1 #define NATIVE 0 2 3 #if NATIVE 4 #define _X86_ 5 #include "ntndk.h" 6 #else 7 #include "stdio.h" 8 #include "windows.h" 9 #endif 10 11 VOID 12 Main(VOID) 13 { 14 #if NATIVE 15 NTSTATUS Status; 16 OBJECT_ATTRIBUTES ObjectAttributes; 17 CLIENT_ID ClientId; 18 DBGUI_WAIT_STATE_CHANGE State; 19 #else 20 DWORD Error, BytesRead; 21 DEBUG_EVENT DebugEvent; 22 WCHAR ImageName[MAX_PATH]; 23 #endif 24 HANDLE hProcess; 25 BOOLEAN Alive = TRUE; 26 27 #if NATIVE 28 printf("*** Native (DbgUi) Debugging Test Application\n"); 29 printf("Press any key to connect to Dbgk..."); 30 getchar(); 31 32 Status = DbgUiConnectToDbg(); 33 printf(" Connection Established. Status: %lx\n", Status); 34 printf("Debug Object Handle: %lx\n", NtCurrentTeb()->DbgSsReserved[1]); 35 printf("Press any key to debug services.exe..."); 36 #else 37 printf("*** Win32 (Debug) Debugging Test Application\n"); 38 printf("Press any key to debug services.exe..."); 39 #endif 40 getchar(); 41 42 #if NATIVE 43 InitializeObjectAttributes(&ObjectAttributes, NULL, 0, 0, 0); 44 ClientId.UniqueThread = 0; 45 ClientId.UniqueProcess = UlongToHandle(168); 46 Status = NtOpenProcess(&hProcess, 47 PROCESS_ALL_ACCESS, 48 &ObjectAttributes, 49 &ClientId); 50 Status = DbgUiDebugActiveProcess(hProcess); 51 #else 52 Error = DebugActiveProcess(168); 53 #endif 54 55 #if NATIVE 56 printf(" Debugger Attached. Status: %lx\n", Status); 57 #else 58 printf(" Debugger Attached. Error: %lx\n", Error); 59 #endif 60 printf("Press any key to get first debug event... "); 61 getchar(); 62 63 while (Alive) 64 { 65 #if NATIVE 66 Status = DbgUiWaitStateChange(&State, NULL); 67 printf(" Event Received. Status: %lx\n", Status); 68 printf("New State: %lx. Application Client ID: %lx/%lx\n", 69 State.NewState, 70 State.AppClientId.UniqueProcess, State.AppClientId.UniqueThread); 71 #else 72 Error = WaitForDebugEvent(&DebugEvent, -1); 73 printf(" Event Received. Error: %lx\n", Error); 74 printf("New State: %lx. Application Client ID: %lx/%lx\n", 75 DebugEvent.dwDebugEventCode, 76 DebugEvent.dwProcessId, DebugEvent.dwThreadId); 77 #endif 78 79 #if NATIVE 80 switch (State.NewState) 81 #else 82 switch (DebugEvent.dwDebugEventCode) 83 #endif 84 { 85 #if NATIVE 86 case DbgCreateProcessStateChange: 87 printf("Process Handle: %lx. Thread Handle: %lx\n", 88 State.StateInfo.CreateProcessInfo.HandleToProcess, 89 State.StateInfo.CreateProcessInfo.HandleToThread); 90 printf("Process image handle: %lx\n", 91 State.StateInfo.CreateProcessInfo.NewProcess.FileHandle); 92 printf("Process image base: %lx\n", 93 State.StateInfo.CreateProcessInfo.NewProcess.BaseOfImage); 94 #else 95 case CREATE_PROCESS_DEBUG_EVENT: 96 printf("Process Handle: %lx. Thread Handle: %lx\n", 97 DebugEvent.u.CreateProcessInfo.hProcess, 98 DebugEvent.u.CreateProcessInfo.hThread); 99 printf("Process image handle: %lx\n", 100 DebugEvent.u.CreateProcessInfo.hFile); 101 printf("Process image base: %lx\n", 102 DebugEvent.u.CreateProcessInfo.lpBaseOfImage); 103 hProcess = DebugEvent.u.CreateProcessInfo.hProcess; 104 #endif 105 break; 106 107 #if NATIVE 108 case DbgCreateThreadStateChange: 109 printf("New thread: %lx\n", State.StateInfo.CreateThread.HandleToThread); 110 printf("Thread Start Address: %p\n", State.StateInfo.CreateThread.NewThread.StartAddress); 111 #else 112 case CREATE_THREAD_DEBUG_EVENT: 113 printf("New thread: %lx\n", DebugEvent.u.CreateThread.hThread); 114 printf("Thread Start Address: %p\n", 115 DebugEvent.u.CreateThread.lpStartAddress); 116 #endif 117 break; 118 119 #if NATIVE 120 case DbgLoadDllStateChange: 121 printf("New DLL: %lx\n", State.StateInfo.LoadDll.FileHandle); 122 printf("DLL LoadAddress: %p\n", State.StateInfo.LoadDll.BaseOfDll); 123 #else 124 case LOAD_DLL_DEBUG_EVENT: 125 printf("New DLL: %lx\n", DebugEvent.u.LoadDll.hFile); 126 printf("DLL LoadAddress: %p\n", DebugEvent.u.LoadDll.lpBaseOfDll); 127 Error = ReadProcessMemory(hProcess, 128 DebugEvent.u.LoadDll.lpImageName, 129 &DebugEvent.u.LoadDll.lpImageName, 130 sizeof(DebugEvent.u.LoadDll.lpImageName), 131 &BytesRead); 132 if (DebugEvent.u.LoadDll.lpImageName) 133 { 134 Error = ReadProcessMemory(hProcess, 135 DebugEvent.u.LoadDll.lpImageName, 136 ImageName, 137 sizeof(ImageName), 138 &BytesRead); 139 printf("DLL Name: %S\n", ImageName); 140 } 141 #endif 142 break; 143 144 #if NATIVE 145 case DbgBreakpointStateChange: 146 printf("Initial breakpoint hit at: %p!\n", 147 State.StateInfo.Exception.ExceptionRecord.ExceptionAddress); 148 #else 149 150 #endif 151 break; 152 153 #if NATIVE 154 case DbgExitThreadStateChange: 155 printf("Thread exited: %lx\n", State.StateInfo.ExitThread.ExitStatus); 156 #else 157 158 #endif 159 break; 160 161 #if NATIVE 162 case DbgExitProcessStateChange: 163 printf("Process exited: %lx\n", State.StateInfo.ExitProcess.ExitStatus); 164 Alive = FALSE; 165 #else 166 167 #endif 168 break; 169 } 170 171 printf("Press any key to continue debuggee..."); 172 getchar(); 173 174 #if NATIVE 175 ClientId.UniqueProcess = State.AppClientId.UniqueProcess; 176 ClientId.UniqueThread = State.AppClientId.UniqueThread; 177 Status = DbgUiContinue(&ClientId, DBG_CONTINUE); 178 printf(" Debuggee Resumed. Status: %lx\n", Status); 179 #else 180 Error = ContinueDebugEvent(DebugEvent.dwProcessId, 181 DebugEvent.dwThreadId, 182 DBG_CONTINUE); 183 printf(" Debuggee Resumed. Error: %lx\n", Error); 184 #endif 185 186 printf("Press any key to get next debug event... "); 187 getchar(); 188 }; 189 printf("*** End of test\n"); 190 getchar(); 191 } 192