HyperDbg Debugger
Loading...
Searching...
No Matches
Classes | Macros | Typedefs | Enumerations
DataTypes.h File Reference

HyperDbg's SDK data type definitions. More...

Go to the source code of this file.

Classes

struct  _DEBUGGEE_USER_INPUT_PACKET
 The structure of user-input packet in HyperDbg. More...
 
struct  _DEBUGGEE_EVENT_AND_ACTION_HEADER_FOR_REMOTE_PACKET
 The structure of user-input packet in HyperDbg. More...
 
struct  _DEBUGGER_PAUSE_PACKET_RECEIVED
 request to pause and halt the system More...
 
struct  _DEBUGGER_TRIGGERED_EVENT_DETAILS
 The structure of detail of a triggered event in HyperDbg. More...
 
struct  _DEBUGGEE_KD_PAUSED_PACKET
 The structure of pausing packet in kHyperDbg. More...
 
struct  _DEBUGGEE_UD_PAUSED_PACKET
 The structure of pausing packet in uHyperDbg. More...
 
struct  _DEBUGGEE_MESSAGE_PACKET
 The structure of message packet in HyperDbg. More...
 
struct  _REGISTER_NOTIFY_BUFFER
 Used to register event for transferring buffer between user-to-kernel. More...
 
struct  _DIRECT_VMCALL_PARAMETERS
 Used for sending direct VMCALLs on the VMX root-mode. More...
 
struct  _EPT_HOOKS_CONTEXT
 Temporary $context used in some EPT hook commands. More...
 
struct  _EPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR
 Setting details for EPT Hooks (!monitor) More...
 
struct  _EPT_HOOKS_ADDRESS_DETAILS_FOR_EPTHOOK2
 Setting details for EPT Hooks (!epthook2) More...
 
struct  _EPT_SINGLE_HOOK_UNHOOKING_DETAILS
 Details of unhooking single EPT hooks. More...
 
union  VMX_SEGMENT_ACCESS_RIGHTS_TYPE
 Describe segment selector in VMX. More...
 
struct  _VMX_SEGMENT_SELECTOR
 Segment selector. More...
 

Macros

#define SIZEOF_DEBUGGER_PAUSE_PACKET_RECEIVED    sizeof(DEBUGGER_PAUSE_PACKET_RECEIVED)
 

Typedefs

typedef enum _PAGING_LEVEL PAGING_LEVEL
 Different levels of paging.
 
typedef enum _POOL_ALLOCATION_INTENTION POOL_ALLOCATION_INTENTION
 Inum of intentions for buffers (buffer tag)
 
typedef enum _DEBUG_REGISTER_TYPE DEBUG_REGISTER_TYPE
 
typedef enum _VMX_EXECUTION_MODE VMX_EXECUTION_MODE
 
typedef enum _VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE
 Type of calling the event.
 
typedef enum _DEBUGGER_THREAD_PROCESS_TRACING DEBUGGER_THREAD_PROCESS_TRACING
 enum to query different process and thread interception mechanisms
 
typedef int(* SendMessageWithParamCallback) (const char *Text)
 Callback type that can be used to be used as a custom ShowMessages function (by passing message as a parameter)
 
typedef int(* SendMessageWWithSharedBufferCallback) ()
 Callback type that can be used to be used as a custom ShowMessages function (using shared buffer)
 
typedef struct _DEBUGGEE_USER_INPUT_PACKET DEBUGGEE_USER_INPUT_PACKET
 The structure of user-input packet in HyperDbg.
 
typedef struct _DEBUGGEE_USER_INPUT_PACKETPDEBUGGEE_USER_INPUT_PACKET
 
typedef struct _DEBUGGEE_EVENT_AND_ACTION_HEADER_FOR_REMOTE_PACKET DEBUGGEE_EVENT_AND_ACTION_HEADER_FOR_REMOTE_PACKET
 The structure of user-input packet in HyperDbg.
 
typedef struct _DEBUGGEE_EVENT_AND_ACTION_HEADER_FOR_REMOTE_PACKETPDEBUGGEE_EVENT_AND_ACTION_HEADER_FOR_REMOTE_PACKET
 
typedef struct _DEBUGGER_PAUSE_PACKET_RECEIVED DEBUGGER_PAUSE_PACKET_RECEIVED
 request to pause and halt the system
 
typedef struct _DEBUGGER_PAUSE_PACKET_RECEIVEDPDEBUGGER_PAUSE_PACKET_RECEIVED
 
typedef struct _DEBUGGER_TRIGGERED_EVENT_DETAILS DEBUGGER_TRIGGERED_EVENT_DETAILS
 The structure of detail of a triggered event in HyperDbg.
 
typedef struct _DEBUGGER_TRIGGERED_EVENT_DETAILSPDEBUGGER_TRIGGERED_EVENT_DETAILS
 
typedef struct _DEBUGGEE_KD_PAUSED_PACKET DEBUGGEE_KD_PAUSED_PACKET
 The structure of pausing packet in kHyperDbg.
 
typedef struct _DEBUGGEE_KD_PAUSED_PACKETPDEBUGGEE_KD_PAUSED_PACKET
 
typedef struct _DEBUGGEE_UD_PAUSED_PACKET DEBUGGEE_UD_PAUSED_PACKET
 The structure of pausing packet in uHyperDbg.
 
typedef struct _DEBUGGEE_UD_PAUSED_PACKETPDEBUGGEE_UD_PAUSED_PACKET
 
typedef enum _NOTIFY_TYPE NOTIFY_TYPE
 Type of transferring buffer between user-to-kernel.
 
typedef struct _DEBUGGEE_MESSAGE_PACKET DEBUGGEE_MESSAGE_PACKET
 The structure of message packet in HyperDbg.
 
typedef struct _DEBUGGEE_MESSAGE_PACKETPDEBUGGEE_MESSAGE_PACKET
 
typedef struct _REGISTER_NOTIFY_BUFFER REGISTER_NOTIFY_BUFFER
 Used to register event for transferring buffer between user-to-kernel.
 
typedef struct _REGISTER_NOTIFY_BUFFERPREGISTER_NOTIFY_BUFFER
 
typedef struct _DIRECT_VMCALL_PARAMETERS DIRECT_VMCALL_PARAMETERS
 Used for sending direct VMCALLs on the VMX root-mode.
 
typedef struct _DIRECT_VMCALL_PARAMETERSPDIRECT_VMCALL_PARAMETERS
 
typedef enum _DEBUGGER_HOOK_MEMORY_TYPE DEBUGGER_HOOK_MEMORY_TYPE
 different type of memory addresses
 
typedef struct _EPT_HOOKS_CONTEXT EPT_HOOKS_CONTEXT
 Temporary $context used in some EPT hook commands.
 
typedef struct _EPT_HOOKS_CONTEXTPEPT_HOOKS_CONTEXT
 
typedef struct _EPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR EPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR
 Setting details for EPT Hooks (!monitor)
 
typedef struct _EPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITORPEPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR
 
typedef struct _EPT_HOOKS_ADDRESS_DETAILS_FOR_EPTHOOK2 EPT_HOOKS_ADDRESS_DETAILS_FOR_EPTHOOK2
 Setting details for EPT Hooks (!epthook2)
 
typedef struct _EPT_HOOKS_ADDRESS_DETAILS_FOR_EPTHOOK2PEPT_HOOKS_ADDRESS_DETAILS_FOR_EPTHOOK2
 
typedef struct _EPT_SINGLE_HOOK_UNHOOKING_DETAILS EPT_SINGLE_HOOK_UNHOOKING_DETAILS
 Details of unhooking single EPT hooks.
 
typedef struct _EPT_SINGLE_HOOK_UNHOOKING_DETAILSPEPT_SINGLE_HOOK_UNHOOKING_DETAILS
 
typedef struct _VMX_SEGMENT_SELECTOR VMX_SEGMENT_SELECTOR
 Segment selector.
 
