} // end property IsAbstract public static DbgFunctionTypeInfo GetFunctionTypeInfo(DbgEngDebugger debugger, DbgModuleInfo module, uint typeId) { if (null == debugger) { throw new ArgumentNullException("debugger"); } if (null == module) { throw new ArgumentNullException("module"); } RawFuncInfo rfi = DbgHelp.GetFuncInfo(debugger.DebuggerInterface, module.BaseAddress, typeId); return(new DbgFunctionTypeInfo(debugger, module, typeId, rfi.FuncName, rfi.FunctionTypeTypeId, rfi.OwningClassTypeId, rfi.ChildrenCount, rfi.Address, rfi.Length, rfi.VirtualBaseOffset, rfi.SymIndex)); } // end GetFunctionTypeInfo()
internal string FindPdbFile(string pdbFilename, Guid id, uint age) { return(FindFile(delegate(IntPtr nativePathBuffer) { return DbgHelp.SymFindFileInPath(base.handle, null, pdbFilename, id, age, 0, 8, nativePathBuffer, null, IntPtr.Zero); })); }
public static bool TryCreateFunction(DbgEngDebugger debugger, DbgEngContext context, DEBUG_STACK_FRAME_EX nativeStackFrame, out DbgFunction function, out ulong displacement) { function = null; displacement = 0; DbgSymbol sym = null; try { SymbolInfo si = DbgHelp.SymFromInlineContext(debugger.DebuggerInterface, nativeStackFrame.InstructionOffset, nativeStackFrame.InlineFrameContext, out displacement); sym = new DbgPublicSymbol(debugger, si, debugger.GetCurrentTarget()); function = new DbgNativeFunction(debugger, context, sym); return(true); } catch (DbgProviderException dpe) { // Sometimes the debugger doesn't know. E.g., frame 'e' here (from ntsd): // 0:000> kn // # Child-SP RetAddr Call Site // 00 00000000`0058dff8 00000000`76c02ef8 ntdll!NtRequestWaitReplyPort+0xa // 01 00000000`0058e000 00000000`76c352d1 kernel32!GetConsoleMode+0xf8 // 02 00000000`0058e030 00000000`76c4a60c kernel32!VerifyConsoleIoHandle+0x281 // 03 00000000`0058e180 000007fe`fae30fe1 kernel32!ReadConsoleW+0xbc // 04 00000000`0058e260 000007fe`fae1eb88 Microsoft_PowerShell_ConsoleHost_ni+0x70fe1 // 05 00000000`0058e390 000007fe`fae2a7e2 Microsoft_PowerShell_ConsoleHost_ni+0x5eb88 // 06 00000000`0058e410 000007fe`fae29fae Microsoft_PowerShell_ConsoleHost_ni+0x6a7e2 // 07 00000000`0058e4c0 000007fe`fae32bd1 Microsoft_PowerShell_ConsoleHost_ni+0x69fae // 08 00000000`0058e5b0 000007fe`fae235c6 Microsoft_PowerShell_ConsoleHost_ni+0x72bd1 // 09 00000000`0058e670 000007fe`fae23f27 Microsoft_PowerShell_ConsoleHost_ni+0x635c6 // 0a 00000000`0058e6d0 000007fe`fade5006 Microsoft_PowerShell_ConsoleHost_ni+0x63f27 // 0b 00000000`0058e760 000007fe`fade2c1a Microsoft_PowerShell_ConsoleHost_ni+0x25006 // 0c 00000000`0058e7e0 000007fe`fae33588 Microsoft_PowerShell_ConsoleHost_ni+0x22c1a // 0d 00000000`0058e890 000007fe`97f805de Microsoft_PowerShell_ConsoleHost_ni+0x73588 // 0e 00000000`0058e8f0 000007fe`f777dad3 0x000007fe`97f805de // 0f 00000000`0058ea80 000007fe`f777d7ae clr!PreBindAssemblyEx+0x13e07 // 10 00000000`0058eac0 000007fe`f777d830 clr!PreBindAssemblyEx+0x13ae2 // 11 00000000`0058eb00 000007fe`f76d0f3b clr!PreBindAssemblyEx+0x13b64 // 12 00000000`0058ecb0 000007fe`f76a9e5a clr!GetHistoryFileDirectory+0x945b // 13 00000000`0058ee80 000007fe`f76a9d54 clr!InitializeFusion+0x8b12 // 14 00000000`0058f170 000007fe`f76a98ce clr!InitializeFusion+0x8a0c // 15 00000000`0058f730 000007fe`f76a9826 clr!InitializeFusion+0x8586 // 16 00000000`0058f7a0 000007fe`f76aa078 clr!InitializeFusion+0x84de // 17 00000000`0058f830 000007fe`f8247b95 clr!CorExeMain+0x14 // 18 00000000`0058f870 000007fe`f82e5b21 mscoreei!CorExeMain+0x5d // 19 00000000`0058f8c0 00000000`76bf652d mscoree!CorExeMain+0x69 // 1a 00000000`0058f8f0 00000000`772ec521 kernel32!BaseThreadInitThunk+0xd // 1b 00000000`0058f920 00000000`00000000 ntdll!RtlUserThreadStart+0x21 LogManager.Trace("Could not get symbol for stack frame {0} on thread index {1}. Error: {2}", nativeStackFrame.FrameNumber, context.ThreadIndexOrAddress, Util.GetExceptionMessages(dpe)); } return(false); } // end TryCreateFunction()
public static DbgUdtTypeInfo GetUdtTypeInfo(DbgEngDebugger debugger, DbgModuleInfo module, uint typeId) { if (null == debugger) { throw new ArgumentNullException("debugger"); } if (null == module) { throw new ArgumentNullException("module"); } RawUdtInfo rui = DbgHelp.GetUdtInfo(debugger.DebuggerInterface, module.BaseAddress, typeId); return(new DbgUdtTypeInfo(debugger, module, typeId, rui.UdtKind, rui.SymName, rui.Size, rui.ChildrenCount, rui.ClassParentId, rui.VirtualTableShapeId)); } // end GetUdtTypeInfo()
/// <summary> /// Looks through the configured symbol paths to find a PDB symbol /// file matching specified name, GUID and age parameters. /// </summary> /// <param name="pdbFileName"></param> /// <param name="guid"></param> /// <param name="age"></param> /// <returns></returns> /// <remarks> /// Note how we don't have to have a module loaded to find its PDB, /// we just look for a PDB file using name, GUID and age. These are /// the parameters that can be extracted from module's PE header, /// in the Debug Directory section. /// </remarks> public string FindPdbFile(string pdbFileName, Guid guid, int age) { DbgHelp.SymSetOptions(DbgHelp.SYMOPT_DEBUG); var hProcess = new IntPtr(1); #if TARGET_NET_20 var searchPath = string.Join(";", this.SymbolPaths.ToArray()); #else var searchPath = string.Join(";", this.SymbolPaths); #endif DbgHelp.SymInitialize(hProcess, searchPath, false); var filePath = new StringBuilder(256); var guidHandle = GCHandle.Alloc(guid, GCHandleType.Pinned); try { if (!DbgHelp.SymFindFileInPath(hProcess, null, pdbFileName, guidHandle.AddrOfPinnedObject(), (uint)age, 0, DbgHelp.SSRVOPT_GUIDPTR, filePath, null, IntPtr.Zero)) { return(null); } } finally { guidHandle.Free(); DbgHelp.SymCleanup(hProcess); } return(filePath.ToString()); }
/// <summary>Find a .exe, .dbg or other standard file.</summary> /// <param name="exeFilename">Name of searched file</param> /// <param name="datestamp"></param> /// <param name="size"></param> /// <returns></returns> internal string FindExeFile(string exeFilename, uint datestamp, uint size) { return(FindFile(delegate(IntPtr nativePathBuffer) { return DbgHelp.SymFindFileInPath(base.handle, null, exeFilename, new IntPtr(datestamp), size, 0, 2, nativePathBuffer, null, IntPtr.Zero); })); }
private static DbgTypeInfo _LoadTypeInfo(DbgEngDebugger debugger, DbgModuleInfo module, uint typeId, SymTag symTag) { if (null == debugger) { throw new ArgumentNullException("debugger"); } if (IsDbgGeneratedType(typeId) && !DbgHelp.PeekSyntheticTypeExists(debugger.DebuggerInterface, module.BaseAddress, typeId)) { return(new DbgGeneratedTypeInfo(debugger, module, typeId, symTag)); } return(debugger.ExecuteOnDbgEngThread(() => { if (((int)symTag) > sm_factories.Length) { // In case they extend the SymTag enum and I don't get updated. Util.Fail("Need to update SymTag enum."); return _DefaultFactory(debugger, module, typeId, symTag); } return sm_factories[(int)symTag](debugger, module, typeId); })); } // end _LoadTypeInfo()
private static DbgTypeInfo _LoadTypeInfo(DbgEngDebugger debugger, DbgModuleInfo module, uint typeId) { if (null == debugger) { throw new ArgumentNullException("debugger"); } if (IsDbgGeneratedType(typeId) && !DbgHelp.PeekSyntheticTypeExists(debugger.DebuggerInterface, module.BaseAddress, typeId)) { return(new DbgGeneratedTypeInfo(debugger, module, typeId)); } return(debugger.ExecuteOnDbgEngThread(() => { var symTag = DbgHelp.GetSymTag(debugger.DebuggerInterface, module.BaseAddress, typeId); return _LoadTypeInfo(debugger, module, typeId, symTag); })); }
public static bool LoadModules(IntPtr hProcess, ListModules ModuleType) { //Initialize parameters for EPM uint cbNeeded = 0; Psapi.EnumProcessModulesEx(hProcess, IntPtr.Zero, 0, out cbNeeded, ModuleType); long ArraySize = cbNeeded / IntPtr.Size; IntPtr[] hModules = new IntPtr[ArraySize]; GCHandle GCh = GCHandle.Alloc(hModules, GCHandleType.Pinned); // Don't forget to free this later IntPtr lphModules = GCh.AddrOfPinnedObject(); uint cb = cbNeeded; Psapi.EnumProcessModulesEx(hProcess, lphModules, cb, out cbNeeded, ModuleType); for (int i = 0; i < ArraySize; i++) { MODULE_INFO ModInfo = new MODULE_INFO(); System.Text.StringBuilder lpFileName = new System.Text.StringBuilder(256); System.Text.StringBuilder lpModuleBaseName = new System.Text.StringBuilder(32); Psapi.GetModuleFileNameExW(hProcess, hModules[i], lpFileName, (uint)(lpFileName.Capacity)); Psapi.GetModuleInformation(hProcess, hModules[i], out ModInfo, (uint)(Marshal.SizeOf(ModInfo))); Psapi.GetModuleBaseNameW(hProcess, hModules[i], lpModuleBaseName, (uint)(lpModuleBaseName.Capacity)); DbgHelp.SymLoadModuleEx(hProcess, IntPtr.Zero, lpFileName.ToString(), lpModuleBaseName.ToString(), ModInfo.lpBaseOfDll, (int)ModInfo.SizeOfImage, IntPtr.Zero, 0); } GCh.Free(); return(false); }
} // end GetColorName() public static DbgFunctionTypeTypeInfo GetFunctionTypeTypeInfo(DbgEngDebugger debugger, DbgModuleInfo module, uint typeId) { if (null == debugger) { throw new ArgumentNullException("debugger"); } if (null == module) { throw new ArgumentNullException("module"); } var rfti = DbgHelp.GetFuncTypeInfo(debugger.DebuggerInterface, module.BaseAddress, typeId); return(new DbgFunctionTypeTypeInfo(debugger, module, typeId, rfti.ReturnTypeId, rfti.ClassParentId, rfti.ThisAdjust, rfti.CallingConvention, rfti.Arguments)); } // end GetUdtTypeInfo()
private void Initialize(ICollection <string> pathItems = null) { StringBuilder searchPathBuilder = null; if (null != pathItems) { searchPathBuilder = new StringBuilder(); } int thisHandleValue; lock (Globals.DebugHelpLock) { _lastAllocatedHandle += IntPtr.Size; thisHandleValue = _lastAllocatedHandle; } base.SetHandle(new IntPtr(thisHandleValue)); string searchPath = (null == searchPathBuilder) ? null : searchPathBuilder.ToString(); if (!DbgHelp.SymInitialize(base.handle, searchPath, false)) { Trace.TraceError( "Failed to create symbol handler for path '{0}'. Error : 0x{1:X8}", searchPath ?? "<NULL>", Marshal.GetLastWin32Error()); throw new SymbolHandlingException(); } // Set default, reasonable search path. this.SearchPath = string.Format( @"srv*{0}\symbols*https://msdl.microsoft.com/download/symbols", Environment.GetEnvironmentVariable("SystemDrive") ?? "C:"); // TODO : Also attempt to check the DBGHELP.DLL version. }
