diff --git a/include/ntapi/ntapi.h b/include/ntapi/ntapi.h index ec4fb31..ae47447 100644 --- a/include/ntapi/ntapi.h +++ b/include/ntapi/ntapi.h @@ -23,6 +23,7 @@ #include "nt_registry.h" #include "nt_security.h" #include "nt_pnp.h" +#include "nt_debug.h" #include "nt_exception.h" #include "nt_locale.h" #include "nt_uuid.h" @@ -317,6 +318,16 @@ typedef struct _ntapi_vtbl { ntapi_zw_plug_play_control * zw_plug_play_control; ntapi_zw_get_plug_play_event * zw_get_plug_play_event; + /* nt_debug.h */ + ntapi_zw_create_debug_object * zw_create_debug_object; + ntapi_zw_debug_active_process * zw_debug_active_process; + ntapi_zw_remove_process_debug * zw_remove_process_debug; + ntapi_zw_wait_for_debug_event * zw_wait_for_debug_event; + ntapi_zw_debug_continue * zw_debug_continue; + ntapi_zw_set_information_debug_object * zw_set_information_debug_object; + ntapi_zw_query_debug_filter_state * zw_query_debug_filter_state; + ntapi_zw_set_debug_filter_state * zw_set_debug_filter_state; + /* nt_exception */ ntapi_zw_raise_exception * zw_raise_exception; ntapi_zw_continue * zw_continue; diff --git a/src/internal/ntapi_hash_table.h b/src/internal/ntapi_hash_table.h index 49448d9..540b482 100644 --- a/src/internal/ntapi_hash_table.h +++ b/src/internal/ntapi_hash_table.h @@ -22,6 +22,7 @@ {0x06b550e3, (146)}, /* ZwWriteRequestData */ \ {0x0708114b, (50)}, /* ZwTestAlert */ \ {0x08087626, (34)}, /* ZwOpenSection */ \ + {0x0815d651, (230)}, /* ZwSetInformationDebugObject */ \ {0x08b1918f, (45)}, /* ZwSuspendThread */ \ {0x097e0efd, (154)}, /* ZwOpenFile */ \ {0x0a7a10d0, (88)}, /* ZwOpenTimer */ \ @@ -31,15 +32,16 @@ {0x0d638bd2, (74)}, /* ZwSetInformationJobObject */ \ {0x0e629eed, (102)}, /* ZwQuerySemaphore */ \ {0x11fcbb7c, (23)}, /* ZwReadVirtualMemory */ \ + {0x121f1e7e, (225)}, /* ZwCreateDebugObject */ \ {0x124a301e, (16)}, /* ZwSetSystemEnvironmentValue */ \ - {0x12ec66eb, (227)}, /* ZwQueryDefaultLocale */ \ + {0x12ec66eb, (235)}, /* ZwQueryDefaultLocale */ \ {0x1742c5c9, (162)}, /* ZwWriteFileGather */ \ {0x177157e3, (42)}, /* ZwTerminateThread */ \ {0x1af41c1a, (22)}, /* ZwProtectVirtualMemory */ \ - {0x1c0197e6, (233)}, /* ZwAllocateUuids */ \ + {0x1c0197e6, (241)}, /* ZwAllocateUuids */ \ {0x1c7a90a1, (5)}, /* ZwQuerySecurityObject */ \ {0x1cf668c5, (194)}, /* ZwQueryKey */ \ - {0x21b850be, (250)}, /* _snprintf */ \ + {0x21b850be, (258)}, /* _snprintf */ \ {0x2259fc62, (2)}, /* ZwDuplicateObject */ \ {0x24e09c64, (18)}, /* ZwSystemDebugControl */ \ {0x255bf138, (142)}, /* ZwReplyWaitReplyPort */ \ @@ -47,13 +49,13 @@ {0x25d91d90, (71)}, /* ZwTerminateJobObject */ \ {0x26e1170e, (193)}, /* ZwSetInformationKey */ \ {0x27dd46c3, (29)}, /* ZwFreeUserPhysicalPages */ \ - {0x2812eb3c, (232)}, /* ZwAllocateLocallyUniqueId */ \ + {0x2812eb3c, (240)}, /* ZwAllocateLocallyUniqueId */ \ {0x28574a3f, (77)}, /* ZwOpenThreadToken */ \ {0x29b5ea3d, (140)}, /* ZwRequestWaitReplyPort */ \ {0x2a6ac6fb, (26)}, /* ZwUnlockVirtualMemory */ \ {0x2aad9aed, (83)}, /* ZwSetInformationToken */ \ {0x2b2356f7, (52)}, /* ZwAlertResumeThread */ \ - {0x2c0f001a, (230)}, /* ZwSetDefaultUILanguage */ \ + {0x2c0f001a, (238)}, /* ZwSetDefaultUILanguage */ \ {0x2f22b634, (96)}, /* ZwResetEvent */ \ {0x30309daa, (170)}, /* ZwCreateNamedPipeFile */ \ {0x3064d37b, (68)}, /* RtlQueryProcessDebugInformation */ \ @@ -66,19 +68,20 @@ {0x391b8d79, (157)}, /* ZwCancelIoFile */ \ {0x3928a4cc, (20)}, /* ZwFreeVirtualMemory */ \ {0x39bea937, (89)}, /* ZwCancelTimer */ \ - {0x3abffc38, (239)}, /* ZwFlushWriteBuffer */ \ + {0x3abffc38, (247)}, /* ZwFlushWriteBuffer */ \ {0x3b1f8d85, (124)}, /* ZwQueryTimerResolution */ \ - {0x3d4aceeb, (248)}, /* memset */ \ + {0x3cd73491, (226)}, /* ZwDebugActiveProcess */ \ + {0x3d4aceeb, (256)}, /* memset */ \ {0x3e1d331d, (44)}, /* ZwSetInformationThread */ \ {0x3f62370b, (204)}, /* ZwPrivilegeCheck */ \ {0x416c4024, (118)}, /* ZwSetLowWaitHighEventPair */ \ {0x43c1745d, (92)}, /* ZwCreateEvent */ \ - {0x43d65de2, (231)}, /* ZwQueryInstallUILanguage */ \ + {0x43d65de2, (239)}, /* ZwQueryInstallUILanguage */ \ {0x45d7086f, (108)}, /* ZwOpenIoCompletion */ \ {0x465977c0, (129)}, /* ZwQueryIntervalProfile */ \ {0x47b3fd39, (8)}, /* ZwOpenDirectoryObject */ \ {0x47dd6896, (171)}, /* ZwCreateMailslotFile */ \ - {0x49d62b40, (246)}, /* LdrLoadDll */ \ + {0x49d62b40, (254)}, /* LdrLoadDll */ \ {0x4a638203, (91)}, /* ZwQueryTimer */ \ {0x4c51093e, (189)}, /* ZwLoadKey2 */ \ {0x4cb0ea34, (206)}, /* ZwPrivilegedServiceAuditAlarm */ \ @@ -93,33 +96,34 @@ {0x50f7777d, (84)}, /* ZwWaitForSingleObject */ \ {0x513877ab, (61)}, /* ZwSetInformationProcess */ \ {0x51d5c98d, (137)}, /* ZwAcceptConnectPort */ \ - {0x51ddffce, (242)}, /* ZwDisplayString */ \ + {0x51ddffce, (250)}, /* ZwDisplayString */ \ {0x51fbe1c4, (165)}, /* ZwDeviceIoControlFile */ \ {0x52334a05, (213)}, /* ZwDeleteObjectAuditAlarm */ \ {0x5288a7cf, (46)}, /* ZwResumeThread */ \ {0x54a89e87, (131)}, /* ZwStopProfile */ \ {0x56ada303, (185)}, /* ZwSaveKey */ \ + {0x573e11b1, (231)}, /* ZwQueryDebugFilterState */ \ {0x57dd87c6, (114)}, /* ZwWaitLowEventPair */ \ - {0x5879157d, (241)}, /* ZwSetDefaultHardErrorPort */ \ + {0x5879157d, (249)}, /* ZwSetDefaultHardErrorPort */ \ {0x58b766a7, (200)}, /* ZwQueryValueKey */ \ {0x59d0cf7f, (9)}, /* ZwQueryDirectoryObject */ \ {0x5a201018, (180)}, /* ZwSetInformationFile */ \ {0x5b24a650, (155)}, /* ZwDeleteFile */ \ {0x5cc5b0cc, (149)}, /* CsrClientCallServer */ \ - {0x5ccb443b, (245)}, /* ZwVdmControl */ \ + {0x5ccb443b, (253)}, /* ZwVdmControl */ \ {0x5d5b0c74, (15)}, /* ZwQuerySystemEnvironmentValue */ \ {0x5dcf9e33, (205)}, /* ZwPrivilegeObjectAuditAlarm */ \ {0x5f3fb511, (164)}, /* ZwUnlockFile */ \ {0x60ebf65f, (120)}, /* ZwQuerySystemTime */ \ - {0x63033516, (244)}, /* ZwSetLdtEntries */ \ + {0x63033516, (252)}, /* ZwSetLdtEntries */ \ {0x63cc9e64, (66)}, /* RtlCreateQueryDebugBuffer */ \ {0x64a2ceb5, (56)}, /* ZwCreateProcess */ \ {0x654da6fd, (143)}, /* ZwReplyWaitReceivePort */ \ - {0x6570064e, (243)}, /* ZwCreatePagingFile */ \ + {0x6570064e, (251)}, /* ZwCreatePagingFile */ \ {0x65b5374b, (14)}, /* ZwSetSystemInformation */ \ {0x6a2d88fc, (126)}, /* ZwYieldExecution */ \ {0x6c1b25c0, (97)}, /* ZwClearEvent */ \ - {0x6db16208, (238)}, /* ZwQueryInformationAtom */ \ + {0x6db16208, (246)}, /* ZwQueryInformationAtom */ \ {0x6e0c0f9d, (65)}, /* RtlNormalizeProcessParams */ \ {0x6f11895e, (217)}, /* ZwIsSystemResumeAutomatic */ \ {0x7160272d, (144)}, /* ZwReplyWaitReceivePortEx */ \ @@ -133,13 +137,14 @@ {0x78327b0d, (173)}, /* ZwSetVolumeInformationFile */ \ {0x78a28538, (80)}, /* ZwAdjustPrivilegesToken */ \ {0x7b9f9b64, (182)}, /* ZwOpenKey */ \ - {0x7c868d67, (252)}, /* _vsnprintf */ \ + {0x7c868d67, (260)}, /* _vsnprintf */ \ {0x7ccd8968, (138)}, /* ZwCompleteConnectPort */ \ {0x7dfb3677, (169)}, /* ZwSetEaFile */ \ {0x7e21039a, (87)}, /* ZwCreateTimer */ \ - {0x7e92a7a6, (251)}, /* vsprintf */ \ + {0x7e92a7a6, (259)}, /* vsprintf */ \ {0x7ec723c2, (122)}, /* ZwQueryPerformanceCounter */ \ {0x7f99ab33, (145)}, /* ZwReadRequestData */ \ + {0x8053fc81, (228)}, /* ZwWaitForDebugEvent */ \ {0x81b18dcd, (21)}, /* ZwQueryVirtualMemory */ \ {0x842e9cbb, (43)}, /* ZwQueryInformationThread */ \ {0x84d52359, (112)}, /* ZwCreateEventPair */ \ @@ -147,7 +152,7 @@ {0x850106f7, (7)}, /* ZwCreateDirectoryObject */ \ {0x8548dfbd, (106)}, /* ZwQueryMutant */ \ {0x85f069ec, (197)}, /* ZwNotifyChangeMultipleKeys */ \ - {0x87763935, (249)}, /* sprintf */ \ + {0x87763935, (257)}, /* sprintf */ \ {0x87fd0a60, (24)}, /* ZwWriteVirtualMemory */ \ {0x8a1989d8, (136)}, /* ZwListenPort */ \ {0x8afaa2ca, (31)}, /* ZwGetWriteWatch */ \ @@ -166,14 +171,16 @@ {0x920b0183, (116)}, /* ZwWaitHighEventPair */ \ {0x9331fae3, (25)}, /* ZwLockVirtualMemory */ \ {0x9384c236, (103)}, /* ZwCreateMutant */ \ + {0x93cf5771, (232)}, /* ZwSetDebugFilterState */ \ {0x93e64266, (130)}, /* ZwStartProfile */ \ {0x949f76b6, (19)}, /* ZwAllocateVirtualMemory */ \ {0x956ba548, (11)}, /* ZwOpenSymbolicLinkObject */ \ - {0x963cafbc, (229)}, /* ZwQueryDefaultUILanguage */ \ + {0x9636e6ce, (227)}, /* ZwRemoveProcessDebug */ \ + {0x963cafbc, (237)}, /* ZwQueryDefaultUILanguage */ \ {0x9731aded, (178)}, /* ZwQueryDirectoryFile */ \ {0x978855cd, (37)}, /* ZwMapViewOfSection */ \ {0x98058c5c, (86)}, /* ZwWaitForMultipleObjects */ \ - {0x997388d8, (237)}, /* ZwDeleteAtom */ \ + {0x997388d8, (245)}, /* ZwDeleteAtom */ \ {0x9bf04a73, (172)}, /* ZwQueryVolumeInformationFile */ \ {0x9c805856, (167)}, /* ZwNotifyChangeDirectoryFile */ \ {0x9d9c64db, (186)}, /* ZwSaveMergedKeys */ \ @@ -183,7 +190,7 @@ {0xa313f9b0, (220)}, /* ZwSetSystemPowerState */ \ {0xa34a43e1, (48)}, /* ZwSetContextThread */ \ {0xa51616fd, (156)}, /* ZwFlushBuffersFile */ \ - {0xa589ce00, (226)}, /* ZwContinue */ \ + {0xa589ce00, (234)}, /* ZwContinue */ \ {0xa5b2c609, (117)}, /* ZwSetHighEventPair */ \ {0xa8720028, (153)}, /* ZwCreateFile */ \ {0xa93301f4, (110)}, /* ZwRemoveIoCompletion */ \ @@ -201,21 +208,22 @@ {0xb3a5ef4c, (64)}, /* RtlDestroyProcessParameters */ \ {0xb3d90f63, (60)}, /* ZwQueryInformationProcess */ \ {0xb3f8b8ba, (184)}, /* ZwFlushKey */ \ - {0xb468e7d0, (225)}, /* ZwRaiseException */ \ + {0xb468e7d0, (233)}, /* ZwRaiseException */ \ {0xb4f463e1, (175)}, /* ZwSetQuotaInformationFile */ \ {0xb5ce95b0, (109)}, /* ZwSetIoCompletion */ \ {0xb677bd15, (219)}, /* ZwGetDevicePowerState */ \ {0xb891d19c, (141)}, /* ZwReplyPort */ \ {0xba08cfed, (221)}, /* ZwInitiatePowerAction */ \ - {0xba5bdfc3, (234)}, /* ZwSetUuidSeed */ \ + {0xba5bdfc3, (242)}, /* ZwSetUuidSeed */ \ + {0xba812651, (229)}, /* ZwDebugContinue */ \ {0xbc310050, (133)}, /* ZwCreateWaitablePort */ \ {0xbde7d8d1, (151)}, /* ZwLoadDriver */ \ {0xbe9990b9, (134)}, /* ZwConnectPort */ \ {0xc0040fd0, (90)}, /* ZwSetTimer */ \ - {0xc00fc05c, (240)}, /* ZwRaiseHardError */ \ + {0xc00fc05c, (248)}, /* ZwRaiseHardError */ \ {0xc4bd0fda, (99)}, /* ZwCreateSemaphore */ \ {0xc524def2, (148)}, /* ZwImpersonateClientOfPort */ \ - {0xc6a277e0, (236)}, /* ZwFindAtom */ \ + {0xc6a277e0, (244)}, /* ZwFindAtom */ \ {0xc6de9ce3, (139)}, /* ZwRequestPort */ \ {0xc707f028, (27)}, /* ZwFlushVirtualMemory */ \ {0xc70d789c, (69)}, /* ZwCreateJobObject */ \ @@ -223,7 +231,7 @@ {0xc7835b75, (195)}, /* ZwEnumerateKey */ \ {0xc7d8afa4, (85)}, /* ZwSignalAndWaitForSingleObject */ \ {0xc94ea8a6, (81)}, /* ZwAdjustGroupsToken */ \ - {0xc9f42a5d, (235)}, /* ZwAddAtom */ \ + {0xc9f42a5d, (243)}, /* ZwAddAtom */ \ {0xca250552, (210)}, /* ZwAccessCheckByTypeResultList */ \ {0xcaf1f803, (152)}, /* ZwUnloadDriver */ \ {0xcb3c8251, (223)}, /* ZwPlugPlayControl */ \ @@ -234,9 +242,9 @@ {0xd48a2bbc, (40)}, /* ZwCreateThread */ \ {0xd517401d, (54)}, /* ZwImpersonateThread */ \ {0xd5a16cee, (51)}, /* ZwAlertThread */ \ - {0xd628c8f6, (228)}, /* ZwSetDefaultLocale */ \ + {0xd628c8f6, (236)}, /* ZwSetDefaultLocale */ \ {0xd7fef93d, (201)}, /* ZwEnumerateValueKey */ \ - {0xda57df71, (247)}, /* LdrUnloadDll */ \ + {0xda57df71, (255)}, /* LdrUnloadDll */ \ {0xdaa7575e, (215)}, /* ZwAccessCheckByTypeResultListAndAuditAlarm */ \ {0xde07d08f, (224)}, /* ZwGetPlugPlayEvent */ \ {0xde5468ed, (202)}, /* ZwQueryMultipleValueKey */ \ @@ -264,6 +272,6 @@ {0xf425639c, (104)}, /* ZwOpenMutant */ \ {0xfde47817, (94)}, /* ZwSetEvent */ \ -#define __NT_IMPORTED_SYMBOLS_ARRAY_SIZE 253 +#define __NT_IMPORTED_SYMBOLS_ARRAY_SIZE 261 #endif diff --git a/src/refs/NTHASH b/src/refs/NTHASH index 77ba37d..37cad44 100644 --- a/src/refs/NTHASH +++ b/src/refs/NTHASH @@ -223,6 +223,14 @@ ZwInitiatePowerAction ZwPowerInformation ZwPlugPlayControl ZwGetPlugPlayEvent +ZwCreateDebugObject +ZwDebugActiveProcess +ZwRemoveProcessDebug +ZwWaitForDebugEvent +ZwDebugContinue +ZwSetInformationDebugObject +ZwQueryDebugFilterState +ZwSetDebugFilterState ZwRaiseException ZwContinue ZwQueryDefaultLocale