG)a64->Offset; a32->Segment = a64->Segment; a32->Mode = a64->Mode; } #endif // // This structure is included in the STACKFRAME structure, // and is used to trace through usermode callbacks in a thread's // kernel stack. The values must be copied by the kernel debugger // from the DBGKD_GET_VERSION and WAIT_STATE_CHANGE packets. // // // New KDHELP structure for 64 bit system support. // This structure is preferred in new code. // typedef struct _KDHELP64 { // // address of kernel thread object, as provided in the // WAIT_STATE_CHANGE packet. // DWORD64 Thread; // // offset in thread object to pointer to the current callback frame // in kernel stack. // DWORD ThCallbackStack; // // offset in thread object to pointer to the current callback backing // store frame in kernel stack. // DWORD ThCallbackBStore; // // offsets to values in frame: // // address of next callback frame DWORD NextCallback; // address of saved frame pointer (if applicable) DWORD FramePointer; // // Address of the kernel function that calls out to user mode // DWORD64 KiCallUserMode; // // Address of the user mode dispatcher function // DWORD64 KeUserCallbackDispatcher; // // Lowest kernel mode address // DWORD64 SystemRangeStart; DWORD64 Reserved[8]; } KDHELP64, *PKDHELP64; #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64) #define KDHELP KDHELP64 #define PKDHELP PKDHELP64 #else typedef struct _KDHELP { // // address of kernel thread object, as provided in the // WAIT_STATE_CHANGE packet. // DWORD Thread; // // offset in thread object to pointer to the current callback frame // in kernel stack. // DWORD ThCallbackStack; // // offsets to values in frame: // // address of next callback frame DWORD NextCallback; // address of saved frame pointer (if applicable) DWORD FramePointer; // // Address of the kernel function that calls out to user mode // DWORD KiCallUserMode; // // Address of the user mode dispatcher function // DWORD KeUserCallbackDispatcher; // // Lowest kernel mode address // DWORD SystemRangeStart; // // offset in thread object to pointer to the current callback backing // store frame in kernel stack. // DWORD ThCallbackBStore; DWORD Reserved[8]; } KDHELP, *PKDHELP; __inline void KdHelp32To64( PKDHELP p32, PKDHELP64 p64 ) { p64->Thread = p32->Thread; p64->ThCallbackStack = p32->ThCallbackStack; p64->NextCallback = p32->NextCallback; p64->FramePointer = p32->FramePointer; p64->KiCallUserMode = p32->KiCallUserMode; p64->KeUserCallbackDispatcher = p32->KeUserCallbackDispatcher; p64->SystemRangeStart = p32->SystemRangeStart; } #endif typedef struct _tagSTACKFRAME64 { ADDRESS64 AddrPC; // program counter ADDRESS64 AddrReturn; // return address ADDRESS64 AddrFrame; // frame pointer ADDRESS64 AddrStack; // stack pointer ADDRESS64 AddrBStore; // backing store pointer PVOID FuncTableEntry; // pointer to pdata/fpo or NULL DWORD64 Params[4]; // possible arguments to the function BOOL Far; // WOW far call BOOL Virtual; // is this a virtual frame? DWORD64 Reserved[3]; KDHELP64 KdHelp; } STACKFRAME64, *LPSTACKFRAME64; #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64) #define STACKFRAME STACKFRAME64 #define LPSTACKFRAME LPSTACKFRAME64 #else typedef struct _tagSTACKFRAME { ADDRESS AddrPC; // program counter ADDRESS AddrReturn; // return address ADDRESS AddrFrame; // frame pointer ADDRESS AddrStack; // stack pointer PVOID FuncTableEntry; // pointer to pdata/fpo or NULL DWORD Params[4]; // possible arguments to the function BOOL Far; // WOW far call BOOL Virtual; // is this a virtual frame? DWORD Reserved[3]; KDHELP KdHelp; ADDRESS AddrBStore; // backing store pointer } STACKFRAME, *LPSTACKFRAME; #endif typedef BOOL (__stdcall *PREAD_PROCESS_MEMORY_ROUTINE64)( HANDLE hProcess, DWORD64 qwBaseAddress, PVOID lpBuffer, DWORD nSize, LPDWORD lpNumberOfBytesRead ); typedef PVOID (__stdcall *PFUNCTION_TABLE_ACCESS_ROUTINE64)( HANDLE hProcess, DWORD64 AddrBase ); typedef DWORD64 (__stdcall *PGET_MODULE_BASE_ROUTINE64)( HANDLE hProcess, DWORD64 Address ); typedef DWORD64 (__stdcall *PTRANSLATE_ADDRESS_ROUTINE64)( HANDLE hProcess, HANDLE hThread, LPADDRESS64 lpaddr ); BOOL IMAGEAPI StackWalk64( DWORD MachineType, HANDLE hProcess, HANDLE hThread, LPSTACKFRAME64 StackFrame, PVOID ContextRecord, PREAD_PROCESS_MEMORY_ROUTINE64 ReadMemoryRoutine, PFUNCTION_TABLE_ACCESS_ROUTINE64 FunctionTableAccessRoutine, PGET_MODULE_BASE_ROUTINE64 GetModuleBaseRoutine, PTRANSLATE_ADDRESS_ROUTINE64 