How to get structure info via PDB file?

Forum for discussion about user-mode development.
Post Reply
myid
Posts: 157
Joined: Sat Jun 09, 2012 2:54 am

How to get structure info via PDB file?

Post by myid » Mon Aug 10, 2015 12:36 am

Hi, we all know that we can get unexported function address via symbol file, but how to get structure info via symbol file?
I want to print structure info like WINDBG.
More simply, I want to get member offset of a structure (For example, ActiveProcessLinks offset of EPROCESS).

nullptr
Posts: 209
Joined: Sun Mar 14, 2010 6:35 am

Re: How to get structure info via PDB file?

Post by nullptr » Mon Aug 10, 2015 3:07 am


myid
Posts: 157
Joined: Sat Jun 09, 2012 2:54 am

Re: How to get structure info via PDB file?

Post by myid » Mon Aug 10, 2015 7:12 am

nullptr wrote:Try SymbolTypeViewer 1.0.0.6
http://www.laboskopia.com/download/Symb ... 0_beta.zip
I have solved this problem. I get member name and member offset via use DBGHELP API.
But I cannot get the "struct ptr type" like WINDBG. For example:

Code: Select all

   +0x1c0 QuotaBlock       : Ptr64 _EPROCESS_QUOTA_BLOCK
   +0x1c8 CpuQuotaBlock    : Ptr64 _PS_CPU_QUOTA_BLOCK
:x

Post Reply