public static DkmRuntimeBreakpoint[] CreateRuntimeDllFunctionExitBreakpoints(DkmNativeModuleInstance moduleInstance, string funcName, RuntimeDllBreakpointHandler handler, bool enable = false) { var process = moduleInstance.Process; T runtimeBreakpoints = process.GetOrCreateDataItem(() => new RuntimeDllBreakpoints()); using (var moduleSym = moduleInstance.GetSymbols()) using (ComPtr <IDiaSymbol> funcSym = moduleSym.Object.GetSymbol(SymTagEnum.SymTagFunction, funcName)) { var funcEnds = funcSym.Object.GetSymbols(SymTagEnum.SymTagFuncDebugStart, null); try { if (funcEnds.Length == 0) { Debug.Fail("Cannot set exit breakpoint for function " + funcName + " because it has no FuncDebugEnd symbols."); throw new NotSupportedException(); } var bps = new List <DkmRuntimeBreakpoint>(); foreach (var funcEnd in funcEnds) { if (funcEnd.Object.locationType != (uint)DiaLocationType.LocIsStatic) { Debug.Fail("Cannot set exit breakpoint for function " + funcName + " because it has a non-static FuncDebugEnd symbol."); throw new NotSupportedException(); } ulong addr = moduleInstance.BaseAddress + funcEnd.Object.relativeVirtualAddress; var bp = process.CreateBreakpoint(Guids.LocalComponentGuid, addr); if (enable) { bp.Enable(); } bps.Add(bp); runtimeBreakpoints.Handlers.Add(bp.UniqueId, new FunctionExitBreakpointHandler(handler).Handle); } return(bps.ToArray()); } finally { foreach (var funcEnd in funcEnds) { funcEnd.Dispose(); } } } }
public static ulong GetFunctionAddress(this DkmNativeModuleInstance moduleInstance, string name, bool debugStart = false) { uint rva; using (var moduleSym = moduleInstance.GetSymbols()) { using (var funcSym = moduleSym.Object.GetSymbol(SymTagEnum.SymTagFunction, name)) { if (debugStart) { using (var startSym = funcSym.Object.GetSymbol(SymTagEnum.SymTagFuncDebugStart, null)) { rva = startSym.Object.relativeVirtualAddress; } } else { rva = funcSym.Object.relativeVirtualAddress; } } } return(moduleInstance.BaseAddress + rva); }
public static ulong GetStaticVariableAddress(this DkmNativeModuleInstance moduleInstance, string name, string objFileName = null) { uint rva; using (var moduleSym = moduleInstance.GetSymbols()) { if (objFileName != null) { using (var compiland = moduleSym.Object.GetSymbol(SymTagEnum.SymTagCompiland, null, cmp => cmp.name.EndsWith(objFileName))) using (var varSym = compiland.Object.GetSymbol(SymTagEnum.SymTagData, name)) { rva = varSym.Object.relativeVirtualAddress; } } else { using (var varSym = moduleSym.Object.GetSymbol(SymTagEnum.SymTagData, name)) { rva = varSym.Object.relativeVirtualAddress; } } } return(moduleInstance.BaseAddress + rva); }