[+] addSynSymbol function adds a synthetic symbol to a module by virtual address

[+] dbgModuleClass::addSynSymbol method adds a synthetic symbol by offset related to module base [+] samples/synimp.py: add synthetic symbols for module by imports git-svn-id: https://pykd.svn.codeplex.com/svn@61768 9b283d60-5439-405e-af05-b73fd8c4d996
2025-04-20 03:23:23 +08:00 · 2011-02-21 09:49:47 +00:00 · 2011-02-21 09:49:47 +00:00 · d3a22fc0a8
commit d3a22fc0a8
parent dfbbc434d3
5 changed files with 117 additions and 18 deletions
--- a/pykd/dbgext.cpp
+++ b/pykd/dbgext.cpp
@ -151,6 +151,7 @@ BOOST_PYTHON_MODULE( pykd )
    boost::python::def( "setCurrentProcess", &setCurrentProcess );
    boost::python::def( "getProcessorMode", &getProcessorMode );
    boost::python::def( "setProcessorMode", &setProcessorMode );
+    boost::python::def( "addSynSymbol", &addSyntheticSymbol );
    boost::python::class_<typeClass, boost::shared_ptr<typeClass> >( "typeClass" )
        .def("sizeof", &typeClass::size )
        .def("offset", &typeClass::getOffset )
@ -164,6 +165,7 @@ BOOST_PYTHON_MODULE( pykd )
        .def("contain", &dbgModuleClass::contain )
        .def("image", &dbgModuleClass::getImageSymbolName )
        .def("pdb", &dbgModuleClass::getPdbName )
+        .def("addSynSymbol", &dbgModuleClass::addSyntheticSymbol )
        .def("__getattr__", &dbgModuleClass::getOffset );
    boost::python::class_<dbgExtensionClass>( 
            "ext",
--- a/pykd/dbgext.h
+++ b/pykd/dbgext.h
@ -14,8 +14,8 @@ struct DbgExt {
    IDebugRegisters         *registers;
    
    IDebugSymbols           *symbols;
-    IDebugSymbols2          *symbols2;   
-    IDebugSymbols3          *symbols3;   
+    IDebugSymbols2          *symbols2;
+    IDebugSymbols3          *symbols3;
    
    IDebugDataSpaces        *dataSpaces;
    IDebugDataSpaces4       *dataSpaces4;
--- a/pykd/dbgmodule.cpp
+++ b/pykd/dbgmodule.cpp
@ -224,7 +224,18 @@ dbgModuleClass::getOffset( const std::string  &symName )
        return offset->second;
    }

-    return 0;    
+    return 0;
+}
+
+/////////////////////////////////////////////////////////////////////////////////
+
+void dbgModuleClass::addSyntheticSymbol(
+    ULONG64 offset,
+    ULONG size,
+    const std::string &symName
+)
+{
+    ::addSyntheticSymbol(m_base + offset, size, symName);
 }

 /////////////////////////////////////////////////////////////////////////////////
@ -306,4 +317,31 @@ dbgModuleClass::getImagePath()
        delete[] pathBuffer;
 }

-/////////////////////////////////////////////////////////////////////////////////
+/////////////////////////////////////////////////////////////////////////////////
+
+void
+addSyntheticSymbol( ULONG64 addr, ULONG size, const std::string &symName )
+{
+    try
+    {
+        HRESULT hres = 
+            dbgExt->symbols3->AddSyntheticSymbol(
+                addr,
+                size,
+                symName.c_str(),
+                DEBUG_ADDSYNTHSYM_DEFAULT,
+                NULL);
+        if ( FAILED( hres ) )
+            throw DbgException( "IDebugSymbol3::AddSyntheticSymbol  failed" );
+    }
+    catch( std::exception  &e )
+    {
+        dbgExt->control->Output( DEBUG_OUTPUT_ERROR, "pykd error: %s\n", e.what() );
+    }
+    catch(...)
+    {
+        dbgExt->control->Output( DEBUG_OUTPUT_ERROR, "pykd unexpected error\n" );
+    }
+}
+
+/////////////////////////////////////////////////////////////////////////////////
--- a/pykd/dbgmodule.h
+++ b/pykd/dbgmodule.h
@ -15,20 +15,20 @@ public:
    dbgModuleClass() :
        m_base( 0 ),
        m_end( 0 )     
-    {}           
-    
+    {}
+
    dbgModuleClass( const std::string &name, ULONG64 base, ULONG size );
    
    ULONG64
    getBegin() const {
        return m_base;
-    }      
-    
+    }
+
    ULONG64
    getEnd() const {
        return m_end;
    }
-    
+
    bool
    contain( ULONG64  addr ) const {
        if ( *( (ULONG*)&addr + 1 ) == 0 )
@ -36,34 +36,36 @@ public:
                          
        return m_base <= addr && addr <= m_end;
    }
-    
+
    std::string
    getName() const {
        return m_name;    
-    }    
-    
+    }
+
    void
    reloadSymbols();
-    
+
    ULONG64
    getOffset( const std::string  &symName );
-    
+
    std::wstring
    getImageSymbolName() const {
        return m_imageFullName;
    }
-    
+
    std::wstring    
    getPdbName() const {
        return std::wstring( m_debugInfo.LoadedPdbName );
    }
-    
-    
+
+    void 
+    addSyntheticSymbol( ULONG64 offset, ULONG size, const std::string &symName );
+
 private:

    ULONG64         m_base;
    
-    ULONG64         m_end;        
+    ULONG64         m_end;
    
    std::string     m_name;
    
@ -87,4 +89,7 @@ loadModule( const std::string &moduleName );
 boost::python::object
 findModule( ULONG64 addr );

+void
+addSyntheticSymbol( ULONG64 addr, ULONG size, const std::string &symName );
+
 /////////////////////////////////////////////////////////////////////////////////
--- a/samples/synimp.py
+++ b/samples/synimp.py
@ -0,0 +1,54 @@
+# 
+# Add synthetic symbols for module by imports
+# 
+
+from pykd import *
+import sys
+
+def addSymSymbolsByImports(dbgModule):
+  if isKernelDebugging():
+      systemModule = loadModule( "nt" )
+  else:
+      systemModule = loadModule( "ntdll" )
+
+  if is64bitSystem():
+    ntHeader = typedVar( systemModule.name(), "_IMAGE_NT_HEADERS64", dbgModule.begin() + ptrDWord( dbgModule.begin() + 0x3c ) )
+    if ntHeader.OptionalHeader.Magic == 0x10b:
+      systemModule = loadModule( "ntdll32" ) 
+      ntHeader = typedVar( systemModule.name(), "_IMAGE_NT_HEADERS", dbgModule.begin() + ptrDWord( dbgModule.begin() + 0x3c ) )
+      pSize = 4
+    else:
+      pSize = 8     
+  else:
+      ntHeader = typedVar( systemModule.name(), "_IMAGE_NT_HEADERS", dbgModule.begin() + ptrDWord( dbgModule.begin() + 0x3c ) )
+      pSize = 4
+
+  if ntHeader.OptionalHeader.DataDirectory[12].Size == 0:
+    return
+  
+  iatAddr = dbgModule.begin() + ntHeader.OptionalHeader.DataDirectory[12].VirtualAddress;
+
+  for i in range( 0, ntHeader.OptionalHeader.DataDirectory[12].Size / pSize ):
+      pIatEtry = iatAddr + i*pSize;
+
+      if ( pSize == 4 ):
+        iatEntry = ptrDWord( pIatEtry )
+      else:
+        iatEntry = ptrQWord( pIatEtry )
+
+      if iatEntry != 0:
+        symbolName = findSymbol( iatEntry ) 
+        addSynSymbol(pIatEtry, pSize, "_imp_" + symbolName)
+
+if __name__ == "__main__":
+
+  if not isSessionStart():
+    print "Script is launch out of WinDBG"
+    quit(0)
+
+  argc = len(sys.argv)
+  if (2 == argc):
+    addSymSymbolsByImports(findModule(expr(sys.argv[1])))
+  else:
+    dprintln("Invalid command line")
+    dprintln("Usage: " + sys.argv[0] + " module_address")