Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-08-05 21:23:05 +00:00
Code Issues Projects Releases Packages Wiki Activity

few fixes and simplifications for syscalldump. I hope it will now also work with 64 bits stuff.

Browse source 
svn path=/trunk/; revision=32970
This commit is contained in:
Timo Kreuzer 2008-04-15 00:15:14 +00:00
parent fa2e13224d
commit 786cf453f1
1 changed files with 30 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

54
rosapps/devutils/syscalldump/syscalldump.c
View file

@ -7,6 +7,7 @@
#include <dbghelp.h> #include <dbghelp.h>
HANDLE hCurrentProcess; HANDLE hCurrentProcess;
BOOL bX64;
#define MAX_SYMBOL_NAME 1024 #define MAX_SYMBOL_NAME 1024
@ -21,8 +22,8 @@ BOOL InitDbgHelp(HANDLE hProcess)
return TRUE; return TRUE;
} }
DWORD64 PVOID
GetOffsetFromName(HANDLE hProcess, PSYMBOL_INFO pSym, PBYTE pModule, PCSTR Name, PBOOL pbX64) ImageSymToVa(HANDLE hProcess, PSYMBOL_INFO pSym, PBYTE pModule, PCSTR Name)
{ {
PIMAGE_NT_HEADERS NtHeaders; PIMAGE_NT_HEADERS NtHeaders;
PVOID p; PVOID p;
@ -38,11 +39,9 @@ GetOffsetFromName(HANDLE hProcess, PSYMBOL_INFO pSym, PBYTE pModule, PCSTR Name,
printf("looking up adress for %s: 0x%llx\n", Name, pSym->Address); printf("looking up adress for %s: 0x%llx\n", Name, pSym->Address);
NtHeaders = ImageNtHeader(pModule); NtHeaders = ImageNtHeader(pModule);
*pbX64 = (NtHeaders->FileHeader.Machine != IMAGE_FILE_MACHINE_I386);
p = ImageRvaToVa(NtHeaders, pModule, pSym->Address - pSym->ModBase, NULL); p = ImageRvaToVa(NtHeaders, pModule, pSym->Address - pSym->ModBase, NULL);
return (DWORD64)((ULONG_PTR)p - (ULONG_PTR)pModule); return p;
} }
BOOL CALLBACK EnumSymbolsProc( BOOL CALLBACK EnumSymbolsProc(
@ -55,9 +54,16 @@ BOOL CALLBACK EnumSymbolsProc(
printf("%s ", pSymInfo->Name); printf("%s ", pSymInfo->Name);
} }
else else
{
if (!bX64)
{ {
printf("%s@%d ", pSymInfo->Name, (UINT)UserContext); printf("%s@%d ", pSymInfo->Name, (UINT)UserContext);
} }
else
{
printf("%s <+ %d> ", pSymInfo->Name, (UINT)UserContext);
}
}
return TRUE; return TRUE;
} }
@ -69,12 +75,10 @@ int main(int argc, char* argv[])
HANDLE hFile = 0, hMap = 0; HANDLE hFile = 0, hMap = 0;
PBYTE pModule = NULL; PBYTE pModule = NULL;
UINT i; UINT i;
BOOL bX64; PVOID pW32pServiceTable, pW32pServiceLimit;
DWORD64 dwW32pServiceTable, dwW32pServiceLimit, dwW32pArgumentTable; PBYTE pW32pArgumentTable;
DWORD64 dwSimpleCall;
PVOID *pfnSimpleCall; PVOID *pfnSimpleCall;
DWORD dwServiceLimit; DWORD dwServiceLimit;
BYTE *pdwArgs;
struct struct
{ {
@ -83,7 +87,7 @@ int main(int argc, char* argv[])
} Sym; } Sym;
printf("Win32k Syscall dumper\n"); printf("Win32k Syscall dumper\n");
printf("Copyright (c) Timo Kreuzer 2007\n"); printf("Copyright (c) Timo Kreuzer 2007-08\n");
hProcess = GetCurrentProcess(); hProcess = GetCurrentProcess();
@ -139,49 +143,49 @@ cont:
goto cleanup; goto cleanup;
} }
