0

I'm trying to use SymGetLineFromAddr64 to get the source file name of symbols loaded from a PDB. I load the PDB module and enumerate on the types/symbols, but the Address field from the SYMBOL_INFO pointer I get in the enumeration callback is always 0 so I can't use it to get the source file information. (SymGetLineFromAddr64 fails with error code 126 "The specified module could not be found.")

I also tried using the TI_GET_ADDRESS property from the SymInfo->Index but it's 0 too.

Here's my main:

int main(char **Argv, int Argc)
{
    HANDLE Process = GetCurrentProcess();
    DWORD ProcessId = GetProcessId(Process);

    DWORD Options = SymGetOptions();
    Options |= SYMOPT_DEBUG;
    Options |= SYMOPT_LOAD_LINES;
    Options |= SYMOPT_LOAD_ANYTHING; // Wanted to test if this would do anything at all, didn't do much
    SymSetOptions(Options);

    if (SymInitialize(Process, 0, 0) == TRUE)
    {
        char *FilePath = "C:\\Users\\pc\\Documents\\Saedo\\VSProjects\\x64\\Debug\\PDBReflector.pdb";
        DWORD64 BaseAddress = 0x10000000;
        DWORD FileSize = GetFileSize(FilePath);

        DWORD64 Module = SymLoadModuleEx(Process, 0, FilePath, 0, BaseAddress, FileSize, 0, 0);
        if (Module)
        {
            Reflector.Process = Process; //Reflector is just a global struct that contains the process and module base for use later
            Reflector.ModuleBase = Module;

            SymEnumTypes(Process, Module, EnumTypesProc, 0);
        }
    }

    SymCleanup(Process);

    return(0);
}

And here's the enumerator:

BOOL CALLBACK EnumTypesProc(SYMBOL_INFO *SymInfo, ULONG SymbolSize, VOID *UserContext)
{
    if (SymInfo)
    {
        ULONG64 Address = SymInfo->Address; // Address is 0
        //SymGetTypeInfo(Reflector.Process, Reflector.ModuleBase, SymInfo->Index, TI_GET_ADDRESS, &Address); // Address is 0 as well

        IMAGEHLP_LINE64 LineInfo = {};
        LineInfo.SizeOfStruct = sizeof(IMAGEHLP_LINE64);
        DWORD LineDisplacement = 0;
        if (SymGetLineFromAddr64(Reflector.Process, Address, &LineDisplacement, &LineInfo))
        {
            Log("FILE: %s\n", LineInfo.FileName);
        }
    }

    return(TRUE);
}

Compiling using VS2015 Community Edition, X64 Debug mode with /Zi for the Debug Information Format and "Optimize for debugging" (/DEBUG).

Note that I'm loading the PDB for the same executable that's running. I didn't think that would be the issue because I could load other type information just fine. And I also tried inspecting another PDB, the addresses were 0 as well.

Question: Why am I getting 0 in the Address field and how to actually get the right address so that I could retrieve the source file of a particular type/tag? Pretty sure I'm missing something obvious here.

Thanks for any help.

Matt Johnson-Pint
  • 230,703
  • 74
  • 448
  • 575
vexe
  • 5,433
  • 12
  • 52
  • 81
  • 1
    but type have no address. it and must be 0 in `SymEnumSymbolsProc Callback` Function. try for compare `SymEnumSymbols` - symbols, unlike type have address – RbMm Apr 03 '18 at 06:35
  • Yeah it seems like I missunderstood. I thought types had an address associated with them. `SymEnumSymbols` gives me back symbols with valid addresses but they're not types/Udts or enums, just globals. – vexe Apr 04 '18 at 01:39
  • ok, try think - which must be address of some *UDT* by sense ? in case function or global/static variable - what is address understandably. but in case type - it simply no address at all by sense – RbMm Apr 04 '18 at 07:07

0 Answers0