下载符号文件,自己看msdn写的不行,然后我又看了看雪一伙计写的代码,如下,编译顺利通过,但是,在SymGetSymbolFile执行错误,getlasterror返回2,指定文件找不到.郁闷,求解释下.
#include "stdafx.h"
#include <stdio.h>
#include <Windows.h>
#include <DbgHelp.h>
#pragma comment(lib , "DbgHelp.lib")
#pragma comment(lib , "ImageHlp.lib")
typedef BOOL(__stdcall *SYMGETSYMBOLFILE)(
__in_opt HANDLE hProcess,
__in_opt PCSTR SymPath,
__in PCSTR ImageFile,
__in DWORD Type,
__out_ecount(cSymbolFile) PSTR SymbolFile,
__in size_t cSymbolFile,
__out_ecount(cDbgFile) PSTR DbgFile,
__in size_t cDbgFile
);
EXTERN_C PLOADED_IMAGE IMAGEAPI ImageLoad(
__in PSTR DllName,
__in PSTR DllPath
);
HANDLE hProcess;
char* url = "http://msdl.microsoft.com/download/symbols";
HANDLE hIn;
HANDLE hOut;
void ChangeOutputTextColor(
DWORD rgbColor)
{
SetConsoleTextAttribute ( hOut , FOREGROUND_RED);
}
BOOLEAN InitSymHandler()
{
HANDLE hfile;
char Path[MAX_PATH]={0};
char FileName[MAX_PATH]={0};
char SymPath[MAX_PATH*2]={0};
if (!GetCurrentDirectoryA( MAX_PATH ,Path))
{
printf ("cannot get current directory \n");
return FALSE;
}
strcpy( FileName , Path);
strcat(FileName ,"\\symsrv.yes");
printf ("%s \n",FileName);
hfile = CreateFileA ( FileName,
FILE_ALL_ACCESS,
FILE_SHARE_READ,
NULL,
OPEN_ALWAYS,
FILE_ATTRIBUTE_NORMAL,
NULL);
if (hfile == INVALID_HANDLE_VALUE)
{
printf ("create or open file error: 0x%X \n",GetLastError());
return FALSE;
}
CloseHandle (hfile);
hProcess = OpenProcess( PROCESS_ALL_ACCESS,
FALSE,
4);
if (hProcess == INVALID_HANDLE_VALUE)
{
printf ("Cannot open system process \n");
return FALSE;
}
SymSetOptions ( SYMOPT_CASE_INSENSITIVE | SYMOPT_DEFERRED_LOADS | SYMOPT_UNDNAME);
strcat(Path,"\\symbols*");
strcpy(SymPath,"SRV*");
strcat(SymPath,Path);
strcat(SymPath,url);
printf ("%s \n",SymPath);
SymInitialize( hProcess,
SymPath,
FALSE);
return TRUE;
}
BOOLEAN LoadSymModule(
char* ImageName,
DWORD ModuleBase)
{
DWORD64 tmp;
char SymFileName[MAX_PATH]={0};
PLOADED_IMAGE pli = ImageLoad ( ImageName , NULL);
if (pli == NULL)
{
printf ("cannot get loaded module of %s \n",ImageName);
return FALSE;
}
HINSTANCE hDbgHelp = LoadLibraryA("dbghelp.dll");
if (!hDbgHelp)
return FALSE;
SYMGETSYMBOLFILE pSymGetSymbolFile;
pSymGetSymbolFile = (SYMGETSYMBOLFILE)GetProcAddress(hDbgHelp,"SymGetSymbolFile");
if (!pSymGetSymbolFile){
printf("SymGetSymbolFile 导出failed %X\r\n",pSymGetSymbolFile);
return FALSE;
}
if (!pSymGetSymbolFile( hProcess,
NULL,
pli->ModuleName,
sfPdb,
SymFileName,
MAX_PATH,
SymFileName,
MAX_PATH))
{
printf ("cannot get symbol file of %s ,error: 0x%x \n",ImageName,GetLastError());
return FALSE;
}
tmp = SymLoadModule64( hProcess,
pli->hFile,
pli->ModuleName,
NULL,
(DWORD64)ModuleBase,
pli->SizeOfImage);
if (!tmp)
{
printf ("cannot load module , error : %X \n",GetLastError());
return FALSE;
}
return TRUE;
}
BOOLEAN EnumSyms(
char* ImageName,
DWORD ModuleBase,
PSYM_ENUMERATESYMBOLS_CALLBACK EnumRoutine,
PVOID Context)
{
BOOLEAN bEnum;
if ( !LoadSymModule( ImageName , ModuleBase) )
{
return FALSE;
}
bEnum = SymEnumSymbols( hProcess,
ModuleBase,
NULL,
EnumRoutine,
Context);
if (!bEnum)
{
printf ("cannot enum symbols ,error: %x \n",GetLastError());
}
return bEnum;
}
BOOLEAN CALLBACK EnumSymRoutine(
PSYMBOL_INFO psi,
ULONG SymSize,
PVOID Context)
{
printf ("%s : 0x%X \n",psi->Name,psi->Address);
return TRUE;
}
int main(void)
{
hIn = GetStdHandle ( STD_INPUT_HANDLE);
hOut = GetStdHandle (STD_OUTPUT_HANDLE);
if (!InitSymHandler ())
{
goto __exit;
}
;
//ChangeOutputTextColor (4);
EnumSyms("ntkrnlpa.exe", 0x804d8000,(PSYM_ENUMERATESYMBOLS_CALLBACK)EnumSymRoutine,NULL);
__exit:
getchar();
}
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
非常谢谢,虽然已经解决了
