PC Format (South-Africa) 2001 June

home *** CD-ROM | disk | FTP | other *** search

/ PC Format (South-Africa) 2001 June / PCFJune.iso / Xenon / C++ / FreeCommandLineTools.exe / Include / wdbgexts.h < prev next >

Wrap

C/C++ Source or Header | 2000-01-31 | 45.7 KB | 1,784 lines

/*++ Copyright (c) 1992-1999 Microsoft Corporation Module Name: wdbgexts.h Abstract: This file contains the necessary prototypes and data types for a user to write a debugger extension DLL. This header file is also included by the NT debuggers (WINDBG & KD). This header file must be included after "windows.h" and "dbghelp.h". Please see the NT DDK documentation for specific information about how to write your own debugger extension DLL. Environment: Win32 only. Revision History: --*/ #ifndef _WDBGEXTS_ #pragma option push -b -a8 -pc -A- /*P_O_Push*/ #define _WDBGEXTS_ #if _MSC_VER > 1000 #pragma once #endif #ifdef __cplusplus extern "C" { #endif #if !defined(WDBGAPI) #define WDBGAPI __stdcall #endif #if !defined(WDBGAPIV) #define WDBGAPIV __cdecl #endif #ifndef _WINDEF_ typedef CONST void *LPCVOID; #endif #ifndef _ULONGLONG_ typedef unsigned __int64 ULONGLONG; typedef ULONGLONG *PULONGLONG; #endif typedef VOID (WDBGAPIV*PWINDBG_OUTPUT_ROUTINE)( PCSTR lpFormat, ... ); typedef ULONG_PTR (WDBGAPI*PWINDBG_GET_EXPRESSION)( PCSTR lpExpression ); typedef ULONG (WDBGAPI*PWINDBG_GET_EXPRESSION32)( PCSTR lpExpression ); typedef ULONG64 (WDBGAPI*PWINDBG_GET_EXPRESSION64)( PCSTR lpExpression ); typedef VOID (WDBGAPI*PWINDBG_GET_SYMBOL)( PVOID offset, PUCHAR pchBuffer, ULONG_PTR *pDisplacement ); typedef VOID (WDBGAPI*PWINDBG_GET_SYMBOL32)( ULONG offset, PUCHAR pchBuffer, PULONG pDisplacement ); typedef VOID (WDBGAPI*PWINDBG_GET_SYMBOL64)( ULONG64 offset, PUCHAR pchBuffer, PULONG64 pDisplacement ); typedef ULONG (WDBGAPI*PWINDBG_DISASM)( ULONG_PTR *lpOffset, PCSTR lpBuffer, ULONG fShowEffectiveAddress ); typedef ULONG (WDBGAPI*PWINDBG_DISASM32)( ULONG *lpOffset, PCSTR lpBuffer, ULONG fShowEffectiveAddress ); typedef ULONG (WDBGAPI*PWINDBG_DISASM64)( ULONG64 *lpOffset, PCSTR lpBuffer, ULONG fShowEffectiveAddress ); typedef ULONG (WDBGAPI*PWINDBG_CHECK_CONTROL_C)( VOID ); typedef ULONG (WDBGAPI*PWINDBG_READ_PROCESS_MEMORY_ROUTINE)( ULONG_PTR offset, PVOID lpBuffer, ULONG cb, PULONG lpcbBytesRead ); typedef ULONG (WDBGAPI*PWINDBG_READ_PROCESS_MEMORY_ROUTINE32)( ULONG offset, PVOID lpBuffer, ULONG cb, PULONG lpcbBytesRead ); typedef ULONG (WDBGAPI*PWINDBG_READ_PROCESS_MEMORY_ROUTINE64)( ULONG64 offset, PVOID lpBuffer, ULONG cb, PULONG lpcbBytesRead ); typedef ULONG (WDBGAPI*PWINDBG_WRITE_PROCESS_MEMORY_ROUTINE)( ULONG_PTR offset, LPCVOID lpBuffer, ULONG cb, PULONG lpcbBytesWritten ); typedef ULONG (WDBGAPI*PWINDBG_WRITE_PROCESS_MEMORY_ROUTINE32)( ULONG offset, LPCVOID lpBuffer, ULONG cb, PULONG lpcbBytesWritten ); typedef ULONG (WDBGAPI*PWINDBG_WRITE_PROCESS_MEMORY_ROUTINE64)( ULONG64 offset, LPCVOID lpBuffer, ULONG cb, PULONG lpcbBytesWritten ); typedef ULONG (WDBGAPI*PWINDBG_GET_THREAD_CONTEXT_ROUTINE)( ULONG Processor, PCONTEXT lpContext, ULONG cbSizeOfContext ); typedef ULONG (WDBGAPI*PWINDBG_SET_THREAD_CONTEXT_ROUTINE)( ULONG Processor, PCONTEXT lpContext, ULONG cbSizeOfContext ); typedef ULONG (WDBGAPI*PWINDBG_IOCTL_ROUTINE)( USHORT IoctlType, PVOID lpvData, ULONG cbSize ); typedef ULONG (WDBGAPI*PWINDBG_OLDKD_READ_PHYSICAL_MEMORY)( ULONGLONG address, PVOID buffer, ULONG count, PULONG bytesread ); typedef ULONG (WDBGAPI*PWINDBG_OLDKD_WRITE_PHYSICAL_MEMORY)( ULONGLONG address, PVOID buffer, ULONG length, PULONG byteswritten ); typedef struct _EXTSTACKTRACE { ULONG FramePointer; ULONG ProgramCounter; ULONG ReturnAddress; ULONG Args[4]; } EXTSTACKTRACE, *PEXTSTACKTRACE; typedef struct _EXTSTACKTRACE32 { ULONG FramePointer; ULONG ProgramCounter; ULONG ReturnAddress; ULONG Args[4]; } EXTSTACKTRACE32, *PEXTSTACKTRACE32; typedef struct _EXTSTACKTRACE64 { ULONG64 FramePointer; ULONG64 ProgramCounter; ULONG64 ReturnAddress; ULONG64 Args[4]; } EXTSTACKTRACE64, *PEXTSTACKTRACE64; typedef ULONG (*PWINDBG_STACKTRACE_ROUTINE)( ULONG FramePointer, ULONG StackPointer, ULONG ProgramCounter, PEXTSTACKTRACE StackFrames, ULONG Frames ); typedef ULONG (*PWINDBG_STACKTRACE_ROUTINE32)( ULONG FramePointer, ULONG StackPointer, ULONG ProgramCounter, PEXTSTACKTRACE32 StackFrames, ULONG Frames ); typedef ULONG (*PWINDBG_STACKTRACE_ROUTINE64)( ULONG64 FramePointer, ULONG64 StackPointer, ULONG64 ProgramCounter, PEXTSTACKTRACE64 StackFrames, ULONG Frames ); typedef struct _WINDBG_EXTENSION_APIS { ULONG nSize; PWINDBG_OUTPUT_ROUTINE lpOutputRoutine; PWINDBG_GET_EXPRESSION lpGetExpressionRoutine; PWINDBG_GET_SYMBOL lpGetSymbolRoutine; PWINDBG_DISASM lpDisasmRoutine; PWINDBG_CHECK_CONTROL_C lpCheckControlCRoutine; PWINDBG_READ_PROCESS_MEMORY_ROUTINE lpReadProcessMemoryRoutine; PWINDBG_WRITE_PROCESS_MEMORY_ROUTINE lpWriteProcessMemoryRoutine; PWINDBG_GET_THREAD_CONTEXT_ROUTINE lpGetThreadContextRoutine; PWINDBG_SET_THREAD_CONTEXT_ROUTINE lpSetThreadContextRoutine; PWINDBG_IOCTL_ROUTINE lpIoctlRoutine; PWINDBG_STACKTRACE_ROUTINE lpStackTraceRoutine; } WINDBG_EXTENSION_APIS, *PWINDBG_EXTENSION_APIS; typedef struct _WINDBG_EXTENSION_APIS32 { ULONG nSize; PWINDBG_OUTPUT_ROUTINE lpOutputRoutine; PWINDBG_GET_EXPRESSION32 lpGetExpressionRoutine; PWINDBG_GET_SYMBOL32 lpGetSymbolRoutine; PWINDBG_DISASM32 lpDisasmRoutine; PWINDBG_CHECK_CONTROL_C lpCheckControlCRoutine; PWINDBG_READ_PROCESS_MEMORY_ROUTINE32 lpReadProcessMemoryRoutine; PWINDBG_WRITE_PROCESS_MEMORY_ROUTINE32 lpWriteProcessMemoryRoutine; PWINDBG_GET_THREAD_CONTEXT_ROUTINE lpGetThreadContextRoutine; PWINDBG_SET_THREAD_CONTEXT_ROUTINE lpSetThreadContextRoutine; PWINDBG_IOCTL_ROUTINE lpIoctlRoutine; PWINDBG_STACKTRACE_ROUTINE32 lpStackTraceRoutine; } WINDBG_EXTENSION_APIS32, *PWINDBG_EXTENSION_APIS32; typedef struct _WINDBG_EXTENSION_APIS64 { ULONG nSize; PWINDBG_OUTPUT_ROUTINE lpOutputRoutine; PWINDBG_GET_EXPRESSION64 lpGetExpressionRoutine; PWINDBG_GET_SYMBOL64 lpGetSymbolRoutine; PWINDBG_DISASM64 lpDisasmRoutine; PWINDBG_CHECK_CONTROL_C lpCheckControlCRoutine; PWINDBG_READ_PROCESS_MEMORY_ROUTINE64 lpReadProcessMemoryRoutine; PWINDBG_WRITE_PROCESS_MEMORY_ROUTINE64 lpWriteProcessMemoryRoutine; PWINDBG_GET_THREAD_CONTEXT_ROUTINE lpGetThreadContextRoutine; PWINDBG_SET_THREAD_CONTEXT_ROUTINE lpSetThreadContextRoutine; PWINDBG_IOCTL_ROUTINE lpIoctlRoutine; PWINDBG_STACKTRACE_ROUTINE64 lpStackTraceRoutine; } WINDBG_EXTENSION_APIS64, *PWINDBG_EXTENSION_APIS64; typedef struct _WINDBG_OLD_EXTENSION_APIS { ULONG nSize; PWINDBG_OUTPUT_ROUTINE lpOutputRoutine; PWINDBG_GET_EXPRESSION lpGetExpressionRoutine; PWINDBG_GET_SYMBOL lpGetSymbolRoutine; PWINDBG_DISASM lpDisasmRoutine; PWINDBG_CHECK_CONTROL_C lpCheckControlCRoutine; } WINDBG_OLD_EXTENSION_APIS, *PWINDBG_OLD_EXTENSION_APIS; typedef struct _WINDBG_OLDKD_EXTENSION_APIS { ULONG nSize; PWINDBG_OUTPUT_ROUTINE lpOutputRoutine; PWINDBG_GET_EXPRESSION32 lpGetExpressionRoutine; PWINDBG_GET_SYMBOL32 lpGetSymbolRoutine; PWINDBG_DISASM32 lpDisasmRoutine; PWINDBG_CHECK_CONTROL_C lpCheckControlCRoutine; PWINDBG_READ_PROCESS_MEMORY_ROUTINE32 lpReadVirtualMemRoutine; PWINDBG_WRITE_PROCESS_MEMORY_ROUTINE32 lpWriteVirtualMemRoutine; PWINDBG_OLDKD_READ_PHYSICAL_MEMORY lpReadPhysicalMemRoutine; PWINDBG_OLDKD_WRITE_PHYSICAL_MEMORY lpWritePhysicalMemRoutine; } WINDBG_OLDKD_EXTENSION_APIS, *PWINDBG_OLDKD_EXTENSION_APIS; typedef VOID (WDBGAPI*PWINDBG_OLD_EXTENSION_ROUTINE)( ULONG dwCurrentPc, PWINDBG_EXTENSION_APIS lpExtensionApis, PCSTR lpArgumentString ); typedef VOID (WDBGAPI*PWINDBG_EXTENSION_ROUTINE)( HANDLE hCurrentProcess, HANDLE hCurrentThread, ULONG dwCurrentPc, ULONG dwProcessor, PCSTR lpArgumentString ); typedef VOID (WDBGAPI*PWINDBG_EXTENSION_ROUTINE32)( HANDLE hCurrentProcess, HANDLE hCurrentThread, ULONG dwCurrentPc, ULONG dwProcessor, PCSTR lpArgumentString ); typedef VOID (WDBGAPI*PWINDBG_EXTENSION_ROUTINE64)( HANDLE hCurrentProcess, HANDLE hCurrentThread, ULONG64 dwCurrentPc, ULONG dwProcessor, PCSTR lpArgumentString ); typedef VOID (WDBGAPI*PWINDBG_OLDKD_EXTENSION_ROUTINE)( ULONG dwCurrentPc, PWINDBG_OLDKD_EXTENSION_APIS lpExtensionApis, PCSTR lpArgumentString ); typedef VOID (WDBGAPI*PWINDBG_EXTENSION_DLL_INIT)( PWINDBG_EXTENSION_APIS lpExtensionApis, USHORT MajorVersion, USHORT MinorVersion ); typedef VOID (WDBGAPI*PWINDBG_EXTENSION_DLL_INIT32)( PWINDBG_EXTENSION_APIS32 lpExtensionApis, USHORT MajorVersion, USHORT MinorVersion ); typedef VOID (WDBGAPI*PWINDBG_EXTENSION_DLL_INIT64)( PWINDBG_EXTENSION_APIS64 lpExtensionApis, USHORT MajorVersion, USHORT MinorVersion ); typedef ULONG (WDBGAPI*PWINDBG_CHECK_VERSION)( VOID ); #define EXT_API_VERSION_NUMBER 5 #define EXT_API_VERSION_NUMBER32 5 #define EXT_API_VERSION_NUMBER64 6 typedef struct EXT_API_VERSION { USHORT MajorVersion; USHORT MinorVersion; USHORT Revision; USHORT Reserved; } EXT_API_VERSION, *LPEXT_API_VERSION; typedef LPEXT_API_VERSION (WDBGAPI*PWINDBG_EXTENSION_API_VERSION)( VOID ); #define IG_KD_CONTEXT 1 #define IG_READ_CONTROL_SPACE 2 #define IG_WRITE_CONTROL_SPACE 