wdbgexts.h

本源码是vc环境下的usb程序

    ULONG64   SavedContext;

    //
    // help for walking stacks with user callbacks:
    //

    //
    // The address of the thread structure is provided in the
    // WAIT_STATE_CHANGE packet.  This is the offset from the base of
    // the thread structure to the pointer to the kernel stack frame
    // for the currently active usermode callback.
    //

    USHORT  ThCallbackStack;            // offset in thread data

    //
    // these values are offsets into that frame:
    //

    USHORT  NextCallback;               // saved pointer to next callback frame
    USHORT  FramePointer;               // saved frame pointer

    //
    // pad to a quad boundary
    //
    USHORT  PaeEnabled:1;

    //
    // Address of the kernel callout routine.
    //

    ULONG64   KiCallUserMode;             // kernel routine

    //
    // Address of the usermode entry point for callbacks.
    //

    ULONG64   KeUserCallbackDispatcher;   // address in ntdll


    //
    // Addresses of various kernel data structures and lists
    // that are of interest to the kernel debugger.
    //

    ULONG64   PsLoadedModuleList;
    ULONG64   PsActiveProcessHead;
    ULONG64   PspCidTable;

    ULONG64   ExpSystemResourcesList;
    ULONG64   ExpPagedPoolDescriptor;
    ULONG64   ExpNumberOfPagedPools;

    ULONG64   KeTimeIncrement;
    ULONG64   KeBugCheckCallbackListHead;
    ULONG64   KiBugcheckData;

    ULONG64   IopErrorLogListHead;

    ULONG64   ObpRootDirectoryObject;
    ULONG64   ObpTypeObjectType;

    ULONG64   MmSystemCacheStart;
    ULONG64   MmSystemCacheEnd;
    ULONG64   MmSystemCacheWs;

    ULONG64   MmPfnDatabase;
    ULONG64   MmSystemPtesStart;
    ULONG64   MmSystemPtesEnd;
    ULONG64   MmSubsectionBase;
    ULONG64   MmNumberOfPagingFiles;

    ULONG64   MmLowestPhysicalPage;
    ULONG64   MmHighestPhysicalPage;
    ULONG64   MmNumberOfPhysicalPages;

    ULONG64   MmMaximumNonPagedPoolInBytes;
    ULONG64   MmNonPagedSystemStart;
    ULONG64   MmNonPagedPoolStart;
    ULONG64   MmNonPagedPoolEnd;

    ULONG64   MmPagedPoolStart;
    ULONG64   MmPagedPoolEnd;
    ULONG64   MmPagedPoolInformation;
    ULONG64   MmPageSize;

    ULONG64   MmSizeOfPagedPoolInBytes;

    ULONG64   MmTotalCommitLimit;
    ULONG64   MmTotalCommittedPages;
    ULONG64   MmSharedCommit;
    ULONG64   MmDriverCommit;
    ULONG64   MmProcessCommit;
    ULONG64   MmPagedPoolCommit;
    ULONG64   MmExtendedCommit;

    ULONG64   MmZeroedPageListHead;
    ULONG64   MmFreePageListHead;
    ULONG64   MmStandbyPageListHead;
    ULONG64   MmModifiedPageListHead;
    ULONG64   MmModifiedNoWritePageListHead;
    ULONG64   MmAvailablePages;
    ULONG64   MmResidentAvailablePages;

    ULONG64   PoolTrackTable;
    ULONG64   NonPagedPoolDescriptor;

    ULONG64   MmHighestUserAddress;
    ULONG64   MmSystemRangeStart;
    ULONG64   MmUserProbeAddress;

    ULONG64   KdPrintCircularBuffer;
    ULONG64   KdPrintCircularBufferEnd;
    ULONG64   KdPrintWritePointer;
    ULONG64   KdPrintRolloverCount;

    ULONG64   MmLoadedUserImageList;

    // NT 5.1 Addition

    ULONG64   NtBuildLab;
    ULONG64   KiNormalSystemCall;

    // NT 5.0 QFE addition

    ULONG64   KiProcessorBlock;
    ULONG64   MmUnloadedDrivers;
    ULONG64   MmLastUnloadedDriver;
    ULONG64   MmTriageActionTaken;
    ULONG64   MmSpecialPoolTag;
    ULONG64   KernelVerifier;
    ULONG64   MmVerifierData;
    ULONG64   MmAllocatedNonPagedPool;
    ULONG64   MmPeakCommitment;
    ULONG64   MmTotalCommitLimitMaximum;
    ULONG64   CmNtCSDVersion;

    // NT 5.1 Addition

    ULONG64   MmPhysicalMemoryBlock;
    ULONG64   MmSessionBase;
    ULONG64   MmSessionSize;
    ULONG64   MmSystemParentTablePage;

} KDDEBUGGER_DATA64, *PKDDEBUGGER_DATA64;



/************************************

   Type Dump Ioctl

*************************************/


//
// Fields are not indented if this is set
//
#define DBG_DUMP_NO_INDENT                0x00000001
//
// Offsets are not printed if this is set
//
#define DBG_DUMP_NO_OFFSET                0x00000002
//
// Verbose output
//
#define DBG_DUMP_VERBOSE                  0x00000004
//
// Callback is done for each of fields
//
#define DBG_DUMP_CALL_FOR_EACH            0x00000008
//
// A list of type is dumped, listLink should have info about next element pointer
//
#define DBG_DUMP_LIST                     0x00000020
//
// Nothing is printed if this is set (only callbacks and data copies done)
//
#define DBG_DUMP_NO_PRINT                 0x00000040
//
// Ioctl returns the size as usual, but will not do field prints/callbacks if this is set
//
#define DBG_DUMP_GET_SIZE_ONLY            0x00000080
//
// Specifies how much deep into structs we can go
//
#define DBG_DUMP_RECUR_LEVEL(l)           ((l & 0xf) << 8)
//
// No newlines are printed after each field
//
#define DBG_DUMP_COMPACT_OUT              0x00002000
//
// An array of type is dumped, number of elements can be specified in listLink->size
//
#define DBG_DUMP_ARRAY                    0x00008000
//
// The specified addr value is actually the address of field listLink->fName
//
#define DBG_DUMP_ADDRESS_OF_FIELD         0x00010000

//
// The specified addr value is actually the adress at the end of type
//
#define DBG_DUMP_ADDRESS_AT_END           0x00020000

//
// This could be used to copy only the primitive types like ULONG, PVOID etc.
//    - will not work with structures/unions
//
#define DBG_DUMP_COPY_TYPE_DATA           0x00040000
//
// Flag to allow read directly from physical memory
//
#define DBG_DUMP_READ_PHYSICAL            0x00080000
//
// This causes a function type to be dumped in format function(arg1, arg2, ...)
//
#define DBG_DUMP_FUNCTION_FORMAT          0x00100000
//
// This recurses on a struct but doesn't expand pointers
//
#define DBG_DUMP_BLOCK_RECURSE            0x00200000

//
// Obsolete defs
//
#define DBG_RETURN_TYPE                   0
#define DBG_RETURN_SUBTYPES               0
#define DBG_RETURN_TYPE_VALUES            0

//
// Dump and callback optons for fields - Options used in FIELD_INFO.fOptions
//

//
// Callback is done before printing the field if this is set
//
#define DBG_DUMP_FIELD_CALL_BEFORE_PRINT  0x00000001
//
// No callback is done
//
#define DBG_DUMP_FIELD_NO_CALLBACK_REQ    0x00000002
//
// Subfields of the fields are processesed
//
#define DBG_DUMP_FIELD_RECUR_ON_THIS      0x00000004
//
// fName must match completely for the field to be dumped instead just a prefix
//  match by default
//
#define DBG_DUMP_FIELD_FULL_NAME          0x00000008
//
// This causes array elements of an array field to be printed
//
#define DBG_DUMP_FIELD_ARRAY              0x00000010
//
// The data of the field is copied into fieldCallBack
//
#define DBG_DUMP_FIELD_COPY_FIELD_DATA    0x00000020
//
// In callback or when Ioctl returns, the FIELD_INFO.address has the address of field.
//  If no address is supplied for the type, it contains total offset of the field.
//
#define DBG_DUMP_FIELD_RETURN_ADDRESS     0x00001000
//
// Return the offset and size in bits instead of bytes is case of Bitfield
//
#define DBG_DUMP_FIELD_SIZE_IN_BITS       0x00002000
//
// Nothing is printed  for field if this is set (only callbacks and data copies done)
//
#define DBG_DUMP_FIELD_NO_PRINT           0x00004000
//
// If the field is a pointer, it is dumped as a string, ANSI, WCHAR, MULTI or GUID
// depending on following options
//
#define DBG_DUMP_FIELD_DEFAULT_STRING     0x00010000
#define DBG_DUMP_FIELD_WCHAR_STRING       0x00020000
#define DBG_DUMP_FIELD_MULTI_STRING       0x00040000
#define DBG_DUMP_FIELD_GUID_STRING        0x00080000