typedef struct _VMX_SEGMENT_SELECTORPVMX_SEGMENT_SELECTOR
 

Enumerations

enum  _PAGING_LEVEL { PagingLevelPageTable = 0 , PagingLevelPageDirectory , PagingLevelPageDirectoryPointerTable , PagingLevelPageMapLevel4 }
 Different levels of paging. More...
 
enum  _POOL_ALLOCATION_INTENTION {
  TRACKING_HOOKED_PAGES , EXEC_TRAMPOLINE , SPLIT_2MB_PAGING_TO_4KB_PAGE , DETOUR_HOOK_DETAILS ,
  BREAKPOINT_DEFINITION_STRUCTURE , PROCESS_THREAD_HOLDER , INSTANT_REGULAR_EVENT_BUFFER , INSTANT_BIG_EVENT_BUFFER ,
  INSTANT_REGULAR_EVENT_ACTION_BUFFER , INSTANT_BIG_EVENT_ACTION_BUFFER , INSTANT_REGULAR_SAFE_BUFFER_FOR_EVENTS , INSTANT_BIG_SAFE_BUFFER_FOR_EVENTS
}
 Inum of intentions for buffers (buffer tag) More...
 
enum  _DEBUG_REGISTER_TYPE { BREAK_ON_INSTRUCTION_FETCH , BREAK_ON_WRITE_ONLY , BREAK_ON_IO_READ_OR_WRITE_NOT_SUPPORTED , BREAK_ON_READ_AND_WRITE_BUT_NOT_FETCH }
 
enum  _VMX_EXECUTION_MODE { VmxExecutionModeNonRoot = FALSE , VmxExecutionModeRoot = TRUE }
 
enum  _VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE { VMM_CALLBACK_CALLING_STAGE_INVALID_EVENT_EMULATION = 0 , VMM_CALLBACK_CALLING_STAGE_PRE_EVENT_EMULATION = 1 , VMM_CALLBACK_CALLING_STAGE_POST_EVENT_EMULATION = 2 , VMM_CALLBACK_CALLING_STAGE_ALL_EVENT_EMULATION = 3 }
 Type of calling the event. More...
 
enum  _DEBUGGER_THREAD_PROCESS_TRACING { DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_INTERRUPTS_FOR_THREAD_CHANGE , DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_INTERRUPTS_FOR_PROCESS_CHANGE , DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_DEBUG_REGISTER_INTERCEPTION , DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_WAITING_FOR_MOV_CR3_VM_EXITS }
 enum to query different process and thread interception mechanisms More...
 
enum  _NOTIFY_TYPE { IRP_BASED , EVENT_BASED }
 Type of transferring buffer between user-to-kernel. More...
 
enum  _DEBUGGER_HOOK_MEMORY_TYPE { DEBUGGER_MEMORY_HOOK_VIRTUAL_ADDRESS , DEBUGGER_MEMORY_HOOK_PHYSICAL_ADDRESS }
 different type of memory addresses More...
 

Detailed Description

HyperDbg's SDK data type definitions.

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)

This file contains definitions of structures, enums, etc. used in HyperDbg

Version
0.2
Date
2022-06-22
Copyright
This project is released under the GNU Public License v3.

Macro Definition Documentation

◆ SIZEOF_DEBUGGER_PAUSE_PACKET_RECEIVED

#define SIZEOF_DEBUGGER_PAUSE_PACKET_RECEIVED    sizeof(DEBUGGER_PAUSE_PACKET_RECEIVED)
170#define SIZEOF_DEBUGGER_PAUSE_PACKET_RECEIVED \
171 sizeof(DEBUGGER_PAUSE_PACKET_RECEIVED)

Typedef Documentation

◆ DEBUG_REGISTER_TYPE

typedef enum _DEBUG_REGISTER_TYPE DEBUG_REGISTER_TYPE

◆ DEBUGGEE_EVENT_AND_ACTION_HEADER_FOR_REMOTE_PACKET

typedef struct _DEBUGGEE_EVENT_AND_ACTION_HEADER_FOR_REMOTE_PACKET DEBUGGEE_EVENT_AND_ACTION_HEADER_FOR_REMOTE_PACKET

The structure of user-input packet in HyperDbg.

◆ DEBUGGEE_KD_PAUSED_PACKET

typedef struct _DEBUGGEE_KD_PAUSED_PACKET DEBUGGEE_KD_PAUSED_PACKET

The structure of pausing packet in kHyperDbg.

◆ DEBUGGEE_MESSAGE_PACKET

typedef struct _DEBUGGEE_MESSAGE_PACKET DEBUGGEE_MESSAGE_PACKET

The structure of message packet in HyperDbg.

◆ DEBUGGEE_UD_PAUSED_PACKET

typedef struct _DEBUGGEE_UD_PAUSED_PACKET DEBUGGEE_UD_PAUSED_PACKET

The structure of pausing packet in uHyperDbg.

◆ DEBUGGEE_USER_INPUT_PACKET

typedef struct _DEBUGGEE_USER_INPUT_PACKET DEBUGGEE_USER_INPUT_PACKET

The structure of user-input packet in HyperDbg.

◆ DEBUGGER_HOOK_MEMORY_TYPE

typedef enum _DEBUGGER_HOOK_MEMORY_TYPE DEBUGGER_HOOK_MEMORY_TYPE

different type of memory addresses

◆ DEBUGGER_PAUSE_PACKET_RECEIVED

typedef struct _DEBUGGER_PAUSE_PACKET_RECEIVED DEBUGGER_PAUSE_PACKET_RECEIVED

request to pause and halt the system

◆ DEBUGGER_THREAD_PROCESS_TRACING

typedef enum _DEBUGGER_THREAD_PROCESS_TRACING DEBUGGER_THREAD_PROCESS_TRACING

enum to query different process and thread interception mechanisms

◆ DEBUGGER_TRIGGERED_EVENT_DETAILS

typedef struct _DEBUGGER_TRIGGERED_EVENT_DETAILS DEBUGGER_TRIGGERED_EVENT_DETAILS

The structure of detail of a triggered event in HyperDbg.

This structure is also used for transferring breakpoint ids, RIP as the context, etc.

◆ DIRECT_VMCALL_PARAMETERS

typedef struct _DIRECT_VMCALL_PARAMETERS DIRECT_VMCALL_PARAMETERS

Used for sending direct VMCALLs on the VMX root-mode.

◆ EPT_HOOKS_ADDRESS_DETAILS_FOR_EPTHOOK2

typedef struct _EPT_HOOKS_ADDRESS_DETAILS_FOR_EPTHOOK2 EPT_HOOKS_ADDRESS_DETAILS_FOR_EPTHOOK2

Setting details for EPT Hooks (!epthook2)

◆ EPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR

typedef struct _EPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR EPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR

Setting details for EPT Hooks (!monitor)

◆ EPT_HOOKS_CONTEXT

typedef struct _EPT_HOOKS_CONTEXT EPT_HOOKS_CONTEXT

Temporary $context used in some EPT hook commands.

◆ EPT_SINGLE_HOOK_UNHOOKING_DETAILS

typedef struct _EPT_SINGLE_HOOK_UNHOOKING_DETAILS EPT_SINGLE_HOOK_UNHOOKING_DETAILS

Details of unhooking single EPT hooks.

◆ NOTIFY_TYPE

typedef enum _NOTIFY_TYPE NOTIFY_TYPE

Type of transferring buffer between user-to-kernel.

◆ PAGING_LEVEL

typedef enum _PAGING_LEVEL PAGING_LEVEL

Different levels of paging.

◆ PDEBUGGEE_EVENT_AND_ACTION_HEADER_FOR_REMOTE_PACKET

typedef struct _DEBUGGEE_EVENT_AND_ACTION_HEADER_FOR_REMOTE_PACKET * PDEBUGGEE_EVENT_AND_ACTION_HEADER_FOR_REMOTE_PACKET

◆ PDEBUGGEE_KD_PAUSED_PACKET

typedef struct _DEBUGGEE_KD_PAUSED_PACKET * PDEBUGGEE_KD_PAUSED_PACKET

◆ PDEBUGGEE_MESSAGE_PACKET

typedef struct _DEBUGGEE_MESSAGE_PACKET * PDEBUGGEE_MESSAGE_PACKET

◆ PDEBUGGEE_UD_PAUSED_PACKET

typedef struct _DEBUGGEE_UD_PAUSED_PACKET * PDEBUGGEE_UD_PAUSED_PACKET

◆ PDEBUGGEE_USER_INPUT_PACKET

typedef struct _DEBUGGEE_USER_INPUT_PACKET * PDEBUGGEE_USER_INPUT_PACKET

◆ PDEBUGGER_PAUSE_PACKET_RECEIVED

typedef struct _DEBUGGER_PAUSE_PACKET_RECEIVED * PDEBUGGER_PAUSE_PACKET_RECEIVED

◆ PDEBUGGER_TRIGGERED_EVENT_DETAILS

typedef struct _DEBUGGER_TRIGGERED_EVENT_DETAILS * PDEBUGGER_TRIGGERED_EVENT_DETAILS

◆ PDIRECT_VMCALL_PARAMETERS

typedef struct _DIRECT_VMCALL_PARAMETERS * PDIRECT_VMCALL_PARAMETERS

◆ PEPT_HOOKS_ADDRESS_DETAILS_FOR_EPTHOOK2

typedef struct _EPT_HOOKS_ADDRESS_DETAILS_FOR_EPTHOOK2 * PEPT_HOOKS_ADDRESS_DETAILS_FOR_EPTHOOK2

◆ PEPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR

typedef struct _EPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR * PEPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR

◆ PEPT_HOOKS_CONTEXT

typedef struct _EPT_HOOKS_CONTEXT * PEPT_HOOKS_CONTEXT

◆ PEPT_SINGLE_HOOK_UNHOOKING_DETAILS

typedef struct _EPT_SINGLE_HOOK_UNHOOKING_DETAILS * PEPT_SINGLE_HOOK_UNHOOKING_DETAILS

◆ POOL_ALLOCATION_INTENTION

typedef enum _POOL_ALLOCATION_INTENTION POOL_ALLOCATION_INTENTION

Inum of intentions for buffers (buffer tag)

◆ PREGISTER_NOTIFY_BUFFER

typedef struct _REGISTER_NOTIFY_BUFFER * PREGISTER_NOTIFY_BUFFER

◆ PVMX_SEGMENT_SELECTOR

typedef struct _VMX_SEGMENT_SELECTOR * PVMX_SEGMENT_SELECTOR

◆ REGISTER_NOTIFY_BUFFER

typedef struct _REGISTER_NOTIFY_BUFFER REGISTER_NOTIFY_BUFFER

Used to register event for transferring buffer between user-to-kernel.

◆ SendMessageWithParamCallback

typedef int(* SendMessageWithParamCallback) (const char *Text)

Callback type that can be used to be used as a custom ShowMessages function (by passing message as a parameter)

◆ SendMessageWWithSharedBufferCallback

typedef int(* SendMessageWWithSharedBufferCallback) ()

Callback type that can be used to be used as a custom ShowMessages function (using shared buffer)

◆ VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE

typedef enum _VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE

Type of calling the event.

◆ VMX_EXECUTION_MODE

typedef enum _VMX_EXECUTION_MODE VMX_EXECUTION_MODE

◆ VMX_SEGMENT_SELECTOR

typedef struct _VMX_SEGMENT_SELECTOR VMX_SEGMENT_SELECTOR

Segment selector.

Enumeration Type Documentation

◆ _DEBUG_REGISTER_TYPE

enum _DEBUG_REGISTER_TYPE
Enumerator
BREAK_ON_INSTRUCTION_FETCH 
BREAK_ON_WRITE_ONLY 
BREAK_ON_IO_READ_OR_WRITE_NOT_SUPPORTED 
BREAK_ON_READ_AND_WRITE_BUT_NOT_FETCH 
69{
70 BREAK_ON_INSTRUCTION_FETCH,
71 BREAK_ON_WRITE_ONLY,
72 BREAK_ON_IO_READ_OR_WRITE_NOT_SUPPORTED,
73 BREAK_ON_READ_AND_WRITE_BUT_NOT_FETCH
74} DEBUG_REGISTER_TYPE;
BREAK_ON_READ_AND_WRITE_BUT_NOT_FETCH
@ BREAK_ON_READ_AND_WRITE_BUT_NOT_FETCH
Definition DataTypes.h:73
BREAK_ON_IO_READ_OR_WRITE_NOT_SUPPORTED
@ BREAK_ON_IO_READ_OR_WRITE_NOT_SUPPORTED
Definition DataTypes.h:72
BREAK_ON_WRITE_ONLY
@ BREAK_ON_WRITE_ONLY
Definition DataTypes.h:71
BREAK_ON_INSTRUCTION_FETCH
@ BREAK_ON_INSTRUCTION_FETCH
Definition DataTypes.h:70
DEBUG_REGISTER_TYPE
enum _DEBUG_REGISTER_TYPE DEBUG_REGISTER_TYPE

◆ _DEBUGGER_HOOK_MEMORY_TYPE

enum _DEBUGGER_HOOK_MEMORY_TYPE

different type of memory addresses

Enumerator
DEBUGGER_MEMORY_HOOK_VIRTUAL_ADDRESS 
DEBUGGER_MEMORY_HOOK_PHYSICAL_ADDRESS 
310{
311 DEBUGGER_MEMORY_HOOK_VIRTUAL_ADDRESS,
312 DEBUGGER_MEMORY_HOOK_PHYSICAL_ADDRESS
313} DEBUGGER_HOOK_MEMORY_TYPE;
DEBUGGER_MEMORY_HOOK_VIRTUAL_ADDRESS
@ DEBUGGER_MEMORY_HOOK_VIRTUAL_ADDRESS
Definition DataTypes.h:311
DEBUGGER_MEMORY_HOOK_PHYSICAL_ADDRESS
@ DEBUGGER_MEMORY_HOOK_PHYSICAL_ADDRESS
Definition DataTypes.h:312
DEBUGGER_HOOK_MEMORY_TYPE
enum _DEBUGGER_HOOK_MEMORY_TYPE DEBUGGER_HOOK_MEMORY_TYPE
different type of memory addresses

◆ _DEBUGGER_THREAD_PROCESS_TRACING

enum _DEBUGGER_THREAD_PROCESS_TRACING

enum to query different process and thread interception mechanisms

Enumerator
DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_INTERRUPTS_FOR_THREAD_CHANGE 
DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_INTERRUPTS_FOR_PROCESS_CHANGE 
DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_DEBUG_REGISTER_INTERCEPTION 
DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_WAITING_FOR_MOV_CR3_VM_EXITS 
104{
105
106 DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_INTERRUPTS_FOR_THREAD_CHANGE,
107 DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_INTERRUPTS_FOR_PROCESS_CHANGE,
108 DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_DEBUG_REGISTER_INTERCEPTION,
109 DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_WAITING_FOR_MOV_CR3_VM_EXITS,
110
111} DEBUGGER_THREAD_PROCESS_TRACING;
DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_INTERRUPTS_FOR_THREAD_CHANGE
@ DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_INTERRUPTS_FOR_THREAD_CHANGE
Definition DataTypes.h:106
DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_INTERRUPTS_FOR_PROCESS_CHANGE
@ DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_INTERRUPTS_FOR_PROCESS_CHANGE
Definition DataTypes.h:107
DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_DEBUG_REGISTER_INTERCEPTION
@ DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_DEBUG_REGISTER_INTERCEPTION
Definition DataTypes.h:108
DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_WAITING_FOR_MOV_CR3_VM_EXITS
@ DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_WAITING_FOR_MOV_CR3_VM_EXITS
Definition DataTypes.h:109
DEBUGGER_THREAD_PROCESS_TRACING
enum _DEBUGGER_THREAD_PROCESS_TRACING DEBUGGER_THREAD_PROCESS_TRACING
enum to query different process and thread interception mechanisms

◆ _NOTIFY_TYPE

enum _NOTIFY_TYPE

Type of transferring buffer between user-to-kernel.

Enumerator
IRP_BASED 
EVENT_BASED 
254{
255 IRP_BASED,
256 EVENT_BASED
257} NOTIFY_TYPE;
EVENT_BASED
@ EVENT_BASED
Definition DataTypes.h:256
IRP_BASED
@ IRP_BASED
Definition DataTypes.h:255
NOTIFY_TYPE
enum _NOTIFY_TYPE NOTIFY_TYPE
Type of transferring buffer between user-to-kernel.

◆ _PAGING_LEVEL

enum _PAGING_LEVEL

Different levels of paging.

Enumerator
PagingLevelPageTable 
PagingLevelPageDirectory 
PagingLevelPageDirectoryPointerTable 
PagingLevelPageMapLevel4 
24{
25 PagingLevelPageTable = 0,
26 PagingLevelPageDirectory,
27 PagingLevelPageDirectoryPointerTable,
28 PagingLevelPageMapLevel4
29} PAGING_LEVEL;
PagingLevelPageDirectoryPointerTable
@ PagingLevelPageDirectoryPointerTable
Definition DataTypes.h:27
PagingLevelPageDirectory
@ PagingLevelPageDirectory
Definition DataTypes.h:26
PagingLevelPageTable
@ PagingLevelPageTable
Definition DataTypes.h:25
PagingLevelPageMapLevel4
@ PagingLevelPageMapLevel4
Definition DataTypes.h:28
PAGING_LEVEL
enum _PAGING_LEVEL PAGING_LEVEL
Different levels of paging.

◆ _POOL_ALLOCATION_INTENTION

enum _POOL_ALLOCATION_INTENTION

Inum of intentions for buffers (buffer tag)

Enumerator
TRACKING_HOOKED_PAGES 
EXEC_TRAMPOLINE 
SPLIT_2MB_PAGING_TO_4KB_PAGE 
DETOUR_HOOK_DETAILS 
BREAKPOINT_DEFINITION_STRUCTURE 
PROCESS_THREAD_HOLDER 
INSTANT_REGULAR_EVENT_BUFFER 
INSTANT_BIG_EVENT_BUFFER 
INSTANT_REGULAR_EVENT_ACTION_BUFFER 
INSTANT_BIG_EVENT_ACTION_BUFFER 
INSTANT_REGULAR_SAFE_BUFFER_FOR_EVENTS 
INSTANT_BIG_SAFE_BUFFER_FOR_EVENTS 
40{
41 TRACKING_HOOKED_PAGES,
42 EXEC_TRAMPOLINE,
43 SPLIT_2MB_PAGING_TO_4KB_PAGE,
44 DETOUR_HOOK_DETAILS,
45 BREAKPOINT_DEFINITION_STRUCTURE,
46 PROCESS_THREAD_HOLDER,
47
48 //
49 // Instant event buffers
50 //
51 INSTANT_REGULAR_EVENT_BUFFER,
52 INSTANT_BIG_EVENT_BUFFER,
53 INSTANT_REGULAR_EVENT_ACTION_BUFFER,
54 INSTANT_BIG_EVENT_ACTION_BUFFER,
55
56 //
57 // Use for request safe buffers of the event
58 //
59 INSTANT_REGULAR_SAFE_BUFFER_FOR_EVENTS,
60 INSTANT_BIG_SAFE_BUFFER_FOR_EVENTS,
61
62} POOL_ALLOCATION_INTENTION;
SPLIT_2MB_PAGING_TO_4KB_PAGE
@ SPLIT_2MB_PAGING_TO_4KB_PAGE
Definition DataTypes.h:43
PROCESS_THREAD_HOLDER
@ PROCESS_THREAD_HOLDER
Definition DataTypes.h:46
EXEC_TRAMPOLINE
@ EXEC_TRAMPOLINE
Definition DataTypes.h:42
TRACKING_HOOKED_PAGES
@ TRACKING_HOOKED_PAGES
Definition DataTypes.h:41
INSTANT_REGULAR_SAFE_BUFFER_FOR_EVENTS
@ INSTANT_REGULAR_SAFE_BUFFER_FOR_EVENTS
Definition DataTypes.h:59
INSTANT_BIG_SAFE_BUFFER_FOR_EVENTS
@ INSTANT_BIG_SAFE_BUFFER_FOR_EVENTS
Definition DataTypes.h:60
INSTANT_BIG_EVENT_BUFFER
@ INSTANT_BIG_EVENT_BUFFER
Definition DataTypes.h:52
INSTANT_BIG_EVENT_ACTION_BUFFER
@ INSTANT_BIG_EVENT_ACTION_BUFFER
Definition DataTypes.h:54
DETOUR_HOOK_DETAILS
@ DETOUR_HOOK_DETAILS
Definition DataTypes.h:44
INSTANT_REGULAR_EVENT_ACTION_BUFFER
@ INSTANT_REGULAR_EVENT_ACTION_BUFFER
Definition DataTypes.h:53
INSTANT_REGULAR_EVENT_BUFFER
@ INSTANT_REGULAR_EVENT_BUFFER
Definition DataTypes.h:51
BREAKPOINT_DEFINITION_STRUCTURE
@ BREAKPOINT_DEFINITION_STRUCTURE
Definition DataTypes.h:45
POOL_ALLOCATION_INTENTION
enum _POOL_ALLOCATION_INTENTION POOL_ALLOCATION_INTENTION
Inum of intentions for buffers (buffer tag)

◆ _VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE

enum _VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE

Type of calling the event.

Enumerator
VMM_CALLBACK_CALLING_STAGE_INVALID_EVENT_EMULATION 
VMM_CALLBACK_CALLING_STAGE_PRE_EVENT_EMULATION 
VMM_CALLBACK_CALLING_STAGE_POST_EVENT_EMULATION 
VMM_CALLBACK_CALLING_STAGE_ALL_EVENT_EMULATION 
91{
92 VMM_CALLBACK_CALLING_STAGE_INVALID_EVENT_EMULATION = 0,
93 VMM_CALLBACK_CALLING_STAGE_PRE_EVENT_EMULATION = 1,
94 VMM_CALLBACK_CALLING_STAGE_POST_EVENT_EMULATION = 2,
95 VMM_CALLBACK_CALLING_STAGE_ALL_EVENT_EMULATION = 3
96
97} VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE;
VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE
enum _VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE
Type of calling the event.
VMM_CALLBACK_CALLING_STAGE_ALL_EVENT_EMULATION
@ VMM_CALLBACK_CALLING_STAGE_ALL_EVENT_EMULATION
Definition DataTypes.h:95
VMM_CALLBACK_CALLING_STAGE_PRE_EVENT_EMULATION
@ VMM_CALLBACK_CALLING_STAGE_PRE_EVENT_EMULATION
Definition DataTypes.h:93
VMM_CALLBACK_CALLING_STAGE_INVALID_EVENT_EMULATION
@ VMM_CALLBACK_CALLING_STAGE_INVALID_EVENT_EMULATION
Definition DataTypes.h:92
VMM_CALLBACK_CALLING_STAGE_POST_EVENT_EMULATION
@ VMM_CALLBACK_CALLING_STAGE_POST_EVENT_EMULATION
Definition DataTypes.h:94

◆ _VMX_EXECUTION_MODE

enum _VMX_EXECUTION_MODE
Enumerator
VmxExecutionModeNonRoot 
VmxExecutionModeRoot 
81{
82 VmxExecutionModeNonRoot = FALSE,
83 VmxExecutionModeRoot = TRUE
84} VMX_EXECUTION_MODE;
TRUE
#define TRUE
Definition BasicTypes.h:55
FALSE
#define FALSE
Definition BasicTypes.h:54
VmxExecutionModeNonRoot
@ VmxExecutionModeNonRoot
Definition DataTypes.h:82
VmxExecutionModeRoot
@ VmxExecutionModeRoot
Definition DataTypes.h:83
VMX_EXECUTION_MODE
enum _VMX_EXECUTION_MODE VMX_EXECUTION_MODE