-
Notifications
You must be signed in to change notification settings - Fork 12
/
Copy pathdbgktypes.h
244 lines (210 loc) · 5.09 KB
/
dbgktypes.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
/*++ NDK Version: 0098
Copyright (c) Alex Ionescu. All rights reserved.
Header Name:
dbgktypes.h
Abstract:
Type definitions for the User Mode Debugging Facility.
Author:
Alex Ionescu ([email protected]) - Updated - 27-Feb-2006
--*/
#ifndef _DBGKTYPES_H
#define _DBGKTYPES_H
//
// Dependencies
//
#include <..\ndk\umtypes.h>
#include <..\ndk\lpctypes.h>
//
// Debug Object Access Masks
//
#define DEBUG_OBJECT_WAIT_STATE_CHANGE 0x0001
#define DEBUG_OBJECT_ADD_REMOVE_PROCESS 0x0002
#define DEBUG_OBJECT_SET_INFORMATION 0x0004
#define DEBUG_OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x0F)
//
// Debug Event Flags
//
#define DEBUG_EVENT_READ (0x01)
#define DEBUG_EVENT_NOWAIT (0x02)
#define DEBUG_EVENT_INACTIVE (0x04)
#define DEBUG_EVENT_RELEASE (0x08)
#define DEBUG_EVENT_PROTECT_FAILED (0x10)
#define DEBUG_EVENT_SUSPEND (0x20)
//
// NtCreateDebugObject Flags
//
#define DBGK_KILL_PROCESS_ON_EXIT (0x1)
#define DBGK_ALL_FLAGS (DBGK_KILL_PROCESS_ON_EXIT)
//
// Debug Object Information Classes for NtQueryDebugObject
//
typedef enum _DEBUGOBJECTINFOCLASS
{
DebugObjectUnusedInformation,
DebugObjectKillProcessOnExitInformation
} DEBUGOBJECTINFOCLASS, *PDEBUGOBJECTINFOCLASS;
//
// Debug Message API Number
//
typedef enum _DBGKM_APINUMBER
{
DbgKmExceptionApi = 0,
DbgKmCreateThreadApi = 1,
DbgKmCreateProcessApi = 2,
DbgKmExitThreadApi = 3,
DbgKmExitProcessApi = 4,
DbgKmLoadDllApi = 5,
DbgKmUnloadDllApi = 6,
DbgKmErrorReportApi = 7,
DbgKmMaxApiNumber = 8,
} DBGKM_APINUMBER;
//
// Debug Object Information Structures
//
typedef struct _DEBUG_OBJECT_KILL_PROCESS_ON_EXIT_INFORMATION
{
ULONG KillProcessOnExit;
} DEBUG_OBJECT_KILL_PROCESS_ON_EXIT_INFORMATION, *PDEBUG_OBJECT_KILL_PROCESS_ON_EXIT_INFORMATION;
#ifndef NTOS_MODE_USER
//
// Debug Object
//
typedef struct _DEBUG_OBJECT
{
KEVENT EventsPresent;
FAST_MUTEX Mutex;
LIST_ENTRY EventList;
union
{
ULONG Flags;
struct
{
UCHAR DebuggerInactive:1;
UCHAR KillProcessOnExit:1;
};
};
} DEBUG_OBJECT, *PDEBUG_OBJECT;
#endif
//
// Debug States
//
typedef enum _DBG_STATE
{
DbgIdle,
DbgReplyPending,
DbgCreateThreadStateChange,
DbgCreateProcessStateChange,
DbgExitThreadStateChange,
DbgExitProcessStateChange,
DbgExceptionStateChange,
DbgBreakpointStateChange,
DbgSingleStepStateChange,
DbgLoadDllStateChange,
DbgUnloadDllStateChange
} DBG_STATE, *PDBG_STATE;
//
// Debug Message Structures
//
typedef struct _DBGKM_EXCEPTION
{
EXCEPTION_RECORD ExceptionRecord;
ULONG FirstChance;
} DBGKM_EXCEPTION, *PDBGKM_EXCEPTION;
typedef struct _DBGKM_CREATE_THREAD
{
ULONG SubSystemKey;
PVOID StartAddress;
} DBGKM_CREATE_THREAD, *PDBGKM_CREATE_THREAD;
typedef struct _DBGKM_CREATE_PROCESS
{
ULONG SubSystemKey;
HANDLE FileHandle;
PVOID BaseOfImage;
ULONG DebugInfoFileOffset;
ULONG DebugInfoSize;
DBGKM_CREATE_THREAD InitialThread;
} DBGKM_CREATE_PROCESS, *PDBGKM_CREATE_PROCESS;
typedef struct _DBGKM_EXIT_THREAD
{
NTSTATUS ExitStatus;
} DBGKM_EXIT_THREAD, *PDBGKM_EXIT_THREAD;
typedef struct _DBGKM_EXIT_PROCESS
{
NTSTATUS ExitStatus;
} DBGKM_EXIT_PROCESS, *PDBGKM_EXIT_PROCESS;
typedef struct _DBGKM_LOAD_DLL
{
HANDLE FileHandle;
PVOID BaseOfDll;
ULONG DebugInfoFileOffset;
ULONG DebugInfoSize;
PVOID NamePointer;
} DBGKM_LOAD_DLL, *PDBGKM_LOAD_DLL;
typedef struct _DBGKM_UNLOAD_DLL
{
PVOID BaseAddress;
} DBGKM_UNLOAD_DLL, *PDBGKM_UNLOAD_DLL;
//
// User-Mode Debug State Change Structure
//
typedef struct _DBGUI_WAIT_STATE_CHANGE
{
DBG_STATE NewState;
CLIENT_ID AppClientId;
union
{
struct
{
HANDLE HandleToThread;
DBGKM_CREATE_THREAD NewThread;
} CreateThread;
struct
{
HANDLE HandleToProcess;
HANDLE HandleToThread;
DBGKM_CREATE_PROCESS NewProcess;
} CreateProcessInfo;
DBGKM_EXIT_THREAD ExitThread;
DBGKM_EXIT_PROCESS ExitProcess;
DBGKM_EXCEPTION Exception;
DBGKM_LOAD_DLL LoadDll;
DBGKM_UNLOAD_DLL UnloadDll;
} StateInfo;
} DBGUI_WAIT_STATE_CHANGE, *PDBGUI_WAIT_STATE_CHANGE;
//
// LPC Debug Message
//
typedef struct _DBGKM_MSG
{
PORT_MESSAGE h;
DBGKM_APINUMBER ApiNumber;
NTSTATUS ReturnedStatus;
union
{
DBGKM_EXCEPTION Exception;
DBGKM_CREATE_THREAD CreateThread;
DBGKM_CREATE_PROCESS CreateProcess;
DBGKM_EXIT_THREAD ExitThread;
DBGKM_EXIT_PROCESS ExitProcess;
DBGKM_LOAD_DLL LoadDll;
DBGKM_UNLOAD_DLL UnloadDll;
};
} DBGKM_MSG, *PDBGKM_MSG;
#ifndef NTOS_MODE_USER
//
// Debug Event
//
typedef struct _DEBUG_EVENT
{
LIST_ENTRY EventList;
KEVENT ContinueEvent;
CLIENT_ID ClientId;
PEPROCESS Process;
PETHREAD Thread;
NTSTATUS Status;
ULONG Flags;
PETHREAD BackoutThread;
DBGKM_MSG ApiMsg;
} DEBUG_EVENT, *PDEBUG_EVENT;
#endif
#endif