typedef BOOL(__stdcall *SymInitializeType)( _In_ HANDLE

1. typedef BOOL(__stdcall *SymInitializeType)(
2. _In_ HANDLE hProcess,
3. _In_opt_ PCWSTR UserSearchPath,
4. _In_ BOOL fInvadeProcess
5. );
6.  
7. #define SYMOPT_DEBUG 0x80000000
8. typedef DWORD(__stdcall *SymSetOptionsType)(
9. _In_ DWORD SymOptions
10. );
11.  
12. typedef BOOL(__stdcall *PSYMBOL_REGISTERED_CALLBACK64)(
13. _In_ HANDLE hProcess,
14. _In_ ULONG ActionCode,
15. _In_opt_ ULONG64 CallbackData,
16. _In_opt_ ULONG64 UserContext
17. );
18. typedef BOOL(__stdcall *SymRegisterCallbackType)(
19. _In_ HANDLE hProcess,
20. _In_ PSYMBOL_REGISTERED_CALLBACK64 CallbackFunction,
21. _In_ ULONG64 UserContext
22. );
23.  
24. typedef struct _MODLOAD_DATA {
25. DWORD ssize; // size of this struct
26. DWORD ssig; // signature identifying the passed data
27. PVOID data; // pointer to passed data
28. DWORD size; // size of passed data
29. DWORD flags; // options
30. } MODLOAD_DATA, * PMODLOAD_DATA;
31. typedef DWORD64
32. (__stdcall *SymLoadModuleExType)(
33. _In_ HANDLE hProcess,
34. _In_opt_ HANDLE hFile,
35. _In_opt_ PCWSTR ImageName,
36. _In_opt_ PCWSTR ModuleName,
37. _In_ DWORD64 BaseOfDll,
38. _In_ DWORD DllSize,
39. _In_opt_ PMODLOAD_DATA Data,
40. _In_opt_ DWORD Flags
41. );
42.  
43.  
44. typedef struct _IMAGEHLP_CBA_EVENT {
45. DWORD severity; // values from sevInfo to sevFatal
46. DWORD code; // numerical code IDs the error
47. PCHAR desc; // may contain a text description of the error
48. PVOID object; // value dependant upon the error code
49. } IMAGEHLP_CBA_EVENT, * PIMAGEHLP_CBA_EVENT;
50. #define CBA_EVENT 0x00000010
51.  
52. static std::string wstring_to_string(const std::wstring& src)
53. {
54. std::string tmp;
55. tmp.resize(src.size());
56. std::transform(src.begin(), src.end(), tmp.begin(), wctob);
57. return tmp;
58. }
59.  
60. static BOOL
61. __stdcall
62. HandleEvent(
63. __in HANDLE hProcess,
64. __in ULONG ActionCode,
65. __in_opt ULONG64 CallbackData,
66. __in_opt ULONG64 UserContext
67. )
68. {
69. UNREFERENCED_PARAMETER(hProcess);
70. UNREFERENCED_PARAMETER(UserContext);
71.  
72. PIMAGEHLP_CBA_EVENT evt;
73.  
74. // If SYMOPT_DEBUG is set, then the symbol handler will pass
75. // verbose information on its attempt to load symbols.
76. // This information be delivered as text strings.
77.  
78. switch (ActionCode)
79. {
80. case CBA_EVENT:
81. evt = (PIMAGEHLP_CBA_EVENT)CallbackData;
82. LogD(Tag::BASE) << wstring_to_string(std::wstring((PTSTR)evt->desc));
83.  
84. break;
85.  
86. // CBA_DEBUG_INFO is the old ActionCode for symbol spew.
87. // It still works, but we use CBA_EVENT in this example.
88. #if 0
89. case CBA_DEBUG_INFO:
90. _tprintf(_T("%s"), (PTSTR)CallbackData);
91. break;
92. #endif
93.  
94. default:
95. // Return false to any ActionCode we don't handle
96. // or we could generate some undesirable behavior.
97. return FALSE;
98. }
99.  
100. return TRUE;
101. }
102.  
103. static std::string GetLastErrorAsString()
104. {
105. //Get the error message ID, if any.
106. DWORD errorMessageID = ::GetLastError();
107. if (errorMessageID == 0) {
108. return std::string(); //No error message has been recorded
109. }
110.  
111. LPSTR messageBuffer = nullptr;
112.  
113. //Ask Win32 to give us the string version of that message ID.
114. //The parameters we pass in, tell Win32 to create the buffer that holds the message for us (because we don't yet know how long the message string will be).
115. size_t size = FormatMessageA(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
116. NULL, errorMessageID, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPSTR)&messageBuffer, 0, NULL);
117.  
118. //Copy the error message into a std::string.
119. std::string message(messageBuffer, size);
120.  
121. //Free the Win32's string's buffer.
122. LocalFree(messageBuffer);
123.  
124. return message;
125. }
126.  
127. void TryLoadMainModule(HANDLE hProcess) const
128. {
129. SymSetOptionsType SymSetOptions = reinterpret_cast<SymSetOptionsType>(GetProcAddress(dbgLibrary, "SymSetOptions"));
130. SymRegisterCallbackType SymRegisterCallback64 = reinterpret_cast<SymRegisterCallbackType>(GetProcAddress(dbgLibrary, "SymRegisterCallbackW64"));
131. SymLoadModuleExType SymLoadModuleEx = reinterpret_cast<SymLoadModuleExType>(GetProcAddress(dbgLibrary, "SymLoadModuleExW"));
132.  
133. BOOL status;
134. int rc = -1;
135. DWORD64 module;
136.  
137. // If we want to se debug spew, we need to set this option.
138.  
139. SymSetOptions(SYMOPT_DEBUG);
140.  
141. SymInitializeType SymInitialize = reinterpret_cast<SymInitializeType>(GetProcAddress(dbgLibrary, "SymInitializeW"));
142. if (!SymInitialize(GetCurrentProcess(), NULL, false))
143. {
144. LogD(Tag::BASE) << "Error calling SSymInitialize: " << GetLastErrorAsString();
145. return;
146. }
147.  
148. // Now register our callback.
149.  
150. status = SymRegisterCallback64(hProcess, HandleEvent, NULL);
151. if (!status)
152. {
153. LogD(Tag::BASE) << "Error calling SymRegisterCallback64: " << GetLastErrorAsString();
154. return;
155. }
156.  
157. // Go ahead and load a module for testing.
158.  
159. module = SymLoadModuleEx(hProcess, // our unique id
160. NULL, // no open file handle to image
161. L"wotblitz.exe", // name of image to load
162. NULL, // no module name - dbghelp will get it
163. 0, // no base address - dbghelp will get it
164. 0, // no module size - dbghelp will get it
165. NULL, // no special MODLOAD_DATA structure
166. 0); // flags
167. if (!module)
168. {
169. LogD(Tag::BASE) << "Error calling SymLoadModuleEx: " << GetLastErrorAsString();
170. return;
171. }
172. }