Windows-Server-2003/sdktools/apimon/include/apimon.h

/*++

Copyright (c) 1995  Microsoft Corporation

Module Name:

    apimon.h

Abstract:

    Common types & structures for the APIMON projects.

Author:

    Wesley Witt (wesw) 28-June-1995

Environment:

    User Mode

--*/

#ifndef _APIMON_
#define _APIMON_

#ifdef __cplusplus
#define CLINKAGE                        extern "C"
#else
#define CLINKAGE
#endif

#define TROJANDLL                       "apidll.dll"
#define MAX_NAME_SZ                     32
#define MAX_DLLS                        512
#define MEGABYTE                        (1024*1024)
#define MAX_MEM_ALLOC                   (MEGABYTE*32)
#define MAX_APIS                        ((MAX_MEM_ALLOC/2)/sizeof(API_INFO))
#define THUNK_SIZE                      MEGABYTE
#define Align(p,x)                      (((x) & ((p)-1)) ? (((x) & ~((p)-1)) + p) : (x))

#define KERNEL32                        "kernel32.dll"
#define NTDLL                           "ntdll.dll"
#define USER32                          "user32.dll"
#define WNDPROCDLL                      "wndprocs"
#define LOADLIBRARYA                    "LoadLibraryA"
#define LOADLIBRARYW                    "LoadLibraryW"
#define FREELIBRARY                     "FreeLibrary"
#define GETPROCADDRESS                  "GetProcAddress"
#define REGISTERCLASSA                  "RegisterClassA"
#define REGISTERCLASSW                  "RegisterClassW"
#define SETWINDOWLONGA                  "SetWindowLongA"
#define SETWINDOWLONGW                  "SetWindowLongW"
#define ALLOCATEHEAP                    "RtlAllocateHeap"
#define CREATEHEAP                      "RtlCreateHeap"

#if defined(_ALPHA_)

#define UPPER_ADDR(_addr) LOWORD(((LONG_PTR)(_addr) >> 32) + (HIGH_ADDR((_addr)) >> 15))
#define HIGH_ADDR(_addr)  LOWORD(HIWORD((_addr)) + (LOWORD((_addr)) >> 15))
#define LOW_ADDR(_addr)   LOWORD((_addr))

#endif

//
// api table type definitions
//
#define DFLT_TRACE_ARGS  8
#define MAX_TRACE_ARGS   8

//
// Handle type, index corresponds to the entries in the alias array
//

enum Handles { T_HACCEL, T_HANDLE, T_HBITMAP, T_HBRUSH, T_HCURSOR, T_HDC,
        T_HDCLPPOINT, T_HDESK, T_HDWP, T_HENHMETAFILE, T_HFONT, T_HGDIOBJ,
        T_HGLOBAL, T_HGLRC, T_HHOOK, T_HICON, T_HINSTANCE, T_HKL, T_HMENU,
        T_HMETAFILE, T_HPALETTE, T_HPEN, T_HRGN, T_HWINSTA, T_HWND};

#define T_DWORD          101
#define T_LPSTR          102
#define T_LPWSTR         103
#define T_UNISTR         104      // UNICODE string (counted)
#define T_OBJNAME        105      // Name from OBJECT_ATTRIBUTES struct
#define T_LPSTRC         106      // Counted string (count is following arg)
#define T_LPWSTRC        107      // Counted UNICODE string (count is following arg)
#define T_DWORDPTR       108      // Indirect DWORD
#define T_DLONGPTR       109      // Indirect DWORDLONG

// User macro for creating T_DWPTR type with offset encoded in high word
#define T_PDWORD(off) (((off)<<16) + T_DWORDPTR)
#define T_PDLONG(off) (((off)<<16) + T_DLONGPTR)
#define T_PSTR(off)   (((off)<<16) + T_LPSTR)
#define T_PWSTR(off)  (((off)<<16) + T_LPWSTR)

//
// api trace modes
#define API_TRACE        1      // Trace this api
#define API_FULLTRACE    2      // Trace this api and its callees

typedef struct _API_TABLE {
    LPSTR       Name;
    ULONG       RetType;
    ULONG       ArgCount;
    ULONG       ArgType[MAX_TRACE_ARGS];
} API_TABLE, *PAPI_TABLE;

typedef struct _API_MASTER_TABLE {
    LPSTR       Name;
    BOOL        Processed;
    PAPI_TABLE  ApiTable;
} API_MASTER_TABLE, *PAPI_MASTER_TABLE;

typedef struct _API_INFO {
    ULONG       Name;
    ULONG_PTR   Address;
    ULONG_PTR   ThunkAddress;
    ULONG       Count;
    DWORDLONG   Time;
    DWORDLONG   CalleeTime;
    ULONG       NestCount;
    ULONG       TraceEnabled;
    PAPI_TABLE  ApiTable;
    ULONG_PTR   HardFault;
    ULONG_PTR   SoftFault;
    ULONG_PTR   CodeFault;
    ULONG_PTR   DataFault;
    ULONG       Size;
    ULONG       ApiTableIndex;
    ULONG_PTR   DllOffset;
} API_INFO, *PAPI_INFO;

typedef struct _DLL_INFO {
    CHAR        Name[MAX_NAME_SZ];
    ULONG_PTR   BaseAddress;
    ULONG       Size;
    ULONG       ApiCount;
    ULONG       ApiOffset;
    ULONG       Unloaded;
    ULONG       Enabled;
    ULONG       OrigEnable;
    ULONG       Snapped;
    ULONG       InList;
    ULONG       StaticProfile;
    ULONG       Hits;
    ULONG       LoadCount;
} DLL_INFO, *PDLL_INFO;

typedef struct _TRACE_ENTRY {
    ULONG       SizeOfStruct;
    ULONG_PTR   Address;
    ULONG_PTR   ReturnValue;
    ULONG       LastError;
    ULONG_PTR   Caller;
    ULONG       ApiTableIndex;
    DWORDLONG   EnterTime;
    DWORDLONG   Duration;
    ULONG       ThreadNum;
    ULONG       Level;
    ULONG_PTR   Args[MAX_TRACE_ARGS];
} TRACE_ENTRY, *PTRACE_ENTRY;

typedef struct _TRACE_BUFFER {
    ULONG       Size;
    ULONG       Offset;
    ULONG       Count;
    TRACE_ENTRY Entry[1];
} TRACE_BUFFER, *PTRACE_BUFFER;

#endif