?? dbghelp.h
字號:
/*++ BUILD Version: 0001 Increment this if a change has global effects
Copyright (c) Microsoft Corporation. All rights reserved.
Module Name:
dbghelp.h
Abstract:
This module defines the prototypes and constants required for the image
help routines.
Contains debugging support routines that are redistributable.
Revision History:
--*/
#ifndef _DBGHELP_
#define _DBGHELP_
#if _MSC_VER > 1020
#pragma once
#endif
// As a general principal always call the 64 bit version
// of every API, if a choice exists. The 64 bit version
// works great on 32 bit platforms, and is forward
// compatible to 64 bit platforms.
#ifdef _WIN64
#ifndef _IMAGEHLP64
#define _IMAGEHLP64
#endif
#endif
#ifdef __cplusplus
extern "C" {
#endif
#ifdef _IMAGEHLP_SOURCE_
#define IMAGEAPI __stdcall
#define DBHLP_DEPRECIATED
#else
#define IMAGEAPI DECLSPEC_IMPORT __stdcall
#if (_MSC_VER >= 1300) && !defined(MIDL_PASS)
#define DBHLP_DEPRECIATED __declspec(deprecated)
#else
#define DBHLP_DEPRECIATED
#endif
#endif
#define DBHLPAPI IMAGEAPI
#define IMAGE_SEPARATION (64*1024)
typedef struct _LOADED_IMAGE {
PSTR ModuleName;
HANDLE hFile;
PUCHAR MappedAddress;
#ifdef _IMAGEHLP64
PIMAGE_NT_HEADERS64 FileHeader;
#else
PIMAGE_NT_HEADERS32 FileHeader;
#endif
PIMAGE_SECTION_HEADER LastRvaSection;
ULONG NumberOfSections;
PIMAGE_SECTION_HEADER Sections;
ULONG Characteristics;
BOOLEAN fSystemImage;
BOOLEAN fDOSImage;
LIST_ENTRY Links;
ULONG SizeOfImage;
} LOADED_IMAGE, *PLOADED_IMAGE;
#define MAX_SYM_NAME 2000
HANDLE
IMAGEAPI
FindDebugInfoFile (
PSTR FileName,
PSTR SymbolPath,
PSTR DebugFilePath
);
typedef BOOL
(CALLBACK *PFIND_DEBUG_FILE_CALLBACK)(
HANDLE FileHandle,
PSTR FileName,
PVOID CallerData
);
HANDLE
IMAGEAPI
FindDebugInfoFileEx (
PSTR FileName,
PSTR SymbolPath,
PSTR DebugFilePath,
PFIND_DEBUG_FILE_CALLBACK Callback,
PVOID CallerData
);
typedef BOOL
(CALLBACK *PFINDFILEINPATHCALLBACK)(
PSTR filename,
PVOID context
);
BOOL
IMAGEAPI
SymFindFileInPath(
HANDLE hprocess,
LPSTR SearchPath,
LPSTR FileName,
PVOID id,
DWORD two,
DWORD three,
DWORD flags,
LPSTR FoundFile,
PFINDFILEINPATHCALLBACK callback,
PVOID context
);
HANDLE
IMAGEAPI
FindExecutableImage(
PSTR FileName,
PSTR SymbolPath,
PSTR ImageFilePath
);
typedef BOOL
(CALLBACK *PFIND_EXE_FILE_CALLBACK)(
HANDLE FileHandle,
PSTR FileName,
PVOID CallerData
);
HANDLE
IMAGEAPI
FindExecutableImageEx(
PSTR FileName,
PSTR SymbolPath,
PSTR ImageFilePath,
PFIND_EXE_FILE_CALLBACK Callback,
PVOID CallerData
);
PIMAGE_NT_HEADERS
IMAGEAPI
ImageNtHeader (
IN PVOID Base
);
PVOID
IMAGEAPI
ImageDirectoryEntryToDataEx (
IN PVOID Base,
IN BOOLEAN MappedAsImage,
IN USHORT DirectoryEntry,
OUT PULONG Size,
OUT PIMAGE_SECTION_HEADER *FoundHeader OPTIONAL
);
PVOID
IMAGEAPI
ImageDirectoryEntryToData (
IN PVOID Base,
IN BOOLEAN MappedAsImage,
IN USHORT DirectoryEntry,
OUT PULONG Size
);
PIMAGE_SECTION_HEADER
IMAGEAPI
ImageRvaToSection(
IN PIMAGE_NT_HEADERS NtHeaders,
IN PVOID Base,
IN ULONG Rva
);
PVOID
IMAGEAPI
ImageRvaToVa(
IN PIMAGE_NT_HEADERS NtHeaders,
IN PVOID Base,
IN ULONG Rva,
IN OUT PIMAGE_SECTION_HEADER *LastRvaSection
);
// Symbol server exports
typedef BOOL (WINAPI *PSYMBOLSERVERPROC)(LPCSTR, LPCSTR, PVOID, DWORD, DWORD, LPSTR);
typedef BOOL (WINAPI *PSYMBOLSERVEROPENPROC)(VOID);
typedef BOOL (WINAPI *PSYMBOLSERVERCLOSEPROC)(VOID);
