📄 dbg.c
字号:
}
/////////////////////////////////////////////////////
//---- FLEXIBLE PROCESS AND THREAD INFORMATION ----//
/////////////////////////////////////////////////////
typedef struct _PROC_THREAD_INFO_FIELD
{
WORD wIdentifier; // -1 is Custom field (identified by label then)
WORD wSize; // size of field in bytes
PCHAR szLabel; // field label (zero terminated string)
PCHAR szFormat; // string containing default format (printf style) to use for rendering field
} PROC_THREAD_INFO_FIELD;
// NOTE on format strings:
// the printf format is supported except the following:
// -Exceptions:
// -no I64 in the prefix
// -no * for width
// -no * for precision
// -Additions:
// -%T{N=BitFieldNameN, M=BitFieldNameM...} for bitfield description
// where bitnumbers (N and M) are in [0..63] and BitFieldNameN and BitFieldNameM are strings of char with no ","
// if bitnumber in [0..31], the BitfieldName will be display for bitnumber == 1
// if bitnumber in [32..63], the BitfieldName will be display for bitnumber == 0
// Any non described bit will be ignored
// Will display all set bitfield separated by a ,
// -%N{N=EnumElementNameN, M=EnumElementNameM...} for enumeration description
// where N and M are decimal DWORD value and EnumElementNameN and EnumElementNameM are strings of char with no ","
// Any non described enum value will be ignored
//////////////////////////////
// Process Descriptor Table //
//////////////////////////////
// Process Fields Identifiers
#define pfiStructAddr (0L) // address to the process structure itself
#define pfiProcessSlot (1L) // Slot number
#define pfiStartOfAddrSpace (2L) // VM Address space (slot) first address
#define pfiDefaultAccessKey (3L) // Default thread Access keys
#define pfiBasePtr (4L) // First exe module load address
#define pfiCurDbgZoneMasks (5L) // Current Debug Zone mask
#define pfiName (6L) // EXE Name
#define pfiCmdLine (7L) // Command line
#define pfiTrustLevel (8L) // Trust level
#define pfiHandle (9L) // Process handle
#define pfiTlsUsageBitMaskL (10L) // First 32 TLS slots usage bit mask
#define pfiTlsUsageBitMaskH (11L) // Second 32 TLS slots usage bit mask
#define pfiUserDefined (-1L) // field identified by its label
PROC_THREAD_INFO_FIELD ProcessDescriptorTable [] =
{
{
pfiProcessSlot,
sizeof (BYTE),
"ProcSlot#",
"%u"
},
{
pfiName,
32L,
"Name",
"%s"
},
{
pfiStartOfAddrSpace,
sizeof (DWORD),
"VMBase",
"0x%08lX"
},
{
pfiDefaultAccessKey,
sizeof (ULONG),
"AccessKey",
"0x%08lX"
},
{
pfiTrustLevel,
sizeof (BYTE),
"TrustLevel",
"%N{0=None,1=Run,2=Full}"
},
{
pfiHandle,
sizeof (HANDLE),
"hProcess",
"0x%08lX"
},
{
pfiBasePtr,
sizeof (LPVOID),
"BasePtr",
"0x%08lX"
},
{
pfiTlsUsageBitMaskL,
sizeof (DWORD),
"TlsUseL32b",
"0x%08lX"
},
{
pfiTlsUsageBitMaskH,
sizeof (DWORD),
"TlsUseH32b",
"0x%08lX"
},
{
pfiCurDbgZoneMasks,
sizeof (ULONG),
"CurZoneMask",
"0x%08lX"
},
{
pfiStructAddr,
sizeof (LPVOID),
"pProcess",
"0x%08lX"
},
{
pfiCmdLine,
128L,
"CmdLine",
"%s"
},
};
/////////////////////////////
// Thread Descriptor Table //
/////////////////////////////
// Thread Fields Identifiers
#define tfiStructAddr (0L) // address to the thread structure itself
#define tfiRunState (1L) // Running / Sleeping / Blocked / Killed states of the thread
#define tfiAddrSpaceAccessKey (2L) // Current access key for handles and memory access
#define tfiHandleCurrentProcessRunIn (3L) // Current process running in
#define tfiSleepCount (4L) // Sleep count
#define tfiSuspendCount (5L) // Suspend count
#define tfiCurrentPriority (6L) // Current priority
#define tfiInfo (7L) // Information status bits
#define tfiBasePriority (8L) // Base priority
#define tfiWaitState (9L) // Wait state
#define tfiHandleOwnerProc (10L) // Handle to the process owning the thread
#define tfiTlsPtr (11L) // Thread local storage block pointer
#define tfiKernelTime (12L) // Accumulated time spend in kernel mode
#define tfiUserTime (13L) // Accumulated time spend in user mode
#define tfiHandle (14L) // Thread handle
