few fixes and simplifications for syscalldump. I hope it will now also work with...

[reactos.git] / rosapps / devutils / syscalldump / syscalldump.c
diff --git a/rosapps/devutils/syscalldump/syscalldump.c b/rosapps/devutils/syscalldump/syscalldump.c

index 00a2cc3..13fdd9e 100644 (file)
--- a/rosapps/devutils/syscalldump/syscalldump.c
+++ b/rosapps/devutils/syscalldump/syscalldump.c
@@ -7,6 +7,7 @@
  #include <dbghelp.h>
  
  HANDLE hCurrentProcess;
+BOOL bX64;
  
  #define MAX_SYMBOL_NAME                1024
  
@@ -21,8 +22,8 @@ BOOL InitDbgHelp(HANDLE hProcess)
         return TRUE;
  }
  
-DWORD64
-GetOffsetFromName(HANDLE hProcess, PSYMBOL_INFO pSym, PBYTE pModule, PCSTR Name, PBOOL pbX64)
+PVOID
+ImageSymToVa(HANDLE hProcess, PSYMBOL_INFO pSym, PBYTE pModule, PCSTR Name)
  {
         PIMAGE_NT_HEADERS NtHeaders;
         PVOID p;
@@ -38,11 +39,9 @@ GetOffsetFromName(HANDLE hProcess, PSYMBOL_INFO pSym, PBYTE pModule, PCSTR Name,
         printf("looking up adress for %s: 0x%llx\n", Name, pSym->Address);
  
         NtHeaders = ImageNtHeader(pModule);
-       *pbX64 = (NtHeaders->FileHeader.Machine != IMAGE_FILE_MACHINE_I386);
-
         p = ImageRvaToVa(NtHeaders, pModule, pSym->Address - pSym->ModBase, NULL);
  
-       return (DWORD64)((ULONG_PTR)p - (ULONG_PTR)pModule);
+       return p;
  }
  
  BOOL CALLBACK EnumSymbolsProc(
@@ -56,7 +55,14 @@ BOOL CALLBACK EnumSymbolsProc(
         }
         else
         {
-               printf("%s@%d ", pSymInfo->Name, (UINT)UserContext);
+               if (!bX64)
+               {
+                       printf("%s@%d ", pSymInfo->Name, (UINT)UserContext);
+               }
+               else
+               {
+                       printf("%s <+ %d> ", pSymInfo->Name, (UINT)UserContext);
+               }
         }
         return TRUE;
  }
@@ -69,12 +75,10 @@ int main(int argc, char* argv[])
      HANDLE hFile = 0, hMap = 0;
      PBYTE pModule = NULL;
      UINT i;
-    BOOL bX64;
-    DWORD64 dwW32pServiceTable, dwW32pServiceLimit, dwW32pArgumentTable;
-    DWORD64 dwSimpleCall;
+    PVOID pW32pServiceTable, pW32pServiceLimit;
+    PBYTE pW32pArgumentTable;
      PVOID *pfnSimpleCall;
      DWORD dwServiceLimit;
-    BYTE *pdwArgs;
  
         struct
         {
@@ -83,7 +87,7 @@ int main(int argc, char* argv[])
         } Sym;
  
         printf("Win32k Syscall dumper\n");
-       printf("Copyright (c) Timo Kreuzer 2007\n");
+       printf("Copyright (c) Timo Kreuzer 2007-08\n");
  
         hProcess = GetCurrentProcess();
  
@@ -139,49 +143,49 @@ cont:
                 goto cleanup;
         }
  
-       dwW32pServiceTable = GetOffsetFromName(hProcess, &Sym.Symbol, pModule, "W32pServiceTable", &bX64);
-       dwW32pServiceLimit = GetOffsetFromName(hProcess, &Sym.Symbol, pModule, "W32pServiceLimit", &bX64);
-       dwW32pArgumentTable = GetOffsetFromName(hProcess, &Sym.Symbol, pModule, "W32pArgumentTable", &bX64);
-       printf("dwW32pServiceTable = %llx\n", dwW32pServiceTable);
-       printf("dwW32pServiceLimit = %llx\n", dwW32pServiceLimit);
-       printf("dwW32pArgumentTable = %llx\n", dwW32pArgumentTable);
+       bX64 = (ImageNtHeader(pModule)->FileHeader.Machine != IMAGE_FILE_MACHINE_I386);
+
+       pW32pServiceTable = ImageSymToVa(hProcess, &Sym.Symbol, pModule, "W32pServiceTable");
+       pW32pServiceLimit = ImageSymToVa(hProcess, &Sym.Symbol, pModule, "W32pServiceLimit");
+       pW32pArgumentTable = ImageSymToVa(hProcess, &Sym.Symbol, pModule, "W32pArgumentTable");
+//     printf("pW32pServiceTable = %p\n", pW32pServiceTable);
+//     printf("pW32pServiceLimit = %p\n", pW32pServiceLimit);
+//     printf("pW32pArgumentTable = %p\n", pW32pArgumentTable);
  
-       if (!dwW32pServiceTable || !dwW32pServiceLimit || !dwW32pArgumentTable)
+       if (!pW32pServiceTable || !pW32pServiceLimit || !pW32pArgumentTable)
         {
                 printf("Couldn't find adress!\n");
                 goto cleanup;
         }
  
-       dwServiceLimit = *((DWORD*)(pModule + dwW32pServiceLimit));
-       pdwArgs = (BYTE*)(pModule + dwW32pArgumentTable);
+       dwServiceLimit = *((DWORD*)pW32pServiceLimit);
  
         if (!bX64)
         {
-               DWORD *pdwEntries32 = (DWORD*)(pModule + dwW32pServiceTable);
+               DWORD *pdwEntries32 = (DWORD*)pW32pServiceTable;
  
                 for (i = 0; i < dwServiceLimit; i++)
                 {
                         printf("0x%x:", i+0x1000);
-                       SymEnumSymbolsForAddr(hProcess, (DWORD64)pdwEntries32[i], EnumSymbolsProc, (PVOID)(DWORD)pdwArgs[i]);
+                       SymEnumSymbolsForAddr(hProcess, (DWORD64)pdwEntries32[i], EnumSymbolsProc, (PVOID)(DWORD)pW32pArgumentTable[i]);
                         printf("\n");
                 }
         }
         else
         {
-               DWORD64 *pdwEntries64 = (DWORD64*)(pModule + dwW32pServiceTable);
+               DWORD64 *pdwEntries64 = (DWORD64*)pW32pServiceTable;
  
                 for (i = 0; i < dwServiceLimit; i++)
                 {
                         printf("0x%x:", i+0x1000);
-                       SymEnumSymbolsForAddr(hProcess, (DWORD64)pdwEntries64[i], EnumSymbolsProc, (PVOID)(i+0x1000));
+                       SymEnumSymbolsForAddr(hProcess, (DWORD64)pdwEntries64[i], EnumSymbolsProc, (PVOID)(DWORD)pW32pArgumentTable[i]);
                         printf("\n");
                 }
         }
  
         /* Dump apfnSimpleCall */
         printf("\nDumping apfnSimpleCall:\n");
-       dwSimpleCall = GetOffsetFromName(hProcess, &Sym.Symbol, pModule, "apfnSimpleCall", &bX64);
-       pfnSimpleCall = (PVOID*)(pModule + dwSimpleCall);
+       pfnSimpleCall = (PVOID*)ImageSymToVa(hProcess, &Sym.Symbol, pModule, "apfnSimpleCall");
         i = 0;
         while (pfnSimpleCall[i] != NULL)
         {