Include dependency graph for debugger.c:
Go to the source code of this file.
Classes | |
| struct | _DBGSS_THREAD_DATA |
Macros | |
| #define | NDEBUG |
| #define | DbgSsSetThreadData(d) NtCurrentTeb()->DbgSsReserved[0] = d |
| #define | DbgSsGetThreadData() ((PDBGSS_THREAD_DATA)NtCurrentTeb()->DbgSsReserved[0]) |
Typedefs | |
| typedef struct _DBGSS_THREAD_DATA | DBGSS_THREAD_DATA |
| typedef struct _DBGSS_THREAD_DATA * | PDBGSS_THREAD_DATA |
Macro Definition Documentation
◆ DbgSsGetThreadData
| #define DbgSsGetThreadData | ( | ) | ((PDBGSS_THREAD_DATA)NtCurrentTeb()->DbgSsReserved[0]) |
Definition at line 31 of file debugger.c.
◆ DbgSsSetThreadData
| #define DbgSsSetThreadData | ( | d | ) | NtCurrentTeb()->DbgSsReserved[0] = d |
Definition at line 28 of file debugger.c.
◆ NDEBUG
| #define NDEBUG |
Definition at line 15 of file debugger.c.
Typedef Documentation
◆ DBGSS_THREAD_DATA
◆ PDBGSS_THREAD_DATA
| typedef struct _DBGSS_THREAD_DATA * PDBGSS_THREAD_DATA |
Function Documentation
◆ CheckRemoteDebuggerPresent()
Definition at line 376 of file debugger.c.
378{
379 HANDLE DebugPort;
381
382 /* Make sure we have an output and process*/
384 {
385 /* Fail */
388 }
389
390 /* Check if the process has a debug object/port */
392 ProcessDebugPort,
393 &DebugPort,
394 sizeof(DebugPort),
395 NULL);
397 {
398 /* Return the current state */
399 *pbDebuggerPresent = DebugPort != NULL;
401 }
402
403 /* Otherwise, fail */
406}
Definition: nsiface.idl:2307
NTSTATUS NTAPI NtQueryInformationProcess(_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _Out_ PVOID ProcessInformation, _In_ ULONG ProcessInformationLength, _Out_opt_ PULONG ReturnLength)
Definition: query.c:59
◆ CloseAllProcessHandles()
Definition at line 304 of file debugger.c.
305{
307 PDBGSS_THREAD_DATA ThisData;
308
309 /* Loop all thread data events */
311 ThisData = *ThreadData;
312 while(ThisData)
313 {
314 /* Check if this one matches */
316 {
317 /* Close open handles */
320
321 /* Unlink the thread data */
323
324 /* Free it*/
325 RtlFreeHeap(RtlGetProcessHeap(), 0, ThisData);
326 }
327 else
328 {
329 /* Move to the next one */
331 }
332 ThisData = *ThreadData;
333 }
334}
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:608
Definition: drwtsn32.h:24
Definition: debugger.c:19
Referenced by DebugActiveProcessStop().
◆ ContinueDebugEvent()
| BOOL WINAPI ContinueDebugEvent | ( | IN DWORD | dwProcessId, |
| IN DWORD | dwThreadId, | ||
| IN DWORD | dwContinueStatus | ||
| ) |
Definition at line 413 of file debugger.c.
416{
419
420 /* Set the Client ID */
423
424 /* Continue debugging */
427 {
428 /* Fail */
431 }
432
433 /* Remove the process/thread handles */
435
436 /* Success */
438}
NTSTATUS NTAPI DbgUiContinue(IN PCLIENT_ID ClientId, IN NTSTATUS ContinueStatus)
Definition: dbgui.c:47
VOID WINAPI RemoveHandles(IN DWORD dwProcessId, IN DWORD dwThreadId)
Definition: debugger.c:268
Definition: compat.h:824
Referenced by Main(), test_debug_children(), test_debug_loop(), test_DebuggingFlag(), test_NtSuspendProcess(), test_query_process_debug_flags(), test_query_process_debug_object_handle(), test_query_process_debug_port(), and wWinMain().
◆ DebugActiveProcess()
Definition at line 445 of file debugger.c.
446{
449
450 /* Connect to the debugger */
453 {
456 }
457
458 /* Get the process handle */
461
462 /* Now debug the process */
464
465 /* Close the handle since we're done */
468
469 /* Check if debugging worked */
471 {
472 /* Fail */
475 }
476
477 /* Success */
479}
NTSTATUS NTAPI DbgUiDebugActiveProcess(IN HANDLE Process)
Definition: dbgui.c:355
Referenced by dll_entry_point(), doChild(), doDebugger(), Main(), test_debug_children(), test_debug_loop(), test_ExitProcess(), test_NtSuspendProcess(), test_query_process_debug_flags(), and wWinMain().
