BugSplat Native DLL  Version 3.3.1.0
BugSplat integration code for native Windows applications
 All Classes Functions Variables
DbgHelp.h
1 /*++ BUILD Version: 0001 Increment this if a change has global effects
2 
3 Copyright (c) Microsoft Corporation. All rights reserved.
4 
5 Module Name:
6 
7  dbghelp.h
8 
9 Abstract:
10 
11  This module defines the prototypes and constants required for the image
12  help routines.
13 
14  Contains debugging support routines that are redistributable.
15 
16 Revision History:
17 
18 --*/
19 
20 #ifndef _DBGHELP_
21 #define _DBGHELP_
22 
23 #if _MSC_VER > 1020
24 #pragma once
25 #endif
26 
27 
28 // As a general principal always call the 64 bit version
29 // of every API, if a choice exists. The 64 bit version
30 // works great on 32 bit platforms, and is forward
31 // compatible to 64 bit platforms.
32 
33 #ifdef _WIN64
34 #ifndef _IMAGEHLP64
35 #define _IMAGEHLP64
36 #endif
37 #endif
38 
39 
40 #ifdef __cplusplus
41 extern "C" {
42 #endif
43 
44 #ifdef _IMAGEHLP_SOURCE_
45 #define IMAGEAPI __stdcall
46 #define DBHLP_DEPRECIATED
47 #else
48 #define IMAGEAPI DECLSPEC_IMPORT __stdcall
49 #define DBHLP_DEPRECIATED DECLSPEC_DEPRECATED
50 #endif
51 #define DBHLPAPI IMAGEAPI
52 
53 #define IMAGE_SEPARATION (64*1024)
54 
55 typedef struct _LOADED_IMAGE {
56  PSTR ModuleName;
57  HANDLE hFile;
58  PUCHAR MappedAddress;
59 #ifdef _IMAGEHLP64
60  PIMAGE_NT_HEADERS64 FileHeader;
61 #else
62  PIMAGE_NT_HEADERS32 FileHeader;
63 #endif
64  PIMAGE_SECTION_HEADER LastRvaSection;
65  ULONG NumberOfSections;
66  PIMAGE_SECTION_HEADER Sections;
67  ULONG Characteristics;
68  BOOLEAN fSystemImage;
69  BOOLEAN fDOSImage;
70  LIST_ENTRY Links;
71  ULONG SizeOfImage;
73 
74 
75 
76 HANDLE
77 IMAGEAPI
78 FindDebugInfoFile (
79  PSTR FileName,
80  PSTR SymbolPath,
81  PSTR DebugFilePath
82  );
83 
84 typedef BOOL
85 (CALLBACK *PFIND_DEBUG_FILE_CALLBACK)(
86  HANDLE FileHandle,
87  PSTR FileName,
88  PVOID CallerData
89  );
90 
91 HANDLE
92 IMAGEAPI
93 FindDebugInfoFileEx (
94  PSTR FileName,
95  PSTR SymbolPath,
96  PSTR DebugFilePath,
97  PFIND_DEBUG_FILE_CALLBACK Callback,
98  PVOID CallerData
99  );
100 
101 typedef BOOL
102 (CALLBACK *PFINDFILEINPATHCALLBACK)(
103  PSTR filename,
104  PVOID context
105  );
106 
107 BOOL
108 IMAGEAPI
109 SymFindFileInPath(
110  HANDLE hprocess,
111  LPSTR SearchPath,
112  LPSTR FileName,
113  PVOID id,
114  DWORD two,
115  DWORD three,
116  DWORD flags,
117  LPSTR FilePath,
118  PFINDFILEINPATHCALLBACK callback,
119  PVOID context
120  );
121 
122 HANDLE
123 IMAGEAPI
124 FindExecutableImage(
125  PSTR FileName,
126  PSTR SymbolPath,
127  PSTR ImageFilePath
128  );
129 
130 typedef BOOL
131 (CALLBACK *PFIND_EXE_FILE_CALLBACK)(
132  HANDLE FileHandle,
133  PSTR FileName,
134  PVOID CallerData
135  );
136 
137 HANDLE
138 IMAGEAPI
139 FindExecutableImageEx(
140  PSTR FileName,
141  PSTR SymbolPath,
142  PSTR ImageFilePath,
143  PFIND_EXE_FILE_CALLBACK Callback,
144  PVOID CallerData
145  );
146 
147 PIMAGE_NT_HEADERS
148 IMAGEAPI
149 ImageNtHeader (
150  IN PVOID Base
151  );
152 
153 PVOID
154 IMAGEAPI
155 ImageDirectoryEntryToDataEx (
156  IN PVOID Base,
157  IN BOOLEAN MappedAsImage,
158  IN USHORT DirectoryEntry,
159  OUT PULONG Size,
160  OUT PIMAGE_SECTION_HEADER *FoundHeader OPTIONAL
161  );
162 
163 PVOID
164 IMAGEAPI
165 ImageDirectoryEntryToData (
166  IN PVOID Base,
167  IN BOOLEAN MappedAsImage,
168  IN USHORT DirectoryEntry,
169  OUT PULONG Size
170  );
171 
172 PIMAGE_SECTION_HEADER
173 IMAGEAPI
174 ImageRvaToSection(
175  IN PIMAGE_NT_HEADERS NtHeaders,
176  IN PVOID Base,
177  IN ULONG Rva
178  );
179 
180 PVOID
181 IMAGEAPI
182 ImageRvaToVa(
183  IN PIMAGE_NT_HEADERS NtHeaders,
184  IN PVOID Base,
185  IN ULONG Rva,
186  IN OUT PIMAGE_SECTION_HEADER *LastRvaSection
187  );
188 
189 // Symbol server exports
190 
191 typedef BOOL (*PSYMBOLSERVERPROC)(LPCSTR, LPCSTR, PVOID, DWORD, DWORD, LPSTR);
192 typedef BOOL (*PSYMBOLSERVEROPENPROC)(VOID);
193 typedef BOOL (*PSYMBOLSERVERCLOSEPROC)(VOID);
194 typedef BOOL (*PSYMBOLSERVERSETOPTIONSPROC)(UINT_PTR, ULONG64);
195 typedef BOOL (CALLBACK *PSYMBOLSERVERCALLBACKPROC)(UINT_PTR action, ULONG64 data, ULONG64 context);
196 typedef UINT_PTR (*PSYMBOLSERVERGETOPTIONSPROC)();
197 
198 #define SSRVOPT_CALLBACK 0x01
199 #define SSRVOPT_DWORD 0x02
200 #define SSRVOPT_DWORDPTR 0x04
201 #define SSRVOPT_GUIDPTR 0x08
202 #define SSRVOPT_OLDGUIDPTR 0x10
203 #define SSRVOPT_UNATTENDED 0x20
204 #define SSRVOPT_RESET ((ULONG_PTR)-1)
205 
206 #define SSRVACTION_TRACE 1
207 
208 
209 #ifndef _WIN64
210 // This api won't be ported to Win64 - Fix your code.
211 
212 typedef struct _IMAGE_DEBUG_INFORMATION {
213  LIST_ENTRY List;
214  DWORD ReservedSize;
215  PVOID ReservedMappedBase;
216  USHORT ReservedMachine;
217  USHORT ReservedCharacteristics;
218  DWORD ReservedCheckSum;
219  DWORD ImageBase;
220  DWORD SizeOfImage;
221 
222  DWORD ReservedNumberOfSections;
223  PIMAGE_SECTION_HEADER ReservedSections;
224 
225  DWORD ReservedExportedNamesSize;
226  PSTR ReservedExportedNames;
227 
228  DWORD ReservedNumberOfFunctionTableEntries;
229  PIMAGE_FUNCTION_ENTRY ReservedFunctionTableEntries;
230  DWORD ReservedLowestFunctionStartingAddress;
231  DWORD ReservedHighestFunctionEndingAddress;
232 
233  DWORD ReservedNumberOfFpoTableEntries;
234  PFPO_DATA ReservedFpoTableEntries;
235 
236  DWORD SizeOfCoffSymbols;
237  PIMAGE_COFF_SYMBOLS_HEADER CoffSymbols;
238 
239  DWORD ReservedSizeOfCodeViewSymbols;
240  PVOID ReservedCodeViewSymbols;
241 
242  PSTR ImageFilePath;
243  PSTR ImageFileName;
244  PSTR ReservedDebugFilePath;
245 
246  DWORD ReservedTimeDateStamp;
247 
248  BOOL ReservedRomImage;
249  PIMAGE_DEBUG_DIRECTORY ReservedDebugDirectory;
250  DWORD ReservedNumberOfDebugDirectories;
251 
252  DWORD ReservedOriginalFunctionTableBaseAddress;
253 
254  DWORD Reserved[ 2 ];
255 
257 
258 
259 PIMAGE_DEBUG_INFORMATION
260 IMAGEAPI
261 MapDebugInformation(
262  HANDLE FileHandle,
263  PSTR FileName,
264  PSTR SymbolPath,
265  DWORD ImageBase
266  );
267 
268 BOOL
269 IMAGEAPI
270 UnmapDebugInformation(
271  PIMAGE_DEBUG_INFORMATION DebugInfo
272  );
273 
274 #endif
275 
276 BOOL
277 IMAGEAPI
278 SearchTreeForFile(
279  PSTR RootPath,
280  PSTR InputPathName,
281  PSTR OutputPathBuffer
282  );
283 
284 BOOL
285 IMAGEAPI
286 MakeSureDirectoryPathExists(
287  PCSTR DirPath
288  );
289 
290 //
291 // UnDecorateSymbolName Flags
292 //
293 
294 #define UNDNAME_COMPLETE (0x0000) // Enable full undecoration
295 #define UNDNAME_NO_LEADING_UNDERSCORES (0x0001) // Remove leading underscores from MS extended keywords
296 #define UNDNAME_NO_MS_KEYWORDS (0x0002) // Disable expansion of MS extended keywords
297 #define UNDNAME_NO_FUNCTION_RETURNS (0x0004) // Disable expansion of return type for primary declaration
298 #define UNDNAME_NO_ALLOCATION_MODEL (0x0008) // Disable expansion of the declaration model
299 #define UNDNAME_NO_ALLOCATION_LANGUAGE (0x0010) // Disable expansion of the declaration language specifier
300 #define UNDNAME_NO_MS_THISTYPE (0x0020) // NYI Disable expansion of MS keywords on the 'this' type for primary declaration
301 #define UNDNAME_NO_CV_THISTYPE (0x0040) // NYI Disable expansion of CV modifiers on the 'this' type for primary declaration
302 #define UNDNAME_NO_THISTYPE (0x0060) // Disable all modifiers on the 'this' type
303 #define UNDNAME_NO_ACCESS_SPECIFIERS (0x0080) // Disable expansion of access specifiers for members
304 #define UNDNAME_NO_THROW_SIGNATURES (0x0100) // Disable expansion of 'throw-signatures' for functions and pointers to functions
305 #define UNDNAME_NO_MEMBER_TYPE (0x0200) // Disable expansion of 'static' or 'virtual'ness of members
306 #define UNDNAME_NO_RETURN_UDT_MODEL (0x0400) // Disable expansion of MS model for UDT returns
307 #define UNDNAME_32_BIT_DECODE (0x0800) // Undecorate 32-bit decorated names
308 #define UNDNAME_NAME_ONLY (0x1000) // Crack only the name for primary declaration;
309  // return just [scope::]name. Does expand template params
310 #define UNDNAME_NO_ARGUMENTS (0x2000) // Don't undecorate arguments to function
311 #define UNDNAME_NO_SPECIAL_SYMS (0x4000) // Don't undecorate special names (v-table, vcall, vector xxx, metatype, etc)
