- BOOL initsymhandler(HANDLE hproc)
- {
- CHAR Sympath[max_path], Curdir[max_path];
- Getcurrentdirectorya (sizeof(CurDir)/ sizeof(curdir[0]), CurDir);
- Symsetoptions (symopt_deferred_loads| symopt_exact_symbols| symopt_case_insensitive| Symopt_undname);
- WSPRINTFA (SymPath, "Srv*%s\\symbols*http://msdl.microsoft.com/download/symbols", CurDir);
- return Syminitialize (Hproc, SymPath, FALSE);
- }
- BOOL loadsymmodule(HANDLE hproc, hmodule hdll)
- {
- CHAR Szfile[max_path], Symfile[max_path];
- Moduleinfo ModInfo;
- GetModuleFileNameA (hDLL, Szfile, sizeof(szfile)/ sizeof(szfile[0]));
- Getmoduleinformation (Hproc, hDLL, &modinfo, sizeof(ModInfo));
- if (Symgetsymbolfile (hproc, NULL, Szfile, sfpdb, Symfile, MAX_PATH, Symfile, MAX_PATH))
- {
- return (SymLoadModule64 (hproc, null, szfile, null, (ULONG_PTR) Modinfo.lpbaseofdll, modinfo.sizeofimage)! = 0);
- }
- return FALSE;
- }
- BOOL CALLBACK symcallback(psymbol_info lpsyminfo, ULONG symbolsize, PVOID UserContext)
- {
- if (Lstrcmpa (Lpsyminfo->name, "psgetnextprocess") = = 0)
- {
- DebugBreak ();
- }
- return TRUE;
- }
- int _tmain (int argc, _tchar* argv[])
- {
- if (Initsymhandler (GetCurrentProcess ()))
- {
- hmodule hdll = LoadLibraryEx (TEXT ("Ntoskrnl.exe"), NULL, dont_resolve_dll_references);
- if (Loadsymmodule (GetCurrentProcess (), hDLL))
- {
- Symenumsymbols (GetCurrentProcess (), (ULONG_PTR) hdll, null, symcallback, null);
- }
- FreeLibrary (hDLL);
- Symcleanup (GetCurrentProcess ());
- }
- GetChar ();
- return 0;
- }
JPG change rar
Get non-exported symbols with PDB