typedef BOOL (WINAPI *PSYMBOLSERVERSETOPTIONSPROC)(UINT_PTR, ULONG64);
typedef BOOL (CALLBACK WINAPI *PSYMBOLSERVERCALLBACKPROC)(UINT_PTR action, ULONG64 data, ULONG64 context);
typedef UINT_PTR (WINAPI *PSYMBOLSERVERGETOPTIONSPROC)();
typedef BOOL (WINAPI *PSYMBOLSERVERPINGPROC)(LPCSTR);
#define SSRVOPT_CALLBACK 0x001
#define SSRVOPT_DWORD 0x002
#define SSRVOPT_DWORDPTR 0x004
#define SSRVOPT_GUIDPTR 0x008
#define SSRVOPT_OLDGUIDPTR 0x010
#define SSRVOPT_UNATTENDED 0x020
#define SSRVOPT_NOCOPY 0x040
#define SSRVOPT_PARENTWIN 0x080
#define SSRVOPT_PARAMTYPE 0x100
#define SSRVOPT_SECURE 0x200
#define SSRVOPT_TRACE 0x400
#define SSRVOPT_RESET ((ULONG_PTR)-1)
#define SSRVACTION_TRACE 1
#ifndef _WIN64
// This api won't be ported to Win64 - Fix your code.
typedef struct _IMAGE_DEBUG_INFORMATION {
LIST_ENTRY List;
DWORD ReservedSize;
PVOID ReservedMappedBase;
USHORT ReservedMachine;
USHORT ReservedCharacteristics;
DWORD ReservedCheckSum;
DWORD ImageBase;
DWORD SizeOfImage;
DWORD ReservedNumberOfSections;
PIMAGE_SECTION_HEADER ReservedSections;
DWORD ReservedExportedNamesSize;
PSTR ReservedExportedNames;
DWORD ReservedNumberOfFunctionTableEntries;
PIMAGE_FUNCTION_ENTRY ReservedFunctionTableEntries;
DWORD ReservedLowestFunctionStartingAddress;
DWORD ReservedHighestFunctionEndingAddress;
DWORD ReservedNumberOfFpoTableEntries;
PFPO_DATA ReservedFpoTableEntries;
DWORD SizeOfCoffSymbols;
PIMAGE_COFF_SYMBOLS_HEADER CoffSymbols;
DWORD ReservedSizeOfCodeViewSymbols;
PVOID ReservedCodeViewSymbols;
PSTR ImageFilePath;
PSTR ImageFileName;
PSTR ReservedDebugFilePath;
DWORD ReservedTimeDateStamp;
BOOL ReservedRomImage;
PIMAGE_DEBUG_DIRECTORY ReservedDebugDirectory;
DWORD ReservedNumberOfDebugDirectories;
DWORD ReservedOriginalFunctionTableBaseAddress;
DWORD Reserved[ 2 ];
} IMAGE_DEBUG_INFORMATION, *PIMAGE_DEBUG_INFORMATION;
PIMAGE_DEBUG_INFORMATION
IMAGEAPI
MapDebugInformation(
HANDLE FileHandle,
PSTR FileName,
PSTR SymbolPath,
DWORD ImageBase
);
BOOL
IMAGEAPI
UnmapDebugInformation(
PIMAGE_DEBUG_INFORMATION DebugInfo
);
#endif
BOOL
IMAGEAPI
SearchTreeForFile(
PSTR RootPath,
PSTR InputPathName,
PSTR OutputPathBuffer
);
typedef BOOL
(CALLBACK *PENUMDIRTREE_CALLBACK)(
LPCSTR FilePath,
PVOID CallerData
);
BOOL
IMAGEAPI
EnumDirTree(
HANDLE hProcess,
PSTR RootPath,
PSTR InputPathName,
PSTR OutputPathBuffer,
PENUMDIRTREE_CALLBACK Callback,
PVOID CallbackData
);
BOOL
IMAGEAPI
MakeSureDirectoryPathExists(
PCSTR DirPath
);
//
// UnDecorateSymbolName Flags
//
#define UNDNAME_COMPLETE (0x0000) // Enable full undecoration
#define UNDNAME_NO_LEADING_UNDERSCORES (0x0001) // Remove leading underscores from MS extended keywords
#define UNDNAME_NO_MS_KEYWORDS (0x0002) // Disable expansion of MS extended keywords
#define UNDNAME_NO_FUNCTION_RETURNS (0x0004) // Disable expansion of return type for primary declaration
#define UNDNAME_NO_ALLOCATION_MODEL (0x0008) // Disable expansion of the declaration model
#define UNDNAME_NO_ALLOCATION_LANGUAGE (0x0010) // Disable expansion of the declaration language specifier
#define UNDNAME_NO_MS_THISTYPE (0x0020) // NYI Disable expansion of MS keywords on the 'this' type for primary declaration
#define UNDNAME_NO_CV_THISTYPE (0x0040) // NYI Disable expansion of CV modifiers on the 'this' type for primary declaration
