HyperDbg Debugger
Loading...
Searching...
No Matches
Functions
HaltedRoutines.h File Reference

Headers for all single core broadcasting functions in case of halted core. More...

Go to the source code of this file.

Functions

VOID HaltedRoutineChangeAllMsrBitmapReadOnSingleCore (UINT32 TargetCoreId, UINT64 BitmapMask)
 This function performs running MSR changes (RDMSR) on a single core.
 
VOID HaltedRoutineChangeAllMsrBitmapWriteOnSingleCore (UINT32 TargetCoreId, UINT64 BitmapMask)
 This function performs running MSR changes (WRMSR) on a single core.
 
VOID HaltedRoutineChangeIoBitmapOnSingleCore (UINT32 TargetCoreId, UINT64 Port)
 This function performs running changes to I/O bitmap on a single core.
 
VOID HaltedRoutineEnableRdpmcExitingOnSingleCore (UINT32 TargetCoreId)
 This function performs running enable RDPMC exiting on a single core.
 
VOID HaltedRoutineEnableRdtscExitingOnSingleCore (UINT32 TargetCoreId)
 This function performs running enable rdtsc/rdtscp exiting on a single core.
 
VOID HaltedRoutineEnableMov2DebugRegsExitingOnSingleCore (UINT32 TargetCoreId)
 This function performs running enable mov to debug registers exiting on a single core.
 
VOID HaltedRoutineEnableExternalInterruptExiting (UINT32 TargetCoreId)
 This function performs running enable external interrupt exiting on a single core.
 
VOID HaltedRoutineSetExceptionBitmapOnSingleCore (UINT32 TargetCoreId, UINT64 ExceptionIndex)
 This function performs running set exception bitmap on a single core.
 
VOID HaltedRoutineUnSetExceptionBitmapOnSingleCore (UINT32 TargetCoreId, UINT64 ExceptionIndex)
 This function performs running unset exception bitmap on VMCS on a single core.
 
VOID HaltedRoutineEnableMovToCrExitingOnSingleCore (UINT32 TargetCoreId, DEBUGGER_EVENT_OPTIONS *BroadcastingOption)
 This function performs running enable mov to CR exiting on a single core.
 
VOID HaltedRoutineEnableEferSyscallHookOnSingleCore (UINT32 TargetCoreId)
 This function performs running enable syscall hook using EFER SCE bit on a single core.
 
VOID HaltedRoutineInvalidateEptAllContextsOnSingleCore (UINT32 TargetCoreId)
 This function performs running invalidate EPT (All Contexts) on a single core.
 
VOID HaltedRoutineInvalidateSingleContextOnSingleCore (UINT32 TargetCoreId)
 This function performs running invalidate EPT (A Single Context) on a single core.
 

Detailed Description

Headers for all single core broadcasting functions in case of halted core.

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.7
Date
2023-10-19
Copyright
This project is released under the GNU Public License v3.

Function Documentation

◆ HaltedRoutineChangeAllMsrBitmapReadOnSingleCore()

VOID HaltedRoutineChangeAllMsrBitmapReadOnSingleCore ( UINT32 TargetCoreId,
UINT64 BitmapMask )

This function performs running MSR changes (RDMSR) on a single core.

Should be called from VMX root-mode

Parameters
TargetCoreIdThe target core's ID (to just run on this core)
BitmapMask
Returns
VOID
25{
26 DIRECT_VMCALL_PARAMETERS DirectVmcallOptions = {0};
27 UINT64 HaltedCoreTask = (UINT64)NULL;
28
29 //
30 // Set the target task
31 //
32 HaltedCoreTask = DEBUGGER_HALTED_CORE_TASK_CHANGE_MSR_BITMAP_READ;
33
34 //
35 // Set the parameters for the direct VMCALL
36 //
37 DirectVmcallOptions.OptionalParam1 = BitmapMask;
38
39 //
40 // Send request for the target task to the halted cores (synchronized)
41 //
42 HaltedCoreRunTaskOnSingleCore(TargetCoreId,
43 HaltedCoreTask,
44 TRUE,
45 &DirectVmcallOptions);
46}
TRUE
#define TRUE
Definition BasicTypes.h:55
UINT64
unsigned __int64 UINT64
Definition BasicTypes.h:21
HaltedCoreRunTaskOnSingleCore
VOID HaltedCoreRunTaskOnSingleCore(UINT32 TargetCoreId, UINT64 TargetTask, BOOLEAN LockAgainAfterTask, PVOID Context)
Run the task on a single halted core.
Definition HaltedCore.c:356
DEBUGGER_HALTED_CORE_TASK_CHANGE_MSR_BITMAP_READ
#define DEBUGGER_HALTED_CORE_TASK_CHANGE_MSR_BITMAP_READ
Halted core task for changing MSR Bitmap Read.
Definition HaltedCore.h:46
_DIRECT_VMCALL_PARAMETERS
Used for sending direct VMCALLs on the VMX root-mode.
Definition DataTypes.h:294
_DIRECT_VMCALL_PARAMETERS::OptionalParam1
UINT64 OptionalParam1
Definition DataTypes.h:295

