From b2a33c761e729f8d9b718d4e334de8142498f17b Mon Sep 17 00:00:00 2001 From: midipix Date: Sun, 26 May 2019 17:17:44 +0000 Subject: native api: added debug-related definitions. --- include/ntapi/nt_debug.h | 314 +++++++++++++++++++++++++++++++++++++++++++++++ project/headers.mk | 1 + 2 files changed, 315 insertions(+) create mode 100644 include/ntapi/nt_debug.h diff --git a/include/ntapi/nt_debug.h b/include/ntapi/nt_debug.h new file mode 100644 index 0000000..284e7ff --- /dev/null +++ b/include/ntapi/nt_debug.h @@ -0,0 +1,314 @@ +#ifndef _NT_DEBUG_H_ +#define _NT_DEBUG_H_ + +#include "nt_abi.h" +#include "nt_object.h" +#include "nt_exception.h" + + +/* debug access rights */ +#define NT_DEBUG_SPECIFIC_RIGHTS (0xf) +#define NT_DEBUG_ALL_ACCESS (NT_SEC_STANDARD_RIGHTS_ALL \ + | NT_DEBUG_SPECIFIC_RIGHTS) + +/* debug flags */ +#define NT_DEBUG_DETACH_ON_EXIT (0x0) +#define NT_DEBUG_KILL_ON_EXIT (0x1) + + +/* debug object information classes */ +#define NT_DEBUG_OBJECT_FLAGS_INFO (0X1) + + +/* debug filter mask */ +#define NT_DBG_FLTR_ERROR_LEVEL (0x0) +#define NT_DBG_FLTR_WARNING_LEVEL (0x1) +#define NT_DBG_FLTR_TRACE_LEVEL (0x2) +#define NT_DBG_FLTR_INFO_LEVEL (0x3) +#define NT_DBG_FLTR_MASK (0x8000000) + + +/* debug states */ +typedef enum _nt_dbg_state { + NT_DBG_STATE_IDLE, + NT_DBG_STATE_REPLY_PENDING, + + NT_DBG_STATE_CREATE_THREAD, + NT_DBG_STATE_CREATE_PROCESS, + + NT_DBG_STATE_EXIT_THREAD, + NT_DBG_STATE_EXIT_PROCESS, + + NT_DBG_STATE_EXCEPTION, + NT_DBG_STATE_BREAKPOINT, + NT_DBG_STATE_SINGLE_STEP, + + NT_DBG_STATE_DLL_LOAD, + NT_DBG_STATE_DLL_UNLOAD, +} nt_dbg_state; + + +/* debug filters */ +typedef enum _nt_dbg_fltr_type { + NT_DBG_FLTR_SYSTEM_ID, + NT_DBG_FLTR_SMSS_ID, + NT_DBG_FLTR_SETUP_ID, + NT_DBG_FLTR_NTFS_ID, + NT_DBG_FLTR_FSTUB_ID, + NT_DBG_FLTR_CRASHDUMP_ID, + NT_DBG_FLTR_CDAUDIO_ID, + NT_DBG_FLTR_CDROM_ID, + NT_DBG_FLTR_CLASSPNP_ID, + NT_DBG_FLTR_DISK_ID, + NT_DBG_FLTR_REDBOOK_ID, + NT_DBG_FLTR_STORPROP_ID, + NT_DBG_FLTR_SCSIPORT_ID, + NT_DBG_FLTR_SCSIMINIPORT_ID, + NT_DBG_FLTR_CONFIG_ID, + NT_DBG_FLTR_I8042PRT_ID, + NT_DBG_FLTR_SERMOUSE_ID, + NT_DBG_FLTR_LSERMOUS_ID, + NT_DBG_FLTR_KBDHID_ID, + NT_DBG_FLTR_MOUHID_ID, + NT_DBG_FLTR_KBDCLASS_ID, + NT_DBG_FLTR_MOUCLASS_ID, + NT_DBG_FLTR_TWOTRACK_ID, + NT_DBG_FLTR_WMILIB_ID, + NT_DBG_FLTR_ACPI_ID, + NT_DBG_FLTR_AMLI_ID, + NT_DBG_FLTR_HALIA64_ID, + NT_DBG_FLTR_VIDEO_ID, + NT_DBG_FLTR_SVCHOST_ID, + NT_DBG_FLTR_VIDEOPRT_ID, + NT_DBG_FLTR_TCPIP_ID, + NT_DBG_FLTR_DMSYNTH_ID, + NT_DBG_FLTR_NTOSPNP_ID, + NT_DBG_FLTR_FASTFAT_ID, + NT_DBG_FLTR_SAMSS_ID, + NT_DBG_FLTR_PNPMGR_ID, + NT_DBG_FLTR_NETAPI_ID, + NT_DBG_FLTR_SCSERVER_ID, + NT_DBG_FLTR_SCCLIENT_ID, + NT_DBG_FLTR_SERIAL_ID, + NT_DBG_FLTR_SERENUM_ID, + NT_DBG_FLTR_UHCD_ID, + NT_DBG_FLTR_RPCPROXY_ID, + NT_DBG_FLTR_AUTOCHK_ID, + NT_DBG_FLTR_DCOMSS_ID, + NT_DBG_FLTR_UNIMODEM_ID, + NT_DBG_FLTR_SIS_ID, + NT_DBG_FLTR_FLTMGR_ID, + NT_DBG_FLTR_WMICORE_ID, + NT_DBG_FLTR_BURNENG_ID, + NT_DBG_FLTR_IMAPI_ID, + NT_DBG_FLTR_SXS_ID, + NT_DBG_FLTR_FUSION_ID, + NT_DBG_FLTR_IDLETASK_ID, + NT_DBG_FLTR_SOFTPCI_ID, + NT_DBG_FLTR_TAPE_ID, + NT_DBG_FLTR_MCHGR_ID, + NT_DBG_FLTR_IDEP_ID, + NT_DBG_FLTR_PCIIDE_ID, + NT_DBG_FLTR_FLOPPY_ID, + NT_DBG_FLTR_FDC_ID, + NT_DBG_FLTR_TERMSRV_ID, + NT_DBG_FLTR_W32TIME_ID, + NT_DBG_FLTR_PREFETCHER_ID, + NT_DBG_FLTR_RSFILTER_ID, + NT_DBG_FLTR_FCPORT_ID, + NT_DBG_FLTR_PCI_ID, + NT_DBG_FLTR_DMIO_ID, + NT_DBG_FLTR_DMCONFIG_ID, + NT_DBG_FLTR_DMADMIN_ID, + NT_DBG_FLTR_WSOCKTRANSPORT_ID, + NT_DBG_FLTR_VSS_ID, + NT_DBG_FLTR_PNPMEM_ID, + NT_DBG_FLTR_PROCESSOR_ID, + NT_DBG_FLTR_DMSERVER_ID, + NT_DBG_FLTR_SR_ID, + NT_DBG_FLTR_INFINIBAND_ID, + NT_DBG_FLTR_IHVDRIVER_ID, + NT_DBG_FLTR_IHVVIDEO_ID, + NT_DBG_FLTR_IHVAUDIO_ID, + NT_DBG_FLTR_IHVNETWORK_ID, + NT_DBG_FLTR_IHVSTREAMING_ID, + NT_DBG_FLTR_IHVBUS_ID, + NT_DBG_FLTR_HPS_ID, + NT_DBG_FLTR_RTLTHREADPOOL_ID, + NT_DBG_FLTR_LDR_ID, + NT_DBG_FLTR_TCPIP6_ID, + NT_DBG_FLTR_ISAPNP_ID, + NT_DBG_FLTR_SHPC_ID, + NT_DBG_FLTR_STORPORT_ID, + NT_DBG_FLTR_STORMINIPORT_ID, + NT_DBG_FLTR_PRINTSPOOLER_ID, + NT_DBG_FLTR_VSSDYNDISK_ID, + NT_DBG_FLTR_VERIFIER_ID, + NT_DBG_FLTR_VDS_ID, + NT_DBG_FLTR_VDSBAS_ID, + NT_DBG_FLTR_VDSDYN_ID, + NT_DBG_FLTR_VDSDYNDR_ID, + NT_DBG_FLTR_VDSLDR_ID, + NT_DBG_FLTR_VDSUTIL_ID, + NT_DBG_FLTR_DFRGIFC_ID, + NT_DBG_FLTR_DEFAULT_ID, + NT_DBG_FLTR_MM_ID, + NT_DBG_FLTR_DFSC_ID, + NT_DBG_FLTR_WOW64_ID, + NT_DBG_FLTR_ALPC_ID, + NT_DBG_FLTR_WDI_ID, + NT_DBG_FLTR_PERFLIB_ID, + NT_DBG_FLTR_KTM_ID, + NT_DBG_FLTR_IOSTRESS_ID, + NT_DBG_FLTR_HEAP_ID, + NT_DBG_FLTR_WHEA_ID, + NT_DBG_FLTR_USERGDI_ID, + NT_DBG_FLTR_MMCSS_ID, + NT_DBG_FLTR_TPM_ID, + NT_DBG_FLTR_THREADORDER_ID, + NT_DBG_FLTR_ENVIRON_ID, + NT_DBG_FLTR_EMS_ID, + NT_DBG_FLTR_WDT_ID, + NT_DBG_FLTR_FVEVOL_ID, + NT_DBG_FLTR_NDIS_ID, + NT_DBG_FLTR_NVCTRACE_ID, + NT_DBG_FLTR_LUAFV_ID, + NT_DBG_FLTR_APPCOMPAT_ID, + NT_DBG_FLTR_USBSTOR_ID, + NT_DBG_FLTR_SBP2PORT_ID, + NT_DBG_FLTR_COVERAGE_ID, + NT_DBG_FLTR_CACHEMGR_ID, + NT_DBG_FLTR_MOUNTMGR_ID, + NT_DBG_FLTR_CFR_ID, + NT_DBG_FLTR_TXF_ID, + NT_DBG_FLTR_KSECDD_ID, + NT_DBG_FLTR_FLTREGRESS_ID, + NT_DBG_FLTR_MPIO_ID, + NT_DBG_FLTR_MSDSM_ID, + NT_DBG_FLTR_UDFS_ID, + NT_DBG_FLTR_PSHED_ID, + NT_DBG_FLTR_STORVSP_ID, + NT_DBG_FLTR_LSASS_ID, + NT_DBG_FLTR_SSPICLI_ID, + NT_DBG_FLTR_CNG_ID, + NT_DBG_FLTR_EXFAT_ID, + NT_DBG_FLTR_FILETRACE_ID, + NT_DBG_FLTR_XSAVE_ID, + NT_DBG_FLTR_SE_ID, + NT_DBG_FLTR_DRIVEEXTENDER_ID, + NT_DBG_FLTR_POWER_ID, + NT_DBG_FLTR_CRASHDUMPXHCI_ID, + NT_DBG_FLTR_GPIO_ID, + NT_DBG_FLTR_REFS_ID, + NT_DBG_FLTR_WER_ID, + NT_DBG_FLTR_CAPIMG_ID, + NT_DBG_FLTR_VPCI_ID, + NT_DBG_FLTR_STORAGECLASSMEMORY_ID, + NT_DBG_FLTR_ENDOFTABLE_ID, +} nt_dbg_fltr_type; + + +/* debug events */ +typedef struct _nt_dbg_km_thread_exit { + int32_t exit_status; +} nt_dbg_km_thread_exit; + + +typedef struct _nt_dbg_km_process_exit { + int32_t exit_status; +} nt_dbg_km_process_exit; + + +typedef struct _nt_dbg_km_load_module { + void * image_handle; + void * image_base; + uint32_t dbginfo_offset; + uint32_t dbginfo_size; +} nt_dbg_km_load_module; + + +typedef struct _nt_dbg_km_unload_module { + void * image_base; +} nt_dbg_km_unload_module; + + +typedef struct _nt_dbg_km_exception { + nt_exception_record exception_record; + uint32_t exception_priority; +} nt_dbg_km_exception; + + +typedef struct _nt_dbg_ui_thread_info { + uint32_t subsystem_key; + void * start_address; +} nt_dbg_ui_thread_info; + + +typedef struct _nt_dbg_ui_process_info { + uint32_t sussystem_key; + void * image_handle; + void * image_base; + uint32_t dbginfo_offset; + uint32_t dbginfo_size; + nt_dbg_ui_thread_info