Created
December 31, 2013 09:59
-
-
Save Temptationx/8194776 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <Windows.h> | |
#include <stdio.h> | |
#include "dbghelp.h" | |
BOOL WINAPI InitSymHandler( ) | |
{ | |
BOOL bReturn = FALSE; | |
HANDLE hFile; | |
CHAR DirPath[MAX_PATH] = {0}; | |
CHAR FileName[MAX_PATH] = {0}; | |
CHAR SymPath[MAX_PATH*2]= {0}; | |
do | |
{ | |
bReturn = GetCurrentDirectoryA( MAX_PATH , DirPath ) ; | |
if ( !bReturn ) | |
{ | |
break; | |
} | |
strcpy( FileName , DirPath ); | |
strcat( FileName ,"\\symsrv.yes"); | |
hFile = CreateFileA ( FileName, | |
FILE_ALL_ACCESS, | |
FILE_SHARE_READ, | |
NULL, | |
OPEN_ALWAYS, | |
FILE_ATTRIBUTE_NORMAL, | |
NULL ); | |
if (hFile == INVALID_HANDLE_VALUE) | |
{ | |
bReturn = FALSE; | |
break; | |
} | |
CloseHandle (hFile); | |
SymSetOptions ( SYMOPT_CASE_INSENSITIVE | SYMOPT_DEFERRED_LOADS | SYMOPT_UNDNAME); | |
strcat( DirPath, "\\symbols*" ); | |
strcpy( SymPath, "SRV*" ); | |
strcat( SymPath, DirPath ); | |
strcat( SymPath, "http://msdl.microsoft.com/download/symbols" ); | |
bReturn = SymInitialize( GetCurrentProcess(), SymPath, FALSE ); | |
} while( FALSE ); | |
return bReturn; | |
} | |
VOID WINAPI FiniSymHandler( ) | |
{ | |
SymCleanup( GetCurrentProcess() ); | |
} | |
BOOL WINAPI | |
EnumSymData( | |
IN LPSTR ImageName, | |
IN PVOID ModuleBase, | |
IN PSYM_ENUMERATESYMBOLS_CALLBACK EnumRoutine, | |
IN PVOID Context | |
) | |
{ | |
DWORD64 ModLoadBase = 0; | |
BOOL bReturn = FALSE; | |
if( InitSymHandler( ) ) | |
{ | |
ModLoadBase = SymLoadModule64( GetCurrentProcess(), | |
NULL, | |
ImageName, | |
NULL, | |
(DWORD64)ModuleBase, | |
0 ); | |
if ( ModLoadBase ) | |
{ | |
bReturn = SymEnumSymbols( GetCurrentProcess(), | |
(ULONG64)ModuleBase, | |
"Nt*", | |
EnumRoutine, | |
Context ); | |
SymUnloadModule64( GetCurrentProcess(), (DWORD64)ModuleBase ); | |
} | |
FiniSymHandler( ); | |
} | |
return bReturn; | |
} | |
BOOLEAN CALLBACK | |
EnumSymRoutine( | |
PSYMBOL_INFO psi, | |
ULONG SymSize, | |
PVOID Context | |
) | |
{ | |
FILE* fp = (FILE*)Context; | |
PUCHAR pNtApi = (PUCHAR)psi->Address; | |
#ifdef _X86_ | |
if( *pNtApi == 0xB8/* && *(pNtApi+5) == 0xBA */) | |
#else | |
if( *(PULONG)pNtApi == 0xB8D18B4C ) | |
#endif | |
{ | |
#ifdef _X86_ | |
fprintf ( fp, "0x%04X : %s \n", ((*(PULONG)(pNtApi+1))&0x3FFF), psi->Name ); | |
#else | |
fprintf ( fp, "0x%04X : %s \n", ((*(PULONG)(pNtApi+4))&0x3FFF), psi->Name ); | |
#endif | |
} | |
return TRUE; | |
} | |
int WINAPI WinMain( HINSTANCE hInstance, HINSTANCE hPrevInstance, PCHAR lpCmdLine, int nShowCmd ) | |
{ | |
FILE* fp = fopen( "./SeeSym.txt", "w" ); | |
if( fp ) | |
{ | |
OSVERSIONINFO osvi; | |
RtlZeroMemory( &osvi, sizeof(OSVERSIONINFO) ); | |
osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); | |
GetVersionEx( &osvi ); | |
fprintf( fp, "Microsoft Windows [Version %d.%d.%d.%s]\n\n", | |
osvi.dwMajorVersion, osvi.dwMinorVersion, osvi.dwBuildNumber, | |
sizeof(PVOID) == sizeof(ULONG) ? "i386":"AMD64" ); | |
EnumSymData( | |
"ntdll.dll", | |
GetModuleHandleA("ntdll.dll"), | |
(PSYM_ENUMERATESYMBOLS_CALLBACK)EnumSymRoutine, | |
fp ); | |
EnumSymData( | |
"user32.dll", | |
GetModuleHandleA("user32.dll"), | |
(PSYM_ENUMERATESYMBOLS_CALLBACK)EnumSymRoutine, | |
fp ); | |
EnumSymData( | |
"gdi32.dll", | |
GetModuleHandleA("gdi32.dll"), | |
(PSYM_ENUMERATESYMBOLS_CALLBACK)EnumSymRoutine, | |
fp ); | |
fclose(fp); | |
} | |
MessageBoxA( NULL, "Completed!\n>.<", "Tip", MB_OK ); | |
return 0; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment