Process Hacker
ntdbg.h
Go to the documentation of this file.
1 #ifndef _NTDBG_H
2 #define _NTDBG_H
3 
4 // Definitions
5 
6 typedef struct _DBGKM_EXCEPTION
7 {
8  EXCEPTION_RECORD ExceptionRecord;
9  ULONG FirstChance;
10 } DBGKM_EXCEPTION, *PDBGKM_EXCEPTION;
11 
12 typedef struct _DBGKM_CREATE_THREAD
13 {
14  ULONG SubSystemKey;
15  PVOID StartAddress;
16 } DBGKM_CREATE_THREAD, *PDBGKM_CREATE_THREAD;
17 
18 typedef struct _DBGKM_CREATE_PROCESS
19 {
20  ULONG SubSystemKey;
21  HANDLE FileHandle;
22  PVOID BaseOfImage;
23  ULONG DebugInfoFileOffset;
24  ULONG DebugInfoSize;
25  DBGKM_CREATE_THREAD InitialThread;
26 } DBGKM_CREATE_PROCESS, *PDBGKM_CREATE_PROCESS;
27 
28 typedef struct _DBGKM_EXIT_THREAD
29 {
30  NTSTATUS ExitStatus;
31 } DBGKM_EXIT_THREAD, *PDBGKM_EXIT_THREAD;
32 
33 typedef struct _DBGKM_EXIT_PROCESS
34 {
35  NTSTATUS ExitStatus;
36 } DBGKM_EXIT_PROCESS, *PDBGKM_EXIT_PROCESS;
37 
38 typedef struct _DBGKM_LOAD_DLL
39 {
40  HANDLE FileHandle;
41  PVOID BaseOfDll;
42  ULONG DebugInfoFileOffset;
43  ULONG DebugInfoSize;
44  PVOID NamePointer;
45 } DBGKM_LOAD_DLL, *PDBGKM_LOAD_DLL;
46 
47 typedef struct _DBGKM_UNLOAD_DLL
48 {
49  PVOID BaseAddress;
50 } DBGKM_UNLOAD_DLL, *PDBGKM_UNLOAD_DLL;
51 
52 typedef enum _DBG_STATE
53 {
54  DbgIdle,
55  DbgReplyPending,
56  DbgCreateThreadStateChange,
57  DbgCreateProcessStateChange,
58  DbgExitThreadStateChange,
59  DbgExitProcessStateChange,
60  DbgExceptionStateChange,
61  DbgBreakpointStateChange,
62  DbgSingleStepStateChange,
63  DbgLoadDllStateChange,
64  DbgUnloadDllStateChange
65 } DBG_STATE, *PDBG_STATE;
66 
67 typedef struct _DBGUI_CREATE_THREAD
68 {
69  HANDLE HandleToThread;
70  DBGKM_CREATE_THREAD NewThread;
71 } DBGUI_CREATE_THREAD, *PDBGUI_CREATE_THREAD;
72 
73 typedef struct _DBGUI_CREATE_PROCESS
74 {
75  HANDLE HandleToProcess;
76  HANDLE HandleToThread;
77  DBGKM_CREATE_PROCESS NewProcess;
78 } DBGUI_CREATE_PROCESS, *PDBGUI_CREATE_PROCESS;
79 
80 typedef struct _DBGUI_WAIT_STATE_CHANGE
81 {
82  DBG_STATE NewState;
83  CLIENT_ID AppClientId;
84  union
85  {
86  DBGKM_EXCEPTION Exception;
87  DBGUI_CREATE_THREAD CreateThread;
88  DBGUI_CREATE_PROCESS CreateProcessInfo;
89  DBGKM_EXIT_THREAD ExitThread;
90  DBGKM_EXIT_PROCESS ExitProcess;
91  DBGKM_LOAD_DLL LoadDll;
92  DBGKM_UNLOAD_DLL UnloadDll;
93  } StateInfo;
94 } DBGUI_WAIT_STATE_CHANGE, *PDBGUI_WAIT_STATE_CHANGE;
95 
96 // System calls
97 
98 #define DEBUG_READ_EVENT 0x0001
99 #define DEBUG_PROCESS_ASSIGN 0x0002
100 #define DEBUG_SET_INFORMATION 0x0004
101 #define DEBUG_QUERY_INFORMATION 0x0008
102 #define DEBUG_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
103  DEBUG_READ_EVENT | DEBUG_PROCESS_ASSIGN | DEBUG_SET_INFORMATION | \
