/*++ Copyright (c) 1995 Microsoft Corporation Module Name: apimon.h Abstract: Common types & structures for the APIMON projects. Author: Wesley Witt (wesw) 28-June-1995 Environment: User Mode --*/ #ifndef _APIMON_ #define _APIMON_ #ifdef __cplusplus #define CLINKAGE extern "C" #else #define CLINKAGE #endif #define TROJANDLL "apidll.dll" #define MAX_NAME_SZ 32 #define MAX_DLLS 512 #define MEGABYTE (1024*1024) #define MAX_MEM_ALLOC (MEGABYTE*32) #define MAX_APIS ((MAX_MEM_ALLOC/2)/sizeof(API_INFO)) #define THUNK_SIZE MEGABYTE #define Align(p,x) (((x) & ((p)-1)) ? (((x) & ~((p)-1)) + p) : (x)) #define KERNEL32 "kernel32.dll" #define NTDLL "ntdll.dll" #define USER32 "user32.dll" #define WNDPROCDLL "wndprocs" #define LOADLIBRARYA "LoadLibraryA" #define LOADLIBRARYW "LoadLibraryW" #define FREELIBRARY "FreeLibrary" #define GETPROCADDRESS "GetProcAddress" #define REGISTERCLASSA "RegisterClassA" #define REGISTERCLASSW "RegisterClassW" #define SETWINDOWLONGA "SetWindowLongA" #define SETWINDOWLONGW "SetWindowLongW" #define ALLOCATEHEAP "RtlAllocateHeap" #define CREATEHEAP "RtlCreateHeap" #if defined(_ALPHA_) #define UPPER_ADDR(_addr) LOWORD(((LONG_PTR)(_addr) >> 32) + (HIGH_ADDR((_addr)) >> 15)) #define HIGH_ADDR(_addr) LOWORD(HIWORD((_addr)) + (LOWORD((_addr)) >> 15)) #define LOW_ADDR(_addr) LOWORD((_addr)) #endif // // api table type definitions // #define DFLT_TRACE_ARGS 8 #define MAX_TRACE_ARGS 8 // // Handle type, index corresponds to the entries in the alias array // enum Handles { T_HACCEL, T_HANDLE, T_HBITMAP, T_HBRUSH, T_HCURSOR, T_HDC, T_HDCLPPOINT, T_HDESK, T_HDWP, T_HENHMETAFILE, T_HFONT, T_HGDIOBJ, T_HGLOBAL, T_HGLRC, T_HHOOK, T_HICON, T_HINSTANCE, T_HKL, T_HMENU, T_HMETAFILE, T_HPALETTE, T_HPEN, T_HRGN, T_HWINSTA, T_HWND}; #define T_DWORD 101 #define T_LPSTR 102 #define T_LPWSTR 103 #define T_UNISTR 104 // UNICODE string (counted) #define T_OBJNAME 105 // Name from OBJECT_ATTRIBUTES struct #define T_LPSTRC 106 // Counted string (count is following arg) #define T_LPWSTRC 107 // Counted UNICODE string (count is following arg) #define T_DWORDPTR 108 // Indirect DWORD #define T_DLONGPTR 109 // Indirect DWORDLONG // User macro for creating T_DWPTR type with offset encoded in high word #define T_PDWORD(off) (((off)<<16) + T_DWORDPTR) #define T_PDLONG(off) (((off)<<16) + T_DLONGPTR) #define T_PSTR(off) (((off)<<16) + T_LPSTR) #define T_PWSTR(off) (((off)<<16) + T_LPWSTR) // // api trace modes #define API_TRACE 1 // Trace this api #define API_FULLTRACE 2 // Trace this api and its callees typedef struct _API_TABLE { LPSTR Name; ULONG RetType; ULONG ArgCount; ULONG ArgType[MAX_TRACE_ARGS]; } API_TABLE, *PAPI_TABLE; typedef struct _API_MASTER_TABLE { LPSTR Name; BOOL Processed; PAPI_TABLE ApiTable; } API_MASTER_TABLE, *PAPI_MASTER_TABLE; typedef struct _API_INFO { ULONG Name; ULONG_PTR Address; ULONG_PTR ThunkAddress; ULONG Count; DWORDLONG Time; DWORDLONG CalleeTime; ULONG NestCount; ULONG TraceEnabled; PAPI_TABLE ApiTable; ULONG_PTR HardFault; ULONG_PTR SoftFault; ULONG_PTR CodeFault; ULONG_PTR DataFault; ULONG Size; ULONG ApiTableIndex; ULONG_PTR DllOffset; } API_INFO, *PAPI_INFO; typedef struct _DLL_INFO { CHAR Name[MAX_NAME_SZ]; ULONG_PTR BaseAddress; ULONG Size; ULONG ApiCount; ULONG ApiOffset; ULONG Unloaded; ULONG Enabled; ULONG OrigEnable; ULONG Snapped; ULONG InList; ULONG StaticProfile; ULONG Hits; ULONG LoadCount; } DLL_INFO, *PDLL_INFO; typedef struct _TRACE_ENTRY { ULONG SizeOfStruct; ULONG_PTR Address; ULONG_PTR ReturnValue; ULONG LastError; ULONG_PTR Caller; ULONG ApiTableIndex; DWORDLONG EnterTime; DWORDLONG Duration; ULONG ThreadNum; ULONG Level; ULONG_PTR Args[MAX_TRACE_ARGS]; } TRACE_ENTRY, *PTRACE_ENTRY; typedef struct _TRACE_BUFFER { ULONG Size; ULONG Offset; ULONG Count; TRACE_ENTRY Entry[1]; } TRACE_BUFFER, *PTRACE_BUFFER; #endif