[+] addSynSymbol function adds a synthetic symbol to a module by virtual address

[+] dbgModuleClass::addSynSymbol method adds a synthetic symbol by offset related to module base [+] samples/synimp.py: add synthetic symbols for module by imports git-svn-id: https://pykd.svn.codeplex.com/svn@61768 9b283d60-5439-405e-af05-b73fd8c4d996
2025-04-21 04:13:22 +08:00 · 2011-02-21 09:49:47 +00:00 · 2011-02-21 09:49:47 +00:00 · d3a22fc0a8
commit d3a22fc0a8
parent dfbbc434d3
5 changed files with 117 additions and 18 deletions
--- a/pykd/dbgext.cpp
+++ b/pykd/dbgext.cpp
@ -151,6 +151,7 @@ BOOST_PYTHON_MODULE( pykd )
    boost::python::def( "setCurrentProcess", &setCurrentProcess );
    boost::python::def( "getProcessorMode", &getProcessorMode );
    boost::python::def( "setProcessorMode", &setProcessorMode );
+    boost::python::def( "addSynSymbol", &addSyntheticSymbol );
    boost::python::class_<typeClass, boost::shared_ptr<typeClass> >( "typeClass" )
        .def("sizeof", &typeClass::size )
        .def("offset", &typeClass::getOffset )
@ -164,6 +165,7 @@ BOOST_PYTHON_MODULE( pykd )
        .def("contain", &dbgModuleClass::contain )
        .def("image", &dbgModuleClass::getImageSymbolName )
        .def("pdb", &dbgModuleClass::getPdbName )
+        .def("addSynSymbol", &dbgModuleClass::addSyntheticSymbol )
        .def("__getattr__", &dbgModuleClass::getOffset );
    boost::python::class_<dbgExtensionClass>( 
            "ext",
--- a/pykd/dbgmodule.cpp
+++ b/pykd/dbgmodule.cpp
@ -229,6 +229,17 @@ dbgModuleClass::getOffset( const std::string  &symName )

 /////////////////////////////////////////////////////////////////////////////////

+void dbgModuleClass::addSyntheticSymbol(
+    ULONG64 offset,
+    ULONG size,
+    const std::string &symName
+)
+{
+    ::addSyntheticSymbol(m_base + offset, size, symName);
+}
+
+/////////////////////////////////////////////////////////////////////////////////
+
 void
 dbgModuleClass::getImagePath()
 {
@ -307,3 +318,30 @@ dbgModuleClass::getImagePath()
 }

 /////////////////////////////////////////////////////////////////////////////////
+
+void
+addSyntheticSymbol( ULONG64 addr, ULONG size, const std::string &symName )
+{
+    try
+    {
+        HRESULT hres = 
+            dbgExt->symbols3->AddSyntheticSymbol(
+                addr,
+                size,
+                symName.c_str(),
+                DEBUG_ADDSYNTHSYM_DEFAULT,
+                NULL);
+        if ( FAILED( hres ) )
+            throw DbgException( "IDebugSymbol3::AddSyntheticSymbol  failed" );
+    }
+    catch( std::exception  &e )
+    {
+        dbgExt->control->Output( DEBUG_OUTPUT_ERROR, "pykd error: %s\n", e.what() );
+    }
+    catch(...)
+    {
+        dbgExt->control->Output( DEBUG_OUTPUT_ERROR, "pykd unexpected error\n" );
+    }
+}
+
+/////////////////////////////////////////////////////////////////////////////////
--- a/pykd/dbgmodule.h
+++ b/pykd/dbgmodule.h
@ -58,6 +58,8 @@ public:
        return std::wstring( m_debugInfo.LoadedPdbName );
    }

+    void 
+    addSyntheticSymbol( ULONG64 offset, ULONG size, const std::string &symName );

 private:

@ -87,4 +89,7 @@ loadModule( const std::string &moduleName );
 boost::python::object
 findModule( ULONG64 addr );

+void
+addSyntheticSymbol( ULONG64 addr, ULONG size, const std::string &symName );
+
 /////////////////////////////////////////////////////////////////////////////////
--- a/samples/synimp.py
+++ b/samples/synimp.py
@ -0,0 +1,54 @@
+# 
+# Add synthetic symbols for module by imports
+# 
+
+from pykd import *
+import sys
+
+def addSymSymbolsByImports(dbgModule):
+  if isKernelDebugging():
+      systemModule = loadModule( "nt" )
+  else:
+      systemModule = loadModule( "ntdll" )
+
+  if is64bitSystem():
+    ntHeader = typedVar( systemModule.name(), "_IMAGE_NT_HEADERS64", dbgModule.begin() + ptrDWord( dbgModule.begin() + 0x3c ) )
+    if ntHeader.OptionalHeader.Magic == 0x10b:
+      systemModule = loadModule( "ntdll32" ) 
+      ntHeader = typedVar( systemModule.name(), "_IMAGE_NT_HEADERS", dbgModule.begin() + ptrDWord( dbgModule.begin() + 0x3c ) )
+      pSize = 4
+    else:
+      pSize = 8     
+  else:
+      ntHeader = typedVar( systemModule.name(), "_IMAGE_NT_HEADERS", dbgModule.begin() + ptrDWord( dbgModule.begin() + 0x3c ) )
+      pSize = 4
+
+  if ntHeader.OptionalHeader.DataDirectory[12].Size == 0:
+    return
+  
+  iatAddr = dbgModule.begin() + ntHeader.OptionalHeader.DataDirectory[12].VirtualAddress;
+
+  for i in range( 0, ntHeader.OptionalHeader.DataDirectory[12].Size / pSize ):
+      pIatEtry = iatAddr + i*pSize;
+
+      if ( pSize == 4 ):
+        iatEntry = ptrDWord( pIatEtry )
+      else:
+        iatEntry = ptrQWord( pIatEtry )
+
+      if iatEntry != 0:
+        symbolName = findSymbol( iatEntry ) 
+        addSynSymbol(pIatEtry, pSize, "_imp_" + symbolName)
+
+if __name__ == "__main__":
+
+  if not isSessionStart():
+    print "Script is launch out of WinDBG"
+    quit(0)
+
+  argc = len(sys.argv)
+  if (2 == argc):
+    addSymSymbolsByImports(findModule(expr(sys.argv[1])))
+  else:
+    dprintln("Invalid command line")
+    dprintln("Usage: " + sys.argv[0] + " module_address")