diff options
| author | Adam <you@example.com> | 2020-05-17 05:51:50 +0200 |
|---|---|---|
| committer | Adam <you@example.com> | 2020-05-17 05:51:50 +0200 |
| commit | e611b132f9b8abe35b362e5870b74bce94a1e58e (patch) | |
| tree | a5781d2ec0e085eeca33cf350cf878f2efea6fe5 /private/mvdm/bde/bde.h | |
| download | NT4.0-e611b132f9b8abe35b362e5870b74bce94a1e58e.tar NT4.0-e611b132f9b8abe35b362e5870b74bce94a1e58e.tar.gz NT4.0-e611b132f9b8abe35b362e5870b74bce94a1e58e.tar.bz2 NT4.0-e611b132f9b8abe35b362e5870b74bce94a1e58e.tar.lz NT4.0-e611b132f9b8abe35b362e5870b74bce94a1e58e.tar.xz NT4.0-e611b132f9b8abe35b362e5870b74bce94a1e58e.tar.zst NT4.0-e611b132f9b8abe35b362e5870b74bce94a1e58e.zip | |
Diffstat (limited to 'private/mvdm/bde/bde.h')
| -rw-r--r-- | private/mvdm/bde/bde.h | 382 |
1 files changed, 382 insertions, 0 deletions
diff --git a/private/mvdm/bde/bde.h b/private/mvdm/bde/bde.h new file mode 100644 index 000000000..be48c745e --- /dev/null +++ b/private/mvdm/bde/bde.h @@ -0,0 +1,382 @@ + +// +// Pointers to WINDBG api +// + +extern PNTSD_OUTPUT_ROUTINE Print; +extern PNTSD_GET_EXPRESSION GetExpression; +extern PNTSD_GET_SYMBOL GetSymbol; +//extern PNTSD_DISASM Disassemble; +extern PNTSD_CHECK_CONTROL_C CheckCtrlC; + +extern PWINDBG_READ_PROCESS_MEMORY_ROUTINE ReadProcessMemWinDbg; +extern PWINDBG_WRITE_PROCESS_MEMORY_ROUTINE WriteProcessMemWinDbg; +extern PWINDBG_GET_THREAD_CONTEXT_ROUTINE GetThreadContextWinDbg; +extern PWINDBG_SET_THREAD_CONTEXT_ROUTINE SetThreadContextWinDbg; + +extern fWinDbg; +extern HANDLE hCurrentProcess; +extern HANDLE hCurrentThread; +extern LPSTR lpArgumentString; + +#define PRINTF (* Print) +#define EXPRESSION (* GetExpression) + +#define ReadDword(x) read_dword((ULONG)x, FALSE) +#define ReadWord(x) read_word ((ULONG)x, FALSE) +#define ReadByte(x) read_byte ((ULONG)x, FALSE) +#define ReadDwordSafe(x) read_dword((ULONG)x, TRUE) +#define ReadWordSafe(x) read_word ((ULONG)x, TRUE) +#define ReadByteSafe(x) read_byte ((ULONG)x, TRUE) +#define ReadGNode(x,p) read_gnode((ULONG)x,p,FALSE) +#define ReadGNode32(x,p) read_gnode32((ULONG)x,p,FALSE) + +#define BEFORE 0 +#define AFTER 1 + +#define RPL_MASK 0x78 +#define V86_BITS 0x20000 + +#define SELECTOR_LDT 0x04 +#define SELECTOR_RPL 0x03 + +#define V86_MODE 0 +#define PROT_MODE 1 +#define FLAT_MODE 2 + +#define CALL_NEAR_RELATIVE 0xE8 +#define CALL_NEAR_INDIRECT 0xFF +#define INDIRECT_NEAR_TYPE 0x02 +#define CALL_FAR_ABSOLUTE 0x9A +#define CALL_FAR_INDIRECT 0xFF +#define INDIRECT_FAR_TYPE 0x03 +#define PUSH_CS 0x0E +#define ADD_SP 0xC483 + +#define TYPE_BITS 0x38 +#define TYPE0 0x00 +#define TYPE1 0x08 +#define TYPE2 0x10 +#define TYPE3 0x18 +#define TYPE4 0x20 +#define TYPE5 0x28 +#define TYPE6 0x30 +#define TYPE7 0x38 + +#define MOD_BITS 0xC0 +#define MOD0 0x00 +#define MOD1 0x40 +#define MOD2 0x80 +#define MOD3 0xC0 + +#define RM_BITS 0x07 +#define RM0 0x00 +#define RM1 0x01 +#define RM2 0x02 +#define RM3 0x03 +#define RM4 0x04 +#define RM5 0x05 +#define RM6 0x06 +#define RM7 0x07 + +#define FLAG_OVERFLOW 0x0800 +#define FLAG_DIRECTION 0x0400 +#define FLAG_INTERRUPT 0x0200 +#define FLAG_SIGN 0x0080 +#define FLAG_ZERO 0x0040 +#define FLAG_AUXILLIARY 0x0010 +#define FLAG_PARITY 0x0004 +#define FLAG_CARRY 0x0001 + +#define SEGTYPE_AVAILABLE 0 +#define SEGTYPE_V86 1 +#define SEGTYPE_PROT 2 + +#define MAXSEGENTRY 1024 + +#define WOW16 0 + +#define GA_ENDSIG ((BYTE)0x5a) + +typedef struct _SELECTORINFO { + DWORD Base; + DWORD Limit; + BOOL bCode; + BOOL bSystem; + BOOL bPresent; + BOOL bWrite; + BOOL bAccessed; + BOOL bBig; +} SELECTORINFO; + +typedef struct _segentry { + int type; + LPSTR path_name; + WORD selector; + WORD segment; + DWORD ImgLen; +} SEGENTRY; + +#pragma pack(1) + +typedef struct _GNODE { // GlobalArena + BYTE ga_count ; // lock count for movable segments + WORD ga_owner ; // DOS 2.x 3.x owner field (current task) + WORD ga_size ; // DOS 2.x 3.x size, in paragraphs, not incl. header + BYTE ga_flags ; // 1 byte available for flags + WORD ga_prev ; // previous arena entry (first points to self) + WORD ga_next ; // next arena entry (last points to self) + WORD ga_handle ; // back link to handle table entry + WORD ga_lruprev ; // Previous handle in lru chain + WORD ga_lrunext ; // Next handle in lru chain +} GNODE; +typedef GNODE UNALIGNED *PGNODE; + +typedef struct _GNODE32 { // GlobalArena + DWORD pga_next ; // next arena entry (last points to self) + DWORD pga_prev ; // previous arena entry (first points to self) + DWORD pga_address ; // 32 bit linear address of memory + DWORD pga_size ; // 32 bit size in bytes + WORD pga_handle ; // back link to handle table entry + WORD pga_owner ; // Owner field (current task) + BYTE pga_count ; // lock count for movable segments + BYTE pga_pglock ; // # times page locked + BYTE pga_flags ; // 1 word available for flags + BYTE pga_selcount ; // Number of selectors allocated + DWORD pga_lruprev ; // Previous entry in lru chain + DWORD pga_lrunext ; // Next entry in lru chain +} GNODE32; +typedef GNODE32 UNALIGNED *PGNODE32; + +typedef struct _GHI { + WORD hi_check ; // arena check word (non-zero enables heap checking) + WORD hi_freeze ; // arena frozen word (non-zero prevents compaction) + WORD hi_count ; // #entries in arena + WORD hi_first ; // first arena entry (sentinel, always busy) + WORD hi_last ; // last arena entry (sentinel, always busy) + BYTE hi_ncompact ; // #compactions done so far (max of 3) + BYTE ghi_dislevel; // current discard level + WORD hi_distotal ; // total amount discarded so far + WORD hi_htable ; // head of handle table list + WORD hi_hfree ; // head of free handle table list + WORD hi_hdelta ; // #handles to allocate each time + WORD hi_hexpand ; // address of near procedure to expand handles for + // this arena +} GHI; +typedef GHI UNALIGNED *PGHI; + +typedef struct _GHI32 { + WORD hi_check ; // arena check word (non-zero enables heap checking) + WORD hi_freeze ; // arena frozen word (non-zero prevents compaction) + WORD hi_count ; // #entries in arena + WORD hi_first ; // first arena entry (sentinel, always busy) + WORD hi_res1 ; // reserved + WORD hi_last ; // last arena entry (sentinel, always busy) + WORD hi_res2 ; // reserved + BYTE hi_ncompact ; // #compactions done so far (max of 3) + BYTE hi_dislevel ; // current discard level + DWORD hi_distotal ; // total amount discarded so far + WORD hi_htable ; // head of handle table list + WORD hi_hfree ; // head of free handle table list + WORD hi_hdelta ; // #handles to allocate each time + WORD hi_hexpand ; // address of near procedure to expand handles for this arena + WORD hi_pstats ; // address of statistics table or zero +} GHI32; +typedef GHI32 UNALIGNED *PGHI32; + +typedef struct _HEAPENTRY { + GNODE32 gnode; + DWORD CurrentEntry; + DWORD NextEntry; + WORD Selector; + int SegmentNumber; + char OwnerName[9]; + char FileName[9]; +} HEAPENTRY; + +typedef struct _NEHEADER { + WORD ne_magic ; + BYTE ne_ver ; + BYTE ne_rev ; + WORD ne_enttab ; + WORD ne_cbenttab ; + DWORD ne_crc ; + WORD ne_flags ; + WORD ne_autodata ; + WORD ne_heap ; + WORD ne_stack ; + DWORD ne_csip ; + DWORD ne_sssp ; + WORD ne_cseg ; + WORD ne_cmod ; + WORD ne_cbnrestab ; + WORD ne_segtab ; + WORD ne_rsrctab ; + WORD ne_restab ; + WORD ne_modtab ; + WORD ne_imptab ; + DWORD ne_nrestab ; + WORD ne_cmovent ; + WORD ne_align ; + WORD ne_cres ; + BYTE ne_exetyp ; + BYTE ne_flagsothers ; + WORD ne_pretthunks ; + WORD ne_psegrefbytes; + WORD ne_swaparea ; + WORD ne_expver ; +} NEHEADER; +typedef NEHEADER UNALIGNED *PNEHEADER; + +#pragma pack() + + +#ifndef i386 + +// +// Structures in 486 cpu for obtaining registers (FROM NT_CPU.C) +// + +typedef struct NT_CPU_REG { + ULONG *nano_reg; /* where the nano CPU keeps the register */ + ULONG *reg; /* where the light compiler keeps the reg */ + ULONG *saved_reg; /* where currently unused bits are kept */ + ULONG universe_8bit_mask;/* is register in 8-bit form? */ + ULONG universe_16bit_mask;/* is register in 16-bit form? */ +} NT_CPU_REG; + +typedef struct NT_CPU_INFO { + /* Variables for deciding what mode we're in */ + BOOL *in_nano_cpu; /* is the Nano CPU executing? */ + ULONG *universe; /* the mode that the CPU is in */ + + /* General purpose register pointers */ + NT_CPU_REG eax, ebx, ecx, edx, esi, edi, ebp; + + /* Variables for getting SP or ESP. */ + BOOL *stack_is_big; /* is the stack 32-bit? */ + ULONG *nano_esp; /* where the Nano CPU keeps ESP */ + UCHAR **host_sp; /* ptr to variable holding stack pointer as a + host address */ + UCHAR **ss_base; /* ptr to variables holding base of SS as a + host address */ + ULONG *esp_sanctuary; /* top 16 bits of ESP if we're now using SP */ + + ULONG *eip; + + /* Segment registers. */ + USHORT *cs, *ds, *es, *fs, *gs, *ss; + + ULONG *flags; + + /* CR0, mainly to let us figure out if we're in real or protect mode */ + ULONG *cr0; +} NT_CPU_INFO; + + +#endif // i386 + + + +BOOL +WINAPI +ReadProcessMem( + HANDLE hProcess, + LPVOID lpBaseAddress, + LPVOID lpBuffer, + DWORD nSize, + LPDWORD lpNumberOfBytesRead + ); + +BOOL +WINAPI +WriteProcessMem( + HANDLE hProcess, + LPVOID lpBaseAddress, + LPVOID lpBuffer, + DWORD nSize, + LPDWORD lpNumberOfBytesWritten + ); + +BOOL +CheckGlobalHeap( + VOID + ); + +int GetContext( + VDMCONTEXT* lpContext +); + +ULONG GetInfoFromSelector( + WORD selector, + int mode, + SELECTORINFO *si +); + +BOOL +FindHeapEntry( + HEAPENTRY *he, + BOOL bFindAny + ); + +BOOL FindSymbol( + WORD selector, + LONG offset, + LPSTR sym_text, + LONG *dist, + int direction, + int mode +); + +ULONG GetIntelBase( + VOID +); + +DWORD read_dword( + ULONG lpAddress, + BOOL bSafe +); + +WORD read_word( + ULONG lpAddress, + BOOL bSafe +); + +BYTE read_byte( + ULONG lpAddress, + BOOL bSafe +); + +BOOL read_gnode( + ULONG lpAddress, + PGNODE p, + BOOL bSafe +); + +BOOL read_gnode32( + ULONG lpAddress, + PGNODE32 p, + BOOL bSafe +); + +BOOL GetNextToken( + VOID + ); + +BOOL ParseIntelAddress( + int *pMode, + WORD *pSelector, + PULONG pOffset + ); + +VOID DumpRegs (VOID); +VOID DumpMemory (UINT); +VOID DumpGHeap (VOID); +VOID DumpDescriptor (VOID); +VOID EvaluateSymbol (VOID); +VOID ListModules (VOID); +VOID ListNear (VOID); +VOID TaskInfo (VOID); +VOID WalkStack (VOID); +VOID WalkStackVerbose (VOID); +VOID Unassemble (VOID); |