📄 windbgkd.h
字号:
} DBGKD_WAIT_STATE_CHANGE64, *PDBGKD_WAIT_STATE_CHANGE64;
__inline
void
WaitStateChange32To64(
IN PDBGKD_WAIT_STATE_CHANGE32 Ws32,
OUT PDBGKD_WAIT_STATE_CHANGE64 Ws64
)
{
Ws64->NewState = Ws32->NewState;
Ws64->ProcessorLevel = Ws32->ProcessorLevel;
Ws64->Processor = Ws32->Processor;
Ws64->NumberProcessors = Ws32->NumberProcessors;
COPYSE(Ws64,Ws32,Thread);
COPYSE(Ws64,Ws32,ProgramCounter);
Ws64->ControlReport = Ws32->ControlReport;
memcpy(&Ws64->Context, &Ws32->Context, sizeof(CONTEXT));
if (Ws32->NewState == DbgKdLoadSymbolsStateChange) {
DbgkdLoadSymbols32To64(&Ws32->u.LoadSymbols, &Ws64->u.LoadSymbols);
} else {
DbgkmException32To64(&Ws32->u.Exception, &Ws64->u.Exception);
}
}
__inline
void
WaitStateChange64To32(
IN PDBGKD_WAIT_STATE_CHANGE64 Ws64,
OUT PDBGKD_WAIT_STATE_CHANGE32 Ws32
)
{
Ws32->NewState = Ws64->NewState;
Ws32->ProcessorLevel = Ws64->ProcessorLevel;
Ws32->Processor = Ws64->Processor;
Ws32->NumberProcessors = Ws64->NumberProcessors;
Ws32->Thread = (ULONG)Ws64->Thread;
Ws32->ProgramCounter = (ULONG)Ws64->ProgramCounter;
Ws32->ControlReport = Ws64->ControlReport;
memcpy(&Ws32->Context, &Ws64->Context, sizeof(CONTEXT));
if (Ws32->NewState == DbgKdLoadSymbolsStateChange) {
LoadSymbols64To32(&Ws64->u.LoadSymbols, &Ws32->u.LoadSymbols);
} else {
DbgkmException64To32(&Ws64->u.Exception, &Ws32->u.Exception);
}
}
#ifdef _IA64_
#include <poppack.h>
#endif
//
// If the packet type is PACKET_TYPE_KD_STATE_MANIPULATE, then
// the format of the packet data is as follows:
//
// Api Numbers for state manipulation
//
#define DbgKdReadVirtualMemoryApi 0x00003130L
#define DbgKdWriteVirtualMemoryApi 0x00003131L
#define DbgKdGetContextApi 0x00003132L
#define DbgKdSetContextApi 0x00003133L
#define DbgKdWriteBreakPointApi 0x00003134L
#define DbgKdRestoreBreakPointApi 0x00003135L
#define DbgKdContinueApi 0x00003136L
#define DbgKdReadControlSpaceApi 0x00003137L
#define DbgKdWriteControlSpaceApi 0x00003138L
#define DbgKdReadIoSpaceApi 0x00003139L
#define DbgKdWriteIoSpaceApi 0x0000313AL
#define DbgKdRebootApi 0x0000313BL
#define DbgKdContinueApi2 0x0000313CL
#define DbgKdReadPhysicalMemoryApi 0x0000313DL
#define DbgKdWritePhysicalMemoryApi 0x0000313EL
//#define DbgKdQuerySpecialCallsApi 0x0000313FL
#define DbgKdSetSpecialCallApi 0x00003140L
#define DbgKdClearSpecialCallsApi 0x00003141L
#define DbgKdSetInternalBreakPointApi 0x00003142L
#define DbgKdGetInternalBreakPointApi 0x00003143L
#define DbgKdReadIoSpaceExtendedApi 0x00003144L
#define DbgKdWriteIoSpaceExtendedApi 0x00003145L
#define DbgKdGetVersionApi 0x00003146L
#define DbgKdWriteBreakPointExApi 0x00003147L
#define DbgKdRestoreBreakPointExApi 0x00003148L
#define DbgKdCauseBugCheckApi 0x00003149L
#define DbgKdSwitchProcessor 0x00003150L
#define DbgKdPageInApi 0x00003151L // obsolete
#define DbgKdReadMachineSpecificRegister 0x00003152L
#define DbgKdWriteMachineSpecificRegister 0x00003153L
#define OldVlm1 0x00003154L
#define OldVlm2 0x00003155L
#define DbgKdSearchMemoryApi 0x00003156L
#define DbgKdGetBusDataApi 0x00003157L
#define DbgKdSetBusDataApi 0x00003158L
#define DbgKdCheckLowMemoryApi 0X00003159L
//
// Response is a read memory message with data following
//
typedef struct _DBGKD_READ_MEMORY32 {
ULONG TargetBaseAddress;
ULONG TransferCount;
ULONG ActualBytesRead;
} DBGKD_READ_MEMORY32, *PDBGKD_READ_MEMORY32;
typedef struct _DBGKD_READ_MEMORY64 {
ULONG64 TargetBaseAddress;
ULONG TransferCount;
ULONG ActualBytesRead;
} DBGKD_READ_MEMORY64, *PDBGKD_READ_MEMORY64;
__inline
void
DbgkdReadMemory32To64(
IN PDBGKD_READ_MEMORY32 r32,
OUT PDBGKD_READ_MEMORY64 r64
)
{
COPYSE(r64,r32,TargetBaseAddress);
r64->TransferCount = r32->TransferCount;
r64->ActualBytesRead = r32->ActualBytesRead;
}
__inline
void
DbgkdReadMemory64To32(
IN PDBGKD_READ_MEMORY64 r64,
OUT PDBGKD_READ_MEMORY32 r32
)
{
r32->TargetBaseAddress = (ULONG)r64->TargetBaseAddress;
r32->TransferCount = r64->TransferCount;
r32->ActualBytesRead = r64->ActualBytesRead;
}
//
// Data follows directly
//
typedef struct _DBGKD_WRITE_MEMORY32 {
ULONG TargetBaseAddress;
ULONG TransferCount;
ULONG ActualBytesWritten;
} DBGKD_WRITE_MEMORY32, *PDBGKD_WRITE_MEMORY32;
typedef struct _DBGKD_WRITE_MEMORY64 {
ULONG64 TargetBaseAddress;
ULONG TransferCount;
ULONG ActualBytesWritten;
} DBGKD_WRITE_MEMORY64, *PDBGKD_WRITE_MEMORY64;
__inline
void
DbgkdWriteMemory32To64(
IN PDBGKD_WRITE_MEMORY32 r32,
OUT PDBGKD_WRITE_MEMORY64 r64
)
{
COPYSE(r64,r32,TargetBaseAddress);
r64->TransferCount = r32->TransferCount;
r64->ActualBytesWritten = r32->ActualBytesWritten;
}
__inline
void
DbgkdWriteMemory64To32(
IN PDBGKD_WRITE_MEMORY64 r64,
OUT PDBGKD_WRITE_MEMORY32 r32
)
{
r32->TargetBaseAddress = (ULONG)r64->TargetBaseAddress;
r32->TransferCount = r64->TransferCount;
r32->ActualBytesWritten = r64->ActualBytesWritten;
}
//
// Response is a get context message with a full context record following
//
typedef struct _DBGKD_GET_CONTEXT {
ULONG Unused;
} DBGKD_GET_CONTEXT, *PDBGKD_GET_CONTEXT;
//
// Full Context record follows
//
typedef struct _DBGKD_SET_CONTEXT {
ULONG ContextFlags;
} DBGKD_SET_CONTEXT, *PDBGKD_SET_CONTEXT;
#define BREAKPOINT_TABLE_SIZE 32 // max number supported by kernel
typedef struct _DBGKD_WRITE_BREAKPOINT32 {
ULONG BreakPointAddress;
ULONG BreakPointHandle;
} DBGKD_WRITE_BREAKPOINT32, *PDBGKD_WRITE_BREAKPOINT32;
typedef struct _DBGKD_WRITE_BREAKPOINT64 {