3 #define IG_READ_IO_SPACE 4 #define IG_WRITE_IO_SPACE 5 #define IG_READ_PHYSICAL 6 #define IG_WRITE_PHYSICAL 7 #define IG_READ_IO_SPACE_EX 8 #define IG_WRITE_IO_SPACE_EX 9 #define IG_KSTACK_HELP 10 // obsolete #define IG_SET_THREAD 11 #define IG_READ_MSR 12 #define IG_WRITE_MSR 13 #define IG_GET_DEBUGGER_DATA 14 #define IG_GET_KERNEL_VERSION 15 #define IG_RELOAD_SYMBOLS 16 #define IG_GET_SET_SYMPATH 17 #define IG_GET_EXCEPTION_RECORD 18 #define IG_IS_PTR64 19 #define IG_GET_BUS_DATA 20 #define IG_SET_BUS_DATA 21 #define IG_DUMP_SYMBOL_INFO 22 #define IG_LOWMEM_CHECK 23 #define IG_SEARCH_MEMORY 24 // // usermode only ioctls // #define IG_GET_TEB_ADDRESS 128 typedef struct _PROCESSORINFO { USHORT Processor; // current processor USHORT NumberProcessors; // total number of processors } PROCESSORINFO, *PPROCESSORINFO; typedef struct _READCONTROLSPACE { USHORT Processor; ULONG Address; ULONG BufLen; UCHAR Buf[1]; } READCONTROLSPACE, *PREADCONTROLSPACE; typedef struct _READCONTROLSPACE32 { USHORT Processor; ULONG Address; ULONG BufLen; UCHAR Buf[1]; } READCONTROLSPACE32, *PREADCONTROLSPACE32; typedef struct _READCONTROLSPACE64 { USHORT Processor; ULONG64 Address; ULONG BufLen; UCHAR Buf[1]; } READCONTROLSPACE64, *PREADCONTROLSPACE64; typedef struct _IOSPACE { ULONG Address; ULONG Length; // 1, 2, or 4 bytes ULONG Data; } IOSPACE, *PIOSPACE; typedef struct _IOSPACE32 { ULONG Address; ULONG Length; // 1, 2, or 4 bytes ULONG Data; } IOSPACE32, *PIOSPACE32; typedef struct _IOSPACE64 { ULONG64 Address; ULONG Length; // 1, 2, or 4 bytes ULONG Data; } IOSPACE64, *PIOSPACE64; typedef struct _IOSPACE_EX { ULONG Address; ULONG Length; // 1, 2, or 4 bytes ULONG Data; ULONG InterfaceType; ULONG BusNumber; ULONG AddressSpace; } IOSPACE_EX, *PIOSPACE_EX; typedef struct _IOSPACE_EX32 { ULONG Address; ULONG Length; // 1, 2, or 4 bytes ULONG Data; ULONG InterfaceType; ULONG BusNumber; ULONG AddressSpace; } IOSPACE_EX32, *PIOSPACE_EX32; typedef struct _IOSPACE_EX64 { ULONG64 Address; ULONG Length; // 1, 2, or 4 bytes ULONG Data; ULONG InterfaceType; ULONG BusNumber; ULONG AddressSpace; } IOSPACE_EX64, *PIOSPACE_EX64; typedef struct _GETSETBUSDATA { ULONG BusDataType; ULONG BusNumber; ULONG SlotNumber; PVOID Buffer; ULONG Offset; ULONG Length; } BUSDATA, *PBUSDATA; typedef struct _SEARCHMEMORY { ULONG64 SearchAddress; ULONG64 SearchLength; ULONG64 FoundAddress; ULONG PatternLength; PVOID Pattern; } SEARCHMEMORY, *PSEARCHMEMORY; typedef struct _PHYSICAL { ULONGLONG Address; ULONG BufLen; UCHAR Buf[1]; } PHYSICAL, *PPHYSICAL; typedef struct _READ_WRITE_MSR { ULONG Msr; LONGLONG Value; } READ_WRITE_MSR, *PREAD_WRITE_MSR; typedef struct _GET_SET_SYMPATH { PCSTR Args; // args to !reload command PSTR Result; // returns new path int Length; // Length of result buffer } GET_SET_SYMPATH, *PGET_SET_SYMPATH; typedef struct _GET_TEB_ADDRESS { ULONGLONG Address; } GET_TEB_ADDRESS, *PGET_TEB_ADDRESS; #ifndef DBGKD_GET_VERSION_DEFINED #define DBGKD_GET_VERSION_DEFINED // // The following structures have changed in more than pointer size. // // // This is the version packet for pre-NT5 Beta 2 systems. // For now, it is also still used on x86 // typedef struct _DBGKD_GET_VERSION32 { USHORT MajorVersion; USHORT MinorVersion; USHORT ProtocolVersion; USHORT Flags; ULONG KernBase; ULONG PsLoadedModuleList; USHORT MachineType; // // help for walking stacks with user callbacks: // // // The address of the thread structure is provided in the // WAIT_STATE_CHANGE packet. This is the offset from the base of // the thread structure to the pointer to the kernel stack frame // for the currently active usermode callback. // USHORT ThCallbackStack; // offset in thread data // // these values are offsets into that frame: // USHORT NextCallback; // saved pointer to next callback frame USHORT FramePointer; // saved frame pointer // // Address of the kernel callout routine. // ULONG KiCallUserMode; // kernel routine // // Address of the usermode entry point for callbacks. // ULONG KeUserCallbackDispatcher; // address in ntdll // // DbgBreakPointWithStatus is a function which takes a ULONG argument // and hits a breakpoint. This field contains the address of the // breakpoint instruction. When the debugger sees a breakpoint // at this address, it may retrieve the argument from the first // argument register, or on x86 the eax register. // ULONG BreakpointWithStatus; // address of breakpoint // // Components may register a debug data block for use by // debugger extensions. This is the