2012-07-27 18:28:50 +08:00
|
|
|
#pragma once
|
|
|
|
|
|
2012-08-07 00:14:56 +08:00
|
|
|
#include "dbgmem.h"
|
2012-08-07 19:15:23 +08:00
|
|
|
#include "variant.h"
|
2012-08-07 00:14:56 +08:00
|
|
|
|
2012-07-27 18:28:50 +08:00
|
|
|
namespace pykd {
|
|
|
|
|
|
|
|
|
|
// manage debug target
|
2013-10-31 16:10:01 +08:00
|
|
|
ULONG startProcess( const std::wstring &processName, bool debugChildren = false );
|
2012-10-16 13:57:48 +08:00
|
|
|
ULONG attachProcess( ULONG pid );
|
2013-09-02 23:11:32 +08:00
|
|
|
void attachKernel( const std::string &connectOptions = "" );
|
|
|
|
|
bool isLocalKernelDebuggerEnabled();
|
2012-07-27 18:28:50 +08:00
|
|
|
void detachProcess( ULONG processId = -1);
|
|
|
|
|
void terminateProcess( ULONG processId = -1);
|
|
|
|
|
|
2012-08-13 19:34:26 +08:00
|
|
|
void loadDump( const std::wstring &fileName );
|
2013-01-09 15:07:42 +08:00
|
|
|
void writeDump( const std::wstring &fileNamem, bool smallDump );
|
2012-08-13 19:34:26 +08:00
|
|
|
|
|
|
|
|
bool isDumpAnalyzing();
|
|
|
|
|
bool isKernelDebugging();
|
|
|
|
|
|
2012-07-27 18:28:50 +08:00
|
|
|
void debugGo();
|
2012-08-17 15:08:33 +08:00
|
|
|
void debugStep();
|
|
|
|
|
void debugStepIn();
|
2012-08-16 23:31:51 +08:00
|
|
|
void debugBreak();
|
2013-10-17 21:34:07 +08:00
|
|
|
std::wstring debugCommand( const std::wstring &command );
|
2013-09-12 00:21:50 +08:00
|
|
|
BaseTypeVariant evaluate( const std::wstring &expression, bool cplusplus = false );
|
2012-07-27 18:28:50 +08:00
|
|
|
|
2012-08-14 18:53:05 +08:00
|
|
|
// debug output
|
|
|
|
|
void dprint( const std::wstring &str, bool dml = false );
|
|
|
|
|
void dprintln( const std::wstring &str, bool dml = false );
|
2013-10-17 21:34:07 +08:00
|
|
|
std::wstring dreadline();
|
2012-08-14 18:53:05 +08:00
|
|
|
void eprint( const std::wstring &str );
|
|
|
|
|
void eprintln( const std::wstring &str );
|
|
|
|
|
|
2012-07-31 23:53:49 +08:00
|
|
|
// system properties
|
|
|
|
|
ULONG ptrSize();
|
2012-08-07 19:15:23 +08:00
|
|
|
bool is64bitSystem();
|
2012-08-17 15:15:10 +08:00
|
|
|
ULONG getPageSize();
|
2013-01-21 15:58:54 +08:00
|
|
|
ULONG getSystemUptime();
|
|
|
|
|
ULONG getCurrentTime();
|
2012-07-31 23:53:49 +08:00
|
|
|
|
2013-05-01 19:27:29 +08:00
|
|
|
struct SystemVersion {
|
|
|
|
|
ULONG platformId;
|
|
|
|
|
ULONG win32Major;
|
|
|
|
|
ULONG win32Minor;
|
|
|
|
|
ULONG buildNumber;
|
|
|
|
|
std::string buildString;
|
|
|
|
|
std::string servicePackString;
|
|
|
|
|
bool isCheckedBuild;
|
|
|
|
|
};
|
|
|
|
|
