root/trunk/ElephantDebugApi/edbgfunctions.cpp

#include "edbgfunctions.h"
#include <stdio.h>

#define IMAGE_SECOND_HEADER_OFFSET    (15 * sizeof(ULONG)) // relative to file beginning
#define IMAGE_BASE_OFFSET             (13 * sizeof(DWORD)) // relative to PE header base
#define IMAGE_EXPORT_TABLE_RVA_OFFSET (30 * sizeof(DWORD)) // relative to PE header base
#define IMAGE_NAME_RVA_OFFSET         12


int ReadDebugString( HANDLE hProcess, OUTPUT_DEBUG_STRING_INFO odsi ,LPCSTR str ) {     
        DWORD br;
        ReadProcessMemory( hProcess,
                       (LPVOID) odsi.lpDebugStringData,
                       (LPVOID)str, odsi.nDebugStringLength, &br);
            
        return br;
}



DWORD GetModuleFileNameFromHeader( HANDLE hProcess, HANDLE hFile, DWORD BaseOfDll,
                            char* lpszPath, DWORD cchPath )
{
    
    
    WORD   DosSignature;
    DWORD  NtSignature;
    DWORD  dwNumberOfBytesRead = 0;
    DWORD  PeHeader, ImageBase, ExportTableRVA, NameRVA;
    
    //-- verify that the handle is not NULL
    
    if( !hFile )
    {
        strcpy( lpszPath, "Invalid File Handle");
        return( 0 );
    }
    
    //-- verify that the handle is for a disk file
    if( GetFileType(hFile) != FILE_TYPE_DISK )
    {
        strcpy( lpszPath, "Invalid File Type");
        return( 0 );
    }
    
    //-- Extract the filename from the EXE header
    SetFilePointer( hFile, 0L, NULL, FILE_BEGIN );
    
    ReadFile( hFile, &DosSignature, sizeof(DosSignature), &dwNumberOfBytesRead,
        (LPOVERLAPPED) NULL);
    
    //-- verify DOS signature found
    if( DosSignature != IMAGE_DOS_SIGNATURE )
    {
        sprintf( lpszPath,  "Bad MZ Signature: 0x%x" , DosSignature );
        return( 0 );
    }
    
    SetFilePointer( hFile, IMAGE_SECOND_HEADER_OFFSET, (LPLONG) NULL,
        FILE_BEGIN );
    ReadFile( hFile, &PeHeader, sizeof(PeHeader), &dwNumberOfBytesRead,
        (LPOVERLAPPED) NULL );
    SetFilePointer( hFile, PeHeader, (LPLONG) NULL, FILE_BEGIN );
    ReadFile( hFile, &NtSignature, sizeof(NtSignature), &dwNumberOfBytesRead,
        (LPOVERLAPPED) NULL);
    
    //-- verify Windows NT (PE) signature found
    
    if( NtSignature != IMAGE_NT_SIGNATURE )
    {
        wsprintf( lpszPath, TEXT( "Bad PE Signature: 0x%x" ), DosSignature );
        return( 0 );
    }
    
    SetFilePointer( hFile, PeHeader + IMAGE_BASE_OFFSET, (LPLONG) NULL,
        FILE_BEGIN );
    ReadFile( hFile, &ImageBase, sizeof(ImageBase), &dwNumberOfBytesRead,
        (LPOVERLAPPED) NULL);
    SetFilePointer( hFile, PeHeader + IMAGE_EXPORT_TABLE_RVA_OFFSET,
        (LPLONG) NULL, FILE_BEGIN );
    ReadFile( hFile, &ExportTableRVA, sizeof(ExportTableRVA),
        &dwNumberOfBytesRead, (LPOVERLAPPED) NULL);
    
    //-- now read from the virtual address space in the process
    ReadProcessMemory( hProcess,
        (LPVOID) (BaseOfDll + ExportTableRVA + (DWORD) IMAGE_NAME_RVA_OFFSET),
        &NameRVA, sizeof(NameRVA), &dwNumberOfBytesRead );
    
    
    strcpy( lpszPath, TEXT("Empty!") );
    
    if( !ReadProcessMemory( hProcess,
        (LPVOID) (BaseOfDll + NameRVA),
        lpszPath, cchPath, &dwNumberOfBytesRead ) )
        
        
        
        
        strcpy( lpszPath, TEXT("Access Denied!") );
    
    return( dwNumberOfBytesRead );
}

vector<BackTraceData> StackBackTrace(HANDLE hProcess, HANDLE hThread , PCONTEXT _pContext )
        