◆ DebugActiveProcessStop()
Definition at line 486 of file debugger.c.
487{
490
491 /* Get the process handle */
494
495 /* Close all the process handles */
496 CloseAllProcessHandles(dwProcessId);
497
498 /* Now stop debugging the process */
502
503 /* Check for failure */
505 {
506 /* Fail */
509 }
510
511 /* Success */
513}
VOID WINAPI CloseAllProcessHandles(IN DWORD dwProcessId)
Definition: debugger.c:304
Referenced by test_query_process_debug_flags().
◆ DebugBreakProcess()
Definition at line 520 of file debugger.c.
521{
523
524 /* Send the breakin request */
527 {
528 /* Failure */
531 }
532
533 /* Success */
535}
NTSTATUS NTAPI DbgUiIssueRemoteBreakin(IN HANDLE Process)
Definition: dbgui.c:303
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:223
◆ DebugSetProcessKillOnExit()
Definition at line 542 of file debugger.c.
543{
547
548 /* Get the debug object */
551 {
552 /* Fail */
555 }
556
557 /* Now set the kill-on-exit state */
558 State = KillOnExit != 0;
561 &State,
563 NULL);
565 {
566 /* Fail */
569 }
570
571 /* Success */
573}
NTSTATUS NTAPI NtSetInformationDebugObject(IN HANDLE DebugHandle, IN DEBUGOBJECTINFOCLASS DebugObjectInformationClass, IN PVOID DebugInformation, IN ULONG DebugInformationLength, OUT PULONG ReturnLength OPTIONAL)
Definition: dbgkobj.c:1921
@ DebugObjectKillProcessOnExitInformation
Definition: dbgktypes.h:58
Definition: stack_allocator.h:18
Referenced by wWinMain().
◆ IsDebuggerPresent()
Definition at line 580 of file debugger.c.
581{
583}
Referenced by _CrtDbgReportWindow(), ConsoleControlDispatcher(), init_funcs(), InitThreads(), and wmain().
◆ K32CreateDBMonMutex()
Definition at line 37 of file debugger.c.
38{
43
44 /* SIDs to be used in the DACL */
48
49 /* Buffer for the DACL */
51
52 /* Minimum size of the DACL: an ACL descriptor and three ACCESS_ALLOWED_ACE
53 * headers. We will add the size of SIDs when they are known. */
54 SIZE_T nDaclBufSize =
56
57 /* Security descriptor and attributes of the mutex */
58 SECURITY_DESCRIPTOR sdMutexSecurity;
60 &sdMutexSecurity,
61 TRUE};
62
63 /* Try to open the mutex */
65 TRUE,
68 {
69 /* Success */
71 }
72 /* Error other than the mutex not being found */
74 {
75 /* Failure */
77 }
78
79 /* If the mutex does not exist, set up its security, then create it */
80
81 /* Allocate the NT AUTHORITY\SYSTEM SID */
83 1,
85 0, 0, 0, 0, 0, 0, 0,
86 &psidSystem);
89
90 /* Allocate the BUILTIN\Administrators SID */
92 2,
95 0, 0, 0, 0, 0, 0,
96 &psidAdministrators);
99
100 /* Allocate the Everyone SID */
102 1,
103 SECURITY_WORLD_RID,
104 0, 0, 0, 0, 0, 0, 0,
105 &psidEveryone);
108
109 /* Allocate space for the SIDs too */
110 nDaclBufSize += RtlLengthSid(psidSystem);
111 nDaclBufSize += RtlLengthSid(psidAdministrators);
112 nDaclBufSize += RtlLengthSid(psidEveryone);
113
114 /* Allocate the buffer for the DACL */
118
119 /* Create the DACL */
123
124 /* Grant the minimum required access to Everyone */
126 ACL_REVISION,
127 SYNCHRONIZE |
128 READ_CONTROL |
129 MUTANT_QUERY_STATE,
130 psidEveryone);
133
134 /* Grant full access to BUILTIN\Administrators */
136 ACL_REVISION,
137 MUTANT_ALL_ACCESS,
138 psidAdministrators);
141
142 /* Grant full access to NT AUTHORITY\SYSTEM */
144 ACL_REVISION,
145 MUTANT_ALL_ACCESS,
146 psidSystem);
149
150 /* Create the security descriptor */
155
156 /* Set the descriptor's DACL to the created ACL */
158 TRUE,
159 pDaclBuf,
160 FALSE);
163
164 /* Create the mutex */
166
167Cleanup:
168 /* Free the buffers */
173
175}
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
struct _ACL ACL
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
NTSYSAPI PVOID NTAPI RtlFreeSid(_In_ _Post_invalid_ PSID Sid)
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
Definition: sid.c:290
Definition: ms-dtyp.idl:215
Definition: compat.h:191
Definition: ms-dtyp.idl:301
Definition: ms-dtyp.idl:194
Definition: ms-dtyp.idl:198
HANDLE WINAPI DECLSPEC_HOTPATCH CreateMutexW(IN LPSECURITY_ATTRIBUTES lpMutexAttributes OPTIONAL, IN BOOL bInitialOwner, IN LPCWSTR lpName OPTIONAL)
Definition: synch.c:576
HANDLE WINAPI DECLSPEC_HOTPATCH OpenMutexW(IN DWORD dwDesiredAccess, IN BOOL bInheritHandle, IN LPCWSTR lpName)
Definition: synch.c:605
Referenced by OutputDebugStringA().
◆ MarkProcessHandle()
Definition at line 249 of file debugger.c.
250{
252
253 /* Loop all thread data events */
255 {
256 /* Check if this one matches */
258 {
259 /* Mark the structure and break out */
261 break;
262 }
263 }
264}
Referenced by WaitForDebugEvent().
◆ MarkThreadHandle()
Definition at line 230 of file debugger.c.
231{
233
234 /* Loop all thread data events */
236 {
237 /* Check if this one matches */
239 {
240 /* Mark the structure and break out */
242 break;
243 }
244 }
245}
Referenced by WaitForDebugEvent().
◆ OutputDebugStringA()
Definition at line 693 of file debugger.c.
694{
695 _SEH2_TRY
696 {
697 ULONG_PTR a_nArgs[2];
698
700 a_nArgs[1] = (ULONG_PTR)_OutputString;
701
702 /* send the string to the user-mode debugger */
704 }
706 {
707 /* no user-mode debugger: try the systemwide debug message monitor, or the
708 kernel debugger as a last resort */
709
710 /* mutex used to synchronize invocations of OutputDebugString */
712 /* true if we already attempted to open/create the mutex */
714
715 /* local copy of the mutex handle */
717 /* handle to the Section of the shared buffer */
719
720 /* pointer to the mapped view of the shared buffer. It consist of the current
721 process id followed by the message string */
723
724 /* event: signaled by the debug message monitor when OutputDebugString can write
725 to the shared buffer */
727
728 /* event: to be signaled by OutputDebugString when it's done writing to the
729 shared buffer */
731
732 /* mutex not opened, and no previous attempts to open/create it */
734 {
735 /* open/create the mutex */
736 hDBMonMutex = K32CreateDBMonMutex();
737 /* store the handle */
738 s_hDBMonMutex = hDBMonMutex;
739 }
740
741 _SEH2_TRY
742 {
744
745 /* opening the mutex failed */
747 {
748 /* remember next time */
749 s_bDBMonMutexTriedOpen = TRUE;
750 }
751 /* opening the mutex succeeded */
752 else
753 {
754 do
755 {
756 /* synchronize with other invocations of OutputDebugString */
758
759 /* buffer of the system-wide debug message monitor */
761
762 /* couldn't open the buffer: send the string to the kernel debugger */
764
765 /* map the buffer */
766 pDBMonBuffer = MapViewOfFile(hDBMonBuffer,
768 0,
769 0,
770 0);
771
772 /* couldn't map the buffer: send the string to the kernel debugger */
774
775 /* open the event signaling that the buffer can be accessed */
777
778 /* couldn't open the event: send the string to the kernel debugger */
780
781 /* open the event to be signaled when the buffer has been filled */
783 }
784 while(0);
785
786 /* we couldn't connect to the system-wide debug message monitor: send the
787 string to the kernel debugger */
789 }
790
791 _SEH2_TRY
792 {
793 /* size of the current output block */
795
796 /* size of the remainder of the string */
798
799 /* output the whole string */
800 nOutputStringLen = strlen(_OutputString);
801
802 do
803 {
804 /* we're connected to the debug monitor:
805 write the current block to the shared buffer */
806 if (hDBMonDataReady)
807 {
808 /* wait a maximum of 10 seconds for the debug monitor
809 to finish processing the shared buffer */
811 {
812 /* timeout or failure: give up */
813 break;
814 }
815
816 /* write the process id into the buffer */
817 pDBMonBuffer->ProcessId = GetCurrentProcessId();
818
819 /* write only as many bytes as they fit in the buffer */
822 else
823 nRoundLen = nOutputStringLen;
824
825 /* copy the current block into the buffer */
826 memcpy(pDBMonBuffer->Buffer, _OutputString, nRoundLen);
827
828 /* null-terminate the current block */
829 pDBMonBuffer->Buffer[nRoundLen] = 0;
830
831 /* signal that the data contains meaningful data and can be read */
832 SetEvent(hDBMonDataReady);
833 }
834 /* else, send the current block to the kernel debugger */
835 else
836 {
837 /* output in blocks of 512 characters */
839
840 if (!a_cBuffer)
841 {
843 break;
844 }
845
846 /* write a maximum of 511 bytes */
847 if (nOutputStringLen > 510)
848 nRoundLen = 510;
849 else
850 nRoundLen = nOutputStringLen;
851
852 /* copy the current block */
853 memcpy(a_cBuffer, _OutputString, nRoundLen);
854
855 /* null-terminate the current block */
856 a_cBuffer[nRoundLen] = 0;
857
858 /* send the current block to the kernel debugger */
860
861 if (a_cBuffer)
862 {
864 a_cBuffer = NULL;
865 }
866 }
867
868 /* move to the next block */
869 _OutputString += nRoundLen;
870 nOutputStringLen -= nRoundLen;
871 }
872 /* repeat until the string has been fully output */
873 while (nOutputStringLen > 0);
874 }
875 /* ignore access violations and let other exceptions fall through */
876 _SEH2_EXCEPT((_SEH2_GetExceptionCode() == STATUS_ACCESS_VIOLATION) ? EXCEPTION_EXECUTE_HANDLER : EXCEPTION_CONTINUE_SEARCH)
877 {
878 if (a_cBuffer)
880
881 /* string copied verbatim from Microsoft's kernel32.dll */
883 }
884 _SEH2_END;
885 }
886 _SEH2_FINALLY
887 {
888 /* close all the still open resources */
893
894 /* leave the critical section */
896 ReleaseMutex(hDBMonMutex);
897 }
898 _SEH2_END;
899 }
900 _SEH2_END;
901}
Definition: bufpool.h:45
VOID WINAPI RaiseException(_In_ DWORD dwExceptionCode, _In_ DWORD dwExceptionFlags, _In_ DWORD nNumberOfArguments, _In_opt_ const ULONG_PTR *lpArguments)
Definition: except.c:700
HANDLE NTAPI OpenFileMappingW(IN DWORD dwDesiredAccess, IN BOOL bInheritHandle, IN LPCWSTR lpName)
Definition: filemap.c:297
HANDLE WINAPI DECLSPEC_HOTPATCH OpenEventW(IN DWORD dwDesiredAccess, IN BOOL bInheritHandle, IN LPCWSTR lpName)
Definition: synch.c:682
DWORD WINAPI WaitForSingleObject(IN HANDLE hHandle, IN DWORD dwMilliseconds)
Definition: synch.c:82
Referenced by OutputDebugStringW().
◆ OutputDebugStringW()
Definition at line 908 of file debugger.c.
909{
913
914 /* convert the string in ANSI */
917
918 /* OutputDebugStringW always prints something, even if conversion fails */
920
921 /* Output the converted string */
923
924 /* free the converted string */
926}
NTSYSAPI NTSTATUS NTAPI RtlUnicodeStringToAnsiString(PANSI_STRING DestinationString, PUNICODE_STRING SourceString, BOOLEAN AllocateDestinationString)
NTSYSAPI VOID NTAPI RtlFreeAnsiString(PANSI_STRING AnsiString)
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
Definition: ntobjfs.cpp:135
Definition: env_spec_w32.h:375
Definition: env_spec_w32.h:368
◆ ProcessIdToHandle()
Definition at line 338 of file debugger.c.
339{
344
345 /* If we don't have a PID, look it up */
347
348 /* Open a handle to the process */
356 &ObjectAttributes,
357 &ClientId);
359 {
360 /* Fail */
362 return 0;
363 }
364
365 /* Return the handle */
367}
#define MAXDWORD
NTSTATUS NTAPI NtOpenProcess(OUT PHANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN PCLIENT_ID ClientId)
Definition: process.c:1440
Definition: umtypes.h:182
Referenced by DebugActiveProcess(), and DebugActiveProcessStop().
◆ RemoveHandles()
Definition at line 268 of file debugger.c.
270{
272 PDBGSS_THREAD_DATA ThisData;
273
274 /* Loop all thread data events */
276 ThisData = *ThreadData;
277 while(ThisData)
278 {
279 /* Check if this one matches */
282 {
283 /* Close open handles */
286
287 /* Unlink the thread data */
289
290 /* Free it*/
291 RtlFreeHeap(RtlGetProcessHeap(), 0, ThisData);
292 }
293 else
294 {
295 /* Move to the next one */
297 }
298 ThisData = *ThreadData;
299 }
300}
Referenced by ContinueDebugEvent().
◆ SaveProcessHandle()
Definition at line 205 of file debugger.c.
207{
209
210 /* Allocate a thread structure */
212 0,
215
216 /* Fill it out */
218 ThreadData->ProcessId = dwProcessId;
219 ThreadData->ThreadId = 0;
222
223 /* Link it */
226}
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:590
Referenced by WaitForDebugEvent().
◆ SaveThreadHandle()
Definition at line 179 of file debugger.c.
182{
184
185 /* Allocate a thread structure */
187 0,
190
191 /* Fill it out */
193 ThreadData->ProcessId = dwProcessId;
197
198 /* Link it */
201}
Referenced by WaitForDebugEvent().
◆ WaitForDebugEvent()
Definition at line 590 of file debugger.c.
592{
593 LARGE_INTEGER WaitTime;
595 DBGUI_WAIT_STATE_CHANGE WaitStateChange;
597
598 /* Convert to NT Timeout */
600
601 /* Loop while we keep getting interrupted */
602 do
603 {
604 /* Call the native API */
607
608 /* Check if the wait failed */
610 {
611 /* Set the error code and quit */
614 }
615
616 /* Check if we timed out */
618 {
619 /* Fail with a timeout error */
622 }
623
624 /* Convert the structure */
627 {
628 /* Set the error code and quit */
631 }
632
633 /* Check what kind of event this was */
634 switch (lpDebugEvent->dwDebugEventCode)
635 {
636 /* New thread was created */
638
639 /* Setup the thread data */
640 SaveThreadHandle(lpDebugEvent->dwProcessId,
641 lpDebugEvent->dwThreadId,
642 lpDebugEvent->u.CreateThread.hThread);
643 break;
644
645 /* New process was created */
647
648 /* Setup the process data */
649 SaveProcessHandle(lpDebugEvent->dwProcessId,
650 lpDebugEvent->u.CreateProcessInfo.hProcess);
651
652 /* Setup the thread data */
653 SaveThreadHandle(lpDebugEvent->dwProcessId,
654 lpDebugEvent->dwThreadId,
655 lpDebugEvent->u.CreateProcessInfo.hThread);
656 break;
657
658 /* Process was exited */
660
661 /* Mark the thread data as such and fall through */
662 MarkProcessHandle(lpDebugEvent->dwProcessId);
663
664 /* Thread was exited */
666
667 /* Mark the thread data */
668 MarkThreadHandle(lpDebugEvent->dwThreadId);
669 break;
670
671 /* Nothing to do */
677 break;
678
679 /* Fail anything else */
680 default:
682 }
683
684 /* Return success */
686}
NTSTATUS NTAPI DbgUiConvertStateChangeStructure(IN PDBGUI_WAIT_STATE_CHANGE WaitStateChange, OUT PVOID Win32DebugEvent)
Definition: dbgui.c:61
NTSTATUS NTAPI DbgUiWaitStateChange(OUT PDBGUI_WAIT_STATE_CHANGE WaitStateChange, IN PLARGE_INTEGER TimeOut OPTIONAL)
Definition: dbgui.c:274
VOID WINAPI SaveThreadHandle(IN DWORD dwProcessId, IN DWORD dwThreadId, IN HANDLE hThread)
Definition: debugger.c:179
VOID WINAPI SaveProcessHandle(IN DWORD dwProcessId, IN HANDLE hProcess)
Definition: debugger.c:205
PLARGE_INTEGER WINAPI BaseFormatTimeOut(OUT PLARGE_INTEGER Timeout, IN DWORD dwMilliseconds)
Definition: utils.c:288
Definition: dbgktypes.h:179
Definition: typedefs.h:103
Referenced by dll_entry_point(), Main(), test_debug_children(), test_debug_loop(), test_DebuggingFlag(), test_NtSuspendProcess(), test_query_process_debug_flags(), test_query_process_debug_object_handle(), test_query_process_debug_port(), and wWinMain().
