summaryrefslogtreecommitdiffhomepage
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/ntapi/nt_debug.h314
1 files changed, 314 insertions, 0 deletions
diff --git a/include/ntapi/nt_debug.h b/include/ntapi/nt_debug.h
new file mode 100644
index 0000000..284e7ff
--- /dev/null
+++ b/include/ntapi/nt_debug.h
@@ -0,0 +1,314 @@
+#ifndef _NT_DEBUG_H_
+#define _NT_DEBUG_H_
+
+#include "nt_abi.h"
+#include "nt_object.h"
+#include "nt_exception.h"
+
+
+/* debug access rights */
+#define NT_DEBUG_SPECIFIC_RIGHTS (0xf)
+#define NT_DEBUG_ALL_ACCESS (NT_SEC_STANDARD_RIGHTS_ALL \
+ | NT_DEBUG_SPECIFIC_RIGHTS)
+
+/* debug flags */
+#define NT_DEBUG_DETACH_ON_EXIT (0x0)
+#define NT_DEBUG_KILL_ON_EXIT (0x1)
+
+
+/* debug object information classes */
+#define NT_DEBUG_OBJECT_FLAGS_INFO (0X1)
+
+
+/* debug filter mask */
+#define NT_DBG_FLTR_ERROR_LEVEL (0x0)
+#define NT_DBG_FLTR_WARNING_LEVEL (0x1)
+#define NT_DBG_FLTR_TRACE_LEVEL (0x2)
+#define NT_DBG_FLTR_INFO_LEVEL (0x3)
+#define NT_DBG_FLTR_MASK (0x8000000)
+
+
+/* debug states */
+typedef enum _nt_dbg_state {
+ NT_DBG_STATE_IDLE,
+ NT_DBG_STATE_REPLY_PENDING,
+
+ NT_DBG_STATE_CREATE_THREAD,
+ NT_DBG_STATE_CREATE_PROCESS,
+
+ NT_DBG_STATE_EXIT_THREAD,
+ NT_DBG_STATE_EXIT_PROCESS,
+
+ NT_DBG_STATE_EXCEPTION,
+ NT_DBG_STATE_BREAKPOINT,
+ NT_DBG_STATE_SINGLE_STEP,
+
+ NT_DBG_STATE_DLL_LOAD,
+ NT_DBG_STATE_DLL_UNLOAD,
+} nt_dbg_state;
+
+
+/* debug filters */
+typedef enum _nt_dbg_fltr_type {
+ NT_DBG_FLTR_SYSTEM_ID,
+ NT_DBG_FLTR_SMSS_ID,
+ NT_DBG_FLTR_SETUP_ID,
+ NT_DBG_FLTR_NTFS_ID,
+ NT_DBG_FLTR_FSTUB_ID,
+ NT_DBG_FLTR_CRASHDUMP_ID,
+ NT_DBG_FLTR_CDAUDIO_ID,
+ NT_DBG_FLTR_CDROM_ID,
+ NT_DBG_FLTR_CLASSPNP_ID,
+ NT_DBG_FLTR_DISK_ID,
+ NT_DBG_FLTR_REDBOOK_ID,
+ NT_DBG_FLTR_STORPROP_ID,
+ NT_DBG_FLTR_SCSIPORT_ID,
+ NT_DBG_FLTR_SCSIMINIPORT_ID,
+ NT_DBG_FLTR_CONFIG_ID,
+ NT_DBG_FLTR_I8042PRT_ID,
+ NT_DBG_FLTR_SERMOUSE_ID,
+ NT_DBG_FLTR_LSERMOUS_ID,
+ NT_DBG_FLTR_KBDHID_ID,
+ NT_DBG_FLTR_MOUHID_ID,
+ NT_DBG_FLTR_KBDCLASS_ID,