address of the list head. // ULONG DebuggerDataList; } DBGKD_GET_VERSION32, *PDBGKD_GET_VERSION32; typedef struct _DBGKD_GET_VERSION64 { USHORT MajorVersion; USHORT MinorVersion; USHORT ProtocolVersion; USHORT Flags; USHORT MachineType; USHORT Unused[3]; ULONG64 KernBase; ULONG64 PsLoadedModuleList; // // Components may register a debug data block for use by // debugger extensions. This is the address of the list head. // // There will always be an entry for the debugger. // ULONG64 DebuggerDataList; } DBGKD_GET_VERSION64, *PDBGKD_GET_VERSION64; // // If DBGKD_VERS_FLAG_DATA is set in Flags, info should be retrieved from // the KDDEBUGGER_DATA block rather than from the DBGKD_GET_VERSION // packet. The data will remain in the version packet for a while to // reduce compatibility problems. // #define DBGKD_VERS_FLAG_MP 0x0001 // kernel is MP built #define DBGKD_VERS_FLAG_DATA 0x0002 // DebuggerDataList is valid #define DBGKD_VERS_FLAG_PTR64 0x0004 // native pointers are 64 bits #define DBGKD_VERS_FLAG_NOMM 0x0008 // No MM - don't decode PTEs #define KDBG_TAG 'GBDK' typedef struct _DBGKD_DEBUG_DATA_HEADER32 { // // Link to other blocks // LIST_ENTRY32 List; // // This is a unique tag to identify the owner of the block. // If your component only uses one pool tag, use it for this, too. // ULONG OwnerTag; // // This must be initialized to the size of the data block, // including this structure. // ULONG Size; } DBGKD_DEBUG_DATA_HEADER32, *PDBGKD_DEBUG_DATA_HEADER32; // // DO NOT CHANGE THIS STRUCTURE! // ONLY MAKE CHAGES TO THE 64 BIT VERSION ABOVE!! // // This is the debugger data packet for pre NT5 Beta 2 systems. // For now, it is still used on x86 // typedef struct _KDDEBUGGER_DATA32 { DBGKD_DEBUG_DATA_HEADER32 Header; // // Base address of kernel image // ULONG KernBase; // // DbgBreakPointWithStatus is a function which takes an argument // and hits a breakpoint. This field contains the address of the // breakpoint instruction. When the debugger sees a breakpoint // at this address, it may retrieve the argument from the first // argument register, or on x86 the eax register. // ULONG BreakpointWithStatus; // address of breakpoint // // Address of the saved context record during a bugcheck // // N.B. This is an automatic in KeBugcheckEx's frame, and // is only valid after a bugcheck. // ULONG SavedContext; // // help for walking stacks with user callbacks: // // // The address of the thread structure is provided in the // WAIT_STATE_CHANGE packet. This is the offset from the base of // the thread structure to the pointer to the kernel stack frame // for the currently active usermode callback. // USHORT ThCallbackStack; // offset in thread data // // these values are offsets into that frame: // USHORT NextCallback; // saved pointer to next callback frame USHORT FramePointer; // saved frame pointer USHORT PaeEnabled:1; // // Address of the kernel callout routine. // ULONG KiCallUserMode; // kernel routine // // Address of the usermode entry point for callbacks. // ULONG KeUserCallbackDispatcher; // address in ntdll // // Addresses of various kernel data structures and lists // that are of interest to the kernel debugger. // ULONG PsLoadedModuleList; ULONG PsActiveProcessHead; ULONG PspCidTable; ULONG ExpSystemResourcesList; ULONG ExpPagedPoolDescriptor; ULONG ExpNumberOfPagedPools; ULONG KeTimeIncrement; ULONG KeBugCheckCallbackListHead; ULONG KiBugcheckData; ULONG IopErrorLogListHead; ULONG ObpRootDirectoryObject; ULONG ObpTypeObjectType; ULONG MmSystemCacheStart; ULONG MmSystemCacheEnd; ULONG MmSystemCacheWs; ULONG MmPfnDatabase; ULONG MmSystemPtesStart; ULONG MmSystemPtesEnd; ULONG MmSubsectionBase; ULONG MmNumberOfPagingFiles; ULONG MmLowestPhysicalPage; ULONG MmHighestPhysicalPage; ULONG MmNumberOfPhysicalPages; ULONG MmMaximumNonPagedPoolInBytes; ULONG MmNonPagedSystemStart; ULONG MmNonPagedPoolStart; ULONG MmNonPagedPoolEnd; ULONG MmPagedPoolStart; ULONG MmPagedPoolEnd; ULONG MmPagedPoolInformation; ULONG Unused2; ULONG MmSizeOfPagedPoolInBytes; ULONG MmTotalCommitLimit; ULONG MmTotalCommittedPages; ULONG MmSharedCommit; ULONG MmDriverCommit; ULONG MmProcessCommit; ULONG MmPagedPoolCommit; ULONG MmExtendedCommit; ULONG MmZeroedPageListHead; ULONG MmFreePageListHead; ULONG MmStandbyPageListHead; ULONG MmModifiedPageListHead; ULONG MmModifiedNoWritePageListHead; ULONG MmAvailablePages; ULONG MmResidentAvailablePages; ULONG PoolTrackTable; ULONG NonPagedPoolDescriptor; ULONG MmHighestUserAddress; ULONG MmSystemRangeStart; ULONG MmUserProbeAddress; ULONG KdPrintCircularBuffer; ULONG KdPrintCircularBufferEnd; ULONG KdPrintWritePointer; ULONG KdPrintRolloverCount; ULONG MmLoadedUserImageList; } KDDEBUGGER_DATA32, *PKDDEBUGGER_DATA32; // // DO NOT CHANGE KDDEBUGGER_DATA32!! // ONLY MAKE CHANGES TO KDDEBUGGER_DATA64!!! // // // This structure is used by the debugger for all targets // It is the same size as DBGKD_DATA_HEADER on all systems // typedef struct _DBGKD_DEBUG_DATA_HEADER64 { // // Link to other blocks // LIST_ENTRY64 List; // // This is a unique tag to identify the owner of the block. // If your component only uses one pool tag, use it for this, too. // ULONG OwnerTag; // // This must be initialized to the size of the data block, // including this structure. // ULONG Size; } DBGKD_DEBUG_DATA_HEADER64, *PDBGKD_DEBUG_DATA_HEADER64; // // This structure is the same size on all systems. The only field // which must be translated by the debugger is Header.List. // // // DO NOT ADD OR REMOVE FIELDS FROM THE MIDDLE OF THIS STRUCTURE!!! // // If you remove a field, replace it with an "unused" placeholder. // Do not reuse fields until there has been enough time for old debuggers // and extensions to age out. // typedef struct _KDDEBUGGER_DATA64 { DBGKD_DEBUG_DATA_HEADER64 Header; // // Base address of kernel image // ULONG64 KernBase; // // DbgBreakPointWithStatus is a function which takes an argument // and hits a breakpoint. This field contains the address of the // breakpoint instruction. When the debugger sees a breakpoint // at this address, it may retrieve the argument from the first // argument register, or on x86 the eax register. // ULONG64 BreakpointWithStatus; // address of breakpoint // // Address of the saved context record during a bugcheck // // N.B. This is an automatic in KeBugcheckEx's frame, and // is only valid after a bugcheck. // ULONG64 SavedContext; // // help for walking stacks with user callbacks: // // // The address of the thread structure is provided in the // WAIT_STATE_CHANGE packet. This is the offset from the base of // the thread structure to the pointer to the kernel stack frame // for the currently active usermode callback. // USHORT ThCallbackStack; // offset in thread data // // these values are offsets into that frame: // USHORT NextCallback; // saved pointer to next callback frame USHORT FramePointer; // saved frame pointer // // pad to a quad boundary // USHORT PaeEnabled:1; // // Address of the kernel callout routine. // ULONG64 KiCallUserMode; // kernel routine // // Address of the usermode entry point for callbacks. // ULONG64 KeUserCallbackDispatcher; // address in ntdll // // Addresses of various kernel data structures and lists // that are of interest to the kernel debugger. // ULONG64 PsLoadedModuleList; ULONG64 PsActiveProcessHead; ULONG64 PspCidTable; ULONG64 ExpSystemResourcesList; ULONG64 ExpPagedPoolDescriptor; ULONG64 ExpNumberOfPagedPools; ULONG64 KeTimeIncrement; ULONG64 KeBugCheckCallbackListHead; ULONG64 KiBugcheckData; ULONG64 IopErrorLogListHead; ULONG64 ObpRootDirectoryObject; ULONG64 ObpTypeObjectType; ULONG64 MmSystemCacheStart; ULONG64 MmSystemCacheEnd; ULONG64 MmSystemCacheWs; ULONG64 MmPfnDatabase; ULONG64 MmSystemPtesStart; ULONG64 MmSystemPtesEnd; ULONG64 MmSubsectionBase; ULONG64 MmNumberOfPagingFiles; ULONG64 MmLowestPhysicalPage; ULONG64 MmHighestPhysicalPage; ULONG64 MmNumberOfPhysicalPages; ULONG64 MmMaximumNonPagedPoolInBytes; ULONG64 MmNonPagedSystemStart; ULONG64 MmNonPagedPoolStart; ULONG64 MmNonPagedPoolEnd; ULONG64 MmPagedPoolStart; ULONG64 MmPagedPoolEnd; ULONG64 MmPagedPoolInformation; ULONG64 Unused2; ULONG64 MmSizeOfPagedPoolInBytes; ULONG64 MmTotalCommitLimit; ULONG64 MmTotalCommittedPages; ULONG64 MmSharedCommit; ULONG64 MmDriverCommit; ULONG64 MmProcessCommit; ULONG64 MmPagedPoolCommit; ULONG64 MmExtendedCommit; ULONG64 MmZeroedPageListHead; ULONG64 MmFreePageListHead; ULONG64 MmStandbyPageListHead; ULONG64 MmModifiedPageListHead; ULONG64 MmModifiedNoWritePageListHead; ULONG64 MmAvailablePages; ULONG64 MmResidentAvailablePages; ULONG64 PoolTrackTable; ULONG64 NonPagedPoolDescriptor; ULONG64 MmHighestUserAddress; ULONG64 MmSystemRangeStart; ULONG64 MmUserProbeAddress; ULONG64 KdPrintCircularBuffer; ULONG64 KdPrintCircularBufferEnd; ULONG64 KdPrintWritePointer; ULONG64 KdPrintRolloverCount; ULONG64 MmLoadedUserImageList; } KDDEBUGGER_DATA64, *PKDDEBUGGER_DATA64; #endif #define DBG_DUMP_NO_INDENT 0x00000001 #define DBG_DUMP_NO_OFFSET 0x00000002 #define DBG_DUMP_VERBOSE 