170 L"\\SystemRoot\\System32\\ntdll.dll");
177 DebugPort =
Process->DebugPort;
178 if (!DebugPort)
return;
204 PointerToSymbolTable;
210 ApiMessage.
h.u1.Length =
sizeof(
DBGKM_MSG) << 16 |
212 ApiMessage.
h.u2.ZeroInit = 0;
234 FileHeader.PointerToSymbolTable;
271 ApiMessage.
h.u1.Length =
sizeof(
DBGKM_MSG) << 16 |
273 ApiMessage.
h.u2.ZeroInit = 0;
291 ApiMessage.
h.u1.Length =
sizeof(
DBGKM_MSG) << 16 |
293 ApiMessage.
h.u2.ZeroInit = 0;
325 ApiMessage.
h.u1.Length =
sizeof(
DBGKM_MSG) << 16 |
327 ApiMessage.
h.u2.ZeroInit = 0;
362 ApiMessage.
h.u1.Length =
sizeof(
DBGKM_MSG) << 16 |
364 ApiMessage.
h.u2.ZeroInit = 0;
416 PointerToSymbolTable;
421 ApiMessage.
h.u1.Length =
sizeof(
DBGKM_MSG) << 16 |
423 ApiMessage.
h.u2.ZeroInit = 0;
457 ApiMessage.
h.u1.Length =
sizeof(
DBGKM_MSG) << 16 |
459 ApiMessage.
h.u2.ZeroInit = 0;
ACPI_BUFFER *RetBuffer ACPI_BUFFER *RetBuffer char ACPI_WALK_RESOURCE_CALLBACK void *Context ACPI_BUFFER *RetBuffer UINT16 ACPI_RESOURCE **ResourcePtr ACPI_GENERIC_ADDRESS *Reg UINT32 *ReturnValue UINT8 UINT8 *Slp_TypB ACPI_PHYSICAL_ADDRESS PhysicalAddress64 UINT32 UINT32 *TimeElapsed UINT32 ACPI_STATUS const char UINT32 ACPI_STATUS const char UINT32 const char const char * ModuleName
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
#define DBGK_PROCESS_DEBUG
#define DBGKTRACE(x, fmt,...)
NTSTATUS NTAPI DbgkpSendApiMessage(IN OUT PDBGKM_MSG ApiMsg, IN BOOLEAN SuspendProcess)
struct _DBGKM_MSG DBGKM_MSG
VOID NTAPI DbgkUnMapViewOfSection(IN PVOID BaseAddress)
VOID NTAPI DbgkMapViewOfSection(IN PVOID Section, IN PVOID BaseAddress, IN ULONG SectionOffset, IN ULONG_PTR ViewSize)
VOID NTAPI DbgkCreateThread(IN PETHREAD Thread, IN PVOID StartAddress)
VOID NTAPI DbgkExitThread(IN NTSTATUS ExitStatus)
HANDLE NTAPI DbgkpSectionToFileHandle(IN PVOID Section)
VOID NTAPI DbgkpResumeProcess(VOID)
BOOLEAN NTAPI DbgkpSuspendProcess(VOID)
VOID NTAPI DbgkExitProcess(IN NTSTATUS ExitStatus)
#define NT_SUCCESS(StatCode)
VOID WINAPI ExitProcess(IN UINT uExitCode)
VOID WINAPI ExitThread(IN DWORD uExitCode)
HANDLE WINAPI DECLSPEC_HOTPATCH CreateThread(IN LPSECURITY_ATTRIBUTES lpThreadAttributes, IN DWORD dwStackSize, IN LPTHREAD_START_ROUTINE lpStartAddress, IN LPVOID lpParameter, IN DWORD dwCreationFlags, OUT LPDWORD lpThreadId)
#define PsGetCurrentThread()
#define KeQuerySystemTime(t)
#define ExGetPreviousMode
struct _FileName FileName
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
#define FILE_SYNCHRONOUS_IO_NONALERT
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
_Must_inspect_result_ _Outptr_ PVOID * SectionObject
#define PSF_CREATE_REPORTED_BIT
#define PSF_IMAGE_NOTIFY_DONE_BIT
#define OBJ_KERNEL_HANDLE
#define OBJ_CASE_INSENSITIVE
#define OBJ_FORCE_ACCESS_CHECK
#define IMAGE_ADDRESSING_MODE_32BIT
static OUT PIO_STATUS_BLOCK IoStatusBlock
#define InitializeObjectAttributes(p, n, a, r, s)
NTSYSAPI NTSTATUS NTAPI ZwOpenFile(_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG ShareAccess, _In_ ULONG OpenOptions)
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID * BaseAddress
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER SectionOffset
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER _Inout_ PSIZE_T ViewSize
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define FILE_SHARE_DELETE
VOID NTAPI KeFreezeAllThreads(VOID)
VOID NTAPI KeThawAllThreads(VOID)
NTSTATUS NTAPI MmGetFileNameForSection(IN PVOID Section, OUT POBJECT_NAME_INFORMATION *ModuleName)
NTSTATUS NTAPI ObCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
UNICODE_STRING PsNtDllPathName
BOOLEAN PsImageNotifyEnabled
FORCEINLINE VOID PspRunLoadImageNotifyRoutines(PUNICODE_STRING FullImageName, HANDLE ProcessId, PIMAGE_INFO ImageInfo)
#define PspSetProcessFlag(Process, Flag)
_CRTIMP wchar_t *__cdecl wcsncpy(wchar_t *_Dest, const wchar_t *_Source, size_t _Count)
ULONG DebugInfoFileOffset
DBGKM_CREATE_THREAD CreateThread
DBGKM_CREATE_PROCESS CreateProcess
DBGKM_UNLOAD_DLL UnloadDll
DBGKM_APINUMBER ApiNumber
DBGKM_EXIT_PROCESS ExitProcess
DBGKM_EXIT_THREAD ExitThread
ULONG ImageAddressingMode
PVOID ArbitraryUserPointer
WCHAR StaticUnicodeBuffer[261]
#define PsGetCurrentProcess