◆ HaltedRoutineChangeAllMsrBitmapWriteOnSingleCore()

VOID HaltedRoutineChangeAllMsrBitmapWriteOnSingleCore ( UINT32 TargetCoreId,
UINT64 BitmapMask )

This function performs running MSR changes (WRMSR) on a single core.

Should be called from VMX root-mode

Parameters
TargetCoreIdThe target core's ID (to just run on this core)
BitmapMask
Returns
VOID
59{
60 DIRECT_VMCALL_PARAMETERS DirectVmcallOptions = {0};
61 UINT64 HaltedCoreTask = (UINT64)NULL;
62
63 //
64 // Set the target task
65 //
66 HaltedCoreTask = DEBUGGER_HALTED_CORE_TASK_CHANGE_MSR_BITMAP_WRITE;
67
68 //
69 // Set the parameters for the direct VMCALL
70 //
71 DirectVmcallOptions.OptionalParam1 = BitmapMask;
72
73 //
74 // Send request for the target task to the halted cores (synchronized)
75 //
76 HaltedCoreRunTaskOnSingleCore(TargetCoreId,
77 HaltedCoreTask,
78 TRUE,
79 &DirectVmcallOptions);
80}
DEBUGGER_HALTED_CORE_TASK_CHANGE_MSR_BITMAP_WRITE
#define DEBUGGER_HALTED_CORE_TASK_CHANGE_MSR_BITMAP_WRITE
Halted core task for changing MSR Bitmap Write.
Definition HaltedCore.h:52

◆ HaltedRoutineChangeIoBitmapOnSingleCore()

VOID HaltedRoutineChangeIoBitmapOnSingleCore ( UINT32 TargetCoreId,
UINT64 Port )

This function performs running changes to I/O bitmap on a single core.

Should be called from VMX root-mode

Parameters
TargetCoreIdThe target core's ID (to just run on this core)
Port
Returns
VOID
93{
94 DIRECT_VMCALL_PARAMETERS DirectVmcallOptions = {0};
95 UINT64 HaltedCoreTask = (UINT64)NULL;
96
97 //
98 // Set the target task
99 //
100 HaltedCoreTask = DEBUGGER_HALTED_CORE_TASK_CHANGE_IO_BITMAP;
101
102 //
103 // Set the parameters for the direct VMCALL
104 //
105 DirectVmcallOptions.OptionalParam1 = Port;
106
107 //
108 // Send request for the target task to the halted cores (synchronized)
109 //
110 HaltedCoreRunTaskOnSingleCore(TargetCoreId,
111 HaltedCoreTask,
112 TRUE,
113 &DirectVmcallOptions);
114}
DEBUGGER_HALTED_CORE_TASK_CHANGE_IO_BITMAP
#define DEBUGGER_HALTED_CORE_TASK_CHANGE_IO_BITMAP
Halted core task for changing I/O Bitmaps (A & B)
Definition HaltedCore.h:58

◆ HaltedRoutineEnableEferSyscallHookOnSingleCore()

VOID HaltedRoutineEnableEferSyscallHookOnSingleCore ( UINT32 TargetCoreId)

This function performs running enable syscall hook using EFER SCE bit on a single core.

Should be called from VMX root-mode

Parameters
TargetCoreIdThe target core's ID (to just run on this core)
Returns
VOID
341{
342 DIRECT_VMCALL_PARAMETERS DirectVmcallOptions = {0};
343 UINT64 HaltedCoreTask = (UINT64)NULL;
344
345 //
346 // Set the target task
347 //
348 HaltedCoreTask = DEBUGGER_HALTED_CORE_TASK_ENABLE_SYSCALL_HOOK_EFER;
349
350 //
351 // Send request for the target task to the halted cores (synchronized)
352 //
353 HaltedCoreRunTaskOnSingleCore(TargetCoreId,
354 HaltedCoreTask,
355 TRUE,
356 &DirectVmcallOptions);
357}
DEBUGGER_HALTED_CORE_TASK_ENABLE_SYSCALL_HOOK_EFER
#define DEBUGGER_HALTED_CORE_TASK_ENABLE_SYSCALL_HOOK_EFER
Halted core task for enabling syscall hook using EFER SCE bit.
Definition HaltedCore.h:100

◆ HaltedRoutineEnableExternalInterruptExiting()

VOID HaltedRoutineEnableExternalInterruptExiting ( UINT32 TargetCoreId)

This function performs running enable external interrupt exiting on a single core.

Should be called from VMX root-mode

Parameters
TargetCoreIdThe target core's ID (to just run on this core)
Returns
VOID
210{
211 DIRECT_VMCALL_PARAMETERS DirectVmcallOptions = {0};
212 UINT64 HaltedCoreTask = (UINT64)NULL;
213
214 //
215 // Set the target task
216 //
217 HaltedCoreTask = DEBUGGER_HALTED_CORE_TASK_ENABLE_EXTERNAL_INTERRUPT_EXITING;
218
219 //
220 // Send request for the target task to the halted cores (synchronized)
221 //
222 HaltedCoreRunTaskOnSingleCore(TargetCoreId,
223 HaltedCoreTask,
224 TRUE,
225 &DirectVmcallOptions);
226}
DEBUGGER_HALTED_CORE_TASK_ENABLE_EXTERNAL_INTERRUPT_EXITING
#define DEBUGGER_HALTED_CORE_TASK_ENABLE_EXTERNAL_INTERRUPT_EXITING
Halted core task for enabling external interrupt exiting.
Definition HaltedCore.h:88

◆ HaltedRoutineEnableMov2DebugRegsExitingOnSingleCore()

VOID HaltedRoutineEnableMov2DebugRegsExitingOnSingleCore ( UINT32 TargetCoreId)

This function performs running enable mov to debug registers exiting on a single core.

Should be called from VMX root-mode

Parameters
TargetCoreIdThe target core's ID (to just run on this core)
Returns
VOID
182{
183 DIRECT_VMCALL_PARAMETERS DirectVmcallOptions = {0};
184 UINT64 HaltedCoreTask = (UINT64)NULL;
185
186 //
187 // Set the target task
188 //
189 HaltedCoreTask = DEBUGGER_HALTED_CORE_TASK_ENABLE_MOV_TO_DEBUG_REGS_EXITING;
190
191 //
192 // Send request for the target task to the halted cores (synchronized)
193 //
194 HaltedCoreRunTaskOnSingleCore(TargetCoreId,
195 HaltedCoreTask,
196 TRUE,
197 &DirectVmcallOptions);
198}
DEBUGGER_HALTED_CORE_TASK_ENABLE_MOV_TO_DEBUG_REGS_EXITING
#define DEBUGGER_HALTED_CORE_TASK_ENABLE_MOV_TO_DEBUG_REGS_EXITING
Halted core task for enabling mov to debug registers exiting.
Definition HaltedCore.h:76

◆ HaltedRoutineEnableMovToCrExitingOnSingleCore()

VOID HaltedRoutineEnableMovToCrExitingOnSingleCore ( UINT32 TargetCoreId,
DEBUGGER_EVENT_OPTIONS * BroadcastingOption )

This function performs running enable mov to CR exiting on a single core.

Should be called from VMX root-mode

Parameters
TargetCoreIdThe target core's ID (to just run on this core)
BroadcastingOption
Returns
VOID
307{
308 DIRECT_VMCALL_PARAMETERS DirectVmcallOptions = {0};
309 UINT64 HaltedCoreTask = (UINT64)NULL;
310
311 //
312 // Set the target task
313 //
314 HaltedCoreTask = DEBUGGER_HALTED_CORE_TASK_ENABLE_MOV_TO_CONTROL_REGS_EXITING;
315
316 //
317 // Set the parameters for the direct VMCALL
318 //
319 DirectVmcallOptions.OptionalParam1 = BroadcastingOption->OptionalParam1;
320 DirectVmcallOptions.OptionalParam2 = BroadcastingOption->OptionalParam2;
321
322 //
323 // Send request for the target task to the halted cores (synchronized)
324 //
325 HaltedCoreRunTaskOnSingleCore(TargetCoreId,
326 HaltedCoreTask,
327 TRUE,
328 &DirectVmcallOptions);
329}
DEBUGGER_HALTED_CORE_TASK_ENABLE_MOV_TO_CONTROL_REGS_EXITING
#define DEBUGGER_HALTED_CORE_TASK_ENABLE_MOV_TO_CONTROL_REGS_EXITING
Halted core task for enabling mov to CR exiting.
Definition HaltedCore.h:94
_DEBUGGER_EVENT_OPTIONS::OptionalParam2
UINT64 OptionalParam2
Definition Events.h:273
_DEBUGGER_EVENT_OPTIONS::OptionalParam1
UINT64 OptionalParam1
Definition Events.h:272
_DIRECT_VMCALL_PARAMETERS::OptionalParam2
UINT64 OptionalParam2
Definition DataTypes.h:296

