verifying symbol files timestamps
oknp
SymGetModuleInfo always returns the same timestamp as
GetTimestampForLoadedLibrary even if the symbol file is not there. any idea?
from msdn:
One way to verify the symbol file is to compare its timestamp to the
timestamp in the image. To retrieve the timestamp of the image, use the
GetTimestampForLoadedLibrary function. To retrieve the timestamp of the
symbol file, use the SymGetModuleInfo function.
code i wrote:
// ProcessModuleLoad is called by the debug event handlerHANDLE
hCreateProcess = NULL;BOOLProcessModuleLoad (LPDEBUG_EVENT de,
PFNODSCALLBACK fn ){ HANDLE hFile; DWORD dwBaseOfImage;
LPSTR SymbolPath; DWORD err; DWORD addr = 0; BOOL b; char buf[1000];
char searchpath[1000]; PIMAGE_DEBUG_INFORMATION pidi; if
(de->dwDebugEventCode == CREATE_PROCESS_DEBUG_EVENT) { hFile =
de->u.CreateProcessInfo.hFile; dwBaseOfImage =
(DWORD)de->u.CreateProcessInfo.lpBaseOfImage; b =
ymInitialize( (hCreateProcess = de->u.CreateProcessInfo.hProcess), NULL,
FALSE ); } else if (de->dwDebugEventCode == LOAD_DLL_DEBUG_EVENT)
hFile = de->u.LoadDll.hFile; dwBaseOfImage =
(DWORD)de->u.LoadDll.lpBaseOfDll; } assert(hCreateProcess);
SymGetSearchPath(hCreateProcess,searchpath,1000); pidi =
MapDebugInformation( hFile, NULL, searchpath, dwBaseOfImage ); if (!(addr =
SymLoadModule( hCreateProcess, hFile, NULL, NULL, dwBaseOfImage, 0 )))
err = GetLastError(); return FALSE; } if ((hFile == NULL) || (hFile ==
INVALID_HANDLE_VALUE)) { return FALSE; } IMAGEHLP_MODULE mi;
mi.SizeOfStruct = sizeof(IMAGEHLP_MODULE); if
SymGetModuleInfo( hCreateProcess, addr, &mi )) { strcpy( szApp,
mi.ImageName ); sprintf(buf,"loading symbol for %s, symbol timestamp: %08x,
loaded timestamp: %08x\n", mi.ImageName, mi.TimeDateStamp,
GetTimestampForLoadedLibrary(HMODULE(pidi->ReservedMappedBase)));
(buf); } else err = GetLastError(); UnmapDebugInformation (pidi);
return TRUE;}
oknp
posting. thanks...
i've got some idea from msdn but can't get it to work. somehow,
SymGetModuleInfo always returns the same timestamp as
GetTimestampForLoadedLibrary even if the symbol file is not there. any idea?
from msdn:
One way to verify the symbol file is to compare its timestamp to the
timestamp in the image. To retrieve the timestamp of the image, use the
GetTimestampForLoadedLibrary function. To retrieve the timestamp of the
symbol file, use the SymGetModuleInfo function.
code i wrote:
// ProcessModuleLoad is called by the debug event handlerHANDLE
HANDLE hCreateProcess = NULL;
BOOL
ProcessModuleLoad (LPDEBUG_EVENT de, PFNODSCALLBACK fn )
{
HANDLE hFile;
DWORD dwBaseOfImage;
LPSTR SymbolPath;
DWORD err;
DWORD addr = 0;
BOOL b;
char buf[1000];
char searchpath[1000];
PIMAGE_DEBUG_INFORMATION pidi;
if (de->dwDebugEventCode == CREATE_PROCESS_DEBUG_EVENT) {
hFile = de->u.CreateProcessInfo.hFile;
dwBaseOfImage = (DWORD)de->u.CreateProcessInfo.lpBaseOfImage;
b = SymInitialize( (hCreateProcess =
de->u.CreateProcessInfo.hProcess), NULL, FALSE );
} else if (de->dwDebugEventCode == LOAD_DLL_DEBUG_EVENT) {
hFile = de->u.LoadDll.hFile;
dwBaseOfImage = (DWORD)de->u.LoadDll.lpBaseOfDll;
}
assert(hCreateProcess);
SymGetSearchPath(hCreateProcess,searchpath,1000);
pidi = MapDebugInformation( hFile, NULL, searchpath, dwBaseOfImage );
if (!(addr = SymLoadModule( hCreateProcess, hFile, NULL, NULL,
dwBaseOfImage, 0 ))) {
err = GetLastError();
return FALSE;
}
if ((hFile == NULL) || (hFile == INVALID_HANDLE_VALUE)) {
return FALSE;
}
IMAGEHLP_MODULE mi;
mi.SizeOfStruct = sizeof(IMAGEHLP_MODULE);
if (SymGetModuleInfo( hCreateProcess, addr, &mi )) {
strcpy( szApp, mi.ImageName );
sprintf(buf,"loading symbol for %s, symbol timestamp: %08x, loaded
timestamp: %08x\n",
mi.ImageName, mi.TimeDateStamp,
GetTimestampForLoadedLibrary(HMODULE(pidi->ReservedMappedBase)));
fn(buf);