kdfuncs.h File Reference

#include <umtypes.h>
#include <kdtypes.h>

Include dependency graph for kdfuncs.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions
NTSTATUS NTAPI	KdSystemDebugControl (_In_ SYSDBG_COMMAND Command, _In_reads_bytes_(InputBufferLength) PVOID InputBuffer, _In_ ULONG InputBufferLength, _Out_writes_bytes_(OutputBufferLength) PVOID OutputBuffer, _In_ ULONG OutputBufferLength, _Out_opt_ PULONG ReturnLength, _In_ KPROCESSOR_MODE PreviousMode)
	Perform various queries to the kernel debugger.
BOOLEAN NTAPI	KdPollBreakIn (VOID)
NTSYSCALLAPI NTSTATUS NTAPI	NtQueryDebugFilterState (_In_ ULONG ComponentId, _In_ ULONG Level)
NTSYSCALLAPI NTSTATUS NTAPI	NtSetDebugFilterState (_In_ ULONG ComponentId, _In_ ULONG Level, _In_ BOOLEAN State)
NTSYSCALLAPI NTSTATUS NTAPI	NtSystemDebugControl (_In_ SYSDBG_COMMAND Command, _In_reads_bytes_(InputBufferLength) PVOID InputBuffer, _In_ ULONG InputBufferLength, _Out_writes_bytes_(OutputBufferLength) PVOID OutputBuffer, _In_ ULONG OutputBufferLength, _Out_opt_ PULONG ReturnLength)
	Perform various queries to the kernel debugger.
NTSYSAPI NTSTATUS NTAPI	ZwQueryDebugFilterState (ULONG ComponentId, ULONG Level)
NTSYSAPI NTSTATUS NTAPI	ZwSetDebugFilterState (ULONG ComponentId, ULONG Level, BOOLEAN State)
NTSYSAPI NTSTATUS NTAPI	ZwSystemDebugControl (_In_ SYSDBG_COMMAND Command, _In_reads_bytes_(InputBufferLength) PVOID InputBuffer, _In_ ULONG InputBufferLength, _Out_writes_bytes_(OutputBufferLength) PVOID OutputBuffer, _In_ ULONG OutputBufferLength, _Out_opt_ PULONG ReturnLength)

Function Documentation

KdPollBreakIn()

BOOLEAN NTAPI KdPollBreakIn

(

VOID

)

Definition at line 75 of file kdlock.c.

{
    BOOLEAN DoBreak = FALSE, Enable;
 
    /* First make sure that KD is enabled */
    if (KdDebuggerEnabled)
    {
        /* Disable interrupts */
        Enable = KeDisableInterrupts();
 
        /* Check if a CTRL-C is in the queue */
        if (KdpContext.KdpControlCPending)
        {
            /* Set it and prepare for break */
            KdpControlCPressed = TRUE;
            DoBreak = TRUE;
            KdpContext.KdpControlCPending = FALSE;
        }
        else
        {
            KIRQL OldIrql;
            /* Try to acquire the lock */
            KeRaiseIrql(HIGH_LEVEL, &OldIrql);
            if (KeTryToAcquireSpinLockAtDpcLevel(&KdpDebuggerLock))
            {
                /* Now get a packet */
                if (KdReceivePacket(PACKET_TYPE_KD_POLL_BREAKIN,
                                    NULL,
                                    NULL,
                                    NULL,
                                    NULL) == KdPacketReceived)
                {
                    /* Successful breakin */
                    DoBreak = TRUE;
                    KdpControlCPressed = TRUE;
                }
 
                /* Let go of the port */
                KdpPortUnlock();
            }
            KeLowerIrql(OldIrql);
        }
 
        /* Re-enable interrupts */
        KeRestoreInterrupts(Enable);
    }
 
    /* Tell the caller to do a break */
    return DoBreak;
}

Referenced by KdInitSystem(), KeUpdateSystemTime(), KiInitializeSystem(), and KiSystemStartup().

