23 */ |
23 */ |
24 |
24 |
25 #ifndef OS_WINDOWS_VM_DECODER_WINDOWS_HPP |
25 #ifndef OS_WINDOWS_VM_DECODER_WINDOWS_HPP |
26 #define OS_WINDOWS_VM_DECIDER_WINDOWS_HPP |
26 #define OS_WINDOWS_VM_DECIDER_WINDOWS_HPP |
27 |
27 |
28 #include <windows.h> |
|
29 #include <imagehlp.h> |
|
30 |
|
31 #include "utilities/decoder.hpp" |
28 #include "utilities/decoder.hpp" |
32 |
|
33 // functions needed for decoding symbols |
|
34 typedef DWORD (WINAPI *pfn_SymSetOptions)(DWORD); |
|
35 typedef BOOL (WINAPI *pfn_SymInitialize)(HANDLE, PCTSTR, BOOL); |
|
36 typedef BOOL (WINAPI *pfn_SymGetSymFromAddr64)(HANDLE, DWORD64, PDWORD64, PIMAGEHLP_SYMBOL64); |
|
37 typedef DWORD (WINAPI *pfn_UndecorateSymbolName)(const char*, char*, DWORD, DWORD); |
|
38 typedef BOOL (WINAPI *pfn_SymSetSearchPath)(HANDLE, PCTSTR); |
|
39 typedef BOOL (WINAPI *pfn_SymGetSearchPath)(HANDLE, PTSTR, int); |
|
40 |
|
41 #ifdef AMD64 |
|
42 typedef BOOL (WINAPI *pfn_StackWalk64)(DWORD MachineType, |
|
43 HANDLE hProcess, |
|
44 HANDLE hThread, |
|
45 LPSTACKFRAME64 StackFrame, |
|
46 PVOID ContextRecord, |
|
47 PREAD_PROCESS_MEMORY_ROUTINE64 ReadMemoryRoutine, |
|
48 PFUNCTION_TABLE_ACCESS_ROUTINE64 FunctionTableAccessRoutine, |
|
49 PGET_MODULE_BASE_ROUTINE64 GetModuleBaseRoutine, |
|
50 PTRANSLATE_ADDRESS_ROUTINE64 TranslateAddress); |
|
51 typedef PVOID (WINAPI *pfn_SymFunctionTableAccess64)(HANDLE hProcess, DWORD64 AddrBase); |
|
52 typedef DWORD64 (WINAPI *pfn_SymGetModuleBase64)(HANDLE hProcess, DWORD64 dwAddr); |
|
53 #endif |
|
54 |
29 |
55 class WindowsDecoder : public AbstractDecoder { |
30 class WindowsDecoder : public AbstractDecoder { |
56 |
31 |
57 public: |
32 public: |
58 WindowsDecoder(); |
33 WindowsDecoder(); |
68 |
43 |
69 private: |
44 private: |
70 void initialize(); |
45 void initialize(); |
71 void uninitialize(); |
46 void uninitialize(); |
72 |
47 |
73 private: |
|
74 HMODULE _dbghelp_handle; |
|
75 bool _can_decode_in_vm; |
48 bool _can_decode_in_vm; |
76 pfn_SymGetSymFromAddr64 _pfnSymGetSymFromAddr64; |
|
77 pfn_UndecorateSymbolName _pfnUndecorateSymbolName; |
|
78 #ifdef AMD64 |
|
79 pfn_StackWalk64 _pfnStackWalk64; |
|
80 pfn_SymFunctionTableAccess64 _pfnSymFunctionTableAccess64; |
|
81 pfn_SymGetModuleBase64 _pfnSymGetModuleBase64; |
|
82 |
49 |
83 friend class WindowsDbgHelp; |
|
84 #endif |
|
85 }; |
50 }; |
86 |
51 |
87 #ifdef AMD64 |
|
88 // TODO: refactor and move the handling of dbghelp.dll outside of Decoder |
|
89 class WindowsDbgHelp : public Decoder { |
|
90 public: |
|
91 static BOOL StackWalk64(DWORD MachineType, |
|
92 HANDLE hProcess, |
|
93 HANDLE hThread, |
|
94 LPSTACKFRAME64 StackFrame, |
|
95 PVOID ContextRecord, |
|
96 PREAD_PROCESS_MEMORY_ROUTINE64 ReadMemoryRoutine, |
|
97 PFUNCTION_TABLE_ACCESS_ROUTINE64 FunctionTableAccessRoutine, |
|
98 PGET_MODULE_BASE_ROUTINE64 GetModuleBaseRoutine, |
|
99 PTRANSLATE_ADDRESS_ROUTINE64 TranslateAddress); |
|
100 static PVOID SymFunctionTableAccess64(HANDLE hProcess, DWORD64 AddrBase); |
|
101 |
|
102 static pfn_SymFunctionTableAccess64 pfnSymFunctionTableAccess64(); |
|
103 static pfn_SymGetModuleBase64 pfnSymGetModuleBase64(); |
|
104 }; |
|
105 #endif |
|
106 |
|
107 #endif // OS_WINDOWS_VM_DECODER_WINDOWS_HPP |
52 #endif // OS_WINDOWS_VM_DECODER_WINDOWS_HPP |