-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathRoutines.h
More file actions
41 lines (26 loc) · 797 Bytes
/
Routines.h
File metadata and controls
41 lines (26 loc) · 797 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#pragma once
#include <ntdef.h>
#include <ntifs.h>
#include <ntddk.h>
#include <Structs.h>
#include <Nt.h>
void InitializeDebuggerBlock()
{
KdDebuggerDataBlock = { 0 };
#define KD_DEBUGGER_DATA_OFFSET 0x2080
#define DUMP_BLOCK_SIZE 0x40000
CONTEXT ctx = { 0 };
ctx.ContextFlags = CONTEXT_FULL;
RtlCaptureContext(&ctx);
PDUMP_HEADER pDumpHeader = (PDUMP_HEADER)ExAllocatePool(NonPagedPool, DUMP_BLOCK_SIZE);
if (pDumpHeader != NULL)
{
KeCapturePersistentThreadState(&ctx, NULL, 0, 0, 0, 0, 0, pDumpHeader);
KdDebuggerDataBlock = (PKDDEBUGGER_DATA64)ExAllocatePool(NonPagedPool, 4096);
if (KdDebuggerDataBlock != NULL)
{
RtlCopyMemory(KdDebuggerDataBlock, (PUCHAR)pDumpHeader + KD_DEBUGGER_DATA_OFFSET, sizeof(KDDEBUGGER_DATA64));
}
ExFreePool(pDumpHeader);
}
}