-
Notifications
You must be signed in to change notification settings - Fork 17
/
kpdb.h
89 lines (81 loc) · 2.08 KB
/
kpdb.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
#pragma once
#include <ntifs.h>
#include <ntddk.h>
#include <ntimage.h>
#include <minwindef.h>
#include <intrin.h>
#include <ntddndis.h>
#include <strsafe.h>
#include <fltkernel.h>
const char kMagic[32];
#pragma pack(push, 1)
typedef struct _SuperBlock
{
CHAR FileMagic[sizeof(kMagic)];
DWORD BlockSize;
DWORD FreeBlockMapBlock;
DWORD NumBlocks;
DWORD NumDirectoryBytes;
DWORD Unknown;
DWORD BlockMapAddr;
}SuperBlock;
typedef struct _StreamData {
PCHAR StreamPointer;
SIZE_T StreamSize;
}StreamData;
typedef struct _DBIHeader
{
LONG VersionSignature;
DWORD VersionHeader;
DWORD Age;
WORD GlobalStreamIndex;
WORD BuildNumber;
WORD PublicStreamIndex;
WORD PdbDllVersion;
WORD SymRecordStream;
WORD PdbDllRbld;
LONG ModInfoSize;
LONG SectionContributionSize;
LONG SectionMapSize;
LONG SourceInfoSize;
LONG TypeServerSize;
DWORD MFCTypeServerIndex;
LONG OptionalDbgHeaderSize;
LONG ECSubstreamSize;
WORD Flags;
WORD Machine;
DWORD Padding;
}DBIHeader;
typedef struct _PUBSYM32
{
WORD reclen; // Record length
WORD rectyp; // S_PUB32
DWORD pubsymflags;
DWORD off;
WORD seg;
char name[1]; // Length-prefixed name
}PUBSYM32;
typedef enum SYM_ENUM_e {
// […]
S_CONSTANT = 0x1107, // constant symbol
S_UDT = 0x1108, // User defined type
S_LDATA32 = 0x110c, // Module-local symbol
S_GDATA32 = 0x110d, // Global data symbol
S_PUB32 = 0x110e, // a public symbol (CV internal reserved)
S_PROCREF = 0x1125, // Reference to a procedure
S_LPROCREF = 0x1127, // Local Reference to a procedure
// […]
};
typedef struct _SYMBOL_DATA {
PCHAR SymbolName;
//UINT SymbolNameHash;
DWORD SectionOffset;
DWORD SymbolRVA;
WORD SectionNumber;
} SYMBOL_DATA, * PSYMBOL_DATA;
#pragma pack(pop)
BOOL KpdbIsPDBMagicValid(SuperBlock* super);
PVOID KpdbGetPDBStreamDirectory(PVOID base);
StreamData* KpdbGetPDBStreams(PVOID base, DWORD* streams_count);
BOOL KpdbGetPDBSymbolOffset(PVOID pdbfile, PSYMBOL_DATA SymbolDataList);
void KpdbConvertSecOffsetToRVA(DWORD64 ModuleBase, PSYMBOL_DATA SymbolDataList);