-/**********************************************************************\r
- * \r
- * stack_walker.cpp\r
- *\r
- *\r
- * History:\r
- * 2005-07-27 v1 - First public release on http://www.codeproject.com/\r
- * http://www.codeproject.com/threads/stack_walker.asp\r
- * 2005-07-28 v2 - Changed the params of the constructor and ShowCallstack\r
- * (to simplify the usage)\r
- * 2005-08-01 v3 - Changed to use 'CONTEXT_FULL' instead of CONTEXT_ALL \r
- * (should also be enough)\r
- * - Changed to compile correctly with the PSDK of VC7.0\r
- * (GetFileVersionInfoSizeA and GetFileVersionInfoA is wrongly defined:\r
- * it uses LPSTR instead of LPCSTR as first paremeter)\r
- * - Added declarations to support VC5/6 without using 'dbghelp.h'\r
- * - Added a 'pUserData' member to the ShowCallstack function and the \r
- * PReadProcessMemoryRoutine declaration (to pass some user-defined data, \r
- * which can be used in the readMemoryFunction-callback)\r
- * 2005-08-02 v4 - OnSymInit now also outputs the OS-Version by default\r
- * - Added example for doing an exception-callstack-walking in main.cpp\r
- * (thanks to owillebo: http://www.codeproject.com/script/profile/whos_who.asp?id=536268)\r
- * 2005-08-05 v5 - Removed most Lint (http://www.gimpel.com/) errors... thanks to Okko Willeboordse!\r
- *\r
- **********************************************************************/\r
-#include <tchar.h>\r
-#include <stdio.h>\r
-#include <stdlib.h>\r
-\r
-#pragma warning(push, 1)\r
-\r
-#pragma comment(lib, "version.lib") // for "VerQueryValue"\r
-\r
-#include "stack_walker.h"\r
-\r
-// If VC7 and later, then use the shipped 'dbghelp.h'-file\r
-#if _MSC_VER >= 1300\r
-#include <dbghelp.h>\r
-#else\r
-// inline the important dbghelp.h-declarations...\r
-typedef enum {\r
- SymNone = 0,\r
- SymCoff,\r
- SymCv,\r
- SymPdb,\r
- SymExport,\r
- SymDeferred,\r
- SymSym,\r
- SymDia,\r
- SymVirtual,\r
- NumSymTypes\r
-} SYM_TYPE;\r
-typedef struct _IMAGEHLP_LINE64 {\r
- DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_LINE64)\r
- PVOID Key; // internal\r
- DWORD LineNumber; // line number in file\r
- PCHAR FileName; // full filename\r
- DWORD64 Address; // first instruction of line\r
-} IMAGEHLP_LINE64, *PIMAGEHLP_LINE64;\r
-typedef struct _IMAGEHLP_MODULE64 {\r
- DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE64)\r
- DWORD64 BaseOfImage; // base load address of module\r
- DWORD ImageSize; // virtual size of the loaded module\r
- DWORD TimeDateStamp; // date/time stamp from pe header\r
- DWORD CheckSum; // checksum from the pe header\r
- DWORD NumSyms; // number of symbols in the symbol table\r
- SYM_TYPE SymType; // type of symbols loaded\r
- CHAR ModuleName[32]; // module name\r
- CHAR ImageName[256]; // image name\r
- CHAR LoadedImageName[256]; // symbol file name\r
-} IMAGEHLP_MODULE64, *PIMAGEHLP_MODULE64;\r
-typedef struct _IMAGEHLP_SYMBOL64 {\r
- DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_SYMBOL64)\r
- DWORD64 Address; // virtual address including dll base address\r
- DWORD Size; // estimated size of symbol, can be zero\r
- DWORD Flags; // info about the symbols, see the SYMF defines\r
- DWORD MaxNameLength; // maximum size of symbol name in 'Name'\r
- CHAR Name[1]; // symbol name (null terminated string)\r
-} IMAGEHLP_SYMBOL64, *PIMAGEHLP_SYMBOL64;\r
-typedef enum {\r
- AddrMode1616,\r
- AddrMode1632,\r
- AddrModeReal,\r
- AddrModeFlat\r
-} ADDRESS_MODE;\r
-typedef struct _tagADDRESS64 {\r
- DWORD64 Offset;\r
- WORD Segment;\r
- ADDRESS_MODE Mode;\r
-} ADDRESS64, *LPADDRESS64;\r
-typedef struct _KDHELP64 {\r
- DWORD64 Thread;\r
- DWORD ThCallbackStack;\r
- DWORD ThCallbackBStore;\r
- DWORD NextCallback;\r
- DWORD FramePointer;\r
- DWORD64 KiCallUserMode;\r
- DWORD64 KeUserCallbackDispatcher;\r
- DWORD64 SystemRangeStart;\r
- DWORD64 Reserved[8];\r
-} KDHELP64, *PKDHELP64;\r
-typedef struct _tagSTACKFRAME64 {\r
- ADDRESS64 AddrPC; // program counter\r
- ADDRESS64 AddrReturn; // return address\r
- ADDRESS64 AddrFrame; // frame pointer\r
- ADDRESS64 AddrStack; // stack pointer\r
- ADDRESS64 AddrBStore; // backing store pointer\r
- PVOID FuncTableEntry; // pointer to pdata/fpo or NULL\r
- DWORD64 Params[4]; // possible arguments to the function\r
- BOOL Far; // WOW far call\r
- BOOL Virtual; // is this a virtual frame?\r
- DWORD64 Reserved[3];\r
- KDHELP64 KdHelp;\r
-} STACKFRAME64, *LPSTACKFRAME64;\r
-typedef\r
-BOOL\r
-(__stdcall *PREAD_PROCESS_MEMORY_ROUTINE64)(\r
- HANDLE hProcess,\r
- DWORD64 qwBaseAddress,\r
- PVOID lpBuffer,\r
- DWORD nSize,\r
- LPDWORD lpNumberOfBytesRead\r
- );\r
-typedef\r
-PVOID\r
-(__stdcall *PFUNCTION_TABLE_ACCESS_ROUTINE64)(\r
- HANDLE hProcess,\r
- DWORD64 AddrBase\r
- );\r
-typedef\r
-DWORD64\r
-(__stdcall *PGET_MODULE_BASE_ROUTINE64)(\r
- HANDLE hProcess,\r
- DWORD64 Address\r
- );\r
-typedef\r
-DWORD64\r
-(__stdcall *PTRANSLATE_ADDRESS_ROUTINE64)(\r
- HANDLE hProcess,\r
- HANDLE hThread,\r
- LPADDRESS64 lpaddr\r
- );\r
-#define SYMOPT_CASE_INSENSITIVE 0x00000001\r
-#define SYMOPT_UNDNAME 0x00000002\r
-#define SYMOPT_DEFERRED_LOADS 0x00000004\r
-#define SYMOPT_NO_CPP 0x00000008\r
-#define SYMOPT_LOAD_LINES 0x00000010\r
-#define SYMOPT_OMAP_FIND_NEAREST 0x00000020\r
-#define SYMOPT_LOAD_ANYTHING 0x00000040\r
-#define SYMOPT_IGNORE_CVREC 0x00000080\r
-#define SYMOPT_NO_UNQUALIFIED_LOADS 0x00000100\r
-#define SYMOPT_FAIL_CRITICAL_ERRORS 0x00000200\r
-#define SYMOPT_EXACT_SYMBOLS 0x00000400\r
-#define SYMOPT_ALLOW_ABSOLUTE_SYMBOLS 0x00000800\r
-#define SYMOPT_IGNORE_NT_SYMPATH 0x00001000\r
-#define SYMOPT_INCLUDE_32BIT_MODULES 0x00002000\r
-#define SYMOPT_PUBLICS_ONLY 0x00004000\r
-#define SYMOPT_NO_PUBLICS 0x00008000\r
-#define SYMOPT_AUTO_PUBLICS 0x00010000\r
-#define SYMOPT_NO_IMAGE_SEARCH 0x00020000\r
-#define SYMOPT_SECURE 0x00040000\r
-#define SYMOPT_DEBUG 0x80000000\r
-#define UNDNAME_COMPLETE (0x0000) // Enable full undecoration\r
-#define UNDNAME_NAME_ONLY (0x1000) // Crack only the name for primary declaration;\r
-#endif // _MSC_VER < 1300\r
-\r
-// Some missing defines (for VC5/6):\r
-#ifndef INVALID_FILE_ATTRIBUTES\r
-#define INVALID_FILE_ATTRIBUTES ((DWORD)-1)\r
-#endif \r
-\r
-\r
-// secure-CRT_functions are only available starting with VC8\r
-#if _MSC_VER < 1400\r
-#define strcpy_s strcpy\r
-#define strcat_s(dst, len, src) strcat(dst, src)\r
-#define _snprintf_s _snprintf\r
-#define _tcscat_s _tcscat\r
-#endif\r
-\r
-// Normally it should be enough to use 'CONTEXT_FULL' (better would be 'CONTEXT_ALL')\r
-#define USED_CONTEXT_FLAGS CONTEXT_FULL\r
-\r
-\r
-class stack_walkerInternal\r
-{\r
-public:\r
- stack_walkerInternal(stack_walker *parent, HANDLE hProcess)\r
- {\r
- m_parent = parent;\r
- m_hDbhHelp = NULL;\r
- pSC = NULL;\r
- m_hProcess = hProcess;\r
- m_szSymPath = NULL;\r
- pSFTA = NULL;\r
- pSGLFA = NULL;\r
- pSGMB = NULL;\r
- pSGMI = NULL;\r
- pSGO = NULL;\r
- pSGSFA = NULL;\r
- pSI = NULL;\r
- pSLM = NULL;\r
- pSSO = NULL;\r
- pSW = NULL;\r
- pUDSN = NULL;\r
- pSGSP = NULL;\r
- }\r
- ~stack_walkerInternal()\r
- {\r
- if (pSC != NULL)\r
- pSC(m_hProcess); // SymCleanup\r
- if (m_hDbhHelp != NULL)\r
- FreeLibrary(m_hDbhHelp);\r
- m_hDbhHelp = NULL;\r
- m_parent = NULL;\r
- if(m_szSymPath != NULL)\r
- free(m_szSymPath);\r
- m_szSymPath = NULL;\r
- }\r
- BOOL Init(LPCSTR szSymPath)\r
- {\r
- if (m_parent == NULL)\r
- return FALSE;\r
- // Dynamically load the Entry-Points for dbghelp.dll:\r
- // First try to load the newsest one from\r
- TCHAR szTemp[4096];\r
- // But before wqe do this, we first check if the ".local" file exists\r
- if (GetModuleFileName(NULL, szTemp, 4096) > 0)\r
- {\r
- _tcscat_s(szTemp, _T(".local"));\r
- if (GetFileAttributes(szTemp) == INVALID_FILE_ATTRIBUTES)\r
- {\r
- // ".local" file does not exist, so we can try to load the dbghelp.dll from the "Debugging Tools for Windows"\r
- if (GetEnvironmentVariable(_T("ProgramFiles"), szTemp, 4096) > 0)\r
- {\r
- _tcscat_s(szTemp, _T("\\Debugging Tools for Windows\\dbghelp.dll"));\r
- // now check if the file exists:\r
- if (GetFileAttributes(szTemp) != INVALID_FILE_ATTRIBUTES)\r
- {\r
- m_hDbhHelp = LoadLibrary(szTemp);\r
- }\r
- }\r
- // Still not found? Then try to load the 64-Bit version:\r
- if ( (m_hDbhHelp == NULL) && (GetEnvironmentVariable(_T("ProgramFiles"), szTemp, 4096) > 0) )\r
- {\r
- _tcscat_s(szTemp, _T("\\Debugging Tools for Windows 64-Bit\\dbghelp.dll"));\r
- if (GetFileAttributes(szTemp) != INVALID_FILE_ATTRIBUTES)\r
- {\r
- m_hDbhHelp = LoadLibrary(szTemp);\r
- }\r
- }\r
- }\r
- }\r
- if (m_hDbhHelp == NULL) // if not already loaded, try to load a default-one\r
- m_hDbhHelp = LoadLibrary( _T("dbghelp.dll") );\r
- if (m_hDbhHelp == NULL)\r
- return FALSE;\r
- pSI = (tSI) GetProcAddress(m_hDbhHelp, "SymInitialize" );\r
- pSC = (tSC) GetProcAddress(m_hDbhHelp, "SymCleanup" );\r
-\r
- pSW = (tSW) GetProcAddress(m_hDbhHelp, "StackWalk64" );\r
- pSGO = (tSGO) GetProcAddress(m_hDbhHelp, "SymGetOptions" );\r
- pSSO = (tSSO) GetProcAddress(m_hDbhHelp, "SymSetOptions" );\r
-\r
- pSFTA = (tSFTA) GetProcAddress(m_hDbhHelp, "SymFunctionTableAccess64" );\r
- pSGLFA = (tSGLFA) GetProcAddress(m_hDbhHelp, "SymGetLineFromAddr64" );\r
- pSGMB = (tSGMB) GetProcAddress(m_hDbhHelp, "SymGetModuleBase64" );\r
- pSGMI = (tSGMI) GetProcAddress(m_hDbhHelp, "SymGetModuleInfo64" );\r
- //pSGMI_V3 = (tSGMI_V3) GetProcAddress(m_hDbhHelp, "SymGetModuleInfo64" );\r
- pSGSFA = (tSGSFA) GetProcAddress(m_hDbhHelp, "SymGetSymFromAddr64" );\r
- pUDSN = (tUDSN) GetProcAddress(m_hDbhHelp, "UnDecorateSymbolName" );\r
- pSLM = (tSLM) GetProcAddress(m_hDbhHelp, "SymLoadModule64" );\r
- pSGSP =(tSGSP) GetProcAddress(m_hDbhHelp, "SymGetSearchPath" );\r
-\r
- if ( pSC == NULL || pSFTA == NULL || pSGMB == NULL || pSGMI == NULL ||\r
- pSGO == NULL || pSGSFA == NULL || pSI == NULL || pSSO == NULL ||\r
- pSW == NULL || pUDSN == NULL || pSLM == NULL )\r
- {\r
- FreeLibrary(m_hDbhHelp);\r
- m_hDbhHelp = NULL;\r
- pSC = NULL;\r
- return FALSE;\r
- }\r
-\r
- // SymInitialize\r
- if (szSymPath != NULL)\r
- m_szSymPath = _strdup(szSymPath);\r
- if (this->pSI(m_hProcess, m_szSymPath, FALSE) == FALSE)\r
- this->m_parent->OnDbgHelpErr("SymInitialize", GetLastError(), 0);\r
- \r
- DWORD symOptions = this->pSGO(); // SymGetOptions\r
- symOptions |= SYMOPT_LOAD_LINES;\r
- symOptions |= SYMOPT_FAIL_CRITICAL_ERRORS;\r
- //symOptions |= SYMOPT_NO_PROMPTS;\r
- // SymSetOptions\r
- symOptions = this->pSSO(symOptions);\r
-\r
- char buf[stack_walker::STACKWALK_MAX_NAMELEN] = {0};\r
