Process Hacker
symprv.c File Reference
#include <ph.h>
#include <kphuser.h>
#include <dbghelp.h>
#include <symprv.h>
#include <symprvp.h>

Go to the source code of this file.

Macros

#define PH_LOCK_SYMBOLS()   PhAcquireFastLockExclusive(&PhSymMutex)
 
#define PH_UNLOCK_SYMBOLS()   PhReleaseFastLockExclusive(&PhSymMutex)
 

Typedefs

typedef struct _PH_SYMBOL_MODULE PH_SYMBOL_MODULE
 
typedef struct _PH_SYMBOL_MODULE * PPH_SYMBOL_MODULE
 

Functions

VOID NTAPI PhpSymbolProviderDeleteProcedure (_In_ PVOID Object, _In_ ULONG Flags)
 
VOID PhpRegisterSymbolProvider (_In_opt_ PPH_SYMBOL_PROVIDER SymbolProvider)
 
VOID PhpFreeSymbolModule (_In_ PPH_SYMBOL_MODULE SymbolModule)
 
LONG NTAPI PhpSymbolModuleCompareFunction (_In_ PPH_AVL_LINKS Links1, _In_ PPH_AVL_LINKS Links2)
 
DECLSPEC_SELECTANY PH_CALLBACK_DECLARE (PhSymInitCallback)
 
BOOLEAN PhSymbolProviderInitialization (VOID)
 
VOID PhSymbolProviderCompleteInitialization (_In_opt_ PVOID DbgHelpBase)
 
PPH_SYMBOL_PROVIDER PhCreateSymbolProvider (_In_opt_ HANDLE ProcessId)
 
NTSTATUS PhpSymbolCallbackWorker (_In_ PVOID Parameter)
 
BOOL CALLBACK PhpSymbolCallbackFunction (_In_ HANDLE hProcess, _In_ ULONG ActionCode, _In_opt_ ULONG64 CallbackData, _In_opt_ ULONG64 UserContext)
 
BOOLEAN PhGetLineFromAddress (_In_ PPH_SYMBOL_PROVIDER SymbolProvider, _In_ ULONG64 Address, _Out_ PPH_STRING *FileName, _Out_opt_ PULONG Displacement, _Out_opt_ PPH_SYMBOL_LINE_INFORMATION Information)
 
ULONG64 PhGetModuleFromAddress (_In_ PPH_SYMBOL_PROVIDER SymbolProvider, _In_ ULONG64 Address, _Out_opt_ PPH_STRING *FileName)
 
VOID PhpSymbolInfoAnsiToUnicode (_Out_ PSYMBOL_INFOW SymbolInfoW, _In_ PSYMBOL_INFO SymbolInfoA)
 
PPH_STRING PhGetSymbolFromAddress (_In_ PPH_SYMBOL_PROVIDER SymbolProvider, _In_ ULONG64 Address, _Out_opt_ PPH_SYMBOL_RESOLVE_LEVEL ResolveLevel, _Out_opt_ PPH_STRING *FileName, _Out_opt_ PPH_STRING *SymbolName, _Out_opt_ PULONG64 Displacement)
 
BOOLEAN PhGetSymbolFromName (_In_ PPH_SYMBOL_PROVIDER SymbolProvider, _In_ PWSTR Name, _Out_ PPH_SYMBOL_INFORMATION Information)
 
BOOLEAN PhLoadModuleSymbolProvider (_In_ PPH_SYMBOL_PROVIDER SymbolProvider, _In_ PWSTR FileName, _In_ ULONG64 BaseAddress, _In_ ULONG Size)
 
VOID PhSetOptionsSymbolProvider (_In_ ULONG Mask, _In_ ULONG Value)
 
VOID PhSetSearchPathSymbolProvider (_In_ PPH_SYMBOL_PROVIDER SymbolProvider, _In_ PWSTR Path)
 
ULONG64 __stdcall PhGetModuleBase64 (_In_ HANDLE hProcess, _In_ DWORD64 dwAddr)
 
PVOID __stdcall PhFunctionTableAccess64 (_In_ HANDLE hProcess, _In_ DWORD64 AddrBase)
 
BOOLEAN PhStackWalk (_In_ ULONG MachineType, _In_ HANDLE ProcessHandle, _In_ HANDLE ThreadHandle, _Inout_ LPSTACKFRAME64 StackFrame, _Inout_ PVOID ContextRecord, _In_opt_ PPH_SYMBOL_PROVIDER SymbolProvider, _In_opt_ PREAD_PROCESS_MEMORY_ROUTINE64 ReadMemoryRoutine, _In_opt_ PFUNCTION_TABLE_ACCESS_ROUTINE64 FunctionTableAccessRoutine, _In_opt_ PGET_MODULE_BASE_ROUTINE64 GetModuleBaseRoutine, _In_opt_ PTRANSLATE_ADDRESS_ROUTINE64 TranslateAddress)
 
