├── PDB.cpp
├── PDB.h
└── readme.md


/PDB.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/IcEy-999/PDB-Frame/d27f61ca4f377eb756c6ede9da8dcbd6a35ac1d3/PDB.cpp


--------------------------------------------------------------------------------
/PDB.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/IcEy-999/PDB-Frame/d27f61ca4f377eb756c6ede9da8dcbd6a35ac1d3/PDB.h


--------------------------------------------------------------------------------
/readme.md:
--------------------------------------------------------------------------------
 1 | # ReadMe
 2 | 
 3 | 提供镜像文件路径，自动下载PDB，然后加载PDB。
 4 | 
 5 | Provide the image file path, automatically download the PDB, and then load the PDB.
 6 | 
 7 | 
 8 | 
 9 | ###### 导出函数：
10 | 
11 | ```c++
12 | //通过符号名获取偏移 
13 | BOOLEAN GetSymOffset(IN PCWCH SymName,IN OUT PULONG64 POffset);
14 | 
15 | //通过结构名和结构成员名获取偏移
16 | BOOLEAN GetMembersOffsetFromStruct(IN PCWCH StructName, IN PCWCH MembersName, IN OUT PULONG64 POffset);
17 | ```
18 | 
19 | 
20 | 
21 | ###### demo：
22 | 
23 | ```c++
24 | #include"PDB.h"
25 | #define Ntoskrnl_Path   "C:\\Windows\\System32\\ntoskrnl.exe"
26 | 
27 | int main() {
28 | 	PDB Task(Ntoskrnl_Path);
29 | 	Task.Load_Pdb();
30 | 	ULONG64 off = 0,off2 = 0;
31 | 	Task.GetSymOffset(L"KdDebuggerEnabled", &off);
32 | 	Task.GetMembersOffsetFromStruct(L"_EPROCESS", L"ImageFileName", &off2);
33 | 	system("pause");
34 | }
35 | ```
36 | 
37 | 


--------------------------------------------------------------------------------