772 lines
15 KiB
C
772 lines
15 KiB
C
/*
|
|
* PROJECT: Veil
|
|
* FILE: Veil.h
|
|
* PURPOSE: Definition for the Windows Internal API from ntdll.dll,
|
|
* samlib.dll and winsta.dll
|
|
*
|
|
* LICENSE: Relicensed under The MIT License from The CC BY 4.0 License
|
|
*
|
|
* DEVELOPER: MiroKaku (50670906+MiroKaku@users.noreply.github.com)
|
|
*/
|
|
|
|
/*
|
|
* PROJECT: Mouri's Internal NT API Collections (MINT)
|
|
* FILE: MINT.h
|
|
* PURPOSE: Definition for the Windows Internal API from ntdll.dll,
|
|
* samlib.dll and winsta.dll
|
|
*
|
|
* LICENSE: Relicensed under The MIT License from The CC BY 4.0 License
|
|
*
|
|
* DEVELOPER: Mouri_Naruto (Mouri_Naruto AT Outlook.com)
|
|
*/
|
|
|
|
/*
|
|
* This file is part of the Process Hacker project - https://processhacker.sf.io/
|
|
*
|
|
* You can redistribute this file and/or modify it under the terms of the
|
|
* Attribution 4.0 International (CC BY 4.0) license.
|
|
*
|
|
* You must give appropriate credit, provide a link to the license, and
|
|
* indicate if changes were made. You may do so in any reasonable manner, but
|
|
* not in any way that suggests the licensor endorses you or your use.
|
|
*/
|
|
|
|
#pragma once
|
|
|
|
// Warnings which disabled for compiling
|
|
#if _MSC_VER >= 1200
|
|
#pragma warning(push)
|
|
// nonstandard extension used : nameless struct/union
|
|
#pragma warning(disable:4201)
|
|
// 'struct_name' : structure was padded due to __declspec(align())
|
|
#pragma warning(disable:4324)
|
|
// 'enumeration': a forward declaration of an unscoped enumeration must have an
|
|
// underlying type (int assumed)
|
|
#pragma warning(disable:4471)
|
|
#endif
|
|
|
|
VEIL_BEGIN()
|
|
|
|
#if (_MSC_FULL_VER >= 150030729) && !defined(IMPORT_NATIVE_DBG_BREAK)
|
|
|
|
#define DbgBreakPoint __debugbreak
|
|
|
|
#else
|
|
|
|
__analysis_noreturn
|
|
VOID
|
|
NTAPI
|
|
DbgBreakPoint(
|
|
VOID
|
|
);
|
|
#endif
|
|
|
|
#ifndef _KERNEL_MODE
|
|
NTSYSAPI
|
|
VOID
|
|
NTAPI
|
|
DbgUserBreakPoint(
|
|
VOID
|
|
);
|
|
#endif // !_KERNEL_MODE
|
|
|
|
#define DBG_STATUS_CONTROL_C 1
|
|
#define DBG_STATUS_SYSRQ 2
|
|
#define DBG_STATUS_BUGCHECK_FIRST 3
|
|
#define DBG_STATUS_BUGCHECK_SECOND 4
|
|
#define DBG_STATUS_FATAL 5
|
|
#define DBG_STATUS_DEBUG_CONTROL 6
|
|
#define DBG_STATUS_WORKER 7
|
|
|
|
ULONG
|
|
__cdecl
|
|
DbgPrint(
|
|
_In_z_ _Printf_format_string_ PCSTR Format,
|
|
...
|
|
);
|
|
|
|
NTSYSAPI
|
|
ULONG
|
|
__cdecl
|
|
DbgPrintEx(
|
|
_In_ ULONG ComponentId,
|
|
_In_ ULONG Level,
|
|
_In_z_ _Printf_format_string_ PCSTR Format,
|
|
...
|
|
);
|
|
|
|
NTSYSAPI
|
|
ULONG
|
|
NTAPI
|
|
vDbgPrintEx(
|
|
_In_ ULONG ComponentId,
|
|
_In_ ULONG Level,
|
|
_In_z_ PCCH Format,
|
|
_In_ va_list arglist
|
|
);
|
|
|
|
NTSYSAPI
|
|
ULONG
|
|
NTAPI
|
|
vDbgPrintExWithPrefix(
|
|
_In_z_ PCCH Prefix,
|
|
_In_ ULONG ComponentId,
|
|
_In_ ULONG Level,
|
|
_In_z_ PCCH Format,
|
|
_In_ va_list arglist
|
|
);
|
|
|
|
NTSYSAPI
|
|
ULONG
|
|
__cdecl
|
|
DbgPrintReturnControlC(
|
|
_In_z_ _Printf_format_string_ PCSTR Format,
|
|
...
