@Mm were you referring to IDiaFrameData::get_lengthParams
http://msdn.microsoft.com/en-us/library/eey985z5.aspx
i just pieced together a hack to check this method and it seems to get
the number of bytes pushed into stack in 32 bit untested in 64 bit
#include <stdio.h>
#include <windows.h>
#include <dia2.h>
#define USAGE if (argc != 3) { printf( <br> “usage %s %s %s\n”,argv[0],“file.pdb”,“typename”); return 0;}
#define SHOUT(…) if(result!=S_OK){printf( VA_ARGS );exit(0);<br>}else{printf( VA_ARGS );}
#define QUIET( x ) result = x;if(result != S_OK){ <br> SHOUT(“%s %d\n” ,“failed on “, LINE );}
#define LOUD( x , … ) result = x;SHOUT( VA_ARGS );
#define RELICE( x ) if( x != NULL) { x ->Release(); }
#define MAKEVARIANT( x , y ) VARIANT y; y.vt = VT_BSTR; <br> y.bstrVal = SysAllocString( x );
#define DELVARIANT( y ) SysFreeString( y.bstrVal );
#define BUFFERSIZE 0x400
wchar_t pdb[BUFFERSIZE], type[BUFFERSIZE] = {0};
HRESULT result = E_FAIL;
IDiaDataSource *pSource = NULL;
IDiaSession *pSession = NULL;
IDiaSymbol *pSymbol = NULL;
IDiaEnumSymbols *pEnum = NULL;
IDiaEnumFrameData *pEnumFrameData = NULL;
IDiaFrameData *pFrameData = NULL;
IDiaEnumTables *pEnumTables = NULL;
IDiaTable pTable = NULL;
void relees( void) {
RELICE(pSource);
RELICE(pSession);
RELICE(pSymbol);
RELICE(pEnum);
RELICE(pEnumFrameData);
RELICE(pFrameData);
RELICE(pEnumTables);
RELICE(pTable);
}
int main(int argc, char argv) {
USAGE;
swprintf(pdb, MAX_PATH,L”%S”,argv[1]);
swprintf(type, MAX_PATH,L"%S",argv[2]);
QUIET ( CoInitialize(NULL));
QUIET ( CoCreateInstance( __uuidof(DiaSource),NULL,
CLSCTX_INPROC_SERVER,__uuidof( IDiaDataSource ),(void ) &pSource));
QUIET ( pSource->loadDataFromPdb(pdb));
QUIET ( pSource->openSession(&pSession));
QUIET ( pSession->put_loadAddress(0x804d7000));
QUIET ( pSession->get_globalScope(&pSymbol));
QUIET ( pSession->getEnumTables(&pEnumTables));
MAKEVARIANT( DiaTable_FrameData , var );
QUIET ( pEnumTables->Item( var, &pTable ));
DELVARIANT( var );
QUIET ( (pTable->QueryInterface(__uuidof(IDiaEnumFrameData),
(void) &pEnumFrameData)) );
QUIET ( pSymbol->findChildren(SymTagPublicSymbol,type,
nsCaseInRegularExpression,&pEnum));
LONG Count = 0;
QUIET ( pEnum->get_Count(&Count));
for (int i = 0; i < Count ; i++) {
IDiaSymbol *pSym = NULL;
DWORD pt32 = 0;
DWORD64 pt64 = 0;
QUIET ( pEnum->Item(i,&pSym));
BSTR name;
LOUD ( pSym->get_name(&name);,“%30s:%S\n”,“FunctionName”,name);
LOUD ( pSym->get_addressOffset(&pt32);,“%30s:%x\n”,“Offset”,pt32);
LOUD ( pSym->get_length(&pt64);,“%30s:%I64x\n”,“length”,pt64);
LOUD ( pSym->get_virtualAddress(&pt64);,“%30s:%I64x\n”,“VA”,pt64);
LOUD ( pSym->get_relativeVirtualAddress(&pt32);,“%30s:%x\n”,“RVA”,pt32);
QUIET(pEnumFrameData->frameByRVA(pt32, &pFrameData));
LOUD(pFrameData->get_lengthParams(&pt32);,“%30s: %d\n”,“args”,pt32/4);
SysFreeString(name);
pSym->Release();
}
relees();
return 0;
}
:
:>diatest32.exe ntkrnlpa.pdb _ntcreatefile
FunctionName:_NtCreateFile@44
Offset:1006e
length:3a
VA:8056e2ee
RVA:972ee
args: 11
output from compiled dia2dump sample
:>%d2dum% -fpo 0x972ee ntkrnlpa.pdb | grep -i len.*param
lengthParams: 0x2C
On 1/1/15, raj_r wrote:
> thanks Mm please do post back if you recall the name by luck
> my dates with lady dia in the past had been Cool
>
> wishing everyone who make osrlists OSRLISTS a very happy new year
>
> On 12/31/14, Martin O’Brien wrote:
>> There is a dia method for it (don’t recall the name), but it would
>> require
>> private symbols.
>>
>> Mm
>> On Dec 31, 2014 5:19 AM, “raj_r” wrote:
>>
>>> i have an x86 windbg extension that uses cdwParams from FPO_DATA
>>>
>>> grep -nHiA 10 FPO_DATA winnt.h | grep -i cdwp
>>> winnt.h-12430- WORD cdwParams; // # bytes in
>>> params/4
>>>
>>> is there an an equivalent method in x64 ?
>>>
>>> using .fnent command for an arbitrary function that has a public pdb
>>> available
>>> i can glean that this function takes n number of arguments in X86 i
>>> need to find the same information on a X64 for the same arbitrary
>>> function
>>>
>>> kd -kl -c “.fnent nt!ntCreateFile;q” | Findstr Params
>>> Params: 0n11 (0x2c bytes)
>>>
>>> in the output above windbg tells me NtCreateFile Takes 0n11 arguments in
>>> x86
>>>
>>> and i can programmatically get the same information from the dbgeng
>>> function
>>> GetFunctionEntryByOffset which returns FPO_DATA for the function in
>>> the buffer for x86
>>>
>>> but for x64 it returns an IMAGE_FUNCTION_ENTRY
>>>
>>> reading through the UnWindInfo Documentation i cant seem to find a
>>> reference to number of arguments a function may take
>>>
>>> all unWindInfo puts into .pdata section in a PE32 seems to be
>>> UWOP_XXXX entries that mainly balances the stack
>>>
>>> is there a Dia method that would return me the information if dbgeng
>>> cant return it
>>> are there any less preferable hacks that may work on x version updated
>>> to y level of windows which i can experiment with to get the number of
>>> argumets a function may take in X64 ?
>>>
>>> —
>>> WINDBG is sponsored by OSR
>>>
>>> OSR is hiring!! Info at http://www.osr.com/careers
>>>
>>> For our schedule of WDF, WDM, debugging and other seminars visit:
>>> http://www.osr.com/seminars
>>>
>>> To unsubscribe, visit the List Server section of OSR Online at
>>> http://www.osronline.com/page.cfm?name=ListServer
>>>
>>
>> —
>> WINDBG is sponsored by OSR
>>
>> OSR is hiring!! Info at http://www.osr.com/careers
>>
>> For our schedule of WDF, WDM, debugging and other seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
></dia2.h></windows.h></stdio.h>