- if (this->pSGSP != NULL)\r
- {\r
- if (this->pSGSP(m_hProcess, buf, stack_walker::STACKWALK_MAX_NAMELEN) == FALSE)\r
- this->m_parent->OnDbgHelpErr("SymGetSearchPath", GetLastError(), 0);\r
- }\r
- char szUserName[1024] = {0};\r
- DWORD dwSize = 1024;\r
- GetUserNameA(szUserName, &dwSize);\r
- this->m_parent->OnSymInit(buf, symOptions, szUserName);\r
-\r
- return TRUE;\r
- }\r
-\r
- stack_walker *m_parent;\r
-\r
- HMODULE m_hDbhHelp;\r
- HANDLE m_hProcess;\r
- LPSTR m_szSymPath;\r
-\r
-/*typedef struct IMAGEHLP_MODULE64_V3 {\r
- DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE64)\r
- DWORD64 BaseOfImage; // base load address of module\r
- DWORD ImageSize; // virtual size of the loaded module\r
- DWORD TimeDateStamp; // date/time stamp from pe header\r
- DWORD CheckSum; // checksum from the pe header\r
- DWORD NumSyms; // number of symbols in the symbol table\r
- SYM_TYPE SymType; // type of symbols loaded\r
- CHAR ModuleName[32]; // module name\r
- CHAR ImageName[256]; // image name\r
- // new elements: 07-Jun-2002\r
- CHAR LoadedImageName[256]; // symbol file name\r
- CHAR LoadedPdbName[256]; // pdb file name\r
- DWORD CVSig; // Signature of the CV record in the debug directories\r
- CHAR CVData[MAX_PATH * 3]; // Contents of the CV record\r
- DWORD PdbSig; // Signature of PDB\r
- GUID PdbSig70; // Signature of PDB (VC 7 and up)\r
- DWORD PdbAge; // DBI age of pdb\r
- BOOL PdbUnmatched; // loaded an unmatched pdb\r
- BOOL DbgUnmatched; // loaded an unmatched dbg\r
- BOOL LineNumbers; // we have line number information\r
- BOOL GlobalSymbols; // we have internal symbol information\r
- BOOL TypeInfo; // we have type information\r
- // new elements: 17-Dec-2003\r
- BOOL SourceIndexed; // pdb supports source server\r
- BOOL Publics; // contains public symbols\r
-};\r
-*/\r
-typedef struct IMAGEHLP_MODULE64_V2 {\r
- DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE64)\r
- DWORD64 BaseOfImage; // base load address of module\r
- DWORD ImageSize; // virtual size of the loaded module\r
- DWORD TimeDateStamp; // date/time stamp from pe header\r
- DWORD CheckSum; // checksum from the pe header\r
- DWORD NumSyms; // number of symbols in the symbol table\r
- SYM_TYPE SymType; // type of symbols loaded\r
- CHAR ModuleName[32]; // module name\r
- CHAR ImageName[256]; // image name\r
- CHAR LoadedImageName[256]; // symbol file name\r
-};\r
-\r
-\r
- // SymCleanup()\r
- typedef BOOL (__stdcall *tSC)( IN HANDLE hProcess );\r
- tSC pSC;\r
-\r
- // SymFunctionTableAccess64()\r
- typedef PVOID (__stdcall *tSFTA)( HANDLE hProcess, DWORD64 AddrBase );\r
- tSFTA pSFTA;\r
-\r
- // SymGetLineFromAddr64()\r
- typedef BOOL (__stdcall *tSGLFA)( IN HANDLE hProcess, IN DWORD64 dwAddr,\r
- OUT PDWORD pdwDisplacement, OUT PIMAGEHLP_LINE64 Line );\r
- tSGLFA pSGLFA;\r
-\r
- // SymGetModuleBase64()\r
- typedef DWORD64 (__stdcall *tSGMB)( IN HANDLE hProcess, IN DWORD64 dwAddr );\r
- tSGMB pSGMB;\r
-\r
- // SymGetModuleInfo64()\r
- typedef BOOL (__stdcall *tSGMI)( IN HANDLE hProcess, IN DWORD64 dwAddr, OUT IMAGEHLP_MODULE64_V2 *ModuleInfo );\r
- tSGMI pSGMI;\r
-\r
-// // SymGetModuleInfo64()\r
-// typedef BOOL (__stdcall *tSGMI_V3)( IN HANDLE hProcess, IN DWORD64 dwAddr, OUT IMAGEHLP_MODULE64_V3 *ModuleInfo );\r
-// tSGMI_V3 pSGMI_V3;\r
-\r
- // SymGetOptions()\r
- typedef DWORD (__stdcall *tSGO)( VOID );\r
- tSGO pSGO;\r
-\r
- // SymGetSymFromAddr64()\r
- typedef BOOL (__stdcall *tSGSFA)( IN HANDLE hProcess, IN DWORD64 dwAddr,\r
- OUT PDWORD64 pdwDisplacement, OUT PIMAGEHLP_SYMBOL64 Symbol );\r
- tSGSFA pSGSFA;\r
-\r
- // SymInitialize()\r
- typedef BOOL (__stdcall *tSI)( IN HANDLE hProcess, IN PSTR UserSearchPath, IN BOOL fInvadeProcess );\r
- tSI pSI;\r
-\r
- // SymLoadModule64()\r
- typedef DWORD64 (__stdcall *tSLM)( IN HANDLE hProcess, IN HANDLE hFile,\r
- IN PSTR ImageName, IN PSTR ModuleName, IN DWORD64 BaseOfDll, IN DWORD SizeOfDll );\r
- tSLM pSLM;\r
-\r
- // SymSetOptions()\r
- typedef DWORD (__stdcall *tSSO)( IN DWORD SymOptions );\r
- tSSO pSSO;\r
-\r
- // StackWalk64()\r
- typedef BOOL (__stdcall *tSW)( \r
- DWORD MachineType, \r
- HANDLE hProcess,\r
- HANDLE hThread, \r
- LPSTACKFRAME64 StackFrame, \r
- PVOID ContextRecord,\r
- PREAD_PROCESS_MEMORY_ROUTINE64 ReadMemoryRoutine,\r
- PFUNCTION_TABLE_ACCESS_ROUTINE64 FunctionTableAccessRoutine,\r
- PGET_MODULE_BASE_ROUTINE64 GetModuleBaseRoutine,\r
- PTRANSLATE_ADDRESS_ROUTINE64 TranslateAddress );\r
- tSW pSW;\r
-\r
- // UnDecorateSymbolName()\r
- typedef DWORD (__stdcall WINAPI *tUDSN)( PCSTR DecoratedName, PSTR UnDecoratedName,\r
- DWORD UndecoratedLength, DWORD Flags );\r
- tUDSN pUDSN;\r
-\r
- typedef BOOL (__stdcall WINAPI *tSGSP)(HANDLE hProcess, PSTR SearchPath, DWORD SearchPathLength);\r
- tSGSP pSGSP;\r
-\r
-\r
-private:\r
- // **************************************** ToolHelp32 ************************\r
- #define MAX_MODULE_NAME32 255\r
- #define TH32CS_SNAPMODULE 0x00000008\r
- #pragma pack( push, 8 )\r
- typedef struct tagMODULEENTRY32\r
- {\r
- DWORD dwSize;\r
- DWORD th32ModuleID; // This module\r
- DWORD th32ProcessID; // owning process\r
- DWORD GlblcntUsage; // Global usage count on the module\r
- DWORD ProccntUsage; // Module usage count in th32ProcessID's context\r
- BYTE * modBaseAddr; // Base address of module in th32ProcessID's context\r
- DWORD modBaseSize; // Size in bytes of module starting at modBaseAddr\r
- HMODULE hModule; // The hModule of this module in th32ProcessID's context\r
- char szModule[MAX_MODULE_NAME32 + 1];\r
- char szExePath[MAX_PATH];\r
- } MODULEENTRY32;\r
- typedef MODULEENTRY32 * PMODULEENTRY32;\r
- typedef MODULEENTRY32 * LPMODULEENTRY32;\r
- #pragma pack( pop )\r
-\r
- BOOL GetModuleListTH32(HANDLE hProcess, DWORD pid)\r
- {\r
- // CreateToolhelp32Snapshot()\r
- typedef HANDLE (__stdcall *tCT32S)(DWORD dwFlags, DWORD th32ProcessID);\r
- // Module32First()\r
- typedef BOOL (__stdcall *tM32F)(HANDLE hSnapshot, LPMODULEENTRY32 lpme);\r
- // Module32Next()\r
- typedef BOOL (__stdcall *tM32N)(HANDLE hSnapshot, LPMODULEENTRY32 lpme);\r
-\r
- // try both dlls...\r
- const TCHAR *dllname[] = { _T("kernel32.dll"), _T("tlhelp32.dll") };\r
- HINSTANCE hToolhelp = NULL;\r
- tCT32S pCT32S = NULL;\r
- tM32F pM32F = NULL;\r
- tM32N pM32N = NULL;\r
-\r
- HANDLE hSnap;\r
- MODULEENTRY32 me;\r
- me.dwSize = sizeof(me);\r
- BOOL keepGoing;\r
- size_t i;\r
-\r
- for (i = 0; i<(sizeof(dllname) / sizeof(dllname[0])); i++ )\r
- {\r
- hToolhelp = LoadLibrary( dllname[i] );\r
- if (hToolhelp == NULL)\r
- continue;\r
- pCT32S = (tCT32S) GetProcAddress(hToolhelp, "CreateToolhelp32Snapshot");\r
- pM32F = (tM32F) GetProcAddress(hToolhelp, "Module32First");\r
- pM32N = (tM32N) GetProcAddress(hToolhelp, "Module32Next");\r
- if ( (pCT32S != NULL) && (pM32F != NULL) && (pM32N != NULL) )\r
- break; // found the functions!\r
- FreeLibrary(hToolhelp);\r
- hToolhelp = NULL;\r
- }\r
-\r
- if (hToolhelp == NULL)\r
- return FALSE;\r
-\r
- hSnap = pCT32S( TH32CS_SNAPMODULE, pid );\r
- if (hSnap == (HANDLE) -1)\r
- return FALSE;\r
-\r
- keepGoing = !!pM32F( hSnap, &me );\r
- int cnt = 0;\r
- while (keepGoing)\r
- {\r
- this->LoadModule(hProcess, me.szExePath, me.szModule, (DWORD64) me.modBaseAddr, me.modBaseSize);\r
- cnt++;\r
- keepGoing = !!pM32N( hSnap, &me );\r
- }\r
- CloseHandle(hSnap);\r
- FreeLibrary(hToolhelp);\r
- if (cnt <= 0)\r
- return FALSE;\r
- return TRUE;\r
- } // GetModuleListTH32\r
-\r
- // **************************************** PSAPI ************************\r
- typedef struct _MODULEINFO {\r
- LPVOID lpBaseOfDll;\r
- DWORD SizeOfImage;\r
- LPVOID EntryPoint;\r
- } MODULEINFO, *LPMODULEINFO;\r
-\r
- BOOL GetModuleListPSAPI(HANDLE hProcess)\r
- {\r
- // EnumProcessModules()\r
- typedef BOOL (__stdcall *tEPM)(HANDLE hProcess, HMODULE *lphModule, DWORD cb, LPDWORD lpcbNeeded );\r
- // GetModuleFileNameEx()\r
- typedef DWORD (__stdcall *tGMFNE)(HANDLE hProcess, HMODULE hModule, LPSTR lpFilename, DWORD nSize );\r
- // GetModuleBaseName()\r
- typedef DWORD (__stdcall *tGMBN)(HANDLE hProcess, HMODULE hModule, LPSTR lpFilename, DWORD nSize );\r
- // GetModuleInformation()\r
- typedef BOOL (__stdcall *tGMI)(HANDLE hProcess, HMODULE hModule, LPMODULEINFO pmi, DWORD nSize );\r
-\r
- HINSTANCE hPsapi;\r
- tEPM pEPM;\r
- tGMFNE pGMFNE;\r
- tGMBN pGMBN;\r
- tGMI pGMI;\r
-\r
- DWORD i;\r
- //ModuleEntry e;\r
- DWORD cbNeeded;\r
- MODULEINFO mi;\r
- HMODULE *hMods = 0;\r
- char *tt = NULL;\r
- char *tt2 = NULL;\r
- const SIZE_T TTBUFLEN = 8096;\r
- int cnt = 0;\r
-\r
- hPsapi = LoadLibrary( _T("psapi.dll") );\r
- if (hPsapi == NULL)\r
- return FALSE;\r
-\r
- pEPM = (tEPM) GetProcAddress( hPsapi, "EnumProcessModules" );\r
- pGMFNE = (tGMFNE) GetProcAddress( hPsapi, "GetModuleFileNameExA" );\r
- pGMBN = (tGMFNE) GetProcAddress( hPsapi, "GetModuleBaseNameA" );\r
- pGMI = (tGMI) GetProcAddress( hPsapi, "GetModuleInformation" );\r
- if ( (pEPM == NULL) || (pGMFNE == NULL) || (pGMBN == NULL) || (pGMI == NULL) )\r
- {\r
- // we couldnĀ“t find all functions\r
- FreeLibrary(hPsapi);\r
- return FALSE;\r
- }\r
-\r
- hMods = (HMODULE*) malloc(sizeof(HMODULE) * (TTBUFLEN / sizeof HMODULE));\r
- tt = (char*) malloc(sizeof(char) * TTBUFLEN);\r
- tt2 = (char*) malloc(sizeof(char) * TTBUFLEN);\r
- if ( (hMods == NULL) || (tt == NULL) || (tt2 == NULL) )\r
- goto cleanup;\r
-\r
- if ( ! pEPM( hProcess, hMods, TTBUFLEN, &cbNeeded ) )\r
- {\r
- //_ftprintf(fLogFile, _T("%lu: EPM failed, GetLastError = %lu\n"), g_dwShowCount, gle );\r
- goto cleanup;\r
- }\r
-\r
- if ( cbNeeded > TTBUFLEN )\r
- {\r
- //_ftprintf(fLogFile, _T("%lu: More than %lu module handles. Huh?\n"), g_dwShowCount, lenof( hMods ) );\r
- goto cleanup;\r
- }\r
-\r
- for ( i = 0; i < cbNeeded / sizeof hMods[0]; i++ )\r
- {\r
- // base address, size\r
- pGMI(hProcess, hMods[i], &mi, sizeof mi );\r
- // image file name\r
- tt[0] = 0;\r
- pGMFNE(hProcess, hMods[i], tt, TTBUFLEN );\r
- // module name\r
- tt2[0] = 0;\r
- pGMBN(hProcess, hMods[i], tt2, TTBUFLEN );\r
-\r
- DWORD dwRes = this->LoadModule(hProcess, tt, tt2, (DWORD64) mi.lpBaseOfDll, mi.SizeOfImage);\r
- if (dwRes != ERROR_SUCCESS)\r
- this->m_parent->OnDbgHelpErr("LoadModule", dwRes, 0);\r
- cnt++;\r
- }\r
-\r
- cleanup:\r
- if (hPsapi != NULL) FreeLibrary(hPsapi);\r
- if (tt2 != NULL) free(tt2);\r
- if (tt != NULL) free(tt);\r
- if (hMods != NULL) free(hMods);\r
-\r
- return cnt != 0;\r
- } // GetModuleListPSAPI\r
-\r
- DWORD LoadModule(HANDLE hProcess, LPCSTR img, LPCSTR mod, DWORD64 baseAddr, DWORD size)\r
- {\r
- CHAR *szImg = _strdup(img);\r
- CHAR *szMod = _strdup(mod);\r
- DWORD result = ERROR_SUCCESS;\r
- if ( (szImg == NULL) || (szMod == NULL) )\r
- result = ERROR_NOT_ENOUGH_MEMORY;\r
- else\r
- {\r
- if (pSLM(hProcess, 0, szImg, szMod, baseAddr, size) == 0)\r
- result = GetLastError();\r
- }\r
- ULONGLONG fileVersion = 0;\r
- if ( (m_parent != NULL) && (szImg != NULL) )\r
- {\r
- // try to retrive the file-version:\r
- if ( (this->m_parent->m_options & stack_walker::RetrieveFileVersion) != 0)\r
- {\r
- VS_FIXEDFILEINFO *fInfo = NULL;\r
- DWORD dwHandle;\r
- DWORD dwSize = GetFileVersionInfoSizeA(szImg, &dwHandle);\r
- if (dwSize > 0)\r
- {\r
- LPVOID vData = malloc(dwSize);\r
- if (vData != NULL)\r
- {\r
- if (GetFileVersionInfoA(szImg, dwHandle, dwSize, vData) != 0)\r
- {\r
- UINT len;\r
- TCHAR szSubBlock[] = _T("\\");\r
- if (VerQueryValue(vData, szSubBlock, (LPVOID*) &fInfo, &len) == 0)\r
- fInfo = NULL;\r
- else\r
- {\r
- fileVersion = ((ULONGLONG)fInfo->dwFileVersionLS) + ((ULONGLONG)fInfo->dwFileVersionMS << 32);\r
- }\r
- }\r
- free(vData);\r
- }\r
- }\r
- }\r
-\r
- // Retrive some additional-infos about the module\r
- IMAGEHLP_MODULE64_V2 Module;\r
- const char *szSymType = "-unknown-";\r
- if (this->GetModuleInfo(hProcess, baseAddr, &Module) != FALSE)\r
- {\r
- switch(Module.SymType)\r
- {\r
- case SymNone:\r
- szSymType = "-nosymbols-";\r
- break;\r
- case SymCoff:\r
- szSymType = "COFF";\r
- break;\r
- case SymCv:\r
- szSymType = "CV";\r
- break;\r
- case SymPdb:\r
- szSymType = "PDB";\r
- break;\r
- case SymExport:\r
- szSymType = "-exported-";\r
- break;\r
- case SymDeferred:\r
- szSymType = "-deferred-";\r
- break;\r
- case SymSym:\r
- szSymType = "SYM";\r
- break;\r
- case 8: //SymVirtual:\r
- szSymType = "Virtual";\r
- break;\r
- case 9: // SymDia:\r
- szSymType = "DIA";\r
- break;\r
- }\r
- }\r
- this->m_parent->OnLoadModule(img, mod, baseAddr, size, result, szSymType, Module.LoadedImageName, fileVersion);\r
- }\r
- if (szImg != NULL) free(szImg);\r
- if (szMod != NULL) free(szMod);\r
- return result;\r
- }\r
-public:\r
- BOOL LoadModules(HANDLE hProcess, DWORD dwProcessId)\r
- {\r
- // first try toolhelp32\r
- if (GetModuleListTH32(hProcess, dwProcessId))\r
- return true;\r
- // then try psapi\r
- return GetModuleListPSAPI(hProcess);\r
- }\r
-\r
-\r
- BOOL GetModuleInfo(HANDLE hProcess, DWORD64 baseAddr, IMAGEHLP_MODULE64_V2 *pModuleInfo)\r
- {\r
- if(this->pSGMI == NULL)\r
- {\r
- SetLastError(ERROR_DLL_INIT_FAILED);\r
- return FALSE;\r
- }\r
- // First try to use the larger ModuleInfo-Structure\r
-// memset(pModuleInfo, 0, sizeof(IMAGEHLP_MODULE64_V3));\r
-// pModuleInfo->SizeOfStruct = sizeof(IMAGEHLP_MODULE64_V3);\r
-// if (this->pSGMI_V3 != NULL)\r
-// {\r
-// if (this->pSGMI_V3(hProcess, baseAddr, pModuleInfo) != FALSE)\r
-// return TRUE;\r
-// // check if the parameter was wrong (size is bad...)\r
-// if (GetLastError() != ERROR_INVALID_PARAMETER)\r
-// return FALSE;\r
-// }\r
- // could not retrive the bigger structure, try with the smaller one (as defined in VC7.1)...\r
- pModuleInfo->SizeOfStruct = sizeof(IMAGEHLP_MODULE64_V2);\r
- void *pData = malloc(4096); // reserve enough memory, so the bug in v6.3.5.1 does not lead to memory-overwrites...\r
- if (pData == NULL)\r
- {\r
- SetLastError(ERROR_NOT_ENOUGH_MEMORY);\r
- return FALSE;\r
- }\r
- memcpy(pData, pModuleInfo, sizeof(IMAGEHLP_MODULE64_V2));\r
- if (this->pSGMI(hProcess, baseAddr, (IMAGEHLP_MODULE64_V2*) pData) != FALSE)\r
- {\r
- // only copy as much memory as is reserved...\r
- memcpy(pModuleInfo, pData, sizeof(IMAGEHLP_MODULE64_V2));\r
- pModuleInfo->SizeOfStruct = sizeof(IMAGEHLP_MODULE64_V2);\r
- free(pData);\r
- return TRUE;\r
- }\r
- free(pData);\r
- SetLastError(ERROR_DLL_INIT_FAILED);\r
- return FALSE;\r
- }\r
-};\r
-\r
-// #############################################################\r
-stack_walker::stack_walker(DWORD dwProcessId, HANDLE hProcess)\r
-{\r
- this->m_options = OptionsAll;\r
- this->m_modulesLoaded = FALSE;\r
- this->m_hProcess = hProcess;\r
- this->m_sw = new stack_walkerInternal(this, this->m_hProcess);\r
- this->m_dwProcessId = dwProcessId;\r
- this->m_szSymPath = NULL;\r
-}\r
-stack_walker::stack_walker(int options, LPCSTR szSymPath, DWORD dwProcessId, HANDLE hProcess)\r
-{\r
- this->m_options = options;\r
- this->m_modulesLoaded = FALSE;\r
- this->m_hProcess = hProcess;\r
- this->m_sw = new stack_walkerInternal(this, this->m_hProcess);\r
- this->m_dwProcessId = dwProcessId;\r
- if (szSymPath != NULL)\r
- {\r
- this->m_szSymPath = _strdup(szSymPath);\r
- this->m_options |= SymBuildPath;\r
- }\r
- else\r
- this->m_szSymPath = NULL;\r
-}\r
-\r
-stack_walker::~stack_walker()\r
-{\r
- if (m_szSymPath != NULL)\r
- free(m_szSymPath);\r
- m_szSymPath = NULL;\r
- if (this->m_sw != NULL)\r
- delete this->m_sw;\r
- this->m_sw = NULL;\r
-}\r
-\r
-BOOL stack_walker::LoadModules()\r
-{\r
- if (this->m_sw == NULL)\r
- {\r
- SetLastError(ERROR_DLL_INIT_FAILED);\r
- return FALSE;\r
- }\r
- if (m_modulesLoaded != FALSE)\r
- return TRUE;\r
-\r
- // Build the sym-path:\r
- char *szSymPath = NULL;\r
- if ( (this->m_options & SymBuildPath) != 0)\r
- {\r
- const size_t nSymPathLen = 4096;\r
- szSymPath = (char*) malloc(nSymPathLen);\r
- if (szSymPath == NULL)\r
- {\r
- SetLastError(ERROR_NOT_ENOUGH_MEMORY);\r
- return FALSE;\r
- }\r
- szSymPath[0] = 0;\r
- // Now first add the (optional) provided sympath:\r
- if (this->m_szSymPath != NULL)\r
- {\r
- strcat_s(szSymPath, nSymPathLen, this->m_szSymPath);\r
- strcat_s(szSymPath, nSymPathLen, ";");\r
- }\r
-\r
- strcat_s(szSymPath, nSymPathLen, ".;");\r
-\r
- const size_t nTempLen = 1024;\r
- char szTemp[nTempLen];\r
- // Now add the current directory:\r
- if (GetCurrentDirectoryA(nTempLen, szTemp) > 0)\r
- {\r
- szTemp[nTempLen-1] = 0;\r
- strcat_s(szSymPath, nSymPathLen, szTemp);\r
- strcat_s(szSymPath, nSymPathLen, ";");\r
- }\r
-\r
- // Now add the path for the main-module:\r
- if (GetModuleFileNameA(NULL, szTemp, nTempLen) > 0)\r
- {\r
- szTemp[nTempLen-1] = 0;\r
- for (char *p = (szTemp+strlen(szTemp)-1); p >= szTemp; --p)\r
- {\r
- // locate the rightmost path separator\r
- if ( (*p == '\\') || (*p == '/') || (*p == ':') )\r
- {\r
- *p = 0;\r
- break;\r
- }\r
- } // for (search for path separator...)\r
- if (strlen(szTemp) > 0)\r
- {\r
- strcat_s(szSymPath, nSymPathLen, szTemp);\r
- strcat_s(szSymPath, nSymPathLen, ";");\r
- }\r
- }\r
- if (GetEnvironmentVariableA("_NT_SYMBOL_PATH", szTemp, nTempLen) > 0)\r
- {\r
- szTemp[nTempLen-1] = 0;\r
- strcat_s(szSymPath, nSymPathLen, szTemp);\r
- strcat_s(szSymPath, nSymPathLen, ";");\r
- }\r
- if (GetEnvironmentVariableA("_NT_ALTERNATE_SYMBOL_PATH", szTemp, nTempLen) > 0)\r
- {\r
- szTemp[nTempLen-1] = 0;\r
- strcat_s(szSymPath, nSymPathLen, szTemp);\r
- strcat_s(szSymPath, nSymPathLen, ";");\r
- }\r
- if (GetEnvironmentVariableA("SYSTEMROOT", szTemp, nTempLen) > 0)\r
- {\r
- szTemp[nTempLen-1] = 0;\r
- strcat_s(szSymPath, nSymPathLen, szTemp);\r
- strcat_s(szSymPath, nSymPathLen, ";");\r
- // also add the "system32"-directory:\r
- strcat_s(szTemp, nTempLen, "\\system32");\r
- strcat_s(szSymPath, nSymPathLen, szTemp);\r
- strcat_s(szSymPath, nSymPathLen, ";");\r
- }\r
-\r
- if ( (this->m_options & SymBuildPath) != 0)\r
- {\r
- if (GetEnvironmentVariableA("SYSTEMDRIVE", szTemp, nTempLen) > 0)\r
- {\r
- szTemp[nTempLen-1] = 0;\r
- strcat_s(szSymPath, nSymPathLen, "SRV*");\r
- strcat_s(szSymPath, nSymPathLen, szTemp);\r
- strcat_s(szSymPath, nSymPathLen, "\\websymbols");\r
- strcat_s(szSymPath, nSymPathLen, "*http://msdl.microsoft.com/download/symbols;");\r
- }\r
- else\r
- strcat_s(szSymPath, nSymPathLen, "SRV*c:\\websymbols*http://msdl.microsoft.com/download/symbols;");\r
- }\r
- }\r
-\r
- // First Init the whole stuff...\r
- BOOL bRet = this->m_sw->Init(szSymPath);\r
- if (szSymPath != NULL) free(szSymPath); szSymPath = NULL;\r
- if (bRet == FALSE)\r
- {\r
- this->OnDbgHelpErr("Error while initializing dbghelp.dll", 0, 0);\r
- SetLastError(ERROR_DLL_INIT_FAILED);\r
- return FALSE;\r
- }\r
-\r
- bRet = this->m_sw->LoadModules(this->m_hProcess, this->m_dwProcessId);\r
- if (bRet != FALSE)\r
- m_modulesLoaded = TRUE;\r
- return bRet;\r
-}\r
-\r
-\r
-// The following is used to pass the "userData"-Pointer to the user-provided readMemoryFunction\r
-// This has to be done due to a problem with the "hProcess"-parameter in x64...\r
-// Because this class is in no case multi-threading-enabled (because of the limitations \r
-// of dbghelp.dll) it is "safe" to use a static-variable\r
-static stack_walker::PReadProcessMemoryRoutine s_readMemoryFunction = NULL;\r
-static LPVOID s_readMemoryFunction_UserData = NULL;\r
-\r
-BOOL stack_walker::ShowCallstack(HANDLE hThread, const CONTEXT *context, PReadProcessMemoryRoutine readMemoryFunction, LPVOID pUserData)\r
-{\r
- CONTEXT c;;\r
- CallstackEntry csEntry;\r
- IMAGEHLP_SYMBOL64 *pSym = NULL;\r
- stack_walkerInternal::IMAGEHLP_MODULE64_V2 Module;\r
- IMAGEHLP_LINE64 Line;\r
- int frameNum;\r
-\r
- if (m_modulesLoaded == FALSE)\r
- this->LoadModules(); // ignore the result...\r
-\r
- if (this->m_sw->m_hDbhHelp == NULL)\r
- {\r
- SetLastError(ERROR_DLL_INIT_FAILED);\r
- return FALSE;\r
- }\r
-\r
- s_readMemoryFunction = readMemoryFunction;\r
- s_readMemoryFunction_UserData = pUserData;\r
-\r
- if (context == NULL)\r
- {\r
- // If no context is provided, capture the context\r
- if (hThread == GetCurrentThread())\r
- {\r
- GET_CURRENT_CONTEXT(c, USED_CONTEXT_FLAGS);\r
- }\r
- else\r
- {\r
- SuspendThread(hThread);\r
- memset(&c, 0, sizeof(CONTEXT));\r
- c.ContextFlags = USED_CONTEXT_FLAGS;\r
- if (GetThreadContext(hThread, &c) == FALSE)\r
- {\r
- ResumeThread(hThread);\r
- return FALSE;\r
- }\r
- }\r
- }\r
- else\r
- c = *context;\r
-\r
- // init STACKFRAME for first call\r
- STACKFRAME64 s; // in/out stackframe\r
- memset(&s, 0, sizeof(s));\r
- DWORD imageType;\r
-#ifdef _M_IX86\r
- // normally, call ImageNtHeader() and use machine info from PE header\r
- imageType = IMAGE_FILE_MACHINE_I386;\r
- s.AddrPC.Offset = c.Eip;\r
- s.AddrPC.Mode = AddrModeFlat;\r
- s.AddrFrame.Offset = c.Ebp;\r
- s.AddrFrame.Mode = AddrModeFlat;\r
- s.AddrStack.Offset = c.Esp;\r
- s.AddrStack.Mode = AddrModeFlat;\r
-#elif _M_X64\r
- imageType = IMAGE_FILE_MACHINE_AMD64;\r
- s.AddrPC.Offset = c.Rip;\r
- s.AddrPC.Mode = AddrModeFlat;\r
- s.AddrFrame.Offset = c.Rsp;\r
