HyperDbg Debugger
Loading...
Searching...
No Matches
HyperDbgVmmImports.h
Go to the documentation of this file.
1
11#pragma once
12
13#ifdef HYPERDBG_VMM
14# define IMPORT_EXPORT_VMM __declspec(dllexport)
15#else
16# define IMPORT_EXPORT_VMM __declspec(dllimport)
17#endif
18
20// VM Functions //
22
23IMPORT_EXPORT_VMM NTSTATUS
24VmFuncVmxVmcall(unsigned long long VmcallNumber,
25 unsigned long long OptionalParam1,
26 unsigned long long OptionalParam2,
27 unsigned long long OptionalParam3);
28
29IMPORT_EXPORT_VMM VOID
30VmFuncPerformRipIncrement(UINT32 CoreId);
31
32IMPORT_EXPORT_VMM VOID
33VmFuncSuppressRipIncrement(UINT32 CoreId);
34
35IMPORT_EXPORT_VMM VOID
36VmFuncChangeMtfUnsettingState(UINT32 CoreId, BOOLEAN Set);
37
38IMPORT_EXPORT_VMM VOID
39VmFuncChangeIgnoreOneMtfState(UINT32 CoreId, BOOLEAN Set);
40
41IMPORT_EXPORT_VMM VOID
42VmFuncSetMonitorTrapFlag(BOOLEAN Set);
43
44IMPORT_EXPORT_VMM VOID
45VmFuncSetRflagTrapFlag(BOOLEAN Set);
46
47IMPORT_EXPORT_VMM VOID
48VmFuncRegisterMtfBreak(UINT32 CoreId);
49
50IMPORT_EXPORT_VMM VOID
51VmFuncUnRegisterMtfBreak(UINT32 CoreId);
52
53IMPORT_EXPORT_VMM VOID
54VmFuncSetLoadDebugControls(BOOLEAN Set);
55
56IMPORT_EXPORT_VMM VOID
57VmFuncSetSaveDebugControls(BOOLEAN Set);
58
59IMPORT_EXPORT_VMM VOID
60VmFuncSetPmcVmexit(BOOLEAN Set);
61
62IMPORT_EXPORT_VMM VOID
63VmFuncSetMovControlRegsExiting(BOOLEAN Set, UINT64 ControlRegister, UINT64 MaskRegister);
64
65IMPORT_EXPORT_VMM VOID
66VmFuncSetMovToCr3Vmexit(UINT32 CoreId, BOOLEAN Set);
67
68IMPORT_EXPORT_VMM VOID
69VmFuncWriteExceptionBitmap(UINT32 BitmapMask);
70
71IMPORT_EXPORT_VMM VOID
72VmFuncSetInterruptWindowExiting(BOOLEAN Set);
73
74IMPORT_EXPORT_VMM VOID
75VmFuncSetNmiWindowExiting(BOOLEAN Set);
76
77IMPORT_EXPORT_VMM VOID
78VmFuncSetNmiExiting(BOOLEAN Set);
79
80IMPORT_EXPORT_VMM VOID
81VmFuncSetExceptionBitmap(UINT32 CoreId, UINT32 IdtIndex);
82
83IMPORT_EXPORT_VMM VOID
84VmFuncUnsetExceptionBitmap(UINT32 CoreId, UINT32 IdtIndex);
85
86IMPORT_EXPORT_VMM VOID
87VmFuncSetExternalInterruptExiting(UINT32 CoreId, BOOLEAN Set);
88
89IMPORT_EXPORT_VMM VOID
90VmFuncSetRdtscExiting(UINT32 CoreId, BOOLEAN Set);
91
92IMPORT_EXPORT_VMM VOID
93VmFuncSetMovDebugRegsExiting(UINT32 CoreId, BOOLEAN Set);
94
95IMPORT_EXPORT_VMM VOID
96VmFuncInjectPendingExternalInterrupts(UINT32 CoreId);
97
98IMPORT_EXPORT_VMM VOID
99VmFuncSetRflags(UINT64 Rflags);
100
101IMPORT_EXPORT_VMM VOID
102VmFuncSetRip(UINT64 Rip);
103
104IMPORT_EXPORT_VMM VOID
105VmFuncSetTriggerEventForVmcalls(BOOLEAN Set);
106
107IMPORT_EXPORT_VMM VOID
108VmFuncSetTriggerEventForCpuids(BOOLEAN Set);
109
110IMPORT_EXPORT_VMM VOID
111VmFuncSetInterruptibilityState(UINT64 InterruptibilityState);
112
113IMPORT_EXPORT_VMM VOID
114VmFuncCheckAndEnableExternalInterrupts(UINT32 CoreId);
115
116IMPORT_EXPORT_VMM VOID
117VmFuncDisableExternalInterruptsAndInterruptWindow(UINT32 CoreId);
118
119IMPORT_EXPORT_VMM VOID
120VmFuncEventInjectPageFaultWithCr2(UINT32 CoreId, UINT64 Address, UINT32 PageFaultCode);
121
122IMPORT_EXPORT_VMM VOID
123VmFuncEventInjectPageFaultRangeAddress(UINT32 CoreId,
124 UINT64 AddressFrom,
125 UINT64 AddressTo,
126 UINT32 PageFaultCode);
127
128IMPORT_EXPORT_VMM VOID
129VmFuncEventInjectInterruption(UINT32 InterruptionType,
130 UINT32 Vector,
131 BOOLEAN DeliverErrorCode,
132 UINT32 ErrorCode);
133
134IMPORT_EXPORT_VMM VOID
135VmFuncVmxBroadcastInitialize();
136
137IMPORT_EXPORT_VMM VOID
138VmFuncVmxBroadcastUninitialize();
139
140IMPORT_EXPORT_VMM VOID
141VmFuncEventInjectBreakpoint();
142
143IMPORT_EXPORT_VMM VOID
144VmFuncInvalidateEptSingleContext(UINT32 CoreId);
145
146IMPORT_EXPORT_VMM VOID
147VmFuncInvalidateEptAllContexts();
148
149IMPORT_EXPORT_VMM VOID
150VmFuncUninitVmm();
151
152IMPORT_EXPORT_VMM VOID
153VmFuncEnableMtfAndChangeExternalInterruptState(UINT32 CoreId);
154
155IMPORT_EXPORT_VMM VOID
156VmFuncEnableAndCheckForPreviousExternalInterrupts(UINT32 CoreId);
157
158IMPORT_EXPORT_VMM UINT16
159VmFuncGetCsSelector();
160
161IMPORT_EXPORT_VMM UINT32
162VmFuncReadExceptionBitmap();
163
164IMPORT_EXPORT_VMM UINT64
165VmFuncGetLastVmexitRip(UINT32 CoreId);
166
167IMPORT_EXPORT_VMM UINT64
168VmFuncGetRflags();
169
170IMPORT_EXPORT_VMM UINT64
171VmFuncGetRip();
172
173IMPORT_EXPORT_VMM UINT64
174VmFuncGetInterruptibilityState();
175
176IMPORT_EXPORT_VMM UINT64
177VmFuncClearSteppingBits(UINT64 Interruptibility);
178
179IMPORT_EXPORT_VMM BOOLEAN
180VmFuncInitVmm(VMM_CALLBACKS * VmmCallbacks);
181
182IMPORT_EXPORT_VMM UINT32
183VmFuncVmxCompatibleStrlen(const CHAR * s);
184
185IMPORT_EXPORT_VMM UINT32
186VmFuncVmxCompatibleWcslen(const wchar_t * s);
187
188IMPORT_EXPORT_VMM BOOLEAN
189VmFuncNmiBroadcastRequest(UINT32 CoreId);
190
191IMPORT_EXPORT_VMM BOOLEAN
192VmFuncNmiBroadcastInvalidateEptSingleContext(UINT32 CoreId);
193
194IMPORT_EXPORT_VMM BOOLEAN
195VmFuncNmiBroadcastInvalidateEptAllContexts(UINT32 CoreId);
196
197IMPORT_EXPORT_VMM BOOLEAN
198VmFuncVmxGetCurrentExecutionMode();
199
200IMPORT_EXPORT_VMM BOOLEAN
201VmFuncQueryModeExecTrap();
202
203IMPORT_EXPORT_VMM INT32
204VmFuncVmxCompatibleStrcmp(const CHAR * Address1, const CHAR * Address2);
205
206IMPORT_EXPORT_VMM INT32
207VmFuncVmxCompatibleStrncmp(const CHAR * Address1, const CHAR * Address2, SIZE_T Num);
208
209IMPORT_EXPORT_VMM INT32
210VmFuncVmxCompatibleWcscmp(const wchar_t * Address1, const wchar_t * Address2);
211
212IMPORT_EXPORT_VMM INT32
213VmFuncVmxCompatibleWcsncmp(const wchar_t * Address1, const wchar_t * Address2, SIZE_T Num);
214
215IMPORT_EXPORT_VMM INT32
216VmFuncVmxCompatibleMemcmp(const CHAR * Address1, const CHAR * Address2, size_t Count);
217
219// Configuration Functions //
221
222IMPORT_EXPORT_VMM VOID
223ConfigureEnableMovToCr3ExitingOnAllProcessors();
224
225IMPORT_EXPORT_VMM VOID
226ConfigureDisableMovToCr3ExitingOnAllProcessors();
227
228IMPORT_EXPORT_VMM VOID
229ConfigureEnableEferSyscallEventsOnAllProcessors();
230
231IMPORT_EXPORT_VMM VOID
232ConfigureDisableEferSyscallEventsOnAllProcessors();
233
234IMPORT_EXPORT_VMM VOID
235ConfigureSetExternalInterruptExitingOnSingleCore(UINT32 TargetCoreId);
236
237IMPORT_EXPORT_VMM VOID
238ConfigureEnableRdtscExitingOnSingleCore(UINT32 TargetCoreId);
239
240IMPORT_EXPORT_VMM VOID
241ConfigureEnableRdpmcExitingOnSingleCore(UINT32 TargetCoreId);
242
243IMPORT_EXPORT_VMM VOID
244ConfigureEnableMovToDebugRegistersExitingOnSingleCore(UINT32 TargetCoreId);
245
246IMPORT_EXPORT_VMM VOID
247ConfigureSetExceptionBitmapOnSingleCore(UINT32 TargetCoreId, UINT32 BitMask);
248
249IMPORT_EXPORT_VMM VOID
250ConfigureEnableMovToControlRegisterExitingOnSingleCore(UINT32 TargetCoreId, DEBUGGER_EVENT_OPTIONS * BroadcastingOption);
251
252IMPORT_EXPORT_VMM VOID
253ConfigureChangeMsrBitmapWriteOnSingleCore(UINT32 TargetCoreId, UINT64 MsrMask);
254
255IMPORT_EXPORT_VMM VOID
256ConfigureChangeMsrBitmapReadOnSingleCore(UINT32 TargetCoreId, UINT64 MsrMask);
257
258IMPORT_EXPORT_VMM VOID
259ConfigureChangeIoBitmapOnSingleCore(UINT32 TargetCoreId, UINT64 Port);
260
261IMPORT_EXPORT_VMM VOID
262ConfigureEnableEferSyscallHookOnSingleCore(UINT32 TargetCoreId);
263
264IMPORT_EXPORT_VMM VOID
265ConfigureSetEferSyscallOrSysretHookType(DEBUGGER_EVENT_SYSCALL_SYSRET_TYPE SyscallHookType);
266
267IMPORT_EXPORT_VMM VOID
268ConfigureDirtyLoggingInitializeOnAllProcessors();
269
270IMPORT_EXPORT_VMM VOID
271ConfigureDirtyLoggingUninitializeOnAllProcessors();
272
273IMPORT_EXPORT_VMM VOID
274ConfigureModeBasedExecHookUninitializeOnAllProcessors();
275
276IMPORT_EXPORT_VMM VOID
277ConfigureUninitializeExecTrapOnAllProcessors();
278
279IMPORT_EXPORT_VMM BOOLEAN
280ConfigureInitializeExecTrapOnAllProcessors();
281
282IMPORT_EXPORT_VMM BOOLEAN
283ConfigureEptHook(PVOID TargetAddress, UINT32 ProcessId);
284
285IMPORT_EXPORT_VMM BOOLEAN
286ConfigureEptHookFromVmxRoot(PVOID TargetAddress);
287
288IMPORT_EXPORT_VMM BOOLEAN
289ConfigureEptHook2(UINT32 CoreId,
290 PVOID TargetAddress,
291 PVOID HookFunction,
292 UINT32 ProcessId);
293
294IMPORT_EXPORT_VMM BOOLEAN
295ConfigureEptHook2FromVmxRoot(UINT32 CoreId,
296 PVOID TargetAddress,
297 PVOID HookFunction);
298
299IMPORT_EXPORT_VMM BOOLEAN
300ConfigureEptHookMonitor(UINT32 CoreId,
301 EPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR * HookingDetails,
302 UINT32 ProcessId);
303
304IMPORT_EXPORT_VMM BOOLEAN
305ConfigureEptHookMonitorFromVmxRoot(UINT32 CoreId,
306 EPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR * MemoryAddressDetails);
307
308IMPORT_EXPORT_VMM BOOLEAN
309ConfigureEptHookModifyInstructionFetchState(UINT32 CoreId,
310 PVOID PhysicalAddress,
311 BOOLEAN IsUnset);
312
313IMPORT_EXPORT_VMM BOOLEAN
314ConfigureEptHookModifyPageReadState(UINT32 CoreId,
315 PVOID PhysicalAddress,
316 BOOLEAN IsUnset);
317
318IMPORT_EXPORT_VMM BOOLEAN
319ConfigureEptHookModifyPageWriteState(UINT32 CoreId,
320 PVOID PhysicalAddress,
321 BOOLEAN IsUnset);
322
323IMPORT_EXPORT_VMM BOOLEAN
324ConfigureEptHookUnHookAllByHookingTag(UINT64 HookingTag);
325
326IMPORT_EXPORT_VMM BOOLEAN
327ConfigureEptHookUnHookSingleHookByHookingTagFromVmxRoot(UINT64 HookingTag,
328 EPT_SINGLE_HOOK_UNHOOKING_DETAILS * TargetUnhookingDetails);
329
330IMPORT_EXPORT_VMM BOOLEAN
331ConfigureEptHookUnHookSingleAddress(UINT64 VirtualAddress,
332 UINT64 PhysAddress,
333 UINT32 ProcessId);
334
335IMPORT_EXPORT_VMM BOOLEAN
336ConfigureEptHookUnHookSingleAddressFromVmxRoot(UINT64 VirtualAddress,
337 UINT64 PhysAddress,
338 EPT_SINGLE_HOOK_UNHOOKING_DETAILS * TargetUnhookingDetails);
339
340IMPORT_EXPORT_VMM VOID
341ConfigureEptHookAllocateExtraHookingPagesForMemoryMonitorsAndExecEptHooks(UINT32 Count);
342
343IMPORT_EXPORT_VMM VOID
344ConfigureEptHookReservePreallocatedPoolsForEptHooks(UINT32 Count);
345
346IMPORT_EXPORT_VMM BOOLEAN
347ConfigureExecTrapAddProcessToWatchingList(UINT32 ProcessId);
348
349IMPORT_EXPORT_VMM BOOLEAN
350ConfigureExecTrapRemoveProcessFromWatchingList(UINT32 ProcessId);
351
353// Direct VMCALL Functions //
355
356IMPORT_EXPORT_VMM NTSTATUS
357DirectVmcallTest(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS * DirectVmcallOptions);
358
359IMPORT_EXPORT_VMM NTSTATUS
360DirectVmcallPerformVmcall(UINT32 CoreId, UINT64 VmcallNumber, DIRECT_VMCALL_PARAMETERS * DirectVmcallOptions);
361
362IMPORT_EXPORT_VMM NTSTATUS
363DirectVmcallChangeMsrBitmapRead(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS * DirectVmcallOptions);
364
365IMPORT_EXPORT_VMM NTSTATUS
366DirectVmcallChangeMsrBitmapWrite(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS * DirectVmcallOptions);
367
368IMPORT_EXPORT_VMM NTSTATUS
369DirectVmcallChangeIoBitmap(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS * DirectVmcallOptions);
370
371IMPORT_EXPORT_VMM NTSTATUS
372DirectVmcallEnableRdpmcExiting(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS * DirectVmcallOptions);
373
374IMPORT_EXPORT_VMM NTSTATUS
375DirectVmcallEnableRdtscpExiting(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS * DirectVmcallOptions);
376
377IMPORT_EXPORT_VMM NTSTATUS
378DirectVmcallEnableMov2DebugRegsExiting(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS * DirectVmcallOptions);
379
380IMPORT_EXPORT_VMM NTSTATUS
381DirectVmcallSetExceptionBitmap(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS * DirectVmcallOptions);
382
383IMPORT_EXPORT_VMM NTSTATUS
384DirectVmcallEnableExternalInterruptExiting(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS * DirectVmcallOptions);
385
386IMPORT_EXPORT_VMM NTSTATUS
387DirectVmcallEnableMovToCrExiting(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS * DirectVmcallOptions);
388
389IMPORT_EXPORT_VMM NTSTATUS
390DirectVmcallEnableEferSyscall(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS * DirectVmcallOptions);
391
392IMPORT_EXPORT_VMM NTSTATUS
393DirectVmcallSetHiddenBreakpointHook(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS * DirectVmcallOptions);
394
395IMPORT_EXPORT_VMM NTSTATUS
396DirectVmcallInvalidateEptAllContexts(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS * DirectVmcallOptions);
397
398IMPORT_EXPORT_VMM NTSTATUS
399DirectVmcallInvalidateSingleContext(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS * DirectVmcallOptions);
400
401IMPORT_EXPORT_VMM NTSTATUS
402DirectVmcallUnsetExceptionBitmap(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS * DirectVmcallOptions);
403
404IMPORT_EXPORT_VMM NTSTATUS
405DirectVmcallUnhookSinglePage(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS * DirectVmcallOptions);
406
407IMPORT_EXPORT_VMM NTSTATUS
408DirectVmcallSetDisableExternalInterruptExitingOnlyOnClearingInterruptEvents(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS * DirectVmcallOptions);
409
410IMPORT_EXPORT_VMM NTSTATUS
411DirectVmcallResetMsrBitmapRead(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS * DirectVmcallOptions);
412
413IMPORT_EXPORT_VMM NTSTATUS
