private void LoadSymbols() { // Ensure we only load symbols once. if (Interlocked.CompareExchange(ref _symbolsStartedLoading, 1, 0) == 1) { return; } // Start loading symbols; avoid the UI blocking on the dbghelp call lock. _symbolsWorkQueue.QueueWorkItemTag(new Action(() => { try { // Needed (maybe) to display the EULA Win32.SymbolServerSetOptions(SymbolServerOption.Unattended, 0); } catch (Exception ex) { Logging.Log(ex); } try { // Use the process handle if we have one, otherwise use the default ID generator. if (_processHandle != null) { _symbols = new SymbolProvider(_processHandle); } else { _symbols = new SymbolProvider(); } SymbolProvider.Options = SymbolOptions.DeferredLoads | (Settings.Instance.DbgHelpUndecorate ? SymbolOptions.UndName : 0); if (!string.IsNullOrEmpty(Settings.Instance.DbgHelpSearchPath)) { _symbols.SearchPath = Settings.Instance.DbgHelpSearchPath; } try { if (_pid > 4) { using (var phandle = new ProcessHandle(_pid, Program.MinProcessQueryRights | Program.MinProcessReadMemoryRights)) { if (OSVersion.Architecture == OSArch.I386 || !phandle.IsWow64) { // Load the process' modules. try { _symbols.LoadProcessModules(phandle); } catch { } } else { // Load the process' WOW64 modules. try { _symbols.LoadProcessWow64Modules(_pid); } catch { } } // If the process is CSRSS we should load kernel modules // due to the presence of kernel-mode threads. if (phandle.KnownProcessType == KnownProcess.WindowsSubsystem) { this.LoadKernelSymbols(true); } } } else { this.LoadKernelSymbols(true); } } catch (WindowsException ex) { // Did we get Access Denied? At least load // kernel32.dll and ntdll.dll. try { ProcessHandle.Current.EnumModules(module => { if ( module.BaseName.Equals("kernel32.dll", StringComparison.OrdinalIgnoreCase) || module.BaseName.Equals("ntdll.dll", StringComparison.OrdinalIgnoreCase) ) { _symbols.LoadModule(module.FileName, module.BaseAddress, module.Size); } return(true); }); } catch (Exception ex2) { Logging.Log(ex2); } Logging.Log(ex); } catch (Exception ex) { Logging.Log(ex); } } finally { _moduleLoadCompletedEvent.Set(); } }), "symbols-load"); }
public ThreadProvider(int pid) : base() { this.Name = this.GetType().Name; _pid = pid; _messageQueue.AddListener( new MessageQueueListener <ResolveMessage>((message) => { if (message.Symbol != null) { this.Dictionary[message.Tid].StartAddress = message.Symbol; this.Dictionary[message.Tid].FileName = message.FileName; this.Dictionary[message.Tid].StartAddressLevel = message.ResolveLevel; this.Dictionary[message.Tid].JustResolved = true; } })); this.ProviderUpdate += new ProviderUpdateOnce(UpdateOnce); this.Disposed += ThreadProvider_Disposed; try { // Try to get a good process handle we can use the same handle for stack walking. try { _processAccess = ProcessAccess.QueryInformation | ProcessAccess.VmRead; _processHandle = new ProcessHandle(_pid, _processAccess); } catch { try { if (KProcessHacker.Instance != null) { _processAccess = Program.MinProcessReadMemoryRights; _processHandle = new ProcessHandle(_pid, _processAccess); } else { _processAccess = Program.MinProcessQueryRights; _processHandle = new ProcessHandle(_pid, _processAccess); } } catch (WindowsException ex) { Logging.Log(ex); } } // Start loading symbols; avoid the UI blocking on the dbghelp call lock. _symbolsWorkQueue.QueueWorkItemTag(new Action(() => { try { // Needed (maybe) to display the EULA Win32.SymbolServerSetOptions(SymbolServerOption.Unattended, 0); } catch (Exception ex) { Logging.Log(ex); } try { // Use the process handle if we have one, otherwise use the default ID generator. if (_processHandle != null) { _symbols = new SymbolProvider(_processHandle); } else { _symbols = new SymbolProvider(); } SymbolProvider.Options = SymbolOptions.DeferredLoads | (Properties.Settings.Default.DbgHelpUndecorate ? SymbolOptions.UndName : 0); if (Properties.Settings.Default.DbgHelpSearchPath != "") { _symbols.SearchPath = Properties.Settings.Default.DbgHelpSearchPath; } try { if (_pid != 4) { using (var phandle = new ProcessHandle(_pid, Program.MinProcessQueryRights | Program.MinProcessReadMemoryRights)) { if (IntPtr.Size == 4 || !phandle.IsWow64()) { // Load the process' modules. try { _symbols.LoadProcessModules(phandle); } catch { } } else { // Load the process' WOW64 modules. try { _symbols.LoadProcessWow64Modules(_pid); } catch { } } // If the process is CSRSS we should load kernel modules // due to the presence of kernel-mode threads. if (phandle.GetKnownProcessType() == KnownProcess.WindowsSubsystem) { this.LoadKernelSymbols(true); } } } else { this.LoadKernelSymbols(true); } } catch (WindowsException ex) { // Did we get Access Denied? At least load // kernel32.dll and ntdll.dll. try { ProcessHandle.Current.EnumModules((module) => { if (module.BaseName == "kernel32.dll" || module.BaseName == "ntdll.dll") { _symbols.LoadModule(module.FileName, module.BaseAddress, module.Size); } return(true); }); } catch (Exception ex2) { Logging.Log(ex2); } Logging.Log(ex); } catch (Exception ex) { Logging.Log(ex); } } finally { lock (_moduleLoadCompletedEvent) { if (!_moduleLoadCompletedEvent.SafeWaitHandle.IsClosed) { _moduleLoadCompletedEvent.Set(); } } } }), "symbols-load"); } catch (Exception ex) { Logging.Log(ex); } }