From 786cf453f15f3243b3c70b5672eb9bec022147d7 Mon Sep 17 00:00:00 2001
From: Timo Kreuzer <timo.kreuzer@reactos.org>
Date: Tue, 15 Apr 2008 00:15:14 +0000
Subject: [PATCH] few fixes and simplifications for syscalldump. I hope it will
 now also work with 64 bits stuff.

svn path=/trunk/; revision=32970
---
 rosapps/devutils/syscalldump/syscalldump.c | 56 ++++++++++++----------
 1 file changed, 30 insertions(+), 26 deletions(-)

diff --git a/rosapps/devutils/syscalldump/syscalldump.c b/rosapps/devutils/syscalldump/syscalldump.c
index 00a2cc308bf..13fdd9e8150 100644
--- a/rosapps/devutils/syscalldump/syscalldump.c
+++ b/rosapps/devutils/syscalldump/syscalldump.c
@@ -7,6 +7,7 @@
 #include <dbghelp.h>
 
 HANDLE hCurrentProcess;
+BOOL bX64;
 
 #define MAX_SYMBOL_NAME		1024
 
@@ -21,8 +22,8 @@ BOOL InitDbgHelp(HANDLE hProcess)
 	return TRUE;
 }
 
-DWORD64
-GetOffsetFromName(HANDLE hProcess, PSYMBOL_INFO pSym, PBYTE pModule, PCSTR Name, PBOOL pbX64)
+PVOID
+ImageSymToVa(HANDLE hProcess, PSYMBOL_INFO pSym, PBYTE pModule, PCSTR Name)
 {
 	PIMAGE_NT_HEADERS NtHeaders;
 	PVOID p;
@@ -38,11 +39,9 @@ GetOffsetFromName(HANDLE hProcess, PSYMBOL_INFO pSym, PBYTE pModule, PCSTR Name,
 	printf("looking up adress for %s: 0x%llx\n", Name, pSym->Address);
 
 	NtHeaders = ImageNtHeader(pModule);
-	*pbX64 = (NtHeaders->FileHeader.Machine != IMAGE_FILE_MACHINE_I386);
-
 	p = ImageRvaToVa(NtHeaders, pModule, pSym->Address - pSym->ModBase, NULL);
 
-	return (DWORD64)((ULONG_PTR)p - (ULONG_PTR)pModule);
+	return p;
 }
 
 BOOL CALLBACK EnumSymbolsProc(
@@ -56,7 +55,14 @@ BOOL CALLBACK EnumSymbolsProc(
 	}
 	else
 	{
-		printf("%s@%d ", pSymInfo->Name, (UINT)UserContext);
+		if (!bX64)
+		{
+			printf("%s@%d ", pSymInfo->Name, (UINT)UserContext);
+		}
+		else
+		{
+			printf("%s <+ %d> ", pSymInfo->Name, (UINT)UserContext);
+		}
 	}
 	return TRUE;
 }
@@ -69,12 +75,10 @@ int main(int argc, char* argv[])
     HANDLE hFile = 0, hMap = 0;
     PBYTE pModule = NULL;
     UINT i;
-    BOOL bX64;
-    DWORD64 dwW32pServiceTable, dwW32pServiceLimit, dwW32pArgumentTable;
-    DWORD64 dwSimpleCall;
+    PVOID pW32pServiceTable, pW32pServiceLimit;
+    PBYTE pW32pArgumentTable;
     PVOID *pfnSimpleCall;
     DWORD dwServiceLimit;
-    BYTE *pdwArgs;
 
 	struct
 	{
@@ -83,7 +87,7 @@ int main(int argc, char* argv[])
 	} Sym;
 
 	printf("Win32k Syscall dumper\n");
-	printf("Copyright (c) Timo Kreuzer 2007\n");
+	printf("Copyright (c) Timo Kreuzer 2007-08\n");
 
 	hProcess = GetCurrentProcess();
 
