mirror of
https://github.com/reactos/reactos.git
synced 2025-02-28 19:32:59 +00:00
[NTOS:EX:KD64] Add Doxygen documentation for Nt/KdSystemDebugControl.
Based from external documentation: https://www.ivanlef0u.tuxfamily.org/?p=21 https://www.ivanlef0u.tuxfamily.org/?p=382 http://pds8.egloos.com/pds/200807/09/51/Subverting_Windows_2003_Service_Pack_1_Kernel_Integrity_Protection.pdf http://www.nynaeve.net/?p=114 https://media.defcon.org/DEF%20CON%2030/DEF%20CON%2030%20presentations/Eran%20Segal%20-%20The%20COW%20%28Container%20On%20Windows%29%20Who%20Escaped%20the%20Silo.pdf https://vidstromlabs.com/blog/memory-dumping-with-ntsystemdebugcontrol/ https://www.kernelmode.info/forum/viewtopic0aa3.html?t=5317
This commit is contained in:
Hermès Bélusca-Maïto
parent
317f1e8391
commit
a0b009f1ed
2 changed files with 91 additions and 32 deletions
|
|
@ -146,54 +146,75 @@ ExpDebuggerWorker(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/*++
|
/**
|
||||||
* @name NtSystemDebugControl
|
* @brief
|
||||||
* @implemented
|
* Perform various queries to the kernel debugger.
|
||||||
*
|
*
|
||||||
* Perform various queries to debugger.
|
* @param[in] Command
|
||||||
* This API is subject to test-case creation to further evaluate its
|
* A SYSDBG_COMMAND value describing the kernel debugger command to perform.
|
||||||
* abilities (if needed to at all)
|
|
||||||
*
|
*
|
||||||
* See: http://www.osronline.com/showthread.cfm?link=93915
|
* @param[in] InputBuffer
|
||||||
* http://void.ru/files/Ntexapi.h
|
* Pointer to a user-provided input command-specific buffer, whose length
|
||||||
* http://www.codeguru.com/code/legacy/system/ntexapi.zip
|
* is given by InputBufferLength.
|
||||||
* http://www.securityfocus.com/bid/9694
|
|
||||||
*
|
*
|
||||||
* @param ControlCode
|
* @param[in] InputBufferLength
|
||||||
* Description of the parameter. Wrapped to more lines on ~70th
|
* The size (in bytes) of the buffer pointed by InputBuffer.
|
||||||
* column.
|
|
||||||
*
|
*
|
||||||
* @param InputBuffer
|
* @param[out] OutputBuffer
|
||||||
* FILLME
|
* Pointer to a user-provided command-specific output buffer, whose length
|
||||||
|
* is given by OutputBufferLength.
|
||||||
*
|
*
|
||||||
* @param InputBufferLength
|
* @param[in] OutputBufferLength
|
||||||
* FILLME
|
* The size (in bytes) of the buffer pointed by OutputBuffer.
|
||||||
*
|
*
|
||||||
* @param OutputBuffer
|
* @param[out] ReturnLength
|
||||||
* FILLME
|
* Optional pointer to a ULONG variable that receives the actual length of
|
||||||
|
* data written written in the output buffer. It is always zero, except for
|
||||||
|
* the live dump commands where an actual non-zero length is returned.
|
||||||
*
|
*
|
||||||
* @param OutputBufferLength
|
* @return
|
||||||
* FILLME
|
* STATUS_SUCCESS in case of success, or a proper error code otherwise.
|
||||||
*
|
*
|
||||||
* @param ReturnLength
|
* @remarks
|
||||||
* FILLME
|
|
||||||
*
|
*
|
||||||
* @return STATUS_SUCCESS in case of success, proper error code otherwise
|
* - The caller must have SeDebugPrivilege, otherwise the function fails
|
||||||
|
* with STATUS_ACCESS_DENIED.
|
||||||
*
|
*
|
||||||
* @remarks None
|
* - Only the live dump commands: SysDbgGetTriageDump, and SysDbgGetLiveKernelDump
|
||||||
|
* (Win8.1+) are available even if the debugger is disabled or absent.
|
||||||
*
|
*
|
||||||
*--*/
|
* - The following system-critical commands are not accessible anymore
|
||||||
|
* for user-mode usage with this API on NT 5.2+ (Windows 2003 SP1 and later)
|
||||||
|
* systems:
|
||||||
|
*
|
||||||
|
* SysDbgQueryVersion,
|
||||||
|
* SysDbgReadVirtual and SysDbgWriteVirtual,
|
||||||
|
* SysDbgReadPhysical and SysDbgWritePhysical,
|
||||||
|
* SysDbgReadControlSpace and SysDbgWriteControlSpace,
|
||||||
|
* SysDbgReadIoSpace and SysDbgWriteIoSpace,
|
||||||
|
* SysDbgReadMsr and SysDbgWriteMsr,
|
||||||
|
* SysDbgReadBusData and SysDbgWriteBusData,
|
||||||
|
* SysDbgCheckLowMemory.
|
||||||
|
*
|
||||||
|
* For these, NtSystemDebugControl() will return STATUS_NOT_IMPLEMENTED.
|
||||||
|
* They are now available from kernel-mode only with KdSystemDebugControl().
|
||||||
|
*
|
||||||
|
* @note
|
||||||
|
* See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2339
|
||||||
|
*
|
||||||
|
* @see KdSystemDebugControl()
|
||||||
|
**/
|
||||||
NTSTATUS
|
NTSTATUS
|
||||||
NTAPI
|
NTAPI
|
||||||
NtSystemDebugControl(
|
NtSystemDebugControl(
|
||||||
_In_ SYSDBG_COMMAND ControlCode,
|
_In_ SYSDBG_COMMAND Command,
|
||||||
_In_reads_bytes_(InputBufferLength) PVOID InputBuffer,
|
_In_reads_bytes_(InputBufferLength) PVOID InputBuffer,
|
||||||
_In_ ULONG InputBufferLength,
|
_In_ ULONG InputBufferLength,
|
||||||
_Out_writes_bytes_(OutputBufferLength) PVOID OutputBuffer,
|
_Out_writes_bytes_(OutputBufferLength) PVOID OutputBuffer,
|
||||||
_In_ ULONG OutputBufferLength,
|
_In_ ULONG OutputBufferLength,
|
||||||
_Out_opt_ PULONG ReturnLength)
|
_Out_opt_ PULONG ReturnLength)
|
||||||
{
|
{
|
||||||
switch (ControlCode)
|
switch (Command)
|
||||||
{
|
{
|
||||||
case SysDbgQueryModuleInformation:
|
case SysDbgQueryModuleInformation:
|
||||||
case SysDbgQueryTraceInformation:
|
case SysDbgQueryTraceInformation:
|
||||||
|
|
@ -226,10 +247,11 @@ NtSystemDebugControl(
|
||||||
case SysDbgSetPrintBufferSize:
|
case SysDbgSetPrintBufferSize:
|
||||||
case SysDbgGetKdUmExceptionEnable:
|
case SysDbgGetKdUmExceptionEnable:
|
||||||
case SysDbgSetKdUmExceptionEnable:
|
case SysDbgSetKdUmExceptionEnable:
|
||||||
|
|
||||||
case SysDbgGetKdBlockEnable:
|
case SysDbgGetKdBlockEnable:
|
||||||
case SysDbgSetKdBlockEnable:
|
case SysDbgSetKdBlockEnable:
|
||||||
return KdSystemDebugControl(
|
return KdSystemDebugControl(
|
||||||
ControlCode,
|
Command,
|
||||||
InputBuffer, InputBufferLength,
|
InputBuffer, InputBufferLength,
|
||||||
OutputBuffer, OutputBufferLength,
|
OutputBuffer, OutputBufferLength,
|
||||||
ReturnLength, KeGetPreviousMode());
|
ReturnLength, KeGetPreviousMode());
|
||||||
|
|
|
||||||
|
|
@ -2171,9 +2171,46 @@ KdDisableDebugger(VOID)
|
||||||
return KdDisableDebuggerWithLock(TRUE);
|
return KdDisableDebuggerWithLock(TRUE);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/**
|
||||||
* @unimplemented
|
* @brief
|
||||||
*/
|
* Perform various queries to the kernel debugger.
|
||||||
|
*
|
||||||
|
* @param[in] Command
|
||||||
|
* A SYSDBG_COMMAND value describing the kernel debugger command to perform.
|
||||||
|
*
|
||||||
|
* @param[in] InputBuffer
|
||||||
|
* Pointer to a user-provided input command-specific buffer, whose length
|
||||||
|
* is given by InputBufferLength.
|
||||||
|
*
|
||||||
|
* @param[in] InputBufferLength
|
||||||
|
* The size (in bytes) of the buffer pointed by InputBuffer.
|
||||||
|
*
|
||||||
|
* @param[out] OutputBuffer
|
||||||
|
* Pointer to a user-provided command-specific output buffer, whose length
|
||||||
|
* is given by OutputBufferLength.
|
||||||
|
*
|
||||||
|
* @param[in] OutputBufferLength
|
||||||
|
* The size (in bytes) of the buffer pointed by OutputBuffer.
|
||||||
|
*
|
||||||
|
* @param[out] ReturnLength
|
||||||
|
* Optional pointer to a ULONG variable that receives the actual length of
|
||||||
|
* data written written in the output buffer. It is always zero, except for
|
||||||
|
* the live dump commands where an actual non-zero length is returned.
|
||||||
|
*
|
||||||
|
* @param[in] PreviousMode
|
||||||
|
* The processor mode (KernelMode or UserMode) in which the command is being executed.
|
||||||
|
*
|
||||||
|
* @return
|
||||||
|
* STATUS_SUCCESS in case of success, or a proper error code otherwise.
|
||||||
|
*
|
||||||
|
* @remarks
|
||||||
|
* - This is a kernel-mode function, accessible only by kernel-mode drivers.
|
||||||
|
*
|
||||||
|
* @note
|
||||||
|
* See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2339
|
||||||
|
*
|
||||||
|
* @see NtSystemDebugControl()
|
||||||
|
**/
|
||||||
NTSTATUS
|
NTSTATUS
|
||||||
NTAPI
|
NTAPI
|
||||||
KdSystemDebugControl(
|
KdSystemDebugControl(
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue