1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 using System; 6 using System.Collections.Generic; 7 using System.Linq; 8 using System.Runtime.InteropServices; 9 using System.Text; 10 using System.Threading.Tasks; 11 12 namespace ChromeDebug.LowLevel { 13 // Defines structures, enumerations, and types used by Win32 API calls. In some cases, the API 14 // calls support (and even document) many more values than what are listed here. Should 15 // additional values be required, they can be added to the respective types. 16 public static class LowLevelTypes { 17 18 #region Constants and Enums 19 // Represents the image format of a DLL or executable. 20 public enum ImageFormat { 21 NATIVE, 22 MANAGED, 23 UNKNOWN 24 } 25 26 // Flags used for opening a file handle (e.g. in a call to CreateFile), that determine the 27 // requested permission level. 28 [Flags] 29 public enum FileAccessFlags : uint { 30 GENERIC_WRITE = 0x40000000, 31 GENERIC_READ = 0x80000000 32 } 33 34 // Value used for CreateFile to determine how to behave in the presence (or absence) of a 35 // file with the requested name. Used only for CreateFile. 36 public enum FileCreationDisposition : uint { 37 CREATE_NEW = 1, 38 CREATE_ALWAYS = 2, 39 OPEN_EXISTING = 3, 40 OPEN_ALWAYS = 4, 41 TRUNCATE_EXISTING = 5 42 } 43 44 // Flags that determine what level of sharing this application requests on the target file. 45 // Used only for CreateFile. 46 [Flags] 47 public enum FileShareFlags : uint { 48 EXCLUSIVE_ACCESS = 0x0, 49 SHARE_READ = 0x1, 50 SHARE_WRITE = 0x2, 51 SHARE_DELETE = 0x4 52 } 53 54 // Flags that control caching and other behavior of the underlying file object. Used only for 55 // CreateFile. 56 [Flags] 57 public enum FileFlagsAndAttributes : uint { 58 NORMAL = 0x80, 59 OPEN_REPARSE_POINT = 0x200000, 60 SEQUENTIAL_SCAN = 0x8000000, 61 RANDOM_ACCESS = 0x10000000, 62 NO_BUFFERING = 0x20000000, 63 OVERLAPPED = 0x40000000 64 } 65 66 // The target architecture of a given executable image. The various values correspond to the 67 // magic numbers defined by the PE Executable Image File Format. 68 // http://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx 69 public enum MachineType : ushort { 70 UNKNOWN = 0x0, 71 X64 = 0x8664, 72 X86 = 0x14c, 73 IA64 = 0x200 74 } 75 76 // A flag indicating the format of the path string that Windows returns from a call to 77 // QueryFullProcessImageName(). 78 public enum ProcessQueryImageNameMode : uint { 79 WIN32_FORMAT = 0, 80 NATIVE_SYSTEM_FORMAT = 1 81 } 82 83 // Flags indicating the level of permission requested when opening a handle to an external 84 // process. Used by OpenProcess(). 85 [Flags] 86 public enum ProcessAccessFlags : uint { 87 NONE = 0x0, 88 ALL = 0x001F0FFF, 89 VM_OPERATION = 0x00000008, 90 VM_READ = 0x00000010, 91 QUERY_INFORMATION = 0x00000400, 92 QUERY_LIMITED_INFORMATION = 0x00001000 93 } 94 95 // Defines return value codes used by various Win32 System APIs. 96 public enum NTSTATUS : int { 97 SUCCESS = 0, 98 } 99 100 // Determines the amount of information requested (and hence the type of structure returned) 101 // by a call to NtQueryInformationProcess. 102 public enum PROCESSINFOCLASS : int { 103 PROCESS_BASIC_INFORMATION = 0 104 }; 105 106 [Flags] 107 public enum SHGFI : uint { 108 Icon = 0x000000100, 109 DisplayName = 0x000000200, 110 TypeName = 0x000000400, 111 Attributes = 0x000000800, 112 IconLocation = 0x000001000, 113 ExeType = 0x000002000, 114 SysIconIndex = 0x000004000, 115 LinkOverlay = 0x000008000, 116 Selected = 0x000010000, 117 Attr_Specified = 0x000020000, 118 LargeIcon = 0x000000000, 119 SmallIcon = 0x000000001, 120 OpenIcon = 0x000000002, 121 ShellIconSize = 0x000000004, 122 PIDL = 0x000000008, 123 UseFileAttributes = 0x000000010, 124 AddOverlays = 0x000000020, 125 OverlayIndex = 0x000000040, 126 } 127 #endregion 128 129 #region Structures 130 // In general, for all structures below which contains a pointer (represented here by IntPtr), 131 // the pointers refer to memory in the address space of the process from which the original 132 // structure was read. While this seems obvious, it means we cannot provide an elegant 133 // interface to the various fields in the structure due to the de-reference requiring a 134 // handle to the target process. Instead, that functionality needs to be provided at a 135 // higher level. 136 // 137 // Additionally, since we usually explicitly define the fields that we're interested in along 138 // with their respective offsets, we frequently specify the exact size of the native structure. 139 140 // Win32 UNICODE_STRING structure. 141 [StructLayout(LayoutKind.Sequential)] 142 public struct UNICODE_STRING { 143 // The length in bytes of the string pointed to by buffer, not including the null-terminator. 144 private ushort length; 145 // The total allocated size in memory pointed to by buffer. 146 private ushort maximumLength; 147 // A pointer to the buffer containing the string data. 148 private IntPtr buffer; 149 150 public ushort Length { get { return length; } } 151 public ushort MaximumLength { get { return maximumLength; } } 152 public IntPtr Buffer { get { return buffer; } } 153 } 154 155 // Win32 RTL_USER_PROCESS_PARAMETERS structure. 156 [StructLayout(LayoutKind.Explicit, Size = 72)] 157 public struct RTL_USER_PROCESS_PARAMETERS { 158 [FieldOffset(56)] 159 private UNICODE_STRING imagePathName; 160 [FieldOffset(64)] 161 private UNICODE_STRING commandLine; 162 163 public UNICODE_STRING ImagePathName { get { return imagePathName; } } 164 public UNICODE_STRING CommandLine { get { return commandLine; } } 165 }; 166 167 // Win32 PEB structure. Represents the process environment block of a process. 168 [StructLayout(LayoutKind.Explicit, Size = 472)] 169 public struct PEB { 170 [FieldOffset(2), MarshalAs(UnmanagedType.U1)] 171 private bool isBeingDebugged; 172 [FieldOffset(12)] 173 private IntPtr ldr; 174 [FieldOffset(16)] 175 private IntPtr processParameters; 176 [FieldOffset(468)] 177 private uint sessionId; 178 179 public bool IsBeingDebugged { get { return isBeingDebugged; } } 180 public IntPtr Ldr { get { return ldr; } } 181 public IntPtr ProcessParameters { get { return processParameters; } } 182 public uint SessionId { get { return sessionId; } } 183 }; 184 185 // Win32 PROCESS_BASIC_INFORMATION. Contains a pointer to the PEB, and various other 186 // information about a process. 187 [StructLayout(LayoutKind.Explicit, Size = 24)] 188 public struct PROCESS_BASIC_INFORMATION { 189 [FieldOffset(4)] 190 private IntPtr pebBaseAddress; 191 [FieldOffset(16)] 192 private UIntPtr uniqueProcessId; 193 194 public IntPtr PebBaseAddress { get { return pebBaseAddress; } } 195 public UIntPtr UniqueProcessId { get { return uniqueProcessId; } } 196 } 197 198 [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] 199 public struct SHFILEINFO { 200 // C# doesn't support overriding the default constructor of value types, so we need to use 201 // a dummy constructor. SHFILEINFOChromeDebug.LowLevel.LowLevelTypes.SHFILEINFO202 public SHFILEINFO(bool dummy) { 203 hIcon = IntPtr.Zero; 204 iIcon = 0; 205 dwAttributes = 0; 206 szDisplayName = ""; 207 szTypeName = ""; 208 } 209 public IntPtr hIcon; 210 public int iIcon; 211 public uint dwAttributes; 212 [MarshalAs(UnmanagedType.ByValTStr, SizeConst = 260)] 213 public string szDisplayName; 214 [MarshalAs(UnmanagedType.ByValTStr, SizeConst = 80)] 215 public string szTypeName; 216 }; 217 #endregion 218 } 219 } 220