protected override void ProcessRecord() { base.ProcessRecord(); WriteObject(DbgHelp.SymFromIndex(Debugger.DebuggerInterface, ModBase, SymIndex)); } // end ProcessRecord()
private unsafe static void dumpImportTable(Log log, RemotePtr <byte> mbase, IMAGE.DATA_DIRECTORY dir) { if (dir.VirtualAddress == 0) { return; } log.WriteLine("============================================================"); log.WriteLine(" IMPORT TABLE "); log.WriteLine("============================================================"); RemotePtr <IMAGE.IMPORT_DESCRIPTOR> pDesc = (mbase + dir.VirtualAddress).Reinterpret <IMAGE.IMPORT_DESCRIPTOR>(); RemotePtr <IMAGE.IMPORT_DESCRIPTOR> pDescM = pDesc.Advance((System.IntPtr)dir.Size); while (pDesc < pDescM) { IMAGE.IMPORT_DESCRIPTOR desc = (pDesc++)[0]; log.WriteVar("Importing from", (mbase + (int)desc.pstrName).ReadAnsiString()); log.WriteVar("ForwarderChain", desc.ForwarderChain); log.WriteVar("TimeDateStamp", desc.TimeDateStamp); log.WriteVar("FirstThunk", "0x" + desc.FirstThunk.ToString("X8")); log.WriteVar("OriginalFirstThunk", "0x" + desc.OriginalFirstThunk.ToString("X8")); if (desc.FirstThunk == 0) { continue; } RemotePtr <IMAGE.THUNK_DATA32> pIAT = (mbase + (int)desc.FirstThunk).Reinterpret <IMAGE.THUNK_DATA32>(); RemotePtr <IMAGE.THUNK_DATA32> pINT = (mbase + (int)desc.OriginalFirstThunk).Reinterpret <IMAGE.THUNK_DATA32>(); while (true) { IMAGE.THUNK_DATA32 iat_item = pIAT++.Value; IMAGE.THUNK_DATA32 int_item = pINT++.Value; if (iat_item.Function == 0) { break; } string name; if (int_item.IsSnapByOrdinal) { name = "#" + int_item.OrdinalValue.ToString(); } else { const int OffsetName = 2; // IMAGE_IMPORT_BY_NAME.Name メンバのオフセット name = (mbase + int_item.AddressOfData + OffsetName).ReadAnsiString(); if (name[0] == '?') { name = DbgHelp.UnDecorateSymbolName(name, DbgHelp.UNDNAME.COMPLETE); } } log.WriteLine("dllimport {0} \t@ 0x{1:X8}", name, iat_item.Function); } log.WriteLine("------------------------------------------------------------"); } }
protected override void ProcessRecord() { base.ProcessRecord(); WriteObject(DbgHelp.SymGetTypeInfo(Debugger.DebuggerInterface, ModBase, TypeId, //IMAGEHLP_SYMBOL_TYPE_INFO.TI_GET_SYMINDEX ) ); TypeInfo)); } // end ProcessRecord()
public static string Demangle(string Symbol) { //IntPtr CurProc = Process.GetCurrentProcess().Handle; StringBuilder SB = new StringBuilder(4069); //DbgHelp.SymInitialize(CurProc, null, false); DbgHelp.UnDecorateSymbolName(Symbol, SB, SB.Capacity, UndnameFlags.UNDNAME_COMPLETE); //DbgHelp.SymCleanup(CurProc); return(SB.ToString().Trim()); }
protected override void ProcessRecord() { base.ProcessRecord(); BasicType baseType; ulong size; DbgHelp.GetBaseTypeInfo(Debugger.DebuggerInterface, ModBase, TypeId, out baseType, out size); WriteObject(baseType); WriteObject(size); } // end ProcessRecord()
// ポインタ // ・Box 化不能 // ・型パラメータに指定出来ない (ポインタ配列は出来るのに…) // ・匿名メソッドの引数に出来ない /* そもそもポインタは Box 化出来ない… (System.IntPtr に変換して自動的にやってくれても良いのに) * [afh.Tester.TestMethod] * public unsafe static void testPointerBoxing(Log log){ * byte* alpha=(byte*)0x400000; * object o=alpha; * log.WriteLine("{0}",o is void*); * } * //*/ public unsafe static void chkEnumModules(Log log) { // Notepad.exe を取得 Diag::Process[] procs = Diag::Process.GetProcessesByName("notepad"); if (procs.Length == 0) { log.WriteLine("現在 notepad.exe は動いていません。"); return; } Diag::Process proc = procs[0]; for (int i = 1; i < procs.Length; i++) { procs[i].Close(); } log.WriteLine("プロセス notepad.exe を捕まえました"); log.WriteVar("Id", proc.Id.ToString("X8")); log.WriteVar("Handle", proc.Handle.ToString("X8")); // Modules log.WriteLine("Diag::Process.Modules より"); log.Lock(); log.AddIndent(); try{ foreach (Diag::ProcessModule mod in proc.Modules) { log.WriteVar("Module-Name", mod.ModuleName); log.WriteVar("Base-Address", mod.BaseAddress.ToString("X8")); log.WriteVar("Module-Size", mod.ModuleMemorySize.ToString("X8")); } }finally{ log.RemoveIndent(); log.Unlock(); } // Modules2 log.WriteLine("<DbgHelp>::EnumerateLoadedModules より"); log.Lock(); log.AddIndent(); try{ #pragma warning disable 618 DbgHelp.EnumerateLoadedModules(proc.Handle, delegate(string name, System.IntPtr modbase, uint modsize, System.IntPtr userData){ log.WriteVar("Module-Name", name); log.WriteVar("Base-Address", modbase.ToString("X8")); log.WriteVar("Module-Size", modsize.ToString("X8")); return(true); }, System.IntPtr.Zero); #pragma warning restore 618 }finally{ log.RemoveIndent(); log.Unlock(); } }
public ImportFunction this[int index] { get{ if (index < 0 || funccount <= index) { throw new System.ArgumentOutOfRangeException("index"); } const int OffsetName = 2; // IMAGE_IMPORT_BY_NAME.Name メンバのオフセット RemotePtr <FPtr> ppfn; string name; if (!pIAT32.IsNull) { // 対象が PE32 の場合 ppfn = (pIAT32 + index).Reinterpret <FPtr>(); // ■↑■ 64bit から 32bit の中の FPtr を触ると× IMAGE.THUNK_DATA32 int32 = pINT32[index]; if (int32.IsSnapByOrdinal) { return(new ImportFunction(int32.OrdinalValue, ppfn)); } else { name = (module.mbase + int32.AddressOfData + OffsetName).ReadAnsiString(); } } else { // 対象が PE32+ の場合 ppfn = (pIAT64 + index).Reinterpret <FPtr>(); IMAGE.THUNK_DATA64 int64 = pINT64[index]; if (int64.IsSnapByOrdinal) { return(new ImportFunction(int64.OrdinalValue, ppfn)); } else { name = (module.mbase + int64.AddressOfData + OffsetName).ReadAnsiString(); } } // 名前によるインポートの場合 if (name == null) { name = "<FAILED TO GET NAME>"; } else if (name.Length > 1 && name[0] == '?') { name = DbgHelp.UnDecorateSymbolName(name, DbgHelp.UNDNAME.COMPLETE); } return(new ImportFunction(name, ppfn)); } }
} // end constructor public static DbgBaseTypeInfo GetBaseTypeInfo(DbgEngDebugger debugger, DbgModuleInfo module, uint typeId) { BasicType baseType; ulong size; DbgHelp.GetBaseTypeInfo(debugger.DebuggerInterface, module.BaseAddress, typeId, out baseType, out size); return(new DbgBaseTypeInfo(debugger, module, typeId, baseType, size)); }
public static DbgBaseClassTypeInfoBase GetBaseClassTypeInfo(DbgEngDebugger debugger, DbgModuleInfo module, uint typeId) { if (null == debugger) { throw new ArgumentNullException("debugger"); } if (null == module) { throw new ArgumentNullException("module"); } RawBaseClassInfo rbci = DbgHelp.GetBaseClassInfo(debugger.DebuggerInterface, module.BaseAddress, typeId); if (rbci.IsVirtualBaseClass) { return(new DbgVirtualBaseClassTypeInfo(debugger, module, typeId, rbci.UdtKind, rbci.BaseClassTypeName, rbci.BaseClassSize, rbci.ChildrenCount, rbci.ClassParentId, rbci.VirtualTableShapeId, rbci.IsVirtualBaseClass, rbci.IsIndirectVirtualBaseClass, rbci.BaseClassTypeId, rbci.VirtualBaseDispIndex, rbci.VirtualBasePointerOffset)); } else { return(new DbgBaseClassTypeInfo(debugger, module, typeId, rbci.UdtKind, rbci.BaseClassTypeName, rbci.BaseClassSize, rbci.ChildrenCount, rbci.ClassParentId, rbci.VirtualTableShapeId, rbci.IsVirtualBaseClass, rbci.IsIndirectVirtualBaseClass, rbci.BaseClassTypeId, rbci.Offset)); } } // end GetBaseClassTypeInfo()
