This is page 18 of 21. Use http://codebase.md/wasdubya/x64dbgmcp?lines=true&page={x} to view the full context.
# Directory Structure
```
├── build
│ ├── MCPx64dbg.dp32
│ └── MCPx64dbg.dp64
├── CMakeLists.txt
├── deps
│ ├── pluginsdk
│ │ ├── _dbgfunctions.h
│ │ ├── _plugin_types.h
│ │ ├── _plugins.h
│ │ ├── _scriptapi_argument.h
│ │ ├── _scriptapi_assembler.h
│ │ ├── _scriptapi_bookmark.h
│ │ ├── _scriptapi_comment.h
│ │ ├── _scriptapi_debug.h
│ │ ├── _scriptapi_flag.h
│ │ ├── _scriptapi_function.h
│ │ ├── _scriptapi_gui.h
│ │ ├── _scriptapi_label.h
│ │ ├── _scriptapi_memory.h
│ │ ├── _scriptapi_misc.h
│ │ ├── _scriptapi_module.h
│ │ ├── _scriptapi_pattern.h
│ │ ├── _scriptapi_register.h
│ │ ├── _scriptapi_stack.h
│ │ ├── _scriptapi_symbol.h
│ │ ├── _scriptapi.h
│ │ ├── bridgegraph.h
│ │ ├── bridgelist.h
│ │ ├── bridgemain.h
│ │ ├── dbghelp
│ │ │ ├── dbghelp_x64.a
│ │ │ ├── dbghelp_x64.lib
│ │ │ ├── dbghelp_x86.a
│ │ │ ├── dbghelp_x86.lib
│ │ │ └── dbghelp.h
│ │ ├── DeviceNameResolver
│ │ │ ├── DeviceNameResolver_x64.a
│ │ │ ├── DeviceNameResolver_x64.lib
│ │ │ ├── DeviceNameResolver_x86.a
│ │ │ ├── DeviceNameResolver_x86.lib
│ │ │ └── DeviceNameResolver.h
│ │ ├── jansson
│ │ │ ├── jansson_config.h
│ │ │ ├── jansson_x64.a
│ │ │ ├── jansson_x64.lib
│ │ │ ├── jansson_x64dbg.h
│ │ │ ├── jansson_x86.a
│ │ │ ├── jansson_x86.lib
│ │ │ └── jansson.h
│ │ ├── lz4
│ │ │ ├── lz4_x64.a
│ │ │ ├── lz4_x64.lib
│ │ │ ├── lz4_x86.a
│ │ │ ├── lz4_x86.lib
│ │ │ ├── lz4.h
│ │ │ ├── lz4file.h
│ │ │ └── lz4hc.h
│ │ ├── nlohmann
│ │ │ ├── adl_serializer.hpp
│ │ │ ├── byte_container_with_subtype.hpp
│ │ │ ├── detail
│ │ │ │ ├── abi_macros.hpp
│ │ │ │ ├── conversions
│ │ │ │ │ ├── from_json.hpp
│ │ │ │ │ ├── to_chars.hpp
│ │ │ │ │ └── to_json.hpp
│ │ │ │ ├── exceptions.hpp
│ │ │ │ ├── hash.hpp
│ │ │ │ ├── input
│ │ │ │ │ ├── binary_reader.hpp
│ │ │ │ │ ├── input_adapters.hpp
│ │ │ │ │ ├── json_sax.hpp
│ │ │ │ │ ├── lexer.hpp
│ │ │ │ │ ├── parser.hpp
│ │ │ │ │ └── position_t.hpp
│ │ │ │ ├── iterators
│ │ │ │ │ ├── internal_iterator.hpp
│ │ │ │ │ ├── iter_impl.hpp
│ │ │ │ │ ├── iteration_proxy.hpp
│ │ │ │ │ ├── iterator_traits.hpp
│ │ │ │ │ ├── json_reverse_iterator.hpp
│ │ │ │ │ └── primitive_iterator.hpp
│ │ │ │ ├── json_custom_base_class.hpp
│ │ │ │ ├── json_pointer.hpp
│ │ │ │ ├── json_ref.hpp
│ │ │ │ ├── macro_scope.hpp
│ │ │ │ ├── macro_unscope.hpp
│ │ │ │ ├── meta
│ │ │ │ │ ├── call_std
│ │ │ │ │ │ ├── begin.hpp
│ │ │ │ │ │ └── end.hpp
│ │ │ │ │ ├── cpp_future.hpp
│ │ │ │ │ ├── detected.hpp
│ │ │ │ │ ├── identity_tag.hpp
│ │ │ │ │ ├── is_sax.hpp
│ │ │ │ │ ├── std_fs.hpp
│ │ │ │ │ ├── type_traits.hpp
│ │ │ │ │ └── void_t.hpp
│ │ │ │ ├── output
│ │ │ │ │ ├── binary_writer.hpp
│ │ │ │ │ ├── output_adapters.hpp
│ │ │ │ │ └── serializer.hpp
│ │ │ │ ├── string_concat.hpp
│ │ │ │ ├── string_escape.hpp
│ │ │ │ └── value_t.hpp
│ │ │ ├── json_fwd.hpp
│ │ │ ├── json.hpp
│ │ │ ├── ordered_map.hpp
│ │ │ └── thirdparty
│ │ │ └── hedley
│ │ │ ├── hedley_undef.hpp
│ │ │ └── hedley.hpp
│ │ ├── TitanEngine
│ │ │ ├── TitanEngine_x64.a
│ │ │ ├── TitanEngine_x64.lib
│ │ │ ├── TitanEngine_x86.a
│ │ │ ├── TitanEngine_x86.lib
│ │ │ └── TitanEngine.h
│ │ ├── x32bridge.lib
│ │ ├── x32dbg.lib
│ │ ├── x64bridge.lib
│ │ ├── x64dbg.lib
│ │ └── XEDParse
│ │ ├── XEDParse_x64.a
│ │ ├── XEDParse_x64.lib
│ │ ├── XEDParse_x86.a
│ │ ├── XEDParse_x86.lib
│ │ └── XEDParse.h
│ └── x64dbg_sdk
│ └── pluginsdk
│ ├── _dbgfunctions.h
│ ├── _plugin_types.h
│ ├── _plugins.h
│ ├── _scriptapi_argument.h
│ ├── _scriptapi_assembler.h
│ ├── _scriptapi_bookmark.h
│ ├── _scriptapi_comment.h
│ ├── _scriptapi_debug.h
│ ├── _scriptapi_flag.h
│ ├── _scriptapi_function.h
│ ├── _scriptapi_gui.h
│ ├── _scriptapi_label.h
│ ├── _scriptapi_memory.h
│ ├── _scriptapi_misc.h
│ ├── _scriptapi_module.h
│ ├── _scriptapi_pattern.h
│ ├── _scriptapi_register.h
│ ├── _scriptapi_stack.h
│ ├── _scriptapi_symbol.h
│ ├── _scriptapi.h
│ ├── bridgegraph.h
│ ├── bridgelist.h
│ ├── bridgemain.h
│ ├── dbghelp
│ │ ├── dbghelp_x64.a
│ │ ├── dbghelp_x64.lib
│ │ ├── dbghelp_x86.a
│ │ ├── dbghelp_x86.lib
│ │ └── dbghelp.h
│ ├── DeviceNameResolver
│ │ ├── DeviceNameResolver_x64.a
│ │ ├── DeviceNameResolver_x64.lib
│ │ ├── DeviceNameResolver_x86.a
│ │ ├── DeviceNameResolver_x86.lib
│ │ └── DeviceNameResolver.h
│ ├── jansson
│ │ ├── jansson_config.h
│ │ ├── jansson_x64.a
│ │ ├── jansson_x64.lib
│ │ ├── jansson_x64dbg.h
│ │ ├── jansson_x86.a
│ │ ├── jansson_x86.lib
│ │ └── jansson.h
│ ├── lz4
│ │ ├── lz4_x64.a
│ │ ├── lz4_x64.lib
│ │ ├── lz4_x86.a
│ │ ├── lz4_x86.lib
│ │ ├── lz4.h
│ │ ├── lz4file.h
│ │ └── lz4hc.h
│ ├── TitanEngine
│ │ ├── TitanEngine_x64.a
│ │ ├── TitanEngine_x64.lib
│ │ ├── TitanEngine_x86.a
│ │ ├── TitanEngine_x86.lib
│ │ └── TitanEngine.h
│ ├── TitanEngine_x64.a
│ ├── TitanEngine_x64.lib
│ ├── TitanEngine_x86.a
│ ├── TitanEngine_x86.lib
│ ├── TitanEngine.h
│ ├── x32bridge.lib
│ ├── x32dbg.lib
│ ├── x64bridge.lib
│ ├── x64dbg.lib
│ └── XEDParse
│ ├── XEDParse_x64.a
│ ├── XEDParse_x64.lib
│ ├── XEDParse_x86.a
│ ├── XEDParse_x86.lib
│ └── XEDParse.h
├── include
│ └── nlohmann
│ ├── adl_serializer.hpp
│ ├── byte_container_with_subtype.hpp
│ ├── detail
│ │ ├── abi_macros.hpp
│ │ ├── conversions
│ │ │ ├── from_json.hpp
│ │ │ ├── to_chars.hpp
│ │ │ └── to_json.hpp
│ │ ├── exceptions.hpp
│ │ ├── hash.hpp
│ │ ├── input
│ │ │ ├── binary_reader.hpp
│ │ │ ├── input_adapters.hpp
│ │ │ ├── json_sax.hpp
│ │ │ ├── lexer.hpp
│ │ │ ├── parser.hpp
│ │ │ └── position_t.hpp
│ │ ├── iterators
│ │ │ ├── internal_iterator.hpp
│ │ │ ├── iter_impl.hpp
│ │ │ ├── iteration_proxy.hpp
│ │ │ ├── iterator_traits.hpp
│ │ │ ├── json_reverse_iterator.hpp
│ │ │ └── primitive_iterator.hpp
│ │ ├── json_custom_base_class.hpp
│ │ ├── json_pointer.hpp
│ │ ├── json_ref.hpp
│ │ ├── macro_scope.hpp
│ │ ├── macro_unscope.hpp
│ │ ├── meta
│ │ │ ├── call_std
│ │ │ │ ├── begin.hpp
│ │ │ │ └── end.hpp
│ │ │ ├── cpp_future.hpp
│ │ │ ├── detected.hpp
│ │ │ ├── identity_tag.hpp
│ │ │ ├── is_sax.hpp
│ │ │ ├── std_fs.hpp
│ │ │ ├── type_traits.hpp
│ │ │ └── void_t.hpp
│ │ ├── output
│ │ │ ├── binary_writer.hpp
│ │ │ ├── output_adapters.hpp
│ │ │ └── serializer.hpp
│ │ ├── string_concat.hpp
│ │ ├── string_escape.hpp
│ │ └── value_t.hpp
│ ├── json_fwd.hpp
│ ├── json.hpp
│ ├── ordered_map.hpp
│ └── thirdparty
│ └── hedley
│ ├── hedley_undef.hpp
│ └── hedley.hpp
├── README.md
├── Showcase.gif
├── side profile of a voxel spider walking.jpg
└── src
├── MCPx64dbg.cpp
└── x64dbg.py
```
# Files
--------------------------------------------------------------------------------
/deps/pluginsdk/dbghelp/dbghelp.h:
--------------------------------------------------------------------------------
```
1 | #ifndef _DBGHELP_
2 | #define _DBGHELP_
3 |
4 |
5 | // As a general principal always call the 64 bit version
6 | // of every API, if a choice exists. The 64 bit version
7 | // works great on 32 bit platforms, and is forward
8 | // compatible to 64 bit platforms.
9 |
10 | #ifdef _WIN64
11 | #ifndef _IMAGEHLP64
12 | #define _IMAGEHLP64
13 | #endif
14 | #endif
15 |
16 | #pragma pack(push,8)
17 |
18 | // For those without specstrings.h
19 | // Since there are different versions of this header, I need to
20 | // individually test each item and define it if it is not around.
21 |
22 | #ifndef __in
23 | #define __in
24 | #endif
25 | #ifndef __out
26 | #define __out
27 | #endif
28 | #ifndef __inout
29 | #define __inout
30 | #endif
31 | #ifndef __in_opt
32 | #define __in_opt
33 | #endif
34 | #ifndef __out_opt
35 | #define __out_opt
36 | #endif
37 | #ifndef __inout_opt
38 | #define __inout_opt
39 | #endif
40 | #ifndef __in_ecount
41 | #define __in_ecount(x)
42 | #endif
43 | #ifndef __out_ecount
44 | #define __out_ecount(x)
45 | #endif
46 | #ifndef __inout_ecount
47 | #define __inout_ecount(x)
48 | #endif
49 | #ifndef __in_bcount
50 | #define __in_bcount(x)
51 | #endif
52 | #ifndef __out_bcount
53 | #define __out_bcount(x)
54 | #endif
55 | #ifndef __inout_bcount
56 | #define __inout_bcount(x)
57 | #endif
58 | #ifndef __out_xcount
59 | #define __out_xcount(x)
60 | #endif
61 | #ifndef __deref_opt_out
62 | #define __deref_opt_out
63 | #endif
64 | #ifndef __deref_out
65 | #define __deref_out
66 | #endif
67 | #ifndef __out_ecount_opt
68 | #define __out_ecount_opt(x)
69 | #endif
70 | #ifndef __in_bcount_opt
71 | #define __in_bcount_opt(x)
72 | #endif
73 | #ifndef __out_bcount_opt
74 | #define __out_bcount_opt(x)
75 | #endif
76 | #ifndef __deref_out_opt
77 | #define __deref_out_opt
78 | #endif
79 |
80 |
81 | #ifdef __cplusplus
82 | extern "C" {
83 | #endif
84 |
85 | #ifdef _IMAGEHLP_SOURCE_
86 | #define IMAGEAPI __stdcall
87 | #define DBHLP_DEPRECIATED
88 | #else
89 | #define IMAGEAPI DECLSPEC_IMPORT __stdcall
90 | #if (_MSC_VER >= 1300) && !defined(MIDL_PASS)
91 | #define DBHLP_DEPRECIATED __declspec(deprecated)
92 | #else
93 | #define DBHLP_DEPRECIATED
94 | #endif
95 | #endif
96 |
97 | #define DBHLPAPI IMAGEAPI
98 |
99 | #define IMAGE_SEPARATION (64*1024)
100 |
101 | // Observant readers may notice that 2 new fields,
102 | // 'fReadOnly' and 'Version' have been added to
103 | // the LOADED_IMAGE structure after 'fDOSImage'.
104 | // This does not change the size of the structure
105 | // from previous headers. That is because while
106 | // 'fDOSImage' is a byte, it is padded by the
107 | // compiler to 4 bytes. So the 2 new fields are
108 | // slipped into the extra space.
109 |
110 | typedef struct _LOADED_IMAGE
111 | {
112 | PSTR ModuleName;
113 | HANDLE hFile;
114 | PUCHAR MappedAddress;
115 | #ifdef _IMAGEHLP64
116 | PIMAGE_NT_HEADERS64 FileHeader;
117 | #else
118 | PIMAGE_NT_HEADERS32 FileHeader;
119 | #endif
120 | PIMAGE_SECTION_HEADER LastRvaSection;
121 | ULONG NumberOfSections;
122 | PIMAGE_SECTION_HEADER Sections;
123 | ULONG Characteristics;
124 | BOOLEAN fSystemImage;
125 | BOOLEAN fDOSImage;
126 | BOOLEAN fReadOnly;
127 | UCHAR Version;
128 | LIST_ENTRY Links;
129 | ULONG SizeOfImage;
130 | } LOADED_IMAGE, *PLOADED_IMAGE;
131 |
132 | #define MAX_SYM_NAME 2000
133 |
134 |
135 | // Error codes set by dbghelp functions. Call GetLastError
136 | // to see them.
137 | // Dbghelp also sets error codes found in winerror.h
138 |
139 | #define ERROR_IMAGE_NOT_STRIPPED 0x8800 // the image is not stripped. No dbg file available.
140 | #define ERROR_NO_DBG_POINTER 0x8801 // image is stripped but there is no pointer to a dbg file
141 | #define ERROR_NO_PDB_POINTER 0x8802 // image does not point to a pdb file
142 |
143 | typedef BOOL
144 | (CALLBACK* PFIND_DEBUG_FILE_CALLBACK)(
145 | __in HANDLE FileHandle,
146 | __in PCSTR FileName,
147 | __in PVOID CallerData
148 | );
149 |
150 | HANDLE
151 | IMAGEAPI
152 | SymFindDebugInfoFile(
153 | __in HANDLE hProcess,
154 | __in PCSTR FileName,
155 | __out_ecount(MAX_PATH + 1) PSTR DebugFilePath,
156 | __in_opt PFIND_DEBUG_FILE_CALLBACK Callback,
157 | __in_opt PVOID CallerData
158 | );
159 |
160 | typedef BOOL
161 | (CALLBACK* PFIND_DEBUG_FILE_CALLBACKW)(
162 | __in HANDLE FileHandle,
163 | __in PCWSTR FileName,
164 | __in PVOID CallerData
165 | );
166 |
167 | HANDLE
168 | IMAGEAPI
169 | SymFindDebugInfoFileW(
170 | __in HANDLE hProcess,
171 | __in PCWSTR FileName,
172 | __out_ecount(MAX_PATH + 1) PWSTR DebugFilePath,
173 | __in_opt PFIND_DEBUG_FILE_CALLBACKW Callback,
174 | __in_opt PVOID CallerData
175 | );
176 |
177 | HANDLE
178 | IMAGEAPI
179 | FindDebugInfoFile(
180 | __in PCSTR FileName,
181 | __in PCSTR SymbolPath,
182 | __out_ecount(MAX_PATH + 1) PSTR DebugFilePath
183 | );
184 |
185 | HANDLE
186 | IMAGEAPI
187 | FindDebugInfoFileEx(
188 | __in PCSTR FileName,
189 | __in PCSTR SymbolPath,
190 | __out_ecount(MAX_PATH + 1) PSTR DebugFilePath,
191 | __in_opt PFIND_DEBUG_FILE_CALLBACK Callback,
192 | __in_opt PVOID CallerData
193 | );
194 |
195 | HANDLE
196 | IMAGEAPI
197 | FindDebugInfoFileExW(
198 | __in PCWSTR FileName,
199 | __in PCWSTR SymbolPath,
200 | __out_ecount(MAX_PATH + 1) PWSTR DebugFilePath,
201 | __in_opt PFIND_DEBUG_FILE_CALLBACKW Callback,
202 | __in_opt PVOID CallerData
203 | );
204 |
205 | typedef BOOL
206 | (CALLBACK* PFINDFILEINPATHCALLBACK)(
207 | __in PCSTR filename,
208 | __in PVOID context
209 | );
210 |
211 | BOOL
212 | IMAGEAPI
213 | SymFindFileInPath(
214 | __in HANDLE hprocess,
215 | __in_opt PCSTR SearchPath,
216 | __in PCSTR FileName,
217 | __in_opt PVOID id,
218 | __in DWORD two,
219 | __in DWORD three,
220 | __in DWORD flags,
221 | __out_ecount(MAX_PATH + 1) PSTR FoundFile,
222 | __in_opt PFINDFILEINPATHCALLBACK callback,
223 | __in_opt PVOID context
224 | );
225 |
226 | typedef BOOL
227 | (CALLBACK* PFINDFILEINPATHCALLBACKW)(
228 | __in PCWSTR filename,
229 | __in PVOID context
230 | );
231 |
232 | BOOL
233 | IMAGEAPI
234 | SymFindFileInPathW(
235 | __in HANDLE hprocess,
236 | __in_opt PCWSTR SearchPath,
237 | __in PCWSTR FileName,
238 | __in_opt PVOID id,
239 | __in DWORD two,
240 | __in DWORD three,
241 | __in DWORD flags,
242 | __out_ecount(MAX_PATH + 1) PWSTR FoundFile,
243 | __in_opt PFINDFILEINPATHCALLBACKW callback,
244 | __in_opt PVOID context
245 | );
246 |
247 | typedef BOOL
248 | (CALLBACK* PFIND_EXE_FILE_CALLBACK)(
249 | __in HANDLE FileHandle,
250 | __in PCSTR FileName,
251 | __in_opt PVOID CallerData
252 | );
253 |
254 | HANDLE
255 | IMAGEAPI
256 | SymFindExecutableImage(
257 | __in HANDLE hProcess,
258 | __in PCSTR FileName,
259 | __out_ecount(MAX_PATH + 1) PSTR ImageFilePath,
260 | __in PFIND_EXE_FILE_CALLBACK Callback,
261 | __in PVOID CallerData
262 | );
263 |
264 | typedef BOOL
265 | (CALLBACK* PFIND_EXE_FILE_CALLBACKW)(
266 | __in HANDLE FileHandle,
267 | __in PCWSTR FileName,
268 | __in_opt PVOID CallerData
269 | );
270 |
271 | HANDLE
272 | IMAGEAPI
273 | SymFindExecutableImageW(
274 | __in HANDLE hProcess,
275 | __in PCWSTR FileName,
276 | __out_ecount(MAX_PATH + 1) PWSTR ImageFilePath,
277 | __in PFIND_EXE_FILE_CALLBACKW Callback,
278 | __in PVOID CallerData
279 | );
280 |
281 | HANDLE
282 | IMAGEAPI
283 | FindExecutableImage(
284 | __in PCSTR FileName,
285 | __in PCSTR SymbolPath,
286 | __out_ecount(MAX_PATH + 1) PSTR ImageFilePath
287 | );
288 |
289 | HANDLE
290 | IMAGEAPI
291 | FindExecutableImageEx(
292 | __in PCSTR FileName,
293 | __in PCSTR SymbolPath,
294 | __out_ecount(MAX_PATH + 1) PSTR ImageFilePath,
295 | __in_opt PFIND_EXE_FILE_CALLBACK Callback,
296 | __in_opt PVOID CallerData
297 | );
298 |
299 | HANDLE
300 | IMAGEAPI
301 | FindExecutableImageExW(
302 | __in PCWSTR FileName,
303 | __in PCWSTR SymbolPath,
304 | __out_ecount(MAX_PATH + 1) PWSTR ImageFilePath,
305 | __in_opt PFIND_EXE_FILE_CALLBACKW Callback,
306 | __in PVOID CallerData
307 | );
308 |
309 | PIMAGE_NT_HEADERS
310 | IMAGEAPI
311 | ImageNtHeader(
312 | __in PVOID Base
313 | );
314 |
315 | PVOID
316 | IMAGEAPI
317 | ImageDirectoryEntryToDataEx(
318 | __in PVOID Base,
319 | __in BOOLEAN MappedAsImage,
320 | __in USHORT DirectoryEntry,
321 | __out PULONG Size,
322 | __out_opt PIMAGE_SECTION_HEADER* FoundHeader
323 | );
324 |
325 | PVOID
326 | IMAGEAPI
327 | ImageDirectoryEntryToData(
328 | __in PVOID Base,
329 | __in BOOLEAN MappedAsImage,
330 | __in USHORT DirectoryEntry,
331 | __out PULONG Size
332 | );
333 |
334 | PIMAGE_SECTION_HEADER
335 | IMAGEAPI
336 | ImageRvaToSection(
337 | __in PIMAGE_NT_HEADERS NtHeaders,
338 | __in PVOID Base,
339 | __in ULONG Rva
340 | );
341 |
342 | PVOID
343 | IMAGEAPI
344 | ImageRvaToVa(
345 | __in PIMAGE_NT_HEADERS NtHeaders,
346 | __in PVOID Base,
347 | __in ULONG Rva,
348 | __in_opt OUT PIMAGE_SECTION_HEADER* LastRvaSection
349 | );
350 |
351 | #ifndef _WIN64
352 | // This api won't be ported to Win64 - Fix your code.
353 |
354 | typedef struct _IMAGE_DEBUG_INFORMATION
355 | {
356 | LIST_ENTRY List;
357 | DWORD ReservedSize;
358 | PVOID ReservedMappedBase;
359 | USHORT ReservedMachine;
360 | USHORT ReservedCharacteristics;
361 | DWORD ReservedCheckSum;
362 | DWORD ImageBase;
363 | DWORD SizeOfImage;
364 |
365 | DWORD ReservedNumberOfSections;
366 | PIMAGE_SECTION_HEADER ReservedSections;
367 |
368 | DWORD ReservedExportedNamesSize;
369 | PSTR ReservedExportedNames;
370 |
371 | DWORD ReservedNumberOfFunctionTableEntries;
372 | PIMAGE_FUNCTION_ENTRY ReservedFunctionTableEntries;
373 | DWORD ReservedLowestFunctionStartingAddress;
374 | DWORD ReservedHighestFunctionEndingAddress;
375 |
376 | DWORD ReservedNumberOfFpoTableEntries;
377 | PFPO_DATA ReservedFpoTableEntries;
378 |
379 | DWORD SizeOfCoffSymbols;
380 | PIMAGE_COFF_SYMBOLS_HEADER CoffSymbols;
381 |
382 | DWORD ReservedSizeOfCodeViewSymbols;
383 | PVOID ReservedCodeViewSymbols;
384 |
385 | PSTR ImageFilePath;
386 | PSTR ImageFileName;
387 | PSTR ReservedDebugFilePath;
388 |
389 | DWORD ReservedTimeDateStamp;
390 |
391 | BOOL ReservedRomImage;
392 | PIMAGE_DEBUG_DIRECTORY ReservedDebugDirectory;
393 | DWORD ReservedNumberOfDebugDirectories;
394 |
395 | DWORD ReservedOriginalFunctionTableBaseAddress;
396 |
397 | DWORD Reserved[ 2 ];
398 |
399 | } IMAGE_DEBUG_INFORMATION, *PIMAGE_DEBUG_INFORMATION;
400 |
401 |
402 | PIMAGE_DEBUG_INFORMATION
403 | IMAGEAPI
404 | MapDebugInformation(
405 | __in_opt HANDLE FileHandle,
406 | __in PCSTR FileName,
407 | __in_opt PCSTR SymbolPath,
408 | __in ULONG ImageBase
409 | );
410 |
411 | BOOL
412 | IMAGEAPI
413 | UnmapDebugInformation(
414 | __out_xcount(unknown) PIMAGE_DEBUG_INFORMATION DebugInfo
415 | );
416 |
417 | #endif
418 |
419 | BOOL
420 | IMAGEAPI
421 | SearchTreeForFile(
422 | __in PCSTR RootPath,
423 | __in PCSTR InputPathName,
424 | __out_ecount(MAX_PATH + 1) PSTR OutputPathBuffer
425 | );
426 |
427 | BOOL
428 | IMAGEAPI
429 | SearchTreeForFileW(
430 | __in PCWSTR RootPath,
431 | __in PCWSTR InputPathName,
432 | __out_ecount(MAX_PATH + 1) PWSTR OutputPathBuffer
433 | );
434 |
435 | typedef BOOL
436 | (CALLBACK* PENUMDIRTREE_CALLBACK)(
437 | __in PCSTR FilePath,
438 | __in_opt PVOID CallerData
439 | );
440 |
441 | BOOL
442 | IMAGEAPI
443 | EnumDirTree(
444 | __in_opt HANDLE hProcess,
445 | __in PCSTR RootPath,
446 | __in PCSTR InputPathName,
447 | __out_ecount_opt(MAX_PATH + 1) PSTR OutputPathBuffer,
448 | __in_opt PENUMDIRTREE_CALLBACK cb,
449 | __in_opt PVOID data
450 | );
451 |
452 | typedef BOOL
453 | (CALLBACK* PENUMDIRTREE_CALLBACKW)(
454 | __in PCWSTR FilePath,
455 | __in_opt PVOID CallerData
456 | );
457 |
458 | BOOL
459 | IMAGEAPI
460 | EnumDirTreeW(
461 | __in_opt HANDLE hProcess,
462 | __in PCWSTR RootPath,
463 | __in PCWSTR InputPathName,
464 | __out_ecount_opt(MAX_PATH + 1) PWSTR OutputPathBuffer,
465 | __in_opt PENUMDIRTREE_CALLBACKW cb,
466 | __in_opt PVOID data
467 | );
468 |
469 | BOOL
470 | IMAGEAPI
471 | MakeSureDirectoryPathExists(
472 | __in PCSTR DirPath
473 | );
474 |
475 | //
476 | // UnDecorateSymbolName Flags
477 | //
478 |
479 | #define UNDNAME_COMPLETE (0x0000) // Enable full undecoration
480 | #define UNDNAME_NO_LEADING_UNDERSCORES (0x0001) // Remove leading underscores from MS extended keywords
481 | #define UNDNAME_NO_MS_KEYWORDS (0x0002) // Disable expansion of MS extended keywords
482 | #define UNDNAME_NO_FUNCTION_RETURNS (0x0004) // Disable expansion of return type for primary declaration
483 | #define UNDNAME_NO_ALLOCATION_MODEL (0x0008) // Disable expansion of the declaration model
484 | #define UNDNAME_NO_ALLOCATION_LANGUAGE (0x0010) // Disable expansion of the declaration language specifier
485 | #define UNDNAME_NO_MS_THISTYPE (0x0020) // NYI Disable expansion of MS keywords on the 'this' type for primary declaration
486 | #define UNDNAME_NO_CV_THISTYPE (0x0040) // NYI Disable expansion of CV modifiers on the 'this' type for primary declaration
487 | #define UNDNAME_NO_THISTYPE (0x0060) // Disable all modifiers on the 'this' type
488 | #define UNDNAME_NO_ACCESS_SPECIFIERS (0x0080) // Disable expansion of access specifiers for members
489 | #define UNDNAME_NO_THROW_SIGNATURES (0x0100) // Disable expansion of 'throw-signatures' for functions and pointers to functions
490 | #define UNDNAME_NO_MEMBER_TYPE (0x0200) // Disable expansion of 'static' or 'virtual'ness of members
491 | #define UNDNAME_NO_RETURN_UDT_MODEL (0x0400) // Disable expansion of MS model for UDT returns
492 | #define UNDNAME_32_BIT_DECODE (0x0800) // Undecorate 32-bit decorated names
493 | #define UNDNAME_NAME_ONLY (0x1000) // Crack only the name for primary declaration;
494 | // return just [scope::]name. Does expand template params
495 | #define UNDNAME_NO_ARGUMENTS (0x2000) // Don't undecorate arguments to function
496 | #define UNDNAME_NO_SPECIAL_SYMS (0x4000) // Don't undecorate special names (v-table, vcall, vector xxx, metatype, etc)
497 |
498 | DWORD
499 | IMAGEAPI
500 | WINAPI
501 | UnDecorateSymbolName(
502 | __in PCSTR name,
503 | __out_ecount(maxStringLength) PSTR outputString,
504 | __in DWORD maxStringLength,
505 | __in DWORD flags
506 | );
507 |
508 | DWORD
509 | IMAGEAPI
510 | WINAPI
511 | UnDecorateSymbolNameW(
512 | __in PCWSTR name,
513 | __out_ecount(maxStringLength) PWSTR outputString,
514 | __in DWORD maxStringLength,
515 | __in DWORD flags
516 | );
517 |
518 | //
519 | // these values are used for synthesized file types
520 | // that can be passed in as image headers instead of
521 | // the standard ones from ntimage.h
522 | //
523 |
524 | #define DBHHEADER_DEBUGDIRS 0x1
525 | #define DBHHEADER_CVMISC 0x2
526 | #define DBHHEADER_PDBGUID 0x3
527 | typedef struct _MODLOAD_DATA
528 | {
529 | DWORD ssize; // size of this struct
530 | DWORD ssig; // signature identifying the passed data
531 | PVOID data; // pointer to passed data
532 | DWORD size; // size of passed data
533 | DWORD flags; // options
534 | } MODLOAD_DATA, *PMODLOAD_DATA;
535 |
536 | typedef struct _MODLOAD_CVMISC
537 | {
538 | DWORD oCV; // ofset to the codeview record
539 | size_t cCV; // size of the codeview record
540 | DWORD oMisc; // offset to the misc record
541 | size_t cMisc; // size of the misc record
542 | DWORD dtImage; // datetime stamp of the image
543 | DWORD cImage; // size of the image
544 | } MODLOAD_CVMISC, *PMODLOAD_CVMISC;
545 |
546 | typedef struct _MODLOAD_PDBGUID_PDBAGE
547 | {
548 | GUID PdbGuid; // Pdb Guid
549 | DWORD PdbAge; // Pdb Age
550 | } MODLOAD_PDBGUID_PDBAGE, *PMODLOAD_PDBGUID_PDBAGE;
551 |
552 | //
553 | // StackWalking API
554 | //
555 |
556 | typedef enum
557 | {
558 | AddrMode1616,
559 | AddrMode1632,
560 | AddrModeReal,
561 | AddrModeFlat
562 | } ADDRESS_MODE;
563 |
564 | typedef struct _tagADDRESS64
565 | {
566 | DWORD64 Offset;
567 | WORD Segment;
568 | ADDRESS_MODE Mode;
569 | } ADDRESS64, *LPADDRESS64;
570 |
571 | #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
572 | #define ADDRESS ADDRESS64
573 | #define LPADDRESS LPADDRESS64
574 | #else
575 | typedef struct _tagADDRESS
576 | {
577 | DWORD Offset;
578 | WORD Segment;
579 | ADDRESS_MODE Mode;
580 | } ADDRESS, *LPADDRESS;
581 |
582 | __inline
583 | void
584 | Address32To64(
585 | __in LPADDRESS a32,
586 | __out LPADDRESS64 a64
587 | )
588 | {
589 | a64->Offset = (ULONG64)(LONG64)(LONG)a32->Offset;
590 | a64->Segment = a32->Segment;
591 | a64->Mode = a32->Mode;
592 | }
593 |
594 | __inline
595 | void
596 | Address64To32(
597 | __in LPADDRESS64 a64,
598 | __out LPADDRESS a32
599 | )
600 | {
601 | a32->Offset = (ULONG)a64->Offset;
602 | a32->Segment = a64->Segment;
603 | a32->Mode = a64->Mode;
604 | }
605 | #endif
606 |
607 | //
608 | // This structure is included in the STACKFRAME structure,
609 | // and is used to trace through usermode callbacks in a thread's
610 | // kernel stack. The values must be copied by the kernel debugger
611 | // from the DBGKD_GET_VERSION and WAIT_STATE_CHANGE packets.
612 | //
613 |
614 | //
615 | // New KDHELP structure for 64 bit system support.
616 | // This structure is preferred in new code.
617 | //
618 | typedef struct _KDHELP64
619 | {
620 |
621 | //
622 | // address of kernel thread object, as provided in the
623 | // WAIT_STATE_CHANGE packet.
624 | //
625 | DWORD64 Thread;
626 |
627 | //
628 | // offset in thread object to pointer to the current callback frame
629 | // in kernel stack.
630 | //
631 | DWORD ThCallbackStack;
632 |
633 | //
634 | // offset in thread object to pointer to the current callback backing
635 | // store frame in kernel stack.
636 | //
637 | DWORD ThCallbackBStore;
638 |
639 | //
640 | // offsets to values in frame:
641 | //
642 | // address of next callback frame
643 | DWORD NextCallback;
644 |
645 | // address of saved frame pointer (if applicable)
646 | DWORD FramePointer;
647 |
648 |
649 | //
650 | // Address of the kernel function that calls out to user mode
651 | //
652 | DWORD64 KiCallUserMode;
653 |
654 | //
655 | // Address of the user mode dispatcher function
656 | //
657 | DWORD64 KeUserCallbackDispatcher;
658 |
659 | //
660 | // Lowest kernel mode address
661 | //
662 | DWORD64 SystemRangeStart;
663 |
664 | //
665 | // Address of the user mode exception dispatcher function.
666 | // Added in API version 10.
667 | //
668 | DWORD64 KiUserExceptionDispatcher;
669 |
670 | //
671 | // Stack bounds, added in API version 11.
672 | //
673 | DWORD64 StackBase;
674 | DWORD64 StackLimit;
675 |
676 | DWORD64 Reserved[5];
677 |
678 | } KDHELP64, *PKDHELP64;
679 |
680 | #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
681 | #define KDHELP KDHELP64
682 | #define PKDHELP PKDHELP64
683 | #else
684 | typedef struct _KDHELP
685 | {
686 |
687 | //
688 | // address of kernel thread object, as provided in the
689 | // WAIT_STATE_CHANGE packet.
690 | //
691 | DWORD Thread;
692 |
693 | //
694 | // offset in thread object to pointer to the current callback frame
695 | // in kernel stack.
696 | //
697 | DWORD ThCallbackStack;
698 |
699 | //
700 | // offsets to values in frame:
701 | //
702 | // address of next callback frame
703 | DWORD NextCallback;
704 |
705 | // address of saved frame pointer (if applicable)
706 | DWORD FramePointer;
707 |
708 | //
709 | // Address of the kernel function that calls out to user mode
710 | //
711 | DWORD KiCallUserMode;
712 |
713 | //
714 | // Address of the user mode dispatcher function
715 | //
716 | DWORD KeUserCallbackDispatcher;
717 |
718 | //
719 | // Lowest kernel mode address
720 | //
721 | DWORD SystemRangeStart;
722 |
723 | //
724 | // offset in thread object to pointer to the current callback backing
725 | // store frame in kernel stack.
726 | //
727 | DWORD ThCallbackBStore;
728 |
729 | //
730 | // Address of the user mode exception dispatcher function.
731 | // Added in API version 10.
732 | //
733 | DWORD KiUserExceptionDispatcher;
734 |
735 | //
736 | // Stack bounds, added in API version 11.
737 | //
738 | DWORD StackBase;
739 | DWORD StackLimit;
740 |
741 | DWORD Reserved[5];
742 |
743 | } KDHELP, *PKDHELP;
744 |
745 | __inline
746 | void
747 | KdHelp32To64(
748 | __in PKDHELP p32,
749 | __out PKDHELP64 p64
750 | )
751 | {
752 | p64->Thread = p32->Thread;
753 | p64->ThCallbackStack = p32->ThCallbackStack;
754 | p64->NextCallback = p32->NextCallback;
755 | p64->FramePointer = p32->FramePointer;
756 | p64->KiCallUserMode = p32->KiCallUserMode;
757 | p64->KeUserCallbackDispatcher = p32->KeUserCallbackDispatcher;
758 | p64->SystemRangeStart = p32->SystemRangeStart;
759 | p64->KiUserExceptionDispatcher = p32->KiUserExceptionDispatcher;
760 | p64->StackBase = p32->StackBase;
761 | p64->StackLimit = p32->StackLimit;
762 | }
763 | #endif
764 |
765 | typedef struct _tagSTACKFRAME64
766 | {
767 | ADDRESS64 AddrPC; // program counter
768 | ADDRESS64 AddrReturn; // return address
769 | ADDRESS64 AddrFrame; // frame pointer
770 | ADDRESS64 AddrStack; // stack pointer
771 | ADDRESS64 AddrBStore; // backing store pointer
772 | PVOID FuncTableEntry; // pointer to pdata/fpo or NULL
773 | DWORD64 Params[4]; // possible arguments to the function
774 | BOOL Far; // WOW far call
775 | BOOL Virtual; // is this a virtual frame?
776 | DWORD64 Reserved[3];
777 | KDHELP64 KdHelp;
778 | } STACKFRAME64, *LPSTACKFRAME64;
779 |
780 | #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
781 | #define STACKFRAME STACKFRAME64
782 | #define LPSTACKFRAME LPSTACKFRAME64
783 | #else
784 | typedef struct _tagSTACKFRAME
785 | {
786 | ADDRESS AddrPC; // program counter
787 | ADDRESS AddrReturn; // return address
788 | ADDRESS AddrFrame; // frame pointer
789 | ADDRESS AddrStack; // stack pointer
790 | PVOID FuncTableEntry; // pointer to pdata/fpo or NULL
791 | DWORD Params[4]; // possible arguments to the function
792 | BOOL Far; // WOW far call
793 | BOOL Virtual; // is this a virtual frame?
794 | DWORD Reserved[3];
795 | KDHELP KdHelp;
796 | ADDRESS AddrBStore; // backing store pointer
797 | } STACKFRAME, *LPSTACKFRAME;
798 | #endif
799 |
800 |
801 | typedef
802 | BOOL
803 | (__stdcall* PREAD_PROCESS_MEMORY_ROUTINE64)(
804 | __in HANDLE hProcess,
805 | __in DWORD64 qwBaseAddress,
806 | __out_bcount(nSize) PVOID lpBuffer,
807 | __in DWORD nSize,
808 | __out LPDWORD lpNumberOfBytesRead
809 | );
810 |
811 | typedef
812 | PVOID
813 | (__stdcall* PFUNCTION_TABLE_ACCESS_ROUTINE64)(
814 | __in HANDLE ahProcess,
815 | __in DWORD64 AddrBase
816 | );
817 |
818 | typedef
819 | DWORD64
820 | (__stdcall* PGET_MODULE_BASE_ROUTINE64)(
821 | __in HANDLE hProcess,
822 | __in DWORD64 Address
823 | );
824 |
825 | typedef
826 | DWORD64
827 | (__stdcall* PTRANSLATE_ADDRESS_ROUTINE64)(
828 | __in HANDLE hProcess,
829 | __in HANDLE hThread,
830 | __in LPADDRESS64 lpaddr
831 | );
832 |
833 | BOOL
834 | IMAGEAPI
835 | StackWalk64(
836 | __in DWORD MachineType,
837 | __in HANDLE hProcess,
838 | __in HANDLE hThread,
839 | __inout LPSTACKFRAME64 StackFrame,
840 | __inout PVOID ContextRecord,
841 | __in_opt PREAD_PROCESS_MEMORY_ROUTINE64 ReadMemoryRoutine,
842 | __in_opt PFUNCTION_TABLE_ACCESS_ROUTINE64 FunctionTableAccessRoutine,
843 | __in_opt PGET_MODULE_BASE_ROUTINE64 GetModuleBaseRoutine,
844 | __in_opt PTRANSLATE_ADDRESS_ROUTINE64 TranslateAddress
845 | );
846 |
847 | #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
848 |
849 | #define PREAD_PROCESS_MEMORY_ROUTINE PREAD_PROCESS_MEMORY_ROUTINE64
850 | #define PFUNCTION_TABLE_ACCESS_ROUTINE PFUNCTION_TABLE_ACCESS_ROUTINE64
851 | #define PGET_MODULE_BASE_ROUTINE PGET_MODULE_BASE_ROUTINE64
852 | #define PTRANSLATE_ADDRESS_ROUTINE PTRANSLATE_ADDRESS_ROUTINE64
853 |
854 | #define StackWalk StackWalk64
855 |
856 | #else
857 |
858 | typedef
859 | BOOL
860 | (__stdcall* PREAD_PROCESS_MEMORY_ROUTINE)(
861 | __in HANDLE hProcess,
862 | __in DWORD lpBaseAddress,
863 | __out_bcount(nSize) PVOID lpBuffer,
864 | __in DWORD nSize,
865 | __out PDWORD lpNumberOfBytesRead
866 | );
867 |
868 | typedef
869 | PVOID
870 | (__stdcall* PFUNCTION_TABLE_ACCESS_ROUTINE)(
871 | __in HANDLE hProcess,
872 | __in DWORD AddrBase
873 | );
874 |
875 | typedef
876 | DWORD
877 | (__stdcall* PGET_MODULE_BASE_ROUTINE)(
878 | __in HANDLE hProcess,
879 | __in DWORD Address
880 | );
881 |
882 | typedef
883 | DWORD
884 | (__stdcall* PTRANSLATE_ADDRESS_ROUTINE)(
885 | __in HANDLE hProcess,
886 | __in HANDLE hThread,
887 | __out LPADDRESS lpaddr
888 | );
889 |
890 | BOOL
891 | IMAGEAPI
892 | StackWalk(
893 | DWORD MachineType,
894 | __in HANDLE hProcess,
895 | __in HANDLE hThread,
896 | __inout LPSTACKFRAME StackFrame,
897 | __inout PVOID ContextRecord,
898 | __in_opt PREAD_PROCESS_MEMORY_ROUTINE ReadMemoryRoutine,
899 | __in_opt PFUNCTION_TABLE_ACCESS_ROUTINE FunctionTableAccessRoutine,
900 | __in_opt PGET_MODULE_BASE_ROUTINE GetModuleBaseRoutine,
901 | __in_opt PTRANSLATE_ADDRESS_ROUTINE TranslateAddress
902 | );
903 |
904 | #endif
905 |
906 |
907 | #define API_VERSION_NUMBER 11
908 |
909 | typedef struct API_VERSION
910 | {
911 | USHORT MajorVersion;
912 | USHORT MinorVersion;
913 | USHORT Revision;
914 | USHORT Reserved;
915 | } API_VERSION, *LPAPI_VERSION;
916 |
917 | LPAPI_VERSION
918 | IMAGEAPI
919 | ImagehlpApiVersion(
920 | VOID
921 | );
922 |
923 | LPAPI_VERSION
924 | IMAGEAPI
925 | ImagehlpApiVersionEx(
926 | __in LPAPI_VERSION AppVersion
927 | );
928 |
929 | DWORD
930 | IMAGEAPI
931 | GetTimestampForLoadedLibrary(
932 | __in HMODULE Module
933 | );
934 |
935 | //
936 | // typedefs for function pointers
937 | //
938 | typedef BOOL
939 | (CALLBACK* PSYM_ENUMMODULES_CALLBACK64)(
940 | __in PCSTR ModuleName,
941 | __in DWORD64 BaseOfDll,
942 | __in_opt PVOID UserContext
943 | );
944 |
945 | typedef BOOL
946 | (CALLBACK* PSYM_ENUMMODULES_CALLBACKW64)(
947 | __in PCWSTR ModuleName,
948 | __in DWORD64 BaseOfDll,
949 | __in_opt PVOID UserContext
950 | );
951 |
952 | typedef BOOL
953 | (CALLBACK* PENUMLOADED_MODULES_CALLBACK64)(
954 | __in PCSTR ModuleName,
955 | __in DWORD64 ModuleBase,
956 | __in ULONG ModuleSize,
957 | __in_opt PVOID UserContext
958 | );
959 |
960 | typedef BOOL
961 | (CALLBACK* PENUMLOADED_MODULES_CALLBACKW64)(
962 | __in PCWSTR ModuleName,
963 | __in DWORD64 ModuleBase,
964 | __in ULONG ModuleSize,
965 | __in_opt PVOID UserContext
966 | );
967 |
968 | typedef BOOL
969 | (CALLBACK* PSYM_ENUMSYMBOLS_CALLBACK64)(
970 | __in PCSTR SymbolName,
971 | __in DWORD64 SymbolAddress,
972 | __in ULONG SymbolSize,
973 | __in_opt PVOID UserContext
974 | );
975 |
976 | typedef BOOL
977 | (CALLBACK* PSYM_ENUMSYMBOLS_CALLBACK64W)(
978 | __in PCWSTR SymbolName,
979 | __in DWORD64 SymbolAddress,
980 | __in ULONG SymbolSize,
981 | __in_opt PVOID UserContext
982 | );
983 |
984 | typedef BOOL
985 | (CALLBACK* PSYMBOL_REGISTERED_CALLBACK64)(
986 | __in HANDLE hProcess,
987 | __in ULONG ActionCode,
988 | __in_opt ULONG64 CallbackData,
989 | __in_opt ULONG64 UserContext
990 | );
991 |
992 | typedef
993 | PVOID
994 | (CALLBACK* PSYMBOL_FUNCENTRY_CALLBACK)(
995 | __in HANDLE hProcess,
996 | __in DWORD AddrBase,
997 | __in_opt PVOID UserContext
998 | );
999 |
1000 | typedef
1001 | PVOID
1002 | (CALLBACK* PSYMBOL_FUNCENTRY_CALLBACK64)(
1003 | __in HANDLE hProcess,
1004 | __in ULONG64 AddrBase,
1005 | __in ULONG64 UserContext
1006 | );
1007 |
1008 | #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
1009 |
1010 | #define PSYM_ENUMMODULES_CALLBACK PSYM_ENUMMODULES_CALLBACK64
1011 | #define PSYM_ENUMSYMBOLS_CALLBACK PSYM_ENUMSYMBOLS_CALLBACK64
1012 | #define PSYM_ENUMSYMBOLS_CALLBACKW PSYM_ENUMSYMBOLS_CALLBACK64W
1013 | #define PENUMLOADED_MODULES_CALLBACK PENUMLOADED_MODULES_CALLBACK64
1014 | #define PSYMBOL_REGISTERED_CALLBACK PSYMBOL_REGISTERED_CALLBACK64
1015 | #define PSYMBOL_FUNCENTRY_CALLBACK PSYMBOL_FUNCENTRY_CALLBACK64
1016 |
1017 | #else
1018 |
1019 | typedef BOOL
1020 | (CALLBACK* PSYM_ENUMMODULES_CALLBACK)(
1021 | __in PCSTR ModuleName,
1022 | __in ULONG BaseOfDll,
1023 | __in_opt PVOID UserContext
1024 | );
1025 |
1026 | typedef BOOL
1027 | (CALLBACK* PSYM_ENUMSYMBOLS_CALLBACK)(
1028 | __in PCSTR SymbolName,
1029 | __in ULONG SymbolAddress,
1030 | __in ULONG SymbolSize,
1031 | __in_opt PVOID UserContext
1032 | );
1033 |
1034 | typedef BOOL
1035 | (CALLBACK* PSYM_ENUMSYMBOLS_CALLBACKW)(
1036 | __in PCWSTR SymbolName,
1037 | __in ULONG SymbolAddress,
1038 | __in ULONG SymbolSize,
1039 | __in_opt PVOID UserContext
1040 | );
1041 |
1042 | typedef BOOL
1043 | (CALLBACK* PENUMLOADED_MODULES_CALLBACK)(
1044 | __in PCSTR ModuleName,
1045 | __in ULONG ModuleBase,
1046 | __in ULONG ModuleSize,
1047 | __in_opt PVOID UserContext
1048 | );
1049 |
1050 | typedef BOOL
1051 | (CALLBACK* PSYMBOL_REGISTERED_CALLBACK)(
1052 | __in HANDLE hProcess,
1053 | __in ULONG ActionCode,
1054 | __in_opt PVOID CallbackData,
1055 | __in_opt PVOID UserContext
1056 | );
1057 |
1058 | #endif
1059 |
1060 |
1061 | // values found in SYMBOL_INFO.Tag
1062 | //
1063 | // This was taken from cvconst.h and should
1064 | // not override any values found there.
1065 | //
1066 | // #define _NO_CVCONST_H_ if you don't
1067 | // have access to that file...
1068 |
1069 | #ifdef _NO_CVCONST_H
1070 |
1071 | // DIA enums
1072 |
1073 | enum SymTagEnum
1074 | {
1075 | SymTagNull,
1076 | SymTagExe,
1077 | SymTagCompiland,
1078 | SymTagCompilandDetails,
1079 | SymTagCompilandEnv,
1080 | SymTagFunction,
1081 | SymTagBlock,
1082 | SymTagData,
1083 | SymTagAnnotation,
1084 | SymTagLabel,
1085 | SymTagPublicSymbol,
1086 | SymTagUDT,
1087 | SymTagEnum,
1088 | SymTagFunctionType,
1089 | SymTagPointerType,
1090 | SymTagArrayType,
1091 | SymTagBaseType,
1092 | SymTagTypedef,
1093 | SymTagBaseClass,
1094 | SymTagFriend,
1095 | SymTagFunctionArgType,
1096 | SymTagFuncDebugStart,
1097 | SymTagFuncDebugEnd,
1098 | SymTagUsingNamespace,
1099 | SymTagVTableShape,
1100 | SymTagVTable,
1101 | SymTagCustom,
1102 | SymTagThunk,
1103 | SymTagCustomType,
1104 | SymTagManagedType,
1105 | SymTagDimension,
1106 | SymTagMax
1107 | };
1108 |
1109 | #endif
1110 |
1111 | //
1112 | // flags found in SYMBOL_INFO.Flags
1113 | //
1114 |
1115 | #define SYMFLAG_VALUEPRESENT 0x00000001
1116 | #define SYMFLAG_REGISTER 0x00000008
1117 | #define SYMFLAG_REGREL 0x00000010
1118 | #define SYMFLAG_FRAMEREL 0x00000020
1119 | #define SYMFLAG_PARAMETER 0x00000040
1120 | #define SYMFLAG_LOCAL 0x00000080
1121 | #define SYMFLAG_CONSTANT 0x00000100
1122 | #define SYMFLAG_EXPORT 0x00000200
1123 | #define SYMFLAG_FORWARDER 0x00000400
1124 | #define SYMFLAG_FUNCTION 0x00000800
1125 | #define SYMFLAG_VIRTUAL 0x00001000
1126 | #define SYMFLAG_THUNK 0x00002000
1127 | #define SYMFLAG_TLSREL 0x00004000
1128 | #define SYMFLAG_SLOT 0x00008000
1129 | #define SYMFLAG_ILREL 0x00010000
1130 | #define SYMFLAG_METADATA 0x00020000
1131 | #define SYMFLAG_CLR_TOKEN 0x00040000
1132 |
1133 | // this resets SymNext/Prev to the beginning
1134 | // of the module passed in the address field
1135 |
1136 | #define SYMFLAG_RESET 0x80000000
1137 |
1138 | //
1139 | // symbol type enumeration
1140 | //
1141 | typedef enum
1142 | {
1143 | SymNone = 0,
1144 | SymCoff,
1145 | SymCv,
1146 | SymPdb,
1147 | SymExport,
1148 | SymDeferred,
1149 | SymSym, // .sym file
1150 | SymDia,
1151 | SymVirtual,
1152 | NumSymTypes
1153 | } SYM_TYPE;
1154 |
1155 | //
1156 | // symbol data structure
1157 | //
1158 |
1159 | typedef struct _IMAGEHLP_SYMBOL64
1160 | {
1161 | DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_SYMBOL64)
1162 | DWORD64 Address; // virtual address including dll base address
1163 | DWORD Size; // estimated size of symbol, can be zero
1164 | DWORD Flags; // info about the symbols, see the SYMF defines
1165 | DWORD MaxNameLength; // maximum size of symbol name in 'Name'
1166 | CHAR Name[1]; // symbol name (null terminated string)
1167 | } IMAGEHLP_SYMBOL64, *PIMAGEHLP_SYMBOL64;
1168 |
1169 | typedef struct _IMAGEHLP_SYMBOL64_PACKAGE
1170 | {
1171 | IMAGEHLP_SYMBOL64 sym;
1172 | CHAR name[MAX_SYM_NAME + 1];
1173 | } IMAGEHLP_SYMBOL64_PACKAGE, *PIMAGEHLP_SYMBOL64_PACKAGE;
1174 |
1175 | typedef struct _IMAGEHLP_SYMBOLW64
1176 | {
1177 | DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_SYMBOLW64)
1178 | DWORD64 Address; // virtual address including dll base address
1179 | DWORD Size; // estimated size of symbol, can be zero
1180 | DWORD Flags; // info about the symbols, see the SYMF defines
1181 | DWORD MaxNameLength; // maximum size of symbol name in 'Name'
1182 | WCHAR Name[1]; // symbol name (null terminated string)
1183 | } IMAGEHLP_SYMBOLW64, *PIMAGEHLP_SYMBOLW64;
1184 |
1185 | typedef struct _IMAGEHLP_SYMBOLW64_PACKAGE
1186 | {
1187 | IMAGEHLP_SYMBOLW64 sym;
1188 | WCHAR name[MAX_SYM_NAME + 1];
1189 | } IMAGEHLP_SYMBOLW64_PACKAGE, *PIMAGEHLP_SYMBOLW64_PACKAGE;
1190 |
1191 | #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
1192 |
1193 | #define IMAGEHLP_SYMBOL IMAGEHLP_SYMBOL64
1194 | #define PIMAGEHLP_SYMBOL PIMAGEHLP_SYMBOL64
1195 | #define IMAGEHLP_SYMBOL_PACKAGE IMAGEHLP_SYMBOL64_PACKAGE
1196 | #define PIMAGEHLP_SYMBOL_PACKAGE PIMAGEHLP_SYMBOL64_PACKAGE
1197 | #define IMAGEHLP_SYMBOLW IMAGEHLP_SYMBOLW64
1198 | #define PIMAGEHLP_SYMBOLW PIMAGEHLP_SYMBOLW64
1199 | #define IMAGEHLP_SYMBOLW_PACKAGE IMAGEHLP_SYMBOLW64_PACKAGE
1200 | #define PIMAGEHLP_SYMBOLW_PACKAGE PIMAGEHLP_SYMBOLW64_PACKAGE
1201 |
1202 | #else
1203 |
1204 | typedef struct _IMAGEHLP_SYMBOL
1205 | {
1206 | DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_SYMBOL)
1207 | DWORD Address; // virtual address including dll base address
1208 | DWORD Size; // estimated size of symbol, can be zero
1209 | DWORD Flags; // info about the symbols, see the SYMF defines
1210 | DWORD MaxNameLength; // maximum size of symbol name in 'Name'
1211 | CHAR Name[1]; // symbol name (null terminated string)
1212 | } IMAGEHLP_SYMBOL, *PIMAGEHLP_SYMBOL;
1213 |
1214 | typedef struct _IMAGEHLP_SYMBOL_PACKAGE
1215 | {
1216 | IMAGEHLP_SYMBOL sym;
1217 | CHAR name[MAX_SYM_NAME + 1];
1218 | } IMAGEHLP_SYMBOL_PACKAGE, *PIMAGEHLP_SYMBOL_PACKAGE;
1219 |
1220 | typedef struct _IMAGEHLP_SYMBOLW
1221 | {
1222 | DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_SYMBOLW)
1223 | DWORD Address; // virtual address including dll base address
1224 | DWORD Size; // estimated size of symbol, can be zero
1225 | DWORD Flags; // info about the symbols, see the SYMF defines
1226 | DWORD MaxNameLength; // maximum size of symbol name in 'Name'
1227 | WCHAR Name[1]; // symbol name (null terminated string)
1228 | } IMAGEHLP_SYMBOLW, *PIMAGEHLP_SYMBOLW;
1229 |
1230 | typedef struct _IMAGEHLP_SYMBOLW_PACKAGE
1231 | {
1232 | IMAGEHLP_SYMBOLW sym;
1233 | WCHAR name[MAX_SYM_NAME + 1];
1234 | } IMAGEHLP_SYMBOLW_PACKAGE, *PIMAGEHLP_SYMBOLW_PACKAGE;
1235 |
1236 | #endif
1237 |
1238 | //
1239 | // module data structure
1240 | //
1241 |
1242 | typedef struct _IMAGEHLP_MODULE64
1243 | {
1244 | DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE64)
1245 | DWORD64 BaseOfImage; // base load address of module
1246 | DWORD ImageSize; // virtual size of the loaded module
1247 | DWORD TimeDateStamp; // date/time stamp from pe header
1248 | DWORD CheckSum; // checksum from the pe header
1249 | DWORD NumSyms; // number of symbols in the symbol table
1250 | SYM_TYPE SymType; // type of symbols loaded
1251 | CHAR ModuleName[32]; // module name
1252 | CHAR ImageName[256]; // image name
1253 | CHAR LoadedImageName[256]; // symbol file name
1254 | // new elements: 07-Jun-2002
1255 | CHAR LoadedPdbName[256]; // pdb file name
1256 | DWORD CVSig; // Signature of the CV record in the debug directories
1257 | CHAR CVData[MAX_PATH * 3]; // Contents of the CV record
1258 | DWORD PdbSig; // Signature of PDB
1259 | GUID PdbSig70; // Signature of PDB (VC 7 and up)
1260 | DWORD PdbAge; // DBI age of pdb
1261 | BOOL PdbUnmatched; // loaded an unmatched pdb
1262 | BOOL DbgUnmatched; // loaded an unmatched dbg
1263 | BOOL LineNumbers; // we have line number information
1264 | BOOL GlobalSymbols; // we have internal symbol information
1265 | BOOL TypeInfo; // we have type information
1266 | // new elements: 17-Dec-2003
1267 | BOOL SourceIndexed; // pdb supports source server
1268 | BOOL Publics; // contains public symbols
1269 | } IMAGEHLP_MODULE64, *PIMAGEHLP_MODULE64;
1270 |
1271 | typedef struct _IMAGEHLP_MODULEW64
1272 | {
1273 | DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE64)
1274 | DWORD64 BaseOfImage; // base load address of module
1275 | DWORD ImageSize; // virtual size of the loaded module
1276 | DWORD TimeDateStamp; // date/time stamp from pe header
1277 | DWORD CheckSum; // checksum from the pe header
1278 | DWORD NumSyms; // number of symbols in the symbol table
1279 | SYM_TYPE SymType; // type of symbols loaded
1280 | WCHAR ModuleName[32]; // module name
1281 | WCHAR ImageName[256]; // image name
1282 | // new elements: 07-Jun-2002
1283 | WCHAR LoadedImageName[256]; // symbol file name
1284 | WCHAR LoadedPdbName[256]; // pdb file name
1285 | DWORD CVSig; // Signature of the CV record in the debug directories
1286 | WCHAR CVData[MAX_PATH * 3]; // Contents of the CV record
1287 | DWORD PdbSig; // Signature of PDB
1288 | GUID PdbSig70; // Signature of PDB (VC 7 and up)
1289 | DWORD PdbAge; // DBI age of pdb
1290 | BOOL PdbUnmatched; // loaded an unmatched pdb
1291 | BOOL DbgUnmatched; // loaded an unmatched dbg
1292 | BOOL LineNumbers; // we have line number information
1293 | BOOL GlobalSymbols; // we have internal symbol information
1294 | BOOL TypeInfo; // we have type information
1295 | // new elements: 17-Dec-2003
1296 | BOOL SourceIndexed; // pdb supports source server
1297 | BOOL Publics; // contains public symbols
1298 | } IMAGEHLP_MODULEW64, *PIMAGEHLP_MODULEW64;
1299 |
1300 | #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
1301 | #define IMAGEHLP_MODULE IMAGEHLP_MODULE64
1302 | #define PIMAGEHLP_MODULE PIMAGEHLP_MODULE64
1303 | #define IMAGEHLP_MODULEW IMAGEHLP_MODULEW64
1304 | #define PIMAGEHLP_MODULEW PIMAGEHLP_MODULEW64
1305 | #else
1306 | typedef struct _IMAGEHLP_MODULE
1307 | {
1308 | DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE)
1309 | DWORD BaseOfImage; // base load address of module
1310 | DWORD ImageSize; // virtual size of the loaded module
1311 | DWORD TimeDateStamp; // date/time stamp from pe header
1312 | DWORD CheckSum; // checksum from the pe header
1313 | DWORD NumSyms; // number of symbols in the symbol table
1314 | SYM_TYPE SymType; // type of symbols loaded
1315 | CHAR ModuleName[32]; // module name
1316 | CHAR ImageName[256]; // image name
1317 | CHAR LoadedImageName[256]; // symbol file name
1318 | } IMAGEHLP_MODULE, *PIMAGEHLP_MODULE;
1319 |
1320 | typedef struct _IMAGEHLP_MODULEW
1321 | {
1322 | DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE)
1323 | DWORD BaseOfImage; // base load address of module
1324 | DWORD ImageSize; // virtual size of the loaded module
1325 | DWORD TimeDateStamp; // date/time stamp from pe header
1326 | DWORD CheckSum; // checksum from the pe header
1327 | DWORD NumSyms; // number of symbols in the symbol table
1328 | SYM_TYPE SymType; // type of symbols loaded
1329 | WCHAR ModuleName[32]; // module name
1330 | WCHAR ImageName[256]; // image name
1331 | WCHAR LoadedImageName[256]; // symbol file name
1332 | } IMAGEHLP_MODULEW, *PIMAGEHLP_MODULEW;
1333 | #endif
1334 |
1335 | //
1336 | // source file line data structure
1337 | //
1338 |
1339 | typedef struct _IMAGEHLP_LINE64
1340 | {
1341 | DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_LINE64)
1342 | PVOID Key; // internal
1343 | DWORD LineNumber; // line number in file
1344 | PCHAR FileName; // full filename
1345 | DWORD64 Address; // first instruction of line
1346 | } IMAGEHLP_LINE64, *PIMAGEHLP_LINE64;
1347 |
1348 | typedef struct _IMAGEHLP_LINEW64
1349 | {
1350 | DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_LINE64)
1351 | PVOID Key; // internal
1352 | DWORD LineNumber; // line number in file
1353 | PWSTR FileName; // full filename
1354 | DWORD64 Address; // first instruction of line
1355 | } IMAGEHLP_LINEW64, *PIMAGEHLP_LINEW64;
1356 |
1357 | #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
1358 | #define IMAGEHLP_LINE IMAGEHLP_LINE64
1359 | #define PIMAGEHLP_LINE PIMAGEHLP_LINE64
1360 | #else
1361 | typedef struct _IMAGEHLP_LINE
1362 | {
1363 | DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_LINE)
1364 | PVOID Key; // internal
1365 | DWORD LineNumber; // line number in file
1366 | PCHAR FileName; // full filename
1367 | DWORD Address; // first instruction of line
1368 | } IMAGEHLP_LINE, *PIMAGEHLP_LINE;
1369 |
1370 | typedef struct _IMAGEHLP_LINEW
1371 | {
1372 | DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_LINE64)
1373 | PVOID Key; // internal
1374 | DWORD LineNumber; // line number in file
1375 | PCHAR FileName; // full filename
1376 | DWORD64 Address; // first instruction of line
1377 | } IMAGEHLP_LINEW, *PIMAGEHLP_LINEW;
1378 | #endif
1379 |
1380 | //
1381 | // source file structure
1382 | //
1383 |
1384 | typedef struct _SOURCEFILE
1385 | {
1386 | DWORD64 ModBase; // base address of loaded module
1387 | PCHAR FileName; // full filename of source
1388 | } SOURCEFILE, *PSOURCEFILE;
1389 |
1390 | typedef struct _SOURCEFILEW
1391 | {
1392 | DWORD64 ModBase; // base address of loaded module
1393 | PWSTR FileName; // full filename of source
1394 | } SOURCEFILEW, *PSOURCEFILEW;
1395 |
1396 | //
1397 | // data structures used for registered symbol callbacks
1398 | //
1399 |
1400 | #define CBA_DEFERRED_SYMBOL_LOAD_START 0x00000001
1401 | #define CBA_DEFERRED_SYMBOL_LOAD_COMPLETE 0x00000002
1402 | #define CBA_DEFERRED_SYMBOL_LOAD_FAILURE 0x00000003
1403 | #define CBA_SYMBOLS_UNLOADED 0x00000004
1404 | #define CBA_DUPLICATE_SYMBOL 0x00000005
1405 | #define CBA_READ_MEMORY 0x00000006
1406 | #define CBA_DEFERRED_SYMBOL_LOAD_CANCEL 0x00000007
1407 | #define CBA_SET_OPTIONS 0x00000008
1408 | #define CBA_EVENT 0x00000010
1409 | #define CBA_DEFERRED_SYMBOL_LOAD_PARTIAL 0x00000020
1410 | #define CBA_DEBUG_INFO 0x10000000
1411 | #define CBA_SRCSRV_INFO 0x20000000
1412 | #define CBA_SRCSRV_EVENT 0x40000000
1413 |
1414 | typedef struct _IMAGEHLP_CBA_READ_MEMORY
1415 | {
1416 | DWORD64 addr; // address to read from
1417 | PVOID buf; // buffer to read to
1418 | DWORD bytes; // amount of bytes to read
1419 | DWORD* bytesread; // pointer to store amount of bytes read
1420 | } IMAGEHLP_CBA_READ_MEMORY, *PIMAGEHLP_CBA_READ_MEMORY;
1421 |
1422 | enum
1423 | {
1424 | sevInfo = 0,
1425 | sevProblem,
1426 | sevAttn,
1427 | sevFatal,
1428 | sevMax // unused
1429 | };
1430 |
1431 | #define EVENT_SRCSPEW_START 100
1432 | #define EVENT_SRCSPEW 100
1433 | #define EVENT_SRCSPEW_END 199
1434 |
1435 | typedef struct _IMAGEHLP_CBA_EVENT
1436 | {
1437 | DWORD severity; // values from sevInfo to sevFatal
1438 | DWORD code; // numerical code IDs the error
1439 | PCHAR desc; // may contain a text description of the error
1440 | PVOID object; // value dependant upon the error code
1441 | } IMAGEHLP_CBA_EVENT, *PIMAGEHLP_CBA_EVENT;
1442 |
1443 | typedef struct _IMAGEHLP_CBA_EVENTW
1444 | {
1445 | DWORD severity; // values from sevInfo to sevFatal
1446 | DWORD code; // numerical code IDs the error
1447 | PCWSTR desc; // may contain a text description of the error
1448 | PVOID object; // value dependant upon the error code
1449 | } IMAGEHLP_CBA_EVENTW, *PIMAGEHLP_CBA_EVENTW;
1450 |
1451 | typedef struct _IMAGEHLP_DEFERRED_SYMBOL_LOAD64
1452 | {
1453 | DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DEFERRED_SYMBOL_LOAD64)
1454 | DWORD64 BaseOfImage; // base load address of module
1455 | DWORD CheckSum; // checksum from the pe header
1456 | DWORD TimeDateStamp; // date/time stamp from pe header
1457 | CHAR FileName[MAX_PATH]; // symbols file or image name
1458 | BOOLEAN Reparse; // load failure reparse
1459 | HANDLE hFile; // file handle, if passed
1460 | DWORD Flags; //
1461 | } IMAGEHLP_DEFERRED_SYMBOL_LOAD64, *PIMAGEHLP_DEFERRED_SYMBOL_LOAD64;
1462 |
1463 | typedef struct _IMAGEHLP_DEFERRED_SYMBOL_LOADW64
1464 | {
1465 | DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DEFERRED_SYMBOL_LOADW64)
1466 | DWORD64 BaseOfImage; // base load address of module
1467 | DWORD CheckSum; // checksum from the pe header
1468 | DWORD TimeDateStamp; // date/time stamp from pe header
1469 | WCHAR FileName[MAX_PATH + 1]; // symbols file or image name
1470 | BOOLEAN Reparse; // load failure reparse
1471 | HANDLE hFile; // file handle, if passed
1472 | DWORD Flags; //
1473 | } IMAGEHLP_DEFERRED_SYMBOL_LOADW64, *PIMAGEHLP_DEFERRED_SYMBOL_LOADW64;
1474 |
1475 | #define DSLFLAG_MISMATCHED_PDB 0x1
1476 | #define DSLFLAG_MISMATCHED_DBG 0x2
1477 |
1478 | #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
1479 | #define IMAGEHLP_DEFERRED_SYMBOL_LOAD IMAGEHLP_DEFERRED_SYMBOL_LOAD64
1480 | #define PIMAGEHLP_DEFERRED_SYMBOL_LOAD PIMAGEHLP_DEFERRED_SYMBOL_LOAD64
1481 | #else
1482 | typedef struct _IMAGEHLP_DEFERRED_SYMBOL_LOAD
1483 | {
1484 | DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DEFERRED_SYMBOL_LOAD)
1485 | DWORD BaseOfImage; // base load address of module
1486 | DWORD CheckSum; // checksum from the pe header
1487 | DWORD TimeDateStamp; // date/time stamp from pe header
1488 | CHAR FileName[MAX_PATH]; // symbols file or image name
1489 | BOOLEAN Reparse; // load failure reparse
1490 | HANDLE hFile; // file handle, if passed
1491 | } IMAGEHLP_DEFERRED_SYMBOL_LOAD, *PIMAGEHLP_DEFERRED_SYMBOL_LOAD;
1492 | #endif
1493 |
1494 | typedef struct _IMAGEHLP_DUPLICATE_SYMBOL64
1495 | {
1496 | DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DUPLICATE_SYMBOL64)
1497 | DWORD NumberOfDups; // number of duplicates in the Symbol array
1498 | PIMAGEHLP_SYMBOL64 Symbol; // array of duplicate symbols
1499 | DWORD SelectedSymbol; // symbol selected (-1 to start)
1500 | } IMAGEHLP_DUPLICATE_SYMBOL64, *PIMAGEHLP_DUPLICATE_SYMBOL64;
1501 |
1502 | #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
1503 | #define IMAGEHLP_DUPLICATE_SYMBOL IMAGEHLP_DUPLICATE_SYMBOL64
1504 | #define PIMAGEHLP_DUPLICATE_SYMBOL PIMAGEHLP_DUPLICATE_SYMBOL64
1505 | #else
1506 | typedef struct _IMAGEHLP_DUPLICATE_SYMBOL
1507 | {
1508 | DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DUPLICATE_SYMBOL)
1509 | DWORD NumberOfDups; // number of duplicates in the Symbol array
1510 | PIMAGEHLP_SYMBOL Symbol; // array of duplicate symbols
1511 | DWORD SelectedSymbol; // symbol selected (-1 to start)
1512 | } IMAGEHLP_DUPLICATE_SYMBOL, *PIMAGEHLP_DUPLICATE_SYMBOL;
1513 | #endif
1514 |
1515 | // If dbghelp ever needs to display graphical UI, it will use this as the parent window.
1516 |
1517 | BOOL
1518 | IMAGEAPI
1519 | SymSetParentWindow(
1520 | __in HWND hwnd
1521 | );
1522 |
1523 | PCHAR
1524 | IMAGEAPI
1525 | SymSetHomeDirectory(
1526 | __in_opt HANDLE hProcess,
1527 | __in_opt PCSTR dir
1528 | );
1529 |
1530 | PWSTR
1531 | IMAGEAPI
1532 | SymSetHomeDirectoryW(
1533 | __in_opt HANDLE hProcess,
1534 | __in_opt PCWSTR dir
1535 | );
1536 |
1537 | PCHAR
1538 | IMAGEAPI
1539 | SymGetHomeDirectory(
1540 | __in DWORD type,
1541 | __out_ecount(size) PSTR dir,
1542 | __in size_t size
1543 | );
1544 |
1545 | PWSTR
1546 | IMAGEAPI
1547 | SymGetHomeDirectoryW(
1548 | __in DWORD type,
1549 | __out_ecount(size) PWSTR dir,
1550 | __in size_t size
1551 | );
1552 |
1553 | enum
1554 | {
1555 | hdBase = 0, // root directory for dbghelp
1556 | hdSym, // where symbols are stored
1557 | hdSrc, // where source is stored
1558 | hdMax // end marker
1559 | };
1560 |
1561 | typedef struct _OMAP
1562 | {
1563 | ULONG rva;
1564 | ULONG rvaTo;
1565 | } OMAP, *POMAP;
1566 |
1567 | BOOL
1568 | IMAGEAPI
1569 | SymGetOmaps(
1570 | __in HANDLE hProcess,
1571 | __in DWORD64 BaseOfDll,
1572 | __out POMAP* OmapTo,
1573 | __out PDWORD64 cOmapTo,
1574 | __out POMAP* OmapFrom,
1575 | __out PDWORD64 cOmapFrom
1576 | );
1577 |
1578 | //
1579 | // options that are set/returned by SymSetOptions() & SymGetOptions()
1580 | // these are used as a mask
1581 | //
1582 | #define SYMOPT_CASE_INSENSITIVE 0x00000001
1583 | #define SYMOPT_UNDNAME 0x00000002
1584 | #define SYMOPT_DEFERRED_LOADS 0x00000004
1585 | #define SYMOPT_NO_CPP 0x00000008
1586 | #define SYMOPT_LOAD_LINES 0x00000010
1587 | #define SYMOPT_OMAP_FIND_NEAREST 0x00000020
1588 | #define SYMOPT_LOAD_ANYTHING 0x00000040
1589 | #define SYMOPT_IGNORE_CVREC 0x00000080
1590 | #define SYMOPT_NO_UNQUALIFIED_LOADS 0x00000100
1591 | #define SYMOPT_FAIL_CRITICAL_ERRORS 0x00000200
1592 | #define SYMOPT_EXACT_SYMBOLS 0x00000400
1593 | #define SYMOPT_ALLOW_ABSOLUTE_SYMBOLS 0x00000800
1594 | #define SYMOPT_IGNORE_NT_SYMPATH 0x00001000
1595 | #define SYMOPT_INCLUDE_32BIT_MODULES 0x00002000
1596 | #define SYMOPT_PUBLICS_ONLY 0x00004000
1597 | #define SYMOPT_NO_PUBLICS 0x00008000
1598 | #define SYMOPT_AUTO_PUBLICS 0x00010000
1599 | #define SYMOPT_NO_IMAGE_SEARCH 0x00020000
1600 | #define SYMOPT_SECURE 0x00040000
1601 | #define SYMOPT_NO_PROMPTS 0x00080000
1602 | #define SYMOPT_OVERWRITE 0x00100000
1603 | #define SYMOPT_IGNORE_IMAGEDIR 0x00200000
1604 | #define SYMOPT_FLAT_DIRECTORY 0x00400000
1605 | #define SYMOPT_FAVOR_COMPRESSED 0x00800000
1606 | #define SYMOPT_ALLOW_ZERO_ADDRESS 0x01000000
1607 | #define SYMOPT_DISABLE_SYMSRV_AUTODETECT 0x02000000
1608 |
1609 | #define SYMOPT_DEBUG 0x80000000
1610 |
1611 | DWORD
1612 | IMAGEAPI
1613 | SymSetOptions(
1614 | __in DWORD SymOptions
1615 | );
1616 |
1617 | DWORD
1618 | IMAGEAPI
1619 | SymGetOptions(
1620 | VOID
1621 | );
1622 |
1623 | BOOL
1624 | IMAGEAPI
1625 | SymCleanup(
1626 | __in HANDLE hProcess
1627 | );
1628 |
1629 | BOOL
1630 | IMAGEAPI
1631 | SymMatchString(
1632 | __in PCSTR string,
1633 | __in PCSTR expression,
1634 | __in BOOL fCase
1635 | );
1636 |
1637 | BOOL
1638 | IMAGEAPI
1639 | SymMatchStringA(
1640 | __in PCSTR string,
1641 | __in PCSTR expression,
1642 | __in BOOL fCase
1643 | );
1644 |
1645 | BOOL
1646 | IMAGEAPI
1647 | SymMatchStringW(
1648 | __in PCWSTR string,
1649 | __in PCWSTR expression,
1650 | __in BOOL fCase
1651 | );
1652 |
1653 | typedef BOOL
1654 | (CALLBACK* PSYM_ENUMSOURCEFILES_CALLBACK)(
1655 | __in PSOURCEFILE pSourceFile,
1656 | __in_opt PVOID UserContext
1657 | );
1658 |
1659 | // for backwards compatibility - don't use this
1660 | #define PSYM_ENUMSOURCFILES_CALLBACK PSYM_ENUMSOURCEFILES_CALLBACK
1661 |
1662 | BOOL
1663 | IMAGEAPI
1664 | SymEnumSourceFiles(
1665 | __in HANDLE hProcess,
1666 | __in ULONG64 ModBase,
1667 | __in_opt PCSTR Mask,
1668 | __in PSYM_ENUMSOURCEFILES_CALLBACK cbSrcFiles,
1669 | __in_opt PVOID UserContext
1670 | );
1671 |
1672 | typedef BOOL
1673 | (CALLBACK* PSYM_ENUMSOURCEFILES_CALLBACKW)(
1674 | __in PSOURCEFILEW pSourceFile,
1675 | __in_opt PVOID UserContext
1676 | );
1677 |
1678 | BOOL
1679 | IMAGEAPI
1680 | SymEnumSourceFilesW(
1681 | __in HANDLE hProcess,
1682 | __in ULONG64 ModBase,
1683 | __in_opt PCWSTR Mask,
1684 | __in PSYM_ENUMSOURCEFILES_CALLBACKW cbSrcFiles,
1685 | __in_opt PVOID UserContext
1686 | );
1687 |
1688 | BOOL
1689 | IMAGEAPI
1690 | SymEnumerateModules64(
1691 | __in HANDLE hProcess,
1692 | __in PSYM_ENUMMODULES_CALLBACK64 EnumModulesCallback,
1693 | __in_opt PVOID UserContext
1694 | );
1695 |
1696 | BOOL
1697 | IMAGEAPI
1698 | SymEnumerateModulesW64(
1699 | __in HANDLE hProcess,
1700 | __in PSYM_ENUMMODULES_CALLBACKW64 EnumModulesCallback,
1701 | __in_opt PVOID UserContext
1702 | );
1703 |
1704 | #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
1705 | #define SymEnumerateModules SymEnumerateModules64
1706 | #else
1707 | BOOL
1708 | IMAGEAPI
1709 | SymEnumerateModules(
1710 | __in HANDLE hProcess,
1711 | __in PSYM_ENUMMODULES_CALLBACK EnumModulesCallback,
1712 | __in_opt PVOID UserContext
1713 | );
1714 | #endif
1715 |
1716 | BOOL
1717 | IMAGEAPI
1718 | EnumerateLoadedModulesEx(
1719 | __in HANDLE hProcess,
1720 | __in PENUMLOADED_MODULES_CALLBACK64 EnumLoadedModulesCallback,
1721 | __in_opt PVOID UserContext
1722 | );
1723 |
1724 | BOOL
1725 | IMAGEAPI
1726 | EnumerateLoadedModulesExW(
1727 | __in HANDLE hProcess,
1728 | __in PENUMLOADED_MODULES_CALLBACKW64 EnumLoadedModulesCallback,
1729 | __in_opt PVOID UserContext
1730 | );
1731 |
1732 | BOOL
1733 | IMAGEAPI
1734 | EnumerateLoadedModules64(
1735 | __in HANDLE hProcess,
1736 | __in PENUMLOADED_MODULES_CALLBACK64 EnumLoadedModulesCallback,
1737 | __in_opt PVOID UserContext
1738 | );
1739 |
1740 | BOOL
1741 | IMAGEAPI
1742 | EnumerateLoadedModulesW64(
1743 | __in HANDLE hProcess,
1744 | __in PENUMLOADED_MODULES_CALLBACKW64 EnumLoadedModulesCallback,
1745 | __in_opt PVOID UserContext
1746 | );
1747 |
1748 | #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
1749 | #define EnumerateLoadedModules EnumerateLoadedModules64
1750 | #else
1751 | BOOL
1752 | IMAGEAPI
1753 | EnumerateLoadedModules(
1754 | __in HANDLE hProcess,
1755 | __in PENUMLOADED_MODULES_CALLBACK EnumLoadedModulesCallback,
1756 | __in_opt PVOID UserContext
1757 | );
1758 | #endif
1759 |
1760 | PVOID
1761 | IMAGEAPI
1762 | SymFunctionTableAccess64(
1763 | __in HANDLE hProcess,
1764 | __in DWORD64 AddrBase
1765 | );
1766 |
1767 | #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
1768 | #define SymFunctionTableAccess SymFunctionTableAccess64
1769 | #else
1770 | PVOID
1771 | IMAGEAPI
1772 | SymFunctionTableAccess(
1773 | __in HANDLE hProcess,
1774 | __in DWORD AddrBase
1775 | );
1776 | #endif
1777 |
1778 | BOOL
1779 | IMAGEAPI
1780 | SymGetUnwindInfo(
1781 | __in HANDLE hProcess,
1782 | __in DWORD64 Address,
1783 | __out_bcount_opt(*Size) PVOID Buffer,
1784 | __inout PULONG Size
1785 | );
1786 |
1787 | BOOL
1788 | IMAGEAPI
1789 | SymGetModuleInfo64(
1790 | __in HANDLE hProcess,
1791 | __in DWORD64 qwAddr,
1792 | __out PIMAGEHLP_MODULE64 ModuleInfo
1793 | );
1794 |
1795 | BOOL
1796 | IMAGEAPI
1797 | SymGetModuleInfoW64(
1798 | __in HANDLE hProcess,
1799 | __in DWORD64 qwAddr,
1800 | __out PIMAGEHLP_MODULEW64 ModuleInfo
1801 | );
1802 |
1803 | #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
1804 | #define SymGetModuleInfo SymGetModuleInfo64
1805 | #define SymGetModuleInfoW SymGetModuleInfoW64
1806 | #else
1807 | BOOL
1808 | IMAGEAPI
1809 | SymGetModuleInfo(
1810 | __in HANDLE hProcess,
1811 | __in DWORD dwAddr,
1812 | __out PIMAGEHLP_MODULE ModuleInfo
1813 | );
1814 |
1815 | BOOL
1816 | IMAGEAPI
1817 | SymGetModuleInfoW(
1818 | __in HANDLE hProcess,
1819 | __in DWORD dwAddr,
1820 | __out PIMAGEHLP_MODULEW ModuleInfo
1821 | );
1822 | #endif
1823 |
1824 | DWORD64
1825 | IMAGEAPI
1826 | SymGetModuleBase64(
1827 | __in HANDLE hProcess,
1828 | __in DWORD64 qwAddr
1829 | );
1830 |
1831 | #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
1832 | #define SymGetModuleBase SymGetModuleBase64
1833 | #else
1834 | DWORD
1835 | IMAGEAPI
1836 | SymGetModuleBase(
1837 | __in HANDLE hProcess,
1838 | __in DWORD dwAddr
1839 | );
1840 | #endif
1841 |
1842 | typedef struct _SRCCODEINFO
1843 | {
1844 | DWORD SizeOfStruct; // set to sizeof(SRCCODEINFO)
1845 | PVOID Key; // not used
1846 | DWORD64 ModBase; // base address of module this applies to
1847 | CHAR Obj[MAX_PATH + 1]; // the object file within the module
1848 | CHAR FileName[MAX_PATH + 1]; // full filename
1849 | DWORD LineNumber; // line number in file
1850 | DWORD64 Address; // first instruction of line
1851 | } SRCCODEINFO, *PSRCCODEINFO;
1852 |
1853 | typedef struct _SRCCODEINFOW
1854 | {
1855 | DWORD SizeOfStruct; // set to sizeof(SRCCODEINFO)
1856 | PVOID Key; // not used
1857 | DWORD64 ModBase; // base address of module this applies to
1858 | WCHAR Obj[MAX_PATH + 1]; // the object file within the module
1859 | WCHAR FileName[MAX_PATH + 1]; // full filename
1860 | DWORD LineNumber; // line number in file
1861 | DWORD64 Address; // first instruction of line
1862 | } SRCCODEINFOW, *PSRCCODEINFOW;
1863 |
1864 | typedef BOOL
1865 | (CALLBACK* PSYM_ENUMLINES_CALLBACK)(
1866 | __in PSRCCODEINFO LineInfo,
1867 | __in_opt PVOID UserContext
1868 | );
1869 |
1870 | BOOL
1871 | IMAGEAPI
1872 | SymEnumLines(
1873 | __in HANDLE hProcess,
1874 | __in ULONG64 Base,
1875 | __in_opt PCSTR Obj,
1876 | __in_opt PCSTR File,
1877 | __in PSYM_ENUMLINES_CALLBACK EnumLinesCallback,
1878 | __in_opt PVOID UserContext
1879 | );
1880 |
1881 | typedef BOOL
1882 | (CALLBACK* PSYM_ENUMLINES_CALLBACKW)(
1883 | __in PSRCCODEINFOW LineInfo,
1884 | __in_opt PVOID UserContext
1885 | );
1886 |
1887 | BOOL
1888 | IMAGEAPI
1889 | SymEnumLinesW(
1890 | __in HANDLE hProcess,
1891 | __in ULONG64 Base,
1892 | __in_opt PCWSTR Obj,
1893 | __in_opt PCWSTR File,
1894 | __in PSYM_ENUMLINES_CALLBACKW EnumLinesCallback,
1895 | __in_opt PVOID UserContext
1896 | );
1897 |
1898 | BOOL
1899 | IMAGEAPI
1900 | SymGetLineFromAddr64(
1901 | __in HANDLE hProcess,
1902 | __in DWORD64 qwAddr,
1903 | __out PDWORD pdwDisplacement,
1904 | __out PIMAGEHLP_LINE64 Line64
1905 | );
1906 |
1907 | BOOL
1908 | IMAGEAPI
1909 | SymGetLineFromAddrW64(
1910 | __in HANDLE hProcess,
1911 | __in DWORD64 dwAddr,
1912 | __out PDWORD pdwDisplacement,
1913 | __out PIMAGEHLP_LINEW64 Line
1914 | );
1915 |
1916 | BOOL
1917 | IMAGEAPI
1918 | SymEnumSourceLines(
1919 | __in HANDLE hProcess,
1920 | __in ULONG64 Base,
1921 | __in_opt PCSTR Obj,
1922 | __in_opt PCSTR File,
1923 | __in_opt DWORD Line,
1924 | __in DWORD Flags,
1925 | __in PSYM_ENUMLINES_CALLBACK EnumLinesCallback,
1926 | __in_opt PVOID UserContext
1927 | );
1928 |
1929 | BOOL
1930 | IMAGEAPI
1931 | SymEnumSourceLinesW(
1932 | __in HANDLE hProcess,
1933 | __in ULONG64 Base,
1934 | __in_opt PCWSTR Obj,
1935 | __in_opt PCWSTR File,
1936 | __in_opt DWORD Line,
1937 | __in DWORD Flags,
1938 | __in PSYM_ENUMLINES_CALLBACKW EnumLinesCallback,
1939 | __in_opt PVOID UserContext
1940 | );
1941 |
1942 | // flags for SymEnumSourceLines
1943 |
1944 | #define ESLFLAG_FULLPATH 0x1
1945 | #define ESLFLAG_NEAREST 0x2
1946 | #define ESLFLAG_PREV 0x4
1947 | #define ESLFLAG_NEXT 0x8
1948 |
1949 | #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
1950 | #define SymGetLineFromAddr SymGetLineFromAddr64
1951 | #define SymGetLineFromAddrW SymGetLineFromAddrW64
1952 | #else
1953 | BOOL
1954 | IMAGEAPI
1955 | SymGetLineFromAddr(
1956 | __in HANDLE hProcess,
1957 | __in DWORD dwAddr,
1958 | __out PDWORD pdwDisplacement,
1959 | __out PIMAGEHLP_LINE Line
1960 | );
1961 |
1962 | BOOL
1963 | IMAGEAPI
1964 | SymGetLineFromAddrW(
1965 | __in HANDLE hProcess,
1966 | __in DWORD dwAddr,
1967 | __out PDWORD pdwDisplacement,
1968 | __out PIMAGEHLP_LINEW Line
1969 | );
1970 | #endif
1971 |
1972 | BOOL
1973 | IMAGEAPI
1974 | SymGetLineFromName64(
1975 | __in HANDLE hProcess,
1976 | __in_opt PCSTR ModuleName,
1977 | __in_opt PCSTR FileName,
1978 | __in DWORD dwLineNumber,
1979 | __out PLONG plDisplacement,
1980 | __inout PIMAGEHLP_LINE64 Line
1981 | );
1982 |
1983 | BOOL
1984 | IMAGEAPI
1985 | SymGetLineFromNameW64(
1986 | __in HANDLE hProcess,
1987 | __in_opt PCWSTR ModuleName,
1988 | __in_opt PCWSTR FileName,
1989 | __in DWORD dwLineNumber,
1990 | __out PLONG plDisplacement,
1991 | __inout PIMAGEHLP_LINEW64 Line
1992 | );
1993 |
1994 | #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
1995 | #define SymGetLineFromName SymGetLineFromName64
1996 | #else
1997 | BOOL
1998 | IMAGEAPI
1999 | SymGetLineFromName(
2000 | __in HANDLE hProcess,
2001 | __in_opt PCSTR ModuleName,
2002 | __in_opt PCSTR FileName,
2003 | __in DWORD dwLineNumber,
2004 | __out PLONG plDisplacement,
2005 | __inout PIMAGEHLP_LINE Line
2006 | );
2007 | #endif
2008 |
2009 | BOOL
2010 | IMAGEAPI
2011 | SymGetLineNext64(
2012 | __in HANDLE hProcess,
2013 | __inout PIMAGEHLP_LINE64 Line
2014 | );
2015 |
2016 | BOOL
2017 | IMAGEAPI
2018 | SymGetLineNextW64(
2019 | __in HANDLE hProcess,
2020 | __inout PIMAGEHLP_LINEW64 Line
2021 | );
2022 |
2023 | #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
2024 | #define SymGetLineNext SymGetLineNext64
2025 | #else
2026 | BOOL
2027 | IMAGEAPI
2028 | SymGetLineNext(
2029 | __in HANDLE hProcess,
2030 | __inout PIMAGEHLP_LINE Line
2031 | );
2032 |
2033 | BOOL
2034 | IMAGEAPI
2035 | SymGetLineNextW(
2036 | __in HANDLE hProcess,
2037 | __inout PIMAGEHLP_LINEW Line
2038 | );
2039 | #endif
2040 |
2041 | BOOL
2042 | IMAGEAPI
2043 | SymGetLinePrev64(
2044 | __in HANDLE hProcess,
2045 | __inout PIMAGEHLP_LINE64 Line
2046 | );
2047 |
2048 | BOOL
2049 | IMAGEAPI
2050 | SymGetLinePrevW64(
2051 | __in HANDLE hProcess,
2052 | __inout PIMAGEHLP_LINEW64 Line
2053 | );
2054 |
2055 | #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
2056 | #define SymGetLinePrev SymGetLinePrev64
2057 | #else
2058 | BOOL
2059 | IMAGEAPI
2060 | SymGetLinePrev(
2061 | __in HANDLE hProcess,
2062 | __inout PIMAGEHLP_LINE Line
2063 | );
2064 |
2065 | BOOL
2066 | IMAGEAPI
2067 | SymGetLinePrevW(
2068 | __in HANDLE hProcess,
2069 | __inout PIMAGEHLP_LINEW Line
2070 | );
2071 | #endif
2072 |
2073 | ULONG
2074 | IMAGEAPI
2075 | SymGetFileLineOffsets64(
2076 | __in HANDLE hProcess,
2077 | __in_opt PCSTR ModuleName,
2078 | __in PCSTR FileName,
2079 | __out_ecount(BufferLines) PDWORD64 Buffer,
2080 | __in ULONG BufferLines
2081 | );
2082 |
2083 | BOOL
2084 | IMAGEAPI
2085 | SymMatchFileName(
2086 | __in PCSTR FileName,
2087 | __in PCSTR Match,
2088 | __deref_opt_out PSTR* FileNameStop,
2089 | __deref_opt_out PSTR* MatchStop
2090 | );
2091 |
2092 | BOOL
2093 | IMAGEAPI
2094 | SymMatchFileNameW(
2095 | __in PCWSTR FileName,
2096 | __in PCWSTR Match,
2097 | __deref_opt_out PWSTR* FileNameStop,
2098 | __deref_opt_out PWSTR* MatchStop
2099 | );
2100 |
2101 | BOOL
2102 | IMAGEAPI
2103 | SymGetSourceFile(
2104 | __in HANDLE hProcess,
2105 | __in ULONG64 Base,
2106 | __in_opt PCSTR Params,
2107 | __in PCSTR FileSpec,
2108 | __out_ecount(Size) PSTR FilePath,
2109 | __in DWORD Size
2110 | );
2111 |
2112 | BOOL
2113 | IMAGEAPI
2114 | SymGetSourceFileW(
2115 | __in HANDLE hProcess,
2116 | __in ULONG64 Base,
2117 | __in_opt PCWSTR Params,
2118 | __in PCWSTR FileSpec,
2119 | __out_ecount(Size) PWSTR FilePath,
2120 | __in DWORD Size
2121 | );
2122 |
2123 | BOOL
2124 | IMAGEAPI
2125 | SymGetSourceFileToken(
2126 | __in HANDLE hProcess,
2127 | __in ULONG64 Base,
2128 | __in PCSTR FileSpec,
2129 | __deref_out PVOID* Token,
2130 | __out DWORD* Size
2131 | );
2132 |
2133 | BOOL
2134 | IMAGEAPI
2135 | SymGetSourceFileTokenW(
2136 | __in HANDLE hProcess,
2137 | __in ULONG64 Base,
2138 | __in PCWSTR FileSpec,
2139 | __deref_out PVOID* Token,
2140 | __out DWORD* Size
2141 | );
2142 |
2143 | BOOL
2144 | IMAGEAPI
2145 | SymGetSourceFileFromToken(
2146 | __in HANDLE hProcess,
2147 | __in PVOID Token,
2148 | __in_opt PCSTR Params,
2149 | __out_ecount(Size) PSTR FilePath,
2150 | __in DWORD Size
2151 | );
2152 |
2153 | BOOL
2154 | IMAGEAPI
2155 | SymGetSourceFileFromTokenW(
2156 | __in HANDLE hProcess,
2157 | __in PVOID Token,
2158 | __in_opt PCWSTR Params,
2159 | __out_ecount(Size) PWSTR FilePath,
2160 | __in DWORD Size
2161 | );
2162 |
2163 | BOOL
2164 | IMAGEAPI
2165 | SymGetSourceVarFromToken(
2166 | __in HANDLE hProcess,
2167 | __in PVOID Token,
2168 | __in_opt PCSTR Params,
2169 | __in PCSTR VarName,
2170 | __out_ecount(Size) PSTR Value,
2171 | __in DWORD Size
2172 | );
2173 |
2174 | BOOL
2175 | IMAGEAPI
2176 | SymGetSourceVarFromTokenW(
2177 | __in HANDLE hProcess,
2178 | __in PVOID Token,
2179 | __in_opt PCWSTR Params,
2180 | __in PCWSTR VarName,
2181 | __out_ecount(Size) PWSTR Value,
2182 | __in DWORD Size
2183 | );
2184 |
2185 | typedef BOOL (CALLBACK* PENUMSOURCEFILETOKENSCALLBACK)(__in PVOID token, __in size_t size);
2186 |
2187 | BOOL
2188 | IMAGEAPI
2189 | SymEnumSourceFileTokens(
2190 | __in HANDLE hProcess,
2191 | __in ULONG64 Base,
2192 | __in PENUMSOURCEFILETOKENSCALLBACK Callback
2193 | );
2194 |
2195 | BOOL
2196 | IMAGEAPI
2197 | SymInitialize(
2198 | __in HANDLE hProcess,
2199 | __in_opt PCSTR UserSearchPath,
2200 | __in BOOL fInvadeProcess
2201 | );
2202 |
2203 | BOOL
2204 | IMAGEAPI
2205 | SymInitializeW(
2206 | __in HANDLE hProcess,
2207 | __in_opt PCWSTR UserSearchPath,
2208 | __in BOOL fInvadeProcess
2209 | );
2210 |
2211 | BOOL
2212 | IMAGEAPI
2213 | SymGetSearchPath(
2214 | __in HANDLE hProcess,
2215 | __out_ecount(SearchPathLength) PSTR SearchPath,
2216 | __in DWORD SearchPathLength
2217 | );
2218 |
2219 | BOOL
2220 | IMAGEAPI
2221 | SymGetSearchPathW(
2222 | __in HANDLE hProcess,
2223 | __out_ecount(SearchPathLength) PWSTR SearchPath,
2224 | __in DWORD SearchPathLength
2225 | );
2226 |
2227 | BOOL
2228 | IMAGEAPI
2229 | SymSetSearchPath(
2230 | __in HANDLE hProcess,
2231 | __in_opt PCSTR SearchPath
2232 | );
2233 |
2234 | BOOL
2235 | IMAGEAPI
2236 | SymSetSearchPathW(
2237 | __in HANDLE hProcess,
2238 | __in_opt PCWSTR SearchPath
2239 | );
2240 |
2241 | #define SLMFLAG_VIRTUAL 0x1
2242 | #define SLMFLAG_ALT_INDEX 0x2
2243 | #define SLMFLAG_NO_SYMBOLS 0x4
2244 |
2245 | DWORD64
2246 | IMAGEAPI
2247 | SymLoadModuleEx(
2248 | __in HANDLE hProcess,
2249 | __in_opt HANDLE hFile,
2250 | __in_opt PCSTR ImageName,
2251 | __in_opt PCSTR ModuleName,
2252 | __in DWORD64 BaseOfDll,
2253 | __in DWORD DllSize,
2254 | __in_opt PMODLOAD_DATA Data,
2255 | __in_opt DWORD Flags
2256 | );
2257 |
2258 | DWORD64
2259 | IMAGEAPI
2260 | SymLoadModuleExW(
2261 | __in HANDLE hProcess,
2262 | __in_opt HANDLE hFile,
2263 | __in_opt PCWSTR ImageName,
2264 | __in_opt PCWSTR ModuleName,
2265 | __in DWORD64 BaseOfDll,
2266 | __in DWORD DllSize,
2267 | __in_opt PMODLOAD_DATA Data,
2268 | __in_opt DWORD Flags
2269 | );
2270 |
2271 | BOOL
2272 | IMAGEAPI
2273 | SymUnloadModule64(
2274 | __in HANDLE hProcess,
2275 | __in DWORD64 BaseOfDll
2276 | );
2277 |
2278 | #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
2279 | #define SymUnloadModule SymUnloadModule64
2280 | #else
2281 | BOOL
2282 | IMAGEAPI
2283 | SymUnloadModule(
2284 | __in HANDLE hProcess,
2285 | __in DWORD BaseOfDll
2286 | );
2287 | #endif
2288 |
2289 | BOOL
2290 | IMAGEAPI
2291 | SymUnDName64(
2292 | __in PIMAGEHLP_SYMBOL64 sym, // Symbol to undecorate
2293 | __out_ecount(UnDecNameLength) PSTR UnDecName, // Buffer to store undecorated name in
2294 | __in DWORD UnDecNameLength // Size of the buffer
2295 | );
2296 |
2297 | #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
2298 | #define SymUnDName SymUnDName64
2299 | #else
2300 | BOOL
2301 | IMAGEAPI
2302 | SymUnDName(
2303 | __in PIMAGEHLP_SYMBOL sym, // Symbol to undecorate
2304 | __out_ecount(UnDecNameLength) PSTR UnDecName, // Buffer to store undecorated name in
2305 | __in DWORD UnDecNameLength // Size of the buffer
2306 | );
2307 | #endif
2308 |
2309 | BOOL
2310 | IMAGEAPI
2311 | SymRegisterCallback64(
2312 | __in HANDLE hProcess,