{

    PCONTEXT pContext = _pContext;
    DWORD dwMachineType = 0;
    // Could use SymSetOptions here to add the SYMOPT_DEFERRED_LOADS flag

    STACKFRAME sf;
    memset( &sf, 0, sizeof(sf) );

    #ifdef _M_IX86
    // Initialize the STACKFRAME structure for the first call.  This is only
    // necessary for Intel CPUs, and isn't mentioned in the documentation.
    sf.AddrPC.Offset       = pContext->Eip;
    sf.AddrPC.Mode         = AddrModeFlat;
    sf.AddrStack.Offset    = pContext->Esp;
    sf.AddrStack.Mode      = AddrModeFlat;
    sf.AddrFrame.Offset    = pContext->Ebp;
    sf.AddrFrame.Mode      = AddrModeFlat;

    dwMachineType = IMAGE_FILE_MACHINE_I386;
    #endif

    vector<BackTraceData> ret;
    BackTraceData item;

    while ( 1 )
    {
        // Get the next stack frame
        if ( ! StackWalk(  dwMachineType,
                            hProcess,
                            hThread,
                            &sf,
                            pContext,
                            0,
                            SymFunctionTableAccess,
                            SymGetModuleBase,
                            0 ) )
            break;

        if ( 0 == sf.AddrFrame.Offset ) // Basic sanity check to make sure
            break;                      // the frame is OK.  Bail if not.

        

        // Get the name of the function for this stack frame entry
        BYTE symbolBuffer[ sizeof(SYMBOL_INFO) + 1024 ];
        PSYMBOL_INFO pSymbol = (PSYMBOL_INFO)symbolBuffer;
        pSymbol->SizeOfStruct = sizeof(symbolBuffer);
        pSymbol->MaxNameLen = 1024;
                        
        DWORD64 symDisplacement = 0;    // Displacement of the input address,
                                        // relative to the start of the symbol

        if ( SymFromAddr(m_hProcess,sf.AddrPC.Offset,&symDisplacement,pSymbol))
        {
            item.symName = pSymbol->Name;
         //   _tprintf( _T("%hs+%I64X"), pSymbol->Name, symDisplacement );
            
        }
        else    // No symbol found.  Print out the logical address instead.
        {
            TCHAR szModule[MAX_PATH] = _T("");
            DWORD section = 0, offset = 0;

            GetLogicalAddress(  (PVOID)sf.AddrPC.Offset,
                                szModule, sizeof(szModule), section, offset );

            //_tprintf( _T("%04X:%08X %s"), section, offset, szModule );
        }

        // Get the source line for this stack frame entry
        IMAGEHLP_LINE lineInfo = { sizeof(IMAGEHLP_LINE) };
        DWORD dwLineDisplacement;
        if ( SymGetLineFromAddr( m_hProcess, sf.AddrPC.Offset,
                                &dwLineDisplacement, &lineInfo ) )
        {
            item.fileName = lineInfo.FileName;
            item.lineNumber = lineInfo.LineNumber;

            //_tprintf(_T("  %s line %u"),lineInfo.FileName,lineInfo.LineNumber); 
        }

        //_tprintf( _T("\r\n") );

        
            // Use SymSetContext to get just the locals/params for this frame
            IMAGEHLP_STACK_FRAME imagehlpStackFrame;
            imagehlpStackFrame.InstructionOffset = sf.AddrPC.Offset;
            SymSetContext( m_hProcess, &imagehlpStackFrame, 0 );

            // Enumerate the locals/parameters
            SymEnumSymbols( m_hProcess, 0, 0, EnumerateSymbolsCallback, &sf );

            //_tprintf( _T("\r\n") );
        
    }

}


BOOL CALLBACK
EnumerateSymbolsCallback(
                                                PSYMBOL_INFO  pSymInfo,
                                                ULONG         SymbolSize,
                                                PVOID         UserContext )
{
    
    char szBuffer[2048];
    
    __try
    {
        if ( FormatSymbolValue( pSymInfo, (STACKFRAME*)UserContext,
            szBuffer, sizeof(szBuffer) ) )  
            _tprintf( _T("\t%s\r\n"), szBuffer );
    }
    __except( 1 )
    {
        _tprintf( _T("punting on symbol %s\r\n"), pSymInfo->Name );
    }
    
    return TRUE;
}