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
DbgQueryDebugFilterState(
|
|
_In_ ULONG ComponentId,
|
|
_In_ ULONG Level
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
DbgSetDebugFilterState(
|
|
_In_ ULONG ComponentId,
|
|
_In_ ULONG Level,
|
|
_In_ BOOLEAN State
|
|
);
|
|
|
|
NTSYSAPI
|
|
ULONG
|
|
NTAPI
|
|
DbgPrompt(
|
|
_In_z_ PCCH Prompt,
|
|
_Out_writes_bytes_(Length) PCH Response,
|
|
_In_ ULONG Length
|
|
);
|
|
|
|
//
|
|
// System Debug
|
|
//
|
|
|
|
// private
|
|
typedef enum _SYSDBG_COMMAND
|
|
{
|
|
SysDbgQueryModuleInformation,
|
|
SysDbgQueryTraceInformation,
|
|
SysDbgSetTracepoint,
|
|
SysDbgSetSpecialCall,
|
|
SysDbgClearSpecialCalls,
|
|
SysDbgQuerySpecialCalls,
|
|
SysDbgBreakPoint,
|
|
SysDbgQueryVersion,
|
|
SysDbgReadVirtual,
|
|
SysDbgWriteVirtual,
|
|
SysDbgReadPhysical,
|
|
SysDbgWritePhysical,
|
|
SysDbgReadControlSpace,
|
|
SysDbgWriteControlSpace,
|
|
SysDbgReadIoSpace,
|
|
SysDbgWriteIoSpace,
|
|
SysDbgReadMsr,
|
|
SysDbgWriteMsr,
|
|
SysDbgReadBusData,
|
|
SysDbgWriteBusData,
|
|
SysDbgCheckLowMemory,
|
|
SysDbgEnableKernelDebugger,
|
|
SysDbgDisableKernelDebugger,
|
|
SysDbgGetAutoKdEnable,
|
|
SysDbgSetAutoKdEnable,
|
|
SysDbgGetPrintBufferSize,
|
|
SysDbgSetPrintBufferSize,
|
|
SysDbgGetKdUmExceptionEnable,
|
|
SysDbgSetKdUmExceptionEnable,
|
|
SysDbgGetTriageDump,
|
|
SysDbgGetKdBlockEnable,
|
|
SysDbgSetKdBlockEnable,
|
|
SysDbgRegisterForUmBreakInfo,
|
|
SysDbgGetUmBreakPid,
|
|
SysDbgClearUmBreakPid,
|
|
SysDbgGetUmAttachPid,
|
|
SysDbgClearUmAttachPid,
|
|
SysDbgGetLiveKernelDump
|
|
} SYSDBG_COMMAND, * PSYSDBG_COMMAND;
|
|
|
|
typedef struct _SYSDBG_VIRTUAL
|
|
{
|
|
PVOID Address;
|
|
PVOID Buffer;
|
|
ULONG Request;
|
|
} SYSDBG_VIRTUAL, * PSYSDBG_VIRTUAL;
|
|
|
|
typedef struct _SYSDBG_PHYSICAL
|
|
{
|
|
PHYSICAL_ADDRESS Address;
|
|
PVOID Buffer;
|
|
ULONG Request;
|
|
} SYSDBG_PHYSICAL, * PSYSDBG_PHYSICAL;
|
|
|
|
typedef struct _SYSDBG_CONTROL_SPACE
|
|
{
|
|
ULONG64 Address;
|
|
PVOID Buffer;
|
|
ULONG Request;
|
|
ULONG Processor;
|
|
} SYSDBG_CONTROL_SPACE, * PSYSDBG_CONTROL_SPACE;
|
|
|
|
typedef struct _SYSDBG_IO_SPACE
|
|
{
|
|
ULONG64 Address;
|
|
PVOID Buffer;
|
|
ULONG Request;
|
|
enum _INTERFACE_TYPE InterfaceType;
|
|
ULONG BusNumber;
|
|
ULONG AddressSpace;
|
|
} SYSDBG_IO_SPACE, * PSYSDBG_IO_SPACE;
|
|
|
|
typedef struct _SYSDBG_MSR
|
|
{
|
|
ULONG Msr;
|
|
ULONG64 Data;
|
|
} SYSDBG_MSR, * PSYSDBG_MSR;
|
|
|
|
typedef struct _SYSDBG_BUS_DATA
|
|
{
|
|
ULONG Address;
|
|
PVOID Buffer;
|
|
ULONG Request;
|
|
enum _BUS_DATA_TYPE BusDataType;
|
|
ULONG BusNumber;
|
|
ULONG SlotNumber;
|
|
} SYSDBG_BUS_DATA, * PSYSDBG_BUS_DATA;
|
|
|
|
// private
|
|
typedef struct _SYSDBG_TRIAGE_DUMP
|
|
{
|
|
ULONG Flags;
|
|
ULONG BugCheckCode;
|
|
ULONG_PTR BugCheckParam1;
|
|
ULONG_PTR BugCheckParam2;
|
|
ULONG_PTR BugCheckParam3;
|
|
ULONG_PTR BugCheckParam4;
|
|
ULONG ProcessHandles;
|
|
ULONG ThreadHandles;
|
|
PHANDLE Handles;
|
|
} SYSDBG_TRIAGE_DUMP, * PSYSDBG_TRIAGE_DUMP;
|
|
|
|
// private
|
|
typedef union _SYSDBG_LIVEDUMP_CONTROL_FLAGS
|
|
{
|
|
struct
|
|
{
|
|
ULONG UseDumpStorageStack : 1;
|
|
ULONG CompressMemoryPagesData : 1;
|
|
ULONG IncludeUserSpaceMemoryPages : 1;
|
|
ULONG AbortIfMemoryPressure : 1; // REDSTONE4
|
|
ULONG Reserved : 28;
|
|
};
|
|
ULONG AsUlong;
|
|
} SYSDBG_LIVEDUMP_CONTROL_FLAGS, * PSYSDBG_LIVEDUMP_CONTROL_FLAGS;
|
|
|
|
// private
|
|
typedef union _SYSDBG_LIVEDUMP_CONTROL_ADDPAGES
|
|
{
|
|
struct
|
|
{
|
|
ULONG HypervisorPages : 1;
|
|
ULONG Reserved : 31;
|
|
};
|
|
ULONG AsUlong;
|
|
} SYSDBG_LIVEDUMP_CONTROL_ADDPAGES, * PSYSDBG_LIVEDUMP_CONTROL_ADDPAGES;
|
|
|
|
#define SYSDBG_LIVEDUMP_CONTROL_VERSION 1
|
|
|
|
// private
|
|
typedef struct _SYSDBG_LIVEDUMP_CONTROL
|
|
{
|
|
ULONG Version;
|
|
ULONG BugCheckCode;
|
|
ULONG_PTR BugCheckParam1;
|
|
ULONG_PTR BugCheckParam2;
|
|
ULONG_PTR BugCheckParam3;
|
|
ULONG_PTR BugCheckParam4;
|
|
HANDLE DumpFileHandle;
|
|
HANDLE CancelEventHandle;
|
|
SYSDBG_LIVEDUMP_CONTROL_FLAGS Flags;
|
|
SYSDBG_LIVEDUMP_CONTROL_ADDPAGES AddPagesControl;
|
|
} SYSDBG_LIVEDUMP_CONTROL, * PSYSDBG_LIVEDUMP_CONTROL;
|
|
|
|
__kernel_entry NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSystemDebugControl(
|
|
_In_ SYSDBG_COMMAND Command,
|
|
_Inout_updates_bytes_opt_(InputBufferLength) PVOID InputBuffer,
|
|
_In_ ULONG InputBufferLength,
|
|
_Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer,
|
|
_In_ ULONG OutputBufferLength,
|
|
_Out_opt_ PULONG ReturnLength
|
|
);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSystemDebugControl(
|
|
_In_ SYSDBG_COMMAND Command,
|
|
_Inout_updates_bytes_opt_(InputBufferLength) PVOID InputBuffer,
|
|
_In_ ULONG InputBufferLength,
|
|
_Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer,
|
|
_In_ ULONG OutputBufferLength,
|
|
_Out_opt_ PULONG ReturnLength
|
|
);
|
|
|
|
//
|
|
// Hard errors
|
|
//
|
|
|
|
typedef enum _HARDERROR_RESPONSE_OPTION
|
|
{
|
|
OptionAbortRetryIgnore,
|
|
OptionOk,
|
|
OptionOkCancel,
|
|
OptionRetryCancel,
|
|
OptionYesNo,
|
|
OptionYesNoCancel,
|
|
OptionShutdownSystem,
|
|
OptionOkNoWait,
|
|
OptionCancelTryContinue
|
|
} HARDERROR_RESPONSE_OPTION;
|
|
|
|
typedef enum _HARDERROR_RESPONSE
|
|
{
|
|
ResponseReturnToCaller,
|
|
ResponseNotHandled,
|
|
ResponseAbort,
|
|
ResponseCancel,
|
|
ResponseIgnore,
|
|
ResponseNo,
|
|
ResponseOk,
|
|
ResponseRetry,
|
|
ResponseYes,
|
|
ResponseTryAgain,
|
|
ResponseContinue
|
|
} HARDERROR_RESPONSE;
|
|
|
|
#define HARDERROR_OVERRIDE_ERRORMODE 0x10000000
|
|
|
|
__kernel_entry NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtRaiseHardError(
|
|
_In_ NTSTATUS ErrorStatus,
|
|
_In_ ULONG NumberOfParameters,
|
|
_In_ ULONG UnicodeStringParameterMask,
|
|
_In_reads_(NumberOfParameters) PULONG_PTR Parameters,
|
|
_In_ ULONG ValidResponseOptions,
|
|
_Out_ PULONG Response
|
|
);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwRaiseHardError(
|
|
_In_ NTSTATUS ErrorStatus,
|
|
_In_ ULONG NumberOfParameters,
|
|
_In_ ULONG UnicodeStringParameterMask,
|
|
_In_reads_(NumberOfParameters) PULONG_PTR Parameters,
|
|
_In_ ULONG ValidResponseOptions,
|
|
_Out_ PULONG Response
|
|
);
|
|
|
|
//
|
|
// Exception
|
|
//
|
|
|
|
__kernel_entry NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtRaiseException(
|
|
_In_ PEXCEPTION_RECORD ExceptionRecord,
|
|
_In_ PCONTEXT ContextRecord,
|
|
_In_ BOOLEAN FirstChance
|
|
);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwRaiseException(
|
|
_In_ PEXCEPTION_RECORD ExceptionRecord,
|
|
_In_ PCONTEXT ContextRecord,
|
|
_In_ BOOLEAN FirstChance
|
|
);
|
|
|
|
//
|
|
// Debug Filter
|
|
//
|
|
|
|
__kernel_entry NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQueryDebugFilterState(
|
|
_In_ ULONG ComponentId,
|
|
_In_ ULONG Level
|
|
);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryDebugFilterState(
|
|
_In_ ULONG ComponentId,
|
|
_In_ ULONG Level
|
|
);
|
|
|
|
__kernel_entry NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetDebugFilterState(
|
|
_In_ ULONG ComponentId,
|
|
_In_ ULONG Level,
|
|
_In_ BOOLEAN State
|
|
);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetDebugFilterState(
|
|
_In_ ULONG ComponentId,
|
|
_In_ ULONG Level,
|
|
_In_ BOOLEAN State
|
|
);
|
|
|
|
//
|
|
// Debug Object
|
|
//
|
|
|
|
typedef struct _DBGKM_EXCEPTION
|
|
{
|
|
EXCEPTION_RECORD ExceptionRecord;
|
|
ULONG FirstChance;
|
|
} DBGKM_EXCEPTION, * PDBGKM_EXCEPTION;
|
|
|
|
typedef struct _DBGKM_CREATE_THREAD
|
|
{
|
|
ULONG SubSystemKey;
|
|
PVOID StartAddress;
|
|
} DBGKM_CREATE_THREAD, * PDBGKM_CREATE_THREAD;
|
|
|
|
typedef struct _DBGKM_CREATE_PROCESS
|
|
{
|
|
ULONG SubSystemKey;
|
|
HANDLE FileHandle;
|
|
PVOID BaseOfImage;
|
|
ULONG DebugInfoFileOffset;
|
|
ULONG DebugInfoSize;
|
|
DBGKM_CREATE_THREAD InitialThread;
|
|
} DBGKM_CREATE_PROCESS, * PDBGKM_CREATE_PROCESS;
|
|
|
|
typedef struct _DBGKM_EXIT_THREAD
|
|
{
|
|
NTSTATUS ExitStatus;
|
|
} DBGKM_EXIT_THREAD, * PDBGKM_EXIT_THREAD;
|
|
|
|
typedef struct _DBGKM_EXIT_PROCESS
|
|
{
|
|
NTSTATUS ExitStatus;
|
|
} DBGKM_EXIT_PROCESS, * PDBGKM_EXIT_PROCESS;
|
|
|
|
typedef struct _DBGKM_LOAD_DLL
|
|
{
|
|
HANDLE FileHandle;
|
|
PVOID BaseOfDll;
|
|
ULONG DebugInfoFileOffset;
|
|
ULONG DebugInfoSize;
|
|
PVOID NamePointer;
|
|
} DBGKM_LOAD_DLL, * PDBGKM_LOAD_DLL;
|
|
|
|
typedef struct _DBGKM_UNLOAD_DLL
|
|
{
|
|
PVOID BaseAddress;
|
|
} DBGKM_UNLOAD_DLL, * PDBGKM_UNLOAD_DLL;
|
|
|
|
typedef enum _DBG_STATE
|
|
{
|
|
DbgIdle,
|
|
DbgReplyPending,
|
|
DbgCreateThreadStateChange,
|
|
DbgCreateProcessStateChange,
|
|
DbgExitThreadStateChange,
|
|
DbgExitProcessStateChange,
|
|
DbgExceptionStateChange,
|
|
DbgBreakpointStateChange,
|
|
DbgSingleStepStateChange,
|
|
DbgLoadDllStateChange,
|
|
DbgUnloadDllStateChange
|
|
} DBG_STATE, * PDBG_STATE;
|
|
|
|
typedef struct _DBGUI_CREATE_THREAD
|
|
{
|
|
HANDLE HandleToThread;
|
|
DBGKM_CREATE_THREAD NewThread;
|
|
} DBGUI_CREATE_THREAD, * PDBGUI_CREATE_THREAD;
|
|
|
|
typedef struct _DBGUI_CREATE_PROCESS
|
|
{
|
|
HANDLE HandleToProcess;
|
|
HANDLE HandleToThread;
|
|
DBGKM_CREATE_PROCESS NewProcess;
|
|
} DBGUI_CREATE_PROCESS, * PDBGUI_CREATE_PROCESS;
|
|
|
|
typedef struct _DBGUI_WAIT_STATE_CHANGE
|
|
{
|
|
DBG_STATE NewState;
|
|
CLIENT_ID AppClientId;
|
|
union
|
|
{
|
|
DBGKM_EXCEPTION Exception;
|
|
DBGUI_CREATE_THREAD CreateThread;
|
|
DBGUI_CREATE_PROCESS CreateProcessInfo;
|
|
DBGKM_EXIT_THREAD ExitThread;
|
|
DBGKM_EXIT_PROCESS ExitProcess;
|
|
DBGKM_LOAD_DLL LoadDll;
|
|
DBGKM_UNLOAD_DLL UnloadDll;
|
|
} StateInfo;
|
|
} DBGUI_WAIT_STATE_CHANGE, * PDBGUI_WAIT_STATE_CHANGE;
|
|
|
|
#define DEBUG_READ_EVENT 0x0001
|
|
#define DEBUG_PROCESS_ASSIGN 0x0002
|
|
#define DEBUG_SET_INFORMATION 0x0004
|
|
#define DEBUG_QUERY_INFORMATION 0x0008
|
|
#define DEBUG_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
|
|
DEBUG_READ_EVENT | DEBUG_PROCESS_ASSIGN | DEBUG_SET_INFORMATION | \
|
|
DEBUG_QUERY_INFORMATION)
|
|
|
|
#define DEBUG_KILL_ON_CLOSE 0x1
|
|
|
|
typedef enum _DEBUGOBJECTINFOCLASS
|
|
{
|
|
DebugObjectUnusedInformation,
|
|
DebugObjectKillProcessOnExitInformation, // s: ULONG
|
|
MaxDebugObjectInfoClass
|
|
} DEBUGOBJECTINFOCLASS, * PDEBUGOBJECTINFOCLASS;
|
|
|
|
__kernel_entry NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtCreateDebugObject(
|
|
_Out_ PHANDLE DebugObjectHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_ ULONG Flags
|
|
);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateDebugObject(
|
|
_Out_ PHANDLE DebugObjectHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_ ULONG Flags
|
|
);
|
|
|
|
__kernel_entry NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtDebugActiveProcess(
|
|
_In_ HANDLE ProcessHandle,
|
|
_In_ HANDLE DebugObjectHandle
|
|
);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwDebugActiveProcess(
|
|
_In_ HANDLE ProcessHandle,
|
|
_In_ HANDLE DebugObjectHandle
|
|
);
|
|
|
|
__kernel_entry NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtDebugContinue(
|
|
_In_ HANDLE DebugObjectHandle,
|
|
_In_ PCLIENT_ID ClientId,
|
|
_In_ NTSTATUS ContinueStatus
|
|
);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwDebugContinue(
|
|
_In_ HANDLE DebugObjectHandle,
|
|
_In_ PCLIENT_ID ClientId,
|
|
_In_ NTSTATUS ContinueStatus
|
|
);
|
|
|
|
__kernel_entry NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtRemoveProcessDebug(
|
