public static IntPtr Offset(string name)
{
var res = NativeFacility.LookupSymbolOffset($@"*!{name}");
if (res == null)
{
throw new ApplicationException($"\"{name}\" lookup failed");
}
if (res.Count == 0)
{
throw new ApplicationException($"\"{name}\" not found");
}
if (res.Count == 1)
{
var va = res[0].Data.Address - res[0].Data.ModBase;
if (va < 0)
{
throw new ApplicationException($"\"{name}\" VA is negative");
}
return(new IntPtr(checked ((long)va)));
}
throw new ApplicationException($"\"{name}\" is an ambiguous symbol.");
}
public static void LoadSymbols(ProcessContext context)
{
foreach (var entry in context.PebLdr.InLoadOrderModuleList)
{
var module = entry.ContainingRecord <LdrModule>(LinkOffset);
var name = module.BaseDllName;
var dllName = module.FullDllName.Trim();
if (ModulesWithSymbols.Contains(dllName))
{
continue;
}
Console.Write($"Loading symbols for {name}... ");
var status = NativeFacility.PhLoadModuleDefaultSymbolProvider(module);
Console.WriteLine(status ? "OK" : "FAIL");
ModulesWithSymbols.Add(dllName);
}
}
