public static DkmRuntimeBreakpoint[] CreateRuntimeDllFunctionExitBreakpoints(DkmNativeModuleInstance moduleInstance, string funcName, RuntimeDllBreakpointHandler handler, bool enable = false)
{
var process = moduleInstance.Process;
T runtimeBreakpoints = process.GetOrCreateDataItem(() => new RuntimeDllBreakpoints());
using (var moduleSym = moduleInstance.GetSymbols())
using (ComPtr <IDiaSymbol> funcSym = moduleSym.Object.GetSymbol(SymTagEnum.SymTagFunction, funcName))
{
var funcEnds = funcSym.Object.GetSymbols(SymTagEnum.SymTagFuncDebugStart, null);
try
{
if (funcEnds.Length == 0)
{
Debug.Fail("Cannot set exit breakpoint for function " + funcName + " because it has no FuncDebugEnd symbols.");
throw new NotSupportedException();
}
var bps = new List <DkmRuntimeBreakpoint>();
foreach (var funcEnd in funcEnds)
{
if (funcEnd.Object.locationType != (uint)DiaLocationType.LocIsStatic)
{
Debug.Fail("Cannot set exit breakpoint for function " + funcName + " because it has a non-static FuncDebugEnd symbol.");
throw new NotSupportedException();
}
ulong addr = moduleInstance.BaseAddress + funcEnd.Object.relativeVirtualAddress;
var bp = process.CreateBreakpoint(Guids.LocalComponentGuid, addr);
if (enable)
{
bp.Enable();
}
bps.Add(bp);
runtimeBreakpoints.Handlers.Add(bp.UniqueId, new FunctionExitBreakpointHandler(handler).Handle);
}
return(bps.ToArray());
}
finally
{
foreach (var funcEnd in funcEnds)
{
funcEnd.Dispose();
}
}
}
}
public static ulong GetFunctionAddress(this DkmNativeModuleInstance moduleInstance, string name, bool debugStart = false)
{
uint rva;
using (var moduleSym = moduleInstance.GetSymbols()) {
using (var funcSym = moduleSym.Object.GetSymbol(SymTagEnum.SymTagFunction, name)) {
if (debugStart)
{
using (var startSym = funcSym.Object.GetSymbol(SymTagEnum.SymTagFuncDebugStart, null)) {
rva = startSym.Object.relativeVirtualAddress;
}
}
else
{
rva = funcSym.Object.relativeVirtualAddress;
}
}
}
return(moduleInstance.BaseAddress + rva);
}
public static ulong GetStaticVariableAddress(this DkmNativeModuleInstance moduleInstance, string name, string objFileName = null)
{
uint rva;
using (var moduleSym = moduleInstance.GetSymbols()) {
if (objFileName != null)
{
using (var compiland = moduleSym.Object.GetSymbol(SymTagEnum.SymTagCompiland, null, cmp => cmp.name.EndsWith(objFileName)))
using (var varSym = compiland.Object.GetSymbol(SymTagEnum.SymTagData, name)) {
rva = varSym.Object.relativeVirtualAddress;
}
}
else
{
using (var varSym = moduleSym.Object.GetSymbol(SymTagEnum.SymTagData, name)) {
rva = varSym.Object.relativeVirtualAddress;
}
}
}
return(moduleInstance.BaseAddress + rva);
}