◆ HaltedRoutineEnableRdpmcExitingOnSingleCore()

VOID HaltedRoutineEnableRdpmcExitingOnSingleCore ( UINT32 TargetCoreId)

This function performs running enable RDPMC exiting on a single core.

Should be called from VMX root-mode

Parameters
TargetCoreIdThe target core's ID (to just run on this core)
Returns
VOID
126{
127 DIRECT_VMCALL_PARAMETERS DirectVmcallOptions = {0};
128 UINT64 HaltedCoreTask = (UINT64)NULL;
129
130 //
131 // Set the target task
132 //
133 HaltedCoreTask = DEBUGGER_HALTED_CORE_TASK_SET_RDPMC_EXITING;
134
135 //
136 // Send request for the target task to the halted cores (synchronized)
137 //
138 HaltedCoreRunTaskOnSingleCore(TargetCoreId,
139 HaltedCoreTask,
140 TRUE,
141 &DirectVmcallOptions);
142}
DEBUGGER_HALTED_CORE_TASK_SET_RDPMC_EXITING
#define DEBUGGER_HALTED_CORE_TASK_SET_RDPMC_EXITING
Halted core task for enabling rdpmc exiting.
Definition HaltedCore.h:64

◆ HaltedRoutineEnableRdtscExitingOnSingleCore()

VOID HaltedRoutineEnableRdtscExitingOnSingleCore ( UINT32 TargetCoreId)

This function performs running enable rdtsc/rdtscp exiting on a single core.

Should be called from VMX root-mode

Parameters
TargetCoreIdThe target core's ID (to just run on this core)
Returns
VOID
154{
155 DIRECT_VMCALL_PARAMETERS DirectVmcallOptions = {0};
156 UINT64 HaltedCoreTask = (UINT64)NULL;
157
158 //
159 // Set the target task
160 //
161 HaltedCoreTask = DEBUGGER_HALTED_CORE_TASK_SET_RDTSC_EXITING;
162
163 //
164 // Send request for the target task to the halted cores (synchronized)
165 //
166 HaltedCoreRunTaskOnSingleCore(TargetCoreId,
167 HaltedCoreTask,
168 TRUE,
169 &DirectVmcallOptions);
170}
DEBUGGER_HALTED_CORE_TASK_SET_RDTSC_EXITING
#define DEBUGGER_HALTED_CORE_TASK_SET_RDTSC_EXITING
Halted core task for enabling rdtsc/rdtscp exiting.
Definition HaltedCore.h:70

◆ HaltedRoutineInvalidateEptAllContextsOnSingleCore()

VOID HaltedRoutineInvalidateEptAllContextsOnSingleCore ( UINT32 TargetCoreId)

This function performs running invalidate EPT (All Contexts) on a single core.

Should be called from VMX root-mode

Parameters
TargetCoreIdThe target core's ID (to just run on this core)
Returns
VOID
369{
370 DIRECT_VMCALL_PARAMETERS DirectVmcallOptions = {0};
371 UINT64 HaltedCoreTask = (UINT64)NULL;
372
373 //
374 // Set the target task
375 //
376 HaltedCoreTask = DEBUGGER_HALTED_CORE_TASK_INVEPT_ALL_CONTEXTS;
377
378 //
379 // Send request for the target task to the halted cores (synchronized)
380 //
381 HaltedCoreRunTaskOnSingleCore(TargetCoreId,
382 HaltedCoreTask,
383 TRUE,
384 &DirectVmcallOptions);
385}
DEBUGGER_HALTED_CORE_TASK_INVEPT_ALL_CONTEXTS
#define DEBUGGER_HALTED_CORE_TASK_INVEPT_ALL_CONTEXTS
Halted core task for invalidating EPT (All Contexts)
Definition HaltedCore.h:106

◆ HaltedRoutineInvalidateSingleContextOnSingleCore()

VOID HaltedRoutineInvalidateSingleContextOnSingleCore ( UINT32 TargetCoreId)

This function performs running invalidate EPT (A Single Context) on a single core.

Should be called from VMX root-mode

Parameters
TargetCoreIdThe target core's ID (to just run on this core)
Returns
VOID
397{
398 DIRECT_VMCALL_PARAMETERS DirectVmcallOptions = {0};
399 UINT64 HaltedCoreTask = (UINT64)NULL;
400
401 //
402 // Set the target task
403 //
404 HaltedCoreTask = DEBUGGER_HALTED_CORE_TASK_INVEPT_SINGLE_CONTEXT;
405
406 //
407 // Send request for the target task to the halted cores (synchronized)
408 //
409 HaltedCoreRunTaskOnSingleCore(TargetCoreId,
410 HaltedCoreTask,
411 TRUE,
412 &DirectVmcallOptions);
413}
DEBUGGER_HALTED_CORE_TASK_INVEPT_SINGLE_CONTEXT
#define DEBUGGER_HALTED_CORE_TASK_INVEPT_SINGLE_CONTEXT
Halted core task for invalidating EPT (A Single Context)
Definition HaltedCore.h:112

◆ HaltedRoutineSetExceptionBitmapOnSingleCore()

VOID HaltedRoutineSetExceptionBitmapOnSingleCore ( UINT32 TargetCoreId,
UINT64 ExceptionIndex )

This function performs running set exception bitmap on a single core.

Should be called from VMX root-mode

Parameters
TargetCoreIdThe target core's ID (to just run on this core)
ExceptionIndex
Returns
VOID
239{
240 DIRECT_VMCALL_PARAMETERS DirectVmcallOptions = {0};
241 UINT64 HaltedCoreTask = (UINT64)NULL;
242
243 //
244 // Set the target task
245 //
246 HaltedCoreTask = DEBUGGER_HALTED_CORE_TASK_SET_EXCEPTION_BITMAP;
247
248 //
249 // Set the parameters for the direct VMCALL
250 //
251 DirectVmcallOptions.OptionalParam1 = ExceptionIndex;
252
253 //
254 // Send request for the target task to the halted cores (synchronized)
255 //
256 HaltedCoreRunTaskOnSingleCore(TargetCoreId,
257 HaltedCoreTask,
258 TRUE,
259 &DirectVmcallOptions);
260}
DEBUGGER_HALTED_CORE_TASK_SET_EXCEPTION_BITMAP
#define DEBUGGER_HALTED_CORE_TASK_SET_EXCEPTION_BITMAP
Halted core task for setting exception bitmap.
Definition HaltedCore.h:82

◆ HaltedRoutineUnSetExceptionBitmapOnSingleCore()

VOID HaltedRoutineUnSetExceptionBitmapOnSingleCore ( UINT32 TargetCoreId,
UINT64 ExceptionIndex )

This function performs running unset exception bitmap on VMCS on a single core.

Should be called from VMX root-mode

Parameters
TargetCoreIdThe target core's ID (to just run on this core)
ExceptionIndex
Returns
VOID
273{
274 DIRECT_VMCALL_PARAMETERS DirectVmcallOptions = {0};
275 UINT64 HaltedCoreTask = (UINT64)NULL;
276
277 //
278 // Set the target task
279 //
280 HaltedCoreTask = DEBUGGER_HALTED_CORE_TASK_UNSET_EXCEPTION_BITMAP;
281
282 //
283 // Set the parameters for the direct VMCALL
284 //
285 DirectVmcallOptions.OptionalParam1 = ExceptionIndex;
286
287 //
288 // Send request for the target task to the halted cores (synchronized)
289 //
290 HaltedCoreRunTaskOnSingleCore(TargetCoreId,
291 HaltedCoreTask,
292 TRUE,
293 &DirectVmcallOptions);
294}
DEBUGGER_HALTED_CORE_TASK_UNSET_EXCEPTION_BITMAP
#define DEBUGGER_HALTED_CORE_TASK_UNSET_EXCEPTION_BITMAP
Halted core task for unsetting exception bitmap on VMCS.
Definition HaltedCore.h:118