typedef BOOL (*SymInitializeType)( _In_ HANDLE hProcess,

1. typedef BOOL (*SymInitializeType)(
2. _In_ HANDLE hProcess,
3. _In_opt_ PCWSTR UserSearchPath,
4. _In_ BOOL fInvadeProcess
5. );
6.  
7. #define SYMOPT_DEBUG 0x80000000
8. typedef DWORD(*SymSetOptionsType)(
9. _In_ DWORD SymOptions
10. );
11.  
12. typedef BOOL
13. (CALLBACK* PSYMBOL_REGISTERED_CALLBACK64)(
14. _In_ HANDLE hProcess,
15. _In_ ULONG ActionCode,
16. _In_opt_ ULONG64 CallbackData,
17. _In_opt_ ULONG64 UserContext
18. );
19. typedef BOOL (*SymRegisterCallback64Type)(
20. _In_ HANDLE hProcess,
21. _In_ PSYMBOL_REGISTERED_CALLBACK64 CallbackFunction,
22. _In_ ULONG64 UserContext
23. );
24.  
25. typedef struct _MODLOAD_DATA {
26. DWORD ssize; // size of this struct
27. DWORD ssig; // signature identifying the passed data
28. PVOID data; // pointer to passed data
29. DWORD size; // size of passed data
30. DWORD flags; // options
31. } MODLOAD_DATA, * PMODLOAD_DATA;
32. typedef DWORD64
33. (*SymLoadModuleExType)(
34. _In_ HANDLE hProcess,
35. _In_opt_ HANDLE hFile,
36. _In_opt_ PCWSTR ImageName,
37. _In_opt_ PCWSTR ModuleName,
38. _In_ DWORD64 BaseOfDll,
39. _In_ DWORD DllSize,
40. _In_opt_ PMODLOAD_DATA Data,
41. _In_opt_ DWORD Flags
42. );
43.  
44.  
45. typedef struct _IMAGEHLP_CBA_EVENT {
46. DWORD severity; // values from sevInfo to sevFatal
47. DWORD code; // numerical code IDs the error
48. PCHAR desc; // may contain a text description of the error
49. PVOID object; // value dependant upon the error code
50. } IMAGEHLP_CBA_EVENT, * PIMAGEHLP_CBA_EVENT;
51. #define CBA_EVENT 0x00000010
52.  
53. static BOOL
54. CALLBACK
55. HandleEvent(
56. __in HANDLE hProcess,
57. __in ULONG ActionCode,
58. __in_opt ULONG64 CallbackData,
59. __in_opt ULONG64 UserContext
60. )
61. {
62. UNREFERENCED_PARAMETER(hProcess);
63. UNREFERENCED_PARAMETER(UserContext);
64.  
65. PIMAGEHLP_CBA_EVENT evt;
66.  
67. // If SYMOPT_DEBUG is set, then the symbol handler will pass
68. // verbose information on its attempt to load symbols.
69. // This information be delivered as text strings.
70.  
71. switch (ActionCode)
72. {
73. case CBA_EVENT:
74. evt = (PIMAGEHLP_CBA_EVENT)CallbackData;
75. LogD(Tag::BASE) << WideString((PTSTR)evt->desc);
76.  
77. break;
78.  
79. // CBA_DEBUG_INFO is the old ActionCode for symbol spew.
80. // It still works, but we use CBA_EVENT in this example.
81. #if 0
82. case CBA_DEBUG_INFO:
83. _tprintf(_T("%s"), (PTSTR)CallbackData);
84. break;
85. #endif
86.  
87. default:
88. // Return false to any ActionCode we don't handle
89. // or we could generate some undesirable behavior.
90. return FALSE;
91. }
92.  
93. return TRUE;
94. }
95.  
96. static String GetLastErrorAsString()
97. {
98. //Get the error message ID, if any.
99. DWORD errorMessageID = ::GetLastError();
100. if (errorMessageID == 0) {
101. return std::string(); //No error message has been recorded
102. }
103.  
104. LPSTR messageBuffer = nullptr;
105.  
106. //Ask Win32 to give us the string version of that message ID.
107. //The parameters we pass in, tell Win32 to create the buffer that holds the message for us (because we don't yet know how long the message string will be).
108. size_t size = FormatMessageA(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
109. NULL, errorMessageID, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPSTR)&messageBuffer, 0, NULL);
110.  
111. //Copy the error message into a std::string.
112. std::string message(messageBuffer, size);
113.  
114. //Free the Win32's string's buffer.
115. LocalFree(messageBuffer);
116.  
117. return message;
118. }
119.  
120. void TryLoadMainModule(HANDLE hProcess) const
121. {
122. SymInitializeType SymInitialize = reinterpret_cast<SymInitializeType>(GetProcAddress(dbgLibrary, "SymInitializeW"));
123. SymSetOptionsType SymSetOptions = reinterpret_cast<SymSetOptionsType>(GetProcAddress(dbgLibrary, "SymSetOptions"));
124. SymRegisterCallback64Type SymRegisterCallback64 = reinterpret_cast<SymRegisterCallback64Type>(GetProcAddress(dbgLibrary, "SymRegisterCallbackW64"));
125. SymLoadModuleExType SymLoadModuleEx = reinterpret_cast<SymLoadModuleExType>(GetProcAddress(dbgLibrary, "SymLoadModuleExW"));
126.  
127. BOOL status;
128. int rc = -1;
129. DWORD64 module;
130.  
131. // If we want to se debug spew, we need to set this option.
132.  
133. SymSetOptions(SYMOPT_DEBUG);
134.  
135. // Now register our callback.
136.  
137. status = SymInitialize(hProcess, NULL, false);
138. if (!status)
139. {
140. LogD(Tag::BASE) << "Error calling SSymInitialize: " << GetLastErrorAsString();
141. return;
142. }
143.  
144. status = SymRegisterCallback64(hProcess, HandleEvent, NULL);
145. if (!status)
146. {
147. LogD(Tag::BASE) << "Error calling SymRegisterCallback64: " << GetLastErrorAsString();
148. return;
149. }
150.  
151. // Go ahead and load a module for testing.
152.  
153. module = SymLoadModuleEx(hProcess, // our unique id
154. NULL, // no open file handle to image
155. L"bla-bla.exe", // name of image to load
156. NULL, // no module name - dbghelp will get it
157. 0, // no base address - dbghelp will get it
158. 0, // no module size - dbghelp will get it
159. NULL, // no special MODLOAD_DATA structure
160. 0); // flags
161. if (!module)
162. {
163. LogD(Tag::BASE) << "Error calling SymLoadModuleEx: " << GetLastErrorAsString();
164. return;
165. }
166. }