IDiaSymbol* pFunc; // initialized elsewhere
:
DWORD seg = 0;
DWORD offset = 0;
DWORD sect = 0;
g_pDiaSession->findSymbolByAddr( sect, offset, SymTagFunction, &pFunc );
or
BSTR bstrName;
if (pCompiland->get_name(&bstrName) != S_OK) {
wprintf(L"(???)\n\n");
}
else {
wprintf(L"%s\n\n", bstrName);
SysFreeString(bstrName);
}
And we specify the load address for the executable file that corresponds to the symbols in this symbol store.
HRESULT put_loadAddress (
ULONGLONG retVal
);
It is important to call this method when you get an IDiaSession object and before you start using the object.
A section contrib is defined as a contiguous block of memory contributed to the image by a compiland.
A segment is a portion of the address space. A section contrib can map to segments.
An offset is the difference between a given raw instruction pointer and the load address of the process.
If you don't know the section and the offset, you can put the entire address as an offset from the load address in the offset and specify section as zero.
or you can iterate over the section numbers
eg:
/Users/rrajamani/Downloads/dia2dump.txt:Function: [00447B60][0001:00446B60] ServerConfig::getSSLConfig(public: struct ssl_config __cdecl ServerConfig::getSSLConfig(void) __ptr64)
Here the RVA is 00447B60 [ eip - Process Load Address ]
the Segment is 0001
the offset is 00446B60
DWORD64 dwDisplacement = 0;
DWORD64 dwAddress =
_wcstoui64(argv[i], NULL, 16);
DWORD64 dwRVA = dwAddress
- dwLoadAddress;
long displacement = 0;
IDiaSymbol* pFunc = 0;
error =
(DWORD)g_pDiaSession->findSymbolByRVAEx(dwRVA, SymTagFunction, &pFunc, &displacement );
if (!error && pFunc)
{
BSTR bstrName;
if (pFunc->get_name(&bstrName) != S_OK) {
wprintf(L"(???)\n\n");
}
else {
wprintf(L"%s \n\n", bstrName);
if (displacement)
wprintf(L"+ 0x%x \n\n",
displacement);
else
wprintf(L" \n\n");
SysFreeString(bstrName);
}
}
No comments:
Post a Comment