|
|
//+-------------------------------------------------------------------------
//
// Microsoft Windows
//
// Copyright (C) Microsoft Corporation, 1999 - 2000
//
// File: programoptions.cpp
//
//--------------------------------------------------------------------------
// ProgramOptions.cpp: implementation of the CProgramOptions class.
//
//////////////////////////////////////////////////////////////////////
#ifndef NO_STRICT
#ifndef STRICT
#define STRICT 1
#endif
#endif /* NO_STRICT */
#include <WINDOWS.H>
#include <STDIO.H>
#include <TCHAR.H>
#include <stdlib.h>
#include "ProgramOptions.h"
#include "UtilityFunctions.h"
#include "Version.h"
const LPTSTR CProgramOptions::g_DefaultSymbolPath = TEXT("%systemroot%\\symbols");
//////////////////////////////////////////////////////////////////////
// Construction/Destruction
//////////////////////////////////////////////////////////////////////
CProgramOptions::CProgramOptions(){ // Initialize default modes
m_fSimpleHelpMode = false; m_fHelpMode = false;
m_fInputProcessesFromLiveSystemMode = false; m_fInputDriversFromLiveSystemMode = false; m_fInputProcessesWithMatchingNameOrPID = false; m_fInputModulesDataFromFileSystemMode = false; m_fInputDmpFileMode = false;
m_fMatchModuleMode = false; m_fPrintTaskListMode = false; m_fOutputSymbolInformationMode = false; m_fCollectVersionInfoMode = false;
m_fVerifySymbolsMode = false; m_fVerifySymbolsModeWithSymbolPath = false; m_fVerifySymbolsModeWithSymbolPathOnly = false; m_fVerifySymbolsModeWithSymbolPathRecursion = false; m_fVerifySymbolsModeWithSQLServer = false; m_fVerifySymbolsModeWithSQLServer2 = false; // SQL2 - mjl 12/14/99
m_iVerificationLevel = 1; m_fSymbolTreeToBuildMode = false; m_fInputCSVFileMode = false; m_fOutputCSVFileMode = false; m_fOutputDiscrepanciesOnly = false; m_fOverwriteOutputFileMode = false; m_fQuietMode = false;
m_tszSymbolTreeToBuild = NULL; m_tszSymbolPath = NULL; m_tszProcessName = NULL; m_tszModuleToMatch = NULL; m_tszOutputCSVFilePath = NULL; m_tszInputCSVFilePath = NULL; m_tszInputDmpFilePath = NULL;
m_tszInputModulesDataFromFileSystemPath = NULL; m_tszSQLServer = NULL;
m_iProcessID = 0; m_dwDebugLevel = 0;
m_fExceptionMonitorMode = false;}
CProgramOptions::~CProgramOptions(){ if (m_tszSymbolPath) delete [] m_tszSymbolPath;
if (m_tszProcessName) delete [] m_tszProcessName;
if (m_tszModuleToMatch) delete [] m_tszModuleToMatch;
if (m_tszOutputCSVFilePath) delete [] m_tszOutputCSVFilePath;
if (m_tszInputCSVFilePath) delete [] m_tszInputCSVFilePath;
if (m_tszInputDmpFilePath) delete [] m_tszInputDmpFilePath;
if (m_tszInputModulesDataFromFileSystemPath) delete [] m_tszInputModulesDataFromFileSystemPath;
if (m_tszSymbolTreeToBuild) delete [] m_tszSymbolTreeToBuild;
if (m_tszSQLServer) delete [] m_tszSQLServer;}
// Intialize members that have to dynamically allocate memory...
bool CProgramOptions::Initialize(){ // Copy expanded default symbol search path (%systemroot%\symbols)
m_tszSymbolPath = CUtilityFunctions::ExpandPath(g_DefaultSymbolPath);
if (!m_tszSymbolPath) return false;
#ifdef _DEBUG
_tprintf(TEXT("Default Symbol Path = [%s]\n"), m_tszSymbolPath);#endif
// Get the OS Version Info Stuff
m_osver.dwOSVersionInfoSize = sizeof( m_osver ) ;
if( !GetVersionExA( &m_osver ) ) { _tprintf(TEXT("Couldn't figure out what version of Windows is running.\n")); return false ; }
return true;}
// This sets the mode requested, and returns the value it was set to (which is provided as input)
bool CProgramOptions::SetMode(enum ProgramModes mode, bool fState){ switch (mode) { case HelpMode: m_fHelpMode = fState; break;
case SimpleHelpMode: m_fSimpleHelpMode = fState; break;
case InputProcessesFromLiveSystemMode: m_fInputProcessesFromLiveSystemMode = fState; break;
case InputDriversFromLiveSystemMode: m_fInputDriversFromLiveSystemMode = fState; break;
case InputProcessesWithMatchingNameOrPID: m_fInputProcessesWithMatchingNameOrPID = fState; break;
case MatchModuleMode: m_fMatchModuleMode = fState; break;
case InputModulesDataFromFileSystemMode: m_fInputModulesDataFromFileSystemMode = fState; break;
case InputDmpFileMode: m_fInputDmpFileMode = fState; break;
case PrintTaskListMode: m_fPrintTaskListMode = fState; break;
case QuietMode: m_fQuietMode = fState; break;
case OutputSymbolInformationMode: m_fOutputSymbolInformationMode = fState; break;
case CollectVersionInfoMode: m_fCollectVersionInfoMode = fState; break;
case VerifySymbolsMode: m_fVerifySymbolsMode = fState; break;
case VerifySymbolsModeWithSymbolPath: m_fVerifySymbolsModeWithSymbolPath = fState; break;
case VerifySymbolsModeWithSymbolPathOnly: m_fVerifySymbolsModeWithSymbolPathOnly = fState; break;
case VerifySymbolsModeWithSymbolPathRecursion: m_fVerifySymbolsModeWithSymbolPathRecursion = fState; break;
case VerifySymbolsModeUsingDBGInMISCSection: m_fVerifySymbolsModeUsingDBGInMISCSection = fState; break;
case VerifySymbolsModeWithSQLServer: m_fVerifySymbolsModeWithSQLServer = fState; break;
case VerifySymbolsModeWithSQLServer2: m_fVerifySymbolsModeWithSQLServer2 = fState; break;
case BuildSymbolTreeMode: m_fSymbolTreeToBuildMode = fState; break;
case OutputCSVFileMode: m_fOutputCSVFileMode = fState; break;
case OutputDiscrepanciesOnly: m_fOutputDiscrepanciesOnly = fState; break;
case OverwriteOutputFileMode: m_fOverwriteOutputFileMode = fState; break;
case InputCSVFileMode: m_fInputCSVFileMode = fState; break;
case ExceptionMonitorMode: m_fExceptionMonitorMode = fState; break; }
return fState;}
bool CProgramOptions::GetMode(enum ProgramModes mode){ switch (mode) { case HelpMode: return m_fHelpMode;
case SimpleHelpMode: return m_fSimpleHelpMode;
case InputProcessesFromLiveSystemMode: return m_fInputProcessesFromLiveSystemMode;
case InputDriversFromLiveSystemMode: return m_fInputDriversFromLiveSystemMode;
case InputProcessesWithMatchingNameOrPID: return m_fInputProcessesWithMatchingNameOrPID;
case MatchModuleMode: return m_fMatchModuleMode;
case InputModulesDataFromFileSystemMode: return m_fInputModulesDataFromFileSystemMode;
case InputDmpFileMode: return m_fInputDmpFileMode;
case BuildSymbolTreeMode: return m_fSymbolTreeToBuildMode; case PrintTaskListMode: return m_fPrintTaskListMode; case QuietMode: return m_fQuietMode;
case OutputSymbolInformationMode: return m_fOutputSymbolInformationMode; case CollectVersionInfoMode: return m_fCollectVersionInfoMode; case VerifySymbolsMode: return m_fVerifySymbolsMode;
case VerifySymbolsModeWithSymbolPath: return m_fVerifySymbolsModeWithSymbolPath;
case VerifySymbolsModeWithSymbolPathOnly: return m_fVerifySymbolsModeWithSymbolPathOnly;
case VerifySymbolsModeWithSymbolPathRecursion: return m_fVerifySymbolsModeWithSymbolPathRecursion;
case VerifySymbolsModeUsingDBGInMISCSection: return m_fVerifySymbolsModeUsingDBGInMISCSection;
case VerifySymbolsModeWithSQLServer: return m_fVerifySymbolsModeWithSQLServer; case VerifySymbolsModeWithSQLServer2: return m_fVerifySymbolsModeWithSQLServer2; case OutputCSVFileMode: return m_fOutputCSVFileMode;
case OutputDiscrepanciesOnly: return m_fOutputDiscrepanciesOnly; case OverwriteOutputFileMode: return m_fOverwriteOutputFileMode;
case InputCSVFileMode: return m_fInputCSVFileMode;
case ExceptionMonitorMode: return m_fExceptionMonitorMode; }
// Should never get here...
#ifdef _DEBUG
_tprintf(TEXT("ERROR! GetMode() - Unknown mode provided! %d"), mode);#endif
return false;}
bool CProgramOptions::SetProcessID(DWORD iPID){ m_iProcessID = iPID; return true;}
bool CProgramOptions::ProcessCommandLineArguments(int argc, TCHAR *argv[]){ // Skip past the executible filename
DWORD PID = 0; // Process ID if specified
int iArgumentNumber = 1;
if (argc == 1) { // We'll now set some defaults
SetMode(InputProcessesFromLiveSystemMode, true); SetMode(CollectVersionInfoMode, true); SetMode(VerifySymbolsMode, true); SetMode(VerifySymbolsModeWithSymbolPath, true); SetMode(OutputSymbolInformationMode, true); return true; } // Iterate through the arguments...
while (iArgumentNumber < argc) {#ifdef _DEBUG
_tprintf(TEXT("Arg%d = %s\n"), iArgumentNumber+1, argv[iArgumentNumber]);#endif
if (argv[iArgumentNumber][0] == _T('-') || argv[iArgumentNumber][0] == _T('/')) { // Look for string matches first!
if ( _tcsicmp(&argv[iArgumentNumber][1], TEXT("MATCH")) == 0) { // Get MATCH argument (the module to match against)
#ifdef _DEBUG
_tprintf(TEXT("MATCH argument provided!\n"));#endif
iArgumentNumber++;
if (iArgumentNumber < argc) { m_tszModuleToMatch = CUtilityFunctions::CopyString(argv[iArgumentNumber]);
// Let's force upper-case matches for simplicity
_tcsupr(m_tszModuleToMatch); if (!m_tszModuleToMatch) return false;
SetMode(MatchModuleMode, true);#ifdef _DEBUG
_tprintf(TEXT("Module to match set to [%s]\n"), m_tszModuleToMatch);#endif
} else { _tprintf(TEXT("\nArgument Missing! -MATCH option requires module to match against!\n")); // Not enough arguments...
return false; } } else if ( _tcsicmp(&argv[iArgumentNumber][1], TEXT("SQL2")) == 0) { // Get the SQL2 server name
#ifdef _DEBUG
_tprintf(TEXT("SQL2 Server name provided!\n"));#endif
iArgumentNumber++;
if (iArgumentNumber < argc) { m_tszSQLServer2 = CUtilityFunctions::CopyString(argv[iArgumentNumber]); if (!m_tszSQLServer2) return false;
SetMode(VerifySymbolsMode, true); SetMode(VerifySymbolsModeWithSQLServer2, true);#ifdef _DEBUG
_tprintf(TEXT("SQL2 Server set to [%s]\n"), m_tszSQLServer2);#endif
} else { _tprintf(TEXT("\nArgument Missing! -SQL2 option requires SQL Server Name value!\n")); // Not enough arguments...
return false; } } else if ( _tcsicmp(&argv[iArgumentNumber][1], TEXT("SQL")) == 0) { // Get the SQL server name
#ifdef _DEBUG
_tprintf(TEXT("SQL Server name provided!\n"));#endif
iArgumentNumber++;
if (iArgumentNumber < argc) { m_tszSQLServer = CUtilityFunctions::CopyString(argv[iArgumentNumber]);
if (!m_tszSQLServer) return false;
SetMode(VerifySymbolsMode, true); SetMode(VerifySymbolsModeWithSQLServer, true);#ifdef _DEBUG
_tprintf(TEXT("SQL Server set to [%s]\n"), m_tszSQLServer);#endif
} else { _tprintf(TEXT("\nArgument Missing! -SQL option requires SQL Server Name value!\n")); // Not enough arguments...
