peview: Improve import/export symbol lookup

dmex · dmex · commit a88c3ae1e5d4 · 2022-03-01T00:09:09.000+11:00
diff --git a/tools/peview/clrprp.c b/tools/peview/clrprp.c
@@ -22,7 +22,7 @@
  */
 
 #include <peview.h>
-#include "metahost.h"
+#include <metahost.h>
 
 typedef struct _PVP_PE_CLR_CONTEXT
 {
diff --git a/tools/peview/clrtableimportprp.c b/tools/peview/clrtableimportprp.c
@@ -142,6 +142,21 @@ VOID PvpEnumerateClrImports(
 
             if (importDll->Functions)
             {
+                if (importDll->ImportName)
+                {
+                    PPH_STRING importDllName;
+
+                    if (importDllName = PhApiSetResolveToHost(&importDll->ImportName->sr))
+                    {
+                        PhMoveReference(&importDll->ImportName, PhFormatString(
+                            L"%s (%s)",
+                            PhGetString(importDll->ImportName),
+                            PhGetString(importDllName))
+                            );
+                        PhDereferenceObject(importDllName);
+                    }
+                }
+
                 for (j = 0; j < importDll->Functions->Count; j++)
                 {
                     PPV_CLR_IMAGE_IMPORT_FUNCTION importFunction = importDll->Functions->Items[j];
diff --git a/tools/peview/expprp.c b/tools/peview/expprp.c
@@ -206,8 +206,11 @@ NTSTATUS PvpPeExportsEnumerateThread(
                 }
                 else
                 {
-                    PhPrintPointer(value, exportFunction.Function);
-                    exportNode->AddressString = PhCreateString(value);
+                    if (exportFunction.Function)
+                    {
+                        PhPrintPointer(value, exportFunction.Function);
+                        exportNode->AddressString = PhCreateString(value);
+                    }
                 }
 
                 if (exportEntry.Name)
@@ -257,11 +260,12 @@ NTSTATUS PvpPeExportsEnumerateThread(
                                 );
                         }
 
-                        if (exportSymbolName)
+                        if (!PhIsNullOrEmptyString(exportSymbolName))
                         {
                             exportNode->NameString = PhConcatStringRefZ(&exportSymbolName->sr, L" (unnamed)");
                         }
-    
+
+                        PhClearReference(&exportSymbolName);
                         PhClearReference(&exportSymbol);
                     }
                 }
@@ -746,12 +750,7 @@ BOOLEAN NTAPI PvExportTreeNewCallback(
                 getCellText->Text = PhGetStringRef(node->AddressString);
                 break;
             case PV_EXPORT_TREE_COLUMN_ITEM_NAME:
-                {
-                    if (node->NameString)
-                        getCellText->Text = PhGetStringRef(node->NameString);
-                    else
-                        PhInitializeStringRefLongHint(&getCellText->Text, L"(unnamed)");
-                }
+                getCellText->Text = PhGetStringRef(node->NameString);
                 break;
             case PV_EXPORT_TREE_COLUMN_ITEM_ORDINAL:
                 getCellText->Text = PhGetStringRef(node->OrdinalString);
diff --git a/tools/peview/impprp.c b/tools/peview/impprp.c
@@ -216,22 +216,29 @@ PPH_STRING PvpQueryModuleOrdinalName(
 
                                 if (NT_SUCCESS(PhGetProcessMappedFileName(NtCurrentProcess(), (PVOID)mappedImage.ViewBase, &exportFileName)))
                                 {
-                                    if (PhLoadModuleSymbolProvider(
-                                        PvSymbolProvider,
-                                        exportFileName,
-                                        (ULONG64)mappedImage.ViewBase,
-                                        (ULONG)mappedImage.Size
-                                        ))
+                                    PPH_SYMBOL_PROVIDER moduleSymbolProvider = NULL;
+
+                                    if (PvpLoadDbgHelp(&moduleSymbolProvider))
                                     {
-                                        // Try find the export name using symbols.
-                                        exportSymbol = PhGetSymbolFromAddress(
-                                            PvSymbolProvider,
-                                            (ULONG64)PTR_ADD_OFFSET(mappedImage.ViewBase, exportFunction.Function),
-                                            NULL,
-                                            NULL,
-                                            &exportSymbolName,
-                                            NULL
-                                            );
+                                        if (PhLoadModuleSymbolProvider(
+                                            moduleSymbolProvider,
+                                            exportFileName,
+                                            (ULONG64)mappedImage.ViewBase,
+                                            (ULONG)mappedImage.Size
+                                            ))
+                                        {
+                                            // Try find the export name using symbols.
+                                            exportSymbol = PhGetSymbolFromAddress(
+                                                moduleSymbolProvider,
+                                                (ULONG64)PTR_ADD_OFFSET(mappedImage.ViewBase, exportFunction.Function),
+                                                NULL,
+                                                NULL,
+                                                &exportSymbolName,
+                                                NULL
+                                                );
+                                        }
+
+                                        PhDereferenceObject(moduleSymbolProvider);
                                     }
 
