From 168f83b2cdeb956fd6dd8d074d119b0b77dfe818 Mon Sep 17 00:00:00 2001 From: midipix Date: Mon, 27 May 2019 22:15:01 +0000 Subject: __ntapi_tt_spawn_foreign_process(): added initial debug support. --- src/process/ntapi_tt_spawn_foreign_process.c | 29 +++++++++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) (limited to 'src/process') diff --git a/src/process/ntapi_tt_spawn_foreign_process.c b/src/process/ntapi_tt_spawn_foreign_process.c index 716468c..6f12f6a 100644 --- a/src/process/ntapi_tt_spawn_foreign_process.c +++ b/src/process/ntapi_tt_spawn_foreign_process.c @@ -15,6 +15,10 @@ #include "ntapi_impl.h" +#define NT_PROCESS_SPAWN_FLAG_DEBUG_MASK \ + (NT_PROCESS_SPAWN_FLAG_DEBUG_EXECUTION \ + | NT_PROCESS_SPAWN_FLAG_DEBUG_SUSPENDED) + typedef int32_t win32_create_process_utf16( __in_opt wchar16_t * appname, __in_out_opt wchar16_t * cmdline, @@ -73,6 +77,7 @@ int32_t __stdcall __ntapi_tt_spawn_foreign_process(nt_spawn_process_params * spa int fquote; uint32_t finherit; uint32_t fsuspended; + uint32_t fdebug; wchar16_t * cmdline; nt_strconv_mbtonative uparams; nt_unicode_string nt_image; @@ -317,14 +322,20 @@ int32_t __stdcall __ntapi_tt_spawn_foreign_process(nt_spawn_process_params * spa finherit = 0; /* process flags */ + fsuspended = 0; + fdebug = 0; + if (sparams->processflags & NT_PROCESS_CREATE_FLAGS_CREATE_THREAD_SUSPENDED) fsuspended = NT_CREATE_SUSPENDED; else if (sparams->threadflags & NT_CREATE_SUSPENDED) fsuspended = NT_CREATE_SUSPENDED; - else - fsuspended = 0; + else if (sparams->spawnflags & NT_PROCESS_SPAWN_FLAG_DEBUG_SUSPENDED) + fsuspended = NT_CREATE_SUSPENDED; + + else if (sparams->spawnflags & NT_PROCESS_SPAWN_FLAG_DEBUG_EXECUTION) + fdebug = NT_CREATE_SUSPENDED; /* hoppla: try either via kernel32 (sparams->startupinfo), or natively */ if (sparams->spawnflags & NT_PROCESS_SPAWN_FLAG_DELEGATE_TO_SYSTEM_LIBRARY) { @@ -339,7 +350,7 @@ int32_t __stdcall __ntapi_tt_spawn_foreign_process(nt_spawn_process_params * spa 0, 0, finherit, - sparams->interopflags | fsuspended, + sparams->interopflags | fsuspended | fdebug, 0, sparams->cwd, sparams->startupinfo, @@ -371,6 +382,18 @@ int32_t __stdcall __ntapi_tt_spawn_foreign_process(nt_spawn_process_params * spa &rtblock,0,0,status); } + /* debug */ + if (sparams->spawnflags & NT_PROCESS_SPAWN_FLAG_DEBUG_MASK) + if ((status = __ntapi->tt_create_attach_debug_object( + &sparams->hdbgobj, + cparams.hprocess, + NT_DEBUG_KILL_ON_EXIT))) + return __tt_spawn_return( + &rtblock, + cparams.hprocess, + cparams.hthread, + status); + /* tidy up */ if (!sparams->himage) __ntapi->zw_close(hfile); -- cgit v1.2.3