├── .github
    ├── FUNDING.yml
    └── workflows
    │   └── symbolizer-rs.yml
├── .gitignore
├── Cargo.toml
├── LICENSE
├── README.md
├── pics
    ├── batch.webp
    ├── single.webp
    ├── symbolizer-rs-download.webp
    ├── symbolizer-rs-symbolizer.webp
    └── symbolizer-rs.webp
├── rustfmt.toml
└── src
    ├── hex_addrs_iter.rs
    ├── human.rs
    └── main.rs


/.github/FUNDING.yml:
--------------------------------------------------------------------------------
1 | github: 0vercl0k
2 | 


--------------------------------------------------------------------------------
/.github/workflows/symbolizer-rs.yml:
--------------------------------------------------------------------------------
 1 | name: Builds
 2 | 
 3 | on: [push, pull_request]
 4 | 
 5 | jobs:
 6 |   fmt:
 7 |     runs-on: ubuntu-latest
 8 |     name: fmt
 9 |     steps:
10 |       - name: Checkout 
11 |         uses: actions/checkout@v4
12 | 
13 |       - name: Set up rust
14 |         run: rustup default nightly
15 | 
16 |       - name: Install rustfmt
17 |         run: rustup component add rustfmt
18 | 
19 |       - name: cargo fmt
20 |         run: cargo +nightly fmt --check
21 | 
22 |   clippy:
23 |     name: clippy
24 |     runs-on: ubuntu-latest
25 |     steps:
26 |       - name: Checkout 
27 |         uses: actions/checkout@v4
28 | 
29 |       - name: Set up rust
30 |         run: rustup default stable
31 | 
32 |       - name: cargo clippy
33 |         env:
34 |           RUSTFLAGS: "-Dwarnings"
35 |         run: cargo clippy --workspace --tests --examples
36 | 
37 |   doc:
38 |     name: doc
39 |     runs-on: ubuntu-latest
40 |     steps:
41 |       - name: Checkout 
42 |         uses: actions/checkout@v4
43 | 
44 |       - name: Set up rust
45 |         run: rustup default stable
46 | 
47 |       - name: cargo doc
48 |         env:
49 |           RUSTDOCFLAGS: "-Dwarnings"
50 |         run: cargo doc
51 | 
52 |   build:
53 |     strategy:
54 |       fail-fast: false
55 |       matrix:
56 |         os: [ubuntu-latest, windows-latest, macos-latest]
57 | 
58 |     runs-on: ${{ matrix.os }}
59 |     name: build & test / ${{ matrix.os }}
60 |     steps:
61 |       - name: Checkout 
62 |         uses: actions/checkout@v4
63 | 
64 |       - name: Set up rust
65 |         run: rustup default stable
66 | 
67 |       - name: cargo test
68 |         run: cargo test --all-targets
69 | 
70 |       - name: cargo test release
71 |         run: cargo test --release --all-targets
72 | 
73 |       - name: cargo check
74 |         run: cargo check --all-targets
75 | 
76 |       - name: cargo build
77 |         run: cargo build --release --all-targets
78 | 
79 |       - name: Upload artifacts
80 |         uses: actions/upload-artifact@v4
81 |         with:
82 |           name: symbolizer-rs.${{ matrix.os }}
83 |           path: |
84 |             target/release/symbolizer-rs.exe
85 |             target/release/symbolizer_rs.pdb
86 |             target/release/symbolizer-rs
87 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | # Generated by Cargo
 2 | # will have compiled files and executables
 3 | debug/
 4 | target/
 5 | 
 6 | # Remove Cargo.lock from gitignore if creating an executable, leave it for libraries
 7 | # More information here https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html
 8 | Cargo.lock
 9 | 
10 | # These are backup files generated by rustfmt
11 | **/*.rs.bk
12 | 
13 | # MSVC Windows builds of rustc generate these, which store debugging information
14 | *.pdb
15 | 


--------------------------------------------------------------------------------
/Cargo.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name = "symbolizer-rs"
 3 | categories = ["command-line-utilities", "development-tools::debugging"]
 4 | description = "A fast execution trace symbolizer for Windows that runs on all major platforms and doesn't depend on any Microsoft libraries."
 5 | include = ["/Cargo.toml", "/LICENSE", "/src/**", "README.md"]
 6 | version = "0.2.0"
 7 | authors = ["Axel '0vercl0k' Souchet"]
 8 | license = "MIT"
 9 | rust-version = "1.70"
10 | repository = "https://github.com/0vercl0k/symbolizer-rs"
11 | keywords = ["windows", "kernel", "crash-dump", "symbols", "pdb"]
12 | edition = "2021"
13 | 
14 | [dependencies]
15 | anyhow = "1.0"
16 | clap = { version = "4.5", features = ["derive"] }
17 | addr-symbolizer = { version = "0.1" }
18 | env_logger = "0.11"
19 | itoa = "1.0"
20 | kdmp-parser = "0.5"
21 | 
22 | [profile.release]
23 | debug = true
24 | panic = "abort"
25 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2024 Axel Souchet
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | <div align='center'>
  2 |   <h1><code>symbolizer-rs</code></h1>
  3 |   <p>
  4 |     <strong>A fast execution trace symbolizer for Windows that runs on all major platforms and doesn't depend on any Microsoft libraries.</strong>
  5 |   </p>
  6 |   <p>
  7 |     <a href="https://crates.io/crates/symbolizer-rs"><img src="https://img.shields.io/crates/v/symbolizer-rs.svg" /></a>
  8 |     <img src='https://github.com/0vercl0k/symbolizer-rs/workflows/Builds/badge.svg'/>
  9 |   </p>
 10 |   <p>
 11 |     <img src='https://github.com/0vercl0k/symbolizer-rs/raw/main/pics/symbolizer-rs.webp'/>
 12 |   </p>
 13 | </div>
 14 | 
 15 | ## Overview
 16 | 
 17 | [symbolizer-rs](https://github.com/0vercl0k/symbolizer-rs) is the successor of [symbolizer](https://github.com/0vercl0k/symbolizer): it is faster, better and runs on all major platforms.
 18 | 
 19 | <p align='center'>
 20 | <img src='https://github.com/0vercl0k/symbolizer-rs/raw/main/pics/symbolizer-rs-symbolizer.webp'>
 21 | </p>
 22 | 
 23 | It doesn't depend on [dbgeng](https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-engine-api-overview) and download / parse PDB symbols on its own (thanks to the [pdb](https://github.com/getsentry/pdb) crate) unlike [symbolizer](https://github.com/0vercl0k/symbolizer) which was depending on Microsoft's [dbgeng](https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-engine-api-overview) for that.
 24 | 
 25 | <p align='center'>
 26 | <img src='https://github.com/0vercl0k/symbolizer-rs/raw/main/pics/symbolizer-rs-download.webp'>
 27 | </p>
 28 | 
 29 | [symbolizer-rs](https://github.com/0vercl0k/symbolizer-rs) allows you to transform raw execution traces (`0xfffff8053b9ca5c0`) into symbolized ones (`nt!KiPageFault+0x0`). In order to be able to do this, it needs a kernel crash-dump that contains the lists of user / kernel modules available as well as their PE headers to extract the PDB information necessary to download them off Microsoft or any other symbol server. This tool was made originally to be paired with the [what the fuzz](https://github.com/0vercl0k/wtf) snapshot fuzzer but can be used by any similar tools.
