_callback_8h_source.html

#pragma once


//

// Log Callbacks

//


BOOLEAN

LogCallbackPrepareAndSendMessageToQueue(UINT32       OperationCode,

                                        BOOLEAN      IsImmediateMessage,

                                        BOOLEAN      ShowCurrentSystemTime,

                                        BOOLEAN      Priority,

                                        const char * Fmt,

                                        ...);


BOOLEAN

LogCallbackSendMessageToQueue(UINT32  OperationCode,

                              BOOLEAN IsImmediateMessage,

                              CHAR *  LogMessage,

                              UINT32  BufferLen,

                              BOOLEAN Priority);


BOOLEAN

LogCallbackCheckIfBufferIsFull(BOOLEAN Priority);


BOOLEAN

LogCallbackSendBuffer(_In_ UINT32                          OperationCode,

                      _In_reads_bytes_(BufferLength) PVOID Buffer,

                      _In_ UINT32                          BufferLength,

                      _In_ BOOLEAN                         Priority);


//

// VMM Callbacks

//


VMM_CALLBACK_TRIGGERING_EVENT_STATUS_TYPE

VmmCallbackTriggerEvents(VMM_EVENT_TYPE_ENUM                   EventType,

                         VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE CallingStage,

                         PVOID                                 Context,

                         BOOLEAN *                             PostEventRequired,

                         GUEST_REGS *                          Regs);


BOOLEAN

VmmCallbackVmcallHandler(UINT32 CoreId,

                         UINT64 VmcallNumber,

                         UINT64 OptionalParam1,

                         UINT64 OptionalParam2,

                         UINT64 OptionalParam3);


BOOLEAN

VmmCallbackQueryTerminateProtectedResource(UINT32                               CoreId,

                                           PROTECTED_HV_RESOURCES_TYPE          ResourceType,

                                           PVOID                                Context,

                                           PROTECTED_HV_RESOURCES_PASSING_OVERS PassOver);


BOOLEAN

VmmCallbackRestoreEptState(UINT32 CoreId);


BOOLEAN

VmmCallbackUnhandledEptViolation(UINT32 CoreId,

                                 UINT64 ViolationQualification,

                                 UINT64 GuestPhysicalAddr);


VOID

VmmCallbackSetLastError(UINT32 LastError);


VOID

VmmCallbackRegisteredMtfHandler(UINT32 CoreId);


VOID

VmmCallbackNmiBroadcastRequestHandler(UINT32 CoreId, BOOLEAN IsOnVmxNmiHandler);


//

// Debugging Callbacks

//


BOOLEAN

DebuggingCallbackHandleBreakpointException(UINT32 CoreId);


BOOLEAN

DebuggingCallbackHandleDebugBreakpointException(UINT32 CoreId);


BOOLEAN

DebuggingCallbackConditionalPageFaultException(UINT32 CoreId,

                                               UINT64 Address,

                                               UINT32 PageFaultErrorCode);


//

// Interception Callbacks

//


VOID

InterceptionCallbackTriggerCr3ProcessChange(UINT32 CoreId);


VOID

InterceptionCallbackCr3VmexitsForThreadInterception(UINT32 CoreId, CR3_TYPE NewCr3);

BOOLEAN
UCHAR BOOLEAN
Definition BasicTypes.h:39

VOID
#define VOID
Definition BasicTypes.h:33

UINT64
unsigned __int64 UINT64
Definition BasicTypes.h:21

UINT32
unsigned int UINT32
Definition BasicTypes.h:48

CHAR
char CHAR
Definition BasicTypes.h:31

DebuggingCallbackConditionalPageFaultException
BOOLEAN DebuggingCallbackConditionalPageFaultException(UINT32 CoreId, UINT64 Address, UINT32 PageFaultErrorCode)
routine callback to handle conditional page-fault exception
Definition Callback.c:383

LogCallbackSendMessageToQueue
BOOLEAN LogCallbackSendMessageToQueue(UINT32 OperationCode, BOOLEAN IsImmediateMessage, CHAR *LogMessage, UINT32 BufferLen, BOOLEAN Priority)
routines callback for sending message to queue
Definition Callback.c:71

LogCallbackPrepareAndSendMessageToQueue
BOOLEAN LogCallbackPrepareAndSendMessageToQueue(UINT32 OperationCode, BOOLEAN IsImmediateMessage, BOOLEAN ShowCurrentSystemTime, BOOLEAN Priority, const char *Fmt,...)
routines callback for preparing and sending message to queue
Definition Callback.c:28

DebuggingCallbackHandleDebugBreakpointException
BOOLEAN DebuggingCallbackHandleDebugBreakpointException(UINT32 CoreId)
routine callback to handle debug breakpoint exception
Definition Callback.c:360