414DirectVmcallResetMsrBitmapWrite(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS * DirectVmcallOptions);
415
416IMPORT_EXPORT_VMM NTSTATUS
417DirectVmcallResetExceptionBitmapOnlyOnClearingExceptionEvents(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS * DirectVmcallOptions);
418
419IMPORT_EXPORT_VMM NTSTATUS
420DirectVmcallResetIoBitmap(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS * DirectVmcallOptions);
421
422IMPORT_EXPORT_VMM NTSTATUS
423DirectVmcallDisableRdtscExitingForClearingTscEvents(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS * DirectVmcallOptions);
424
425IMPORT_EXPORT_VMM NTSTATUS
426DirectVmcallDisableRdpmcExiting(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS * DirectVmcallOptions);
427
428IMPORT_EXPORT_VMM NTSTATUS
429DirectVmcallDisableEferSyscallEvents(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS * DirectVmcallOptions);
430
431IMPORT_EXPORT_VMM NTSTATUS
432DirectVmcallDisableMov2DrExitingForClearingDrEvents(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS * DirectVmcallOptions);
433
434IMPORT_EXPORT_VMM NTSTATUS
435DirectVmcallDisableMov2CrExitingForClearingCrEvents(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS * DirectVmcallOptions);
436
438// Disassembler //
440
441IMPORT_EXPORT_VMM BOOLEAN
442DisassemblerShowInstructionsInVmxNonRootMode(PVOID Address, UINT32 Length, BOOLEAN Is32Bit);
443
444IMPORT_EXPORT_VMM BOOLEAN
445DisassemblerShowOneInstructionInVmxNonRootMode(PVOID Address, UINT64 ActualRip, BOOLEAN Is32Bit);
446
447IMPORT_EXPORT_VMM UINT32
448DisassemblerShowOneInstructionInVmxRootMode(PVOID Address, BOOLEAN Is32Bit);
449
451// General Functions //
453
454// ----------------------------------------------------------------------------
455// Exported Interfaces For Virtual Addresses
456//
457
458IMPORT_EXPORT_VMM UINT64
459VirtualAddressToPhysicalAddress(_In_ PVOID VirtualAddress);
460
461IMPORT_EXPORT_VMM UINT64
462VirtualAddressToPhysicalAddressByProcessId(_In_ PVOID VirtualAddress,
463 _In_ UINT32 ProcessId);
464
465IMPORT_EXPORT_VMM UINT64
466VirtualAddressToPhysicalAddressByProcessCr3(_In_ PVOID VirtualAddress,
467 _In_ CR3_TYPE TargetCr3);
468
469IMPORT_EXPORT_VMM UINT64
470VirtualAddressToPhysicalAddressOnTargetProcess(_In_ PVOID VirtualAddress);
471
472// ----------------------------------------------------------------------------
473// Exported Interfaces For Physical Addresses
474//
475IMPORT_EXPORT_VMM UINT64
476PhysicalAddressToVirtualAddress(_In_ UINT64 PhysicalAddress);
477
478IMPORT_EXPORT_VMM UINT64
479PhysicalAddressToVirtualAddressByProcessId(_In_ PVOID PhysicalAddress, _In_ UINT32 ProcessId);
480
481IMPORT_EXPORT_VMM UINT64
482PhysicalAddressToVirtualAddressByCr3(_In_ PVOID PhysicalAddress, _In_ CR3_TYPE TargetCr3);
483
484IMPORT_EXPORT_VMM UINT64
485PhysicalAddressToVirtualAddressOnTargetProcess(_In_ PVOID PhysicalAddress);
486
487// ----------------------------------------------------------------------------
488// Exported Interfaces For Layout Switching Functions
489//
490IMPORT_EXPORT_VMM CR3_TYPE
491SwitchToProcessMemoryLayout(_In_ UINT32 ProcessId);
492
493IMPORT_EXPORT_VMM CR3_TYPE
494SwitchToCurrentProcessMemoryLayout();
495
496IMPORT_EXPORT_VMM CR3_TYPE
497SwitchToProcessMemoryLayoutByCr3(_In_ CR3_TYPE TargetCr3);
498
499IMPORT_EXPORT_VMM VOID
500SwitchToPreviousProcess(_In_ CR3_TYPE PreviousProcess);
501
502// ----------------------------------------------------------------------------
503// Exported Interfaces For Check Validity of Addresses
504//
505IMPORT_EXPORT_VMM BOOLEAN
506CheckAddressValidityUsingTsx(CHAR * Address);
507
508IMPORT_EXPORT_VMM BOOLEAN
509CheckAccessValidityAndSafety(UINT64 TargetAddress, UINT32 Size);
510
511IMPORT_EXPORT_VMM BOOLEAN
512CheckAddressPhysical(UINT64 PAddr);
513
514IMPORT_EXPORT_VMM UINT32
515CheckAddressMaximumInstructionLength(PVOID Address);
516
517// ----------------------------------------------------------------------------
518// Exported Interfaces For Layout Functions
519//
520IMPORT_EXPORT_VMM CR3_TYPE
521LayoutGetCurrentProcessCr3();
522
523IMPORT_EXPORT_VMM CR3_TYPE
524LayoutGetExactGuestProcessCr3();
525
527// Memory Management Functions //
529
530// ----------------------------------------------------------------------------
531// PTE-related Functions
532//
533
534IMPORT_EXPORT_VMM PVOID
535MemoryMapperGetPteVa(_In_ PVOID Va,
536 _In_ PAGING_LEVEL Level);
537
538IMPORT_EXPORT_VMM PVOID
539MemoryMapperGetPteVaByCr3(_In_ PVOID Va,
540 _In_ PAGING_LEVEL Level,
541 _In_ CR3_TYPE TargetCr3);
542
543IMPORT_EXPORT_VMM PVOID
544MemoryMapperGetPteVaWithoutSwitchingByCr3(_In_ PVOID Va,
545 _In_ PAGING_LEVEL Level,
546 _In_ CR3_TYPE TargetCr3);
547
548IMPORT_EXPORT_VMM PVOID
549MemoryMapperGetPteVaOnTargetProcess(_In_ PVOID Va,
550 _In_ PAGING_LEVEL Level);
551
552IMPORT_EXPORT_VMM PVOID
553MemoryMapperSetExecuteDisableToPteOnTargetProcess(_In_ PVOID Va,
554 _In_ BOOLEAN Set);
555
556IMPORT_EXPORT_VMM BOOLEAN
557MemoryMapperCheckPteIsPresentOnTargetProcess(PVOID Va,
558 PAGING_LEVEL Level);
559
560// ----------------------------------------------------------------------------
561// Reading Memory Functions
562//
563IMPORT_EXPORT_VMM BOOLEAN
564MemoryMapperReadMemorySafe(_In_ UINT64 VaAddressToRead,
565 _Inout_ PVOID BufferToSaveMemory,
566 _In_ SIZE_T SizeToRead);
567
568IMPORT_EXPORT_VMM BOOLEAN
569MemoryMapperReadMemorySafeByPhysicalAddress(_In_ UINT64 PaAddressToRead,
570 _Inout_ UINT64 BufferToSaveMemory,
571 _In_ SIZE_T SizeToRead);
572
573IMPORT_EXPORT_VMM BOOLEAN
574MemoryMapperReadMemorySafeOnTargetProcess(_In_ UINT64 VaAddressToRead,
575 _Inout_ PVOID BufferToSaveMemory,
576 _In_ SIZE_T SizeToRead);
577
578// ----------------------------------------------------------------------------
579// Disassembler Functions
580//
581IMPORT_EXPORT_VMM UINT32
582DisassemblerLengthDisassembleEngine(PVOID Address, BOOLEAN Is32Bit);
583
584IMPORT_EXPORT_VMM UINT32
585DisassemblerLengthDisassembleEngineInVmxRootOnTargetProcess(PVOID Address, BOOLEAN Is32Bit);
586
587// ----------------------------------------------------------------------------
588// Writing Memory Functions
589//
590IMPORT_EXPORT_VMM BOOLEAN
591MemoryMapperWriteMemorySafe(_Inout_ UINT64 Destination,
592 _In_ PVOID Source,
593 _In_ SIZE_T SizeToWrite,
594 _In_ CR3_TYPE TargetProcessCr3);
595
596IMPORT_EXPORT_VMM BOOLEAN
597MemoryMapperWriteMemorySafeOnTargetProcess(_Inout_ UINT64 Destination,