+ NT_DBG_FLTR_MOUCLASS_ID,
+ NT_DBG_FLTR_TWOTRACK_ID,
+ NT_DBG_FLTR_WMILIB_ID,
+ NT_DBG_FLTR_ACPI_ID,
+ NT_DBG_FLTR_AMLI_ID,
+ NT_DBG_FLTR_HALIA64_ID,
+ NT_DBG_FLTR_VIDEO_ID,
+ NT_DBG_FLTR_SVCHOST_ID,
+ NT_DBG_FLTR_VIDEOPRT_ID,
+ NT_DBG_FLTR_TCPIP_ID,
+ NT_DBG_FLTR_DMSYNTH_ID,
+ NT_DBG_FLTR_NTOSPNP_ID,
+ NT_DBG_FLTR_FASTFAT_ID,
+ NT_DBG_FLTR_SAMSS_ID,
+ NT_DBG_FLTR_PNPMGR_ID,
+ NT_DBG_FLTR_NETAPI_ID,
+ NT_DBG_FLTR_SCSERVER_ID,
+ NT_DBG_FLTR_SCCLIENT_ID,
+ NT_DBG_FLTR_SERIAL_ID,
+ NT_DBG_FLTR_SERENUM_ID,
+ NT_DBG_FLTR_UHCD_ID,
+ NT_DBG_FLTR_RPCPROXY_ID,
+ NT_DBG_FLTR_AUTOCHK_ID,
+ NT_DBG_FLTR_DCOMSS_ID,
+ NT_DBG_FLTR_UNIMODEM_ID,
+ NT_DBG_FLTR_SIS_ID,
+ NT_DBG_FLTR_FLTMGR_ID,
+ NT_DBG_FLTR_WMICORE_ID,
+ NT_DBG_FLTR_BURNENG_ID,
+ NT_DBG_FLTR_IMAPI_ID,
+ NT_DBG_FLTR_SXS_ID,
+ NT_DBG_FLTR_FUSION_ID,
+ NT_DBG_FLTR_IDLETASK_ID,
+ NT_DBG_FLTR_SOFTPCI_ID,
+ NT_DBG_FLTR_TAPE_ID,
+ NT_DBG_FLTR_MCHGR_ID,
+ NT_DBG_FLTR_IDEP_ID,
+ NT_DBG_FLTR_PCIIDE_ID,
+ NT_DBG_FLTR_FLOPPY_ID,
+ NT_DBG_FLTR_FDC_ID,
+ NT_DBG_FLTR_TERMSRV_ID,
+ NT_DBG_FLTR_W32TIME_ID,
+ NT_DBG_FLTR_PREFETCHER_ID,
+ NT_DBG_FLTR_RSFILTER_ID,
+ NT_DBG_FLTR_FCPORT_ID,
+ NT_DBG_FLTR_PCI_ID,
+ NT_DBG_FLTR_DMIO_ID,
+ NT_DBG_FLTR_DMCONFIG_ID,
+ NT_DBG_FLTR_DMADMIN_ID,
+ NT_DBG_FLTR_WSOCKTRANSPORT_ID,
+ NT_DBG_FLTR_VSS_ID,
+ NT_DBG_FLTR_PNPMEM_ID,
+ NT_DBG_FLTR_PROCESSOR_ID,
+ NT_DBG_FLTR_DMSERVER_ID,
+ NT_DBG_FLTR_SR_ID,
+ NT_DBG_FLTR_INFINIBAND_ID,
+ NT_DBG_FLTR_IHVDRIVER_ID,
+ NT_DBG_FLTR_IHVVIDEO_ID,
+ NT_DBG_FLTR_IHVAUDIO_ID,
+ NT_DBG_FLTR_IHVNETWORK_ID,
+ NT_DBG_FLTR_IHVSTREAMING_ID,
+ NT_DBG_FLTR_IHVBUS_ID,
+ NT_DBG_FLTR_HPS_ID,
+ NT_DBG_FLTR_RTLTHREADPOOL_ID,
+ NT_DBG_FLTR_LDR_ID,
+ NT_DBG_FLTR_TCPIP6_ID,
+ NT_DBG_FLTR_ISAPNP_ID,
+ NT_DBG_FLTR_SHPC_ID,
+ NT_DBG_FLTR_STORPORT_ID,
+ NT_DBG_FLTR_STORMINIPORT_ID,
+ NT_DBG_FLTR_PRINTSPOOLER_ID,
+ NT_DBG_FLTR_VSSDYNDISK_ID,
+ NT_DBG_FLTR_VERIFIER_ID,
+ NT_DBG_FLTR_VDS_ID,
+ NT_DBG_FLTR_VDSBAS_ID,
+ NT_DBG_FLTR_VDSDYN_ID,
+ NT_DBG_FLTR_VDSDYNDR_ID,
+ NT_DBG_FLTR_VDSLDR_ID,
