77{
84 PVOID pW32pServiceTable, pW32pServiceLimit;
85 PBYTE pW32pArgumentTable;
88
89 struct
90 {
93 } Sym;
94
95 printf(
"Win32k Syscall dumper\n");
96 printf(
"Copyright (c) Timo Kreuzer 2007-08\n");
97
99
100
102 strcat(szModuleFileName,
"\\win32k.sys");
106 {
107 goto cont;
108 }
109
110
112 strcat(szModuleFileName,
"\\win32k.sys");
116 {
119 }
120
121cont:
122 printf(
"Trying to get syscalls from: %s\n", szModuleFileName);
123
125 {
126 printf(
"SymInitialize() failed\n");
128 }
129
130 printf(
"Loading symbols for %s, please wait...\n", szModuleFileName);
132 if (dwModuleBase == 0)
133 {
136 }
137
139 if (!hMap)
140 {
143 }
144
146 if(!pModule)
147 {
150 }
151
153
157
158
159
160
161 if (!pW32pServiceTable || !pW32pServiceLimit || !pW32pArgumentTable)
162 {
163 printf(
"Couldn't find address!\n");
165 }
166
167 dwServiceLimit = *((
DWORD*)pW32pServiceLimit);
168
170 {
171 DWORD *pdwEntries32 = (
DWORD*)pW32pServiceTable;
172
173 for (
i = 0;
i < dwServiceLimit;
i++)
174 {
178 }
179 }
180 else
181 {
183
184 for (
i = 0;
i < dwServiceLimit;
i++)
185 {
189 }
190 }
191
192
193 printf(
"\nDumping apfnSimpleCall:\n");
196
198 {
200 while (pfnSC64[
i] != 0)
201 {
206 }
207 }
208 else
209 {
211 while (pfnSC32[
i] != 0)
212 {
217 }
218 }
219
221 if (pModule)
222 {
224 }
225 if (hMap)
226 {
228 }
230 {
232 }
233
234 return 0;
235}
#define INVALID_HANDLE_VALUE
#define GetCurrentProcess()
#define FILE_ATTRIBUTE_NORMAL
DWORD64 WINAPI SymLoadModule64(HANDLE hProcess, HANDLE hFile, PCSTR ImageName, PCSTR ModuleName, DWORD64 BaseOfDll, DWORD SizeOfDll)
static void cleanup(void)
HANDLE NTAPI CreateFileMappingA(IN HANDLE hFile, IN LPSECURITY_ATTRIBUTES lpFileMappingAttributes, IN DWORD flProtect, IN DWORD dwMaximumSizeHigh, IN DWORD dwMaximumSizeLow, IN LPCSTR lpName)
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
#define IMAGE_FILE_MACHINE_I386
BOOL WINAPI SymEnumSymbolsForAddr(HANDLE hProcess, DWORD64 Address, PSYM_ENUMERATESYMBOLS_CALLBACK Callback, PVOID pUserContext)
BOOL InitDbgHelp(HANDLE hProcess)
PVOID ImageSymToVa(HANDLE hProcess, PSYMBOL_INFO pSym, PBYTE pModule, PCSTR Name)
BOOL CALLBACK EnumSymbolsProc(PSYMBOL_INFO pSymInfo, ULONG SymbolSize, PVOID UserContext)
#define GetSystemDirectory
#define GetCurrentDirectory