598 _In_ PVOID Source,
599 _In_ SIZE_T Size);
600
601IMPORT_EXPORT_VMM BOOLEAN
602MemoryMapperWriteMemorySafeByPhysicalAddress(_Inout_ UINT64 DestinationPa,
603 _In_ UINT64 Source,
604 _In_ SIZE_T SizeToWrite);
605
606IMPORT_EXPORT_VMM BOOLEAN
607MemoryMapperWriteMemoryUnsafe(_Inout_ UINT64 Destination,
608 _In_ PVOID Source,
609 _In_ SIZE_T SizeToWrite,
610 _In_ UINT32 TargetProcessId);
611
612// ----------------------------------------------------------------------------
613// Reserving Memory Functions
614//
615IMPORT_EXPORT_VMM UINT64
616MemoryMapperReserveUsermodeAddressOnTargetProcess(_In_ UINT32 ProcessId,
617 _In_ BOOLEAN Allocate);
618
619IMPORT_EXPORT_VMM BOOLEAN
620MemoryMapperFreeMemoryOnTargetProcess(_In_ UINT32 ProcessId,
621 _Inout_ PVOID BaseAddress);
622
623// ----------------------------------------------------------------------------
624// Miscellaneous Memory Functions
625//
626IMPORT_EXPORT_VMM BOOLEAN
627MemoryMapperSetSupervisorBitWithoutSwitchingByCr3(_In_ PVOID Va,
628 _In_ BOOLEAN Set,
629 _In_ PAGING_LEVEL Level,
630 _In_ CR3_TYPE TargetCr3);
631
632IMPORT_EXPORT_VMM BOOLEAN
633MemoryMapperCheckIfPageIsNxBitSetOnTargetProcess(_In_ PVOID Va);
634
635IMPORT_EXPORT_VMM BOOLEAN
636MemoryMapperCheckIfPdeIsLargePageOnTargetProcess(_In_ PVOID Va);
637
639// Memory Manager //
641
642IMPORT_EXPORT_VMM BOOLEAN
643MemoryManagerReadProcessMemoryNormal(HANDLE PID, PVOID Address, DEBUGGER_READ_MEMORY_TYPE MemType, PVOID UserBuffer, SIZE_T Size, PSIZE_T ReturnSize);
644
646// Pool Manager //
648
649IMPORT_EXPORT_VMM BOOLEAN
650PoolManagerCheckAndPerformAllocationAndDeallocation();
651
652IMPORT_EXPORT_VMM BOOLEAN
653PoolManagerRequestAllocation(SIZE_T Size, UINT32 Count, POOL_ALLOCATION_INTENTION Intention);
654
655IMPORT_EXPORT_VMM UINT64
656PoolManagerRequestPool(POOL_ALLOCATION_INTENTION Intention, BOOLEAN RequestNewPool, UINT32 Size);
657
658IMPORT_EXPORT_VMM BOOLEAN
659PoolManagerFreePool(UINT64 AddressToFree);
660
661IMPORT_EXPORT_VMM VOID
662PoolManagerShowPreAllocatedPools();
663
665// VMX Registers Modification //
667
668IMPORT_EXPORT_VMM VOID
669SetGuestCsSel(PVMX_SEGMENT_SELECTOR Cs);
670
671IMPORT_EXPORT_VMM VOID
672SetGuestCs(PVMX_SEGMENT_SELECTOR Cs);
673
674IMPORT_EXPORT_VMM VMX_SEGMENT_SELECTOR
675GetGuestCs();
676
677IMPORT_EXPORT_VMM VOID
678SetGuestSsSel(PVMX_SEGMENT_SELECTOR Ss);
679
680IMPORT_EXPORT_VMM VOID
681SetGuestSs(PVMX_SEGMENT_SELECTOR Ss);
682
683IMPORT_EXPORT_VMM VMX_SEGMENT_SELECTOR
684GetGuestSs();
685
686IMPORT_EXPORT_VMM VOID
687SetGuestDsSel(PVMX_SEGMENT_SELECTOR Ds);
688
689IMPORT_EXPORT_VMM VOID
690SetGuestDs(PVMX_SEGMENT_SELECTOR Ds);
691
692IMPORT_EXPORT_VMM VMX_SEGMENT_SELECTOR
693GetGuestDs();
694
695IMPORT_EXPORT_VMM VOID
696SetGuestFsSel(PVMX_SEGMENT_SELECTOR Fs);
697
698IMPORT_EXPORT_VMM VOID
699SetGuestFs(PVMX_SEGMENT_SELECTOR Fs);
700
701IMPORT_EXPORT_VMM VMX_SEGMENT_SELECTOR
702GetGuestFs();
703
704IMPORT_EXPORT_VMM VOID
705SetGuestGsSel(PVMX_SEGMENT_SELECTOR Gs);
706
707IMPORT_EXPORT_VMM VOID
708SetGuestGs(PVMX_SEGMENT_SELECTOR Gs);
709
710IMPORT_EXPORT_VMM VMX_SEGMENT_SELECTOR
711GetGuestGs();
712
713IMPORT_EXPORT_VMM VOID
714SetGuestEsSel(PVMX_SEGMENT_SELECTOR Es);
715
716IMPORT_EXPORT_VMM VOID
717SetGuestEs(PVMX_SEGMENT_SELECTOR Es);
718
719IMPORT_EXPORT_VMM VMX_SEGMENT_SELECTOR
720GetGuestEs();
721
722IMPORT_EXPORT_VMM VOID
723SetGuestIdtr(UINT64 Idtr);
724
725IMPORT_EXPORT_VMM UINT64
726GetGuestIdtr();
727
728IMPORT_EXPORT_VMM VOID
729SetGuestLdtr(UINT64 Ldtr);
730
731IMPORT_EXPORT_VMM UINT64
732GetGuestLdtr();
733
734IMPORT_EXPORT_VMM VOID
735SetGuestGdtr(UINT64 Gdtr);
736
737IMPORT_EXPORT_VMM UINT64
738GetGuestGdtr();
739
740IMPORT_EXPORT_VMM VOID
741SetGuestTr(UINT64 Tr);
742
743IMPORT_EXPORT_VMM UINT64
744GetGuestTr();
745
746IMPORT_EXPORT_VMM VOID
747SetGuestRFlags(UINT64 RFlags);
748
749IMPORT_EXPORT_VMM UINT64
750GetGuestRFlags();
751
752IMPORT_EXPORT_VMM VOID
753SetGuestRIP(UINT64 RIP);
754
755IMPORT_EXPORT_VMM VOID
756SetGuestRSP(UINT64 RSP);
757
758IMPORT_EXPORT_VMM UINT64
759GetGuestRIP();
760
761IMPORT_EXPORT_VMM UINT64
762GetGuestCr0();
763
764IMPORT_EXPORT_VMM UINT64
765GetGuestCr2();
766
767IMPORT_EXPORT_VMM UINT64
768GetGuestCr3();
769
770IMPORT_EXPORT_VMM UINT64
771GetGuestCr4();
772
773IMPORT_EXPORT_VMM UINT64
774GetGuestCr8();
775
776IMPORT_EXPORT_VMM VOID
777SetGuestCr0(UINT64 Cr0);
778
779IMPORT_EXPORT_VMM VOID
780SetGuestCr2(UINT64 Cr2);
781
782IMPORT_EXPORT_VMM VOID
783SetGuestCr3(UINT64 Cr3);
784
785IMPORT_EXPORT_VMM VOID
786SetGuestCr4(UINT64 Cr4);
787
788IMPORT_EXPORT_VMM VOID
789SetGuestCr8(UINT64 Cr8);
790
791IMPORT_EXPORT_VMM UINT64
792GetGuestDr0();
793
794IMPORT_EXPORT_VMM UINT64
795GetGuestDr1();
796
797IMPORT_EXPORT_VMM UINT64
798GetGuestDr2();
799
800IMPORT_EXPORT_VMM UINT64
801GetGuestDr3();
802
803IMPORT_EXPORT_VMM UINT64
804GetGuestDr6();
805
806IMPORT_EXPORT_VMM UINT64
807GetGuestDr7();
808
809IMPORT_EXPORT_VMM VOID
810SetGuestDr0(UINT64 value);
811
812IMPORT_EXPORT_VMM VOID
813SetGuestDr1(UINT64 value);
814
815IMPORT_EXPORT_VMM VOID
816SetGuestDr2(UINT64 value);
817
818IMPORT_EXPORT_VMM VOID
819SetGuestDr3(UINT64 value);
820
821IMPORT_EXPORT_VMM VOID
822SetGuestDr6(UINT64 value);
823
824IMPORT_EXPORT_VMM VOID
825SetGuestDr7(UINT64 value);
826
827IMPORT_EXPORT_VMM BOOLEAN
828SetDebugRegisters(UINT32 DebugRegNum, DEBUG_REGISTER_TYPE ActionType, BOOLEAN ApplyToVmcs, UINT64 TargetAddress);
829
831// Transparent Mode //
833
834IMPORT_EXPORT_VMM NTSTATUS
835TransparentHideDebugger(PDEBUGGER_HIDE_AND_TRANSPARENT_DEBUGGER_MODE Measurements);
836
837IMPORT_EXPORT_VMM NTSTATUS
838TransparentUnhideDebugger();
839
841// Non-internal Broadcasting Functions //
843
844IMPORT_EXPORT_VMM VOID
845BroadcastEnableBreakpointExitingOnExceptionBitmapAllCores();
846
847IMPORT_EXPORT_VMM VOID
848BroadcastDisableBreakpointExitingOnExceptionBitmapAllCores();
849
850IMPORT_EXPORT_VMM VOID
851BroadcastEnableDbAndBpExitingAllCores();
852
853IMPORT_EXPORT_VMM VOID
854BroadcastDisableDbAndBpExitingAllCores();
855
856IMPORT_EXPORT_VMM VOID
857BroadcastEnableRdtscExitingAllCores();
858
859IMPORT_EXPORT_VMM VOID
860BroadcastDisableRdtscExitingAllCores();
861
862IMPORT_EXPORT_VMM VOID
863BroadcastChangeAllMsrBitmapReadAllCores(UINT64 BitmapMask);
864
865IMPORT_EXPORT_VMM VOID
866BroadcastResetChangeAllMsrBitmapReadAllCores();
867
868IMPORT_EXPORT_VMM VOID
869BroadcastChangeAllMsrBitmapWriteAllCores(UINT64 BitmapMask);
870