dwW32pServiceTable = GetOffsetFromName(hProcess, &Sym.Symbol, pModule, "W32pServiceTable", &bX64); bX64 = (ImageNtHeader(pModule)->FileHeader.Machine != IMAGE_FILE_MACHINE_I386);
dwW32pServiceLimit = GetOffsetFromName(hProcess, &Sym.Symbol, pModule, "W32pServiceLimit", &bX64);
dwW32pArgumentTable = GetOffsetFromName(hProcess, &Sym.Symbol, pModule, "W32pArgumentTable", &bX64);
printf("dwW32pServiceTable = %llx\n", dwW32pServiceTable);
printf("dwW32pServiceLimit = %llx\n", dwW32pServiceLimit);
printf("dwW32pArgumentTable = %llx\n", dwW32pArgumentTable);
if (!dwW32pServiceTable || !dwW32pServiceLimit || !dwW32pArgumentTable) pW32pServiceTable = ImageSymToVa(hProcess, &Sym.Symbol, pModule, "W32pServiceTable");
pW32pServiceLimit = ImageSymToVa(hProcess, &Sym.Symbol, pModule, "W32pServiceLimit");
pW32pArgumentTable = ImageSymToVa(hProcess, &Sym.Symbol, pModule, "W32pArgumentTable");
// printf("pW32pServiceTable = %p\n", pW32pServiceTable);
// printf("pW32pServiceLimit = %p\n", pW32pServiceLimit);
// printf("pW32pArgumentTable = %p\n", pW32pArgumentTable);
if (!pW32pServiceTable || !pW32pServiceLimit || !pW32pArgumentTable)
{ {
printf("Couldn't find adress!\n"); printf("Couldn't find adress!\n");
goto cleanup; goto cleanup;
} }
dwServiceLimit = *((DWORD*)(pModule + dwW32pServiceLimit)); dwServiceLimit = *((DWORD*)pW32pServiceLimit);
pdwArgs = (BYTE*)(pModule + dwW32pArgumentTable);
if (!bX64) if (!bX64)
{ {
DWORD *pdwEntries32 = (DWORD*)(pModule + dwW32pServiceTable); DWORD *pdwEntries32 = (DWORD*)pW32pServiceTable;
for (i = 0; i < dwServiceLimit; i++) for (i = 0; i < dwServiceLimit; i++)
{ {
printf("0x%x:", i+0x1000); printf("0x%x:", i+0x1000);
SymEnumSymbolsForAddr(hProcess, (DWORD64)pdwEntries32[i], EnumSymbolsProc, (PVOID)(DWORD)pdwArgs[i]); SymEnumSymbolsForAddr(hProcess, (DWORD64)pdwEntries32[i], EnumSymbolsProc, (PVOID)(DWORD)pW32pArgumentTable[i]);
printf("\n"); printf("\n");
} }
} }
else else
{ {
DWORD64 *pdwEntries64 = (DWORD64*)(pModule + dwW32pServiceTable); DWORD64 *pdwEntries64 = (DWORD64*)pW32pServiceTable;
for (i = 0; i < dwServiceLimit; i++) for (i = 0; i < dwServiceLimit; i++)
{ {
printf("0x%x:", i+0x1000); printf("0x%x:", i+0x1000);
SymEnumSymbolsForAddr(hProcess, (DWORD64)pdwEntries64[i], EnumSymbolsProc, (PVOID)(i+0x1000)); SymEnumSymbolsForAddr(hProcess, (DWORD64)pdwEntries64[i], EnumSymbolsProc, (PVOID)(DWORD)pW32pArgumentTable[i]);
printf("\n"); printf("\n");
} }
} }
/* Dump apfnSimpleCall */ /* Dump apfnSimpleCall */
printf("\nDumping apfnSimpleCall:\n"); printf("\nDumping apfnSimpleCall:\n");
dwSimpleCall = GetOffsetFromName(hProcess, &Sym.Symbol, pModule, "apfnSimpleCall", &bX64); pfnSimpleCall = (PVOID*)ImageSymToVa(hProcess, &Sym.Symbol, pModule, "apfnSimpleCall");
pfnSimpleCall = (PVOID*)(pModule + dwSimpleCall);
i = 0; i = 0;
while (pfnSimpleCall[i] != NULL) while (pfnSimpleCall[i] != NULL)
{ {