SymLoadModule64 and GetCurrentProcess from C#

StackOverflow https://stackoverflow.com/questions/7878182

  •  11-02-2021
  •  | 
  •  

Question

I want to use the dbghelp library to get some type and program information from a pdb file. Now, because I like C# much more than C++, I'm currently trying to get it working from within C#. I'm currently stuck at a call to SymLoadModule64. I've got a working call in C++, looking like this:

const TCHAR* pModName = argv[1]; 
HANDLE currentProcHandle = GetCurrentProcess();

DWORD64 ModBase = ::SymLoadModule64 ( 
            currentProcHandle,
            NULL,
            pModName,
            NULL,
            0, 
            0);

However, when trying to somehow call that from C#, I keep getting errors:

    [DllImport("dbghelp.dll", SetLastError = true)]
    public static extern ulong SymLoadModule64(IntPtr hProcess, IntPtr hFile,
    string ImageName, string ModuleName,
    ulong BaseOfDll, uint SizeOfDll);

[...]

            var loadedModule = SymLoadModule64(
                currentProcHandle,
                System.IntPtr.Zero,
                "C:\\Path\\To\\Executable.exe",
                string.Empty,
                0,
                0);

results in loadedModule being set to 0 and Marshal.GetLastWin32Error() returning 6 (ERROR_INVALID_HANDLE). Now, I thought that as it seems to be a problem with the handle, I could just use the native function for retrieving it (to avoid any pitfalls due to incompatibilities from c# handle retrieving stuff to what c++ expects etc.). However, while the managed

Process.GetCurrentProcess().Handle;

always returns something more or less meaningful (1008, 1036, ...), a call to

[DllImport("kernel32.dll")]
static extern IntPtr GetCurrentProcess();
GetCurrentProcess();

always returns -1.

So: As I'd appreciate any ideas on the "major" question (how can I get the SymLoadModule64() working from C#), I'd of course really like to know as well why the call to the GetCurrentProcess() fails. Thanks in advance.

Was it helpful?

Solution

The process handle that you pass as the first parameter to SymLoadModule64 can be an arbitrary value, it does not actually have to be a valid handle to a process. However, for every process handle you want to use, you must first initialize dbghelp for that value by calling SymInitialize.

As for GetCurrentProcess, the value -1 is a pseudo-handle referring to the current process. It can be used with most Windows functions that expect a handle. Note that the fact that the function returns the pseudo-handle is very well documented.

OTHER TIPS

For working code for your "major question" on how to implement usage of SymLoadModule64 in C# (reply displayed at the end) see http://social.msdn.microsoft.com/Forums/en/netfxtoolsdev/thread/d79f7876-6d37-429f-937c-57797462473a

Also see this SO question and answer DbgHelp.dll : calling SymGetModuleInfo64 from C# - it has some nice code which should help you get started...

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top