駆動中にpeファイルを解析するpdb

ドライバの中でpeファイルのpdbを解析して、すべてコードの中で、本ブログは科学普及を担当しないで、すぐに使うことができるコードはあなたはすべて持っていて、ヘッダファイル、構造体、注釈はすべて整理してあなたはまた何がほしいですか?
CreateMapFileAndGetBaseAddr()の定義は私の次の文章を見てください.
 
 

#include 
#include 
#include "ntimage.h"

#define NB10_SIG	'01BN'
#define RSDS_SIG	'SDSR'
typedef struct  CV_HEADER
{
	DWORD Signature;
	DWORD Offset;
}CV_HEADER;

typedef struct CV_INFO_PDB20
{
	CV_HEADER	CvHeader;
	DWORD		Signature;
	DWORD		Age;
	BYTE		PdbFileName[1];
}CV_INFO_PDB20;
typedef struct CV_INFO_PDB70
{
	DWORD	CvSignature;
	GUID	Signature;
	DWORD	Age;
	BYTE	PdbFileName[1];
}CV_INFO_PDB70;

BOOL PeIsRegionValid(PVOID Base, DWORD Size, PVOID Addr, DWORD RegionSize)
{
	return ((PBYTE)Addr >= (PBYTE)Base && ((PBYTE)Addr + RegionSize) <= ((PBYTE)Base + Size));
}

// TRUE  PdbStr PDB
BOOLEAN PeGetPdb(PVOID ImageBase, DWORD ImageSize, PCHAR PdbStr)
{
	PBYTE Base = (PBYTE)ImageBase;
	BOOLEAN Result = FALSE;
	CV_HEADER* CvInfo;
	PIMAGE_DEBUG_DIRECTORY DbgDir;
	ULONG PdbNameSize = 0;

	__try
	{
		do
		{
			PIMAGE_DOS_HEADER DosHeader = (PIMAGE_DOS_HEADER)Base;
			PIMAGE_NT_HEADERS NtHeader = (PIMAGE_NT_HEADERS)(Base + DosHeader->e_lfanew);
			PIMAGE_OPTIONAL_HEADER		OptionalHeader;
			PIMAGE_OPTIONAL_HEADER64	OptionalHeader64;
			PIMAGE_OPTIONAL_HEADER32	OptionalHeader32;
			DWORD DbgDirRva = 0;

			//PE 
			OptionalHeader = (PIMAGE_OPTIONAL_HEADER)(Base + DosHeader->e_lfanew + FIELD_OFFSET(IMAGE_NT_HEADERS, OptionalHeader));
			if (OptionalHeader->Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC)	// PE32+  x64
			{
				OptionalHeader64 = (PIMAGE_OPTIONAL_HEADER64)OptionalHeader;
				DbgDirRva = OptionalHeader64->DataDirectory[IMAGE_DIRECTORY_ENTRY_DEBUG].VirtualAddress;
			}
			else	// PE32   x86
			{
				OptionalHeader32 = (PIMAGE_OPTIONAL_HEADER32)OptionalHeader;
				DbgDirRva = OptionalHeader32->DataDirectory[IMAGE_DIRECTORY_ENTRY_DEBUG].VirtualAddress;
			}

			DbgDir = (PIMAGE_DEBUG_DIRECTORY)(Base + DbgDirRva);
			if (!DbgDir)
				break;

			ProbeForRead(DbgDir, sizeof(IMAGE_DEBUG_DIRECTORY), 1);

			Result = TRUE;//   PDB 

			if (!DbgDir->AddressOfRawData || DbgDir->Type != IMAGE_DEBUG_TYPE_CODEVIEW)
				break;

			CvInfo = (CV_HEADER*)(Base + DbgDir->AddressOfRawData);
			if (!PeIsRegionValid(Base, ImageSize, CvInfo, sizeof(CV_HEADER)))
				break;

			if (CvInfo->Signature == NB10_SIG) //VC6.0 (GBK)
			{
				if (!PeIsRegionValid(Base, ImageSize, CvInfo, sizeof(CV_INFO_PDB20)+MAX_PATH))
					break;

				PdbNameSize = strlen((CHAR*)((CV_INFO_PDB20*)CvInfo)->PdbFileName);
				if (!PdbNameSize || PdbNameSize >= MAX_PATH)
					break;

				RtlCopyMemory(PdbStr, (CHAR*)((CV_INFO_PDB20*)CvInfo)->PdbFileName, PdbNameSize);
			}
			else if (CvInfo->Signature == RSDS_SIG) //VS2003+ (UTF-8)
			{
				if (!PeIsRegionValid(Base, ImageSize, CvInfo, sizeof(CV_INFO_PDB70)+MAX_PATH))
					break;

				PdbNameSize = strlen((CHAR*)((CV_INFO_PDB70*)CvInfo)->PdbFileName);
				if (!PdbNameSize || PdbNameSize >= MAX_PATH)
					break;

				RtlCopyMemory(PdbStr, (CHAR*)((CV_INFO_PDB70*)CvInfo)->PdbFileName, PdbNameSize);
			}
		} while (0);

	}
	__except (EXCEPTION_EXECUTE_HANDLER)
	{
		KdPrint(("EXCEPTION_EXECUTE_HANDLER
"));
		Result = FALSE;
	}

	return Result;
}


BOOLEAN PeGetFilePdb(PUNICODE_STRING pFilePath, PCHAR PdbStr)
{
	BOOLEAN Result = FALSE;
	SIZE_T Size = 0;
	PVOID BaseAddress = CreateMapFileAndGetBaseAddr(pFilePath, &Size);
	if (NULL == BaseAddress)
		return FALSE;

	Result = PeGetPdb(BaseAddress, Size, PdbStr);

	ZwUnmapViewOfSection(ZwCurrentProcess(), BaseAddress);
	return Result;
}

 
 
 
 
 
このブログは、安定性とスタイルの高いコードを提供することを目的としています.