mirror of
https://github.com/wavestone-cdt/EDRSandblast.git
synced 2026-06-08 16:37:12 +00:00
Maxime Meignan
4d414edb77
When loading a PDB that was already on disk (not downloaded) for a specific PE, verifies that the PDB file is indeed for the current version of the target PE. (Did I just started to write a PDB file parser ?)
14 lines
441 B
C
14 lines
441 B
C
#pragma once
|
|
#include "PEParser.h"
|
|
|
|
typedef struct symbol_ctx_t {
|
|
LPWSTR pdb_name_w;
|
|
DWORD64 pdb_base_addr;
|
|
HANDLE sym_handle;
|
|
} symbol_ctx;
|
|
|
|
symbol_ctx* LoadSymbolsFromPE(PE* pe);
|
|
symbol_ctx* LoadSymbolsFromImageFile(LPCWSTR image_file_path);
|
|
DWORD64 GetSymbolOffset(symbol_ctx* ctx, LPCSTR symbol_name);
|
|
DWORD GetFieldOffset(symbol_ctx* ctx, LPCSTR struct_name, LPCWSTR field_name);
|
|
void UnloadSymbols(symbol_ctx* ctx, BOOL delete_pdb); |