+ NT_DBG_FLTR_VDSUTIL_ID,
+ NT_DBG_FLTR_DFRGIFC_ID,
+ NT_DBG_FLTR_DEFAULT_ID,
+ NT_DBG_FLTR_MM_ID,
+ NT_DBG_FLTR_DFSC_ID,
+ NT_DBG_FLTR_WOW64_ID,
+ NT_DBG_FLTR_ALPC_ID,
+ NT_DBG_FLTR_WDI_ID,
+ NT_DBG_FLTR_PERFLIB_ID,
+ NT_DBG_FLTR_KTM_ID,
+ NT_DBG_FLTR_IOSTRESS_ID,
+ NT_DBG_FLTR_HEAP_ID,
+ NT_DBG_FLTR_WHEA_ID,
+ NT_DBG_FLTR_USERGDI_ID,
+ NT_DBG_FLTR_MMCSS_ID,
+ NT_DBG_FLTR_TPM_ID,
+ NT_DBG_FLTR_THREADORDER_ID,
+ NT_DBG_FLTR_ENVIRON_ID,
+ NT_DBG_FLTR_EMS_ID,
+ NT_DBG_FLTR_WDT_ID,
+ NT_DBG_FLTR_FVEVOL_ID,
+ NT_DBG_FLTR_NDIS_ID,
+ NT_DBG_FLTR_NVCTRACE_ID,
+ NT_DBG_FLTR_LUAFV_ID,
+ NT_DBG_FLTR_APPCOMPAT_ID,
+ NT_DBG_FLTR_USBSTOR_ID,
+ NT_DBG_FLTR_SBP2PORT_ID,
+ NT_DBG_FLTR_COVERAGE_ID,
+ NT_DBG_FLTR_CACHEMGR_ID,
+ NT_DBG_FLTR_MOUNTMGR_ID,
+ NT_DBG_FLTR_CFR_ID,
+ NT_DBG_FLTR_TXF_ID,
+ NT_DBG_FLTR_KSECDD_ID,
+ NT_DBG_FLTR_FLTREGRESS_ID,
+ NT_DBG_FLTR_MPIO_ID,
+ NT_DBG_FLTR_MSDSM_ID,
+ NT_DBG_FLTR_UDFS_ID,
+ NT_DBG_FLTR_PSHED_ID,
+ NT_DBG_FLTR_STORVSP_ID,
+ NT_DBG_FLTR_LSASS_ID,
+ NT_DBG_FLTR_SSPICLI_ID,
+ NT_DBG_FLTR_CNG_ID,
+ NT_DBG_FLTR_EXFAT_ID,
+ NT_DBG_FLTR_FILETRACE_ID,
+ NT_DBG_FLTR_XSAVE_ID,
+ NT_DBG_FLTR_SE_ID,
+ NT_DBG_FLTR_DRIVEEXTENDER_ID,
+ NT_DBG_FLTR_POWER_ID,
+ NT_DBG_FLTR_CRASHDUMPXHCI_ID,
+ NT_DBG_FLTR_GPIO_ID,
+ NT_DBG_FLTR_REFS_ID,
+ NT_DBG_FLTR_WER_ID,
+ NT_DBG_FLTR_CAPIMG_ID,
+ NT_DBG_FLTR_VPCI_ID,
+ NT_DBG_FLTR_STORAGECLASSMEMORY_ID,
+ NT_DBG_FLTR_ENDOFTABLE_ID,
+} nt_dbg_fltr_type;
+
+
+/* debug events */
+typedef struct _nt_dbg_km_thread_exit {
+ int32_t exit_status;
+} nt_dbg_km_thread_exit;
+
+
+typedef struct _nt_dbg_km_process_exit {
+ int32_t exit_status;
+} nt_dbg_km_process_exit;
+
+
+typedef struct _nt_dbg_km_load_module {
+ void * image_handle;
+ void * image_base;
+ uint32_t dbginfo_offset;
+ uint32_t dbginfo_size;
+} nt_dbg_km_load_module;
+
+
+typedef struct _nt_dbg_km_unload_module {
+ void * image_base;
+} nt_dbg_km_unload_module;
+
+
+typedef struct _nt_dbg_km_exception {
+ nt_exception_record exception_record;
+ uint32_t exception_priority;
+} nt_dbg_km_exception;
+
+
+typedef struct _nt_dbg_ui_thread_info {
+ uint32_t subsystem_key;
+ void * start_address;
+} nt_dbg_ui_thread_info;
+
+
+typedef struct _nt_dbg_ui_process_info {
+ uint32_t sussystem_key;
+ void * image_handle;
+ void * image_base;
+ uint32_t dbginfo_offset;
+ uint32_t dbginfo_size;
+ nt_dbg_ui_thread_info thread_info;
+} nt_dbg_ui_process_info;
+
+
+typedef struct _nt_dbg_wait_state_change {
+ nt_dbg_state state;
+ nt_cid cid;
+ union {
+ nt_dbg_km_thread_exit thread_exit;
+ nt_dbg_km_process_exit process_exit;
+ nt_dbg_km_load_module load_module;
+ nt_dbg_km_unload_module unload_module;
+ nt_dbg_km_exception exception_info;
+ nt_dbg_ui_thread_info thread_info;
+ nt_dbg_ui_process_info process_info;
+ } dbg_state;
+} nt_dbg_wait_state_change;
+
+
+/* debug interfaces */
+typedef int32_t __stdcall ntapi_zw_create_debug_object(
+ __out void ** hdbobj,
+ __in uint32_t access_mask,
+ __in nt_oa * oa,
+ __in uint32_t flags);
+
+typedef int32_t __stdcall ntapi_zw_debug_active_process(
+ __in void * hprocess,
+ __in void * hdbgobj);
+
+typedef int32_t __stdcall ntapi_zw_remove_process_debug(
+ __in void * hprocess,
+ __in void * hdbgobj);
+
+typedef int32_t __stdcall ntapi_zw_wait_for_debug_event(
+ __in void * hdbgobj,
+ __in int32_t alertable,
+ __in nt_timeout * timeout,
+ __out nt_dbg_wait_state_change * state);
+
+typedef int32_t __stdcall ntapi_zw_debug_continue(
+ __in void * hdbgobj,
+ __in nt_cid * cid,
+ __in int32_t status);
+
+typedef int32_t __stdcall ntapi_zw_set_information_debug_object(
+ __in void * hdbgobj,
+ __in int32_t dbg_info_class,
+ __in void * dbg_info,
+ __in size_t dbg_info_length,
+ __out uint32_t * dbg_return_length);
+
+typedef int32_t __stdcall ntapi_zw_query_debug_filter_state(
+ __in int32_t dbg_component_id,
+ __in uint32_t dbg_level);
+
+typedef int32_t __stdcall ntapi_zw_set_debug_filter_state(
+ __in int32_t dbg_component_id,
+ __in uint32_t dbg_level,
+ __in int32_t dbg_state);
+
+#endif