forked from zxd1994/vt-debuuger
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathTxoo.h
66 lines (60 loc) · 2.59 KB
/
Txoo.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
#include "ntddk.h"
typedef struct _DbgProcess
{
LIST_ENTRY64 DbgProcessList;
PEPROCESS DebugProcess;
PEPROCESS Process;
POBJECT_TYPE DebugObject;
HANDLE DbgHanle;
}DbgProcess, *PDbgProcess;
typedef NTSTATUS(__fastcall *pfNtCreateDebugObject)(
OUT PHANDLE DebugObjectHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN ULONG Flags
);
typedef NTSTATUS(
__fastcall*
pfNtDebugActiveProcess)(IN HANDLE ProcessHandle,
IN HANDLE DebugHandle);
typedef
NTSTATUS(
__fastcall* pfNtWaitForDebugEvent)(IN HANDLE DebugHandle,
IN BOOLEAN Alertable,
IN PLARGE_INTEGER Timeout OPTIONAL,
OUT ULONG64 StateChange);
typedef
NTSTATUS(
__fastcall*
pfNtDebugContinue)(IN HANDLE DebugHandle,
IN PCLIENT_ID AppClientId,
IN NTSTATUS ContinueStatus);
typedef
NTSTATUS
(__fastcall*
pfNtRemoveProcessDebug)(IN HANDLE ProcessHandle,
IN HANDLE DebugHandle);
typedef NTSTATUS (__fastcall *pfDbgkpQueueMessage)(IN PEPROCESS Process, IN PETHREAD Thread, IN OUT ULONG64 ApiMsg, IN ULONG Flags, IN ULONG64 TargetDebugObject);
typedef VOID(__fastcall *pfDbgkMapViewOfSection)(IN PVOID Processs,
IN PVOID Section,
IN ULONG BaseAddress
);
typedef VOID(__fastcall *pfDbgkUnMapViewOfSection)(IN PEPROCESS PROCESS, IN PVOID BaseAddress);
typedef NTSTATUS (__fastcall *pfDbgkOpenProcessDebugPort)(IN PEPROCESS Process, IN KPROCESSOR_MODE PreviousMode, OUT HANDLE *DebugHandle);
typedef VOID(__fastcall *pfDbgkCopyProcessDebugPort)(IN PEPROCESS Process, IN PEPROCESS Parent, IN ULONG64 unknow, IN ULONG64 unknow1);
typedef BOOLEAN( __fastcall *pfDbgkForwardException)(IN PEXCEPTION_RECORD ExceptionRecord, IN BOOLEAN DebugPort, IN BOOLEAN SecondChance);
extern pfNtCreateDebugObject ori_pslp40;//pfNtCreateDebugObject
extern pfNtDebugActiveProcess ori_pslp43;//pfNtDebugActiveProcess
extern pfNtWaitForDebugEvent ori_pslp41;//pfNtWaitForDebugEvent
extern pfNtDebugContinue ori_pslp42;//pfNtDebugContinue
extern pfNtRemoveProcessDebug ori_pslp44;//pfNtRemoveProcessDebug
extern pfDbgkForwardException ori_pslp3;//pfDbgkForwardException
extern pfDbgkCopyProcessDebugPort ori_pslp2;//pfDbgkCopyProcessDebugPort
extern pfDbgkOpenProcessDebugPort ori_pslp4;//pfDbgkOpenProcessDebugPort
extern pfDbgkUnMapViewOfSection ori_pslp5;//pfDbgkUnMapViewOfSection
extern pfDbgkMapViewOfSection ori_pslp6; //pfDbgkMapViewOfSection
extern pfDbgkpQueueMessage ori_pslp11;//pfDbgkpQueueMessage
VOID NTAPI Debug_ExFreeItem(PDbgProcess Item);
PDbgProcess Debug_FindMyNeedData(PDbgProcess DbgStruct);
PDbgProcess Debug_AddStructToList(PDbgProcess DbgStruct);
EXTERN_C VOID InitialzeDbgprocessList();