#define tfiLastError (15L) // Last error
#define tfiStackBase (16L) // Stack base address
#define tfiStackLowBound (17L) // Lower bound of commited stack space
#define tfiCreationTimeMSW (18L) // MSW of Creation timestamp
#define tfiCreationTimeLSW (19L) // LSW of Creation timestamp
#define tfiQuantum (20L) // Quantum
#define tfiQuantumLeft (21L) // Quantum left
#define tfiUserDefined (-1L) // field identified by its label
PROC_THREAD_INFO_FIELD ThreadDescriptorTable [] =
{
{
tfiStructAddr,
sizeof (LPVOID),
"pThread",
"0x%08lX"
},
{
tfiRunState,
sizeof (WORD),
"RunState",
"%T{4=Dying,5=Dead,6=Buried,7=Slpg,39=Awak,0=Rung,1=Runab,2=RunBlkd,3=RunNeeds}"
},
{
tfiInfo,
sizeof (WORD),
"InfoStatus",
"%T{38=UMode,6=KMode,8=StkFlt,12=UsrBlkd,15=Profd}"
},
{
tfiHandle,
sizeof (HANDLE),
"hThread",
"0x%08lX"
},
{
tfiWaitState,
sizeof (BYTE),
"WaitState",
"%N{0=Signalled,1=Processing,2=Blocked}"
},
{
tfiAddrSpaceAccessKey,
sizeof (ACCESSKEY),
"AccessKey",
"0x%08lX"
},
{
tfiHandleCurrentProcessRunIn,
sizeof (HANDLE),
"hCurProcIn",
"0x%08lX"
},
{
tfiHandleOwnerProc,
sizeof (HANDLE),
"hOwnerProc",
"0x%08lX"
},
{
tfiCurrentPriority,
sizeof (BYTE),
"CurPrio",
"%u"
},
{
tfiBasePriority,
sizeof (BYTE),
"BasePrio",
"%u"
},
{
tfiKernelTime,
sizeof (DWORD),
"KernelTime",
"%lu"
},
{
tfiUserTime,
sizeof (DWORD),
"UserTime",
"%lu"
},
{
tfiQuantum,
sizeof (DWORD),
"Quantum",
"%lu"
},
{
tfiQuantumLeft,
sizeof (DWORD),
"QuantuLeft",
"%lu"
},
{
tfiSleepCount,
sizeof (DWORD),
"SleepCount",
"%lu"
},
{
tfiSuspendCount,
sizeof (BYTE),
"SuspendCount",
"%u"
},
{
tfiTlsPtr,
sizeof (LPDWORD),
"TlsPtr",
"0x%08lX"
},
{
tfiLastError,
sizeof (DWORD),
"LastError",
"0x%08lX"
},
{
tfiStackBase,
sizeof (DWORD),
"StackBase",
"0x%08lX"
},
{
tfiStackLowBound,
sizeof (DWORD),
"StkLowBnd",
"0x%08lX"
},
{
tfiCreationTimeMSW,
sizeof (DWORD),
"CreatTimeH",
"0x%08lX"
},
{
tfiCreationTimeLSW,
sizeof (DWORD),
"CreatTimeL",
"0x%08lX"
}
};
#define PROC_DESC_NB_FIELDS (sizeof (ProcessDescriptorTable) / sizeof (PROC_THREAD_INFO_FIELD))
#define THREAD_DESC_NB_FIELDS (sizeof (ThreadDescriptorTable) / sizeof (PROC_THREAD_INFO_FIELD))
#define AppendImmByteToOutBuf_M(outbuf,immbyte,outbidx) (outbuf) [(outbidx)++] = (immbyte)
#define AppendObjToOutBuf_M(outbuf,obj,outbidx) memcpy (&((outbuf) [(outbidx)]), &(obj), sizeof (obj)); (outbidx) += sizeof (obj)
#define AppendStringZToOutBuf_M(outbuf,sz,outbidx) memcpy (&((outbuf) [(outbidx)]), sz, (strlen (sz) + 1)); (outbidx) += (strlen (sz) + 1)
/*++
Routine Name:
MarshalDescriptionTable
Routine Description:
Copy (Process or Thread Info) Description Table in output buffer
Arguments:
OutBuf - Supplies and returns pointer to output buffer
pOutBufIndex - Supplies and returns pointer to output buffer index
DescTable - Supplies (Process or Thread Info) description table
TblSize - Supplies number of elements in the description table
NbMaxOutByte - Supplies maximum number of bytes that can be written in output buffer
Return Value:
TRUE if succeed (size OK) otherwise FALSE.
--*/
BOOL MarshalDescriptionTable (IN OUT PCHAR OutBuf,
IN OUT PUSHORT pOutBufIndex,
IN PROC_THREAD_INFO_FIELD DescTable [],
IN USHORT TblSize,
IN USHORT NbMaxOutByte)
{
USHORT FieldIdx;
USHORT FieldDescSize;
for (FieldIdx = 0; FieldIdx < TblSize; FieldIdx++)
{
FieldDescSize = sizeof (DescTable [FieldIdx].wIdentifier) +
sizeof (DescTable [FieldIdx].wSize) +
strlen (DescTable [FieldIdx].szLabel) +
strlen (DescTable [FieldIdx].szFormat);
if (FieldDescSize <= NbMaxOutByte)
{ // Remaining buffer large enough for next field
AppendObjToOutBuf_M (OutBuf, DescTable [FieldIdx].wIdentifier, *pOutBufIndex);
AppendObjToOutBuf_M (OutBuf, DescTable [FieldIdx].wSize, *pOutBufIndex);
AppendStringZToOutBuf_M (OutBuf, DescTable [FieldIdx].szLabel, *pOutBufIndex);
AppendStringZToOutBuf_M (OutBuf, DescTable [FieldIdx].szFormat, *pOutBufIndex);
}
else
{ // Buffer not large enough: exit with error
return FALSE;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -