📄 wdbgexts.h
字号:
ULONG BusNumber;
ULONG AddressSpace;
} IOSPACE_EX, *PIOSPACE_EX;
typedef struct _IOSPACE_EX32 {
ULONG Address;
ULONG Length; // 1, 2, or 4 bytes
ULONG Data;
ULONG InterfaceType;
ULONG BusNumber;
ULONG AddressSpace;
} IOSPACE_EX32, *PIOSPACE_EX32;
typedef struct _IOSPACE_EX64 {
ULONG64 Address;
ULONG Length; // 1, 2, or 4 bytes
ULONG Data;
ULONG InterfaceType;
ULONG BusNumber;
ULONG AddressSpace;
} IOSPACE_EX64, *PIOSPACE_EX64;
typedef struct _GETSETBUSDATA {
ULONG BusDataType;
ULONG BusNumber;
ULONG SlotNumber;
PVOID Buffer;
ULONG Offset;
ULONG Length;
} BUSDATA, *PBUSDATA;
typedef struct _SEARCHMEMORY {
ULONG64 SearchAddress;
ULONG64 SearchLength;
ULONG64 FoundAddress;
ULONG PatternLength;
PVOID Pattern;
} SEARCHMEMORY, *PSEARCHMEMORY;
typedef struct _PHYSICAL {
ULONGLONG Address;
ULONG BufLen;
UCHAR Buf[1];
} PHYSICAL, *PPHYSICAL;
typedef struct _READ_WRITE_MSR {
ULONG Msr;
LONGLONG Value;
} READ_WRITE_MSR, *PREAD_WRITE_MSR;
typedef struct _GET_SET_SYMPATH {
PCSTR Args; // args to !reload command
PSTR Result; // returns new path
int Length; // Length of result buffer
} GET_SET_SYMPATH, *PGET_SET_SYMPATH;
typedef struct _GET_TEB_ADDRESS {
ULONGLONG Address;
} GET_TEB_ADDRESS, *PGET_TEB_ADDRESS;
typedef struct _GET_CURRENT_THREAD_ADDRESS {
ULONG Processor;
ULONG64 Address;
} GET_CURRENT_THREAD_ADDRESS, *PGET_CURRENT_THREAD_ADDRESS;
typedef struct _GET_CURRENT_PROCESS_ADDRESS {
ULONG Processor;
ULONG64 CurrentThread;
ULONG64 Address;
} GET_CURRENT_PROCESS_ADDRESS, *PGET_CURRENT_PROCESS_ADDRESS;
#ifndef DBGKD_GET_VERSION_DEFINED
#define DBGKD_GET_VERSION_DEFINED
//
// The following structures have changed in more than pointer size.
//
//
// This is the version packet for pre-NT5 Beta 2 systems.
// For now, it is also still used on x86
//
typedef struct _DBGKD_GET_VERSION32 {
USHORT MajorVersion;
USHORT MinorVersion;
USHORT ProtocolVersion;
USHORT Flags;
ULONG KernBase;
ULONG PsLoadedModuleList;
USHORT MachineType;
//
// help for walking stacks with user callbacks:
//
//
// The address of the thread structure is provided in the
// WAIT_STATE_CHANGE packet. This is the offset from the base of
// the thread structure to the pointer to the kernel stack frame
// for the currently active usermode callback.
//
USHORT ThCallbackStack; // offset in thread data
//
// these values are offsets into that frame:
//
USHORT NextCallback; // saved pointer to next callback frame
USHORT FramePointer; // saved frame pointer
//
// Address of the kernel callout routine.
//
ULONG KiCallUserMode; // kernel routine
//
// Address of the usermode entry point for callbacks.
//
ULONG KeUserCallbackDispatcher; // address in ntdll
//
// DbgBreakPointWithStatus is a function which takes a ULONG argument
// and hits a breakpoint. This field contains the address of the
// breakpoint instruction. When the debugger sees a breakpoint
// at this address, it may retrieve the argument from the first
// argument register, or on x86 the eax register.
//
ULONG BreakpointWithStatus; // address of breakpoint
//
// Components may register a debug data block for use by
// debugger extensions. This is the address of the list head.
//
ULONG DebuggerDataList;
} DBGKD_GET_VERSION32, *PDBGKD_GET_VERSION32;
typedef struct _DBGKD_GET_VERSION64 {
USHORT MajorVersion;
USHORT MinorVersion;
USHORT ProtocolVersion;
USHORT Flags;
USHORT MachineType;
USHORT Unused[3];
ULONG64 KernBase;
ULONG64 PsLoadedModuleList;
//
// Components may register a debug data block for use by
// debugger extensions. This is the address of the list head.
//
// There will always be an entry for the debugger.
//
ULONG64 DebuggerDataList;
} DBGKD_GET_VERSION64, *PDBGKD_GET_VERSION64;
//
// If DBGKD_VERS_FLAG_DATA is set in Flags, info should be retrieved from
// the KDDEBUGGER_DATA block rather than from the DBGKD_GET_VERSION
// packet. The data will remain in the version packet for a while to
// reduce compatibility problems.
//
#define DBGKD_VERS_FLAG_MP 0x0001 // kernel is MP built
#define DBGKD_VERS_FLAG_DATA 0x0002 // DebuggerDataList is valid
#define DBGKD_VERS_FLAG_PTR64 0x0004 // native pointers are 64 bits
#define DBGKD_VERS_FLAG_NOMM 0x0008 // No MM - don't decode PTEs
#define KDBG_TAG 'GBDK'
typedef struct _DBGKD_DEBUG_DATA_HEADER32 {
//
// Link to other blocks
//
LIST_ENTRY32 List;
//
// This is a unique tag to identify the owner of the block.
// If your component only uses one pool tag, use it for this, too.
//
ULONG OwnerTag;
//
// This must be initialized to the size of the data block,
// including this structure.
//
ULONG Size;
} DBGKD_DEBUG_DATA_HEADER32, *PDBGKD_DEBUG_DATA_HEADER32;
//
// DO NOT CHANGE THIS STRUCTURE!
// ONLY MAKE CHAGES TO THE 64 BIT VERSION ABOVE!!
//
// This is the debugger data packet for pre NT5 Beta 2 systems.
// For now, it is still used on x86
//
typedef struct _KDDEBUGGER_DATA32 {
DBGKD_DEBUG_DATA_HEADER32 Header;
//
// Base address of kernel image
//
ULONG KernBase;
//
// DbgBreakPointWithStatus is a function which takes an argument
// and hits a breakpoint. This field contains the address of the
// breakpoint instruction. When the debugger sees a breakpoint
// at this address, it may retrieve the argument from the first
// argument register, or on x86 the eax register.
//
ULONG BreakpointWithStatus; // address of breakpoint
//
// Address of the saved context record during a bugcheck
//
// N.B. This is an automatic in KeBugcheckEx's frame, and
// is only valid after a bugcheck.
//
ULONG SavedContext;
//
// help for walking stacks with user callbacks:
//
//
// The address of the thread structure is provided in the
// WAIT_STATE_CHANGE packet. This is the offset from the base of
// the thread structure to the pointer to the kernel stack frame
// for the currently active usermode callback.
//
USHORT ThCallbackStack; // offset in thread data
//
// these values are offsets into that frame:
//
USHORT NextCallback; // saved pointer to next callback frame
USHORT FramePointer; // saved frame pointer
USHORT PaeEnabled:1;
//
// Address of the kernel callout routine.
//
ULONG KiCallUserMode; // kernel routine
//
// Address of the usermode entry point for callbacks.
//
ULONG KeUserCallbackDispatcher; // address in ntdll
//
// Addresses of various kernel data structures and lists
// that are of interest to the kernel debugger.
//
ULONG PsLoadedModuleList;
ULONG PsActiveProcessHead;
ULONG PspCidTable;
ULONG ExpSystemResourcesList;
ULONG ExpPagedPoolDescriptor;
ULONG ExpNumberOfPagedPools;
ULONG KeTimeIncrement;
ULONG KeBugCheckCallbackListHead;
ULONG KiBugcheckData;
ULONG IopErrorLogListHead;
ULONG ObpRootDirectoryObject;
ULONG ObpTypeObjectType;
ULONG MmSystemCacheStart;
ULONG MmSystemCacheEnd;
ULONG MmSystemCacheWs;
ULONG MmPfnDatabase;
ULONG MmSystemPtesStart;
ULONG MmSystemPtesEnd;
ULONG MmSubsectionBase;
ULONG MmNumberOfPagingFiles;
ULONG MmLowestPhysicalPage;
ULONG MmHighestPhysicalPage;
ULONG MmNumberOfPhysicalPages;
ULONG MmMaximumNonPagedPoolInBytes;
ULONG MmNonPagedSystemStart;
ULONG MmNonPagedPoolStart;
ULONG MmNonPagedPoolEnd;
ULONG MmPagedPoolStart;
ULONG MmPagedPoolEnd;
ULONG MmPagedPoolInformation;
ULONG MmPageSize;
ULONG MmSizeOfPagedPoolInBytes;
ULONG MmTotalCommitLimit;
ULONG MmTotalCommittedPages;
ULONG MmSharedCommit;
ULONG MmDriverCommit;
ULONG MmProcessCommit;
ULONG MmPagedPoolCommit;
ULONG MmExtendedCommit;
ULONG MmZeroedPageListHead;
ULONG MmFreePageListHead;
ULONG MmStandbyPageListHead;
ULONG MmModifiedPageListHead;
ULONG MmModifiedNoWritePageListHead;
ULONG MmAvailablePages;
ULONG MmResidentAvailablePages;
ULONG PoolTrackTable;
ULONG NonPagedPoolDescriptor;
ULONG MmHighestUserAddress;
ULONG MmSystemRangeStart;
ULONG MmUserProbeAddress;
ULONG KdPrintCircularBuffer;
ULONG KdPrintCircularBufferEnd;
ULONG KdPrintWritePointer;
ULONG KdPrintRolloverCount;
ULONG MmLoadedUserImageList;
} KDDEBUGGER_DATA32, *PKDDEBUGGER_DATA32;
//
// DO NOT CHANGE KDDEBUGGER_DATA32!!
// ONLY MAKE CHANGES TO KDDEBUGGER_DATA64!!!
//
//
// This structure is used by the debugger for all targets
// It is the same size as DBGKD_DATA_HEADER on all systems
//
typedef struct _DBGKD_DEBUG_DATA_HEADER64 {
//
// Link to other blocks
//
LIST_ENTRY64 List;
//
// This is a unique tag to identify the owner of the block.
// If your component only uses one pool tag, use it for this, too.
//
ULONG OwnerTag;
//
// This must be initialized to the size of the data block,
// including this structure.
//
ULONG Size;
} DBGKD_DEBUG_DATA_HEADER64, *PDBGKD_DEBUG_DATA_HEADER64;
//
// This structure is the same size on all systems. The only field
// which must be translated by the debugger is Header.List.
//
//
// DO NOT ADD OR REMOVE FIELDS FROM THE MIDDLE OF THIS STRUCTURE!!!
//
// If you remove a field, replace it with an "unused" placeholder.
// Do not reuse fields until there has been enough time for old debuggers
// and extensions to age out.
//
typedef struct _KDDEBUGGER_DATA64 {
DBGKD_DEBUG_DATA_HEADER64 Header;
//
// Base address of kernel image
//
ULONG64 KernBase;
//
// DbgBreakPointWithStatus is a function which takes an argument
// and hits a breakpoint. This field contains the address of the
// breakpoint instruction. When the debugger sees a breakpoint
// at this address, it may retrieve the argument from the first
// argument register, or on x86 the eax register.
//
ULONG64 BreakpointWithStatus; // address of breakpoint
//
// Address of the saved context record during a bugcheck
//
// N.B. This is an automatic in KeBugcheckEx's frame, and
// is only valid after a bugcheck.
//
ULONG64 SavedContext;
//
// help for walking stacks with user callbacks:
//
//
// The address of the thread structure is provided in the
// WAIT_STATE_CHANGE packet. This is the offset from the base of
// the thread structure to the pointer to the kernel stack frame
// for the currently active usermode callback.
//
USHORT ThCallbackStack; // offset in thread data
//
// these values are offsets into that frame:
//
USHORT NextCallback; // saved pointer to next callback frame
USHORT FramePointer; // saved frame pointer
//
// pad to a quad boundary
//
USHORT PaeEnabled:1;
//
// Address of the kernel callout routine.
//
ULONG64 KiCallUserMode; // kernel routine
//
// Address of the usermode entry point for callbacks.
//
ULONG64 KeUserCallbackDispatcher; // address in ntdll
//
// Addresses of various kernel data structures and lists
// that are of interest to the kernel debugger.
//
ULONG64 PsLoadedModuleList;
ULONG64 PsActiveProcessHead;
ULONG64 PspCidTable;
ULONG64 ExpSystemResourcesList;
ULONG64 ExpPagedPoolDescriptor;
ULONG64 ExpNumberOfPagedPools;
ULONG64 KeTimeIncrement;
ULONG64 KeBugCheckCallbackListHead;
ULONG64 KiBugcheckData;
ULONG64 IopErrorLogListHead;
ULONG64 ObpRootDirectoryObject;
ULONG64 ObpTypeObjectType;
ULONG64 MmSystemCacheStart;
ULONG64 MmSystemCacheEnd;
ULONG64 MmSystemCacheWs;
ULONG64 MmPfnDatabase;
ULONG64 MmSystemPtesStart;
ULONG64 MmSystemPtesEnd;
ULONG64 MmSubsectionBase;
ULONG64 MmNumberOfPagingFiles;
ULONG64 MmLowestPhysicalPage;
ULONG64 MmHighestPhysicalPage;
ULONG64 MmNumberOfPhysicalPages;
ULONG64 MmMaximumNonPagedPoolInBytes;
ULONG64 MmNonPagedSystemStart;
ULONG64 MmNonPagedPoolStart;
ULONG64 MmNonPagedPoolEnd;
ULONG64 MmPagedPoolStart;
ULONG64 MmPagedPoolEnd;
ULONG64 MmPagedPoolInformation;
ULONG64 MmPageSize;
ULONG64 MmSizeOfPagedPoolInBytes;
ULONG64 MmTotalCommitLimit;
ULONG64 MmTotalCommittedPages;
ULONG64 MmSharedCommit;
ULONG64 MmDriverCommit;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -