222 lines
5.8 KiB
C
222 lines
5.8 KiB
C
/*++
|
|
|
|
Copyright (c) 2000-2001 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
wmiexts.h
|
|
|
|
Author:
|
|
|
|
Ivan Brugiolo
|
|
|
|
Revision History:
|
|
|
|
--*/
|
|
|
|
# ifndef _WMIEXTS_H_
|
|
# define _WMIEXTS_H_
|
|
|
|
#ifdef _WIN64
|
|
#define KDEXT_64BIT
|
|
#else
|
|
#define KDEXT_32BIT
|
|
#endif
|
|
|
|
#ifdef KDEXT_64BIT
|
|
#define MEMORY_ADDRESS ULONG64
|
|
#else
|
|
#define MEMORY_ADDRESS ULONG_PTR
|
|
#endif
|
|
|
|
#include <nt.h>
|
|
#include <ntrtl.h>
|
|
#include <nturtl.h>
|
|
#include <ntexapi.h>
|
|
|
|
#ifdef PowerSystemMaximum
|
|
#undef PowerSystemMaximum
|
|
#endif
|
|
|
|
#include <windows.h>
|
|
|
|
#include <wdbgexts.h>
|
|
|
|
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <wchar.h>
|
|
#include <stdlib.h>
|
|
|
|
|
|
//
|
|
// To obtain the private & protected members of C++ class,
|
|
// let me fake the "private" keyword
|
|
//
|
|
# define private public
|
|
# define protected public
|
|
|
|
|
|
//
|
|
// Turn off dllexp et al so this DLL won't export tons of unnecessary garbage.
|
|
//
|
|
|
|
|
|
|
|
/************************************************************
|
|
* Macro Definitions
|
|
************************************************************/
|
|
|
|
extern WINDBG_EXTENSION_APIS ExtensionApis;
|
|
extern HANDLE ExtensionCurrentProcess;
|
|
extern USHORT g_MajorVersion;
|
|
extern USHORT g_MinorVersion;
|
|
|
|
|
|
|
|
|
|
#define moveBlock(dst, src, size)\
|
|
__try {\
|
|
ReadMemory( (ULONG_PTR)(src), (PVOID)&(dst), (size), NULL);\
|
|
} __except (EXCEPTION_EXECUTE_HANDLER) {\
|
|
return;\
|
|
}
|
|
|
|
#define MoveWithRet(dst, src, retVal)\
|
|
__try {\
|
|
ReadMemory( (ULONG_PTR)(src), (PVOID)&(dst), sizeof(dst), NULL);\
|
|
} __except (EXCEPTION_EXECUTE_HANDLER) {\
|
|
return retVal;\
|
|
}
|
|
|
|
#define MoveBlockWithRet(dst, src, size, retVal)\
|
|
__try {\
|
|
ReadMemory( (ULONG_PTR)(src), (PVOID)&(dst), (size), NULL);\
|
|
} __except (EXCEPTION_EXECUTE_HANDLER) {\
|
|
return retVal;\
|
|
}
|
|
|
|
#ifdef _WIN64
|
|
#define INIT_API() \
|
|
LPSTR lpArgumentString = (LPSTR)args; \
|
|
ExtensionCurrentProcess = hCurrentProcess;
|
|
#else
|
|
#define INIT_API() \
|
|
LPSTR lpArgumentString = (LPSTR)args; \
|
|
ExtensionCurrentProcess = hCurrentProcess; \
|
|
if (ExtensionApis.nSize != sizeof(WINDBG_EXTENSION_APIS)){ \
|
|
WINDBG_OLD_EXTENSION_APIS * pOld = (WINDBG_OLD_EXTENSION_APIS *)&ExtensionApis; \
|
|
*pOld = *((WINDBG_OLD_EXTENSION_APIS *)dwProcessor); \
|
|
}
|
|
#endif
|
|
|
|
|
|
# define BoolValue( b) ((b) ? " TRUE" : " FALSE")
|
|
|
|
|
|
#define DumpDword( symbol ) \
|
|
{ \
|
|
ULONG_PTR dw = 0; \
|
|
if (ExtensionApis.nSize != sizeof(WINDBG_EXTENSION_APIS)){ \
|
|
dw = GetExpression( "&" symbol ); \
|
|
} else { \
|
|
dw = GetExpression( symbol ); \
|
|
}; \
|
|
\
|
|
ULONG_PTR dwValue = 0; \
|
|
if ( dw ) \
|
|
{ \
|
|
if ( ReadMemory( (ULONG_PTR) dw, \
|
|
&dwValue, \
|
|
sizeof(dwValue), \
|
|
NULL )) \
|
|
{ \
|
|
dprintf( "\t" symbol " = %8d (0x%p)\n", \
|
|
dwValue, \
|
|
dwValue ); \
|
|
} \
|
|
} \
|
|
}
|
|
|
|
|
|
//
|
|
// C++ Structures typically require the constructors and most times
|
|
// we may not have default constructors
|
|
// => trouble in defining a copy of these struct/class inside the
|
|
// Debugger extension DLL for debugger process
|
|
// So we will define them as CHARACTER arrays with appropriate sizes.
|
|
// This is okay, since we are not really interested in structure as is,
|
|
// however, we will copy over data block from the debuggee process to
|
|
// these structure variables in the debugger process.
|
|
//
|
|
# define DEFINE_CPP_VAR( className, classVar) \
|
|
CHAR classVar[sizeof(className)]
|
|
|
|
# define GET_CPP_VAR_PTR( className, classVar) \
|
|
(className * ) &classVar
|
|
|
|
//
|
|
//
|
|
// commonly used functions
|
|
//
|
|
////////////////////////////////////////////////////////////////
|
|
|
|
void GetPeb(HANDLE hSourceProcess, PEB ** ppPeb, ULONG_PTR * pId = NULL);
|
|
void GetTeb(HANDLE hThread,TEB ** ppTeb);
|
|
void GetCid(HANDLE hThread,CLIENT_ID * pCid);
|
|
|
|
void PrintStackTrace(ULONG_PTR ArrayAddr_OOP,DWORD dwNum,BOOL bOOP);
|
|
|
|
#ifndef KDEXT_64BIT
|
|
|
|
/**
|
|
|
|
Routine to get offset of a "Field" of "Type" on a debugee machine. This uses
|
|
Ioctl call for type info.
|
|
Returns 0 on success, Ioctl error value otherwise.
|
|
|
|
**/
|
|
|
|
__inline
|
|
ULONG
|
|
GetFieldOffset (
|
|
IN LPCSTR Type,
|
|
IN LPCSTR Field,
|
|
OUT PULONG pOffset
|
|
)
|
|
{
|
|
FIELD_INFO flds = {
|
|
(PUCHAR)Field,
|
|
(PUCHAR)"",
|
|
0,
|
|
DBG_DUMP_FIELD_FULL_NAME | DBG_DUMP_FIELD_RETURN_ADDRESS,
|
|
0,
|
|
NULL};
|
|
|
|
SYM_DUMP_PARAM Sym = {
|
|
sizeof (SYM_DUMP_PARAM),
|
|
(PUCHAR)Type,
|
|
DBG_DUMP_NO_PRINT,
|
|
0,
|
|
NULL,
|
|
NULL,
|
|
NULL,
|
|
1,
|
|
&flds
|
|
};
|
|
|
|
ULONG Err;
|
|
|
|
Sym.nFields = 1;
|
|
Err = Ioctl( IG_DUMP_SYMBOL_INFO, &Sym, Sym.size );
|
|
*pOffset = (ULONG) (flds.address - Sym.addr);
|
|
return Err;
|
|
}
|
|
|
|
|
|
|
|
#endif
|
|
|
|
# endif // _WMIEXTS_H_
|