TranslateAddress ); #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64) #define PREAD_PROCESS_MEMORY_ROUTINE PREAD_PROCESS_MEMORY_ROUTINE64 #define PFUNCTION_TABLE_ACCESS_ROUTINE PFUNCTION_TABLE_ACCESS_ROUTINE64 #define PGET_MODULE_BASE_ROUTINE PGET_MODULE_BASE_ROUTINE64 #define PTRANSLATE_ADDRESS_ROUTINE PTRANSLATE_ADDRESS_ROUTINE64 #define StackWalk StackWalk64 #else typedef BOOL (__stdcall *PREAD_PROCESS_MEMORY_ROUTINE)( HANDLE hProcess, DWORD lpBaseAddress, PVOID lpBuffer, DWORD nSize, PDWORD lpNumberOfBytesRead ); typedef PVOID (__stdcall *PFUNCTION_TABLE_ACCESS_ROUTINE)( HANDLE hProcess, DWORD AddrBase ); typedef DWORD (__stdcall *PGET_MODULE_BASE_ROUTINE)( HANDLE hProcess, DWORD Address ); typedef DWORD (__stdcall *PTRANSLATE_ADDRESS_ROUTINE)( HANDLE hProcess, HANDLE hThread, LPADDRESS lpaddr ); BOOL IMAGEAPI StackWalk( DWORD MachineType, HANDLE hProcess, HANDLE hThread, LPSTACKFRAME StackFrame, PVOID ContextRecord, PREAD_PROCESS_MEMORY_ROUTINE ReadMemoryRoutine, PFUNCTION_TABLE_ACCESS_ROUTINE FunctionTableAccessRoutine, PGET_MODULE_BASE_ROUTINE GetModuleBaseRoutine, PTRANSLATE_ADDRESS_ROUTINE TranslateAddress ); #endif #define API_VERSION_NUMBER 9 typedef struct API_VERSION { USHORT MajorVersion; USHORT MinorVersion; USHORT Revision; USHORT Reserved; } API_VERSION, *LPAPI_VERSION; LPAPI_VERSION IMAGEAPI ImagehlpApiVersion( VOID ); LPAPI_VERSION IMAGEAPI ImagehlpApiVersionEx( LPAPI_VERSION AppVersion ); DWORD IMAGEAPI GetTimestampForLoadedLibrary( HMODULE Module ); // // typedefs for function pointers // typedef BOOL (CALLBACK *PSYM_ENUMMODULES_CALLBACK64)( PSTR ModuleName, DWORD64 BaseOfDll, PVOID UserContext ); typedef BOOL (CALLBACK *PSYM_ENUMSYMBOLS_CALLBACK64)( PSTR SymbolName, DWORD64 SymbolAddress, ULONG SymbolSize, PVOID UserContext ); typedef BOOL (CALLBACK *PSYM_ENUMSYMBOLS_CALLBACK64W)( PWSTR SymbolName, DWORD64 SymbolAddress, ULONG SymbolSize, PVOID UserContext ); typedef BOOL (CALLBACK *PENUMLOADED_MODULES_CALLBACK64)( PSTR ModuleName, DWORD64 ModuleBase, ULONG ModuleSize, PVOID UserContext ); typedef BOOL (CALLBACK *PSYMBOL_REGISTERED_CALLBACK64)( HANDLE hProcess, ULONG ActionCode, ULONG64 CallbackData, ULONG64 UserContext ); typedef PVOID (CALLBACK *PSYMBOL_FUNCENTRY_CALLBACK)( HANDLE hProcess, DWORD AddrBase, PVOID UserContext ); typedef PVOID (CALLBACK *PSYMBOL_FUNCENTRY_CALLBACK64)( HANDLE hProcess, ULONG64 AddrBase, ULONG64 UserContext ); #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64) #define PSYM_ENUMMODULES_CALLBACK PSYM_ENUMMODULES_CALLBACK64 #define PSYM_ENUMSYMBOLS_CALLBACK PSYM_ENUMSYMBOLS_CALLBACK64 #define PSYM_ENUMSYMBOLS_CALLBACKW PSYM_ENUMSYMBOLS_CALLBACK64W #define PENUMLOADED_MODULES_CALLBACK PENUMLOADED_MODULES_CALLBACK64 #define PSYMBOL_REGISTERED_CALLBACK PSYMBOL_REGISTERED_CALLBACK64 #define PSYMBOL_FUNCENTRY_CALLBACK PSYMBOL_FUNCENTRY_CALLBACK64 #else typedef BOOL (CALLBACK *PSYM_ENUMMODULES_CALLBACK)( PSTR ModuleName, ULONG BaseOfDll, PVOID UserContext ); typedef BOOL (CALLBACK *PSYM_ENUMSYMBOLS_CALLBACK)( PSTR SymbolName, ULONG SymbolAddress, ULONG SymbolSize, PVOID UserContext ); typedef BOOL (CALLBACK *PSYM_ENUMSYMBOLS_CALLBACKW)( PWSTR SymbolName, ULONG SymbolAddress, ULONG SymbolSize, PVOID UserContext ); typedef BOOL (CALLBACK *PENUMLOADED_MODULES_CALLBACK)( PSTR ModuleName, ULONG ModuleBase, ULONG ModuleSize, PVOID UserContext ); typedef BOOL (CALLBACK *PSYMBOL_REGISTERED_CALLBACK)( HANDLE hProcess, ULONG ActionCode, PVOID CallbackData, PVOID UserContext ); #endif // // flags found in SYMBOL_INFO.Flags // #define SYMFLAG_VALUEPRESENT 0x00000001 #define SYMFLAG_REGISTER 0x00000008 #define SYMFLAG_REGREL 0x00000010 #define SYMFLAG_FRAMEREL 0x00000020 #define SYMFLAG_PARAMETER 0x00000040 #define SYMFLAG_LOCAL 0x00000080 #define SYMFLAG_CONSTANT 0x00000100 #define SYMFLAG_EXPORT 0x00000200 #define SYMFLAG_FORWARDER 0x00000400 #define SYMFLAG_FUNCTION 0x00000800 #define SYMFLAG_VIRTUAL 0x00001000 #define SYMFLAG_THUNK 0x00002000 #define SYMFLAG_TLSREL 0x00004000 // // symbol type enumeration // typedef enum { SymNone = 0, SymCoff, SymCv, SymPdb, SymExport, SymDeferred, SymSym, // .sym file SymDia, SymVirtual, NumSymTypes } SYM_TYPE; // // symbol data structure // typedef struct _IMAGEHLP_SYMBOL64 { DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_SYMBOL64) DWORD64 Address; // virtual address including dll base address DWORD Size; // estimated size of symbol, can be zero DWORD Flags; // info about the symbols, see the SYMF defines DWORD MaxNameLength; // maximum size of symbol name in 'Name' CHAR Name[1]; // symbol name (null terminated string) } IMAGEHLP_SYMBOL64, *PIMAGEHLP_SYMBOL64; typedef struct _IMAGEHLP_SYMBOL64_PACKAGE { IMAGEHLP_SYMBOL64 sym; CHAR name[MAX_SYM_NAME + 1]; } IMAGEHLP_SYMBOL64_PACKAGE, *PIMAGEHLP_SYMBOL64_PACKAGE; #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64) #define IMAGEHLP_SYMBOL IMAGEHLP_SYMBOL64 #define PIMAGEHLP_SYMBOL PIMAGEHLP_SYMBOL64 #define IMAGEHLP_SYMBOL_PACKAGE IMAGEHLP_SYMBOL64_PACKAGE #define PIMAGEHLP_SYMBOL_PACKAGE PIMAGEHLP_SYMBOL64_PACKAGE #else typedef struct _IMAGEHLP_SYMBOL { DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_SYMBOL) DWORD Address; // virtual address including dll base address DWORD Size; // estimated size of symbol, can be zero DWORD Flags; // info about the symbols, see the SYMF defines DWORD MaxNameLength; // maximum size of symbol name in 'Name' CHAR Name[1]; // symbol name (null terminated string) } IMAGEHLP_SYMBOL, *PIMAGEHLP_SYMBOL; typedef struct _IMAGEHLP_SYMBOL_PACKAGE { IMAGEHLP_SYMBOL sym; CHAR name[MAX_SYM_NAME + 1]; } IMAGEHLP_SYMBOL_PACKAGE, *PIMAGEHLP_SYMBOL_PACKAGE; #endif // // module data structure // typedef struct _IMAGEHLP_MODULE64 { DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE64) DWORD64 BaseOfImage; // base load address of module DWORD ImageSize; // virtual size of the loaded module DWORD TimeDateStamp; // date/time stamp from pe header DWORD CheckSum; // checksum from the pe header DWORD NumSyms; // number of symbols in the symbol table SYM_TYPE SymType; // type of symbols loaded CHAR ModuleName[32]; // module name CHAR ImageName[256]; // image name // new elements: 07-Jun-2002 CHAR LoadedImageName[256]; // symbol file name CHAR LoadedPdbName[256]; // pdb file name DWORD CVSig; // Signature of the CV record in the debug directories CHAR CVData[MAX_PATH * 3]; // Contents of the CV record DWORD PdbSig; // Signature of PDB GUID PdbSig70; // Signature of PDB (VC 7 and up) DWORD PdbAge; // DBI age of pdb BOOL PdbUnmatched; // loaded an unmatched pdb BOOL DbgUnmatched; // loaded an unmatched dbg BOOL LineNumbers; // we have line number information BOOL GlobalSymbols; // we have internal symbol information BOOL TypeInfo; // we have type information } IMAGEHLP_MODULE64, *PIMAGEHLP_MODULE64; typedef struct _IMAGEHLP_MODULE64W { DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE64) DWORD64 BaseOfImage; // base load address of module DWORD ImageSize; // virtual size of the loaded module DWORD TimeDateStamp; // date/time stamp from pe header DWORD CheckSum; // checksum from the pe header DWORD NumSyms; // number of symbols in the symbol table SYM_TYPE SymType; // type of symbols loaded WCHAR ModuleName[32]; // module name WCHAR ImageName[256]; // image name // new elements: 07-Jun-2002 WCHAR LoadedImageName[256]; // symbol file name WCHAR LoadedPdbName[256]; // pdb file name DWORD CVSig; // Signature of the CV record in the debug directories WCHAR CVData[MAX_PATH * 3]; // Contents of the CV record DWORD PdbSig; // Signature of PDB GUID PdbSig70; // Signature of PDB (VC 7 and up) DWORD PdbAge; // DBI age of pdb BOOL PdbUnmatched; // loaded an unmatched pdb BOOL DbgUnmatched; // loaded an unmatched dbg BOOL LineNumbers; // we have line number information BOOL GlobalSymbols; // we have internal symbol information BOOL TypeInfo; // we have type information } IMAGEHLP_MODULEW64, *PIMAGEHLP_MODULEW64; #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64) #define IMAGEHLP_MODULE IMAGEHLP_MODULE64 #define PIMAGEHLP_MODULE PIMAGEHLP_MODULE64 #define IMAGEHLP_MODULEW IMAGEHLP_MODULEW64 #define PIMAGEHLP_MODULEW PIMAGEHLP_MODULEW64 #else typedef struct _IMAGEHLP_MODULE { DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE) DWORD BaseOfImage; // base load address of module DWORD ImageSize; // virtual size of the loaded module DWORD TimeDateStamp; // date/time stamp from pe header DWORD CheckSum; // checksum from the pe header DWORD NumSyms; // number of symbols in the symbol table SYM_TYPE SymType; // type of symbols loaded CHAR ModuleName[32]; // module name CHAR ImageName[256]; // image name CHAR LoadedImageName[256]; // symbol file name } IMAGEHLP_MODULE, *PIMAGEHLP_MODULE; typedef struct _IMAGEHLP_MODULEW { DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE) DWORD BaseOfImage; // base