ULONG64 BreakPointAddress;
ULONG BreakPointHandle;
} DBGKD_WRITE_BREAKPOINT64, *PDBGKD_WRITE_BREAKPOINT64;
__inline
void
DbgkdWriteBreakpoint32To64(
IN PDBGKD_WRITE_BREAKPOINT32 r32,
OUT PDBGKD_WRITE_BREAKPOINT64 r64
)
{
COPYSE(r64,r32,BreakPointAddress);
r64->BreakPointHandle = r32->BreakPointHandle;
}
__inline
void
DbgkdWriteBreakpoint64To32(
IN PDBGKD_WRITE_BREAKPOINT64 r64,
OUT PDBGKD_WRITE_BREAKPOINT32 r32
)
{
r32->BreakPointAddress = (ULONG)r64->BreakPointAddress;
r32->BreakPointHandle = r64->BreakPointHandle;
}
typedef struct _DBGKD_RESTORE_BREAKPOINT {
ULONG BreakPointHandle;
} DBGKD_RESTORE_BREAKPOINT, *PDBGKD_RESTORE_BREAKPOINT;
typedef struct _DBGKD_BREAKPOINTEX {
ULONG BreakPointCount;
NTSTATUS ContinueStatus;
} DBGKD_BREAKPOINTEX, *PDBGKD_BREAKPOINTEX;
typedef struct _DBGKD_CONTINUE {
NTSTATUS ContinueStatus;
} DBGKD_CONTINUE, *PDBGKD_CONTINUE;
typedef struct _DBGKD_CONTINUE2 {
NTSTATUS ContinueStatus;
DBGKD_CONTROL_SET ControlSet;
} DBGKD_CONTINUE2, *PDBGKD_CONTINUE2;
typedef struct _DBGKD_READ_WRITE_IO32 {
ULONG DataSize; // 1, 2, 4
ULONG IoAddress;
ULONG DataValue;
} DBGKD_READ_WRITE_IO32, *PDBGKD_READ_WRITE_IO32;
typedef struct _DBGKD_READ_WRITE_IO64 {
ULONG64 IoAddress;
ULONG DataSize; // 1, 2, 4
ULONG DataValue;
} DBGKD_READ_WRITE_IO64, *PDBGKD_READ_WRITE_IO64;
__inline
void
DbgkdReadWriteIo32To64(
IN PDBGKD_READ_WRITE_IO32 r32,
OUT PDBGKD_READ_WRITE_IO64 r64
)
{
COPYSE(r64,r32,IoAddress);
r64->DataSize = r32->DataSize;
r64->DataValue = r32->DataValue;
}
__inline
void
DbgkdReadWriteIo64To32(
IN PDBGKD_READ_WRITE_IO64 r64,
OUT PDBGKD_READ_WRITE_IO32 r32
)
{
r32->IoAddress = (ULONG)r64->IoAddress;
r32->DataSize = r64->DataSize;
r32->DataValue = r64->DataValue;
}
typedef struct _DBGKD_READ_WRITE_IO_EXTENDED32 {
ULONG DataSize; // 1, 2, 4
ULONG InterfaceType;
ULONG BusNumber;
ULONG AddressSpace;
ULONG IoAddress;
ULONG DataValue;
} DBGKD_READ_WRITE_IO_EXTENDED32, *PDBGKD_READ_WRITE_IO_EXTENDED32;
typedef struct _DBGKD_READ_WRITE_IO_EXTENDED64 {
ULONG DataSize; // 1, 2, 4
ULONG InterfaceType;
ULONG BusNumber;
ULONG AddressSpace;
ULONG64 IoAddress;
ULONG DataValue;
} DBGKD_READ_WRITE_IO_EXTENDED64, *PDBGKD_READ_WRITE_IO_EXTENDED64;
__inline
void
DbgkdReadWriteIoExtended32To64(
IN PDBGKD_READ_WRITE_IO_EXTENDED32 r32,
OUT PDBGKD_READ_WRITE_IO_EXTENDED64 r64
)
{
r64->DataSize = r32->DataSize;
r64->InterfaceType = r32->InterfaceType;
r64->BusNumber = r32->BusNumber;
r64->AddressSpace = r32->AddressSpace;
COPYSE(r64,r32,IoAddress);
r64->DataValue = r32->DataValue;
}
__inline
void
DbgkdReadWriteIoExtended64To32(
IN PDBGKD_READ_WRITE_IO_EXTENDED64 r64,
OUT PDBGKD_READ_WRITE_IO_EXTENDED32 r32
)
{
r32->DataSize = r64->DataSize;
r32->InterfaceType = r64->InterfaceType;
r32->BusNumber = r64->BusNumber;
r32->AddressSpace = r64->AddressSpace;
r32->IoAddress = (ULONG)r64-> IoAddress;
r32->DataValue = r64->DataValue;
}
typedef struct _DBGKD_READ_WRITE_MSR {
ULONG Msr;
ULONG DataValueLow;
ULONG DataValueHigh;
} DBGKD_READ_WRITE_MSR, *PDBGKD_READ_WRITE_MSR;
typedef struct _DBGKD_QUERY_SPECIAL_CALLS {
ULONG NumberOfSpecialCalls;
// ULONG64 SpecialCalls[];
} DBGKD_QUERY_SPECIAL_CALLS, *PDBGKD_QUERY_SPECIAL_CALLS;
typedef struct _DBGKD_SET_SPECIAL_CALL32 {
ULONG SpecialCall;
} DBGKD_SET_SPECIAL_CALL32, *PDBGKD_SET_SPECIAL_CALL32;
typedef struct _DBGKD_SET_SPECIAL_CALL64 {
ULONG64 SpecialCall;
} DBGKD_SET_SPECIAL_CALL64, *PDBGKD_SET_SPECIAL_CALL64;
__inline
void
DbgkdSetSpecialCall64To32(
IN PDBGKD_SET_SPECIAL_CALL64 r64,
OUT PDBGKD_SET_SPECIAL_CALL32 r32
)
{
r32->SpecialCall = (ULONG)r64->SpecialCall;
}
typedef struct _DBGKD_SET_INTERNAL_BREAKPOINT32 {
ULONG BreakpointAddress;
ULONG Flags;
} DBGKD_SET_INTERNAL_BREAKPOINT32, *PDBGKD_SET_INTERNAL_BREAKPOINT32;
typedef struct _DBGKD_SET_INTERNAL_BREAKPOINT64 {
ULONG64 BreakpointAddress;
ULONG Flags;
} DBGKD_SET_INTERNAL_BREAKPOINT64, *PDBGKD_SET_INTERNAL_BREAKPOINT64;
__inline
void
DbgkdSetInternalBreakpoint64To32(
IN PDBGKD_SET_INTERNAL_BREAKPOINT64 r64,
OUT PDBGKD_SET_INTERNAL_BREAKPOINT32 r32
)
{
r32->BreakpointAddress = (ULONG)r64->BreakpointAddress;
r32->Flags = r64->Flags;
}
typedef struct _DBGKD_GET_INTERNAL_BREAKPOINT32 {
ULONG BreakpointAddress;
ULONG Flags;
ULONG Calls;
ULONG MaxCallsPerPeriod;
ULONG MinInstructions;
ULONG MaxInstructions;
ULONG TotalInstructions;
} DBGKD_GET_INTERNAL_BREAKPOINT32, *PDBGKD_GET_INTERNAL_BREAKPOINT32;
typedef struct _DBGKD_GET_INTERNAL_BREAKPOINT64 {
ULONG64 BreakpointAddress;
ULONG Flags;
ULONG Calls;
ULONG MaxCallsPerPeriod;
ULONG MinInstructions;
ULONG MaxInstructions;
ULONG TotalInstructions;
} DBGKD_GET_INTERNAL_BREAKPOINT64, *PDBGKD_GET_INTERNAL_BREAKPOINT64;
__inline
void
DbgkdGetInternalBreakpoint32To64(
IN PDBGKD_GET_INTERNAL_BREAKPOINT32 r32,
OUT PDBGKD_GET_INTERNAL_BREAKPOINT64 r64
)
{
COPYSE(r64,r32,BreakpointAddress);
r64->Flags = r32->Flags;
r64->Calls = r32->Calls;
r64->MaxCallsPerPeriod = r32->MaxCallsPerPeriod;
r64->MinInstructions = r32->MinInstructions;
r64->MaxInstructions = r32->MaxInstructions;
r64->TotalInstructions = r32->TotalInstructions;
}
__inline
void
DbgkdGetInternalBreakpoint64To32(
IN PDBGKD_GET_INTERNAL_BREAKPOINT64 r64,
OUT PDBGKD_GET_INTERNAL_BREAKPOINT32 r32
)
{
r32->BreakpointAddress = (ULONG)r64->BreakpointAddress;
r32->Flags = r64->Flags;
r32->Calls = r64->Calls;
r32->MaxCallsPerPeriod = r64->MaxCallsPerPeriod;
r32->MinInstructions = r64->MinInstructions;
r32->MaxInstructions = r64->MaxInstructions;
r32->TotalInstructions = r64->TotalInstructions;
}
#define DBGKD_INTERNAL_BP_FLAG_COUNTONLY 0x00000001 // don't count instructions
#define DBGKD_INTERNAL_BP_FLAG_INVALID 0x00000002 // disabled BP
#define DBGKD_INTERNAL_BP_FLAG_SUSPENDED 0x00000004 // temporarily suspended
#define DBGKD_INTERNAL_BP_FLAG_DYING 0x00000008 // kill on exit
//
// The packet protocol was widened to 64 bits in version 5.
// The PTR64 flag allows the debugger to read the right
// size of pointer when neccessary.
//
// The version packet was changed in the same revision, to remove the
// data that are now available in KDDEBUGGER_DATA.
//
#define DBGKD_64BIT_PROTOCOL_VERSION 5
#ifndef DBGKD_GET_VERSION_DEFINED
#define DBGKD_GET_VERSION_DEFINED
//
// The following structures have changed in more than pointer size.
//
//
// This is the version packet for pre-NT5 Beta 2 systems.
// For now, it is also still used on x86
//
typedef struct _DBGKD_GET_VERSION32 {
USHORT MajorVersion;
USHORT MinorVersion;
USHORT ProtocolVersion;
USHORT Flags;
ULONG KernBase;
ULONG PsLoadedModuleList;
USHORT MachineType;
//
// help for walking stacks with user callbacks:
//
//
// The address of the thread structure is provided in the
// WAIT_STATE_CHANGE packet. This is the offset from the base of
// the thread structure to the pointer to the kernel stack frame
// for the currently active usermode callback.
//
USHORT ThCallbackStack; // offset in thread data
//
// these values are offsets into that frame:
//
USHORT NextCallback; // saved pointer to next callback frame
USHORT FramePointer; // saved frame pointer
//
// Address of the kernel callout routine.
//
ULONG KiCallUserMode; // kernel routine
//
// Address of the usermode entry point for callbacks.
//
ULONG KeUserCallbackDispatcher; // address in ntdll
//
// DbgBreakPointWithStatus is a function which takes a ULONG argument
// and hits a breakpoint. This field contains the address of the
// breakpoint instruction. When the debugger sees a breakpoint
// at this address, it may retrieve the argument from the first
// argument register, or on x86 the eax register.
//
ULONG BreakpointWithStatus; // address of breakpoint
//
// Components may register a debug data block for use by
// debugger extensions. This is the address of the list head.
//
ULONG DebuggerDataList;
} DBGKD_GET_VERSION32, *PDBGKD_GET_VERSION32;
typedef struct _DBGKD_GET_VERSION64 {
USHORT MajorVersion;
USHORT MinorVersion;
USHORT ProtocolVersion;
USHORT Flags;
USHORT MachineType;
USHORT Unused[3];
ULONG64 KernBase;
ULONG64 PsLoadedModuleList;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -