Giter Site home page Giter Site logo

cdef's Introduction

cdef (formerly entitled PdbReader)

Build status

Recover C language structures from Microsoft PDB files.

Help us test this app!

What it is

cdef is a software / software library that recovers structure definitions, which are of help in some low-level programming, from Microsoft PDB files with resort to DIA.

It's designed to be friendly to automation and further development, see the dedicated section below on producers and consumers for more information.

For Users

It won't function without DIA. But if you have Visual Studio development environment installed, it is most likely that you also have DIA installed.

Demonstration

See http://librecrops.github.io/lost-sdk/.

But that's merely a demonstration of cdef.

For further development upon structures or any other customized requirements, you'd better use cdef directly.

Some Comparison

EXCEPTION_REGISTRATION_RECORD

The first structure of NT_TIB.

From NirSoft.

From MoonSols.

From cdef.

PdbReader.exe Usage

usage: PdbReader action file [args]

actions:
list    output types list
xml     output xml data
def     output type definitions

Explore and discover it yourself for the time being.

For Developers

Implementation Details

To be added later.

But now feel free to look at the source code in C# as well as the demo implementation in the Scheme programming language.

Producers & Consumers

cdef understands that DIA can't be made cross-platform with ease, and therefore it will produce an intermediate representation of structures using XML.

That representation can be consumed in any programming languages , as long as someone implements a consumer.

Our consumer in Python is currently under construction, but it is of help when you want to write your own consumer.

Detailed specification of the representation may be added later.

Documentation

cdef's People

Contributors

kbridge avatar novicelive avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

trietptm-on-coding-algorithms 453483289 ysheldon

cdef's Issues

ideas 1

如果把cdef做成一个类似于包管理器的 类型管理器,要设计一种存储、传输(下载)类型的格式

1.把anonymous struct/union和function call都做成field-local的存储

例如之前是

<func id="1">
	<arg base=".VOID" wrap="p" />
	<arg base=".VOID" wrap="p" />
</func>

<field base=".VOID" wrap="f 1 p" name="CleanupGroupCancelCallback" offset="24" />

而现在可以改成

<field base=".VOID" wrap="f 1 p" name="CleanupGroupCancelCallback" offset="24">
	<func id="1">
		<arg base=".VOID" wrap="p" />
		<arg base=".VOID" wrap="p" />
	</func>
</field>

2.``package library''端的存储,根据Windows大内核版本来划分不同的结构,建立一个general目录存储结构的默认版本

general/
win2k/
win7/
win8/
win8.1/

? 区分64-bit和32-bit

3.prim types(如int)的表示由本地配置指定,这样就能被用户自定义,如:

char=u8
short=u16
int=u32

Fix the god throw

Description

All exceptions but the E_PDB_FORMAT will be handled as PdbNotFoundException.

Say, a god throw, which produces misleading messages.

Code Location

Circa Pdb.cs#L111.

Sample Output

E:\repo\PdbReader>PdbReader\bin\Debug\PdbReader.exe list c:\symbols\ntkrnlmp.pdb
\4A1E2990C0D94049AFEAEADA5768EAB31\ntkrnlmp.pdb
Retrieving the COM class factory for component with CLSID {B86AE24D-BF2F-4AC9-B5
A2-34B14E4CE11D} failed due to the following error: 80040154 Class not registere
d (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).
PdbReader: file not found: c:\symbols\ntkrnlmp.pdb\4A1E2990C0D94049AFEAEADA5768E
AB31\ntkrnlmp.pdb

Test Code

catch (COMException ex)
            {
                if (ex.ErrorCode == ErrorCodes.E_PDB_FORMAT)
                {
                    throw new PdbFormatException();
                }
                else
                {
                    Console.WriteLine(ex.Message);
                    throw new PdbNotFoundException();
                }
            }

ideas 2

To Demo the ``Implementation Details''
1.画一下ctypes的类继承关系图
2.?画一些类型表达式对应的 对象(指向/引用/连接)图

Correct the handling of the basic type 'btNoType'.

Description

Current implementation of btNoType is incorrect.

The basic type btNoType shall corresponds to an empty parameter list, i.e. (), whereas btVoid to (void) .

References

Sample

It comes from Windows 7 x64.

win32k.pdb

Output

F:\repo\PdbReader>PdbReader\bin\Debug\PdbReader.exe def c:\Symbols\win32k.pdb\21E2778DD2954987A9B7212463FFDC5E2\win32k.pdb PFNCLIENT
typedef struct _PFNCLIENT
{
    LONGLONG (*pfnScrollBarWndProc)(__NoType__);
    LONGLONG (*pfnTitleWndProc)(__NoType__);
    LONGLONG (*pfnMenuWndProc)(__NoType__);
    LONGLONG (*pfnDesktopWndProc)(__NoType__);
    LONGLONG (*pfnDefWindowProc)(__NoType__);
    LONGLONG (*pfnMessageWindowProc)(__NoType__);
    LONGLONG (*pfnSwitchWindowProc)(__NoType__);
    LONGLONG (*pfnButtonWndProc)(__NoType__);
    LONGLONG (*pfnComboBoxWndProc)(__NoType__);
    LONGLONG (*pfnComboListBoxProc)(__NoType__);
    LONGLONG (*pfnDialogWndProc)(__NoType__);
    LONGLONG (*pfnEditWndProc)(__NoType__);
    LONGLONG (*pfnListBoxWndProc)(__NoType__);
    LONGLONG (*pfnMDIClientWndProc)(__NoType__);
    LONGLONG (*pfnStaticWndProc)(__NoType__);
    LONGLONG (*pfnImeWndProc)(__NoType__);
    LONGLONG (*pfnGhostWndProc)(__NoType__);
    LONGLONG (*pfnHkINLPCWPSTRUCT)(__NoType__);
    LONGLONG (*pfnHkINLPCWPRETSTRUCT)(__NoType__);
    LONGLONG (*pfnDispatchHook)(__NoType__);
    LONGLONG (*pfnDispatchDefWindowProc)(__NoType__);
    LONGLONG (*pfnDispatchMessage)(__NoType__);
    LONGLONG (*pfnMDIActivateDlgProc)(__NoType__);
} PFNCLIENT, *PPFNCLIENT;

Add implementation of btHresult.

Description

The lack of implementation for btHresult caused a considerable number of crashes, including some high-profile or non-trivial PDB files such as urlmon.pdb and ole32.pdb.

References

Sample

It comes from Windows 7 x64.

ole32.pdb

Output

F:\repo\PdbReader>PdbReader\bin\Debug\PdbReader.exe xml c:\Symbols\ole32.pdb\EE489189724F4D47AECCFDB5534824352\ole32.pdb

Unhandled Exception: System.NotImplementedException: btHresult
   at PdbReader.Translator._TranslateBaseType(IDiaSymbol sym) in \\vboxsvr\novicelive\repo\PdbReader\PdbReader\Translator.cs:line 85
   at PdbReader.Translator.TranslateBaseType(IDiaSymbol sym) in \\vboxsvr\novicelive\repo\PdbReader\PdbReader\Translator.cs:line 90
   at PdbReader.Translator.Translate(IDiaSymbol sym) in \\vboxsvr\novicelive\repo\PdbReader\PdbReader\Translator.cs:line 19
   at PdbReader.Translator.TranslateFunc(IDiaSymbol sym) in \\vboxsvr\novicelive\repo\PdbReader\PdbReader\Translator.cs:line 105
   at PdbReader.Translator.Translate(IDiaSymbol sym) in \\vboxsvr\novicelive\repo\PdbReader\PdbReader\Translator.cs:line 28
   at PdbReader.Translator.TranslatePtr(IDiaSymbol sym) in \\vboxsvr\novicelive\repo\PdbReader\PdbReader\Translator.cs:line 94
   at PdbReader.Translator.Translate(IDiaSymbol sym) in \\vboxsvr\novicelive\repo\PdbReader\PdbReader\Translator.cs:line 22
   at PdbReader.Translator.TranslateMember(IDiaSymbol subSym) in \\vboxsvr\novicelive\repo\PdbReader\PdbReader\Translator.cs:line 128
   at PdbReader.Translator.TranslateStruct(IDiaSymbol sym) in \\vboxsvr\novicelive\repo\PdbReader\PdbReader\Translator.cs:line 149
   at PdbReader.PdbSymbolType.Type_Struct.Translate(Translator translator, IDiaSymbol symbol) in \\vboxsvr\novicelive\repo\PdbReader\PdbReader\PdbSymbolType.cs:line 20
   at PdbReader.PdbSymbol.TranslateBy(Translator translator) in \\vboxsvr\novicelive\repo\PdbReader\PdbReader\PdbSymbol.cs:line 42
   at PdbReader.AppAction.Action_Xml.Execute(App app) in \\vboxsvr\novicelive\repo\PdbReader\PdbReader\AppAction.cs:line 33
   at PdbReader.App.Run() in \\vboxsvr\novicelive\repo\PdbReader\PdbReader\App.cs:line 61
   at PdbReader.Program.Main(String[] args) in \\vboxsvr\novicelive\repo\PdbReader\PdbReader\Program.cs:line 17

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.