ReactOS 0.4.15-dev-7842-g558ab78
syscalldump.c File Reference
#include <stdio.h>
#include <stdlib.h>
#include <ctype.h>
#include <windows.h>
#include <shlwapi.h>
#include <dbghelp.h>
Include dependency graph for syscalldump.c:

Go to the source code of this file.

Macros

#define _WINVER   0x501
 
#define SYMOPT_ALLOW_ABSOLUTE_SYMBOLS   0x00000800
 
#define MAX_SYMBOL_NAME   1024
 

Functions

BOOL InitDbgHelp (HANDLE hProcess)
 
PVOID ImageSymToVa (HANDLE hProcess, PSYMBOL_INFO pSym, PBYTE pModule, PCSTR Name)
 
BOOL CALLBACK EnumSymbolsProc (PSYMBOL_INFO pSymInfo, ULONG SymbolSize, PVOID UserContext)
 
int main (int argc, char *argv[])
 

Variables

HANDLE hCurrentProcess
 
BOOL bX64
 

Macro Definition Documentation

◆ _WINVER

#define _WINVER   0x501

Definition at line 4 of file syscalldump.c.

◆ MAX_SYMBOL_NAME

#define MAX_SYMBOL_NAME   1024

Definition at line 13 of file syscalldump.c.

◆ SYMOPT_ALLOW_ABSOLUTE_SYMBOLS

#define SYMOPT_ALLOW_ABSOLUTE_SYMBOLS   0x00000800

Definition at line 5 of file syscalldump.c.

Function Documentation

◆ EnumSymbolsProc()

BOOL CALLBACK EnumSymbolsProc ( PSYMBOL_INFO  pSymInfo,
ULONG  SymbolSize,
PVOID  UserContext 
)

Definition at line 53 of file syscalldump.c.

57{
58 if ((INT_PTR)UserContext == -1)
59 {
60 printf("%s ", pSymInfo->Name);
61 }
62 else
63 {
64 if (!bX64)
65 {
66 printf("%s@%Iu ", pSymInfo->Name, (UINT_PTR)UserContext);
67 }
68 else
69 {
70 printf("%s <+ %Iu> ", pSymInfo->Name, (UINT_PTR)UserContext);
71 }
72 }
73 return TRUE;
74}
#define TRUE
Definition: types.h:120
#define printf
Definition: freeldr.h:93
unsigned __int3264 UINT_PTR
Definition: mstsclib_h.h:274
CHAR Name[1]
Definition: compat.h:1052
BOOL bX64
Definition: syscalldump.c:11
int32_t INT_PTR
Definition: typedefs.h:64

Referenced by main().

◆ ImageSymToVa()

PVOID ImageSymToVa ( HANDLE  hProcess,
PSYMBOL_INFO  pSym,
PBYTE  pModule,
PCSTR  Name 
)

Definition at line 27 of file syscalldump.c.

28{
29 PIMAGE_NT_HEADERS NtHeaders;
30 PVOID p;
31
32 pSym->SizeOfStruct = sizeof(SYMBOL_INFO);
34
35 if (!SymFromName(hProcess, Name, pSym))
36 {
37 printf("SymGetSymFromName64() failed: %ld\n", GetLastError());
38 return 0;
39 }
40#if defined(__GNUC__) && \
41 (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__ < 40400)
42 printf("looking up address for %s: 0x%llx\n", Name, pSym->Address);
43#else
44 printf("looking up address for %s: 0x%I64x\n", Name, pSym->Address);
45#endif
46
47 NtHeaders = ImageNtHeader(pModule);
48 p = ImageRvaToVa(NtHeaders, pModule, pSym->Address - pSym->ModBase, NULL);
49
50 return p;
51}
PIMAGE_NT_HEADERS WINAPI ImageNtHeader(_In_ PVOID)
PVOID WINAPI ImageRvaToVa(_In_ PIMAGE_NT_HEADERS, _In_ PVOID, _In_ ULONG, _In_opt_ PIMAGE_SECTION_HEADER *)
#define NULL
Definition: types.h:112
struct _SYMBOL_INFO SYMBOL_INFO
GLfloat GLfloat p
Definition: glext.h:8902
_In_ BOOL _In_ HANDLE hProcess
Definition: mapping.h:71
ULONG64 ModBase
Definition: compat.h:1043
ULONG SizeOfStruct
Definition: compat.h:1038
ULONG64 Address
Definition: compat.h:1046
ULONG MaxNameLen
Definition: compat.h:1051
BOOL WINAPI SymFromName(HANDLE hProcess, PCSTR Name, PSYMBOL_INFO Symbol)
Definition: symbol.c:1392
#define MAX_SYMBOL_NAME
Definition: syscalldump.c:13
DWORD WINAPI GetLastError(void)
Definition: except.c:1042

Referenced by main().

◆ InitDbgHelp()

BOOL InitDbgHelp ( HANDLE  hProcess)

Definition at line 15 of file syscalldump.c.

16{
18 return FALSE;
19
22 SymSetSearchPath(hProcess, "srv**symbols*http://msdl.microsoft.com/download/symbols");
23 return TRUE;
24}
#define FALSE
Definition: types.h:117
BOOL WINAPI SymInitialize(HANDLE hProcess, PCSTR UserSearchPath, BOOL fInvadeProcess)
Definition: dbghelp.c:534
#define SYMOPT_DEFERRED_LOADS
Definition: compat.h:989
DWORD WINAPI SymSetOptions(DWORD opts)
Definition: dbghelp.c:585
BOOL WINAPI SymSetSearchPath(HANDLE hProcess, PCSTR searchPath)
Definition: dbghelp.c:263
DWORD WINAPI SymGetOptions(void)
Definition: dbghelp.c:600
#define SYMOPT_ALLOW_ABSOLUTE_SYMBOLS
Definition: syscalldump.c:5

Referenced by main().

◆ main()

int main ( int argc  ,
char argv[] 
)

Definition at line 76 of file syscalldump.c.

77{
79 CHAR szModuleFileName[MAX_PATH+1];
80 DWORD64 dwModuleBase;
81 HANDLE hFile = 0, hMap = 0;
82 PBYTE pModule = NULL;
83 UINT i;
84 PVOID pW32pServiceTable, pW32pServiceLimit;
85 PBYTE pW32pArgumentTable;
86 PVOID pfnSimpleCall;
87 DWORD dwServiceLimit;
88
89 struct
90 {
93 } Sym;
94
95 printf("Win32k Syscall dumper\n");
96 printf("Copyright (c) Timo Kreuzer 2007-08\n");
97
99
100 // try current dir
101 GetCurrentDirectory(MAX_PATH, szModuleFileName);
102 strcat(szModuleFileName, "\\win32k.sys");
103 hFile = CreateFile(szModuleFileName, FILE_READ_DATA, FILE_SHARE_READ, NULL,
106 {
107 goto cont;
108 }
109
110 // try system dir
111 GetSystemDirectory(szModuleFileName, MAX_PATH);
112 strcat(szModuleFileName, "\\win32k.sys");
113 hFile = CreateFile(szModuleFileName, FILE_READ_DATA, FILE_SHARE_READ, NULL,
116 {
117 printf("CreateFile() failed: %ld!\n", GetLastError());
118 goto cleanup;
119 }
120
121cont:
122 printf("Trying to get syscalls from: %s\n", szModuleFileName);
123
124 if (!InitDbgHelp(hProcess))
125 {
126 printf("SymInitialize() failed\n");
127 goto cleanup;
128 }
129
130 printf("Loading symbols for %s, please wait...\n", szModuleFileName);
131 dwModuleBase = SymLoadModule64(hProcess, 0, szModuleFileName, 0, 0, 0);
132 if (dwModuleBase == 0)
133 {
134 printf("SymLoadModule64() failed: %ld\n", GetLastError());
135 goto cleanup;
136 }
137
139 if (!hMap)
140 {
141 printf("CreateFileMapping() failed: %ld\n", GetLastError());
142 goto cleanup;
143 }
144
145 pModule = MapViewOfFile(hMap, FILE_MAP_READ, 0, 0, 0);
146 if(!pModule)
147 {
148 printf("MapViewOfFile() failed: %ld\n", GetLastError());
149 goto cleanup;
150 }
151
153
154 pW32pServiceTable = ImageSymToVa(hProcess, &Sym.Symbol, pModule, "W32pServiceTable");
155 pW32pServiceLimit = ImageSymToVa(hProcess, &Sym.Symbol, pModule, "W32pServiceLimit");
156 pW32pArgumentTable = ImageSymToVa(hProcess, &Sym.Symbol, pModule, "W32pArgumentTable");
157// printf("pW32pServiceTable = %p\n", pW32pServiceTable);
158// printf("pW32pServiceLimit = %p\n", pW32pServiceLimit);
159// printf("pW32pArgumentTable = %p\n", pW32pArgumentTable);
160
161 if (!pW32pServiceTable || !pW32pServiceLimit || !pW32pArgumentTable)
162 {
163 printf("Couldn't find address!\n");
164 goto cleanup;
165 }
166
167 dwServiceLimit = *((DWORD*)pW32pServiceLimit);
168
169 if (!bX64)
170 {
171 DWORD *pdwEntries32 = (DWORD*)pW32pServiceTable;
172
173 for (i = 0; i < dwServiceLimit; i++)
174 {
175 printf("0x%x:", i+0x1000);
176 SymEnumSymbolsForAddr(hProcess, (DWORD64)pdwEntries32[i], EnumSymbolsProc, (PVOID)(DWORD_PTR)pW32pArgumentTable[i]);