@@ -139,49 +143,49 @@ cont:
 		goto cleanup;
 	}
 
-	dwW32pServiceTable = GetOffsetFromName(hProcess, &Sym.Symbol, pModule, "W32pServiceTable", &bX64);
-	dwW32pServiceLimit = GetOffsetFromName(hProcess, &Sym.Symbol, pModule, "W32pServiceLimit", &bX64);
-	dwW32pArgumentTable = GetOffsetFromName(hProcess, &Sym.Symbol, pModule, "W32pArgumentTable", &bX64);
-	printf("dwW32pServiceTable = %llx\n", dwW32pServiceTable);
-	printf("dwW32pServiceLimit = %llx\n", dwW32pServiceLimit);
-	printf("dwW32pArgumentTable = %llx\n", dwW32pArgumentTable);
+	bX64 = (ImageNtHeader(pModule)->FileHeader.Machine != IMAGE_FILE_MACHINE_I386);
 
-	if (!dwW32pServiceTable || !dwW32pServiceLimit || !dwW32pArgumentTable)
+	pW32pServiceTable = ImageSymToVa(hProcess, &Sym.Symbol, pModule, "W32pServiceTable");
+	pW32pServiceLimit = ImageSymToVa(hProcess, &Sym.Symbol, pModule, "W32pServiceLimit");
+	pW32pArgumentTable = ImageSymToVa(hProcess, &Sym.Symbol, pModule, "W32pArgumentTable");
+//	printf("pW32pServiceTable = %p\n", pW32pServiceTable);
+//	printf("pW32pServiceLimit = %p\n", pW32pServiceLimit);
+//	printf("pW32pArgumentTable = %p\n", pW32pArgumentTable);
+
+	if (!pW32pServiceTable || !pW32pServiceLimit || !pW32pArgumentTable)
 	{
 		printf("Couldn't find adress!\n");
 		goto cleanup;
 	}
 
-	dwServiceLimit = *((DWORD*)(pModule + dwW32pServiceLimit));
-	pdwArgs = (BYTE*)(pModule + dwW32pArgumentTable);
+	dwServiceLimit = *((DWORD*)pW32pServiceLimit);
 
 	if (!bX64)
 	{
-		DWORD *pdwEntries32 = (DWORD*)(pModule + dwW32pServiceTable);
+		DWORD *pdwEntries32 = (DWORD*)pW32pServiceTable;
 
 		for (i = 0; i < dwServiceLimit; i++)
 		{
 			printf("0x%x:", i+0x1000);
-			SymEnumSymbolsForAddr(hProcess, (DWORD64)pdwEntries32[i], EnumSymbolsProc, (PVOID)(DWORD)pdwArgs[i]);
+			SymEnumSymbolsForAddr(hProcess, (DWORD64)pdwEntries32[i], EnumSymbolsProc, (PVOID)(DWORD)pW32pArgumentTable[i]);
 			printf("\n");
 		}
 	}
 	else
 	{
-		DWORD64 *pdwEntries64 = (DWORD64*)(pModule + dwW32pServiceTable);
+		DWORD64 *pdwEntries64 = (DWORD64*)pW32pServiceTable;
 
 		for (i = 0; i < dwServiceLimit; i++)
 		{
 			printf("0x%x:", i+0x1000);
-			SymEnumSymbolsForAddr(hProcess, (DWORD64)pdwEntries64[i], EnumSymbolsProc, (PVOID)(i+0x1000));
+			SymEnumSymbolsForAddr(hProcess, (DWORD64)pdwEntries64[i], EnumSymbolsProc, (PVOID)(DWORD)pW32pArgumentTable[i]);
 			printf("\n");
 		}
 	}
 
 	/* Dump apfnSimpleCall */
 	printf("\nDumping apfnSimpleCall:\n");
-	dwSimpleCall = GetOffsetFromName(hProcess, &Sym.Symbol, pModule, "apfnSimpleCall", &bX64);
-	pfnSimpleCall = (PVOID*)(pModule + dwSimpleCall);
+	pfnSimpleCall = (PVOID*)ImageSymToVa(hProcess, &Sym.Symbol, pModule, "apfnSimpleCall");
 	i = 0;
 	while (pfnSimpleCall[i] != NULL)
 	{