312 
313 DWORD
314 IMAGEAPI
315 WINAPI
316 UnDecorateSymbolName(
317  PCSTR DecoratedName, // Name to undecorate
318  PSTR UnDecoratedName, // If NULL, it will be allocated
319  DWORD UndecoratedLength, // The maximym length
320  DWORD Flags // See above.
321  );
322 
323 
324 //
325 // these values are used for synthesized file types
326 // that can be passed in as image headers instead of
327 // the standard ones from ntimage.h
328 //
329 
330 #define DBHHEADER_DEBUGDIRS 0x1
331 
332 typedef struct _DBGHELP_MODLOAD_DATA {
333  DWORD ssize; // size of this struct
334  DWORD ssig; // signature identifying the passed data
335  PVOID data; // pointer to passed data
336  DWORD size; // size of passed data
337  DWORD flags; // options
339 
340 //
341 // StackWalking API
342 //
343 
344 typedef enum {
345  AddrMode1616,
346  AddrMode1632,
347  AddrModeReal,
348  AddrModeFlat
349 } ADDRESS_MODE;
350 
351 typedef struct _tagADDRESS64 {
352  DWORD64 Offset;
353  WORD Segment;
354  ADDRESS_MODE Mode;
356 
357 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
358 #define ADDRESS ADDRESS64
359 #define LPADDRESS LPADDRESS64
360 #else
361 typedef struct _tagADDRESS {
362  DWORD Offset;
363  WORD Segment;
364  ADDRESS_MODE Mode;
365 } ADDRESS, *LPADDRESS;
366 
367 __inline
368 void
369 Address32To64(
370  LPADDRESS a32,
371  LPADDRESS64 a64
372  )
373 {
374  a64->Offset = (ULONG64)(LONG64)(LONG)a32->Offset;
375  a64->Segment = a32->Segment;
376  a64->Mode = a32->Mode;
377 }
378 
379 __inline
380 void
381 Address64To32(
382  LPADDRESS64 a64,
383  LPADDRESS a32
384  )
385 {
386  a32->Offset = (ULONG)a64->Offset;
387  a32->Segment = a64->Segment;
388  a32->Mode = a64->Mode;
389 }
390 #endif
391 
392 //
393 // This structure is included in the STACKFRAME structure,
394 // and is used to trace through usermode callbacks in a thread's
395 // kernel stack. The values must be copied by the kernel debugger
396 // from the DBGKD_GET_VERSION and WAIT_STATE_CHANGE packets.
397 //
398 
399 //
400 // New KDHELP structure for 64 bit system support.
401 // This structure is preferred in new code.
402 //
403 typedef struct _KDHELP64 {
404 
405  //
406  // address of kernel thread object, as provided in the
407  // WAIT_STATE_CHANGE packet.
408  //
409  DWORD64 Thread;
410 
411  //
412  // offset in thread object to pointer to the current callback frame
413  // in kernel stack.
414  //
415  DWORD ThCallbackStack;
416 
417  //
418  // offset in thread object to pointer to the current callback backing
419  // store frame in kernel stack.
420  //
421  DWORD ThCallbackBStore;
422 
423  //
424  // offsets to values in frame:
425  //
426  // address of next callback frame
427  DWORD NextCallback;
428 
429  // address of saved frame pointer (if applicable)
430  DWORD FramePointer;
431 
432 
433  //
434  // Address of the kernel function that calls out to user mode
435  //
436  DWORD64 KiCallUserMode;
437 
438  //
439  // Address of the user mode dispatcher function
440  //
441  DWORD64 KeUserCallbackDispatcher;
442 
443  //
444  // Lowest kernel mode address
445  //
446  DWORD64 SystemRangeStart;
447 
448  DWORD64 Reserved[8];
449 
450 } KDHELP64, *PKDHELP64;
451 
452 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
453 #define KDHELP KDHELP64
454 #define PKDHELP PKDHELP64
455 #else
456 typedef struct _KDHELP {
457 
458  //
459  // address of kernel thread object, as provided in the
460  // WAIT_STATE_CHANGE packet.
461  //
462  DWORD Thread;
463 
464  //
465  // offset in thread object to pointer to the current callback frame
466  // in kernel stack.
467  //
468  DWORD ThCallbackStack;
469 
470  //
471  // offsets to values in frame:
472  //
473  // address of next callback frame
474  DWORD NextCallback;
475 
476  // address of saved frame pointer (if applicable)
477  DWORD FramePointer;
478 
479  //
480  // Address of the kernel function that calls out to user mode
481  //
482  DWORD KiCallUserMode;
483 
484  //
485  // Address of the user mode dispatcher function
486  //
487  DWORD KeUserCallbackDispatcher;
488 
489  //
490  // Lowest kernel mode address
491  //
492  DWORD SystemRangeStart;
493 
494  //
495  // offset in thread object to pointer to the current callback backing
496  // store frame in kernel stack.
497  //
498  DWORD ThCallbackBStore;
499 
500  DWORD Reserved[8];
501 
502 } KDHELP, *PKDHELP;
503 
504 __inline
505 void
506 KdHelp32To64(
507  PKDHELP p32,
508  PKDHELP64 p64
509  )
510 {
511  p64->Thread = p32->Thread;
512  p64->ThCallbackStack = p32->ThCallbackStack;
513  p64->NextCallback = p32->NextCallback;
514  p64->FramePointer = p32->FramePointer;
515  p64->KiCallUserMode = p32->KiCallUserMode;
516  p64->KeUserCallbackDispatcher = p32->KeUserCallbackDispatcher;
517  p64->SystemRangeStart = p32->SystemRangeStart;
