HyperDbg Debugger
Loading...
Searching...
No Matches
Functions
DebuggerVmcalls.c File Reference

Implementation of debugger VMCALLs. More...

#include "pch.h"

Functions

BOOLEAN DebuggerVmcallHandler (UINT32 CoreId, UINT64 VmcallNumber, UINT64 OptionalParam1, UINT64 OptionalParam2, UINT64 OptionalParam3)
 Termination function for external-interrupts.
 

Detailed Description

Implementation of debugger VMCALLs.

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.2
Date
2023-01-22
Copyright
This project is released under the GNU Public License v3.

Function Documentation

◆ DebuggerVmcallHandler()

BOOLEAN DebuggerVmcallHandler ( UINT32 CoreId,
UINT64 VmcallNumber,
UINT64 OptionalParam1,
UINT64 OptionalParam2,
UINT64 OptionalParam3 )

Termination function for external-interrupts.

Parameters
CoreId
VmcallNumber
OptionalParam1
OptionalParam2
OptionalParam3
Returns
BOOLEAN
32{
33 UNREFERENCED_PARAMETER(OptionalParam3);
34
35 BOOLEAN Result = FALSE;
36 PROCESSOR_DEBUGGING_STATE * DbgState = &g_DbgState[CoreId];
37
38 switch (VmcallNumber)
39 {
40 case DEBUGGER_VMCALL_VM_EXIT_HALT_SYSTEM:
41 {
42 KdHandleBreakpointAndDebugBreakpoints(DbgState,
43 DEBUGGEE_PAUSING_REASON_REQUEST_FROM_DEBUGGER,
44 NULL);
45 Result = TRUE;
46 break;
47 }
48 case DEBUGGER_VMCALL_VM_EXIT_HALT_SYSTEM_AS_A_RESULT_OF_TRIGGERING_EVENT:
49 {
50 DEBUGGER_TRIGGERED_EVENT_DETAILS * TriggeredEventDetail = (DEBUGGER_TRIGGERED_EVENT_DETAILS *)OptionalParam1;
51 PGUEST_REGS TempReg = NULL;
52
53 TempReg = DbgState->Regs;
54
55 //
56 // We won't send current vmcall registers
57 // instead we send the registers provided
58 // from the third parameter
59 //
60 DbgState->Regs = (GUEST_REGS *)OptionalParam2;
61
62 KdHandleBreakpointAndDebugBreakpoints(DbgState,
63 DEBUGGEE_PAUSING_REASON_DEBUGGEE_EVENT_TRIGGERED,
64 TriggeredEventDetail);
65
66 //
67 // Restore the register
68 //
69 DbgState->Regs = TempReg;
70
71 Result = TRUE;
72 break;
73 }
74 case DEBUGGER_VMCALL_SIGNAL_DEBUGGER_EXECUTION_FINISHED:
75 {
76 KdSendCommandFinishedSignal(CoreId);
77
78 Result = TRUE;
79 break;
80 }
81 case DEBUGGER_VMCALL_SEND_MESSAGES_TO_DEBUGGER:
82 {
83 //
84 // Kernel debugger is active, we should send the bytes over serial
85 //
86
87 if (OptionalParam1 != NULL64_ZERO && OptionalParam2 != NULL64_ZERO)
88 {
89 KdLoggingResponsePacketToDebugger(
90 (CHAR *)OptionalParam1,
91 (UINT32)OptionalParam2,
92 OPERATION_LOG_INFO_MESSAGE);
93 }
94
95 Result = TRUE;
96 break;
97 }
98 case DEBUGGER_VMCALL_SEND_GENERAL_BUFFER_TO_DEBUGGER:
99 {
100 //
101 // Cast the buffer received to perform sending buffer and possibly
102 // halt the debuggee
103 //
104 PDEBUGGEE_SEND_GENERAL_PACKET_FROM_DEBUGGEE_TO_DEBUGGER DebuggeeBufferRequest = (DEBUGGEE_SEND_GENERAL_PACKET_FROM_DEBUGGEE_TO_DEBUGGER *)OptionalParam1;
105
106 KdResponsePacketToDebugger(DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGEE_TO_DEBUGGER,
107 DebuggeeBufferRequest->RequestedAction,
108 (CHAR *)((UINT64)DebuggeeBufferRequest + (SIZEOF_DEBUGGEE_SEND_GENERAL_PACKET_FROM_DEBUGGEE_TO_DEBUGGER)),
109 DebuggeeBufferRequest->LengthOfBuffer);
110
111 //
112 // Check if we expect a buffer and command from the debugger or the
113 // request is just finished
114 //
115 if (DebuggeeBufferRequest->PauseDebuggeeWhenSent)
116 {
117 DbgState->IgnoreDisasmInNextPacket = TRUE;
118
119 KdHandleBreakpointAndDebugBreakpoints(DbgState,
120 DEBUGGEE_PAUSING_REASON_PAUSE,
121 NULL);
122 }
123
124 Result = TRUE;
125 break;
126 }
127 default:
128 Result = FALSE;
129 LogError("Err, invalid VMCALL in top-level debugger");
130
131 break;
132 }
133
134 return Result;
135}
BOOLEAN
UCHAR BOOLEAN
Definition BasicTypes.h:39
NULL64_ZERO
#define NULL64_ZERO
Definition BasicTypes.h:52
TRUE
#define TRUE
Definition BasicTypes.h:55
FALSE
#define FALSE
Definition BasicTypes.h:54
UINT64
unsigned __int64 UINT64
Definition BasicTypes.h:21
UINT32
unsigned int UINT32
Definition BasicTypes.h:48
CHAR
char CHAR
Definition BasicTypes.h:31
DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGEE_TO_DEBUGGER
@ DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGEE_TO_DEBUGGER
Definition Connection.h:164
DEBUGGEE_PAUSING_REASON_DEBUGGEE_EVENT_TRIGGERED
@ DEBUGGEE_PAUSING_REASON_DEBUGGEE_EVENT_TRIGGERED
Definition Connection.h:35
DEBUGGEE_PAUSING_REASON_PAUSE
@ DEBUGGEE_PAUSING_REASON_PAUSE
Definition Connection.h:25
DEBUGGEE_PAUSING_REASON_REQUEST_FROM_DEBUGGER
@ DEBUGGEE_PAUSING_REASON_REQUEST_FROM_DEBUGGER
Definition Connection.h:26
OPERATION_LOG_INFO_MESSAGE
#define OPERATION_LOG_INFO_MESSAGE
Message logs id that comes from kernel-mode to user-mode.
Definition Constants.h:366
DEBUGGER_VMCALL_SIGNAL_DEBUGGER_EXECUTION_FINISHED
#define DEBUGGER_VMCALL_SIGNAL_DEBUGGER_EXECUTION_FINISHED
VMCALL to signal debugger that debuggee finished execution of the command.
Definition DebuggerVmcalls.h:36
DEBUGGER_VMCALL_SEND_MESSAGES_TO_DEBUGGER
#define DEBUGGER_VMCALL_SEND_MESSAGES_TO_DEBUGGER
VMCALL to send messages to the debugger.
Definition DebuggerVmcalls.h:42
DEBUGGER_VMCALL_VM_EXIT_HALT_SYSTEM_AS_A_RESULT_OF_TRIGGERING_EVENT
#define DEBUGGER_VMCALL_VM_EXIT_HALT_SYSTEM_AS_A_RESULT_OF_TRIGGERING_EVENT
VMCALL to cause vm-exit and halt the system because of triggering an event.
Definition DebuggerVmcalls.h:29
DEBUGGER_VMCALL_VM_EXIT_HALT_SYSTEM
#define DEBUGGER_VMCALL_VM_EXIT_HALT_SYSTEM
VMCALL to cause vm-exit and halt the system.
Definition DebuggerVmcalls.h:22
DEBUGGER_VMCALL_SEND_GENERAL_BUFFER_TO_DEBUGGER
#define DEBUGGER_VMCALL_SEND_GENERAL_BUFFER_TO_DEBUGGER
VMCALL to send general buffers from debuggee user-mode to the debugger.
Definition DebuggerVmcalls.h:49
LogError
#define LogError(format,...)
Log in the case of error.
Definition HyperDbgHyperLogIntrinsics.h:113
KdSendCommandFinishedSignal
VOID KdSendCommandFinishedSignal(UINT32 CoreId)
Notify debugger that the execution of command finished.
Definition Kd.c:924
KdHandleBreakpointAndDebugBreakpoints
_Use_decl_annotations_ VOID KdHandleBreakpointAndDebugBreakpoints(PROCESSOR_DEBUGGING_STATE *DbgState, DEBUGGEE_PAUSING_REASON Reason, PDEBUGGER_TRIGGERED_EVENT_DETAILS EventDetails)
Handle #DBs and #BPs for kernel debugger.
Definition Kd.c:1214
KdLoggingResponsePacketToDebugger
_Use_decl_annotations_ BOOLEAN KdLoggingResponsePacketToDebugger(CHAR *OptionalBuffer, UINT32 OptionalBufferLength, UINT32 OperationCode)
Sends a HyperDbg logging response packet to the debugger.
Definition Kd.c:372
KdResponsePacketToDebugger
_Use_decl_annotations_ BOOLEAN KdResponsePacketToDebugger(DEBUGGER_REMOTE_PACKET_TYPE PacketType, DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION Response, CHAR *OptionalBuffer, UINT32 OptionalBufferLength)
Sends a HyperDbg response packet to the debugger.
Definition Kd.c:294
SIZEOF_DEBUGGEE_SEND_GENERAL_PACKET_FROM_DEBUGGEE_TO_DEBUGGER
#define SIZEOF_DEBUGGEE_SEND_GENERAL_PACKET_FROM_DEBUGGEE_TO_DEBUGGER
Definition RequestStructures.h:376
g_DbgState
PROCESSOR_DEBUGGING_STATE * g_DbgState
Save the state and variables related to debugging on each to logical core.
Definition Global.h:17
test-case-generator.NULL
NULL()
Definition test-case-generator.py:530
_DEBUGGEE_SEND_GENERAL_PACKET_FROM_DEBUGGEE_TO_DEBUGGER
request for send general packets from debuggee to debugger
Definition RequestStructures.h:384
_DEBUGGEE_SEND_GENERAL_PACKET_FROM_DEBUGGEE_TO_DEBUGGER::PauseDebuggeeWhenSent
BOOLEAN PauseDebuggeeWhenSent
Definition RequestStructures.h:387
_DEBUGGEE_SEND_GENERAL_PACKET_FROM_DEBUGGEE_TO_DEBUGGER::RequestedAction
DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION RequestedAction
Definition RequestStructures.h:385
_DEBUGGEE_SEND_GENERAL_PACKET_FROM_DEBUGGEE_TO_DEBUGGER::LengthOfBuffer
UINT32 LengthOfBuffer
Definition RequestStructures.h:386
_DEBUGGER_TRIGGERED_EVENT_DETAILS
The structure of detail of a triggered event in HyperDbg.
Definition DataTypes.h:192
_PROCESSOR_DEBUGGING_STATE
Saves the debugger state.
Definition State.h:165
_PROCESSOR_DEBUGGING_STATE::Regs
GUEST_REGS * Regs
Definition State.h:168
_PROCESSOR_DEBUGGING_STATE::IgnoreDisasmInNextPacket
BOOLEAN IgnoreDisasmInNextPacket
Definition State.h:171
GUEST_REGS
Definition BasicTypes.h:70