871IMPORT_EXPORT_VMM VOID
872BroadcastResetAllMsrBitmapWriteAllCores();
873
874IMPORT_EXPORT_VMM VOID
875BroadcastDisableRdtscExitingForClearingEventsAllCores();
876
877IMPORT_EXPORT_VMM VOID
878BroadcastDisableMov2ControlRegsExitingForClearingEventsAllCores(PDEBUGGER_EVENT_OPTIONS BroadcastingOption);
879
880IMPORT_EXPORT_VMM VOID
881BroadcastDisableMov2DebugRegsExitingForClearingEventsAllCores();
882
883IMPORT_EXPORT_VMM VOID
884BroadcastEnableRdpmcExitingAllCores();
885
886IMPORT_EXPORT_VMM VOID
887BroadcastDisableRdpmcExitingAllCores();
888
889IMPORT_EXPORT_VMM VOID
890BroadcastSetExceptionBitmapAllCores(UINT64 ExceptionIndex);
891
892IMPORT_EXPORT_VMM VOID
893BroadcastUnsetExceptionBitmapAllCores(UINT64 ExceptionIndex);
894
895IMPORT_EXPORT_VMM VOID
896BroadcastResetExceptionBitmapAllCores();
897
898IMPORT_EXPORT_VMM VOID
899BroadcastEnableMovControlRegisterExitingAllCores(PDEBUGGER_EVENT_OPTIONS BroadcastingOption);
900
901IMPORT_EXPORT_VMM VOID
902BroadcastDisableMovToControlRegistersExitingAllCores(PDEBUGGER_EVENT_OPTIONS BroadcastingOption);
903
904IMPORT_EXPORT_VMM VOID
905BroadcastEnableMovDebugRegistersExitingAllCores();
906
907IMPORT_EXPORT_VMM VOID
908BroadcastDisableMovDebugRegistersExitingAllCores();
909
910IMPORT_EXPORT_VMM VOID
911BroadcastSetExternalInterruptExitingAllCores();
912
913IMPORT_EXPORT_VMM VOID
914BroadcastUnsetExternalInterruptExitingOnlyOnClearingInterruptEventsAllCores();
915
916IMPORT_EXPORT_VMM VOID
917BroadcastIoBitmapChangeAllCores(UINT64 Port);
918
919IMPORT_EXPORT_VMM VOID
920BroadcastIoBitmapResetAllCores();
921
922IMPORT_EXPORT_VMM VOID
923BroadcastEnableMovToCr3ExitingOnAllProcessors();
924
925IMPORT_EXPORT_VMM VOID
926BroadcastDisableMovToCr3ExitingOnAllProcessors();
927
928IMPORT_EXPORT_VMM VOID
929BroadcastEnableEferSyscallEventsOnAllProcessors();
930
931IMPORT_EXPORT_VMM VOID
932BroadcastDisableEferSyscallEventsOnAllProcessors();
UINT16
unsigned short UINT16
Definition BasicTypes.h:47
INT32
signed int INT32
Definition BasicTypes.h:44
BOOLEAN
UCHAR BOOLEAN
Definition BasicTypes.h:39
VOID
#define VOID
Definition BasicTypes.h:33
UINT64
unsigned __int64 UINT64
Definition BasicTypes.h:21
UINT32
unsigned int UINT32
Definition BasicTypes.h:48
CHAR
char CHAR
Definition BasicTypes.h:31
DEBUG_REGISTER_TYPE
enum _DEBUG_REGISTER_TYPE DEBUG_REGISTER_TYPE
POOL_ALLOCATION_INTENTION
enum _POOL_ALLOCATION_INTENTION POOL_ALLOCATION_INTENTION
Inum of intentions for buffers (buffer tag)
PAGING_LEVEL
enum _PAGING_LEVEL PAGING_LEVEL
Different levels of paging.
Address
UINT64 Address
Definition HyperDbgScriptImports.h:67
VmFuncGetCsSelector
IMPORT_EXPORT_VMM UINT16 VmFuncGetCsSelector()
Read CS selector.
Definition Export.c:341
SetGuestLdtr
IMPORT_EXPORT_VMM VOID SetGuestLdtr(UINT64 Ldtr)
Set the Guest Ldtr.
Definition ManageRegs.c:320
BroadcastSetExternalInterruptExitingAllCores
IMPORT_EXPORT_VMM VOID BroadcastSetExternalInterruptExitingAllCores()
routines for !interrupt command which
Definition Broadcast.c:382
SetGuestRSP
IMPORT_EXPORT_VMM VOID SetGuestRSP(UINT64 RSP)
Set the Guest RSP Register.
Definition ManageRegs.c:435
GetGuestCr4
IMPORT_EXPORT_VMM UINT64 GetGuestCr4()
Get the Guest Cr4 value.
Definition ManageRegs.c:502
SetGuestSsSel
IMPORT_EXPORT_VMM VOID SetGuestSsSel(PVMX_SEGMENT_SELECTOR Ss)
Set just the Guest Ss selector.
Definition ManageRegs.c:68
GetGuestCr8
IMPORT_EXPORT_VMM UINT64 GetGuestCr8()
Get the Guest Cr8 value.
Definition ManageRegs.c:516
ConfigureEnableRdpmcExitingOnSingleCore
IMPORT_EXPORT_VMM VOID ConfigureEnableRdpmcExitingOnSingleCore(UINT32 TargetCoreId)
enable RDPMC exiting on a single core
Definition Configuration.c:485
VmFuncUnsetExceptionBitmap
IMPORT_EXPORT_VMM VOID VmFuncUnsetExceptionBitmap(UINT32 CoreId, UINT32 IdtIndex)
Unset exception bitmap in VMCS.
Definition Export.c:267
VmFuncVmxCompatibleWcslen
IMPORT_EXPORT_VMM UINT32 VmFuncVmxCompatibleWcslen(const wchar_t *s)
VMX-root compatible strlen.
Definition Export.c:611
BroadcastEnableMovToCr3ExitingOnAllProcessors
IMPORT_EXPORT_VMM VOID BroadcastEnableMovToCr3ExitingOnAllProcessors()
routines for debugging threads (enable mov-to-cr3 exiting)
Definition Broadcast.c:436
GetGuestIdtr
IMPORT_EXPORT_VMM UINT64 GetGuestIdtr()
Get the Guest Idtr.
Definition ManageRegs.c:304
BroadcastIoBitmapResetAllCores
IMPORT_EXPORT_VMM VOID BroadcastIoBitmapResetAllCores()
routines for reset !ioin and !ioout command
Definition Broadcast.c:422
ConfigureChangeIoBitmapOnSingleCore
IMPORT_EXPORT_VMM VOID ConfigureChangeIoBitmapOnSingleCore(UINT32 TargetCoreId, UINT64 Port)
change I/O port bitmap on a single core
Definition Configuration.c:568
ConfigureEnableMovToCr3ExitingOnAllProcessors
IMPORT_EXPORT_VMM VOID ConfigureEnableMovToCr3ExitingOnAllProcessors()
routines for debugging threads (enable mov-to-cr3 exiting)
Definition Configuration.c:21
MemoryMapperSetSupervisorBitWithoutSwitchingByCr3
IMPORT_EXPORT_VMM BOOLEAN MemoryMapperSetSupervisorBitWithoutSwitchingByCr3(_In_ PVOID Va, _In_ BOOLEAN Set, _In_ PAGING_LEVEL Level, _In_ CR3_TYPE TargetCr3)
GetGuestDr1
IMPORT_EXPORT_VMM UINT64 GetGuestDr1()
Get the Guest Dr1 value.
Definition ManageRegs.c:675
GetGuestEs
IMPORT_EXPORT_VMM VMX_SEGMENT_SELECTOR GetGuestEs()
Get the Guest Es Selector.
Definition ManageRegs.c:274
PoolManagerShowPreAllocatedPools
IMPORT_EXPORT_VMM VOID PoolManagerShowPreAllocatedPools()
Shows list of pre-allocated pools available (used for debugging purposes)
Definition PoolManager.c:177
VmFuncEnableAndCheckForPreviousExternalInterrupts
IMPORT_EXPORT_VMM VOID VmFuncEnableAndCheckForPreviousExternalInterrupts(UINT32 CoreId)
Checks to enable and reinject previous interrupts.
Definition Export.c:812
DirectVmcallResetMsrBitmapWrite
IMPORT_EXPORT_VMM NTSTATUS DirectVmcallResetMsrBitmapWrite(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS *DirectVmcallOptions)
routines for resetting MSR Bitmap Write
Definition DirectVmcall.c:388
DirectVmcallTest
IMPORT_EXPORT_VMM NTSTATUS DirectVmcallTest(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS *DirectVmcallOptions)
routines for test direct VMCALL
Definition DirectVmcall.c:25
BroadcastEnableRdtscExitingAllCores
IMPORT_EXPORT_VMM VOID BroadcastEnableRdtscExitingAllCores()
a broadcast that causes vm-exit on all execution of rdtsc/rdtscp
Definition Broadcast.c:132
VmFuncUnRegisterMtfBreak
IMPORT_EXPORT_VMM VOID VmFuncUnRegisterMtfBreak(UINT32 CoreId)
Unregister for break in the case of an MTF.
