240 lines
7.0 KiB
Rust
240 lines
7.0 KiB
Rust
use crate::ntapi_base::{CLIENT_ID, PCLIENT_ID};
|
|
use winapi::shared::evntprov::EVENT_FILTER_DESCRIPTOR;
|
|
use winapi::shared::guiddef::LPCGUID;
|
|
use winapi::shared::ntdef::{
|
|
BOOLEAN, HANDLE, NTSTATUS, PCCH, PCH, PCSTR, PHANDLE, PLARGE_INTEGER, POBJECT_ATTRIBUTES,
|
|
PULONG, PVOID, UCHAR, ULONG, ULONGLONG,
|
|
};
|
|
use winapi::um::minwinbase::LPDEBUG_EVENT;
|
|
use winapi::um::winnt::{ACCESS_MASK, EXCEPTION_RECORD, STANDARD_RIGHTS_REQUIRED, SYNCHRONIZE};
|
|
use winapi::vc::vadefs::va_list;
|
|
EXTERN!{extern "system" {
|
|
fn DbgUserBreakPoint();
|
|
fn DbgBreakPoint();
|
|
fn DbgBreakPointWithStatus(
|
|
Status: ULONG,
|
|
);
|
|
}}
|
|
pub const DBG_STATUS_CONTROL_C: u32 = 1;
|
|
pub const DBG_STATUS_SYSRQ: u32 = 2;
|
|
pub const DBG_STATUS_BUGCHECK_FIRST: u32 = 3;
|
|
pub const DBG_STATUS_BUGCHECK_SECOND: u32 = 4;
|
|
pub const DBG_STATUS_FATAL: u32 = 5;
|
|
pub const DBG_STATUS_DEBUG_CONTROL: u32 = 6;
|
|
pub const DBG_STATUS_WORKER: u32 = 7;
|
|
EXTERN!{extern "C" {
|
|
fn DbgPrint(
|
|
Format: PCSTR,
|
|
...
|
|
) -> ULONG;
|
|
fn DbgPrintEx(
|
|
ComponentId: ULONG,
|
|
Level: ULONG,
|
|
Format: PCSTR,
|
|
...
|
|
) -> ULONG;
|
|
}}
|
|
EXTERN!{extern "system" {
|
|
fn vDbgPrintEx(
|
|
ComponentId: ULONG,
|
|
Level: ULONG,
|
|
Format: PCCH,
|
|
arglist: va_list,
|
|
) -> ULONG;
|
|
fn vDbgPrintExWithPrefix(
|
|
Prefix: PCH,
|
|
ComponentId: ULONG,
|
|
Level: ULONG,
|
|
Format: PCCH,
|
|
arglist: va_list,
|
|
) -> ULONG;
|
|
fn DbgQueryDebugFilterState(
|
|
ComponentId: ULONG,
|
|
Level: ULONG,
|
|
) -> NTSTATUS;
|
|
fn DbgSetDebugFilterState(
|
|
ComponentId: ULONG,
|
|
Level: ULONG,
|
|
State: BOOLEAN,
|
|
) -> NTSTATUS;
|
|
fn DbgPrompt(
|
|
Prompt: PCCH,
|
|
Response: PCH,
|
|
Length: ULONG,
|
|
) -> ULONG;
|
|
}}
|
|
STRUCT!{struct DBGKM_EXCEPTION {
|
|
ExceptionRecord: EXCEPTION_RECORD,
|
|
FirstChance: ULONG,
|
|
}}
|
|
pub type PDBGKM_EXCEPTION = *mut DBGKM_EXCEPTION;
|
|
STRUCT!{struct DBGKM_CREATE_THREAD {
|
|
SubSystemKey: ULONG,
|
|
StartAddress: PVOID,
|
|
}}
|
|
pub type PDBGKM_CREATE_THREAD = *mut DBGKM_CREATE_THREAD;
|
|
STRUCT!{struct DBGKM_CREATE_PROCESS {
|
|
SubSystemKey: ULONG,
|
|
FileHandle: HANDLE,
|
|
BaseOfImage: PVOID,
|
|
DebugInfoFileOffset: ULONG,
|
|
DebugInfoSize: ULONG,
|
|
InitialThread: DBGKM_CREATE_THREAD,
|
|
}}
|
|
pub type PDBGKM_CREATE_PROCESS = *mut DBGKM_CREATE_PROCESS;
|
|
STRUCT!{struct DBGKM_EXIT_THREAD {
|
|
ExitStatus: NTSTATUS,
|
|
}}
|
|
pub type PDBGKM_EXIT_THREAD = *mut DBGKM_EXIT_THREAD;
|
|
STRUCT!{struct DBGKM_EXIT_PROCESS {
|
|
ExitStatus: NTSTATUS,
|
|
}}
|
|
pub type PDBGKM_EXIT_PROCESS = *mut DBGKM_EXIT_PROCESS;
|
|
STRUCT!{struct DBGKM_LOAD_DLL {
|
|
FileHandle: HANDLE,
|
|
BaseOfDll: PVOID,
|
|
DebugInfoFileOffset: ULONG,
|
|
DebugInfoSize: ULONG,
|
|
NamePointer: PVOID,
|
|
}}
|
|
pub type PDBGKM_LOAD_DLL = *mut DBGKM_LOAD_DLL;
|
|
STRUCT!{struct DBGKM_UNLOAD_DLL {
|
|
BaseAddress: PVOID,
|
|
}}
|
|
pub type PDBGKM_UNLOAD_DLL = *mut DBGKM_UNLOAD_DLL;
|
|
ENUM!{enum DBG_STATE {
|
|
DbgIdle = 0,
|
|
DbgReplyPending = 1,
|
|
DbgCreateThreadStateChange = 2,
|
|
DbgCreateProcessStateChange = 3,
|
|
DbgExitThreadStateChange = 4,
|
|
DbgExitProcessStateChange = 5,
|
|
DbgExceptionStateChange = 6,
|
|
DbgBreakpointStateChange = 7,
|
|
DbgSingleStepStateChange = 8,
|
|
DbgLoadDllStateChange = 9,
|
|
DbgUnloadDllStateChange = 10,
|
|
}}
|
|
pub type PDBG_STATE = *mut DBG_STATE;
|
|
STRUCT!{struct DBGUI_CREATE_THREAD {
|
|
HandleToThread: HANDLE,
|
|
NewThread: DBGKM_CREATE_THREAD,
|
|
}}
|
|
pub type PDBGUI_CREATE_THREAD = *mut DBGUI_CREATE_THREAD;
|
|
STRUCT!{struct DBGUI_CREATE_PROCESS {
|
|
HandleToProcess: HANDLE,
|
|
HandleToThread: HANDLE,
|
|
NewProcess: DBGKM_CREATE_PROCESS,
|
|
}}
|
|
UNION!{union DBGUI_WAIT_STATE_CHANGE_StateInfo {
|
|
Exception: DBGKM_EXCEPTION,
|
|
CreateThread: DBGUI_CREATE_THREAD,
|
|
CreateProcessInfo: DBGUI_CREATE_PROCESS,
|
|
ExitThread: DBGKM_EXIT_THREAD,
|
|
ExitProcess: DBGKM_EXIT_PROCESS,
|
|
LoadDll: DBGKM_LOAD_DLL,
|
|
UnloadDll: DBGKM_UNLOAD_DLL,
|
|
}}
|
|
pub type PDBGUI_CREATE_PROCESS = *mut DBGUI_CREATE_PROCESS;
|
|
STRUCT!{struct DBGUI_WAIT_STATE_CHANGE {
|
|
NewState: DBG_STATE,
|
|
AppClientId: CLIENT_ID,
|
|
StateInfo: DBGUI_WAIT_STATE_CHANGE_StateInfo,
|
|
}}
|
|
pub type PDBGUI_WAIT_STATE_CHANGE = *mut DBGUI_WAIT_STATE_CHANGE;
|
|
pub const DEBUG_READ_EVENT: ULONG = 0x0001;
|
|
pub const DEBUG_PROCESS_ASSIGN: ULONG = 0x0002;
|
|
pub const DEBUG_SET_INFORMATION: ULONG = 0x0004;
|
|
pub const DEBUG_QUERY_INFORMATION: ULONG = 0x0008;
|
|
pub const DEBUG_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | DEBUG_READ_EVENT
|
|
| DEBUG_PROCESS_ASSIGN | DEBUG_SET_INFORMATION | DEBUG_QUERY_INFORMATION;
|
|
pub const DEBUG_KILL_ON_CLOSE: u32 = 0x1;
|
|
ENUM!{enum DEBUGOBJECTINFOCLASS {
|
|
DebugObjectUnusedInformation = 0,
|
|
DebugObjectKillProcessOnExitInformation = 1,
|
|
MaxDebugObjectInfoClass = 2,
|
|
}}
|
|
pub type PDEBUGOBJECTINFOCLASS = *mut DEBUGOBJECTINFOCLASS;
|
|
EXTERN!{extern "system" {
|
|
fn NtCreateDebugObject(
|
|
DebugObjectHandle: PHANDLE,
|
|
DesiredAccess: ACCESS_MASK,
|
|
ObjectAttributes: POBJECT_ATTRIBUTES,
|
|
Flags: ULONG,
|
|
) -> NTSTATUS;
|
|
fn NtDebugActiveProcess(
|
|
ProcessHandle: HANDLE,
|
|
DebugObjectHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn NtDebugContinue(
|
|
DebugObjectHandle: HANDLE,
|
|
ClientId: PCLIENT_ID,
|
|
ContinueStatus: NTSTATUS,
|
|
) -> NTSTATUS;
|
|
fn NtRemoveProcessDebug(
|
|
ProcessHandle: HANDLE,
|
|
DebugObjectHandle: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn NtSetInformationDebugObject(
|
|
DebugObjectHandle: HANDLE,
|
|
DebugObjectInformationClass: DEBUGOBJECTINFOCLASS,
|
|
DebugInformation: PVOID,
|
|
DebugInformationLength: ULONG,
|
|
ReturnLength: PULONG,
|
|
) -> NTSTATUS;
|
|
fn NtWaitForDebugEvent(
|
|
DebugObjectHandle: HANDLE,
|
|
Alertable: BOOLEAN,
|
|
Timeout: PLARGE_INTEGER,
|
|
WaitStateChange: PVOID,
|
|
) -> NTSTATUS;
|
|
fn DbgUiConnectToDbg() -> NTSTATUS;
|
|
fn DbgUiGetThreadDebugObject() -> HANDLE;
|
|
fn DbgUiSetThreadDebugObject(
|
|
DebugObject: HANDLE,
|
|
);
|
|
fn DbgUiWaitStateChange(
|
|
StateChange: PDBGUI_WAIT_STATE_CHANGE,
|
|
Timeout: PLARGE_INTEGER,
|
|
) -> NTSTATUS;
|
|
fn DbgUiContinue(
|
|
AppClientId: PCLIENT_ID,
|
|
ContinueStatus: NTSTATUS,
|
|
) -> NTSTATUS;
|
|
fn DbgUiStopDebugging(
|
|
Process: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn DbgUiDebugActiveProcess(
|
|
Process: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn DbgUiRemoteBreakin(
|
|
Context: PVOID,
|
|
);
|
|
fn DbgUiIssueRemoteBreakin(
|
|
Process: HANDLE,
|
|
) -> NTSTATUS;
|
|
fn DbgUiConvertStateChangeStructure(
|
|
StateChange: PDBGUI_WAIT_STATE_CHANGE,
|
|
DebugEvent: LPDEBUG_EVENT,
|
|
) -> NTSTATUS;
|
|
}}
|
|
FN!{stdcall PENABLECALLBACK(
|
|
SourceId: LPCGUID,
|
|
IsEnabled: ULONG,
|
|
Level: UCHAR,
|
|
MatchAnyKeyword: ULONGLONG,
|
|
MatchAllKeyword: ULONGLONG,
|
|
FilterData: *mut EVENT_FILTER_DESCRIPTOR,
|
|
CallbackContext: PVOID,
|
|
) -> ()}
|
|
pub type REGHANDLE = ULONGLONG;
|
|
pub type PREGHANDLE = *mut ULONGLONG;
|
|
EXTERN!{extern "system" {
|
|
fn EtwEventRegister(
|
|
ProviderId: LPCGUID,
|
|
EnableCallback: PENABLECALLBACK,
|
|
CallbackContext: PVOID,
|
|
RegHandle: PREGHANDLE,
|
|
) -> NTSTATUS;
|
|
}}
|