|
_In_ HANDLE ProcessHandle,
|
|
_In_ HANDLE DebugObjectHandle
|
|
);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwRemoveProcessDebug(
|
|
_In_ HANDLE ProcessHandle,
|
|
_In_ HANDLE DebugObjectHandle
|
|
);
|
|
|
|
__kernel_entry NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetInformationDebugObject(
|
|
_In_ HANDLE DebugObjectHandle,
|
|
_In_ DEBUGOBJECTINFOCLASS DebugObjectInformationClass,
|
|
_In_ PVOID DebugInformation,
|
|
_In_ ULONG DebugInformationLength,
|
|
_Out_opt_ PULONG ReturnLength
|
|
);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetInformationDebugObject(
|
|
_In_ HANDLE DebugObjectHandle,
|
|
_In_ DEBUGOBJECTINFOCLASS DebugObjectInformationClass,
|
|
_In_ PVOID DebugInformation,
|
|
_In_ ULONG DebugInformationLength,
|
|
_Out_opt_ PULONG ReturnLength
|
|
);
|
|
|
|
__kernel_entry NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtWaitForDebugEvent(
|
|
_In_ HANDLE DebugObjectHandle,
|
|
_In_ BOOLEAN Alertable,
|
|
_In_opt_ PLARGE_INTEGER Timeout,
|
|
_Out_ PDBGUI_WAIT_STATE_CHANGE WaitStateChange
|
|
);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwWaitForDebugEvent(
|
|
_In_ HANDLE DebugObjectHandle,
|
|
_In_ BOOLEAN Alertable,
|
|
_In_opt_ PLARGE_INTEGER Timeout,
|
|
_Out_ PDBGUI_WAIT_STATE_CHANGE WaitStateChange
|
|
);
|
|
|
|
//
|
|
// Debugging UI
|
|
//
|
|
|
|
#ifndef _KERNEL_MODE
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
DbgUiConnectToDbg(
|
|
VOID
|
|
);
|
|
|
|
NTSYSAPI
|
|
HANDLE
|
|
NTAPI
|
|
DbgUiGetThreadDebugObject(
|
|
VOID
|
|
);
|
|
|
|
NTSYSAPI
|
|
VOID
|
|
NTAPI
|
|
DbgUiSetThreadDebugObject(
|
|
_In_ HANDLE DebugObject
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
DbgUiWaitStateChange(
|
|
_Out_ PDBGUI_WAIT_STATE_CHANGE StateChange,
|
|
_In_opt_ PLARGE_INTEGER Timeout
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
DbgUiContinue(
|
|
_In_ PCLIENT_ID AppClientId,
|
|
_In_ NTSTATUS ContinueStatus
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
DbgUiStopDebugging(
|
|
_In_ HANDLE Process
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
DbgUiDebugActiveProcess(
|
|
_In_ HANDLE Process
|
|
);
|
|
|
|
NTSYSAPI
|
|
VOID
|
|
NTAPI
|
|
DbgUiRemoteBreakin(
|
|
_In_ PVOID Context
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
DbgUiIssueRemoteBreakin(
|
|
_In_ HANDLE Process
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
DbgUiConvertStateChangeStructure(
|
|
_In_ PDBGUI_WAIT_STATE_CHANGE StateChange,
|
|
_Out_ LPDEBUG_EVENT DebugEvent
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
DbgUiConvertStateChangeStructureEx(
|
|
_In_ PDBGUI_WAIT_STATE_CHANGE StateChange,
|
|
_Out_ LPDEBUG_EVENT DebugEvent
|
|
);
|
|
#endif // !_KERNEL_MODE
|
|
|
|
VEIL_END()
|
|
|
|
#if _MSC_VER >= 1200
|
|
#pragma warning(pop)
|
|
#endif
|