noury/mirror-ac
1
0
Fork 0
mirror of https://github.com/donnaskiez/ac.git synced 2024-11-21 22:24:08 +01:00
Code Issues Projects Releases Packages Wiki Activity

DIE

Browse source
This commit is contained in:
lhodges1 2023-11-01 03:22:04 +11:00
parent f023ee5d98
commit 7d5714a982
8 changed files with 0 additions and 600 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
ac.sln
View file

@ -11,8 +11,6 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "service", "service\service.
EndProject
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "server", "server\server.csproj", "{4D0777F0-2D3D-4FD7-9C0F-CD4DEC1A99E9}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "debuglib", "debuglib\debuglib.vcxproj", "{E21EB277-0001-4AD3-9131-06098BAF81A2}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testdrv", "testdrv\testdrv.vcxproj", "{3CE9C9B1-1FB1-4770-ABBB-EE4E6AA949B0}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testcli", "testcli\testcli.vcxproj", "{BB9E4B6E-81E3-4D39-8928-0BA3F947C479}"
@ -101,22 +99,6 @@ Global
{4D0777F0-2D3D-4FD7-9C0F-CD4DEC1A99E9}.Release|x64.Build.0 = Release|Any CPU
{4D0777F0-2D3D-4FD7-9C0F-CD4DEC1A99E9}.Release|x86.ActiveCfg = Release|Any CPU
{4D0777F0-2D3D-4FD7-9C0F-CD4DEC1A99E9}.Release|x86.Build.0 = Release|Any CPU
{E21EB277-0001-4AD3-9131-06098BAF81A2}.Debug|Any CPU.ActiveCfg = Debug|x64
{E21EB277-0001-4AD3-9131-06098BAF81A2}.Debug|Any CPU.Build.0 = Debug|x64
{E21EB277-0001-4AD3-9131-06098BAF81A2}.Debug|ARM64.ActiveCfg = Debug|x64
{E21EB277-0001-4AD3-9131-06098BAF81A2}.Debug|ARM64.Build.0 = Debug|x64
{E21EB277-0001-4AD3-9131-06098BAF81A2}.Debug|x64.ActiveCfg = Debug|x64
{E21EB277-0001-4AD3-9131-06098BAF81A2}.Debug|x64.Build.0 = Debug|x64
{E21EB277-0001-4AD3-9131-06098BAF81A2}.Debug|x86.ActiveCfg = Debug|Win32
{E21EB277-0001-4AD3-9131-06098BAF81A2}.Debug|x86.Build.0 = Debug|Win32
{E21EB277-0001-4AD3-9131-06098BAF81A2}.Release|Any CPU.ActiveCfg = Release|x64
{E21EB277-0001-4AD3-9131-06098BAF81A2}.Release|Any CPU.Build.0 = Release|x64
{E21EB277-0001-4AD3-9131-06098BAF81A2}.Release|ARM64.ActiveCfg = Release|x64
{E21EB277-0001-4AD3-9131-06098BAF81A2}.Release|ARM64.Build.0 = Release|x64
{E21EB277-0001-4AD3-9131-06098BAF81A2}.Release|x64.ActiveCfg = Release|x64
{E21EB277-0001-4AD3-9131-06098BAF81A2}.Release|x64.Build.0 = Release|x64
{E21EB277-0001-4AD3-9131-06098BAF81A2}.Release|x86.ActiveCfg = Release|Win32
{E21EB277-0001-4AD3-9131-06098BAF81A2}.Release|x86.Build.0 = Release|Win32
{3CE9C9B1-1FB1-4770-ABBB-EE4E6AA949B0}.Debug|Any CPU.ActiveCfg = Debug|x64
{3CE9C9B1-1FB1-4770-ABBB-EE4E6AA949B0}.Debug|Any CPU.Build.0 = Debug|x64
{3CE9C9B1-1FB1-4770-ABBB-EE4E6AA949B0}.Debug|Any CPU.Deploy.0 = Debug|x64

138
debuglib/debuglib.vcxproj
View file

@ -1,138 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<VCProjectVersion>17.0</VCProjectVersion>
<Keyword>Win32Proj</Keyword>
<ProjectGuid>{e21eb277-0001-4ad3-9131-06098baf81a2}</ProjectGuid>
<RootNamespace>debuglib</RootNamespace>
<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Label="Shared">
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>true</GenerateDebugInformation>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>true</GenerateDebugInformation>
</Link>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="symbols.cpp" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="symbols.h" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>

