summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--include/ntapi/ntapi.h11
-rw-r--r--src/internal/ntapi_hash_table.h66
-rw-r--r--src/refs/NTHASH8
3 files changed, 56 insertions, 29 deletions
diff --git a/include/ntapi/ntapi.h b/include/ntapi/ntapi.h
index ec4fb31..ae47447 100644
--- a/include/ntapi/ntapi.h
+++ b/include/ntapi/ntapi.h
@@ -23,6 +23,7 @@
#include "nt_registry.h"
#include "nt_security.h"
#include "nt_pnp.h"
+#include "nt_debug.h"
#include "nt_exception.h"
#include "nt_locale.h"
#include "nt_uuid.h"
@@ -317,6 +318,16 @@ typedef struct _ntapi_vtbl {
ntapi_zw_plug_play_control * zw_plug_play_control;
ntapi_zw_get_plug_play_event * zw_get_plug_play_event;
+ /* nt_debug.h */
+ ntapi_zw_create_debug_object * zw_create_debug_object;
+ ntapi_zw_debug_active_process * zw_debug_active_process;
+ ntapi_zw_remove_process_debug * zw_remove_process_debug;
+ ntapi_zw_wait_for_debug_event * zw_wait_for_debug_event;
+ ntapi_zw_debug_continue * zw_debug_continue;
+ ntapi_zw_set_information_debug_object * zw_set_information_debug_object;
+ ntapi_zw_query_debug_filter_state * zw_query_debug_filter_state;
+ ntapi_zw_set_debug_filter_state * zw_set_debug_filter_state;
+
/* nt_exception */
ntapi_zw_raise_exception * zw_raise_exception;
ntapi_zw_continue * zw_continue;
diff --git a/src/internal/ntapi_hash_table.h b/src/internal/ntapi_hash_table.h
index 49448d9..540b482 100644
--- a/src/internal/ntapi_hash_table.h
+++ b/src/internal/ntapi_hash_table.h
@@ -22,6 +22,7 @@
{0x06b550e3, (146)}, /* ZwWriteRequestData */ \
{0x0708114b, (50)}, /* ZwTestAlert */ \
{0x08087626, (34)}, /* ZwOpenSection */ \
+ {0x0815d651, (230)}, /* ZwSetInformationDebugObject */ \
{0x08b1918f, (45)}, /* ZwSuspendThread */ \
{0x097e0efd, (154)}, /* ZwOpenFile */ \
{0x0a7a10d0, (88)}, /* ZwOpenTimer */ \
@@ -31,15 +32,16 @@
{0x0d638bd2, (74)}, /* ZwSetInformationJobObject */ \
{0x0e629eed, (102)}, /* ZwQuerySemaphore */ \
{0x11fcbb7c, (23)}, /* ZwReadVirtualMemory */ \
+ {0x121f1e7e, (225)}, /* ZwCreateDebugObject */ \
{0x124a301e, (16)}, /* ZwSetSystemEnvironmentValue */ \
- {0x12ec66eb, (227)}, /* ZwQueryDefaultLocale */ \
+ {0x12ec66eb, (235)}, /* ZwQueryDefaultLocale */ \
{0x1742c5c9, (162)}, /* ZwWriteFileGather */ \
{0x177157e3, (42)}, /* ZwTerminateThread */ \
{0x1af41c1a, (22)}, /* ZwProtectVirtualMemory */ \
- {0x1c0197e6, (233)}, /* ZwAllocateUuids */ \
+ {0x1c0197e6, (241)}, /* ZwAllocateUuids */ \
{0x1c7a90a1, (5)}, /* ZwQuerySecurityObject */ \
{0x1cf668c5, (194)}, /* ZwQueryKey */ \
- {0x21b850be, (250)}, /* _snprintf */ \
+ {0x21b850be, (258)}, /* _snprintf */ \
{0x2259fc62, (2)}, /* ZwDuplicateObject */ \
{0x24e09c64, (18)}, /* ZwSystemDebugControl */ \
{0x255bf138, (142)}, /* ZwReplyWaitReplyPort */ \
@@ -47,13 +49,13 @@
{0x25d91d90, (71)}, /* ZwTerminateJobObject */ \
{0x26e1170e, (193)}, /* ZwSetInformationKey */ \
{0x27dd46c3, (29)}, /* ZwFreeUserPhysicalPages */ \
- {0x2812eb3c, (232)}, /* ZwAllocateLocallyUniqueId */ \
+ {0x2812eb3c, (240)}, /* ZwAllocateLocallyUniqueId */ \
{0x28574a3f, (77)}, /* ZwOpenThreadToken */ \
{0x29b5ea3d, (140)}, /* ZwRequestWaitReplyPort */ \
{0x2a6ac6fb, (26)}, /* ZwUnlockVirtualMemory */ \
{0x2aad9aed, (83)}, /* ZwSetInformationToken */ \
{0x2b2356f7, (52)}, /* ZwAlertResumeThread */ \
- {0x2c0f001a, (230)}, /* ZwSetDefaultUILanguage */ \
+ {0x2c0f001a, (238)}, /* ZwSetDefaultUILanguage */ \
{0x2f22b634, (96)}, /* ZwResetEvent */ \
{0x30309daa, (170)}, /* ZwCreateNamedPipeFile */ \
{0x3064d37b, (68)}, /* RtlQueryProcessDebugInformation */ \
@@ -66,19 +68,20 @@
{0x391b8d79, (157)}, /* ZwCancelIoFile */ \
{0x3928a4cc, (20)}, /* ZwFreeVirtualMemory */ \
{0x39bea937, (89)}, /* ZwCancelTimer */ \
- {0x3abffc38, (239)}, /* ZwFlushWriteBuffer */ \
+ {0x3abffc38, (247)}, /* ZwFlushWriteBuffer */ \
{0x3b1f8d85, (124)}, /* ZwQueryTimerResolution */ \
- {0x3d4aceeb, (248)}, /* memset */ \
+ {0x3cd73491, (226)}, /* ZwDebugActiveProcess */ \
+ {0x3d4aceeb, (256)}, /* memset */ \
{0x3e1d331d, (44)}, /* ZwSetInformationThread */ \
{0x3f62370b, (204)}, /* ZwPrivilegeCheck */ \
{0x416c4024, (118)}, /* ZwSetLowWaitHighEventPair */ \
{0x43c1745d, (92)}, /* ZwCreateEvent */ \
- {0x43d65de2, (231)}, /* ZwQueryInstallUILanguage */ \
+ {0x43d65de2, (239)}, /* ZwQueryInstallUILanguage */ \
{0x45d7086f, (108)}, /* ZwOpenIoCompletion */ \
{0x465977c0, (129)}, /* ZwQueryIntervalProfile */ \
{0x47b3fd39, (8)}, /* ZwOpenDirectoryObject */ \
{0x47dd6896, (171)}, /* ZwCreateMailslotFile */ \
- {0x49d62b40, (246)}, /* LdrLoadDll */ \
+ {0x49d62b40, (254)}, /* LdrLoadDll */ \
{0x4a638203, (91)}, /* ZwQueryTimer */ \
{0x4c51093e, (189)}, /* ZwLoadKey2 */ \
{0x4cb0ea34, (206)}, /* ZwPrivilegedServiceAuditAlarm */ \
@@ -93,33 +96,34 @@
{0x50f7777d, (84)}, /* ZwWaitForSingleObject */ \
{0x513877ab, (61)}, /* ZwSetInformationProcess */ \
{0x51d5c98d, (137)}, /* ZwAcceptConnectPort */ \
- {0x51ddffce, (242)}, /* ZwDisplayString */ \
+ {0x51ddffce, (250)}, /* ZwDisplayString */ \
{0x51fbe1c4, (165)}, /* ZwDeviceIoControlFile */ \
{0x52334a05, (213)}, /* ZwDeleteObjectAuditAlarm */ \
{0x5288a7cf, (46)}, /* ZwResumeThread */ \
{0x54a89e87, (131)}, /* ZwStopProfile */ \
{0x56ada303, (185)}, /* ZwSaveKey */ \
+ {0x573e11b1, (231)}, /* ZwQueryDebugFilterState */ \
{0x57dd87c6, (114)}, /* ZwWaitLowEventPair */ \
- {0x5879157d, (241)}, /* ZwSetDefaultHardErrorPort */ \
+ {0x5879157d, (249)}, /* ZwSetDefaultHardErrorPort */ \
{0x58b766a7, (200)}, /* ZwQueryValueKey */ \
{0x59d0cf7f, (9)}, /* ZwQueryDirectoryObject */ \
{0x5a201018, (180)}, /* ZwSetInformationFile */ \
{0x5b24a650, (155)}, /* ZwDeleteFile */ \
{0x5cc5b0cc, (149)}, /* CsrClientCallServer */ \
- {0x5ccb443b, (245)}, /* ZwVdmControl */ \
+ {0x5ccb443b, (253)}, /* ZwVdmControl */ \
{0x5d5b0c74, (15)}, /* ZwQuerySystemEnvironmentValue */ \
{0x5dcf9e33, (205)}, /* ZwPrivilegeObjectAuditAlarm */ \
{0x5f3fb511, (164)}, /* ZwUnlockFile */ \
{0x60ebf65f, (120)}, /* ZwQuerySystemTime */ \
- {0x63033516, (244)}, /* ZwSetLdtEntries */ \
+ {0x63033516, (252)}, /* ZwSetLdtEntries */ \
{0x63cc9e64, (66)}, /* RtlCreateQueryDebugBuffer */ \
{0x64a2ceb5, (56)}, /* ZwCreateProcess */ \
{0x654da6fd, (143)}, /* ZwReplyWaitReceivePort */ \
- {0x6570064e, (243)}, /* ZwCreatePagingFile */ \
+ {0x6570064e, (251)}, /* ZwCreatePagingFile */ \
{0x65b5374b, (14)}, /* ZwSetSystemInformation */ \
{0x6a2d88fc, (126)}, /* ZwYieldExecution */ \
{0x6c1b25c0, (97)}, /* ZwClearEvent */ \
- {0x6db16208, (238)}, /* ZwQueryInformationAtom */ \
+ {0x6db16208, (246)}, /* ZwQueryInformationAtom */ \
{0x6e0c0f9d, (65)}, /* RtlNormalizeProcessParams */ \
{0x6f11895e, (217)}, /* ZwIsSystemResumeAutomatic */ \
{0x7160272d, (144)}, /* ZwReplyWaitReceivePortEx */ \
@@ -133,13 +137,14 @@
{0x78327b0d, (173)}, /* ZwSetVolumeInformationFile */ \
{0x78a28538, (80)}, /* ZwAdjustPrivilegesToken */ \
{0x7b9f9b64, (182)}, /* ZwOpenKey */ \
- {0x7c868d67, (252)}, /* _vsnprintf */ \
+ {0x7c868d67, (260)}, /* _vsnprintf */ \
{0x7ccd8968, (138)}, /* ZwCompleteConnectPort */ \
{0x7dfb3677, (169)}, /* ZwSetEaFile */ \
{0x7e21039a, (87)}, /* ZwCreateTimer */ \
- {0x7e92a7a6, (251)}, /* vsprintf */ \
+ {0x7e92a7a6, (259)}, /* vsprintf */ \
{0x7ec723c2, (122)}, /* ZwQueryPerformanceCounter */ \
