📄 vdmdbg.h
字号:
DWORD dwNextAlt;
} GLOBALENTRY, *LPGLOBALENTRY;
typedef DWORD (CALLBACK* DEBUGEVENTPROC)( LPDEBUG_EVENT, LPVOID );
// Macros to access VDM_EVENT parameters
#define W1(x) ((USHORT)(x.ExceptionInformation[0]))
#define W2(x) ((USHORT)(x.ExceptionInformation[0] >> 16))
#define W3(x) ((USHORT)(x.ExceptionInformation[1]))
#define W4(x) ((USHORT)(x.ExceptionInformation[1] >> 16))
#define DW3(x) (x.ExceptionInformation[2])
#define DW4(x) (x.ExceptionInformation[3])
#include <poppack.h>
BOOL
WINAPI
VDMProcessException(
LPDEBUG_EVENT lpDebugEvent
);
BOOL
WINAPI
VDMGetThreadSelectorEntry(
HANDLE hProcess,
HANDLE hThread,
WORD wSelector,
LPVDMLDT_ENTRY lpSelectorEntry
);
ULONG
WINAPI
VDMGetPointer(
HANDLE hProcess,
HANDLE hThread,
WORD wSelector,
DWORD dwOffset,
BOOL fProtMode
);
// VDMGetThreadContext, VDMSetThreadContext are obselete
// Use VDMGetContext, VDMSetContext
BOOL
WINAPI
VDMGetContext(
HANDLE hProcess,
HANDLE hThread,
LPVDMCONTEXT lpVDMContext
);
BOOL
WINAPI
VDMSetContext(
HANDLE hProcess,
HANDLE hThread,
LPVDMCONTEXT lpVDMContext
);
BOOL
WINAPI
VDMGetSelectorModule(
HANDLE hProcess,
HANDLE hThread,
WORD wSelector,
PUINT lpSegmentNumber,
LPSTR lpModuleName,
UINT nNameSize,
LPSTR lpModulePath,
UINT nPathSize
);
BOOL
WINAPI
VDMGetModuleSelector(
HANDLE hProcess,
HANDLE hThread,
UINT wSegmentNumber,
LPSTR lpModuleName,
LPWORD lpSelector
);
BOOL
WINAPI
VDMModuleFirst(
HANDLE hProcess,
HANDLE hThread,
LPMODULEENTRY lpModuleEntry,
DEBUGEVENTPROC lpEventProc,
LPVOID lpData
);
BOOL
WINAPI
VDMModuleNext(
HANDLE hProcess,
HANDLE hThread,
LPMODULEENTRY lpModuleEntry,
DEBUGEVENTPROC lpEventProc,
LPVOID lpData
);
BOOL
WINAPI
VDMGlobalFirst(
HANDLE hProcess,
HANDLE hThread,
LPGLOBALENTRY lpGlobalEntry,
WORD wFlags,
DEBUGEVENTPROC lpEventProc,
LPVOID lpData
);
BOOL
WINAPI
VDMGlobalNext(
HANDLE hProcess,
HANDLE hThread,
LPGLOBALENTRY lpGlobalEntry,
WORD wFlags,
DEBUGEVENTPROC lpEventProc,
LPVOID lpData
);
typedef BOOL (WINAPI *PROCESSENUMPROC)( DWORD dwProcessId, DWORD dwAttributes, LPARAM lpUserDefined );
typedef BOOL (WINAPI *TASKENUMPROC)( DWORD dwThreadId, WORD hMod16, WORD hTask16, LPARAM lpUserDefined );
typedef BOOL (WINAPI *TASKENUMPROCEX)( DWORD dwThreadId, WORD hMod16, WORD hTask16,
PSZ pszModName, PSZ pszFileName, LPARAM lpUserDefined );
#define WOW_SYSTEM (DWORD)0x0001
INT
WINAPI
VDMEnumProcessWOW(
PROCESSENUMPROC fp,
LPARAM lparam
);
INT
WINAPI
VDMEnumTaskWOW(
DWORD dwProcessId,
TASKENUMPROC fp,
LPARAM lparam
);
//
// VDMEnumTaskWOWEx is the same as VDMEnumTaskWOW except
// the callback procedure gets two more parameters,
// the module name of the EXE and the full path to the
// EXE.
