📄 wdbgexts.h
字号:
#define IG_GET_CACHE_SIZE 32
#define IG_READ_PHYSICAL_WITH_FLAGS 33
#define IG_WRITE_PHYSICAL_WITH_FLAGS 34
#define IG_GET_TEB_ADDRESS 128
#define IG_GET_PEB_ADDRESS 129
typedef struct _PROCESSORINFO {
USHORT Processor; // current processor
USHORT NumberProcessors; // total number of processors
} PROCESSORINFO, *PPROCESSORINFO;
typedef struct _READCONTROLSPACE {
USHORT Processor;
ULONG Address;
ULONG BufLen;
UCHAR Buf[1];
} READCONTROLSPACE, *PREADCONTROLSPACE;
typedef struct _READCONTROLSPACE32 {
USHORT Processor;
ULONG Address;
ULONG BufLen;
UCHAR Buf[1];
} READCONTROLSPACE32, *PREADCONTROLSPACE32;
typedef struct _READCONTROLSPACE64 {
USHORT Processor;
ULONG64 Address;
ULONG BufLen;
UCHAR Buf[1];
} READCONTROLSPACE64, *PREADCONTROLSPACE64;
typedef struct _IOSPACE {
ULONG Address;
ULONG Length; // 1, 2, or 4 bytes
ULONG Data;
} IOSPACE, *PIOSPACE;
typedef struct _IOSPACE32 {
ULONG Address;
ULONG Length; // 1, 2, or 4 bytes
ULONG Data;
} IOSPACE32, *PIOSPACE32;
typedef struct _IOSPACE64 {
ULONG64 Address;
ULONG Length; // 1, 2, or 4 bytes
ULONG Data;
} IOSPACE64, *PIOSPACE64;
typedef struct _IOSPACE_EX {
ULONG Address;
ULONG Length; // 1, 2, or 4 bytes
ULONG Data;
ULONG InterfaceType;
ULONG BusNumber;
ULONG AddressSpace;
} IOSPACE_EX, *PIOSPACE_EX;
typedef struct _IOSPACE_EX32 {
ULONG Address;
ULONG Length; // 1, 2, or 4 bytes
ULONG Data;
ULONG InterfaceType;
ULONG BusNumber;
ULONG AddressSpace;
} IOSPACE_EX32, *PIOSPACE_EX32;
typedef struct _IOSPACE_EX64 {
ULONG64 Address;
ULONG Length; // 1, 2, or 4 bytes
ULONG Data;
ULONG InterfaceType;
ULONG BusNumber;
ULONG AddressSpace;
} IOSPACE_EX64, *PIOSPACE_EX64;
typedef struct _GETSETBUSDATA {
ULONG BusDataType;
ULONG BusNumber;
ULONG SlotNumber;
PVOID Buffer;
ULONG Offset;
ULONG Length;
} BUSDATA, *PBUSDATA;
typedef struct _SEARCHMEMORY {
ULONG64 SearchAddress;
ULONG64 SearchLength;
ULONG64 FoundAddress;
ULONG PatternLength;
PVOID Pattern;
} SEARCHMEMORY, *PSEARCHMEMORY;
typedef struct _PHYSICAL {
ULONGLONG Address;
ULONG BufLen;
UCHAR Buf[1];
} PHYSICAL, *PPHYSICAL;
#define PHYS_FLAG_DEFAULT 0
#define PHYS_FLAG_CACHED 1
#define PHYS_FLAG_UNCACHED 2
#define PHYS_FLAG_WRITE_COMBINED 3
typedef struct _PHYSICAL_WITH_FLAGS {
ULONGLONG Address;
ULONG BufLen;
ULONG Flags;
UCHAR Buf[1];
} PHYSICAL_WITH_FLAGS, *PPHYSICAL_WITH_FLAGS;
typedef struct _READ_WRITE_MSR {
ULONG Msr;
LONGLONG Value;
} READ_WRITE_MSR, *PREAD_WRITE_MSR;
typedef struct _GET_SET_SYMPATH {
PCSTR Args; // args to !reload command
PSTR Result; // returns new path
int Length; // Length of result buffer
} GET_SET_SYMPATH, *PGET_SET_SYMPATH;
typedef struct _GET_TEB_ADDRESS {
ULONGLONG Address;
} GET_TEB_ADDRESS, *PGET_TEB_ADDRESS;
typedef struct _GET_PEB_ADDRESS {
ULONG64 CurrentThread;
ULONGLONG Address;
} GET_PEB_ADDRESS, *PGET_PEB_ADDRESS;
typedef struct _GET_CURRENT_THREAD_ADDRESS {
ULONG Processor;
ULONG64 Address;
} GET_CURRENT_THREAD_ADDRESS, *PGET_CURRENT_THREAD_ADDRESS;
typedef struct _GET_CURRENT_PROCESS_ADDRESS {
ULONG Processor;
ULONG64 CurrentThread;
ULONG64 Address;
} GET_CURRENT_PROCESS_ADDRESS, *PGET_CURRENT_PROCESS_ADDRESS;
typedef struct _GET_INPUT_LINE {
PCSTR Prompt;
PSTR Buffer;
ULONG BufferSize;
ULONG InputSize;
} GET_INPUT_LINE, *PGET_INPUT_LINE;
typedef struct _GET_EXPRESSION_EX {
PCSTR Expression;
PCSTR Remainder;
ULONG64 Value;
} GET_EXPRESSION_EX, *PGET_EXPRESSION_EX;
typedef struct _TRANSLATE_VIRTUAL_TO_PHYSICAL {
ULONG64 Virtual;
ULONG64 Physical;
} TRANSLATE_VIRTUAL_TO_PHYSICAL, *PTRANSLATE_VIRTUAL_TO_PHYSICAL;
//
// If DBGKD_VERS_FLAG_DATA is set in Flags, info should be retrieved from
// the KDDEBUGGER_DATA block rather than from the DBGKD_GET_VERSION
// packet. The data will remain in the version packet for a while to
// reduce compatibility problems.
