1 use crate::ntapi_base::{CLIENT_ID, PCLIENT_ID}; 2 use winapi::shared::evntprov::EVENT_FILTER_DESCRIPTOR; 3 use winapi::shared::guiddef::LPCGUID; 4 use winapi::shared::ntdef::{ 5 BOOLEAN, HANDLE, NTSTATUS, PCCH, PCH, PCSTR, PHANDLE, PLARGE_INTEGER, POBJECT_ATTRIBUTES, 6 PULONG, PVOID, UCHAR, ULONG, ULONGLONG, 7 }; 8 use winapi::um::minwinbase::LPDEBUG_EVENT; 9 use winapi::um::winnt::{ACCESS_MASK, EXCEPTION_RECORD, STANDARD_RIGHTS_REQUIRED, SYNCHRONIZE}; 10 use winapi::vc::vadefs::va_list; 11 EXTERN!{extern "system" { 12 fn DbgUserBreakPoint(); 13 fn DbgBreakPoint(); 14 fn DbgBreakPointWithStatus( 15 Status: ULONG, 16 ); 17 }} 18 pub const DBG_STATUS_CONTROL_C: u32 = 1; 19 pub const DBG_STATUS_SYSRQ: u32 = 2; 20 pub const DBG_STATUS_BUGCHECK_FIRST: u32 = 3; 21 pub const DBG_STATUS_BUGCHECK_SECOND: u32 = 4; 22 pub const DBG_STATUS_FATAL: u32 = 5; 23 pub const DBG_STATUS_DEBUG_CONTROL: u32 = 6; 24 pub const DBG_STATUS_WORKER: u32 = 7; 25 EXTERN!{extern "C" { 26 fn DbgPrint( 27 Format: PCSTR, 28 ... 29 ) -> ULONG; 30 fn DbgPrintEx( 31 ComponentId: ULONG, 32 Level: ULONG, 33 Format: PCSTR, 34 ... 35 ) -> ULONG; 36 }} 37 EXTERN!{extern "system" { 38 fn vDbgPrintEx( 39 ComponentId: ULONG, 40 Level: ULONG, 41 Format: PCCH, 42 arglist: va_list, 43 ) -> ULONG; 44 fn vDbgPrintExWithPrefix( 45 Prefix: PCH, 46 ComponentId: ULONG, 47 Level: ULONG, 48 Format: PCCH, 49 arglist: va_list, 50 ) -> ULONG; 51 fn DbgQueryDebugFilterState( 52 ComponentId: ULONG, 53 Level: ULONG, 54 ) -> NTSTATUS; 55 fn DbgSetDebugFilterState( 56 ComponentId: ULONG, 57 Level: ULONG, 58 State: BOOLEAN, 59 ) -> NTSTATUS; 60 fn DbgPrompt( 61 Prompt: PCCH, 62 Response: PCH, 63 Length: ULONG, 64 ) -> ULONG; 65 }} 66 STRUCT!{struct DBGKM_EXCEPTION { 67 ExceptionRecord: EXCEPTION_RECORD, 68 FirstChance: ULONG, 69 }} 70 pub type PDBGKM_EXCEPTION = *mut DBGKM_EXCEPTION; 71 STRUCT!{struct DBGKM_CREATE_THREAD { 72 SubSystemKey: ULONG, 73 StartAddress: PVOID, 74 }} 75 pub type PDBGKM_CREATE_THREAD = *mut DBGKM_CREATE_THREAD; 76 STRUCT!{struct DBGKM_CREATE_PROCESS { 77 SubSystemKey: ULONG, 78 FileHandle: HANDLE, 79 BaseOfImage: PVOID, 80 DebugInfoFileOffset: ULONG, 81 DebugInfoSize: ULONG, 82 InitialThread: DBGKM_CREATE_THREAD, 83 }} 84 pub type PDBGKM_CREATE_PROCESS = *mut DBGKM_CREATE_PROCESS; 85 STRUCT!{struct DBGKM_EXIT_THREAD { 86 ExitStatus: NTSTATUS, 87 }} 88 pub type PDBGKM_EXIT_THREAD = *mut DBGKM_EXIT_THREAD; 89 STRUCT!