//
// Error status returned on TYPE DUMP Ioctl failure
//
#define MEMORY_READ_ERROR            0x01
#define SYMBOL_TYPE_INDEX_NOT_FOUND  0x02
#define SYMBOL_TYPE_INFO_NOT_FOUND   0x03
#define FIELDS_DID_NOT_MATCH         0x04
#define NULL_SYM_DUMP_PARAM          0x05
#define NULL_FIELD_NAME              0x06
#define INCORRECT_VERSION_INFO       0x07
#define EXIT_ON_CONTROLC             0x08
#define CANNOT_ALLOCATE_MEMORY       0x09
#define INSUFFICIENT_SPACE_TO_COPY   0x0a


//////////////////////////////////////////////////////////////////////////*/

typedef
ULONG
(WDBGAPI*PSYM_DUMP_FIELD_CALLBACK)(
    struct _FIELD_INFO *pField,
    PVOID UserContext
    );

typedef struct _FIELD_INFO {
   PUCHAR  fName;          // Name of the field
   PUCHAR  printName;      // Name to be printed at dump
   ULONG   size;           // Size of the field
   ULONG   fOptions;       // Dump Options for the field
   ULONG64 address;        // address of the field
   PVOID   fieldCallBack;  // Return info or callBack routine for the field
} FIELD_INFO, *PFIELD_INFO;

typedef struct _SYM_DUMP_PARAM {
   ULONG               size;          // size of this struct
   PUCHAR              sName;         // type name
   ULONG               Options;       // Dump options
   ULONG64             addr;          // Address to take data for type
   PFIELD_INFO         listLink;      // fName here would be used to do list dump
   PVOID               Context;       // Usercontext passed to CallbackRoutine
   PSYM_DUMP_FIELD_CALLBACK CallbackRoutine;
                                      // Routine called back
   ULONG               nFields;       // # elements in Fields
   PFIELD_INFO         Fields;        // Used to return information about field
} SYM_DUMP_PARAM, *PSYM_DUMP_PARAM;

#ifdef __cplusplus
#define CPPMOD extern "C"
#else
#define CPPMOD
#endif


#ifndef NOEXTAPI

#if   defined(KDEXT_64BIT)
#define WINDBG_EXTENSION_APIS WINDBG_EXTENSION_APIS64
#define PWINDBG_EXTENSION_APIS PWINDBG_EXTENSION_APIS64
#define DECLARE_API(s) DECLARE_API64(s)
#elif defined(KDEXT_32BIT)
#define WINDBG_EXTENSION_APIS WINDBG_EXTENSION_APIS32
#define PWINDBG_EXTENSION_APIS PWINDBG_EXTENSION_APIS32
#define DECLARE_API(s) DECLARE_API32(s)
#else
#define DECLARE_API(s)                             \
    CPPMOD VOID                                    \
    s(                                             \
        HANDLE                 hCurrentProcess,    \
        HANDLE                 hCurrentThread,     \
        ULONG                  dwCurrentPc,        \
        ULONG                  dwProcessor,        \
        PCSTR                  args                \
     )
#endif

#define DECLARE_API32(s)                           \
    CPPMOD VOID                                    \
    s(                                             \
        HANDLE                 hCurrentProcess,    \
        HANDLE                 hCurrentThread,     \
        ULONG                  dwCurrentPc,        \
        ULONG                  dwProcessor,        \
        PCSTR                  args                \
     )

#define DECLARE_API64(s)                           \
    CPPMOD VOID                                    \
    s(                                             \
        HANDLE                 hCurrentProcess,    \
        HANDLE                 hCurrentThread,     \
        ULONG64                dwCurrentPc,        \
        ULONG                  dwProcessor,        \
        PCSTR                  args                \
     )


extern WINDBG_EXTENSION_APIS   ExtensionApis;


#define dprintf          (ExtensionApis.lpOutputRoutine)
#define GetExpression    (ExtensionApis.lpGetExpressionRoutine)
#define CheckControlC    (ExtensionApis.lpCheckControlCRoutine)
#define GetContext       (ExtensionApis.lpGetThreadContextRoutine)
#define SetContext       (ExtensionApis.lpSetThreadContextRoutine)
#define Ioctl            (ExtensionApis.lpIoctlRoutine)
#define Disasm           (ExtensionApis.lpDisasmRoutine)
#define GetSymbol        (ExtensionApis.lpGetSymbolRoutine)
#define ReadMemory       (ExtensionApis.lpReadProcessMemoryRoutine)
#define WriteMemory      (ExtensionApis.lpWriteProcessMemoryRoutine)
#define StackTrace       (ExtensionApis.lpStackTraceRoutine)


#define GetKdContext(ppi) \
    Ioctl( IG_KD_CONTEXT, (PVOID)ppi, sizeof(*ppi) )


//
// BOOL
// GetDebuggerData(
//     ULONG Tag,
//     PVOID Buf,
//     ULONG Size
//     )
//

#define GetDebuggerData(TAG, BUF, SIZE)                             \
      ( (((PDBGKD_DEBUG_DATA_HEADER64)(BUF))->OwnerTag = (TAG)),      \
        (((PDBGKD_DEBUG_DATA_HEADER64)(BUF))->Size = (SIZE)),         \
        Ioctl( IG_GET_DEBUGGER_DATA, (PVOID)(BUF), (SIZE) ) )

// Check if LocalAlloc is prototyped
//#ifdef _WINBASE_

__inline VOID
ReadPhysical(
    ULONG64             address,
    PVOID               buf,
    ULONG               size,
    PULONG              sizer
    )
{
    PPHYSICAL phy;
    *sizer = 0;
    phy = (PPHYSICAL)LocalAlloc(LPTR,  sizeof(*phy) + size );
    if (phy) {
        ZeroMemory( phy->Buf, size );
        phy->Address = address;
        phy->BufLen = size;
        Ioctl( IG_READ_PHYSICAL, (PVOID)phy, sizeof(*phy) + size );
        *sizer = phy->BufLen;
        CopyMemory( buf, phy->Buf, *sizer );
        LocalFree( phy );
    }
}

__inline VOID
WritePhysical(
    ULONG64             address,
    PVOID               buf,
    ULONG               size,
    PULONG              sizew
    )
{
    PPHYSICAL phy;
    *sizew = 0;
    phy = (PPHYSICAL)LocalAlloc(LPTR, sizeof(*phy) + size );
    if (phy) {
        ZeroMemory( phy->Buf, size );
        phy->Address = address;
        phy->BufLen = size;
        CopyMemory( phy->Buf, buf, size );
        Ioctl( IG_WRITE_PHYSICAL, (PVOID)phy, sizeof(*phy) + size );
        *sizew = phy->BufLen;
        LocalFree( phy );
    }
}

__inline VOID
ReadPhysicalWithFlags(
    ULONG64             address,
    PVOID               buf,
    ULONG               size,
    ULONG               flags,
    PULONG              sizer
    )
{
    PPHYSICAL_WITH_FLAGS phy;
    *sizer = 0;
    phy = (PPHYSICAL_WITH_FLAGS)LocalAlloc(LPTR,  sizeof(*phy) + size );
    if (phy) {
        ZeroMemory( phy->Buf, size );
        phy->Address = address;
        phy->BufLen = size;