ReactOS  0.4.15-dev-5112-g22d8c0f
syscalldump.c File Reference
#include <stdio.h>
#include <stdlib.h>
#include <ctype.h>
#include <windows.h>
#include <shlwapi.h>
#include <dbghelp.h>
Include dependency graph for syscalldump.c:

Go to the source code of this file.

Macros

#define _WINVER   0x501
 
#define SYMOPT_ALLOW_ABSOLUTE_SYMBOLS   0x00000800
 
#define MAX_SYMBOL_NAME   1024
 

Functions

BOOL InitDbgHelp (HANDLE hProcess)
 
PVOID ImageSymToVa (HANDLE hProcess, PSYMBOL_INFO pSym, PBYTE pModule, PCSTR Name)
 
BOOL CALLBACK EnumSymbolsProc (PSYMBOL_INFO pSymInfo, ULONG SymbolSize, PVOID UserContext)
 
int main (int argc, char *argv[])
 

Variables

HANDLE hCurrentProcess
 
BOOL bX64
 

Macro Definition Documentation

◆ _WINVER

#define _WINVER   0x501

Definition at line 4 of file syscalldump.c.

◆ MAX_SYMBOL_NAME

#define MAX_SYMBOL_NAME   1024

Definition at line 13 of file syscalldump.c.

◆ SYMOPT_ALLOW_ABSOLUTE_SYMBOLS

#define SYMOPT_ALLOW_ABSOLUTE_SYMBOLS   0x00000800

Definition at line 5 of file syscalldump.c.

Function Documentation

◆ EnumSymbolsProc()

BOOL CALLBACK EnumSymbolsProc ( PSYMBOL_INFO  pSymInfo,
ULONG  SymbolSize,
PVOID  UserContext 
)

Definition at line 53 of file syscalldump.c.

57 {
58  if ((INT_PTR)UserContext == -1)
59  {
60  printf("%s ", pSymInfo->Name);
61  }
62  else
63  {
64  if (!bX64)
65  {
66  printf("%s@%Iu ", pSymInfo->Name, (UINT_PTR)UserContext);
67  }
68  else
69  {
70  printf("%s <+ %Iu> ", pSymInfo->Name, (UINT_PTR)UserContext);
71  }
72  }
73  return TRUE;
74 }
BOOL bX64
Definition: syscalldump.c:11
CHAR Name[1]
Definition: compat.h:911
#define TRUE
Definition: types.h:120
int32_t INT_PTR
Definition: typedefs.h:64
#define printf
Definition: freeldr.h:94
unsigned __int3264 UINT_PTR
Definition: mstsclib_h.h:274

Referenced by main().

◆ ImageSymToVa()

PVOID ImageSymToVa ( HANDLE  hProcess,
PSYMBOL_INFO  pSym,
PBYTE  pModule,
PCSTR  Name 
)

Definition at line 27 of file syscalldump.c.

28 {
29  PIMAGE_NT_HEADERS NtHeaders;
30  PVOID p;
31 
32  pSym->SizeOfStruct = sizeof(SYMBOL_INFO);
33  pSym->MaxNameLen = MAX_SYMBOL_NAME-1;
34 
35  if (!SymFromName(hProcess, Name, pSym))
36  {
37  printf("SymGetSymFromName64() failed: %ld\n", GetLastError());
38  return 0;
39  }
40 #if defined(__GNUC__) && \
41  (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__ < 40400)
42  printf("looking up adress for %s: 0x%llx\n", Name, pSym->Address);
43 #else
44  printf("looking up adress for %s: 0x%I64x\n", Name, pSym->Address);
45 #endif
46 
47  NtHeaders = ImageNtHeader(pModule);
48  p = ImageRvaToVa(NtHeaders, pModule, pSym->Address - pSym->ModBase, NULL);
49 
50  return p;
51 }
ULONG MaxNameLen
Definition: compat.h:910
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1040
_In_ BOOL _In_ HANDLE hProcess
Definition: mapping.h:70
ULONG64 Address
Definition: compat.h:905
ULONG64 ModBase
Definition: compat.h:902
#define printf
Definition: freeldr.h:94
struct _SYMBOL_INFO SYMBOL_INFO
ULONG SizeOfStruct
Definition: compat.h:897
PVOID WINAPI ImageRvaToVa(_In_ PIMAGE_NT_HEADERS, _In_ PVOID, _In_ ULONG, _In_opt_ PIMAGE_SECTION_HEADER *)
#define NULL
Definition: types.h:112
BOOL WINAPI SymFromName(HANDLE hProcess, PCSTR Name, PSYMBOL_INFO Symbol)
Definition: symbol.c:1392
PIMAGE_NT_HEADERS WINAPI ImageNtHeader(_In_ PVOID)
#define MAX_SYMBOL_NAME
Definition: syscalldump.c:13
GLfloat GLfloat p
Definition: glext.h:8902

