Search code examples
c++windbgsymbolsdbghelp

dbghelp - Get struct symbol by name

I am building a Symbols service, and I want to be able to print the struct variables and their offsets. I am loading the needed pdb, and trying to find a struct that fits the given mask. For example, I want to get details about the struct _RTL_CRITICAL_SECTION.

While using windbg, I use the command dt MSVCP120!_RTL_CRITICAL_SECTION and I get the struct information (exactly what I want). But, when I search the symbol using my code:

SymEnumSymbols(GetCurrentProcess(), base_addr,"MSVCP120!_RTL_CRITICAL_SECTION", enum_symbols_callback, NULL);

BOOL CALLBACK symbol_processor::enum_symbols_callback(PSYMBOL_INFO pSymInfo, ULONG SymbolSize, PVOID UserContext)
{
    printf("Name = %s\n", pSymInfo->Name);
    return TRUE;
}

Nothing is printed.. Meaning, there is no match for the mask.. This does work when the mask is a function (for example "MSVCP120!std::tr2::sys::_Open_dir")

So, how do I get the symbol of a struct..?

Thanks!

Solution

  • contents of folder prior to compileing

    :\>ls -l
-rw-rw-rw-  1 Admin 0 459 2015-09-10 10:23 structshow.cpp

    source

    :\>cat structshow.cpp
#include <windows.h>
#include <dbghelp.h>
#include <stdio.h>
#pragma comment (lib,"dbghelp.lib")
BOOL CALLBACK mycallback(PSYMBOL_INFO pSymInfo,ULONG,PVOID){
  printf("%s\n",pSymInfo->Name);
  return true;
}
int main(){
  HMODULE hmod = LoadLibraryA("c:\\windows\\system32\\ntdll.dll");
  HANDLE hproc = GetCurrentProcess();
  SymInitialize(hproc,"F:\\symbols",TRUE);
  SymEnumTypesByName(hproc,(ULONG64)hmod,"*!_R*",mycallback,0);
  return 0;
}

    compile using

    :\>..\compile.bat

:\>if "C:\Program Files\Microsoft Visual Studio 10.0\VC\" == "" ()

:\>cl /Zi /EHsc /nologo /W4 /analyze *.cpp /link /RELEASE structshow.cpp

:\>ls -l

    contents of folder post compiling

    -rw-rw-rw-  1 Admin 0     459 2015-09-10 10:23 structshow.cpp
-rwxrwxrwx  1 Admin 0   89088 2015-09-10 10:29 structshow.exe
-rw-rw-rw-  1 Admin 0   21081 2015-09-10 10:29 structshow.obj
-rw-rw-rw-  1 Admin 0 1002496 2015-09-10 10:29 structshow.pdb
-rw-rw-rw-  1 Admin 0   94208 2015-09-10 10:29 vc100.pdb

    use latest dbghelp.dll

    :\>copy xxxx\dbghelp.dll .
        1 file(s) copied.

:\>echo "do not use system dbghelp.dll it is 
outdated SymbolEnumTypesbyName is available in 
dbghelp version 6.8 and above only "

    execute compiled binary

    :\>structshow.exe
_RTL_USER_PROCESS_PARAMETERS
_RTL_CRITICAL_SECTION <----------------------
_RTL_STACK_TRACE_ENTRY
_RTL_TRACE_BLOCK
_RTL_CRITICAL_SECTION_DEBUG
_RTL_DRIVE_LETTER_CURDIR
_RTL_TRACE_DATABASE
_RTL_TRACE_SEGMENT