                                     PhDereferenceObject(exportFileName);
@@ -339,8 +346,13 @@ VOID PvpProcessImports(
                         if (exportDllName = PhConvertUtf8ToUtf16(importDll.Name))
                         {
                             PPH_STRING filePath;
+                            PPH_STRING importDllName;
+
+                            if (importDllName = PhApiSetResolveToHost(&exportDllName->sr))
+                            {
+                                PhMoveReference(&exportDllName, importDllName);
+                            }
 
-                            // TODO: Implement ApiSet mappings for exportDllName. (dmex)
                             // TODO: Add DLL directory to PhSearchFilePath for locating non-system images. (dmex)
 
                             if (filePath = PhSearchFilePath(exportDllName->Buffer, L".dll"))
diff --git a/tools/peview/pdbprp.c b/tools/peview/pdbprp.c
@@ -2,7 +2,7 @@
  * PE viewer -
  *   pdb support
  *
- * Copyright (C) 2017-2021 dmex
+ * Copyright (C) 2017-2022 dmex
  *
  * This file is part of Process Hacker.
  *
@@ -187,13 +187,13 @@ END_SORT_FUNCTION
 
 BEGIN_SORT_FUNCTION(Symbol)
 {
-    sortResult = PhCompareStringWithNull(node1->Name, node2->Name, FALSE);
+    sortResult = PhCompareStringWithNull(node1->Name, node2->Name, TRUE);
 }
 END_SORT_FUNCTION
 
 BEGIN_SORT_FUNCTION(Data)
 {
-    sortResult = PhCompareStringWithNull(node1->Data, node2->Data, FALSE);
+    sortResult = PhCompareStringWithNull(node1->Data, node2->Data, TRUE);
 }
 END_SORT_FUNCTION
 
diff --git a/tools/peview/peprp.c b/tools/peview/peprp.c
@@ -1126,7 +1126,7 @@ static NTSTATUS PvpEntryPointImageThreadStart(
 {
     ULONG addressOfEntryPoint;
     PPH_STRING string;
-    PPH_STRING symbol;
+    PPH_STRING symbol = NULL;
     PPH_STRING symbolName = NULL;
     PH_SYMBOL_RESOLVE_LEVEL symbolResolveLevel = PhsrlInvalid;
 
@@ -1135,30 +1135,38 @@ static NTSTATUS PvpEntryPointImageThreadStart(
     else
         addressOfEntryPoint = PvMappedImage.NtHeaders->OptionalHeader.AddressOfEntryPoint;
 
-    if (PvMappedImage.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC)
+    if (addressOfEntryPoint)
     {
-        symbol = PhGetSymbolFromAddress(
-            PvSymbolProvider,
-            (ULONG64)PTR_ADD_OFFSET(PvMappedImage.NtHeaders32->OptionalHeader.ImageBase, addressOfEntryPoint),
-            &symbolResolveLevel,
-            NULL,
-            &symbolName,
-            NULL
-            );
-    }
-    else
-    {
-        symbol = PhGetSymbolFromAddress(
-            PvSymbolProvider,
-            (ULONG64)PTR_ADD_OFFSET(PvMappedImage.NtHeaders->OptionalHeader.ImageBase, addressOfEntryPoint),
-            &symbolResolveLevel,
-            NULL,
-            &symbolName,
-            NULL
-            );
+        if (PvMappedImage.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC)
+        {
+            symbol = PhGetSymbolFromAddress(
+                PvSymbolProvider,
+                (ULONG64)PTR_ADD_OFFSET(PvMappedImage.NtHeaders32->OptionalHeader.ImageBase, addressOfEntryPoint),
+                &symbolResolveLevel,
+                NULL,
+                &symbolName,
+                NULL
+                );
+        }
+        else
+        {
+            symbol = PhGetSymbolFromAddress(
+                PvSymbolProvider,
+                (ULONG64)PTR_ADD_OFFSET(PvMappedImage.NtHeaders->OptionalHeader.ImageBase, addressOfEntryPoint),
+                &symbolResolveLevel,
+                NULL,
+                &symbolName,
+                NULL
+                );
+        }
     }
 
-    if (symbolName && symbolResolveLevel == PhsrlFunction || symbolResolveLevel == PhsrlModule || symbolResolveLevel == PhsrlAddress)
+    if (
+        !PhIsNullOrEmptyString(symbolName) && (
+        symbolResolveLevel == PhsrlFunction ||
+        symbolResolveLevel == PhsrlModule ||
+        symbolResolveLevel == PhsrlAddress
+        ))
     {
         string = PhFormatString(L"0x%I32x (%s)", addressOfEntryPoint, PhGetStringOrEmpty(symbolName));
         PhSetListViewSubItem(Parameter, PVP_IMAGE_GENERAL_INDEX_ENTRYPOINT, 1, string->Buffer);
@@ -1171,9 +1179,8 @@ static NTSTATUS PvpEntryPointImageThreadStart(
         PhDereferenceObject(string);
     }
 
-    if (symbolName)
-        PhDereferenceObject(symbolName);
-    PhDereferenceObject(symbol);
+    PhClearReference(&symbolName);
+    PhClearReference(&symbol);
     return STATUS_SUCCESS;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,7 @@`
`22`	`22`	`*/`
`23`	`23`
`24`	`24`	`#include <peview.h>`
`25`		`-#include "metahost.h"`
	`25`	`+#include <metahost.h>`
`26`	`26`
`27`	`27`	`typedef struct _PVP_PE_CLR_CONTEXT`
`28`	`28`	`{`
Original file line number	Diff line number	Diff line change
`@@ -206,8 +206,11 @@ NTSTATUS PvpPeExportsEnumerateThread(`
`206`	`206`	`}`
`207`	`207`	`else`
`208`	`208`	`{`
`209`		`- PhPrintPointer(value, exportFunction.Function);`
`210`		`- exportNode->AddressString = PhCreateString(value);`
	`209`	`+ if (exportFunction.Function)`
	`210`	`+ {`
	`211`	`+ PhPrintPointer(value, exportFunction.Function);`
	`212`	`+ exportNode->AddressString = PhCreateString(value);`
	`213`	`+ }`
`211`	`214`	`}`
`212`	`215`
`213`	`216`	`if (exportEntry.Name)`
`@@ -257,11 +260,12 @@ NTSTATUS PvpPeExportsEnumerateThread(`
`257`	`260`	`);`
`258`	`261`	`}`
`259`	`262`
`260`		`- if (exportSymbolName)`
	`263`	`+ if (!PhIsNullOrEmptyString(exportSymbolName))`
`261`	`264`	`{`
`262`	`265`	`exportNode->NameString = PhConcatStringRefZ(&exportSymbolName->sr, L" (unnamed)");`
`263`	`266`	`}`
`264`		`-`
	`267`	`+`
	`268`	`+ PhClearReference(&exportSymbolName);`
`265`	`269`	`PhClearReference(&exportSymbol);`
`266`	`270`	`}`
`267`	`271`	`}`
`@@ -746,12 +750,7 @@ BOOLEAN NTAPI PvExportTreeNewCallback(`
`746`	`750`	`getCellText->Text = PhGetStringRef(node->AddressString);`
`747`	`751`	`break;`
`748`	`752`	`case PV_EXPORT_TREE_COLUMN_ITEM_NAME:`
`749`		`- {`
`750`		`- if (node->NameString)`
`751`		`- getCellText->Text = PhGetStringRef(node->NameString);`
`752`		`- else`
`753`		`- PhInitializeStringRefLongHint(&getCellText->Text, L"(unnamed)");`
`754`		`- }`
	`753`	`+ getCellText->Text = PhGetStringRef(node->NameString);`
`755`	`754`	`break;`
`756`	`755`	`case PV_EXPORT_TREE_COLUMN_ITEM_ORDINAL:`
`757`	`756`	`getCellText->Text = PhGetStringRef(node->OrdinalString);`
Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,7 @@`
`2`	`2`	`* PE viewer -`
`3`	`3`	`* pdb support`
`4`	`4`	`*`
`5`		`- * Copyright (C) 2017-2021 dmex`
	`5`	`+ * Copyright (C) 2017-2022 dmex`
`6`	`6`	`*`
`7`	`7`	`* This file is part of Process Hacker.`
`8`	`8`	`*`
`@@ -187,13 +187,13 @@ END_SORT_FUNCTION`
`187`	`187`
`188`	`188`	`BEGIN_SORT_FUNCTION(Symbol)`
`189`	`189`	`{`
`190`		`- sortResult = PhCompareStringWithNull(node1->Name, node2->Name, FALSE);`
	`190`	`+ sortResult = PhCompareStringWithNull(node1->Name, node2->Name, TRUE);`
`191`	`191`	`}`
`192`	`192`	`END_SORT_FUNCTION`
`193`	`193`
`194`	`194`	`BEGIN_SORT_FUNCTION(Data)`
`195`	`195`	`{`
`196`		`- sortResult = PhCompareStringWithNull(node1->Data, node2->Data, FALSE);`
	`196`	`+ sortResult = PhCompareStringWithNull(node1->Data, node2->Data, TRUE);`
`197`	`197`	`}`
`198`	`198`	`END_SORT_FUNCTION`
`199`	`199`