104  DEBUG_QUERY_INFORMATION)
105 
106 #define DEBUG_KILL_ON_CLOSE 0x1
107 
108 typedef enum _DEBUGOBJECTINFOCLASS
109 {
110  DebugObjectFlags = 1,
111  MaxDebugObjectInfoClass
112 } DEBUGOBJECTINFOCLASS, *PDEBUGOBJECTINFOCLASS;
113 
114 NTSYSCALLAPI
115 NTSTATUS
116 NTAPI
117 NtCreateDebugObject(
118  _Out_ PHANDLE DebugObjectHandle,
119  _In_ ACCESS_MASK DesiredAccess,
120  _In_ POBJECT_ATTRIBUTES ObjectAttributes,
121  _In_ ULONG Flags
122  );
123 
124 NTSYSCALLAPI
125 NTSTATUS
126 NTAPI
127 NtDebugActiveProcess(
128  _In_ HANDLE ProcessHandle,
129  _In_ HANDLE DebugObjectHandle
130  );
131 
132 NTSYSCALLAPI
133 NTSTATUS
134 NTAPI
135 NtDebugContinue(
136  _In_ HANDLE DebugObjectHandle,
137  _In_ PCLIENT_ID ClientId,
138  _In_ NTSTATUS ContinueStatus
139  );
140 
141 NTSYSCALLAPI
142 NTSTATUS
143 NTAPI
144 NtRemoveProcessDebug(
145  _In_ HANDLE ProcessHandle,
146  _In_ HANDLE DebugObjectHandle
147  );
148 
149 NTSYSCALLAPI
150 NTSTATUS
151 NTAPI
152 NtSetInformationDebugObject(
153  _In_ HANDLE DebugObjectHandle,
154  _In_ DEBUGOBJECTINFOCLASS DebugObjectInformationClass,
155  _In_ PVOID DebugInformation,
156  _In_ ULONG DebugInformationLength,
157  _Out_opt_ PULONG ReturnLength
158  );
159 
160 NTSYSCALLAPI
161 NTSTATUS
162 NTAPI
163 NtWaitForDebugEvent(
164  _In_ HANDLE DebugObjectHandle,
165  _In_ BOOLEAN Alertable,
166  _In_opt_ PLARGE_INTEGER Timeout,
167  _Out_ PVOID WaitStateChange
168  );
169 
170 // Debugging UI
171 
172 NTSYSAPI
173 NTSTATUS
174 NTAPI
175 DbgUiConnectToDbg(
176  VOID
177  );
178 
179 NTSYSAPI
180 HANDLE
181 NTAPI
182 DbgUiGetThreadDebugObject(
183  VOID
184  );
185 
186 NTSYSAPI
187 VOID
188 NTAPI
189 DbgUiSetThreadDebugObject(
190  _In_ HANDLE DebugObject
191  );
192 
193 NTSYSAPI
194 NTSTATUS
195 NTAPI
196 DbgUiWaitStateChange(
197  _Out_ PDBGUI_WAIT_STATE_CHANGE StateChange,
198  _In_opt_ PLARGE_INTEGER Timeout
199  );
200 
201 NTSYSAPI
202 NTSTATUS
203 NTAPI
204 DbgUiContinue(
205  _In_ PCLIENT_ID AppClientId,
206  _In_ NTSTATUS ContinueStatus
207  );
208 
209 NTSYSAPI
210 NTSTATUS
211 NTAPI
212 DbgUiStopDebugging(
213  _In_ HANDLE Process
214  );
215 
216 NTSYSAPI
217 NTSTATUS
218 NTAPI
219 DbgUiDebugActiveProcess(
220  _In_ HANDLE Process
221  );
222 
223 NTSYSAPI
224 VOID
225 NTAPI
226 DbgUiRemoteBreakin(
227  _In_ PVOID Context
228  );
229 
230 NTSYSAPI
231 NTSTATUS
232 NTAPI
233 DbgUiIssueRemoteBreakin(
234  _In_ HANDLE Process
235  );
236 
237 struct _DEBUG_EVENT;
238 
239 NTSYSAPI
240 NTSTATUS
241 NTAPI
242 DbgUiConvertStateChangeStructure(
243  _In_ PDBGUI_WAIT_STATE_CHANGE StateChange,
244  _Out_ struct _DEBUG_EVENT *DebugEvent
245  );
246 
247 #endif