518 }
519 #endif
520 
521 typedef struct _tagSTACKFRAME64 {
522  ADDRESS64 AddrPC; // program counter
523  ADDRESS64 AddrReturn; // return address
524  ADDRESS64 AddrFrame; // frame pointer
525  ADDRESS64 AddrStack; // stack pointer
526  ADDRESS64 AddrBStore; // backing store pointer
527  PVOID FuncTableEntry; // pointer to pdata/fpo or NULL
528  DWORD64 Params[4]; // possible arguments to the function
529  BOOL Far; // WOW far call
530  BOOL Virtual; // is this a virtual frame?
531  DWORD64 Reserved[3];
532  KDHELP64 KdHelp;
534 
535 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
536 #define STACKFRAME STACKFRAME64
537 #define LPSTACKFRAME LPSTACKFRAME64
538 #else
539 typedef struct _tagSTACKFRAME {
540  ADDRESS AddrPC; // program counter
541  ADDRESS AddrReturn; // return address
542  ADDRESS AddrFrame; // frame pointer
543  ADDRESS AddrStack; // stack pointer
544  PVOID FuncTableEntry; // pointer to pdata/fpo or NULL
545  DWORD Params[4]; // possible arguments to the function
546  BOOL Far; // WOW far call
547  BOOL Virtual; // is this a virtual frame?
548  DWORD Reserved[3];
549  KDHELP KdHelp;
550  ADDRESS AddrBStore; // backing store pointer
552 #endif
553 
554 
555 typedef
556 BOOL
557 (__stdcall *PREAD_PROCESS_MEMORY_ROUTINE64)(
558  HANDLE hProcess,
559  DWORD64 qwBaseAddress,
560  PVOID lpBuffer,
561  DWORD nSize,
562  LPDWORD lpNumberOfBytesRead
563  );
564 
565 typedef
566 PVOID
567 (__stdcall *PFUNCTION_TABLE_ACCESS_ROUTINE64)(
568  HANDLE hProcess,
569  DWORD64 AddrBase
570  );
571 
572 typedef
573 DWORD64
574 (__stdcall *PGET_MODULE_BASE_ROUTINE64)(
575  HANDLE hProcess,
576  DWORD64 Address
577  );
578 
579 typedef
580 DWORD64
581 (__stdcall *PTRANSLATE_ADDRESS_ROUTINE64)(
582  HANDLE hProcess,
583  HANDLE hThread,
584  LPADDRESS64 lpaddr
585  );
586 
587 BOOL
588 IMAGEAPI
589 StackWalk64(
590  DWORD MachineType,
591  HANDLE hProcess,
592  HANDLE hThread,
593  LPSTACKFRAME64 StackFrame,
594  PVOID ContextRecord,
595  PREAD_PROCESS_MEMORY_ROUTINE64 ReadMemoryRoutine,
596  PFUNCTION_TABLE_ACCESS_ROUTINE64 FunctionTableAccessRoutine,
597  PGET_MODULE_BASE_ROUTINE64 GetModuleBaseRoutine,
598  PTRANSLATE_ADDRESS_ROUTINE64 TranslateAddress
599  );
600 
601 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
602 
603 #define PREAD_PROCESS_MEMORY_ROUTINE PREAD_PROCESS_MEMORY_ROUTINE64
604 #define PFUNCTION_TABLE_ACCESS_ROUTINE PFUNCTION_TABLE_ACCESS_ROUTINE64
605 #define PGET_MODULE_BASE_ROUTINE PGET_MODULE_BASE_ROUTINE64
606 #define PTRANSLATE_ADDRESS_ROUTINE PTRANSLATE_ADDRESS_ROUTINE64
607 
608 #define StackWalk StackWalk64
609 
610 #else
611 
612 typedef
613 BOOL
614 (__stdcall *PREAD_PROCESS_MEMORY_ROUTINE)(
615  HANDLE hProcess,
616  DWORD lpBaseAddress,
617  PVOID lpBuffer,
618  DWORD nSize,
619  PDWORD lpNumberOfBytesRead
620  );
621 
622 typedef
623 PVOID
624 (__stdcall *PFUNCTION_TABLE_ACCESS_ROUTINE)(
625  HANDLE hProcess,
626  DWORD AddrBase
627  );
628 
629 typedef
630 DWORD
631 (__stdcall *PGET_MODULE_BASE_ROUTINE)(
632  HANDLE hProcess,
633  DWORD Address
634  );
635 
636 typedef
637 DWORD
638 (__stdcall *PTRANSLATE_ADDRESS_ROUTINE)(
639  HANDLE hProcess,
640  HANDLE hThread,
641  LPADDRESS lpaddr
642  );
643 
644 BOOL
645 IMAGEAPI
646 StackWalk(
647  DWORD MachineType,
648  HANDLE hProcess,
649  HANDLE hThread,
650  LPSTACKFRAME StackFrame,
651  PVOID ContextRecord,
652  PREAD_PROCESS_MEMORY_ROUTINE ReadMemoryRoutine,
653  PFUNCTION_TABLE_ACCESS_ROUTINE FunctionTableAccessRoutine,
654  PGET_MODULE_BASE_ROUTINE GetModuleBaseRoutine,
655  PTRANSLATE_ADDRESS_ROUTINE TranslateAddress
656  );
657 
658 #endif
659 
660 
661 #define API_VERSION_NUMBER 9
662 
663 typedef struct API_VERSION {
664  USHORT MajorVersion;
665  USHORT MinorVersion;
666  USHORT Revision;
667  USHORT Reserved;
669 
670 LPAPI_VERSION
671 IMAGEAPI
672 ImagehlpApiVersion(
673  VOID
674  );
675 
676 LPAPI_VERSION
677 IMAGEAPI
678 ImagehlpApiVersionEx(
679  LPAPI_VERSION AppVersion
680  );
681 
682 DWORD
683 IMAGEAPI
684 GetTimestampForLoadedLibrary(
685  HMODULE Module
686  );
687 
688 //
689 // typedefs for function pointers
690 //
691 typedef BOOL
692 (CALLBACK *PSYM_ENUMMODULES_CALLBACK64)(
693  PSTR ModuleName,
694  DWORD64 BaseOfDll,
695  PVOID UserContext
696  );
697 
698 typedef BOOL
699 (CALLBACK *PSYM_ENUMSYMBOLS_CALLBACK64)(
700  PSTR SymbolName,
701  DWORD64 SymbolAddress,
702  ULONG SymbolSize,
703  PVOID UserContext
704  );
705 
706 typedef BOOL
707 (CALLBACK *PSYM_ENUMSYMBOLS_CALLBACK64W)(
708  PWSTR SymbolName,
709  DWORD64 SymbolAddress,
710  ULONG SymbolSize,
711  PVOID UserContext
712  );
713 
714 typedef BOOL
715 (CALLBACK *PENUMLOADED_MODULES_CALLBACK64)(
716  PSTR ModuleName,
717  DWORD64 ModuleBase,
718  ULONG ModuleSize,
719  PVOID UserContext
720  );
721 
722 typedef BOOL
723 (CALLBACK *PSYMBOL_REGISTERED_CALLBACK64)(
724  HANDLE hProcess,
725  ULONG ActionCode,
726  ULONG64 CallbackData,
727  ULONG64 UserContext
728  );
729 
730 typedef
731 PVOID
732 (CALLBACK *PSYMBOL_FUNCENTRY_CALLBACK)(
733  HANDLE hProcess,
734  DWORD AddrBase,
735  PVOID UserContext
736  );
737 
738 typedef
739 PVOID
740 (CALLBACK *PSYMBOL_FUNCENTRY_CALLBACK64)(
741  HANDLE hProcess,
742  ULONG64 AddrBase,
743  ULONG64 UserContext
744  );
745 
746 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
747 
748 #define PSYM_ENUMMODULES_CALLBACK PSYM_ENUMMODULES_CALLBACK64
749 #define PSYM_ENUMSYMBOLS_CALLBACK PSYM_ENUMSYMBOLS_CALLBACK64
750 #define PSYM_ENUMSYMBOLS_CALLBACKW PSYM_ENUMSYMBOLS_CALLBACK64W
751 #define PENUMLOADED_MODULES_CALLBACK PENUMLOADED_MODULES_CALLBACK64
752 #define PSYMBOL_REGISTERED_CALLBACK PSYMBOL_REGISTERED_CALLBACK64
753 #define PSYMBOL_FUNCENTRY_CALLBACK PSYMBOL_FUNCENTRY_CALLBACK64
754 
755 #else
756 
757 typedef BOOL
758 (CALLBACK *PSYM_ENUMMODULES_CALLBACK)(
759  PSTR ModuleName,
760  ULONG BaseOfDll,
761  PVOID UserContext
762  );
763 
764 typedef BOOL
765 (CALLBACK *PSYM_ENUMSYMBOLS_CALLBACK)(
766  PSTR SymbolName,
767  ULONG SymbolAddress,
768  ULONG SymbolSize,
769  PVOID UserContext
770  );
771 
772 typedef BOOL
773 (CALLBACK *PSYM_ENUMSYMBOLS_CALLBACKW)(
774  PWSTR SymbolName,
775  ULONG SymbolAddress,
776  ULONG SymbolSize,
777  PVOID UserContext
778  );
779 
780 typedef BOOL
781 (CALLBACK *PENUMLOADED_MODULES_CALLBACK)(
782  PSTR ModuleName,
783  ULONG ModuleBase,
784  ULONG ModuleSize,
785  PVOID UserContext
786  );
787 
788 typedef BOOL
789 (CALLBACK *PSYMBOL_REGISTERED_CALLBACK)(
790  HANDLE hProcess,
791  ULONG ActionCode,
792  PVOID CallbackData,
793  PVOID UserContext
794  );
795 
796 #endif
797 
798 
799 //
800 // symbol flags
801 //
802 
803 #define SYMF_OMAP_GENERATED 0x00000001
804 #define SYMF_OMAP_MODIFIED 0x00000002
805 #ifndef _DBGHELP_USER_GENERATED_SYMBOLS_NOTSUPPORTED
806  #define SYMF_USER_GENERATED 0x00000004
807 #endif // !_DBGHELP_USER_GENERATED_SYMBOLS_NOTSUPPORTED
808 #define SYMF_REGISTER 0x00000008
809 #define SYMF_REGREL 0x00000010
810 #define SYMF_FRAMEREL 0x00000020
811 #define SYMF_PARAMETER 0x00000040
812 #define SYMF_LOCAL 0x00000080
813 #define SYMF_CONSTANT 0x00000100
814 #define SYMF_EXPORT 0x00000200
815 #define SYMF_FORWARDER 0x00000400
816 #define SYMF_FUNCTION 0x00000800
817 //
818 // symbol type enumeration
819 //
820 typedef enum {
821  SymNone = 0,
822  SymCoff,
823  SymCv,
824  SymPdb,
825  SymExport,
826  SymDeferred,
827  SymSym, // .sym file
828  SymDia,
829  NumSymTypes
830 } SYM_TYPE;
831 
832 //
833 // symbol data structure
834 //
835 
836 typedef struct _IMAGEHLP_SYMBOL64 {
837  DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_SYMBOL64)
838  DWORD64 Address; // virtual address including dll base address
839  DWORD Size; // estimated size of symbol, can be zero
840  DWORD Flags; // info about the symbols, see the SYMF defines
841  DWORD MaxNameLength; // maximum size of symbol name in 'Name'
842  CHAR Name[1]; // symbol name (null terminated string)
844 
845 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
846 #define IMAGEHLP_SYMBOL IMAGEHLP_SYMBOL64
847 #define PIMAGEHLP_SYMBOL PIMAGEHLP_SYMBOL64
848 #else
849 typedef struct _IMAGEHLP_SYMBOL {
850  DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_SYMBOL)
