_data_types_8h_source.html

#pragma once


//               Memory Stages                  //


typedef enum _PAGING_LEVEL

{

    PagingLevelPageTable = 0,

    PagingLevelPageDirectory,

    PagingLevelPageDirectoryPointerTable,

    PagingLevelPageMapLevel4

} PAGING_LEVEL;


//                 Pool Manager                 //


typedef enum _POOL_ALLOCATION_INTENTION

{

    TRACKING_HOOKED_PAGES,

    EXEC_TRAMPOLINE,

    SPLIT_2MB_PAGING_TO_4KB_PAGE,

    DETOUR_HOOK_DETAILS,

    BREAKPOINT_DEFINITION_STRUCTURE,

    PROCESS_THREAD_HOLDER,


    //

    // Instant event buffers

    //

    INSTANT_REGULAR_EVENT_BUFFER,

    INSTANT_BIG_EVENT_BUFFER,

    INSTANT_REGULAR_EVENT_ACTION_BUFFER,

    INSTANT_BIG_EVENT_ACTION_BUFFER,


    //

    // Use for request safe buffers of the event

    //

    INSTANT_REGULAR_SAFE_BUFFER_FOR_EVENTS,

    INSTANT_BIG_SAFE_BUFFER_FOR_EVENTS,


} POOL_ALLOCATION_INTENTION;


//      Debug Registers Modifications           //


typedef enum _DEBUG_REGISTER_TYPE

{

    BREAK_ON_INSTRUCTION_FETCH,

    BREAK_ON_WRITE_ONLY,

    BREAK_ON_IO_READ_OR_WRITE_NOT_SUPPORTED,

    BREAK_ON_READ_AND_WRITE_BUT_NOT_FETCH

} DEBUG_REGISTER_TYPE;


//              Execution Stages                //


typedef enum _VMX_EXECUTION_MODE

{

    VmxExecutionModeNonRoot = FALSE,

    VmxExecutionModeRoot    = TRUE

} VMX_EXECUTION_MODE;


typedef enum _VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE

{

    VMM_CALLBACK_CALLING_STAGE_INVALID_EVENT_EMULATION = 0,

    VMM_CALLBACK_CALLING_STAGE_PRE_EVENT_EMULATION     = 1,

    VMM_CALLBACK_CALLING_STAGE_POST_EVENT_EMULATION    = 2,

    VMM_CALLBACK_CALLING_STAGE_ALL_EVENT_EMULATION     = 3


} VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE;


typedef enum _DEBUGGER_THREAD_PROCESS_TRACING

{


    DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_INTERRUPTS_FOR_THREAD_CHANGE,

    DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_INTERRUPTS_FOR_PROCESS_CHANGE,

    DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_DEBUG_REGISTER_INTERCEPTION,

    DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_WAITING_FOR_MOV_CR3_VM_EXITS,


} DEBUGGER_THREAD_PROCESS_TRACING;


//            Callback Definitions              //


typedef int (*SendMessageWithParamCallback)(const char * Text);


typedef int (*SendMessageWWithSharedBufferCallback)();


//                Communications                //


typedef struct _DEBUGGEE_USER_INPUT_PACKET

{

    UINT32  CommandLen;

    BOOLEAN IgnoreFinishedSignal;

    UINT32  Result;


    //

    // The user's input is here

    //


} DEBUGGEE_USER_INPUT_PACKET, *PDEBUGGEE_USER_INPUT_PACKET;


typedef struct _DEBUGGEE_EVENT_AND_ACTION_HEADER_FOR_REMOTE_PACKET

{

    UINT32 Length;


    //

    // The buffer for event and action is here

    //


} DEBUGGEE_EVENT_AND_ACTION_HEADER_FOR_REMOTE_PACKET,


    *PDEBUGGEE_EVENT_AND_ACTION_HEADER_FOR_REMOTE_PACKET;


//                  Pausing                    //


#define SIZEOF_DEBUGGER_PAUSE_PACKET_RECEIVED \

    sizeof(DEBUGGER_PAUSE_PACKET_RECEIVED)


typedef struct _DEBUGGER_PAUSE_PACKET_RECEIVED

{

    UINT32 Result; // Result from kernel


} DEBUGGER_PAUSE_PACKET_RECEIVED, *PDEBUGGER_PAUSE_PACKET_RECEIVED;


/* ==============================================================================================

 */


typedef struct _DEBUGGER_TRIGGERED_EVENT_DETAILS

{

    UINT64                                Tag; /* in breakpoints Tag is breakpoint id, not event tag */

    PVOID                                 Context;

    VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE Stage;


} DEBUGGER_TRIGGERED_EVENT_DETAILS, *PDEBUGGER_TRIGGERED_EVENT_DETAILS;


/* ==============================================================================================

 */


typedef struct _DEBUGGEE_KD_PAUSED_PACKET

{

    UINT64                                Rip;

    BOOLEAN                               IsProcessorOn32BitMode; // if true shows that the address should be interpreted in 32-bit mode

    BOOLEAN                               IgnoreDisassembling;    // if check if diassembling should be ignored or not

    DEBUGGEE_PAUSING_REASON               PausingReason;

    ULONG                                 CurrentCore;

    UINT64                                EventTag;

    VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE EventCallingStage;

    UINT64                                Rflags;

    BYTE                                  InstructionBytesOnRip[MAXIMUM_INSTR_SIZE];

    UINT16                                ReadInstructionLen;


} DEBUGGEE_KD_PAUSED_PACKET, *PDEBUGGEE_KD_PAUSED_PACKET;


/* ==============================================================================================

 */


typedef struct _DEBUGGEE_UD_PAUSED_PACKET

{

    UINT64                                Rip;

    UINT64                                ProcessDebuggingToken;

    BOOLEAN                               Is32Bit; // if true shows that the address should be interpreted in 32-bit mode

    DEBUGGEE_PAUSING_REASON               PausingReason;

    UINT32                                ProcessId;

    UINT32                                ThreadId;

    UINT64                                Rflags;

    UINT64                                EventTag;

    VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE EventCallingStage;

    BYTE                                  InstructionBytesOnRip[MAXIMUM_INSTR_SIZE];

    UINT16                                ReadInstructionLen;

    GUEST_REGS                            GuestRegs;


} DEBUGGEE_UD_PAUSED_PACKET, *PDEBUGGEE_UD_PAUSED_PACKET;


//            Message Tracing Enums             //


typedef enum _NOTIFY_TYPE

{

    IRP_BASED,

    EVENT_BASED

} NOTIFY_TYPE;


//                  Structures                  //


typedef struct _DEBUGGEE_MESSAGE_PACKET

{

    UINT32 OperationCode;

    CHAR   Message[PacketChunkSize];


} DEBUGGEE_MESSAGE_PACKET, *PDEBUGGEE_MESSAGE_PACKET;


typedef struct _REGISTER_NOTIFY_BUFFER

{

    NOTIFY_TYPE Type;

    HANDLE      hEvent;


} REGISTER_NOTIFY_BUFFER, *PREGISTER_NOTIFY_BUFFER;


//                 Direct VMCALL                //


typedef struct _DIRECT_VMCALL_PARAMETERS

{

    UINT64 OptionalParam1;

    UINT64 OptionalParam2;

    UINT64 OptionalParam3;


} DIRECT_VMCALL_PARAMETERS, *PDIRECT_VMCALL_PARAMETERS;


//                  EPT Hook                    //


typedef enum _DEBUGGER_HOOK_MEMORY_TYPE

{

    DEBUGGER_MEMORY_HOOK_VIRTUAL_ADDRESS,

    DEBUGGER_MEMORY_HOOK_PHYSICAL_ADDRESS

} DEBUGGER_HOOK_MEMORY_TYPE;


typedef struct _EPT_HOOKS_CONTEXT

{

    UINT64 HookingTag; // This is same as the event tag

    UINT64 PhysicalAddress;

    UINT64 VirtualAddress;

} EPT_HOOKS_CONTEXT, *PEPT_HOOKS_CONTEXT;


typedef struct _EPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR

{

    UINT64                    StartAddress;

    UINT64                    EndAddress;

    BOOLEAN                   SetHookForRead;

    BOOLEAN                   SetHookForWrite;

    BOOLEAN                   SetHookForExec;

    DEBUGGER_HOOK_MEMORY_TYPE MemoryType;

    UINT64                    Tag;


} EPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR, *PEPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR;


typedef struct _EPT_HOOKS_ADDRESS_DETAILS_FOR_EPTHOOK2

{

    PVOID TargetAddress;

    PVOID HookFunction;


} EPT_HOOKS_ADDRESS_DETAILS_FOR_EPTHOOK2, *PEPT_HOOKS_ADDRESS_DETAILS_FOR_EPTHOOK2;


typedef struct _EPT_SINGLE_HOOK_UNHOOKING_DETAILS

{

    BOOLEAN                     CallerNeedsToRestoreEntryAndInvalidateEpt;

    BOOLEAN                     RemoveBreakpointInterception;

    SIZE_T                      PhysicalAddress;

    UINT64 /* EPT_PML1_ENTRY */ OriginalEntry;


} EPT_SINGLE_HOOK_UNHOOKING_DETAILS, *PEPT_SINGLE_HOOK_UNHOOKING_DETAILS;


//                 Segment Types                //


typedef union

{

    struct

    {

        UINT32 Type : 4;


        UINT32 DescriptorType : 1;


        UINT32 DescriptorPrivilegeLevel : 2;


        UINT32 Present : 1;


        UINT32 Reserved1 : 4;


        UINT32 AvailableBit : 1;


        UINT32 LongMode : 1;


        UINT32 DefaultBig : 1;


        UINT32 Granularity : 1;

        UINT32 Unusable : 1;

        UINT32 Reserved2 : 15;

    };


    UINT32 AsUInt;

} VMX_SEGMENT_ACCESS_RIGHTS_TYPE;


typedef struct _VMX_SEGMENT_SELECTOR

{

    UINT16                         Selector;

    VMX_SEGMENT_ACCESS_RIGHTS_TYPE Attributes;

    UINT32                         Limit;

    UINT64                         Base;

} VMX_SEGMENT_SELECTOR, *PVMX_SEGMENT_SELECTOR;


UINT16
unsigned short UINT16
Definition BasicTypes.h:47

BOOLEAN
UCHAR BOOLEAN
Definition BasicTypes.h:39

BYTE
unsigned char BYTE
Definition BasicTypes.h:24

TRUE
#define TRUE
Definition BasicTypes.h:55

FALSE
#define FALSE
Definition BasicTypes.h:54

UINT64
unsigned __int64 UINT64
Definition BasicTypes.h:21

UINT32
unsigned int UINT32
Definition BasicTypes.h:48

CHAR
char CHAR
Definition BasicTypes.h:31

ULONG
unsigned long ULONG
Definition BasicTypes.h:37

DEBUGGEE_PAUSING_REASON
enum _DEBUGGEE_PAUSING_REASON DEBUGGEE_PAUSING_REASON
enum for reasons why debuggee is paused

PacketChunkSize
#define PacketChunkSize
Size of each packet.
Definition Constants.h:179

MAXIMUM_INSTR_SIZE
#define MAXIMUM_INSTR_SIZE
maximum instruction size in Intel
Definition Constants.h:468

PDEBUGGEE_UD_PAUSED_PACKET
struct _DEBUGGEE_UD_PAUSED_PACKET * PDEBUGGEE_UD_PAUSED_PACKET

VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE
enum _VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE
Type of calling the event.

_PAGING_LEVEL
_PAGING_LEVEL
Different levels of paging.
Definition DataTypes.h:24

PagingLevelPageDirectoryPointerTable
@ PagingLevelPageDirectoryPointerTable
Definition DataTypes.h:27

PagingLevelPageDirectory
@ PagingLevelPageDirectory
Definition DataTypes.h:26

PagingLevelPageTable
@ PagingLevelPageTable
Definition DataTypes.h:25

PagingLevelPageMapLevel4
@ PagingLevelPageMapLevel4
Definition DataTypes.h:28

SendMessageWWithSharedBufferCallback
int(* SendMessageWWithSharedBufferCallback)()
Callback type that can be used to be used as a custom ShowMessages function (using shared buffer)
Definition DataTypes.h:129

_DEBUGGER_HOOK_MEMORY_TYPE
_DEBUGGER_HOOK_MEMORY_TYPE
different type of memory addresses
Definition DataTypes.h:310

DEBUGGER_MEMORY_HOOK_VIRTUAL_ADDRESS
@ DEBUGGER_MEMORY_HOOK_VIRTUAL_ADDRESS
Definition DataTypes.h:311

DEBUGGER_MEMORY_HOOK_PHYSICAL_ADDRESS
@ DEBUGGER_MEMORY_HOOK_PHYSICAL_ADDRESS
Definition DataTypes.h:312

DEBUGGER_TRIGGERED_EVENT_DETAILS
struct _DEBUGGER_TRIGGERED_EVENT_DETAILS DEBUGGER_TRIGGERED_EVENT_DETAILS
The structure of detail of a triggered event in HyperDbg.

PREGISTER_NOTIFY_BUFFER
struct _REGISTER_NOTIFY_BUFFER * PREGISTER_NOTIFY_BUFFER

SendMessageWithParamCallback
int(* SendMessageWithParamCallback)(const char *Text)
Callback type that can be used to be used as a custom ShowMessages function (by passing message as a ...
Definition DataTypes.h:122

REGISTER_NOTIFY_BUFFER
struct _REGISTER_NOTIFY_BUFFER REGISTER_NOTIFY_BUFFER
Used to register event for transferring buffer between user-to-kernel.

EPT_SINGLE_HOOK_UNHOOKING_DETAILS
struct _EPT_SINGLE_HOOK_UNHOOKING_DETAILS EPT_SINGLE_HOOK_UNHOOKING_DETAILS
Details of unhooking single EPT hooks.