0x00000004 #define DBG_DUMP_CALL_FOR_EACH 0x00000008 #define DBG_DUMP_LIST 0x00000020 #define DBG_DUMP_NO_PRINT 0x00000040 #define DBG_DUMP_GET_SIZE_ONLY 0x00000080 #define DBG_DUMP_RECUR_LEVEL(l) ((l & 0xf) << 8) #define DBG_DUMP_PRINT_TYPE_NAME 0x00004000 #define DBG_DUMP_ARRAY 0x00008000 #define DBG_DUMP_COMPACT_OUT 0x00200000 // Dump and callback optons for fields #define DBG_DUMP_FIELD_CALL_BEFORE_PRINT 0x00000001 #define DBG_DUMP_FIELD_NO_CALLBACK_REQ 0x00000002 #define DBG_DUMP_FIELD_RECUR_ON_THIS 0x00000004 #define DBG_DUMP_FIELD_FULL_NAME 0x00000008 #define DBG_DUMP_FIELD_ARRAY 0x00000010 #define DBG_DUMP_FIELD_COPY_FIELD_DATA 0x00000020 #define DBG_DUMP_FIELD_RETURN_ADDRESS 0x00001000 #define DBG_DUMP_FIELD_DEFAULT_STRING 0x00010000 #define DBG_DUMP_FIELD_WCHAR_STRING 0x00020000 #define DBG_DUMP_FIELD_MULTI_STRING 0x00040000 #define DBG_DUMP_FIELD_GUID_STRING 0x00080000 #define DBG_DUMP_FIELD_STRING 0x000F0000 #define DBG_DUMP_FIELD_PRINT_ULONG 0x00400000 typedef ULONG (WDBGAPI*PSYM_DUMP_FIELD_CALLBACK)( struct _FIELD_INFO *pField, PVOID UserContext ); typedef struct _FIELD_INFO { UCHAR fName[256]; // Name of the field UCHAR printName[80]; // Name to be printed at dump ULONG size; // Size of the field ULONG fOptions; // Dump Options for the field ULONG64 address; // address of the field PVOID fieldCallBack; // Return info or callBack routine for the field } FIELD_INFO, *PFIELD_INFO; typedef struct _SYM_DUMP_PARAM { ULONG size; // size of this struct PUCHAR sName; // type name ULONG Options; // Dump options ULONG64 addr; // Address to take data for type PFIELD_INFO listLink; // fName here would be used to do list dump PVOID Context; // Usercontext passed to CallbackRoutine PSYM_DUMP_FIELD_CALLBACK CallbackRoutine; // Routine called back ULONG nFields; // # elements in Fields PFIELD_INFO Fields; // Used to return information about field } SYM_DUMP_PARAM, *PSYM_DUMP_PARAM; #ifdef __cplusplus #define CPPMOD extern "C" #else #define CPPMOD #endif #ifndef NOEXTAPI #if defined(KDEXT_64BIT) #define WINDBG_EXTENSION_APIS WINDBG_EXTENSION_APIS64 #define DECLARE_API(s) DECLARE_API64(s) #elif defined(KDEXT_32BIT) #define WINDBG_EXTENSION_APIS WINDBG_EXTENSION_APIS32 #define DECLARE_API(s) DECLARE_API32(s) #else #define DECLARE_API(s) \ CPPMOD VOID \ s( \ HANDLE hCurrentProcess, \ HANDLE hCurrentThread, \ ULONG dwCurrentPc, \ ULONG dwProcessor, \ PCSTR args \ ) #endif #define DECLARE_API32(s) \ CPPMOD VOID \ s( \ HANDLE hCurrentProcess, \ HANDLE hCurrentThread, \ ULONG dwCurrentPc, \ ULONG dwProcessor, \ PCSTR args \ ) #define DECLARE_API64(s) \ CPPMOD VOID \ s( \ HANDLE hCurrentProcess, \ HANDLE hCurrentThread, \ ULONG64 dwCurrentPc, \ ULONG dwProcessor, \ PCSTR args \ ) extern WINDBG_EXTENSION_APIS ExtensionApis; #define dprintf (ExtensionApis.lpOutputRoutine) #define GetExpression (ExtensionApis.lpGetExpressionRoutine) #define CheckControlC (ExtensionApis.lpCheckControlCRoutine) #define GetContext (ExtensionApis.lpGetThreadContextRoutine) #define SetContext (ExtensionApis.lpSetThreadContextRoutine) #define Ioctl (ExtensionApis.lpIoctlRoutine) #define Disasm (ExtensionApis.lpDisasmRoutine) #define GetSymbol (ExtensionApis.lpGetSymbolRoutine) #define ReadMemory (ExtensionApis.lpReadProcessMemoryRoutine) #define WriteMemory (ExtensionApis.lpWriteProcessMemoryRoutine) #define StackTrace (ExtensionApis.lpStackTraceRoutine) #define GetKdContext(ppi) \ Ioctl( IG_KD_CONTEXT, (PVOID)ppi, sizeof(*ppi) ) // // BOOL // GetDebuggerData( // ULONG Tag, // PVOID Buf, // ULONG Size // ) // #define GetDebuggerData(TAG, BUF, SIZE) \ ( (((PDBGKD_DEBUG_DATA_HEADER64)(BUF))->OwnerTag = (TAG)), \ (((PDBGKD_DEBUG_DATA_HEADER64)(BUF))->Size = (SIZE)), \ Ioctl( IG_GET_DEBUGGER_DATA, (PVOID)(BUF), (SIZE) ) ) // Check if LocalAlloc is prototyped //#ifdef _WINBASE_ __inline VOID ReadPhysical( ULONG64 address, PVOID buf, ULONG size, PULONG sizer ) { PPHYSICAL phy; phy = (PPHYSICAL)LocalAlloc(LPTR, sizeof(*phy) + size ); ZeroMemory( phy->Buf, size ); phy->Address = address; phy->BufLen = size; Ioctl( IG_READ_PHYSICAL, (PVOID)phy, sizeof(*phy) + size ); *sizer = phy->BufLen; CopyMemory( buf, phy->Buf, *sizer ); LocalFree( phy ); } __inline VOID WritePhysical( ULONG64 address, PVOID buf, ULONG size, PULONG sizew ) { PPHYSICAL phy; phy = (PPHYSICAL)LocalAlloc(LPTR, sizeof(*phy) + size ); ZeroMemory( phy->Buf, size ); phy->Address = address; phy->BufLen = size; CopyMemory( phy->Buf, buf, size ); Ioctl( IG_WRITE_PHYSICAL, (PVOID)phy, sizeof(*phy) + size ); *sizew = phy->BufLen; LocalFree( phy ); } __inline VOID ReadMsr( ULONG MsrReg, ULONGLONG *MsrValue ) { PREAD_WRITE_MSR msr; msr = (PREAD_WRITE_MSR)LocalAlloc(LPTR, sizeof(*msr)); msr->Msr = MsrReg; Ioctl( IG_READ_MSR, (PVOID)msr, sizeof(*msr) ); *MsrValue = msr->Value; LocalFree( msr ); } __inline VOID WriteMsr( ULONG MsrReg, ULONGLONG MsrValue ) { PREAD_WRITE_MSR msr; msr = (PREAD_WRITE_MSR)LocalAlloc(LPTR, sizeof(*msr)); msr->Msr = MsrReg; msr->Value = MsrValue; Ioctl( IG_WRITE_MSR, (PVOID)msr, sizeof(*msr) ); LocalFree( msr ); } __inline VOID SetThreadForOperation( ULONG_PTR * Thread ) { Ioctl(IG_SET_THREAD, (PVOID)Thread, sizeof(PULONG)); } __inline VOID SetThreadForOperation32( ULONG Thread ) { Ioctl(IG_SET_THREAD, (PVOID)LongToPtr(Thread), sizeof(PULONG)); } __inline VOID SetThreadForOperation64( PULONG64 Thread ) { Ioctl(IG_SET_THREAD, (PVOID)Thread, sizeof(PULONG)); } __inline VOID ReadControlSpace( USHORT processor, ULONG address, PVOID buf, ULONG size ) { PREADCONTROLSPACE prc; prc = (PREADCONTROLSPACE)LocalAlloc(LPTR, sizeof(*prc) + size ); ZeroMemory( prc->Buf, size ); prc->Processor = processor; prc->Address = address; prc->BufLen = size; Ioctl( IG_READ_CONTROL_SPACE, (PVOID)prc, sizeof(*prc) + size ); CopyMemory( buf, prc->Buf, size ); LocalFree( prc ); } __inline VOID ReadControlSpace32( USHORT processor, ULONG address, PVOID buf, ULONG size ) { PREADCONTROLSPACE32 prc; prc = (PREADCONTROLSPACE32)LocalAlloc(LPTR, sizeof(*prc) + size ); ZeroMemory( prc->Buf, size ); prc->Processor = processor; prc->Address = address; prc->BufLen = size; Ioctl( IG_READ_CONTROL_SPACE, (PVOID)prc, sizeof(*prc) + size ); CopyMemory( buf, prc->Buf, size ); LocalFree( prc ); } __inline VOID ReadControlSpace64( USHORT processor, ULONG64 address, PVOID buf, ULONG size ) { PREADCONTROLSPACE64 prc; prc = (PREADCONTROLSPACE64)LocalAlloc(LPTR, sizeof(*prc) + size ); ZeroMemory( prc->Buf, size ); prc->Processor = processor; prc->Address = address; prc->BufLen = size; Ioctl( IG_READ_CONTROL_SPACE, (PVOID)prc, sizeof(*prc) + size ); CopyMemory( buf, prc->Buf, size ); LocalFree( prc ); } // #endif // _WINBASE_ __inline VOID ReadIoSpace( ULONG address, PULONG data, PULONG size ) { IOSPACE is; is.Address = address; is.Length = *size; Ioctl( IG_READ_IO_SPACE, (PVOID)&is, sizeof(is) ); memcpy(data, &is.Data, is.Length); *size = is.Length; } __inline VOID ReadIoSpace32( ULONG address, PULONG data, PULONG size ) { IOSPACE32 is; is.Address = address; is.Length = *size; Ioctl( IG_READ_IO_SPACE, (PVOID)&is, sizeof(is) ); memcpy(data, &is.Data, is.Length); *size = is.Length; } __inline VOID ReadIoSpace64( ULONG64 address, PULONG data, PULONG size ) { IOSPACE64 is; is.Address = address; is.Length = *size; Ioctl( IG_READ_IO_SPACE, (PVOID)&is, sizeof(is) ); memcpy(data, &is.Data, is.Length); *size = is.Length; } __inline VOID WriteIoSpace( ULONG address, ULONG data, PULONG size ) { IOSPACE is; is.Address = (ULONG)address; is.Length = *size; is.Data = data; Ioctl( IG_WRITE_IO_SPACE, (PVOID)&is, sizeof(is) ); *size = is.Length; } __inline VOID WriteIoSpace32( ULONG address, ULONG data, PULONG size ) { IOSPACE32 is; is.Address = address; is.Length = *size; is.Data = data; Ioctl( IG_WRITE_IO_SPACE, (PVOID)&is, sizeof(is) ); *size = is.Length; } __inline VOID WriteIoSpace64( ULONG64 address, ULONG data, PULONG size ) { IOSPACE64 is; is.Address = address; is.Length = *size; is.Data = data; Ioctl( IG_WRITE_IO_SPACE, (PVOID)&is, sizeof(is) ); *size = is.Length; } __inline VOID ReadIoSpaceEx( ULONG address, PULONG data, PULONG size, ULONG interfacetype, ULONG busnumber, ULONG addressspace ) { IOSPACE_EX is; is.Address = (ULONG)address; is.Length = *size; is.Data = 0; is.InterfaceType = interfacetype; is.BusNumber = busnumber; is.AddressSpace = addressspace; Ioctl( IG_READ_IO_SPACE_EX, (PVOID)&is, sizeof(is) ); *data = is.Data; *size = is.Length; } __inline VOID ReadIoSpaceEx32( ULONG address, PULONG data, PULONG size, ULONG interfacetype, ULONG busnumber, ULONG addressspace ) { IOSPACE_EX32 is; is.Address = address; is.Length = *size; is.Data = 0; is.InterfaceType = interfacetype; is.BusNumber = busnumber; is.AddressSpace = addressspace; Ioctl( IG_READ_IO_SPACE_EX, (PVOID)&is, sizeof(is) ); *data = is.Data; *size = is.Length; } __inline VOID ReadIoSpaceEx64( ULONG64 address, PULONG data, PULONG size, ULONG interfacetype, ULONG busnumber, ULONG addressspace ) { IOSPACE_EX64 is; is.Address = address; is.Length = *size; is.Data = 0; is.InterfaceType = interfacetype; is.BusNumber = busnumber; is.AddressSpace = addressspace; Ioctl( IG_READ_IO_SPACE_EX, (PVOID)&is, sizeof(is) ); *data = is.Data; *size = is.Length; } __inline VOID WriteIoSpaceEx( ULONG address, ULONG data, PULONG size, ULONG interfacetype, ULONG busnumber, ULONG addressspace ) { IOSPACE_EX is; is.Address = (ULONG)address; is.Length = *size; is.Data = data; is.InterfaceType = interfacetype; is.BusNumber = busnumber; is.AddressSpace = addressspace; Ioctl( IG_WRITE_IO_SPACE_EX, (PVOID)&is, sizeof(is) ); *size = is.Length; } __inline VOID WriteIoSpaceEx32( ULONG address, ULONG data, PULONG size, ULONG interfacetype, ULONG busnumber, ULONG addressspace ) { IOSPACE_EX32 is; is.Address = address; is.Length = *size; is.Data = data; is.InterfaceType = interfacetype; is.BusNumber = busnumber; is.AddressSpace = addressspace; Ioctl( IG_WRITE_IO_SPACE_EX, (PVOID)&is, sizeof(is) ); *size = is.Length; } __inline VOID WriteIoSpaceEx64( ULONG64 address, ULONG data, PULONG size, ULONG interfacetype, ULONG busnumber, ULONG addressspace ) { IOSPACE_EX64 is; is.Address = address; is.Length = *size; is.Data = data; is.InterfaceType = interfacetype; is.BusNumber = busnumber; is.AddressSpace = addressspace; Ioctl( IG_WRITE_IO_SPACE_EX, (PVOID)&is, sizeof(is) ); *size = is.Length; } __inline VOID ReloadSymbols( IN PSTR Arg OPTIONAL ) /*++ Routine Description: Calls the debugger to reload symbols. Arguments: Args - Supplies the tail of a !reload command string. !reload [flags] [module[=address]] flags: /n do not load from usermode list /u unload symbols, no reload /v verbose A value of NULL is equivalent to an empty string Return Value: None --*/ { Ioctl(IG_RELOAD_SYMBOLS, (PVOID)Arg, Arg?(strlen(Arg)+1):0); } __inline VOID GetSetSympath( IN PSTR Arg, OUT PSTR Result OPTIONAL, IN int Length ) /*++ Routine Description: Calls the debugger to set or retrieve symbol search path. Arguments: Arg - Supplies new search path. If Arg is NULL or string is empty, the search path is not changed and the current setting is returned in Result. When the symbol search path is changed, a call to ReloadSymbols is made implicitly. Result - OPTIONAL Returns the symbol search path setting. Length - Supplies the size of the buffer supplied by Result. Return Value: None --*/ { GET_SET_SYMPATH gss; gss.Args = Arg; gss.Result = Result; gss.Length = Length; Ioctl(IG_GET_SET_SYMPATH, (PVOID)&gss, sizeof(gss)); } #if defined(KDEXT_64BIT) __inline ULONG IsPtr64( void ) { static ULONG flag = -1; ULONG dw; if (flag == -1) { if (Ioctl(IG_IS_PTR64, &dw, sizeof(dw))) { flag = ((dw != 0) ? 1 : 0); } else { flag = 0; } } return flag; } __inline ULONG ReadListEntry( ULONG64 Address, PLIST_ENTRY64 List ) { ULONG cb; if (IsPtr64()) { return (ReadMemory(Address, (PVOID)List, sizeof(*List), &cb) && cb == sizeof(*List)); } else { LIST_ENTRY32 List32; ULONG Status; Status = ReadMemory(Address, (PVOID)&List32, sizeof(List32), &cb); if (Status && cb == sizeof(List32)) { List->Flink = (ULONG64)(LONG64)(LONG)List32.Flink; List->Blink = (ULONG64)(LONG64)(LONG)List32.Blink; return 1; } return 0; } } __inline ULONG ReadPointer( ULONG64 Address, PULONG64 Pointer ) { ULONG cb; if (IsPtr64()) { return (ReadMemory(Address, (PVOID)Pointer, sizeof(*Pointer), &cb) && cb == sizeof(*Pointer)); } else { ULONG Pointer32; ULONG Status; Status = ReadMemory(Address, (PVOID)&Pointer32, sizeof(Pointer32), &cb); if (Status && cb == sizeof(Pointer32)) { *Pointer = (ULONG64)(LONG64)(LONG)Pointer32; return 1; } return 0; } } __inline ULONG WritePointer( ULONG64 Address, ULONG64 Pointer ) { ULONG cb; if (IsPtr64()) { return (WriteMemory(Address, &Pointer, sizeof(Pointer), &cb) && cb == sizeof(Pointer)); } else { ULONG Pointer32 = (ULONG)Pointer; ULONG Status; Status = WriteMemory(Address, &Pointer32, sizeof(Pointer32), &cb); return (Status && cb == sizeof(Pointer32)) ? 1 : 0; } } #endif // defined(KDEXT_64BIT) __inline VOID GetTebAddress( PULONGLONG Address ) { GET_TEB_ADDRESS gpt; gpt.Address = 0; Ioctl(IG_GET_TEB_ADDRESS, (PVOID)&gpt, sizeof(gpt)); *Address = gpt.Address; } __inline VOID SearchMemory( ULONG64 SearchAddress, ULONG64 SearchLength, ULONG PatternLength, PVOID Pattern, PULONG64 FoundAddress ) { SEARCHMEMORY sm; sm.SearchAddress = SearchAddress; sm.SearchLength = SearchLength; sm.FoundAddress = 0; sm.PatternLength = PatternLength; sm.Pattern = Pattern; Ioctl(IG_SEARCH_MEMORY, (PVOID)&sm, sizeof(sm)); *FoundAddress = sm.FoundAddress; } #endif #ifdef __cplusplus } #endif #pragma option pop /*P_O_Pop*/ #endif // _WDBGEXTS_