- s.AddrFrame.Mode = AddrModeFlat;\r
- s.AddrStack.Offset = c.Rsp;\r
- s.AddrStack.Mode = AddrModeFlat;\r
-#elif _M_IA64\r
- imageType = IMAGE_FILE_MACHINE_IA64;\r
- s.AddrPC.Offset = c.StIIP;\r
- s.AddrPC.Mode = AddrModeFlat;\r
- s.AddrFrame.Offset = c.IntSp;\r
- s.AddrFrame.Mode = AddrModeFlat;\r
- s.AddrBStore.Offset = c.RsBSP;\r
- s.AddrBStore.Mode = AddrModeFlat;\r
- s.AddrStack.Offset = c.IntSp;\r
- s.AddrStack.Mode = AddrModeFlat;\r
-#else\r
-#error "Platform not supported!"\r
-#endif\r
-\r
- pSym = (IMAGEHLP_SYMBOL64 *) malloc(sizeof(IMAGEHLP_SYMBOL64) + STACKWALK_MAX_NAMELEN);\r
- if (!pSym) goto cleanup; // not enough memory...\r
- memset(pSym, 0, sizeof(IMAGEHLP_SYMBOL64) + STACKWALK_MAX_NAMELEN);\r
- pSym->SizeOfStruct = sizeof(IMAGEHLP_SYMBOL64);\r
- pSym->MaxNameLength = STACKWALK_MAX_NAMELEN;\r
-\r
- memset(&Line, 0, sizeof(Line));\r
- Line.SizeOfStruct = sizeof(Line);\r
-\r
- memset(&Module, 0, sizeof(Module));\r
- Module.SizeOfStruct = sizeof(Module);\r
-\r
- for (frameNum = 0; ; ++frameNum )\r
- {\r
- // get next stack frame (StackWalk64(), SymFunctionTableAccess64(), SymGetModuleBase64())\r
- // if this returns ERROR_INVALID_ADDRESS (487) or ERROR_NOACCESS (998), you can\r
- // assume that either you are done, or that the stack is so hosed that the next\r
- // deeper frame could not be found.\r
- // CONTEXT need not to be suplied if imageTyp is IMAGE_FILE_MACHINE_I386!\r
- if ( ! this->m_sw->pSW(imageType, this->m_hProcess, hThread, &s, &c, myReadProcMem, this->m_sw->pSFTA, this->m_sw->pSGMB, NULL) )\r
- {\r
- this->OnDbgHelpErr("StackWalk64", GetLastError(), s.AddrPC.Offset);\r
- break;\r
- }\r
-\r
- csEntry.offset = s.AddrPC.Offset;\r
- csEntry.name[0] = 0;\r
- csEntry.undName[0] = 0;\r
- csEntry.undFullName[0] = 0;\r
- csEntry.offsetFromSmybol = 0;\r
- csEntry.offsetFromLine = 0;\r
- csEntry.lineFileName[0] = 0;\r
- csEntry.lineNumber = 0;\r
- csEntry.loadedImageName[0] = 0;\r
- csEntry.moduleName[0] = 0;\r
- if (s.AddrPC.Offset == s.AddrReturn.Offset)\r
- {\r
- this->OnDbgHelpErr("StackWalk64-Endless-Callstack!", 0, s.AddrPC.Offset);\r
- break;\r
- }\r
- if (s.AddrPC.Offset != 0)\r
- {\r
- // we seem to have a valid PC\r
- // show procedure info (SymGetSymFromAddr64())\r
- if (this->m_sw->pSGSFA(this->m_hProcess, s.AddrPC.Offset, &(csEntry.offsetFromSmybol), pSym) != FALSE)\r
- {\r
- // TODO: Mache dies sicher...!\r
- strcpy_s(csEntry.name, pSym->Name);\r
- // UnDecorateSymbolName()\r
- this->m_sw->pUDSN( pSym->Name, csEntry.undName, STACKWALK_MAX_NAMELEN, UNDNAME_NAME_ONLY );\r
- this->m_sw->pUDSN( pSym->Name, csEntry.undFullName, STACKWALK_MAX_NAMELEN, UNDNAME_COMPLETE );\r
- }\r
- else\r
- {\r
- this->OnDbgHelpErr("SymGetSymFromAddr64", GetLastError(), s.AddrPC.Offset);\r
- }\r
-\r
- // show line number info, NT5.0-method (SymGetLineFromAddr64())\r
- if (this->m_sw->pSGLFA != NULL )\r
- { // yes, we have SymGetLineFromAddr64()\r
- if (this->m_sw->pSGLFA(this->m_hProcess, s.AddrPC.Offset, &(csEntry.offsetFromLine), &Line) != FALSE)\r
- {\r
- csEntry.lineNumber = Line.LineNumber;\r
- // TODO: Mache dies sicher...!\r
- strcpy_s(csEntry.lineFileName, Line.FileName);\r
- }\r
- else\r
- {\r
- this->OnDbgHelpErr("SymGetLineFromAddr64", GetLastError(), s.AddrPC.Offset);\r
- }\r
- } // yes, we have SymGetLineFromAddr64()\r
-\r
- // show module info (SymGetModuleInfo64())\r
- if (this->m_sw->GetModuleInfo(this->m_hProcess, s.AddrPC.Offset, &Module ) != FALSE)\r
- { // got module info OK\r
- switch ( Module.SymType )\r
- {\r
- case SymNone:\r
- csEntry.symTypeString = "-nosymbols-";\r
- break;\r
- case SymCoff:\r
- csEntry.symTypeString = "COFF";\r
- break;\r
- case SymCv:\r
- csEntry.symTypeString = "CV";\r
- break;\r
- case SymPdb:\r
- csEntry.symTypeString = "PDB";\r
- break;\r
- case SymExport:\r
- csEntry.symTypeString = "-exported-";\r
- break;\r
- case SymDeferred:\r
- csEntry.symTypeString = "-deferred-";\r
- break;\r
- case SymSym:\r
- csEntry.symTypeString = "SYM";\r
- break;\r
-#if API_VERSION_NUMBER >= 9\r
- case SymDia:\r
- csEntry.symTypeString = "DIA";\r
- break;\r
-#endif\r
- case 8: //SymVirtual:\r
- csEntry.symTypeString = "Virtual";\r
- break;\r
- default:\r
- //_snprintf( ty, sizeof ty, "symtype=%ld", (long) Module.SymType );\r
- csEntry.symTypeString = NULL;\r
- break;\r
- }\r
-\r
- // TODO: Mache dies sicher...!\r
- strcpy_s(csEntry.moduleName, Module.ModuleName);\r
- csEntry.baseOfImage = Module.BaseOfImage;\r
- strcpy_s(csEntry.loadedImageName, Module.LoadedImageName);\r
- } // got module info OK\r
- else\r
- {\r
- this->OnDbgHelpErr("SymGetModuleInfo64", GetLastError(), s.AddrPC.Offset);\r
- }\r
- } // we seem to have a valid PC\r
-\r
- CallstackEntryType et = nextEntry;\r
- if (frameNum == 0)\r
- et = firstEntry;\r
- this->OnCallstackEntry(et, csEntry);\r
- \r
- if (s.AddrReturn.Offset == 0)\r
- {\r
- this->OnCallstackEntry(lastEntry, csEntry);\r
- SetLastError(ERROR_SUCCESS);\r
- break;\r
- }\r
- } // for ( frameNum )\r
-\r
- cleanup:\r
- if (pSym) free( pSym );\r
-\r
- if (context == NULL)\r
- ResumeThread(hThread);\r
-\r
- return TRUE;\r
-}\r
-\r
-BOOL __stdcall stack_walker::myReadProcMem(\r
- HANDLE hProcess,\r
- DWORD64 qwBaseAddress,\r
- PVOID lpBuffer,\r
- DWORD nSize,\r
- LPDWORD lpNumberOfBytesRead\r
- )\r
-{\r
- if (s_readMemoryFunction == NULL)\r
- {\r
- SIZE_T st;\r
- BOOL bRet = ReadProcessMemory(hProcess, (LPVOID) qwBaseAddress, lpBuffer, nSize, &st);\r
- *lpNumberOfBytesRead = (DWORD) st;\r
- //printf("ReadMemory: hProcess: %p, baseAddr: %p, buffer: %p, size: %d, read: %d, result: %d\n", hProcess, (LPVOID) qwBaseAddress, lpBuffer, nSize, (DWORD) st, (DWORD) bRet);\r
- return bRet;\r
- }\r
- else\r
- {\r
- return s_readMemoryFunction(hProcess, qwBaseAddress, lpBuffer, nSize, lpNumberOfBytesRead, s_readMemoryFunction_UserData);\r
- }\r
-}\r
-\r
-void stack_walker::OnLoadModule(LPCSTR img, LPCSTR mod, DWORD64 baseAddr, DWORD size, DWORD result, LPCSTR symType, LPCSTR pdbName, ULONGLONG fileVersion)\r
-{\r
- CHAR buffer[STACKWALK_MAX_NAMELEN];\r
- if (fileVersion == 0)\r
- _snprintf_s(buffer, STACKWALK_MAX_NAMELEN, "%s:%s (%p), size: %d (result: %d), SymType: '%s', PDB: '%s'\n", img, mod, (LPVOID) baseAddr, size, result, symType, pdbName);\r
- else\r
- {\r
- DWORD v4 = (DWORD) fileVersion & 0xFFFF;\r
- DWORD v3 = (DWORD) (fileVersion>>16) & 0xFFFF;\r
- DWORD v2 = (DWORD) (fileVersion>>32) & 0xFFFF;\r
- DWORD v1 = (DWORD) (fileVersion>>48) & 0xFFFF;\r
- _snprintf_s(buffer, STACKWALK_MAX_NAMELEN, "%s:%s (%p), size: %d (result: %d), SymType: '%s', PDB: '%s', fileVersion: %d.%d.%d.%d\n", img, mod, (LPVOID) baseAddr, size, result, symType, pdbName, v1, v2, v3, v4);\r
- }\r
- OnOutput(buffer);\r
-}\r
-\r
-void stack_walker::OnCallstackEntry(CallstackEntryType eType, CallstackEntry &entry)\r
-{\r
- CHAR buffer[STACKWALK_MAX_NAMELEN];\r
- if ( (eType != lastEntry) && (entry.offset != 0) )\r
- {\r
- if (entry.name[0] == 0)\r
- strcpy_s(entry.name, "(function-name not available)");\r
- if (entry.undName[0] != 0)\r
- strcpy_s(entry.name, entry.undName);\r
- if (entry.undFullName[0] != 0)\r
- strcpy_s(entry.name, entry.undFullName);\r
- if (entry.lineFileName[0] == 0)\r
- {\r
- strcpy_s(entry.lineFileName, "(filename not available)");\r
- if (entry.moduleName[0] == 0)\r
- strcpy_s(entry.moduleName, "(module-name not available)");\r
- _snprintf_s(buffer, STACKWALK_MAX_NAMELEN, "%p (%s): %s: %s\n", (LPVOID) entry.offset, entry.moduleName, entry.lineFileName, entry.name);\r
- }\r
- else\r
- _snprintf_s(buffer, STACKWALK_MAX_NAMELEN, "%s (%d): %s\n", entry.lineFileName, entry.lineNumber, entry.name);\r
- OnOutput(buffer);\r
- }\r
-}\r
-\r
-void stack_walker::OnDbgHelpErr(LPCSTR szFuncName, DWORD gle, DWORD64 addr)\r
-{\r
- CHAR buffer[STACKWALK_MAX_NAMELEN];\r
- _snprintf_s(buffer, STACKWALK_MAX_NAMELEN, "ERROR: %s, GetLastError: %d (Address: %p)\n", szFuncName, gle, (LPVOID) addr);\r
- OnOutput(buffer);\r
-}\r
-\r
-void stack_walker::OnSymInit(LPCSTR szSearchPath, DWORD symOptions, LPCSTR szUserName)\r
-{\r
- CHAR buffer[STACKWALK_MAX_NAMELEN];\r
- _snprintf_s(buffer, STACKWALK_MAX_NAMELEN, "SymInit: Symbol-SearchPath: '%s', symOptions: %d, UserName: '%s'\n", szSearchPath, symOptions, szUserName);\r
- OnOutput(buffer);\r
- // Also display the OS-version\r
-#if _MSC_VER <= 1200\r
- OSVERSIONINFOA ver;\r
- ZeroMemory(&ver, sizeof(OSVERSIONINFOA));\r
- ver.dwOSVersionInfoSize = sizeof(ver);\r
- if (GetVersionExA(&ver) != FALSE)\r
- {\r
- _snprintf_s(buffer, STACKWALK_MAX_NAMELEN, "OS-Version: %d.%d.%d (%s)\n", \r
- ver.dwMajorVersion, ver.dwMinorVersion, ver.dwBuildNumber,\r
- ver.szCSDVersion);\r
- OnOutput(buffer);\r
- }\r
-#else\r
- OSVERSIONINFOEXA ver;\r
- ZeroMemory(&ver, sizeof(OSVERSIONINFOEXA));\r
- ver.dwOSVersionInfoSize = sizeof(ver);\r
- if (GetVersionExA( (OSVERSIONINFOA*) &ver) != FALSE)\r
- {\r
- _snprintf_s(buffer, STACKWALK_MAX_NAMELEN, "OS-Version: %d.%d.%d (%s) 0x%x-0x%x\n", \r
- ver.dwMajorVersion, ver.dwMinorVersion, ver.dwBuildNumber,\r
- ver.szCSDVersion, ver.wSuiteMask, ver.wProductType);\r
- OnOutput(buffer);\r
- }\r
-#endif\r
-}\r
-\r
-void stack_walker::OnOutput(LPCSTR buffer)\r
-{\r
- OutputDebugStringA(buffer);\r
-}\r
+/**********************************************************************
+ *
+ * stack_walker.cpp
+ *
+ *
+ * History:
+ * 2005-07-27 v1 - First public release on http://www.codeproject.com/
+ * http://www.codeproject.com/threads/stack_walker.asp
+ * 2005-07-28 v2 - Changed the params of the constructor and ShowCallstack
+ * (to simplify the usage)
+ * 2005-08-01 v3 - Changed to use 'CONTEXT_FULL' instead of CONTEXT_ALL
+ * (should also be enough)
+ * - Changed to compile correctly with the PSDK of VC7.0
+ * (GetFileVersionInfoSizeA and GetFileVersionInfoA is wrongly defined:
+ * it uses LPSTR instead of LPCSTR as first paremeter)
+ * - Added declarations to support VC5/6 without using 'dbghelp.h'
+ * - Added a 'pUserData' member to the ShowCallstack function and the
+ * PReadProcessMemoryRoutine declaration (to pass some user-defined data,
+ * which can be used in the readMemoryFunction-callback)
+ * 2005-08-02 v4 - OnSymInit now also outputs the OS-Version by default
+ * - Added example for doing an exception-callstack-walking in main.cpp
+ * (thanks to owillebo: http://www.codeproject.com/script/profile/whos_who.asp?id=536268)
+ * 2005-08-05 v5 - Removed most Lint (http://www.gimpel.com/) errors... thanks to Okko Willeboordse!
