[tkreuzer] 32970: few fixes and simplifications for syscalldump. I hope it will now also work with 64 bits stuff. - Ros-diffs

15 Apr 2008

Author: tkreuzer
Date: Mon Apr 14 19:15:14 2008
New Revision: 32970

URL: http://svn.reactos.org/svn/reactos?rev=32970&view=rev
Log:
few fixes and simplifications for syscalldump. I hope it will now also work with 64 bits
stuff.

Modified:
    trunk/rosapps/devutils/syscalldump/syscalldump.c

Modified: trunk/rosapps/devutils/syscalldump/syscalldump.c
URL:
http://svn.reactos.org/svn/reactos/trunk/rosapps/devutils/syscalldump/sysca…
==============================================================================

--- trunk/rosapps/devutils/syscalldump/syscalldump.c [iso-8859-1] (original)
+++ trunk/rosapps/devutils/syscalldump/syscalldump.c [iso-8859-1] Mon Apr 14 19:15:14
2008
@@ -7,6 +7,7 @@
 #include <dbghelp.h>
 
 HANDLE hCurrentProcess;
+BOOL bX64;
 
 #define MAX_SYMBOL_NAME		1024
 
@@ -21,8 +22,8 @@
 	return TRUE;
 }
 
-DWORD64
-GetOffsetFromName(HANDLE hProcess, PSYMBOL_INFO pSym, PBYTE pModule, PCSTR Name, PBOOL
pbX64)
+PVOID
+ImageSymToVa(HANDLE hProcess, PSYMBOL_INFO pSym, PBYTE pModule, PCSTR Name)
 {
 	PIMAGE_NT_HEADERS NtHeaders;
 	PVOID p;
@@ -38,11 +39,9 @@
 	printf("looking up adress for %s: 0x%llx\n", Name, pSym->Address);
 
 	NtHeaders = ImageNtHeader(pModule);
-	*pbX64 = (NtHeaders->FileHeader.Machine != IMAGE_FILE_MACHINE_I386);
-
 	p = ImageRvaToVa(NtHeaders, pModule, pSym->Address - pSym->ModBase, NULL);
 
-	return (DWORD64)((ULONG_PTR)p - (ULONG_PTR)pModule);
+	return p;
 }
 
 BOOL CALLBACK EnumSymbolsProc(
@@ -56,7 +55,14 @@
 	}
 	else
 	{
-		printf("%s@%d ", pSymInfo->Name, (UINT)UserContext);
+		if (!bX64)
+		{
+			printf("%s@%d ", pSymInfo->Name, (UINT)UserContext);
+		}
+		else
+		{
+			printf("%s <+ %d> ", pSymInfo->Name, (UINT)UserContext);
+		}
 	}
 	return TRUE;
 }
@@ -69,12 +75,10 @@
     HANDLE hFile = 0, hMap = 0;
     PBYTE pModule = NULL;
     UINT i;
-    BOOL bX64;
-    DWORD64 dwW32pServiceTable, dwW32pServiceLimit, dwW32pArgumentTable;
-    DWORD64 dwSimpleCall;
+    PVOID pW32pServiceTable, pW32pServiceLimit;
+    PBYTE pW32pArgumentTable;
     PVOID *pfnSimpleCall;
     DWORD dwServiceLimit;
-    BYTE *pdwArgs;
 
 	struct
 	{
@@ -83,7 +87,7 @@
 	} Sym;
 
 	printf("Win32k Syscall dumper\n");
-	printf("Copyright (c) Timo Kreuzer 2007\n");
+	printf("Copyright (c) Timo Kreuzer 2007-08\n");
 
 	hProcess = GetCurrentProcess();
 
@@ -139,49 +143,49 @@
 		goto cleanup;
 	}
 
-	dwW32pServiceTable = GetOffsetFromName(hProcess, &Sym.Symbol, pModule,
"W32pServiceTable", &bX64);
-	dwW32pServiceLimit = GetOffsetFromName(hProcess, &Sym.Symbol, pModule,
"W32pServiceLimit", &bX64);
-	dwW32pArgumentTable = GetOffsetFromName(hProcess, &Sym.Symbol, pModule,
"W32pArgumentTable", &bX64);
-	printf("dwW32pServiceTable = %llx\n", dwW32pServiceTable);
-	printf("dwW32pServiceLimit = %llx\n", dwW32pServiceLimit);
-	printf("dwW32pArgumentTable = %llx\n", dwW32pArgumentTable);
-
-	if (!dwW32pServiceTable || !dwW32pServiceLimit || !dwW32pArgumentTable)
+	bX64 = (ImageNtHeader(pModule)->FileHeader.Machine != IMAGE_FILE_MACHINE_I386);
+
+	pW32pServiceTable = ImageSymToVa(hProcess, &Sym.Symbol, pModule,
"W32pServiceTable");
+	pW32pServiceLimit = ImageSymToVa(hProcess, &Sym.Symbol, pModule,
"W32pServiceLimit");
+	pW32pArgumentTable = ImageSymToVa(hProcess, &Sym.Symbol, pModule,
"W32pArgumentTable");
+//	printf("pW32pServiceTable = %p\n", pW32pServiceTable);
+//	printf("pW32pServiceLimit = %p\n", pW32pServiceLimit);
+//	printf("pW32pArgumentTable = %p\n", pW32pArgumentTable);
+
+	if (!pW32pServiceTable || !pW32pServiceLimit || !pW32pArgumentTable)
 	{
 		printf("Couldn't find adress!\n");
 		goto cleanup;
 	}
 
-	dwServiceLimit = *((DWORD*)(pModule + dwW32pServiceLimit));
-	pdwArgs = (BYTE*)(pModule + dwW32pArgumentTable);
+	dwServiceLimit = *((DWORD*)pW32pServiceLimit);
 
 	if (!bX64)
 	{
-		DWORD *pdwEntries32 = (DWORD*)(pModule + dwW32pServiceTable);
+		DWORD *pdwEntries32 = (DWORD*)pW32pServiceTable;
 
 		for (i = 0; i < dwServiceLimit; i++)
 		{
 			printf("0x%x:", i+0x1000);
-			SymEnumSymbolsForAddr(hProcess, (DWORD64)pdwEntries32[i], EnumSymbolsProc,
(PVOID)(DWORD)pdwArgs[i]);
+			SymEnumSymbolsForAddr(hProcess, (DWORD64)pdwEntries32[i], EnumSymbolsProc,
(PVOID)(DWORD)pW32pArgumentTable[i]);
 			printf("\n");
 		}
 	}
 	else
 	{
-		DWORD64 *pdwEntries64 = (DWORD64*)(pModule + dwW32pServiceTable);
+		DWORD64 *pdwEntries64 = (DWORD64*)pW32pServiceTable;
 
 		for (i = 0; i < dwServiceLimit; i++)
 		{
 			printf("0x%x:", i+0x1000);
-			SymEnumSymbolsForAddr(hProcess, (DWORD64)pdwEntries64[i], EnumSymbolsProc,
(PVOID)(i+0x1000));
+			SymEnumSymbolsForAddr(hProcess, (DWORD64)pdwEntries64[i], EnumSymbolsProc,
(PVOID)(DWORD)pW32pArgumentTable[i]);
 			printf("\n");
 		}
 	}
 
 	/* Dump apfnSimpleCall */
 	printf("\nDumping apfnSimpleCall:\n");
-	dwSimpleCall = GetOffsetFromName(hProcess, &Sym.Symbol, pModule,
"apfnSimpleCall", &bX64);
-	pfnSimpleCall = (PVOID*)(pModule + dwSimpleCall);
+	pfnSimpleCall = (PVOID*)ImageSymToVa(hProcess, &Sym.Symbol, pModule,
"apfnSimpleCall");
 	i = 0;
 	while (pfnSimpleCall[i] != NULL)
 	{


    