{struct DBGKM_EXIT_PROCESS { 90 ExitStatus: NTSTATUS, 91 }} 92 pub type PDBGKM_EXIT_PROCESS = *mut DBGKM_EXIT_PROCESS; 93 STRUCT!{struct DBGKM_LOAD_DLL { 94 FileHandle: HANDLE, 95 BaseOfDll: PVOID, 96 DebugInfoFileOffset: ULONG, 97 DebugInfoSize: ULONG, 98 NamePointer: PVOID, 99 }} 100 pub type PDBGKM_LOAD_DLL = *mut DBGKM_LOAD_DLL; 101 STRUCT!{struct DBGKM_UNLOAD_DLL { 102 BaseAddress: PVOID, 103 }} 104 pub type PDBGKM_UNLOAD_DLL = *mut DBGKM_UNLOAD_DLL; 105 ENUM!{enum DBG_STATE { 106 DbgIdle = 0, 107 DbgReplyPending = 1, 108 DbgCreateThreadStateChange = 2, 109 DbgCreateProcessStateChange = 3, 110 DbgExitThreadStateChange = 4, 111 DbgExitProcessStateChange = 5, 112 DbgExceptionStateChange = 6, 113 DbgBreakpointStateChange = 7, 114 DbgSingleStepStateChange = 8, 115 DbgLoadDllStateChange = 9, 116 DbgUnloadDllStateChange = 10, 117 }} 118 pub type PDBG_STATE = *mut DBG_STATE; 119 STRUCT!{struct DBGUI_CREATE_THREAD { 120 HandleToThread: HANDLE, 121 NewThread: DBGKM_CREATE_THREAD, 122 }} 123 pub type PDBGUI_CREATE_THREAD = *mut DBGUI_CREATE_THREAD; 124 STRUCT!{struct DBGUI_CREATE_PROCESS { 125 HandleToProcess: HANDLE, 126 HandleToThread: HANDLE, 127 NewProcess: DBGKM_CREATE_PROCESS, 128 }} 129 UNION!{union DBGUI_WAIT_STATE_CHANGE_StateInfo { 130 Exception: DBGKM_EXCEPTION, 131 CreateThread: DBGUI_CREATE_THREAD, 132 CreateProcessInfo: DBGUI_CREATE_PROCESS, 133 ExitThread: DBGKM_EXIT_THREAD, 134 ExitProcess: DBGKM_EXIT_PROCESS, 135 LoadDll: DBGKM_LOAD_DLL, 136 UnloadDll: DBGKM_UNLOAD_DLL, 137 }} 138 pub type PDBGUI_CREATE_PROCESS = *mut DBGUI_CREATE_PROCESS; 139 STRUCT!{struct DBGUI_WAIT_STATE_CHANGE { 140 NewState: DBG_STATE, 141 AppClientId: CLIENT_ID, 142 StateInfo: DBGUI_WAIT_STATE_CHANGE_StateInfo, 143 }} 144 pub type PDBGUI_WAIT_STATE_CHANGE = *mut DBGUI_WAIT_STATE_CHANGE; 145 pub const DEBUG_READ_EVENT: ULONG = 0x0001; 146 pub const DEBUG_PROCESS_ASSIGN: ULONG = 0x0002; 147 pub const DEBUG_SET_INFORMATION: ULONG = 0x0004; 148 pub const DEBUG_QUERY_INFORMATION: ULONG = 0x0008; 149 pub const DEBUG_ALL_ACCESS: ACCESS_MASK = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | DEBUG_READ_EVENT 150 | DEBUG_PROCESS_ASSIGN | DEBUG_SET_INFORMATION | DEBUG_QUERY_INFORMATION; 151 pub const DEBUG_KILL_ON_CLOSE: u32 = 0x1; 152 ENUM!{enum DEBUGOBJECTINFOCLASS { 153 DebugObjectUnusedInformation = 0, 154 DebugObjectKillProcessOnExitInformation = 1, 155 MaxDebugObjectInfoClass = 2, 156 }} 157 pub type PDEBUGOBJECTINFOCLASS = *mut DEBUGOBJECTINFOCLASS; 158 EXTERN!{extern "system" { 159 fn NtCreateDebugObject( 160 DebugObjectHandle: PHANDLE, 161 DesiredAccess: ACCESS_MASK, 162 ObjectAttributes: POBJECT_ATTRIBUTES, 163 Flags: ULONG, 164 ) -> NTSTATUS; 165 fn NtDebugActiveProcess( 166 ProcessHandle: HANDLE, 167 DebugObjectHandle: HANDLE, 168 ) -> NTSTATUS; 169 fn NtDebugContinue( 170 DebugObjectHandle: HANDLE, 171 ClientId: PCLIENT_ID, 172 ContinueStatus: NTSTATUS, 173 ) -> NTSTATUS; 174 fn NtRemoveProcessDebug( 175 ProcessHandle: HANDLE, 176 DebugObjectHandle: HANDLE, 177 ) -> NTSTATUS; 178 fn NtSetInformationDebugObject( 179 DebugObjectHandle: HANDLE, 180 DebugObjectInformationClass: DEBUGOBJECTINFOCLASS, 181 DebugInformation: PVOID, 182 DebugInformationLength: ULONG, 183 ReturnLength: PULONG, 184 ) -> NTSTATUS; 185 fn NtWaitForDebugEvent( 186 DebugObjectHandle: HANDLE, 187 Alertable: BOOLEAN, 188 Timeout: PLARGE_INTEGER, 189 WaitStateChange: PVOID, 190 ) -> NTSTATUS; 191 fn DbgUiConnectToDbg() -> NTSTATUS; 192 fn DbgUiGetThreadDebugObject() -> HANDLE; 193 fn DbgUiSetThreadDebugObject( 194 DebugObject: HANDLE, 195 ); 196 fn DbgUiWaitStateChange( 197 StateChange: PDBGUI_WAIT_STATE_CHANGE, 198 Timeout: PLARGE_INTEGER, 199 ) -> NTSTATUS; 200 fn DbgUiContinue( 201 AppClientId: PCLIENT_ID, 202 ContinueStatus: NTSTATUS, 203 ) -> NTSTATUS; 204 fn DbgUiStopDebugging( 205 Process: HANDLE, 206 ) -> NTSTATUS; 207 fn DbgUiDebugActiveProcess( 208 Process: HANDLE, 209 ) -> NTSTATUS; 210 fn DbgUiRemoteBreakin( 211 Context: PVOID, 212 ); 213 fn DbgUiIssueRemoteBreakin( 214 Process: HANDLE, 215 ) -> NTSTATUS; 216 fn DbgUiConvertStateChangeStructure( 217 StateChange: PDBGUI_WAIT_STATE_CHANGE, 218 DebugEvent: LPDEBUG_EVENT, 219 ) -> NTSTATUS; 220 }} 221 FN!{stdcall PENABLECALLBACK( 222 SourceId: LPCGUID, 223 IsEnabled: ULONG, 224 Level: UCHAR, 225 MatchAnyKeyword: ULONGLONG, 226 MatchAllKeyword: ULONGLONG, 227 FilterData: *mut EVENT_FILTER_DESCRIPTOR, 228 CallbackContext: PVOID, 229 ) -> ()} 230 pub type REGHANDLE = ULONGLONG; 231 pub type PREGHANDLE = *mut ULONGLONG; 232 EXTERN!{extern "system" { 233 fn EtwEventRegister( 234 ProviderId: LPCGUID, 235 EnableCallback: PENABLECALLBACK, 236 CallbackContext: PVOID, 237 RegHandle: PREGHANDLE, 238 ) -> NTSTATUS; 239 }} 240