DIRECT_VMCALL_PARAMETERS
struct _DIRECT_VMCALL_PARAMETERS DIRECT_VMCALL_PARAMETERS
Used for sending direct VMCALLs on the VMX root-mode.

PEPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR
struct _EPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR * PEPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR

DEBUGGER_HOOK_MEMORY_TYPE
enum _DEBUGGER_HOOK_MEMORY_TYPE DEBUGGER_HOOK_MEMORY_TYPE
different type of memory addresses

PEPT_HOOKS_CONTEXT
struct _EPT_HOOKS_CONTEXT * PEPT_HOOKS_CONTEXT

DEBUGGEE_KD_PAUSED_PACKET
struct _DEBUGGEE_KD_PAUSED_PACKET DEBUGGEE_KD_PAUSED_PACKET
The structure of pausing packet in kHyperDbg.

EPT_HOOKS_CONTEXT
struct _EPT_HOOKS_CONTEXT EPT_HOOKS_CONTEXT
Temporary $context used in some EPT hook commands.

PEPT_SINGLE_HOOK_UNHOOKING_DETAILS
struct _EPT_SINGLE_HOOK_UNHOOKING_DETAILS * PEPT_SINGLE_HOOK_UNHOOKING_DETAILS

DEBUGGEE_EVENT_AND_ACTION_HEADER_FOR_REMOTE_PACKET
struct _DEBUGGEE_EVENT_AND_ACTION_HEADER_FOR_REMOTE_PACKET DEBUGGEE_EVENT_AND_ACTION_HEADER_FOR_REMOTE_PACKET
The structure of user-input packet in HyperDbg.

PDEBUGGER_PAUSE_PACKET_RECEIVED
struct _DEBUGGER_PAUSE_PACKET_RECEIVED * PDEBUGGER_PAUSE_PACKET_RECEIVED

_NOTIFY_TYPE
_NOTIFY_TYPE
Type of transferring buffer between user-to-kernel.
Definition DataTypes.h:254

EVENT_BASED
@ EVENT_BASED
Definition DataTypes.h:256

IRP_BASED
@ IRP_BASED
Definition DataTypes.h:255

PDEBUGGEE_USER_INPUT_PACKET
struct _DEBUGGEE_USER_INPUT_PACKET * PDEBUGGEE_USER_INPUT_PACKET

PEPT_HOOKS_ADDRESS_DETAILS_FOR_EPTHOOK2
struct _EPT_HOOKS_ADDRESS_DETAILS_FOR_EPTHOOK2 * PEPT_HOOKS_ADDRESS_DETAILS_FOR_EPTHOOK2

NOTIFY_TYPE
enum _NOTIFY_TYPE NOTIFY_TYPE
Type of transferring buffer between user-to-kernel.

DEBUGGER_PAUSE_PACKET_RECEIVED
struct _DEBUGGER_PAUSE_PACKET_RECEIVED DEBUGGER_PAUSE_PACKET_RECEIVED
request to pause and halt the system

_VMX_EXECUTION_MODE
_VMX_EXECUTION_MODE
Definition DataTypes.h:81

VmxExecutionModeNonRoot
@ VmxExecutionModeNonRoot
Definition DataTypes.h:82

VmxExecutionModeRoot
@ VmxExecutionModeRoot
Definition DataTypes.h:83

PDEBUGGEE_EVENT_AND_ACTION_HEADER_FOR_REMOTE_PACKET
struct _DEBUGGEE_EVENT_AND_ACTION_HEADER_FOR_REMOTE_PACKET * PDEBUGGEE_EVENT_AND_ACTION_HEADER_FOR_REMOTE_PACKET

_VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE
_VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE
Type of calling the event.
Definition DataTypes.h:91

VMM_CALLBACK_CALLING_STAGE_ALL_EVENT_EMULATION
@ VMM_CALLBACK_CALLING_STAGE_ALL_EVENT_EMULATION
Definition DataTypes.h:95

VMM_CALLBACK_CALLING_STAGE_PRE_EVENT_EMULATION
@ VMM_CALLBACK_CALLING_STAGE_PRE_EVENT_EMULATION
Definition DataTypes.h:93

VMM_CALLBACK_CALLING_STAGE_INVALID_EVENT_EMULATION
@ VMM_CALLBACK_CALLING_STAGE_INVALID_EVENT_EMULATION
Definition DataTypes.h:92

VMM_CALLBACK_CALLING_STAGE_POST_EVENT_EMULATION
@ VMM_CALLBACK_CALLING_STAGE_POST_EVENT_EMULATION
Definition DataTypes.h:94

EPT_HOOKS_ADDRESS_DETAILS_FOR_EPTHOOK2
struct _EPT_HOOKS_ADDRESS_DETAILS_FOR_EPTHOOK2 EPT_HOOKS_ADDRESS_DETAILS_FOR_EPTHOOK2
Setting details for EPT Hooks (!epthook2)

DEBUGGEE_UD_PAUSED_PACKET
struct _DEBUGGEE_UD_PAUSED_PACKET DEBUGGEE_UD_PAUSED_PACKET
The structure of pausing packet in uHyperDbg.

PVMX_SEGMENT_SELECTOR
struct _VMX_SEGMENT_SELECTOR * PVMX_SEGMENT_SELECTOR

PDIRECT_VMCALL_PARAMETERS
struct _DIRECT_VMCALL_PARAMETERS * PDIRECT_VMCALL_PARAMETERS

VMX_EXECUTION_MODE
enum _VMX_EXECUTION_MODE VMX_EXECUTION_MODE

VMX_SEGMENT_SELECTOR
struct _VMX_SEGMENT_SELECTOR VMX_SEGMENT_SELECTOR
Segment selector.

_DEBUG_REGISTER_TYPE
_DEBUG_REGISTER_TYPE
Definition DataTypes.h:69

BREAK_ON_READ_AND_WRITE_BUT_NOT_FETCH
@ BREAK_ON_READ_AND_WRITE_BUT_NOT_FETCH
Definition DataTypes.h:73

BREAK_ON_IO_READ_OR_WRITE_NOT_SUPPORTED
@ BREAK_ON_IO_READ_OR_WRITE_NOT_SUPPORTED
Definition DataTypes.h:72

BREAK_ON_WRITE_ONLY
@ BREAK_ON_WRITE_ONLY
Definition DataTypes.h:71

BREAK_ON_INSTRUCTION_FETCH
@ BREAK_ON_INSTRUCTION_FETCH
Definition DataTypes.h:70

_DEBUGGER_THREAD_PROCESS_TRACING
_DEBUGGER_THREAD_PROCESS_TRACING
enum to query different process and thread interception mechanisms
Definition DataTypes.h:104

DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_INTERRUPTS_FOR_THREAD_CHANGE
@ DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_INTERRUPTS_FOR_THREAD_CHANGE
Definition DataTypes.h:106

DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_INTERRUPTS_FOR_PROCESS_CHANGE
@ DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_INTERRUPTS_FOR_PROCESS_CHANGE
Definition DataTypes.h:107

DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_DEBUG_REGISTER_INTERCEPTION
@ DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_DEBUG_REGISTER_INTERCEPTION
Definition DataTypes.h:108

DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_WAITING_FOR_MOV_CR3_VM_EXITS
@ DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_WAITING_FOR_MOV_CR3_VM_EXITS
Definition DataTypes.h:109

_POOL_ALLOCATION_INTENTION
_POOL_ALLOCATION_INTENTION
Inum of intentions for buffers (buffer tag)
Definition DataTypes.h:40

SPLIT_2MB_PAGING_TO_4KB_PAGE
@ SPLIT_2MB_PAGING_TO_4KB_PAGE
Definition DataTypes.h:43

PROCESS_THREAD_HOLDER
@ PROCESS_THREAD_HOLDER
Definition DataTypes.h:46

EXEC_TRAMPOLINE
@ EXEC_TRAMPOLINE
Definition DataTypes.h:42

TRACKING_HOOKED_PAGES
@ TRACKING_HOOKED_PAGES
Definition DataTypes.h:41

INSTANT_REGULAR_SAFE_BUFFER_FOR_EVENTS
@ INSTANT_REGULAR_SAFE_BUFFER_FOR_EVENTS
Definition DataTypes.h:59

INSTANT_BIG_SAFE_BUFFER_FOR_EVENTS
@ INSTANT_BIG_SAFE_BUFFER_FOR_EVENTS
Definition DataTypes.h:60

INSTANT_BIG_EVENT_BUFFER
@ INSTANT_BIG_EVENT_BUFFER
Definition DataTypes.h:52

INSTANT_BIG_EVENT_ACTION_BUFFER
@ INSTANT_BIG_EVENT_ACTION_BUFFER
Definition DataTypes.h:54

DETOUR_HOOK_DETAILS
@ DETOUR_HOOK_DETAILS
Definition DataTypes.h:44

INSTANT_REGULAR_EVENT_ACTION_BUFFER
@ INSTANT_REGULAR_EVENT_ACTION_BUFFER
Definition DataTypes.h:53

INSTANT_REGULAR_EVENT_BUFFER
@ INSTANT_REGULAR_EVENT_BUFFER
Definition DataTypes.h:51

BREAKPOINT_DEFINITION_STRUCTURE
@ BREAKPOINT_DEFINITION_STRUCTURE
Definition DataTypes.h:45

EPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR
struct _EPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR EPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR
Setting details for EPT Hooks (!monitor)

PDEBUGGEE_MESSAGE_PACKET
struct _DEBUGGEE_MESSAGE_PACKET * PDEBUGGEE_MESSAGE_PACKET

DEBUGGEE_MESSAGE_PACKET
struct _DEBUGGEE_MESSAGE_PACKET DEBUGGEE_MESSAGE_PACKET
The structure of message packet in HyperDbg.

PDEBUGGER_TRIGGERED_EVENT_DETAILS
struct _DEBUGGER_TRIGGERED_EVENT_DETAILS * PDEBUGGER_TRIGGERED_EVENT_DETAILS

DEBUGGER_THREAD_PROCESS_TRACING
enum _DEBUGGER_THREAD_PROCESS_TRACING DEBUGGER_THREAD_PROCESS_TRACING
enum to query different process and thread interception mechanisms

DEBUGGEE_USER_INPUT_PACKET
struct _DEBUGGEE_USER_INPUT_PACKET DEBUGGEE_USER_INPUT_PACKET
The structure of user-input packet in HyperDbg.

DEBUG_REGISTER_TYPE
enum _DEBUG_REGISTER_TYPE DEBUG_REGISTER_TYPE

POOL_ALLOCATION_INTENTION
enum _POOL_ALLOCATION_INTENTION POOL_ALLOCATION_INTENTION
Inum of intentions for buffers (buffer tag)

PAGING_LEVEL
enum _PAGING_LEVEL PAGING_LEVEL
Different levels of paging.

PDEBUGGEE_KD_PAUSED_PACKET
struct _DEBUGGEE_KD_PAUSED_PACKET * PDEBUGGEE_KD_PAUSED_PACKET

_DEBUGGEE_EVENT_AND_ACTION_HEADER_FOR_REMOTE_PACKET
The structure of user-input packet in HyperDbg.
Definition DataTypes.h:156

_DEBUGGEE_EVENT_AND_ACTION_HEADER_FOR_REMOTE_PACKET::Length
UINT32 Length
Definition DataTypes.h:157

_DEBUGGEE_KD_PAUSED_PACKET
The structure of pausing packet in kHyperDbg.
Definition DataTypes.h:207

_DEBUGGEE_KD_PAUSED_PACKET::ReadInstructionLen
UINT16 ReadInstructionLen
Definition DataTypes.h:217

_DEBUGGEE_KD_PAUSED_PACKET::Rip
UINT64 Rip
Definition DataTypes.h:208

_DEBUGGEE_KD_PAUSED_PACKET::Rflags
UINT64 Rflags
Definition DataTypes.h:215

_DEBUGGEE_KD_PAUSED_PACKET::InstructionBytesOnRip
BYTE InstructionBytesOnRip[MAXIMUM_INSTR_SIZE]
Definition DataTypes.h:216

_DEBUGGEE_KD_PAUSED_PACKET::IsProcessorOn32BitMode
BOOLEAN IsProcessorOn32BitMode
Definition DataTypes.h:209

_DEBUGGEE_KD_PAUSED_PACKET::PausingReason
DEBUGGEE_PAUSING_REASON PausingReason
Definition DataTypes.h:211

_DEBUGGEE_KD_PAUSED_PACKET::EventTag
UINT64 EventTag
Definition DataTypes.h:213

_DEBUGGEE_KD_PAUSED_PACKET::CurrentCore
ULONG CurrentCore
Definition DataTypes.h:212

_DEBUGGEE_KD_PAUSED_PACKET::IgnoreDisassembling
BOOLEAN IgnoreDisassembling
Definition DataTypes.h:210

_DEBUGGEE_KD_PAUSED_PACKET::EventCallingStage
VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE EventCallingStage
Definition DataTypes.h:214

_DEBUGGEE_MESSAGE_PACKET
The structure of message packet in HyperDbg.
Definition DataTypes.h:268

_DEBUGGEE_MESSAGE_PACKET::OperationCode
UINT32 OperationCode
Definition DataTypes.h:269

_DEBUGGEE_MESSAGE_PACKET::Message
CHAR Message[PacketChunkSize]
Definition DataTypes.h:270

_DEBUGGEE_UD_PAUSED_PACKET
The structure of pausing packet in uHyperDbg.
Definition DataTypes.h:229

_DEBUGGEE_UD_PAUSED_PACKET::GuestRegs
GUEST_REGS GuestRegs
Definition DataTypes.h:241

_DEBUGGEE_UD_PAUSED_PACKET::PausingReason
DEBUGGEE_PAUSING_REASON PausingReason
Definition DataTypes.h:233

_DEBUGGEE_UD_PAUSED_PACKET::ReadInstructionLen
UINT16 ReadInstructionLen
Definition DataTypes.h:240

_DEBUGGEE_UD_PAUSED_PACKET::Rip
UINT64 Rip
Definition DataTypes.h:230

_DEBUGGEE_UD_PAUSED_PACKET::EventCallingStage
VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE EventCallingStage
Definition DataTypes.h:238

_DEBUGGEE_UD_PAUSED_PACKET::Is32Bit
BOOLEAN Is32Bit
Definition DataTypes.h:232

_DEBUGGEE_UD_PAUSED_PACKET::ProcessDebuggingToken
UINT64 ProcessDebuggingToken
Definition DataTypes.h:231

_DEBUGGEE_UD_PAUSED_PACKET::EventTag
UINT64 EventTag
Definition DataTypes.h:237

_DEBUGGEE_UD_PAUSED_PACKET::Rflags
UINT64 Rflags
Definition DataTypes.h:236

_DEBUGGEE_UD_PAUSED_PACKET::ThreadId
UINT32 ThreadId
Definition DataTypes.h:235

_DEBUGGEE_UD_PAUSED_PACKET::ProcessId
UINT32 ProcessId
Definition DataTypes.h:234

_DEBUGGEE_UD_PAUSED_PACKET::InstructionBytesOnRip
BYTE InstructionBytesOnRip[MAXIMUM_INSTR_SIZE]
Definition DataTypes.h:239

_DEBUGGEE_USER_INPUT_PACKET
The structure of user-input packet in HyperDbg.
Definition DataTypes.h:140

_DEBUGGEE_USER_INPUT_PACKET::CommandLen
UINT32 CommandLen
Definition DataTypes.h:141

_DEBUGGEE_USER_INPUT_PACKET::Result
UINT32 Result
Definition DataTypes.h:143

_DEBUGGEE_USER_INPUT_PACKET::IgnoreFinishedSignal
BOOLEAN IgnoreFinishedSignal
Definition DataTypes.h:142

_DEBUGGER_PAUSE_PACKET_RECEIVED
request to pause and halt the system
Definition DataTypes.h:178

_DEBUGGER_PAUSE_PACKET_RECEIVED::Result
UINT32 Result
Definition DataTypes.h:179

_DEBUGGER_TRIGGERED_EVENT_DETAILS
The structure of detail of a triggered event in HyperDbg.
Definition DataTypes.h:192

_DEBUGGER_TRIGGERED_EVENT_DETAILS::Tag
UINT64 Tag
Definition DataTypes.h:193

_DEBUGGER_TRIGGERED_EVENT_DETAILS::Stage
VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE Stage
Definition DataTypes.h:195

_DEBUGGER_TRIGGERED_EVENT_DETAILS::Context
PVOID Context
Definition DataTypes.h:194

_DIRECT_VMCALL_PARAMETERS
Used for sending direct VMCALLs on the VMX root-mode.
Definition DataTypes.h:294

_DIRECT_VMCALL_PARAMETERS::OptionalParam2
UINT64 OptionalParam2
Definition DataTypes.h:296

_DIRECT_VMCALL_PARAMETERS::OptionalParam3
UINT64 OptionalParam3
Definition DataTypes.h:297

_DIRECT_VMCALL_PARAMETERS::OptionalParam1
UINT64 OptionalParam1
Definition DataTypes.h:295

_EPT_HOOKS_ADDRESS_DETAILS_FOR_EPTHOOK2
Setting details for EPT Hooks (!epthook2)
Definition DataTypes.h:347

_EPT_HOOKS_ADDRESS_DETAILS_FOR_EPTHOOK2::HookFunction
PVOID HookFunction
Definition DataTypes.h:349

_EPT_HOOKS_ADDRESS_DETAILS_FOR_EPTHOOK2::TargetAddress
PVOID TargetAddress
Definition DataTypes.h:348

_EPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR
Setting details for EPT Hooks (!monitor)
Definition DataTypes.h:331

_EPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR::StartAddress
UINT64 StartAddress
Definition DataTypes.h:332

_EPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR::SetHookForRead
BOOLEAN SetHookForRead
Definition DataTypes.h:334

_EPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR::SetHookForWrite
BOOLEAN SetHookForWrite
Definition DataTypes.h:335

_EPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR::EndAddress
UINT64 EndAddress
Definition DataTypes.h:333

_EPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR::MemoryType
DEBUGGER_HOOK_MEMORY_TYPE MemoryType
Definition DataTypes.h:337

_EPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR::SetHookForExec
BOOLEAN SetHookForExec
Definition DataTypes.h:336

_EPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR::Tag
UINT64 Tag
Definition DataTypes.h:338

_EPT_HOOKS_CONTEXT
Temporary $context used in some EPT hook commands.
Definition DataTypes.h:320

_EPT_HOOKS_CONTEXT::HookingTag
UINT64 HookingTag
Definition DataTypes.h:321

_EPT_HOOKS_CONTEXT::VirtualAddress
UINT64 VirtualAddress
Definition DataTypes.h:323

_EPT_HOOKS_CONTEXT::PhysicalAddress
UINT64 PhysicalAddress
Definition DataTypes.h:322

_EPT_SINGLE_HOOK_UNHOOKING_DETAILS
Details of unhooking single EPT hooks.
Definition DataTypes.h:358

_EPT_SINGLE_HOOK_UNHOOKING_DETAILS::CallerNeedsToRestoreEntryAndInvalidateEpt
BOOLEAN CallerNeedsToRestoreEntryAndInvalidateEpt
Definition DataTypes.h:359

_EPT_SINGLE_HOOK_UNHOOKING_DETAILS::PhysicalAddress
SIZE_T PhysicalAddress
Definition DataTypes.h:361

_EPT_SINGLE_HOOK_UNHOOKING_DETAILS::RemoveBreakpointInterception
BOOLEAN RemoveBreakpointInterception
Definition DataTypes.h:360

_EPT_SINGLE_HOOK_UNHOOKING_DETAILS::OriginalEntry
UINT64 OriginalEntry
Definition DataTypes.h:362

_REGISTER_NOTIFY_BUFFER
Used to register event for transferring buffer between user-to-kernel.
Definition DataTypes.h:279

_REGISTER_NOTIFY_BUFFER::Type
NOTIFY_TYPE Type
Definition DataTypes.h:280

_REGISTER_NOTIFY_BUFFER::hEvent
HANDLE hEvent
Definition DataTypes.h:281

_VMX_SEGMENT_SELECTOR
Segment selector.
Definition DataTypes.h:436

_VMX_SEGMENT_SELECTOR::Limit
UINT32 Limit
Definition DataTypes.h:439

_VMX_SEGMENT_SELECTOR::Attributes
VMX_SEGMENT_ACCESS_RIGHTS_TYPE Attributes
Definition DataTypes.h:438

_VMX_SEGMENT_SELECTOR::Selector
UINT16 Selector
Definition DataTypes.h:437

_VMX_SEGMENT_SELECTOR::Base
UINT64 Base
Definition DataTypes.h:440

GUEST_REGS
Definition BasicTypes.h:70

VMX_SEGMENT_ACCESS_RIGHTS_TYPE
Describe segment selector in VMX.
Definition DataTypes.h:377

VMX_SEGMENT_ACCESS_RIGHTS_TYPE::Present
UINT32 Present
Definition DataTypes.h:398

VMX_SEGMENT_ACCESS_RIGHTS_TYPE::DescriptorPrivilegeLevel
UINT32 DescriptorPrivilegeLevel
Definition DataTypes.h:393

VMX_SEGMENT_ACCESS_RIGHTS_TYPE::Granularity
UINT32 Granularity
Definition DataTypes.h:420

VMX_SEGMENT_ACCESS_RIGHTS_TYPE::LongMode
UINT32 LongMode
Definition DataTypes.h:410

VMX_SEGMENT_ACCESS_RIGHTS_TYPE::AsUInt
UINT32 AsUInt
Definition DataTypes.h:428

VMX_SEGMENT_ACCESS_RIGHTS_TYPE::DefaultBig
UINT32 DefaultBig
Definition DataTypes.h:415

VMX_SEGMENT_ACCESS_RIGHTS_TYPE::AvailableBit
UINT32 AvailableBit
Definition DataTypes.h:405

VMX_SEGMENT_ACCESS_RIGHTS_TYPE::Reserved1
UINT32 Reserved1
Definition DataTypes.h:400

VMX_SEGMENT_ACCESS_RIGHTS_TYPE::Type
UINT32 Type
Definition DataTypes.h:383

VMX_SEGMENT_ACCESS_RIGHTS_TYPE::DescriptorType
UINT32 DescriptorType
Definition DataTypes.h:388

VMX_SEGMENT_ACCESS_RIGHTS_TYPE::Reserved2
UINT32 Reserved2
Definition DataTypes.h:425

VMX_SEGMENT_ACCESS_RIGHTS_TYPE::Unusable
UINT32 Unusable
Definition DataTypes.h:424