Temptationx/new_gist_file

## new_gist_file

#include <Windows.h>
#include <stdio.h>
#include "dbghelp.h"

BOOL  WINAPI InitSymHandler( )
{
    BOOL   bReturn = FALSE;
    HANDLE hFile;
    CHAR   DirPath[MAX_PATH]  = {0};
    CHAR   FileName[MAX_PATH] = {0};
    CHAR   SymPath[MAX_PATH*2]= {0};

    do
    {
        bReturn = GetCurrentDirectoryA( MAX_PATH , DirPath ) ;
        if ( !bReturn )
        {
            break;
        }

        strcpy( FileName , DirPath );
        strcat( FileName ,"\\symsrv.yes");

        hFile = CreateFileA (     FileName,
                                FILE_ALL_ACCESS,
                                FILE_SHARE_READ,
                                NULL,
                                OPEN_ALWAYS,
                                FILE_ATTRIBUTE_NORMAL,
                                NULL );
        if (hFile == INVALID_HANDLE_VALUE)
        {
            bReturn = FALSE;
            break;
        }
        CloseHandle (hFile);

        SymSetOptions ( SYMOPT_CASE_INSENSITIVE | SYMOPT_DEFERRED_LOADS | SYMOPT_UNDNAME);

        strcat( DirPath, "\\symbols*" );
        strcpy( SymPath, "SRV*" );
        strcat( SymPath, DirPath );
        strcat( SymPath, "http://msdl.microsoft.com/download/symbols" );

        bReturn = SymInitialize(  GetCurrentProcess(), SymPath, FALSE );

    } while( FALSE );

    return bReturn;
}

VOID  WINAPI FiniSymHandler( )
{
    SymCleanup( GetCurrentProcess() );
}

BOOL WINAPI
EnumSymData(
    IN LPSTR ImageName,
    IN PVOID ModuleBase,
    IN PSYM_ENUMERATESYMBOLS_CALLBACK EnumRoutine,
    IN PVOID Context
    )
{
    DWORD64 ModLoadBase = 0;
    BOOL    bReturn     = FALSE;

    if( InitSymHandler( ) )
    {
        ModLoadBase =  SymLoadModule64( GetCurrentProcess(),
                                    NULL,
                                    ImageName,
                                    NULL,
                                    (DWORD64)ModuleBase,
                                    0 );

        if ( ModLoadBase )
        {
            bReturn = SymEnumSymbols(   GetCurrentProcess(),
                                        (ULONG64)ModuleBase,
                                        "Nt*",
                                        EnumRoutine,
                                        Context );

            SymUnloadModule64( GetCurrentProcess(), (DWORD64)ModuleBase );
        }

        FiniSymHandler( );
    }

    return bReturn;
}

BOOLEAN CALLBACK
EnumSymRoutine(
    PSYMBOL_INFO psi,
    ULONG     SymSize,
    PVOID     Context
    )
{
    FILE*  fp     = (FILE*)Context;
    PUCHAR pNtApi = (PUCHAR)psi->Address;
#ifdef _X86_
    if( *pNtApi == 0xB8/*  && *(pNtApi+5) == 0xBA  */)
#else
    if( *(PULONG)pNtApi == 0xB8D18B4C )
#endif
    {
#ifdef _X86_
        fprintf ( fp, "0x%04X : %s \n", ((*(PULONG)(pNtApi+1))&0x3FFF), psi->Name );
#else
        fprintf ( fp, "0x%04X : %s \n", ((*(PULONG)(pNtApi+4))&0x3FFF), psi->Name );
#endif
    }

    return TRUE;
}

int WINAPI WinMain(  HINSTANCE hInstance, HINSTANCE hPrevInstance, PCHAR lpCmdLine, int nShowCmd )
{
    FILE* fp = fopen( "./SeeSym.txt", "w" );
    if( fp )
    {
        OSVERSIONINFO osvi;

        RtlZeroMemory( &osvi, sizeof(OSVERSIONINFO) );
        osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);

        GetVersionEx( &osvi );
        fprintf( fp, "Microsoft Windows [Version %d.%d.%d.%s]\n\n",
                        osvi.dwMajorVersion, osvi.dwMinorVersion, osvi.dwBuildNumber,
                        sizeof(PVOID) == sizeof(ULONG) ? "i386":"AMD64" );

        EnumSymData(
                "ntdll.dll",
                GetModuleHandleA("ntdll.dll"),
                (PSYM_ENUMERATESYMBOLS_CALLBACK)EnumSymRoutine,
                fp );

        EnumSymData(
                "user32.dll",
                GetModuleHandleA("user32.dll"),
                (PSYM_ENUMERATESYMBOLS_CALLBACK)EnumSymRoutine,
                fp );

        EnumSymData(
                "gdi32.dll",
                GetModuleHandleA("gdi32.dll"),
                (PSYM_ENUMERATESYMBOLS_CALLBACK)EnumSymRoutine,
                fp );

        fclose(fp);
    }

    MessageBoxA( NULL, "Completed!\n>.<", "Tip", MB_OK );

    return 0;
}

	#include <Windows.h>
	#include <stdio.h>
	#include "dbghelp.h"

	BOOL WINAPI InitSymHandler( )
	{
	BOOL bReturn = FALSE;
	HANDLE hFile;
	CHAR DirPath[MAX_PATH] = {0};
	CHAR FileName[MAX_PATH] = {0};
	CHAR SymPath[MAX_PATH*2]= {0};

	do
	{
	bReturn = GetCurrentDirectoryA( MAX_PATH , DirPath ) ;
	if ( !bReturn )
	{
	break;
	}

	strcpy( FileName , DirPath );
	strcat( FileName ,"\\symsrv.yes");

	hFile = CreateFileA ( FileName,
	FILE_ALL_ACCESS,
	FILE_SHARE_READ,
	NULL,
	OPEN_ALWAYS,
	FILE_ATTRIBUTE_NORMAL,
	NULL );
	if (hFile == INVALID_HANDLE_VALUE)
	{
	bReturn = FALSE;
	break;
	}
	CloseHandle (hFile);

	SymSetOptions ( SYMOPT_CASE_INSENSITIVE \| SYMOPT_DEFERRED_LOADS \| SYMOPT_UNDNAME);

	strcat( DirPath, "\\symbols*" );
	strcpy( SymPath, "SRV*" );
	strcat( SymPath, DirPath );
	strcat( SymPath, "http://msdl.microsoft.com/download/symbols" );

	bReturn = SymInitialize( GetCurrentProcess(), SymPath, FALSE );

	} while( FALSE );

	return bReturn;
	}

	VOID WINAPI FiniSymHandler( )
	{
	SymCleanup( GetCurrentProcess() );
	}

	BOOL WINAPI
	EnumSymData(
	IN LPSTR ImageName,
	IN PVOID ModuleBase,
	IN PSYM_ENUMERATESYMBOLS_CALLBACK EnumRoutine,
	IN PVOID Context
	)
	{
	DWORD64 ModLoadBase = 0;
	BOOL bReturn = FALSE;

	if( InitSymHandler( ) )
	{
	ModLoadBase = SymLoadModule64( GetCurrentProcess(),
	NULL,
	ImageName,
	NULL,
	(DWORD64)ModuleBase,
	0 );

	if ( ModLoadBase )
	{
	bReturn = SymEnumSymbols( GetCurrentProcess(),
	(ULONG64)ModuleBase,
	"Nt*",
	EnumRoutine,
	Context );

	SymUnloadModule64( GetCurrentProcess(), (DWORD64)ModuleBase );
	}

	FiniSymHandler( );
	}

	return bReturn;
	}

	BOOLEAN CALLBACK
	EnumSymRoutine(
	PSYMBOL_INFO psi,
	ULONG SymSize,
	PVOID Context
	)
	{
	FILE* fp = (FILE*)Context;
	PUCHAR pNtApi = (PUCHAR)psi->Address;
	#ifdef _X86_
	if( pNtApi == 0xB8/ && (pNtApi+5) == 0xBA /)
	#else
	if( *(PULONG)pNtApi == 0xB8D18B4C )
	#endif
	{
	#ifdef _X86_
	fprintf ( fp, "0x%04X : %s \n", ((*(PULONG)(pNtApi+1))&0x3FFF), psi->Name );
	#else
	fprintf ( fp, "0x%04X : %s \n", ((*(PULONG)(pNtApi+4))&0x3FFF), psi->Name );
	#endif
	}

	return TRUE;
	}

	int WINAPI WinMain( HINSTANCE hInstance, HINSTANCE hPrevInstance, PCHAR lpCmdLine, int nShowCmd )
	{
	FILE* fp = fopen( "./SeeSym.txt", "w" );
	if( fp )
	{
	OSVERSIONINFO osvi;

	RtlZeroMemory( &osvi, sizeof(OSVERSIONINFO) );
	osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);

	GetVersionEx( &osvi );
	fprintf( fp, "Microsoft Windows [Version %d.%d.%d.%s]\n\n",
	osvi.dwMajorVersion, osvi.dwMinorVersion, osvi.dwBuildNumber,
	sizeof(PVOID) == sizeof(ULONG) ? "i386":"AMD64" );

	EnumSymData(
	"ntdll.dll",
	GetModuleHandleA("ntdll.dll"),
	(PSYM_ENUMERATESYMBOLS_CALLBACK)EnumSymRoutine,
	fp );

	EnumSymData(
	"user32.dll",
	GetModuleHandleA("user32.dll"),
	(PSYM_ENUMERATESYMBOLS_CALLBACK)EnumSymRoutine,
	fp );

	EnumSymData(
	"gdi32.dll",
	GetModuleHandleA("gdi32.dll"),
	(PSYM_ENUMERATESYMBOLS_CALLBACK)EnumSymRoutine,
	fp );

	fclose(fp);
	}

	MessageBoxA( NULL, "Completed!\n>.<", "Tip", MB_OK );

	return 0;
	}