thread_info; +} nt_dbg_ui_process_info; + + +typedef struct _nt_dbg_wait_state_change { + nt_dbg_state state; + nt_cid cid; + union { + nt_dbg_km_thread_exit thread_exit; + nt_dbg_km_process_exit process_exit; + nt_dbg_km_load_module load_module; + nt_dbg_km_unload_module unload_module; + nt_dbg_km_exception exception_info; + nt_dbg_ui_thread_info thread_info; + nt_dbg_ui_process_info process_info; + } dbg_state; +} nt_dbg_wait_state_change; + + +/* debug interfaces */ +typedef int32_t __stdcall ntapi_zw_create_debug_object( + __out void ** hdbobj, + __in uint32_t access_mask, + __in nt_oa * oa, + __in uint32_t flags); + +typedef int32_t __stdcall ntapi_zw_debug_active_process( + __in void * hprocess, + __in void * hdbgobj); + +typedef int32_t __stdcall ntapi_zw_remove_process_debug( + __in void * hprocess, + __in void * hdbgobj); + +typedef int32_t __stdcall ntapi_zw_wait_for_debug_event( + __in void * hdbgobj, + __in int32_t alertable, + __in nt_timeout * timeout, + __out nt_dbg_wait_state_change * state); + +typedef int32_t __stdcall ntapi_zw_debug_continue( + __in void * hdbgobj, + __in nt_cid * cid, + __in int32_t status); + +typedef int32_t __stdcall ntapi_zw_set_information_debug_object( + __in void * hdbgobj, + __in int32_t dbg_info_class, + __in void * dbg_info, + __in size_t dbg_info_length, + __out uint32_t * dbg_return_length); + +typedef int32_t __stdcall ntapi_zw_query_debug_filter_state( + __in int32_t dbg_component_id, + __in uint32_t dbg_level); + +typedef int32_t __stdcall ntapi_zw_set_debug_filter_state( + __in int32_t dbg_component_id, + __in uint32_t dbg_level, + __in int32_t dbg_state); + +#endif diff --git a/project/headers.mk b/project/headers.mk index 3e0e0ce..16c7962 100644 --- a/project/headers.mk +++ b/project/headers.mk @@ -13,6 +13,7 @@ API_HEADERS = \ $(SOURCE_DIR)/include/$(PACKAGE)/./nt_crc64.h \ $(SOURCE_DIR)/include/$(PACKAGE)/./nt_daemon.h \ $(SOURCE_DIR)/include/$(PACKAGE)/./nt_dalist.h \ + $(SOURCE_DIR)/include/$(PACKAGE)/./nt_debug.h \ $(SOURCE_DIR)/include/$(PACKAGE)/./nt_device.h \ $(SOURCE_DIR)/include/$(PACKAGE)/./nt_exception.h \ $(SOURCE_DIR)/include/$(PACKAGE)/./nt_file.h \ -- cgit v1.2.3