1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
|
/********************************************************/
/* ntapi: Native API core library */
/* Copyright (C) 2013--2019 Z. Gilboa */
/* Released under GPLv2 and GPLv3; see COPYING.NTAPI. */
/********************************************************/
#include <psxtypes/psxtypes.h>
#include <ntapi/nt_object.h>
#include <ntapi/nt_debug.h>
#include <ntapi/nt_guid.h>
#include <ntapi/nt_acl.h>
#include <ntapi/nt_tty.h>
#include "ntapi_impl.h"
static int32_t __log_exception_to_server(
nt_dbg_wait_state_change * dbgstate,
void * hserver)
{
int32_t status;
nt_tty_log_msg msg;
if (!hserver)
return NT_STATUS_SUCCESS;
__ntapi->tt_aligned_block_memset(
&msg,0,sizeof(msg));
msg.header.msg_type = NT_LPC_NEW_MESSAGE;
msg.header.data_size = sizeof(msg.data);
msg.header.msg_size = sizeof(msg);
msg.data.ttyinfo.opcode = NT_TTY_LOG_ENTRY;
msg.data.loginfo.type = NT_TTY_LOG_INFO_EXCEPTION_RECORD;
msg.data.loginfo.meta = dbgstate->_u.exception_info.exception_priority;
msg.data.loginfo.cid.process_id = dbgstate->cid.process_id;
msg.data.loginfo.cid.thread_id = dbgstate->cid.thread_id;
__ntapi->tt_generic_memcpy(
&msg.data.loginfo.data,
&dbgstate->_u.exception_info.exception_record,
sizeof(nt_exception_record));
if ((status = __ntapi->zw_request_wait_reply_port(hserver,&msg,&msg)))
return status;
else if (msg.data.ttyinfo.status)
return msg.data.ttyinfo.status;
return NT_STATUS_SUCCESS;
}
int32_t __stdcall __ntapi_tt_debug_execution_flow(
__in void * hdbgobj,
__in void * hprocess,
__in void * hserver,
__in void * hlogfile,
__in uint32_t evtmask,
__in uint64_t * nevents)
{
int32_t status;
int32_t response;
int floop;
uint64_t nevts;
uint64_t necap;
nt_dbg_wait_state_change dbgstate;
(void)hlogfile;
necap = (nevents && *nevents) ? *nevents : (uint64_t)(-1);
for (nevts=0, floop=1; floop && (nevts < necap); nevts++) {
if ((status = __ntapi->zw_wait_for_debug_event(
hdbgobj,
NT_SYNC_NON_ALERTABLE,
0,&dbgstate)))
return status;
switch (dbgstate.state) {
case NT_DBG_STATE_EXCEPTION:
if (evtmask & NT_DBG_FLOW_MASK_EXCEPTION) {
__log_exception_to_server(&dbgstate,hserver);
}
response = NT_DBG_EXCEPTION_NOT_HANDLED;
break;
case NT_DBG_STATE_EXIT_PROCESS:
response = NT_DBG_CONTINUE;
floop = 0;
break;
default:
response = NT_DBG_CONTINUE;
break;
}
__ntapi->zw_debug_continue(
hdbgobj,
&dbgstate.cid,
response);
}
if (evtmask & NT_DBG_FLOW_MASK_DETACH_AND_CLOSE) {
__ntapi->zw_remove_process_debug(
hprocess,hdbgobj);
__ntapi->zw_close(
hdbgobj);
}
return NT_STATUS_SUCCESS;
}
|