{0x7f99ab33, (145)}, /* ZwReadRequestData */ \
+ {0x8053fc81, (228)}, /* ZwWaitForDebugEvent */ \
{0x81b18dcd, (21)}, /* ZwQueryVirtualMemory */ \
{0x842e9cbb, (43)}, /* ZwQueryInformationThread */ \
{0x84d52359, (112)}, /* ZwCreateEventPair */ \
@@ -147,7 +152,7 @@
{0x850106f7, (7)}, /* ZwCreateDirectoryObject */ \
{0x8548dfbd, (106)}, /* ZwQueryMutant */ \
{0x85f069ec, (197)}, /* ZwNotifyChangeMultipleKeys */ \
- {0x87763935, (249)}, /* sprintf */ \
+ {0x87763935, (257)}, /* sprintf */ \
{0x87fd0a60, (24)}, /* ZwWriteVirtualMemory */ \
{0x8a1989d8, (136)}, /* ZwListenPort */ \
{0x8afaa2ca, (31)}, /* ZwGetWriteWatch */ \
@@ -166,14 +171,16 @@
{0x920b0183, (116)}, /* ZwWaitHighEventPair */ \
{0x9331fae3, (25)}, /* ZwLockVirtualMemory */ \
{0x9384c236, (103)}, /* ZwCreateMutant */ \
+ {0x93cf5771, (232)}, /* ZwSetDebugFilterState */ \
{0x93e64266, (130)}, /* ZwStartProfile */ \
{0x949f76b6, (19)}, /* ZwAllocateVirtualMemory */ \
{0x956ba548, (11)}, /* ZwOpenSymbolicLinkObject */ \
- {0x963cafbc, (229)}, /* ZwQueryDefaultUILanguage */ \
+ {0x9636e6ce, (227)}, /* ZwRemoveProcessDebug */ \
+ {0x963cafbc, (237)}, /* ZwQueryDefaultUILanguage */ \
{0x9731aded, (178)}, /* ZwQueryDirectoryFile */ \
{0x978855cd, (37)}, /* ZwMapViewOfSection */ \
{0x98058c5c, (86)}, /* ZwWaitForMultipleObjects */ \
- {0x997388d8, (237)}, /* ZwDeleteAtom */ \
+ {0x997388d8, (245)}, /* ZwDeleteAtom */ \
{0x9bf04a73, (172)}, /* ZwQueryVolumeInformationFile */ \
{0x9c805856, (167)}, /* ZwNotifyChangeDirectoryFile */ \
{0x9d9c64db, (186)}, /* ZwSaveMergedKeys */ \
@@ -183,7 +190,7 @@
{0xa313f9b0, (220)}, /* ZwSetSystemPowerState */ \
{0xa34a43e1, (48)}, /* ZwSetContextThread */ \
{0xa51616fd, (156)}, /* ZwFlushBuffersFile */ \
- {0xa589ce00, (226)}, /* ZwContinue */ \
+ {0xa589ce00, (234)}, /* ZwContinue */ \
{0xa5b2c609, (117)}, /* ZwSetHighEventPair */ \
{0xa8720028, (153)}, /* ZwCreateFile */ \
{0xa93301f4, (110)}, /* ZwRemoveIoCompletion */ \
@@ -201,21 +208,22 @@
{0xb3a5ef4c, (64)}, /* RtlDestroyProcessParameters */ \
{0xb3d90f63, (60)}, /* ZwQueryInformationProcess */ \
{0xb3f8b8ba, (184)}, /* ZwFlushKey */ \
- {0xb468e7d0, (225)}, /* ZwRaiseException */ \
+ {0xb468e7d0, (233)}, /* ZwRaiseException */ \
{0xb4f463e1, (175)}, /* ZwSetQuotaInformationFile */ \
{0xb5ce95b0, (109)}, /* ZwSetIoCompletion */ \
{0xb677bd15, (219)}, /* ZwGetDevicePowerState */ \
{0xb891d19c, (141)}, /* ZwReplyPort */ \
