[tkreuzer] 32970: few fixes and simplifications for syscalldump. I hope it will now also work with 64 bits stuff. - Ros-diffs

15 Apr 2008

Author: tkreuzer
Date: Mon Apr 14 19:15:14 2008
New Revision: 32970
URL: http://svn.reactos.org/svn/reactos?rev=32970&view=rev
Log:
few fixes and simplifications for syscalldump. I hope it will now also work with 64 bits stuff.
Modified:
    trunk/rosapps/devutils/syscalldump/syscalldump.c
Modified: trunk/rosapps/devutils/syscalldump/syscalldump.c
URL: http://svn.reactos.org/svn/reactos/trunk/rosapps/devutils/syscalldump/syscal...
==============================================================================

--- trunk/rosapps/devutils/syscalldump/syscalldump.c [iso-8859-1] (original)
+++ trunk/rosapps/devutils/syscalldump/syscalldump.c [iso-8859-1] Mon Apr 14 19:15:14 2008
@@ -7,6 +7,7 @@
 #include <dbghelp.h>
HANDLE hCurrentProcess;
+BOOL bX64;
#define MAX_SYMBOL_NAME		1024
@@ -21,8 +22,8 @@
    return TRUE;
 }
-DWORD64
-GetOffsetFromName(HANDLE hProcess, PSYMBOL_INFO pSym, PBYTE pModule, PCSTR Name, PBOOL pbX64)
+PVOID
+ImageSymToVa(HANDLE hProcess, PSYMBOL_INFO pSym, PBYTE pModule, PCSTR Name)
 {
    PIMAGE_NT_HEADERS NtHeaders;
    PVOID p;
@@ -38,11 +39,9 @@
    printf("looking up adress for %s: 0x%llx\n", Name, pSym->Address);
NtHeaders = ImageNtHeader(pModule);
-	*pbX64 = (NtHeaders->FileHeader.Machine != IMAGE_FILE_MACHINE_I386);
-
    p = ImageRvaToVa(NtHeaders, pModule, pSym->Address - pSym->ModBase, NULL);
-	return (DWORD64)((ULONG_PTR)p - (ULONG_PTR)pModule);
+	return p;
 }
BOOL CALLBACK EnumSymbolsProc(
@@ -56,7 +55,14 @@
    }
    else
    {
-		printf("%s@%d ", pSymInfo->Name, (UINT)UserContext);
+		if (!bX64)
+		{
+			printf("%s@%d ", pSymInfo->Name, (UINT)UserContext);
+		}
+		else
+		{
+			printf("%s <+ %d> ", pSymInfo->Name, (UINT)UserContext);
+		}
    }
    return TRUE;
 }
@@ -69,12 +75,10 @@
     HANDLE hFile = 0, hMap = 0;
     PBYTE pModule = NULL;
     UINT i;
-    BOOL bX64;
-    DWORD64 dwW32pServiceTable, dwW32pServiceLimit, dwW32pArgumentTable;
-    DWORD64 dwSimpleCall;
+    PVOID pW32pServiceTable, pW32pServiceLimit;
+    PBYTE pW32pArgumentTable;
     PVOID *pfnSimpleCall;
     DWORD dwServiceLimit;
-    BYTE *pdwArgs;
struct
    {
@@ -83,7 +87,7 @@
    } Sym;
printf("Win32k Syscall dumper\n");
-	printf("Copyright (c) Timo Kreuzer 2007\n");
+	printf("Copyright (c) Timo Kreuzer 2007-08\n");
hProcess = GetCurrentProcess();
@@ -139,49 +143,49 @@
    	goto cleanup;
    }
-	dwW32pServiceTable = GetOffsetFromName(hProcess, &Sym.Symbol, pModule, "W32pServiceTable", &bX64);
-	dwW32pServiceLimit = GetOffsetFromName(hProcess, &Sym.Symbol, pModule, "W32pServiceLimit", &bX64);
-	dwW32pArgumentTable = GetOffsetFromName(hProcess, &Sym.Symbol, pModule, "W32pArgumentTable", &bX64);
-	printf("dwW32pServiceTable = %llx\n", dwW32pServiceTable);
-	printf("dwW32pServiceLimit = %llx\n", dwW32pServiceLimit);
-	printf("dwW32pArgumentTable = %llx\n", dwW32pArgumentTable);
-
-	if (!dwW32pServiceTable || !dwW32pServiceLimit || !dwW32pArgumentTable)
+	bX64 = (ImageNtHeader(pModule)->FileHeader.Machine != IMAGE_FILE_MACHINE_I386);
+
+	pW32pServiceTable = ImageSymToVa(hProcess, &Sym.Symbol, pModule, "W32pServiceTable");
+	pW32pServiceLimit = ImageSymToVa(hProcess, &Sym.Symbol, pModule, "W32pServiceLimit");
+	pW32pArgumentTable = ImageSymToVa(hProcess, &Sym.Symbol, pModule, "W32pArgumentTable");
+//	printf("pW32pServiceTable = %p\n", pW32pServiceTable);
+//	printf("pW32pServiceLimit = %p\n", pW32pServiceLimit);
+//	printf("pW32pArgumentTable = %p\n", pW32pArgumentTable);
+
+	if (!pW32pServiceTable || !pW32pServiceLimit || !pW32pArgumentTable)
    {
    	printf("Couldn't find adress!\n");
    	goto cleanup;
    }
-	dwServiceLimit = *((DWORD*)(pModule + dwW32pServiceLimit));
-	pdwArgs = (BYTE*)(pModule + dwW32pArgumentTable);
+	dwServiceLimit = *((DWORD*)pW32pServiceLimit);
if (!bX64)
    {
-		DWORD *pdwEntries32 = (DWORD*)(pModule + dwW32pServiceTable);
+		DWORD *pdwEntries32 = (DWORD*)pW32pServiceTable;
for (i = 0; i < dwServiceLimit; i++)
    	{
    		printf("0x%x:", i+0x1000);
-			SymEnumSymbolsForAddr(hProcess, (DWORD64)pdwEntries32[i], EnumSymbolsProc, (PVOID)(DWORD)pdwArgs[i]);
+			SymEnumSymbolsForAddr(hProcess, (DWORD64)pdwEntries32[i], EnumSymbolsProc, (PVOID)(DWORD)pW32pArgumentTable[i]);
    		printf("\n");
    	}
    }
    else
    {
-		DWORD64 *pdwEntries64 = (DWORD64*)(pModule + dwW32pServiceTable);
+		DWORD64 *pdwEntries64 = (DWORD64*)pW32pServiceTable;
for (i = 0; i < dwServiceLimit; i++)
    	{
    		printf("0x%x:", i+0x1000);
-			SymEnumSymbolsForAddr(hProcess, (DWORD64)pdwEntries64[i], EnumSymbolsProc, (PVOID)(i+0x1000));
+			SymEnumSymbolsForAddr(hProcess, (DWORD64)pdwEntries64[i], EnumSymbolsProc, (PVOID)(DWORD)pW32pArgumentTable[i]);
    		printf("\n");
    	}
    }
/* Dump apfnSimpleCall */
    printf("\nDumping apfnSimpleCall:\n");
-	dwSimpleCall = GetOffsetFromName(hProcess, &Sym.Symbol, pModule, "apfnSimpleCall", &bX64);
-	pfnSimpleCall = (PVOID*)(pModule + dwSimpleCall);
+	pfnSimpleCall = (PVOID*)ImageSymToVa(hProcess, &Sym.Symbol, pModule, "apfnSimpleCall");
    i = 0;
    while (pfnSimpleCall[i] != NULL)
    {

    