27
debuglib/debuglib.vcxproj.filters
View file

@ -1,27 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
<Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
</Filter>
<Filter Include="Header Files">
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
<Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
</Filter>
<Filter Include="Resource Files">
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="symbols.cpp">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="symbols.h">
<Filter>Source Files</Filter>
</ClInclude>
</ItemGroup>
</Project>

275
debuglib/symbols.cpp
View file

@ -1,275 +0,0 @@
#include "symbols.h"
#include <iostream>
/*
* Massive WIP from which I have essentially just copied from these 2 repos:
*
* https://github.com/yardenshafir/MitigationFlagsCliTool
* https://github.com/lilhoser/livedump
*
* just to help with leraning the windows debugger api
*/
static NtSystemDebugControl g_NtSystemDebugControl = NULL;
BOOL
EnablePrivilege(
_In_ PCWSTR PrivilegeName,
_In_ BOOLEAN Acquire
)
{
HANDLE tokenHandle;
BOOL ret;
ULONG tokenPrivilegesSize = FIELD_OFFSET( TOKEN_PRIVILEGES, Privileges[ 1 ] );
PTOKEN_PRIVILEGES tokenPrivileges = static_cast< PTOKEN_PRIVILEGES >( calloc( 1, tokenPrivilegesSize ) );
if ( tokenPrivileges == NULL )
{
return FALSE;
}
tokenHandle = NULL;
tokenPrivileges->PrivilegeCount = 1;
ret = LookupPrivilegeValue( NULL,
PrivilegeName,
&tokenPrivileges->Privileges[ 0 ].Luid );
if ( ret == FALSE )
{
goto Exit;
}
tokenPrivileges->Privileges[ 0 ].Attributes = Acquire ? SE_PRIVILEGE_ENABLED
: SE_PRIVILEGE_REMOVED;
ret = OpenProcessToken( GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES,
&tokenHandle );
if ( ret == FALSE )
{
goto Exit;
}
ret = AdjustTokenPrivileges( tokenHandle,
FALSE,
tokenPrivileges,
tokenPrivilegesSize,
NULL,
NULL );
if ( ret == FALSE )
{
goto Exit;
}
Exit:
if ( tokenHandle != NULL )
{
CloseHandle( tokenHandle );
}
free( tokenPrivileges );
return ret;
}
HRESULT
CreateDump(
_In_ PCSTR FilePath
)
{
HRESULT result;
HANDLE handle;
HMODULE module;
SYSDBG_LIVEDUMP_CONTROL_FLAGS flags;
SYSDBG_LIVEDUMP_CONTROL_ADDPAGES pages;
SYSDBG_LIVEDUMP_CONTROL liveDumpControl;
NTSTATUS status;
ULONG returnLength;
handle = INVALID_HANDLE_VALUE;
result = S_OK;
flags.AsUlong = 0;
pages.AsUlong = 0;
//
// Get function addresses
//
module = LoadLibrary( L"ntdll.dll" );
if ( module == NULL )
{
result = S_FALSE;
goto Exit;
}
g_NtSystemDebugControl = ( NtSystemDebugControl )
GetProcAddress( module, "NtSystemDebugControl" );
FreeLibrary( module );
if ( g_NtSystemDebugControl == NULL )
{
result = S_FALSE;
goto Exit;
}
//
// Get SeDebugPrivilege
//
if ( !EnablePrivilege( SE_DEBUG_NAME, TRUE ) )
{
result = S_FALSE;
goto Exit;
}
//
// Create the target file (must specify synchronous I/O)
//
handle = CreateFileA( FilePath,
GENERIC_WRITE | GENERIC_READ,
0,
NULL,
CREATE_ALWAYS,
FILE_FLAG_WRITE_THROUGH | FILE_FLAG_NO_BUFFERING,
NULL );
if ( handle == INVALID_HANDLE_VALUE )
{
result = S_FALSE;
goto Exit;
}
//
// Try to create the requested dump
//
memset( &liveDumpControl, 0, sizeof( liveDumpControl ) );
//
// The only thing the kernel looks at in the struct we pass is the handle,
// the flags and the pages to dump.
//
liveDumpControl.DumpFileHandle = ( PVOID )( handle );
liveDumpControl.AddPagesControl = pages;
liveDumpControl.Flags = flags;
status = g_NtSystemDebugControl( CONTROL_KERNEL_DUMP,
( PVOID )( &liveDumpControl ),
sizeof( liveDumpControl ),
NULL,
0,
&returnLength );
if ( NT_SUCCESS( status ) )
{
result = S_OK;
}
else
{
result = S_FALSE;
goto Exit;
}
Exit:
if ( handle != INVALID_HANDLE_VALUE )
{
CloseHandle( handle );
}
return result;
}
VOID GetKernelStructureOffsets( KERNEL_STRUCTURE_OFFSETS* KernelOffsets )
{
UINT64 kernel_base = NULL;
HMODULE handle;
HRESULT result;
ULONG type_kprocess;
ULONG type_eprocess;
ULONG type_kthread;
ULONG type_ethread;
DebugCreateFunction dbg_create_function;
PDEBUG_SYMBOLS symbols = nullptr;
PDEBUG_DATA_SPACES4 data_spaces = nullptr;
PDEBUG_CLIENT client = nullptr;
PDEBUG_CONTROL debug_control = nullptr;
PCSTR dump_path = "C:\\temp.dmp";
result = CreateDump( dump_path );
if ( result != S_OK )
return;
handle = GetModuleHandle( L"dbgeng.dll" );
if ( handle == NULL )
return;
dbg_create_function = ( DebugCreateFunction )GetProcAddress( handle, "DebugCreate" );
if ( dbg_create_function == NULL )
return;
result = dbg_create_function( __uuidof( IDebugClient ), ( PVOID* )&client );
if ( result != S_OK )
goto end;
result = client->QueryInterface( __uuidof( IDebugSymbols ), ( PVOID* )&symbols );
if ( result != S_OK )
goto end;
result = client->QueryInterface( __uuidof( IDebugDataSpaces ), ( PVOID* )&data_spaces );
if ( result != S_OK )
goto end;
result = client->QueryInterface( __uuidof( IDebugControl ), ( PVOID* )&debug_control );
if ( result != S_OK )
goto end;
result = client->OpenDumpFile( dump_path );
result = debug_control->WaitForEvent( DEBUG_WAIT_DEFAULT, INFINITE );
if ( result != S_OK )
goto end;
data_spaces->ReadDebuggerData( DEBUG_DATA_KernBase, &kernel_base, sizeof( UINT64 ), nullptr );
symbols->GetTypeId( kernel_base, "_KPROCESS", &type_kprocess );
symbols->GetTypeId( kernel_base, "_EPROCESS", &type_eprocess );
symbols->GetTypeId( kernel_base, "_KTHREAD", &type_kthread );
symbols->GetTypeId( kernel_base, "_ETHREAD", &type_ethread );
symbols->GetFieldOffset( kernel_base, type_kprocess, "ThreadListHead", &KernelOffsets->KPROCESS.thread_list_head );
symbols->GetFieldOffset( kernel_base, type_kprocess, "DirectoryTableBase", &KernelOffsets->KPROCESS.directory_table_base );
symbols->GetFieldOffset( kernel_base, type_eprocess, "PeakVirtualSize", &KernelOffsets->EPROCESS.peak_virtual_size );
symbols->GetFieldOffset( kernel_base, type_eprocess, "VadRoot", &KernelOffsets->EPROCESS.vad_root );
symbols->GetFieldOffset( kernel_base, type_eprocess, "ObjectTable", &KernelOffsets->EPROCESS.object_table );
symbols->GetFieldOffset( kernel_base, type_eprocess, "ImageFileName", &KernelOffsets->EPROCESS.image_name );
symbols->GetFieldOffset( kernel_base, type_eprocess, "Peb", &KernelOffsets->EPROCESS.process_environment_block );
symbols->GetFieldOffset( kernel_base, type_kthread, "StackBase", &KernelOffsets->KTHREAD.stack_base );
symbols->GetFieldOffset( kernel_base, type_kthread, "StackLimit", &KernelOffsets->KTHREAD.stack_limit );
symbols->GetFieldOffset( kernel_base, type_kthread, "ThreadListEntry", &KernelOffsets->KTHREAD.threadlist );
symbols->GetFieldOffset( kernel_base, type_kthread, "ApcState", &KernelOffsets->KTHREAD.apc_state );
symbols->GetFieldOffset( kernel_base, type_kthread, "StartAddress", &KernelOffsets->KTHREAD.start_address );
end:
if ( client != nullptr )
{
client->EndSession( DEBUG_END_ACTIVE_DETACH );
client->Release();
}
if ( symbols != nullptr )
symbols->Release();
if ( data_spaces != nullptr )
data_spaces->Release();
if ( debug_control != nullptr )
debug_control->Release();
}

141
debuglib/symbols.h
View file

@ -1,141 +0,0 @@
#ifndef SYMBOLS_H
#define SYMBOLS_H
#include <windows.h>
#include <WDBGEXTS.H>
#include <DbgEng.h>
#define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0)
#define CONTROL_TRIAGE_DUMP 29
#define CONTROL_KERNEL_DUMP 37
#define TRIAGE_SIZE 0x20000 // must be >132k and <1MB
#define MAX_TRIAGE_THREADS 16
#pragma comment(lib, "ntdll")
//
// From NDK, argument required for parameter 29.
//
typedef struct _SYSDBG_TRIAGE_DUMP
{
ULONG Flags;
ULONG BugCheckCode;
ULONG_PTR BugCheckParam1;
ULONG_PTR BugCheckParam2;
ULONG_PTR BugCheckParam3;
ULONG_PTR BugCheckParam4;
ULONG ProcessHandles;
ULONG ThreadHandles;
PHANDLE Handles;
} SYSDBG_TRIAGE_DUMP, * PSYSDBG_TRIAGE_DUMP;
//
// Undocumented. Structures relevant for new parameter 37.
// Greetz to Alex I.
//
typedef union _SYSDBG_LIVEDUMP_CONTROL_FLAGS
{
struct
{
ULONG UseDumpStorageStack : 1;
ULONG CompressMemoryPagesData : 1;
ULONG IncludeUserSpaceMemoryPages : 1;
ULONG Reserved : 29;
};
ULONG AsUlong;
} SYSDBG_LIVEDUMP_CONTROL_FLAGS;
typedef union _SYSDBG_LIVEDUMP_CONTROL_ADDPAGES
{
struct
{
ULONG HypervisorPages : 1;
ULONG Reserved : 31;
};
ULONG AsUlong;
} SYSDBG_LIVEDUMP_CONTROL_ADDPAGES;
typedef struct _SYSDBG_LIVEDUMP_CONTROL
{
ULONG Version;
ULONG BugCheckCode;
ULONG_PTR BugCheckParam1;
ULONG_PTR BugCheckParam2;
ULONG_PTR BugCheckParam3;
ULONG_PTR BugCheckParam4;
PVOID DumpFileHandle;
PVOID CancelEventHandle;
SYSDBG_LIVEDUMP_CONTROL_FLAGS Flags;
SYSDBG_LIVEDUMP_CONTROL_ADDPAGES AddPagesControl;
} SYSDBG_LIVEDUMP_CONTROL, * PSYSDBG_LIVEDUMP_CONTROL;
typedef
NTSTATUS
( __stdcall*
NtSystemDebugControl ) (
ULONG ControlCode,
PVOID InputBuffer,
ULONG InputBufferLength,
PVOID OutputBuffer,
ULONG OutputBufferLength,
PULONG ReturnLength
);
BOOL
EnablePrivilege(
__in PCWSTR PrivilegeName,
__in BOOLEAN Acquire
);
NTSTATUS
CreateTriageDump(
__in HANDLE FileHandle,
__in ULONG Pid
);
NTSTATUS
CreateKernelDump(
__in HANDLE FileHandle,
__in SYSDBG_LIVEDUMP_CONTROL_FLAGS Flags,
__in SYSDBG_LIVEDUMP_CONTROL_ADDPAGES Pages
);
INT
wmain(
__in INT Argc,
__in PWCHAR Argv[]
);
typedef HRESULT( *DebugCreateFunction )( _In_ REFIID, _Out_ PVOID* );
struct KERNEL_STRUCTURE_OFFSETS
{
struct KPROCESS
{
ULONG thread_list_head;
ULONG directory_table_base;
}KPROCESS;
struct EPROCESS
{
ULONG peak_virtual_size;
ULONG vad_root;
ULONG object_table;
ULONG image_name;
ULONG process_environment_block;
}EPROCESS;
struct KTHREAD
{
ULONG stack_base;
ULONG stack_limit;
ULONG threadlist;
ULONG apc_state;
ULONG start_address;
}KTHREAD;
};
VOID GetKernelStructureOffsets( KERNEL_STRUCTURE_OFFSETS* KernelOffsets );
#endif

BIN
include/dbghelp.dll
View file

Binary file not shown.

BIN
include/symsrv.dll
View file

Binary file not shown.

1
include/symsrv.yes
View file

@ -1 +0,0 @@
1