1

When i try to use the functions SymbolFromName() e SymbolFromAddress() the return code always return 126 (MODULE_NOT_FOUND), the code is :

    #include<dbghelp.h>
    #include <iostream>
    #include <Windows.h>
    #include <windows.h>
    #include <debugapi.h>
    #include <WinBase.h>
    
    using namespace std;

    int main(){
    DWORD  error;
    HANDLE hProcess;

    SymSetOptions(SYMOPT_UNDNAME | SYMOPT_DEFERRED_LOADS);

    hProcess = GetCurrentProcess();

    if (!SymInitialize(hProcess, NULL, TRUE))
    {
        // SymInitialize failed
        error = GetLastError();
        cout << "SymInitialize returned error " << error << endl;;
        return FALSE;
    }}
    

    hProcess = GetCurrentProcess();

    SymSetOptions(SYMOPT_UNDNAME | SYMOPT_DEFERRED_LOADS);
    SymInitialize(hProcess, NULL, TRUE);

    TCHAR szSymbolName[MAX_SYM_NAME];
    ULONG64 buffer[(sizeof(SYMBOL_INFOW) +
        MAX_SYM_NAME * sizeof(TCHAR) +
        sizeof(ULONG64) - 1) /
        sizeof(ULONG64)];
    PSYMBOL_INFO pSymbol = (PSYMBOL_INFO)buffer;

    _tcscpy_s(szSymbolName, MAX_SYM_NAME, TEXT("mainCRTStartup")); // i  
    know the entrypoint name by using >>nm command in windows for extract 
    symbol
    pSymbol->SizeOfStruct = sizeof(SYMBOL_INFO);
    pSymbol->MaxNameLen = MAX_SYM_NAME;

    if (SymFromName(hProcess, szSymbolName, pSymbol)){
       cout << pSybol->address
    } // this return always 126

    }

i use VisualStudio and the default debugger for testing it. Part of the code above is taken from MSDN documentation, here.

EDIT : i know the main simbol thanks to nm, that can extract a list of symbols, in my case it contains :

 00401300 T _WinMainCRTStartup
 00401460 T _main
 004012e0 T _mainCRTStartup

I also try to using different symbols name like main, mainCRTStartup, wWinMain, WinMain and so on, without any results

colo
  • 101
  • 8
  • I can reproduce this, but if I replace `"WinMainCRTStartup"` with `"main"`, it works. – Jabberwocky Sep 24 '20 at 11:37
  • Are you sure your exe file contains the symbol `WinMainCRTStartup`? A console program doesn't use this symbol, but it uses `mainCRTStartup` instead. – Jabberwocky Sep 24 '20 at 11:46
  • i also try main, wmain, mainCRTSurtup, wmainCRTSurtup and also others, with any results – colo Sep 24 '20 at 12:49
  • It's `mainCRTStartup `, not `mainCRTSurtup`, check that. Otherwise [edit] and show a [mcve] – Jabberwocky Sep 24 '20 at 12:52
  • Thanks for the edit, but it's still not a [MCVE]. Latter is a piece of code I can copy/paste and run in my Visual Studio. – Jabberwocky Sep 24 '20 at 14:27
  • just cecked, i'm sure that the entrypoint is mainCRTStartup and also in the program there is also a main() function (i saw it by using debugger) but none of names return a different result. the problem, i think, is not on the name of symbol that i use – colo Sep 24 '20 at 14:28
  • BTW what is `nm`? I don't have `nm.exe` on my computer. it doesn't sound likke a Microsoft tool- – Jabberwocky Sep 24 '20 at 14:29
  • In your code you still have `WinMainCRTStartup` instead of `mainCRTStartup`. Does it work with `mainCRTStartup`? Anyway post a [MCVE] – Jabberwocky Sep 24 '20 at 14:30
  • now is a minimal reproducile example, as i just say i also try mainCRTStartup and also only main, but with no result. – colo Sep 24 '20 at 14:35
  • Your code does not compile – Jabberwocky Sep 24 '20 at 14:37
  • 1
    There are some errors in your code (although just some header files and parentheses). After I fixed the problem, `mainCRTStartup` worked fine for me but `WinMainCRTStartup` didn't. So are you sure your exe file contains the symbol `WinMainCRTStartup`? – Zeus Sep 25 '20 at 02:13
  • the example above is not complete but i also try to using mainCRTStartup and also other combinations and symbols name but with the same result: MODULE_NOT_FOUND (err code 126), maybe the problem is that the loading of the symbol in memory is deferred until the "request" for the particular symbol. but i'm not sure of that, i'm sure that the problem is not on the parameters of the function – colo Sep 25 '20 at 12:33
  • what windows version do you have ? and also x86 or x64? – colo Sep 25 '20 at 12:51
  • Both x86 and x64 work fine for me. – Zeus Sep 27 '20 at 01:45
  • Can you confirm whether you are using UNICODE encoding or multi-byte encoding, and whether you have forced `szSymbolName` in the `SymFromName` function? – Zeus Sep 29 '20 at 09:14
  • i use multi-byte encoding but i also try with UNICODE, i don't think that i'm forced to use some particular encoding, the [documentation](https://learn.microsoft.com/en-us/windows/win32/api/dbghelp/nf-dbghelp-symfromname) doesn't specify that – colo Sep 30 '20 at 12:10
  • The sample also works for me. – Drake Wu Oct 01 '20 at 08:51

0 Answers0