VmmCallbackRegisteredMtfHandler
VOID VmmCallbackRegisteredMtfHandler(UINT32 CoreId)
routine callback to handle registered MTF
Definition Callback.c:225

VmmCallbackTriggerEvents
VMM_CALLBACK_TRIGGERING_EVENT_STATUS_TYPE VmmCallbackTriggerEvents(VMM_EVENT_TYPE_ENUM EventType, VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE CallingStage, PVOID Context, BOOLEAN *PostEventRequired, GUEST_REGS *Regs)
routines callback to trigger events
Definition Callback.c:154

VmmCallbackRestoreEptState
BOOLEAN VmmCallbackRestoreEptState(UINT32 CoreId)
routine callback to restore EPT state
Definition Callback.c:294

LogCallbackCheckIfBufferIsFull
BOOLEAN LogCallbackCheckIfBufferIsFull(BOOLEAN Priority)
routines callback for checking if buffer is full
Definition Callback.c:100

VmmCallbackSetLastError
VOID VmmCallbackSetLastError(UINT32 LastError)
routine callback to set last error
Definition Callback.c:175

DebuggingCallbackHandleBreakpointException
BOOLEAN DebuggingCallbackHandleBreakpointException(UINT32 CoreId)
routine callback to handle breakpoint exception
Definition Callback.c:339

VmmCallbackQueryTerminateProtectedResource
BOOLEAN VmmCallbackQueryTerminateProtectedResource(UINT32 CoreId, PROTECTED_HV_RESOURCES_TYPE ResourceType, PVOID Context, PROTECTED_HV_RESOURCES_PASSING_OVERS PassOver)
routine callback to query for termination of protected resources
Definition Callback.c:271

InterceptionCallbackCr3VmexitsForThreadInterception
VOID InterceptionCallbackCr3VmexitsForThreadInterception(UINT32 CoreId, CR3_TYPE NewCr3)
routine callback to handle cr3 process change
Definition Callback.c:428

VmmCallbackNmiBroadcastRequestHandler
VOID VmmCallbackNmiBroadcastRequestHandler(UINT32 CoreId, BOOLEAN IsOnVmxNmiHandler)
routine callback to handle NMI requests
Definition Callback.c:247

VmmCallbackUnhandledEptViolation
BOOLEAN VmmCallbackUnhandledEptViolation(UINT32 CoreId, UINT64 ViolationQualification, UINT64 GuestPhysicalAddr)
routine callback to handle unhandled EPT violations
Definition Callback.c:316

LogCallbackSendBuffer
BOOLEAN LogCallbackSendBuffer(_In_ UINT32 OperationCode, _In_reads_bytes_(BufferLength) PVOID Buffer, _In_ UINT32 BufferLength, _In_ BOOLEAN Priority)
routines callback for sending buffer
Definition Callback.c:123

VmmCallbackVmcallHandler
BOOLEAN VmmCallbackVmcallHandler(UINT32 CoreId, UINT64 VmcallNumber, UINT64 OptionalParam1, UINT64 OptionalParam2, UINT64 OptionalParam3)
routine callback to handle external VMCALLs
Definition Callback.c:200

InterceptionCallbackTriggerCr3ProcessChange
VOID InterceptionCallbackTriggerCr3ProcessChange(UINT32 CoreId)
routine callback to handle cr3 process change
Definition Callback.c:406

VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE
enum _VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE
Type of calling the event.

Address
UINT64 Address
Definition HyperDbgScriptImports.h:67

Context
NTKERNELAPI _In_opt_ PVOID Context
Definition Dpc.h:25

PROTECTED_HV_RESOURCES_TYPE
enum _PROTECTED_HV_RESOURCES_TYPE PROTECTED_HV_RESOURCES_TYPE
Type of protected (multi-used) resources.

VMM_CALLBACK_TRIGGERING_EVENT_STATUS_TYPE
enum _VMM_CALLBACK_TRIGGERING_EVENT_STATUS_TYPE VMM_CALLBACK_TRIGGERING_EVENT_STATUS_TYPE
The status of triggering events.

PROTECTED_HV_RESOURCES_PASSING_OVERS
enum _PROTECTED_HV_RESOURCES_PASSING_OVERS PROTECTED_HV_RESOURCES_PASSING_OVERS
Things to consider when applying resources.

VMM_EVENT_TYPE_ENUM
enum _VMM_EVENT_TYPE_ENUM VMM_EVENT_TYPE_ENUM
enum to show type of all HyperDbg events

_CR3_TYPE
CR3 Structure.
Definition BasicTypes.h:130

GUEST_REGS
Definition BasicTypes.h:70