/*++ Copyright (c) 2000-2001 Microsoft Corporation Module Name: wmiexts.h Author: Ivan Brugiolo Revision History: --*/ # ifndef _WMIEXTS_H_ # define _WMIEXTS_H_ #ifdef _WIN64 #define KDEXT_64BIT #else #define KDEXT_32BIT #endif #ifdef KDEXT_64BIT #define MEMORY_ADDRESS ULONG64 #else #define MEMORY_ADDRESS ULONG_PTR #endif #include #include #include #include #ifdef PowerSystemMaximum #undef PowerSystemMaximum #endif #include #include #include #include #include #include #include // // To obtain the private & protected members of C++ class, // let me fake the "private" keyword // # define private public # define protected public // // Turn off dllexp et al so this DLL won't export tons of unnecessary garbage. // /************************************************************ * Macro Definitions ************************************************************/ extern WINDBG_EXTENSION_APIS ExtensionApis; extern HANDLE ExtensionCurrentProcess; extern USHORT g_MajorVersion; extern USHORT g_MinorVersion; #define moveBlock(dst, src, size)\ __try {\ ReadMemory( (ULONG_PTR)(src), (PVOID)&(dst), (size), NULL);\ } __except (EXCEPTION_EXECUTE_HANDLER) {\ return;\ } #define MoveWithRet(dst, src, retVal)\ __try {\ ReadMemory( (ULONG_PTR)(src), (PVOID)&(dst), sizeof(dst), NULL);\ } __except (EXCEPTION_EXECUTE_HANDLER) {\ return retVal;\ } #define MoveBlockWithRet(dst, src, size, retVal)\ __try {\ ReadMemory( (ULONG_PTR)(src), (PVOID)&(dst), (size), NULL);\ } __except (EXCEPTION_EXECUTE_HANDLER) {\ return retVal;\ } #ifdef _WIN64 #define INIT_API() \ LPSTR lpArgumentString = (LPSTR)args; \ ExtensionCurrentProcess = hCurrentProcess; #else #define INIT_API() \ LPSTR lpArgumentString = (LPSTR)args; \ ExtensionCurrentProcess = hCurrentProcess; \ if (ExtensionApis.nSize != sizeof(WINDBG_EXTENSION_APIS)){ \ WINDBG_OLD_EXTENSION_APIS * pOld = (WINDBG_OLD_EXTENSION_APIS *)&ExtensionApis; \ *pOld = *((WINDBG_OLD_EXTENSION_APIS *)dwProcessor); \ } #endif # define BoolValue( b) ((b) ? " TRUE" : " FALSE") #define DumpDword( symbol ) \ { \ ULONG_PTR dw = 0; \ if (ExtensionApis.nSize != sizeof(WINDBG_EXTENSION_APIS)){ \ dw = GetExpression( "&" symbol ); \ } else { \ dw = GetExpression( symbol ); \ }; \ \ ULONG_PTR dwValue = 0; \ if ( dw ) \ { \ if ( ReadMemory( (ULONG_PTR) dw, \ &dwValue, \ sizeof(dwValue), \ NULL )) \ { \ dprintf( "\t" symbol " = %8d (0x%p)\n", \ dwValue, \ dwValue ); \ } \ } \ } // // C++ Structures typically require the constructors and most times // we may not have default constructors // => trouble in defining a copy of these struct/class inside the // Debugger extension DLL for debugger process // So we will define them as CHARACTER arrays with appropriate sizes. // This is okay, since we are not really interested in structure as is, // however, we will copy over data block from the debuggee process to // these structure variables in the debugger process. // # define DEFINE_CPP_VAR( className, classVar) \ CHAR classVar[sizeof(className)] # define GET_CPP_VAR_PTR( className, classVar) \ (className * ) &classVar // // // commonly used functions // //////////////////////////////////////////////////////////////// void GetPeb(HANDLE hSourceProcess, PEB ** ppPeb, ULONG_PTR * pId = NULL); void GetTeb(HANDLE hThread,TEB ** ppTeb); void GetCid(HANDLE hThread,CLIENT_ID * pCid); void PrintStackTrace(ULONG_PTR ArrayAddr_OOP,DWORD dwNum,BOOL bOOP); #ifndef KDEXT_64BIT /** Routine to get offset of a "Field" of "Type" on a debugee machine. This uses Ioctl call for type info. Returns 0 on success, Ioctl error value otherwise. **/ __inline ULONG GetFieldOffset ( IN LPCSTR Type, IN LPCSTR Field, OUT PULONG pOffset ) { FIELD_INFO flds = { (PUCHAR)Field, (PUCHAR)"", 0, DBG_DUMP_FIELD_FULL_NAME | DBG_DUMP_FIELD_RETURN_ADDRESS, 0, NULL}; SYM_DUMP_PARAM Sym = { sizeof (SYM_DUMP_PARAM), (PUCHAR)Type, DBG_DUMP_NO_PRINT, 0, NULL, NULL, NULL, 1, &flds }; ULONG Err; Sym.nFields = 1; Err = Ioctl( IG_DUMP_SYMBOL_INFO, &Sym, Sym.size ); *pOffset = (ULONG) (flds.address - Sym.addr); return Err; } #endif # endif // _WMIEXTS_H_