BOOLEAN PhWriteMiniDumpProcess (_In_ HANDLE ProcessHandle, _In_ HANDLE ProcessId, _In_ HANDLE FileHandle, _In_ MINIDUMP_TYPE DumpType, _In_opt_ PMINIDUMP_EXCEPTION_INFORMATION ExceptionParam, _In_opt_ PMINIDUMP_USER_STREAM_INFORMATION UserStreamParam, _In_opt_ PMINIDUMP_CALLBACK_INFORMATION CallbackParam)
 
VOID PhpConvertStackFrame (_In_ STACKFRAME64 *StackFrame64, _In_ ULONG Flags, _Out_ PPH_THREAD_STACK_FRAME ThreadStackFrame)
 Converts a STACKFRAME64 structure to a PH_THREAD_STACK_FRAME structure.
 
NTSTATUS PhWalkThreadStack (_In_ HANDLE ThreadHandle, _In_opt_ HANDLE ProcessHandle, _In_opt_ PCLIENT_ID ClientId, _In_opt_ PPH_SYMBOL_PROVIDER SymbolProvider, _In_ ULONG Flags, _In_ PPH_WALK_THREAD_STACK_CALLBACK Callback, _In_opt_ PVOID Context)
 Walks a thread's stack.
 

Variables

PPH_OBJECT_TYPE PhSymbolProviderType
 
_SymInitialize SymInitialize_I
 
_SymCleanup SymCleanup_I
 
_SymEnumSymbols SymEnumSymbols_I
 
_SymEnumSymbolsW SymEnumSymbolsW_I
 
_SymFromAddr SymFromAddr_I
 
_SymFromAddrW SymFromAddrW_I
 
_SymFromName SymFromName_I
 
_SymFromNameW SymFromNameW_I
 
_SymGetLineFromAddr64 SymGetLineFromAddr64_I
 
_SymGetLineFromAddrW64 SymGetLineFromAddrW64_I
 
_SymLoadModule64 SymLoadModule64_I
 
_SymLoadModuleExW SymLoadModuleExW_I
 
_SymGetOptions SymGetOptions_I
 
_SymSetOptions SymSetOptions_I
 
_SymGetSearchPath SymGetSearchPath_I
 
_SymGetSearchPathW SymGetSearchPathW_I
 
_SymSetSearchPath SymSetSearchPath_I
 
_SymSetSearchPathW SymSetSearchPathW_I
 
_SymUnloadModule64 SymUnloadModule64_I
 
_SymFunctionTableAccess64 SymFunctionTableAccess64_I
 
_SymGetModuleBase64 SymGetModuleBase64_I
 
_SymRegisterCallbackW64 SymRegisterCallbackW64_I
 
_StackWalk64 StackWalk64_I
 
_MiniDumpWriteDump MiniDumpWriteDump_I
 
_SymbolServerGetOptions SymbolServerGetOptions
 
_SymbolServerSetOptions SymbolServerSetOptions
 

Macro Definition Documentation

#define PH_LOCK_SYMBOLS ( )    PhAcquireFastLockExclusive(&PhSymMutex)

Definition at line 65 of file symprv.c.

#define PH_UNLOCK_SYMBOLS ( )    PhReleaseFastLockExclusive(&PhSymMutex)

Definition at line 66 of file symprv.c.

Typedef Documentation

typedef struct _PH_SYMBOL_MODULE PH_SYMBOL_MODULE
typedef struct _PH_SYMBOL_MODULE * PPH_SYMBOL_MODULE

Function Documentation

DECLSPEC_SELECTANY PH_CALLBACK_DECLARE ( PhSymInitCallback  )
PPH_SYMBOL_PROVIDER PhCreateSymbolProvider ( _In_opt_ HANDLE  ProcessId)

Definition at line 153 of file symprv.c.

PVOID __stdcall PhFunctionTableAccess64 ( _In_ HANDLE  hProcess,
_In_ DWORD64  AddrBase 
)

Definition at line 1370 of file symprv.c.

BOOLEAN PhGetLineFromAddress ( _In_ PPH_SYMBOL_PROVIDER  SymbolProvider,
_In_ ULONG64  Address,
_Out_ PPH_STRING FileName,
_Out_opt_ PULONG  Displacement,
_Out_opt_ PPH_SYMBOL_LINE_INFORMATION  Information 
)

Definition at line 349 of file symprv.c.

ULONG64 __stdcall PhGetModuleBase64 ( _In_ HANDLE  hProcess,
_In_ DWORD64  dwAddr 
)

Definition at line 1333 of file symprv.c.

