[tkreuzer] 31450: - fix section pointer calculation - print parameter byte count from W32pArgumentTable - use value of W32pServiceLimit for the loop - Ros-diffs

26 Dec 2007

Author: tkreuzer
Date: Wed Dec 26 20:57:53 2007
New Revision: 31450

URL: http://svn.reactos.org/svn/reactos?rev=31450&view=rev
Log:
- fix section pointer calculation
- print parameter byte count from W32pArgumentTable
- use value of W32pServiceLimit for the loop

Modified:
    trunk/rosapps/devutils/syscalldump/syscalldump.c

Modified: trunk/rosapps/devutils/syscalldump/syscalldump.c
URL:
http://svn.reactos.org/svn/reactos/trunk/rosapps/devutils/syscalldump/sysca…
==============================================================================

--- trunk/rosapps/devutils/syscalldump/syscalldump.c (original)
+++ trunk/rosapps/devutils/syscalldump/syscalldump.c Wed Dec 26 20:57:53 2007
@@ -27,7 +27,7 @@
 	PIMAGE_DOS_HEADER pDosHdr;
 	PIMAGE_NT_HEADERS32 pNtHdr32;
 	WORD NumberOfSections;
-	INT i;
+	INT i, nSection;
 	DWORD64 dwOffset = 0;
 
 	pDosHdr = (PIMAGE_DOS_HEADER)pModule;
@@ -46,14 +46,16 @@
 		NumberOfSections = pNtHdr32->FileHeader.NumberOfSections;
 		pSectionHdr = (PIMAGE_SECTION_HEADER)(pNtHdr32 + 1);
 
+		nSection = 0;
 		for (i = 0; i < NumberOfSections; i++)
 		{
 			if (dwAdress >= pSectionHdr[i].VirtualAddress &&
-			    pSectionHdr[i].PointerToRawData > dwOffset)
+			    pSectionHdr[i].PointerToRawData > pSectionHdr[nSection].PointerToRawData)
 			{
-				dwOffset = pSectionHdr[i].PointerToRawData;
+				nSection = i;
 			}
 		}
+		dwOffset = pSectionHdr[nSection].PointerToRawData + dwAdress -
pSectionHdr[nSection].VirtualAddress;
 		return dwOffset;
 	}
 	else
@@ -64,16 +66,32 @@
 	}
 }
 
+DWORD64
+GetOffsetFromName(HANDLE hProcess, PSYMBOL_INFO pSym, PBYTE pModule, PCSTR Name, PBOOL
pbX64)
+{
+	pSym->SizeOfStruct = sizeof(SYMBOL_INFO);
+	pSym->MaxNameLen = MAX_SYMBOL_NAME-1;
+
+	if (!SymFromName(hProcess, Name, pSym))
+	{
+		printf("SymGetSymFromName64() failed: %ld\n", GetLastError());
+		return 0;
+	}
+	return GetOffsetFromAdress64(pModule, pSym->Address - pSym->ModBase, pbX64);
+}
+
 int main(int argc, char* argv[])
 {
 	HANDLE hProcess;
 	CHAR szModuleFileName[MAX_PATH+1];
     DWORD64 dwModuleBase;
-    DWORD64 dwFileOffset;
     HANDLE hFile = 0, hMap = 0;
     PBYTE pModule = NULL;
     UINT i;
     BOOL bX64;
+    DWORD64 dwW32pServiceTable, dwW32pServiceLimit, dwW32pArgumentTable;
+    DWORD dwServiceLimit;
+    BYTE *pdwArgs;
 
 	struct
 	{
@@ -124,18 +142,6 @@
 		goto cleanup;
 	}
 
-	Sym.Symbol.SizeOfStruct = sizeof(SYMBOL_INFO);
-	Sym.Symbol.MaxNameLen = MAX_SYMBOL_NAME-1;
-
-	if (!SymFromName(hProcess, "W32pServiceTable", &Sym.Symbol))
-	{
-		printf("SymGetSymFromName64() failed: %ld\n", GetLastError());
-		goto cleanup;
-	}
-
-	printf("Address for W32pServiceTable = %llx\n", Sym.Symbol.Address);
-	printf("Module base = %llx\n", dwModuleBase);
-
 	hMap = CreateFileMappingA(hFile, NULL, PAGE_READONLY, 0, 0, NULL); 
 	if (!hMap)
 	{
@@ -150,31 +156,40 @@
 		goto cleanup;
 	}
 
-	dwFileOffset = GetOffsetFromAdress64(pModule, Sym.Symbol.Address - dwModuleBase,
&bX64);
-	if (!dwFileOffset)
-	{
-		printf("PE file is invalid!\n");
-		goto cleanup;
-	}
+	dwW32pServiceTable = GetOffsetFromName(hProcess, &Sym.Symbol, pModule,
"W32pServiceTable", &bX64);
+	dwW32pServiceLimit = GetOffsetFromName(hProcess, &Sym.Symbol, pModule,
"W32pServiceLimit", &bX64);
+	dwW32pArgumentTable = GetOffsetFromName(hProcess, &Sym.Symbol, pModule,
"W32pArgumentTable", &bX64);
+	if (!dwW32pServiceTable || !dwW32pServiceLimit || !dwW32pArgumentTable)
+	{
+		printf("Couldn't find adress!\n");
+		goto cleanup;
+	}
+
+	printf("dwW32pServiceTable = %llx\n", dwW32pServiceTable);
+	printf("dwW32pServiceLimit = %llx\n", dwW32pServiceLimit);
+	printf("dwW32pArgumentTable = %llx\n", dwW32pArgumentTable);
+
+	dwServiceLimit = *((DWORD*)(pModule + dwW32pServiceLimit));
+	pdwArgs = (BYTE*)(pModule + dwW32pArgumentTable);
 
 	if (!bX64)
 	{
-		DWORD *pdwEntries32 = (DWORD*)(pModule + dwFileOffset);
-
-		for (i = 0; pdwEntries32[i] > dwModuleBase; i++)
+		DWORD *pdwEntries32 = (DWORD*)(pModule + dwW32pServiceTable);
+
+		for (i = 0; i <= dwServiceLimit; i++)
 		{
 			SymFromAddr(hProcess, (DWORD64)pdwEntries32[i], 0, &Sym.Symbol);
-			printf("0x%x:%s\n", i+0x1000, Sym.Symbol.Name);
+			printf("0x%x:%s@%d\n", i+0x1000, Sym.Symbol.Name, pdwArgs[i]);
 		}
 	}
 	else
 	{
-		DWORD64 *pdwEntries64 = (DWORD64*)(pModule + dwFileOffset);
-
-		for (i = 0; pdwEntries64[i] > dwModuleBase; i++)
+		DWORD64 *pdwEntries64 = (DWORD64*)(pModule + dwW32pServiceTable);
+
+		for (i = 0; i <= dwServiceLimit; i++)
 		{
 			SymFromAddr(hProcess, (DWORD64)pdwEntries64[i], 0, &Sym.Symbol);
-			printf("0x%x:%s\n", i+0x1000, Sym.Symbol.Name);
+			printf("0x%x:%s@%d\n", i+0x1000, Sym.Symbol.Name, pdwArgs[i]);
 		}
 	}
 



    