public static DbgEnumTypeInfo GetEnumTypeInfo(DbgEngDebugger debugger, DbgModuleInfo module, uint typeId) { if (null == debugger) { throw new ArgumentNullException("debugger"); } RawEnumInfo rei = DbgHelp.GetEnumInfo(debugger.DebuggerInterface, module.BaseAddress, typeId); return(new DbgEnumTypeInfo(debugger, module, rei)); } // end GetEnumTypeInfo()
} // end GetNearNameByOffset() public DbgSymbol GetSymbolByAddress(ulong address, out ulong displacement) { // TODO: Should I handle exceptions and return null? ulong tmpDisplacement = 0xffffffffffffffff; var retval = Debugger.ExecuteOnDbgEngThread(() => { SymbolInfo si = DbgHelp.SymFromAddr(Debugger.DebuggerInterface, address, out tmpDisplacement); // TODO: This doesn't seem like a good idea to use whatever the "current" context // is here... but what can I do? Perhaps I could just get rid of this method. return(new DbgPublicSymbol(Debugger, si, Debugger.GetCurrentTarget())); }); displacement = tmpDisplacement; return(retval); } // end GetSymbolByAddress()
public static DbgPointerTypeInfo GetPointerTypeInfo(DbgEngDebugger debugger, DbgModuleInfo module, uint typeId) { uint pointeeTypeId; ulong size; bool isReference; DbgHelp.GetPointerTypeInfo(debugger.DebuggerInterface, module.BaseAddress, typeId, out pointeeTypeId, out size, out isReference); return(new DbgPointerTypeInfo(debugger, module, typeId, pointeeTypeId, size, isReference)); } // end GetPointerTypeInfo()
protected override bool ReleaseHandle() { if (IntPtr.Zero == base.handle) { return(true); } bool success; lock (Globals.DebugHelpLock) { success = DbgHelp.SymCleanup(handle); } if (success) { return(true); } Trace.TraceError("Failed to cleanup a symbol handler. Error: {0}", Marshal.GetLastWin32Error()); return(false); }
public static DbgTypedefTypeInfo GetTypedefTypeInfo(DbgEngDebugger debugger, DbgModuleInfo module, uint typeId) { uint representedTypeId; string typedefName; DbgHelp.GetTypedefTypeInfo(debugger.DebuggerInterface, module.BaseAddress, typeId, out representedTypeId, out typedefName); return(new DbgTypedefTypeInfo(debugger, module, typeId, representedTypeId, typedefName)); } // end GetTypedefTypeInfo()
public static void Create(Process process, string filename) { using (var s = File.Create(filename)) { var ptrs = Marshal.GetExceptionPointers(); bool result; if (ptrs == IntPtr.Zero) { result = DbgHelp.MiniDumpWriteDump( process.Handle, (uint)process.Id, s.SafeFileHandle.DangerousGetHandle(), MiniDumpType.MiniDumpWithFullMemory, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero); } else { MINIDUMP_EXCEPTION_INFORMATION mei; mei.ClientPointers = false; mei.ExceptionPointers = ptrs; mei.ThreadId = Kernel32.GetCurrentThreadId(); result = DbgHelp.MiniDumpWriteDump( process.Handle, (uint)process.Id, s.SafeFileHandle.DangerousGetHandle(), MiniDumpType.MiniDumpWithFullMemory, ref mei, IntPtr.Zero, IntPtr.Zero); } if (!result) { throw new InvalidOperationException( string.Format("Failed creating memory dump '{0}'.", filename), new Win32Exception(Marshal.GetLastWin32Error())); } } }
public static IMAGEHLP_SYMBOL64 GetSymbolFromAddress(IntPtr hProcess, ulong Address) { //Initialize params for SymGetSymFromAddr64 IMAGEHLP_SYMBOL64 Symbol = new IMAGEHLP_SYMBOL64(); Symbol.SizeOfStruct = (uint)Marshal.SizeOf(Symbol); Symbol.MaxNameLength = 33; IntPtr lpSymbol = Marshal.AllocHGlobal(Marshal.SizeOf(Symbol)); Marshal.StructureToPtr(Symbol, lpSymbol, false); ulong Offset = 0; DbgHelp.SymGetSymFromAddr64(hProcess, Address, Offset, lpSymbol); Symbol = (IMAGEHLP_SYMBOL64)Marshal.PtrToStructure(lpSymbol, typeof(IMAGEHLP_SYMBOL64)); Marshal.FreeHGlobal(lpSymbol); return(Symbol); }
} // end GetColorName() public static DbgArrayTypeInfo GetArrayTypeInfo(DbgEngDebugger debugger, DbgModuleInfo module, uint typeId) { if (null == debugger) { throw new ArgumentNullException("debugger"); } uint arrayTypeId; uint count; ulong size; DbgHelp.GetArrayTypeInfo(debugger.DebuggerInterface, module.BaseAddress, typeId, out arrayTypeId, out count, out size); return(new DbgArrayTypeInfo(debugger, module, typeId, arrayTypeId, count, size)); } // end GetArrayTypeInfo()
internal override object GetConstantValue() { if (!IsConstant) { return(base.GetConstantValue()); // will throw } object rawVal = DbgHelp.SymGetTypeInfo(Debugger.DebuggerInterface, Module.BaseAddress, m_symInfo.Index, IMAGEHLP_SYMBOL_TYPE_INFO.TI_GET_VALUE); // The raw value might be stored more efficiently than the actual type--for // instance, a DWORD constant might be stored (and returned from // SymGetTypeInfo) as a USHORT. So we might need to extend the value to get // fidelity with the true type of the constant. Debug.Assert((Type is DbgBaseTypeInfo) || (Type is DbgEnumTypeInfo)); DbgBaseTypeInfo bti; bti = Type as DbgBaseTypeInfo; if (null == bti) { DbgEnumTypeInfo eti = Type as DbgEnumTypeInfo; if (null != eti) { bti = eti.BaseType; } else { throw new DbgProviderException( Util.Sprintf("I don't know how to handle constants with Type: {0}", Util.GetGenericTypeName(Type)), "DontKnowHowToHandleConstantType", System.Management.Automation.ErrorCategory.NotImplemented); } } return(DbgHelp.ReconstituteConstant(rawVal, bti)); }
public static Symbol[] GetSymbols(string DllFile) { IntPtr CurProc = Process.GetCurrentProcess().Handle; DbgHelp.SymInitialize(CurProc, null, false); if (!File.Exists(DllFile)) { throw new FileNotFoundException("File not found", DllFile); } List <Symbol> Symbols = new List <Symbol>(); ulong DllBase = DbgHelp.SymLoadModuleEx(CurProc, IntPtr.Zero, DllFile, null, 0, 0, IntPtr.Zero, 0); DbgHelp.SymEnumerateSymbols64(CurProc, DllBase, (Name, Addr, Size, Ctx) => { Symbols.Add(new Symbol(Name, DllBase - Addr, Size)); return(true); }, IntPtr.Zero); DbgHelp.SymCleanup(CurProc); return(Symbols.ToArray()); }
public static extern bool MiniDumpReadDumpStream(IntPtr BaseOfDump, DbgHelp.MINIDUMP_STREAM_TYPE StreamNumber, ref MINIDUMP_DIRECTORY Dir, ref IntPtr StreamPointer, ref uint StreamSize);
public static extern bool MiniDumpWriteDump( IntPtr hProcess, UInt32 ProcessId, // DWORD is a 32 bit unsigned integer SafeHandle hFile, DbgHelp.MINIDUMP_TYPE DumpType, IntPtr exceptionParam, IntPtr userStream, IntPtr callback);