ReactOS  0.4.15-dev-439-g292f67a
dbgk.h File Reference

Go to the source code of this file.

Macros

#define _DBGK_DEBUG_   0x00
 
#define DBGK_THREAD_DEBUG   0x01
 
#define DBGK_PROCESS_DEBUG   0x02
 
#define DBGK_OBJECT_DEBUG   0x04
 
#define DBGK_MESSAGE_DEBUG   0x08
 
#define DBGK_EXCEPTION_DEBUG   0x10
 
#define DBGKTRACE(x, fmt, ...)   DPRINT(fmt, ##__VA_ARGS__)
 

Functions

INIT_FUNCTION VOID NTAPI DbgkInitialize (VOID)
 
VOID NTAPI DbgkCreateThread (IN PETHREAD Thread, IN PVOID StartAddress)
 
VOID NTAPI DbgkExitProcess (IN NTSTATUS ExitStatus)
 
VOID NTAPI DbgkExitThread (IN NTSTATUS ExitStatus)
 
VOID NTAPI DbgkMapViewOfSection (IN PVOID Section, IN PVOID BaseAddress, IN ULONG SectionOffset, IN ULONG_PTR ViewSize)
 
VOID NTAPI DbgkUnMapViewOfSection (IN PVOID BaseAddress)
 
BOOLEAN NTAPI DbgkpSuspendProcess (VOID)
 
VOID NTAPI DbgkpResumeProcess (VOID)
 
NTSTATUS NTAPI DbgkpSendApiMessage (IN OUT PDBGKM_MSG ApiMsg, IN BOOLEAN SuspendProcess)
 
HANDLE NTAPI DbgkpSectionToFileHandle (IN PVOID Section)
 
VOID NTAPI DbgkCopyProcessDebugPort (IN PEPROCESS Process, IN PEPROCESS Parent)
 
BOOLEAN NTAPI DbgkForwardException (IN PEXCEPTION_RECORD ExceptionRecord, IN BOOLEAN DebugPort, IN BOOLEAN SecondChance)
 
NTSTATUS NTAPI DbgkClearProcessDebugObject (IN PEPROCESS Process, IN PDEBUG_OBJECT SourceDebugObject)
 
NTSTATUS NTAPI DbgkOpenProcessDebugPort (IN PEPROCESS Process, IN KPROCESSOR_MODE PreviousMode, OUT HANDLE *DebugHandle)
 

Variables

ULONG DbgkpTraceLevel
 
POBJECT_TYPE DbgkDebugObjectType
 

Macro Definition Documentation

◆ _DBGK_DEBUG_

#define _DBGK_DEBUG_   0x00

Definition at line 12 of file dbgk.h.

◆ DBGK_EXCEPTION_DEBUG

#define DBGK_EXCEPTION_DEBUG   0x10

Definition at line 21 of file dbgk.h.

◆ DBGK_MESSAGE_DEBUG

#define DBGK_MESSAGE_DEBUG   0x08

Definition at line 20 of file dbgk.h.

◆ DBGK_OBJECT_DEBUG

#define DBGK_OBJECT_DEBUG   0x04

Definition at line 19 of file dbgk.h.

◆ DBGK_PROCESS_DEBUG

#define DBGK_PROCESS_DEBUG   0x02

Definition at line 18 of file dbgk.h.

◆ DBGK_THREAD_DEBUG

#define DBGK_THREAD_DEBUG   0x01

Definition at line 17 of file dbgk.h.

◆ DBGKTRACE

#define DBGKTRACE (   x,
  fmt,
  ... 
)    DPRINT(fmt, ##__VA_ARGS__)

Definition at line 46 of file dbgk.h.

Function Documentation

◆ DbgkClearProcessDebugObject()

NTSTATUS NTAPI DbgkClearProcessDebugObject ( IN PEPROCESS  Process,
IN PDEBUG_OBJECT  SourceDebugObject 
)

Definition at line 1410 of file dbgkobj.c.

1412 {
1413  PDEBUG_OBJECT DebugObject;
1415  LIST_ENTRY TempList;
1416  PLIST_ENTRY NextEntry;
1417  PAGED_CODE();
1418  DBGKTRACE(DBGK_OBJECT_DEBUG, "Process: %p DebugObject: %p\n",
1419  Process, SourceDebugObject);
1420 
1421  /* Acquire the port lock */
1423 
1424  /* Get the Process Debug Object */
1425  DebugObject = Process->DebugPort;
1426 
1427  /*
1428  * Check if the process had an object and it matches,
1429  * or if the process had an object but none was specified
1430  * (in which we are called from NtTerminateProcess)
1431  */
1432  if ((DebugObject) &&
1433  ((DebugObject == SourceDebugObject) ||
1434  (SourceDebugObject == NULL)))
1435  {
1436  /* Clear the debug port */
1437  Process->DebugPort = NULL;
1438 
1439  /* Release the port lock and remove the PEB flag */
1442  }
1443  else
1444  {
1445  /* Release the port lock and fail */
1447  return STATUS_PORT_NOT_SET;
1448  }
1449 
1450  /* Initialize the temporary list */
1451  InitializeListHead(&TempList);
1452 
1453  /* Acquire the Object */
1454  ExAcquireFastMutex(&DebugObject->Mutex);
1455 
1456  /* Loop the events */
1457  NextEntry = DebugObject->EventList.Flink;
1458  while (NextEntry != &DebugObject->EventList)
1459  {
1460  /* Get the Event and go to the next entry */
1461  DebugEvent = CONTAINING_RECORD(NextEntry, DEBUG_EVENT, EventList);
1462  NextEntry = NextEntry->Flink;
1463 
1464  /* Check that it belongs to the specified process */
1465  if (DebugEvent->Process == Process)
1466  {
1467  /* Insert it into the temporary list */
1468  RemoveEntryList(&DebugEvent->EventList);
1469  InsertTailList(&TempList, &DebugEvent->EventList);
1470  }
1471  }
1472 
1473  /* Release the Object */
1474  ExReleaseFastMutex(&DebugObject->Mutex);
1475 
1476  /* Release the initial reference */
1477  ObDereferenceObject(DebugObject);
1478 
1479  /* Loop our temporary list */
1480  while (!IsListEmpty(&TempList))
1481  {
1482  /* Remove the event */
1483  NextEntry = RemoveHeadList(&TempList);
1484  DebugEvent = CONTAINING_RECORD(NextEntry, DEBUG_EVENT, EventList);
1485 
1486  /* Wake it up */
1489  }
1490 
1491  /* Return Success */
1492  return STATUS_SUCCESS;
1493 }
#define STATUS_PORT_NOT_SET
Definition: ntstatus.h:880
#define DebugEvent(tess)
Definition: sweep.c:59
FAST_MUTEX Mutex
Definition: dbgktypes.h:93
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375
#define InsertTailList(ListHead, Entry)
_Must_inspect_result_ FORCEINLINE BOOLEAN IsListEmpty(_In_ const LIST_ENTRY *ListHead)
Definition: rtlfuncs.h:57
VOID FASTCALL ExReleaseFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:31
FORCEINLINE BOOLEAN RemoveEntryList(_In_ PLIST_ENTRY Entry)
Definition: rtlfuncs.h:105
#define DBGK_OBJECT_DEBUG
Definition: dbgk.h:19
smooth NULL
Definition: ftsmooth.c:416
FORCEINLINE PLIST_ENTRY RemoveHeadList(_Inout_ PLIST_ENTRY ListHead)
Definition: rtlfuncs.h:128
PFLT_MESSAGE_WAITER_QUEUE CONTAINING_RECORD(Csq, DEVICE_EXTENSION, IrpQueue)) -> WaiterQ.mLock) _IRQL_raises_(DISPATCH_LEVEL) VOID NTAPI FltpAcquireMessageWaiterLock(_In_ PIO_CSQ Csq, _Out_ PKIRQL Irql)
Definition: Messaging.c:560
struct _LIST_ENTRY * Flink
Definition: typedefs.h:120
#define STATUS_DEBUGGER_INACTIVE
Definition: debugger.c:30
Definition: typedefs.h:118
LIST_ENTRY EventList
Definition: dbgktypes.h:94
VOID NTAPI DbgkpWakeTarget(IN PDEBUG_EVENT DebugEvent)
Definition: dbgkobj.c:426
VOID FASTCALL ExAcquireFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:23
#define InitializeListHead(ListHead)
Definition: env_spec_w32.h:944
#define DBGKTRACE(x, fmt,...)
Definition: dbgk.h:46
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
return STATUS_SUCCESS
Definition: btrfs.c:3014
VOID NTAPI DbgkpMarkProcessPeb(IN PEPROCESS Process)
Definition: dbgkobj.c:962
FAST_MUTEX DbgkpProcessDebugPortMutex
Definition: dbgkobj.c:16
#define PAGED_CODE()