851  DWORD Address; // virtual address including dll base address
852  DWORD Size; // estimated size of symbol, can be zero
853  DWORD Flags; // info about the symbols, see the SYMF defines
854  DWORD MaxNameLength; // maximum size of symbol name in 'Name'
855  CHAR Name[1]; // symbol name (null terminated string)
857 #endif
858 
859 //
860 // module data structure
861 //
862 
863 typedef struct _IMAGEHLP_MODULE64 {
864  DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE64)
865  DWORD64 BaseOfImage; // base load address of module
866  DWORD ImageSize; // virtual size of the loaded module
867  DWORD TimeDateStamp; // date/time stamp from pe header
868  DWORD CheckSum; // checksum from the pe header
869  DWORD NumSyms; // number of symbols in the symbol table
870  SYM_TYPE SymType; // type of symbols loaded
871  CHAR ModuleName[32]; // module name
872  CHAR ImageName[256]; // image name
873  CHAR LoadedImageName[256]; // symbol file name
875 
876 typedef struct _IMAGEHLP_MODULE64W {
877  DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE64)
878  DWORD64 BaseOfImage; // base load address of module
879  DWORD ImageSize; // virtual size of the loaded module
880  DWORD TimeDateStamp; // date/time stamp from pe header
881  DWORD CheckSum; // checksum from the pe header
882  DWORD NumSyms; // number of symbols in the symbol table
883  SYM_TYPE SymType; // type of symbols loaded
884  WCHAR ModuleName[32]; // module name
885  WCHAR ImageName[256]; // image name
886  WCHAR LoadedImageName[256]; // symbol file name
888 
889 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
890 #define IMAGEHLP_MODULE IMAGEHLP_MODULE64
891 #define PIMAGEHLP_MODULE PIMAGEHLP_MODULE64
892 #define IMAGEHLP_MODULEW IMAGEHLP_MODULEW64
893 #define PIMAGEHLP_MODULEW PIMAGEHLP_MODULEW64
894 #else
895 typedef struct _IMAGEHLP_MODULE {
896  DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE)
897  DWORD BaseOfImage; // base load address of module
898  DWORD ImageSize; // virtual size of the loaded module
899  DWORD TimeDateStamp; // date/time stamp from pe header
900  DWORD CheckSum; // checksum from the pe header
901  DWORD NumSyms; // number of symbols in the symbol table
902  SYM_TYPE SymType; // type of symbols loaded
903  CHAR ModuleName[32]; // module name
904  CHAR ImageName[256]; // image name
905  CHAR LoadedImageName[256]; // symbol file name
907 
908 typedef struct _IMAGEHLP_MODULEW {
909  DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE)
910  DWORD BaseOfImage; // base load address of module
911  DWORD ImageSize; // virtual size of the loaded module
912  DWORD TimeDateStamp; // date/time stamp from pe header
913  DWORD CheckSum; // checksum from the pe header
914  DWORD NumSyms; // number of symbols in the symbol table
915  SYM_TYPE SymType; // type of symbols loaded
916  WCHAR ModuleName[32]; // module name
917  WCHAR ImageName[256]; // image name
918  WCHAR LoadedImageName[256]; // symbol file name
920 #endif
921 
922 //
923 // source file line data structure
924 //
925 
926 typedef struct _IMAGEHLP_LINE64 {
927  DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_LINE64)
928  PVOID Key; // internal
929  DWORD LineNumber; // line number in file
930  PCHAR FileName; // full filename
931  DWORD64 Address; // first instruction of line
933 
934 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
935 #define IMAGEHLP_LINE IMAGEHLP_LINE64
936 #define PIMAGEHLP_LINE PIMAGEHLP_LINE64
937 #else
938 typedef struct _IMAGEHLP_LINE {
939  DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_LINE)
940  PVOID Key; // internal
941  DWORD LineNumber; // line number in file
942  PCHAR FileName; // full filename
943  DWORD Address; // first instruction of line
945 #endif
946 
947 //
948 // source file structure
949 //
950 
951 typedef struct _SOURCEFILE {
952  DWORD64 ModBase; // base address of loaded module
953  PCHAR FileName; // full filename of source
955 
956 //
957 // data structures used for registered symbol callbacks
958 //
959 
960 #define CBA_DEFERRED_SYMBOL_LOAD_START 0x00000001
961 #define CBA_DEFERRED_SYMBOL_LOAD_COMPLETE 0x00000002
962 #define CBA_DEFERRED_SYMBOL_LOAD_FAILURE 0x00000003
963 #define CBA_SYMBOLS_UNLOADED 0x00000004
964 #define CBA_DUPLICATE_SYMBOL 0x00000005
965 #define CBA_READ_MEMORY 0x00000006
966 #define CBA_DEFERRED_SYMBOL_LOAD_CANCEL 0x00000007
967 #define CBA_SET_OPTIONS 0x00000008
968 #define CBA_EVENT 0x00000010
969 #define CBA_DEBUG_INFO 0x10000000
970 
972  DWORD64 addr; // address to read from
973  PVOID buf; // buffer to read to
974  DWORD bytes; // amount of bytes to read
975  DWORD *bytesread; // pointer to store amount of bytes read
977 
978 enum {
979  sevInfo = 0,
980  sevProblem,
981  sevAttn,
982  sevFatal,
983  sevMax // unused
984 };
985 
986 typedef struct _IMAGEHLP_CBA_EVENT {
987  DWORD severity; // values from sevInfo to sevFatal
988  DWORD code; // numerical code IDs the error
989  PCHAR desc; // may contain a text description of the error
990  PVOID object; // value dependant upon the error code
992 
994  DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DEFERRED_SYMBOL_LOAD64)
995  DWORD64 BaseOfImage; // base load address of module
996  DWORD CheckSum; // checksum from the pe header
997  DWORD TimeDateStamp; // date/time stamp from pe header
998  CHAR FileName[MAX_PATH]; // symbols file or image name
999  BOOLEAN Reparse; // load failure reparse
1001 
1002 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
1003 #define IMAGEHLP_DEFERRED_SYMBOL_LOAD IMAGEHLP_DEFERRED_SYMBOL_LOAD64
1004 #define PIMAGEHLP_DEFERRED_SYMBOL_LOAD PIMAGEHLP_DEFERRED_SYMBOL_LOAD64
1005 #else
1007  DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DEFERRED_SYMBOL_LOAD)
1008  DWORD BaseOfImage; // base load address of module
1009  DWORD CheckSum; // checksum from the pe header
1010  DWORD TimeDateStamp; // date/time stamp from pe header
1011  CHAR FileName[MAX_PATH]; // symbols file or image name
1012  BOOLEAN Reparse; // load failure reparse
1014 #endif
1015 
1017  DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DUPLICATE_SYMBOL64)
1018  DWORD NumberOfDups; // number of duplicates in the Symbol array
1019  PIMAGEHLP_SYMBOL64 Symbol; // array of duplicate symbols
1020  DWORD SelectedSymbol; // symbol selected (-1 to start)
1022 
1023 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
1024 #define IMAGEHLP_DUPLICATE_SYMBOL IMAGEHLP_DUPLICATE_SYMBOL64
1025 #define PIMAGEHLP_DUPLICATE_SYMBOL PIMAGEHLP_DUPLICATE_SYMBOL64
1026 #else
1028  DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_DUPLICATE_SYMBOL)
1029  DWORD NumberOfDups; // number of duplicates in the Symbol array
1030  PIMAGEHLP_SYMBOL Symbol; // array of duplicate symbols
1031  DWORD SelectedSymbol; // symbol selected (-1 to start)
1033 #endif
1034 
1035 
1036 //
1037 // options that are set/returned by SymSetOptions() & SymGetOptions()
1038 // these are used as a mask
1039 //
1040 #define SYMOPT_CASE_INSENSITIVE 0x00000001
1041 #define SYMOPT_UNDNAME 0x00000002
1042 #define SYMOPT_DEFERRED_LOADS 0x00000004
1043 #define SYMOPT_NO_CPP 0x00000008
1044 #define SYMOPT_LOAD_LINES 0x00000010
1045 #define SYMOPT_OMAP_FIND_NEAREST 0x00000020
1046 #define SYMOPT_LOAD_ANYTHING 0x00000040
1047 #define SYMOPT_IGNORE_CVREC 0x00000080
1048 #define SYMOPT_NO_UNQUALIFIED_LOADS 0x00000100
1049 #define SYMOPT_FAIL_CRITICAL_ERRORS 0x00000200
1050 #define SYMOPT_EXACT_SYMBOLS 0x00000400
1051 #define SYMOPT_WILD_UNDERSCORE 0x00000800
1052 #define SYMOPT_USE_DEFAULTS 0x00001000
1053 #define SYMOPT_INCLUDE_32BIT_MODULES 0x00002000
1054 
1055 #define SYMOPT_DEBUG 0x80000000
1056 
1057 DWORD
1058 IMAGEAPI
1059 SymSetOptions(
1060  IN DWORD SymOptions
1061  );
1062 
1063 DWORD
1064 IMAGEAPI
1065 SymGetOptions(
1066  VOID
1067  );
1068 
1069 BOOL
1070 IMAGEAPI
1071 SymCleanup(
1072  IN HANDLE hProcess
1073  );
1074 
1075 BOOL
1076 IMAGEAPI
1077 SymMatchString(
1078  IN LPSTR string,
1079  IN LPSTR expression,
1080  IN BOOL fCase
1081  );
1082 
1083 typedef BOOL
1084 (CALLBACK *PSYM_ENUMSOURCFILES_CALLBACK)(
1085  PSOURCEFILE pSourceFile,
1086  PVOID UserContext
1087  );
1088 
1089 BOOL
1090 IMAGEAPI
1091 SymEnumSourceFiles(
1092  IN HANDLE hProcess,
1093  IN ULONG64 ModBase,
1094  IN LPSTR Mask,
1095  IN PSYM_ENUMSOURCFILES_CALLBACK cbSrcFiles,
1096  IN PVOID UserContext
1097  );
1098 
1099 BOOL
1100 IMAGEAPI
1101 SymEnumerateModules64(
1102  IN HANDLE hProcess,
1103  IN PSYM_ENUMMODULES_CALLBACK64 EnumModulesCallback,
1104  IN PVOID UserContext
1105  );
1106 
1107 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
1108 #define SymEnumerateModules SymEnumerateModules64
1109 #else
1110 BOOL
1111 IMAGEAPI
1112 SymEnumerateModules(
1113  IN HANDLE hProcess,
1114  IN PSYM_ENUMMODULES_CALLBACK EnumModulesCallback,
1115  IN PVOID UserContext
1116  );
1117 #endif
1118 
1119 BOOL
1120 IMAGEAPI
1121 SymEnumerateSymbols64(
1122  IN HANDLE hProcess,
1123  IN DWORD64 BaseOfDll,
1124  IN PSYM_ENUMSYMBOLS_CALLBACK64 EnumSymbolsCallback,
1125  IN PVOID UserContext
1126  );
1127 
1128 BOOL
1129 IMAGEAPI
1130 SymEnumerateSymbolsW64(
1131  IN HANDLE hProcess,
1132  IN DWORD64 BaseOfDll,
1133  IN PSYM_ENUMSYMBOLS_CALLBACK64W EnumSymbolsCallback,
1134  IN PVOID UserContext
1135  );
1136 
1137 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
1138 #define SymEnumerateSymbols SymEnumerateSymbols64
1139 #define SymEnumerateSymbolsW SymEnumerateSymbolsW64
1140 #else
1141 BOOL
1142 IMAGEAPI
1143 SymEnumerateSymbols(
1144  IN HANDLE hProcess,
1145  IN DWORD BaseOfDll,
1146  IN PSYM_ENUMSYMBOLS_CALLBACK EnumSymbolsCallback,
1147  IN PVOID UserContext
1148  );
1149 
1150 BOOL
1151 IMAGEAPI
1152 SymEnumerateSymbolsW(
1153  IN HANDLE hProcess,
1154  IN DWORD BaseOfDll,
1155  IN PSYM_ENUMSYMBOLS_CALLBACKW EnumSymbolsCallback,
1156  IN PVOID UserContext
1157  );
1158 #endif
1159 
1160 BOOL
1161 IMAGEAPI
1162 EnumerateLoadedModules64(
1163  IN HANDLE hProcess,
1164  IN PENUMLOADED_MODULES_CALLBACK64 EnumLoadedModulesCallback,
1165  IN PVOID UserContext
1166  );
1167 
1168 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
1169 #define EnumerateLoadedModules EnumerateLoadedModules64
1170 #else
1171 BOOL
1172 IMAGEAPI
1173 EnumerateLoadedModules(
1174  IN HANDLE hProcess,
1175  IN PENUMLOADED_MODULES_CALLBACK EnumLoadedModulesCallback,
1176  IN PVOID UserContext
1177  );
1178 #endif
1179 
1180 PVOID
1181 IMAGEAPI
1182 SymFunctionTableAccess64(
1183  HANDLE hProcess,
1184  DWORD64 AddrBase
1185  );
1186 
1187 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
1188 #define SymFunctionTableAccess SymFunctionTableAccess64
1189 #else
1190 PVOID
1191 IMAGEAPI
1192 SymFunctionTableAccess(
1193  HANDLE hProcess,
1194  DWORD AddrBase
1195  );
1196 #endif
1197 
1198 BOOL
1199 IMAGEAPI
1200 SymGetModuleInfo64(
1201  IN HANDLE hProcess,
1202  IN DWORD64 qwAddr,
1203  OUT PIMAGEHLP_MODULE64 ModuleInfo
1204  );
1205 
1206 BOOL
1207 IMAGEAPI
1208 SymGetModuleInfoW64(
1209  IN HANDLE hProcess,
1210  IN DWORD64 qwAddr,
1211  OUT PIMAGEHLP_MODULEW64 ModuleInfo
1212  );
1213 
1214 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
1215 #define SymGetModuleInfo SymGetModuleInfo64
1216 #define SymGetModuleInfoW SymGetModuleInfoW64
1217 #else
1218 BOOL
1219 IMAGEAPI
1220 SymGetModuleInfo(
1221  IN HANDLE hProcess,
1222  IN DWORD dwAddr,
1223  OUT PIMAGEHLP_MODULE ModuleInfo
1224  );
1225 
1226 BOOL
1227 IMAGEAPI
1228 SymGetModuleInfoW(
1229  IN HANDLE hProcess,
1230  IN DWORD dwAddr,
1231  OUT PIMAGEHLP_MODULEW ModuleInfo
1232  );
1233 #endif
1234 
1235 DWORD64
1236 IMAGEAPI
1237 SymGetModuleBase64(
1238  IN HANDLE hProcess,
1239  IN DWORD64 qwAddr
1240  );
1241 
1242 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
1243 #define SymGetModuleBase SymGetModuleBase64
1244 #else
1245 DWORD
1246 IMAGEAPI
1247 SymGetModuleBase(
1248  IN HANDLE hProcess,
1249  IN DWORD dwAddr
1250  );
1251 #endif
1252 
1253 BOOL
1254 IMAGEAPI
1255 SymGetSymNext64(
1256  IN HANDLE hProcess,
1257  IN OUT PIMAGEHLP_SYMBOL64 Symbol
1258  );
1259 
1260 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
1261 #define SymGetSymNext SymGetSymNext64
1262 #else
1263 BOOL
1264 IMAGEAPI
1265 SymGetSymNext(
1266  IN HANDLE hProcess,
1267  IN OUT PIMAGEHLP_SYMBOL Symbol
1268  );
1269 #endif
1270 
1271 BOOL
1272 IMAGEAPI
1273 SymGetSymPrev64(
1274  IN HANDLE hProcess,
1275  IN OUT PIMAGEHLP_SYMBOL64 Symbol
1276  );
1277 
1278 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
1279 #define SymGetSymPrev SymGetSymPrev64
1280 #else
1281 BOOL
1282 IMAGEAPI
1283 SymGetSymPrev(
1284  IN HANDLE hProcess,
1285  IN OUT PIMAGEHLP_SYMBOL Symbol
1286  );
1287 #endif
1288 
1289 BOOL
1290 IMAGEAPI
1291 SymGetLineFromAddr64(
1292  IN HANDLE hProcess,
1293  IN DWORD64 qwAddr,
1294  OUT PDWORD pdwDisplacement,
1295  OUT PIMAGEHLP_LINE64 Line
1296  );
1297 
1298 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
1299 #define SymGetLineFromAddr SymGetLineFromAddr64
1300 #else
1301 BOOL
1302 IMAGEAPI
1303 SymGetLineFromAddr(
1304  IN HANDLE hProcess,
1305  IN DWORD dwAddr,
1306  OUT PDWORD pdwDisplacement,
1307  OUT PIMAGEHLP_LINE Line
1308  );
1309 #endif
1310 
1311 BOOL
1312 IMAGEAPI
1313 SymGetLineFromName64(
1314  IN HANDLE hProcess,
1315  IN PSTR ModuleName,
1316  IN PSTR FileName,
1317  IN DWORD dwLineNumber,
1318  OUT PLONG plDisplacement,
1319  IN OUT PIMAGEHLP_LINE64 Line
1320  );
1321 
1322 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
1323 #define SymGetLineFromName SymGetLineFromName64
1324 #else
1325 BOOL
1326 IMAGEAPI
1327 SymGetLineFromName(
1328  IN HANDLE hProcess,
1329  IN PSTR ModuleName,
1330  IN PSTR FileName,
1331  IN DWORD dwLineNumber,
1332  OUT PLONG plDisplacement,
1333  IN OUT PIMAGEHLP_LINE Line
1334  );
1335 #endif
1336 
1337 BOOL
1338 IMAGEAPI
1339 SymGetLineNext64(
1340  IN HANDLE hProcess,
1341  IN OUT PIMAGEHLP_LINE64 Line
1342  );
1343 
1344 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
1345 #define SymGetLineNext SymGetLineNext64
1346 #else
1347 BOOL
1348 IMAGEAPI
1349 SymGetLineNext(
1350  IN HANDLE hProcess,
1351  IN OUT PIMAGEHLP_LINE Line
1352  );
1353 #endif
1354 
1355 BOOL
1356 IMAGEAPI
1357 SymGetLinePrev64(
1358  IN HANDLE hProcess,
1359  IN OUT PIMAGEHLP_LINE64 Line
1360  );
1361 
1362 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
1363 #define SymGetLinePrev SymGetLinePrev64
1364 #else
1365 BOOL
1366 IMAGEAPI
1367 SymGetLinePrev(
1368  IN HANDLE hProcess,
1369  IN OUT PIMAGEHLP_LINE Line
1370  );
1371 #endif
1372 
1373 BOOL
1374 IMAGEAPI
1375 SymMatchFileName(
1376  IN PSTR FileName,
1377  IN PSTR Match,
1378  OUT PSTR *FileNameStop,
1379  OUT PSTR *MatchStop
1380  );
1381 
1382 BOOL
1383 IMAGEAPI
1384 SymInitialize(
1385  IN HANDLE hProcess,
1386  IN PSTR UserSearchPath,
1387  IN BOOL fInvadeProcess
1388  );
1389 
1390 BOOL
1391 IMAGEAPI
1392 SymGetSearchPath(
1393  IN HANDLE hProcess,
1394  OUT PSTR SearchPath,
1395  IN DWORD SearchPathLength
1396  );
1397 
1398 BOOL
1399 IMAGEAPI
1400 SymSetSearchPath(
1401  IN HANDLE hProcess,
1402  IN PSTR SearchPath
1403  );
1404 
1405 DWORD64
1406 IMAGEAPI
1407 SymLoadModule64(
1408  IN HANDLE hProcess,
1409  IN HANDLE hFile,
1410  IN PSTR ImageName,
1411  IN PSTR ModuleName,
1412  IN DWORD64 BaseOfDll,
1413  IN DWORD SizeOfDll
1414  );
1415 
1416 DWORD64
1417 IMAGEAPI
1418 SymLoadModuleEx(
1419  IN HANDLE hProcess,
1420  IN HANDLE hFile,
1421  IN PSTR ImageName,
1422  IN PSTR ModuleName,
1423  IN DWORD64 BaseOfDll,
1424  IN DWORD DllSize,
1425  IN PMODLOAD_DATA Data,
1426  IN DWORD Flags
1427  );
1428 
1429 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
1430 #define SymLoadModule SymLoadModule64
1431 #else
1432 DWORD
1433 IMAGEAPI
1434 SymLoadModule(
1435  IN HANDLE hProcess,
1436  IN HANDLE hFile,
1437  IN PSTR ImageName,
1438  IN PSTR ModuleName,
1439  IN DWORD BaseOfDll,
1440  IN DWORD SizeOfDll
1441  );
1442 #endif
1443 
1444 BOOL
1445 IMAGEAPI
1446 SymUnloadModule64(
1447  IN HANDLE hProcess,
1448  IN DWORD64 BaseOfDll
1449  );
1450 
1451 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
1452 #define SymUnloadModule SymUnloadModule64
1453 #else
1454 BOOL
1455 IMAGEAPI
1456 SymUnloadModule(
1457  IN HANDLE hProcess,
1458  IN DWORD BaseOfDll
1459  );
1460 #endif
1461 
1462 BOOL
1463 IMAGEAPI
1464 SymUnDName64(
1465  IN PIMAGEHLP_SYMBOL64 sym, // Symbol to undecorate
1466  OUT PSTR UnDecName, // Buffer to store undecorated name in
1467  IN DWORD UnDecNameLength // Size of the buffer
1468  );
1469 
1470 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
1471 #define SymUnDName SymUnDName64
1472 #else
1473 BOOL
1474 IMAGEAPI
1475 SymUnDName(
1476  IN PIMAGEHLP_SYMBOL sym, // Symbol to undecorate
1477  OUT PSTR UnDecName, // Buffer to store undecorated name in
1478  IN DWORD UnDecNameLength // Size of the buffer
1479  );
1480 #endif
1481 
1482 BOOL
1483 IMAGEAPI
1484 SymRegisterCallback64(
1485  IN HANDLE hProcess,
1486  IN PSYMBOL_REGISTERED_CALLBACK64 CallbackFunction,
1487  IN ULONG64 UserContext
1488  );
1489 
1490 BOOL
1491 IMAGEAPI
1492 SymRegisterFunctionEntryCallback64(
1493  IN HANDLE hProcess,
1494  IN PSYMBOL_FUNCENTRY_CALLBACK64 CallbackFunction,
1495  IN ULONG64 UserContext
1496  );
1497 
1498 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
1499 #define SymRegisterCallback SymRegisterCallback64
1500 #define SymRegisterFunctionEntryCallback SymRegisterFunctionEntryCallback64
1501 #else
1502 BOOL
1503 IMAGEAPI
1504 SymRegisterCallback(
1505  IN HANDLE hProcess,
1506  IN PSYMBOL_REGISTERED_CALLBACK CallbackFunction,
1507  IN PVOID UserContext
1508  );
1509 
1510 BOOL
1511 IMAGEAPI
1512 SymRegisterFunctionEntryCallback(
1513  IN HANDLE hProcess,
1514  IN PSYMBOL_FUNCENTRY_CALLBACK CallbackFunction,
1515  IN PVOID UserContext
1516  );
1517 #endif
1518 
1519 
1520 typedef struct _IMAGEHLP_SYMBOL_SRC {
1521  DWORD sizeofstruct;
1522  DWORD type;
1523  char file[MAX_PATH];
1525 
1526 typedef struct _MODULE_TYPE_INFO { // AKA TYPTYP
1527  USHORT dataLength;
1528  USHORT leaf;
1529  BYTE data[1];
1531 
1532 #define IMAGEHLP_SYMBOL_INFO_VALUEPRESENT 1
1533 #define IMAGEHLP_SYMBOL_INFO_REGISTER SYMF_REGISTER // 0x08
1534 #define IMAGEHLP_SYMBOL_INFO_REGRELATIVE SYMF_REGREL // 0x10
1535 #define IMAGEHLP_SYMBOL_INFO_FRAMERELATIVE SYMF_FRAMEREL // 0x20
1536 #define IMAGEHLP_SYMBOL_INFO_PARAMETER SYMF_PARAMETER // 0x40
1537 #define IMAGEHLP_SYMBOL_INFO_LOCAL SYMF_LOCAL // 0x80
1538 #define IMAGEHLP_SYMBOL_INFO_CONSTANT SYMF_CONSTANT // 0x100
1539 #define IMAGEHLP_SYMBOL_FUNCTION SYMF_FUNCTION // 0x800
1540 
1541 typedef struct _SYMBOL_INFO {
1542  ULONG SizeOfStruct;
1543  ULONG TypeIndex; // Type Index of symbol
1544  ULONG64 Reserved[2];
1545  ULONG Reserved2;
1546  ULONG Size;
1547  ULONG64 ModBase; // Base Address of module comtaining this symbol
1548  ULONG Flags;
1549  ULONG64 Value; // Value of symbol, ValuePresent should be 1
1550  ULONG64 Address; // Address of symbol including base address of module
1551  ULONG Register; // register holding value or pointer to value
1552  ULONG Scope; // scope of the symbol
1553  ULONG Tag; // pdb classification
1554  ULONG NameLen; // Actual length of name
1555  ULONG MaxNameLen;
1556  CHAR Name[1]; // Name of symbol
1558 
1560 {
1561  ULONG64 InstructionOffset;
1562  ULONG64 ReturnOffset;
1563  ULONG64 FrameOffset;
1564  ULONG64 StackOffset;
1565  ULONG64 BackingStoreOffset;
1566  ULONG64 FuncTableEntry;
1567  ULONG64 Params[4];
1568  ULONG64 Reserved[5];
1569  BOOL Virtual;
1570  ULONG Reserved2;
1572 
1573 typedef VOID IMAGEHLP_CONTEXT, *PIMAGEHLP_CONTEXT;
1574 
1575 
1576 ULONG
1577 IMAGEAPI
1578 SymSetContext(
1579  HANDLE hProcess,
1580  PIMAGEHLP_STACK_FRAME StackFrame,
1581  PIMAGEHLP_CONTEXT Context
1582  );
1583 
1584 BOOL
1585 IMAGEAPI
1586 SymFromAddr(
1587  IN HANDLE hProcess,
1588  IN DWORD64 Address,
1589  OUT PDWORD64 Displacement,
1590  IN OUT PSYMBOL_INFO Symbol
1591  );
1592 
1593 // While SymFromName will provide a symbol from a name,
1594 // SymEnumSymbols can provide the same matching information
1595 // for ALL symbols with a matching name, even regular
1596 // expressions. That way you can search across modules
1597 // and differentiate between identically named symbols.
1598 
1599 BOOL
1600 IMAGEAPI
1601 SymFromName(
1602  IN HANDLE hProcess,
1603  IN LPSTR Name,
1604  OUT PSYMBOL_INFO Symbol
1605  );
1606 
1607 typedef BOOL
1608 (CALLBACK *PSYM_ENUMERATESYMBOLS_CALLBACK)(
1609  PSYMBOL_INFO pSymInfo,
1610  ULONG SymbolSize,
1611  PVOID UserContext
1612  );
1613 
1614 BOOL
1615 IMAGEAPI
1616 SymEnumSymbols(
1617  IN HANDLE hProcess,
1618  IN ULONG64 BaseOfDll,
1619  IN PCSTR Mask,
1620  IN PSYM_ENUMERATESYMBOLS_CALLBACK EnumSymbolsCallback,
1621  IN PVOID UserContext
1622  );
1623 
1624 typedef enum _IMAGEHLP_SYMBOL_TYPE_INFO {
1625  TI_GET_SYMTAG,
1626  TI_GET_SYMNAME,
1627  TI_GET_LENGTH,
1628  TI_GET_TYPE,
1629  TI_GET_TYPEID,
1630  TI_GET_BASETYPE,
1631  TI_GET_ARRAYINDEXTYPEID,
1632  TI_FINDCHILDREN,
1633  TI_GET_DATAKIND,
1634  TI_GET_ADDRESSOFFSET,
1635  TI_GET_OFFSET,
1636  TI_GET_VALUE,
1637  TI_GET_COUNT,
1638  TI_GET_CHILDRENCOUNT,
1639  TI_GET_BITPOSITION,
1640  TI_GET_VIRTUALBASECLASS,
1641  TI_GET_VIRTUALTABLESHAPEID,
1642  TI_GET_VIRTUALBASEPOINTEROFFSET,
1643  TI_GET_CLASSPARENTID,
1644  TI_GET_NESTED,
1645  TI_GET_SYMINDEX,
1646  TI_GET_LEXICALPARENT,
1647  TI_GET_ADDRESS,
1648  TI_GET_THISADJUST,
1649 } IMAGEHLP_SYMBOL_TYPE_INFO;
1650 
1651 typedef struct _TI_FINDCHILDREN_PARAMS {
1652  ULONG Count;
1653  ULONG Start;
1654  ULONG ChildId[1];
1656 
1657 BOOL
1658 IMAGEAPI
1659 SymGetTypeInfo(
1660  IN HANDLE hProcess,
1661  IN DWORD64 ModBase,
1662  IN ULONG TypeId,
1663  IN IMAGEHLP_SYMBOL_TYPE_INFO GetType,
1664  OUT PVOID pInfo
1665  );
1666 
1667 BOOL
1668 IMAGEAPI
1669 SymEnumTypes(
1670  IN HANDLE hProcess,
1671  IN ULONG64 BaseOfDll,
1672  IN PSYM_ENUMERATESYMBOLS_CALLBACK EnumSymbolsCallback,
1673  IN PVOID UserContext
1674  );
1675 
1676 BOOL
1677 IMAGEAPI
1678 SymGetTypeFromName(
1679  IN HANDLE hProcess,
1680  IN ULONG64 BaseOfDll,
1681  IN LPSTR Name,
1682  OUT PSYMBOL_INFO Symbol
1683  );
1684 
1685 //
1686 // Full user-mode dump creation.
1687 //
1688 
1689 typedef BOOL (WINAPI *PDBGHELP_CREATE_USER_DUMP_CALLBACK)(
1690  DWORD DataType,
1691  PVOID* Data,
1692  LPDWORD DataLength,
1693  PVOID UserData
1694  );
1695 
1696 BOOL
1697 WINAPI
1698 DbgHelpCreateUserDump(
1699  IN LPSTR FileName,
1700  IN PDBGHELP_CREATE_USER_DUMP_CALLBACK Callback,
1701  IN PVOID UserData
1702  );
1703 
1704 BOOL
1705 WINAPI
1706 DbgHelpCreateUserDumpW(
1707  IN LPWSTR FileName,
1708  IN PDBGHELP_CREATE_USER_DUMP_CALLBACK Callback,
1709  IN PVOID UserData
1710  );
1711 
1712 // -----------------------------------------------------------------
1713 // The following 4 legacy APIs are fully supported, but newer
1714 // ones are recommended. SymFromName and SymFromAddr provide
1715 // much more detailed info on the returned symbol.
1716 
1717 BOOL
1718 IMAGEAPI
1719 SymGetSymFromAddr64(
1720  IN HANDLE hProcess,
1721  IN DWORD64 qwAddr,
1722  OUT PDWORD64 pdwDisplacement,
1723  OUT PIMAGEHLP_SYMBOL64 Symbol
1724  );
1725 
1726 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
1727 #define SymGetSymFromAddr SymGetSymFromAddr64
1728 #else
1729 BOOL
1730 IMAGEAPI
1731 SymGetSymFromAddr(
1732  IN HANDLE hProcess,
1733  IN DWORD dwAddr,
1734  OUT PDWORD pdwDisplacement,
1735  OUT PIMAGEHLP_SYMBOL Symbol
1736  );
1737 #endif
1738 
1739 // While following two APIs will provide a symbol from a name,
1740 // SymEnumSymbols can provide the same matching information
1741 // for ALL symbols with a matching name, even regular
1742 // expressions. That way you can search across modules
1743 // and differentiate between identically named symbols.
1744 
1745 BOOL
1746 IMAGEAPI
1747 SymGetSymFromName64(
1748  IN HANDLE hProcess,
1749  IN PSTR Name,
1750  OUT PIMAGEHLP_SYMBOL64 Symbol
1751  );
1752 
1753 #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
1754 #define SymGetSymFromName SymGetSymFromName64
1755 #else
1756 BOOL
1757 IMAGEAPI
1758 SymGetSymFromName(
1759  IN HANDLE hProcess,
1760  IN PSTR Name,
1761  OUT PIMAGEHLP_SYMBOL Symbol
1762  );
1763 #endif
1764 
1765 
1766 // -----------------------------------------------------------------
1767 // The following APIs exist only for backwards compatibility
1768 // with a pre-release version documented in an MSDN release.
1769 
1770 // You should use SymFindFileInPath if you want to maintain
1771 // future compatibility.
1772 
1773 DBHLP_DEPRECIATED
1774 BOOL
1775 IMAGEAPI
1776 FindFileInPath(
1777  HANDLE hprocess,
1778  LPSTR SearchPath,
1779  LPSTR FileName,
1780  PVOID id,
1781  DWORD two,
1782  DWORD three,
1783  DWORD flags,
1784  LPSTR FilePath
1785  );
1786 
1787 // You should use SymFindFileInPath if you want to maintain
1788 // future compatibility.
1789 
1790 DBHLP_DEPRECIATED
1791 BOOL
1792 IMAGEAPI
1793 FindFileInSearchPath(
1794  HANDLE hprocess,
1795  LPSTR SearchPath,
1796  LPSTR FileName,
1797  DWORD one,
1798  DWORD two,
1799  DWORD three,
1800  LPSTR FilePath
1801  );
1802 
1803 DBHLP_DEPRECIATED
1804 BOOL
1805 IMAGEAPI
1806 SymEnumSym(
1807  IN HANDLE hProcess,
1808  IN ULONG64 BaseOfDll,
1809  IN PSYM_ENUMERATESYMBOLS_CALLBACK EnumSymbolsCallback,
1810  IN PVOID UserContext
1811  );
1812 
1813 
1814 #include <pshpack4.h>
1815 
1816 #pragma warning(disable:4200) // Zero length array
1817 
1818 
1819 #define MINIDUMP_SIGNATURE ('PMDM')
1820 #define MINIDUMP_VERSION (42899)
1821 typedef DWORD RVA;
1822 typedef ULONG64 RVA64;
1823 
1825  ULONG32 DataSize;
1826  RVA Rva;
1828 
1830  ULONG64 DataSize;
1831  RVA64 Rva;
1833 
1834 
1836  ULONG64 StartOfMemoryRange;
1839 
1840 // DESCRIPTOR64 is used for full-memory minidumps where
1841 // all of the raw memory is laid out sequentially at the
1842 // end of the dump. There is no need for individual RVAs
1843 // as the RVA is the base RVA plus the sum of the preceeding
1844 // data blocks.
1846  ULONG64 StartOfMemoryRange;
1847  ULONG64 DataSize;
1849 
1850 
1851 typedef struct _MINIDUMP_HEADER {
1852  ULONG32 Signature;
1853  ULONG32 Version;
1854  ULONG32 NumberOfStreams;
1855  RVA StreamDirectoryRva;
1856  ULONG32 CheckSum;
1857  union {
1858  ULONG32 Reserved;
1859  ULONG32 TimeDateStamp;
1860  };
1861  ULONG64 Flags;
1863 
1864 //
1865 // The MINIDUMP_HEADER field StreamDirectoryRva points to
1866 // an array of MINIDUMP_DIRECTORY structures.
1867 //
1868 
1869 typedef struct _MINIDUMP_DIRECTORY {
1870  ULONG32 StreamType;
1873 
1874 
1875 typedef struct _MINIDUMP_STRING {
1876  ULONG32 Length; // Length in bytes of the string
1877  WCHAR Buffer [0]; // Variable size buffer
1879 
1880 
1881 
1882 //
1883 // The MINIDUMP_DIRECTORY field StreamType may be one of the following types.
1884 // Types will be added in the future, so if a program reading the minidump
1885 // header encounters a stream type it does not understand it should ignore
1886 // the data altogether. Any tag above LastReservedStream will not be used by
1887 // the system and is reserved for program-specific information.
1888 //
1889 
1890 typedef enum _MINIDUMP_STREAM_TYPE {
1891 
1892  UnusedStream = 0,
1893  ReservedStream0 = 1,
1894  ReservedStream1 = 2,
1895  ThreadListStream = 3,
1896  ModuleListStream = 4,
1897  MemoryListStream = 5,
1898  ExceptionStream = 6,
1899  SystemInfoStream = 7,
1900  ThreadExListStream = 8,
1901  Memory64ListStream = 9,
1902  CommentStreamA = 10,
1903  CommentStreamW = 11,
1904  HandleDataStream = 12,
1905  FunctionTableStream = 13,
1906 
1907  LastReservedStream = 0xffff
1908 
1909 } MINIDUMP_STREAM_TYPE;
1910 
1911 
1912 //
1913 // The minidump system information contains processor and
1914 // Operating System specific information.
1915 //
1916 
1917 typedef struct _MINIDUMP_SYSTEM_INFO {
1918 
1919  //
1920  // ProcessorArchitecture, ProcessorLevel and ProcessorRevision are all
1921  // taken from the SYSTEM_INFO structure obtained by GetSystemInfo( ).
1922  //
1923 
1924  USHORT ProcessorArchitecture;
1925  USHORT ProcessorLevel;
1926  USHORT ProcessorRevision;
1927 
1928  USHORT Reserved0; // Reserved for future use. Must be zero.
1929 
1930  //
1931  // MajorVersion, MinorVersion, BuildNumber, PlatformId and
1932  // CSDVersion are all taken from the OSVERSIONINFO structure
1933  // returned by GetVersionEx( ).
1934  //
1935 
1936  ULONG32 MajorVersion;
1937  ULONG32 MinorVersion;
1938  ULONG32 BuildNumber;
1939  ULONG32 PlatformId;
1940 
1941  //
1942  // RVA to a CSDVersion string in the string table.
1943  //
1944 
1945  RVA CSDVersionRva;
1946 
1947  ULONG32 Reserved1; // Reserved for future use.
1948 
1949  //
1950  // CPU information is obtained from one of two places.
1951  //
1952  // 1) On x86 computers, CPU_INFORMATION is obtained from the CPUID
1953  // instruction. You must use the X86 portion of the union for X86
1954  // computers.
1955  //
1956  // 2) On non-x86 architectures, CPU_INFORMATION is obtained by calling
1957  // IsProcessorFeatureSupported().
1958  //
1959 
1961 
1962  //
1963  // X86 platforms use CPUID function to obtain processor information.
1964  //
1965 
1966  struct {
1967 
1968  //
1969  // CPUID Subfunction 0, register EAX (VendorId [0]),
1970  // EBX (VendorId [1]) and ECX (VendorId [2]).
1971  //
1972 
1973  ULONG32 VendorId [ 3 ];
1974 
1975  //
1976  // CPUID Subfunction 1, register EAX
1977  //
1978 
1979  ULONG32 VersionInformation;
1980 
1981  //
1982  // CPUID Subfunction 1, register EDX
1983  //
1984 
1985  ULONG32 FeatureInformation;
1986 
1987 
1988  //
1989  // CPUID, Subfunction 80000001, register EBX. This will only
1990  // be obtained if the vendor id is "AuthenticAMD".
1991  //
1992 
1993  ULONG32 AMDExtendedCpuFeatures;
1994 
1995  } X86CpuInfo;
1996 
1997  //
1998  // Non-x86 platforms use processor feature flags.
1999  //
2000 
2001  struct {
2002 
2003  ULONG64 ProcessorFeatures [ 2 ];
2004 
2005  } OtherCpuInfo;
2006 
2007  } Cpu;
2008 
2010 
2011 typedef union _CPU_INFORMATION CPU_INFORMATION, *PCPU_INFORMATION;
2012 
2013 
2014 //
2015 // The minidump thread contains standard thread
2016 // information plus an RVA to the memory for this
2017 // thread and an RVA to the CONTEXT structure for
2018 // this thread.
2019 //
2020 
2021 
2022 //
2023 // ThreadId must be 4 bytes on all architectures.
2024 //
2025 
2026 C_ASSERT (sizeof ( ((PPROCESS_INFORMATION)0)->dwThreadId ) == 4);
2027 
2028 typedef struct _MINIDUMP_THREAD {
2029  ULONG32 ThreadId;
2030  ULONG32 SuspendCount;
2031  ULONG32 PriorityClass;
2032  ULONG32 Priority;
2033  ULONG64 Teb;
2035  MINIDUMP_LOCATION_DESCRIPTOR ThreadContext;
2037 
2038 //
2039 // The thread list is a container of threads.
2040 //
2041 
2042 typedef struct _MINIDUMP_THREAD_LIST {
2043  ULONG32 NumberOfThreads;
2044  MINIDUMP_THREAD Threads [0];
2046 
2047 
2048 typedef struct _MINIDUMP_THREAD_EX {
2049  ULONG32 ThreadId;
2050  ULONG32 SuspendCount;
2051  ULONG32 PriorityClass;
2052  ULONG32 Priority;
2053  ULONG64 Teb;
2055  MINIDUMP_LOCATION_DESCRIPTOR ThreadContext;
2056  MINIDUMP_MEMORY_DESCRIPTOR BackingStore;
2058 
2059 //
2060 // The thread list is a container of threads.
2061 //
2062 
2064  ULONG32 NumberOfThreads;
2065  MINIDUMP_THREAD_EX Threads [0];
2067 
2068 
2069 //
2070 // The MINIDUMP_EXCEPTION is the same as EXCEPTION on Win64.
2071 //
2072 
2073 typedef struct _MINIDUMP_EXCEPTION {
2074  ULONG32 ExceptionCode;
2075  ULONG32 ExceptionFlags;
2076  ULONG64 ExceptionRecord;
2077  ULONG64 ExceptionAddress;
2078  ULONG32 NumberParameters;
2079  ULONG32 __unusedAlignment;
2080  ULONG64 ExceptionInformation [ EXCEPTION_MAXIMUM_PARAMETERS ];
2082 
2083 
2084 //
2085 // The exception information stream contains the id of the thread that caused
2086 // the exception (ThreadId), the exception record for the exception
2087 // (ExceptionRecord) and an RVA to the thread context where the exception
2088 // occured.
2089 //
2090 
2092  ULONG32 ThreadId;
2093  ULONG32 __alignment;
2094  MINIDUMP_EXCEPTION ExceptionRecord;
2095  MINIDUMP_LOCATION_DESCRIPTOR ThreadContext;
2097 
2098 
2099 //
2100 // The MINIDUMP_MODULE contains information about a
2101 // a specific module. It includes the CheckSum and
2102 // the TimeDateStamp for the module so the module
2103 // can be reloaded during the analysis phase.
2104 //
2105 
2106 typedef struct _MINIDUMP_MODULE {
2107  ULONG64 BaseOfImage;
2108  ULONG32 SizeOfImage;
2109  ULONG32 CheckSum;
2110  ULONG32 TimeDateStamp;
2111  RVA ModuleNameRva;
2112  VS_FIXEDFILEINFO VersionInfo;
2114  MINIDUMP_LOCATION_DESCRIPTOR MiscRecord;
2115  ULONG64 Reserved0; // Reserved for future use.
2116  ULONG64 Reserved1; // Reserved for future use.
2118 
2119 
2120 //
2121 // The minidump module list is a container for modules.
2122 //
2123 
2124 typedef struct _MINIDUMP_MODULE_LIST {
2125  ULONG32 NumberOfModules;
2126  MINIDUMP_MODULE Modules [ 0 ];
2128 
2129 
2130 //
2131 // Memory Ranges
2132 //
2133 
2134 typedef struct _MINIDUMP_MEMORY_LIST {
2135  ULONG32 NumberOfMemoryRanges;
2136  MINIDUMP_MEMORY_DESCRIPTOR MemoryRanges [0];
2138 
2139 typedef struct _MINIDUMP_MEMORY64_LIST {
2140  ULONG64 NumberOfMemoryRanges;
2141  RVA64 BaseRva;
2142  MINIDUMP_MEMORY_DESCRIPTOR64 MemoryRanges [0];
2144 
2145 
2146 //
2147 // Support for user supplied exception information.
2148 //
2149 
2151  DWORD ThreadId;
2152  PEXCEPTION_POINTERS ExceptionPointers;
2153  BOOL ClientPointers;
2155 
2156 
2157 //
2158 // Support for capturing system handle state at the time of the dump.
2159 //
2160 
2162  ULONG64 Handle;
2163  RVA TypeNameRva;
2164  RVA ObjectNameRva;
2165  ULONG32 Attributes;
2166  ULONG32 GrantedAccess;
2167  ULONG32 HandleCount;
2168  ULONG32 PointerCount;
2170 
2172  ULONG32 SizeOfHeader;
2173  ULONG32 SizeOfDescriptor;
2174  ULONG32 NumberOfDescriptors;
2175  ULONG32 Reserved;
2177 
2178 
2179 //
2180 // Support for capturing dynamic function table state at the time of the dump.
2181 //
2182 
2184  ULONG64 MinimumAddress;
2185  ULONG64 MaximumAddress;
2186  ULONG64 BaseAddress;
2187  ULONG32 EntryCount;
2188  ULONG32 SizeOfAlignPad;
2190 
2192  ULONG32 SizeOfHeader;
2193  ULONG32 SizeOfDescriptor;
2194  ULONG32 SizeOfNativeDescriptor;
2195  ULONG32 SizeOfFunctionEntry;
2196  ULONG32 NumberOfDescriptors;
2197  ULONG32 SizeOfAlignPad;
2199 
2200 
2201 //
2202 // Support for arbitrary user-defined information.
2203 //
2204 
2205 typedef struct _MINIDUMP_USER_RECORD {
2206  ULONG32 Type;
2209 
2210 
2211 typedef struct _MINIDUMP_USER_STREAM {
2212  ULONG32 Type;
2213  ULONG BufferSize;
2214  PVOID Buffer;
2215 
2217 
2218 
2220  ULONG UserStreamCount;
2221  PMINIDUMP_USER_STREAM UserStreamArray;
2223 
2224 //
2225 // Callback support.
2226 //
2227 
2228 typedef enum _MINIDUMP_CALLBACK_TYPE {
2229  ModuleCallback,
2230  ThreadCallback,
2231  ThreadExCallback,
2232  IncludeThreadCallback,
2233  IncludeModuleCallback,
2234 } MINIDUMP_CALLBACK_TYPE;
2235 
2236 
2238  ULONG ThreadId;
2239  HANDLE ThreadHandle;
2240  CONTEXT Context;
2241  ULONG SizeOfContext;
2242  ULONG64 StackBase;
2243  ULONG64 StackEnd;
2245 
2246 
2248  ULONG ThreadId;
2249  HANDLE ThreadHandle;
2250  CONTEXT Context;
2251  ULONG SizeOfContext;
2252  ULONG64 StackBase;
2253  ULONG64 StackEnd;
2254  ULONG64 BackingStoreBase;
2255  ULONG64 BackingStoreEnd;
2257 
2258 
2260  ULONG ThreadId;
2262 
2263 
2264 typedef enum _THREAD_WRITE_FLAGS {
2265  ThreadWriteThread = 0x0001,
2266  ThreadWriteStack = 0x0002,
2267  ThreadWriteContext = 0x0004,
2268  ThreadWriteBackingStore = 0x0008,
2269  ThreadWriteInstructionWindow = 0x0010
2270 } THREAD_WRITE_FLAGS;
2271 
2273  PWCHAR FullPath;
2274  ULONG64 BaseOfImage;
2275  ULONG SizeOfImage;
2276  ULONG CheckSum;
2277  ULONG TimeDateStamp;
2278  VS_FIXEDFILEINFO VersionInfo;
2279  PVOID CvRecord;
2280  ULONG SizeOfCvRecord;
2281  PVOID MiscRecord;
2282  ULONG SizeOfMiscRecord;
2284 
2285 
2287  ULONG64 BaseOfImage;
2289 
2290 
2291 typedef enum _MODULE_WRITE_FLAGS {
2292  ModuleWriteModule = 0x0001,
2293  ModuleWriteDataSeg = 0x0002,
2294  ModuleWriteMiscRecord = 0x0004,
2295  ModuleWriteCvRecord = 0x0008,
2296  ModuleReferencedByMemory = 0x0010
2297 } MODULE_WRITE_FLAGS;
2298 
2299 
2301  ULONG ProcessId;
2302  HANDLE ProcessHandle;
2303  ULONG CallbackType;
2304  union {
2305  MINIDUMP_THREAD_CALLBACK Thread;
2306  MINIDUMP_THREAD_EX_CALLBACK ThreadEx;
2307  MINIDUMP_MODULE_CALLBACK Module;
2308  MINIDUMP_INCLUDE_THREAD_CALLBACK IncludeThread;
2309  MINIDUMP_INCLUDE_MODULE_CALLBACK IncludeModule;
2310  };
2312 
2314  union {
2315  ULONG ModuleWriteFlags;
2316  ULONG ThreadWriteFlags;
2317  };
2319 
2320 
2321 //
2322 // A normal minidump contains just the information
2323 // necessary to capture stack traces for all of the
2324 // existing threads in a process.
2325 //
2326 // A minidump with data segments includes all of the data
2327 // sections from loaded modules in order to capture
2328 // global variable contents. This can make the dump much
2329 // larger if many modules have global data.
2330 //
2331 // A minidump with full memory includes all of the accessible
2332 // memory in the process and can be very large. A minidump
2333 // with full memory always has the raw memory data at the end
2334 // of the dump so that the initial structures in the dump can
2335 // be mapped directly without having to include the raw
2336 // memory information.
2337 //
2338 // Stack and backing store memory can be filtered to remove
2339 // data unnecessary for stack walking. This can improve
2340 // compression of stacks and also deletes data that may
2341 // be private and should not be stored in a dump.
2342 // Memory can also be scanned to see what modules are
2343 // referenced by stack and backing store memory to allow
2344 // omission of other modules to reduce dump size.
2345 // In either of these modes the ModuleReferencedByMemory flag
2346 // is set for all modules referenced before the base
2347 // module callbacks occur.
2348 //
2349 
2350 typedef enum _MINIDUMP_TYPE {
2351  MiniDumpNormal = 0x0000,
2352  MiniDumpWithDataSegs = 0x0001,
2353  MiniDumpWithFullMemory = 0x0002,
2354  MiniDumpWithHandleData = 0x0004,
2355  MiniDumpFilterMemory = 0x0008,
2356  MiniDumpScanMemory = 0x0010,
2357 } MINIDUMP_TYPE;
2358 
2359 
2360 //
2361 // The minidump callback should modify the FieldsToWrite parameter to reflect
2362 // what portions of the specified thread or module should be written to the
2363 // file.
2364 //
2365 
2366 typedef
2367 BOOL
2368 (WINAPI * MINIDUMP_CALLBACK_ROUTINE) (
2369  IN PVOID CallbackParam,
2370  IN CONST PMINIDUMP_CALLBACK_INPUT CallbackInput,
2371  IN OUT PMINIDUMP_CALLBACK_OUTPUT CallbackOutput
2372  );
2373 
2375  MINIDUMP_CALLBACK_ROUTINE CallbackRoutine;
2376  PVOID CallbackParam;
2378 
2379 
2380 
2381 //++
2382 //
2383 // PVOID
2384 // RVA_TO_ADDR(
2385 // PVOID Mapping,
2386 // ULONG Rva
2387 // )
2388 //
2389 // Routine Description:
2390 //
2391 // Map an RVA that is contained within a mapped file to it's associated
2392 // flat address.
2393 //
2394 // Arguments:
2395 //
2396 // Mapping - Base address of mapped file containing the RVA.
2397 //
2398 // Rva - An Rva to fixup.
2399 //
2400 // Return Values:
2401 //
2402 // A pointer to the desired data.
2403 //
2404 //--
2405 
2406 #define RVA_TO_ADDR(Mapping,Rva) ((PVOID)(((ULONG_PTR) (Mapping)) + (Rva)))
2407 
2408 BOOL
2409 WINAPI
2410 MiniDumpWriteDump(
2411  IN HANDLE hProcess,
2412  IN DWORD ProcessId,
2413  IN HANDLE hFile,
2414  IN MINIDUMP_TYPE DumpType,
2415  IN CONST PMINIDUMP_EXCEPTION_INFORMATION ExceptionParam, OPTIONAL
2416  IN CONST PMINIDUMP_USER_STREAM_INFORMATION UserStreamParam, OPTIONAL
2417  IN CONST PMINIDUMP_CALLBACK_INFORMATION CallbackParam OPTIONAL
2418  );
2419 
2420 BOOL
2421 WINAPI
2422 MiniDumpReadDumpStream(
2423  IN PVOID BaseOfDump,
2424  IN ULONG StreamNumber,
2425  OUT PMINIDUMP_DIRECTORY * Dir, OPTIONAL
2426  OUT PVOID * StreamPointer, OPTIONAL
2427  OUT ULONG * StreamSize OPTIONAL
2428  );
2429 
2430 #include <poppack.h>
2431 
2432 #ifdef __cplusplus
2433 }
2434 #endif
2435 
2436 
2437 #endif // _DBGHELP_