1 files changed, 25 insertions, 0 deletions

diff --git a/include/ntapi/nt_debug.h b/include/ntapi/nt_debug.h
index 5e40cba..3e11193 100644
--- a/include/ntapi/nt_debug.h
+++ b/include/ntapi/nt_debug.h
@@ -208,6 +208,24 @@ typedef enum _nt_dbg_fltr_type {
 } nt_dbg_fltr_type;
 
 
+/* execution flow masks */
+#define NT_DBG_FLOW_MASK_IDLE			(1 << NT_DBG_STATE_IDLE)
+#define NT_DBG_FLOW_MASK_REPLY_PENDING		(1 << NT_DBG_STATE_REPLY_PENDING)
+
+#define NT_DBG_FLOW_MASK_CREATE_THREAD		(1 << NT_DBG_STATE_CREATE_THREAD)
+#define NT_DBG_FLOW_MASK_CREATE_PROCESS		(1 << NT_DBG_STATE_CREATE_PROCESS)
+
+#define NT_DBG_FLOW_MASK_EXIT_THREAD		(1 << NT_DBG_STATE_EXIT_THREAD)
+#define NT_DBG_FLOW_MASK_EXIT_PROCESS		(1 << NT_DBG_STATE_EXIT_PROCESS)
+
+#define NT_DBG_FLOW_MASK_EXCEPTION		(1 << NT_DBG_STATE_EXCEPTION)
+#define NT_DBG_FLOW_MASK_BREAKPOINT		(1 << NT_DBG_STATE_BREAKPOINT)
+#define NT_DBG_FLOW_MASK_SINGLE_STEP		(1 << NT_DBG_STATE_SINGLE_STEP)
+
+#define NT_DBG_FLOW_MASK_DLL_LOAD		(1 << NT_DBG_STATE_DLL_LOAD)
+#define NT_DBG_FLOW_MASK_DLL_UNLOAD		(1 << NT_DBG_STATE_DLL_UNLOAD)
+
+
 /* debug events */
 typedef struct _nt_dbg_km_thread_exit {
 	int32_t			exit_status;
@@ -321,4 +339,11 @@ typedef int32_t __stdcall ntapi_tt_create_attach_debug_object(
 	__in	void *		hprocess,
 	__in	uint32_t	flags);
 
+typedef int32_t	__stdcall ntapi_tt_debug_execution_flow(
+	__in	void *		hdbgobj,
+	__in	void *		hserver,
+	__in	void *		hlogfile,
+	__in	uint32_t	evtmask,
+	__in	uint64_t *	nevents);
+
 #endif