2313 | __in PSYMBOL_REGISTERED_CALLBACK64 CallbackFunction,
2314 | __in ULONG64 UserContext
2315 | );
2316 |
2317 | BOOL
2318 | IMAGEAPI
2319 | SymRegisterCallbackW64(
2320 | __in HANDLE hProcess,
2321 | __in PSYMBOL_REGISTERED_CALLBACK64 CallbackFunction,
2322 | __in ULONG64 UserContext
2323 | );
2324 |
2325 | BOOL
2326 | IMAGEAPI
2327 | SymRegisterFunctionEntryCallback64(
2328 | __in HANDLE hProcess,
2329 | __in PSYMBOL_FUNCENTRY_CALLBACK64 CallbackFunction,
2330 | __in ULONG64 UserContext
2331 | );
2332 |
2333 | #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
2334 | #define SymRegisterCallback SymRegisterCallback64
2335 | #define SymRegisterFunctionEntryCallback SymRegisterFunctionEntryCallback64
2336 | #else
2337 | BOOL
2338 | IMAGEAPI
2339 | SymRegisterCallback(
2340 | __in HANDLE hProcess,
2341 | __in PSYMBOL_REGISTERED_CALLBACK CallbackFunction,
2342 | __in_opt PVOID UserContext
2343 | );
2344 |
2345 | BOOL
2346 | IMAGEAPI
2347 | SymRegisterFunctionEntryCallback(
2348 | __in HANDLE hProcess,
2349 | __in PSYMBOL_FUNCENTRY_CALLBACK CallbackFunction,
2350 | __in_opt PVOID UserContext
2351 | );
2352 | #endif
2353 |
2354 |
2355 | typedef struct _IMAGEHLP_SYMBOL_SRC
2356 | {
2357 | DWORD sizeofstruct;
2358 | DWORD type;
2359 | char file[MAX_PATH];
2360 | } IMAGEHLP_SYMBOL_SRC, *PIMAGEHLP_SYMBOL_SRC;
2361 |
2362 | typedef struct _MODULE_TYPE_INFO // AKA TYPTYP
2363 | {
2364 | USHORT dataLength;
2365 | USHORT leaf;
2366 | BYTE data[1];
2367 | } MODULE_TYPE_INFO, *PMODULE_TYPE_INFO;
2368 |
2369 | typedef struct _SYMBOL_INFO
2370 | {
2371 | ULONG SizeOfStruct;
2372 | ULONG TypeIndex; // Type Index of symbol
2373 | ULONG64 Reserved[2];
2374 | ULONG Index;
2375 | ULONG Size;
2376 | ULONG64 ModBase; // Base Address of module comtaining this symbol
2377 | ULONG Flags;
2378 | ULONG64 Value; // Value of symbol, ValuePresent should be 1
2379 | ULONG64 Address; // Address of symbol including base address of module
2380 | ULONG Register; // register holding value or pointer to value
2381 | ULONG Scope; // scope of the symbol
2382 | ULONG Tag; // pdb classification
2383 | ULONG NameLen; // Actual length of name
2384 | ULONG MaxNameLen;
2385 | CHAR Name[1]; // Name of symbol
2386 | } SYMBOL_INFO, *PSYMBOL_INFO;
2387 |
2388 | typedef struct _SYMBOL_INFO_PACKAGE
2389 | {
2390 | SYMBOL_INFO si;
2391 | CHAR name[MAX_SYM_NAME + 1];
2392 | } SYMBOL_INFO_PACKAGE, *PSYMBOL_INFO_PACKAGE;
2393 |
2394 | typedef struct _SYMBOL_INFOW
2395 | {
2396 | ULONG SizeOfStruct;
2397 | ULONG TypeIndex; // Type Index of symbol
2398 | ULONG64 Reserved[2];
2399 | ULONG Index;
2400 | ULONG Size;
2401 | ULONG64 ModBase; // Base Address of module comtaining this symbol
2402 | ULONG Flags;
2403 | ULONG64 Value; // Value of symbol, ValuePresent should be 1
2404 | ULONG64 Address; // Address of symbol including base address of module
2405 | ULONG Register; // register holding value or pointer to value
2406 | ULONG Scope; // scope of the symbol
2407 | ULONG Tag; // pdb classification
2408 | ULONG NameLen; // Actual length of name
2409 | ULONG MaxNameLen;
2410 | WCHAR Name[1]; // Name of symbol
2411 | } SYMBOL_INFOW, *PSYMBOL_INFOW;
2412 |
2413 | typedef struct _SYMBOL_INFO_PACKAGEW
2414 | {
2415 | SYMBOL_INFOW si;
2416 | WCHAR name[MAX_SYM_NAME + 1];
2417 | } SYMBOL_INFO_PACKAGEW, *PSYMBOL_INFO_PACKAGEW;
2418 |
2419 | typedef struct _IMAGEHLP_STACK_FRAME
2420 | {
2421 | ULONG64 InstructionOffset;
2422 | ULONG64 ReturnOffset;
2423 | ULONG64 FrameOffset;
2424 | ULONG64 StackOffset;
2425 | ULONG64 BackingStoreOffset;
2426 | ULONG64 FuncTableEntry;
2427 | ULONG64 Params[4];
2428 | ULONG64 Reserved[5];
2429 | BOOL Virtual;
2430 | ULONG Reserved2;
2431 | } IMAGEHLP_STACK_FRAME, *PIMAGEHLP_STACK_FRAME;
2432 |
2433 | typedef VOID IMAGEHLP_CONTEXT, *PIMAGEHLP_CONTEXT;
2434 |
2435 |
2436 | BOOL
2437 | IMAGEAPI
2438 | SymSetContext(
2439 | __in HANDLE hProcess,
2440 | __in PIMAGEHLP_STACK_FRAME StackFrame,
2441 | __in_opt PIMAGEHLP_CONTEXT Context
2442 | );
2443 |
2444 | BOOL
2445 | IMAGEAPI
2446 | SymSetScopeFromAddr(
2447 | __in HANDLE hProcess,
2448 | __in ULONG64 Address
2449 | );
2450 |
2451 | BOOL
2452 | IMAGEAPI
2453 | SymSetScopeFromIndex(
2454 | __in HANDLE hProcess,
2455 | __in ULONG64 BaseOfDll,
2456 | __in DWORD Index
2457 | );
2458 |
2459 | typedef BOOL
2460 | (CALLBACK* PSYM_ENUMPROCESSES_CALLBACK)(
2461 | __in HANDLE hProcess,
2462 | __in PVOID UserContext
2463 | );
2464 |
2465 | BOOL
2466 | IMAGEAPI
2467 | SymEnumProcesses(
2468 | __in PSYM_ENUMPROCESSES_CALLBACK EnumProcessesCallback,
2469 | __in PVOID UserContext
2470 | );
2471 |
2472 | BOOL
2473 | IMAGEAPI
2474 | SymFromAddr(
2475 | __in HANDLE hProcess,
2476 | __in DWORD64 Address,
2477 | __out_opt PDWORD64 Displacement,
2478 | __inout PSYMBOL_INFO Symbol
2479 | );
2480 |
2481 | BOOL
2482 | IMAGEAPI
2483 | SymFromAddrW(
2484 | __in HANDLE hProcess,
2485 | __in DWORD64 Address,
2486 | __out_opt PDWORD64 Displacement,
2487 | __inout PSYMBOL_INFOW Symbol
2488 | );
2489 |
2490 | BOOL
2491 | IMAGEAPI
2492 | SymFromToken(
2493 | __in HANDLE hProcess,
2494 | __in DWORD64 Base,
2495 | __in DWORD Token,
2496 | __inout PSYMBOL_INFO Symbol
2497 | );
2498 |
2499 | BOOL
2500 | IMAGEAPI
2501 | SymFromTokenW(
2502 | __in HANDLE hProcess,
2503 | __in DWORD64 Base,
2504 | __in DWORD Token,
2505 | __inout PSYMBOL_INFOW Symbol
2506 | );
2507 |
2508 | BOOL
2509 | IMAGEAPI
2510 | SymNext(
2511 | __in HANDLE hProcess,
2512 | __inout PSYMBOL_INFO si
2513 | );
2514 |
2515 | BOOL
2516 | IMAGEAPI
2517 | SymNextW(
2518 | __in HANDLE hProcess,
2519 | __inout PSYMBOL_INFOW siw
2520 | );
2521 |
2522 | BOOL
2523 | IMAGEAPI
2524 | SymPrev(
2525 | __in HANDLE hProcess,
2526 | __inout PSYMBOL_INFO si
2527 | );
2528 |
2529 | BOOL
2530 | IMAGEAPI
2531 | SymPrevW(
2532 | __in HANDLE hProcess,
2533 | __inout PSYMBOL_INFOW siw
2534 | );
2535 |
2536 | // While SymFromName will provide a symbol from a name,
2537 | // SymEnumSymbols can provide the same matching information
2538 | // for ALL symbols with a matching name, even regular
2539 | // expressions. That way you can search across modules
2540 | // and differentiate between identically named symbols.
2541 |
2542 | BOOL
2543 | IMAGEAPI
2544 | SymFromName(
2545 | __in HANDLE hProcess,
2546 | __in PCSTR Name,
2547 | __inout PSYMBOL_INFO Symbol
2548 | );
2549 |
2550 | BOOL
2551 | IMAGEAPI
2552 | SymFromNameW(
2553 | __in HANDLE hProcess,
2554 | __in PCWSTR Name,
2555 | __inout PSYMBOL_INFOW Symbol
2556 | );
2557 |
2558 | typedef BOOL
2559 | (CALLBACK* PSYM_ENUMERATESYMBOLS_CALLBACK)(
2560 | __in PSYMBOL_INFO pSymInfo,
2561 | __in ULONG SymbolSize,
2562 | __in_opt PVOID UserContext
2563 | );
2564 |
2565 | BOOL
2566 | IMAGEAPI
2567 | SymEnumSymbols(
2568 | __in HANDLE hProcess,
2569 | __in ULONG64 BaseOfDll,
2570 | __in_opt PCSTR Mask,
2571 | __in PSYM_ENUMERATESYMBOLS_CALLBACK EnumSymbolsCallback,
2572 | __in_opt PVOID UserContext
2573 | );
2574 |
2575 | typedef BOOL
2576 | (CALLBACK* PSYM_ENUMERATESYMBOLS_CALLBACKW)(
2577 | __in PSYMBOL_INFOW pSymInfo,
2578 | __in ULONG SymbolSize,
2579 | __in_opt PVOID UserContext
2580 | );
2581 |
2582 | BOOL
2583 | IMAGEAPI
2584 | SymEnumSymbolsW(
2585 | __in HANDLE hProcess,
2586 | __in ULONG64 BaseOfDll,
2587 | __in_opt PCWSTR Mask,
2588 | __in PSYM_ENUMERATESYMBOLS_CALLBACKW EnumSymbolsCallback,
2589 | __in_opt PVOID UserContext
2590 | );
2591 |
2592 | BOOL
2593 | IMAGEAPI
2594 | SymEnumSymbolsForAddr(
2595 | __in HANDLE hProcess,
2596 | __in DWORD64 Address,
2597 | __in PSYM_ENUMERATESYMBOLS_CALLBACK EnumSymbolsCallback,
2598 | __in_opt PVOID UserContext
2599 | );
2600 |
2601 | BOOL
2602 | IMAGEAPI
2603 | SymEnumSymbolsForAddrW(
2604 | __in HANDLE hProcess,
2605 | __in DWORD64 Address,
2606 | __in PSYM_ENUMERATESYMBOLS_CALLBACKW EnumSymbolsCallback,
2607 | __in_opt PVOID UserContext
2608 | );
2609 |
2610 | #define SYMSEARCH_MASKOBJS 0x01 // used internally to implement other APIs
2611 | #define SYMSEARCH_RECURSE 0X02 // recurse scopes
2612 | #define SYMSEARCH_GLOBALSONLY 0X04 // search only for global symbols
2613 | #define SYMSEARCH_ALLITEMS 0X08 // search for everything in the pdb, not just normal scoped symbols
2614 |
2615 | BOOL
2616 | IMAGEAPI
2617 | SymSearch(
2618 | __in HANDLE hProcess,
2619 | __in ULONG64 BaseOfDll,
2620 | __in_opt DWORD Index,
2621 | __in_opt DWORD SymTag,
2622 | __in_opt PCSTR Mask,
2623 | __in_opt DWORD64 Address,
2624 | __in PSYM_ENUMERATESYMBOLS_CALLBACK EnumSymbolsCallback,
2625 | __in_opt PVOID UserContext,
2626 | __in DWORD Options
2627 | );
2628 |
2629 | BOOL
2630 | IMAGEAPI
2631 | SymSearchW(
2632 | __in HANDLE hProcess,
2633 | __in ULONG64 BaseOfDll,
2634 | __in_opt DWORD Index,
2635 | __in_opt DWORD SymTag,
2636 | __in_opt PCWSTR Mask,
2637 | __in_opt DWORD64 Address,
2638 | __in PSYM_ENUMERATESYMBOLS_CALLBACKW EnumSymbolsCallback,
2639 | __in_opt PVOID UserContext,
2640 | __in DWORD Options
2641 | );
2642 |
2643 | BOOL
2644 | IMAGEAPI
2645 | SymGetScope(
2646 | __in HANDLE hProcess,
2647 | __in ULONG64 BaseOfDll,
2648 | __in DWORD Index,
2649 | __inout PSYMBOL_INFO Symbol
2650 | );
2651 |
2652 | BOOL
2653 | IMAGEAPI
2654 | SymGetScopeW(
2655 | __in HANDLE hProcess,
2656 | __in ULONG64 BaseOfDll,
2657 | __in DWORD Index,
2658 | __inout PSYMBOL_INFOW Symbol
2659 | );
2660 |
2661 | BOOL
2662 | IMAGEAPI
2663 | SymFromIndex(
2664 | __in HANDLE hProcess,
2665 | __in ULONG64 BaseOfDll,
2666 | __in DWORD Index,
2667 | __inout PSYMBOL_INFO Symbol
2668 | );
2669 |
2670 | BOOL
2671 | IMAGEAPI
2672 | SymFromIndexW(
2673 | __in HANDLE hProcess,
2674 | __in ULONG64 BaseOfDll,
2675 | __in DWORD Index,
2676 | __inout PSYMBOL_INFOW Symbol
2677 | );
2678 |
2679 | typedef enum _IMAGEHLP_SYMBOL_TYPE_INFO
2680 | {
2681 | TI_GET_SYMTAG,
2682 | TI_GET_SYMNAME,
2683 | TI_GET_LENGTH,
2684 | TI_GET_TYPE,
2685 | TI_GET_TYPEID,
2686 | TI_GET_BASETYPE,
2687 | TI_GET_ARRAYINDEXTYPEID,
2688 | TI_FINDCHILDREN,
2689 | TI_GET_DATAKIND,
2690 | TI_GET_ADDRESSOFFSET,
2691 | TI_GET_OFFSET,
2692 | TI_GET_VALUE,
2693 | TI_GET_COUNT,
2694 | TI_GET_CHILDRENCOUNT,
2695 | TI_GET_BITPOSITION,
2696 | TI_GET_VIRTUALBASECLASS,
2697 | TI_GET_VIRTUALTABLESHAPEID,
2698 | TI_GET_VIRTUALBASEPOINTEROFFSET,
2699 | TI_GET_CLASSPARENTID,
2700 | TI_GET_NESTED,
2701 | TI_GET_SYMINDEX,
2702 | TI_GET_LEXICALPARENT,
2703 | TI_GET_ADDRESS,
2704 | TI_GET_THISADJUST,
2705 | TI_GET_UDTKIND,
2706 | TI_IS_EQUIV_TO,
2707 | TI_GET_CALLING_CONVENTION,
2708 | TI_IS_CLOSE_EQUIV_TO,
2709 | TI_GTIEX_REQS_VALID,
2710 | TI_GET_VIRTUALBASEOFFSET,
2711 | TI_GET_VIRTUALBASEDISPINDEX,
2712 | TI_GET_IS_REFERENCE,
2713 | TI_GET_INDIRECTVIRTUALBASECLASS,
2714 | IMAGEHLP_SYMBOL_TYPE_INFO_MAX,
2715 | } IMAGEHLP_SYMBOL_TYPE_INFO;
2716 |
2717 | typedef struct _TI_FINDCHILDREN_PARAMS
2718 | {
2719 | ULONG Count;
2720 | ULONG Start;
2721 | ULONG ChildId[1];
2722 | } TI_FINDCHILDREN_PARAMS;
2723 |
2724 | BOOL
2725 | IMAGEAPI
2726 | SymGetTypeInfo(
2727 | __in HANDLE hProcess,
2728 | __in DWORD64 ModBase,
2729 | __in ULONG TypeId,
2730 | __in IMAGEHLP_SYMBOL_TYPE_INFO GetType,
2731 | __out PVOID pInfo
2732 | );
2733 |
2734 | #define IMAGEHLP_GET_TYPE_INFO_UNCACHED 0x00000001
2735 | #define IMAGEHLP_GET_TYPE_INFO_CHILDREN 0x00000002
2736 |
2737 | typedef struct _IMAGEHLP_GET_TYPE_INFO_PARAMS
2738 | {
2739 | IN ULONG SizeOfStruct;
2740 | IN ULONG Flags;
2741 | IN ULONG NumIds;
2742 | IN PULONG TypeIds;
2743 | IN ULONG64 TagFilter;
2744 | IN ULONG NumReqs;
2745 | IN IMAGEHLP_SYMBOL_TYPE_INFO* ReqKinds;
2746 | IN PULONG_PTR ReqOffsets;
2747 | IN PULONG ReqSizes;
2748 | IN ULONG_PTR ReqStride;
2749 | IN ULONG_PTR BufferSize;
2750 | OUT PVOID Buffer;
2751 | OUT ULONG EntriesMatched;
2752 | OUT ULONG EntriesFilled;
2753 | OUT ULONG64 TagsFound;
2754 | OUT ULONG64 AllReqsValid;
2755 | IN ULONG NumReqsValid;
2756 | OUT PULONG64 ReqsValid OPTIONAL;
2757 | } IMAGEHLP_GET_TYPE_INFO_PARAMS, *PIMAGEHLP_GET_TYPE_INFO_PARAMS;
2758 |
2759 | BOOL
2760 | IMAGEAPI
2761 | SymGetTypeInfoEx(
2762 | __in HANDLE hProcess,
2763 | __in DWORD64 ModBase,
2764 | __inout PIMAGEHLP_GET_TYPE_INFO_PARAMS Params
2765 | );
2766 |
2767 | BOOL
2768 | IMAGEAPI
2769 | SymEnumTypes(
2770 | __in HANDLE hProcess,
2771 | __in ULONG64 BaseOfDll,
2772 | __in PSYM_ENUMERATESYMBOLS_CALLBACK EnumSymbolsCallback,
2773 | __in_opt PVOID UserContext
2774 | );
2775 |
2776 | BOOL
2777 | IMAGEAPI
2778 | SymEnumTypesW(
2779 | __in HANDLE hProcess,
2780 | __in ULONG64 BaseOfDll,
2781 | __in PSYM_ENUMERATESYMBOLS_CALLBACKW EnumSymbolsCallback,
2782 | __in_opt PVOID UserContext
2783 | );
2784 |
2785 | BOOL
2786 | IMAGEAPI
2787 | SymEnumTypesByName(
2788 | __in HANDLE hProcess,
2789 | __in ULONG64 BaseOfDll,
2790 | __in_opt PCSTR mask,
2791 | __in PSYM_ENUMERATESYMBOLS_CALLBACK EnumSymbolsCallback,
2792 | __in_opt PVOID UserContext
2793 | );
2794 |
2795 | BOOL
2796 | IMAGEAPI
2797 | SymEnumTypesByNameW(
2798 | __in HANDLE hProcess,
2799 | __in ULONG64 BaseOfDll,
2800 | __in_opt PCWSTR mask,
2801 | __in PSYM_ENUMERATESYMBOLS_CALLBACKW EnumSymbolsCallback,
2802 | __in_opt PVOID UserContext
2803 | );
2804 |
2805 | BOOL
2806 | IMAGEAPI
2807 | SymGetTypeFromName(
2808 | __in HANDLE hProcess,
2809 | __in ULONG64 BaseOfDll,
2810 | __in PCSTR Name,
2811 | __inout PSYMBOL_INFO Symbol
2812 | );
2813 |
2814 | BOOL
2815 | IMAGEAPI
2816 | SymGetTypeFromNameW(
2817 | __in HANDLE hProcess,
2818 | __in ULONG64 BaseOfDll,
2819 | __in PCWSTR Name,
2820 | __inout PSYMBOL_INFOW Symbol
2821 | );
2822 |
2823 | BOOL
2824 | IMAGEAPI
2825 | SymAddSymbol(
2826 | __in HANDLE hProcess,
2827 | __in ULONG64 BaseOfDll,
2828 | __in PCSTR Name,
2829 | __in DWORD64 Address,
2830 | __in DWORD Size,
2831 | __in DWORD Flags
2832 | );
2833 |
2834 | BOOL
2835 | IMAGEAPI
2836 | SymAddSymbolW(
2837 | __in HANDLE hProcess,
2838 | __in ULONG64 BaseOfDll,
2839 | __in PCWSTR Name,
2840 | __in DWORD64 Address,
2841 | __in DWORD Size,
2842 | __in DWORD Flags
2843 | );
2844 |
2845 | BOOL
2846 | IMAGEAPI
2847 | SymDeleteSymbol(
2848 | __in HANDLE hProcess,
2849 | __in ULONG64 BaseOfDll,
2850 | __in_opt PCSTR Name,
2851 | __in DWORD64 Address,
2852 | __in DWORD Flags
2853 | );
2854 |
2855 | BOOL
2856 | IMAGEAPI
2857 | SymDeleteSymbolW(
2858 | __in HANDLE hProcess,
2859 | __in ULONG64 BaseOfDll,
2860 | __in_opt PCWSTR Name,
2861 | __in DWORD64 Address,
2862 | __in DWORD Flags
2863 | );
2864 |
2865 | BOOL
2866 | IMAGEAPI
2867 | SymRefreshModuleList(
2868 | __in HANDLE hProcess
2869 | );
2870 |
2871 | BOOL
2872 | IMAGEAPI
2873 | SymAddSourceStream(
2874 | __in HANDLE hProcess,
2875 | __in ULONG64 Base,
2876 | __in_opt PCSTR StreamFile,
2877 | __in_bcount_opt(Size) PBYTE Buffer,
2878 | __in size_t Size
2879 | );
2880 |
2881 | typedef BOOL (WINAPI* SYMADDSOURCESTREAM)(HANDLE, ULONG64, PCSTR, PBYTE, size_t);
2882 |
2883 | BOOL
2884 | IMAGEAPI
2885 | SymAddSourceStreamA(
2886 | __in HANDLE hProcess,
2887 | __in ULONG64 Base,
2888 | __in_opt PCSTR StreamFile,
2889 | __in_bcount_opt(Size) PBYTE Buffer,
2890 | __in size_t Size
2891 | );
2892 |
2893 | typedef BOOL (WINAPI* SYMADDSOURCESTREAMA)(HANDLE, ULONG64, PCSTR, PBYTE, size_t);
2894 |
2895 | BOOL
2896 | IMAGEAPI
2897 | SymAddSourceStreamW(
2898 | __in HANDLE hProcess,
2899 | __in ULONG64 Base,
2900 | __in_opt PCWSTR FileSpec,
2901 | __in_bcount_opt(Size) PBYTE Buffer,
2902 | __in size_t Size
2903 | );
2904 |
2905 | BOOL
2906 | IMAGEAPI
2907 | SymSrvIsStoreW(
2908 | __in_opt HANDLE hProcess,
2909 | __in PCWSTR path
2910 | );
2911 |
2912 | BOOL
2913 | IMAGEAPI
2914 | SymSrvIsStore(
2915 | __in_opt HANDLE hProcess,
2916 | __in PCSTR path
2917 | );
2918 |
2919 | PCSTR
2920 | IMAGEAPI
2921 | SymSrvDeltaName(
2922 | __in HANDLE hProcess,
2923 | __in_opt PCSTR SymPath,
2924 | __in PCSTR Type,
2925 | __in PCSTR File1,
2926 | __in PCSTR File2
2927 | );
2928 |
2929 | PCWSTR
2930 | IMAGEAPI
2931 | SymSrvDeltaNameW(
2932 | __in HANDLE hProcess,
2933 | __in_opt PCWSTR SymPath,
2934 | __in PCWSTR Type,
2935 | __in PCWSTR File1,
2936 | __in PCWSTR File2
2937 | );
2938 |
2939 | PCSTR
2940 | IMAGEAPI
2941 | SymSrvGetSupplement(
2942 | __in HANDLE hProcess,
2943 | __in_opt PCSTR SymPath,
2944 | __in PCSTR Node,
2945 | __in PCSTR File
2946 | );
2947 |
2948 | PCWSTR
2949 | IMAGEAPI
2950 | SymSrvGetSupplementW(
2951 | __in HANDLE hProcess,
2952 | __in_opt PCWSTR SymPath,
2953 | __in PCWSTR Node,
2954 | __in PCWSTR File
2955 | );
2956 |
2957 | BOOL
2958 | IMAGEAPI
2959 | SymSrvGetFileIndexes(
2960 | __in PCSTR File,
2961 | __out GUID* Id,
2962 | __out PDWORD Val1,
2963 | __out_opt PDWORD Val2,
2964 | __in DWORD Flags
2965 | );
2966 |
2967 | BOOL
2968 | IMAGEAPI
2969 | SymSrvGetFileIndexesW(
2970 | __in PCWSTR File,
2971 | __out GUID* Id,
2972 | __out PDWORD Val1,
2973 | __out_opt PDWORD Val2,
2974 | __in DWORD Flags
2975 | );
2976 |
2977 | BOOL
2978 | IMAGEAPI
2979 | SymSrvGetFileIndexStringW(
2980 | __in HANDLE hProcess,
2981 | __in_opt PCWSTR SrvPath,
2982 | __in PCWSTR File,
2983 | __out_ecount(Size) PWSTR Index,
2984 | __in size_t Size,
2985 | __in DWORD Flags
2986 | );
2987 |
2988 | BOOL
2989 | IMAGEAPI
2990 | SymSrvGetFileIndexString(
2991 | __in HANDLE hProcess,
2992 | __in_opt PCSTR SrvPath,
2993 | __in PCSTR File,
2994 | __out_ecount(Size) PSTR Index,
2995 | __in size_t Size,
2996 | __in DWORD Flags
2997 | );
2998 |
2999 | typedef struct
3000 | {
3001 | DWORD sizeofstruct;
3002 | char file[MAX_PATH + 1];
3003 | BOOL stripped;
3004 | DWORD timestamp;
3005 | DWORD size;
3006 | char dbgfile[MAX_PATH + 1];
3007 | char pdbfile[MAX_PATH + 1];
3008 | GUID guid;
3009 | DWORD sig;
3010 | DWORD age;
3011 | } SYMSRV_INDEX_INFO, *PSYMSRV_INDEX_INFO;
3012 |
3013 | typedef struct
3014 | {
3015 | DWORD sizeofstruct;
3016 | WCHAR file[MAX_PATH + 1];
3017 | BOOL stripped;
3018 | DWORD timestamp;
3019 | DWORD size;
3020 | WCHAR dbgfile[MAX_PATH + 1];
3021 | WCHAR pdbfile[MAX_PATH + 1];
3022 | GUID guid;
3023 | DWORD sig;
3024 | DWORD age;
3025 | } SYMSRV_INDEX_INFOW, *PSYMSRV_INDEX_INFOW;
3026 |
3027 | BOOL
3028 | IMAGEAPI
3029 | SymSrvGetFileIndexInfo(
3030 | __in PCSTR File,
3031 | __out PSYMSRV_INDEX_INFO Info,
3032 | __in DWORD Flags
3033 | );
3034 |
3035 | BOOL
3036 | IMAGEAPI
3037 | SymSrvGetFileIndexInfoW(
3038 | __in PCWSTR File,
3039 | __out PSYMSRV_INDEX_INFOW Info,
3040 | __in DWORD Flags
3041 | );
3042 |
3043 | PCSTR
3044 | IMAGEAPI
3045 | SymSrvStoreSupplement(
3046 | __in HANDLE hProcess,
3047 | __in_opt PCSTR SrvPath,
3048 | __in PCSTR Node,
3049 | __in PCSTR File,
3050 | __in DWORD Flags
3051 | );
3052 |
3053 | PCWSTR
3054 | IMAGEAPI
3055 | SymSrvStoreSupplementW(
3056 | __in HANDLE hProcess,
3057 | __in_opt PCWSTR SymPath,
3058 | __in PCWSTR Node,
3059 | __in PCWSTR File,
3060 | __in DWORD Flags
3061 | );
3062 |
3063 | PCSTR
3064 | IMAGEAPI
3065 | SymSrvStoreFile(
3066 | __in HANDLE hProcess,
3067 | __in_opt PCSTR SrvPath,
3068 | __in PCSTR File,
3069 | __in DWORD Flags
3070 | );
3071 |
3072 | PCWSTR
3073 | IMAGEAPI
3074 | SymSrvStoreFileW(
3075 | __in HANDLE hProcess,
3076 | __in_opt PCWSTR SrvPath,
3077 | __in PCWSTR File,
3078 | __in DWORD Flags
3079 | );
3080 |
3081 | // used by SymGetSymbolFile's "Type" parameter
3082 |
3083 | enum
3084 | {
3085 | sfImage = 0,
3086 | sfDbg,
3087 | sfPdb,
3088 | sfMpd,
3089 | sfMax
3090 | };
3091 |
3092 | BOOL
3093 | IMAGEAPI
3094 | SymGetSymbolFile(
3095 | __in_opt HANDLE hProcess,
3096 | __in_opt PCSTR SymPath,
3097 | __in PCSTR ImageFile,
3098 | __in DWORD Type,
3099 | __out_ecount(cSymbolFile) PSTR SymbolFile,
3100 | __in size_t cSymbolFile,
3101 | __out_ecount(cDbgFile) PSTR DbgFile,
3102 | __in size_t cDbgFile
3103 | );
3104 |
3105 | BOOL
3106 | IMAGEAPI
3107 | SymGetSymbolFileW(
3108 | __in_opt HANDLE hProcess,
3109 | __in_opt PCWSTR SymPath,
3110 | __in PCWSTR ImageFile,
3111 | __in DWORD Type,
3112 | __out_ecount(cSymbolFile) PWSTR SymbolFile,
3113 | __in size_t cSymbolFile,
3114 | __out_ecount(cDbgFile) PWSTR DbgFile,
3115 | __in size_t cDbgFile
3116 | );
3117 |
3118 | //
3119 | // Full user-mode dump creation.
