archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 9769ad7c3d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9769ad7c3d'
${ noResults }
windows-xp/Source/XPSP1/NT/sdktools/debuggers/imagehlp/dumpsym.c

829 lines
17 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 2000 Microsoft Corporation
  5. Module Name:
  7. dumpsym.cxx
  9. Abstract:
  11. This is the command line tool to dump symbols from an image.
  13. Author:
  15. David Fields - Feb 23, 2000
  16. Silviu Calinoiu - Feb 28, 2000
  18. Revision History:
  20. --*/
  22. #include <nt.h>
  23. #include <ntrtl.h>
  24. #include <nturtl.h>
  25. #include <stdio.h>
  26. #include <stdlib.h>
  27. #include <stdarg.h>
  28. #include <tchar.h>
  29. #include <windows.h>
  30. #include <imagehlp.h>
  31. #include <common.ver>
  33. //
  34. // Section information
  35. //
  37. typedef struct {
  39. CHAR Name [9];
  40. DWORD64 Start;
  41. ULONG Size;
  43. } IMG_SECTION_INFO, * PIMG_SECTION_INFO;
  45. #define MAX_NUMBER_OF_SECTIONS 1024
  46. IMG_SECTION_INFO Section [MAX_NUMBER_OF_SECTIONS];
  47. ULONG SectionWriteIndex = 0;
  50. typedef struct {
  52. HANDLE File;
  53. HANDLE Section;
  54. LPBYTE ImageBase;
  56. PIMAGE_DOS_HEADER DosHeader;
  57. PIMAGE_FILE_HEADER FileHeader;
  58. PIMAGE_OPTIONAL_HEADER OptionalHeader;
  59. PIMAGE_SECTION_HEADER SectionHeader;
  61. DWORD FileSignature;
  63. PIMAGE_DATA_DIRECTORY ImportDirectory;
  64. PIMAGE_SECTION_HEADER ImportSection;
  65. PIMAGE_IMPORT_DESCRIPTOR ImportDescriptor;
  66. DWORD_PTR AddressCorrection;
  68. } IMAGE_BROWSE_INFO, *PIMAGE_BROWSE_INFO;
  71. BOOL
  72. ImgInitializeBrowseInfo (
  74. LPCTSTR FilePath,
  75. PIMAGE_BROWSE_INFO Info);
  78. BOOL
  79. ImgDeleteBrowseInfo (
  81. PIMAGE_BROWSE_INFO Info);
  83. PCHAR
  84. ImgSearchSectionForAddress (
  85. DWORD64 Address
  86. );
  88. BOOL
  89. ShouldExcludeSymbol (
  90. LPSTR Name
  91. );
  93. BOOL
  94. OpenExcludeFile (
  95. LPSTR FilePath
  96. );
  98. //
  99. // Symbol information
  100. //
  102. typedef struct {
  104. LPSTR Name;
  105. DWORD64 Address;
  106. ULONG Size;
  107. BOOL Exclude;
  109. } SYMBOL, *PSYMBOL;
  111. PSYMBOL Symbols;
  112. DWORD SymbolCount;
  113. DWORD TotalNumberOfSymbols;
  115. VOID
  116. DumpSymbols(
  117. char *,
  118. BOOL All,
  119. BOOL SortBySize);
  121. VOID
  122. PrintUsage(
  123. );
  125. VOID
  126. Error (
  127. char * Fmt,
  128. ...
  129. );
  131. int __cdecl
  132. SymbolCompareBySize(
  133. const void * Arg1,
  134. const void * Arg2
  135. );
  137. int __cdecl
  138. SymbolCompareByAddress(
  139. const void * Arg1,
  140. const void * Arg2
  141. );
  143. BOOL
  144. CALLBACK
  145. SymbolEnumerationCallback(
  146. LPSTR SymbolName,
  147. DWORD64 SymbolAddress,
  148. ULONG SymbolSize,
  149. PVOID UserContext
  150. );
  152. /////////////////////////////////////////////////////////////////////
  153. /////////////////////////////////////////////////////////////////////
  154. /////////////////////////////////////////////////////////////////////
  156. VOID
  157. Help (
  158. )
  159. {
  160. printf("dumpsym BINARY-PATH [OPTIONS] \n");
  161. printf("%s \n", VER_LEGALCOPYRIGHT_STR);
  162. printf(" \n");
  163. printf("OPTIONS: \n");
  164. printf("/notpaged Print all symbols that are not pageable \n");
  165. printf("/all Print all symbols (default) \n");
  166. printf("/address Sort by address in increasing order \n");
  167. printf("/size Sort by size in decreasing order (default) \n");
  168. printf("/exclude PATH File with symbols that should be ignored \n");
  169. printf("/symbols PATH Symbols path. If not specified symbols must be \n");
  170. printf(" in the directory containing the binary. \n");
  171. printf(" \n");
  172. printf("Ex. dumpsym c:\\binaries.x86fre\\ntoskrnl.exe \n");
  173. printf(" /symbols c:\\binaries.x86fre\\Symbols.pri\\retail \n");
  174. printf(" \n");
  175. printf("This tool can be used to determine what symbols are not paged \n");
  176. printf("and then manually analyze if any of the functions or variables \n");
  177. printf("can be moved into a PAGEXXXX section (become pageable). When \n");
  178. printf("analyzing this data please take into account that the size for \n");
  179. printf("some symbols includes padding/alignment zones and therefore \n");
  180. printf("appears to be bigger than it really is. \n");
  181. printf(" \n");
  182. printf("Ex. dumpsym \\\\robsvbl1\\latest\\ntfs.sys \n");
  183. printf(" /symbols \\\\robsvbl1\\latest\\Symbols.pri\\retail \n");
  184. printf(" /notpaged /size \n");
  185. printf(" \n");
  186. printf(" \n");
  187. exit(-1);
  188. }
  191. VOID
  192. Error (
  193. char * Fmt,
  194. ...
  195. )
  196. {
  197. va_list Prms;
  199. va_start (Prms, Fmt);
  200. fprintf (stderr, "Dumpsym error: ");
  201. vfprintf (stderr, Fmt, Prms);
  202. fprintf (stderr, "\n");
  203. fflush (stderr);
  204. exit (1);
  205. }
  207. PCHAR *
  208. SearchOption (
  209. PCHAR * Args,
  210. PCHAR Option
  211. )
  212. {
  213. for ( ; Args && *Args; Args++) {
  214. if (_stricmp (*Args, Option) == 0) {
  215. return Args;
  216. }
  217. }
  219. return NULL;
  220. }
  223. //
  224. // main
  225. //
  227. VOID __cdecl
  228. main (
  229. int argc,
  230. char *argv[]
  231. )
  232. {
  233. IMAGE_BROWSE_INFO Info;
  234. PCHAR ExeName;
  235. PCHAR LongName;
  236. BOOL OptionAll;
  237. BOOL OptionSortBySize;
  238. PCHAR * OptionString;
  240. if (argc == 1 || SearchOption (argv, "/?")) {
  241. Help ();
  242. }
  244. SymInitialize(GetCurrentProcess(), NULL, FALSE);
  245. SymSetOptions(SYMOPT_UNDNAME);
  247. //
  248. // /exclude EXCLUDE-FILE-PATH
  249. //
  251. if ((OptionString = SearchOption (argv, "/exclude"))) {
  252. OpenExcludeFile (*(OptionString + 1));
  253. }
  255. //
  256. // dumpsym PATH-TO-BINARY
  257. //
  259. if ((OptionString = SearchOption (argv, argv[0]))) {
  261. ImgInitializeBrowseInfo (*(OptionString + 1), &Info);
  262. LongName = *(OptionString + 1);
  263. }
  264. else {
  265. Help ();
  266. }
  268. //
  269. // /symbols SYMBOL-PATH
  270. //
  272. if ((OptionString = SearchOption (argv, "/symbols"))) {
  273. SetCurrentDirectory (*(OptionString + 1));
  274. }
  276. //
  277. // Dump options.
  278. //
  280. OptionAll = TRUE;
  281. OptionSortBySize = TRUE;
  283. if (SearchOption (argv, "/notpaged")) {
  284. OptionAll = FALSE;
  285. }
  287. if (SearchOption (argv, "/all")) {
  288. OptionAll = TRUE;
  289. }
  291. if (SearchOption (argv, "/address")) {
  292. OptionSortBySize = FALSE;
  293. }
  295. if (SearchOption (argv, "/size")) {
  296. OptionSortBySize = TRUE;
  297. }
  299. //
  300. // Dump stuff.
  301. //
  303. DumpSymbols (LongName, OptionAll, OptionSortBySize);
  304. }
  306. LPSTR
  307. CopyString (
  308. LPSTR Source
  309. )
  310. {
  311. LPSTR Target;
  313. Target = (LPSTR) malloc (strlen(Source) + 1);
  315. if (Target) {
  316. strcpy (Target, Source);
  317. }
  319. return Target;
  320. }
  323. BOOL
  324. CALLBACK
  325. SymbolEnumerationCallback(
  326. LPSTR SymbolName,
  327. DWORD64 SymbolAddress,
  328. ULONG SymbolSize,
  329. PVOID UserContext
  330. )
  331. {
  332. if (PtrToUlong(UserContext) == 1) {
  334. if (SymbolName == NULL) {
  335. Error ("Ooops");
  336. }
  338. if (SymbolCount >= TotalNumberOfSymbols) {
  339. Error ("enumerated more symbols on second pass");
  340. }
  342. Symbols[SymbolCount].Name = CopyString (SymbolName);
  343. Symbols[SymbolCount].Address = SymbolAddress;
  344. Symbols[SymbolCount].Size = SymbolSize;
  346. if (Symbols[SymbolCount].Name == NULL) {
  347. Symbols[SymbolCount].Name = "*error*";
  348. }
  349. }
  351. SymbolCount += 1;
  352. return TRUE;
  353. }
  356. int __cdecl
  357. SymbolCompareBySize(
  358. const void * Arg1,
  359. const void * Arg2
  360. )
  361. {
  362. PSYMBOL Sym1 = (PSYMBOL) Arg1;
  363. PSYMBOL Sym2 = (PSYMBOL) Arg2;
  365. // decreasing order by size
  366. return (Sym2->Size - Sym1->Size);
  367. }
  370. int __cdecl
  371. SymbolCompareByAddress(
  372. const void * Arg1,
  373. const void * Arg2
  374. )
  375. {
  376. PSYMBOL Sym1 = (PSYMBOL) Arg1;
  377. PSYMBOL Sym2 = (PSYMBOL) Arg2;
  378. INT64 Delta;
  380. // increasing order by address
  381. Delta = (INT64)(Sym1->Address - Sym2->Address);
  383. if (Delta > 0) {
  384. return 1;
  385. }
  386. else if (Delta == 0) {
  387. return 0;
  388. }
  389. else {
  390. return -1;
  391. }
  392. }
  395. VOID
  396. DumpSymbols(
  397. LPTSTR ImageName,
  398. BOOL All,
  399. BOOL SortBySize)
  400. {
  401. DWORD64 BaseOfDll;
  402. PCHAR SectionName;
  403. DWORD I, J;
  404. BOOL FoundOne;
  406. //
  407. // Load symbols
  408. //
  410. BaseOfDll = SymLoadModule64(
  411. GetCurrentProcess (),
  412. NULL,
  413. ImageName,
  414. NULL,
  415. 0,
  416. 0);
  418. if (BaseOfDll == 0) {
  419. Error ("cannot load symbols for %s \n", ImageName);
  420. }
  422. //
  423. // Number the symbols
  424. //
  426. SymbolCount = 0;
  428. SymEnumerateSymbols64(
  429. GetCurrentProcess(),
  430. BaseOfDll,
  431. SymbolEnumerationCallback,
  432. 0); // Count them
  434. TotalNumberOfSymbols = SymbolCount;
  435. printf("Detected %u symbols in %s \n\n", TotalNumberOfSymbols, ImageName);
  437. //
  438. // Read all symbols.
  439. //
  441. SymbolCount = 0;
  442. Symbols = malloc(TotalNumberOfSymbols * sizeof(SYMBOL));
  444. if (Symbols == NULL) {
  445. Error ("out of memory (failed to allocate %u bytes)", TotalNumberOfSymbols * sizeof(SYMBOL));
  446. }
  448. SymEnumerateSymbols64(
  449. GetCurrentProcess(),
  450. BaseOfDll,
  451. SymbolEnumerationCallback,
  452. (PVOID)1);
  454. //
  455. // Sort symbols
  456. //
  458. qsort(
  459. Symbols,
  460. TotalNumberOfSymbols,
  461. sizeof(SYMBOL),
  462. (SortBySize ? SymbolCompareBySize : SymbolCompareByAddress));
  464. //
  465. // Figure out symbols that should not be printed.
  466. //
  468. for (J = 0; J < TotalNumberOfSymbols; J++) {
  470. if (ShouldExcludeSymbol (Symbols[J].Name)) {
  471. Symbols[J].Exclude = TRUE;
  472. }
  473. else {
  474. Symbols[J].Exclude = FALSE;
  475. }
  476. }
  478. //
  479. // Print symbols
  480. //
  482. printf("%-8s %-16s %-8s %s \n", "Section", "Address", "Size", "Symbol");
  483. printf("-------------------------------------------------------------\n");
  485. for (I = 0; I < SectionWriteIndex; I++) {
  487. for (J = 0, FoundOne = FALSE; J < TotalNumberOfSymbols; J++) {
  489. if (Symbols[J].Exclude) {
  490. continue;
  491. }
  493. SectionName = ImgSearchSectionForAddress (
  494. Symbols[J].Address - BaseOfDll);
  496. if (strcmp (SectionName, Section[I].Name) == 0) {
  497. if (All || strstr (SectionName,"PAGE") == NULL) {
  499. if (Symbols[J].Name == NULL) {
  500. printf(".\n");
  501. continue;
  502. }
  503. printf("%-8s %016I64X %08X %s \n",
  504. SectionName,
  505. Symbols[J].Address - BaseOfDll,
  506. Symbols[J].Size,
  507. Symbols[J].Name);
  509. FoundOne = TRUE;
  510. }
  511. }
  512. }
  514. if (FoundOne) {
  515. printf("\n");
  516. }
  517. }
  519. //
  520. // Unload symbols
  521. //
  523. if (SymUnloadModule64(GetCurrentProcess(), BaseOfDll) == FALSE) {
  524. Error ("cannot unload symbols");
  525. }
  526. }
  528. /////////////////////////////////////////////////////////////////////
  529. /////////////////////////////////////// Section manipulation routines
  530. /////////////////////////////////////////////////////////////////////
  532. //
  533. // Function:
  534. //
  535. // ImgInitializeBrowseInfo
  536. //
  537. // Description:
  538. //
  539. // This functions fills oout the `Info' structure with
  540. // various pointers to PE data from the mapped image file.
  541. //
  542. // Note. Even if the function returned false the destructor
  543. // `ImgDeleteBrowseInfo' should be called because it does some
  544. // cleanup.
  545. //
  546. // Return:
  547. //
  548. // True if all the PE data pointers have been obtained.
  549. //
  551. BOOL
  552. ImgInitializeBrowseInfo (
  554. LPCTSTR FilePath,
  555. PIMAGE_BROWSE_INFO Info)
  556. {
  557. DWORD Index, I;
  559. if (Info == NULL) {
  560. return FALSE;
  561. }
  563. ZeroMemory (Info, sizeof *Info);
  565. Info->File = CreateFile (
  567. FilePath,
  568. GENERIC_READ,
  569. FILE_SHARE_READ | FILE_SHARE_WRITE,
  570. NULL,
  571. OPEN_EXISTING,
  572. 0,
  573. NULL);
  575. if (Info->File == INVALID_HANDLE_VALUE) {
  577. Error ("create file %s (error %u)", FilePath, GetLastError());
  578. return FALSE;
  579. }
  581. Info->Section = CreateFileMapping (
  583. Info->File,
  584. NULL,
  585. PAGE_READONLY,
  586. 0,
  587. 0,
  588. NULL);
  590. if (Info->Section == NULL) {
  592. return FALSE;
  593. }
  595. Info->ImageBase = (LPBYTE) MapViewOfFile (
  597. Info->Section,
  598. FILE_MAP_READ,
  599. 0,
  600. 0,
  601. 0);
  603. if (Info->ImageBase == NULL) {
  605. return FALSE;
  606. }
  608. //
  609. // Check the signature
  610. //
  612. Info->DosHeader = (PIMAGE_DOS_HEADER)Info->ImageBase;
  614. if (Info->DosHeader->e_magic != 'ZM') {
  616. return FALSE;
  617. }
  619. Info->FileHeader = (PIMAGE_FILE_HEADER)
  620. (Info->ImageBase + Info->DosHeader->e_lfanew + sizeof(DWORD));
  622. Info->FileSignature = *((DWORD *)Info->FileHeader - 1);
  624. if (Info->FileSignature != IMAGE_NT_SIGNATURE) {
  626. return FALSE;
  627. }
  630. Info->OptionalHeader = (PIMAGE_OPTIONAL_HEADER)(Info->FileHeader + 1);
  631. Info->ImportDirectory = & (Info->OptionalHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT]);
  632. Info->SectionHeader = (PIMAGE_SECTION_HEADER)(Info->OptionalHeader + 1);
  633. Info->ImportSection = NULL;
  635. //
  636. // Find the section containing the import table
  637. //
  639. printf("Sections in %s \n\n", FilePath);
  641. for (Index = 0; Index < Info->FileHeader->NumberOfSections; Index++) {
  643. //
  644. // SilviuC: I wonder if there is a way to get a 64 bit value for VirtualAddress.
  645. // Apparently it is stored as a ULONG in PE format.
  646. //
  648. Section[SectionWriteIndex].Start = (DWORD64)((Info->SectionHeader + Index)->VirtualAddress);
  649. Section[SectionWriteIndex].Size = (Info->SectionHeader + Index)->SizeOfRawData;
  651. for (I = 0; I < 8; I++) {
  652. Section[SectionWriteIndex].Name[I] = ((Info->SectionHeader + Index)->Name)[I];
  653. }
  655. Section[SectionWriteIndex].Name[I] = 0;
  657. printf("%-8s %08X %08X \n",
  658. Section[SectionWriteIndex].Name,
  659. Section[SectionWriteIndex].Start,
  660. Section[SectionWriteIndex].Size);
  662. SectionWriteIndex += 1;
  663. }
  665. printf("\n");
  667. //
  668. // Find the address of import data in the section body.
  669. //
  671. #if 0
  672. Info->AddressCorrection = (DWORD_PTR)Info->ImageBase
  673. + Info->ImportSection->PointerToRawData
  674. - Info->ImportSection->VirtualAddress;
  676. Info->ImportDescriptor = (PIMAGE_IMPORT_DESCRIPTOR)(Info->AddressCorrection
  677. + Info->ImportDirectory->VirtualAddress);
  678. #endif
  680. //
  681. // Finish
  682. //
  684. return TRUE;
  685. }
  688. //
  689. // Function:
  690. //
  691. // ImgDeleteBrowseInfo
  692. //
  693. // Description:
  694. //
  695. // This function cleans up the `Info' structure, unmaps views,
  696. // closes handles, etc.
  697. //
  699. BOOL
  700. ImgDeleteBrowseInfo (
  702. PIMAGE_BROWSE_INFO Info)
  703. {
  704. if (Info == NULL)
  705. return FALSE;
  707. UnmapViewOfFile (Info->ImageBase);
  708. CloseHandle (Info->Section);
  709. CloseHandle (Info->File);
  711. ZeroMemory (Info, sizeof *Info);
  713. return TRUE;
  714. }
  716. PCHAR
  717. ImgSearchSectionForAddress (
  718. DWORD64 Address
  719. )
  720. {
  721. DWORD I;
  723. for (I = 0; I < SectionWriteIndex; I++) {
  724. if (Section[I].Start <= Address && Address < Section[I].Start + Section[I].Size) {
  725. return Section[I].Name;
  726. }
  727. }
  729. return "unknown";
  730. }
  732. //
  733. // Exclude file logic
  734. //
  736. PCHAR *ExcludeStrings;
  737. DWORD NumberOfExcludeStrings;
  739. BOOL
  740. ShouldExcludeSymbol (
  741. LPSTR Name
  742. )
  743. {
  744. DWORD I;
  746. if (ExcludeStrings == NULL) {
  747. return FALSE;
  748. }
  749. for (I = 0; I <NumberOfExcludeStrings; I += 1) {
  751. if (_stricmp (Name, ExcludeStrings[I]) == 0) {
  752. return TRUE;
  753. }
  754. }
  756. return FALSE;
  757. }
  759. BOOL
  760. OpenExcludeFile (
  761. LPSTR FilePath
  762. )
  763. {
  764. FILE * File;
  765. CHAR String[1024];
  766. DWORD StringCount = 0;
  768. File = fopen (FilePath, "r");
  770. if (File == NULL) {
  771. Error ("cannot open exclude file %s", FilePath);
  772. }
  774. while (fgets (String, 1024, File)) {
  775. StringCount += 1;
  776. }
  778. fclose (File);
  780. ExcludeStrings = (PCHAR *)malloc (StringCount * sizeof(PVOID));
  782. if (ExcludeStrings == NULL) {
  783. Error ("cannot allocate exclude strings buffer");
  784. }
  786. NumberOfExcludeStrings = StringCount;
  788. printf("Excluding %u symbols from %s \n",
  789. NumberOfExcludeStrings,
  790. FilePath);
  792. File = fopen (FilePath, "r");
  793. if (!File) {
  794. Error ("cannot open file");
  795. }
  797. StringCount = 0;
  799. while (fgets (String, 1024, File)) {
  801. PCHAR Start, Current;
  803. Current = String;
  805. while (*Current == ' ' || *Current == '\t') {
  806. Current += 1;
  807. }
  809. Start = Current;
  811. while (*Current && *Current != ' ' && *Current != '\t' && *Current != '\n') {
  812. Current += 1;
  813. }
  815. *Current = '\0';
  817. if (StringCount < NumberOfExcludeStrings) {
  818. ExcludeStrings[StringCount] = CopyString (Start);
  820. // printf("Exclude %s \n", ExcludeStrings[StringCount]);
  821. }
  823. StringCount += 1;
  824. }
  826. fclose (File);
  828. return TRUE;
  829. }