C++

Forum

 
Problems with SymFromAddr()

Unc3nZureD (6)
Hi guys,
I would like to achieve some kind of result like the Process Hacker has when sniffing threads of a process. I'd like to parse threads to modules. As I knew, it uses SymFromAddr() to do it.

I'm trying to call SymFromAddr on all my process' threads using the following code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
 
    hThread = OpenThread(THREAD_QUERY_INFORMATION, FALSE, threadEntry32.th32ThreadID);
    if (hThread)
    {
       dwThreadStartAddr = GetThreadStartAddress(hThread);

       if (!SymInitialize(GetCurrentProcess(), 0, TRUE))
          cout << "err: 01" << endl;

       DWORD64  dwDisplacement = 0;

       char buffer[sizeof(SYMBOL_INFO) + MAX_SYM_NAME * sizeof(TCHAR)];
       PSYMBOL_INFO pSymbol = (PSYMBOL_INFO)buffer;

       pSymbol->SizeOfStruct = sizeof(SYMBOL_INFO);
       pSymbol->MaxNameLen = MAX_SYM_NAME;

       if( !SymFromAddr(GetCurrentProcess(), dwThreadStartAddr, &dwDisplacement, pSymbol))
          cout << "Failed: " << GetLastError() << " | Start Address: " << (LPVOID)dwThreadStartAddr << endl;
       else
          cout << pSymbol->Name << endl;

       CloseHandle(hThread);
    }


This is what comes as output:
http://processhacker.sourceforge.net/forums/download/file.php?id=413&mode=view


I'm getting error 126 & 487. Does anyone know what can be the cause of it? How could I solve it?
Thank you.
Topic archived. No new replies allowed.