Referenced by NtRemoveProcessDebug(), and NtTerminateProcess().

◆ DbgkCopyProcessDebugPort()

VOID NTAPI DbgkCopyProcessDebugPort ( IN PEPROCESS  Process,
IN PEPROCESS  Parent 
)

Definition at line 276 of file dbgkobj.c.

278 {
279  PDEBUG_OBJECT DebugObject;
280  PAGED_CODE();
281  DBGKTRACE(DBGK_PROCESS_DEBUG, "Process: %p Parent: %p\n", Process, Parent);
282 
283  /* Clear this process's port */
284  Process->DebugPort = NULL;
285 
286  /* Check if the parent has one */
287  if (!Parent->DebugPort) return;
288 
289  /* It does, acquire the mutex */
291 
292  /* Make sure it still has one, and that we should inherit */
293  DebugObject = Parent->DebugPort;
294  if ((DebugObject) && !(Process->NoDebugInherit))
295  {
296  /* Acquire the debug object's lock */
297  ExAcquireFastMutex(&DebugObject->Mutex);
298 
299  /* Make sure the debugger is active */
300  if (!DebugObject->DebuggerInactive)
301  {
302  /* Reference the object and set it */
303  ObReferenceObject(DebugObject);
304  Process->DebugPort = DebugObject;
305  }
306 
307  /* Release the debug object */
308  ExReleaseFastMutex(&DebugObject->Mutex);
309  }
310 
311  /* Release the port mutex */
313 }
UCHAR DebuggerInactive
Definition: dbgktypes.h:100
FAST_MUTEX Mutex
Definition: dbgktypes.h:93
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn BOOLEAN Physical UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
Definition: acpixf.h:728
VOID FASTCALL ExReleaseFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:31
smooth NULL
Definition: ftsmooth.c:416
VOID FASTCALL ExAcquireFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:23
#define DBGK_PROCESS_DEBUG
Definition: dbgk.h:18
#define DBGKTRACE(x, fmt,...)
Definition: dbgk.h:46
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
#define ObReferenceObject
Definition: obfuncs.h:204
FAST_MUTEX DbgkpProcessDebugPortMutex
Definition: dbgkobj.c:16
#define PAGED_CODE()

Referenced by PspCreateProcess().

◆ DbgkCreateThread()

VOID NTAPI DbgkCreateThread ( IN PETHREAD  Thread,
IN PVOID  StartAddress 
)

Definition at line 87 of file dbgkutil.c.

89 {
91  ULONG ProcessFlags;
92  IMAGE_INFO ImageInfo;
93  PIMAGE_NT_HEADERS NtHeader;
95  UNICODE_STRING NtDllName;
97  PVOID DebugPort;
98  DBGKM_MSG ApiMessage;
101  PDBGKM_LOAD_DLL LoadDll = &ApiMessage.LoadDll;
104  PTEB Teb;
105  PAGED_CODE();
106 
107  /* Sanity check */
109 
110  /* Try ORing in the create reported and image notify flags */
111  ProcessFlags = PspSetProcessFlag(Process,
114 
115  /* Check if we were the first to set them or if another thread raced us */
116  if (!(ProcessFlags & PSF_IMAGE_NOTIFY_DONE_BIT) && (PsImageNotifyEnabled))
117  {
118  /* It hasn't.. set up the image info for the process */
119  ImageInfo.Properties = 0;
121  ImageInfo.ImageBase = Process->SectionBaseAddress;
122  ImageInfo.ImageSize = 0;
123  ImageInfo.ImageSelector = 0;
124  ImageInfo.ImageSectionNumber = 0;
125 
126  /* Get the NT Headers */
127  NtHeader = RtlImageNtHeader(Process->SectionBaseAddress);
128  if (NtHeader)
129  {
130  /* Set image size */
131  ImageInfo.ImageSize = NtHeader->OptionalHeader.SizeOfImage;
132  }
133 
134  /* Get the image name */
135  Status = MmGetFileNameForSection(Process->SectionObject, &ModuleName);
136  if (NT_SUCCESS(Status))
137  {
138  /* Call the notify routines and free the name */
140  Process->UniqueProcessId,
141  &ImageInfo);
143  }
144  else
145  {
146  /* Call the notify routines */
148  Process->UniqueProcessId,
149  &ImageInfo);
150  }
151 
152  /* Setup the info for ntdll.dll */
153  ImageInfo.Properties = 0;
155  ImageInfo.ImageBase = PspSystemDllBase;
156  ImageInfo.ImageSize = 0;
157  ImageInfo.ImageSelector = 0;
158  ImageInfo.ImageSectionNumber = 0;
159 
160  /* Get the NT Headers */
162  if (NtHeader)
163  {
164  /* Set image size */
165  ImageInfo.ImageSize = NtHeader->OptionalHeader.SizeOfImage;
166  }
167 
168  /* Call the notify routines */
169  RtlInitUnicodeString(&NtDllName,
170  L"\\SystemRoot\\System32\\ntdll.dll");
172  Process->UniqueProcessId,
173  &ImageInfo);
174  }
175 
176  /* Fail if we have no port */
177  DebugPort = Process->DebugPort;
178  if (!DebugPort) return;
179 
180  /* Check if create was not already reported */
181  if (!(ProcessFlags & PSF_CREATE_REPORTED_BIT))
182  {
183  /* Setup the information structure for the new thread */
184  CreateProcess->InitialThread.SubSystemKey = 0;
185  CreateProcess->InitialThread.StartAddress = NULL;
186 
187  /* And for the new process */
188  CreateProcess->SubSystemKey = 0;
190  SectionObject);
191  CreateProcess->BaseOfImage = Process->SectionBaseAddress;
192  CreateProcess->DebugInfoFileOffset = 0;
193  CreateProcess->DebugInfoSize = 0;
194 
195  /* Get the NT Header */
196  NtHeader = RtlImageNtHeader(Process->SectionBaseAddress);
197  if (NtHeader)
198  {
199  /* Fill out data from the header */
200  CreateProcess->InitialThread.StartAddress =
201  (PVOID)((ULONG_PTR)NtHeader->OptionalHeader.ImageBase +
203  CreateProcess->DebugInfoFileOffset = NtHeader->FileHeader.
204  PointerToSymbolTable;
205  CreateProcess->DebugInfoSize = NtHeader->FileHeader.
206  NumberOfSymbols;
207  }
208 
209  /* Setup the API Message */
210  ApiMessage.h.u1.Length = sizeof(DBGKM_MSG) << 16 |
211  (8 + sizeof(DBGKM_CREATE_PROCESS));
212  ApiMessage.h.u2.ZeroInit = 0;
213  ApiMessage.h.u2.s2.Type = LPC_DEBUG_EVENT;
214  ApiMessage.ApiNumber = DbgKmCreateProcessApi;
215 
216  /* Send the message */
217  DbgkpSendApiMessage(&ApiMessage, FALSE);
218 
219  /* Close the handle */
220  ObCloseHandle(CreateProcess->FileHandle, KernelMode);
221 
222  /* Setup the parameters */
223  LoadDll->BaseOfDll = PspSystemDllBase;
224  LoadDll->DebugInfoFileOffset = 0;
225  LoadDll->DebugInfoSize = 0;
226  LoadDll->NamePointer = NULL;
227 
228  /* Get the NT Headers */
230  if (NtHeader)
231  {
232  /* Fill out debug information */
233  LoadDll->DebugInfoFileOffset = NtHeader->
234  FileHeader.PointerToSymbolTable;
235  LoadDll->DebugInfoSize = NtHeader->FileHeader.NumberOfSymbols;
236  }
237 
238  /* Get the TEB */
239  Teb = Thread->Tcb.Teb;
240  if (Teb)
241  {
242  /* Copy the system library name and link to it */
244  L"ntdll.dll",
245  sizeof(Teb->StaticUnicodeBuffer) / sizeof(WCHAR));
247 
248  /* Return it in the debug event as well */
249  LoadDll->NamePointer = &Teb->NtTib.ArbitraryUserPointer;
250  }
251 
252  /* Get a handle */
258  NULL,
259  NULL);
260  Status = ZwOpenFile(&LoadDll->FileHandle,
263  &IoStatusBlock,
268  if (NT_SUCCESS(Status))
269  {
270  /* Setup the API Message */
271  ApiMessage.h.u1.Length = sizeof(DBGKM_MSG) << 16 |
272  (8 + sizeof(DBGKM_LOAD_DLL));
273  ApiMessage.h.u2.ZeroInit = 0;
274  ApiMessage.h.u2.s2.Type = LPC_DEBUG_EVENT;
275  ApiMessage.ApiNumber = DbgKmLoadDllApi;
276 
277  /* Send the message */
278  DbgkpSendApiMessage(&ApiMessage, TRUE);
279 
280  /* Close the handle */
282  }
283  }
284  else
285  {
286  /* Otherwise, do it just for the thread */
287  CreateThread->SubSystemKey = 0;
288  CreateThread->StartAddress = StartAddress;
289 
290  /* Setup the API Message */
291  ApiMessage.h.u1.Length = sizeof(DBGKM_MSG) << 16 |
292  (8 + sizeof(DBGKM_CREATE_THREAD));
293  ApiMessage.h.u2.ZeroInit = 0;
294  ApiMessage.h.u2.s2.Type = LPC_DEBUG_EVENT;
295  ApiMessage.ApiNumber = DbgKmCreateThreadApi;
296 
297  /* Send the message */
298  DbgkpSendApiMessage(&ApiMessage, TRUE);
299  }
300 }
_Must_inspect_result_ _Outptr_ PVOID * SectionObject
Definition: fsrtlfuncs.h:860
ULONG DebugInfoSize
Definition: dbgktypes.h:166
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
WCHAR StaticUnicodeBuffer[261]
Definition: compat.h:535
#define TRUE
Definition: types.h:120
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
ULONG ImageAddressingMode
Definition: pstypes.h:200
HANDLE FileHandle
Definition: dbgktypes.h:163
NTSTATUS NTAPI MmGetFileNameForSection(IN PVOID Section, OUT POBJECT_NAME_INFORMATION *ModuleName)
Definition: section.c:1801
ULONG ImageSelector
Definition: pstypes.h:208
PVOID ImageBase
Definition: pstypes.h:207
#define PSF_CREATE_REPORTED_BIT
Definition: pstypes.h:265
SIZE_T ImageSize
Definition: pstypes.h:209
LONG NTSTATUS
Definition: precomp.h:26
KTHREAD Tcb
Definition: pstypes.h:1042
UNICODE_STRING PsNtDllPathName
Definition: psmgr.c:45
ACPI_BUFFER *RetBuffer ACPI_BUFFER *RetBuffer char ACPI_WALK_RESOURCE_CALLBACK void *Context ACPI_BUFFER *RetBuffer UINT16 ACPI_RESOURCE **ResourcePtr ACPI_GENERIC_ADDRESS *Reg UINT32 *ReturnValue UINT8 UINT8 *Slp_TypB ACPI_PHYSICAL_ADDRESS PhysicalAddress64 UINT32 UINT32 *TimeElapsed UINT32 ACPI_STATUS const char UINT32 ACPI_STATUS const char UINT32 const char const char * ModuleName
Definition: acpixf.h:1274
#define FILE_SHARE_WRITE
Definition: nt_native.h:681
DBGKM_CREATE_PROCESS CreateProcess
Definition: dbgktypes.h:215
HANDLE NTAPI DbgkpSectionToFileHandle(IN PVOID Section)
Definition: dbgkutil.c:19
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
PVOID ArbitraryUserPointer
Definition: compat.h:388
#define FILE_SHARE_READ
Definition: compat.h:125
uint32_t ULONG_PTR
Definition: typedefs.h:64
DBGKM_LOAD_DLL LoadDll
Definition: dbgktypes.h:218
PORT_MESSAGE h
Definition: dbgktypes.h:208
#define PsGetCurrentProcess
Definition: psfuncs.h:17
HANDLE WINAPI DECLSPEC_HOTPATCH CreateThread(IN LPSECURITY_ATTRIBUTES lpThreadAttributes, IN DWORD dwStackSize, IN LPTHREAD_START_ROUTINE lpStartAddress, IN LPVOID lpParameter, IN DWORD dwCreationFlags, OUT LPDWORD lpThreadId)
Definition: thread.c:136
smooth NULL
Definition: ftsmooth.c:416
#define PSF_IMAGE_NOTIFY_DONE_BIT
Definition: pstypes.h:286
void * PVOID
Definition: retypes.h:9
IMAGE_FILE_HEADER FileHeader
Definition: ntddk_ex.h:183
DWORD NumberOfSymbols
Definition: ntddk_ex.h:126
__wchar_t WCHAR
Definition: xmlstorage.h:180
BOOLEAN PsImageNotifyEnabled
Definition: psnotify.c:18
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define IMAGE_ADDRESSING_MODE_32BIT
Definition: pstypes.h:194
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
PVOID PspSystemDllBase
Definition: psmgr.c:41
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
FORCEINLINE VOID PspRunLoadImageNotifyRoutines(PUNICODE_STRING FullImageName, HANDLE ProcessId, PIMAGE_INFO ImageInfo)
Definition: ps_x.h:84
NTSYSAPI NTSTATUS NTAPI ZwOpenFile(_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG ShareAccess, _In_ ULONG OpenOptions)
NTSTATUS NTAPI ObCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
Definition: obhandle.c:3376
#define FILE_SHARE_DELETE
Definition: nt_native.h:682
static const WCHAR L[]
Definition: oid.c:1250
#define OBJ_FORCE_ACCESS_CHECK
Definition: winternl.h:232
NTSTATUS NTAPI DbgkpSendApiMessage(IN OUT PDBGKM_MSG ApiMsg, IN BOOLEAN SuspendProcess)
Definition: dbgkobj.c:242
PVOID NamePointer
Definition: dbgktypes.h:167
ULONG ImageSectionNumber
Definition: pstypes.h:210
#define GENERIC_READ
Definition: compat.h:124
#define SYNCHRONIZE
Definition: nt_native.h:61
#define CreateProcess
Definition: winbase.h:3598
IMAGE_OPTIONAL_HEADER32 OptionalHeader
Definition: ntddk_ex.h:184
Status
Definition: gdiplustypes.h:24
Definition: compat.h:493
_CRTIMP wchar_t *__cdecl wcsncpy(wchar_t *_Dest, const wchar_t *_Source, size_t _Count)
DBGKM_APINUMBER ApiNumber
Definition: dbgktypes.h:209
static OUT PIO_STATUS_BLOCK IoStatusBlock
Definition: pipe.c:75
struct _DBGKM_MSG DBGKM_MSG
PVOID Teb
Definition: ketypes.h:1697
#define RtlImageNtHeader
Definition: compat.h:466
#define FILE_SYNCHRONOUS_IO_NONALERT
Definition: from_kernel.h:31
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
#define PspSetProcessFlag(Process, Flag)
Definition: ps_x.h:33
ULONG DebugInfoFileOffset
Definition: dbgktypes.h:165
unsigned int ULONG
Definition: retypes.h:1
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
NT_TIB NtTib
Definition: ntddk_ex.h:332
#define ExFreePool(addr)
Definition: env_spec_w32.h:352
DBGKM_CREATE_THREAD CreateThread
Definition: dbgktypes.h:214
ULONG Properties
Definition: pstypes.h:198
#define PAGED_CODE()

