郁金香外挂技术-郁金香灬老师

 找回密码
 立即注册

QQ登录

只需一步,快速开始

扫一扫,访问微社区

郁金香终身VIP管理员QQ150330575项目合作(有实力的+)视频教程+每月更新+QQ群
飞郁视频分享(每周更新)
查看: 633|回复: 0

利用dbghelp解析PDB符号 代码 示例

[复制链接]
发表于 2019-9-7 13:35:37 | 显示全部楼层 |阅读模式
[code]#include "stdafx.h"
#include "DbgHelpWrapper.h"


DbgHelpWrapper::DbgHelpWrapper() {
        hProcess = GetCurrentProcess();
}

DbgHelpWrapper::~DbgHelpWrapper() {
        DeinitializeDbgHelp();
}



BOOL DbgHelpWrapper::InitializeDbgHelp(LPSTR SymbolsPath) {
        if (SymbolsPath == NULL) SymbolsPath = (LPSTR)DefaultSymbolsPath;

        if (IsInitialized) DeinitializeDbgHelp();
        IsInitialized = SymInitialize(hProcess, SymbolsPath, FALSE);
        return IsInitialized;
}

BOOL DbgHelpWrapper::DeinitializeDbgHelp() {
        if (IsInitialized) {
                if (SymCleanup(hProcess)) IsInitialized = FALSE;
        }
        return IsInitialized;
}



BOOL DbgHelpWrapper::LoadSymbols(LPSTR ModulePath) {
        ModuleBase = SymLoadModuleEx(hProcess, NULL, ModulePath, NULL, 0, 0, NULL, 0);
        return ModuleBase != 0;
}

BOOL DbgHelpWrapper::GetRootSymbol(LPSTR SymbolName, PULONG SymbolIndex) {
        SYMBOL_INFO SymbolInfo;
        SymbolInfo.SizeOfStruct = sizeof(SymbolInfo);
        BOOL Status = SymGetTypeFromName(hProcess, ModuleBase, SymbolName, &SymbolInfo);
        if (Status) *SymbolIndex = SymbolInfo.Index;
        return Status;
}

BOOL DbgHelpWrapper::GetChildrenCount(ULONG SymbolIndex, OUT PULONG ChildrenCount) {
        return SymGetTypeInfo(hProcess, ModuleBase, SymbolIndex, TI_GET_CHILDRENCOUNT, ChildrenCount);
}

BOOL DbgHelpWrapper::GetChildrenSymbols(
        ULONG     ParentSymbolIndex,
        ULONG*    IndicesBuffer,
        ULONG     MaxIndices,
        OUT ULONG &ChildrenCount
) {
        if ((IndicesBuffer == NULL) || (MaxIndices == 0)) return FALSE;

        // Получаем количество внутренних элементов ("наследников"):
        if (!GetChildrenCount(ParentSymbolIndex, &ChildrenCount)) return FALSE;
        if (ChildrenCount == 0) return TRUE;

        CONST ULONG FindChildrenSize = sizeof(TI_FINDCHILDREN_PARAMS) + ChildrenCount * sizeof(ULONG);
        TI_FINDCHILDREN_PARAMS* FindChildrenParams = (TI_FINDCHILDREN_PARAMS*)malloc(FindChildrenSize);
        memset(FindChildrenParams, 0, FindChildrenSize);

        FindChildrenParams->Count = ChildrenCount;

        // Получаем наследников:
        if (!SymGetTypeInfo(hProcess, ModuleBase, ParentSymbolIndex, TI_FINDCHILDREN, FindChildrenParams)) {
                free(FindChildrenParams);
                return FALSE;
        }

        // Копируем индексы наследников в выходной массив:
        ULONG IndicesToCopyCount = ChildrenCount > MaxIndices ? MaxIndices : ChildrenCount;
        for (ULONG i = 0; i < IndicesToCopyCount; i++) {
                IndicesBuffer[i] = FindChildrenParams->ChildId[i];
        }

        free(FindChildrenParams);

        return TRUE;
}



ULONG DbgHelpWrapper::GetSymbolIndex(LPWSTR SymbolName, ULONG* IndicesBuffer, ULONG IndicesCount) {
        for (ULONG i = 0; i < IndicesCount; i++) {
                LPWSTR CurrentSymbolName = NULL;
                if (GetSymbolName(IndicesBuffer[i], &CurrentSymbolName)) {
                        if (wcscmp(CurrentSymbolName, SymbolName) == 0) {
                                FreeSymbolName(SymbolName);
                                return IndicesBuffer[i];
                        }

                        FreeSymbolName(SymbolName);
                }
        }

        return 0;
}

ULONG DbgHelpWrapper::GetSymbolIndex(ULONG ParentSymbolIndex, LPWSTR SymbolName) {
        ULONG ChildrenIndex = 0;
       
        ULONG ChildrenCount = 0;
        if (!GetChildrenCount(ParentSymbolIndex, &ChildrenCount)) return 0;
        if (ChildrenCount == 0) return 0;
       
        PULONG ChildrenIndices = (PULONG)malloc(ChildrenCount * sizeof(ULONG));
        memset(ChildrenIndices, 0, ChildrenCount);

        if (GetChildrenSymbols(ParentSymbolIndex, ChildrenIndices, ChildrenCount, ChildrenCount)) {
                ChildrenIndex = GetSymbolIndex(SymbolName, ChildrenIndices, ChildrenCount);
        }

        free(ChildrenIndices);

        return ChildrenIndex;
}



BOOL DbgHelpWrapper::GetSymbolName(ULONG SymbolIndex, OUT LPWSTR* SymbolName) {
        return SymGetTypeInfo(hProcess, ModuleBase, SymbolIndex, TI_GET_SYMNAME, SymbolName);
}

VOID DbgHelpWrapper::FreeSymbolName(LPWSTR SymbolName) {
        VirtualFree(SymbolName, 0, MEM_RELEASE);
}

BOOL DbgHelpWrapper::GetSymbolOffset(ULONG SymbolIndex, OUT PULONG Offset) {
        return SymGetTypeInfo(hProcess, ModuleBase, SymbolIndex, TI_GET_OFFSET, Offset);
}[/code]
郁金香外挂教程,学习中...
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

限时限量优惠

QQ|小黑屋|手机版|郁金香外挂技术-郁金香灬老师 ( 苏ICP备10059359号 )

GMT+8, 2019-11-13 14:56 , Processed in 0.047436 second(s), 18 queries .

Powered by Discuz! X3.4

© 2001-2017 Comsenz Inc.

快速回复 返回顶部 返回列表