利用pdb获取未导出符号

1.  
   BOOL InitSymHandler(HANDLE hProc)
2.  
   {
3.  
   CHAR SymPath[MAX_PATH], CurDir[MAX_PATH];
4.  
    
5.  
   GetCurrentDirectoryA(sizeof(CurDir) / sizeof(CurDir[0]), CurDir);
6.  
   SymSetOptions(SYMOPT_DEFERRED_LOADS|SYMOPT_EXACT_SYMBOLS|SYMOPT_CASE_INSENSITIVE|SYMOPT_UNDNAME);
7.  
   wsprintfA(SymPath, "SRV*%s\Symbols*http://msdl.microsoft.com/download/symbols", CurDir);
8.  
   return SymInitialize(hProc, SymPath, FALSE);
9.  
   }
10.  
     
11.  
    BOOL LoadSymModule(HANDLE hProc, HMODULE hDll)
12.  
    {
13.  
    CHAR szFile[MAX_PATH], SymFile[MAX_PATH];
14.  
    MODULEINFO ModInfo;
15.  
     
16.  
    GetModuleFileNameA(hDll, szFile, sizeof(szFile) / sizeof(szFile[0]));
17.  
    GetModuleInformation(hProc, hDll, &ModInfo, sizeof(ModInfo));
18.  
    if (SymGetSymbolFile(hProc, NULL, szFile, sfPdb, SymFile, MAX_PATH, SymFile, MAX_PATH))
19.  
    {
20.  
    return (SymLoadModule64(hProc, NULL, szFile, NULL, (ULONG_PTR)ModInfo.lpBaseOfDll, ModInfo.SizeOfImage) != 0);
21.  
    }
22.  
    return FALSE;
23.  
    }
24.  
     
25.  
    BOOL CALLBACK SymCallback(PSYMBOL_INFO lpSymInfo, ULONG SymbolSize, PVOID UserContext)
26.  
    {
27.  
    if (lstrcmpA(lpSymInfo->Name, "PsGetNextProcess") == 0)
28.  
    {
29.  
    DebugBreak();
30.  
    }
31.  
    return TRUE;
32.  
    }
33.  
     
34.  
    int _tmain(int argc, _TCHAR* argv[])
35.  
    {
36.  
    if (InitSymHandler(GetCurrentProcess()))
37.  
    {
38.  
    HMODULE hDll = LoadLibraryEx(TEXT("ntoskrnl.exe"), NULL, DONT_RESOLVE_DLL_REFERENCES);
39.  
     
40.  
    if (LoadSymModule(GetCurrentProcess(), hDll))
41.  
    {
42.  
    SymEnumSymbols(GetCurrentProcess(), (ULONG_PTR)hDll, NULL, SymCallback, NULL);
43.  
    }
44.  
    FreeLibrary(hDll);
45.  
    SymCleanup(GetCurrentProcess());
46.  
    }
47.  
    getchar();
48.  
    return 0;
49.  
    }

jpg改rar