Referenced by PspUserThreadStartup().

◆ DbgkExitProcess()

VOID NTAPI DbgkExitProcess ( IN NTSTATUS  ExitStatus)

Definition at line 304 of file dbgkutil.c.

305 {
306  DBGKM_MSG ApiMessage;
310  PAGED_CODE();
311 
312  /* Check if this thread is hidden, doesn't have a debug port, or died */
313  if ((Thread->HideFromDebugger) ||
314  !(Process->DebugPort) ||
315  (Thread->DeadThread))
316  {
317  /* Don't notify the debugger */
318  return;
319  }
320 
321  /* Set the exit status */
322  ExitProcess->ExitStatus = ExitStatus;
323 
324  /* Setup the API Message */
325  ApiMessage.h.u1.Length = sizeof(DBGKM_MSG) << 16 |
326  (8 + sizeof(DBGKM_EXIT_PROCESS));
327  ApiMessage.h.u2.ZeroInit = 0;
328  ApiMessage.h.u2.s2.Type = LPC_DEBUG_EVENT;
329  ApiMessage.ApiNumber = DbgKmExitProcessApi;
330 
331  /* Set the current exit time */
332  KeQuerySystemTime(&Process->ExitTime);
333 
334  /* Send the message */
335  DbgkpSendApiMessage(&ApiMessage, FALSE);
336 }
#define KeQuerySystemTime(t)
Definition: env_spec_w32.h:570
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
VOID WINAPI ExitProcess(IN UINT uExitCode)
Definition: proc.c:1487
PORT_MESSAGE h
Definition: dbgktypes.h:208
#define PsGetCurrentProcess
Definition: psfuncs.h:17
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
NTSTATUS NTAPI DbgkpSendApiMessage(IN OUT PDBGKM_MSG ApiMsg, IN BOOLEAN SuspendProcess)
Definition: dbgkobj.c:242
DBGKM_EXIT_PROCESS ExitProcess
Definition: dbgktypes.h:217
DBGKM_APINUMBER ApiNumber
Definition: dbgktypes.h:209
_In_ NTSTATUS ExitStatus
Definition: psfuncs.h:859
struct _DBGKM_MSG DBGKM_MSG
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
ULONG HideFromDebugger
Definition: pstypes.h:1119
#define PAGED_CODE()