177 printf("\n");
178 }
179 }
180 else
181 {
182 DWORD64 *pdwEntries64 = (DWORD64*)pW32pServiceTable;
183
184 for (i = 0; i < dwServiceLimit; i++)
185 {
186 printf("0x%x:", i+0x1000);
187 SymEnumSymbolsForAddr(hProcess, (DWORD64)pdwEntries64[i], EnumSymbolsProc, (PVOID)(DWORD_PTR)pW32pArgumentTable[i]);
188 printf("\n");
189 }
190 }
191
192 /* Dump apfnSimpleCall */
193 printf("\nDumping apfnSimpleCall:\n");
194 pfnSimpleCall = (PVOID*)ImageSymToVa(hProcess, &Sym.Symbol, pModule, "apfnSimpleCall");
195 i = 0;
196
197 if (bX64)
198 {
199 DWORD64 *pfnSC64 = (DWORD64*)pfnSimpleCall;
200 while (pfnSC64[i] != 0)
201 {
202 printf("0x%x:", i);
204 printf("\n");
205 i++;
206 }
207 }
208 else
209 {
210 DWORD *pfnSC32 = (DWORD*)pfnSimpleCall;
211 while (pfnSC32[i] != 0)
212 {
213 printf("0x%x:", i);
215 printf("\n");
216 i++;
217 }
218 }
219
220cleanup:
221 if (pModule)
222 {
223 UnmapViewOfFile(pModule);
224 }
225 if (hMap)
226 {
227 CloseHandle(hMap);
228 }
229 if (hFile)
230 {
232 }
233
234 return 0;
235}
char * strcat(char *DstString, const char *SrcString)
Definition: utclib.c:568
Definition: Symbol.h:9
#define CloseHandle
Definition: compat.h:739
#define PAGE_READONLY
Definition: compat.h:138
#define UnmapViewOfFile
Definition: compat.h:746
#define OPEN_EXISTING
Definition: compat.h:775
#define INVALID_HANDLE_VALUE
Definition: compat.h:731
#define GetCurrentProcess()
Definition: compat.h:759
#define MAX_PATH
Definition: compat.h:34
#define FILE_MAP_READ
Definition: compat.h:776
#define FILE_ATTRIBUTE_NORMAL
Definition: compat.h:137
#define MapViewOfFile
Definition: compat.h:745
#define FILE_SHARE_READ
Definition: compat.h:136
DWORD64 WINAPI SymLoadModule64(HANDLE hProcess, HANDLE hFile, PCSTR ImageName, PCSTR ModuleName, DWORD64 BaseOfDll, DWORD SizeOfDll)
Definition: module.c:878
static void cleanup(void)
Definition: main.c:1335
HANDLE NTAPI CreateFileMappingA(IN HANDLE hFile, IN LPSECURITY_ATTRIBUTES lpFileMappingAttributes, IN DWORD flProtect, IN DWORD dwMaximumSizeHigh, IN DWORD dwMaximumSizeLow, IN LPCSTR lpName)
Definition: filemap.c:23
unsigned long DWORD
Definition: ntddk_ex.h:95
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
_In_ HANDLE hFile
Definition: mswsock.h:90
unsigned int UINT
Definition: ndis.h:50
#define FILE_READ_DATA
Definition: nt_native.h:628
#define IMAGE_FILE_MACHINE_I386
Definition: pedump.c:174
BYTE * PBYTE
Definition: pedump.c:66
BOOL WINAPI SymEnumSymbolsForAddr(HANDLE hProcess, DWORD64 Address, PSYM_ENUMERATESYMBOLS_CALLBACK Callback, PVOID pUserContext)
Definition: rosstubs.c:147
IMAGE_FILE_HEADER FileHeader
Definition: ntddk_ex.h:183
BOOL InitDbgHelp(HANDLE hProcess)
Definition: syscalldump.c:15
PVOID ImageSymToVa(HANDLE hProcess, PSYMBOL_INFO pSym, PBYTE pModule, PCSTR Name)
Definition: syscalldump.c:27
BOOL CALLBACK EnumSymbolsProc(PSYMBOL_INFO pSymInfo, ULONG SymbolSize, PVOID UserContext)
Definition: syscalldump.c:53
uint32_t DWORD_PTR
Definition: typedefs.h:65
uint64_t DWORD64
Definition: typedefs.h:67
#define GetSystemDirectory
Definition: winbase.h:3777
#define CreateFile
Definition: winbase.h:3684
#define GetCurrentDirectory
Definition: winbase.h:3740
char CHAR
Definition: xmlstorage.h:175

Variable Documentation

◆ bX64

BOOL bX64

Definition at line 11 of file syscalldump.c.

Referenced by EnumSymbolsProc(), and main().

◆ hCurrentProcess

HANDLE hCurrentProcess

Definition at line 10 of file syscalldump.c.