w2k_dbg.h

Undocumented WIndows 2000 Secrets 完整简体中文版！！NT架构windows（20000、xp）Kernel Hacking必备！！附cd iso与完整附录！

// w2k_dbg.h
// 08-27-2000 Sven B. Schreiber
// sbs@orgon.com

#ifndef UNICODE
#define UNICODE // ANSI not supported by this library
#endif

////////////////////////////////////////////////////////////////////
#ifdef _W2K_DBG_DLL_
////////////////////////////////////////////////////////////////////

// =================================================================
// PROGRAM IDENTIFICATION
// =================================================================

#define MAIN_BUILD              1
#define MAIN_VERSION_HIGH       1
#define MAIN_VERSION_LOW        0

// -----------------------------------------------------------------

#define MAIN_DAY                27
#define MAIN_MONTH              08
#define MAIN_YEAR               2000

// -----------------------------------------------------------------

#define MAIN_PREFIX             SBS
#define MAIN_MODULE             w2k_dbg
#define MAIN_NAME               SBS Windows 2000 Debugging Library
#define MAIN_COMPANY            Sven B. Schreiber
#define MAIN_AUTHOR             Sven B. Schreiber
#define MAIN_EMAIL              sbs@orgon.com
#define MAIN_DLL

////////////////////////////////////////////////////////////////////
#endif // #ifdef _W2K_DBG_DLL_
////////////////////////////////////////////////////////////////////

// =================================================================
// HEADER FILES
// =================================================================

#include "ProgInfo.h"

////////////////////////////////////////////////////////////////////
#ifndef _RC_PASS_
////////////////////////////////////////////////////////////////////

// =================================================================
// MORE HEADER FILES
// =================================================================

#include <imagehlp.h>
#include <psapi.h>

// =================================================================
// MACROS
// =================================================================

#define LCASE(_c)               ((WORD) CharLowerW ((PWORD) (_c)))
#define UCASE(_c)               ((WORD) CharUpperW ((PWORD) (_c)))
#define OFFSET(_s,_m)           ((DWORD) &(((_s *) 0)->_m))

// =================================================================
// CONSTANTS
// =================================================================

#define SIZE_MINIMUM            0x00000100 // minimum list size
#define SIZE_MAXIMUM            0x00010000 // maximum list size
#define SIZE_INCREMENT          0x00010000 // memory block increment
#define SIZE_ALIGNMENT          3          // alignment shift factor

#define UNICODE_UNMAPPED        0x7F       // substitute character

#define DBG_SORT_TYPE           0x000000FF // type mask
#define DBG_SORT_NONE           0x00000000 // sort disabled
#define DBG_SORT_RESTORE        0x00000001 // restore original order
#define DBG_SORT_DWORD          0x00000002 // unsigned number
#define DBG_SORT_PVOID          0x00000003 // pointer
#define DBG_SORT_STRING         0x00000004 // unicode string

#define DBG_SORT_FLAGS          0x0000FF00 // flag mask
#define DBG_SORT_REVERSE        0x00000100 // reverse order
#define DBG_SORT_CASE           0x00000200 // case sensitive string

#define DBG_UNSORTED            0
#define DBG_SORT_BY_ADDRESS     1
#define DBG_SORT_BY_SIZE        2
#define DBG_SORT_BY_ID          3
#define DBG_SORT_BY_NAME        4
#define DBG_SORT_BY_NAME_CS     5

// =================================================================
// POINTER TYPES
// =================================================================

typedef HMODULE                 *PHMODULE;
typedef PVOID                   *PPVOID;
typedef PBYTE                   *PPBYTE;

// =================================================================
// STRUCTURES
// =================================================================

typedef struct _DBG_MEMORY
    {
    DWORD dTag;
    DWORD dSize;
    BYTE  abData [];
    }
    DBG_MEMORY, *PDBG_MEMORY, **PPDBG_MEMORY;

#define DBG_MEMORY_ sizeof (DBG_MEMORY)
#define DBG_MEMORY_TAG '>gbd' // dbg>

// -----------------------------------------------------------------

typedef struct _DBG_LIST
    {
    DWORD      dTag;
    DWORD      dFirst;
    DWORD      dMemory;
    DWORD      dOffset;
    DWORD      dEntries;
    DWORD      dCrc32;
    DWORD      dContext;
    PVOID      pContext;
    SYSTEMTIME st;
    BYTE       abData [];
    }
    DBG_LIST, *PDBG_LIST, **PPDBG_LIST;

#define DBG_LIST_ sizeof (DBG_LIST)
#define DBG_LIST_TAG 'LGBD' // DBGL

// -----------------------------------------------------------------

typedef struct _DBG_SYMBOL
    {
    DWORD dNext;
    DWORD dSize;
    PVOID pBase;
    WORD  awName [];
    }
    DBG_SYMBOL, *PDBG_SYMBOL, **PPDBG_SYMBOL;

#define DBG_SYMBOL_ sizeof (DBG_SYMBOL)

// -----------------------------------------------------------------

typedef struct _DBG_PROCESS
    {
    DWORD dNext;
    DWORD dSize;
    PVOID pBase;
    PVOID pStart;
    DWORD dDown;
    DWORD dId;
    DWORD dModules;
    DWORD dFile;
    WORD  awPath [];
    }
    DBG_PROCESS, *PDBG_PROCESS, **PPDBG_PROCESS;

#define DBG_PROCESS_ sizeof (DBG_PROCESS)

// -----------------------------------------------------------------

typedef struct _DBG_MODULE
    {
    DWORD dNext;
    DWORD dSize;
    PVOID pBase;
    PVOID pStart;
    DWORD dFile;
    WORD  awPath [];
    }
    DBG_MODULE, *PDBG_MODULE, **PPDBG_MODULE;

#define DBG_MODULE_ sizeof (DBG_MODULE)

// -----------------------------------------------------------------

typedef struct _DBG_DRIVER
    {
    DWORD dNext;
    DWORD dSize;
    PVOID pBase;
    DWORD dFile;
    WORD  awPath [];
    }
    DBG_DRIVER, *PDBG_DRIVER, **PPDBG_DRIVER;

#define DBG_DRIVER_ sizeof (DBG_DRIVER)

// -----------------------------------------------------------------

typedef struct _DBG_INDEX
    {
    union
        {
        PPDBG_SYMBOL        ppds;
        PPDBG_PROCESS       ppdp;
        PPDBG_MODULE        ppdm;
        PPDBG_DRIVER        ppdd;
        struct _DBG_INDEX **ppdi;
        PPBYTE              ppbData;
        };
    PDBG_LIST pdl;
    PDBG_LIST pdlDestroy;
    DWORD     dMemberNext;
    DWORD     dData;
    DWORD     dEntries;
    DWORD     dContext;
    PVOID     pContext;
    PBYTE     apbData [];
    }
    DBG_INDEX, *PDBG_INDEX, **PPDBG_INDEX;

#define DBG_INDEX_ sizeof (DBG_INDEX)
#define DBG_INDEX__(_n) (DBG_INDEX_ + ((_n) * sizeof (PVOID)))

// =================================================================
// API PROTOTYPES
// =================================================================

DWORD WINAPI dbgCrc32Start (PDWORD pdCrc32);

BOOL WINAPI dbgCrc32Stop (PDWORD pdCrc32);

DWORD WINAPI dbgCrc32Byte (PDWORD pdCrc32,
                           BYTE   bData);

DWORD WINAPI dbgCrc32Block (PDWORD pdCrc32,
                            PVOID  pData,
                            DWORD  dData);

BOOL WINAPI dbgPrivilegeSet (PWORD pwName);

BOOL WINAPI dbgPrivilegeDebug (void);

PVOID WINAPI dbgMemoryCreate (DWORD dSize);

PVOID WINAPI dbgMemoryCreateEx (DWORD dSize,
                                DWORD dTag);

PDBG_MEMORY WINAPI dbgMemoryBase (PVOID pData);

PDBG_MEMORY WINAPI dbgMemoryBaseEx (PVOID pData,
                                    DWORD dTag);

PVOID WINAPI dbgMemoryResize (PVOID pData,
                              DWORD dSize,