debug helpers: __ntapi_tt_debug_execution_flow(): initial implementation.

2 files changed, 26 insertions, 0 deletions

diff --git a/include/ntapi/nt_debug.h b/include/ntapi/nt_debug.h
index 5e40cba..3e11193 100644
--- a/include/ntapi/nt_debug.h
+++ b/include/ntapi/nt_debug.h
@@ -208,6 +208,24 @@ typedef enum _nt_dbg_fltr_type {
 } nt_dbg_fltr_type;
 
 
+/* execution flow masks */
+#define NT_DBG_FLOW_MASK_IDLE			(1 << NT_DBG_STATE_IDLE)
+#define NT_DBG_FLOW_MASK_REPLY_PENDING		(1 << NT_DBG_STATE_REPLY_PENDING)
+
+#define NT_DBG_FLOW_MASK_CREATE_THREAD		(1 << NT_DBG_STATE_CREATE_THREAD)
+#define NT_DBG_FLOW_MASK_CREATE_PROCESS		(1 << NT_DBG_STATE_CREATE_PROCESS)
+
+#define NT_DBG_FLOW_MASK_EXIT_THREAD		(1 << NT_DBG_STATE_EXIT_THREAD)
+#define NT_DBG_FLOW_MASK_EXIT_PROCESS		(1 << NT_DBG_STATE_EXIT_PROCESS)
+
+#define NT_DBG_FLOW_MASK_EXCEPTION		(1 << NT_DBG_STATE_EXCEPTION)
+#define NT_DBG_FLOW_MASK_BREAKPOINT		(1 << NT_DBG_STATE_BREAKPOINT)
+#define NT_DBG_FLOW_MASK_SINGLE_STEP		(1 << NT_DBG_STATE_SINGLE_STEP)
+
+#define NT_DBG_FLOW_MASK_DLL_LOAD		(1 << NT_DBG_STATE_DLL_LOAD)
+#define NT_DBG_FLOW_MASK_DLL_UNLOAD		(1 << NT_DBG_STATE_DLL_UNLOAD)
+
+
 /* debug events */
 typedef struct _nt_dbg_km_thread_exit {
 	int32_t			exit_status;
@@ -321,4 +339,11 @@ typedef int32_t __stdcall ntapi_tt_create_attach_debug_object(
 	__in	void *		hprocess,
 	__in	uint32_t	flags);
 
+typedef int32_t	__stdcall ntapi_tt_debug_execution_flow(
+	__in	void *		hdbgobj,
+	__in	void *		hserver,
+	__in	void *		hlogfile,
+	__in	uint32_t	evtmask,
+	__in	uint64_t *	nevents);
+
 #endif
diff --git a/include/ntapi/ntapi.h b/include/ntapi/ntapi.h
index dc2c22e..493edb2 100644
--- a/include/ntapi/ntapi.h
+++ b/include/ntapi/ntapi.h
@@ -669,6 +669,7 @@ typedef struct _ntapi_vtbl {
 	/* nt_debug.h */
 	ntapi_tt_create_debug_object *			tt_create_debug_object;
 	ntapi_tt_create_attach_debug_object *		tt_create_attach_debug_object;
+	ntapi_tt_debug_execution_flow *			tt_debug_execution_flow;
 } ntapi_vtbl;