//
INT
WINAPI
VDMEnumTaskWOWEx(
DWORD dwProcessId,
TASKENUMPROCEX fp,
LPARAM lparam
);
//
// VDMTerminateTaskWOW rudely terminates a 16-bit WOW task
// similar to the way TerminateProcess kills a Win32
// process.
//
BOOL
WINAPI
VDMTerminateTaskWOW(
DWORD dwProcessId,
WORD htask
);
//
// VDMStartTaskInWOW launches a Win16 task in a pre-existing
// WOW VDM. Note that the caller is responsible for ensuring
// the program is a 16-bit Windows program. If it is a DOS
// or Win32 program, it will still be launched from within
// the target WOW VDM.
//
// The supplied command line and show command are passed
// unchanged to the 16-bit WinExec API in the target WOW VDM.
//
// Note this routine is ANSI-only.
//
BOOL
VDMStartTaskInWOW(
DWORD dwProcessId,
LPSTR lpCommandLine,
WORD wShow
);
//
// VDMKillWOW is not implemented.
//
BOOL
WINAPI
VDMKillWOW(
VOID
);
//
// VDMDetectWOW is not implemented.
//
BOOL
WINAPI
VDMDetectWOW(
VOID
);
BOOL
WINAPI
VDMBreakThread(
HANDLE hProcess,
HANDLE hThread
);
DWORD
WINAPI
VDMGetDbgFlags(
HANDLE hProcess
);
BOOL
WINAPI
VDMSetDbgFlags(
HANDLE hProcess,
DWORD dwFlags
);
#define VDMDBG_BREAK_DOSTASK 0x00000001
#define VDMDBG_BREAK_WOWTASK 0x00000002
#define VDMDBG_BREAK_LOADDLL 0x00000004
#define VDMDBG_BREAK_EXCEPTIONS 0x00000008
#define VDMDBG_BREAK_DEBUGGER 0x00000010
#define VDMDBG_TRACE_HISTORY 0x00000080
//
// VDMIsModuleLoaded can be used to determine if the 16-bit
// executable referenced by the full path name parameter is
// loaded in ntvdm.
//
// Note that this function uses an internal table in vdmdbg.dll
// to determine a module's existence. One important usage of this
// function is to print a message when a particular module is
// loaded for the first time. To accomplish this, call this
// routine during a DBG_SEGLOAD notification BEFORE the entry
// point VDMProcessException has been called. If it returns FALSE,
// then the module has not yet been loaded.
//
BOOL
WINAPI
VDMIsModuleLoaded(
LPSTR szPath
);
BOOL
WINAPI
VDMGetSegmentInfo(
WORD Selector,
ULONG Offset,
BOOL bProtectMode,
VDM_SEGINFO *pSegInfo
);
//
// VDMGetSymbol
//
// This routine reads the standard .SYM file format.
//
// szModule - module name (max 9 chars)
// SegNumber - logical segment number of segment (see VDM_SEGINFO)
// Offset - offset in segment
// bProtectMode - TRUE for PM, FALSE for V86 mode
// bNextSymbol - FALSE to find nearest sym BEFORE offset, TRUE for AFTER
// szSymbolName - receives symbol name (must point to 256 byte buffer)
// pDisplacement - distance in bytes from nearest symbol
//
BOOL
WINAPI
VDMGetSymbol(
LPSTR szModule,
WORD SegNumber,
DWORD Offset,
BOOL bProtectMode,
BOOL bNextSymbol,
LPSTR szSymbolName,
PDWORD pDisplacement
);
BOOL
WINAPI
VDMGetAddrExpression(
LPSTR szModule,
LPSTR szSymbol,
PWORD Selector,
PDWORD Offset,
PWORD Type
);
#define VDMADDR_V86 2
#define VDMADDR_PM16 4
#define VDMADDR_PM32 16
//
// typedefs for main entry points
//
typedef BOOL (WINAPI *VDMPROCESSEXCEPTIONPROC)(LPDEBUG_EVENT);
typedef BOOL (WINAPI *VDMGETTHREADSELECTORENTRYPROC)(HANDLE,HANDLE,DWORD,LPVDMLDT_ENTRY);
typedef ULONG (WINAPI *VDMGETPOINTERPROC)(HANDLE,HANDLE,WORD,DWORD,BOOL);
typedef BOOL (WINAPI *VDMGETCONTEXTPROC)(HANDLE,HANDLE,LPVDMCONTEXT);
typedef BOOL (WINAPI *VDMSETCONTEXTPROC)(HANDLE,HANDLE,LPVDMCONTEXT);
typedef BOOL (WINAPI *VDMKILLWOWPROC)(VOID);
typedef BOOL (WINAPI *VDMDETECTWOWPROC)(VOID);
typedef BOOL (WINAPI *VDMBREAKTHREADPROC)(HANDLE);
typedef BOOL (WINAPI *VDMGETSELECTORMODULEPROC)(HANDLE,HANDLE,WORD,PUINT,LPSTR, UINT,LPSTR, UINT);
typedef BOOL (WINAPI *VDMGETMODULESELECTORPROC)(HANDLE,HANDLE,UINT,LPSTR,LPWORD);
typedef BOOL (WINAPI *VDMMODULEFIRSTPROC)(HANDLE,HANDLE,LPMODULEENTRY,DEBUGEVENTPROC,LPVOID);
typedef BOOL (WINAPI *VDMMODULENEXTPROC)(HANDLE,HANDLE,LPMODULEENTRY,DEBUGEVENTPROC,LPVOID);
typedef BOOL (WINAPI *VDMGLOBALFIRSTPROC)(HANDLE,HANDLE,LPGLOBALENTRY,WORD,DEBUGEVENTPROC,LPVOID);
typedef BOOL (WINAPI *VDMGLOBALNEXTPROC)(HANDLE,HANDLE,LPGLOBALENTRY,WORD,DEBUGEVENTPROC,LPVOID);
typedef INT (WINAPI *VDMENUMPROCESSWOWPROC)(PROCESSENUMPROC,LPARAM);
typedef INT (WINAPI *VDMENUMTASKWOWPROC)(DWORD,TASKENUMPROC,LPARAM);
typedef INT (WINAPI *VDMENUMTASKWOWEXPROC)(DWORD,TASKENUMPROCEX,LPARAM);
typedef BOOL (WINAPI *VDMTERMINATETASKINWOWPROC)(DWORD,WORD);
typedef BOOL (WINAPI *VDMSTARTTASKINWOWPROC)(DWORD,LPSTR,WORD);
typedef DWORD (WINAPI *VDMGETDBGFLAGSPROC)(HANDLE);
typedef BOOL (WINAPI *VDMSETDBGFLAGSPROC)(HANDLE,DWORD);
typedef BOOL (WINAPI *VDMISMODULELOADEDPROC)(LPSTR);
typedef BOOL (WINAPI *VDMGETSEGMENTINFOPROC)(WORD,ULONG,BOOL,VDM_SEGINFO);
typedef BOOL (WINAPI *VDMGETSYMBOLPROC)(LPSTR, WORD, DWORD, BOOL, BOOL, LPSTR, PDWORD);
typedef BOOL (WINAPI *VDMGETADDREXPRESSIONPROC)(LPSTR, LPSTR, PWORD, PDWORD, PWORD);
#ifdef __cplusplus
}
#endif
#endif // _VDMDBG_
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -