mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
170 lines
4.8 KiB
170 lines
4.8 KiB
/*++
|
|
|
|
Copyright (c) 1995 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
apimon.h
|
|
|
|
Abstract:
|
|
|
|
Common types & structures for the APIMON projects.
|
|
|
|
Author:
|
|
|
|
Wesley Witt (wesw) 28-June-1995
|
|
|
|
Environment:
|
|
|
|
User Mode
|
|
|
|
--*/
|
|
|
|
#ifndef _APIMON_
|
|
#define _APIMON_
|
|
|
|
#ifdef __cplusplus
|
|
#define CLINKAGE extern "C"
|
|
#else
|
|
#define CLINKAGE
|
|
#endif
|
|
|
|
#define TROJANDLL "apidll.dll"
|
|
#define MAX_NAME_SZ 32
|
|
#define MAX_DLLS 512
|
|
#define MEGABYTE (1024*1024)
|
|
#define MAX_MEM_ALLOC (MEGABYTE*32)
|
|
#define MAX_APIS ((MAX_MEM_ALLOC/2)/sizeof(API_INFO))
|
|
#define THUNK_SIZE MEGABYTE
|
|
#define Align(p,x) (((x) & ((p)-1)) ? (((x) & ~((p)-1)) + p) : (x))
|
|
|
|
#define KERNEL32 "kernel32.dll"
|
|
#define NTDLL "ntdll.dll"
|
|
#define USER32 "user32.dll"
|
|
#define WNDPROCDLL "wndprocs"
|
|
#define LOADLIBRARYA "LoadLibraryA"
|
|
#define LOADLIBRARYW "LoadLibraryW"
|
|
#define FREELIBRARY "FreeLibrary"
|
|
#define GETPROCADDRESS "GetProcAddress"
|
|
#define REGISTERCLASSA "RegisterClassA"
|
|
#define REGISTERCLASSW "RegisterClassW"
|
|
#define SETWINDOWLONGA "SetWindowLongA"
|
|
#define SETWINDOWLONGW "SetWindowLongW"
|
|
#define ALLOCATEHEAP "RtlAllocateHeap"
|
|
#define CREATEHEAP "RtlCreateHeap"
|
|
|
|
#if defined(_ALPHA_)
|
|
|
|
#define UPPER_ADDR(_addr) LOWORD(((LONG_PTR)(_addr) >> 32) + (HIGH_ADDR((_addr)) >> 15))
|
|
#define HIGH_ADDR(_addr) LOWORD(HIWORD((_addr)) + (LOWORD((_addr)) >> 15))
|
|
#define LOW_ADDR(_addr) LOWORD((_addr))
|
|
|
|
#endif
|
|
|
|
//
|
|
// api table type definitions
|
|
//
|
|
#define DFLT_TRACE_ARGS 8
|
|
#define MAX_TRACE_ARGS 8
|
|
|
|
//
|
|
// Handle type, index corresponds to the entries in the alias array
|
|
//
|
|
|
|
enum Handles { T_HACCEL, T_HANDLE, T_HBITMAP, T_HBRUSH, T_HCURSOR, T_HDC,
|
|
T_HDCLPPOINT, T_HDESK, T_HDWP, T_HENHMETAFILE, T_HFONT, T_HGDIOBJ,
|
|
T_HGLOBAL, T_HGLRC, T_HHOOK, T_HICON, T_HINSTANCE, T_HKL, T_HMENU,
|
|
T_HMETAFILE, T_HPALETTE, T_HPEN, T_HRGN, T_HWINSTA, T_HWND};
|
|
|
|
#define T_DWORD 101
|
|
#define T_LPSTR 102
|
|
#define T_LPWSTR 103
|
|
#define T_UNISTR 104 // UNICODE string (counted)
|
|
#define T_OBJNAME 105 // Name from OBJECT_ATTRIBUTES struct
|
|
#define T_LPSTRC 106 // Counted string (count is following arg)
|
|
#define T_LPWSTRC 107 // Counted UNICODE string (count is following arg)
|
|
#define T_DWORDPTR 108 // Indirect DWORD
|
|
#define T_DLONGPTR 109 // Indirect DWORDLONG
|
|
|
|
// User macro for creating T_DWPTR type with offset encoded in high word
|
|
#define T_PDWORD(off) (((off)<<16) + T_DWORDPTR)
|
|
#define T_PDLONG(off) (((off)<<16) + T_DLONGPTR)
|
|
#define T_PSTR(off) (((off)<<16) + T_LPSTR)
|
|
#define T_PWSTR(off) (((off)<<16) + T_LPWSTR)
|
|
|
|
//
|
|
// api trace modes
|
|
#define API_TRACE 1 // Trace this api
|
|
#define API_FULLTRACE 2 // Trace this api and its callees
|
|
|
|
typedef struct _API_TABLE {
|
|
LPSTR Name;
|
|
ULONG RetType;
|
|
ULONG ArgCount;
|
|
ULONG ArgType[MAX_TRACE_ARGS];
|
|
} API_TABLE, *PAPI_TABLE;
|
|
|
|
typedef struct _API_MASTER_TABLE {
|
|
LPSTR Name;
|
|
BOOL Processed;
|
|
PAPI_TABLE ApiTable;
|
|
} API_MASTER_TABLE, *PAPI_MASTER_TABLE;
|
|
|
|
typedef struct _API_INFO {
|
|
ULONG Name;
|
|
ULONG_PTR Address;
|
|
ULONG_PTR ThunkAddress;
|
|
ULONG Count;
|
|
DWORDLONG Time;
|
|
DWORDLONG CalleeTime;
|
|
ULONG NestCount;
|
|
ULONG TraceEnabled;
|
|
PAPI_TABLE ApiTable;
|
|
ULONG_PTR HardFault;
|
|
ULONG_PTR SoftFault;
|
|
ULONG_PTR CodeFault;
|
|
ULONG_PTR DataFault;
|
|
ULONG Size;
|
|
ULONG ApiTableIndex;
|
|
ULONG_PTR DllOffset;
|
|
} API_INFO, *PAPI_INFO;
|
|
|
|
typedef struct _DLL_INFO {
|
|
CHAR Name[MAX_NAME_SZ];
|
|
ULONG_PTR BaseAddress;
|
|
ULONG Size;
|
|
ULONG ApiCount;
|
|
ULONG ApiOffset;
|
|
ULONG Unloaded;
|
|
ULONG Enabled;
|
|
ULONG OrigEnable;
|
|
ULONG Snapped;
|
|
ULONG InList;
|
|
ULONG StaticProfile;
|
|
ULONG Hits;
|
|
ULONG LoadCount;
|
|
} DLL_INFO, *PDLL_INFO;
|
|
|
|
typedef struct _TRACE_ENTRY {
|
|
ULONG SizeOfStruct;
|
|
ULONG_PTR Address;
|
|
ULONG_PTR ReturnValue;
|
|
ULONG LastError;
|
|
ULONG_PTR Caller;
|
|
ULONG ApiTableIndex;
|
|
DWORDLONG EnterTime;
|
|
DWORDLONG Duration;
|
|
ULONG ThreadNum;
|
|
ULONG Level;
|
|
ULONG_PTR Args[MAX_TRACE_ARGS];
|
|
} TRACE_ENTRY, *PTRACE_ENTRY;
|
|
|
|
typedef struct _TRACE_BUFFER {
|
|
ULONG Size;
|
|
ULONG Offset;
|
|
ULONG Count;
|
|
TRACE_ENTRY Entry[1];
|
|
} TRACE_BUFFER, *PTRACE_BUFFER;
|
|
|
|
#endif
|
|
|