+ *
+ **********************************************************************/
+#include <tchar.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#pragma warning(push, 1)
+
+#pragma comment(lib, "version.lib") // for "VerQueryValue"
+
+#include "stack_walker.h"
+
+// If VC7 and later, then use the shipped 'dbghelp.h'-file
+#if _MSC_VER >= 1300
+#include <dbghelp.h>
+#else
+// inline the important dbghelp.h-declarations...
+typedef enum {
+ SymNone = 0,
+ SymCoff,
+ SymCv,
+ SymPdb,
+ SymExport,
+ SymDeferred,
+ SymSym,
+ SymDia,
+ SymVirtual,
+ NumSymTypes
+} SYM_TYPE;
+typedef struct _IMAGEHLP_LINE64 {
+ DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_LINE64)
+ PVOID Key; // internal
+ DWORD LineNumber; // line number in file
+ PCHAR FileName; // full filename
+ DWORD64 Address; // first instruction of line
+} IMAGEHLP_LINE64, *PIMAGEHLP_LINE64;
+typedef struct _IMAGEHLP_MODULE64 {
+ DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE64)
+ DWORD64 BaseOfImage; // base load address of module
+ DWORD ImageSize; // virtual size of the loaded module
+ DWORD TimeDateStamp; // date/time stamp from pe header
+ DWORD CheckSum; // checksum from the pe header
+ DWORD NumSyms; // number of symbols in the symbol table
+ SYM_TYPE SymType; // type of symbols loaded
+ CHAR ModuleName[32]; // module name
+ CHAR ImageName[256]; // image name
+ CHAR LoadedImageName[256]; // symbol file name
+} IMAGEHLP_MODULE64, *PIMAGEHLP_MODULE64;
+typedef struct _IMAGEHLP_SYMBOL64 {
+ DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_SYMBOL64)
+ DWORD64 Address; // virtual address including dll base address
+ DWORD Size; // estimated size of symbol, can be zero
+ DWORD Flags; // info about the symbols, see the SYMF defines
+ DWORD MaxNameLength; // maximum size of symbol name in 'Name'
+ CHAR Name[1]; // symbol name (null terminated string)
+} IMAGEHLP_SYMBOL64, *PIMAGEHLP_SYMBOL64;
+typedef enum {
+ AddrMode1616,
+ AddrMode1632,
+ AddrModeReal,
+ AddrModeFlat
+} ADDRESS_MODE;
+typedef struct _tagADDRESS64 {
+ DWORD64 Offset;
+ WORD Segment;
+ ADDRESS_MODE Mode;
+} ADDRESS64, *LPADDRESS64;
+typedef struct _KDHELP64 {
+ DWORD64 Thread;
+ DWORD ThCallbackStack;
+ DWORD ThCallbackBStore;
+ DWORD NextCallback;
+ DWORD FramePointer;
+ DWORD64 KiCallUserMode;
+ DWORD64 KeUserCallbackDispatcher;
+ DWORD64 SystemRangeStart;
+ DWORD64 Reserved[8];
+} KDHELP64, *PKDHELP64;
+typedef struct _tagSTACKFRAME64 {
+ ADDRESS64 AddrPC; // program counter
+ ADDRESS64 AddrReturn; // return address
+ ADDRESS64 AddrFrame; // frame pointer
+ ADDRESS64 AddrStack; // stack pointer
+ ADDRESS64 AddrBStore; // backing store pointer
+ PVOID FuncTableEntry; // pointer to pdata/fpo or NULL
+ DWORD64 Params[4]; // possible arguments to the function
+ BOOL Far; // WOW far call
+ BOOL Virtual; // is this a virtual frame?
+ DWORD64 Reserved[3];
+ KDHELP64 KdHelp;
+} STACKFRAME64, *LPSTACKFRAME64;
+typedef
+BOOL
+(__stdcall *PREAD_PROCESS_MEMORY_ROUTINE64)(
+ HANDLE hProcess,
+ DWORD64 qwBaseAddress,
+ PVOID lpBuffer,
+ DWORD nSize,
+ LPDWORD lpNumberOfBytesRead
+ );
+typedef
+PVOID
+(__stdcall *PFUNCTION_TABLE_ACCESS_ROUTINE64)(
+ HANDLE hProcess,
+ DWORD64 AddrBase
+ );
+typedef
+DWORD64
+(__stdcall *PGET_MODULE_BASE_ROUTINE64)(
+ HANDLE hProcess,
+ DWORD64 Address
+ );
+typedef
+DWORD64
+(__stdcall *PTRANSLATE_ADDRESS_ROUTINE64)(
+ HANDLE hProcess,
+ HANDLE hThread,
+ LPADDRESS64 lpaddr
+ );
+#define SYMOPT_CASE_INSENSITIVE 0x00000001
+#define SYMOPT_UNDNAME 0x00000002
+#define SYMOPT_DEFERRED_LOADS 0x00000004
+#define SYMOPT_NO_CPP 0x00000008
+#define SYMOPT_LOAD_LINES 0x00000010
+#define SYMOPT_OMAP_FIND_NEAREST 0x00000020
+#define SYMOPT_LOAD_ANYTHING 0x00000040
+#define SYMOPT_IGNORE_CVREC 0x00000080
+#define SYMOPT_NO_UNQUALIFIED_LOADS 0x00000100
+#define SYMOPT_FAIL_CRITICAL_ERRORS 0x00000200
+#define SYMOPT_EXACT_SYMBOLS 0x00000400
+#define SYMOPT_ALLOW_ABSOLUTE_SYMBOLS 0x00000800
+#define SYMOPT_IGNORE_NT_SYMPATH 0x00001000
+#define SYMOPT_INCLUDE_32BIT_MODULES 0x00002000
+#define SYMOPT_PUBLICS_ONLY 0x00004000
+#define SYMOPT_NO_PUBLICS 0x00008000
+#define SYMOPT_AUTO_PUBLICS 0x00010000
+#define SYMOPT_NO_IMAGE_SEARCH 0x00020000
+#define SYMOPT_SECURE 0x00040000
+#define SYMOPT_DEBUG 0x80000000
+#define UNDNAME_COMPLETE (0x0000) // Enable full undecoration
+#define UNDNAME_NAME_ONLY (0x1000) // Crack only the name for primary declaration;
+#endif // _MSC_VER < 1300
+
+// Some missing defines (for VC5/6):
+#ifndef INVALID_FILE_ATTRIBUTES
+#define INVALID_FILE_ATTRIBUTES ((DWORD)-1)
+#endif
+
+
+// secure-CRT_functions are only available starting with VC8
+#if _MSC_VER < 1400
+#define strcpy_s strcpy
+#define strcat_s(dst, len, src) strcat(dst, src)
+#define _snprintf_s _snprintf
+#define _tcscat_s _tcscat
+#endif
+
+// Normally it should be enough to use 'CONTEXT_FULL' (better would be 'CONTEXT_ALL')
+#define USED_CONTEXT_FLAGS CONTEXT_FULL
+
+
+class stack_walkerInternal
+{
+public:
+ stack_walkerInternal(stack_walker *parent, HANDLE hProcess)
+ {
+ m_parent = parent;
+ m_hDbhHelp = NULL;
+ pSC = NULL;
+ m_hProcess = hProcess;
+ m_szSymPath = NULL;
+ pSFTA = NULL;
+ pSGLFA = NULL;
+ pSGMB = NULL;
+ pSGMI = NULL;
+ pSGO = NULL;
+ pSGSFA = NULL;
+ pSI = NULL;
+ pSLM = NULL;
+ pSSO = NULL;
+ pSW = NULL;
+ pUDSN = NULL;
+ pSGSP = NULL;
+ }
+ ~stack_walkerInternal()
+ {
+ if (pSC != NULL)
+ pSC(m_hProcess); // SymCleanup
+ if (m_hDbhHelp != NULL)
+ FreeLibrary(m_hDbhHelp);
+ m_hDbhHelp = NULL;
+ m_parent = NULL;
+ if(m_szSymPath != NULL)
+ free(m_szSymPath);
+ m_szSymPath = NULL;
+ }
+ BOOL Init(LPCSTR szSymPath)
+ {
+ if (m_parent == NULL)
+ return FALSE;
+ // Dynamically load the Entry-Points for dbghelp.dll:
+ // First try to load the newsest one from
+ TCHAR szTemp[4096];
+ // But before wqe do this, we first check if the ".local" file exists
+ if (GetModuleFileName(NULL, szTemp, 4096) > 0)
+ {
+ _tcscat_s(szTemp, _T(".local"));
+ if (GetFileAttributes(szTemp) == INVALID_FILE_ATTRIBUTES)
+ {
+ // ".local" file does not exist, so we can try to load the dbghelp.dll from the "Debugging Tools for Windows"
+ if (GetEnvironmentVariable(_T("ProgramFiles"), szTemp, 4096) > 0)
+ {
+ _tcscat_s(szTemp, _T("\\Debugging Tools for Windows\\dbghelp.dll"));
+ // now check if the file exists:
+ if (GetFileAttributes(szTemp) != INVALID_FILE_ATTRIBUTES)
+ {
+ m_hDbhHelp = LoadLibrary(szTemp);
+ }
+ }
+ // Still not found? Then try to load the 64-Bit version:
+ if ( (m_hDbhHelp == NULL) && (GetEnvironmentVariable(_T("ProgramFiles"), szTemp, 4096) > 0) )
+ {
+ _tcscat_s(szTemp, _T("\\Debugging Tools for Windows 64-Bit\\dbghelp.dll"));
+ if (GetFileAttributes(szTemp) != INVALID_FILE_ATTRIBUTES)
+ {
+ m_hDbhHelp = LoadLibrary(szTemp);
+ }
+ }
+ }
+ }
+ if (m_hDbhHelp == NULL) // if not already loaded, try to load a default-one
+ m_hDbhHelp = LoadLibrary( _T("dbghelp.dll") );
+ if (m_hDbhHelp == NULL)
+ return FALSE;
+ pSI = (tSI) GetProcAddress(m_hDbhHelp, "SymInitialize" );
+ pSC = (tSC) GetProcAddress(m_hDbhHelp, "SymCleanup" );
+
+ pSW = (tSW) GetProcAddress(m_hDbhHelp, "StackWalk64" );
+ pSGO = (tSGO) GetProcAddress(m_hDbhHelp, "SymGetOptions" );
+ pSSO = (tSSO) GetProcAddress(m_hDbhHelp, "SymSetOptions" );
+
+ pSFTA = (tSFTA) GetProcAddress(m_hDbhHelp, "SymFunctionTableAccess64" );
+ pSGLFA = (tSGLFA) GetProcAddress(m_hDbhHelp, "SymGetLineFromAddr64" );
+ pSGMB = (tSGMB) GetProcAddress(m_hDbhHelp, "SymGetModuleBase64" );
+ pSGMI = (tSGMI) GetProcAddress(m_hDbhHelp, "SymGetModuleInfo64" );
+ //pSGMI_V3 = (tSGMI_V3) GetProcAddress(m_hDbhHelp, "SymGetModuleInfo64" );
+ pSGSFA = (tSGSFA) GetProcAddress(m_hDbhHelp, "SymGetSymFromAddr64" );
+ pUDSN = (tUDSN) GetProcAddress(m_hDbhHelp, "UnDecorateSymbolName" );
+ pSLM = (tSLM) GetProcAddress(m_hDbhHelp, "SymLoadModule64" );
+ pSGSP =(tSGSP) GetProcAddress(m_hDbhHelp, "SymGetSearchPath" );
+
+ if ( pSC == NULL || pSFTA == NULL || pSGMB == NULL || pSGMI == NULL ||
+ pSGO == NULL || pSGSFA == NULL || pSI == NULL || pSSO == NULL ||
+ pSW == NULL || pUDSN == NULL || pSLM == NULL )
+ {
+ FreeLibrary(m_hDbhHelp);
+ m_hDbhHelp = NULL;
+ pSC = NULL;
+ return FALSE;
+ }
+
+ // SymInitialize
+ if (szSymPath != NULL)
+ m_szSymPath = _strdup(szSymPath);
+ if (this->pSI(m_hProcess, m_szSymPath, FALSE) == FALSE)
+ this->m_parent->OnDbgHelpErr("SymInitialize", GetLastError(), 0);
+
+ DWORD symOptions = this->pSGO(); // SymGetOptions
+ symOptions |= SYMOPT_LOAD_LINES;
+ symOptions |= SYMOPT_FAIL_CRITICAL_ERRORS;
+ //symOptions |= SYMOPT_NO_PROMPTS;
+ // SymSetOptions
+ symOptions = this->pSSO(symOptions);
+
+ char buf[stack_walker::STACKWALK_MAX_NAMELEN] = {0};
+ if (this->pSGSP != NULL)
+ {
+ if (this->pSGSP(m_hProcess, buf, stack_walker::STACKWALK_MAX_NAMELEN) == FALSE)
+ this->m_parent->OnDbgHelpErr("SymGetSearchPath", GetLastError(), 0);
+ }
+ char szUserName[1024] = {0};
+ DWORD dwSize = 1024;
+ GetUserNameA(szUserName, &dwSize);
+ this->m_parent->OnSymInit(buf, symOptions, szUserName);
+
+ return TRUE;
+ }
+
+ stack_walker *m_parent;
+
+ HMODULE m_hDbhHelp;
+ HANDLE m_hProcess;
+ LPSTR m_szSymPath;
+
+/*typedef struct IMAGEHLP_MODULE64_V3 {
+ DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE64)
+ DWORD64 BaseOfImage; // base load address of module
+ DWORD ImageSize; // virtual size of the loaded module
+ DWORD TimeDateStamp; // date/time stamp from pe header
+ DWORD CheckSum; // checksum from the pe header
+ DWORD NumSyms; // number of symbols in the symbol table
+ SYM_TYPE SymType; // type of symbols loaded
+ CHAR ModuleName[32]; // module name
+ CHAR ImageName[256]; // image name
+ // new elements: 07-Jun-2002
+ CHAR LoadedImageName[256]; // symbol file name
+ CHAR LoadedPdbName[256]; // pdb file name
+ DWORD CVSig; // Signature of the CV record in the debug directories
+ CHAR CVData[MAX_PATH * 3]; // Contents of the CV record
+ DWORD PdbSig; // Signature of PDB
+ GUID PdbSig70; // Signature of PDB (VC 7 and up)
+ DWORD PdbAge; // DBI age of pdb
+ BOOL PdbUnmatched; // loaded an unmatched pdb
+ BOOL DbgUnmatched; // loaded an unmatched dbg
+ BOOL LineNumbers; // we have line number information
+ BOOL GlobalSymbols; // we have internal symbol information
+ BOOL TypeInfo; // we have type information
+ // new elements: 17-Dec-2003
+ BOOL SourceIndexed; // pdb supports source server
+ BOOL Publics; // contains public symbols
+};
+*/
+typedef struct IMAGEHLP_MODULE64_V2 {
+ DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE64)
+ DWORD64 BaseOfImage; // base load address of module
+ DWORD ImageSize; // virtual size of the loaded module
+ DWORD TimeDateStamp; // date/time stamp from pe header
+ DWORD CheckSum; // checksum from the pe header
+ DWORD NumSyms; // number of symbols in the symbol table
+ SYM_TYPE SymType; // type of symbols loaded
+ CHAR ModuleName[32]; // module name
+ CHAR ImageName[256]; // image name
+ CHAR LoadedImageName[256]; // symbol file name
+};
+
+
+ // SymCleanup()
+ typedef BOOL (__stdcall *tSC)( IN HANDLE hProcess );
+ tSC pSC;
+
+ // SymFunctionTableAccess64()
+ typedef PVOID (__stdcall *tSFTA)( HANDLE hProcess, DWORD64 AddrBase );
+ tSFTA pSFTA;
+
+ // SymGetLineFromAddr64()
+ typedef BOOL (__stdcall *tSGLFA)( IN HANDLE hProcess, IN DWORD64 dwAddr,
+ OUT PDWORD pdwDisplacement, OUT PIMAGEHLP_LINE64 Line );
+ tSGLFA pSGLFA;
+
+ // SymGetModuleBase64()
+ typedef DWORD64 (__stdcall *tSGMB)( IN HANDLE hProcess, IN DWORD64 dwAddr );
+ tSGMB pSGMB;
+
+ // SymGetModuleInfo64()
+ typedef BOOL (__stdcall *tSGMI)( IN HANDLE hProcess, IN DWORD64 dwAddr, OUT IMAGEHLP_MODULE64_V2 *ModuleInfo );
+ tSGMI pSGMI;
+
+// // SymGetModuleInfo64()
+// typedef BOOL (__stdcall *tSGMI_V3)( IN HANDLE hProcess, IN DWORD64 dwAddr, OUT IMAGEHLP_MODULE64_V3 *ModuleInfo );
+// tSGMI_V3 pSGMI_V3;
+
+ // SymGetOptions()
+ typedef DWORD (__stdcall *tSGO)( VOID );
+ tSGO pSGO;
+
+ // SymGetSymFromAddr64()
+ typedef BOOL (__stdcall *tSGSFA)( IN HANDLE hProcess, IN DWORD64 dwAddr,
+ OUT PDWORD64 pdwDisplacement, OUT PIMAGEHLP_SYMBOL64 Symbol );
+ tSGSFA pSGSFA;
+
+ // SymInitialize()
+ typedef BOOL (__stdcall *tSI)( IN HANDLE hProcess, IN PSTR UserSearchPath, IN BOOL fInvadeProcess );
+ tSI pSI;
+
+ // SymLoadModule64()
+ typedef DWORD64 (__stdcall *tSLM)( IN HANDLE hProcess, IN HANDLE hFile,
+ IN PSTR ImageName, IN PSTR ModuleName, IN DWORD64 BaseOfDll, IN DWORD SizeOfDll );
+ tSLM pSLM;
+
+ // SymSetOptions()
+ typedef DWORD (__stdcall *tSSO)( IN DWORD SymOptions );
+ tSSO pSSO;
+
+ // StackWalk64()
+ typedef BOOL (__stdcall *tSW)(
+ DWORD MachineType,
+ HANDLE hProcess,
+ HANDLE hThread,
+ LPSTACKFRAME64 StackFrame,
+ PVOID ContextRecord,
+ PREAD_PROCESS_MEMORY_ROUTINE64 ReadMemoryRoutine,
+ PFUNCTION_TABLE_ACCESS_ROUTINE64 FunctionTableAccessRoutine,
+ PGET_MODULE_BASE_ROUTINE64 GetModuleBaseRoutine,
+ PTRANSLATE_ADDRESS_ROUTINE64 TranslateAddress );
+ tSW pSW;
+
+ // UnDecorateSymbolName()
+ typedef DWORD (__stdcall WINAPI *tUDSN)( PCSTR DecoratedName, PSTR UnDecoratedName,
+ DWORD UndecoratedLength, DWORD Flags );
+ tUDSN pUDSN;
+
+ typedef BOOL (__stdcall WINAPI *tSGSP)(HANDLE hProcess, PSTR SearchPath, DWORD SearchPathLength);
+ tSGSP pSGSP;
+
+
+private:
+ // **************************************** ToolHelp32 ************************
+ #define MAX_MODULE_NAME32 255
+ #define TH32CS_SNAPMODULE 0x00000008
+ #pragma pack( push, 8 )
+ typedef struct tagMODULEENTRY32
+ {
+ DWORD dwSize;
+ DWORD th32ModuleID; // This module
+ DWORD th32ProcessID; // owning process
+ DWORD GlblcntUsage; // Global usage count on the module
+ DWORD ProccntUsage; // Module usage count in th32ProcessID's context
+ BYTE * modBaseAddr; // Base address of module in th32ProcessID's context
+ DWORD modBaseSize; // Size in bytes of module starting at modBaseAddr
+ HMODULE hModule; // The hModule of this module in th32ProcessID's context
+ char szModule[MAX_MODULE_NAME32 + 1];
+ char szExePath[MAX_PATH];
+ } MODULEENTRY32;
+ typedef MODULEENTRY32 * PMODULEENTRY32;
+ typedef MODULEENTRY32 * LPMODULEENTRY32;
+ #pragma pack( pop )
+
+ BOOL GetModuleListTH32(HANDLE hProcess, DWORD pid)
+ {
+ // CreateToolhelp32Snapshot()
+ typedef HANDLE (__stdcall *tCT32S)(DWORD dwFlags, DWORD th32ProcessID);
+ // Module32First()
+ typedef BOOL (__stdcall *tM32F)(HANDLE hSnapshot, LPMODULEENTRY32 lpme);
+ // Module32Next()
+ typedef BOOL (__stdcall *tM32N)(HANDLE hSnapshot, LPMODULEENTRY32 lpme);
+
+ // try both dlls...
+ const TCHAR *dllname[] = { _T("kernel32.dll"), _T("tlhelp32.dll") };
+ HINSTANCE hToolhelp = NULL;
+ tCT32S pCT32S = NULL;
+ tM32F pM32F = NULL;
+ tM32N pM32N = NULL;
+
+ HANDLE hSnap;
+ MODULEENTRY32 me;
+ me.dwSize = sizeof(me);
+ BOOL keepGoing;
+ size_t i;
+
+ for (i = 0; i<(sizeof(dllname) / sizeof(dllname[0])); i++ )
+ {
+ hToolhelp = LoadLibrary( dllname[i] );
+ if (hToolhelp == NULL)
+ continue;
+ pCT32S = (tCT32S) GetProcAddress(hToolhelp, "CreateToolhelp32Snapshot");
+ pM32F = (tM32F) GetProcAddress(hToolhelp, "Module32First");
+ pM32N = (tM32N) GetProcAddress(hToolhelp, "Module32Next");
+ if ( (pCT32S != NULL) && (pM32F != NULL) && (pM32N != NULL) )
+ break; // found the functions!
+ FreeLibrary(hToolhelp);
+ hToolhelp = NULL;
+ }
+
+ if (hToolhelp == NULL)
+ return FALSE;
+
+ hSnap = pCT32S( TH32CS_SNAPMODULE, pid );
+ if (hSnap == (HANDLE) -1)
+ return FALSE;
+
+ keepGoing = !!pM32F( hSnap, &me );
+ int cnt = 0;
+ while (keepGoing)
+ {
+ this->LoadModule(hProcess, me.szExePath, me.szModule, (DWORD64) me.modBaseAddr, me.modBaseSize);
+ cnt++;
+ keepGoing = !!pM32N( hSnap, &me );
+ }
+ CloseHandle(hSnap);
+ FreeLibrary(hToolhelp);
+ if (cnt <= 0)
+ return FALSE;
+ return TRUE;
+ } // GetModuleListTH32
+
+ // **************************************** PSAPI ************************
+ typedef struct _MODULEINFO {
+ LPVOID lpBaseOfDll;
+ DWORD SizeOfImage;
+ LPVOID EntryPoint;
+ } MODULEINFO, *LPMODULEINFO;
+
+ BOOL GetModuleListPSAPI(HANDLE hProcess)
+ {
+ // EnumProcessModules()
+ typedef BOOL (__stdcall *tEPM)(HANDLE hProcess, HMODULE *lphModule, DWORD cb, LPDWORD lpcbNeeded );
+ // GetModuleFileNameEx()
+ typedef DWORD (__stdcall *tGMFNE)(HANDLE hProcess, HMODULE hModule, LPSTR lpFilename, DWORD nSize );
+ // GetModuleBaseName()
+ typedef DWORD (__stdcall *tGMBN)(HANDLE hProcess, HMODULE hModule, LPSTR lpFilename, DWORD nSize );
+ // GetModuleInformation()
+ typedef BOOL (__stdcall *tGMI)(HANDLE hProcess, HMODULE hModule, LPMODULEINFO pmi, DWORD nSize );
+
+ HINSTANCE hPsapi;
+ tEPM pEPM;
+ tGMFNE pGMFNE;
+ tGMBN pGMBN;
+ tGMI pGMI;
+
+ DWORD i;
+ //ModuleEntry e;
+ DWORD cbNeeded;
+ MODULEINFO mi;
+ HMODULE *hMods = 0;
+ char *tt = NULL;
+ char *tt2 = NULL;
+ const SIZE_T TTBUFLEN = 8096;
+ int cnt = 0;
+
+ hPsapi = LoadLibrary( _T("psapi.dll") );
+ if (hPsapi == NULL)
+ return FALSE;
+
+ pEPM = (tEPM) GetProcAddress( hPsapi, "EnumProcessModules" );
+ pGMFNE = (tGMFNE) GetProcAddress( hPsapi, "GetModuleFileNameExA" );
+ pGMBN = (tGMFNE) GetProcAddress( hPsapi, "GetModuleBaseNameA" );
+ pGMI = (tGMI) GetProcAddress( hPsapi, "GetModuleInformation" );
+ if ( (pEPM == NULL) || (pGMFNE == NULL) || (pGMBN == NULL) || (pGMI == NULL) )
+ {
+ // we couldnĀ“t find all functions
+ FreeLibrary(hPsapi);
+ return FALSE;
+ }
+
+ hMods = (HMODULE*) malloc(sizeof(HMODULE) * (TTBUFLEN / sizeof HMODULE));
+ tt = (char*) malloc(sizeof(char) * TTBUFLEN);
+ tt2 = (char*) malloc(sizeof(char) * TTBUFLEN);
+ if ( (hMods == NULL) || (tt == NULL) || (tt2 == NULL) )
+ goto cleanup;
+
+ if ( ! pEPM( hProcess, hMods, TTBUFLEN, &cbNeeded ) )
+ {
+ //_ftprintf(fLogFile, _T("%lu: EPM failed, GetLastError = %lu\n"), g_dwShowCount, gle );
+ goto cleanup;
+ }
+
+ if ( cbNeeded > TTBUFLEN )
+ {
+ //_ftprintf(fLogFile, _T("%lu: More than %lu module handles. Huh?\n"), g_dwShowCount, lenof( hMods ) );
+ goto cleanup;
+ }
+
+ for ( i = 0; i < cbNeeded / sizeof hMods[0]; i++ )
+ {
+ // base address, size
+ pGMI(hProcess, hMods[i], &mi, sizeof mi );
+ // image file name
+ tt[0] = 0;
+ pGMFNE(hProcess, hMods[i], tt, TTBUFLEN );
+ // module name
+ tt2[0] = 0;
+ pGMBN(hProcess, hMods[i], tt2, TTBUFLEN );
+
+ DWORD dwRes = this->LoadModule(hProcess, tt, tt2, (DWORD64) mi.lpBaseOfDll, mi.SizeOfImage);
+ if (dwRes != ERROR_SUCCESS)
+ this->m_parent->OnDbgHelpErr("LoadModule", dwRes, 0);
+ cnt++;
+ }
+
+ cleanup:
+ if (hPsapi != NULL) FreeLibrary(hPsapi);
+ if (tt2 != NULL) free(tt2);
+ if (tt != NULL) free(tt);
+ if (hMods != NULL) free(hMods);
+
+ return cnt != 0;
+ } // GetModuleListPSAPI
+
+ DWORD LoadModule(HANDLE hProcess, LPCSTR img, LPCSTR mod, DWORD64 baseAddr, DWORD size)
+ {
+ CHAR *szImg = _strdup(img);
+ CHAR *szMod = _strdup(mod);
+ DWORD result = ERROR_SUCCESS;
+ if ( (szImg == NULL) || (szMod == NULL) )
+ result = ERROR_NOT_ENOUGH_MEMORY;
+ else
+ {
+ if (pSLM(hProcess, 0, szImg, szMod, baseAddr, size) == 0)
+ result = GetLastError();
+ }
+ ULONGLONG fileVersion = 0;
+ if ( (m_parent != NULL) && (szImg != NULL) )
+ {
+ // try to retrive the file-version:
+ if ( (this->m_parent->m_options & stack_walker::RetrieveFileVersion) != 0)
+ {
+ VS_FIXEDFILEINFO *fInfo = NULL;
+ DWORD dwHandle;
+ DWORD dwSize = GetFileVersionInfoSizeA(szImg, &dwHandle);
+ if (dwSize > 0)
+ {
+ LPVOID vData = malloc(dwSize);
+ if (vData != NULL)
+ {
+ if (GetFileVersionInfoA(szImg, dwHandle, dwSize, vData) != 0)
+ {
+ UINT len;
+ TCHAR szSubBlock[] = _T("\\");
+ if (VerQueryValue(vData, szSubBlock, (LPVOID*) &fInfo, &len) == 0)
+ fInfo = NULL;
+ else
+ {
+ fileVersion = ((ULONGLONG)fInfo->dwFileVersionLS) + ((ULONGLONG)fInfo->dwFileVersionMS << 32);
+ }
+ }
+ free(vData);
+ }
+ }
+ }
+
+ // Retrive some additional-infos about the module
+ IMAGEHLP_MODULE64_V2 Module;
+ const char *szSymType = "-unknown-";
+ if (this->GetModuleInfo(hProcess, baseAddr, &Module) != FALSE)
+ {
+ switch(Module.SymType)
+ {
+ case SymNone:
+ szSymType = "-nosymbols-";
+ break;
+ case SymCoff:
+ szSymType = "COFF";
+ break;
+ case SymCv:
+ szSymType = "CV";
+ break;
+ case SymPdb:
+ szSymType = "PDB";
+ break;
+ case SymExport:
+ szSymType = "-exported-";
+ break;
+ case SymDeferred:
+ szSymType = "-deferred-";
+ break;
+ case SymSym:
+ szSymType = "SYM";
+ break;
+ case 8: //SymVirtual:
+ szSymType = "Virtual";
+ break;
+ case 9: // SymDia:
+ szSymType = "DIA";
+ break;
+ }
+ }
+ this->m_parent->OnLoadModule(img, mod, baseAddr, size, result, szSymType, Module.LoadedImageName, fileVersion);
+ }
+ if (szImg != NULL) free(szImg);
+ if (szMod != NULL) free(szMod);
+ return result;
+ }
+public:
+ BOOL LoadModules(HANDLE hProcess, DWORD dwProcessId)
+ {
+ // first try toolhelp32
+ if (GetModuleListTH32(hProcess, dwProcessId))
+ return true;
+ // then try psapi
+ return GetModuleListPSAPI(hProcess);
+ }
+
+
+ BOOL GetModuleInfo(HANDLE hProcess, DWORD64 baseAddr, IMAGEHLP_MODULE64_V2 *pModuleInfo)
+ {
+ if(this->pSGMI == NULL)
+ {
+ SetLastError(ERROR_DLL_INIT_FAILED);
+ return FALSE;
+ }
+ // First try to use the larger ModuleInfo-Structure
+// memset(pModuleInfo, 0, sizeof(IMAGEHLP_MODULE64_V3));
+// pModuleInfo->SizeOfStruct = sizeof(IMAGEHLP_MODULE64_V3);
+// if (this->pSGMI_V3 != NULL)
+// {
+// if (this->pSGMI_V3(hProcess, baseAddr, pModuleInfo) != FALSE)
+// return TRUE;
+// // check if the parameter was wrong (size is bad...)
+// if (GetLastError() != ERROR_INVALID_PARAMETER)
+// return FALSE;
+// }
+ // could not retrive the bigger structure, try with the smaller one (as defined in VC7.1)...
+ pModuleInfo->SizeOfStruct = sizeof(IMAGEHLP_MODULE64_V2);
+ void *pData = malloc(4096); // reserve enough memory, so the bug in v6.3.5.1 does not lead to memory-overwrites...
+ if (pData == NULL)
+ {
+ SetLastError(ERROR_NOT_ENOUGH_MEMORY);
+ return FALSE;
+ }
+ memcpy(pData, pModuleInfo, sizeof(IMAGEHLP_MODULE64_V2));
+ if (this->pSGMI(hProcess, baseAddr, (IMAGEHLP_MODULE64_V2*) pData) != FALSE)
+ {
+ // only copy as much memory as is reserved...
+ memcpy(pModuleInfo, pData, sizeof(IMAGEHLP_MODULE64_V2));
+ pModuleInfo->SizeOfStruct = sizeof(IMAGEHLP_MODULE64_V2);
+ free(pData);
+ return TRUE;
+ }
+ free(pData);
+ SetLastError(ERROR_DLL_INIT_FAILED);
+ return FALSE;
+ }
+};
+
+// #############################################################
+stack_walker::stack_walker(DWORD dwProcessId, HANDLE hProcess)
+{
+ this->m_options = OptionsAll;
+ this->m_modulesLoaded = FALSE;
+ this->m_hProcess = hProcess;
+ this->m_sw = new stack_walkerInternal(this, this->m_hProcess);
+ this->m_dwProcessId = dwProcessId;
+ this->m_szSymPath = NULL;
+}
+stack_walker::stack_walker(int options, LPCSTR szSymPath, DWORD dwProcessId, HANDLE hProcess)
+{
+ this->m_options = options;
+ this->m_modulesLoaded = FALSE;
+ this->m_hProcess = hProcess;
+ this->m_sw = new stack_walkerInternal(this, this->m_hProcess);
+ this->m_dwProcessId = dwProcessId;
+ if (szSymPath != NULL)
+ {
+ this->m_szSymPath = _strdup(szSymPath);
+ this->m_options |= SymBuildPath;
+ }
+ else
+ this->m_szSymPath = NULL;
+}
+
+stack_walker::~stack_walker()
+{
+ if (m_szSymPath != NULL)
+ free(m_szSymPath);
+ m_szSymPath = NULL;
+ if (this->m_sw != NULL)
+ delete this->m_sw;
+ this->m_sw = NULL;
+}
+
+BOOL stack_walker::LoadModules()
+{
+ if (this->m_sw == NULL)
+ {
+ SetLastError(ERROR_DLL_INIT_FAILED);
+ return FALSE;
+ }
+ if (m_modulesLoaded != FALSE)
+ return TRUE;
+
+ // Build the sym-path:
+ char *szSymPath = NULL;
+ if ( (this->m_options & SymBuildPath) != 0)
+ {
+ const size_t nSymPathLen = 4096;
+ szSymPath = (char*) malloc(nSymPathLen);
+ if (szSymPath == NULL)
+ {
+ SetLastError(ERROR_NOT_ENOUGH_MEMORY);
+ return FALSE;
+ }
+ szSymPath[0] = 0;
+ // Now first add the (optional) provided sympath:
+ if (this->m_szSymPath != NULL)
+ {
+ strcat_s(szSymPath, nSymPathLen, this->m_szSymPath);
+ strcat_s(szSymPath, nSymPathLen, ";");
+ }
+
+ strcat_s(szSymPath, nSymPathLen, ".;");
+
+ const size_t nTempLen = 1024;
+ char szTemp[nTempLen];
+ // Now add the current directory:
+ if (GetCurrentDirectoryA(nTempLen, szTemp) > 0)
+ {
+ szTemp[nTempLen-1] = 0;
+ strcat_s(szSymPath, nSymPathLen, szTemp);
+ strcat_s(szSymPath, nSymPathLen, ";");
+ }
+
+ // Now add the path for the main-module:
+ if (GetModuleFileNameA(NULL, szTemp, nTempLen) > 0)
+ {
+ szTemp[nTempLen-1] = 0;
+ for (char *p = (szTemp+strlen(szTemp)-1); p >= szTemp; --p)
+ {
+ // locate the rightmost path separator
+ if ( (*p == '\\') || (*p == '/') || (*p == ':') )
+ {
+ *p = 0;
+ break;
+ }
+ } // for (search for path separator...)
+ if (strlen(szTemp) > 0)
+ {
+ strcat_s(szSymPath, nSymPathLen, szTemp);
+ strcat_s(szSymPath, nSymPathLen, ";");
+ }
+ }
+ if (GetEnvironmentVariableA("_NT_SYMBOL_PATH", szTemp, nTempLen) > 0)
+ {
+ szTemp[nTempLen-1] = 0;
+ strcat_s(szSymPath, nSymPathLen, szTemp);
+ strcat_s(szSymPath, nSymPathLen, ";");
+ }
+ if (GetEnvironmentVariableA("_NT_ALTERNATE_SYMBOL_PATH", szTemp, nTempLen) > 0)
+ {
+ szTemp[nTempLen-1] = 0;
+ strcat_s(szSymPath, nSymPathLen, szTemp);
+ strcat_s(szSymPath, nSymPathLen, ";");
+ }
+ if (GetEnvironmentVariableA("SYSTEMROOT", szTemp, nTempLen) > 0)
+ {
+ szTemp[nTempLen-1] = 0;
+ strcat_s(szSymPath, nSymPathLen, szTemp);
+ strcat_s(szSymPath, nSymPathLen, ";");
+ // also add the "system32"-directory:
+ strcat_s(szTemp, nTempLen, "\\system32");
+ strcat_s(szSymPath, nSymPathLen, szTemp);
+ strcat_s(szSymPath, nSymPathLen, ";");
+ }
+
+ if ( (this->m_options & SymBuildPath) != 0)
+ {
+ if (GetEnvironmentVariableA("SYSTEMDRIVE", szTemp, nTempLen) > 0)
+ {
+ szTemp[nTempLen-1] = 0;
+ strcat_s(szSymPath, nSymPathLen, "SRV*");
+ strcat_s(szSymPath, nSymPathLen, szTemp);
+ strcat_s(szSymPath, nSymPathLen, "\\websymbols");
+ strcat_s(szSymPath, nSymPathLen, "*http://msdl.microsoft.com/download/symbols;");
+ }
+ else
+ strcat_s(szSymPath, nSymPathLen, "SRV*c:\\websymbols*http://msdl.microsoft.com/download/symbols;");
+ }
+ }
+
+ // First Init the whole stuff...
+ BOOL bRet = this->m_sw->Init(szSymPath);
+ if (szSymPath != NULL) free(szSymPath); szSymPath = NULL;
+ if (bRet == FALSE)
+ {
+ this->OnDbgHelpErr("Error while initializing dbghelp.dll", 0, 0);
+ SetLastError(ERROR_DLL_INIT_FAILED);
+ return FALSE;
+ }
+
+ bRet = this->m_sw->LoadModules(this->m_hProcess, this->m_dwProcessId);
+ if (bRet != FALSE)
+ m_modulesLoaded = TRUE;
+ return bRet;
+}
+
+
+// The following is used to pass the "userData"-Pointer to the user-provided readMemoryFunction
+// This has to be done due to a problem with the "hProcess"-parameter in x64...
+// Because this class is in no case multi-threading-enabled (because of the limitations
+// of dbghelp.dll) it is "safe" to use a static-variable
+static stack_walker::PReadProcessMemoryRoutine s_readMemoryFunction = NULL;
+static LPVOID s_readMemoryFunction_UserData = NULL;
+
+BOOL stack_walker::ShowCallstack(HANDLE hThread, const CONTEXT *context, PReadProcessMemoryRoutine readMemoryFunction, LPVOID pUserData)
+{
+ CONTEXT c;;
+ CallstackEntry csEntry;
+ IMAGEHLP_SYMBOL64 *pSym = NULL;
+ stack_walkerInternal::IMAGEHLP_MODULE64_V2 Module;
+ IMAGEHLP_LINE64 Line;
+ int frameNum;
+
+ if (m_modulesLoaded == FALSE)
+ this->LoadModules(); // ignore the result...