KdSystemDebugControl()

NTSTATUS NTAPI KdSystemDebugControl	(	_In_ SYSDBG_COMMAND	Command,
		_In_reads_bytes_(InputBufferLength) PVOID	InputBuffer,
		_In_ ULONG	InputBufferLength,
		_Out_writes_bytes_(OutputBufferLength) PVOID	OutputBuffer,
		_In_ ULONG	OutputBufferLength,
		_Out_opt_ PULONG	ReturnLength,
		_In_ KPROCESSOR_MODE	PreviousMode
	)

Perform various queries to the kernel debugger.

Parameters

[in]	Command	A SYSDBG_COMMAND value describing the kernel debugger command to perform.
[in]	InputBuffer	Pointer to a user-provided input command-specific buffer, whose length is given by InputBufferLength.
[in]	InputBufferLength	The size (in bytes) of the buffer pointed by InputBuffer.
[out]	OutputBuffer	Pointer to a user-provided command-specific output buffer, whose length is given by OutputBufferLength.
[in]	OutputBufferLength	The size (in bytes) of the buffer pointed by OutputBuffer.
[out]	ReturnLength	Optional pointer to a ULONG variable that receives the actual length of data written written in the output buffer. It is always zero, except for the live dump commands where an actual non-zero length is returned.
[in]	PreviousMode	The processor mode (KernelMode or UserMode) in which the command is being executed.

Returns

STATUS_SUCCESS in case of success, or a proper error code otherwise.

Remarks

• This is a kernel-mode function, accessible only by kernel-mode drivers.

Note

See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2339

See also

NtSystemDebugControl()

Definition at line 2217 of file kdapi.c.

{
    NTSTATUS Status;
    ULONG Length = 0;
 
    /* Handle some internal commands */
    switch ((ULONG)Command)
    {
#if DBG
        case ' soR': /* ROS-INTERNAL */
        {
            switch ((ULONG_PTR)InputBuffer)
            {
                case 0x21: // DumpAllThreads:
                    PspDumpThreads(TRUE);
                    break;
 
                case 0x22: // DumpUserThreads:
                    PspDumpThreads(FALSE);
                    break;
 
                case 0x24: // KdSpare3:
                    MmDumpArmPfnDatabase(FALSE);
                    break;
 
                default:
                    break;
            }
            return STATUS_SUCCESS;
        }
 
#if defined(_M_IX86) && !defined(_WINKD_) // See ke/i386/traphdlr.c
        /* Register a debug callback */
        case 'CsoR':
        {
            switch (InputBufferLength)
            {
                case ID_Win32PreServiceHook:
                    KeWin32PreServiceHook = InputBuffer;
                    break;
 
                case ID_Win32PostServiceHook:
                    KeWin32PostServiceHook = InputBuffer;
                    break;
 
            }
            break;
        }
#endif
 
        /* Special case for stack frame dumps */
        case 'DsoR':
        {
            KeRosDumpStackFrames((PULONG_PTR)InputBuffer, InputBufferLength);
            break;
        }
#ifdef KDBG
        /* Register KDBG CLI callback */
        case 'RbdK':
        {
            return KdbRegisterCliCallback(InputBuffer, InputBufferLength);
        }
#endif // KDBG
#endif
        default:
            break;
    }
 
    switch (Command)
    {
        case SysDbgQueryVersion:
            if (OutputBufferLength != sizeof(DBGKD_GET_VERSION64))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
            }
            else
            {
                KdpSysGetVersion((PDBGKD_GET_VERSION64)OutputBuffer);
                Status = STATUS_SUCCESS;
            }
            break;
 
        case SysDbgReadVirtual:
        case SysDbgWriteVirtual:
            if (InputBufferLength != sizeof(SYSDBG_VIRTUAL))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
            }
            else
            {
                SYSDBG_VIRTUAL Request = *(PSYSDBG_VIRTUAL)InputBuffer;
                PVOID LockedBuffer;
                PMDL LockVariable;
 