 30 | 
 31 | Here is an example of a raw execution trace..:
 32 | 
 33 | ```text
 34 | 0xfffff8053b9ca5c0
 35 | 0xfffff8053b9ca5c1
 36 | 0xfffff8053b9ca5c8
 37 | 0xfffff8053b9ca5d0
 38 | 0xfffff8053b9ca5d4
 39 | 0xfffff8053b9ca5d8
 40 | 0xfffff8053b9ca5dc
 41 | 0xfffff8053b9ca5e0
 42 | ```
 43 | 
 44 | ..transformed into a full symbolized trace:
 45 | 
 46 | ```text
 47 | ntoskrnl.exe!KiPageFault+0x0
 48 | ntoskrnl.exe!KiPageFault+0x1
 49 | ntoskrnl.exe!KiPageFault+0x8
 50 | ntoskrnl.exe!KiPageFault+0x10
 51 | ntoskrnl.exe!KiPageFault+0x14
 52 | ntoskrnl.exe!KiPageFault+0x18
 53 | ntoskrnl.exe!KiPageFault+0x1c
 54 | ntoskrnl.exe!KiPageFault+0x20
 55 | ```
 56 | 
 57 | Or into a `mod+offset` (*modoff*) trace to load it into [Lighthouse](https://github.com/gaasedelen/lighthouse) for code-coverage exploration:
 58 | 
 59 | ```text
 60 | ntoskrnl.exe+0x1ca5c0
 61 | ntoskrnl.exe+0x1ca5c1
 62 | ntoskrnl.exe+0x1ca5c8
 63 | ntoskrnl.exe+0x1ca5d0
 64 | ntoskrnl.exe+0x1ca5d4
 65 | ntoskrnl.exe+0x1ca5d8
 66 | ntoskrnl.exe+0x1ca5dc
 67 | ntoskrnl.exe+0x1ca5e0
 68 | ntoskrnl.exe+0x1ca5e4
 69 | ntoskrnl.exe+0x1ca5e8
 70 | ```
 71 | 
 72 | ## Installation
 73 | 
 74 | - `cargo install symbolizer-rs`
 75 | - Build it yourself with by cloning the repository with `git clone https://github.com/0vercl0k/symbolizer-rs.git`, and build with `cargo build --release`.
 76 | - Prebuilts binaries available in the [Releases](https://github.com/0vercl0k/symbolizer-rs/releases/) section
 77 | 
 78 | ### Batch mode
 79 | 
 80 | The batch mode is designed to symbolize an entire directory filled with execution traces. You can turn on batch mode by simply specifying a directory for the `--trace` command line option and an output directory for the `--output` option.
 81 | 
 82 | ![Batch mode](https://github.com/0vercl0k/symbolizer-rs/raw/main/pics/batch.webp)
 83 | 
 84 | ### Single file mode
 85 | 
 86 | As opposed to batch mode, you can symbolize a single trace file by specifying a trace file path via the `--trace` command line option.
 87 | 
 88 | ![Single mode](https://github.com/0vercl0k/symbolizer-rs/raw/main/pics/single.webp)
 89 | 
 90 | ## Usage
 91 | 
 92 | ```text
 93 | A fast execution trace symbolizer for Windows.
 94 | 
 95 | Usage: symbolizer-rs.exe [OPTIONS] --trace <TRACE>
 96 | 
 97 | Options:
 98 |   -t, --trace <TRACE>
 99 |           Directory path full of traces or single input trace file
100 | 
101 |   -o, --output <OUTPUT>
102 |           Output directory where to write symbolized traces, a path to an output file, or empty for the output to go on stdout
103 | 
104 |   -c, --crash-dump <CRASH_DUMP>
105 |           Path to the crash-dump to load. If not specified, an attempt is made to find a 'state/mem.dmp' file in the same directory than the trace file
106 | 
107 |   -s, --skip <SKIP>
108 |           Skip a number of lines
109 | 
110 |           [default: 0]
111 | 
112 |   -m, --max <MAX>
113 |           The maximum amount of lines to process per file
114 | 
115 |           [default: 20000000]
116 | 
117 |       --style <STYLE>
118 |           The symbolization style (mod+offset or mod!f+offset)
119 | 
120 |           [default: full]
121 | 
122 |           Possible values:
123 |           - modoff: Module + offset style like `foo.dll+0x11`
124 |           - full:   Full symbol style like `foo.dll!func+0x11`
125 | 
126 |       --overwrite
127 |           Overwrite the output files if they exist
128 | 
129 |       --line-numbers
130 |           Include line numbers in the symbolized output
131 | 
132 |       --symsrv <SYMSRV>
133 |           Symbol servers to use to download PDBs; you can provide more than one
134 | 
135 |           [default: https://msdl.microsoft.com/download/symbols/]
136 | 
137 |       --sympath <SYMPATH>
138 |           Specify a symbol path. If not specified, _NT_SYMBOL_PATH will be parsed if present
139 | 
140 |       --out-buffer-size <OUT_BUFFER_SIZE>
141 |           The size in bytes of the buffer used to write data into the output files
142 | 
143 |           [default: 3145728]
144 | 
145 |       --in-buffer-size <IN_BUFFER_SIZE>
146 |           The size in bytes of the buffer used to read data from the input files
147 | 
148 |           [default: 1048576]
149 | 
150 |   -h, --help
151 |           Print help (see a summary with '-h')
152 | ```
153 | 
154 | ## Authors
155 | 
156 | * Axel '[0vercl0k](https://twitter.com/0vercl0k)' Souchet
157 | 
158 | ## Contributors
159 | 
160 | [ ![contributors-img](https://contrib.rocks/image?repo=0vercl0k/symbolizer-rs) ](https://github.com/0vercl0k/symbolizer-rs/graphs/contributors)
161 | 


--------------------------------------------------------------------------------
/pics/batch.webp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0vercl0k/symbolizer-rs/cb12dcced44d9e1d2d9f9db7a1250c2b2536e598/pics/batch.webp


--------------------------------------------------------------------------------
/pics/single.webp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0vercl0k/symbolizer-rs/cb12dcced44d9e1d2d9f9db7a1250c2b2536e598/pics/single.webp


--------------------------------------------------------------------------------
/pics/symbolizer-rs-download.webp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0vercl0k/symbolizer-rs/cb12dcced44d9e1d2d9f9db7a1250c2b2536e598/pics/symbolizer-rs-download.webp


--------------------------------------------------------------------------------
/pics/symbolizer-rs-symbolizer.webp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0vercl0k/symbolizer-rs/cb12dcced44d9e1d2d9f9db7a1250c2b2536e598/pics/symbolizer-rs-symbolizer.webp


--------------------------------------------------------------------------------
/pics/symbolizer-rs.webp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0vercl0k/symbolizer-rs/cb12dcced44d9e1d2d9f9db7a1250c2b2536e598/pics/symbolizer-rs.webp


--------------------------------------------------------------------------------
/rustfmt.toml:
--------------------------------------------------------------------------------
 1 | reorder_modules = true
 2 | use_field_init_shorthand = true
 3 | 
 4 | unstable_features = true
 5 | indent_style = "Block"
 6 | reorder_imports = true
 7 | imports_granularity = "Module"
 8 | normalize_comments = true
 9 | normalize_doc_attributes = true
10 | overflow_delimited_expr = true
11 | reorder_impl_items = true
12 | group_imports = "StdExternalCrate"
13 | wrap_comments = true


--------------------------------------------------------------------------------
/src/hex_addrs_iter.rs:
--------------------------------------------------------------------------------
  1 | // Axel '0vercl0k' Souchet - March 8 2024
  2 | //! This module contains an iterator that yields `u64` addresses converted from
  3 | //! hexadecimal strings read out of a `Reader`. I needed to implement this to
  4 | //! avoid having allocation / deallocation in the fast path when reading input
  5 | //! traces (`read_line`, `read_until`, etc. allocate a heap buffer).