Referenced by PspExitThread().

◆ DbgkExitThread()

VOID NTAPI DbgkExitThread ( IN NTSTATUS  ExitStatus)

Definition at line 340 of file dbgkutil.c.

341 {
342  DBGKM_MSG ApiMessage;
347  PAGED_CODE();
348 
349  /* Check if this thread is hidden, doesn't have a debug port, or died */
350  if ((Thread->HideFromDebugger) ||
351  !(Process->DebugPort) ||
352  (Thread->DeadThread))
353  {
354  /* Don't notify the debugger */
355  return;
356  }
357 
358  /* Set the exit status */
359  ExitThread->ExitStatus = ExitStatus;
360 
361  /* Setup the API Message */
362  ApiMessage.h.u1.Length = sizeof(DBGKM_MSG) << 16 |
363  (8 + sizeof(DBGKM_EXIT_THREAD));
364  ApiMessage.h.u2.ZeroInit = 0;
365  ApiMessage.h.u2.s2.Type = LPC_DEBUG_EVENT;
366  ApiMessage.ApiNumber = DbgKmExitThreadApi;
367 
368  /* Suspend the process */
370 
371  /* Send the message */
372  DbgkpSendApiMessage(&ApiMessage, FALSE);
373 
374  /* Resume the process if needed */
376 }
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
DBGKM_EXIT_THREAD ExitThread
Definition: dbgktypes.h:216
PORT_MESSAGE h
Definition: dbgktypes.h:208
#define PsGetCurrentProcess
Definition: psfuncs.h:17
unsigned char BOOLEAN
VOID WINAPI ExitThread(IN DWORD uExitCode)
Definition: thread.c:364
BOOLEAN NTAPI DbgkpSuspendProcess(VOID)
Definition: dbgkutil.c:57
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
VOID NTAPI DbgkpResumeProcess(VOID)
Definition: dbgkutil.c:77
NTSTATUS NTAPI DbgkpSendApiMessage(IN OUT PDBGKM_MSG ApiMsg, IN BOOLEAN SuspendProcess)
Definition: dbgkobj.c:242
DBGKM_APINUMBER ApiNumber
Definition: dbgktypes.h:209
_In_ NTSTATUS ExitStatus
Definition: psfuncs.h:859
struct _DBGKM_MSG DBGKM_MSG
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
ULONG HideFromDebugger
Definition: pstypes.h:1119
#define PAGED_CODE()

Referenced by PspExitThread().

◆ DbgkForwardException()

BOOLEAN NTAPI DbgkForwardException ( IN PEXCEPTION_RECORD  ExceptionRecord,
IN BOOLEAN  DebugPort,
IN BOOLEAN  SecondChance 
)

Definition at line 317 of file dbgkobj.c.

320 {
321  DBGKM_MSG ApiMessage;
322  PDBGKM_EXCEPTION DbgKmException = &ApiMessage.Exception;
325  PVOID Port;
326  BOOLEAN UseLpc = FALSE;
327  PAGED_CODE();
329  "ExceptionRecord: %p Port: %u\n", ExceptionRecord, DebugPort);
330 
331  /* Setup the API Message */
332  ApiMessage.h.u1.Length = sizeof(DBGKM_MSG) << 16 |
333  (8 + sizeof(DBGKM_EXCEPTION));
334  ApiMessage.h.u2.ZeroInit = 0;
335  ApiMessage.h.u2.s2.Type = LPC_DEBUG_EVENT;
336  ApiMessage.ApiNumber = DbgKmExceptionApi;
337 
338  /* Check if this is to be sent on the debug port */
339  if (DebugPort)
340  {
341  /* Use the debug port, unless the thread is being hidden */
342  Port = PsGetCurrentThread()->HideFromDebugger ?
343  NULL : Process->DebugPort;
344  }
345  else
346  {
347  /* Otherwise, use the exception port */
348  Port = Process->ExceptionPort;
349  ApiMessage.h.u2.ZeroInit = 0;
350  ApiMessage.h.u2.s2.Type = LPC_EXCEPTION;
351  UseLpc = TRUE;
352  }
353 
354  /* Break out if there's no port */
355  if (!Port) return FALSE;
356 
357  /* Fill out the exception information */
358  DbgKmException->ExceptionRecord = *ExceptionRecord;
359  DbgKmException->FirstChance = !SecondChance;
360 
361  /* Check if we should use LPC */
362  if (UseLpc)
363  {
364  /* Send the message on the LPC Port */
365  Status = DbgkpSendApiMessageLpc(&ApiMessage, Port, DebugPort);
366  }
367  else
368  {
369  /* Use native debug object */
370  Status = DbgkpSendApiMessage(&ApiMessage, DebugPort);
371  }
372 
373  /* Check if we failed, and for a debug port, also check the return status */
374  if (!(NT_SUCCESS(Status)) ||
375  ((DebugPort) &&
376  (!(NT_SUCCESS(ApiMessage.ReturnedStatus)) ||
377  (ApiMessage.ReturnedStatus == DBG_EXCEPTION_NOT_HANDLED))))
378  {
379  /* Fail */
380  return FALSE;
381  }
382 
383  /* Otherwise, we're ok */
384  return TRUE;
385 }
CPPORT Port[4]
Definition: headless.c:34
#define TRUE
Definition: types.h:120
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
NTSTATUS ReturnedStatus
Definition: dbgktypes.h:210
LONG NTSTATUS
Definition: precomp.h:26
PORT_MESSAGE h
Definition: dbgktypes.h:208
#define PsGetCurrentProcess
Definition: psfuncs.h:17
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define DBGK_EXCEPTION_DEBUG
Definition: dbgk.h:21
#define DBG_EXCEPTION_NOT_HANDLED
Definition: ntstatus.h:57
NTSTATUS NTAPI DbgkpSendApiMessage(IN OUT PDBGKM_MSG ApiMsg, IN BOOLEAN SuspendProcess)
Definition: dbgkobj.c:242
Status
Definition: gdiplustypes.h:24
DBGKM_APINUMBER ApiNumber
Definition: dbgktypes.h:209
struct _DBGKM_MSG DBGKM_MSG
#define DBGKTRACE(x, fmt,...)
Definition: dbgk.h:46
NTSTATUS NTAPI DbgkpSendApiMessageLpc(IN OUT PDBGKM_MSG Message, IN PVOID Port, IN BOOLEAN SuspendProcess)
Definition: dbgkobj.c:206
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
EXCEPTION_RECORD ExceptionRecord
Definition: dbgktypes.h:131
DBGKM_EXCEPTION Exception
Definition: dbgktypes.h:213
#define PAGED_CODE()

Referenced by KiDispatchException().

◆ DbgkInitialize()

INIT_FUNCTION VOID NTAPI DbgkInitialize ( VOID  )

Definition at line 1498 of file dbgkobj.c.

1499 {
1500  OBJECT_TYPE_INITIALIZER ObjectTypeInitializer;
1502  PAGED_CODE();
1503 
1504  /* Initialize the process debug port mutex */
1506 
1507  /* Create the Debug Object Type */
1508  RtlZeroMemory(&ObjectTypeInitializer, sizeof(ObjectTypeInitializer));
1509  RtlInitUnicodeString(&Name, L"DebugObject");
1510  ObjectTypeInitializer.Length = sizeof(ObjectTypeInitializer);
1511  ObjectTypeInitializer.DefaultNonPagedPoolCharge = sizeof(DEBUG_OBJECT);
1512  ObjectTypeInitializer.GenericMapping = DbgkDebugObjectMapping;
1513  ObjectTypeInitializer.PoolType = NonPagedPool;
1514  ObjectTypeInitializer.ValidAccessMask = DEBUG_OBJECT_ALL_ACCESS;
1515  ObjectTypeInitializer.SecurityRequired = TRUE;
1516  ObjectTypeInitializer.CloseProcedure = DbgkpCloseObject;
1517  ObjectTypeInitializer.DeleteProcedure = DbgkpDeleteObject;
1519  &ObjectTypeInitializer,
1520  NULL,
1522 }
NTSTATUS NTAPI ObCreateObjectType(IN PUNICODE_STRING TypeName, IN POBJECT_TYPE_INITIALIZER ObjectTypeInitializer, IN PVOID Reserved, OUT POBJECT_TYPE *ObjectType)
Definition: oblife.c:1048
#define TRUE
Definition: types.h:120
struct _DEBUG_OBJECT DEBUG_OBJECT
VOID NTAPI DbgkpDeleteObject(IN PVOID DebugObject)
Definition: dbgkobj.c:1101
struct NameRec_ * Name
Definition: cdprocs.h:464
GENERIC_MAPPING DbgkDebugObjectMapping
Definition: dbgkobj.c:19
smooth NULL
Definition: ftsmooth.c:416
OB_CLOSE_METHOD CloseProcedure
Definition: obtypes.h:368
FORCEINLINE VOID ExInitializeFastMutex(_Out_ PFAST_MUTEX FastMutex)
Definition: exfuncs.h:274
POBJECT_TYPE DbgkDebugObjectType
Definition: dbgkobj.c:15
static const WCHAR L[]
Definition: oid.c:1250
GENERIC_MAPPING GenericMapping
Definition: obtypes.h:358
#define DEBUG_OBJECT_ALL_ACCESS
Definition: dbgktypes.h:34
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:261
OB_DELETE_METHOD DeleteProcedure
Definition: obtypes.h:369
ULONG DefaultNonPagedPoolCharge
Definition: obtypes.h:365
FAST_MUTEX DbgkpProcessDebugPortMutex
Definition: dbgkobj.c:16
VOID NTAPI DbgkpCloseObject(IN PEPROCESS OwnerProcess OPTIONAL, IN PVOID ObjectBody, IN ACCESS_MASK GrantedAccess, IN ULONG HandleCount, IN ULONG SystemHandleCount)
Definition: dbgkobj.c:1111
#define PAGED_CODE()

Referenced by ExpInitializeExecutive().

◆ DbgkMapViewOfSection()

VOID NTAPI DbgkMapViewOfSection ( IN PVOID  Section,
IN PVOID  BaseAddress,
IN ULONG  SectionOffset,
IN ULONG_PTR  ViewSize 
)

Definition at line 380 of file dbgkutil.c.

384 {
385  DBGKM_MSG ApiMessage;
386  PDBGKM_LOAD_DLL LoadDll = &ApiMessage.LoadDll;
389  PIMAGE_NT_HEADERS NtHeader;
390  PAGED_CODE();
392  "Section: %p. Base: %p\n", Section, BaseAddress);
393 
394  /* Check if this thread is kernel, hidden or doesn't have a debug port */
395  if ((ExGetPreviousMode() == KernelMode) ||
397  !(Process->DebugPort))
398  {
399  /* Don't notify the debugger */
400  return;
401  }
402 
403  /* Setup the parameters */
404  LoadDll->FileHandle = DbgkpSectionToFileHandle(Section);
405  LoadDll->BaseOfDll = BaseAddress;
406  LoadDll->DebugInfoFileOffset = 0;
407  LoadDll->DebugInfoSize = 0;
408  LoadDll->NamePointer = &NtCurrentTeb()->NtTib.ArbitraryUserPointer;
409 
410  /* Get the NT Headers */
411  NtHeader = RtlImageNtHeader(BaseAddress);
412  if (NtHeader)
413  {
414  /* Fill out debug information */
415  LoadDll->DebugInfoFileOffset = NtHeader->FileHeader.
416  PointerToSymbolTable;
417  LoadDll->DebugInfoSize = NtHeader->FileHeader.NumberOfSymbols;
418  }
419 
420  /* Setup the API Message */
421  ApiMessage.h.u1.Length = sizeof(DBGKM_MSG) << 16 |
422  (8 + sizeof(DBGKM_LOAD_DLL));
423  ApiMessage.h.u2.ZeroInit = 0;
424  ApiMessage.h.u2.s2.Type = LPC_DEBUG_EVENT;
425  ApiMessage.ApiNumber = DbgKmLoadDllApi;
426 
427  /* Send the message */
428  DbgkpSendApiMessage(&ApiMessage, TRUE);
429 
430  /* Close the handle */
432 }
ULONG DebugInfoSize
Definition: dbgktypes.h:166
#define TRUE
Definition: types.h:120
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
HANDLE FileHandle
Definition: dbgktypes.h:163
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
HANDLE NTAPI DbgkpSectionToFileHandle(IN PVOID Section)
Definition: dbgkutil.c:19
DBGKM_LOAD_DLL LoadDll
Definition: dbgktypes.h:218
PORT_MESSAGE h
Definition: dbgktypes.h:208
#define PsGetCurrentProcess
Definition: psfuncs.h:17
IMAGE_FILE_HEADER FileHeader
Definition: ntddk_ex.h:183
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID * BaseAddress
Definition: mmfuncs.h:404
DWORD NumberOfSymbols
Definition: ntddk_ex.h:126
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
NTSTATUS NTAPI ObCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
Definition: obhandle.c:3376
NTSTATUS NTAPI DbgkpSendApiMessage(IN OUT PDBGKM_MSG ApiMsg, IN BOOLEAN SuspendProcess)
Definition: dbgkobj.c:242
PVOID NamePointer
Definition: dbgktypes.h:167
FORCEINLINE struct _TEB * NtCurrentTeb(VOID)
Definition: psfuncs.h:420
DBGKM_APINUMBER ApiNumber
Definition: dbgktypes.h:209
struct _DBGKM_MSG DBGKM_MSG
#define DBGK_PROCESS_DEBUG
Definition: dbgk.h:18
#define DBGKTRACE(x, fmt,...)
Definition: dbgk.h:46
#define RtlImageNtHeader
Definition: compat.h:466
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
ULONG DebugInfoFileOffset
Definition: dbgktypes.h:165
ULONG HideFromDebugger
Definition: pstypes.h:1119
#define PAGED_CODE()

Referenced by NtMapViewOfSection().

◆ DbgkOpenProcessDebugPort()

NTSTATUS NTAPI DbgkOpenProcessDebugPort ( IN PEPROCESS  Process,
IN KPROCESSOR_MODE  PreviousMode,
OUT HANDLE DebugHandle 
)

Definition at line 1526 of file dbgkobj.c.

1529 {
1530  PDEBUG_OBJECT DebugObject;
1531  NTSTATUS Status;
1532  PAGED_CODE();
1533 
1534  /* If there's no debug port, just exit */
1535  if (!Process->DebugPort) return STATUS_PORT_NOT_SET;
1536 
1537  /* Otherwise, acquire the lock while we grab the port */
1539 
1540  /* Grab it and reference it if it exists */
1541  DebugObject = Process->DebugPort;
1542  if (DebugObject) ObReferenceObject(DebugObject);
1543 
1544  /* Release the lock now */
1546 
1547  /* Bail out if it doesn't exist */
1548  if (!DebugObject) return STATUS_PORT_NOT_SET;
1549 
1550  /* Now get a handle to it */
1551  Status = ObOpenObjectByPointer(DebugObject,
1552  0,
1553  NULL,
1556  PreviousMode,
1557  DebugHandle);
1558  if (!NT_SUCCESS(Status)) ObDereferenceObject(DebugObject);
1559 
1560  /* Return status */
1561  return Status;
1562 }
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83
#define STATUS_PORT_NOT_SET
Definition: ntstatus.h:880
LONG NTSTATUS
Definition: precomp.h:26
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375
NTSTATUS NTAPI ObOpenObjectByPointer(IN PVOID Object, IN ULONG HandleAttributes, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PHANDLE Handle)
Definition: obhandle.c:2739
VOID FASTCALL ExReleaseFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:31
smooth NULL
Definition: ftsmooth.c:416
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
POBJECT_TYPE DbgkDebugObjectType
Definition: dbgkobj.c:15
Status
Definition: gdiplustypes.h:24
VOID FASTCALL ExAcquireFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:23
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
#define ObReferenceObject
Definition: obfuncs.h:204
FAST_MUTEX DbgkpProcessDebugPortMutex
Definition: dbgkobj.c:16
#define PAGED_CODE()

Referenced by NtQueryInformationProcess().

◆ DbgkpResumeProcess()

VOID NTAPI DbgkpResumeProcess ( VOID  )

Definition at line 77 of file dbgkutil.c.

78 {
79  PAGED_CODE();
80 
81  /* Thaw all the threads */
83 }
VOID NTAPI KeThawAllThreads(VOID)
Definition: thrdobj.c:669
#define PAGED_CODE()

Referenced by DbgkExitThread(), DbgkpSendApiMessage(), and DbgkpSendApiMessageLpc().

◆ DbgkpSectionToFileHandle()

HANDLE NTAPI DbgkpSectionToFileHandle ( IN PVOID  Section)

Definition at line 19 of file dbgkutil.c.

20 {
25  HANDLE Handle;
26  PAGED_CODE();
27 
28  /* Get the filename of the section */
30  if (!NT_SUCCESS(Status)) return NULL;
31 
32  /* Initialize object attributes */
34  &FileName->Name,
38  NULL,
39  NULL);
40 
41  /* Open the file */
48 
49  /* Free the name and return the handle if we succeeded */
51  if (!NT_SUCCESS(Status)) return NULL;
52  return Handle;
53 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
NTSTATUS NTAPI MmGetFileNameForSection(IN PVOID Section, OUT POBJECT_NAME_INFORMATION *ModuleName)
Definition: section.c:1801
LONG NTSTATUS
Definition: precomp.h:26
#define FILE_SHARE_WRITE
Definition: nt_native.h:681
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
#define FILE_SHARE_READ
Definition: compat.h:125
smooth NULL
Definition: ftsmooth.c:416
_In_ HANDLE Handle
Definition: extypes.h:390
TCHAR Name[MAX_PATH]
Definition: filecomp.c:349
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
NTSYSAPI NTSTATUS NTAPI ZwOpenFile(_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG ShareAccess, _In_ ULONG OpenOptions)
#define FILE_SHARE_DELETE
Definition: nt_native.h:682
#define OBJ_FORCE_ACCESS_CHECK
Definition: winternl.h:232
#define GENERIC_READ
Definition: compat.h:124
#define SYNCHRONIZE
Definition: nt_native.h:61
Status
Definition: gdiplustypes.h:24
struct _FileName FileName
Definition: fatprocs.h:893
static OUT PIO_STATUS_BLOCK IoStatusBlock
Definition: pipe.c:75
#define FILE_SYNCHRONOUS_IO_NONALERT
Definition: from_kernel.h:31
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
#define ExFreePool(addr)
Definition: env_spec_w32.h:352
#define PAGED_CODE()

Referenced by DbgkCreateThread(), DbgkMapViewOfSection(), and DbgkpPostFakeThreadMessages().

◆ DbgkpSendApiMessage()

NTSTATUS NTAPI DbgkpSendApiMessage ( IN OUT PDBGKM_MSG  ApiMsg,
IN BOOLEAN  SuspendProcess 
)

Definition at line 242 of file dbgkobj.c.

244 {
247  PAGED_CODE();
248  DBGKTRACE(DBGK_MESSAGE_DEBUG, "ApiMsg: %p SuspendProcess: %lx\n", ApiMsg, SuspendProcess);
249 
250  /* Suspend process if required */
251  if (SuspendProcess) Suspended = DbgkpSuspendProcess();
252 
253  /* Set return status */
254  ApiMsg->ReturnedStatus = STATUS_PENDING;
255 
256  /* Set create process reported state */
258 
259  /* Send the LPC command */
262  ApiMsg,
263  0,
264  NULL);
265 
266  /* Flush the instruction cache */
268 
269  /* Resume the process if it was suspended */
271  return Status;
272 }
NTSYSAPI NTSTATUS NTAPI ZwFlushInstructionCache(_In_ HANDLE ProcessHandle, _In_ PVOID BaseAddress, _In_ ULONG NumberOfBytesToFlush)
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
#define PSF_CREATE_REPORTED_BIT
Definition: pstypes.h:265
LONG NTSTATUS
Definition: precomp.h:26
#define PsGetCurrentProcess
Definition: psfuncs.h:17
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
#define NtCurrentProcess()
Definition: nt_native.h:1657
BOOLEAN NTAPI DbgkpSuspendProcess(VOID)
Definition: dbgkutil.c:57
#define STATUS_PENDING
Definition: ntstatus.h:82
VOID NTAPI DbgkpResumeProcess(VOID)
Definition: dbgkutil.c:77
Status
Definition: gdiplustypes.h:24
NTSTATUS NTAPI DbgkpQueueMessage(IN PEPROCESS Process, IN PETHREAD Thread, IN PDBGKM_MSG Message, IN ULONG Flags, IN PDEBUG_OBJECT TargetObject OPTIONAL)
Definition: dbgkobj.c:39
#define DBGKTRACE(x, fmt,...)
Definition: dbgk.h:46
#define DBGK_MESSAGE_DEBUG
Definition: dbgk.h:20
#define PspSetProcessFlag(Process, Flag)
Definition: ps_x.h:33
#define PAGED_CODE()

Referenced by DbgkCreateThread(), DbgkExitProcess(), DbgkExitThread(), DbgkForwardException(), DbgkMapViewOfSection(), and DbgkUnMapViewOfSection().

◆ DbgkpSuspendProcess()

BOOLEAN NTAPI DbgkpSuspendProcess ( VOID  )

Definition at line 57 of file dbgkutil.c.

58 {
59  PAGED_CODE();
60 
61  /* Make sure this isn't a deleted process */
62  if (!PsGetCurrentProcess()->ProcessDelete)
63  {
64  /* Freeze all the threads */
66  return TRUE;
67  }
68  else
69  {
70  /* No suspend was done */
71  return FALSE;
72  }
73 }
#define TRUE
Definition: types.h:120
#define PsGetCurrentProcess
Definition: psfuncs.h:17
VOID NTAPI KeFreezeAllThreads(VOID)
Definition: thrdobj.c:315
#define PAGED_CODE()

Referenced by DbgkExitThread(), DbgkpSendApiMessage(), and DbgkpSendApiMessageLpc().

◆ DbgkUnMapViewOfSection()

VOID NTAPI DbgkUnMapViewOfSection ( IN PVOID  BaseAddress)

Definition at line 436 of file dbgkutil.c.

437 {
438  DBGKM_MSG ApiMessage;
439  PDBGKM_UNLOAD_DLL UnloadDll = &ApiMessage.UnloadDll;
442  PAGED_CODE();
443 
444  /* Check if this thread is kernel, hidden or doesn't have a debug port */
445  if ((ExGetPreviousMode() == KernelMode) ||
447  !(Process->DebugPort))
448  {
449  /* Don't notify the debugger */
450  return;
451  }
452 
453  /* Set the DLL Base */
454  UnloadDll->BaseAddress = BaseAddress;
455 
456  /* Setup the API Message */
457  ApiMessage.h.u1.Length = sizeof(DBGKM_MSG) << 16 |
458  (8 + sizeof(DBGKM_UNLOAD_DLL));
459  ApiMessage.h.u2.ZeroInit = 0;
460  ApiMessage.h.u2.s2.Type = LPC_DEBUG_EVENT;
461  ApiMessage.ApiNumber = DbgKmUnloadDllApi;
462 
463  /* Send the message */
464  DbgkpSendApiMessage(&ApiMessage, TRUE);
465 }
#define TRUE
Definition: types.h:120
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
PORT_MESSAGE h
Definition: dbgktypes.h:208
#define PsGetCurrentProcess
Definition: psfuncs.h:17
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID * BaseAddress
Definition: mmfuncs.h:404
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
NTSTATUS NTAPI DbgkpSendApiMessage(IN OUT PDBGKM_MSG ApiMsg, IN BOOLEAN SuspendProcess)
Definition: dbgkobj.c:242
DBGKM_APINUMBER ApiNumber
Definition: dbgktypes.h:209
struct _DBGKM_MSG DBGKM_MSG
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
ULONG HideFromDebugger
Definition: pstypes.h:1119
DBGKM_UNLOAD_DLL UnloadDll
Definition: dbgktypes.h:219
#define PAGED_CODE()

Referenced by MiRosUnmapViewOfSection(), and MiUnmapViewOfSection().

Variable Documentation

◆ DbgkDebugObjectType

◆ DbgkpTraceLevel

ULONG DbgkpTraceLevel

Definition at line 17 of file dbgkobj.c.