-
Notifications
You must be signed in to change notification settings - Fork 5
/
LiveDump.hpp
110 lines (96 loc) · 2.23 KB
/
LiveDump.hpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
#pragma once
#include <stdio.h>
#include <windows.h>
#include <winternl.h>
#include <assert.h>
#include <TlHelp32.h>
#define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0)
#define CONTROL_TRIAGE_DUMP 29
#define CONTROL_KERNEL_DUMP 37
#define TRIAGE_SIZE 0x20000 // must be >132k and <1MB
#define MAX_TRIAGE_THREADS 16
#pragma comment(lib, "ntdll")
//
// From NDK, argument required for parameter 29.
//
typedef struct _SYSDBG_TRIAGE_DUMP
{
ULONG Flags;
ULONG BugCheckCode;
ULONG_PTR BugCheckParam1;
ULONG_PTR BugCheckParam2;
ULONG_PTR BugCheckParam3;
ULONG_PTR BugCheckParam4;
ULONG ProcessHandles;
ULONG ThreadHandles;
PHANDLE Handles;
} SYSDBG_TRIAGE_DUMP, *PSYSDBG_TRIAGE_DUMP;
//
// Undocumented. Structures relevant for new parameter 37.
// Greetz to Alex I.
//
typedef union _SYSDBG_LIVEDUMP_CONTROL_FLAGS
{
struct
{
ULONG UseDumpStorageStack: 1;
ULONG CompressMemoryPagesData: 1;
ULONG IncludeUserSpaceMemoryPages: 1;
ULONG Reserved: 29;
};
ULONG AsUlong;
} SYSDBG_LIVEDUMP_CONTROL_FLAGS;
typedef union _SYSDBG_LIVEDUMP_CONTROL_ADDPAGES
{
struct
{
ULONG HypervisorPages: 1;
ULONG Reserved: 31;
};
ULONG AsUlong;
} SYSDBG_LIVEDUMP_CONTROL_ADDPAGES;
typedef struct _SYSDBG_LIVEDUMP_CONTROL
{
ULONG Version;
ULONG BugCheckCode;
ULONG_PTR BugCheckParam1;
ULONG_PTR BugCheckParam2;
ULONG_PTR BugCheckParam3;
ULONG_PTR BugCheckParam4;
PVOID DumpFileHandle;
PVOID CancelEventHandle;
SYSDBG_LIVEDUMP_CONTROL_FLAGS Flags;
SYSDBG_LIVEDUMP_CONTROL_ADDPAGES AddPagesControl;
} SYSDBG_LIVEDUMP_CONTROL, *PSYSDBG_LIVEDUMP_CONTROL;
typedef
NTSTATUS
(__stdcall*
NtSystemDebugControl) (
ULONG ControlCode,
PVOID InputBuffer,
ULONG InputBufferLength,
PVOID OutputBuffer,
ULONG OutputBufferLength,
PULONG ReturnLength
);
BOOL
EnablePrivilege (
__in PCWSTR PrivilegeName,
__in BOOLEAN Acquire
);
NTSTATUS
CreateTriageDump (
__in HANDLE FileHandle,
__in ULONG Pid
);
NTSTATUS
CreateKernelDump (
__in HANDLE FileHandle,
__in SYSDBG_LIVEDUMP_CONTROL_FLAGS Flags,
__in SYSDBG_LIVEDUMP_CONTROL_ADDPAGES Pages
);
INT
wmain (
__in INT Argc,
__in PWCHAR Argv[]
);