HyperDbg Debugger
Loading...
Searching...
No Matches
Functions
DebugRegisters.c File Reference

Implementation of debug registers functions. More...

#include "pch.h"

Functions

BOOLEAN SetDebugRegisters (UINT32 DebugRegNum, DEBUG_REGISTER_TYPE ActionType, BOOLEAN ApplyToVmcs, UINT64 TargetAddress)
 Configure hardware debug register for access, write and fetch breakpoints.
 

Detailed Description

Implementation of debug registers functions.

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.1
Date
2021-11-23
Copyright
This project is released under the GNU Public License v3.

Function Documentation

◆ SetDebugRegisters()

BOOLEAN SetDebugRegisters ( UINT32 DebugRegNum,
DEBUG_REGISTER_TYPE ActionType,
BOOLEAN ApplyToVmcs,
UINT64 TargetAddress )

Configure hardware debug register for access, write and fetch breakpoints.

if apply to vmcs is true then should be called at vmx-root mode keep in mind that it applies only on one core Also, the caller must be sure that Load Debug Controls and Save Debug Controls on VM-entry and VM-exit controls on the VMCS of the target core, vmcalls VMCALL_SET_VM_ENTRY_LOAD_DEBUG_CONTROLS and VMCALL_SET_VM_EXIT_SAVE_DEBUG_CONTROLS are designed for this purpose should be called on vmx-root mode if the ApplyToVmcs is TRUE

Parameters
DebugRegNumDebug register that want to apply to it (can be between 0 to 3 as current processors support only 4 locations on hardware debug register)
ActionTypeType of breakpoint (Access, write, fetch)
ApplyToVmcsApply on GUEST_RIP register of VMCS, see details above for more information
TargetAddressTarget breakpoint virtual address
Returns
BOOLEAN If TRUE, shows the request configuration is correct, otherwise it's either not supported or not correct configuration
38{
39 DR7 Dr7 = {0};
40
41 //
42 // Debug registers can be dr0, dr1, dr2, dr3
43 //
44 if (DebugRegNum >= 4)
45 {
46 return FALSE;
47 }
48
49 //
50 // Configure the dr7 (dr6 is only to show the status)
51 // the configuration derived from https://stackoverflow.com/questions/40818920/
52 //
53 // Check-list:
54 // - Set the reserved bits to their right values
55 // - Set DR7.LE and DR7.GE to 1
56 // - Set DR7.L0(L1, L2, L3) to 1 [local breakpoint]
57 // - Make sure DR7.RW/0 (RW/1, RW/2, RW/3) is 0 [break on instruction exec]
58 // - Make sure DR7.LEN0 (LEN1, LEN2, LEN3) is 0 [1 byte length]
59 // - Set DR0 (1, 2, 3) to the instruction linear address
60 // - Make sure linear address [DR0 to DR3] falls on the first byte of the instruction
61 //
62
63 //
64 // Must be 1
65 //
66 Dr7.Reserved1 = 1;
67
68 //
69 // Based on Intel Manual:
70 // we recommend that the LE and GE flags be set to 1 if exact breakpoints are required
71 //
72 Dr7.LocalExactBreakpoint = 1;
73 Dr7.GlobalExactBreakpoint = 1;
74
75 //
76 // Set the target address and enable it on dr7
77 //
78 if (DebugRegNum == 0)
79 {
80 __writedr(0, TargetAddress);
81
82 Dr7.GlobalBreakpoint0 = 1;
83
84 //
85 // Based on SDM :
86 // 00 - Break on instruction execution only.
87 // 01 - Break on data writes only.
88 // 10 - Break on I/O reads or writes.
89 // 11 - Break on data reads or writes but not instruction fetches
90 // Also 10, is based on another bit so it is configured based on
91 // other bits, read the SDM for more.
92 //
93
94 switch (ActionType)
95 {
96 case BREAK_ON_INSTRUCTION_FETCH:
97 Dr7.ReadWrite0 = 0b00; // 0b00 => 0
98 break;
99 case BREAK_ON_WRITE_ONLY:
100 Dr7.ReadWrite0 = 0b01; // 0b01 => 1
101 break;
102 case BREAK_ON_IO_READ_OR_WRITE_NOT_SUPPORTED:
103 Dr7.ReadWrite0 = 0b10; // 0b10 => 2
104 LogError("Err, I/O access breakpoint by debug regs are not supported");
105 return FALSE;
106 break;
107 case BREAK_ON_READ_AND_WRITE_BUT_NOT_FETCH:
108 Dr7.ReadWrite0 = 0b11; // 0b11 => 3
109 break;
110
111 default:
112 //
113 // what?
114 //
115 LogError("Err, unknown parameter as debug reg action type");
116 return FALSE;
117 break;
118 }
119 }
120 else if (DebugRegNum == 1)
121 {
122 __writedr(1, TargetAddress);
123 Dr7.GlobalBreakpoint1 = 1;
124
125 //
126 // Based on SDM :
127 // 00 - Break on instruction execution only.
128 // 01 - Break on data writes only.
129 // 10 - Break on I/O reads or writes.
130 // 11 - Break on data reads or writes but not instruction fetches
131 // Also 10, is based on another bit so it is configured based on
132 // other bits, read the SDM for more.
133 //
134
135 switch (ActionType)
136 {
137 case BREAK_ON_INSTRUCTION_FETCH:
138 Dr7.ReadWrite1 = 0b00; // 0b00 => 0
139 break;
140 case BREAK_ON_WRITE_ONLY:
141 Dr7.ReadWrite1 = 0b01; // 0b01 => 1
142 break;
143 case BREAK_ON_IO_READ_OR_WRITE_NOT_SUPPORTED:
144 Dr7.ReadWrite1 = 0b10; // 0b10 => 2
145 LogError("Err, I/O access breakpoint by debug regs are not supported");
146 return FALSE;
147 break;
148 case BREAK_ON_READ_AND_WRITE_BUT_NOT_FETCH:
149 Dr7.ReadWrite1 = 0b11; // 0b11 => 3
150 break;
151
152 default:
153 //
154 // what?
155 //
156 LogError("Err, unknown parameter as debug reg action type");
157 return FALSE;
158 break;
159 }
160 }
161 else if (DebugRegNum == 2)
162 {
163 __writedr(2, TargetAddress);
164 Dr7.GlobalBreakpoint2 = 1;
165
166 //
167 // Based on SDM :
168 // 00 - Break on instruction execution only.
169 // 01 - Break on data writes only.
170 // 10 - Break on I/O reads or writes.
171 // 11 - Break on data reads or writes but not instruction fetches
172 // Also 10, is based on another bit so it is configured based on
173 // other bits, read the SDM for more.
174 //
175
176 switch (ActionType)
177 {
178 case BREAK_ON_INSTRUCTION_FETCH:
179 Dr7.ReadWrite2 = 0b00; // 0b00 => 0
180 break;
181 case BREAK_ON_WRITE_ONLY:
182 Dr7.ReadWrite2 = 0b01; // 0b01 => 1
183 break;
184 case BREAK_ON_IO_READ_OR_WRITE_NOT_SUPPORTED:
185 Dr7.ReadWrite2 = 0b10; // 0b10 => 2
186 LogError("Err, I/O access breakpoint by debug regs are not supported");
187 return FALSE;
188 break;
189 case BREAK_ON_READ_AND_WRITE_BUT_NOT_FETCH:
190 Dr7.ReadWrite2 = 0b11; // 0b11 => 3
191 break;
192
193 default:
194 //
195 // what?
196 //
197 LogError("Err, unknown parameter as debug reg action type");
198 return FALSE;
199 break;
200 }
201 }
202 else if (DebugRegNum == 3)
203 {
204 __writedr(3, TargetAddress);
205 Dr7.GlobalBreakpoint3 = 1;
206
207 //
208 // Based on SDM :
209 // 00 - Break on instruction execution only.
210 // 01 - Break on data writes only.
211 // 10 - Break on I/O reads or writes.
212 // 11 - Break on data reads or writes but not instruction fetches
213 // Also 10, is based on another bit so it is configured based on
214 // other bits, read the SDM for more.
215 //
216
217 switch (ActionType)
218 {
219 case BREAK_ON_INSTRUCTION_FETCH:
220 Dr7.ReadWrite3 = 0b00; // 0b00 => 0
221 break;
222 case BREAK_ON_WRITE_ONLY:
223 Dr7.ReadWrite3 = 0b01; // 0b01 => 1
224 break;
225 case BREAK_ON_IO_READ_OR_WRITE_NOT_SUPPORTED:
226 Dr7.ReadWrite3 = 0b10; // 0b10 => 2
227 LogError("Err, I/O access breakpoint by debug regs are not supported");
228 return FALSE;
229 break;
230 case BREAK_ON_READ_AND_WRITE_BUT_NOT_FETCH:
231 Dr7.ReadWrite3 = 0b11; // 0b11 => 3
232 break;
233
234 default:
235 //
236 // what?
237 //
238 LogError("Err, unknown parameter as debug reg action type");
239 return FALSE;
240 break;
241 }
242 }
243
244 //
245 // Applies to debug register 7, the caller must be sure that Load Debug
246 // Controls and Save Debug Controls on VM-entry and VM-exit controls
247 // on the VMCS of the target core
248 //
249 if (ApplyToVmcs)
250 {
251 __vmx_vmwrite(VMCS_GUEST_DR7, Dr7.AsUInt);
252 }
253 else
254 {
255 __writedr(7, Dr7.AsUInt);
256 }
257
258 return TRUE;
259}
TRUE
#define TRUE
Definition BasicTypes.h:55
FALSE
#define FALSE
Definition BasicTypes.h:54
BREAK_ON_READ_AND_WRITE_BUT_NOT_FETCH
@ BREAK_ON_READ_AND_WRITE_BUT_NOT_FETCH
Definition DataTypes.h:73
BREAK_ON_IO_READ_OR_WRITE_NOT_SUPPORTED
@ BREAK_ON_IO_READ_OR_WRITE_NOT_SUPPORTED
Definition DataTypes.h:72
BREAK_ON_WRITE_ONLY
@ BREAK_ON_WRITE_ONLY
Definition DataTypes.h:71
BREAK_ON_INSTRUCTION_FETCH
@ BREAK_ON_INSTRUCTION_FETCH
Definition DataTypes.h:70
LogError
#define LogError(format,...)
Log in the case of error.
Definition HyperDbgHyperLogIntrinsics.h:113