+
+ if (this->m_sw->m_hDbhHelp == NULL)
+ {
+ SetLastError(ERROR_DLL_INIT_FAILED);
+ return FALSE;
+ }
+
+ s_readMemoryFunction = readMemoryFunction;
+ s_readMemoryFunction_UserData = pUserData;
+
+ if (context == NULL)
+ {
+ // If no context is provided, capture the context
+ if (hThread == GetCurrentThread())
+ {
+ GET_CURRENT_CONTEXT(c, USED_CONTEXT_FLAGS);
+ }
+ else
+ {
+ SuspendThread(hThread);
+ memset(&c, 0, sizeof(CONTEXT));
+ c.ContextFlags = USED_CONTEXT_FLAGS;
+ if (GetThreadContext(hThread, &c) == FALSE)
+ {
+ ResumeThread(hThread);
+ return FALSE;
+ }
+ }
+ }
+ else
+ c = *context;
+
+ // init STACKFRAME for first call
+ STACKFRAME64 s; // in/out stackframe
+ memset(&s, 0, sizeof(s));
+ DWORD imageType;
+#ifdef _M_IX86
+ // normally, call ImageNtHeader() and use machine info from PE header
+ imageType = IMAGE_FILE_MACHINE_I386;
+ s.AddrPC.Offset = c.Eip;
+ s.AddrPC.Mode = AddrModeFlat;
+ s.AddrFrame.Offset = c.Ebp;
+ s.AddrFrame.Mode = AddrModeFlat;
+ s.AddrStack.Offset = c.Esp;
+ s.AddrStack.Mode = AddrModeFlat;
+#elif _M_X64
+ imageType = IMAGE_FILE_MACHINE_AMD64;
+ s.AddrPC.Offset = c.Rip;
+ s.AddrPC.Mode = AddrModeFlat;
+ s.AddrFrame.Offset = c.Rsp;
+ s.AddrFrame.Mode = AddrModeFlat;
+ s.AddrStack.Offset = c.Rsp;
+ s.AddrStack.Mode = AddrModeFlat;
+#elif _M_IA64
+ imageType = IMAGE_FILE_MACHINE_IA64;
+ s.AddrPC.Offset = c.StIIP;
+ s.AddrPC.Mode = AddrModeFlat;
+ s.AddrFrame.Offset = c.IntSp;
+ s.AddrFrame.Mode = AddrModeFlat;
+ s.AddrBStore.Offset = c.RsBSP;
+ s.AddrBStore.Mode = AddrModeFlat;
+ s.AddrStack.Offset = c.IntSp;
+ s.AddrStack.Mode = AddrModeFlat;
+#else
+#error "Platform not supported!"
+#endif
+
+ pSym = (IMAGEHLP_SYMBOL64 *) malloc(sizeof(IMAGEHLP_SYMBOL64) + STACKWALK_MAX_NAMELEN);
+ if (!pSym) goto cleanup; // not enough memory...
+ memset(pSym, 0, sizeof(IMAGEHLP_SYMBOL64) + STACKWALK_MAX_NAMELEN);
+ pSym->SizeOfStruct = sizeof(IMAGEHLP_SYMBOL64);
+ pSym->MaxNameLength = STACKWALK_MAX_NAMELEN;
+
+ memset(&Line, 0, sizeof(Line));
+ Line.SizeOfStruct = sizeof(Line);
+
+ memset(&Module, 0, sizeof(Module));
+ Module.SizeOfStruct = sizeof(Module);
+
+ for (frameNum = 0; ; ++frameNum )
+ {
+ // get next stack frame (StackWalk64(), SymFunctionTableAccess64(), SymGetModuleBase64())
+ // if this returns ERROR_INVALID_ADDRESS (487) or ERROR_NOACCESS (998), you can
+ // assume that either you are done, or that the stack is so hosed that the next
+ // deeper frame could not be found.
+ // CONTEXT need not to be suplied if imageTyp is IMAGE_FILE_MACHINE_I386!
+ if ( ! this->m_sw->pSW(imageType, this->m_hProcess, hThread, &s, &c, myReadProcMem, this->m_sw->pSFTA, this->m_sw->pSGMB, NULL) )
+ {
+ this->OnDbgHelpErr("StackWalk64", GetLastError(), s.AddrPC.Offset);
+ break;
+ }
+
+ csEntry.offset = s.AddrPC.Offset;
+ csEntry.name[0] = 0;
+ csEntry.undName[0] = 0;
+ csEntry.undFullName[0] = 0;
+ csEntry.offsetFromSmybol = 0;
+ csEntry.offsetFromLine = 0;
+ csEntry.lineFileName[0] = 0;
+ csEntry.lineNumber = 0;
+ csEntry.loadedImageName[0] = 0;
+ csEntry.moduleName[0] = 0;
+ if (s.AddrPC.Offset == s.AddrReturn.Offset)
+ {
+ this->OnDbgHelpErr("StackWalk64-Endless-Callstack!", 0, s.AddrPC.Offset);
+ break;
+ }
+ if (s.AddrPC.Offset != 0)
+ {
+ // we seem to have a valid PC
+ // show procedure info (SymGetSymFromAddr64())
+ if (this->m_sw->pSGSFA(this->m_hProcess, s.AddrPC.Offset, &(csEntry.offsetFromSmybol), pSym) != FALSE)
+ {
+ // TODO: Mache dies sicher...!
+ strcpy_s(csEntry.name, pSym->Name);
+ // UnDecorateSymbolName()
+ this->m_sw->pUDSN( pSym->Name, csEntry.undName, STACKWALK_MAX_NAMELEN, UNDNAME_NAME_ONLY );
+ this->m_sw->pUDSN( pSym->Name, csEntry.undFullName, STACKWALK_MAX_NAMELEN, UNDNAME_COMPLETE );
+ }
+ else
+ {
+ this->OnDbgHelpErr("SymGetSymFromAddr64", GetLastError(), s.AddrPC.Offset);
+ }
+
+ // show line number info, NT5.0-method (SymGetLineFromAddr64())
+ if (this->m_sw->pSGLFA != NULL )
+ { // yes, we have SymGetLineFromAddr64()
+ if (this->m_sw->pSGLFA(this->m_hProcess, s.AddrPC.Offset, &(csEntry.offsetFromLine), &Line) != FALSE)
+ {
+ csEntry.lineNumber = Line.LineNumber;
+ // TODO: Mache dies sicher...!
+ strcpy_s(csEntry.lineFileName, Line.FileName);
+ }
+ else
+ {
+ this->OnDbgHelpErr("SymGetLineFromAddr64", GetLastError(), s.AddrPC.Offset);
+ }
+ } // yes, we have SymGetLineFromAddr64()
+
+ // show module info (SymGetModuleInfo64())
+ if (this->m_sw->GetModuleInfo(this->m_hProcess, s.AddrPC.Offset, &Module ) != FALSE)
+ { // got module info OK
+ switch ( Module.SymType )
+ {
+ case SymNone:
+ csEntry.symTypeString = "-nosymbols-";
+ break;
+ case SymCoff:
+ csEntry.symTypeString = "COFF";
+ break;
+ case SymCv:
+ csEntry.symTypeString = "CV";
+ break;
+ case SymPdb:
+ csEntry.symTypeString = "PDB";
+ break;
+ case SymExport:
+ csEntry.symTypeString = "-exported-";
+ break;
+ case SymDeferred:
+ csEntry.symTypeString = "-deferred-";
+ break;
+ case SymSym:
+ csEntry.symTypeString = "SYM";
+ break;
+#if API_VERSION_NUMBER >= 9
+ case SymDia:
+ csEntry.symTypeString = "DIA";
+ break;
+#endif
+ case 8: //SymVirtual:
+ csEntry.symTypeString = "Virtual";
+ break;
+ default:
+ //_snprintf( ty, sizeof ty, "symtype=%ld", (long) Module.SymType );
+ csEntry.symTypeString = NULL;
+ break;
+ }
+
+ // TODO: Mache dies sicher...!
+ strcpy_s(csEntry.moduleName, Module.ModuleName);
+ csEntry.baseOfImage = Module.BaseOfImage;
+ strcpy_s(csEntry.loadedImageName, Module.LoadedImageName);
+ } // got module info OK
+ else
+ {
+ this->OnDbgHelpErr("SymGetModuleInfo64", GetLastError(), s.AddrPC.Offset);
+ }
+ } // we seem to have a valid PC
+
+ CallstackEntryType et = nextEntry;
+ if (frameNum == 0)
+ et = firstEntry;
+ this->OnCallstackEntry(et, csEntry);
+
+ if (s.AddrReturn.Offset == 0)
+ {
+ this->OnCallstackEntry(lastEntry, csEntry);
+ SetLastError(ERROR_SUCCESS);
+ break;
+ }
+ } // for ( frameNum )
+
+ cleanup:
+ if (pSym) free( pSym );
+
+ if (context == NULL)
+ ResumeThread(hThread);
+
+ return TRUE;
+}
+
+BOOL __stdcall stack_walker::myReadProcMem(
+ HANDLE hProcess,
+ DWORD64 qwBaseAddress,
+ PVOID lpBuffer,
+ DWORD nSize,
+ LPDWORD lpNumberOfBytesRead
+ )
+{
+ if (s_readMemoryFunction == NULL)
+ {
+ SIZE_T st;
+ BOOL bRet = ReadProcessMemory(hProcess, (LPVOID) qwBaseAddress, lpBuffer, nSize, &st);
+ *lpNumberOfBytesRead = (DWORD) st;
+ //printf("ReadMemory: hProcess: %p, baseAddr: %p, buffer: %p, size: %d, read: %d, result: %d\n", hProcess, (LPVOID) qwBaseAddress, lpBuffer, nSize, (DWORD) st, (DWORD) bRet);
+ return bRet;
+ }
+ else
+ {
+ return s_readMemoryFunction(hProcess, qwBaseAddress, lpBuffer, nSize, lpNumberOfBytesRead, s_readMemoryFunction_UserData);
+ }
+}
+
+void stack_walker::OnLoadModule(LPCSTR img, LPCSTR mod, DWORD64 baseAddr, DWORD size, DWORD result, LPCSTR symType, LPCSTR pdbName, ULONGLONG fileVersion)
+{
+ CHAR buffer[STACKWALK_MAX_NAMELEN];
+ if (fileVersion == 0)
+ _snprintf_s(buffer, STACKWALK_MAX_NAMELEN, "%s:%s (%p), size: %d (result: %d), SymType: '%s', PDB: '%s'\n", img, mod, (LPVOID) baseAddr, size, result, symType, pdbName);
+ else
+ {
+ DWORD v4 = (DWORD) fileVersion & 0xFFFF;
+ DWORD v3 = (DWORD) (fileVersion>>16) & 0xFFFF;
+ DWORD v2 = (DWORD) (fileVersion>>32) & 0xFFFF;
+ DWORD v1 = (DWORD) (fileVersion>>48) & 0xFFFF;
+ _snprintf_s(buffer, STACKWALK_MAX_NAMELEN, "%s:%s (%p), size: %d (result: %d), SymType: '%s', PDB: '%s', fileVersion: %d.%d.%d.%d\n", img, mod, (LPVOID) baseAddr, size, result, symType, pdbName, v1, v2, v3, v4);
+ }
+ OnOutput(buffer);
+}
+
+void stack_walker::OnCallstackEntry(CallstackEntryType eType, CallstackEntry &entry)
+{
+ CHAR buffer[STACKWALK_MAX_NAMELEN];
+ if ( (eType != lastEntry) && (entry.offset != 0) )
+ {
+ if (entry.name[0] == 0)
+ strcpy_s(entry.name, "(function-name not available)");
+ if (entry.undName[0] != 0)
+ strcpy_s(entry.name, entry.undName);
+ if (entry.undFullName[0] != 0)
+ strcpy_s(entry.name, entry.undFullName);
+ if (entry.lineFileName[0] == 0)
+ {
+ strcpy_s(entry.lineFileName, "(filename not available)");
+ if (entry.moduleName[0] == 0)
+ strcpy_s(entry.moduleName, "(module-name not available)");
+ _snprintf_s(buffer, STACKWALK_MAX_NAMELEN, "%p (%s): %s: %s\n", (LPVOID) entry.offset, entry.moduleName, entry.lineFileName, entry.name);
+ }
+ else
+ _snprintf_s(buffer, STACKWALK_MAX_NAMELEN, "%s (%d): %s\n", entry.lineFileName, entry.lineNumber, entry.name);
+ OnOutput(buffer);
+ }
+}
+
+void stack_walker::OnDbgHelpErr(LPCSTR szFuncName, DWORD gle, DWORD64 addr)
+{
+ CHAR buffer[STACKWALK_MAX_NAMELEN];
+ _snprintf_s(buffer, STACKWALK_MAX_NAMELEN, "ERROR: %s, GetLastError: %d (Address: %p)\n", szFuncName, gle, (LPVOID) addr);
+ OnOutput(buffer);
+}
+
+void stack_walker::OnSymInit(LPCSTR szSearchPath, DWORD symOptions, LPCSTR szUserName)
+{
+ CHAR buffer[STACKWALK_MAX_NAMELEN];
+ _snprintf_s(buffer, STACKWALK_MAX_NAMELEN, "SymInit: Symbol-SearchPath: '%s', symOptions: %d, UserName: '%s'\n", szSearchPath, symOptions, szUserName);
+ OnOutput(buffer);
+ // Also display the OS-version
+#if _MSC_VER <= 1200
+ OSVERSIONINFOA ver;
+ ZeroMemory(&ver, sizeof(OSVERSIONINFOA));
+ ver.dwOSVersionInfoSize = sizeof(ver);
+ if (GetVersionExA(&ver) != FALSE)
+ {
+ _snprintf_s(buffer, STACKWALK_MAX_NAMELEN, "OS-Version: %d.%d.%d (%s)\n",
+ ver.dwMajorVersion, ver.dwMinorVersion, ver.dwBuildNumber,
+ ver.szCSDVersion);
+ OnOutput(buffer);
+ }
+#else
+ OSVERSIONINFOEXA ver;
+ ZeroMemory(&ver, sizeof(OSVERSIONINFOEXA));
+ ver.dwOSVersionInfoSize = sizeof(ver);
+ if (GetVersionExA( (OSVERSIONINFOA*) &ver) != FALSE)
+ {
+ _snprintf_s(buffer, STACKWALK_MAX_NAMELEN, "OS-Version: %d.%d.%d (%s) 0x%x-0x%x\n",
+ ver.dwMajorVersion, ver.dwMinorVersion, ver.dwBuildNumber,
+ ver.szCSDVersion, ver.wSuiteMask, ver.wProductType);
+ OnOutput(buffer);
+ }
+#endif
+}
+
+void stack_walker::OnOutput(LPCSTR buffer)
+{
+ OutputDebugStringA(buffer);
+}