                Status = ExLockUserBuffer(Request.Buffer,
                                          Request.Request,
                                          PreviousMode,
                                          Command == SysDbgReadVirtual ? IoWriteAccess : IoReadAccess,
                                          &LockedBuffer,
                                          &LockVariable);
                if (NT_SUCCESS(Status))
                {
                    Status = KdpCopyMemoryChunks((ULONG64)(ULONG_PTR)Request.Address,
                                                 Request.Buffer,
                                                 Request.Request,
                                                 0,
                                                 Command == SysDbgReadVirtual ? 0 : MMDBG_COPY_WRITE,
                                                 &Length);
                    ExUnlockUserBuffer(LockVariable);
                }
            }
            break;
 
        case SysDbgReadPhysical:
        case SysDbgWritePhysical:
            if (InputBufferLength != sizeof(SYSDBG_PHYSICAL))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
            }
            else
            {
                SYSDBG_PHYSICAL Request = *(PSYSDBG_PHYSICAL)InputBuffer;
                PVOID LockedBuffer;
                PMDL LockVariable;
 
                Status = ExLockUserBuffer(Request.Buffer,
                                          Request.Request,
                                          PreviousMode,
                                          Command == SysDbgReadVirtual ? IoWriteAccess : IoReadAccess,
                                          &LockedBuffer,
                                          &LockVariable);
                if (NT_SUCCESS(Status))
                {
                    Status = KdpCopyMemoryChunks(Request.Address.QuadPart,
                                                 Request.Buffer,
                                                 Request.Request,
                                                 0,
                                                 MMDBG_COPY_PHYSICAL | (Command == SysDbgReadVirtual ? 0 : MMDBG_COPY_WRITE),
                                                 &Length);
                    ExUnlockUserBuffer(LockVariable);
                }
            }
            break;
 
        case SysDbgReadControlSpace:
            if (InputBufferLength != sizeof(SYSDBG_CONTROL_SPACE))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
            }
            else
            {
                SYSDBG_CONTROL_SPACE Request = *(PSYSDBG_CONTROL_SPACE)InputBuffer;
                PVOID LockedBuffer;
                PMDL LockVariable;
 
                Status = ExLockUserBuffer(Request.Buffer,
                                          Request.Request,
                                          PreviousMode,
                                          IoWriteAccess,
                                          &LockedBuffer,
                                          &LockVariable);
                if (NT_SUCCESS(Status))
                {
                    Status = KdpSysReadControlSpace(Request.Processor,
                                                    Request.Address,
                                                    LockedBuffer,
                                                    Request.Request,
                                                    &Length);
                    ExUnlockUserBuffer(LockVariable);
                }
            }
            break;
 
        case SysDbgWriteControlSpace:
            if (InputBufferLength != sizeof(SYSDBG_CONTROL_SPACE))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
            }
            else
            {
                SYSDBG_CONTROL_SPACE Request = *(PSYSDBG_CONTROL_SPACE)InputBuffer;
                PVOID LockedBuffer;
                PMDL LockVariable;
 
                Status = ExLockUserBuffer(Request.Buffer,
                                          Request.Request,
                                          PreviousMode,
                                          IoReadAccess,
                                          &LockedBuffer,
                                          &LockVariable);
                if (NT_SUCCESS(Status))
                {
                    Status = KdpSysWriteControlSpace(Request.Processor,
                                                     Request.Address,
                                                     LockedBuffer,
                                                     Request.Request,
                                                     &Length);
                    ExUnlockUserBuffer(LockVariable);
                }
            }
            break;
 
        case SysDbgReadIoSpace:
            if (InputBufferLength != sizeof(SYSDBG_IO_SPACE))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
            }
            else
            {
                SYSDBG_IO_SPACE Request = *(PSYSDBG_IO_SPACE)InputBuffer;
                PVOID LockedBuffer;
                PMDL LockVariable;
 
                Status = ExLockUserBuffer(Request.Buffer,
                                          Request.Request,
                                          PreviousMode,
                                          IoWriteAccess,
                                          &LockedBuffer,
                                          &LockVariable);
                if (NT_SUCCESS(Status))
                {
                    Status = KdpSysReadIoSpace(Request.InterfaceType,
                                               Request.BusNumber,
                                               Request.AddressSpace,
                                               Request.Address,
                                               LockedBuffer,
                                               Request.Request,
                                               &Length);
                    ExUnlockUserBuffer(LockVariable);
                }
            }
            break;
 
        case SysDbgWriteIoSpace:
            if (InputBufferLength != sizeof(SYSDBG_IO_SPACE))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
            }
            else
            {
                SYSDBG_IO_SPACE Request = *(PSYSDBG_IO_SPACE)InputBuffer;
                PVOID LockedBuffer;
                PMDL LockVariable;
 
                Status = ExLockUserBuffer(Request.Buffer,
                                          Request.Request,
                                          PreviousMode,
                                          IoReadAccess,
                                          &LockedBuffer,
                                          &LockVariable);
                if (NT_SUCCESS(Status))
                {
                    Status = KdpSysWriteIoSpace(Request.InterfaceType,
                                                Request.BusNumber,
                                                Request.AddressSpace,
                                                Request.Address,
                                                LockedBuffer,
                                                Request.Request,
                                                &Length);
                    ExUnlockUserBuffer(LockVariable);
                }
            }
            break;
 
        case SysDbgReadMsr:
            if (InputBufferLength != sizeof(SYSDBG_MSR))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
            }
            else
            {
                PSYSDBG_MSR Request = (PSYSDBG_MSR)InputBuffer;
                Status = KdpSysReadMsr(Request->Address, &Request->Data);
            }
            break;
 
        case SysDbgWriteMsr:
            if (InputBufferLength != sizeof(SYSDBG_MSR))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
            }
            else
            {
                PSYSDBG_MSR Request = (PSYSDBG_MSR)InputBuffer;
                Status = KdpSysWriteMsr(Request->Address, &Request->Data);
            }
            break;
 
        case SysDbgReadBusData:
            if (InputBufferLength != sizeof(SYSDBG_BUS_DATA))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
            }
            else
            {
                SYSDBG_BUS_DATA Request = *(PSYSDBG_BUS_DATA)InputBuffer;
                PVOID LockedBuffer;
                PMDL LockVariable;
 
                Status = ExLockUserBuffer(Request.Buffer,
                                          Request.Request,
                                          PreviousMode,
                                          IoWriteAccess,
                                          &LockedBuffer,
                                          &LockVariable);
                if (NT_SUCCESS(Status))
                {
                    Status = KdpSysReadBusData(Request.BusDataType,
                                               Request.BusNumber,
                                               Request.SlotNumber,
                                               Request.Address,
                                               LockedBuffer,
                                               Request.Request,
                                               &Length);
                    ExUnlockUserBuffer(LockVariable);
                }
            }
            break;
 
        case SysDbgWriteBusData:
            if (InputBufferLength != sizeof(SYSDBG_BUS_DATA))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
            }
            else
            {
                SYSDBG_BUS_DATA Request = *(PSYSDBG_BUS_DATA)InputBuffer;
                PVOID LockedBuffer;
                PMDL LockVariable;
 
                Status = ExLockUserBuffer(Request.Buffer,
                                          Request.Request,
                                          PreviousMode,
                                          IoReadAccess,
                                          &LockedBuffer,
                                          &LockVariable);
                if (NT_SUCCESS(Status))
                {
                    Status = KdpSysWriteBusData(Request.BusDataType,
                                                Request.BusNumber,
                                                Request.SlotNumber,
                                                Request.Address,
                                                LockedBuffer,
                                                Request.Request,
                                                &Length);
                    ExUnlockUserBuffer(LockVariable);
                }
            }
            break;
 
        case SysDbgCheckLowMemory:
            Status = KdpSysCheckLowMemory(0);
            break;
 
        default:
            Status = STATUS_INVALID_INFO_CLASS;
            break;
    }
 
    if (ReturnLength)
        *ReturnLength = Length;
 
    return Status;
}

Referenced by DriverEntry(), i8042KbdInterruptService(), KdbpCmdRegs(), KdRosDumpStackFrames(), KdRosSetDebugCallback(), and NtSystemDebugControl().

NtQueryDebugFilterState()

NTSYSCALLAPI NTSTATUS NTAPI NtQueryDebugFilterState	(	_In_ ULONG	ComponentId,
		_In_ ULONG	Level
	)

Definition at line 2712 of file kdapi.c.

{
    PULONG Mask;
 
    /* Check if the ID fits in the component table */
    if (ComponentId < KdComponentTableSize)
    {
        /* It does, so get the mask from there */
        Mask = KdComponentTable[ComponentId];
    }
    else if (ComponentId == MAXULONG)
    {
        /*
         * This is the internal ID used for DbgPrint messages without ID
         * and Level. Use the system-wide mask for those.
         */
        Mask = &Kd_WIN2000_Mask;
    }
    else
    {
#if (NTDDI_VERSION >= NTDDI_VISTA)
        /* Use the default component ID */
        Mask = &Kd_DEFAULT_Mask;
        // Level = DPFLTR_INFO_LEVEL; // Override the Level.
#else
        /* Invalid ID, fail */
        return STATUS_INVALID_PARAMETER_1;
#endif
    }
 
    /* Convert Level to bit field if required */
    if (Level < 32) Level = 1 << Level;
    Level &= ~DPFLTR_MASK;
 
    /* Determine if this Level is filtered out */
    if ((Kd_WIN2000_Mask & Level) || (*Mask & Level))
    {
        /* This mask will get through to the debugger */
        return (NTSTATUS)TRUE;
    }
    else
    {
        /* This mask is filtered out */
        return (NTSTATUS)FALSE;
    }
}

Referenced by DbgQueryDebugFilterState(), KdpPrint(), and vDbgPrintExWithPrefixInternal().

NtSetDebugFilterState()

NTSYSCALLAPI NTSTATUS NTAPI NtSetDebugFilterState	(	_In_ ULONG	ComponentId,
		_In_ ULONG	Level,
		_In_ BOOLEAN	State
	)

Definition at line 2766 of file kdapi.c.

{
    PULONG Mask;
 
    /* Modifying debug filters requires the debug privilege */
    if (!SeSinglePrivilegeCheck(SeDebugPrivilege, ExGetPreviousMode()))
    {
        /* Fail */
        return STATUS_ACCESS_DENIED;
    }
 
    /* Check if the ID fits in the component table */
    if (ComponentId < KdComponentTableSize)
    {
        /* It does, so get the mask from there */
        Mask = KdComponentTable[ComponentId];
    }
    else if (ComponentId == MAXULONG)
    {
        /*
         * This is the internal ID used for DbgPrint messages without ID
         * and Level. Use the system-wide mask for those.
         */
        Mask = &Kd_WIN2000_Mask;
    }
    else
    {
#if (NTDDI_VERSION >= NTDDI_VISTA)
        /* Use the default component ID */
        Mask = &Kd_DEFAULT_Mask;
#else
        /* Invalid ID, fail */
        return STATUS_INVALID_PARAMETER_1;
#endif
    }
 
    /* Convert Level to bit field if required */
    if (Level < 32) Level = 1 << Level;
    Level &= ~DPFLTR_MASK;
 
    /* Set or remove the Level */
    if (State)
        *Mask |= Level;
    else
        *Mask &= ~Level;
 
    return STATUS_SUCCESS;
}

Referenced by DbgSetDebugFilterState(), and KdbpCmdFilter().

NtSystemDebugControl()

NTSYSCALLAPI NTSTATUS NTAPI NtSystemDebugControl	(	_In_ SYSDBG_COMMAND	Command,
		_In_reads_bytes_(InputBufferLength) PVOID	InputBuffer,
		_In_ ULONG	InputBufferLength,
		_Out_writes_bytes_(OutputBufferLength) PVOID	OutputBuffer,
		_In_ ULONG	OutputBufferLength,
		_Out_opt_ PULONG	ReturnLength
	)

Perform various queries to the kernel debugger.

Parameters

[in]	Command	A SYSDBG_COMMAND value describing the kernel debugger command to perform.
[in]	InputBuffer	Pointer to a user-provided input command-specific buffer, whose length is given by InputBufferLength.
[in]	InputBufferLength	The size (in bytes) of the buffer pointed by InputBuffer.
[out]	OutputBuffer	Pointer to a user-provided command-specific output buffer, whose length is given by OutputBufferLength.
[in]	OutputBufferLength	The size (in bytes) of the buffer pointed by OutputBuffer.
[out]	ReturnLength	Optional pointer to a ULONG variable that receives the actual length of data written written in the output buffer. It is always zero, except for the live dump commands where an actual non-zero length is returned.

Returns

STATUS_SUCCESS in case of success, or a proper error code otherwise.

Remarks

• The caller must have SeDebugPrivilege, otherwise the function fails with STATUS_ACCESS_DENIED.
• Only the live dump commands: SysDbgGetTriageDump, and SysDbgGetLiveKernelDump (Win8.1+) are available even if the debugger is disabled or absent.

• The following system-critical commands are not accessible anymore for user-mode usage with this API on NT 5.2+ (Windows 2003 SP1 and later) systems:

  SysDbgQueryVersion, SysDbgReadVirtual and SysDbgWriteVirtual, SysDbgReadPhysical and SysDbgWritePhysical, SysDbgReadControlSpace and SysDbgWriteControlSpace, SysDbgReadIoSpace and SysDbgWriteIoSpace, SysDbgReadMsr and SysDbgWriteMsr, SysDbgReadBusData and SysDbgWriteBusData, SysDbgCheckLowMemory.

  For these, NtSystemDebugControl() will return STATUS_NOT_IMPLEMENTED. They are now available from kernel-mode only with KdSystemDebugControl().

Note

See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2339

See also

KdSystemDebugControl()

Definition at line 209 of file dbgctrl.c.

{
    KPROCESSOR_MODE PreviousMode = KeGetPreviousMode();
    ULONG Length = 0;
    NTSTATUS Status;
 
    /* Debugger controlling requires the debug privilege */
    if (!SeSinglePrivilegeCheck(SeDebugPrivilege, PreviousMode))
        return STATUS_ACCESS_DENIED;
 
    _SEH2_TRY
    {
        if (PreviousMode != KernelMode)
        {
            if (InputBufferLength)
                ProbeForRead(InputBuffer, InputBufferLength, sizeof(ULONG));
            if (OutputBufferLength)
                ProbeForWrite(OutputBuffer, OutputBufferLength, sizeof(ULONG));
            if (ReturnLength)
                ProbeForWriteUlong(ReturnLength);
        }
 
        switch (Command)
        {
            case SysDbgQueryModuleInformation:
                /* Removed in WinNT4 */
                Status = STATUS_INVALID_INFO_CLASS;
                break;
 
#ifdef _M_IX86
            case SysDbgQueryTraceInformation:
            case SysDbgSetTracepoint:
            case SysDbgSetSpecialCall:
            case SysDbgClearSpecialCalls:
            case SysDbgQuerySpecialCalls:
                UNIMPLEMENTED;
                Status = STATUS_NOT_IMPLEMENTED;
                break;
#endif
 
            case SysDbgQueryVersion:
            case SysDbgReadVirtual:
            case SysDbgWriteVirtual:
            case SysDbgReadPhysical:
            case SysDbgWritePhysical:
            case SysDbgReadControlSpace:
            case SysDbgWriteControlSpace:
            case SysDbgReadIoSpace:
            case SysDbgWriteIoSpace:
            case SysDbgReadMsr:
            case SysDbgWriteMsr:
            case SysDbgReadBusData:
            case SysDbgWriteBusData:
            case SysDbgCheckLowMemory:
                /* Those are implemented in KdSystemDebugControl */
                if (InitIsWinPEMode)
                {
                    Status = KdSystemDebugControl(Command,
                                                  InputBuffer, InputBufferLength,
                                                  OutputBuffer, OutputBufferLength,
                                                  &Length, PreviousMode);
                }
                else
                {
                    Status = STATUS_NOT_IMPLEMENTED;
                }
                break;
 
            case SysDbgBreakPoint:
                if (KdDebuggerEnabled)
                {
                    DbgBreakPointWithStatus(DBG_STATUS_DEBUG_CONTROL);
                    Status = STATUS_SUCCESS;
                }
                else
                {
                    Status = STATUS_UNSUCCESSFUL;
                }
                break;
 
            case SysDbgEnableKernelDebugger:
                Status = KdEnableDebugger();
                break;
 
            case SysDbgDisableKernelDebugger:
                Status = KdDisableDebugger();
                break;
 
            case SysDbgGetAutoKdEnable:
                if (OutputBufferLength != sizeof(BOOLEAN))
                {
                    Status = STATUS_INFO_LENGTH_MISMATCH;
                }
                else
                {
                    *(PBOOLEAN)OutputBuffer = KdAutoEnableOnEvent;
                    Status = STATUS_SUCCESS;
                }
                break;
 
            case SysDbgSetAutoKdEnable:
                if (InputBufferLength != sizeof(BOOLEAN))
                {
                    Status = STATUS_INFO_LENGTH_MISMATCH;
                }
                else if (KdPitchDebugger)
                {
                    Status = STATUS_ACCESS_DENIED;
                }
                else
                {
                    KdAutoEnableOnEvent = *(PBOOLEAN)InputBuffer;
                    Status = STATUS_SUCCESS;
                }
                break;
 
            case SysDbgGetPrintBufferSize:
                if (OutputBufferLength != sizeof(ULONG))
                {
                    Status = STATUS_INFO_LENGTH_MISMATCH;
                }
                else
                {
                    /* Return buffer size only if KD is enabled */
                    *(PULONG)OutputBuffer = KdPitchDebugger ? 0 : KdPrintBufferSize;
                    Status = STATUS_SUCCESS;
                }
                break;
 
            case SysDbgSetPrintBufferSize:
                UNIMPLEMENTED;
                Status = STATUS_NOT_IMPLEMENTED;
                break;
 
            case SysDbgGetKdUmExceptionEnable:
                if (OutputBufferLength != sizeof(BOOLEAN))
                {
                    Status = STATUS_INFO_LENGTH_MISMATCH;
                }
                else
                {
                    /* Unfortunately, the internal flag says if UM exceptions are disabled */
                    *(PBOOLEAN)OutputBuffer = !KdIgnoreUmExceptions;
                    Status = STATUS_SUCCESS;
                }
                break;
 
            case SysDbgSetKdUmExceptionEnable:
                if (InputBufferLength != sizeof(BOOLEAN))
                {
                    Status = STATUS_INFO_LENGTH_MISMATCH;
                }
                else if (KdPitchDebugger)
                {
                    Status = STATUS_ACCESS_DENIED;
                }
                else
                {
                    /* Unfortunately, the internal flag says if UM exceptions are disabled */
                    KdIgnoreUmExceptions = !*(PBOOLEAN)InputBuffer;
                    Status = STATUS_SUCCESS;
                }
                break;
 
            case SysDbgGetTriageDump:
                UNIMPLEMENTED;
                Status = STATUS_NOT_IMPLEMENTED;
                break;
 
            case SysDbgGetKdBlockEnable:
                if (OutputBufferLength != sizeof(BOOLEAN))
                {
                    Status = STATUS_INFO_LENGTH_MISMATCH;
                }
                else
                {
                    *(PBOOLEAN)OutputBuffer = KdBlockEnable;
                    Status = STATUS_SUCCESS;
                }
                break;
 
            case SysDbgSetKdBlockEnable:
                Status = KdChangeOption(KD_OPTION_SET_BLOCK_ENABLE,
                                        InputBufferLength,
                                        InputBuffer,
                                        OutputBufferLength,
                                        OutputBuffer,
                                        &Length);
                break;
 
            default:
                Status = STATUS_INVALID_INFO_CLASS;
                break;
        }
 
        if (ReturnLength)
            *ReturnLength = Length;
 
        _SEH2_YIELD(return Status);
    }
    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
    {
        _SEH2_YIELD(return _SEH2_GetExceptionCode());
    }
    _SEH2_END;
}

Referenced by TestSystemDebugControl().

ZwQueryDebugFilterState()

NTSYSAPI NTSTATUS NTAPI ZwQueryDebugFilterState	(	ULONG	ComponentId,
		ULONG	Level
	)

ZwSetDebugFilterState()

NTSYSAPI NTSTATUS NTAPI ZwSetDebugFilterState	(	ULONG	ComponentId,
		ULONG	Level,
		BOOLEAN	State
	)

ZwSystemDebugControl()

NTSYSAPI NTSTATUS NTAPI ZwSystemDebugControl	(	_In_ SYSDBG_COMMAND	Command,
		_In_reads_bytes_(InputBufferLength) PVOID	InputBuffer,
		_In_ ULONG	InputBufferLength,
		_Out_writes_bytes_(OutputBufferLength) PVOID	OutputBuffer,
		_In_ ULONG	OutputBufferLength,
		_Out_opt_ PULONG	ReturnLength
	)