HyperDbg Debugger
Loading...
Searching...
No Matches
Functions
ExtensionCommands.c File Reference

Implementation of Debugger Commands (Extensions) More...

#include "pch.h"

Functions

VOID ExtensionCommandVa2paAndPa2va (PDEBUGGER_VA2PA_AND_PA2VA_COMMANDS AddressDetails, BOOLEAN OperateOnVmxRoot)
 routines for !va2pa and !pa2va commands
 
BOOLEAN ExtensionCommandPte (PDEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS PteDetails, BOOLEAN IsOperatingInVmxRoot)
 routines for !pte command
 
VOID ExtensionCommandChangeAllMsrBitmapReadAllCores (UINT64 BitmapMask)
 routines for !msrread command which
 
VOID ExtensionCommandResetChangeAllMsrBitmapReadAllCores ()
 routines for disable (reset) !msrread command
 
VOID ExtensionCommandChangeAllMsrBitmapWriteAllCores (UINT64 BitmapMask)
 routines for !msrwrite command which
 
VOID ExtensionCommandResetAllMsrBitmapWriteAllCores ()
 routines for reset !msrwrite command which
 
VOID ExtensionCommandEnableRdtscExitingAllCores ()
 routines for !tsc command
 
VOID ExtensionCommandDisableRdtscExitingAllCores ()
 routines for disabling rdtsc/p exiting
 
VOID ExtensionCommandDisableRdtscExitingForClearingEventsAllCores ()
 routines ONLY for disabling !tsc command
 
VOID ExtensionCommandDisableMov2ControlRegsExitingForClearingEventsAllCores (PDEBUGGER_EVENT Event)
 routines ONLY for disabling !crwrite command
 
VOID ExtensionCommandDisableMov2DebugRegsExitingForClearingEventsAllCores ()
 routines ONLY for disabling !dr command
 
VOID ExtensionCommandEnableRdpmcExitingAllCores ()
 routines for !pmc
 
VOID ExtensionCommandDisableRdpmcExitingAllCores ()
 routines for disabling !pmc
 
VOID ExtensionCommandSetExceptionBitmapAllCores (UINT64 ExceptionIndex)
 routines for !exception command which
 
VOID ExtensionCommandUnsetExceptionBitmapAllCores (UINT64 ExceptionIndex)
 routines for disabling exception bitmap
 
VOID ExtensionCommandResetExceptionBitmapAllCores ()
 routines for reset !exception command
 
VOID ExtensionCommandEnableMovControlRegisterExitingAllCores (PDEBUGGER_EVENT Event)
 routines for !crwrite
 
VOID ExtensionCommandDisableMovToControlRegistersExitingAllCores (PDEBUGGER_EVENT Event)
 routines for disabling !crwrite
 
VOID ExtensionCommandEnableMovDebugRegistersExitingAllCores ()
 routines for !dr
 
VOID ExtensionCommandDisableMovDebugRegistersExitingAllCores ()
 routines for disabling !dr
 
VOID ExtensionCommandSetExternalInterruptExitingAllCores ()
 routines for !interrupt command which
 
VOID ExtensionCommandUnsetExternalInterruptExitingOnlyOnClearingInterruptEventsAllCores ()
 routines for ONLY terminate !interrupt command
 
VOID ExtensionCommandIoBitmapChangeAllCores (UINT64 Port)
 routines for !ioin and !ioout command which
 
VOID ExtensionCommandIoBitmapResetAllCores ()
 routines for reset !ioin and !ioout command
 

Detailed Description

Implementation of Debugger Commands (Extensions)

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)

Debugger Commands that start with "!"

Version
0.1
Date
2020-04-11
Copyright
This project is released under the GNU Public License v3.

Function Documentation

◆ ExtensionCommandChangeAllMsrBitmapReadAllCores()

VOID ExtensionCommandChangeAllMsrBitmapReadAllCores ( UINT64 BitmapMask)

routines for !msrread command which

causes vm-exit on all msr reads

Parameters
BitmapMaskBit mask of msr to put on msr bitmap
Returns
VOID
301{
302 //
303 // Broadcast to all cores
304 //
305 BroadcastChangeAllMsrBitmapReadAllCores(BitmapMask);
306}
BroadcastChangeAllMsrBitmapReadAllCores
VOID BroadcastChangeAllMsrBitmapReadAllCores(UINT64 BitmapMask)
routines for !msrread command which
Definition Broadcast.c:160

◆ ExtensionCommandChangeAllMsrBitmapWriteAllCores()

VOID ExtensionCommandChangeAllMsrBitmapWriteAllCores ( UINT64 BitmapMask)

routines for !msrwrite command which

causes vm-exit on all msr writes

Returns
VOID
328{
329 //
330 // Broadcast to all cores
331 //
332 BroadcastChangeAllMsrBitmapWriteAllCores(BitmapMask);
333}
BroadcastChangeAllMsrBitmapWriteAllCores
VOID BroadcastChangeAllMsrBitmapWriteAllCores(UINT64 BitmapMask)
routines for !msrwrite command which
Definition Broadcast.c:187

◆ ExtensionCommandDisableMov2ControlRegsExitingForClearingEventsAllCores()

VOID ExtensionCommandDisableMov2ControlRegsExitingForClearingEventsAllCores ( PDEBUGGER_EVENT Event)

routines ONLY for disabling !crwrite command

Parameters
Event
Returns
VOID
395{
396 //
397 // Broadcast to all cores
398 //
399 BroadcastDisableMov2ControlRegsExitingForClearingEventsAllCores(&Event->Options);
400}
BroadcastDisableMov2ControlRegsExitingForClearingEventsAllCores
VOID BroadcastDisableMov2ControlRegsExitingForClearingEventsAllCores(PDEBUGGER_EVENT_OPTIONS BroadcastingOption)
routines ONLY for disabling !crwrite command
Definition Broadcast.c:227
_DEBUGGER_EVENT::Options
DEBUGGER_EVENT_OPTIONS Options
Definition Debugger.h:131

◆ ExtensionCommandDisableMov2DebugRegsExitingForClearingEventsAllCores()

VOID ExtensionCommandDisableMov2DebugRegsExitingForClearingEventsAllCores ( )

routines ONLY for disabling !dr command

Returns
VOID
408{
409 //
410 // Broadcast to all cores
411 //
412 BroadcastDisableMov2DebugRegsExitingForClearingEventsAllCores();
413}
BroadcastDisableMov2DebugRegsExitingForClearingEventsAllCores
VOID BroadcastDisableMov2DebugRegsExitingForClearingEventsAllCores()
routines ONLY for disabling !dr command
Definition Broadcast.c:240

◆ ExtensionCommandDisableMovDebugRegistersExitingAllCores()

VOID ExtensionCommandDisableMovDebugRegistersExitingAllCores ( )

routines for disabling !dr

Returns
VOID
536{
537 //
538 // Broadcast to all cores
539 //
540 BroadcastDisableMovDebugRegistersExitingAllCores();
541}
BroadcastDisableMovDebugRegistersExitingAllCores
VOID BroadcastDisableMovDebugRegistersExitingAllCores()
routines for disabling !dr
Definition Broadcast.c:368

◆ ExtensionCommandDisableMovToControlRegistersExitingAllCores()

VOID ExtensionCommandDisableMovToControlRegistersExitingAllCores ( PDEBUGGER_EVENT Event)

routines for disabling !crwrite

Parameters
Event
Returns
VOID
509{
510 //
511 // Broadcast to all cores
512 //
513 BroadcastDisableMovToControlRegistersExitingAllCores(&Event->Options);
514}
BroadcastDisableMovToControlRegistersExitingAllCores
VOID BroadcastDisableMovToControlRegistersExitingAllCores(PDEBUGGER_EVENT_OPTIONS BroadcastingOption)
routines for disabling !crwrite
Definition Broadcast.c:341

◆ ExtensionCommandDisableRdpmcExitingAllCores()

VOID ExtensionCommandDisableRdpmcExitingAllCores ( )

routines for disabling !pmc

Returns
VOID
435{
436 //
437 // Broadcast to all cores
438 //
439 BroadcastDisableRdpmcExitingAllCores();
440}
BroadcastDisableRdpmcExitingAllCores
VOID BroadcastDisableRdpmcExitingAllCores()
routines for disabling !pmc
Definition Broadcast.c:267

◆ ExtensionCommandDisableRdtscExitingAllCores()

VOID ExtensionCommandDisableRdtscExitingAllCores ( )

routines for disabling rdtsc/p exiting

Returns
VOID
368{
369 //
370 // Broadcast to all cores
371 //
372 BroadcastDisableRdtscExitingAllCores();
373}
BroadcastDisableRdtscExitingAllCores
VOID BroadcastDisableRdtscExitingAllCores()
a broadcast that causes for disabling rdtsc/p exiting
Definition Broadcast.c:145

◆ ExtensionCommandDisableRdtscExitingForClearingEventsAllCores()

VOID ExtensionCommandDisableRdtscExitingForClearingEventsAllCores ( )

routines ONLY for disabling !tsc command

Returns
VOID
381{
382 //
383 // Broadcast to all cores
384 //
385 BroadcastDisableRdtscExitingForClearingEventsAllCores();
386}
BroadcastDisableRdtscExitingForClearingEventsAllCores
VOID BroadcastDisableRdtscExitingForClearingEventsAllCores()
routines ONLY for disabling !tsc command
Definition Broadcast.c:213

◆ ExtensionCommandEnableMovControlRegisterExitingAllCores()

VOID ExtensionCommandEnableMovControlRegisterExitingAllCores ( PDEBUGGER_EVENT Event)

routines for !crwrite

causes vm-exit on all accesses to debug registers

Parameters
Event
Returns
VOID
495{
496 //
497 // Broadcast to all cores
498 //
499 BroadcastEnableMovControlRegisterExitingAllCores(&Event->Options);
500}
BroadcastEnableMovControlRegisterExitingAllCores
VOID BroadcastEnableMovControlRegisterExitingAllCores(PDEBUGGER_EVENT_OPTIONS BroadcastingOption)
routines for !crwrite
Definition Broadcast.c:327

◆ ExtensionCommandEnableMovDebugRegistersExitingAllCores()

VOID ExtensionCommandEnableMovDebugRegistersExitingAllCores ( )

routines for !dr

causes vm-exit on all accesses to debug registers

Returns
VOID
523{
524 //
525 // Broadcast to all cores
526 //
527 BroadcastEnableMovDebugRegistersExitingAllCores();
528}
BroadcastEnableMovDebugRegistersExitingAllCores
VOID BroadcastEnableMovDebugRegistersExitingAllCores()
routines for !dr
Definition Broadcast.c:355

◆ ExtensionCommandEnableRdpmcExitingAllCores()

VOID ExtensionCommandEnableRdpmcExitingAllCores ( )

routines for !pmc

causes vm-exit on all execution of rdpmc

Returns
VOID
422{
423 //
424 // Broadcast to all cores
425 //
426 BroadcastEnableRdpmcExitingAllCores();
427}
BroadcastEnableRdpmcExitingAllCores
VOID BroadcastEnableRdpmcExitingAllCores()
routines for !pmc
Definition Broadcast.c:254

◆ ExtensionCommandEnableRdtscExitingAllCores()

VOID ExtensionCommandEnableRdtscExitingAllCores ( )

routines for !tsc command

causes vm-exit on all execution of rdtsc/rdtscp

Returns
VOID
355{
356 //
357 // Broadcast to all cores
358 //
359 BroadcastEnableRdtscExitingAllCores();
360}
BroadcastEnableRdtscExitingAllCores
VOID BroadcastEnableRdtscExitingAllCores()
a broadcast that causes vm-exit on all execution of rdtsc/rdtscp
Definition Broadcast.c:132

◆ ExtensionCommandIoBitmapChangeAllCores()

VOID ExtensionCommandIoBitmapChangeAllCores ( UINT64 Port)

routines for !ioin and !ioout command which

causes vm-exit on all i/o instructions or one port

Returns
VOID
577{
578 //
579 // Broadcast to all cores
580 //
581 BroadcastIoBitmapChangeAllCores(Port);
582}
BroadcastIoBitmapChangeAllCores
VOID BroadcastIoBitmapChangeAllCores(UINT64 Port)
routines for !ioin and !ioout command which
Definition Broadcast.c:409

◆ ExtensionCommandIoBitmapResetAllCores()

VOID ExtensionCommandIoBitmapResetAllCores ( )

routines for reset !ioin and !ioout command

Returns
VOID
590{
591 //
592 // Broadcast to all cores
593 //
594 BroadcastIoBitmapResetAllCores();
595}
BroadcastIoBitmapResetAllCores
VOID BroadcastIoBitmapResetAllCores()
routines for reset !ioin and !ioout command
Definition Broadcast.c:422

◆ ExtensionCommandPte()

BOOLEAN ExtensionCommandPte ( PDEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS PteDetails,
BOOLEAN IsOperatingInVmxRoot )

routines for !pte command

Parameters
PteDetails
IsOperatingInVmxRoot
Returns
BOOLEAN
171{
172 BOOLEAN Result = FALSE;
173 CR3_TYPE RestoreCr3 = {0};
174
175 //
176 // Check for validations
177 //
178 if (IsOperatingInVmxRoot)
179 {
180 if (!VirtualAddressToPhysicalAddressOnTargetProcess((PVOID)PteDetails->VirtualAddress))
181 {
182 //
183 // Address is not valid (doesn't have Physical Address)
184 //
185 PteDetails->KernelStatus = DEBUGGER_ERROR_INVALID_ADDRESS;
186 return FALSE;
187 }
188
189 //
190 // Switch on running process's cr3
191 //
192 RestoreCr3.Flags = SwitchToCurrentProcessMemoryLayout().Flags;
193 }
194 else
195 {
196 if (PteDetails->ProcessId != HANDLE_TO_UINT32(PsGetCurrentProcessId()))
197 {
198 //
199 // It's on another process address space
200 //
201
202 //
203 // Check if pid is valid
204 //
205 if (!CommonIsProcessExist(PteDetails->ProcessId))
206 {
207 //
208 // Process id is invalid
209 //
210 PteDetails->KernelStatus = DEBUGGER_ERROR_INVALID_PROCESS_ID;
211 return FALSE;
212 }
213
214 //
215 // Switch to new process's memory layout
216 //
217 RestoreCr3.Flags = SwitchToProcessMemoryLayout(PteDetails->ProcessId).Flags;
218 }
219
220 //
221 // Check if address is valid
222 //
223 if (!VirtualAddressToPhysicalAddress((PVOID)PteDetails->VirtualAddress))
224 {
225 //
226 // Address is not valid (doesn't have Physical Address)
227 //
228 PteDetails->KernelStatus = DEBUGGER_ERROR_INVALID_ADDRESS;
229 Result = FALSE;
230 goto RestoreTheState;
231 }
232 }
233
234 //
235 // Read the PML4E
236 //
237 PPAGE_ENTRY Pml4e = MemoryMapperGetPteVa((PVOID)PteDetails->VirtualAddress, PagingLevelPageMapLevel4);
238 if (Pml4e)
239 {
240 PteDetails->Pml4eVirtualAddress = (UINT64)Pml4e;
241 PteDetails->Pml4eValue = Pml4e->Flags;
242 }
243
244 //
245 // Read the PDPTE
246 //
247 PPAGE_ENTRY Pdpte = MemoryMapperGetPteVa((PVOID)PteDetails->VirtualAddress, PagingLevelPageDirectoryPointerTable);
248 if (Pdpte)
249 {
250 PteDetails->PdpteVirtualAddress = (UINT64)Pdpte;
251 PteDetails->PdpteValue = Pdpte->Flags;
252 }
253
254 //
255 // Read the PDE
256 //
257 PPAGE_ENTRY Pde = MemoryMapperGetPteVa((PVOID)PteDetails->VirtualAddress, PagingLevelPageDirectory);
258 if (Pde)
259 {
260 PteDetails->PdeVirtualAddress = (UINT64)Pde;
261 PteDetails->PdeValue = Pde->Flags;
262 }
263
264 //
265 // Read the PTE
266 //
267 PPAGE_ENTRY Pte = MemoryMapperGetPteVa((PVOID)PteDetails->VirtualAddress, PagingLevelPageTable);
268 if (Pte)
269 {
270 PteDetails->PteVirtualAddress = (UINT64)Pte;
271 PteDetails->PteValue = Pte->Flags;
272 }
273
274 //
275 // Show that the details we retrieved successfully
276 //
277 PteDetails->KernelStatus = DEBUGGER_OPERATION_WAS_SUCCESSFUL;
278 Result = TRUE;
279
280RestoreTheState:
281
282 //
283 // Check to restore the current cr3 if it's changed
284 //
285 if (RestoreCr3.Flags != (UINT64)NULL)
286 {
287 SwitchToPreviousProcess(RestoreCr3);
288 }
289
290 return Result;
291}
BOOLEAN
UCHAR BOOLEAN
Definition BasicTypes.h:39
TRUE
#define TRUE
Definition BasicTypes.h:55
FALSE
#define FALSE
Definition BasicTypes.h:54
UINT64
unsigned __int64 UINT64
Definition BasicTypes.h:21
VirtualAddressToPhysicalAddressOnTargetProcess
_Use_decl_annotations_ UINT64 VirtualAddressToPhysicalAddressOnTargetProcess(PVOID VirtualAddress)
Converts Virtual Address to Physical Address based on the current process's kernel cr3.
Definition Conversion.c:258
VirtualAddressToPhysicalAddress
_Use_decl_annotations_ UINT64 VirtualAddressToPhysicalAddress(_In_ PVOID VirtualAddress)
Converts Virtual Address to Physical Address.
Definition Conversion.c:154
PagingLevelPageDirectoryPointerTable
@ PagingLevelPageDirectoryPointerTable
Definition DataTypes.h:27
PagingLevelPageDirectory
@ PagingLevelPageDirectory
Definition DataTypes.h:26
PagingLevelPageTable
@ PagingLevelPageTable
Definition DataTypes.h:25
PagingLevelPageMapLevel4
@ PagingLevelPageMapLevel4
Definition DataTypes.h:28
DEBUGGER_ERROR_INVALID_ADDRESS
#define DEBUGGER_ERROR_INVALID_ADDRESS
error, invalid address specified for debugger
Definition ErrorCodes.h:63
DEBUGGER_ERROR_INVALID_PROCESS_ID
#define DEBUGGER_ERROR_INVALID_PROCESS_ID
error, the process id is invalid
Definition ErrorCodes.h:220
DEBUGGER_OPERATION_WAS_SUCCESSFUL
#define DEBUGGER_OPERATION_WAS_SUCCESSFUL
General value to indicate that the operation or request was successful.
Definition ErrorCodes.h:23
MemoryMapperGetPteVa
_Use_decl_annotations_ PVOID MemoryMapperGetPteVa(PVOID Va, PAGING_LEVEL Level)
This function gets virtual address and returns its PTE of the virtual address.
Definition MemoryMapper.c:59
HANDLE_TO_UINT32
#define HANDLE_TO_UINT32(_var)
Definition MetaMacros.h:39
SwitchToPreviousProcess
_Use_decl_annotations_ VOID SwitchToPreviousProcess(CR3_TYPE PreviousProcess)
Switch to previous process's cr3.
Definition SwitchLayout.c:125
SwitchToProcessMemoryLayout
_Use_decl_annotations_ CR3_TYPE SwitchToProcessMemoryLayout(UINT32 ProcessId)
Switch to another process's cr3.
Definition SwitchLayout.c:25
SwitchToCurrentProcessMemoryLayout
CR3_TYPE SwitchToCurrentProcessMemoryLayout()
Switch to guest's running process's cr3.
Definition SwitchLayout.c:70
CommonIsProcessExist
BOOLEAN CommonIsProcessExist(UINT32 ProcId)
Checks whether the process with ProcId exists or not.
Definition Common.c:24
test-case-generator.NULL
NULL()
Definition test-case-generator.py:530
_CR3_TYPE
CR3 Structure.
Definition BasicTypes.h:130
_CR3_TYPE::Flags
UINT64 Flags
Definition BasicTypes.h:133
_DEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS::PdeValue
UINT64 PdeValue
Definition RequestStructures.h:33
_DEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS::PdpteValue
UINT64 PdpteValue
Definition RequestStructures.h:30
_DEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS::PdpteVirtualAddress
UINT64 PdpteVirtualAddress
Definition RequestStructures.h:29
_DEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS::VirtualAddress
UINT64 VirtualAddress
Definition RequestStructures.h:23
_DEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS::PteVirtualAddress
UINT64 PteVirtualAddress
Definition RequestStructures.h:35
_DEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS::Pml4eValue
UINT64 Pml4eValue
Definition RequestStructures.h:27
_DEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS::Pml4eVirtualAddress
UINT64 Pml4eVirtualAddress
Definition RequestStructures.h:26
_DEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS::ProcessId
UINT32 ProcessId
Definition RequestStructures.h:24
_DEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS::KernelStatus
UINT32 KernelStatus
Definition RequestStructures.h:38
_DEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS::PteValue
UINT64 PteValue
Definition RequestStructures.h:36
_DEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS::PdeVirtualAddress
UINT64 PdeVirtualAddress
Definition RequestStructures.h:32
_PAGE_ENTRY
Page Entries.
Definition MemoryMapper.h:61
_PAGE_ENTRY::Flags
UINT64 Flags
Definition MemoryMapper.h:64

◆ ExtensionCommandResetAllMsrBitmapWriteAllCores()

VOID ExtensionCommandResetAllMsrBitmapWriteAllCores ( )

routines for reset !msrwrite command which

Returns
VOID
341{
342 //
343 // Broadcast to all cores
344 //
345 BroadcastResetAllMsrBitmapWriteAllCores();
346}
BroadcastResetAllMsrBitmapWriteAllCores
VOID BroadcastResetAllMsrBitmapWriteAllCores()
routines for reset !msrwrite command which
Definition Broadcast.c:200

◆ ExtensionCommandResetChangeAllMsrBitmapReadAllCores()

VOID ExtensionCommandResetChangeAllMsrBitmapReadAllCores ( )

routines for disable (reset) !msrread command

Returns
VOID
314{
315 //
316 // Broadcast to all cores
317 //
318 BroadcastResetChangeAllMsrBitmapReadAllCores();
319}
BroadcastResetChangeAllMsrBitmapReadAllCores
VOID BroadcastResetChangeAllMsrBitmapReadAllCores()
routines for disable (reset) !msrread command
Definition Broadcast.c:173

◆ ExtensionCommandResetExceptionBitmapAllCores()

VOID ExtensionCommandResetExceptionBitmapAllCores ( )

routines for reset !exception command

Returns
VOID
480{
481 //
482 // Broadcast to all cores
483 //
484 BroadcastResetExceptionBitmapAllCores();
485}
BroadcastResetExceptionBitmapAllCores
VOID BroadcastResetExceptionBitmapAllCores()
routines for reset !exception command
Definition Broadcast.c:312

◆ ExtensionCommandSetExceptionBitmapAllCores()

VOID ExtensionCommandSetExceptionBitmapAllCores ( UINT64 ExceptionIndex)

routines for !exception command which

causes vm-exit when exception occurred

Parameters
ExceptionIndexindex of exception on IDT
Returns
VOID
451{
452 //
453 // Broadcast to all cores
454 //
455 BroadcastSetExceptionBitmapAllCores(ExceptionIndex);
456}
BroadcastSetExceptionBitmapAllCores
VOID BroadcastSetExceptionBitmapAllCores(UINT64 ExceptionIndex)
routines for !exception command which
Definition Broadcast.c:283

◆ ExtensionCommandSetExternalInterruptExitingAllCores()

VOID ExtensionCommandSetExternalInterruptExitingAllCores ( )

routines for !interrupt command which

causes vm-exit when external interrupt occurs

Returns
VOID
550{
551 //
552 // Broadcast to all cores
553 //
554 BroadcastSetExternalInterruptExitingAllCores();
555}
BroadcastSetExternalInterruptExitingAllCores
VOID BroadcastSetExternalInterruptExitingAllCores()
routines for !interrupt command which
Definition Broadcast.c:382

◆ ExtensionCommandUnsetExceptionBitmapAllCores()

VOID ExtensionCommandUnsetExceptionBitmapAllCores ( UINT64 ExceptionIndex)

routines for disabling exception bitmap

removes vm-exit when exception occurred

Parameters
ExceptionIndexindex of exception on IDT
Returns
VOID
467{
468 //
469 // Broadcast to all cores
470 //
471 BroadcastUnsetExceptionBitmapAllCores(ExceptionIndex);
472}
BroadcastUnsetExceptionBitmapAllCores
VOID BroadcastUnsetExceptionBitmapAllCores(UINT64 ExceptionIndex)
routines for disabling exception bitmap
Definition Broadcast.c:299

◆ ExtensionCommandUnsetExternalInterruptExitingOnlyOnClearingInterruptEventsAllCores()

VOID ExtensionCommandUnsetExternalInterruptExitingOnlyOnClearingInterruptEventsAllCores ( )

routines for ONLY terminate !interrupt command

Returns
VOID
563{
564 //
565 // Broadcast to all cores
566 //
567 BroadcastUnsetExternalInterruptExitingOnlyOnClearingInterruptEventsAllCores();
568}
BroadcastUnsetExternalInterruptExitingOnlyOnClearingInterruptEventsAllCores
VOID BroadcastUnsetExternalInterruptExitingOnlyOnClearingInterruptEventsAllCores()
routines for ONLY terminate !interrupt command
Definition Broadcast.c:395

◆ ExtensionCommandVa2paAndPa2va()

VOID ExtensionCommandVa2paAndPa2va ( PDEBUGGER_VA2PA_AND_PA2VA_COMMANDS AddressDetails,
BOOLEAN OperateOnVmxRoot )

routines for !va2pa and !pa2va commands

Parameters
AddressDetails
OperateOnVmxRoot
Returns
VOID
24{
25 if (OperateOnVmxRoot)
26 {
27 //
28 // *** !va2pa and !pa2va in Debugger Mode
29 //
30 if (AddressDetails->IsVirtual2Physical)
31 {
32 AddressDetails->PhysicalAddress = VirtualAddressToPhysicalAddressOnTargetProcess((PVOID)AddressDetails->VirtualAddress);
33
34 //
35 // Check if address is valid or invalid
36 //
37 if (AddressDetails->PhysicalAddress == (UINT64)NULL)
38 {
39 //
40 // Invalid address
41 //
42 AddressDetails->KernelStatus = DEBUGGER_ERROR_INVALID_ADDRESS;
43 }
44 else
45 {
46 //
47 // Operation was successful
48 //
49 AddressDetails->KernelStatus = DEBUGGER_OPERATION_WAS_SUCCESSFUL;
50 }
51 }
52 else
53 {
54 AddressDetails->VirtualAddress =
55 PhysicalAddressToVirtualAddressOnTargetProcess((PVOID)AddressDetails->PhysicalAddress);
56
57 //
58 // We don't know a way for checking physical address validity
59 //
60 AddressDetails->KernelStatus = DEBUGGER_OPERATION_WAS_SUCCESSFUL;
61 }
62 }
63 else
64 {
65 //
66 // *** regular !va2pa and !pa2va in VMI Mode
67 //
68
69 if (AddressDetails->ProcessId == HANDLE_TO_UINT32(PsGetCurrentProcessId()))
70 {
71 //
72 // It's on current process address space (we process the request
73 // based on system process layout (pid = 4))
74 //
75 if (AddressDetails->IsVirtual2Physical)
76 {
77 AddressDetails->PhysicalAddress = VirtualAddressToPhysicalAddress((PVOID)AddressDetails->VirtualAddress);
78
79 //
80 // Check if address is valid or invalid
81 //
82 if (AddressDetails->PhysicalAddress == (UINT64)NULL)
83 {
84 //
85 // Invalid address
86 //
87 AddressDetails->KernelStatus = DEBUGGER_ERROR_INVALID_ADDRESS;
88 }
89 else
90 {
91 //
92 // Operation was successful
93 //
94 AddressDetails->KernelStatus = DEBUGGER_OPERATION_WAS_SUCCESSFUL;
95 }
96 }
97 else
98 {
99 AddressDetails->VirtualAddress = PhysicalAddressToVirtualAddress(AddressDetails->PhysicalAddress);
100
101 //
102 // We don't know a way for checking physical address validity
103 //
104 AddressDetails->KernelStatus = DEBUGGER_OPERATION_WAS_SUCCESSFUL;
105 }
106 }
107 else
108 {
109 //
110 // It's on another process address space
111 //
112
113 //
114 // Check if pid is valid
115 //
116 if (!CommonIsProcessExist(AddressDetails->ProcessId))
117 {
118 //
119 // Process id is invalid
120 //
121 AddressDetails->KernelStatus = DEBUGGER_ERROR_INVALID_PROCESS_ID;
122 return;
123 }
124
125 if (AddressDetails->IsVirtual2Physical)
126 {
127 AddressDetails->PhysicalAddress = VirtualAddressToPhysicalAddressByProcessId((PVOID)AddressDetails->VirtualAddress, AddressDetails->ProcessId);
128
129 //
130 // Check if address is valid or invalid
131 //
132 if (AddressDetails->PhysicalAddress == (UINT64)NULL)
133 {
134 //
135 // Invalid address
136 //
137 AddressDetails->KernelStatus = DEBUGGER_ERROR_INVALID_ADDRESS;
138 }
139 else
140 {
141 //
142 // Operation was successful
143 //
144 AddressDetails->KernelStatus = DEBUGGER_OPERATION_WAS_SUCCESSFUL;
145 }
146 }
147 else
148 {
149 AddressDetails->VirtualAddress =
150 PhysicalAddressToVirtualAddressByProcessId((PVOID)AddressDetails->PhysicalAddress,
151 AddressDetails->ProcessId);
152
153 //
154 // We don't know a way for checking physical address validity
155 //
156 AddressDetails->KernelStatus = DEBUGGER_OPERATION_WAS_SUCCESSFUL;
157 }
158 }
159 }
160}
VirtualAddressToPhysicalAddressByProcessId
_Use_decl_annotations_ UINT64 VirtualAddressToPhysicalAddressByProcessId(PVOID VirtualAddress, UINT32 ProcessId)
Converts Virtual Address to Physical Address based on a specific process id's kernel cr3.
Definition Conversion.c:171
PhysicalAddressToVirtualAddressOnTargetProcess
_Use_decl_annotations_ UINT64 PhysicalAddressToVirtualAddressOnTargetProcess(PVOID PhysicalAddress)
Converts Physical Address to Virtual Address based on current process's kernel cr3.
Definition Conversion.c:137
PhysicalAddressToVirtualAddressByProcessId
_Use_decl_annotations_ UINT64 PhysicalAddressToVirtualAddressByProcessId(PVOID PhysicalAddress, UINT32 ProcessId)
Converts Physical Address to Virtual Address based on a specific process id.
Definition Conversion.c:42
PhysicalAddressToVirtualAddress
_Use_decl_annotations_ UINT64 PhysicalAddressToVirtualAddress(UINT64 PhysicalAddress)
Converts Physical Address to Virtual Address.
Definition Conversion.c:22
_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS::IsVirtual2Physical
BOOLEAN IsVirtual2Physical
Definition RequestStructures.h:58
_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS::KernelStatus
UINT32 KernelStatus
Definition RequestStructures.h:59
_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS::PhysicalAddress
UINT64 PhysicalAddress
Definition RequestStructures.h:56
_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS::ProcessId
UINT32 ProcessId
Definition RequestStructures.h:57
_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS::VirtualAddress
UINT64 VirtualAddress
Definition RequestStructures.h:55