Referenced by main().

◆ InitDbgHelp()

BOOL InitDbgHelp ( HANDLE  hProcess)

Definition at line 15 of file syscalldump.c.

16 {
17  if (!SymInitialize(hProcess, 0, FALSE))
18  return FALSE;
19 
22  SymSetSearchPath(hProcess, "srv**symbols*http://msdl.microsoft.com/download/symbols");
23  return TRUE;
24 }
DWORD WINAPI SymSetOptions(DWORD opts)
Definition: dbghelp.c:585
#define TRUE
Definition: types.h:120
#define SYMOPT_ALLOW_ABSOLUTE_SYMBOLS
Definition: syscalldump.c:5
_In_ BOOL _In_ HANDLE hProcess
Definition: mapping.h:70
#define SYMOPT_DEFERRED_LOADS
Definition: compat.h:848
#define FALSE
Definition: types.h:117
BOOL WINAPI SymInitialize(HANDLE hProcess, PCSTR UserSearchPath, BOOL fInvadeProcess)
Definition: dbghelp.c:534
BOOL WINAPI SymSetSearchPath(HANDLE hProcess, PCSTR searchPath)
Definition: dbghelp.c:263
DWORD WINAPI SymGetOptions(void)
Definition: dbghelp.c:600

Referenced by main().

◆ main()

int main ( int argc  ,
char argv[] 
)

hosttype.c Copyright (C) 2002 by Brian Palmer brian.nosp@m.p@sg.nosp@m.inet..nosp@m.com

Definition at line 76 of file syscalldump.c.

77 {
79  CHAR szModuleFileName[MAX_PATH+1];
80  DWORD64 dwModuleBase;
81  HANDLE hFile = 0, hMap = 0;
82  PBYTE pModule = NULL;
83  UINT i;
84  PVOID pW32pServiceTable, pW32pServiceLimit;
85  PBYTE pW32pArgumentTable;
86  PVOID pfnSimpleCall;
87  DWORD dwServiceLimit;
88 
89  struct
90  {
93  } Sym;
94 
95  printf("Win32k Syscall dumper\n");
96  printf("Copyright (c) Timo Kreuzer 2007-08\n");
97 
99 
100  // try current dir
101  GetCurrentDirectory(MAX_PATH, szModuleFileName);
102  strcat(szModuleFileName, "\\win32k.sys");
103  hFile = CreateFile(szModuleFileName, FILE_READ_DATA, FILE_SHARE_READ, NULL,
106  {
107  goto cont;
108  }
109 
110  // try system dir
111  GetSystemDirectory(szModuleFileName, MAX_PATH);
112  strcat(szModuleFileName, "\\win32k.sys");
113  hFile = CreateFile(szModuleFileName, FILE_READ_DATA, FILE_SHARE_READ, NULL,
116  {
117  printf("CreateFile() failed: %ld!\n", GetLastError());
118  goto cleanup;
119  }
120 
121 cont:
122  printf("Trying to get syscalls from: %s\n", szModuleFileName);
123 
124  if (!InitDbgHelp(hProcess))
125  {
126  printf("SymInitialize() failed\n");
127  goto cleanup;
128  }
129 
130  printf("Loading symbols for %s, please wait...\n", szModuleFileName);
131  dwModuleBase = SymLoadModule64(hProcess, 0, szModuleFileName, 0, 0, 0);
132  if (dwModuleBase == 0)
133  {
134  printf("SymLoadModule64() failed: %ld\n", GetLastError());
135  goto cleanup;
136  }
137 
139  if (!hMap)
140  {
141  printf("CreateFileMapping() failed: %ld\n", GetLastError());
142  goto cleanup;
143  }
144 
145  pModule = MapViewOfFile(hMap, FILE_MAP_READ, 0, 0, 0);
146  if(!pModule)
147  {
148  printf("MapViewOfFile() failed: %ld\n", GetLastError());
149  goto cleanup;
150  }
151 
153 
154  pW32pServiceTable = ImageSymToVa(hProcess, &Sym.Symbol, pModule, "W32pServiceTable");
155  pW32pServiceLimit = ImageSymToVa(hProcess, &Sym.Symbol, pModule, "W32pServiceLimit");
156  pW32pArgumentTable = ImageSymToVa(hProcess, &Sym.Symbol, pModule, "W32pArgumentTable");
157 // printf("pW32pServiceTable = %p\n", pW32pServiceTable);
158 // printf("pW32pServiceLimit = %p\n", pW32pServiceLimit);
159 // printf("pW32pArgumentTable = %p\n", pW32pArgumentTable);
160 
161  if (!pW32pServiceTable || !pW32pServiceLimit || !pW32pArgumentTable)
162  {
163  printf("Couldn't find adress!\n");
164  goto cleanup;
165  }
166 
167  dwServiceLimit = *((DWORD*)pW32pServiceLimit);
168 
169  if (!bX64)
170  {
171  DWORD *pdwEntries32 = (DWORD*)pW32pServiceTable;
172 
173  for (i = 0; i < dwServiceLimit; i++)
174  {
175  printf("0x%x:", i+0x1000);
176  SymEnumSymbolsForAddr(hProcess, (DWORD64)pdwEntries32[i], EnumSymbolsProc, (PVOID)(DWORD_PTR)pW32pArgumentTable[i]);
177  printf("\n");
178  }
179  }
180  else
181  {
182  DWORD64 *pdwEntries64 = (DWORD64*)pW32pServiceTable;
183 
184  for (i = 0; i < dwServiceLimit; i++)
185  {
186  printf("0x%x:", i+0x1000);
187  SymEnumSymbolsForAddr(hProcess, (DWORD64)pdwEntries64[i], EnumSymbolsProc, (PVOID)(DWORD_PTR)pW32pArgumentTable[i]);
188  printf("\n");
189  }
190  }
191 
192  /* Dump apfnSimpleCall */
193  printf("\nDumping apfnSimpleCall:\n");
194  pfnSimpleCall = (PVOID*)ImageSymToVa(hProcess, &Sym.Symbol, pModule, "apfnSimpleCall");
195  i = 0;
196 
197  if (bX64)
198  {
199  DWORD64 *pfnSC64 = (DWORD64*)pfnSimpleCall;
200  while (pfnSC64[i] != 0)
201  {
202  printf("0x%x:", i);
204  printf("\n");
205  i++;
206  }
207  }
208  else
209  {
210  DWORD *pfnSC32 = (DWORD*)pfnSimpleCall;
211  while (pfnSC32[i] != 0)
212  {
213  printf("0x%x:", i);
215  printf("\n");
216  i++;
217  }
218  }
219 
220 cleanup:
221  if (pModule)
222  {
223  UnmapViewOfFile(pModule);
224  }
225  if (hMap)
226  {
227  CloseHandle(hMap);
228  }
229  if (hFile)
230  {
232  }
233 
234  return 0;
235 }
BOOL bX64
Definition: syscalldump.c:11
BOOL CALLBACK EnumSymbolsProc(PSYMBOL_INFO pSymInfo, ULONG SymbolSize, PVOID UserContext)
Definition: syscalldump.c:53
#define CloseHandle
Definition: compat.h:598
#define MapViewOfFile
Definition: compat.h:604
char * strcat(char *DstString, const char *SrcString)
Definition: utclib.c:568
char CHAR
Definition: xmlstorage.h:175
#define INVALID_HANDLE_VALUE
Definition: compat.h:590
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1040
_In_ BOOL _In_ HANDLE hProcess
Definition: mapping.h:70
PVOID ImageSymToVa(HANDLE hProcess, PSYMBOL_INFO pSym, PBYTE pModule, PCSTR Name)
Definition: syscalldump.c:27
#define FILE_SHARE_READ
Definition: compat.h:136
#define FILE_READ_DATA
Definition: nt_native.h:628
#define GetCurrentDirectory
Definition: winbase.h:3666
#define FILE_MAP_READ
Definition: compat.h:635
IMAGE_FILE_HEADER FileHeader
Definition: ntddk_ex.h:183
#define OPEN_EXISTING
Definition: compat.h:634
#define IMAGE_FILE_MACHINE_I386
Definition: pedump.c:174
BOOLEAN Symbol(PVRET pvr)
Definition: symbols.c:2890
DWORD64 WINAPI SymLoadModule64(HANDLE hProcess, HANDLE hFile, PCSTR ImageName, PCSTR ModuleName, DWORD64 BaseOfDll, DWORD SizeOfDll)
Definition: module.c:878
#define printf
Definition: freeldr.h:94
#define MAX_PATH
Definition: compat.h:34
unsigned long DWORD
Definition: ntddk_ex.h:95
#define FILE_ATTRIBUTE_NORMAL
Definition: compat.h:137
#define GetCurrentProcess()
Definition: compat.h:618
uint32_t DWORD_PTR
Definition: typedefs.h:65
_In_ HANDLE hFile
Definition: mswsock.h:90
#define GetSystemDirectory
Definition: winbase.h:3703
uint64_t DWORD64
Definition: typedefs.h:67
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
IN OUT PVCB OUT PDIRENT OUT PBCB IN BOOLEAN CreateFile
Definition: fatprocs.h:913
unsigned int UINT
Definition: ndis.h:50
#define NULL
Definition: types.h:112
#define PAGE_READONLY
Definition: compat.h:138
BOOL InitDbgHelp(HANDLE hProcess)
Definition: syscalldump.c:15
BOOL WINAPI SymEnumSymbolsForAddr(HANDLE hProcess, DWORD64 Address, PSYM_ENUMERATESYMBOLS_CALLBACK Callback, PVOID pUserContext)
Definition: rosstubs.c:147
char * cleanup(char *str)
Definition: wpickclick.c:99
PIMAGE_NT_HEADERS WINAPI ImageNtHeader(_In_ PVOID)
#define MAX_SYMBOL_NAME
Definition: syscalldump.c:13
#define UnmapViewOfFile
Definition: compat.h:605
BYTE * PBYTE
Definition: pedump.c:66
HANDLE NTAPI CreateFileMappingA(IN HANDLE hFile, IN LPSECURITY_ATTRIBUTES lpFileMappingAttributes, IN DWORD flProtect, IN DWORD dwMaximumSizeHigh, IN DWORD dwMaximumSizeLow, IN LPCSTR lpName)
Definition: filemap.c:23

Variable Documentation

◆ bX64

BOOL bX64

Definition at line 11 of file syscalldump.c.

Referenced by EnumSymbolsProc(), and main().

◆ hCurrentProcess

HANDLE hCurrentProcess

Definition at line 10 of file syscalldump.c.