HyperDbg Debugger
Loading...
Searching...
No Matches
Functions
Conversion.c File Reference

Functions for address checks. More...

#include "pch.h"

Functions

_Use_decl_annotations_ UINT64 PhysicalAddressToVirtualAddress (UINT64 PhysicalAddress)
 Converts Physical Address to Virtual Address.
 
_Use_decl_annotations_ UINT64 PhysicalAddressToVirtualAddressByProcessId (PVOID PhysicalAddress, UINT32 ProcessId)
 Converts Physical Address to Virtual Address based on a specific process id.
 
_Use_decl_annotations_ UINT64 PhysicalAddressToVirtualAddressByCr3 (PVOID PhysicalAddress, CR3_TYPE TargetCr3)
 Converts Physical Address to Virtual Address based on a specific process's kernel cr3.
 
_Use_decl_annotations_ UINT64 PhysicalAddressToVirtualAddressOnTargetProcess (PVOID PhysicalAddress)
 Converts Physical Address to Virtual Address based on current process's kernel cr3.
 
_Use_decl_annotations_ UINT64 VirtualAddressToPhysicalAddress (_In_ PVOID VirtualAddress)
 Converts Virtual Address to Physical Address.
 
_Use_decl_annotations_ UINT64 VirtualAddressToPhysicalAddressByProcessId (PVOID VirtualAddress, UINT32 ProcessId)
 Converts Virtual Address to Physical Address based on a specific process id's kernel cr3.
 
_Use_decl_annotations_ UINT64 VirtualAddressToPhysicalAddressByProcessCr3 (PVOID VirtualAddress, CR3_TYPE TargetCr3)
 Converts Virtual Address to Physical Address based on a specific process's kernel cr3.
 
_Use_decl_annotations_ UINT64 VirtualAddressToPhysicalAddressOnTargetProcess (PVOID VirtualAddress)
 Converts Virtual Address to Physical Address based on the current process's kernel cr3.
 

Detailed Description

Functions for address checks.

Functions for memory conversions.

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.2
Date
2023-04-27
Copyright
This project is released under the GNU Public License v3.

Function Documentation

◆ PhysicalAddressToVirtualAddress()

_Use_decl_annotations_ UINT64 PhysicalAddressToVirtualAddress ( UINT64 PhysicalAddress)

Converts Physical Address to Virtual Address.

Parameters
PhysicalAddressThe target physical address
Returns
UINT64 Returns the virtual address
23{
24 PHYSICAL_ADDRESS PhysicalAddr;
25 PhysicalAddr.QuadPart = PhysicalAddress;
26
27 return (UINT64)MmGetVirtualForPhysical(PhysicalAddr);
28}
UINT64
unsigned __int64 UINT64
Definition BasicTypes.h:21

◆ PhysicalAddressToVirtualAddressByCr3()

_Use_decl_annotations_ UINT64 PhysicalAddressToVirtualAddressByCr3 ( PVOID PhysicalAddress,
CR3_TYPE TargetCr3 )

Converts Physical Address to Virtual Address based on a specific process's kernel cr3.

this function should NOT be called from vmx-root mode

Parameters
PhysicalAddressThe target physical address
TargetCr3The target's process cr3
Returns
UINT64 Returns the virtual address
91{
92 CR3_TYPE CurrentProcessCr3;
93 UINT64 VirtualAddress;
94 PHYSICAL_ADDRESS PhysicalAddr;
95
96 //
97 // Switch to new process's memory layout
98 //
99 CurrentProcessCr3 = SwitchToProcessMemoryLayoutByCr3(TargetCr3);
100
101 //
102 // Validate if process id is valid
103 //
104 if (CurrentProcessCr3.Flags == NULL64_ZERO)
105 {
106 //
107 // Pid is invalid
108 //
109 return NULL64_ZERO;
110 }
111
112 //
113 // Read the virtual address based on new cr3
114 //
115 PhysicalAddr.QuadPart = (LONGLONG)PhysicalAddress;
116 VirtualAddress = (UINT64)MmGetVirtualForPhysical(PhysicalAddr);
117
118 //
119 // Restore the original process
120 //
121 SwitchToPreviousProcess(CurrentProcessCr3);
122
123 return VirtualAddress;
124}
NULL64_ZERO
#define NULL64_ZERO
Definition BasicTypes.h:52
SwitchToPreviousProcess
_Use_decl_annotations_ VOID SwitchToPreviousProcess(CR3_TYPE PreviousProcess)
Switch to previous process's cr3.
Definition SwitchLayout.c:125
SwitchToProcessMemoryLayoutByCr3
_Use_decl_annotations_ CR3_TYPE SwitchToProcessMemoryLayoutByCr3(CR3_TYPE TargetCr3)
Switch to another process's cr3.
Definition SwitchLayout.c:99
_CR3_TYPE
CR3 Structure.
Definition BasicTypes.h:130
_CR3_TYPE::Flags
UINT64 Flags
Definition BasicTypes.h:133

◆ PhysicalAddressToVirtualAddressByProcessId()

_Use_decl_annotations_ UINT64 PhysicalAddressToVirtualAddressByProcessId ( PVOID PhysicalAddress,
UINT32 ProcessId )

Converts Physical Address to Virtual Address based on a specific process id.

this function should NOT be called from vmx-root mode

Parameters
PhysicalAddressThe target physical address
ProcessIdThe target's process id
Returns
UINT64 Returns the virtual address
43{
44 CR3_TYPE CurrentProcessCr3;
45 UINT64 VirtualAddress;
46 PHYSICAL_ADDRESS PhysicalAddr;
47
48 //
49 // Switch to new process's memory layout
50 //
51 CurrentProcessCr3 = SwitchToProcessMemoryLayout(ProcessId);
52
53 //
54 // Validate if process id is valid
55 //
56 if (CurrentProcessCr3.Flags == NULL64_ZERO)
57 {
58 //
59 // Pid is invalid
60 //
61 return NULL64_ZERO;
62 }
63
64 //
65 // Read the virtual address based on new cr3
66 //
67 PhysicalAddr.QuadPart = (LONGLONG)PhysicalAddress;
68 VirtualAddress = (UINT64)MmGetVirtualForPhysical(PhysicalAddr);
69
70 //
71 // Restore the original process
72 //
73 SwitchToPreviousProcess(CurrentProcessCr3);
74
75 return VirtualAddress;
76}
SwitchToProcessMemoryLayout
_Use_decl_annotations_ CR3_TYPE SwitchToProcessMemoryLayout(UINT32 ProcessId)
Switch to another process's cr3.
Definition SwitchLayout.c:25

◆ PhysicalAddressToVirtualAddressOnTargetProcess()

_Use_decl_annotations_ UINT64 PhysicalAddressToVirtualAddressOnTargetProcess ( PVOID PhysicalAddress)

Converts Physical Address to Virtual Address based on current process's kernel cr3.

this function should NOT be called from vmx-root mode

Parameters
PhysicalAddressThe target physical address
Returns
UINT64 Returns the virtual address
138{
139 CR3_TYPE GuestCr3;
140
141 GuestCr3.Flags = LayoutGetCurrentProcessCr3().Flags;
142
143 return PhysicalAddressToVirtualAddressByCr3(PhysicalAddress, GuestCr3);
144}
PhysicalAddressToVirtualAddressByCr3
_Use_decl_annotations_ UINT64 PhysicalAddressToVirtualAddressByCr3(PVOID PhysicalAddress, CR3_TYPE TargetCr3)
Converts Physical Address to Virtual Address based on a specific process's kernel cr3.
Definition Conversion.c:90
LayoutGetCurrentProcessCr3
CR3_TYPE LayoutGetCurrentProcessCr3()
Get cr3 of the target running process.
Definition Layout.c:55

◆ VirtualAddressToPhysicalAddress()

_Use_decl_annotations_ UINT64 VirtualAddressToPhysicalAddress ( _In_ PVOID VirtualAddress)

Converts Virtual Address to Physical Address.

Parameters
VirtualAddressThe target virtual address
Returns
UINT64 Returns the physical address
155{
156 return MmGetPhysicalAddress(VirtualAddress).QuadPart;
157}

◆ VirtualAddressToPhysicalAddressByProcessCr3()

_Use_decl_annotations_ UINT64 VirtualAddressToPhysicalAddressByProcessCr3 ( PVOID VirtualAddress,
CR3_TYPE TargetCr3 )

Converts Virtual Address to Physical Address based on a specific process's kernel cr3.

Parameters
VirtualAddressThe target virtual address
TargetCr3The target's process cr3
Returns
UINT64 Returns the physical address
216{
217 CR3_TYPE CurrentProcessCr3;
218 UINT64 PhysicalAddress;
219
220 //
221 // Switch to new process's memory layout
222 //
223 CurrentProcessCr3 = SwitchToProcessMemoryLayoutByCr3(TargetCr3);
224
225 //
226 // Validate if process id is valid
227 //
228 if (CurrentProcessCr3.Flags == NULL64_ZERO)
229 {
230 //
231 // Pid is invalid
232 //
233 return NULL64_ZERO;
234 }
235
236 //
237 // Read the physical address based on new cr3
238 //
239 PhysicalAddress = MmGetPhysicalAddress(VirtualAddress).QuadPart;
240
241 //
242 // Restore the original process
243 //
244 SwitchToPreviousProcess(CurrentProcessCr3);
245
246 return PhysicalAddress;
247}

◆ VirtualAddressToPhysicalAddressByProcessId()

_Use_decl_annotations_ UINT64 VirtualAddressToPhysicalAddressByProcessId ( PVOID VirtualAddress,
UINT32 ProcessId )

Converts Virtual Address to Physical Address based on a specific process id's kernel cr3.

this function should NOT be called from vmx-root mode

Parameters
VirtualAddressThe target virtual address
ProcessIdThe target's process id
Returns
UINT64 Returns the physical address
172{
173 CR3_TYPE CurrentProcessCr3;
174 UINT64 PhysicalAddress;
175
176 //
177 // Switch to new process's memory layout
178 //
179 CurrentProcessCr3 = SwitchToProcessMemoryLayout(ProcessId);
180
181 //
182 // Validate if process id is valid
183 //
184 if (CurrentProcessCr3.Flags == NULL64_ZERO)
185 {
186 //
187 // Pid is invalid
188 //
189 return NULL64_ZERO;
190 }
191
192 //
193 // Read the physical address based on new cr3
194 //
195 PhysicalAddress = MmGetPhysicalAddress(VirtualAddress).QuadPart;
196
197 //
198 // Restore the original process
199 //
200 SwitchToPreviousProcess(CurrentProcessCr3);
201
202 return PhysicalAddress;
203}

◆ VirtualAddressToPhysicalAddressOnTargetProcess()

_Use_decl_annotations_ UINT64 VirtualAddressToPhysicalAddressOnTargetProcess ( PVOID VirtualAddress)

Converts Virtual Address to Physical Address based on the current process's kernel cr3.

Parameters
VirtualAddressThe target virtual address
Returns
UINT64 Returns the physical address
259{
260 CR3_TYPE CurrentCr3;
261 CR3_TYPE GuestCr3;
262 UINT64 PhysicalAddress;
263
264 GuestCr3.Flags = LayoutGetCurrentProcessCr3().Flags;
265
266 //
267 // Switch to new process's memory layout
268 //
269 CurrentCr3 = SwitchToProcessMemoryLayoutByCr3(GuestCr3);
270
271 //
272 // Validate if process id is valid
273 //
274 if (CurrentCr3.Flags == NULL64_ZERO)
275 {
276 //
277 // Pid is invalid
278 //
279 return NULL64_ZERO;
280 }
281
282 //
283 // Read the physical address based on new cr3
284 //
285 PhysicalAddress = MmGetPhysicalAddress(VirtualAddress).QuadPart;
286
287 //
288 // Restore the original process
289 //
290 SwitchToPreviousProcess(CurrentCr3);
291
292 return PhysicalAddress;
293}