ULONG64 PhGetModuleFromAddress ( _In_ PPH_SYMBOL_PROVIDER  SymbolProvider,
_In_ ULONG64  Address,
_Out_opt_ PPH_STRING FileName 
)

Definition at line 423 of file symprv.c.

PPH_STRING PhGetSymbolFromAddress ( _In_ PPH_SYMBOL_PROVIDER  SymbolProvider,
_In_ ULONG64  Address,
_Out_opt_ PPH_SYMBOL_RESOLVE_LEVEL  ResolveLevel,
_Out_opt_ PPH_STRING FileName,
_Out_opt_ PPH_STRING SymbolName,
_Out_opt_ PULONG64  Displacement 
)

Definition at line 537 of file symprv.c.

BOOLEAN PhGetSymbolFromName ( _In_ PPH_SYMBOL_PROVIDER  SymbolProvider,
_In_ PWSTR  Name,
_Out_ PPH_SYMBOL_INFORMATION  Information 
)

Definition at line 767 of file symprv.c.

BOOLEAN PhLoadModuleSymbolProvider ( _In_ PPH_SYMBOL_PROVIDER  SymbolProvider,
_In_ PWSTR  FileName,
_In_ ULONG64  BaseAddress,
_In_ ULONG  Size 
)

Definition at line 841 of file symprv.c.

VOID PhpConvertStackFrame ( _In_ STACKFRAME64 *  StackFrame64,
_In_ ULONG  Flags,
_Out_ PPH_THREAD_STACK_FRAME  ThreadStackFrame 
)

Converts a STACKFRAME64 structure to a PH_THREAD_STACK_FRAME structure.

Parameters
StackFrame64A pointer to the STACKFRAME64 structure to convert.
FlagsFlags to set in the resulting structure.
ThreadStackFrameA pointer to the resulting PH_THREAD_STACK_FRAME structure.

Definition at line 1488 of file symprv.c.

VOID PhpFreeSymbolModule ( _In_ PPH_SYMBOL_MODULE  SymbolModule)

Definition at line 329 of file symprv.c.

VOID PhpRegisterSymbolProvider ( _In_opt_ PPH_SYMBOL_PROVIDER  SymbolProvider)

Definition at line 296 of file symprv.c.

BOOL CALLBACK PhpSymbolCallbackFunction ( _In_ HANDLE  hProcess,
_In_ ULONG  ActionCode,
_In_opt_ ULONG64  CallbackData,
_In_opt_ ULONG64  UserContext 
)

Definition at line 253 of file symprv.c.

NTSTATUS PhpSymbolCallbackWorker ( _In_ PVOID  Parameter)

Definition at line 239 of file symprv.c.

VOID PhpSymbolInfoAnsiToUnicode ( _Out_ PSYMBOL_INFOW  SymbolInfoW,
_In_ PSYMBOL_INFO  SymbolInfoA 
)

Definition at line 501 of file symprv.c.

static LONG NTAPI PhpSymbolModuleCompareFunction ( _In_ PPH_AVL_LINKS  Links1,
_In_ PPH_AVL_LINKS  Links2 
)

Definition at line 338 of file symprv.c.

VOID NTAPI PhpSymbolProviderDeleteProcedure ( _In_ PVOID  Object,
_In_ ULONG  Flags 
)

Definition at line 204 of file symprv.c.

VOID PhSetOptionsSymbolProvider ( _In_ ULONG  Mask,
_In_ ULONG  Value 
)

Definition at line 935 of file symprv.c.

VOID PhSetSearchPathSymbolProvider ( _In_ PPH_SYMBOL_PROVIDER  SymbolProvider,
_In_ PWSTR  Path 
)

Definition at line 957 of file symprv.c.

BOOLEAN PhStackWalk ( _In_ ULONG  MachineType,
_In_ HANDLE  ProcessHandle,
_In_ HANDLE  ThreadHandle,
_Inout_ LPSTACKFRAME64  StackFrame,
_Inout_ PVOID  ContextRecord,
_In_opt_ PPH_SYMBOL_PROVIDER  SymbolProvider,
_In_opt_ PREAD_PROCESS_MEMORY_ROUTINE64  ReadMemoryRoutine,
_In_opt_ PFUNCTION_TABLE_ACCESS_ROUTINE64  FunctionTableAccessRoutine,
_In_opt_ PGET_MODULE_BASE_ROUTINE64  GetModuleBaseRoutine,
_In_opt_ PTRANSLATE_ADDRESS_ROUTINE64  TranslateAddress 
)

Definition at line 1396 of file symprv.c.

VOID PhSymbolProviderCompleteInitialization ( _In_opt_ PVOID  DbgHelpBase)

Definition at line 104 of file symprv.c.

BOOLEAN PhSymbolProviderInitialization ( VOID  )

Definition at line 95 of file symprv.c.

NTSTATUS PhWalkThreadStack ( _In_ HANDLE  ThreadHandle,
_In_opt_ HANDLE  ProcessHandle,
_In_opt_ PCLIENT_ID  ClientId,
_In_opt_ PPH_SYMBOL_PROVIDER  SymbolProvider,
_In_ ULONG  Flags,
_In_ PPH_WALK_THREAD_STACK_CALLBACK  Callback,
_In_opt_ PVOID  Context 
)

Walks a thread's stack.

Parameters
ThreadHandleA handle to a thread. The handle must have THREAD_QUERY_LIMITED_INFORMATION, THREAD_GET_CONTEXT and THREAD_SUSPEND_RESUME access. The handle can have any access for kernel stack walking.
ProcessHandleA handle to the thread's parent process. The handle must have PROCESS_QUERY_INFORMATION and PROCESS_VM_READ access. If a symbol provider is being used, pass its process handle and specify the symbol provider in SymbolProvider.
ClientIdThe client ID identifying the thread.
SymbolProviderThe associated symbol provider.
FlagsA combination of flags.
  • PH_WALK_I386_STACK Walks the x86 stack. On AMD64 systems this flag walks the WOW64 stack.
  • PH_WALK_AMD64_STACK Walks the AMD64 stack. On x86 systems this flag is ignored.
  • PH_WALK_KERNEL_STACK Walks the kernel stack. This flag is ignored if there is no active KProcessHacker connection.
CallbackA callback function which is executed for each stack frame.
ContextA user-defined value to pass to the callback function.

Definition at line 1538 of file symprv.c.

BOOLEAN PhWriteMiniDumpProcess ( _In_ HANDLE  ProcessHandle,
_In_ HANDLE  ProcessId,
_In_ HANDLE  FileHandle,
_In_ MINIDUMP_TYPE  DumpType,
_In_opt_ PMINIDUMP_EXCEPTION_INFORMATION  ExceptionParam,
_In_opt_ PMINIDUMP_USER_STREAM_INFORMATION  UserStreamParam,
_In_opt_ PMINIDUMP_CALLBACK_INFORMATION  CallbackParam 
)

Definition at line 1449 of file symprv.c.

Variable Documentation

_MiniDumpWriteDump MiniDumpWriteDump_I

Definition at line 91 of file symprv.c.

PPH_OBJECT_TYPE PhSymbolProviderType

Definition at line 57 of file symprv.c.

_StackWalk64 StackWalk64_I

Definition at line 90 of file symprv.c.

_SymbolServerGetOptions SymbolServerGetOptions

Definition at line 92 of file symprv.c.

_SymbolServerSetOptions SymbolServerSetOptions

Definition at line 93 of file symprv.c.

_SymCleanup SymCleanup_I

Definition at line 69 of file symprv.c.

_SymEnumSymbols SymEnumSymbols_I

Definition at line 70 of file symprv.c.

_SymEnumSymbolsW SymEnumSymbolsW_I

Definition at line 71 of file symprv.c.

_SymFromAddr SymFromAddr_I

Definition at line 72 of file symprv.c.

_SymFromAddrW SymFromAddrW_I

Definition at line 73 of file symprv.c.

_SymFromName SymFromName_I

Definition at line 74 of file symprv.c.

_SymFromNameW SymFromNameW_I

Definition at line 75 of file symprv.c.

_SymFunctionTableAccess64 SymFunctionTableAccess64_I

Definition at line 87 of file symprv.c.

_SymGetLineFromAddr64 SymGetLineFromAddr64_I

Definition at line 76 of file symprv.c.

_SymGetLineFromAddrW64 SymGetLineFromAddrW64_I

Definition at line 77 of file symprv.c.

_SymGetModuleBase64 SymGetModuleBase64_I

Definition at line 88 of file symprv.c.

_SymGetOptions SymGetOptions_I

Definition at line 80 of file symprv.c.

_SymGetSearchPath SymGetSearchPath_I

Definition at line 82 of file symprv.c.

_SymGetSearchPathW SymGetSearchPathW_I

Definition at line 83 of file symprv.c.

_SymInitialize SymInitialize_I

Definition at line 68 of file symprv.c.

_SymLoadModule64 SymLoadModule64_I

Definition at line 78 of file symprv.c.

_SymLoadModuleExW SymLoadModuleExW_I

Definition at line 79 of file symprv.c.

_SymRegisterCallbackW64 SymRegisterCallbackW64_I

Definition at line 89 of file symprv.c.

_SymSetOptions SymSetOptions_I

Definition at line 81 of file symprv.c.

_SymSetSearchPath SymSetSearchPath_I

Definition at line 84 of file symprv.c.

_SymSetSearchPathW SymSetSearchPathW_I

Definition at line 85 of file symprv.c.

_SymUnloadModule64 SymUnloadModule64_I

Definition at line 86 of file symprv.c.