Author: tkreuzer Date: Wed Dec 26 20:57:53 2007 New Revision: 31450
URL: http://svn.reactos.org/svn/reactos?rev=31450&view=rev Log: - fix section pointer calculation - print parameter byte count from W32pArgumentTable - use value of W32pServiceLimit for the loop
Modified: trunk/rosapps/devutils/syscalldump/syscalldump.c
Modified: trunk/rosapps/devutils/syscalldump/syscalldump.c URL: http://svn.reactos.org/svn/reactos/trunk/rosapps/devutils/syscalldump/syscal... ============================================================================== --- trunk/rosapps/devutils/syscalldump/syscalldump.c (original) +++ trunk/rosapps/devutils/syscalldump/syscalldump.c Wed Dec 26 20:57:53 2007 @@ -27,7 +27,7 @@ PIMAGE_DOS_HEADER pDosHdr; PIMAGE_NT_HEADERS32 pNtHdr32; WORD NumberOfSections; - INT i; + INT i, nSection; DWORD64 dwOffset = 0;
pDosHdr = (PIMAGE_DOS_HEADER)pModule; @@ -46,14 +46,16 @@ NumberOfSections = pNtHdr32->FileHeader.NumberOfSections; pSectionHdr = (PIMAGE_SECTION_HEADER)(pNtHdr32 + 1);
+ nSection = 0; for (i = 0; i < NumberOfSections; i++) { if (dwAdress >= pSectionHdr[i].VirtualAddress && - pSectionHdr[i].PointerToRawData > dwOffset) + pSectionHdr[i].PointerToRawData > pSectionHdr[nSection].PointerToRawData) { - dwOffset = pSectionHdr[i].PointerToRawData; + nSection = i; } } + dwOffset = pSectionHdr[nSection].PointerToRawData + dwAdress - pSectionHdr[nSection].VirtualAddress; return dwOffset; } else @@ -64,16 +66,32 @@ } }
+DWORD64 +GetOffsetFromName(HANDLE hProcess, PSYMBOL_INFO pSym, PBYTE pModule, PCSTR Name, PBOOL pbX64) +{ + pSym->SizeOfStruct = sizeof(SYMBOL_INFO); + pSym->MaxNameLen = MAX_SYMBOL_NAME-1; + + if (!SymFromName(hProcess, Name, pSym)) + { + printf("SymGetSymFromName64() failed: %ld\n", GetLastError()); + return 0; + } + return GetOffsetFromAdress64(pModule, pSym->Address - pSym->ModBase, pbX64); +} + int main(int argc, char* argv[]) { HANDLE hProcess; CHAR szModuleFileName[MAX_PATH+1]; DWORD64 dwModuleBase; - DWORD64 dwFileOffset; HANDLE hFile = 0, hMap = 0; PBYTE pModule = NULL; UINT i; BOOL bX64; + DWORD64 dwW32pServiceTable, dwW32pServiceLimit, dwW32pArgumentTable; + DWORD dwServiceLimit; + BYTE *pdwArgs;
struct { @@ -124,18 +142,6 @@ goto cleanup; }
- Sym.Symbol.SizeOfStruct = sizeof(SYMBOL_INFO); - Sym.Symbol.MaxNameLen = MAX_SYMBOL_NAME-1; - - if (!SymFromName(hProcess, "W32pServiceTable", &Sym.Symbol)) - { - printf("SymGetSymFromName64() failed: %ld\n", GetLastError()); - goto cleanup; - } - - printf("Address for W32pServiceTable = %llx\n", Sym.Symbol.Address); - printf("Module base = %llx\n", dwModuleBase); - hMap = CreateFileMappingA(hFile, NULL, PAGE_READONLY, 0, 0, NULL); if (!hMap) { @@ -150,31 +156,40 @@ goto cleanup; }
- dwFileOffset = GetOffsetFromAdress64(pModule, Sym.Symbol.Address - dwModuleBase, &bX64); - if (!dwFileOffset) - { - printf("PE file is invalid!\n"); - goto cleanup; - } + dwW32pServiceTable = GetOffsetFromName(hProcess, &Sym.Symbol, pModule, "W32pServiceTable", &bX64); + dwW32pServiceLimit = GetOffsetFromName(hProcess, &Sym.Symbol, pModule, "W32pServiceLimit", &bX64); + dwW32pArgumentTable = GetOffsetFromName(hProcess, &Sym.Symbol, pModule, "W32pArgumentTable", &bX64); + if (!dwW32pServiceTable || !dwW32pServiceLimit || !dwW32pArgumentTable) + { + printf("Couldn't find adress!\n"); + goto cleanup; + } + + printf("dwW32pServiceTable = %llx\n", dwW32pServiceTable); + printf("dwW32pServiceLimit = %llx\n", dwW32pServiceLimit); + printf("dwW32pArgumentTable = %llx\n", dwW32pArgumentTable); + + dwServiceLimit = *((DWORD*)(pModule + dwW32pServiceLimit)); + pdwArgs = (BYTE*)(pModule + dwW32pArgumentTable);
if (!bX64) { - DWORD *pdwEntries32 = (DWORD*)(pModule + dwFileOffset); - - for (i = 0; pdwEntries32[i] > dwModuleBase; i++) + DWORD *pdwEntries32 = (DWORD*)(pModule + dwW32pServiceTable); + + for (i = 0; i <= dwServiceLimit; i++) { SymFromAddr(hProcess, (DWORD64)pdwEntries32[i], 0, &Sym.Symbol); - printf("0x%x:%s\n", i+0x1000, Sym.Symbol.Name); + printf("0x%x:%s@%d\n", i+0x1000, Sym.Symbol.Name, pdwArgs[i]); } } else { - DWORD64 *pdwEntries64 = (DWORD64*)(pModule + dwFileOffset); - - for (i = 0; pdwEntries64[i] > dwModuleBase; i++) + DWORD64 *pdwEntries64 = (DWORD64*)(pModule + dwW32pServiceTable); + + for (i = 0; i <= dwServiceLimit; i++) { SymFromAddr(hProcess, (DWORD64)pdwEntries64[i], 0, &Sym.Symbol); - printf("0x%x:%s\n", i+0x1000, Sym.Symbol.Name); + printf("0x%x:%s@%d\n", i+0x1000, Sym.Symbol.Name, pdwArgs[i]); } }