return false; } } else if ( _tcsicmp(&argv[iArgumentNumber][1], TEXT("DEBUG")) == 0) { // Okay, we have the DEBUG switch... see what Debug Level is requested
iArgumentNumber++;
if (iArgumentNumber < argc) { // Save away the Debug Level
m_dwDebugLevel = _ttoi(argv[iArgumentNumber]); } else { _tprintf(TEXT("\nArgument Missing! -DEBUG option requires Debug Level!\n")); // Not enough arguments...
return false; } } else if ( _tcsicmp(&argv[iArgumentNumber][1], TEXT("???")) == 0) { SetMode(HelpMode, true); return true; } else
{ // We found a command directive..
switch (argv[iArgumentNumber][1]) { case _T('?'): case _T('h'): case _T('H'): SetMode(SimpleHelpMode, true); iArgumentNumber = argc; return true;
case _T('t'): case _T('T'): SetMode(PrintTaskListMode, true); SetMode(InputProcessesFromLiveSystemMode, true); break;
case _T('s'): case _T('S'): SetMode(OutputSymbolInformationMode, true); break;
case _T('i'): case _T('I'):#ifdef _DEBUG
_tprintf(TEXT("Input File path provided\n"));#endif
iArgumentNumber++;
if (iArgumentNumber < argc) { m_tszInputCSVFilePath = CUtilityFunctions::ExpandPath(argv[iArgumentNumber]);
SetMode(InputCSVFileMode, true); } else { // Not enough arguments...
_tprintf(TEXT("\nArgument Missing! -I option requires an input file!\n")); return false; } break;
// This special version supports a new mode...
case _T('e'): case _T('E'): SetMode(ExceptionMonitorMode, true); break;
case _T('o'): case _T('O'): // Check to see if they want to overwrite the file if it exists?
if (argv[iArgumentNumber][2]) { if ( 2 == _ttoi(&argv[iArgumentNumber][2]) ) {#ifdef _DEBUG
_tprintf(TEXT("Overwrite Mode enabled!\n"));#endif
SetMode(OverwriteOutputFileMode, true); } }
#ifdef _DEBUG
_tprintf(TEXT("Output File path provided\n"));#endif
iArgumentNumber++;
if (iArgumentNumber < argc) { m_tszOutputCSVFilePath = CUtilityFunctions::ExpandPath(argv[iArgumentNumber]);#ifdef _DEBUG
_tprintf(TEXT("Output File Path set to [%s]\n"), GetOutputFilePath());#endif
// Enable OutputCSVFileMode
SetMode(OutputCSVFileMode, true); } else { // Not enough arguments...
_tprintf(TEXT("\nArgument Missing! -O option requires an output file!\n")); return false; } break;
case _T('q'): case _T('Q'):
// Check to see if they only want to suppress matches?
if (argv[iArgumentNumber][2]) { if ( 2 == _ttoi(&argv[iArgumentNumber][2]) ) { SetMode(OutputDiscrepanciesOnly, true); } else { SetMode(QuietMode, true); } } else { SetMode(QuietMode, true); } break;
case _T('r'): case _T('R'): SetMode(CollectVersionInfoMode, true); break; case _T('v'): case _T('V'):
SetMode(VerifySymbolsMode, true);
if (argv[iArgumentNumber][2]) { m_iVerificationLevel = _ttoi(&argv[iArgumentNumber][2]);
if (m_iVerificationLevel == 0) { SetMode(HelpMode, true); iArgumentNumber = argc; } } break;
case _T('f'): case _T('F'): iArgumentNumber++;
if (iArgumentNumber < argc) { m_tszInputModulesDataFromFileSystemPath = CUtilityFunctions::ExpandPath(argv[iArgumentNumber]); if (VerifySemiColonSeparatedPath(m_tszInputModulesDataFromFileSystemPath)) { SetMode(InputModulesDataFromFileSystemMode, true); } else { _tprintf(TEXT("\nFile Path specified to search is too long\n")); return false; }
} else { // Not enough arguments...
_tprintf(TEXT("\nArgument Missing! -F option requires a directory/file path!\n")); return false; } break;
case _T('b'): case _T('B'): iArgumentNumber++;
if (iArgumentNumber < argc) { SetMode(BuildSymbolTreeMode, true);
// Okay, we have some string gymnastics below because we
// want to expand any environment variables, and ensure
// that we have a backslash appended...
TCHAR tszPathBuffer[_MAX_PATH]; LPTSTR tszExpandedPathBuffer = CUtilityFunctions::ExpandPath(argv[iArgumentNumber]); _tcscpy(tszPathBuffer, tszExpandedPathBuffer); delete [] tszExpandedPathBuffer;
int cbLength = _tcsclen(tszPathBuffer);
if (cbLength && tszPathBuffer[cbLength-1] != '\\') { _tcscat(tszPathBuffer, TEXT("\\")); }
m_tszSymbolTreeToBuild = CUtilityFunctions::CopyString(tszPathBuffer);
if (!m_tszSymbolTreeToBuild) return false;
if (VerifySemiColonSeparatedPath(m_tszSymbolTreeToBuild)) {#ifdef _DEBUG
_tprintf(TEXT("Building a Symbol Path Requested at [%s]\n"), m_tszSymbolTreeToBuild);#endif
} else { _tprintf(TEXT("\nPath provided to build symbol path is too long!\n")); return false; }
} else { // Not enough arguments...
_tprintf(TEXT("\nArgument Missing! -B option requires a directory symbol path\n")); return false; } break;
case _T('p'): case _T('P'):#ifdef _DEBUG
_tprintf(TEXT("Specific Process name (or PID) requested\n"));#endif
iArgumentNumber++;
// Do we have another argument (we should)...
if (iArgumentNumber < argc) { // Well... we know that we have been asked to query processes...
SetMode(InputProcessesFromLiveSystemMode, true); // Is the next argument a number? (Process ID)?
if ((PID = _ttoi(argv[iArgumentNumber])) == 0) { // Process name provided!
#ifdef _DEBUG
_tprintf(TEXT("Process name: [%s]\n"), argv[iArgumentNumber]);#endif
// Hey, wild-card matches everything... did they give us something else?
if (*argv[iArgumentNumber] != '*') { // Set Process Name, only if * isn't used.
// Leaving process name == NULL is our clue
// to dump all processes
m_tszProcessName = CUtilityFunctions::CopyString(argv[iArgumentNumber]); if (!m_tszProcessName) return false;
_tcsupr(m_tszProcessName); SetMode(InputProcessesWithMatchingNameOrPID, true); }
} else { // PID provided?