//
#define DBGKD_VERS_FLAG_MP 0x0001 // kernel is MP built
#define DBGKD_VERS_FLAG_DATA 0x0002 // DebuggerDataList is valid
#define DBGKD_VERS_FLAG_PTR64 0x0004 // native pointers are 64 bits
#define DBGKD_VERS_FLAG_NOMM 0x0008 // No MM - don't decode PTEs
#define DBGKD_VERS_FLAG_HSS 0x0010 // hardware stepping support
#define KDBG_TAG 'GBDK'
// **********************************************************************
// DO NOT CHANGE THESE 32 BIT STRUCTURES!
// ONLY MAKE CHAGES TO THE 64 BIT VERSION BELOW!!
// **********************************************************************
//
// The following structure has changed in more than pointer size.
//
// This is the version packet for pre-NT5 Beta 2 systems.
// For now, it is also still used on x86
//
typedef struct _DBGKD_GET_VERSION32 {
USHORT MajorVersion;
USHORT MinorVersion;
USHORT ProtocolVersion;
USHORT Flags;
ULONG KernBase;
ULONG PsLoadedModuleList;
USHORT MachineType;
//
// help for walking stacks with user callbacks:
//
//
// The address of the thread structure is provided in the
// WAIT_STATE_CHANGE packet. This is the offset from the base of
// the thread structure to the pointer to the kernel stack frame
// for the currently active usermode callback.
//
USHORT ThCallbackStack; // offset in thread data
//
// these values are offsets into that frame:
//
USHORT NextCallback; // saved pointer to next callback frame
USHORT FramePointer; // saved frame pointer
//
// Address of the kernel callout routine.
//
ULONG KiCallUserMode; // kernel routine
//
// Address of the usermode entry point for callbacks.
//
ULONG KeUserCallbackDispatcher; // address in ntdll
//
// DbgBreakPointWithStatus is a function which takes a ULONG argument
// and hits a breakpoint. This field contains the address of the
// breakpoint instruction. When the debugger sees a breakpoint
// at this address, it may retrieve the argument from the first
// argument register, or on x86 the eax register.
//
ULONG BreakpointWithStatus; // address of breakpoint
//
// Components may register a debug data block for use by
// debugger extensions. This is the address of the list head.
//
ULONG DebuggerDataList;
} DBGKD_GET_VERSION32, *PDBGKD_GET_VERSION32;
//
// This is the debugger data packet for pre NT5 Beta 2 systems.
// For now, it is still used on x86
//
typedef struct _DBGKD_DEBUG_DATA_HEADER32 {
LIST_ENTRY32 List;
ULONG OwnerTag;
ULONG Size;
} DBGKD_DEBUG_DATA_HEADER32, *PDBGKD_DEBUG_DATA_HEADER32;
typedef struct _KDDEBUGGER_DATA32 {
DBGKD_DEBUG_DATA_HEADER32 Header;
ULONG KernBase;
ULONG BreakpointWithStatus; // address of breakpoint
ULONG SavedContext;
USHORT ThCallbackStack; // offset in thread data
USHORT NextCallback; // saved pointer to next callback frame
USHORT FramePointer; // saved frame pointer
USHORT PaeEnabled:1;
ULONG KiCallUserMode; // kernel routine
ULONG KeUserCallbackDispatcher; // address in ntdll
ULONG PsLoadedModuleList;
ULONG PsActiveProcessHead;
ULONG PspCidTable;
ULONG ExpSystemResourcesList;
ULONG ExpPagedPoolDescriptor;
ULONG ExpNumberOfPagedPools;
ULONG KeTimeIncrement;
ULONG KeBugCheckCallbackListHead;
ULONG KiBugcheckData;
ULONG IopErrorLogListHead;
ULONG ObpRootDirectoryObject;
ULONG ObpTypeObjectType;
ULONG MmSystemCacheStart;
ULONG MmSystemCacheEnd;
ULONG MmSystemCacheWs;
ULONG MmPfnDatabase;
ULONG MmSystemPtesStart;
ULONG MmSystemPtesEnd;
ULONG MmSubsectionBase;
ULONG MmNumberOfPagingFiles;
ULONG MmLowestPhysicalPage;
ULONG MmHighestPhysicalPage;
ULONG MmNumberOfPhysicalPages;
ULONG MmMaximumNonPagedPoolInBytes;
ULONG MmNonPagedSystemStart;
ULONG MmNonPagedPoolStart;
ULONG MmNonPagedPoolEnd;
ULONG MmPagedPoolStart;
ULONG MmPagedPoolEnd;
ULONG MmPagedPoolInformation;
ULONG MmPageSize;
ULONG MmSizeOfPagedPoolInBytes;
ULONG MmTotalCommitLimit;
ULONG MmTotalCommittedPages;
ULONG MmSharedCommit;
ULONG MmDriverCommit;
ULONG MmProcessCommit;
ULONG MmPagedPoolCommit;
ULONG MmExtendedCommit;
ULONG MmZeroedPageListHead;
ULONG MmFreePageListHead;
ULONG MmStandbyPageListHead;
ULONG MmModifiedPageListHead;
ULONG MmModifiedNoWritePageListHead;
ULONG MmAvailablePages;
ULONG MmResidentAvailablePages;
ULONG PoolTrackTable;
ULONG NonPagedPoolDescriptor;
ULONG MmHighestUserAddress;
ULONG MmSystemRangeStart;
ULONG MmUserProbeAddress;
ULONG KdPrintCircularBuffer;
ULONG KdPrintCircularBufferEnd;
ULONG KdPrintWritePointer;
ULONG KdPrintRolloverCount;
ULONG MmLoadedUserImageList;
} KDDEBUGGER_DATA32, *PKDDEBUGGER_DATA32;
// **********************************************************************
//
// DO NOT CHANGE KDDEBUGGER_DATA32!!
// ONLY MAKE CHANGES TO KDDEBUGGER_DATA64!!!
//
// **********************************************************************
enum
{
DBGKD_SIMULATION_NONE,
DBGKD_SIMULATION_EXDI
};
typedef struct _DBGKD_GET_VERSION64 {
USHORT MajorVersion;
USHORT MinorVersion;
USHORT ProtocolVersion;
USHORT Flags;
USHORT MachineType;
//
// Protocol command support descriptions.
// These allow the debugger to automatically
// adapt to different levels of command support
// in different kernels.
//
// One beyond highest packet type understood, zero based.
UCHAR MaxPacketType;
// One beyond highest state change understood, zero based.
UCHAR MaxStateChange;
// One beyond highest state manipulate message understood, zero based.
UCHAR MaxManipulate;
// Kind of execution environment the kernel is running in,
// such as a real machine or a simulator. Written back
// by the simulation if one exists.
UCHAR Simulation;
USHORT Unused[1];
ULONG64 KernBase;
ULONG64 PsLoadedModuleList;
//
// Components may register a debug data block for use by
// debugger extensions. This is the address of the list head.
//
// There will always be an entry for the debugger.
//
ULONG64 DebuggerDataList;
} DBGKD_GET_VERSION64, *PDBGKD_GET_VERSION64;
//
// This structure is used by the debugger for all targets
// It is the same size as DBGKD_DATA_HEADER on all systems
//
typedef struct _DBGKD_DEBUG_DATA_HEADER64 {
//
// Link to other blocks
//
LIST_ENTRY64 List;
//
// This is a unique tag to identify the owner of the block.
// If your component only uses one pool tag, use it for this, too.
//
ULONG OwnerTag;
//
// This must be initialized to the size of the data block,
// including this structure.
//
ULONG Size;
} DBGKD_DEBUG_DATA_HEADER64, *PDBGKD_DEBUG_DATA_HEADER64;
//
// This structure is the same size on all systems. The only field
// which must be translated by the debugger is Header.List.
//
//
// DO NOT ADD OR REMOVE FIELDS FROM THE MIDDLE OF THIS STRUCTURE!!!
//
// If you remove a field, replace it with an "unused" placeholder.
// Do not reuse fields until there has been enough time for old debuggers
// and extensions to age out.
//
typedef struct _KDDEBUGGER_DATA64 {
DBGKD_DEBUG_DATA_HEADER64 Header;
//
// Base address of kernel image
//
ULONG64 KernBase;
//
// DbgBreakPointWithStatus is a function which takes an argument
// and hits a breakpoint. This field contains the address of the
// breakpoint instruction. When the debugger sees a breakpoint
// at this address, it may retrieve the argument from the first
// argument register, or on x86 the eax register.
//
ULONG64 BreakpointWithStatus; // address of breakpoint
//
// Address of the saved context record during a bugcheck
//
// N.B. This is an automatic in KeBugcheckEx's frame, and
// is only valid after a bugcheck.
//
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -