HyperDbg Debugger
Loading...
Searching...
No Matches
Functions
HaltedRoutines.c File Reference

All single core broadcasting functions in case of halted core. More...

#include "pch.h"

Functions

VOID HaltedRoutineChangeAllMsrBitmapReadOnSingleCore (UINT32 TargetCoreId, UINT64 BitmapMask)
 This function performs running MSR changes (RDMSR) on a single core.
 
VOID HaltedRoutineChangeAllMsrBitmapWriteOnSingleCore (UINT32 TargetCoreId, UINT64 BitmapMask)
 This function performs running MSR changes (WRMSR) on a single core.
 
VOID HaltedRoutineChangeIoBitmapOnSingleCore (UINT32 TargetCoreId, UINT64 Port)
 This function performs running changes to I/O bitmap on a single core.
 
VOID HaltedRoutineEnableRdpmcExitingOnSingleCore (UINT32 TargetCoreId)
 This function performs running enable RDPMC exiting on a single core.
 
VOID HaltedRoutineEnableRdtscExitingOnSingleCore (UINT32 TargetCoreId)
 This function performs running enable rdtsc/rdtscp exiting on a single core.
 
VOID HaltedRoutineEnableMov2DebugRegsExitingOnSingleCore (UINT32 TargetCoreId)
 This function performs running enable mov to debug registers exiting on a single core.
 
VOID HaltedRoutineEnableExternalInterruptExiting (UINT32 TargetCoreId)
 This function performs running enable external interrupt exiting on a single core.
 
VOID HaltedRoutineSetExceptionBitmapOnSingleCore (UINT32 TargetCoreId, UINT64 ExceptionIndex)
 This function performs running set exception bitmap on a single core.
 
VOID HaltedRoutineUnSetExceptionBitmapOnSingleCore (UINT32 TargetCoreId, UINT64 ExceptionIndex)
 This function performs running unset exception bitmap on VMCS on a single core.
 
VOID HaltedRoutineEnableMovToCrExitingOnSingleCore (UINT32 TargetCoreId, DEBUGGER_EVENT_OPTIONS *BroadcastingOption)
 This function performs running enable mov to CR exiting on a single core.
 
VOID HaltedRoutineEnableEferSyscallHookOnSingleCore (UINT32 TargetCoreId)
 This function performs running enable syscall hook using EFER SCE bit on a single core.
 
VOID HaltedRoutineInvalidateEptAllContextsOnSingleCore (UINT32 TargetCoreId)
 This function performs running invalidate EPT (All Contexts) on a single core.
 
VOID HaltedRoutineInvalidateSingleContextOnSingleCore (UINT32 TargetCoreId)
 This function performs running invalidate EPT (A Single Context) on a single core.
 

Detailed Description

All single core broadcasting functions in case of halted core.

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.7
Date
2023-10-19
Copyright
This project is released under the GNU Public License v3.

Function Documentation

◆ HaltedRoutineChangeAllMsrBitmapReadOnSingleCore()

VOID HaltedRoutineChangeAllMsrBitmapReadOnSingleCore ( UINT32 TargetCoreId,
UINT64 BitmapMask )

This function performs running MSR changes (RDMSR) on a single core.

Should be called from VMX root-mode

Parameters
TargetCoreIdThe target core's ID (to just run on this core)
BitmapMask
Returns
VOID
25{
26 DIRECT_VMCALL_PARAMETERS DirectVmcallOptions = {0};
27 UINT64 HaltedCoreTask = (UINT64)NULL;
28
29 //
30 // Set the target task
31 //
32 HaltedCoreTask = DEBUGGER_HALTED_CORE_TASK_CHANGE_MSR_BITMAP_READ;
33
34 //
35 // Set the parameters for the direct VMCALL
36 //
37 DirectVmcallOptions.OptionalParam1 = BitmapMask;
38
39 //
40 // Send request for the target task to the halted cores (synchronized)
41 //
42 HaltedCoreRunTaskOnSingleCore(TargetCoreId,
43 HaltedCoreTask,
44 TRUE,
45 &DirectVmcallOptions);
46}
TRUE
#define TRUE
Definition BasicTypes.h:55
UINT64
unsigned __int64 UINT64
Definition BasicTypes.h:21
HaltedCoreRunTaskOnSingleCore
VOID HaltedCoreRunTaskOnSingleCore(UINT32 TargetCoreId, UINT64 TargetTask, BOOLEAN LockAgainAfterTask, PVOID Context)
Run the task on a single halted core.
Definition HaltedCore.c:356
DEBUGGER_HALTED_CORE_TASK_CHANGE_MSR_BITMAP_READ
#define DEBUGGER_HALTED_CORE_TASK_CHANGE_MSR_BITMAP_READ
Halted core task for changing MSR Bitmap Read.
Definition HaltedCore.h:46
_DIRECT_VMCALL_PARAMETERS
Used for sending direct VMCALLs on the VMX root-mode.
Definition DataTypes.h:294
_DIRECT_VMCALL_PARAMETERS::OptionalParam1
UINT64 OptionalParam1
Definition DataTypes.h:295

◆ HaltedRoutineChangeAllMsrBitmapWriteOnSingleCore()

VOID HaltedRoutineChangeAllMsrBitmapWriteOnSingleCore ( UINT32 TargetCoreId,
UINT64 BitmapMask )

This function performs running MSR changes (WRMSR) on a single core.

Should be called from VMX root-mode

Parameters
TargetCoreIdThe target core's ID (to just run on this core)
BitmapMask
Returns
VOID
59{
60 DIRECT_VMCALL_PARAMETERS DirectVmcallOptions = {0};
61 UINT64 HaltedCoreTask = (UINT64)NULL;
62
63 //
64 // Set the target task
65 //
66 HaltedCoreTask = DEBUGGER_HALTED_CORE_TASK_CHANGE_MSR_BITMAP_WRITE;
67
68 //
69 // Set the parameters for the direct VMCALL
70 //
71 DirectVmcallOptions.OptionalParam1 = BitmapMask;
72
73 //
74 // Send request for the target task to the halted cores (synchronized)
75 //
76 HaltedCoreRunTaskOnSingleCore(TargetCoreId,
77 HaltedCoreTask,
78 TRUE,
79 &DirectVmcallOptions);
80}
DEBUGGER_HALTED_CORE_TASK_CHANGE_MSR_BITMAP_WRITE
#define DEBUGGER_HALTED_CORE_TASK_CHANGE_MSR_BITMAP_WRITE
Halted core task for changing MSR Bitmap Write.
Definition HaltedCore.h:52

◆ HaltedRoutineChangeIoBitmapOnSingleCore()

VOID HaltedRoutineChangeIoBitmapOnSingleCore ( UINT32 TargetCoreId,
UINT64 Port )

This function performs running changes to I/O bitmap on a single core.

Should be called from VMX root-mode

Parameters
TargetCoreIdThe target core's ID (to just run on this core)
Port
Returns
VOID
93{
94 DIRECT_VMCALL_PARAMETERS DirectVmcallOptions = {0};
95 UINT64 HaltedCoreTask = (UINT64)NULL;
96
97 //
98 // Set the target task
99 //
100 HaltedCoreTask = DEBUGGER_HALTED_CORE_TASK_CHANGE_IO_BITMAP;
101
102 //
103 // Set the parameters for the direct VMCALL
104 //
105 DirectVmcallOptions.OptionalParam1 = Port;
106
107 //
108 // Send request for the target task to the halted cores (synchronized)
109 //
110 HaltedCoreRunTaskOnSingleCore(TargetCoreId,
111 HaltedCoreTask,
112 TRUE,
113 &DirectVmcallOptions);
114}
DEBUGGER_HALTED_CORE_TASK_CHANGE_IO_BITMAP
#define DEBUGGER_HALTED_CORE_TASK_CHANGE_IO_BITMAP
Halted core task for changing I/O Bitmaps (A & B)
Definition HaltedCore.h:58

◆ HaltedRoutineEnableEferSyscallHookOnSingleCore()

VOID HaltedRoutineEnableEferSyscallHookOnSingleCore ( UINT32 TargetCoreId)

This function performs running enable syscall hook using EFER SCE bit on a single core.

Should be called from VMX root-mode

Parameters
TargetCoreIdThe target core's ID (to just run on this core)
Returns
VOID
341{
342 DIRECT_VMCALL_PARAMETERS DirectVmcallOptions = {0};
343 UINT64 HaltedCoreTask = (UINT64)NULL;
344
345 //
346 // Set the target task
347 //
348 HaltedCoreTask = DEBUGGER_HALTED_CORE_TASK_ENABLE_SYSCALL_HOOK_EFER;
349
350 //
351 // Send request for the target task to the halted cores (synchronized)
352 //
353 HaltedCoreRunTaskOnSingleCore(TargetCoreId,
354 HaltedCoreTask,
355 TRUE,
356 &DirectVmcallOptions);
357}
DEBUGGER_HALTED_CORE_TASK_ENABLE_SYSCALL_HOOK_EFER
#define DEBUGGER_HALTED_CORE_TASK_ENABLE_SYSCALL_HOOK_EFER
Halted core task for enabling syscall hook using EFER SCE bit.
Definition HaltedCore.h:100

◆ HaltedRoutineEnableExternalInterruptExiting()

VOID HaltedRoutineEnableExternalInterruptExiting ( UINT32 TargetCoreId)

This function performs running enable external interrupt exiting on a single core.

Should be called from VMX root-mode

Parameters
TargetCoreIdThe target core's ID (to just run on this core)
Returns
VOID
210{
211 DIRECT_VMCALL_PARAMETERS DirectVmcallOptions = {0};
212 UINT64 HaltedCoreTask = (UINT64)NULL;
213
214 //
215 // Set the target task
216 //
217 HaltedCoreTask = DEBUGGER_HALTED_CORE_TASK_ENABLE_EXTERNAL_INTERRUPT_EXITING;
218
219 //
220 // Send request for the target task to the halted cores (synchronized)
221 //
222 HaltedCoreRunTaskOnSingleCore(TargetCoreId,
223 HaltedCoreTask,
224 TRUE,
225 &DirectVmcallOptions);
226}
DEBUGGER_HALTED_CORE_TASK_ENABLE_EXTERNAL_INTERRUPT_EXITING
#define DEBUGGER_HALTED_CORE_TASK_ENABLE_EXTERNAL_INTERRUPT_EXITING
Halted core task for enabling external interrupt exiting.
Definition HaltedCore.h:88

◆ HaltedRoutineEnableMov2DebugRegsExitingOnSingleCore()

VOID HaltedRoutineEnableMov2DebugRegsExitingOnSingleCore ( UINT32 TargetCoreId)

This function performs running enable mov to debug registers exiting on a single core.

Should be called from VMX root-mode

Parameters
TargetCoreIdThe target core's ID (to just run on this core)
Returns
VOID
182{
183 DIRECT_VMCALL_PARAMETERS DirectVmcallOptions = {0};
184 UINT64 HaltedCoreTask = (UINT64)NULL;
185
186 //
187 // Set the target task
188 //
189 HaltedCoreTask = DEBUGGER_HALTED_CORE_TASK_ENABLE_MOV_TO_DEBUG_REGS_EXITING;
190
191 //
192 // Send request for the target task to the halted cores (synchronized)
193 //
194 HaltedCoreRunTaskOnSingleCore(TargetCoreId,
195 HaltedCoreTask,
196 TRUE,
197 &DirectVmcallOptions);
198}
DEBUGGER_HALTED_CORE_TASK_ENABLE_MOV_TO_DEBUG_REGS_EXITING
#define DEBUGGER_HALTED_CORE_TASK_ENABLE_MOV_TO_DEBUG_REGS_EXITING
Halted core task for enabling mov to debug registers exiting.
Definition HaltedCore.h:76

◆ HaltedRoutineEnableMovToCrExitingOnSingleCore()

VOID HaltedRoutineEnableMovToCrExitingOnSingleCore ( UINT32 TargetCoreId,
DEBUGGER_EVENT_OPTIONS * BroadcastingOption )

This function performs running enable mov to CR exiting on a single core.

Should be called from VMX root-mode

Parameters
TargetCoreIdThe target core's ID (to just run on this core)
BroadcastingOption
Returns
VOID
307{
308 DIRECT_VMCALL_PARAMETERS DirectVmcallOptions = {0};
309 UINT64 HaltedCoreTask = (UINT64)NULL;
310
311 //
312 // Set the target task
313 //
314 HaltedCoreTask = DEBUGGER_HALTED_CORE_TASK_ENABLE_MOV_TO_CONTROL_REGS_EXITING;
315
316 //
317 // Set the parameters for the direct VMCALL
318 //
319 DirectVmcallOptions.OptionalParam1 = BroadcastingOption->OptionalParam1;
320 DirectVmcallOptions.OptionalParam2 = BroadcastingOption->OptionalParam2;
321
322 //
323 // Send request for the target task to the halted cores (synchronized)
324 //
325 HaltedCoreRunTaskOnSingleCore(TargetCoreId,
326 HaltedCoreTask,
327 TRUE,
328 &DirectVmcallOptions);
329}
DEBUGGER_HALTED_CORE_TASK_ENABLE_MOV_TO_CONTROL_REGS_EXITING
#define DEBUGGER_HALTED_CORE_TASK_ENABLE_MOV_TO_CONTROL_REGS_EXITING
Halted core task for enabling mov to CR exiting.
Definition HaltedCore.h:94
_DEBUGGER_EVENT_OPTIONS::OptionalParam2
UINT64 OptionalParam2
Definition Events.h:273
_DEBUGGER_EVENT_OPTIONS::OptionalParam1
UINT64 OptionalParam1
Definition Events.h:272
_DIRECT_VMCALL_PARAMETERS::OptionalParam2
UINT64 OptionalParam2
Definition DataTypes.h:296

◆ HaltedRoutineEnableRdpmcExitingOnSingleCore()

VOID HaltedRoutineEnableRdpmcExitingOnSingleCore ( UINT32 TargetCoreId)

This function performs running enable RDPMC exiting on a single core.

Should be called from VMX root-mode

Parameters
TargetCoreIdThe target core's ID (to just run on this core)
Returns
VOID
126{
127 DIRECT_VMCALL_PARAMETERS DirectVmcallOptions = {0};
128 UINT64 HaltedCoreTask = (UINT64)NULL;
129
130 //
131 // Set the target task
132 //
133 HaltedCoreTask = DEBUGGER_HALTED_CORE_TASK_SET_RDPMC_EXITING;
134
135 //
136 // Send request for the target task to the halted cores (synchronized)
137 //
138 HaltedCoreRunTaskOnSingleCore(TargetCoreId,
139 HaltedCoreTask,
140 TRUE,
141 &DirectVmcallOptions);
142}
DEBUGGER_HALTED_CORE_TASK_SET_RDPMC_EXITING
#define DEBUGGER_HALTED_CORE_TASK_SET_RDPMC_EXITING
Halted core task for enabling rdpmc exiting.
Definition HaltedCore.h:64

◆ HaltedRoutineEnableRdtscExitingOnSingleCore()

VOID HaltedRoutineEnableRdtscExitingOnSingleCore ( UINT32 TargetCoreId)

This function performs running enable rdtsc/rdtscp exiting on a single core.

Should be called from VMX root-mode

Parameters
TargetCoreIdThe target core's ID (to just run on this core)
Returns
VOID
154{
155 DIRECT_VMCALL_PARAMETERS DirectVmcallOptions = {0};
156 UINT64 HaltedCoreTask = (UINT64)NULL;
157
158 //
159 // Set the target task
160 //
161 HaltedCoreTask = DEBUGGER_HALTED_CORE_TASK_SET_RDTSC_EXITING;
162
163 //
164 // Send request for the target task to the halted cores (synchronized)
165 //
166 HaltedCoreRunTaskOnSingleCore(TargetCoreId,
167 HaltedCoreTask,
168 TRUE,
169 &DirectVmcallOptions);
170}
DEBUGGER_HALTED_CORE_TASK_SET_RDTSC_EXITING
#define DEBUGGER_HALTED_CORE_TASK_SET_RDTSC_EXITING
Halted core task for enabling rdtsc/rdtscp exiting.
Definition HaltedCore.h:70

◆ HaltedRoutineInvalidateEptAllContextsOnSingleCore()

VOID HaltedRoutineInvalidateEptAllContextsOnSingleCore ( UINT32 TargetCoreId)

This function performs running invalidate EPT (All Contexts) on a single core.

Should be called from VMX root-mode

Parameters
TargetCoreIdThe target core's ID (to just run on this core)
Returns
VOID
369{
370 DIRECT_VMCALL_PARAMETERS DirectVmcallOptions = {0};
371 UINT64 HaltedCoreTask = (UINT64)NULL;
372
373 //
374 // Set the target task
375 //
376 HaltedCoreTask = DEBUGGER_HALTED_CORE_TASK_INVEPT_ALL_CONTEXTS;
377
378 //
379 // Send request for the target task to the halted cores (synchronized)
380 //
381 HaltedCoreRunTaskOnSingleCore(TargetCoreId,
382 HaltedCoreTask,
383 TRUE,
384 &DirectVmcallOptions);
385}
DEBUGGER_HALTED_CORE_TASK_INVEPT_ALL_CONTEXTS
#define DEBUGGER_HALTED_CORE_TASK_INVEPT_ALL_CONTEXTS
Halted core task for invalidating EPT (All Contexts)
Definition HaltedCore.h:106

◆ HaltedRoutineInvalidateSingleContextOnSingleCore()

VOID HaltedRoutineInvalidateSingleContextOnSingleCore ( UINT32 TargetCoreId)

This function performs running invalidate EPT (A Single Context) on a single core.

Should be called from VMX root-mode

Parameters
TargetCoreIdThe target core's ID (to just run on this core)
Returns
VOID
397{
398 DIRECT_VMCALL_PARAMETERS DirectVmcallOptions = {0};
399 UINT64 HaltedCoreTask = (UINT64)NULL;
400
401 //
402 // Set the target task
403 //
404 HaltedCoreTask = DEBUGGER_HALTED_CORE_TASK_INVEPT_SINGLE_CONTEXT;
405
406 //
407 // Send request for the target task to the halted cores (synchronized)
408 //
409 HaltedCoreRunTaskOnSingleCore(TargetCoreId,
410 HaltedCoreTask,
411 TRUE,
412 &DirectVmcallOptions);
413}
DEBUGGER_HALTED_CORE_TASK_INVEPT_SINGLE_CONTEXT
#define DEBUGGER_HALTED_CORE_TASK_INVEPT_SINGLE_CONTEXT
Halted core task for invalidating EPT (A Single Context)
Definition HaltedCore.h:112

◆ HaltedRoutineSetExceptionBitmapOnSingleCore()

VOID HaltedRoutineSetExceptionBitmapOnSingleCore ( UINT32 TargetCoreId,
UINT64 ExceptionIndex )

This function performs running set exception bitmap on a single core.

Should be called from VMX root-mode

Parameters
TargetCoreIdThe target core's ID (to just run on this core)
ExceptionIndex
Returns
VOID
239{
240 DIRECT_VMCALL_PARAMETERS DirectVmcallOptions = {0};
241 UINT64 HaltedCoreTask = (UINT64)NULL;
242
243 //
244 // Set the target task
245 //
246 HaltedCoreTask = DEBUGGER_HALTED_CORE_TASK_SET_EXCEPTION_BITMAP;
247
248 //
249 // Set the parameters for the direct VMCALL
250 //
251 DirectVmcallOptions.OptionalParam1 = ExceptionIndex;
252
253 //
254 // Send request for the target task to the halted cores (synchronized)
255 //
256 HaltedCoreRunTaskOnSingleCore(TargetCoreId,
257 HaltedCoreTask,
258 TRUE,
259 &DirectVmcallOptions);
260}
DEBUGGER_HALTED_CORE_TASK_SET_EXCEPTION_BITMAP
#define DEBUGGER_HALTED_CORE_TASK_SET_EXCEPTION_BITMAP
Halted core task for setting exception bitmap.
Definition HaltedCore.h:82

◆ HaltedRoutineUnSetExceptionBitmapOnSingleCore()

VOID HaltedRoutineUnSetExceptionBitmapOnSingleCore ( UINT32 TargetCoreId,
UINT64 ExceptionIndex )

This function performs running unset exception bitmap on VMCS on a single core.

Should be called from VMX root-mode

Parameters
TargetCoreIdThe target core's ID (to just run on this core)
ExceptionIndex
Returns
VOID
273{
274 DIRECT_VMCALL_PARAMETERS DirectVmcallOptions = {0};
275 UINT64 HaltedCoreTask = (UINT64)NULL;
276
277 //
278 // Set the target task
279 //
280 HaltedCoreTask = DEBUGGER_HALTED_CORE_TASK_UNSET_EXCEPTION_BITMAP;
281
282 //
283 // Set the parameters for the direct VMCALL
284 //
285 DirectVmcallOptions.OptionalParam1 = ExceptionIndex;
286
287 //
288 // Send request for the target task to the halted cores (synchronized)
289 //
290 HaltedCoreRunTaskOnSingleCore(TargetCoreId,
291 HaltedCoreTask,
292 TRUE,
293 &DirectVmcallOptions);
294}
DEBUGGER_HALTED_CORE_TASK_UNSET_EXCEPTION_BITMAP
#define DEBUGGER_HALTED_CORE_TASK_UNSET_EXCEPTION_BITMAP
Halted core task for unsetting exception bitmap on VMCS.
Definition HaltedCore.h:118