debug helpers: added __ntapi_tt_create_{attach_}debug_object().

3 files changed, 123 insertions, 1 deletions

diff --git a/src/debug/ntapi_tt_create_debug_object.c b/src/debug/ntapi_tt_create_debug_object.c
new file mode 100644
index 0000000..334ffd2
--- /dev/null
+++ b/src/debug/ntapi_tt_create_debug_object.c
@@ -0,0 +1,114 @@
+#include <psxtypes/psxtypes.h>
+#include <ntapi/nt_object.h>
+#include <ntapi/nt_debug.h>
+#include <ntapi/nt_guid.h>
+#include <ntapi/nt_acl.h>
+#include "ntapi_impl.h"
+
+static nt_access_allowed_ace * __dbg_ace_init(
+	nt_access_allowed_ace * ace,
+	uint32_t		mask,
+	const nt_sid *		sid)
+{
+	ace->mask             = mask;
+	ace->header.ace_type  = NT_ACE_TYPE_ACCESS_ALLOWED;
+	ace->header.ace_flags = 0;
+	ace->header.ace_size  = sizeof(uint32_t) * sid->sub_authority_count
+	                        + __offsetof(nt_access_allowed_ace,sid_start)
+	                        + __offsetof(nt_sid,sub_authority);
+
+	__ntapi->tt_sid_copy(
+		(nt_sid *)&ace->sid_start,
+		sid);
+
+	return (nt_access_allowed_ace *)((size_t)ace + ace->header.ace_size);
+}
+
+static void __dbg_sd_init(nt_sd_common_buffer * sd)
+{
+	nt_access_allowed_ace * ace;
+	uint32_t		mask_system;
+	uint32_t		mask_owner;
+	uint32_t		mask_other;
+
+	/* access mask */
+	mask_system = NT_DEBUG_ALL_ACCESS;
+	mask_owner  = NT_DEBUG_ALL_ACCESS;
+	mask_other  = NT_SEC_READ_CONTROL | NT_SEC_SYNCHRONIZE;
+
+	/* sd header */
+	sd->sd.revision         = 1;
+	sd->sd.sbz_1st          = 0;
+	sd->sd.control          = NT_SE_SELF_RELATIVE | NT_SE_DACL_PRESENT;
+	sd->sd.offset_owner     = __offsetof(nt_sd_common_buffer,owner);
+	sd->sd.offset_group     = 0;
+	sd->sd.offset_dacl      = __offsetof(nt_sd_common_buffer,dacl);
+	sd->sd.offset_sacl      = 0;
+
+	/* owner sid */
+	__ntapi->tt_sid_copy(
+		(nt_sid *)&sd->owner,
+		__ntapi_internals()->user);
+
+
+	/* ace's for LOCAL_SYSTEM, AUTHENTICATED_USERS, and process token user */
+	ace = (nt_access_allowed_ace *)&sd->buffer;
+	ace = __dbg_ace_init(ace,mask_system,&(nt_sid){1,1,{{0,0,0,0,0,5}},{18}});
+	ace = __dbg_ace_init(ace,mask_other,&(nt_sid){1,1,{{0,0,0,0,0,5}},{11}});
+	ace = __dbg_ace_init(ace,mask_owner,(nt_sid *)&sd->owner);
+
+	sd->dacl.acl_revision   = 0x02;
+	sd->dacl.sbz_1st        = 0;
+	sd->dacl.acl_size       = (uint16_t)((char *)ace - (char *)&sd->dacl);
+	sd->dacl.ace_count      = 3;
+	sd->dacl.sbz_2nd        = 0;
+
+}
+
+int32_t __stdcall __ntapi_tt_create_debug_object(
+	__out	void **		hdbgobj,
+	__in	uint32_t	flags)
+{
+	nt_oa			oa;
+	nt_sd_common_buffer	sd;
+	nt_sqos			sqos = {
+					sizeof(sqos),
+					NT_SECURITY_IMPERSONATION,
+					NT_SECURITY_TRACKING_DYNAMIC,
+					1};
+
+	__dbg_sd_init(&sd);
+
+	oa.len       = sizeof(oa);
+	oa.root_dir  = 0;
+	oa.obj_name  = 0;
+	oa.obj_attr  = 0;
+	oa.sec_desc  = &sd.sd;
+	oa.sec_qos   = &sqos;
+
+	return __ntapi->zw_create_debug_object(
+		hdbgobj,
+		NT_DEBUG_ALL_ACCESS,
+		&oa,flags);
+}
+
+int32_t __stdcall __ntapi_tt_create_attach_debug_object(
+	__out	void **		hdbgobj,
+	__in	void *		hprocess,
+	__in	uint32_t	flags)
+{
+	int32_t	status;
+	void *	hdebug;
+
+	if ((status = __ntapi_tt_create_debug_object(&hdebug,flags)))
+		return status;
+
+	if ((status = __ntapi->zw_debug_active_process(hprocess,hdebug))) {
+		__ntapi->zw_close(hdebug);
+		return status;
+	}
+
+	*hdbgobj = hdebug;
+
+	return NT_STATUS_SUCCESS;
+}
diff --git a/src/internal/ntapi.c b/src/internal/ntapi.c
index c96c62b..2bd5299 100644
--- a/src/internal/ntapi.c
+++ b/src/internal/ntapi.c
@@ -443,6 +443,10 @@ static int32_t __fastcall __ntapi_init_once(ntapi_vtbl ** pvtbl)
 	__ntapi->log_fn_call					= __ntapi_log_fn_call;
 	__ntapi->log_msg 					= __ntapi_log_msg;
 
+	/* nt_debug.h */
+	__ntapi->tt_create_debug_object				= __ntapi_tt_create_debug_object;
+	__ntapi->tt_create_attach_debug_object			= __ntapi_tt_create_attach_debug_object;
+
 
 	/* OS version dependent functions */
 	if (__ntapi->zw_create_user_process) {
diff --git a/src/internal/ntapi_fnapi.h b/src/internal/ntapi_fnapi.h
index f1a6792..1ee52ed 100644
--- a/src/internal/ntapi_fnapi.h
+++ b/src/internal/ntapi_fnapi.h
@@ -329,11 +329,15 @@ NTAPI_UFN(tt_guid_compare);
 NTAPI_UFN(tt_guid_to_string_utf16);
 NTAPI_UFN(tt_string_to_guid_utf16);
 
-/* debug */
+/* log */
 NTAPI_UFN(log_write);
 NTAPI_UFN(log_fn_call);
 NTAPI_UFN(log_msg);
 
+/* debug */
+NTAPI_UFN(tt_create_debug_object);
+NTAPI_UFN(tt_create_attach_debug_object);
+
 /* csrss */
 NTAPI_VFN(tt_get_csr_port_handle_addr_by_logic,i386);
 NTAPI_VFN(tt_get_csr_port_handle_addr_by_logic,x86_64);