typedef boost::shared_ptr< SystemVersion > SystemVersionPtr;
|
|
|
|
|
|
|
|
|
|
SystemVersionPtr getSystemVersion();
|
|
|
|
|
|
|
|
|
|
// manage debug module
|
2012-07-27 18:28:50 +08:00
|
|
|
ULONG64 findModuleBase( const std::string &moduleName );
|
|
|
|
|
ULONG64 findModuleBase( ULONG64 offset );
|
2012-08-02 17:14:03 +08:00
|
|
|
ULONG64 findModuleBySymbol( const std::string &symbolName );
|
2012-07-27 18:28:50 +08:00
|
|
|
std::string getModuleName( ULONG64 baseOffset );
|
2012-08-01 00:47:26 +08:00
|
|
|
std::string getModuleImageName( ULONG64 baseOffset );
|
2012-08-15 20:56:37 +08:00
|
|
|
ULONG getModuleSize( ULONG64 baseOffset );
|
2012-07-31 21:40:05 +08:00
|
|
|
std::string getModuleSymbolFileName( ULONG64 baseOffset );
|
2012-08-01 00:47:26 +08:00
|
|
|
ULONG getModuleTimeStamp( ULONG64 baseOffset );
|
|
|
|
|
ULONG getModuleCheckSum( ULONG64 baseOffset );
|
2013-04-09 15:45:00 +08:00
|
|
|
bool isModuleUnloaded( ULONG64 baseOffset );
|
|
|
|
|
bool isModuleUserMode( ULONG64 baseOffset );
|
2012-12-24 16:22:36 +08:00
|
|
|
std::string getModuleVersionInfo( ULONG64 baseOffset, const std::string &value );
|
|
|
|
|
void getModuleFileVersion( ULONG64 baseOffset, USHORT &majorHigh, USHORT &majorLow, USHORT &minorHigh, USHORT &minorLow );
|
2012-07-27 18:28:50 +08:00
|
|
|
|
2012-08-07 19:15:23 +08:00
|
|
|
// CPU registers
|
|
|
|
|
ULONG getRegIndexByName( const std::string ®Name );
|
|
|
|
|
std::string getRegNameByIndex( ULONG index );
|
|
|
|
|
BaseTypeVariant getRegVariantValue( ULONG index );
|
2012-08-07 19:43:38 +08:00
|
|
|
ULONG64 getRegInstructionPointer();
|
2012-08-07 19:15:23 +08:00
|
|
|
|
2012-11-20 13:36:48 +08:00
|
|
|
ULONG64 loadMSR( ULONG msr );
|
|
|
|
|
void setMSR( ULONG msr, ULONG64 value);
|
|
|
|
|
std::string getProcessorMode();
|
|
|
|
|
std::string getProcessorType();
|
|
|
|
|
void setProcessorMode( const std::string &mode );
|
|
|
|
|
|
2012-08-08 16:01:25 +08:00
|
|
|
// Stack and local variables
|
|
|
|
|
struct STACK_FRAME_DESC {
|
|
|
|
|
ULONG number;
|
|
|
|
|
ULONG64 instructionOffset;
|
|
|
|
|
ULONG64 returnOffset;
|
|
|
|
|
ULONG64 frameOffset;
|
|
|
|
|
ULONG64 stackOffset;
|
|
|
|
|
};
|
2012-07-31 21:40:05 +08:00
|
|
|
|
2012-12-25 15:15:09 +08:00
|
|
|
void getCurrentFrame(STACK_FRAME_DESC &frame );
|
2012-09-04 22:58:50 +08:00
|
|
|
void getStackTrace(std::vector<STACK_FRAME_DESC> &frames);
|
2012-12-08 15:21:43 +08:00
|
|
|
void getStackTraceWow64(std::vector<STACK_FRAME_DESC> &frames);
|
|
|
|
|
|
2012-09-17 20:01:59 +08:00
|
|
|
// callback events
|
|
|
|
|
|
|
|
|
|
enum DEBUG_CALLBACK_RESULT {
|
2012-10-02 18:40:38 +08:00
|
|
|
DebugCallbackProceed = 0,
|
|
|
|
|
DebugCallbackNoChange = 1,
|
|
|
|
|
DebugCallbackBreak = 2,
|
|
|
|
|
DebugCallbackMax = 3
|
2012-09-17 20:01:59 +08:00
|
|
|
};
|
|
|
|
|
|
2012-12-19 00:28:04 +08:00
|
|
|
struct ExceptionInfo {
|
|
|
|
|
|
|
|
|
|
bool FirstChance;
|
|
|
|
|
|
|
|
|
|
ULONG ExceptionCode; /* NTSTATUS */
|
|
|
|
|
ULONG ExceptionFlags;
|
|
|
|
|
ULONG64 ExceptionRecord;
|
|
|
|
|
ULONG64 ExceptionAddress;
|
|
|
|
|
|
|
|
|
|
std::vector<ULONG64> Parameters;
|
|
|
|
|
|
|
|
|
|
ExceptionInfo(ULONG FirstChance, const EXCEPTION_RECORD64 &Exception);
|
|
|
|
|
|
|
|
|
|
python::list getParameters() const;
|
|
|
|
|
std::string print() const;
|
|
|
|
|
};
|
|
|
|
|
typedef boost::shared_ptr< ExceptionInfo > ExceptionInfoPtr;
|
2012-09-17 20:01:59 +08:00
|
|
|
|
|
|
|
|
struct DEBUG_EVENT_CALLBACK {
|
|
|
|
|
|
2012-10-03 20:11:28 +08:00
|
|
|
virtual DEBUG_CALLBACK_RESULT OnBreakpoint( ULONG bpId ) = 0;
|
2012-10-15 16:00:33 +08:00
|
|
|
virtual DEBUG_CALLBACK_RESULT OnModuleLoad( ULONG64 offset, const std::string &name ) = 0;
|
|
|
|
|
virtual DEBUG_CALLBACK_RESULT OnModuleUnload( ULONG64 offset, const std::string &name ) = 0;
|
2012-12-19 00:28:04 +08:00
|
|
|
virtual DEBUG_CALLBACK_RESULT OnException( ExceptionInfoPtr exceptInfo ) = 0;
|
2013-03-12 15:08:01 +08:00
|
|
|
virtual void onExecutionStatusChange( ULONG executionStatus ) = 0;
|
2013-03-29 02:28:42 +08:00
|
|
|
virtual void onSymbolsLoaded(ULONG64 modBase) = 0;
|
|
|
|
|
virtual void onSymbolsUnloaded(ULONG64 modBase OPTIONAL) = 0;
|
2012-12-19 00:28:04 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
enum EVENT_TYPE {
|
|
|
|
|
EventTypeBreakpoint = 0x0001,
|
|
|
|
|
EventTypeException = 0x0002,
|
|
|
|
|
EventTypeCreateThread = 0x0004,
|
|
|
|
|
EventTypeExitThread = 0x0008,
|
|
|
|
|
EventTypeCreateProcess = 0x0010,
|
|
|
|
|
EventTypeExitProcess = 0x0020,
|
|
|
|
|
EventTypeLoadModule = 0x0040,
|
|
|
|
|
EventTypeUnloadModule = 0x0080,
|
|
|
|
|
EventTypeSystemError = 0x0100,
|
|
|
|
|
EventTypeSessionStatus = 0x0200,
|
|
|
|
|
EventTypeChangeDebuggeeState = 0x0400,
|
|
|
|
|
EventTypeChangeEngineState = 0x0800,
|
|
|
|
|
EventTypeChangeSymbolState = 0x1000,
|
|
|
|
|
|
|
|
|
|
EventTypeMax,
|
2012-09-17 20:01:59 +08:00
|
|
|
};
|
|
|
|
|
|
2012-12-19 00:28:04 +08:00
|
|
|
EVENT_TYPE getLastEventType();
|
|
|
|
|
ExceptionInfoPtr getLastExceptionInfo();
|
|
|
|
|
|
2013-02-12 23:49:34 +08:00
|
|
|
|
2013-03-12 15:08:01 +08:00
|
|
|
enum EXECUTION_STATUS {
|
|
|
|
|
DebugStatusNoChange = 0,
|
|
|
|
|
DebugStatusGo = 1,
|
|
|
|
|
DebugStatusBreak = 6,
|
|
|
|
|
DebugStatusNoDebuggee = 7
|
|
|
|
|
};
|
|
|
|
|
|
2013-10-16 21:27:13 +08:00
|
|
|
enum DEBUG_ACCESS_TYPE {
|
|
|
|
|
DebugAccessRead = 0x00000001,
|
|
|
|
|
DebugAccessWrite = 0x00000002,
|
|
|
|
|
DebugAccessExecute = 0x00000004,
|
|
|
|
|
DebugAccessIo = 0x00000008
|
|
|
|
|
};
|
|
|
|
|
|
2013-02-12 23:49:34 +08:00
|
|
|
struct BUG_CHECK_DATA
|
|
|
|
|
{
|
|
|
|
|
ULONG code;
|
|
|
|
|
ULONG64 arg1;
|
|
|
|
|
ULONG64 arg2;
|
|
|
|
|
ULONG64 arg3;
|
|
|
|
|
ULONG64 arg4;
|
|
|
|
|
};
|
|
|
|
|
void readBugCheckData(BUG_CHECK_DATA &bugCheckData);
|
|
|
|
|
|
2012-09-17 20:01:59 +08:00
|
|
|
void eventRegisterCallbacks( const DEBUG_EVENT_CALLBACK *callbacks );
|
2012-10-02 18:40:38 +08:00
|
|
|
void eventRemoveCallbacks( const DEBUG_EVENT_CALLBACK *callbacks );
|
2012-09-17 20:01:59 +08:00
|
|
|
|
2012-08-17 15:45:07 +08:00
|
|
|
//breakpoints
|
|
|
|
|
ULONG breakPointSet( ULONG64 offset, bool hardware = false, ULONG size = 0, ULONG accessType = 0 );
|
2012-08-17 15:54:49 +08:00
|
|
|
void breakPointRemove( ULONG id );
|
|
|
|
|
void breakPointRemoveAll();
|
2012-08-17 15:45:07 +08:00
|
|
|
|
2012-10-04 13:57:48 +08:00
|
|
|
// processes end threads
|
|
|
|
|
ULONG64 getCurrentProcess();
|
2013-03-12 15:08:01 +08:00
|
|
|
ULONG getCurrentProcessId();
|
2012-10-04 13:57:48 +08:00
|
|
|
ULONG64 getImplicitThread();
|
2013-03-12 15:08:01 +08:00
|
|
|
ULONG getCurrentThreadId();
|
2012-10-04 13:57:48 +08:00
|
|
|
void setCurrentProcess( ULONG64 processAddr );
|
|
|
|
|
void setImplicitThread( ULONG64 threadAddr );
|
2012-12-21 22:34:47 +08:00
|
|
|
void getAllProcessThreads( std::vector<ULONG64> &threadsArray );
|
2013-04-30 01:35:09 +08:00
|
|
|
std::string getCurrentProcessExecutableName();
|
2012-10-04 13:57:48 +08:00
|
|
|
|
2012-10-09 01:25:35 +08:00
|
|
|
// Symbol path
|
2012-10-08 23:08:08 +08:00
|
|
|
std::string getSymbolPath();
|
|
|
|
|
void setSymbolPath(const std::string &symPath);
|
|
|
|
|
void appendSymbolPath(const std::string &symPath);
|
|
|
|
|
|
2012-10-16 14:39:42 +08:00
|
|
|
// Extensions
|
|
|
|
|
ULONG64 loadExtension(const std::wstring &extPath );
|
|
|
|
|
void removeExtension( ULONG64 extHandle );
|
2013-10-17 21:34:07 +08:00
|
|
|
std::wstring callExtension( ULONG64 extHandle, const std::wstring command, const std::wstring ¶ms );
|
2012-10-16 14:39:42 +08:00
|
|
|
|
2012-07-27 18:28:50 +08:00
|
|
|
};
|
|
|
|
|
|