  6 | use std::io::Read;
  7 | use std::ops::RangeTo;
  8 | 
  9 | use anyhow::{anyhow, bail, Context, Result};
 10 | 
 11 | /// Fill a `buffer` starting at the offset `append_idx` and return the slice of
 12 | /// data that was read. Also, return if EOF was hit or not.
 13 | fn fill_buffer<'buffer>(
 14 |     reader: &mut impl Read,
 15 |     buffer: &'buffer mut [u8],
 16 |     append_idx: usize,
 17 | ) -> Result<(&'buffer [u8], bool)> {
 18 |     // Special note; we need to loop until we read what we wanted because `read`
 19 |     // doesn't guarantee to return as much data as you've asked, even if it isn't
 20 |     // EOF. To work around that, we loop and call it as much as we need.
 21 |     //   > It is not an error if the returned value n is smaller than the buffer
 22 |     //   > size,
 23 |     //   > even when the reader is not at the end of the stream yet. This may happen
 24 |     //   > for
 25 |     //   > example because fewer bytes are actually available right now (e. g. being
 26 |     //   > close to end-of-file) or because read() was interrupted by a signal.
 27 |     //   > Source: https://doc.rust-lang.org/std/io/trait.Read.html#tymethod.read
 28 |     // Note that `read_exact` is also not desirable here, because we 'The contents
 29 |     // of buf are unspecified in this case.'.
 30 |     let mut append_idx = append_idx;
 31 |     let mut amount_wanted = buffer.len() - append_idx;
 32 |     let mut eof = false;
 33 |     while amount_wanted > 0 {
 34 |         // Let's read into the buffer!
 35 |         let amount_read = reader.read(&mut buffer[append_idx..])?;
 36 |         // If we didn't read anything, it means we hit EOF. Break
 37 |         // out of the loop to handle the state of the current buffer, and we'll return
 38 |         // `None`` the next time the iterator is called.
 39 |         if amount_read == 0 {
 40 |             eof = true;
 41 |             break;
 42 |         }
 43 | 
 44 |         // If we need to call read again, we need to do a bit of bookkeeping.
 45 |         amount_wanted -= amount_read;
 46 |         append_idx += amount_read;
 47 |     }
 48 | 
 49 |     // We read as much as we wanted, and we didn't hit EOF.
 50 |     let parse_slice = &buffer[..append_idx];
 51 | 
 52 |     // We're done.
 53 |     Ok((parse_slice, eof))
 54 | }
 55 | 
 56 | /// Convert an hex string into an integer.
 57 | ///
 58 | /// Implementation from Johnny Lee documented in the "Fast hex number string to
 59 | /// int" blog post: <https://johnnylee-sde.github.io/Fast-hex-number-string-to-int/>.
 60 | fn fast_hex_str_to_u32(hex: [u8; 8]) -> u32 {
 61 |     let eight = unsafe { std::mem::transmute::<[u8; 8], u64>(hex) };
 62 |     let n = eight & 0x4F4F4F4F_4F4F4F4F;
 63 |     let alphahex = n & 0x40404040_40404040;
 64 |     let n0 = if alphahex == 0 {
 65 |         n
 66 |     } else {
 67 |         (alphahex >> 6).wrapping_mul(9) + (n ^ alphahex)
 68 |     };
 69 | 
 70 |     let n1 = n0.wrapping_mul(0x10_01) >> 8;
 71 |     let n2 = (n1 & 0x00FF00FF_00FF00FF).wrapping_mul(0x0100_0001) >> 16;
 72 | 
 73 |     ((n2 & 0x0000FFFF_0000FFFF).wrapping_mul(0x00010000_00000001) >> 32) as u32
 74 | }
 75 | 
 76 | /// Convert the `slice` of an hexadecimal string into an integer.
 77 | fn hex_slice(slice: &[u8]) -> Result<u64> {
 78 |     let slice = slice.strip_prefix(b"0x").unwrap_or(slice);
 79 |     if slice.len() > 16 {
 80 |         bail!("{slice:?} has more digits than supported (16)");
 81 |     }
 82 | 
 83 |     if !slice
 84 |         .iter()
 85 |         .all(|c| c.is_ascii_digit() || (b'a'..=b'f').contains(c) || (b'A'..=b'F').contains(c))
 86 |     {
 87 |         bail!("{slice:?} has a non hex digit");
 88 |     }
 89 | 
 90 |     let mut buffer = [b'0'; 16];
 91 |     let idx = buffer.len() - slice.len();
 92 |     buffer[idx..].copy_from_slice(slice);
 93 |     let mut res = fast_hex_str_to_u32(buffer[0..8].try_into().unwrap()) as u64;
 94 |     res = res.wrapping_mul(0x1_00000000);
 95 |     res = res.wrapping_add(fast_hex_str_to_u32(buffer[8..16].try_into().unwrap()) as u64);
 96 | 
 97 |     Ok(res)
 98 | }
 99 | 
100 | /// Iterator that yields `u64` integer converted from hexadecimal strings read
101 | /// out of an object that implements [`Read`] without allocating any memory.
102 | /// Everything is stored in a small local array. Caveats is that we expect lines
103 | /// to be at most 20 bytes long (`len('0xdeadbeefbaadc0de\r\n')`) and it is
104 | /// assumed to be hexadecimal.
105 | /// For example, the below content should yield `[0x1, 0x22, 0x333, 0x4444,
106 | /// 0x55555, 0x666666, 0x7777777, 0x88888888, 0x999999999, 0xaaaaaaaaaa]`:
107 | ///   ```
108 | ///   0x1
109 | ///   0x22
110 | ///   0x333
111 | ///   0x4444
112 | ///   0x55555
113 | ///   0x666666
114 | ///   0x7777777
115 | ///   0x88888888
116 | ///   0x999999999
117 | ///   0xaaaaaaaaaa
118 | ///   ```
119 | #[derive(Debug)]
120 | pub struct HexAddressesIterator<R>
121 | where
122 |     R: Read,
123 | {
124 |     /// What we read out of.
125 |     reader: R,
126 |     /// The local buffer where we'll read the addresses into.
127 |     buf: [u8; 20],
128 |     /// The index where we read / append data.
129 |     append_idx: usize,
130 |     /// This is the last range of data that needs consuming before the iterator
131 |     /// returns [`None`].
132 |     last_range: Option<RangeTo<usize>>,
133 |     /// When set, the iterator will return [`None`] next time it is called.
134 |     done: bool,
135 | }
136 | 
137 | impl<R> HexAddressesIterator<R>
138 | where
139 |     R: Read,
140 | {
141 |     pub fn new(reader: R) -> Self {
142 |         Self {
143 |             reader,
144 |             buf: [0; 20],
145 |             append_idx: 0,
146 |             last_range: None,
147 |             done: false,
148 |         }
149 |     }
150 | }
151 | 
152 | impl<R> Iterator for HexAddressesIterator<R>
153 | where
154 |     R: Read,
155 | {
156 |     type Item = Result<u64>;
157 | 
158 |     fn next(&mut self) -> Option<Self::Item> {
159 |         // If this flag is on, it means we are done!
160 |         if self.done {
161 |             return None;
162 |         }
163 | 
164 |         // If we have one last range of data to consume, then let's do that.
165 |         if let Some(last_range) = self.last_range {
166 |             let last_slice = &self.buf[last_range];
167 |             // Be nice, and ignore a potential trailing end of line..
168 |             let last_slice = last_slice.strip_suffix(b"\n").unwrap_or(last_slice);
169 |             // ..and if there's a carriage return right before, let's ignore this one as
170 |             // well.
171 |             let last_slice = last_slice
172 |                 .last()
173 |                 .and_then(|&last| {
174 |                     if last == b'\r' {
175 |                         Some(&last_slice[..(last_slice.len() - 1)])
176 |                     } else {
177 |                         None
178 |                     }
179 |                 })
180 |                 .unwrap_or(last_slice);
181 |             // This is the last range of data we'll consume, so make sure the next time the
182 |             // iterator is called it returns `None`.
183 |             self.done = true;
184 |             // Yield our last address!
185 |             return match hex_slice(last_slice) {
186 |                 Ok(o) => Some(Ok(o)),
187 |                 Err(e) => Some(Err(e)),
188 |             };
189 |         }
190 | 
191 |         // Let's read data into our buffer. This is what it could look like:
192 |         // |0|x|a|a|b|b|c|c|d|d|\r|\n|0|x|e|e|f|f|d|d|
193 |         let (parse_slice, eof) = {
194 |             match fill_buffer(&mut self.reader, &mut self.buf, self.append_idx) {
195 |                 Ok(o) => o,
196 |                 Err(e) => return Some(Err(e)),
197 |             }
198 |         };
199 | 
200 |         // If we have an empty slice to parse, well we're done.
201 |         if parse_slice.is_empty() {
202 |             return None;
203 |         }
204 | 
205 |         // Find a line feed and where the next 'chunk' starts at.
206 |         // |0|x|a|a|b|b|c|c|d|d|\r|\n|0|x|e|e|f|f|d|d|
207 |         //                         ^
208 |         let (addr_str, next_slice_idx) = match parse_slice.iter().position(|x| *x == b'\n') {
209 |             // If we found a line feed, then the next chunk starts right after it and we return the
210 |             // slice up until that point. But there might be a carriage return right
211 |             // before the line feed so take care of that.
212 |             // |0|x|a|a|b|b|c|c|d|d|\r|\n|0|x|e|e|f|f|d|d|
213 |             //  ^^^^^^^^^^^^^^^^^^^       ^
214 |             //     what we return         where the next slice starts at
215 |             Some(idx) => {
216 |                 let without_lf = &parse_slice[..idx];
217 |                 let without_cr = without_lf.strip_suffix(b"\r");
218 | 
219 |                 (without_cr.unwrap_or(without_lf), idx + 1)
220 |             }
221 |             None => {
222 |                 // If we haven't found any end line, well let's consider this the end. This
223 |                 // current entry will be the last one we yield.
224 |                 self.done = true;
225 | 
226 |                 (parse_slice, 0)
227 |             }
228 |         };
229 | 
230 |         // Convert the byte slice into an address.
231 |         let addr = match hex_slice(addr_str)
232 |             .with_context(|| anyhow!("failed to turn {addr_str:?} into an integer"))
233 |         {
234 |             Ok(o) => o,
235 |             e => return Some(e),
236 |         };
237 | 
238 |         // If we hit the EOF, let's record the last range of data we'll consume.
239 |         if eof {
240 |             // This is the data that comes right after the current entry / after
241 |             // the line ending characters.
242 |             let next_slice = &parse_slice[next_slice_idx..];
243 |             if next_slice.is_empty() {
244 |                 self.done = true;
245 |             } else {
246 |                 self.last_range = Some(..next_slice.len());
247 |             }
248 |         }
249 | 
250 |         // We are done parsing. We move the rest of the buffer back to the start.
251 |         // Before: |0|x|a|a|b|b|c|c|d|d|\r|\n|0|x|e|e|f|f|d|d|
252 |         //  After: |0|x|e|e|f|f|d|d|d|d|\r|\n|0|x|e|e|f|f|d|d|
253 |         self.buf.copy_within(next_slice_idx.., 0);
254 |         // We also need to remember at what offset we'll read in new data in our buffer.
255 |         // |0|x|e|e|f|f|d|d|d|d|\r|\n|0|x|e|e|f|f|d|d|
256 |         //                  ^
257 |         self.append_idx = self.buf.len() - next_slice_idx;
258 | 
259 |         // Booyah we did it!
260 |         Some(Ok(addr))
261 |     }
262 | }
263 | 
264 | #[cfg(test)]
265 | mod tests {
266 |     use std::io::BufReader;
267 | 
268 |     use super::{HexAddressesIterator, Result};
269 | 
270 |     #[test]
271 |     fn t1() {
272 |         let expected = vec![
273 |             0x1,
274 |             0x22,
275 |             0x333,
276 |             0x4444,
277 |             0x55555,
278 |             0x666666,
279 |             0x7777777,
280 |             0x88888888,
281 |             0x999999999,
282 |             0xaaaaaaaaaa,
283 |             0xbbbbbbbbbbb,
284 |             0xcccccccccccc,
285 |             0xddddddddddddd,
286 |             0xeeeeeeeeeeeeee,
287 |             0xfffffffffffffff,
288 |             0x1111111111111111,
289 |         ];
290 | 
291 |         let l = String::from("0x1\n0x22\n0x333\n0x4444\n0x55555\n0x666666\n0x7777777\n0x88888888\n0x999999999\n0xaaaaaaaaaa\n0xbbbbbbbbbbb\n0xcccccccccccc\n0xddddddddddddd\n0xeeeeeeeeeeeeee\n0xfffffffffffffff\n0x1111111111111111");
292 |         assert_eq!(
293 |             expected,
294 |             HexAddressesIterator::new(BufReader::new(l.as_bytes()))
295 |                 .collect::<Result<Vec<u64>>>()
296 |                 .unwrap()
297 |         );
298 |     }
299 | 
300 |     #[test]
301 |     fn t2() {
302 |         let expected = vec![
303 |             0x1,
304 |             0x22,
305 |             0x333,
306 |             0x4444,
307 |             0x55555,
308 |             0x666666,
309 |             0x7777777,
310 |             0x88888888,
311 |             0x999999999,
312 |             0xaaaaaaaaaa,
313 |             0xbbbbbbbbbbb,
314 |             0xcccccccccccc,
315 |             0xddddddddddddd,
316 |             0xeeeeeeeeeeeeee,
317 |             0xfffffffffffffff,
318 |             0x1111111111111111,
319 |         ];
320 |         let l = String::from("1\n22\n333\n4444\n55555\n666666\n7777777\n88888888\n999999999\naaaaaaaaaa\nbbbbbbbbbbb\ncccccccccccc\nddddddddddddd\neeeeeeeeeeeeee\nfffffffffffffff\n1111111111111111");
321 |         assert_eq!(
322 |             expected,
323 |             HexAddressesIterator::new(BufReader::new(l.as_bytes()))
324 |                 .collect::<Result<Vec<u64>>>()
325 |                 .unwrap()
326 |         );
327 |     }
328 | 
329 |     #[test]
330 |     fn t3() {
331 |         let expected = vec![0xaaaaaaaaaaaaaaau64, 0];
332 |         let l = String::from("0xaaaaaaaaaaaaaaa\r\n0");
333 |         assert_eq!(
334 |             expected,
335 |             HexAddressesIterator::new(BufReader::new(l.as_bytes()))
336 |                 .collect::<Result<Vec<u64>>>()
337 |                 .unwrap()
338 |         );
339 |     }
340 | 
341 |     #[test]
342 |     fn t4() {
343 |         let expected = vec![
344 |             0x77baa2c0,
345 |             0xfffff80339dca5c0,
346 |             0xfffff80339dca5c1,
347 |             0xfffff80339dca5c8,
348 |             0xfffff80339dca5d0,
349 |             0xfffff80339dca5d4,
350 |             0xfffff80339dca5d8,
351 |             0xfffff80339dca5dc,
352 |             0xfffff80339dca5e0,
353 |             0xfffff80339dca5e4,
354 |         ];
355 |         let l = String::from("0x77baa2c0\n0xfffff80339dca5c0\n0xfffff80339dca5c1\n0xfffff80339dca5c8\n0xfffff80339dca5d0\n0xfffff80339dca5d4\n0xfffff80339dca5d8\n0xfffff80339dca5dc\n0xfffff80339dca5e0\n0xfffff80339dca5e4");
356 |         assert_eq!(
357 |             expected,
358 |             HexAddressesIterator::new(BufReader::new(l.as_bytes()))
359 |                 .collect::<Result<Vec<u64>>>()
360 |                 .unwrap()
361 |         );
362 |     }
363 | 
364 |     #[test]
365 |     fn t5() {
366 |         let expected = vec![
367 |             0xfffff80339cf61a6,
368 |             0xfffff80339cf6150,
369 |             0xfffff80339cf6154,
370 |             0xfffff80339cf615b,
371 |             0xfffff80339cf6140,
372 |             0xfffff80339cf6143,
373 |             0xfffff80339cf6146,
374 |             0xfffff80339cf6149,
375 |         ];
376 |         let l = String::from("0xfffff80339cf61a6\r\n0xfffff80339cf6150\r\n0xfffff80339cf6154\r\n0xfffff80339cf615b\r\n0xfffff80339cf6140\r\n0xfffff80339cf6143\r\n0xfffff80339cf6146\r\n0xfffff80339cf6149\r\n");
377 |         assert_eq!(
378 |             expected,
379 |             HexAddressesIterator::new(BufReader::new(l.as_bytes()))
380 |                 .collect::<Result<Vec<u64>>>()
381 |                 .unwrap()
382 |         );
383 |     }
384 | 
385 |     #[test]
386 |     fn t6() {
387 |         let expected = vec![0x1111111, 0x22222222];
388 |         let l = String::from("0x1111111\n0x22222222");
389 |         assert_eq!(
390 |             expected,
391 |             HexAddressesIterator::new(BufReader::new(l.as_bytes()))
392 |                 .collect::<Result<Vec<u64>>>()
393 |                 .unwrap()
394 |         );
395 |     }
396 | 
397 |     #[test]
398 |     fn t7() {
399 |         let expected = vec![0xaabbccddeeff0011];
400 |         let l = String::from("0xaabbccddeeff0011");
401 |         assert_eq!(
402 |             expected,
403 |             HexAddressesIterator::new(BufReader::new(l.as_bytes()))
404 |                 .collect::<Result<Vec<u64>>>()
405 |                 .unwrap()
406 |         );
407 |     }
408 | 
409 |     #[test]
410 |     fn t8() {
411 |         let expected = vec![0xaaaa, 0xbbbbb];
412 |         let l = String::from("0xaaaa\n0xbbbbb");
413 |         assert_eq!(
414 |             expected,
415 |             HexAddressesIterator::new(BufReader::new(l.as_bytes()))
416 |                 .collect::<Result<Vec<u64>>>()
417 |                 .unwrap()
418 |         );
419 |     }
420 | 
421 |     #[test]
422 |     fn allow_empty_line() {
423 |         let expected = vec![0xaaaa, 0xbbbbb];
424 |         let l = String::from("0xaaaa\n0xbbbbb\n");
425 |         assert_eq!(
426 |             expected,
427 |             HexAddressesIterator::new(BufReader::new(l.as_bytes()))
428 |                 .collect::<Result<Vec<u64>>>()
429 |                 .unwrap()
430 |         );
431 | 
432 |         let l = String::from("0xaaaa\r\n0xbbbbb\r\n");
433 |         assert_eq!(
434 |             expected,
435 |             HexAddressesIterator::new(BufReader::new(l.as_bytes()))
436 |                 .collect::<Result<Vec<u64>>>()
437 |                 .unwrap()
438 |         );
439 |     }
440 | 
441 |     #[test]
442 |     fn too_big() {
443 |         let l = String::from("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\n0xbbbbb\n");
444 |         assert!(HexAddressesIterator::new(BufReader::new(l.as_bytes()))
445 |             .collect::<Result<Vec<u64>>>()
446 |             .is_err());
447 |     }
448 | 
449 |     #[test]
450 |     fn malformed_entry() {
451 |         let l = String::from("aaaaa0xa\n0xbbbbb");
452 |         assert!(HexAddressesIterator::new(BufReader::new(l.as_bytes()))
453 |             .collect::<Result<Vec<u64>>>()
454 |             .is_err());
455 |     }
456 | 
457 |     #[test]
458 |     fn malformed_end() {
459 |         let l = String::from("aaaaa0xa\n0xbbbbb\n\n");
460 |         assert!(HexAddressesIterator::new(BufReader::new(l.as_bytes()))
461 |             .collect::<Result<Vec<u64>>>()
462 |             .is_err());
463 |     }
464 | 
465 |     #[test]
466 |     fn empty() {
467 |         let l = String::from("0x77cb27c4\n0x77cb27c5\n0x77cb27c9\n");
468 |         let expected = vec![0x77cb27c4, 0x77cb27c5, 0x77cb27c9];
469 |         assert_eq!(
470 |             expected,
471 |             HexAddressesIterator::new(BufReader::new(l.as_bytes()))
472 |                 .collect::<Result<Vec<u64>>>()
473 |                 .unwrap()
474 |         );
475 |     }
476 | }
477 | 


--------------------------------------------------------------------------------
/src/human.rs:
--------------------------------------------------------------------------------
  1 | // Axel '0vercl0k' Souchet - April 22 2024
  2 | //! This module contains the implementation of several 'human' types that makes
  3 | //! it easy to output a number of bytes, seconds or a quantity into a human
  4 | //! form.
  5 | use std::fmt::Display;
  6 | 
  7 | /// This trait adds convenient functions to display data for Humans. It is the
  8 | /// glue between the generic types [`HumanBytes<T>`], [`HumanNumber<T>`] and
  9 | /// [`HumanTime<T>`].
 10 | pub trait ToHuman: Sized + Copy {
 11 |     fn human_bytes(&self) -> HumanBytes<Self> {
 12 |         HumanBytes(*self)
 13 |     }
 14 | 
 15 |     fn human_number(&self) -> HumanNumber<Self> {
 16 |         HumanNumber(*self)
 17 |     }
 18 | 
 19 |     fn human_time(&self) -> HumanTime<Self> {
 20 |         HumanTime(*self)
 21 |     }
 22 | }
 23 | 
 24 | /// Blanket implementation for all the `T` that have what we need.
 25 | impl<T> ToHuman for T
 26 | where
 27 |     T: TryInto<u64>,
 28 |     T: Copy,
 29 | {
 30 | }
 31 | 
 32 | /// Type that implements [`Display`] to print out a time in human form.
 33 | pub struct HumanTime<T>(T);
 34 | 
 35 | impl<T> Display for HumanTime<T>
 36 | where
 37 |     T: TryInto<u64>,
 38 |     T: Copy,
 39 | {
 40 |     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
 41 |         let mut unit = "s";
 42 |         let mut time = self.0.try_into().map_err(|_| std::fmt::Error)? as f64;
 43 |         let m = 60f64;
 44 |         let h = m * m;
 45 |         let d = h * 24.0;
 46 |         if time >= m {
 47 |             time /= m;
 48 |             unit = "min"
 49 |         } else if time >= h {
 50 |             time /= h;
 51 |             unit = "hr";
 52 |         } else if time >= d {
 53 |             time /= d;
 54 |             unit = "day";
 55 |         }
 56 | 
 57 |         write!(f, "{:.1}{}", time, unit)
 58 |     }
 59 | }
 60 | 
 61 | /// Type that implements [`Display`] to print out a size in human form.
 62 | pub struct HumanBytes<T>(T);
 63 | 
 64 | impl<T> Display for HumanBytes<T>
 65 | where
 66 |     T: Into<u64>,
 67 |     T: Copy,
 68 | {
 69 |     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
 70 |         let mut unit = "b";
 71 |         let mut size = self.0.into() as f64;
 72 |         let k = 1_024f64;
 73 |         let m = k * k;
 74 |         let g = m * k;
 75 |         if size >= g {
 76 |             size /= g;
 77 |             unit = "gb"
 78 |         } else if size >= m {
 79 |             size /= m;
 80 |             unit = "mb";
 81 |         } else if size >= k {
 82 |             size /= k;
 83 |             unit = "kb";
 84 |         }
 85 | 
 86 |         write!(f, "{:.1}{}", size, unit)
 87 |     }
 88 | }
 89 | 
 90 | /// Type that implements [`Display`] to print out a size in human form.
 91 | pub struct HumanNumber<T>(T);
 92 | 
 93 | impl<T> Display for HumanNumber<T>
 94 | where
 95 |     T: TryInto<u64>,
 96 |     T: Copy,
 97 | {
 98 |     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
 99 |         let mut unit = "";
100 |         let mut size = self.0.try_into().map_err(|_| std::fmt::Error)? as f64;
101 |         let k = 1_000f64;
102 |         let m = k * k;
103 |         let b = m * k;
104 |         if size >= b {
105 |             size /= b;
106 |             unit = "b"
107 |         } else if size >= m {
108 |             size /= m;
109 |             unit = "m";
110 |         } else if size >= k {
111 |             size /= k;
112 |             unit = "k";
113 |         }
114 | 
115 |         write!(f, "{:.1}{}", size, unit)
116 |     }
117 | }
118 | 


--------------------------------------------------------------------------------
/src/main.rs:
--------------------------------------------------------------------------------
  1 | // Axel '0vercl0k' Souchet - February 19 2024
  2 | #![doc = include_str!("../README.md")]
  3 | use std::fmt::Display;
  4 | use std::fs::File;
  5 | use std::io::{stdout, BufReader, BufWriter, Write};
  6 | use std::path::{Path, PathBuf};
  7 | use std::time::Instant;
  8 | use std::{env, fs, io};
  9 | 
 10 | use addr_symbolizer::{AddrSpace, Builder as SymbolizerBuilder, Module, Symbolizer};
 11 | use anyhow::{anyhow, bail, Context, Result};
 12 | use clap::{ArgAction, Parser, ValueEnum};
 13 | use kdmp_parser::KernelDumpParser;
 14 | 
 15 | mod hex_addrs_iter;
 16 | mod human;
 17 | 
 18 | use hex_addrs_iter::HexAddressesIterator;
 19 | use human::ToHuman;
 20 | 
 21 | #[derive(Debug)]
 22 | struct StatsBuilder {
 23 |     start: Instant,
 24 |     n_files: u64,
 25 | }
 26 | 
 27 | impl Default for StatsBuilder {
 28 |     fn default() -> Self {
 29 |         Self {
 30 |             start: Instant::now(),
 31 |             n_files: 0,
 32 |         }
 33 |     }
 34 | }
 35 | 
 36 | impl StatsBuilder {
 37 |     pub fn done_file(&mut self) {
 38 |         self.n_files += 1;
 39 |     }
 40 | 
 41 |     pub fn stop(self, symbolizer: Symbolizer) -> Stats {
 42 |         Stats {
 43 |             time: self.start.elapsed().as_secs(),
 44 |             n_files: self.n_files,
 45 |             symbolizer_stats: symbolizer.stats(),
 46 |         }
 47 |     }
 48 | }
 49 | 
 50 | struct Stats {
 51 |     time: u64,
 52 |     n_files: u64,
 53 |     symbolizer_stats: addr_symbolizer::Stats,
 54 | }
 55 | 
 56 | impl Display for Stats {
 57 |     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
 58 |         write!(
 59 |             f,
 60 |             "✓ Successfully symbolized {} lines across {} files in {} ({}% cache hits",
 61 |             self.symbolizer_stats.n_addrs.human_number(),
 62 |             self.n_files.human_number(),
 63 |             self.time.human_time(),
 64 |             percentage(
 65 |                 self.symbolizer_stats.cache_hit,
 66 |                 self.symbolizer_stats.n_addrs
 67 |             )
 68 |         )?;
 69 | 
 70 |         let size_downloaded = self.symbolizer_stats.amount_downloaded();
 71 |         if size_downloaded > 0 {
 72 |             write!(
 73 |                 f,
 74 |                 ", downloaded {} / {} PDBs)",
 75 |                 size_downloaded.human_bytes(),
 76 |                 self.symbolizer_stats.amount_pdb_downloaded().human_number()
 77 |             )
 78 |         } else {
 79 |             write!(f, ")")
 80 |         }
 81 |     }
 82 | }
 83 | 
 84 | #[derive(Debug)]
 85 | struct AddrSpaceWrapper {
 86 |     parser: KernelDumpParser,
 87 | }
 88 | 
 89 | impl AddrSpaceWrapper {
 90 |     fn new(parser: KernelDumpParser) -> Self {
 91 |         Self { parser }
 92 |     }
 93 | }
 94 | 
 95 | impl AddrSpace for AddrSpaceWrapper {
 96 |     fn read_at(&mut self, addr: u64, buf: &mut [u8]) -> io::Result<usize> {
 97 |         self.parser
 98 |             .virt_read(addr.into(), buf)
 99 |             .map_err(|e| io::Error::new(io::ErrorKind::Unsupported, e))
100 |     }
101 | 
102 |     fn try_read_at(&mut self, addr: u64, buf: &mut [u8]) -> io::Result<Option<usize>> {
103 |         self.parser
104 |             .try_virt_read(addr.into(), buf)
105 |             .map_err(|e| io::Error::new(io::ErrorKind::Unsupported, e))
106 |     }
107 | }
108 | 
109 | /// The style of the symbols.
110 | #[derive(Default, Debug, Clone, ValueEnum)]
111 | enum SymbolStyle {
112 |     /// Module + offset style like `foo.dll+0x11`.
113 |     Modoff,
114 |     /// Full symbol style like `foo.dll!func+0x11`.
115 |     #[default]
116 |     Full,
117 | }
118 | 
119 | /// The command line arguments.
120 | #[derive(Debug, Default, Parser)]
121 | #[command(about = "A fast execution trace symbolizer for Windows.")]
122 | struct CliArgs {
123 |     /// Directory path full of traces or single input trace file.
124 |     #[arg(short, long)]
125 |     trace: PathBuf,
126 |     /// Output directory where to write symbolized traces, a path to an output
127 |     /// file, or empty for the output to go on stdout.
128 |     #[arg(short, long)]
129 |     output: Option<PathBuf>,
130 |     /// Path to the crash-dump to load. If not specified, an attempt is made to
131 |     /// find a 'state/mem.dmp' file in the same directory than the trace file.
132 |     #[arg(short, long)]
133 |     crash_dump: Option<PathBuf>,
134 |     /// Skip a number of lines.
135 |     #[arg(short, long, default_value_t = 0)]
136 |     skip: usize,
137 |     /// The maximum amount of lines to process per file.
138 |     #[arg(short, long, default_value = "20000000")]
139 |     limit: Option<usize>,
140 |     /// The symbolization style (mod+offset or mod!f+offset).
141 |     #[arg(long, default_value = "full")]
142 |     style: SymbolStyle,
143 |     /// Overwrite the output files if they exist.
144 |     #[arg(long, default_value_t = false)]
145 |     overwrite: bool,
146 |     /// Include line numbers in the symbolized output.
147 |     #[arg(long, default_value_t = false)]
148 |     line_numbers: bool,
149 |     /// Symbol servers to use to download PDBs; you can provide more than one.
150 |     #[arg(long, default_value = "https://msdl.microsoft.com/download/symbols/", action = ArgAction::Append)]
151 |     symsrv: Vec<String>,
152 |     /// Specify a symbol cache path. If not specified, _NT_SYMBOL_PATH will be
153 |     /// parsed if present.
154 |     #[arg(long)]
155 |     symcache: Option<PathBuf>,
156 |     /// Import PDBs found in the specified directories into the symbol cache.
157 |     #[arg(long)]
158 |     import_pdbs: Option<Vec<PathBuf>>,
159 |     /// The size in bytes of the buffer used to write data into the output
160 |     /// files.
161 |     #[arg(long, default_value_t = 3 * 1024 * 1024)]
162 |     out_buffer_size: usize,
163 |     /// The size in bytes of the buffer used to read data from the input files.
164 |     #[arg(long, default_value_t = 1024 * 1024)]
165 |     in_buffer_size: usize,
166 |     /// Don't try to download PDBs off the network.
167 |     #[arg(long, default_value_t = false)]
168 |     offline: bool,
169 | }
170 | 
171 | /// Calculate a percentage value.
172 | pub fn percentage(how_many: u64, how_many_total: u64) -> u32 {
173 |     assert!(
174 |         how_many_total > 0,
175 |         "{how_many_total} needs to be bigger than 0"
176 |     );
177 | 
178 |     ((how_many * 1_00) / how_many_total) as u32
179 | }
180 | 
181 | /// Parse the `_NT_SYMBOL_PATH` environment variable to try the path of a symbol
182 | /// cache.
183 | fn sympath() -> Option<PathBuf> {
184 |     let env = env::var("_NT_SYMBOL_PATH").ok()?;
185 | 
186 |     if !env.starts_with("srv*") {
187 |         return None;
188 |     }
189 | 
190 |     let sympath = env.strip_prefix("srv*").unwrap();
191 |     let sympath = PathBuf::from(sympath.split('*').next().unwrap());
192 | 
193 |     if sympath.is_dir() {
194 |         Some(sympath)
195 |     } else {
196 |         None
197 |     }
198 | }
199 | 
200 | /// Create the output file from an input.
201 | ///
202 | /// This logic was moved into a function to be able to handle the `--overwrite`
203 | /// logic and to handle the case when `output` is a directory path and not a
204 | /// file path. In that case, we will create a file with the same input file
205 | /// name, but with a specific suffix.
206 | fn get_output_file(args: &CliArgs, input: &Path, output: &Path) -> Result<File> {
207 |     let output_path = if output.is_dir() {
208 |         // If the output is a directory, then we'll create a file that has the same file
209 |         // name as the input, but with a suffix.
210 |         let path = input.with_extension("symbolized.txt");
211 |         let filename = path.file_name().ok_or_else(|| anyhow!("no file name"))?;
212 | 
213 |         output.join(filename)
214 |     } else {
215 |         // If the output path is already a file path, then we'll use it as is.
216 |         output.into()
217 |     };
218 | 
219 |     // If the output exists, we'll want the user to tell us to overwrite those
220 |     // files.
221 |     if output_path.exists() && !args.overwrite {
222 |         // If they don't we will bail.
223 |         bail!(
224 |             "{} already exists, run with --overwrite",
225 |             output_path.display()
226 |         );
227 |     }
228 | 
229 |     // We can now create the output file!
230 |     File::create(output_path.clone())
231 |         .with_context(|| format!("failed to create output file {output_path:?}"))
232 | }
233 | 
234 | /// Process an input file and symbolize every line.
235 | fn symbolize_file(
236 |     symbolizer: &mut Symbolizer,
237 |     addr_space: &mut impl AddrSpace,
238 |     trace_path: impl AsRef<Path>,
239 |     args: &CliArgs,
240 | ) -> Result<usize> {
241 |     let trace_path = trace_path.as_ref();
242 |     let input = File::open(trace_path)
243 |         .with_context(|| format!("failed to open {}", trace_path.display()))?;
244 | 
245 |     let writer: Box<dyn Write> = match &args.output {
246 |         Some(output) => Box::new(get_output_file(args, trace_path, output)?),
247 |         None => Box::new(stdout()),
248 |     };
249 | 
250 |     let mut output = BufWriter::with_capacity(args.out_buffer_size, writer);
251 |     let mut line_number = 1 + args.skip;
252 |     let mut lines_symbolized = 1;
253 |     let limit = args.limit.unwrap_or(usize::MAX);
254 |     let reader = BufReader::with_capacity(args.in_buffer_size, input);
255 |     for addr in HexAddressesIterator::new(reader).skip(args.skip) {
256 |         let addr = addr.with_context(|| {
257 |             format!(
258 |                 "failed to get hex addr from l{line_number} of {}",
259 |                 trace_path.display()
260 |             )
261 |         })?;
262 | 
263 |         if args.line_numbers {
264 |             let mut buffer = itoa::Buffer::new();
265 |             output.write_all(b"l")?;
266 |             output.write_all(buffer.format(line_number).as_bytes())?;
267 |             output.write_all(b": ")?;
268 |         }
269 | 
270 |         match args.style {
271 |             SymbolStyle::Modoff => symbolizer.modoff(addr, &mut output),
272 |             SymbolStyle::Full => symbolizer.full(addr_space, addr, &mut output),
273 |         }
274 |         .with_context(|| {
275 |             format!(
276 |                 "failed to symbolize l{line_number} of {}",
277 |                 trace_path.display()
278 |             )
279 |         })?;
280 | 
281 |         output.write_all(b"\n")?;
282 | 
283 |         if lines_symbolized >= limit {
284 |             println!(
285 |                 "Hit maximum line limit {} for {}",
286 |                 limit,
287 |                 trace_path.display()
288 |             );
289 |             break;
290 |         }
291 | 
292 |         lines_symbolized += 1;
293 |         line_number += 1;
294 |     }
295 | 
296 |     Ok(lines_symbolized)
297 | }
298 | 
299 | fn main() -> Result<()> {
300 |     #[cfg(debug_assertions)]
301 |     env_logger::init();
302 | 
303 |     // Parse the CLI arguments.
304 |     let args = CliArgs::parse();
305 | 
306 |     // Figure out the path to the crash-dump we will use. We will use the one
307 |     // specified by the user, or we will try to find one ourselves.
308 |     let crash_dump_path = if let Some(dump_path) = &args.crash_dump {
309 |         dump_path.clone()
310 |     } else {
311 |         let wtf_base_path = args.trace.parent().expect("parent");
312 |         let wtf_crash_dump_path = wtf_base_path.join("state").join("mem.dmp");
313 |         if !wtf_crash_dump_path.is_file() {
314 |             bail!("A dump file wasn't specified, and a wtf state directory wasn't found either in {wtf_base_path:?}. Please use --crash-dump.");
315 |         }
316 | 
317 |         println!(
318 |             "A dump file wasn't specified, but found {} so using it..",
319 |             wtf_crash_dump_path.display()
320 |         );
321 | 
322 |         wtf_crash_dump_path
323 |     };
324 | 
325 |     // We need to parse the crash-dump to figure out where drivers / user-modules
326 |     // are loaded at, and to read enough information out of the PE to download PDB
327 |     // files ourselves.
328 |     let parser = KernelDumpParser::new(crash_dump_path).context("failed to create dump parser")?;
329 | 
330 |     // Figure out what is the symbol path we should be using. We will use the one
331 |     // specified by the user, or will try to find one in the `_NT_SYMBOL_PATH`
332 |     // environment variable if it is defined.
333 |     let Some(symcache) = (match args.symcache.clone() {
334 |         Some(symcache) => Some(symcache),
335 |         None => sympath(),
336 |     }) else {
337 |         bail!("no sympath");
338 |     };
339 | 
340 |     let mut modules = Vec::new();
341 |     for (at, name) in parser.user_modules().chain(parser.kernel_modules()) {
342 |         let (_, filename) = name.rsplit_once('\\').unwrap_or((name, name));
343 |         modules.push(Module::new(
344 |             filename.to_string(),
345 |             at.start.into(),
346 |             at.end.into(),
347 |         ));
348 |     }
349 | 
350 |     // All right, ready to create the symbolizer.
351 |     let mut wrapper = AddrSpaceWrapper::new(parser);
352 |     let mut builder = SymbolizerBuilder::default()
353 |         .modules(modules)
354 |         .symcache(symcache)?;
355 | 
356 |     if let Some(import_pdbs) = &args.import_pdbs {
357 |         builder = builder.import_pdbs(import_pdbs.iter())?;
358 |     }
359 | 
360 |     if !args.offline {
361 |         builder = builder.online(args.symsrv.iter());
362 |     }
363 | 
364 |     let mut symbolizer = builder.build()?;
365 | 
366 |     let paths = if args.trace.is_dir() {
367 |         // If we received a path to a directory as input, then we will try to symbolize
368 |         // every file inside that directory..
369 |         let entries = fs::read_dir(&args.trace)?;
370 | 
371 |         entries
372 |             .map(|e| e.map(|e| e.path()).context(""))
373 |             .collect::<Result<Vec<_>>>()?
374 |     } else {
375 |         // .. or the user specified a path to a file in which case this is the file
376 |         // we'll symbolize.
377 |         vec![args.trace.clone()]
378 |     };
379 | 
380 |     let mut stats_builder = StatsBuilder::default();
381 |     let total = paths.len();
382 |     for (idx, path) in paths.into_iter().enumerate() {
383 |         print!("\x1B[2K\r");
384 |         symbolize_file(&mut symbolizer, &mut wrapper, &path, &args)?;
385 |         stats_builder.done_file();
386 |         print!("[{}/{total}] {} done", idx + 1, path.display());
387 |         io::stdout().flush()?;
388 |     }
389 | 
390 |     // Grab a few stats before exiting!
391 |     let stats = stats_builder.stop(symbolizer);
392 |     println!("\x1B[2K\r{stats}");
393 | 
394 |     Ok(())
395 | }
396 | 


--------------------------------------------------------------------------------