#ifdef _DEBUG
_tprintf(TEXT("Process ID: [%d]\n"), PID);#endif
SetProcessID(PID); SetMode(InputProcessesWithMatchingNameOrPID, true); } } else { // Not enough arguments...
_tprintf(TEXT("\nArgument Missing! -P option requires *, a Process ID, or a Process Name!\n")); return false; }
break;
case _T('d'): case _T('D'): // Do we have another argument (we should)...
// Well... we know that we have been asked to query device drivers...
SetMode(InputDriversFromLiveSystemMode, true);
break;
case _T('y'): case _T('Y'):#ifdef _DEBUG
_tprintf(TEXT("Symbol path provided\n"));#endif
// Check to see if they want some flavor of symbol searching...
if (argv[iArgumentNumber][2]) { DWORD dwSymbolPathSearchOptions = _ttoi(&argv[iArgumentNumber][2]);
if (dwSymbolPathSearchOptions & enumSymbolPathOnly) {#ifdef _DEBUG
_tprintf(TEXT("Symbol Path Searching ONLY mode enabled!\n"));#endif
SetMode(VerifySymbolsModeWithSymbolPathOnly, true); }
if (dwSymbolPathSearchOptions & enumSymbolPathRecursion) {#ifdef _DEBUG
_tprintf(TEXT("Recursive Symbol Searching Mode enabled!\n"));#endif
SetMode(VerifySymbolsModeWithSymbolPathRecursion, true); }
if (dwSymbolPathSearchOptions & enumSymbolsModeUsingDBGInMISCSection) { _tprintf(TEXT("Verify Symbols Using DBG files found in MISC Section of PE Image!\n"));
SetMode(VerifySymbolsModeUsingDBGInMISCSection, true); } } iArgumentNumber++;
if (iArgumentNumber < argc) { if (m_tszSymbolPath) delete [] m_tszSymbolPath;
m_tszSymbolPath = CUtilityFunctions::ExpandPath(argv[iArgumentNumber]); if (VerifySemiColonSeparatedPath(m_tszSymbolPath)) { SetMode(VerifySymbolsModeWithSymbolPath, true);#ifdef _DEBUG
_tprintf(TEXT("Symbol Path set to [%s]\n"), GetSymbolPath());#endif
} else { _tprintf(TEXT("\nBad Symbol Path Provided! Multiple paths are semi-colon delimited!\n")); return false; } } else { // Not enough arguments...
_tprintf(TEXT("\nArgument Missing! -Y option requires a symbol path!\n")); return false; } break;
case _T('z'): case _T('Z'):#ifdef _DEBUG
_tprintf(TEXT("DMP file provided!\n"));#endif
iArgumentNumber++; if (iArgumentNumber < argc) { m_tszInputDmpFilePath = CUtilityFunctions::ExpandPath(argv[iArgumentNumber]); SetMode(InputDmpFileMode, true);
#ifdef _DEBUG
_tprintf(TEXT("Dmp File Path set to [%s]\n"), GetDmpFilePath());#endif
} else { // Not enough arguments...
_tprintf(TEXT("\nArgument Missing! -DMP option requires a DMP file!\n")); return false; } break;
default: _tprintf(TEXT("\nUnknown command specified! [%s]\n"), argv[iArgumentNumber]); iArgumentNumber = argc; return false; } } } else { _tprintf(TEXT("\nUnknown option specified! [%s]\n"), argv[iArgumentNumber]); return false; }
// Increment to the next argument...
iArgumentNumber++; }
if ( !GetMode(InputCSVFileMode) && !GetMode(InputProcessesFromLiveSystemMode) && !GetMode(InputDriversFromLiveSystemMode) && !GetMode(InputModulesDataFromFileSystemMode) && !GetMode(InputDmpFileMode) ) { _tprintf(TEXT("\nAt least one input method must be specified!\n")); return false; }
// If the user provided both a -I and a -P option, then silently ignore querying locally
// for active processes... this will leave the possibility, however, of matching on
// process ID or process name in the -I data...
if ( GetMode(InputCSVFileMode) && ( GetMode(InputProcessesFromLiveSystemMode))) { SetMode(InputProcessesFromLiveSystemMode, false); }
// Ensure that the input and output files aren't the same...
if ( GetMode(InputCSVFileMode) && GetMode(OutputCSVFileMode) ) { if (_tcscmp(m_tszInputCSVFilePath, m_tszOutputCSVFilePath) == 0) { _tprintf(TEXT("\nInput file and output file must be different!\n")); return false; } }
// Now... enforce any overrides as necessary...
// Inspect commandline options (for changes to these defaults)
if ( GetMode(PrintTaskListMode) ) { // Task list mode requires that you obtain process data, and print it...
SetMode(InputProcessesFromLiveSystemMode, true); SetMode(QuietMode, false); SetMode(CollectVersionInfoMode, false); SetMode(VerifySymbolsModeWithSymbolPath, false); SetMode(InputCSVFileMode, false); SetMode(OutputCSVFileMode, false); SetMode(OutputSymbolInformationMode, false); }
// We can't build a symbol tree without verifying symbols...
if ( GetMode(BuildSymbolTreeMode) && !GetMode(VerifySymbolsMode) ) { SetMode(VerifySymbolsMode, true); }
/*
// If we're verifying, and we're not reading from a CSV file,
// then we should go ahead and collect symbol information (since we'll need it).
if ( GetMode(VerifySymbolsMode) && !GetMode(InputCSVFileMode) ) { SetMode(OutputSymbolInformationMode, true); }*/
// If we're reading a dump file, we should collect symbol information (and we do not
// want to read from a CSV file at the same time...
if ( GetMode(InputDmpFileMode) ) {// SetMode(OutputSymbolInformationMode, true);
SetMode(InputCSVFileMode, false); }
// If we've enabled Symbol Verification, then we default to VerifySymbolsModeWithSymbolPath
// if neither method were specified...
if ( GetMode(VerifySymbolsMode) && !GetMode(VerifySymbolsModeWithSymbolPath) && !GetMode(VerifySymbolsModeWithSQLServer) ) { SetMode(VerifySymbolsModeWithSymbolPath, true); }
return true;}
bool CProgramOptions::VerifySemiColonSeparatedPath(LPTSTR tszPath){ enum { MAX_PATH_ELEMENT_LENGTH = MAX_PATH-12 }; // We append \SYMBOLS\EXT to the end of the symbol path
if (!tszPath) return false;
TCHAR chTemp; int iLength; LPTSTR tszPointerToDelimiter; LPTSTR tszStartOfPathElement = tszPath; tszPointerToDelimiter = _tcschr(tszStartOfPathElement, ';');
if (tszPointerToDelimiter == NULL) { iLength = _tcslen(tszStartOfPathElement);#ifdef DEBUG
_tprintf(TEXT("DEBUG: Path provided = %s\n"), tszStartOfPathElement); _tprintf(TEXT("DEBUG: Path length = %d\n"), iLength);#endif
return ( iLength <= MAX_PATH_ELEMENT_LENGTH ); }
while (tszPointerToDelimiter) { // Okay, we found a delimiter
chTemp = *tszPointerToDelimiter; // Save the char away...
*tszPointerToDelimiter = '\0'; // Null terminate the path element
iLength = _tcslen(tszStartOfPathElement);
#ifdef DEBUG
_tprintf(TEXT("DEBUG: Path provided = %s\n"), tszStartOfPathElement); _tprintf(TEXT("DEBUG: Path length = %d\n"), iLength);#endif
if( iLength > MAX_PATH_ELEMENT_LENGTH ) { _tprintf(TEXT("Path is too long for element [%s]\n"), tszStartOfPathElement); *tszPointerToDelimiter = chTemp; return false; }
*tszPointerToDelimiter = chTemp; // Restore the char...
tszStartOfPathElement = CharNext(tszPointerToDelimiter); // Set new start of path element
tszPointerToDelimiter = _tcschr(tszStartOfPathElement, ';'); // Look for next delimiter
} // We will always have some part left to look at...
iLength = _tcslen(tszStartOfPathElement);
#ifdef DEBUG
_tprintf(TEXT("DEBUG: Path provided = %s\n"), tszStartOfPathElement); _tprintf(TEXT("DEBUG: Path length = %d\n"), iLength);#endif
return ( iLength <= MAX_PATH_ELEMENT_LENGTH );}
bool CProgramOptions::fDoesModuleMatchOurSearch(LPCTSTR tszModulePathToTest){ // If "-MATCH" was specified, look to see if this filename meets our criteria
if (!GetMode(MatchModuleMode)) return true;
TCHAR tszTestBuffer[_MAX_PATH];
// Before we copy to our string
if (_tcslen(tszModulePathToTest) > _MAX_PATH) return false;
// Copy to a read/write buffer...
_tcscpy(tszTestBuffer, tszModulePathToTest);
// Upper case for our test...
_tcsupr(tszTestBuffer);
return (_tcsstr(tszTestBuffer, GetModuleToMatch()) != NULL);}
bool CProgramOptions::DisplayProgramArguments(){ if (GetMode(QuietMode) || GetMode(PrintTaskListMode)) return false;
CUtilityFunctions::OutputLineOfStars();#ifdef _UNICODE
_tprintf(TEXT("CHECKSYM V%S - Symbol Verification Program \n"), VERSION_FILEVERSIONSTRING);#else
_tprintf(TEXT("CHECKSYM V%s - Symbol Verification Program \n"), VERSION_FILEVERSIONSTRING);#endif
CUtilityFunctions::OutputLineOfStars();
_tprintf(TEXT("\n***** COLLECTION OPTIONS *****\n")); // INPUT - FIRST, IF WE'RE LOOKING FOR LOCAL PROCESS DATA ON THIS MACHINE!
if (GetMode(InputProcessesFromLiveSystemMode)) { _tprintf(TEXT("\nCollect Information From Running Processes\n"));
if (!GetMode(InputProcessesWithMatchingNameOrPID)) { _tprintf(TEXT("\t-P *\t\t(Query all local processes)\n")); } else if (m_tszProcessName) { _tprintf(TEXT("\t-P %s\t\t(Query for specific process by name)\n"), m_tszProcessName); } else { _tprintf(TEXT("\t-P %d\t\t(Query for specific process ID)\n"), GetProcessID()); } }
if (GetMode(InputDriversFromLiveSystemMode)) { _tprintf(TEXT("\t-D\t\t(Query all local device drivers)\n")); } // INPUT - SECOND, IF WE'RE SCAVENGING ON THE LOCAL FILE SYSTEM...
if (GetMode(InputModulesDataFromFileSystemMode)) { _tprintf(TEXT("\nCollect Information From File(s) Specified by the User\n")); _tprintf(TEXT("\t-F %s\n"), m_tszInputModulesDataFromFileSystemPath); }
// INPUT - THIRD, CSV FILE
if (GetMode(InputCSVFileMode)) { _tprintf(TEXT("\nCollect Information from a Saved Checksym Generated CSV File\n")); _tprintf(TEXT("\t-I %s\n"), m_tszInputCSVFilePath); }
// INPUT - FOURTH, DMP FILE
if (GetMode(InputDmpFileMode)) { _tprintf(TEXT("\nCollect Information from a User.Dmp or Memory.Dmp File\n")); _tprintf(TEXT("\t-Z %s\n"), m_tszInputDmpFilePath); }
// MATCH - OPTIONS?
if (GetMode(MatchModuleMode)) { _tprintf(TEXT("\n***** MATCHING OPTIONS *****\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("\nLook for Modules that Match the Provided Text\n")); _tprintf(TEXT("\t-MATCH %s\n"), m_tszModuleToMatch); } _tprintf(TEXT("\n***** INFORMATION CHECKING OPTIONS *****\n"));
// INFO - FIRST, SYMBOL INFO
if (GetMode(OutputSymbolInformationMode)) { _tprintf(TEXT("\nOutput Symbol Information From Modules\n")); _tprintf(TEXT("\t-S\n")); }
// INFO - FIRST, SYMBOL INFO
if (GetMode(VerifySymbolsMode)) { _tprintf(TEXT("\nVerify Symbols Locally Using Collected Symbol Information\n")); _tprintf(TEXT("\t-V\n")); }
// INFO - SECOND, VERSION INFO
if (GetMode(CollectVersionInfoMode)) { _tprintf(TEXT("\nCollect Version and File-System Information From Modules\n")); _tprintf(TEXT("\t-R\n")); }
// INFO - THIRD, VERIFY MODE (WITH SYMBOL PATH AND/OR SQL SERVER)
if (GetMode(VerifySymbolsMode)) { if (GetMode(VerifySymbolsModeWithSymbolPath)) { _tprintf(TEXT("\nVerify Symbols for Modules Using Symbol Path\n")); _tprintf(TEXT("\t-Y %s\n"), m_tszSymbolPath); }
if (GetMode(VerifySymbolsModeWithSQLServer)) { _tprintf(TEXT("\nVerify Symbols for Modules Using SQL Server\n")); _tprintf(TEXT("\t-SQL %s\n"), m_tszSQLServer); } if (GetMode(VerifySymbolsModeWithSQLServer2)) { _tprintf(TEXT("\nVerify Symbols for Modules Using SQL Server\n")); _tprintf(TEXT("\t-SQL2 %s\n"), m_tszSQLServer2); } }
if (!GetMode(OutputSymbolInformationMode) && !GetMode(CollectVersionInfoMode) && !GetMode(VerifySymbolsMode) ) { _tprintf(TEXT("\nDump Module Paths\n")); }
_tprintf(TEXT("\n***** OUTPUT OPTIONS *****\n"));
if (!GetMode(QuietMode)) { _tprintf(TEXT("\nOutput Results to STDOUT\n")); }
if (GetMode(BuildSymbolTreeMode)) { _tprintf(TEXT("\nBuild a Symbol Tree of Matching Symbols\n")); _tprintf(TEXT("\t-B %s\n"), m_tszSymbolTreeToBuild); }
if (GetMode(OutputCSVFileMode)) { if (GetMode(ExceptionMonitorMode)) { _tprintf(TEXT("\nOutput Collected Module Information To a CSV File In Exception Monitor Format\n")); } else { _tprintf(TEXT("\nOutput Collected Module Information To a CSV File\n")); }
_tprintf(TEXT("\t-O %s\n"), m_tszOutputCSVFilePath); }
CUtilityFunctions::OutputLineOfDashes(); return true;}
void CProgramOptions::DisplayHelp(){ CUtilityFunctions::OutputLineOfStars();#ifdef _UNICODE
_tprintf(TEXT("CHECKSYM V%S - Symbol Verification Program \n"), VERSION_FILEVERSIONSTRING);#else
_tprintf(TEXT("CHECKSYM V%s - Symbol Verification Program \n"), VERSION_FILEVERSIONSTRING);#endif
CUtilityFunctions::OutputLineOfStars(); _tprintf(TEXT("\n"));#ifdef _UNICODE
_tprintf(TEXT("This version is supported for Windows NT 4.0 and Windows 2000\n"));#else
_tprintf(TEXT("This version is supported for Windows 98, Windows NT 4.0 and Windows 2000\n"));#endif
_tprintf(TEXT("\n")); _tprintf(TEXT("DESCRIPTION:\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("This program can be used to verify that you have proper symbol files\n")); _tprintf(TEXT("(*.DBG and/or *.PDB) on your system for the processes you have running, and\n")); _tprintf(TEXT("for symbol files on your filesystem. This program can also be used to\n")); _tprintf(TEXT("collect information regarding these modules and output this to a file.\n")); _tprintf(TEXT("The output file can then be given to another party (Microsoft Product\n")); _tprintf(TEXT("Support Services) where they can use the file to verify that they have\n")); _tprintf(TEXT("proper symbols for debugging your environment.\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("Obtaining online help:\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("CHECKSYM -? : Simple help usage\n")); _tprintf(TEXT("CHECKSYM -??? : Complete help usage (this screen)\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("Usage:\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("CHECKSYM [COLLECTION OPTIONS] [INFORMATION CHECKING OPTIONS] [OUTPUT OPTIONS]\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("***** COLLECTION OPTIONS *****\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("At least one collection option must be specified. The following options are\n")); _tprintf(TEXT("currently supported.\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" -P <Argument> : Collect Information From Running Processes\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" When used in conjunction with -O the output file will\n")); _tprintf(TEXT(" contain information about your running system. This\n")); _tprintf(TEXT(" operation should not interfere with the operation of\n")); _tprintf(TEXT(" running processes.\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" <Argument> = [ * | Process ID (pid) | Process Name ]\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" To query all running processes, specify the wildcard\n")); _tprintf(TEXT(" character '*'. To specify a specific process, you can\n")); _tprintf(TEXT(" provide the Process ID (as a decimal value), or the Process\n")); _tprintf(TEXT(" Name (eg. notepad.exe). If you use the Process Name as the\n")); _tprintf(TEXT(" argument, and multiple instances of that process are\n")); _tprintf(TEXT(" running they will all be inspected.\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" -D : Collect Information from Running Device Drivers\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" This option will obtain information for all device drivers\n")); _tprintf(TEXT(" (*.SYS files) running on the current system.\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("-F <File/Dir Path>:Collect Information From File(s) Specified by the User\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" This option will allow you to obtain module information\n")); _tprintf(TEXT(" for modules on the specified path. Multiple paths may be\n")); _tprintf(TEXT(" provided, separated by semicolons. If the path provided is\n")); _tprintf(TEXT(" a directory, then a recursive scan of files from that\n")); _tprintf(TEXT(" directory will be used to obtain module information. This\n")); _tprintf(TEXT(" input method is useful for situations where the module(s) is\n")); _tprintf(TEXT(" not loaded by an active process. (Eg. Perhaps a process is\n")); _tprintf(TEXT(" unable to start.)\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" -I <File Path> : Collect Information from a Saved Checksym Generated CSV File\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" This input method is useful when you want to evaluate\n")); _tprintf(TEXT(" whether you have proper symbols for modules on a different\n")); _tprintf(TEXT(" system. Most commonly this is useful for preparing to do a\n")); _tprintf(TEXT(" remote debug of a remote system. The use of -I prohibits\n")); _tprintf(TEXT(" the use of other collection options.\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" -Z <File Path> : Collect Information from a DMP File\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" This input method is useful when you have a DMP file and\n")); _tprintf(TEXT(" to ensure that you have matching symbols for it. Checksym\n")); _tprintf(TEXT(" tries to determine as much information as possible to\n")); _tprintf(TEXT(" in finding good symbols. If a module name can not be\n")); _tprintf(TEXT(" determined (mostly with modules that only use PDB files),\n")); _tprintf(TEXT(" the module will be listed as \"IMAGE<Virtual Address>\".\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" -MATCH <Text> : Collect Modules that match text only\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" This option allows you to restrict searching/collection to\n")); _tprintf(TEXT(" include only those modules that match the provided text.\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("***** INFORMATION CHECKING OPTIONS *****\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" -S : Collect/Display Symbol Information From Modules\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" This option is used to indicate that symbol information\n")); _tprintf(TEXT(" should be collected and displayed from every module analyzed.\n")); _tprintf(TEXT(" In order to verify proper symbols, symbol information must\n")); _tprintf(TEXT(" be gathered. It is possible to collect symbol information without\n")); _tprintf(TEXT(" verifying it. This case is usually used with the -O option\n")); _tprintf(TEXT(" to produce a saved CheckSym generated CSV file. Omitting\n")); _tprintf(TEXT(" -S and -V could direct CheckSym to collect only version\n")); _tprintf(TEXT(" information (if -R is specified), or no information (if\n")); _tprintf(TEXT(" no information checking options are specified.\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" -R : Collect Version and File-System Information From Modules\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" This option requests checksym to collect the following\n")); _tprintf(TEXT(" information from the file-system and version information\n")); _tprintf(TEXT(" structure (if any):\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" File Version\n")); _tprintf(TEXT(" Company Name\n")); _tprintf(TEXT(" File Description\n")); _tprintf(TEXT(" File Size (bytes)\n")); _tprintf(TEXT(" File Date/Time\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" -V[<blank>|1|2] : Verify Symbols for Modules\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" This option uses the symbol information gathered (-S option)\n")); _tprintf(TEXT(" to verify that proper symbols exist (as found along the\n")); _tprintf(TEXT(" symbol path. Use of -V implies -S when module collection is\n")); _tprintf(TEXT(" initiated. There are different levels of symbol\n")); _tprintf(TEXT(" verification:\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" -V or -V1 : (Default) This treats symbol files that match\n")); _tprintf(TEXT(" the module's time/date stamp, but have an wrong\n")); _tprintf(TEXT(" checksum as valid symbols. This is the default\n")); _tprintf(TEXT(" behavior and these symbols are typically valid.\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" -V2 : Only if both checksum and time/date stamp match\n")); _tprintf(TEXT(" is the symbol considered valid.\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("-Y[<blank>|1|2] <Symbol Path> : Verify Symbols Using This Symbol Path\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" This is a semi-colon separated search path for looking for\n")); _tprintf(TEXT(" symbols. This path is searched with the -V option. -Y now\n")); _tprintf(TEXT(" supports the use of SYMSRV DLLs for symbol searching. An\n")); _tprintf(TEXT(" example usage would be a symbol path that resembles:\n")); _tprintf(TEXT(" -Y SYMSRV*SYMSRV.DLL*\\\\SERVER\\SYMBOLS\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" The default value is %%systemroot%%\\symbols\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" -Y or -Y1 : (Default) This searches for symbols in the\n")); _tprintf(TEXT(" symbol paths using the behavior typical of the\n")); _tprintf(TEXT(" debuggers.\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" -Y2 : This searches for symbols in the symbol paths\n")); _tprintf(TEXT(" provided using a recursive search algorithm.\n")); _tprintf(TEXT(" This option is most useful when used with -B to\n")); _tprintf(TEXT(" build a symbol tree.\n")); _tprintf(TEXT("\n"));/*
// We're going to hide this option in the help text since this may go out to the public...
_tprintf(TEXT("-SQL <servername>: Collect symbol file location from the provided SQL\n")); _tprintf(TEXT(" servername. A hardcoded username/password is currently\n")); _tprintf(TEXT(" being used. A SQL server you can point to is \"BPSYMBOLS\"\n")); _tprintf(TEXT(" though this can change at anytime.\n")); _tprintf(TEXT("\n"));*/ _tprintf(TEXT("***** OUTPUT OPTIONS *****\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" -B <Symbol Dir> : Build a Symbol Tree of Matching Symbols\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" This option will create a new symbol tree for ALL matching\n")); _tprintf(TEXT(" symbols that are found through the verification process\n")); _tprintf(TEXT(" (-v option). This option is particularly useful when used\n")); _tprintf(TEXT(" with the -Y option when many symbol paths are specified\n")); _tprintf(TEXT(" and you want to build a single tree for a debug.\n")); /*
_tprintf(TEXT(" with the -SQL option, or -Y option when many symbol paths\n")); _tprintf(TEXT(" are specified and you want to build a single tree for a\n")); _tprintf(TEXT(" debug.\n"));*/ _tprintf(TEXT("\n")); _tprintf(TEXT(" -Q[<blank>|2] : Quiet modes (no screen output, or minimal screen output)\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" The default behavior is to print out the data to the\n")); _tprintf(TEXT(" console window (stdout). If the process terminates with an\n")); _tprintf(TEXT(" error, it will print out these (overriding -Q).\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" -Q2 : This option prints out a module ONLY if a symbol\n")); _tprintf(TEXT(" problem exists. (Not completely quiet mode!)\n"));/*
// We're going to hide this option in the help text since this may go out to the public...
_tprintf(TEXT("\n")); _tprintf(TEXT(" -E : This modifier abreviates the output from this program\n")); _tprintf(TEXT(" for the -O option. It does the following:\n")); _tprintf(TEXT(" * Removes the Checksym header\n")); _tprintf(TEXT(" * Removes the first three columns of data\n")); _tprintf(TEXT(" * Only prints out a module if there is a symbol verification problem\n"));*/ _tprintf(TEXT("\n")); _tprintf(TEXT("-O[<blank>|1|2] <File Path> : Output Collected Module Information To a CSV File\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" For this file to to be used as input (-I) to verify good\n")); _tprintf(TEXT(" symbols for this system, the -S option should also be used.\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" -O or -O1 : (Default) This output mode requires that the\n")); _tprintf(TEXT(" file does not exist.\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" -O2 : Specifying a -O2 will allow the output file\n")); _tprintf(TEXT(" to be OVERWRITTEN if it exists.\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" -T : Task List Output\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" Prints out a task list on the local machine (similar to the\n")); _tprintf(TEXT(" TLIST utility). This option implies the use of -P (querying\n")); _tprintf(TEXT(" the local system for active processes. You can provide the\n")); _tprintf(TEXT(" -P command explicitly (if you want to provide an argument,\n")); _tprintf(TEXT(" for instance). If -P is not specified explicitly, then it\n")); _tprintf(TEXT(" defaults to -P *. Also, -T overrides -Q since TLIST\n")); _tprintf(TEXT(" behavior is to print to the console window.\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("***** TYPICAL USAGE EXAMPLES *****\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("You want to verify the symbols for files in a directory (%%SYSTEMROOT%%\\SYSTEM32)\n")); _tprintf(TEXT("in the default symbol directory (%%SYSTEMROOT%%\\SYMBOLS)\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" CHECKSYM -F %%SYSTEMROOT%%\\SYSTEM32 -V\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("You want to do the same search, but for only executables...\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" CHECKSYM -F %%SYSTEMROOT%%\\SYSTEM32\\*.EXE -V\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("You want to search a directory using multiple symbol paths...\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" CHECKSYM -F %%SYSTEMROOT%%\\SYSTEM32\\ -V -Y V:\\nt40sp4;V:\\nt40rtm\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("You want to know what modules are loaded for a process (and the path to each)\n")); _tprintf(TEXT("Start NOTEPAD.EXE, and then type:\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" CHECKSYM -P NOTEPAD.EXE\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("You want to know if you have good symbols for a process (notepad.exe).\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" CHECKSYM -P NOTEPAD.EXE -V\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("You want to know the file version for every module loaded by a process.\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" CHECKSYM -P NOTEPAD.EXE -R\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("You want to know if you have good symbols for ALL processes on your machine.\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" CHECKSYM -P * -V\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("***** ADVANCED USAGE EXAMPLES *****\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("You are going to prepare to debug a remote system, and you want to ensure\n")); _tprintf(TEXT("that you have good symbols locally for debugging the remote system. You want\n")); _tprintf(TEXT("to verify this prior to initiating the debug session.\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("Use checksym twice, once on the remote system to gather information and create\n")); _tprintf(TEXT("an output file, and then once on your system using the output file created\n")); _tprintf(TEXT("as an input argument.\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("For example, run this on the remote system\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" CHECKSYM -P * -S -R -O C:\\TEMP\\PROCESSES.CSV\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("The C:\\TEMP\\PROCESSES.CSV file will contain a wealth of information about\n")); _tprintf(TEXT("the processes that were running, and the modules loaded by every process.\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("Now, get the output file from the remote system, and copy it locally. Then\n\n")); _tprintf(TEXT("run CHECKSYM again, using the file as an input argument...\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" CHECKSYM -I C:\\TEMP\\PROCESSES.CSV -V\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("Another useful option is -B (build a symbol tree). It allows you to update\n")); _tprintf(TEXT("or create a symbol tree that contains matching symbols. If you have to use\n")); _tprintf(TEXT("many symbol paths in order to have correct symbols available to a debugger,\n")); _tprintf(TEXT("can use the -B option to build a single symbol tree to simplify debugging.\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" CHECKSYM -P * -B C:\\MySymbols -V -Y V:\\Nt4;V:\\Nt4Sp6a;V:\\NtHotfixes\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("***** DEFAULT BEHAVIOR *****\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("The default behavior of CHECKSYM when no arguments are provided is:\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("CHECKSYM -P * -R -V -Y %%SYSTEMROOT%%\\SYMBOLS\n"));}
void CProgramOptions::DisplaySimpleHelp(){ CUtilityFunctions::OutputLineOfStars();#ifdef _UNICODE
_tprintf(TEXT("CHECKSYM V%S - Symbol Verification Program \n"), VERSION_FILEVERSIONSTRING);#else
_tprintf(TEXT("CHECKSYM V%s - Symbol Verification Program \n"), VERSION_FILEVERSIONSTRING);#endif
CUtilityFunctions::OutputLineOfStars(); _tprintf(TEXT("\n"));#ifdef _UNICODE
_tprintf(TEXT("This version supports Windows NT 4.0 and Windows 2000\n"));#else
_tprintf(TEXT("This version supports Windows 98, Windows NT 4.0 and Windows 2000\n"));#endif
_tprintf(TEXT("\n")); _tprintf(TEXT("Obtaining online help:\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("CHECKSYM -? : Simple help usage (this screen)\n")); _tprintf(TEXT("CHECKSYM -??? : Complete help usage\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("Usage:\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("CHECKSYM [COLLECTION OPTIONS] [INFORMATION CHECKING OPTIONS] [OUTPUT OPTIONS]\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("***** COLLECTION OPTIONS *****\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("At least one collection option must be specified. The following options are\n")); _tprintf(TEXT("currently supported.\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" -P <Argument> : Collect Information From Running Processes\n")); _tprintf(TEXT(" -D : Collect Information from Running Device Drivers\n")); _tprintf(TEXT("-F <File/Dir Path>:Collect Information From File(s) Specified by the User\n")); _tprintf(TEXT(" -I <File Path> : Collect Information from a Saved Checksym Generated CSV File\n")); _tprintf(TEXT(" -Z <File Path> : Collect Information from a DMP File\n")); _tprintf(TEXT(" -MATCH <Text> : Collect Modules that match text only\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("***** INFORMATION CHECKING OPTIONS *****\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" -S : Collect Symbol Information From Modules\n")); _tprintf(TEXT(" -R : Collect Version and File-System Information From Modules\n")); _tprintf(TEXT(" -V[<blank>|1|2] : Verify Symbols for Modules\n")); _tprintf(TEXT(" -Y[<blank>|1|2] <Symbol Path> : Verify Symbols Using This Symbol Path\n"));
_tprintf(TEXT("\n"));/*
// We're going to hide this option in the help text since this may go out to the public...
_tprintf(TEXT("-SQL <servername>: Collect symbol file location from the provided SQL\n")); _tprintf(TEXT("\n"));*/ _tprintf(TEXT("***** OUTPUT OPTIONS *****\n")); _tprintf(TEXT("\n")); _tprintf(TEXT(" -B <Symbol Dir> : Build a Symbol Tree of Matching Symbols\n")); _tprintf(TEXT(" -Q[<blank>|2] : Quiet modes (no screen output, or minimal screen output)\n"));/*
// We're going to hide this option in the help text since this may go out to the public...
_tprintf(TEXT("\n")); _tprintf(TEXT(" -E : This modifier abreviates the output from this program\n"));*/ _tprintf(TEXT("-O[<blank>|1|2] <File Path> : Output Collected Module Information To a CSV File\n")); _tprintf(TEXT(" -T : Task List Output\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("***** DEFAULT BEHAVIOR *****\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("The default behavior of CHECKSYM when no arguments are provided is:\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("CHECKSYM -P * -R -V -Y %%SYSTEMROOT%%\\SYMBOLS\n")); _tprintf(TEXT("\n")); _tprintf(TEXT("For more usage information run CHECKSYM -???\n"));}
|