{0xba08cfed, (221)}, /* ZwInitiatePowerAction */ \
- {0xba5bdfc3, (234)}, /* ZwSetUuidSeed */ \
+ {0xba5bdfc3, (242)}, /* ZwSetUuidSeed */ \
+ {0xba812651, (229)}, /* ZwDebugContinue */ \
{0xbc310050, (133)}, /* ZwCreateWaitablePort */ \
{0xbde7d8d1, (151)}, /* ZwLoadDriver */ \
{0xbe9990b9, (134)}, /* ZwConnectPort */ \
{0xc0040fd0, (90)}, /* ZwSetTimer */ \
- {0xc00fc05c, (240)}, /* ZwRaiseHardError */ \
+ {0xc00fc05c, (248)}, /* ZwRaiseHardError */ \
{0xc4bd0fda, (99)}, /* ZwCreateSemaphore */ \
{0xc524def2, (148)}, /* ZwImpersonateClientOfPort */ \
- {0xc6a277e0, (236)}, /* ZwFindAtom */ \
+ {0xc6a277e0, (244)}, /* ZwFindAtom */ \
{0xc6de9ce3, (139)}, /* ZwRequestPort */ \
{0xc707f028, (27)}, /* ZwFlushVirtualMemory */ \
{0xc70d789c, (69)}, /* ZwCreateJobObject */ \
@@ -223,7 +231,7 @@
{0xc7835b75, (195)}, /* ZwEnumerateKey */ \
{0xc7d8afa4, (85)}, /* ZwSignalAndWaitForSingleObject */ \
{0xc94ea8a6, (81)}, /* ZwAdjustGroupsToken */ \
- {0xc9f42a5d, (235)}, /* ZwAddAtom */ \
+ {0xc9f42a5d, (243)}, /* ZwAddAtom */ \
{0xca250552, (210)}, /* ZwAccessCheckByTypeResultList */ \
{0xcaf1f803, (152)}, /* ZwUnloadDriver */ \
{0xcb3c8251, (223)}, /* ZwPlugPlayControl */ \
@@ -234,9 +242,9 @@
{0xd48a2bbc, (40)}, /* ZwCreateThread */ \
{0xd517401d, (54)}, /* ZwImpersonateThread */ \
{0xd5a16cee, (51)}, /* ZwAlertThread */ \
- {0xd628c8f6, (228)}, /* ZwSetDefaultLocale */ \
+ {0xd628c8f6, (236)}, /* ZwSetDefaultLocale */ \
{0xd7fef93d, (201)}, /* ZwEnumerateValueKey */ \
- {0xda57df71, (247)}, /* LdrUnloadDll */ \
+ {0xda57df71, (255)}, /* LdrUnloadDll */ \
{0xdaa7575e, (215)}, /* ZwAccessCheckByTypeResultListAndAuditAlarm */ \
{0xde07d08f, (224)}, /* ZwGetPlugPlayEvent */ \
{0xde5468ed, (202)}, /* ZwQueryMultipleValueKey */ \
@@ -264,6 +272,6 @@
{0xf425639c, (104)}, /* ZwOpenMutant */ \
{0xfde47817, (94)}, /* ZwSetEvent */ \
-#define __NT_IMPORTED_SYMBOLS_ARRAY_SIZE 253
+#define __NT_IMPORTED_SYMBOLS_ARRAY_SIZE 261
#endif
diff --git a/src/refs/NTHASH b/src/refs/NTHASH
index 77ba37d..37cad44 100644
--- a/src/refs/NTHASH
+++ b/src/refs/NTHASH
@@ -223,6 +223,14 @@ ZwInitiatePowerAction
ZwPowerInformation
ZwPlugPlayControl
ZwGetPlugPlayEvent
+ZwCreateDebugObject
+ZwDebugActiveProcess
+ZwRemoveProcessDebug
+ZwWaitForDebugEvent
+ZwDebugContinue
+ZwSetInformationDebugObject
+ZwQueryDebugFilterState
+ZwSetDebugFilterState
ZwRaiseException
ZwContinue
ZwQueryDefaultLocale