HyperDbg Debugger
Loading...
Searching...
No Matches
Functions
Callback.c File Reference

VMM callback interface routines. More...

#include "pch.h"

Functions

BOOLEAN LogCallbackPrepareAndSendMessageToQueue (UINT32 OperationCode, BOOLEAN IsImmediateMessage, BOOLEAN ShowCurrentSystemTime, BOOLEAN Priority, const char *Fmt,...)
 routines callback for preparing and sending message to queue
 
BOOLEAN LogCallbackSendMessageToQueue (UINT32 OperationCode, BOOLEAN IsImmediateMessage, CHAR *LogMessage, UINT32 BufferLen, BOOLEAN Priority)
 routines callback for sending message to queue
 
BOOLEAN LogCallbackCheckIfBufferIsFull (BOOLEAN Priority)
 routines callback for checking if buffer is full
 
BOOLEAN LogCallbackSendBuffer (_In_ UINT32 OperationCode, _In_reads_bytes_(BufferLength) PVOID Buffer, _In_ UINT32 BufferLength, _In_ BOOLEAN Priority)
 routines callback for sending buffer
 
VMM_CALLBACK_TRIGGERING_EVENT_STATUS_TYPE VmmCallbackTriggerEvents (VMM_EVENT_TYPE_ENUM EventType, VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE CallingStage, PVOID Context, BOOLEAN *PostEventRequired, GUEST_REGS *Regs)
 routines callback to trigger events
 
VOID VmmCallbackSetLastError (UINT32 LastError)
 routine callback to set last error
 
BOOLEAN VmmCallbackVmcallHandler (UINT32 CoreId, UINT64 VmcallNumber, UINT64 OptionalParam1, UINT64 OptionalParam2, UINT64 OptionalParam3)
 routine callback to handle external VMCALLs
 
VOID VmmCallbackRegisteredMtfHandler (UINT32 CoreId)
 routine callback to handle registered MTF
 
VOID VmmCallbackNmiBroadcastRequestHandler (UINT32 CoreId, BOOLEAN IsOnVmxNmiHandler)
 routine callback to handle NMI requests
 
BOOLEAN VmmCallbackQueryTerminateProtectedResource (UINT32 CoreId, PROTECTED_HV_RESOURCES_TYPE ResourceType, PVOID Context, PROTECTED_HV_RESOURCES_PASSING_OVERS PassOver)
 routine callback to query for termination of protected resources
 
BOOLEAN VmmCallbackRestoreEptState (UINT32 CoreId)
 routine callback to restore EPT state
 
BOOLEAN VmmCallbackUnhandledEptViolation (UINT32 CoreId, UINT64 ViolationQualification, UINT64 GuestPhysicalAddr)
 routine callback to handle unhandled EPT violations
 
BOOLEAN DebuggingCallbackHandleBreakpointException (UINT32 CoreId)
 routine callback to handle breakpoint exception
 
BOOLEAN DebuggingCallbackHandleDebugBreakpointException (UINT32 CoreId)
 routine callback to handle debug breakpoint exception
 
BOOLEAN DebuggingCallbackConditionalPageFaultException (UINT32 CoreId, UINT64 Address, UINT32 PageFaultErrorCode)
 routine callback to handle conditional page-fault exception
 
VOID InterceptionCallbackTriggerCr3ProcessChange (UINT32 CoreId)
 routine callback to handle cr3 process change
 
VOID InterceptionCallbackCr3VmexitsForThreadInterception (UINT32 CoreId, CR3_TYPE NewCr3)
 routine callback to handle cr3 process change
 

Detailed Description

VMM callback interface routines.

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.2
Date
2023-01-29
Copyright
This project is released under the GNU Public License v3.

Function Documentation

◆ DebuggingCallbackConditionalPageFaultException()

BOOLEAN DebuggingCallbackConditionalPageFaultException ( UINT32 CoreId,
UINT64 Address,
UINT32 PageFaultErrorCode )

routine callback to handle conditional page-fault exception

Parameters
CoreId
Address
PageFaultErrorCode
Returns
BOOLEAN
386{
387 if (g_Callbacks.DebuggingCallbackConditionalPageFaultException == NULL)
388 {
389 //
390 // re-inject it to not disrupt system normal execution
391 //
392 return FALSE;
393 }
394
395 return g_Callbacks.DebuggingCallbackConditionalPageFaultException(CoreId, Address, PageFaultErrorCode);
396}
FALSE
#define FALSE
Definition BasicTypes.h:54
g_Callbacks
VMM_CALLBACKS g_Callbacks
List of callbacks.
Definition GlobalVariables.h:32
Address
UINT64 Address
Definition HyperDbgScriptImports.h:67
_VMM_CALLBACKS::DebuggingCallbackConditionalPageFaultException
DEBUGGING_CALLBACK_CONDITIONAL_PAGE_FAULT_EXCEPTION DebuggingCallbackConditionalPageFaultException
Definition VMM.h:206

◆ DebuggingCallbackHandleBreakpointException()

BOOLEAN DebuggingCallbackHandleBreakpointException ( UINT32 CoreId)

routine callback to handle breakpoint exception

Parameters
CoreId
Returns
BOOLEAN
340{
341 if (g_Callbacks.DebuggingCallbackHandleBreakpointException == NULL)
342 {
343 //
344 // re-inject it to not disrupt system normal execution
345 //
346 return FALSE;
347 }
348
349 return g_Callbacks.DebuggingCallbackHandleBreakpointException(CoreId);
350}
_VMM_CALLBACKS::DebuggingCallbackHandleBreakpointException
DEBUGGING_CALLBACK_HANDLE_BREAKPOINT_EXCEPTION DebuggingCallbackHandleBreakpointException
Definition VMM.h:204

◆ DebuggingCallbackHandleDebugBreakpointException()

BOOLEAN DebuggingCallbackHandleDebugBreakpointException ( UINT32 CoreId)

routine callback to handle debug breakpoint exception

Parameters
CoreId
Returns
BOOLEAN
361{
362 if (g_Callbacks.DebuggingCallbackHandleDebugBreakpointException == NULL)
363 {
364 //
365 // re-inject it to not disrupt system normal execution
366 //
367 return FALSE;
368 }
369
370 return g_Callbacks.DebuggingCallbackHandleDebugBreakpointException(CoreId);
371}
_VMM_CALLBACKS::DebuggingCallbackHandleDebugBreakpointException
DEBUGGING_CALLBACK_HANDLE_DEBUG_BREAKPOINT_EXCEPTION DebuggingCallbackHandleDebugBreakpointException
Definition VMM.h:205

◆ InterceptionCallbackCr3VmexitsForThreadInterception()

VOID InterceptionCallbackCr3VmexitsForThreadInterception ( UINT32 CoreId,
CR3_TYPE NewCr3 )

routine callback to handle cr3 process change

Parameters
CoreId
NewCr3
Returns
VOID
429{
430 if (g_Callbacks.AttachingHandleCr3VmexitsForThreadInterception == NULL)
431 {
432 //
433 // ignore it
434 //
435 return;
436 }
437
438 g_Callbacks.AttachingHandleCr3VmexitsForThreadInterception(CoreId, NewCr3);
439}
_VMM_CALLBACKS::AttachingHandleCr3VmexitsForThreadInterception
ATTACHING_HANDLE_CR3_EVENTS_FOR_THREAD_INTERCEPTION AttachingHandleCr3VmexitsForThreadInterception
Definition VMM.h:221

◆ InterceptionCallbackTriggerCr3ProcessChange()

VOID InterceptionCallbackTriggerCr3ProcessChange ( UINT32 CoreId)

routine callback to handle cr3 process change

Parameters
CoreId
Returns
VOID
407{
408 if (g_Callbacks.InterceptionCallbackTriggerCr3ProcessChange == NULL)
409 {
410 //
411 // ignore it
412 //
413 return;
414 }
415
416 g_Callbacks.InterceptionCallbackTriggerCr3ProcessChange(CoreId);
417}
_VMM_CALLBACKS::InterceptionCallbackTriggerCr3ProcessChange
INTERCEPTION_CALLBACK_TRIGGER_CR3_CHANGE InterceptionCallbackTriggerCr3ProcessChange
Definition VMM.h:211

◆ LogCallbackCheckIfBufferIsFull()

BOOLEAN LogCallbackCheckIfBufferIsFull ( BOOLEAN Priority)

routines callback for checking if buffer is full

Parameters
Priority
Returns
BOOLEAN
101{
102 if (g_Callbacks.LogCallbackCheckIfBufferIsFull == NULL)
103 {
104 //
105 // Ignore sending message to queue
106 //
107 return FALSE;
108 }
109
110 return g_Callbacks.LogCallbackCheckIfBufferIsFull(Priority);
111}
_VMM_CALLBACKS::LogCallbackCheckIfBufferIsFull
LOG_CALLBACK_CHECK_IF_BUFFER_IS_FULL LogCallbackCheckIfBufferIsFull
Definition VMM.h:188

◆ LogCallbackPrepareAndSendMessageToQueue()

BOOLEAN LogCallbackPrepareAndSendMessageToQueue ( UINT32 OperationCode,
BOOLEAN IsImmediateMessage,
BOOLEAN ShowCurrentSystemTime,
BOOLEAN Priority,
const char * Fmt,
... )

routines callback for preparing and sending message to queue

Parameters
OperationCode
IsImmediateMessage
ShowCurrentSystemTime
Priority
Fmt
...
Returns
BOOLEAN
34{
35 BOOLEAN Result;
36 va_list ArgList;
37
38 if (g_Callbacks.LogCallbackPrepareAndSendMessageToQueueWrapper == NULL)
39 {
40 //
41 // Ignore sending message to queue
42 //
43 return FALSE;
44 }
45
46 va_start(ArgList, Fmt);
47
48 Result = g_Callbacks.LogCallbackPrepareAndSendMessageToQueueWrapper(OperationCode,
49 IsImmediateMessage,
50 ShowCurrentSystemTime,
51 Priority,
52 Fmt,
53 ArgList);
54 va_end(ArgList);
55
56 return Result;
57}
BOOLEAN
UCHAR BOOLEAN
Definition BasicTypes.h:39
_VMM_CALLBACKS::LogCallbackPrepareAndSendMessageToQueueWrapper
LOG_CALLBACK_PREPARE_AND_SEND_MESSAGE_TO_QUEUE LogCallbackPrepareAndSendMessageToQueueWrapper
Definition VMM.h:185

◆ LogCallbackSendBuffer()

BOOLEAN LogCallbackSendBuffer ( _In_ UINT32 OperationCode,
_In_reads_bytes_(BufferLength) PVOID Buffer,
_In_ UINT32 BufferLength,
_In_ BOOLEAN Priority )

routines callback for sending buffer

Parameters
OperationCode
Buffer
BufferLength
Priority
Returns
BOOLEAN
128{
129 if (g_Callbacks.LogCallbackSendBuffer == NULL)
130 {
131 //
132 // Ignore sending buffer
133 //
134 return FALSE;
135 }
136
137 return g_Callbacks.LogCallbackSendBuffer(OperationCode,
138 Buffer,
139 BufferLength,
140 Priority);
141}
_VMM_CALLBACKS::LogCallbackSendBuffer
LOG_CALLBACK_SEND_BUFFER LogCallbackSendBuffer
Definition VMM.h:187

◆ LogCallbackSendMessageToQueue()

BOOLEAN LogCallbackSendMessageToQueue ( UINT32 OperationCode,
BOOLEAN IsImmediateMessage,
CHAR * LogMessage,
UINT32 BufferLen,
BOOLEAN Priority )

routines callback for sending message to queue

Parameters
OperationCode
IsImmediateMessage
LogMessage
BufferLen
Priority
Returns
BOOLEAN
76{
77 if (g_Callbacks.LogCallbackSendMessageToQueue == NULL)
78 {
79 //
80 // Ignore sending message to queue
81 //
82 return FALSE;
83 }
84
85 return g_Callbacks.LogCallbackSendMessageToQueue(OperationCode,
86 IsImmediateMessage,
87 LogMessage,
88 BufferLen,
89 Priority);
90}
_VMM_CALLBACKS::LogCallbackSendMessageToQueue
LOG_CALLBACK_SEND_MESSAGE_TO_QUEUE LogCallbackSendMessageToQueue
Definition VMM.h:186

◆ VmmCallbackNmiBroadcastRequestHandler()

VOID VmmCallbackNmiBroadcastRequestHandler ( UINT32 CoreId,
BOOLEAN IsOnVmxNmiHandler )

routine callback to handle NMI requests

Parameters
CoreId
IsOnVmxNmiHandler
Returns
VOID
248{
249 if (g_Callbacks.VmmCallbackNmiBroadcastRequestHandler == NULL)
250 {
251 //
252 // ignore it
253 //
254 return;
255 }
256
257 g_Callbacks.VmmCallbackNmiBroadcastRequestHandler(CoreId, IsOnVmxNmiHandler);
258}
_VMM_CALLBACKS::VmmCallbackNmiBroadcastRequestHandler
VMM_CALLBACK_NMI_BROADCAST_REQUEST_HANDLER VmmCallbackNmiBroadcastRequestHandler
Definition VMM.h:196

◆ VmmCallbackQueryTerminateProtectedResource()

BOOLEAN VmmCallbackQueryTerminateProtectedResource ( UINT32 CoreId,
PROTECTED_HV_RESOURCES_TYPE ResourceType,
PVOID Context,
PROTECTED_HV_RESOURCES_PASSING_OVERS PassOver )

routine callback to query for termination of protected resources

Parameters
CoreId
ResourceType
Context
PassOver
Returns
BOOLEAN
275{
276 if (g_Callbacks.VmmCallbackQueryTerminateProtectedResource == NULL)
277 {
278 //
279 // ignore it
280 //
281 return FALSE;
282 }
283
284 return g_Callbacks.VmmCallbackQueryTerminateProtectedResource(CoreId, ResourceType, Context, PassOver);
285}
Context
NTKERNELAPI _In_opt_ PVOID Context
Definition Dpc.h:25
_VMM_CALLBACKS::VmmCallbackQueryTerminateProtectedResource
VMM_CALLBACK_QUERY_TERMINATE_PROTECTED_RESOURCE VmmCallbackQueryTerminateProtectedResource
Definition VMM.h:197

◆ VmmCallbackRegisteredMtfHandler()

VOID VmmCallbackRegisteredMtfHandler ( UINT32 CoreId)

routine callback to handle registered MTF

Parameters
CoreId
Returns
VOID
226{
227 if (g_Callbacks.VmmCallbackRegisteredMtfHandler == NULL)
228 {
229 //
230 // ignore it
231 //
232 return;
233 }
234
235 g_Callbacks.VmmCallbackRegisteredMtfHandler(CoreId);
236}
_VMM_CALLBACKS::VmmCallbackRegisteredMtfHandler
VMM_CALLBACK_REGISTERED_MTF_HANDLER VmmCallbackRegisteredMtfHandler
Definition VMM.h:219

◆ VmmCallbackRestoreEptState()

BOOLEAN VmmCallbackRestoreEptState ( UINT32 CoreId)

routine callback to restore EPT state

Parameters
CoreId
Returns
BOOLEAN
295{
296 if (g_Callbacks.VmmCallbackRestoreEptState == NULL)
297 {
298 //
299 // ignore it as it's not handled
300 //
301 return FALSE;
302 }
303
304 return g_Callbacks.VmmCallbackRestoreEptState(CoreId);
305}
_VMM_CALLBACKS::VmmCallbackRestoreEptState
VMM_CALLBACK_RESTORE_EPT_STATE VmmCallbackRestoreEptState
Definition VMM.h:198

◆ VmmCallbackSetLastError()

VOID VmmCallbackSetLastError ( UINT32 LastError)

routine callback to set last error

Parameters
LastError
Returns
VOID
176{
177 if (g_Callbacks.VmmCallbackSetLastError == NULL)
178 {
179 //
180 // Ignore setting the last error
181 //
182 return;
183 }
184
185 g_Callbacks.VmmCallbackSetLastError(LastError);
186}
_VMM_CALLBACKS::VmmCallbackSetLastError
VMM_CALLBACK_SET_LAST_ERROR VmmCallbackSetLastError
Definition VMM.h:194

◆ VmmCallbackTriggerEvents()

VMM_CALLBACK_TRIGGERING_EVENT_STATUS_TYPE VmmCallbackTriggerEvents ( VMM_EVENT_TYPE_ENUM EventType,
VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE CallingStage,
PVOID Context,
BOOLEAN * PostEventRequired,
GUEST_REGS * Regs )

routines callback to trigger events

Parameters
EventType
CallingStage
Context
PostEventRequired
Regs
Returns
VMM_CALLBACK_TRIGGERING_EVENT_STATUS_TYPE
159{
160 if (g_Callbacks.VmmCallbackTriggerEvents == NULL)
161 {
162 return VMM_CALLBACK_TRIGGERING_EVENT_STATUS_SUCCESSFUL_NO_INITIALIZED;
163 }
164
165 return g_Callbacks.VmmCallbackTriggerEvents(EventType, CallingStage, Context, PostEventRequired, Regs);
166}
VMM_CALLBACK_TRIGGERING_EVENT_STATUS_SUCCESSFUL_NO_INITIALIZED
@ VMM_CALLBACK_TRIGGERING_EVENT_STATUS_SUCCESSFUL_NO_INITIALIZED
Definition Events.h:78
_VMM_CALLBACKS::VmmCallbackTriggerEvents
VMM_CALLBACK_TRIGGER_EVENTS VmmCallbackTriggerEvents
Definition VMM.h:193

◆ VmmCallbackUnhandledEptViolation()

BOOLEAN VmmCallbackUnhandledEptViolation ( UINT32 CoreId,
UINT64 ViolationQualification,
UINT64 GuestPhysicalAddr )

routine callback to handle unhandled EPT violations

Parameters
CoreId
ViolationQualification
GuestPhysicalAddr
Returns
BOOLEAN
319{
320 if (g_Callbacks.VmmCallbackCheckUnhandledEptViolations == NULL)
321 {
322 //
323 // ignore it as it's not handled
324 //
325 return FALSE;
326 }
327
328 return g_Callbacks.VmmCallbackCheckUnhandledEptViolations(CoreId, ViolationQualification, GuestPhysicalAddr);
329}
_VMM_CALLBACKS::VmmCallbackCheckUnhandledEptViolations
VMM_CALLBACK_CHECK_UNHANDLED_EPT_VIOLATION VmmCallbackCheckUnhandledEptViolations
Definition VMM.h:199

◆ VmmCallbackVmcallHandler()

BOOLEAN VmmCallbackVmcallHandler ( UINT32 CoreId,
UINT64 VmcallNumber,
UINT64 OptionalParam1,
UINT64 OptionalParam2,
UINT64 OptionalParam3 )

routine callback to handle external VMCALLs

Parameters
CoreId
VmcallNumber
OptionalParam1
OptionalParam2
OptionalParam3
Returns
BOOLEAN
205{
206 if (g_Callbacks.VmmCallbackVmcallHandler == NULL)
207 {
208 //
209 // Ignore handling external VMCALLs
210 //
211 return FALSE;
212 }
213
214 return g_Callbacks.VmmCallbackVmcallHandler(CoreId, VmcallNumber, OptionalParam1, OptionalParam2, OptionalParam3);
215}
_VMM_CALLBACKS::VmmCallbackVmcallHandler
VMM_CALLBACK_VMCALL_HANDLER VmmCallbackVmcallHandler
Definition VMM.h:195