3120 | //
3121 |
3122 | typedef BOOL (WINAPI* PDBGHELP_CREATE_USER_DUMP_CALLBACK)(
3123 | __in DWORD DataType,
3124 | __in PVOID* Data,
3125 | __out LPDWORD DataLength,
3126 | __in_opt PVOID UserData
3127 | );
3128 |
3129 | BOOL
3130 | WINAPI
3131 | DbgHelpCreateUserDump(
3132 | __in_opt LPCSTR FileName,
3133 | __in PDBGHELP_CREATE_USER_DUMP_CALLBACK Callback,
3134 | __in_opt PVOID UserData
3135 | );
3136 |
3137 | BOOL
3138 | WINAPI
3139 | DbgHelpCreateUserDumpW(
3140 | __in_opt LPCWSTR FileName,
3141 | __in PDBGHELP_CREATE_USER_DUMP_CALLBACK Callback,
3142 | __in_opt PVOID UserData
3143 | );
3144 |
3145 | // -----------------------------------------------------------------
3146 | // The following 4 legacy APIs are fully supported, but newer
3147 | // ones are recommended. SymFromName and SymFromAddr provide
3148 | // much more detailed info on the returned symbol.
3149 |
3150 | BOOL
3151 | IMAGEAPI
3152 | SymGetSymFromAddr64(
3153 | __in HANDLE hProcess,
3154 | __in DWORD64 qwAddr,
3155 | __out_opt PDWORD64 pdwDisplacement,
3156 | __inout PIMAGEHLP_SYMBOL64 Symbol
3157 | );
3158 |
3159 |
3160 | #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
3161 | #define SymGetSymFromAddr SymGetSymFromAddr64
3162 | #else
3163 | BOOL
3164 | IMAGEAPI
3165 | SymGetSymFromAddr(
3166 | __in HANDLE hProcess,
3167 | __in DWORD dwAddr,
3168 | __out_opt PDWORD pdwDisplacement,
3169 | __inout PIMAGEHLP_SYMBOL Symbol
3170 | );
3171 | #endif
3172 |
3173 | // While following two APIs will provide a symbol from a name,
3174 | // SymEnumSymbols can provide the same matching information
3175 | // for ALL symbols with a matching name, even regular
3176 | // expressions. That way you can search across modules
3177 | // and differentiate between identically named symbols.
3178 |
3179 | BOOL
3180 | IMAGEAPI
3181 | SymGetSymFromName64(
3182 | __in HANDLE hProcess,
3183 | __in PCSTR Name,
3184 | __inout PIMAGEHLP_SYMBOL64 Symbol
3185 | );
3186 |
3187 | #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
3188 | #define SymGetSymFromName SymGetSymFromName64
3189 | #else
3190 | BOOL
3191 | IMAGEAPI
3192 | SymGetSymFromName(
3193 | __in HANDLE hProcess,
3194 | __in PCSTR Name,
3195 | __inout PIMAGEHLP_SYMBOL Symbol
3196 | );
3197 | #endif
3198 |
3199 |
3200 | // Symbol server exports
3201 |
3202 | typedef BOOL (WINAPI* PSYMBOLSERVERPROC)(PCSTR, PCSTR, PVOID, DWORD, DWORD, PSTR);
3203 | typedef BOOL (WINAPI* PSYMBOLSERVERPROCA)(PCSTR, PCSTR, PVOID, DWORD, DWORD, PSTR);
3204 | typedef BOOL (WINAPI* PSYMBOLSERVERPROCW)(PCWSTR, PCWSTR, PVOID, DWORD, DWORD, PWSTR);
3205 | typedef BOOL (WINAPI* PSYMBOLSERVERBYINDEXPROC)(PCSTR, PCSTR, PCSTR, PSTR);
3206 | typedef BOOL (WINAPI* PSYMBOLSERVERBYINDEXPROCA)(PCSTR, PCSTR, PCSTR, PSTR);
3207 | typedef BOOL (WINAPI* PSYMBOLSERVERBYINDEXPROCW)(PCWSTR, PCWSTR, PCWSTR, PWSTR);
3208 | typedef BOOL (WINAPI* PSYMBOLSERVEROPENPROC)(VOID);
3209 | typedef BOOL (WINAPI* PSYMBOLSERVERCLOSEPROC)(VOID);
3210 | typedef BOOL (WINAPI* PSYMBOLSERVERSETOPTIONSPROC)(UINT_PTR, ULONG64);
3211 | typedef BOOL (WINAPI* PSYMBOLSERVERSETOPTIONSWPROC)(UINT_PTR, ULONG64);
3212 | typedef BOOL (CALLBACK WINAPI* PSYMBOLSERVERCALLBACKPROC)(UINT_PTR action, ULONG64 data, ULONG64 context);
3213 | typedef UINT_PTR(WINAPI* PSYMBOLSERVERGETOPTIONSPROC)();
3214 | typedef BOOL (WINAPI* PSYMBOLSERVERPINGPROC)(PCSTR);
3215 | typedef BOOL (WINAPI* PSYMBOLSERVERPINGPROCA)(PCSTR);
3216 | typedef BOOL (WINAPI* PSYMBOLSERVERPINGPROCW)(PCWSTR);
3217 | typedef BOOL (WINAPI* PSYMBOLSERVERGETVERSION)(LPAPI_VERSION);
3218 | typedef BOOL (WINAPI* PSYMBOLSERVERDELTANAME)(PCSTR, PVOID, DWORD, DWORD, PVOID, DWORD, DWORD, PSTR, size_t);
3219 | typedef BOOL (WINAPI* PSYMBOLSERVERDELTANAMEW)(PCWSTR, PVOID, DWORD, DWORD, PVOID, DWORD, DWORD, PWSTR, size_t);
3220 | typedef BOOL (WINAPI* PSYMBOLSERVERGETSUPPLEMENT)(PCSTR, PCSTR, PCSTR, PSTR, size_t);
3221 | typedef BOOL (WINAPI* PSYMBOLSERVERGETSUPPLEMENTW)(PCWSTR, PCWSTR, PCWSTR, PWSTR, size_t);
3222 | typedef BOOL (WINAPI* PSYMBOLSERVERSTORESUPPLEMENT)(PCSTR, PCSTR, PCSTR, PSTR, size_t, DWORD);
3223 | typedef BOOL (WINAPI* PSYMBOLSERVERSTORESUPPLEMENTW)(PCWSTR, PCWSTR, PCWSTR, PWSTR, size_t, DWORD);
3224 | typedef BOOL (WINAPI* PSYMBOLSERVERGETINDEXSTRING)(PVOID, DWORD, DWORD, PSTR, size_t);
3225 | typedef BOOL (WINAPI* PSYMBOLSERVERGETINDEXSTRINGW)(PVOID, DWORD, DWORD, PWSTR, size_t);
3226 | typedef BOOL (WINAPI* PSYMBOLSERVERSTOREFILE)(PCSTR, PCSTR, PVOID, DWORD, DWORD, PSTR, size_t, DWORD);
3227 | typedef BOOL (WINAPI* PSYMBOLSERVERSTOREFILEW)(PCWSTR, PCWSTR, PVOID, DWORD, DWORD, PWSTR, size_t, DWORD);
3228 | typedef BOOL (WINAPI* PSYMBOLSERVERISSTORE)(PCSTR);
3229 | typedef BOOL (WINAPI* PSYMBOLSERVERISSTOREW)(PCWSTR);
3230 | typedef DWORD (WINAPI* PSYMBOLSERVERVERSION)();
3231 | typedef BOOL (CALLBACK WINAPI* PSYMBOLSERVERMESSAGEPROC)(UINT_PTR action, ULONG64 data, ULONG64 context);
3232 |
3233 | #define SYMSRV_VERSION 2
3234 |
3235 | #define SSRVOPT_CALLBACK 0x00000001
3236 | #define SSRVOPT_DWORD 0x00000002
3237 | #define SSRVOPT_DWORDPTR 0x00000004
3238 | #define SSRVOPT_GUIDPTR 0x00000008
3239 | #define SSRVOPT_OLDGUIDPTR 0x00000010
3240 | #define SSRVOPT_UNATTENDED 0x00000020
3241 | #define SSRVOPT_NOCOPY 0x00000040
3242 | #define SSRVOPT_GETPATH 0x00000040
3243 | #define SSRVOPT_PARENTWIN 0x00000080
3244 | #define SSRVOPT_PARAMTYPE 0x00000100
3245 | #define SSRVOPT_SECURE 0x00000200
3246 | #define SSRVOPT_TRACE 0x00000400
3247 | #define SSRVOPT_SETCONTEXT 0x00000800
3248 | #define SSRVOPT_PROXY 0x00001000
3249 | #define SSRVOPT_DOWNSTREAM_STORE 0x00002000
3250 | #define SSRVOPT_OVERWRITE 0x00004000
3251 | #define SSRVOPT_RESETTOU 0x00008000
3252 | #define SSRVOPT_CALLBACKW 0x00010000
3253 | #define SSRVOPT_FLAT_DEFAULT_STORE 0x00020000
3254 | #define SSRVOPT_PROXYW 0x00040000
3255 | #define SSRVOPT_MESSAGE 0x00080000
3256 | #define SSRVOPT_SERVICE 0x00100000 // deprecated
3257 | #define SSRVOPT_FAVOR_COMPRESSED 0x00200000
3258 | #define SSRVOPT_STRING 0x00400000
3259 | #define SSRVOPT_WINHTTP 0x00800000
3260 | #define SSRVOPT_WININET 0x01000000
3261 |
3262 | #define SSRVOPT_MAX 0x0100000
3263 |
3264 | #define SSRVOPT_RESET ((ULONG_PTR)-1)
3265 |
3266 |
3267 | #define NUM_SSRVOPTS 30
3268 |
3269 | #define SSRVACTION_TRACE 1
3270 | #define SSRVACTION_QUERYCANCEL 2
3271 | #define SSRVACTION_EVENT 3
3272 | #define SSRVACTION_EVENTW 4
3273 | #define SSRVACTION_SIZE 5
3274 |
3275 | #define SYMSTOREOPT_COMPRESS 0x01
3276 | #define SYMSTOREOPT_OVERWRITE 0x02
3277 | #define SYMSTOREOPT_RETURNINDEX 0x04
3278 | #define SYMSTOREOPT_POINTER 0x08
3279 | #define SYMSTOREOPT_ALT_INDEX 0x10
3280 | #define SYMSTOREOPT_UNICODE 0x20
3281 | #define SYMSTOREOPT_PASS_IF_EXISTS 0x40
3282 |
3283 | #ifdef DBGHELP_TRANSLATE_TCHAR
3284 | #define SymInitialize SymInitializeW
3285 | #define SymAddSymbol SymAddSymbolW
3286 | #define SymDeleteSymbol SymDeleteSymbolW
3287 | #define SearchTreeForFile SearchTreeForFileW
3288 | #define UnDecorateSymbolName UnDecorateSymbolNameW
3289 | #define SymGetLineFromName64 SymGetLineFromNameW64
3290 | #define SymGetLineFromAddr64 SymGetLineFromAddrW64
3291 | #define SymGetLineNext64 SymGetLineNextW64
3292 | #define SymGetLinePrev64 SymGetLinePrevW64
3293 | #define SymFromName SymFromNameW
3294 | #define SymFindExecutableImage SymFindExecutableImageW
3295 | #define FindExecutableImageEx FindExecutableImageExW
3296 | #define SymSearch SymSearchW
3297 | #define SymEnumLines SymEnumLinesW
3298 | #define SymEnumSourceLines SymEnumSourceLinesW
3299 | #define SymGetTypeFromName SymGetTypeFromNameW
3300 | #define SymEnumSymbolsForAddr SymEnumSymbolsForAddrW
3301 | #define SymFromAddr SymFromAddrW
3302 | #define SymMatchString SymMatchStringW
3303 | #define SymEnumSourceFiles SymEnumSourceFilesW
3304 | #define SymEnumSymbols SymEnumSymbolsW
3305 | #define SymLoadModuleEx SymLoadModuleExW
3306 | #define SymSetSearchPath SymSetSearchPathW
3307 | #define SymGetSearchPath SymGetSearchPathW
3308 | #define EnumDirTree EnumDirTreeW
3309 | #define SymFromToken SymFromTokenW
3310 | #define SymFromIndex SymFromIndexW
3311 | #define SymGetScope SymGetScopeW
3312 | #define SymNext SymNextW
3313 | #define SymPrev SymPrevW
3314 | #define SymEnumTypes SymEnumTypesW
3315 | #define SymEnumTypesByName SymEnumTypesByNameW
3316 | #define SymRegisterCallback64 SymRegisterCallbackW64
3317 | #define SymFindDebugInfoFile SymFindDebugInfoFileW
3318 | #define FindDebugInfoFileEx FindDebugInfoFileExW
3319 | #define SymFindFileInPath SymFindFileInPathW
3320 | #define SymEnumerateModules64 SymEnumerateModulesW64
3321 | #define SymSetHomeDirectory SymSetHomeDirectoryW
3322 | #define SymGetHomeDirectory SymGetHomeDirectoryW
3323 | #define SymGetSourceFile SymGetSourceFileW
3324 | #define SymGetSourceFileToken SymGetSourceFileTokenW
3325 | #define SymGetSourceFileFromToken SymGetSourceFileFromTokenW
3326 | #define SymGetSourceVarFromToken SymGetSourceVarFromTokenW
3327 | #define SymGetSourceFileToken SymGetSourceFileTokenW
3328 | #define SymGetFileLineOffsets64 SymGetFileLineOffsetsW64
3329 | #define SymFindFileInPath SymFindFileInPathW
3330 | #define SymMatchFileName SymMatchFileNameW
3331 | #define SymGetSourceFileFromToken SymGetSourceFileFromTokenW
3332 | #define SymGetSourceVarFromToken SymGetSourceVarFromTokenW
3333 | #define SymGetModuleInfo64 SymGetModuleInfoW64
3334 | #define SymSrvIsStore SymSrvIsStoreW
3335 | #define SymSrvDeltaName SymSrvDeltaNameW
3336 | #define SymSrvGetSupplement SymSrvGetSupplementW
3337 | #define SymSrvStoreSupplement SymSrvStoreSupplementW
3338 | #define SymSrvGetFileIndexes SymSrvGetFileIndexes
3339 | #define SymSrvGetFileIndexString SymSrvGetFileIndexStringW
3340 | #define SymSrvStoreFile SymSrvStoreFileW
3341 | #define SymGetSymbolFile SymGetSymbolFileW
3342 | #define EnumerateLoadedModules64 EnumerateLoadedModulesW64
3343 | #define EnumerateLoadedModulesEx EnumerateLoadedModulesExW
3344 | #define SymSrvGetFileIndexInfo SymSrvGetFileIndexInfoW
3345 |
3346 | #define IMAGEHLP_LINE64 IMAGEHLP_LINEW64
3347 | #define PIMAGEHLP_LINE64 PIMAGEHLP_LINEW64
3348 | #define SYMBOL_INFO SYMBOL_INFOW
3349 | #define PSYMBOL_INFO PSYMBOL_INFOW
3350 | #define SYMBOL_INFO_PACKAGE SYMBOL_INFO_PACKAGEW
3351 | #define PSYMBOL_INFO_PACKAGE PSYMBOL_INFO_PACKAGEW
3352 | #define FIND_EXE_FILE_CALLBACK FIND_EXE_FILE_CALLBACKW
3353 | #define PFIND_EXE_FILE_CALLBACK PFIND_EXE_FILE_CALLBACKW
3354 | #define SYM_ENUMERATESYMBOLS_CALLBACK SYM_ENUMERATESYMBOLS_CALLBACKW
3355 | #define PSYM_ENUMERATESYMBOLS_CALLBACK PSYM_ENUMERATESYMBOLS_CALLBACKW
3356 | #define SRCCODEINFO SRCCODEINFOW
3357 | #define PSRCCODEINFO PSRCCODEINFOW
3358 | #define SOURCEFILE SOURCEFILEW
3359 | #define PSOURCEFILE PSOURCEFILEW
3360 | #define SYM_ENUMSOURECFILES_CALLBACK SYM_ENUMSOURCEFILES_CALLBACKW
3361 | #define PSYM_ENUMSOURCEFILES_CALLBACK PSYM_ENUMSOURECFILES_CALLBACKW
3362 | #define IMAGEHLP_CBA_EVENT IMAGEHLP_CBA_EVENTW
3363 | #define PIMAGEHLP_CBA_EVENT PIMAGEHLP_CBA_EVENTW
3364 | #define PENUMDIRTREE_CALLBACK PENUMDIRTREE_CALLBACKW
3365 | #define IMAGEHLP_DEFERRED_SYMBOL_LOAD64 IMAGEHLP_DEFERRED_SYMBOL_LOADW64
3366 | #define PIMAGEHLP_DEFERRED_SYMBOL_LOAD64 PIMAGEHLP_DEFERRED_SYMBOL_LOADW64
3367 | #define PFIND_DEBUG_FILE_CALLBACK PFIND_DEBUG_FILE_CALLBACKW
3368 | #define PFINDFILEINPATHCALLBACK PFINDFILEINPATHCALLBACKW
3369 | #define IMAGEHLP_MODULE64 IMAGEHLP_MODULEW64
3370 | #define PIMAGEHLP_MODULE64 PIMAGEHLP_MODULEW64
3371 | #define SYMSRV_INDEX_INFO SYMSRV_INDEX_INFOW
3372 | #define PSYMSRV_INDEX_INFO PSYMSRV_INDEX_INFOW
3373 |
3374 | #define PSYMBOLSERVERPROC PSYMBOLSERVERPROCW
3375 | #define PSYMBOLSERVERPINGPROC PSYMBOLSERVERPINGPROCW
3376 | #endif
3377 |
3378 | // -----------------------------------------------------------------
3379 | // The following APIs exist only for backwards compatibility
3380 | // with a pre-release version documented in an MSDN release.
3381 |
3382 | // You should use SymFindFileInPath if you want to maintain
3383 | // future compatibility.
3384 |
3385 | DBHLP_DEPRECIATED
3386 | BOOL
3387 | IMAGEAPI
3388 | FindFileInPath(
3389 | __in HANDLE hprocess,
3390 | __in PCSTR SearchPath,
3391 | __in PCSTR FileName,
3392 | __in PVOID id,
3393 | __in DWORD two,
3394 | __in DWORD three,
3395 | __in DWORD flags,
3396 | __out_ecount(MAX_PATH + 1) PSTR FilePath
3397 | );
3398 |
3399 | // You should use SymFindFileInPath if you want to maintain
3400 | // future compatibility.
3401 |
3402 | DBHLP_DEPRECIATED
3403 | BOOL
3404 | IMAGEAPI
3405 | FindFileInSearchPath(
3406 | __in HANDLE hprocess,
3407 | __in PCSTR SearchPath,
3408 | __in PCSTR FileName,
3409 | __in DWORD one,
3410 | __in DWORD two,
3411 | __in DWORD three,
3412 | __out_ecount(MAX_PATH + 1) PSTR FilePath
3413 | );
3414 |
3415 | DBHLP_DEPRECIATED
3416 | BOOL
3417 | IMAGEAPI
3418 | SymEnumSym(
3419 | __in HANDLE hProcess,
3420 | __in ULONG64 BaseOfDll,
3421 | __in PSYM_ENUMERATESYMBOLS_CALLBACK EnumSymbolsCallback,
3422 | __in_opt PVOID UserContext
3423 | );
3424 |
3425 | DBHLP_DEPRECIATED
3426 | BOOL
3427 | IMAGEAPI
3428 | SymEnumerateSymbols64(
3429 | __in HANDLE hProcess,
3430 | __in ULONG64 BaseOfDll,
3431 | __in PSYM_ENUMSYMBOLS_CALLBACK64 EnumSymbolsCallback,
3432 | __in_opt PVOID UserContext
3433 | );
3434 |
3435 | DBHLP_DEPRECIATED
3436 | BOOL
3437 | IMAGEAPI
3438 | SymEnumerateSymbolsW64(
3439 | __in HANDLE hProcess,
3440 | __in ULONG64 BaseOfDll,
3441 | __in PSYM_ENUMSYMBOLS_CALLBACK64W EnumSymbolsCallback,
3442 | __in_opt PVOID UserContext
3443 | );
3444 |
3445 |
3446 | #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
3447 | #define SymEnumerateSymbols SymEnumerateSymbols64
3448 | #define SymEnumerateSymbolsW SymEnumerateSymbolsW64
3449 | #else
3450 | DBHLP_DEPRECIATED
3451 | BOOL
3452 | IMAGEAPI
3453 | SymEnumerateSymbols(
3454 | __in HANDLE hProcess,
3455 | __in ULONG BaseOfDll,
3456 | __in PSYM_ENUMSYMBOLS_CALLBACK EnumSymbolsCallback,
3457 | __in_opt PVOID UserContext
3458 | );
3459 |
3460 | DBHLP_DEPRECIATED
3461 | BOOL
3462 | IMAGEAPI
3463 | SymEnumerateSymbolsW(
3464 | __in HANDLE hProcess,
3465 | __in ULONG BaseOfDll,
3466 | __in PSYM_ENUMSYMBOLS_CALLBACKW EnumSymbolsCallback,
3467 | __in_opt PVOID UserContext
3468 | );
3469 | #endif
3470 |
3471 | // use SymLoadModuleEx
3472 |
3473 | DWORD64
3474 | IMAGEAPI
3475 | SymLoadModule64(
3476 | __in HANDLE hProcess,
3477 | __in_opt HANDLE hFile,
3478 | __in_opt PCSTR ImageName,
3479 | __in_opt PCSTR ModuleName,
3480 | __in DWORD64 BaseOfDll,
3481 | __in DWORD SizeOfDll
3482 | );
3483 |
3484 | #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
3485 | #define SymLoadModule SymLoadModule64
3486 | #else
3487 | DWORD
3488 | IMAGEAPI
3489 | SymLoadModule(
3490 | __in HANDLE hProcess,
3491 | __in_opt HANDLE hFile,
3492 | __in_opt PCSTR ImageName,
3493 | __in_opt PCSTR ModuleName,
3494 | __in DWORD BaseOfDll,
3495 | __in DWORD SizeOfDll
3496 | );
3497 | #endif
3498 |
3499 | BOOL
3500 | IMAGEAPI
3501 | SymGetSymNext64(
3502 | __in HANDLE hProcess,
3503 | __inout PIMAGEHLP_SYMBOL64 Symbol
3504 | );
3505 |
3506 | BOOL
3507 | IMAGEAPI
3508 | SymGetSymNextW64(
3509 | __in HANDLE hProcess,
3510 | __inout PIMAGEHLP_SYMBOLW64 Symbol
3511 | );
3512 |
3513 | #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
3514 | #define SymGetSymNext SymGetSymNext64
3515 | #define SymGetSymNextW SymGetSymNextW64
3516 | #else
3517 | BOOL
3518 | IMAGEAPI
3519 | SymGetSymNext(
3520 | __in HANDLE hProcess,
3521 | __inout PIMAGEHLP_SYMBOL Symbol
3522 | );
3523 |
3524 | BOOL
3525 | IMAGEAPI
3526 | SymGetSymNextW(
3527 | __in HANDLE hProcess,
3528 | __inout PIMAGEHLP_SYMBOLW Symbol
3529 | );
3530 | #endif
3531 |
3532 | BOOL
3533 | IMAGEAPI
3534 | SymGetSymPrev64(
3535 | __in HANDLE hProcess,
3536 | __inout PIMAGEHLP_SYMBOL64 Symbol
3537 | );
3538 |
3539 | BOOL
3540 | IMAGEAPI
3541 | SymGetSymPrevW64(
3542 | __in HANDLE hProcess,
3543 | __inout PIMAGEHLP_SYMBOLW64 Symbol
3544 | );
3545 |
3546 | #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
3547 | #define SymGetSymPrev SymGetSymPrev64
3548 | #define SymGetSymPrevW SymGetSymPrevW64
3549 | #else
3550 | BOOL
3551 | IMAGEAPI
3552 | SymGetSymPrev(
3553 | __in HANDLE hProcess,
3554 | __inout PIMAGEHLP_SYMBOL Symbol
3555 | );
3556 |
3557 | BOOL
3558 | IMAGEAPI
3559 | SymGetSymPrevW(
3560 | __in HANDLE hProcess,
3561 | __inout PIMAGEHLP_SYMBOLW Symbol
3562 | );
3563 | #endif
3564 |
3565 |
3566 | // These values should not be used.
3567 | // They have been replaced by SYMFLAG_ values.
3568 |
3569 | #define SYMF_OMAP_GENERATED 0x00000001
3570 | #define SYMF_OMAP_MODIFIED 0x00000002
3571 | #define SYMF_REGISTER 0x00000008
3572 | #define SYMF_REGREL 0x00000010
3573 | #define SYMF_FRAMEREL 0x00000020
3574 | #define SYMF_PARAMETER 0x00000040
3575 | #define SYMF_LOCAL 0x00000080
3576 | #define SYMF_CONSTANT 0x00000100
3577 | #define SYMF_EXPORT 0x00000200
3578 | #define SYMF_FORWARDER 0x00000400
3579 | #define SYMF_FUNCTION 0x00000800
3580 | #define SYMF_VIRTUAL 0x00001000
3581 | #define SYMF_THUNK 0x00002000
3582 | #define SYMF_TLSREL 0x00004000
3583 |
3584 | // These values should also not be used.
3585 | // They have been replaced by SYMFLAG_ values.
3586 |
3587 | #define IMAGEHLP_SYMBOL_INFO_VALUEPRESENT 1
3588 | #define IMAGEHLP_SYMBOL_INFO_REGISTER SYMF_REGISTER // 0x0008
3589 | #define IMAGEHLP_SYMBOL_INFO_REGRELATIVE SYMF_REGREL // 0x0010
3590 | #define IMAGEHLP_SYMBOL_INFO_FRAMERELATIVE SYMF_FRAMEREL // 0x0020
3591 | #define IMAGEHLP_SYMBOL_INFO_PARAMETER SYMF_PARAMETER // 0x0040
3592 | #define IMAGEHLP_SYMBOL_INFO_LOCAL SYMF_LOCAL // 0x0080
3593 | #define IMAGEHLP_SYMBOL_INFO_CONSTANT SYMF_CONSTANT // 0x0100
3594 | #define IMAGEHLP_SYMBOL_FUNCTION SYMF_FUNCTION // 0x0800
3595 | #define IMAGEHLP_SYMBOL_VIRTUAL SYMF_VIRTUAL // 0x1000
3596 | #define IMAGEHLP_SYMBOL_THUNK SYMF_THUNK // 0x2000
3597 | #define IMAGEHLP_SYMBOL_INFO_TLSRELATIVE SYMF_TLSREL // 0x4000
3598 |
3599 | #pragma pack(pop)
3600 |
3601 |
3602 | #pragma pack(push,4)
3603 |
3604 | #define MINIDUMP_SIGNATURE ('PMDM')
3605 | #define MINIDUMP_VERSION (42899)
3606 | typedef DWORD RVA;
3607 | typedef ULONG64 RVA64;
3608 |
3609 | typedef struct _MINIDUMP_LOCATION_DESCRIPTOR
3610 | {
3611 | ULONG32 DataSize;
3612 | RVA Rva;
3613 | } MINIDUMP_LOCATION_DESCRIPTOR;
3614 |
3615 | typedef struct _MINIDUMP_LOCATION_DESCRIPTOR64
3616 | {
3617 | ULONG64 DataSize;
3618 | RVA64 Rva;
3619 | } MINIDUMP_LOCATION_DESCRIPTOR64;
3620 |
3621 |
3622 | typedef struct _MINIDUMP_MEMORY_DESCRIPTOR
3623 | {
3624 | ULONG64 StartOfMemoryRange;
3625 | MINIDUMP_LOCATION_DESCRIPTOR Memory;
3626 | } MINIDUMP_MEMORY_DESCRIPTOR, *PMINIDUMP_MEMORY_DESCRIPTOR;
3627 |
3628 | // DESCRIPTOR64 is used for full-memory minidumps where
3629 | // all of the raw memory is laid out sequentially at the
3630 | // end of the dump. There is no need for individual RVAs
3631 | // as the RVA is the base RVA plus the sum of the preceeding
3632 | // data blocks.
3633 | typedef struct _MINIDUMP_MEMORY_DESCRIPTOR64
3634 | {
3635 | ULONG64 StartOfMemoryRange;
3636 | ULONG64 DataSize;
3637 | } MINIDUMP_MEMORY_DESCRIPTOR64, *PMINIDUMP_MEMORY_DESCRIPTOR64;
3638 |
3639 |
3640 | typedef struct _MINIDUMP_HEADER
3641 | {
3642 | ULONG32 Signature;
3643 | ULONG32 Version;
3644 | ULONG32 NumberOfStreams;
3645 | RVA StreamDirectoryRva;
3646 | ULONG32 CheckSum;
3647 | union
3648 | {
3649 | ULONG32 Reserved;
3650 | ULONG32 TimeDateStamp;
3651 | };
3652 | ULONG64 Flags;
3653 | } MINIDUMP_HEADER, *PMINIDUMP_HEADER;
3654 |
3655 | //
3656 | // The MINIDUMP_HEADER field StreamDirectoryRva points to
3657 | // an array of MINIDUMP_DIRECTORY structures.
3658 | //
3659 |
3660 | typedef struct _MINIDUMP_DIRECTORY
3661 | {
3662 | ULONG32 StreamType;
3663 | MINIDUMP_LOCATION_DESCRIPTOR Location;
3664 | } MINIDUMP_DIRECTORY, *PMINIDUMP_DIRECTORY;
3665 |
3666 |
3667 | typedef struct _MINIDUMP_STRING
3668 | {
3669 | ULONG32 Length; // Length in bytes of the string
3670 | WCHAR Buffer [0]; // Variable size buffer
3671 | } MINIDUMP_STRING, *PMINIDUMP_STRING;
3672 |
3673 |
3674 |
3675 | //
3676 | // The MINIDUMP_DIRECTORY field StreamType may be one of the following types.
3677 | // Types will be added in the future, so if a program reading the minidump
3678 | // header encounters a stream type it does not understand it should ignore
3679 | // the data altogether. Any tag above LastReservedStream will not be used by
3680 | // the system and is reserved for program-specific information.
3681 | //
3682 |
3683 | typedef enum _MINIDUMP_STREAM_TYPE
3684 | {
3685 |
3686 | UnusedStream = 0,
3687 | ReservedStream0 = 1,
3688 | ReservedStream1 = 2,
3689 | ThreadListStream = 3,
3690 | ModuleListStream = 4,
3691 | MemoryListStream = 5,
3692 | ExceptionStream = 6,
3693 | SystemInfoStream = 7,
3694 | ThreadExListStream = 8,
3695 | Memory64ListStream = 9,
3696 | CommentStreamA = 10,
3697 | CommentStreamW = 11,
3698 | HandleDataStream = 12,
3699 | FunctionTableStream = 13,
3700 | UnloadedModuleListStream = 14,
3701 | MiscInfoStream = 15,
3702 | MemoryInfoListStream = 16,
3703 | ThreadInfoListStream = 17,
3704 | HandleOperationListStream = 18,
3705 | TokenStream = 19,
3706 |
3707 | ceStreamNull = 0x8000,
3708 | ceStreamSystemInfo = 0x8001,
3709 | ceStreamException = 0x8002,
3710 | ceStreamModuleList = 0x8003,
3711 | ceStreamProcessList = 0x8004,
3712 | ceStreamThreadList = 0x8005,
3713 | ceStreamThreadContextList = 0x8006,
3714 | ceStreamThreadCallStackList = 0x8007,
3715 | ceStreamMemoryVirtualList = 0x8008,
3716 | ceStreamMemoryPhysicalList = 0x8009,
3717 | ceStreamBucketParameters = 0x800A,
3718 | ceStreamProcessModuleMap = 0x800B,
3719 | ceStreamDiagnosisList = 0x800C,
3720 |
3721 | LastReservedStream = 0xffff
3722 |
3723 | } MINIDUMP_STREAM_TYPE;
3724 |
3725 |
3726 | //
3727 | // The minidump system information contains processor and
3728 | // Operating System specific information.
3729 | //
3730 |
3731 | //
3732 | // CPU information is obtained from one of two places.
3733 | //
3734 | // 1) On x86 computers, CPU_INFORMATION is obtained from the CPUID
3735 | // instruction. You must use the X86 portion of the union for X86
3736 | // computers.
3737 | //
3738 | // 2) On non-x86 architectures, CPU_INFORMATION is obtained by calling
3739 | // IsProcessorFeatureSupported().
3740 | //
3741 |
3742 | typedef union _CPU_INFORMATION
3743 | {
3744 |
3745 | //
3746 | // X86 platforms use CPUID function to obtain processor information.
3747 | //
3748 |
3749 | struct
3750 | {
3751 |
3752 | //
3753 | // CPUID Subfunction 0, register EAX (VendorId [0]),
3754 | // EBX (VendorId [1]) and ECX (VendorId [2]).
3755 | //
3756 |
3757 | ULONG32 VendorId [ 3 ];
3758 |
3759 | //
3760 | // CPUID Subfunction 1, register EAX
3761 | //
3762 |
3763 | ULONG32 VersionInformation;
3764 |
3765 | //
3766 | // CPUID Subfunction 1, register EDX
3767 | //
3768 |
3769 | ULONG32 FeatureInformation;
3770 |
3771 |
3772 | //
3773 | // CPUID, Subfunction 80000001, register EBX. This will only
3774 | // be obtained if the vendor id is "AuthenticAMD".
3775 | //
3776 |
3777 | ULONG32 AMDExtendedCpuFeatures;
3778 |
3779 | } X86CpuInfo;
3780 |
3781 | //
3782 | // Non-x86 platforms use processor feature flags.
3783 | //
3784 |
3785 | struct
3786 | {
3787 |
3788 | ULONG64 ProcessorFeatures [ 2 ];
3789 |
3790 | } OtherCpuInfo;
3791 |
3792 | } CPU_INFORMATION, *PCPU_INFORMATION;
3793 |
3794 | typedef struct _MINIDUMP_SYSTEM_INFO
3795 | {
3796 |
3797 | //
3798 | // ProcessorArchitecture, ProcessorLevel and ProcessorRevision are all
3799 | // taken from the SYSTEM_INFO structure obtained by GetSystemInfo( ).
3800 | //
3801 |
3802 | USHORT ProcessorArchitecture;
3803 | USHORT ProcessorLevel;
3804 | USHORT ProcessorRevision;
3805 |
3806 | union
3807 | {
3808 | USHORT Reserved0;
3809 | struct
3810 | {
3811 | UCHAR NumberOfProcessors;
3812 | UCHAR ProductType;
3813 | };
3814 | };
3815 |
3816 | //
3817 | // MajorVersion, MinorVersion, BuildNumber, PlatformId and
3818 | // CSDVersion are all taken from the OSVERSIONINFO structure
3819 | // returned by GetVersionEx( ).
3820 | //
3821 |
3822 | ULONG32 MajorVersion;
3823 | ULONG32 MinorVersion;
3824 | ULONG32 BuildNumber;
3825 | ULONG32 PlatformId;
3826 |
3827 | //
3828 | // RVA to a CSDVersion string in the string table.
3829 | //
3830 |
3831 | RVA CSDVersionRva;
3832 |
3833 | union
3834 | {
3835 | ULONG32 Reserved1;
3836 | struct
3837 | {
3838 | USHORT SuiteMask;
3839 | USHORT Reserved2;
3840 | };
3841 | };
3842 |
3843 | CPU_INFORMATION Cpu;
3844 |
3845 | } MINIDUMP_SYSTEM_INFO, *PMINIDUMP_SYSTEM_INFO;
3846 |
3847 |
3848 | //
3849 | // The minidump thread contains standard thread
3850 | // information plus an RVA to the memory for this
3851 | // thread and an RVA to the CONTEXT structure for
3852 | // this thread.
3853 | //
3854 |
3855 |
3856 | //
3857 | // ThreadId must be 4 bytes on all architectures.
3858 | //
3859 |
3860 | C_ASSERT(sizeof(((PPROCESS_INFORMATION)0)->dwThreadId) == 4);
3861 |
3862 | typedef struct _MINIDUMP_THREAD
3863 | {
3864 | ULONG32 ThreadId;
3865 | ULONG32 SuspendCount;
3866 | ULONG32 PriorityClass;
3867 | ULONG32 Priority;
3868 | ULONG64 Teb;
3869 | MINIDUMP_MEMORY_DESCRIPTOR Stack;
3870 | MINIDUMP_LOCATION_DESCRIPTOR ThreadContext;
3871 | } MINIDUMP_THREAD, *PMINIDUMP_THREAD;
3872 |
3873 | //
3874 | // The thread list is a container of threads.
3875 | //
3876 |
3877 | typedef struct _MINIDUMP_THREAD_LIST
3878 | {
3879 | ULONG32 NumberOfThreads;
3880 | MINIDUMP_THREAD Threads [0];
3881 | } MINIDUMP_THREAD_LIST, *PMINIDUMP_THREAD_LIST;
3882 |
3883 |
3884 | typedef struct _MINIDUMP_THREAD_EX
3885 | {
3886 | ULONG32 ThreadId;
3887 | ULONG32 SuspendCount;
3888 | ULONG32 PriorityClass;
3889 | ULONG32 Priority;
3890 | ULONG64 Teb;
3891 | MINIDUMP_MEMORY_DESCRIPTOR Stack;
3892 | MINIDUMP_LOCATION_DESCRIPTOR ThreadContext;
3893 | MINIDUMP_MEMORY_DESCRIPTOR BackingStore;
3894 | } MINIDUMP_THREAD_EX, *PMINIDUMP_THREAD_EX;
3895 |
3896 | //
3897 | // The thread list is a container of threads.
3898 | //
3899 |
3900 | typedef struct _MINIDUMP_THREAD_EX_LIST
3901 | {
3902 | ULONG32 NumberOfThreads;
3903 | MINIDUMP_THREAD_EX Threads [0];
3904 | } MINIDUMP_THREAD_EX_LIST, *PMINIDUMP_THREAD_EX_LIST;
3905 |
3906 |
3907 | //
3908 | // The MINIDUMP_EXCEPTION is the same as EXCEPTION on Win64.
3909 | //
3910 |
3911 | typedef struct _MINIDUMP_EXCEPTION
3912 | {
3913 | ULONG32 ExceptionCode;
3914 | ULONG32 ExceptionFlags;
3915 | ULONG64 ExceptionRecord;
3916 | ULONG64 ExceptionAddress;
3917 | ULONG32 NumberParameters;
3918 | ULONG32 __unusedAlignment;
3919 | ULONG64 ExceptionInformation [ EXCEPTION_MAXIMUM_PARAMETERS ];
3920 | } MINIDUMP_EXCEPTION, *PMINIDUMP_EXCEPTION;
3921 |
3922 |
3923 | //
3924 | // The exception information stream contains the id of the thread that caused
3925 | // the exception (ThreadId), the exception record for the exception
3926 | // (ExceptionRecord) and an RVA to the thread context where the exception
3927 | // occured.
3928 | //
3929 |
3930 | typedef struct MINIDUMP_EXCEPTION_STREAM
3931 | {
3932 | ULONG32 ThreadId;
3933 | ULONG32 __alignment;
3934 | MINIDUMP_EXCEPTION ExceptionRecord;
3935 | MINIDUMP_LOCATION_DESCRIPTOR ThreadContext;
3936 | } MINIDUMP_EXCEPTION_STREAM, *PMINIDUMP_EXCEPTION_STREAM;
3937 |
3938 |
3939 | //
3940 | // The MINIDUMP_MODULE contains information about a
3941 | // a specific module. It includes the CheckSum and
3942 | // the TimeDateStamp for the module so the module
3943 | // can be reloaded during the analysis phase.
3944 | //
3945 |
3946 | typedef struct _MINIDUMP_MODULE
3947 | {
3948 | ULONG64 BaseOfImage;
3949 | ULONG32 SizeOfImage;
3950 | ULONG32 CheckSum;
3951 | ULONG32 TimeDateStamp;
3952 | RVA ModuleNameRva;
3953 | VS_FIXEDFILEINFO VersionInfo;
3954 | MINIDUMP_LOCATION_DESCRIPTOR CvRecord;
3955 | MINIDUMP_LOCATION_DESCRIPTOR MiscRecord;
3956 | ULONG64 Reserved0; // Reserved for future use.
3957 | ULONG64 Reserved1; // Reserved for future use.
3958 | } MINIDUMP_MODULE, *PMINIDUMP_MODULE;
3959 |
3960 |
3961 | //
3962 | // The minidump module list is a container for modules.
3963 | //
3964 |
3965 | typedef struct _MINIDUMP_MODULE_LIST
3966 | {
3967 | ULONG32 NumberOfModules;
3968 | MINIDUMP_MODULE Modules [ 0 ];
3969 | } MINIDUMP_MODULE_LIST, *PMINIDUMP_MODULE_LIST;
3970 |
3971 |
3972 | //
3973 | // Memory Ranges
3974 | //
3975 |
3976 | typedef struct _MINIDUMP_MEMORY_LIST
3977 | {
3978 | ULONG32 NumberOfMemoryRanges;
3979 | MINIDUMP_MEMORY_DESCRIPTOR MemoryRanges [0];
3980 | } MINIDUMP_MEMORY_LIST, *PMINIDUMP_MEMORY_LIST;
3981 |
3982 | typedef struct _MINIDUMP_MEMORY64_LIST
3983 | {
3984 | ULONG64 NumberOfMemoryRanges;
3985 | RVA64 BaseRva;
3986 | MINIDUMP_MEMORY_DESCRIPTOR64 MemoryRanges [0];
3987 | } MINIDUMP_MEMORY64_LIST, *PMINIDUMP_MEMORY64_LIST;
3988 |
3989 |
3990 | //
3991 | // Support for user supplied exception information.
3992 | //
3993 |
3994 | typedef struct _MINIDUMP_EXCEPTION_INFORMATION
3995 | {
3996 | DWORD ThreadId;
3997 | PEXCEPTION_POINTERS ExceptionPointers;
3998 | BOOL ClientPointers;
3999 | } MINIDUMP_EXCEPTION_INFORMATION, *PMINIDUMP_EXCEPTION_INFORMATION;
4000 |
4001 | typedef struct _MINIDUMP_EXCEPTION_INFORMATION64
4002 | {
4003 | DWORD ThreadId;
4004 | ULONG64 ExceptionRecord;
4005 | ULONG64 ContextRecord;
4006 | BOOL ClientPointers;
4007 | } MINIDUMP_EXCEPTION_INFORMATION64, *PMINIDUMP_EXCEPTION_INFORMATION64;
4008 |
4009 |
4010 | //
4011 | // Support for capturing system handle state at the time of the dump.
4012 | //
4013 |
4014 | // Per-handle object information varies according to
4015 | // the OS, the OS version, the processor type and
4016 | // so on. The minidump gives a minidump identifier
4017 | // to each possible data format for identification
4018 | // purposes but does not control nor describe the actual data.
4019 | typedef enum _MINIDUMP_HANDLE_OBJECT_INFORMATION_TYPE
4020 | {
4021 | MiniHandleObjectInformationNone,
4022 | MiniThreadInformation1,
4023 | MiniMutantInformation1,
4024 | MiniMutantInformation2,
4025 | MiniProcessInformation1,
4026 | MiniProcessInformation2,
4027 | MiniHandleObjectInformationTypeMax
4028 | } MINIDUMP_HANDLE_OBJECT_INFORMATION_TYPE;
4029 |
4030 | typedef struct _MINIDUMP_HANDLE_OBJECT_INFORMATION
4031 | {
4032 | RVA NextInfoRva;
4033 | ULONG32 InfoType;
4034 | ULONG32 SizeOfInfo;
4035 | // Raw information follows.
4036 | } MINIDUMP_HANDLE_OBJECT_INFORMATION;
4037 |
4038 | typedef struct _MINIDUMP_HANDLE_DESCRIPTOR
4039 | {
4040 | ULONG64 Handle;
4041 | RVA TypeNameRva;
4042 | RVA ObjectNameRva;
4043 | ULONG32 Attributes;
4044 | ULONG32 GrantedAccess;
4045 | ULONG32 HandleCount;
4046 | ULONG32 PointerCount;
4047 | } MINIDUMP_HANDLE_DESCRIPTOR, *PMINIDUMP_HANDLE_DESCRIPTOR;
4048 |
4049 | typedef struct _MINIDUMP_HANDLE_DESCRIPTOR_2
4050 | {
4051 | ULONG64 Handle;
4052 | RVA TypeNameRva;
4053 | RVA ObjectNameRva;
4054 | ULONG32 Attributes;
4055 | ULONG32 GrantedAccess;
4056 | ULONG32 HandleCount;
4057 | ULONG32 PointerCount;
4058 | RVA ObjectInfoRva;
4059 | ULONG32 Reserved0;
4060 | } MINIDUMP_HANDLE_DESCRIPTOR_2, *PMINIDUMP_HANDLE_DESCRIPTOR_2;
4061 |
4062 | // The latest MINIDUMP_HANDLE_DESCRIPTOR definition.
4063 | typedef MINIDUMP_HANDLE_DESCRIPTOR_2 MINIDUMP_HANDLE_DESCRIPTOR_N;
4064 | typedef MINIDUMP_HANDLE_DESCRIPTOR_N* PMINIDUMP_HANDLE_DESCRIPTOR_N;
4065 |
4066 | typedef struct _MINIDUMP_HANDLE_DATA_STREAM
4067 | {
4068 | ULONG32 SizeOfHeader;
4069 | ULONG32 SizeOfDescriptor;
4070 | ULONG32 NumberOfDescriptors;
4071 | ULONG32 Reserved;
4072 | } MINIDUMP_HANDLE_DATA_STREAM, *PMINIDUMP_HANDLE_DATA_STREAM;
4073 |
4074 | // Some operating systems can track the last operations
4075 | // performed on a handle. For example, Application Verifier
4076 | // can enable this for some versions of Windows. The
4077 | // handle operation list collects handle operations
4078 | // known for the dump target.
4079 | // Each entry is an AVRF_HANDLE_OPERATION.
4080 | typedef struct _MINIDUMP_HANDLE_OPERATION_LIST
4081 | {
4082 | ULONG32 SizeOfHeader;
4083 | ULONG32 SizeOfEntry;
4084 | ULONG32 NumberOfEntries;
4085 | ULONG32 Reserved;
4086 | } MINIDUMP_HANDLE_OPERATION_LIST, *PMINIDUMP_HANDLE_OPERATION_LIST;
4087 |
4088 |
4089 | //
4090 | // Support for capturing dynamic function table state at the time of the dump.
4091 | //
4092 |
4093 | typedef struct _MINIDUMP_FUNCTION_TABLE_DESCRIPTOR
4094 | {
4095 | ULONG64 MinimumAddress;
4096 | ULONG64 MaximumAddress;
4097 | ULONG64 BaseAddress;
4098 | ULONG32 EntryCount;
4099 | ULONG32 SizeOfAlignPad;
4100 | } MINIDUMP_FUNCTION_TABLE_DESCRIPTOR, *PMINIDUMP_FUNCTION_TABLE_DESCRIPTOR;
4101 |
4102 | typedef struct _MINIDUMP_FUNCTION_TABLE_STREAM
4103 | {
4104 | ULONG32 SizeOfHeader;
4105 | ULONG32 SizeOfDescriptor;
4106 | ULONG32 SizeOfNativeDescriptor;
4107 | ULONG32 SizeOfFunctionEntry;
4108 | ULONG32 NumberOfDescriptors;
4109 | ULONG32 SizeOfAlignPad;
4110 | } MINIDUMP_FUNCTION_TABLE_STREAM, *PMINIDUMP_FUNCTION_TABLE_STREAM;
4111 |
4112 |
4113 | //
4114 | // The MINIDUMP_UNLOADED_MODULE contains information about a
4115 | // a specific module that was previously loaded but no
4116 | // longer is. This can help with diagnosing problems where
4117 | // callers attempt to call code that is no longer loaded.
4118 | //
4119 |
4120 | typedef struct _MINIDUMP_UNLOADED_MODULE
4121 | {
4122 | ULONG64 BaseOfImage;
4123 | ULONG32 SizeOfImage;
4124 | ULONG32 CheckSum;
4125 | ULONG32 TimeDateStamp;
4126 | RVA ModuleNameRva;
4127 | } MINIDUMP_UNLOADED_MODULE, *PMINIDUMP_UNLOADED_MODULE;
4128 |
4129 |
4130 | //
4131 | // The minidump unloaded module list is a container for unloaded modules.
4132 | //
4133 |
4134 | typedef struct _MINIDUMP_UNLOADED_MODULE_LIST
4135 | {
4136 | ULONG32 SizeOfHeader;
4137 | ULONG32 SizeOfEntry;
4138 | ULONG32 NumberOfEntries;
4139 | } MINIDUMP_UNLOADED_MODULE_LIST, *PMINIDUMP_UNLOADED_MODULE_LIST;
4140 |
4141 |
4142 | //
4143 | // The miscellaneous information stream contains a variety
4144 | // of small pieces of information. A member is valid if
4145 | // it's within the available size and its corresponding
4146 | // bit is set.
4147 | //
4148 |
4149 | #define MINIDUMP_MISC1_PROCESS_ID 0x00000001
4150 | #define MINIDUMP_MISC1_PROCESS_TIMES 0x00000002
4151 | #define MINIDUMP_MISC1_PROCESSOR_POWER_INFO 0x00000004
4152 | #define MINIDUMP_MISC3_PROCESS_INTEGRITY 0x00000010
4153 | #define MINIDUMP_MISC3_PROCESS_EXECUTE_FLAGS 0x00000020
4154 | #define MINIDUMP_MISC3_TIMEZONE 0x00000040
4155 | #define MINIDUMP_MISC3_PROTECTED_PROCESS 0x00000080
4156 |
4157 | typedef struct _MINIDUMP_MISC_INFO
4158 | {
4159 | ULONG32 SizeOfInfo;
4160 | ULONG32 Flags1;
4161 | ULONG32 ProcessId;
4162 | ULONG32 ProcessCreateTime;
4163 | ULONG32 ProcessUserTime;
4164 | ULONG32 ProcessKernelTime;
4165 | } MINIDUMP_MISC_INFO, *PMINIDUMP_MISC_INFO;
4166 |
4167 | typedef struct _MINIDUMP_MISC_INFO_2
4168 | {
4169 | ULONG32 SizeOfInfo;
4170 | ULONG32 Flags1;
4171 | ULONG32 ProcessId;
4172 | ULONG32 ProcessCreateTime;
4173 | ULONG32 ProcessUserTime;
4174 | ULONG32 ProcessKernelTime;
4175 | ULONG32 ProcessorMaxMhz;
4176 | ULONG32 ProcessorCurrentMhz;
4177 | ULONG32 ProcessorMhzLimit;
4178 | ULONG32 ProcessorMaxIdleState;
4179 | ULONG32 ProcessorCurrentIdleState;
4180 | } MINIDUMP_MISC_INFO_2, *PMINIDUMP_MISC_INFO_2;
4181 |
4182 | typedef struct _MINIDUMP_MISC_INFO_3
4183 | {
4184 | ULONG32 SizeOfInfo;
4185 | ULONG32 Flags1;
4186 | ULONG32 ProcessId;
4187 | ULONG32 ProcessCreateTime;
4188 | ULONG32 ProcessUserTime;
4189 | ULONG32 ProcessKernelTime;
4190 | ULONG32 ProcessorMaxMhz;
4191 | ULONG32 ProcessorCurrentMhz;
4192 | ULONG32 ProcessorMhzLimit;
4193 | ULONG32 ProcessorMaxIdleState;
4194 | ULONG32 ProcessorCurrentIdleState;
4195 | ULONG32 ProcessIntegrityLevel;
4196 | ULONG32 ProcessExecuteFlags;
4197 | ULONG32 ProtectedProcess;
4198 | ULONG32 TimeZoneId;
4199 | TIME_ZONE_INFORMATION TimeZone;
4200 | } MINIDUMP_MISC_INFO_3, *PMINIDUMP_MISC_INFO_3;
4201 |
4202 | // The latest MINIDUMP_MISC_INFO definition.
4203 | typedef MINIDUMP_MISC_INFO_3 MINIDUMP_MISC_INFO_N;
4204 | typedef MINIDUMP_MISC_INFO_N* PMINIDUMP_MISC_INFO_N;
4205 |
4206 |
4207 | //
4208 | // The memory information stream contains memory region
4209 | // description information. This stream corresponds to
4210 | // what VirtualQuery would return for the process the
4211 | // dump was created for.
4212 | //
4213 |
4214 | typedef struct _MINIDUMP_MEMORY_INFO
4215 | {
4216 | ULONG64 BaseAddress;
4217 | ULONG64 AllocationBase;
4218 | ULONG32 AllocationProtect;
4219 | ULONG32 __alignment1;
4220 | ULONG64 RegionSize;
4221 | ULONG32 State;
4222 | ULONG32 Protect;
4223 | ULONG32 Type;
4224 | ULONG32 __alignment2;
4225 | } MINIDUMP_MEMORY_INFO, *PMINIDUMP_MEMORY_INFO;
4226 |
4227 | typedef struct _MINIDUMP_MEMORY_INFO_LIST
4228 | {
4229 | ULONG SizeOfHeader;
4230 | ULONG SizeOfEntry;
4231 | ULONG64 NumberOfEntries;
4232 | } MINIDUMP_MEMORY_INFO_LIST, *PMINIDUMP_MEMORY_INFO_LIST;
4233 |
4234 |
4235 | //
4236 | // The memory information stream contains memory region
4237 | // description information. This stream corresponds to
4238 | // what VirtualQuery would return for the process the
4239 | // dump was created for.
4240 | //
4241 |
4242 | // Thread dump writer status flags.
4243 | #define MINIDUMP_THREAD_INFO_ERROR_THREAD 0x00000001
4244 | #define MINIDUMP_THREAD_INFO_WRITING_THREAD 0x00000002
4245 | #define MINIDUMP_THREAD_INFO_EXITED_THREAD 0x00000004
4246 | #define MINIDUMP_THREAD_INFO_INVALID_INFO 0x00000008
4247 | #define MINIDUMP_THREAD_INFO_INVALID_CONTEXT 0x00000010
4248 | #define MINIDUMP_THREAD_INFO_INVALID_TEB 0x00000020
4249 |
4250 | typedef struct _MINIDUMP_THREAD_INFO
4251 | {
4252 | ULONG32 ThreadId;
4253 | ULONG32 DumpFlags;
4254 | ULONG32 DumpError;
4255 | ULONG32 ExitStatus;
4256 | ULONG64 CreateTime;
4257 | ULONG64 ExitTime;
4258 | ULONG64 KernelTime;
4259 | ULONG64 UserTime;
4260 | ULONG64 StartAddress;
4261 | ULONG64 Affinity;
4262 | } MINIDUMP_THREAD_INFO, *PMINIDUMP_THREAD_INFO;
4263 |
4264 | typedef struct _MINIDUMP_THREAD_INFO_LIST
4265 | {
4266 | ULONG SizeOfHeader;
4267 | ULONG SizeOfEntry;
4268 | ULONG NumberOfEntries;
4269 | } MINIDUMP_THREAD_INFO_LIST, *PMINIDUMP_THREAD_INFO_LIST;
4270 |
4271 | //
4272 | // Support for token information.
4273 | //
4274 | typedef struct _MINIDUMP_TOKEN_INFO_HEADER
4275 | {
4276 | ULONG TokenSize; // The size of the token structure.
4277 | ULONG TokenId; // The PID in NtOpenProcessToken() call or TID in NtOpenThreadToken() call.
4278 | ULONG64 TokenHandle; // The handle value returned.
4279 | } MINIDUMP_TOKEN_INFO_HEADER, *PMINIDUMP_TOKEN_INFO_HEADER;
4280 |
4281 | typedef struct _MINIDUMP_TOKEN_INFO_LIST
4282 | {
4283 | ULONG TokenListSize;
4284 | ULONG TokenListEntries;
4285 | ULONG ListHeaderSize;
4286 | ULONG ElementHeaderSize;
4287 | } MINIDUMP_TOKEN_INFO_LIST, *PMINIDUMP_TOKEN_INFO_LIST;
4288 |
4289 | //
4290 | // Support for arbitrary user-defined information.
4291 | //
4292 |
4293 | typedef struct _MINIDUMP_USER_RECORD
4294 | {
4295 | ULONG32 Type;
4296 | MINIDUMP_LOCATION_DESCRIPTOR Memory;
4297 | } MINIDUMP_USER_RECORD, *PMINIDUMP_USER_RECORD;
4298 |
4299 |
4300 | typedef struct _MINIDUMP_USER_STREAM
4301 | {
4302 | ULONG32 Type;
4303 | ULONG BufferSize;
4304 | PVOID Buffer;
4305 |
4306 | } MINIDUMP_USER_STREAM, *PMINIDUMP_USER_STREAM;
4307 |
4308 |
4309 | typedef struct _MINIDUMP_USER_STREAM_INFORMATION
4310 | {
4311 | ULONG UserStreamCount;
4312 | PMINIDUMP_USER_STREAM UserStreamArray;
4313 | } MINIDUMP_USER_STREAM_INFORMATION, *PMINIDUMP_USER_STREAM_INFORMATION;
4314 |
4315 | //
4316 | // Callback support.
4317 | //
4318 |
4319 | typedef enum _MINIDUMP_CALLBACK_TYPE
4320 | {
4321 | ModuleCallback,
4322 | ThreadCallback,
4323 | ThreadExCallback,
4324 | IncludeThreadCallback,
4325 | IncludeModuleCallback,
4326 | MemoryCallback,
4327 | CancelCallback,
4328 | WriteKernelMinidumpCallback,
4329 | KernelMinidumpStatusCallback,
4330 | RemoveMemoryCallback,
4331 | IncludeVmRegionCallback,
4332 | IoStartCallback,
4333 | IoWriteAllCallback,
4334 | IoFinishCallback,
4335 | ReadMemoryFailureCallback,
4336 | SecondaryFlagsCallback,
4337 | } MINIDUMP_CALLBACK_TYPE;
4338 |
4339 |
4340 | typedef struct _MINIDUMP_THREAD_CALLBACK
4341 | {
4342 | ULONG ThreadId;
4343 | HANDLE ThreadHandle;
4344 | CONTEXT Context;
4345 | ULONG SizeOfContext;
4346 | ULONG64 StackBase;
4347 | ULONG64 StackEnd;
4348 | } MINIDUMP_THREAD_CALLBACK, *PMINIDUMP_THREAD_CALLBACK;
4349 |
4350 |
4351 | typedef struct _MINIDUMP_THREAD_EX_CALLBACK
4352 | {
4353 | ULONG ThreadId;
4354 | HANDLE ThreadHandle;
4355 | CONTEXT Context;
4356 | ULONG SizeOfContext;
4357 | ULONG64 StackBase;
4358 | ULONG64 StackEnd;
4359 | ULONG64 BackingStoreBase;
4360 | ULONG64 BackingStoreEnd;
4361 | } MINIDUMP_THREAD_EX_CALLBACK, *PMINIDUMP_THREAD_EX_CALLBACK;
4362 |
4363 |
4364 | typedef struct _MINIDUMP_INCLUDE_THREAD_CALLBACK
4365 | {
4366 | ULONG ThreadId;
4367 | } MINIDUMP_INCLUDE_THREAD_CALLBACK, *PMINIDUMP_INCLUDE_THREAD_CALLBACK;
4368 |
4369 |
4370 | typedef enum _THREAD_WRITE_FLAGS
4371 | {
4372 | ThreadWriteThread = 0x0001,
4373 | ThreadWriteStack = 0x0002,
4374 | ThreadWriteContext = 0x0004,
4375 | ThreadWriteBackingStore = 0x0008,
4376 | ThreadWriteInstructionWindow = 0x0010,
4377 | ThreadWriteThreadData = 0x0020,
4378 | ThreadWriteThreadInfo = 0x0040,
4379 | } THREAD_WRITE_FLAGS;
4380 |
4381 | typedef struct _MINIDUMP_MODULE_CALLBACK
4382 | {
4383 | PWCHAR FullPath;
4384 | ULONG64 BaseOfImage;
4385 | ULONG SizeOfImage;
4386 | ULONG CheckSum;
4387 | ULONG TimeDateStamp;
4388 | VS_FIXEDFILEINFO VersionInfo;
4389 | PVOID CvRecord;
4390 | ULONG SizeOfCvRecord;
4391 | PVOID MiscRecord;
4392 | ULONG SizeOfMiscRecord;
4393 | } MINIDUMP_MODULE_CALLBACK, *PMINIDUMP_MODULE_CALLBACK;
4394 |
4395 |
4396 | typedef struct _MINIDUMP_INCLUDE_MODULE_CALLBACK
4397 | {
4398 | ULONG64 BaseOfImage;
4399 | } MINIDUMP_INCLUDE_MODULE_CALLBACK, *PMINIDUMP_INCLUDE_MODULE_CALLBACK;
4400 |
4401 |
4402 | typedef enum _MODULE_WRITE_FLAGS
4403 | {
4404 | ModuleWriteModule = 0x0001,
4405 | ModuleWriteDataSeg = 0x0002,
4406 | ModuleWriteMiscRecord = 0x0004,
4407 | ModuleWriteCvRecord = 0x0008,
4408 | ModuleReferencedByMemory = 0x0010,
4409 | ModuleWriteTlsData = 0x0020,
4410 | ModuleWriteCodeSegs = 0x0040,
4411 | } MODULE_WRITE_FLAGS;
4412 |
4413 |
4414 | typedef struct _MINIDUMP_IO_CALLBACK
4415 | {
4416 | HANDLE Handle;
4417 | ULONG64 Offset;
4418 | PVOID Buffer;
4419 | ULONG BufferBytes;
4420 | } MINIDUMP_IO_CALLBACK, *PMINIDUMP_IO_CALLBACK;
4421 |
4422 |
4423 | typedef struct _MINIDUMP_READ_MEMORY_FAILURE_CALLBACK
4424 | {
4425 | ULONG64 Offset;
4426 | ULONG Bytes;
4427 | HRESULT FailureStatus;
4428 | } MINIDUMP_READ_MEMORY_FAILURE_CALLBACK,
4429 | *PMINIDUMP_READ_MEMORY_FAILURE_CALLBACK;
4430 |
4431 |
4432 | typedef struct _MINIDUMP_CALLBACK_INPUT
4433 | {
4434 | ULONG ProcessId;
4435 | HANDLE ProcessHandle;
4436 | ULONG CallbackType;
4437 | union
4438 | {
4439 | HRESULT Status;
4440 | MINIDUMP_THREAD_CALLBACK Thread;
4441 | MINIDUMP_THREAD_EX_CALLBACK ThreadEx;
4442 | MINIDUMP_MODULE_CALLBACK Module;
4443 | MINIDUMP_INCLUDE_THREAD_CALLBACK IncludeThread;
4444 | MINIDUMP_INCLUDE_MODULE_CALLBACK IncludeModule;
4445 | MINIDUMP_IO_CALLBACK Io;
4446 | MINIDUMP_READ_MEMORY_FAILURE_CALLBACK ReadMemoryFailure;
4447 | ULONG SecondaryFlags;
4448 | };
4449 | } MINIDUMP_CALLBACK_INPUT, *PMINIDUMP_CALLBACK_INPUT;
4450 |
4451 | typedef struct _MINIDUMP_CALLBACK_OUTPUT
4452 | {
4453 | union
4454 | {
4455 | ULONG ModuleWriteFlags;
4456 | ULONG ThreadWriteFlags;
4457 | ULONG SecondaryFlags;
4458 | struct
4459 | {
4460 | ULONG64 MemoryBase;
4461 | ULONG MemorySize;
4462 | };
4463 | struct
4464 | {
4465 | BOOL CheckCancel;
4466 | BOOL Cancel;
4467 | };
4468 | HANDLE Handle;
4469 | struct
4470 | {
4471 | MINIDUMP_MEMORY_INFO VmRegion;
4472 | BOOL Continue;
4473 | };
4474 | HRESULT Status;
4475 | };
4476 | } MINIDUMP_CALLBACK_OUTPUT, *PMINIDUMP_CALLBACK_OUTPUT;
4477 |
4478 |
4479 | //
4480 | // A normal minidump contains just the information
4481 | // necessary to capture stack traces for all of the
4482 | // existing threads in a process.
4483 | //
4484 | // A minidump with data segments includes all of the data
4485 | // sections from loaded modules in order to capture
4486 | // global variable contents. This can make the dump much
4487 | // larger if many modules have global data.
4488 | //
4489 | // A minidump with full memory includes all of the accessible
4490 | // memory in the process and can be very large. A minidump
4491 | // with full memory always has the raw memory data at the end
4492 | // of the dump so that the initial structures in the dump can
4493 | // be mapped directly without having to include the raw
4494 | // memory information.
4495 | //
4496 | // Stack and backing store memory can be filtered to remove
4497 | // data unnecessary for stack walking. This can improve
4498 | // compression of stacks and also deletes data that may
4499 | // be private and should not be stored in a dump.
4500 | // Memory can also be scanned to see what modules are
4501 | // referenced by stack and backing store memory to allow
4502 | // omission of other modules to reduce dump size.
4503 | // In either of these modes the ModuleReferencedByMemory flag
4504 | // is set for all modules referenced before the base
4505 | // module callbacks occur.
4506 | //
4507 | // On some operating systems a list of modules that were
4508 | // recently unloaded is kept in addition to the currently
4509 | // loaded module list. This information can be saved in
4510 | // the dump if desired.
4511 | //
4512 | // Stack and backing store memory can be scanned for referenced
4513 | // pages in order to pick up data referenced by locals or other
4514 | // stack memory. This can increase the size of a dump significantly.
4515 | //
4516 | // Module paths may contain undesired information such as user names
4517 | // or other important directory names so they can be stripped. This
4518 | // option reduces the ability to locate the proper image later
4519 | // and should only be used in certain situations.
4520 | //
4521 | // Complete operating system per-process and per-thread information can
4522 | // be gathered and stored in the dump.
4523 | //
4524 | // The virtual address space can be scanned for various types
4525 | // of memory to be included in the dump.
4526 | //
4527 | // Code which is concerned with potentially private information
4528 | // getting into the minidump can set a flag that automatically
4529 | // modifies all existing and future flags to avoid placing
4530 | // unnecessary data in the dump. Basic data, such as stack
4531 | // information, will still be included but optional data, such
4532 | // as indirect memory, will not.
4533 | //
4534 | // When doing a full memory dump it's possible to store all
4535 | // of the enumerated memory region descriptive information
4536 | // in a memory information stream.
4537 | //
4538 | // Additional thread information beyond the basic thread
4539 | // structure can be collected if desired.
4540 | //
4541 | // A minidump with code segments includes all of the code
4542 | // and code-related sections from loaded modules in order
4543 | // to capture executable content.
4544 | //
4545 | // MiniDumpWithoutAuxiliaryState turns off any secondary,
4546 | // auxiliary-supported memory gathering.
4547 | //
4548 | // MiniDumpWithFullAuxiliaryState asks any present auxiliary
4549 | // data providers to include all of their state in the dump.
4550 | // The exact set of what is provided depends on the auxiliary.
4551 | // This can be quite large.
4552 | //
4553 |
4554 | typedef enum _MINIDUMP_TYPE
4555 | {
4556 | MiniDumpNormal = 0x00000000,
4557 | MiniDumpWithDataSegs = 0x00000001,
4558 | MiniDumpWithFullMemory = 0x00000002,
4559 | MiniDumpWithHandleData = 0x00000004,
4560 | MiniDumpFilterMemory = 0x00000008,
4561 | MiniDumpScanMemory = 0x00000010,
4562 | MiniDumpWithUnloadedModules = 0x00000020,
4563 | MiniDumpWithIndirectlyReferencedMemory = 0x00000040,
4564 | MiniDumpFilterModulePaths = 0x00000080,
4565 | MiniDumpWithProcessThreadData = 0x00000100,
4566 | MiniDumpWithPrivateReadWriteMemory = 0x00000200,
4567 | MiniDumpWithoutOptionalData = 0x00000400,
4568 | MiniDumpWithFullMemoryInfo = 0x00000800,
4569 | MiniDumpWithThreadInfo = 0x00001000,
4570 | MiniDumpWithCodeSegs = 0x00002000,
4571 | MiniDumpWithoutAuxiliaryState = 0x00004000,
4572 | MiniDumpWithFullAuxiliaryState = 0x00008000,
4573 | MiniDumpWithPrivateWriteCopyMemory = 0x00010000,
4574 | MiniDumpIgnoreInaccessibleMemory = 0x00020000,
4575 | MiniDumpWithTokenInformation = 0x00040000,
4576 | MiniDumpValidTypeFlags = 0x0007ffff,
4577 | } MINIDUMP_TYPE;
4578 |
4579 | //
4580 | // In addition to the primary flags provided to
4581 | // MiniDumpWriteDump there are additional, less
4582 | // frequently used options queried via the secondary
4583 | // flags callback.
4584 | //
4585 | // MiniSecondaryWithoutPowerInfo suppresses the minidump
4586 | // query that retrieves processor power information for
4587 | // MINIDUMP_MISC_INFO.
4588 | //
4589 |
4590 | typedef enum _MINIDUMP_SECONDARY_FLAGS
4591 | {
4592 | MiniSecondaryWithoutPowerInfo = 0x00000001,
4593 |
4594 | MiniSecondaryValidFlags = 0x00000001,
4595 | } MINIDUMP_SECONDARY_FLAGS;
4596 |
4597 |
4598 | //
4599 | // The minidump callback should modify the FieldsToWrite parameter to reflect
4600 | // what portions of the specified thread or module should be written to the
4601 | // file.
4602 | //
4603 |
4604 | typedef
4605 | BOOL
4606 | (WINAPI* MINIDUMP_CALLBACK_ROUTINE)(
4607 | __inout PVOID CallbackParam,
4608 | __in PMINIDUMP_CALLBACK_INPUT CallbackInput,
4609 | __inout PMINIDUMP_CALLBACK_OUTPUT CallbackOutput
4610 | );
4611 |
4612 | typedef struct _MINIDUMP_CALLBACK_INFORMATION
4613 | {
4614 | MINIDUMP_CALLBACK_ROUTINE CallbackRoutine;
4615 | PVOID CallbackParam;
4616 | } MINIDUMP_CALLBACK_INFORMATION, *PMINIDUMP_CALLBACK_INFORMATION;
4617 |
4618 |
4619 |
4620 | //++
4621 | //
4622 | // PVOID
4623 | // RVA_TO_ADDR(
4624 | // PVOID Mapping,
4625 | // ULONG Rva
4626 | // )
4627 | //
4628 | // Routine Description:
4629 | //
4630 | // Map an RVA that is contained within a mapped file to it's associated
4631 | // flat address.
4632 | //
4633 | // Arguments:
4634 | //
4635 | // Mapping - Base address of mapped file containing the RVA.
4636 | //
4637 | // Rva - An Rva to fixup.
4638 | //
4639 | // Return Values:
4640 | //
4641 | // A pointer to the desired data.
4642 | //
4643 | //--
4644 |
4645 | #define RVA_TO_ADDR(Mapping,Rva) ((PVOID)(((ULONG_PTR) (Mapping)) + (Rva)))
4646 |
4647 | BOOL
4648 | WINAPI
4649 | MiniDumpWriteDump(
4650 | __in HANDLE hProcess,
4651 | __in DWORD ProcessId,
4652 | __in HANDLE hFile,
4653 | __in MINIDUMP_TYPE DumpType,
4654 | __in_opt PMINIDUMP_EXCEPTION_INFORMATION ExceptionParam,
4655 | __in_opt PMINIDUMP_USER_STREAM_INFORMATION UserStreamParam,
4656 | __in_opt PMINIDUMP_CALLBACK_INFORMATION CallbackParam
4657 | );
4658 |
4659 | BOOL
4660 | WINAPI
4661 | MiniDumpReadDumpStream(
4662 | __in PVOID BaseOfDump,
4663 | __in ULONG StreamNumber,
4664 | __deref_out_opt PMINIDUMP_DIRECTORY* Dir,
4665 | __deref_out_opt PVOID* StreamPointer,
4666 | __out_opt ULONG* StreamSize
4667 | );
4668 |
4669 | #pragma pack(pop)
4670 |
4671 | #ifdef __cplusplus
4672 | }
4673 | #endif
4674 |
4675 |
4676 | #endif // _DBGHELP_
4677 |
4678 |
```