248 lines
4.6 KiB
C
248 lines
4.6 KiB
C
#ifndef _NTDBG_H
|
|
#define _NTDBG_H
|
|
|
|
// Definitions
|
|
|
|
typedef struct _DBGKM_EXCEPTION
|
|
{
|
|
EXCEPTION_RECORD ExceptionRecord;
|
|
ULONG FirstChance;
|
|
} DBGKM_EXCEPTION, *PDBGKM_EXCEPTION;
|
|
|
|
typedef struct _DBGKM_CREATE_THREAD
|
|
{
|
|
ULONG SubSystemKey;
|
|
PVOID StartAddress;
|
|
} DBGKM_CREATE_THREAD, *PDBGKM_CREATE_THREAD;
|
|
|
|
typedef struct _DBGKM_CREATE_PROCESS
|
|
{
|
|
ULONG SubSystemKey;
|
|
HANDLE FileHandle;
|
|
PVOID BaseOfImage;
|
|
ULONG DebugInfoFileOffset;
|
|
ULONG DebugInfoSize;
|
|
DBGKM_CREATE_THREAD InitialThread;
|
|
} DBGKM_CREATE_PROCESS, *PDBGKM_CREATE_PROCESS;
|
|
|
|
typedef struct _DBGKM_EXIT_THREAD
|
|
{
|
|
NTSTATUS ExitStatus;
|
|
} DBGKM_EXIT_THREAD, *PDBGKM_EXIT_THREAD;
|
|
|
|
typedef struct _DBGKM_EXIT_PROCESS
|
|
{
|
|
NTSTATUS ExitStatus;
|
|
} DBGKM_EXIT_PROCESS, *PDBGKM_EXIT_PROCESS;
|
|
|
|
typedef struct _DBGKM_LOAD_DLL
|
|
{
|
|
HANDLE FileHandle;
|
|
PVOID BaseOfDll;
|
|
ULONG DebugInfoFileOffset;
|
|
ULONG DebugInfoSize;
|
|
PVOID NamePointer;
|
|
} DBGKM_LOAD_DLL, *PDBGKM_LOAD_DLL;
|
|
|
|
typedef struct _DBGKM_UNLOAD_DLL
|
|
{
|
|
PVOID BaseAddress;
|
|
} DBGKM_UNLOAD_DLL, *PDBGKM_UNLOAD_DLL;
|
|
|
|
typedef enum _DBG_STATE
|
|
{
|
|
DbgIdle,
|
|
DbgReplyPending,
|
|
DbgCreateThreadStateChange,
|
|
DbgCreateProcessStateChange,
|
|
DbgExitThreadStateChange,
|
|
DbgExitProcessStateChange,
|
|
DbgExceptionStateChange,
|
|
DbgBreakpointStateChange,
|
|
DbgSingleStepStateChange,
|
|
DbgLoadDllStateChange,
|
|
DbgUnloadDllStateChange
|
|
} DBG_STATE, *PDBG_STATE;
|
|
|
|
typedef struct _DBGUI_CREATE_THREAD
|
|
{
|
|
HANDLE HandleToThread;
|
|
DBGKM_CREATE_THREAD NewThread;
|
|
} DBGUI_CREATE_THREAD, *PDBGUI_CREATE_THREAD;
|
|
|
|
typedef struct _DBGUI_CREATE_PROCESS
|
|
{
|
|
HANDLE HandleToProcess;
|
|
HANDLE HandleToThread;
|
|
DBGKM_CREATE_PROCESS NewProcess;
|
|
} DBGUI_CREATE_PROCESS, *PDBGUI_CREATE_PROCESS;
|
|
|
|
typedef struct _DBGUI_WAIT_STATE_CHANGE
|
|
{
|
|
DBG_STATE NewState;
|
|
CLIENT_ID AppClientId;
|
|
union
|
|
{
|
|
DBGKM_EXCEPTION Exception;
|
|
DBGUI_CREATE_THREAD CreateThread;
|
|
DBGUI_CREATE_PROCESS CreateProcessInfo;
|
|
DBGKM_EXIT_THREAD ExitThread;
|
|
DBGKM_EXIT_PROCESS ExitProcess;
|
|
DBGKM_LOAD_DLL LoadDll;
|
|
DBGKM_UNLOAD_DLL UnloadDll;
|
|
} StateInfo;
|
|
} DBGUI_WAIT_STATE_CHANGE, *PDBGUI_WAIT_STATE_CHANGE;
|
|
|
|
// System calls
|
|
|
|
#define DEBUG_READ_EVENT 0x0001
|
|
#define DEBUG_PROCESS_ASSIGN 0x0002
|
|
#define DEBUG_SET_INFORMATION 0x0004
|
|
#define DEBUG_QUERY_INFORMATION 0x0008
|
|
#define DEBUG_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
|
|
DEBUG_READ_EVENT | DEBUG_PROCESS_ASSIGN | DEBUG_SET_INFORMATION | \
|
|
DEBUG_QUERY_INFORMATION)
|
|
|
|
#define DEBUG_KILL_ON_CLOSE 0x1
|
|
|
|
typedef enum _DEBUGOBJECTINFOCLASS
|
|
{
|
|
DebugObjectFlags = 1,
|
|
MaxDebugObjectInfoClass
|
|
} DEBUGOBJECTINFOCLASS, *PDEBUGOBJECTINFOCLASS;
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtCreateDebugObject(
|
|
_Out_ PHANDLE DebugObjectHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_ ULONG Flags
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtDebugActiveProcess(
|
|
_In_ HANDLE ProcessHandle,
|
|
_In_ HANDLE DebugObjectHandle
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtDebugContinue(
|
|
_In_ HANDLE DebugObjectHandle,
|
|
_In_ PCLIENT_ID ClientId,
|
|
_In_ NTSTATUS ContinueStatus
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtRemoveProcessDebug(
|
|
_In_ HANDLE ProcessHandle,
|
|
_In_ HANDLE DebugObjectHandle
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetInformationDebugObject(
|
|
_In_ HANDLE DebugObjectHandle,
|
|
_In_ DEBUGOBJECTINFOCLASS DebugObjectInformationClass,
|
|
_In_ PVOID DebugInformation,
|
|
_In_ ULONG DebugInformationLength,
|
|
_Out_opt_ PULONG ReturnLength
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtWaitForDebugEvent(
|
|
_In_ HANDLE DebugObjectHandle,
|
|
_In_ BOOLEAN Alertable,
|
|
_In_opt_ PLARGE_INTEGER Timeout,
|
|
_Out_ PVOID WaitStateChange
|
|
);
|
|
|
|
// Debugging UI
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
DbgUiConnectToDbg(
|
|
VOID
|
|
);
|
|
|
|
NTSYSAPI
|
|
HANDLE
|
|
NTAPI
|
|
DbgUiGetThreadDebugObject(
|
|
VOID
|
|
);
|
|
|
|
NTSYSAPI
|
|
VOID
|
|
NTAPI
|
|
DbgUiSetThreadDebugObject(
|
|
_In_ HANDLE DebugObject
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
DbgUiWaitStateChange(
|
|
_Out_ PDBGUI_WAIT_STATE_CHANGE StateChange,
|
|
_In_opt_ PLARGE_INTEGER Timeout
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
DbgUiContinue(
|
|
_In_ PCLIENT_ID AppClientId,
|
|
_In_ NTSTATUS ContinueStatus
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
DbgUiStopDebugging(
|
|
_In_ HANDLE Process
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
DbgUiDebugActiveProcess(
|
|
_In_ HANDLE Process
|
|
);
|
|
|
|
NTSYSAPI
|
|
VOID
|
|
NTAPI
|
|
DbgUiRemoteBreakin(
|
|
_In_ PVOID Context
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
DbgUiIssueRemoteBreakin(
|
|
_In_ HANDLE Process
|
|
);
|
|
|
|
struct _DEBUG_EVENT;
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
DbgUiConvertStateChangeStructure(
|
|
_In_ PDBGUI_WAIT_STATE_CHANGE StateChange,
|
|
_Out_ struct _DEBUG_EVENT *DebugEvent
|
|
);
|
|
|
|
#endif
|