load address of module DWORD ImageSize; // virtual size of the loaded module DWORD TimeDateStamp; // date/time stamp from pe header DWORD CheckSum; // checksum from the pe header DWORD NumSyms; // number of symbols in the symbol table SYM_TYPE SymType; // type of symbols loaded WCHAR ModuleName[32]; // module name WCHAR ImageName[256]; // image name WCHAR LoadedImageName[256]; // symbol file name } IMAGEHLP_MODULEW, *PIMAGEHLP_MODULEW; #endif // // source file line data structure // typedef struct _IMAGEHLP_LINE64 { DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_LINE64) PVOID Key; // internal DWORD LineNumber; // line number in file PCHAR FileName; // full filename DWORD64 Address; // first instruction of line } IMAGEHLP_LINE64, *PIMAGEHLP_LINE64; #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64) #define IMAGEHLP_LINE IMAGEHLP_LINE64 #define PIMAGEHLP_LINE PIMAGEHLP_LINE64 #else typedef struct _IMAGEHLP_LINE { DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_LINE) PVOID Key; // internal DWORD LineNumber; // line number in file PCHAR FileName; // full filename DWORD Address; // first instruction of line } IMAGEHLP_LINE, *PIMAGEHLP_LINE; #endif // // source file structure // typedef struct _SOURCEFILE { DWORD64 ModBase; // base address of loaded module PCHAR FileName; // full filename of source } SOURCEFILE, *PSOURCEFILE; // // data structures used for registered symbol callbacks // #define CBA_DEFERRED_SYMBOL_LOAD_START 0x00000001 #define CBA_DEFERRED_SYMBOL_LOAD_COMPLETE 0x00000002 #define CBA_DEFERRED_SYMBOL_LOAD_FAILURE 0x00000003 #define CBA_SYMBOLS_UNLOADED 0x00000004 #define CBA_DUPLICATE_SYMBOL 0x00000005 #define CBA_READ_MEMORY 0x00000006 #define CBA_DEFERRED_SYMBOL_LOAD_CANCEL 0x00000007 #define CBA_SET_OPTIONS 0x00000008 #define CBA_EVENT 0x00000010 #define CBA_DEFERRED_SYMBOL_LOAD_PARTIAL 0x00000020 #define CBA_DEBUG_INFO 0x10000000 typedef struct _IMAGEHLP_CBA_READ_MEMORY { DWORD64 addr; // address to read from PVOID buf; // buffer to read to DWORD bytes; // amount of bytes to read DWORD *bytesread; // pointer to store amount of bytes read } IMAGEHLP_CBA_READ_MEMORY, *PIMAGEHLP_CBA_READ_MEMORY; enum { sevInfo = 0, sevProblem, sevAttn, sevFatal, sevMax // unused }; typedef struct _IMAGEHLP_CBA_EVENT { DWORD severity; // values from sevInfo to sevFatal DWORD code; // numerical code IDs the error PCHAR desc; // may contain a text description of the error PVOID object; // value dependant upon the error code } IMAGEHLP_CBA_EVENT, *PIMAGEHLP_CBA_EVENT; typedef struct _IMAGEHLP_DEFERRED_SYMBOL_LOAD64 { DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DEFERRED_SYMBOL_LOAD64) DWORD64 BaseOfImage; // base load address of module DWORD CheckSum; // checksum from the pe header DWORD TimeDateStamp; // date/time stamp from pe header CHAR FileName[MAX_PATH]; // symbols file or image name BOOLEAN Reparse; // load failure reparse HANDLE hFile; // file handle, if passed DWORD Flags; // } IMAGEHLP_DEFERRED_SYMBOL_LOAD64, *PIMAGEHLP_DEFERRED_SYMBOL_LOAD64; #define DSLFLAG_MISMATCHED_PDB 0x1 #define DSLFLAG_MISMATCHED_DBG 0x2 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64) #define IMAGEHLP_DEFERRED_SYMBOL_LOAD IMAGEHLP_DEFERRED_SYMBOL_LOAD64 #define PIMAGEHLP_DEFERRED_SYMBOL_LOAD PIMAGEHLP_DEFERRED_SYMBOL_LOAD64 #else typedef struct _IMAGEHLP_DEFERRED_SYMBOL_LOAD { DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DEFERRED_SYMBOL_LOAD) DWORD BaseOfImage; // base load address of module DWORD CheckSum; // checksum from the pe header DWORD TimeDateStamp; // date/time stamp from pe header CHAR FileName[MAX_PATH]; // symbols file or image name BOOLEAN Reparse; // load failure reparse HANDLE hFile; // file handle, if passed } IMAGEHLP_DEFERRED_SYMBOL_LOAD, *PIMAGEHLP_DEFERRED_SYMBOL_LOAD; #endif typedef struct _IMAGEHLP_DUPLICATE_SYMBOL64 { DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DUPLICATE_SYMBOL64) DWORD NumberOfDups; // number of duplicates in the Symbol array PIMAGEHLP_SYMBOL64 Symbol; // array of duplicate symbols DWORD SelectedSymbol; // symbol selected (-1 to start) } IMAGEHLP_DUPLICATE_SYMBOL64, *PIMAGEHLP_DUPLICATE_SYMBOL64; #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64) #define IMAGEHLP_DUPLICATE_SYMBOL IMAGEHLP_DUPLICATE_SYMBOL64 #define PIMAGEHLP_DUPLICATE_SYMBOL PIMAGEHLP_DUPLICATE_SYMBOL64 #else typedef struct _IMAGEHLP_DUPLICATE_SYMBOL { DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DUPLICATE_SYMBOL) DWORD NumberOfDups; // number of duplicates in the Symbol array PIMAGEHLP_SYMBOL Symbol; // array of duplicate symbols DWORD SelectedSymbol; // symbol selected (-1 to start) } IMAGEHLP_DUPLICATE_SYMBOL, *PIMAGEHLP_DUPLICATE_SYMBOL; #endif // If dbghelp ever needs to display graphical UI, it will use this as the parent window. BOOL IMAGEAPI SymSetParentWindow( HWND hwnd ); PCHAR IMAGEAPI SymSetHomeDirectory( PCSTR dir ); PCHAR IMAGEAPI SymGetHomeDirectory( DWORD type, PSTR dir, size_t size ); typedef enum { hdBase = 0, // root directory for dbghelp hdSym, // where symbols are stored hdSrc, // where source is stored hdMax // end marker }; // // options that are set/returned by SymSetOptions() & SymGetOptions() // these are used as a mask // #define SYMOPT_CASE_INSENSITIVE 0x00000001 #define SYMOPT_UNDNAME 0x00000002 #define SYMOPT_DEFERRED_LOADS 0x00000004 #define SYMOPT_NO_CPP 0x00000008 #define SYMOPT_LOAD_LINES 0x00000010 #define SYMOPT_OMAP_FIND_NEAREST 0x00000020 #define SYMOPT_LOAD_ANYTHING 0x00000040 #define SYMOPT_IGNORE_CVREC 0x00000080 #define SYMOPT_NO_UNQUALIFIED_LOADS 0x00000100 #define SYMOPT_FAIL_CRITICAL_ERRORS 0x00000200 #define SYMOPT_EXACT_SYMBOLS 0x00000400 #define SYMOPT_ALLOW_ABSOLUTE_SYMBOLS 0x00000800 #define SYMOPT_IGNORE_NT_SYMPATH 0x00001000 #define SYMOPT_INCLUDE_32BIT_MODULES 0x00002000 #define SYMOPT_PUBLICS_ONLY 0x00004000 #define SYMOPT_NO_PUBLICS 0x00008000 #define SYMOPT_AUTO_PUBLICS 0x00010000 #define SYMOPT_NO_IMAGE_SEARCH 0x00020000 #define SYMOPT_SECURE 0x00040000 #define SYMOPT_NO_PROMPTS 0x00080000 #define SYMOPT_DEBUG 0x80000000 DWORD IMAGEAPI SymSetOptions( IN DWORD SymOptions ); DWORD IMAGEAPI SymGetOptions( VOID ); BOOL IMAGEAPI SymCleanup( IN HANDLE hProcess ); BOOL IMAGEAPI SymMatchString( IN LPSTR string, IN LPSTR expression, IN BOOL fCase ); typedef BOOL (CALLBACK *PSYM_ENUMSOURCFILES_CALLBACK)( PSOURCEFILE pSourceFile, PVOID UserContext ); BOOL IMAGEAPI SymEnumSourceFiles( IN HANDLE hProcess, IN ULONG64 ModBase, IN LPSTR Mask, IN PSYM_ENUMSOURCFILES_CALLBACK cbSrcFiles, IN PVOID UserContext ); BOOL IMAGEAPI SymEnumerateModules64( IN HANDLE hProcess, IN PSYM_ENUMMODULES_CALLBACK64 EnumModulesCallback, IN PVOID UserContext ); #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64) #define SymEnumerateModules SymEnumerateModules64 #else BOOL IMAGEAPI SymEnumerateModules( IN HANDLE hProcess, IN PSYM_ENUMMODULES_CALLBACK EnumModulesCallback, IN PVOID UserContext ); #endif BOOL IMAGEAPI SymEnumerateSymbols64( IN HANDLE hProcess, IN DWORD64 BaseOfDll, IN PSYM_ENUMSYMBOLS_CALLBACK64 EnumSymbolsCallback, IN PVOID UserContext ); BOOL IMAGEAPI SymEnumerateSymbolsW64( IN HANDLE hProcess, IN DWORD64 BaseOfDll, IN PSYM_ENUMSYMBOLS_CALLBACK64W EnumSymbolsCallback, IN PVOID UserContext ); #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64) #define SymEnumerateSymbols SymEnumerateSymbols64 #define SymEnumerateSymbolsW SymEnumerateSymbolsW64 #else BOOL IMAGEAPI SymEnumerateSymbols( IN HANDLE hProcess, IN DWORD BaseOfDll, IN PSYM_ENUMSYMBOLS_CALLBACK EnumSymbolsCallback, IN PVOID UserContext ); BOOL IMAGEAPI SymEnumerateSymbolsW( IN HANDLE hProcess, IN DWORD BaseOfDll, IN PSYM_ENUMSYMBOLS_CALLBACKW EnumSymbolsCallback, IN PVOID UserContext ); #endif BOOL IMAGEAPI EnumerateLoadedModules64( IN HANDLE hProcess, IN PENUMLOADED_MODULES_CALLBACK64 EnumLoadedModulesCallback, IN PVOID UserContext ); #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64) #define EnumerateLoadedModules EnumerateLoadedModules64 #else BOOL IMAGEAPI EnumerateLoadedModules( IN HANDLE hProcess, IN PENUMLOADED_MODULES_CALLBACK EnumLoadedModulesCallback, IN PVOID UserContext ); #endif PVOID IMAGEAPI SymFunctionTableAccess64( HANDLE hProcess, DWORD64 AddrBase ); #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64) #define SymFunctionTableAccess SymFunctionTableAccess64 #else PVOID IMAGEAPI SymFunctionTableAccess( HANDLE hProcess, DWORD AddrBase ); #endif BOOL IMAGEAPI SymGetModuleInfo64( IN HANDLE hProcess, IN DWORD64 qwAddr, OUT PIMAGEHLP_MODULE64 ModuleInfo ); BOOL IMAGEAPI SymGetModuleInfoW64( IN HANDLE hProcess, IN DWORD64 qwAddr, OUT PIMAGEHLP_MODULEW64 ModuleInfo ); #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64) #define SymGetModuleInfo SymGetModuleInfo64 #define SymGetModuleInfoW SymGetModuleInfoW64 #else BOOL IMAGEAPI SymGetModuleInfo( IN HANDLE hProcess, IN DWORD dwAddr, OUT PIMAGEHLP_MODULE ModuleInfo ); BOOL IMAGEAPI SymGetModuleInfoW( IN HANDLE hProcess, IN DWORD dwAddr, OUT PIMAGEHLP_MODULEW ModuleInfo ); #endif DWORD64 IMAGEAPI SymGetModuleBase64( IN HANDLE hProcess, IN DWORD64 qwAddr ); #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64) #define SymGetModuleBase SymGetModuleBase64 #else DWORD IMAGEAPI SymGetModuleBase( IN HANDLE hProcess, IN DWORD dwAddr ); #endif BOOL IMAGEAPI SymGetSymNext64( IN HANDLE hProcess, IN OUT PIMAGEHLP_SYMBOL64 Symbol ); #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64) #define SymGetSymNext SymGetSymNext64 #else BOOL IMAGEAPI SymGetSymNext( IN HANDLE hProcess, IN OUT PIMAGEHLP_SYMBOL Symbol ); #endif BOOL IMAGEAPI SymGetSymPrev64( IN HANDLE hProcess, IN OUT PIMAGEHLP_SYMBOL64 Symbol ); #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64) #define SymGetSymPrev SymGetSymPrev64 #else BOOL IMAGEAPI SymGetSymPrev( IN HANDLE hProcess, IN OUT PIMAGEHLP_SYMBOL Symbol ); #endif typedef struct _SRCCODEINFO { DWORD SizeOfStruct; // set to sizeof(SRCCODEINFO) PVOID Key; // not used DWORD64 ModBase; // base address of module this applies to CHAR Obj[MAX_PATH + 1]; // the object file within the module CHAR FileName[MAX_PATH + 1]; // full filename DWORD LineNumber; // line number in file DWORD64 Address; // first instruction of line } SRCCODEINFO, *PSRCCODEINFO; typedef BOOL (CALLBACK *PSYM_ENUMLINES_CALLBACK)( PSRCCODEINFO LineInfo, PVOID UserContext ); BOOL IMAGEAPI SymEnumLines( IN HANDLE hProcess, IN ULONG64 Base, IN PCSTR Obj, IN PCSTR File, IN PSYM_ENUMLINES_CALLBACK EnumLinesCallback, IN PVOID UserContext ); BOOL IMAGEAPI SymGetLineFromAddr64( IN HANDLE hProcess, IN DWORD64 qwAddr, OUT PDWORD pdwDisplacement, OUT PIMAGEHLP_LINE64 Line64 ); #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64) #define SymGetLineFromAddr SymGetLineFromAddr64 #else BOOL IMAGEAPI SymGetLineFromAddr( IN HANDLE hProcess, IN DWORD dwAddr, OUT PDWORD pdwDisplacement, OUT PIMAGEHLP_LINE Line ); #endif BOOL IMAGEAPI SymGetLineFromName64( IN HANDLE hProcess, IN PSTR ModuleName, IN PSTR FileName, IN DWORD dwLineNumber, OUT PLONG plDisplacement, IN OUT PIMAGEHLP_LINE64 Line ); #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64) #define SymGetLineFromName SymGetLineFromName64 #else BOOL IMAGEAPI SymGetLineFromName( IN HANDLE hProcess, IN PSTR ModuleName, IN PSTR FileName, IN DWORD dwLineNumber, OUT PLONG plDisplacement, IN OUT PIMAGEHLP_LINE Line ); #endif BOOL IMAGEAPI SymGetLineNext64( IN HANDLE hProcess, IN OUT PIMAGEHLP_LINE64 Line ); #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64) #define SymGetLineNext SymGetLineNext64 #else BOOL IMAGEAPI SymGetLineNext( IN HANDLE hProcess, IN OUT PIMAGEHLP_LINE Line ); #endif BOOL IMAGEAPI SymGetLinePrev64( IN HANDLE hProcess, IN OUT PIMAGEHLP_LINE64 Line ); #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64) #define SymGetLinePrev SymGetLinePrev64 #else BOOL IMAGEAPI SymGetLinePrev( IN HANDLE hProcess, IN OUT PIMAGEHLP_LINE Line ); #endif BOOL IMAGEAPI SymMatchFileName( IN PSTR FileName, IN PSTR Match, OUT PSTR *FileNameStop, OUT PSTR *MatchStop ); BOOL IMAGEAPI SymInitialize( IN HANDLE hProcess, IN PSTR UserSearchPath, IN BOOL fInvadeProcess ); BOOL IMAGEAPI SymGetSearchPath( IN HANDLE hProcess, OUT PSTR SearchPath, IN DWORD SearchPathLength ); BOOL IMAGEAPI SymSetSearchPath( IN HANDLE hProcess, IN PSTR SearchPath ); DWORD64 IMAGEAPI SymLoadModule64( IN HANDLE hProcess, IN HANDLE hFile, IN PSTR ImageName, IN PSTR ModuleName, IN DWORD64 BaseOfDll, IN DWORD SizeOfDll ); #define SLMFLAG_VIRTUAL 0x1 DWORD64 IMAGEAPI SymLoadModuleEx( IN HANDLE hProcess, IN HANDLE hFile, IN PSTR ImageName, IN PSTR ModuleName, IN DWORD64 BaseOfDll, IN DWORD DllSize, IN PMODLOAD_DATA Data, IN DWORD Flags ); #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64) #define SymLoadModule SymLoadModule64 #else DWORD IMAGEAPI SymLoadModule( IN HANDLE hProcess, IN HANDLE hFile, IN PSTR ImageName, IN PSTR ModuleName, IN DWORD BaseOfDll, IN DWORD SizeOfDll ); #endif BOOL IMAGEAPI SymUnloadModule64( IN HANDLE hProcess, IN DWORD64 BaseOfDll ); #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64) #define SymUnloadModule SymUnloadModule64 #else BOOL IMAGEAPI SymUnloadModule( IN HANDLE hProcess, IN DWORD BaseOfDll ); #endif BOOL IMAGEAPI SymUnDName64( IN PIMAGEHLP_SYMBOL64 sym, // Symbol to undecorate OUT PSTR UnDecName, // Buffer to store undecorated name in IN DWORD UnDecNameLength // Size of the buffer ); #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64) #define SymUnDName SymUnDName64 #else BOOL IMAGEAPI SymUnDName( IN PIMAGEHLP_SYMBOL sym, // Symbol to undecorate OUT PSTR UnDecName, // Buffer to store undecorated name in IN DWORD UnDecNameLength // Size of the buffer ); #endif BOOL IMAGEAPI SymRegisterCallback64( IN HANDLE hProcess, IN PSYMBOL_REGISTERED_CALLBACK64 CallbackFunction, IN ULONG64 UserContext ); BOOL IMAGEAPI SymRegisterFunctionEntryCallback64( IN HANDLE hProcess, IN PSYMBOL_FUNCENTRY_CALLBACK64 CallbackFunction, IN ULONG64 UserContext ); #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64) #define SymRegisterCallback SymRegisterCallback64 #define SymRegisterFunctionEntryCallback SymRegisterFunctionEntryCallback64 #else BOOL IMAGEAPI SymRegisterCallback( IN HANDLE hProcess, IN PSYMBOL_REGISTERED_CALLBACK CallbackFunction, IN PVOID UserContext ); BOOL IMAGEAPI SymRegisterFunctionEntryCallback( IN HANDLE hProcess, IN PSYMBOL_FUNCENTRY_CALLBACK CallbackFunction, IN PVOID UserContext ); #endif typedef struct _IMAGEHLP_SYMBOL_SRC { DWORD sizeofstruct; DWORD type; char file[MAX_PATH]; } IMAGEHLP_SYMBOL_SRC, *PIMAGEHLP_SYMBOL_SRC; typedef struct _MODULE_TYPE_INFO { // AKA TYPTYP USHORT dataLength; USHORT leaf; BYTE data[1]; } MODULE_TYPE_INFO, *PMODULE_TYPE_INFO; typedef struct _SYMBOL_INFO { ULONG SizeOfStruct; ULONG TypeIndex; // Type Index of symbol ULONG64 Reserved[2]; ULONG info; ULONG Size; ULONG64 ModBase; // Base Address of module comtaining this symbol ULONG Flags; ULONG64 Value; // Value of symbol, ValuePresent should be 1 ULONG64 Address; // Address of symbol including base address of module ULONG Register; // register holding value or pointer to value ULONG Scope; // scope of the symbol ULONG Tag; // pdb classification ULONG NameLen; // Actual length of name ULONG MaxNameLen; CHAR Name[1]; // Name of symbol } SYMBOL_INFO, *PSYMBOL_INFO; typedef struct _SYMBOL_INFO_PACKAGE { SYMBOL_INFO si; CHAR name[MAX_SYM_NAME + 1]; } SYMBOL_INFO_PACKAGE, *PSYMBOL_INFO_PACKAGE; typedef struct _IMAGEHLP_STACK_FRAME { ULONG64 InstructionOffset; ULONG64 ReturnOffset; ULONG64 FrameOffset; ULONG64 StackOffset; ULONG64 BackingStoreOffset; ULONG64 FuncTableEntry; ULONG64 Params[4]; ULONG64 Reserved[5]; BOOL Virtual; ULONG Reserved2; } IMAGEHLP_STACK_FRAME, *PIMAGEHLP_STACK_FRAME; typedef VOID IMAGEHLP_CONTEXT, *PIMAGEHLP_CONTEXT; BOOL IMAGEAPI SymSetContext( HANDLE hProcess, PIMAGEHLP_STACK_FRAME StackFrame, PIMAGEHLP_CONTEXT Context ); BOOL IMAGEAPI SymFromAddr( IN HANDLE hProcess, IN DWORD64 Address, OUT PDWORD64 Displacement, IN OUT PSYMBOL_INFO Symbol ); BOOL IMAGEAPI SymFromToken( IN HANDLE hProcess, IN DWORD64 Base, IN DWORD Token, IN OUT PSYMBOL_INFO Symbol ); // While SymFromName will provide a symbol from a name, // SymEnumSymbols can provide the same matching information // for ALL symbols with a matching name, even regular // expressions. That way you can search across modules // and differentiate between identically named symbols. BOOL IMAGEAPI SymFromName( IN HANDLE hProcess, IN LPSTR Name, OUT PSYMBOL_INFO Symbol ); typedef BOOL (CALLBACK *PSYM_ENUMERATESYMBOLS_CALLBACK)( PSYMBOL_INFO pSymInfo, ULONG SymbolSize, PVOID UserContext ); BOOL IMAGEAPI SymEnumSymbols( IN HANDLE hProcess, IN ULONG64 BaseOfDll, IN PCSTR Mask, IN PSYM_ENUMERATESYMBOLS_CALLBACK EnumSymbolsCallback, IN PVOID UserContext ); BOOL IMAGEAPI SymEnumSymbolsForAddr( IN HANDLE hProcess, IN DWORD64 Address, IN PSYM_ENUMERATESYMBOLS_CALLBACK EnumSymbolsCallback, IN PVOID UserContext ); #define SYMENUMFLAG_FULLSRCH 1 #define SYMENUMFLAG_SPEEDSRCH 2 typedef enum _IMAGEHLP_SYMBOL_TYPE_INFO { TI_GET_SYMTAG, TI_GET_SYMNAME, TI_GET_LENGTH, TI_GET_TYPE, TI_GET_TYPEID, TI_GET_BASETYPE, TI_GET_ARRAYINDEXTYPEID, TI_FINDCHILDREN, TI_GET_DATAKIND, TI_GET_ADDRESSOFFSET, TI_GET_OFFSET, TI_GET_VALUE, TI_GET_COUNT, TI_GET_CHILDRENCOUNT, TI_GET_BITPOSITION, TI_GET_VIRTUALBASECLASS, TI_GET_VIRTUALTABLESHAPEID, TI_GET_VIRTUALBASEPOINTEROFFSET, TI_GET_CLASSPARENTID, TI_GET_NESTED, TI_GET_SYMINDEX, TI_GET_LEXICALPARENT, TI_GET_ADDRESS, TI_GET_THISADJUST, TI_GET_UDTKIND, TI_IS_EQUIV_TO, TI_GET_CALLING_CONVENTION, } IMAGEHLP_SYMBOL_TYPE_INFO; typedef struct _TI_FINDCHILDREN_PARAMS { ULONG Count; ULONG Start; ULONG ChildId[1]; } TI_FINDCHILDREN_PARAMS; BOOL IMAGEAPI SymGetTypeInfo( IN HANDLE hProcess, IN DWORD64 ModBase, IN ULONG TypeId, IN IMAGEHLP_SYMBOL_TYPE_INFO GetType, OUT PVOID pInfo ); BOOL IMAGEAPI SymEnumTypes( IN HANDLE hProcess, IN ULONG64 BaseOfDll, IN PSYM_ENUMERATESYMBOLS_CALLBACK EnumSymbolsCallback, IN PVOID UserContext ); BOOL IMAGEAPI SymGetTypeFromName( IN HANDLE hProcess, IN ULONG64 BaseOfDll, IN LPSTR Name, OUT PSYMBOL_INFO Symbol ); BOOL IMAGEAPI SymAddSymbol( IN HANDLE hProcess, IN ULONG64 BaseOfDll, IN PCSTR Name, IN DWORD64 Address, IN DWORD Size, IN DWORD Flags ); BOOL IMAGEAPI SymDeleteSymbol( IN HANDLE hProcess, IN ULONG64 BaseOfDll, IN PCSTR Name, IN DWORD64 Address, IN DWORD Flags ); // // Full user-mode dump creation. // typedef BOOL (WINAPI *PDBGHELP_CREATE_USER_DUMP_CALLBACK)( DWORD DataType, PVOID* Data, LPDWORD DataLength, PVOID UserData ); BOOL WINAPI DbgHelpCreateUserDump( IN LPSTR FileName, IN PDBGHELP_CREATE_USER_DUMP_CALLBACK Callback, IN PVOID UserData ); BOOL WINAPI DbgHelpCreateUserDumpW( IN LPWSTR FileName, IN PDBGHELP_CREATE_USER_DUMP_CALLBACK Callback, IN PVOID UserData ); // ----------------------------------------------------------------- // The following 4 legacy APIs are fully supported, but newer // ones are recommended. SymFromName and SymFromAddr provide // much more detailed info on the returned symbol. BOOL IMAGEAPI SymGetSymFromAddr64( IN HANDLE hProcess, IN DWORD64 qwAddr, OUT PDWORD64 pdwDisplacement, OUT PIMAGEHLP_SYMBOL64 Symbol ); #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64) #define SymGetSymFromAddr SymGetSymFromAddr64 #else BOOL IMAGEAPI SymGetSymFromAddr( IN HANDLE hProcess, IN DWORD dwAddr, OUT PDWORD pdwDisplacement, OUT PIMAGEHLP_SYMBOL Symbol ); #endif // While following two APIs will provide a symbol from a name, // SymEnumSymbols can provide the same matching information // for ALL symbols with a matching name, even regular // expressions. That way you can search across modules // and differentiate between identically named symbols. BOOL IMAGEAPI SymGetSymFromName64( IN HANDLE hProcess, IN PSTR Name, OUT PIMAGEHLP_SYMBOL64 Symbol ); #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64) #define SymGetSymFromName SymGetSymFromName64 #else BOOL IMAGEAPI SymGetSymFromName( IN HANDLE hProcess, IN PSTR Name, OUT PIMAGEHLP_SYMBOL Symbol ); #endif // ----------------------------------------------------------------- // The following APIs exist only for backwards compatibility // with a pre-release version documented in an MSDN release. // You should use SymFindFileInPath if you want to maintain // future compatibility. DBHLP_DEPRECIATED BOOL IMAGEAPI FindFileInPath( HANDLE hprocess, LPSTR SearchPath, LPSTR FileName, PVOID id, DWORD two, DWORD three, DWORD flags, LPSTR FilePath ); // You should use SymFindFileInPath if you want to maintain // future compatibility. DBHLP_DEPRECIATED BOOL IMAGEAPI FindFileInSearchPath( HANDLE hprocess, LPSTR SearchPath, LPSTR FileName, DWORD one, DWORD two, DWORD three, LPSTR FilePath ); DBHLP_DEPRECIATED BOOL IMAGEAPI SymEnumSym( IN HANDLE hProcess, IN ULONG64 BaseOfDll, IN PSYM_ENUMERATESYMBOLS_CALLBACK EnumSymbolsCallback, IN PVOID UserContext ); // These values should not be used. // They have been replaced by SYMFLAG_ values. #define SYMF_OMAP_GENERATED 0x00000001 #define SYMF_OMAP_MODIFIED 0x00000002 #define SYMF_REGISTER 0x00000008 #define SYMF_REGREL 0x00000010 #define SYMF_FRAMEREL 0x00000020 #define SYMF_PARAMETER 0x00000040 #define SYMF_LOCAL 0x00000080 #define SYMF_CONSTANT 0x00000100 #define SYMF_EXPORT 0x00000200 #define SYMF_FORWARDER 0x00000400 #define SYMF_FUNCTION 0x00000800 #define SYMF_VIRTUAL 0x00001000 #define SYMF_THUNK 0x00002000 #define SYMF_TLSREL 0x00004000 // These values should also not be used. // They have been replaced by SYMFLAG_ values. #define IMAGEHLP_SYMBOL_INFO_VALUEPRESENT 1 #define IMAGEHLP_SYMBOL_INFO_REGISTER SYMF_REGISTER // 0x0008 #define IMAGEHLP_SYMBOL_INFO_REGRELATIVE SYMF_REGREL // 0x0010 #define IMAGEHLP_SYMBOL_INFO_FRAMERELATIVE SYMF_FRAMEREL // 0x0020 #define IMAGEHLP_SYMBOL_INFO_PARAMETER SYMF_PARAMETER // 0x0040 #define IMAGEHLP_SYMBOL_INFO_LOCAL SYMF_LOCAL // 0x0080 #define IMAGEHLP_SYMBOL_INFO_CONSTANT SYMF_CONSTANT // 0x0100 #define IMAGEHLP_SYMBOL_FUNCTION SYMF_FUNCTION // 0x0800 #define IMAGEHLP_SYMBOL_VIRTUAL SYMF_VIRTUAL // 0x1000 #define IMAGEHLP_SYMBOL_THUNK SYMF_THUNK // 0x2000 #define IMAGEHLP_SYMBOL_INFO_TLSRELATIVE SYMF_TLSREL // 0x4000 // HEXTRACT, end_imagehlp end_dbghelp hide_line