#ifndef _NTEXAPI_H
#if (PHNT_MODE != PHNT_MODE_KERNEL)

//
// SysDbg APIs
//

/**
 * The SYSDBG_COMMAND enumeration specifies the type of system debugger
 * operation requested through NtSystemDebugControl.
 */
typedef enum _SYSDBG_COMMAND
{
    SysDbgQueryModuleInformation,       // q: DBGKD_DEBUG_DATA_HEADER64
    SysDbgQueryTraceInformation,        // q: DBGKD_TRACE_DATA
    SysDbgSetTracepoint,                // s: PVOID
    SysDbgSetSpecialCall,               // s: PVOID
    SysDbgClearSpecialCalls,            // s: void
    SysDbgQuerySpecialCalls,            // q: PVOID[]
    SysDbgBreakPoint,                   // s: void
    SysDbgQueryVersion,                 // q: DBGKD_GET_VERSION64
    SysDbgReadVirtual,                  // q: SYSDBG_VIRTUAL
    SysDbgWriteVirtual,                 // s: SYSDBG_VIRTUAL
    SysDbgReadPhysical,                 // q: SYSDBG_PHYSICAL // 10
    SysDbgWritePhysical,                // s: SYSDBG_PHYSICAL
    SysDbgReadControlSpace,             // q: SYSDBG_CONTROL_SPACE
    SysDbgWriteControlSpace,            // s: SYSDBG_CONTROL_SPACE
    SysDbgReadIoSpace,                  // q: SYSDBG_IO_SPACE
    SysDbgWriteIoSpace,                 // s: SYSDBG_IO_SPACE
    SysDbgReadMsr,                      // q: SYSDBG_MSR
    SysDbgWriteMsr,                     // s: SYSDBG_MSR
    SysDbgReadBusData,                  // q: SYSDBG_BUS_DATA
    SysDbgWriteBusData,                 // s: SYSDBG_BUS_DATA
    SysDbgCheckLowMemory,               // q: ULONG // 20
    SysDbgEnableKernelDebugger,         // s: void
    SysDbgDisableKernelDebugger,        // s: void
    SysDbgGetAutoKdEnable,              // q: ULONG
    SysDbgSetAutoKdEnable,              // s: ULONG
    SysDbgGetPrintBufferSize,           // q: ULONG
    SysDbgSetPrintBufferSize,           // s: ULONG
    SysDbgGetKdUmExceptionEnable,       // q: ULONG
    SysDbgSetKdUmExceptionEnable,       // s: ULONG
    SysDbgGetTriageDump,                // q: SYSDBG_TRIAGE_DUMP
    SysDbgGetKdBlockEnable,             // q: ULONG // 30
    SysDbgSetKdBlockEnable,             // s: ULONG
    SysDbgRegisterForUmBreakInfo,       // s: HANDLE
    SysDbgGetUmBreakPid,                // q: ULONG
    SysDbgClearUmBreakPid,              // s: void
    SysDbgGetUmAttachPid,               // q: ULONG
    SysDbgClearUmAttachPid,             // s: void
    SysDbgGetLiveKernelDump,            // q: SYSDBG_LIVEDUMP_CONTROL
    SysDbgKdPullRemoteFile,             // q: SYSDBG_KD_PULL_REMOTE_FILE
    SysDbgMaxInfoClass
} SYSDBG_COMMAND, *PSYSDBG_COMMAND;

#endif
#endif
View code on GitHub

NtDoc

No description available.

Edit description on GitHub

NTinternals.net (undocumented.ntinternals.net)

Enumeration type SYSDBG_COMMAND is used as a command number in a call to NtSystemDebugControl function.

SysDbgQueryModuleInformation

(?)

SysDbgQueryTraceInformation

(?)

SysDbgSetTracepoint

(?)

SysDbgSetSpecialCall

(?)

SysDbgClearSpecialCalls

(?)

SysDbgQuerySpecialCalls

(?)

Documented by

Tomasz Nowak

SYSDBG_COMMAND - NtDoc

NtDoc

NTinternals.net (undocumented.ntinternals.net)

SysDbgQueryModuleInformation

SysDbgQueryTraceInformation

SysDbgSetTracepoint

SysDbgSetSpecialCall

SysDbgClearSpecialCalls

SysDbgQuerySpecialCalls

Documented by

See also