#define UNDNAME_NO_THISTYPE (0x0060) // Disable all modifiers on the 'this' type
#define UNDNAME_NO_ACCESS_SPECIFIERS (0x0080) // Disable expansion of access specifiers for members
#define UNDNAME_NO_THROW_SIGNATURES (0x0100) // Disable expansion of 'throw-signatures' for functions and pointers to functions
#define UNDNAME_NO_MEMBER_TYPE (0x0200) // Disable expansion of 'static' or 'virtual'ness of members
#define UNDNAME_NO_RETURN_UDT_MODEL (0x0400) // Disable expansion of MS model for UDT returns
#define UNDNAME_32_BIT_DECODE (0x0800) // Undecorate 32-bit decorated names
#define UNDNAME_NAME_ONLY (0x1000) // Crack only the name for primary declaration;
// return just [scope::]name. Does expand template params
#define UNDNAME_NO_ARGUMENTS (0x2000) // Don't undecorate arguments to function
#define UNDNAME_NO_SPECIAL_SYMS (0x4000) // Don't undecorate special names (v-table, vcall, vector xxx, metatype, etc)
DWORD
IMAGEAPI
WINAPI
UnDecorateSymbolName(
PCSTR DecoratedName, // Name to undecorate
PSTR UnDecoratedName, // If NULL, it will be allocated
DWORD UndecoratedLength, // The maximym length
DWORD Flags // See above.
);
//
// these values are used for synthesized file types
// that can be passed in as image headers instead of
// the standard ones from ntimage.h
//
#define DBHHEADER_DEBUGDIRS 0x1
typedef struct _MODLOAD_DATA {
DWORD ssize; // size of this struct
DWORD ssig; // signature identifying the passed data
PVOID data; // pointer to passed data
DWORD size; // size of passed data
DWORD flags; // options
} MODLOAD_DATA, *PMODLOAD_DATA;
//
// StackWalking API
//
typedef enum {
AddrMode1616,
AddrMode1632,
AddrModeReal,
AddrModeFlat
} ADDRESS_MODE;
typedef struct _tagADDRESS64 {
DWORD64 Offset;
WORD Segment;
ADDRESS_MODE Mode;
} ADDRESS64, *LPADDRESS64;
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
#define ADDRESS ADDRESS64
#define LPADDRESS LPADDRESS64
#else
typedef struct _tagADDRESS {
DWORD Offset;
WORD Segment;
ADDRESS_MODE Mode;
} ADDRESS, *LPADDRESS;
__inline
void
Address32To64(
LPADDRESS a32,
LPADDRESS64 a64
)
{
a64->Offset = (ULONG64)(LONG64)(LONG)a32->Offset;
a64->Segment = a32->Segment;
a64->Mode = a32->Mode;
}
__inline
void
Address64To32(
LPADDRESS64 a64,
LPADDRESS a32
)
{
a32->Offset = (ULONG)a64->Offset;
a32->Segment = a64->Segment;
a32->Mode = a64->Mode;
}
#endif
//
// This structure is included in the STACKFRAME structure,
// and is used to trace through usermode callbacks in a thread's
// kernel stack. The values must be copied by the kernel debugger
// from the DBGKD_GET_VERSION and WAIT_STATE_CHANGE packets.
//
//
// New KDHELP structure for 64 bit system support.
// This structure is preferred in new code.
//
typedef struct _KDHELP64 {
//
// address of kernel thread object, as provided in the
// WAIT_STATE_CHANGE packet.
//
DWORD64 Thread;
//
// offset in thread object to pointer to the current callback frame
// in kernel stack.
//
DWORD ThCallbackStack;
//
// offset in thread object to pointer to the current callback backing
// store frame in kernel stack.
//
DWORD ThCallbackBStore;
//
// offsets to values in frame:
//
// address of next callback frame
DWORD NextCallback;
// address of saved frame pointer (if applicable)
DWORD FramePointer;
//
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -