Hook Unexported Functions

PDB files provide a simple approach to locate and hook unexported functions, especially for those static-linked functions, and usually they can be easily obtained in addition to pre-built release files (e.g. Apache, PHP, Subversion). Moreover, I'm lazy and do not want to modify and recompile a large project such as Subversion to export some internal API functions just for instrumentation. DIA provides a group of convenient interfaces though it is COM:-)

There are some pitfalls as well. First, remember to call the method ISession::put_loadAddress to set the base address of a module before any other invocation, otherwise retrieved function addresses would be invalid. Besides, the documentation of GetModuleInformation which can be used to get the base address of a module is wrong: providing NULL for the first parameter hProcess for current calling process, as is described in MSDN, leads to unexpected failure. Use INVALID_HANDLE_VALUE(-1) or GetCurrentProcess() instead.