Added basic support for function types.

Author: tyranid

NtApiDotNet/NtApiDotNet.csproj

@@ -293,6 +293,8 @@
     <Compile Include="Win32\Debugger\DbgHelpSymbolResolver.cs" />
     <Compile Include="Win32\Debugger\EnumProcessModulesFilter.cs" />
     <Compile Include="Win32\Debugger\EnumTypeInformation.cs" />
+    <Compile Include="Win32\Debugger\FunctionParameter.cs" />
+    <Compile Include="Win32\Debugger\FunctionTypeInformation.cs" />
     <Compile Include="Win32\Debugger\IMAGEHLP_MODULE64.cs" />
     <Compile Include="Win32\Debugger\IMAGEHLP_SYMBOL_TYPE_INFO.cs" />
     <Compile Include="Win32\Debugger\MODULEINFO.cs" />

NtApiDotNet/Win32/Debugger/DbgHelpSymbolResolver.cs

@@ -0,0 +1,37 @@
+//  Copyright 2020 Google Inc. All Rights Reserved.
+//
+//  Licensed under the Apache License, Version 2.0 (the "License");
+//  you may not use this file except in compliance with the License.
+//  You may obtain a copy of the License at
+//
+//  http://www.apache.org/licenses/LICENSE-2.0
+//
+//  Unless required by applicable law or agreed to in writing, software
+//  distributed under the License is distributed on an "AS IS" BASIS,
+//  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//  See the License for the specific language governing permissions and
+//  limitations under the License.
+
+namespace NtApiDotNet.Win32.Debugger
+{
+    /// <summary>
+    /// Class for a function parameter.
+    /// </summary>
+    public sealed class FunctionParameter
+    {
+        /// <summary>
+        /// Name of the parameter.
+        /// </summary>
+        public string Name { get; }
+        /// <summary>
+        /// Type of the parameter.
+        /// </summary>
+        public TypeInformation ParameterType { get; }
+
+        internal FunctionParameter(string name, TypeInformation parameter_type)
+        {
+            Name = name;
+            ParameterType = parameter_type;
+        }
+    }
+}

NtApiDotNet/Win32/Debugger/FunctionParameter.cs

@@ -0,0 +1,41 @@
+//  Copyright 2020 Google Inc. All Rights Reserved.
+//
+//  Licensed under the Apache License, Version 2.0 (the "License");
+//  you may not use this file except in compliance with the License.
+//  You may obtain a copy of the License at
+//
+//  http://www.apache.org/licenses/LICENSE-2.0
+//
+//  Unless required by applicable law or agreed to in writing, software
+//  distributed under the License is distributed on an "AS IS" BASIS,
+//  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//  See the License for the specific language governing permissions and
+//  limitations under the License.
+
+using System.Collections.Generic;
+
+namespace NtApiDotNet.Win32.Debugger
+{
+    /// <summary>
+    /// Type information for a function.
+    /// </summary>
+    public class FunctionTypeInformation : TypeInformation
+    {
+        /// <summary>
+        /// Type for the return type.
+        /// </summary>
+        public TypeInformation ReturnType { get; }
+
+        /// <summary>
+        /// List of function parameters.
+        /// </summary>
+        public IReadOnlyList<FunctionParameter> Parameters { get; }
+
+        internal FunctionTypeInformation(int type_index, SymbolLoadedModule module, string name, TypeInformation return_type, IEnumerable<FunctionParameter> parameters)
+            : base(SymTagEnum.SymTagFunctionType, 0, type_index, module, name)
+        {
+            ReturnType = return_type;
+            Parameters = new List<FunctionParameter>(parameters).AsReadOnly();
+        }
+    }
+}

NtApiDotNet/Win32/Debugger/FunctionTypeInformation.cs

@@ -51,5 +51,19 @@ public interface ISymbolTypeResolver
         /// <param name="mask">A mask string for the type name. e.g. mod!ABC*</param>
         /// <returns>The list of types.</returns>
         IEnumerable<TypeInformation> QueryTypesByName(IntPtr base_address, string mask);
+
+        /// <summary>
+        /// Get the address of a symbol.
+        /// </summary>
+        /// <param name="name">The name of the symbol, should include the module name, e.g. modulename!MySymbol.</param>
+        /// <returns>The symbol type.</returns>
+        TypeInformation GetTypeForSymbolByName(string name);
+
+        /// <summary>
+        /// Get the address of a symbol.
+        /// </summary>
+        /// <param name="address">The address of the symbol.</param>
+        /// <returns>The symbol type.</returns>
+        TypeInformation GetTypeForSymbolByAddress(IntPtr address);
     }
 }

NtApiDotNet/Win32/Debugger/ISymbolTypeResolver.cs

@@ -17,10 +17,37 @@
 // the original author James Forshaw to be used under the Apache License for this
 // project.
 
+using System;
 using System.Runtime.InteropServices;
 
 namespace NtApiDotNet.Win32.Debugger
 {
+    [Flags]
+    enum SYMBOL_INFO_FLAGS
+    {
+        SYMFLAG_VALUEPRESENT = 0x00000001,
+        SYMFLAG_REGISTER = 0x00000008,
+        SYMFLAG_REGREL = 0x00000010,
+        SYMFLAG_FRAMEREL = 0x00000020,
+        SYMFLAG_PARAMETER = 0x00000040,
+        SYMFLAG_LOCAL = 0x00000080,
+        SYMFLAG_CONSTANT = 0x00000100,
+        SYMFLAG_EXPORT = 0x00000200,
+        SYMFLAG_FORWARDER = 0x00000400,
+        SYMFLAG_FUNCTION = 0x00000800,
+        SYMFLAG_VIRTUAL = 0x00001000,
+        SYMFLAG_THUNK = 0x00002000,
+        SYMFLAG_TLSREL = 0x00004000,
+        SYMFLAG_SLOT = 0x00008000,
+        SYMFLAG_ILREL = 0x00010000,
+        SYMFLAG_METADATA = 0x00020000,
+        SYMFLAG_CLR_TOKEN = 0x00040000,
+        SYMFLAG_NULL = 0x00080000,
+        SYMFLAG_FUNC_NO_RETURN = 0x00100000,
+        SYMFLAG_SYNTHETIC_ZEROBASE = 0x00200000,
+        SYMFLAG_PUBLIC_CODE = 0x00400000,
+    }
+
     [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode), DataStart("Name")]
     class SYMBOL_INFO
     {
@@ -31,7 +58,7 @@ class SYMBOL_INFO
         public int Index;
         public int Size;
         public long ModBase;          // Base Address of module comtaining this symbol
-        public int Flags;
+        public SYMBOL_INFO_FLAGS Flags;
         public long Value;            // Value of symbol, ValuePresent should be 1
         public long Address;          // Address of symbol including base address of module
         public int Register;         // register holding value or pointer to value

NtApiDotNet/Win32/Debugger/SYMBOL_INFO.cs

@@ -39,6 +39,7 @@ public class SymbolInformation
         /// Internal type index.
         /// </summary>
         internal int TypeIndex { get; }
+        internal SymTagEnum Tag { get; }
 
         private static SymbolInformationType MapType(SymTagEnum tag)
         {
@@ -50,6 +51,10 @@ private static SymbolInformationType MapType(SymTagEnum tag)
                     return SymbolInformationType.EnumeratedType;
                 case SymTagEnum.SymTagBaseType:
                     return SymbolInformationType.BaseType;
+                case SymTagEnum.SymTagFunction:
+                    return SymbolInformationType.Function;
+                case SymTagEnum.SymTagPointerType:
+                    return SymbolInformationType.Pointer;
                 default:
                     return SymbolInformationType.UndefinedType;
             }
@@ -62,6 +67,16 @@ internal SymbolInformation(SymTagEnum tag, long size, int type_index, SymbolLoad
             Module = module;
             TypeIndex = type_index;
             Type = MapType(tag);
+            Tag = tag;
+        }
+
+        /// <summary>
+        /// Overridden ToString method.
+        /// </summary>
+        /// <returns>Returns the symbol name.</returns>
+        public override string ToString()
+        {
+            return Name;
         }
     }
 }

NtApiDotNet/Win32/Debugger/SymbolInformation.cs

@@ -36,6 +36,14 @@ public enum SymbolInformationType
         /// </summary>
         BaseType,
         /// <summary>
+        /// A function type.
+        /// </summary>
+        Function,
+        /// <summary>
+        /// A pointer type.
+        /// </summary>
+        Pointer,
+        /// <summary>
         /// Undefined.
         /// </summary>
         UndefinedType,

NtApiDotNet/Win32/Debugger/SymbolInformationType.cs

@@ -71,7 +71,7 @@ public interface ISymbolResolver : IDisposable
         /// Get the address of a symbol.
         /// </summary>
         /// <param name="name">The name of the symbol, should include the module name, e.g. modulename!MySymbol.</param>
-        /// <returns></returns>
+        /// <returns>The address of the symbol</returns>
         IntPtr GetAddressOfSymbol(string name);
         /// <summary>
         /// Get the symbol name for an address.