Definition Export.c:86
GetGuestCs
IMPORT_EXPORT_VMM VMX_SEGMENT_SELECTOR GetGuestCs()
Get the Guest Cs Selector.
Definition ManageRegs.c:49
DirectVmcallEnableExternalInterruptExiting
IMPORT_EXPORT_VMM NTSTATUS DirectVmcallEnableExternalInterruptExiting(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS *DirectVmcallOptions)
routines for enabling external interrupt exiting
Definition DirectVmcall.c:198
SetGuestGdtr
IMPORT_EXPORT_VMM VOID SetGuestGdtr(UINT64 Gdtr)
Set the Guest Gdtr.
Definition ManageRegs.c:347
BroadcastResetChangeAllMsrBitmapReadAllCores
IMPORT_EXPORT_VMM VOID BroadcastResetChangeAllMsrBitmapReadAllCores()
routines for disable (reset) !msrread command
Definition Broadcast.c:173
VmFuncSetTriggerEventForVmcalls
IMPORT_EXPORT_VMM VOID VmFuncSetTriggerEventForVmcalls(BOOLEAN Set)
Set triggering events for VMCALLs.
Definition Export.c:575
DirectVmcallUnsetExceptionBitmap
IMPORT_EXPORT_VMM NTSTATUS DirectVmcallUnsetExceptionBitmap(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS *DirectVmcallOptions)
routines for unsetting exception bitmap on VMCS
Definition DirectVmcall.c:312
MemoryMapperCheckIfPageIsNxBitSetOnTargetProcess
IMPORT_EXPORT_VMM BOOLEAN MemoryMapperCheckIfPageIsNxBitSetOnTargetProcess(_In_ PVOID Va)
ConfigureSetEferSyscallOrSysretHookType
IMPORT_EXPORT_VMM VOID ConfigureSetEferSyscallOrSysretHookType(DEBUGGER_EVENT_SYSCALL_SYSRET_TYPE SyscallHookType)
routines for setting EFER syscall or sysret hooks type
Definition Configuration.c:439
VmFuncSetRflagTrapFlag
IMPORT_EXPORT_VMM VOID VmFuncSetRflagTrapFlag(BOOLEAN Set)
Set Rflag's trap flag.
Definition Export.c:110
SwitchToCurrentProcessMemoryLayout
IMPORT_EXPORT_VMM CR3_TYPE SwitchToCurrentProcessMemoryLayout()
Switch to guest's running process's cr3.
Definition SwitchLayout.c:70
DisassemblerShowOneInstructionInVmxNonRootMode
IMPORT_EXPORT_VMM BOOLEAN DisassemblerShowOneInstructionInVmxNonRootMode(PVOID Address, UINT64 ActualRip, BOOLEAN Is32Bit)
Disassembler show only one instruction.
Definition Disassembler.c:121
TransparentUnhideDebugger
IMPORT_EXPORT_VMM NTSTATUS TransparentUnhideDebugger()
Deactivate transparent-mode.
Definition Transparency.c:425
CheckAccessValidityAndSafety
IMPORT_EXPORT_VMM BOOLEAN CheckAccessValidityAndSafety(UINT64 TargetAddress, UINT32 Size)
Check the safety to access the memory.
Definition AddressCheck.c:156
DirectVmcallDisableMov2DrExitingForClearingDrEvents
IMPORT_EXPORT_VMM NTSTATUS DirectVmcallDisableMov2DrExitingForClearingDrEvents(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS *DirectVmcallOptions)
routines for clearing mov 2 hw dr exiting bit ONLY in the case of disabling the events for !...
Definition DirectVmcall.c:504
SetDebugRegisters
IMPORT_EXPORT_VMM BOOLEAN SetDebugRegisters(UINT32 DebugRegNum, DEBUG_REGISTER_TYPE ActionType, BOOLEAN ApplyToVmcs, UINT64 TargetAddress)
Configure hardware debug register for access, write and fetch breakpoints.
Definition DebugRegisters.c:37
SwitchToPreviousProcess
IMPORT_EXPORT_VMM VOID SwitchToPreviousProcess(_In_ CR3_TYPE PreviousProcess)
SetGuestDr6
IMPORT_EXPORT_VMM VOID SetGuestDr6(UINT64 value)
Set the Guest Dr6 Register.
Definition ManageRegs.c:639
VmFuncSetRflags
IMPORT_EXPORT_VMM VOID VmFuncSetRflags(UINT64 Rflags)
Set guest's RFLAGS.
Definition Export.c:364
DirectVmcallPerformVmcall
IMPORT_EXPORT_VMM NTSTATUS DirectVmcallPerformVmcall(UINT32 CoreId, UINT64 VmcallNumber, DIRECT_VMCALL_PARAMETERS *DirectVmcallOptions)
routines for performing a direct VMCALL
Definition DirectVmcall.c:45
ConfigureEnableMovToDebugRegistersExitingOnSingleCore
IMPORT_EXPORT_VMM VOID ConfigureEnableMovToDebugRegistersExitingOnSingleCore(UINT32 TargetCoreId)
enable mov 2 debug register exiting on a single core
Definition Configuration.c:498
DirectVmcallUnhookSinglePage
IMPORT_EXPORT_VMM NTSTATUS DirectVmcallUnhookSinglePage(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS *DirectVmcallOptions)
routines for restoring a single EPT entry and invalidating EPT cache
Definition DirectVmcall.c:331
VmFuncSetMonitorTrapFlag
IMPORT_EXPORT_VMM VOID VmFuncSetMonitorTrapFlag(BOOLEAN Set)
Set the monitor trap flag.
Definition Export.c:98
PhysicalAddressToVirtualAddressOnTargetProcess
IMPORT_EXPORT_VMM UINT64 PhysicalAddressToVirtualAddressOnTargetProcess(_In_ PVOID PhysicalAddress)
VmFuncInvalidateEptSingleContext
IMPORT_EXPORT_VMM VOID VmFuncInvalidateEptSingleContext(UINT32 CoreId)
Requests for single-context EPT invalidation.
Definition Export.c:478
VmFuncSetMovDebugRegsExiting
IMPORT_EXPORT_VMM VOID VmFuncSetMovDebugRegsExiting(UINT32 CoreId, BOOLEAN Set)
Set or unset the Mov to Debug Registers Exiting.
Definition Export.c:306
GetGuestGdtr
IMPORT_EXPORT_VMM UINT64 GetGuestGdtr()
Get the Guest Gdtr.
Definition ManageRegs.c:358
VmFuncVmxBroadcastUninitialize
IMPORT_EXPORT_VMM VOID VmFuncVmxBroadcastUninitialize()
Export for uninitialize the VMX Broadcast mechanism.
Definition Export.c:708
SetGuestSs
IMPORT_EXPORT_VMM VOID SetGuestSs(PVMX_SEGMENT_SELECTOR Ss)
Set the Guest Ss selector.
Definition ManageRegs.c:80
VmFuncChangeIgnoreOneMtfState
IMPORT_EXPORT_VMM VOID VmFuncChangeIgnoreOneMtfState(UINT32 CoreId, BOOLEAN Set)
Change ignore one MTF state.
Definition Export.c:60
MemoryMapperReadMemorySafe
IMPORT_EXPORT_VMM BOOLEAN MemoryMapperReadMemorySafe(_In_ UINT64 VaAddressToRead, _Inout_ PVOID BufferToSaveMemory, _In_ SIZE_T SizeToRead)
DirectVmcallEnableRdpmcExiting
IMPORT_EXPORT_VMM NTSTATUS DirectVmcallEnableRdpmcExiting(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS *DirectVmcallOptions)
routines for enabling rdpmc exiting
Definition DirectVmcall.c:122
CheckAddressMaximumInstructionLength
IMPORT_EXPORT_VMM UINT32 CheckAddressMaximumInstructionLength(PVOID Address)
This function returns the maximum instruction length that can be read from this address.
Definition AddressCheck.c:306
MemoryMapperGetPteVaWithoutSwitchingByCr3
IMPORT_EXPORT_VMM PVOID MemoryMapperGetPteVaWithoutSwitchingByCr3(_In_ PVOID Va, _In_ PAGING_LEVEL Level, _In_ CR3_TYPE TargetCr3)
MemoryMapperCheckIfPdeIsLargePageOnTargetProcess
IMPORT_EXPORT_VMM BOOLEAN MemoryMapperCheckIfPdeIsLargePageOnTargetProcess(_In_ PVOID Va)
BroadcastEnableDbAndBpExitingAllCores
IMPORT_EXPORT_VMM VOID BroadcastEnableDbAndBpExitingAllCores()
routines to set vm-exit on all #DBs and #BP on all cores
Definition Broadcast.c:35
SetGuestCr3
IMPORT_EXPORT_VMM VOID SetGuestCr3(UINT64 Cr3)
Set the Guest Cr3 Register.
Definition ManageRegs.c:555
VmFuncSuppressRipIncrement
IMPORT_EXPORT_VMM VOID VmFuncSuppressRipIncrement(UINT32 CoreId)
Suppress the incrementation of RIP.
Definition Export.c:34
MemoryMapperFreeMemoryOnTargetProcess
IMPORT_EXPORT_VMM BOOLEAN MemoryMapperFreeMemoryOnTargetProcess(_In_ UINT32 ProcessId, _Inout_ PVOID BaseAddress)
VmFuncVmxCompatibleWcscmp
IMPORT_EXPORT_VMM INT32 VmFuncVmxCompatibleWcscmp(const wchar_t *Address1, const wchar_t *Address2)
VMX-root compatible wcscmp.
Definition Export.c:759
SetGuestDr0
IMPORT_EXPORT_VMM VOID SetGuestDr0(UINT64 value)
Set the Guest Dr0 Register.
Definition ManageRegs.c:591
GetGuestLdtr
IMPORT_EXPORT_VMM UINT64 GetGuestLdtr()
Get the Guest Ldtr.
Definition ManageRegs.c:331
VmFuncSetNmiWindowExiting
IMPORT_EXPORT_VMM VOID VmFuncSetNmiWindowExiting(BOOLEAN Set)
Set NMI-window exiting.
Definition Export.c:227
BroadcastResetAllMsrBitmapWriteAllCores
IMPORT_EXPORT_VMM VOID BroadcastResetAllMsrBitmapWriteAllCores()
routines for reset !msrwrite command which
Definition Broadcast.c:200
VmFuncEnableMtfAndChangeExternalInterruptState
IMPORT_EXPORT_VMM VOID VmFuncEnableMtfAndChangeExternalInterruptState(UINT32 CoreId)
Enables MTF and adjust external interrupt state.
Definition Export.c:799
ConfigureModeBasedExecHookUninitializeOnAllProcessors
IMPORT_EXPORT_VMM VOID ConfigureModeBasedExecHookUninitializeOnAllProcessors()
routines for initializing Mode-based execution hooks
Definition Configuration.c:83
VmFuncSetPmcVmexit
IMPORT_EXPORT_VMM VOID VmFuncSetPmcVmexit(BOOLEAN Set)
Set vm-exit for rdpmc instructions.
Definition Export.c:147
BroadcastEnableRdpmcExitingAllCores
IMPORT_EXPORT_VMM VOID BroadcastEnableRdpmcExitingAllCores()
routines for !pmc
Definition Broadcast.c:254
BroadcastEnableMovDebugRegistersExitingAllCores
IMPORT_EXPORT_VMM VOID BroadcastEnableMovDebugRegistersExitingAllCores()
routines for !dr
Definition Broadcast.c:355
VmFuncGetRflags
IMPORT_EXPORT_VMM UINT64 VmFuncGetRflags()
Read guest's RFLAGS.
Definition Export.c:352
SetGuestCr8
IMPORT_EXPORT_VMM VOID SetGuestCr8(UINT64 Cr8)
Set the Guest Cr8 Register.
Definition ManageRegs.c:579
MemoryMapperGetPteVaOnTargetProcess
IMPORT_EXPORT_VMM PVOID MemoryMapperGetPteVaOnTargetProcess(_In_ PVOID Va, _In_ PAGING_LEVEL Level)
DisassemblerShowOneInstructionInVmxRootMode
IMPORT_EXPORT_VMM UINT32 DisassemblerShowOneInstructionInVmxRootMode(PVOID Address, BOOLEAN Is32Bit)
Shows the disassembly of only one instruction.
Definition Disassembler.c:328
TransparentHideDebugger
IMPORT_EXPORT_VMM NTSTATUS TransparentHideDebugger(PDEBUGGER_HIDE_AND_TRANSPARENT_DEBUGGER_MODE Measurements)
Hide debugger on transparent-mode (activate transparent-mode)
Definition Transparency.c:356
ConfigureDisableEferSyscallEventsOnAllProcessors
IMPORT_EXPORT_VMM VOID ConfigureDisableEferSyscallEventsOnAllProcessors()
routines for disabling syscall hooks on all cores
Definition Configuration.c:143
SetGuestDr1
IMPORT_EXPORT_VMM VOID SetGuestDr1(UINT64 value)
Set the Guest Dr1 Register.
Definition ManageRegs.c:603
VirtualAddressToPhysicalAddressOnTargetProcess
IMPORT_EXPORT_VMM UINT64 VirtualAddressToPhysicalAddressOnTargetProcess(_In_ PVOID VirtualAddress)
VmFuncChangeMtfUnsettingState
IMPORT_EXPORT_VMM VOID VmFuncChangeMtfUnsettingState(UINT32 CoreId, BOOLEAN Set)
Suppress unsetting MTF.
Definition Export.c:47
VmFuncSetInterruptibilityState
IMPORT_EXPORT_VMM VOID VmFuncSetInterruptibilityState(UINT64 InterruptibilityState)
Set guest's interruptibility state.
Definition Export.c:421
BroadcastIoBitmapChangeAllCores
IMPORT_EXPORT_VMM VOID BroadcastIoBitmapChangeAllCores(UINT64 Port)
routines for !ioin and !ioout command which
Definition Broadcast.c:409
SetGuestTr
IMPORT_EXPORT_VMM VOID SetGuestTr(UINT64 Tr)
Definition ManageRegs.c:372
ConfigureDisableMovToCr3ExitingOnAllProcessors
IMPORT_EXPORT_VMM VOID ConfigureDisableMovToCr3ExitingOnAllProcessors()
routines for debugging threads (disable mov-to-cr3 exiting)
Definition Configuration.c:116
MemoryMapperWriteMemorySafeOnTargetProcess
IMPORT_EXPORT_VMM BOOLEAN MemoryMapperWriteMemorySafeOnTargetProcess(_Inout_ UINT64 Destination, _In_ PVOID Source, _In_ SIZE_T Size)
BroadcastChangeAllMsrBitmapReadAllCores
IMPORT_EXPORT_VMM VOID BroadcastChangeAllMsrBitmapReadAllCores(UINT64 BitmapMask)
routines for !msrread command which
Definition Broadcast.c:160
DirectVmcallDisableRdtscExitingForClearingTscEvents
IMPORT_EXPORT_VMM NTSTATUS DirectVmcallDisableRdtscExitingForClearingTscEvents(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS *DirectVmcallOptions)
routines for clearing rdtsc exiting bit ONLY in the case of disabling the events for !...
Definition DirectVmcall.c:446
ConfigureUninitializeExecTrapOnAllProcessors
IMPORT_EXPORT_VMM VOID ConfigureUninitializeExecTrapOnAllProcessors()
routines for uninitializing user-mode, kernel-mode exec trap
Definition Configuration.c:48
DirectVmcallDisableEferSyscallEvents
IMPORT_EXPORT_VMM NTSTATUS DirectVmcallDisableEferSyscallEvents(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS *DirectVmcallOptions)
routines for disabling syscall hook using EFER SCE bit
Definition DirectVmcall.c:484
MemoryMapperGetPteVa
IMPORT_EXPORT_VMM PVOID MemoryMapperGetPteVa(_In_ PVOID Va, _In_ PAGING_LEVEL Level)
VmFuncSetRip
IMPORT_EXPORT_VMM VOID VmFuncSetRip(UINT64 Rip)
Set guest's RIP.
Definition Export.c:387
DirectVmcallChangeMsrBitmapRead
IMPORT_EXPORT_VMM NTSTATUS DirectVmcallChangeMsrBitmapRead(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS *DirectVmcallOptions)
routines for changing MSR Bitmap (Read)
Definition DirectVmcall.c:65
ConfigureEptHookUnHookSingleAddressFromVmxRoot
IMPORT_EXPORT_VMM BOOLEAN ConfigureEptHookUnHookSingleAddressFromVmxRoot(UINT64 VirtualAddress, UINT64 PhysAddress, EPT_SINGLE_HOOK_UNHOOKING_DETAILS *TargetUnhookingDetails)
Remove single hook from the hooked pages list and invalidate TLB.
Definition Configuration.c:209
ConfigureChangeMsrBitmapReadOnSingleCore
IMPORT_EXPORT_VMM VOID ConfigureChangeMsrBitmapReadOnSingleCore(UINT32 TargetCoreId, UINT64 MsrMask)
change the mask of msr bitmaps for read on a single core
Definition Configuration.c:554
VmFuncSetMovToCr3Vmexit
IMPORT_EXPORT_VMM VOID VmFuncSetMovToCr3Vmexit(UINT32 CoreId, BOOLEAN Set)
Set vm-exit for mov-to-cr3.
Definition Export.c:177
BroadcastDisableMovToCr3ExitingOnAllProcessors
IMPORT_EXPORT_VMM VOID BroadcastDisableMovToCr3ExitingOnAllProcessors()
routines for debugging threads (disable mov-to-cr3 exiting)
Definition Broadcast.c:491
GetGuestDr2
IMPORT_EXPORT_VMM UINT64 GetGuestDr2()
Get the Guest Dr2 value.
Definition ManageRegs.c:688
ConfigureEptHookModifyPageWriteState
IMPORT_EXPORT_VMM BOOLEAN ConfigureEptHookModifyPageWriteState(UINT32 CoreId, PVOID PhysicalAddress, BOOLEAN IsUnset)
Change PML EPT state for write @detail should be called from VMX-root.
Definition Configuration.c:411
VmFuncRegisterMtfBreak
IMPORT_EXPORT_VMM VOID VmFuncRegisterMtfBreak(UINT32 CoreId)
Register for break in the case of an MTF.
Definition Export.c:73
MemoryManagerReadProcessMemoryNormal
IMPORT_EXPORT_VMM BOOLEAN MemoryManagerReadProcessMemoryNormal(HANDLE PID, PVOID Address, DEBUGGER_READ_MEMORY_TYPE MemType, PVOID UserBuffer, SIZE_T Size, PSIZE_T ReturnSize)
Read process memory.
Definition MemoryManager.c:29
GetGuestDs
IMPORT_EXPORT_VMM VMX_SEGMENT_SELECTOR GetGuestDs()
Get the Guest Ds Selector.
Definition ManageRegs.c:139
VmFuncWriteExceptionBitmap
IMPORT_EXPORT_VMM VOID VmFuncWriteExceptionBitmap(UINT32 BitmapMask)
Write on exception bitmap in VMCS DO NOT CALL IT DIRECTLY, instead use HvSetExceptionBitmap.
Definition Export.c:191
BroadcastEnableEferSyscallEventsOnAllProcessors
IMPORT_EXPORT_VMM VOID BroadcastEnableEferSyscallEventsOnAllProcessors()
routines for enabling syscall hooks on all cores
Definition Broadcast.c:502
BroadcastDisableMov2DebugRegsExitingForClearingEventsAllCores
IMPORT_EXPORT_VMM VOID BroadcastDisableMov2DebugRegsExitingForClearingEventsAllCores()
routines ONLY for disabling !dr command
Definition Broadcast.c:240
BroadcastUnsetExceptionBitmapAllCores
IMPORT_EXPORT_VMM VOID BroadcastUnsetExceptionBitmapAllCores(UINT64 ExceptionIndex)
routines for disabling exception bitmap
Definition Broadcast.c:299
BroadcastEnableBreakpointExitingOnExceptionBitmapAllCores
IMPORT_EXPORT_VMM VOID BroadcastEnableBreakpointExitingOnExceptionBitmapAllCores()
routines to enable vm-exit for breakpoints (exception bitmap)
Definition Broadcast.c:63
GetGuestDr3
IMPORT_EXPORT_VMM UINT64 GetGuestDr3()
Get the Guest Dr3 value.
Definition ManageRegs.c:701
ConfigureExecTrapAddProcessToWatchingList
IMPORT_EXPORT_VMM BOOLEAN ConfigureExecTrapAddProcessToWatchingList(UINT32 ProcessId)
Add the target process to the watching list.
Definition Configuration.c:60
GetGuestRFlags
IMPORT_EXPORT_VMM UINT64 GetGuestRFlags()
Get the Guest Rflags value.
Definition ManageRegs.c:409
VmFuncVmxGetCurrentExecutionMode
IMPORT_EXPORT_VMM BOOLEAN VmFuncVmxGetCurrentExecutionMode()
Get the current VMX operation state.
Definition Export.c:552
SetGuestDsSel
IMPORT_EXPORT_VMM VOID SetGuestDsSel(PVMX_SEGMENT_SELECTOR Ds)
Set just the Guest Ds selector.
Definition ManageRegs.c:113
SetGuestEsSel
IMPORT_EXPORT_VMM VOID SetGuestEsSel(PVMX_SEGMENT_SELECTOR Es)
Set just the Guest Es selector.
Definition ManageRegs.c:248
ConfigureDirtyLoggingUninitializeOnAllProcessors
IMPORT_EXPORT_VMM VOID ConfigureDirtyLoggingUninitializeOnAllProcessors()
routines for uninitializing dirty logging mechanism
Definition Configuration.c:105
MemoryMapperWriteMemorySafe
IMPORT_EXPORT_VMM BOOLEAN MemoryMapperWriteMemorySafe(_Inout_ UINT64 Destination, _In_ PVOID Source, _In_ SIZE_T SizeToWrite, _In_ CR3_TYPE TargetProcessCr3)
ConfigureEptHook2
IMPORT_EXPORT_VMM BOOLEAN ConfigureEptHook2(UINT32 CoreId, PVOID TargetAddress, PVOID HookFunction, UINT32 ProcessId)
This function allocates a buffer in VMX Non Root Mode and then invokes a VMCALL to set the hook (inli...
Definition Configuration.c:295
BroadcastDisableMovDebugRegistersExitingAllCores
IMPORT_EXPORT_VMM VOID BroadcastDisableMovDebugRegistersExitingAllCores()
routines for disabling !dr
Definition Broadcast.c:368
GetGuestSs
IMPORT_EXPORT_VMM VMX_SEGMENT_SELECTOR GetGuestSs()
Get the Guest Ss Selector.
Definition ManageRegs.c:94
VmFuncGetInterruptibilityState
IMPORT_EXPORT_VMM UINT64 VmFuncGetInterruptibilityState()
Read guest's interruptibility state.
Definition Export.c:398
GetGuestRIP
IMPORT_EXPORT_VMM UINT64 GetGuestRIP()
Get the Guest RIP value.
Definition ManageRegs.c:446
VmFuncInitVmm
IMPORT_EXPORT_VMM BOOLEAN VmFuncInitVmm(VMM_CALLBACKS *VmmCallbacks)
Initializes hypervisor.
Definition Export.c:530
DisassemblerShowInstructionsInVmxNonRootMode
IMPORT_EXPORT_VMM BOOLEAN DisassemblerShowInstructionsInVmxNonRootMode(PVOID Address, UINT32 Length, BOOLEAN Is32Bit)
Disassembler show the instructions.
Definition Disassembler.c:26
SetGuestCr0
IMPORT_EXPORT_VMM VOID SetGuestCr0(UINT64 Cr0)
Set the Guest Cr0 Register.
Definition ManageRegs.c:531
GetGuestGs
IMPORT_EXPORT_VMM VMX_SEGMENT_SELECTOR GetGuestGs()
Get the Guest Gs Selector.
Definition ManageRegs.c:229
SwitchToProcessMemoryLayout
IMPORT_EXPORT_VMM CR3_TYPE SwitchToProcessMemoryLayout(_In_ UINT32 ProcessId)
VmFuncReadExceptionBitmap
IMPORT_EXPORT_VMM UINT32 VmFuncReadExceptionBitmap()
Read exception bitmap in VMCS.
Definition Export.c:203
PhysicalAddressToVirtualAddress
IMPORT_EXPORT_VMM UINT64 PhysicalAddressToVirtualAddress(_In_ UINT64 PhysicalAddress)
PoolManagerRequestPool
IMPORT_EXPORT_VMM UINT64 PoolManagerRequestPool(POOL_ALLOCATION_INTENTION Intention, BOOLEAN RequestNewPool, UINT32 Size)
This function should be called from vmx-root in order to get a pool from the list.
Definition PoolManager.c:212
GetGuestCr0
IMPORT_EXPORT_VMM UINT64 GetGuestCr0()
Get the Guest Cr0 value.
Definition ManageRegs.c:460
ConfigureEptHookMonitorFromVmxRoot
IMPORT_EXPORT_VMM BOOLEAN ConfigureEptHookMonitorFromVmxRoot(UINT32 CoreId, EPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR *MemoryAddressDetails)
This function allocates a buffer in VMX Non Root Mode and then invokes a VMCALL to set the hook.
Definition Configuration.c:358
VmFuncVmxCompatibleStrncmp
IMPORT_EXPORT_VMM INT32 VmFuncVmxCompatibleStrncmp(const CHAR *Address1, const CHAR *Address2, SIZE_T Num)
VMX-root compatible strncmp.
Definition Export.c:746
SetGuestCr2
IMPORT_EXPORT_VMM VOID SetGuestCr2(UINT64 Cr2)
Set the Guest Cr2 Register.
Definition ManageRegs.c:543
SetGuestGsSel
IMPORT_EXPORT_VMM VOID SetGuestGsSel(PVMX_SEGMENT_SELECTOR Gs)
Set just the Guest Gs selector.
Definition ManageRegs.c:203
IMPORT_EXPORT_VMM
#define IMPORT_EXPORT_VMM
Definition HyperDbgVmmImports.h:16
VmFuncEventInjectPageFaultRangeAddress
IMPORT_EXPORT_VMM VOID VmFuncEventInjectPageFaultRangeAddress(UINT32 CoreId, UINT64 AddressFrom, UINT64 AddressTo, UINT32 PageFaultCode)
Inject a range of page-faults.
Definition Export.c:643
SetGuestDr2
IMPORT_EXPORT_VMM VOID SetGuestDr2(UINT64 value)
Set the Guest Dr2 Register.
Definition ManageRegs.c:615
ConfigureEptHookFromVmxRoot
IMPORT_EXPORT_VMM BOOLEAN ConfigureEptHookFromVmxRoot(PVOID TargetAddress)
This function invokes a direct VMCALL to setup the hook.
Definition Configuration.c:278
VmFuncClearSteppingBits
IMPORT_EXPORT_VMM UINT64 VmFuncClearSteppingBits(UINT64 Interruptibility)
Clear STI and MOV SS bits.
Definition Export.c:409
ConfigureSetExceptionBitmapOnSingleCore
IMPORT_EXPORT_VMM VOID ConfigureSetExceptionBitmapOnSingleCore(UINT32 TargetCoreId, UINT32 BitMask)
set exception bitmap on a single core
Definition Configuration.c:512
DirectVmcallInvalidateEptAllContexts
IMPORT_EXPORT_VMM NTSTATUS DirectVmcallInvalidateEptAllContexts(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS *DirectVmcallOptions)
routines for invalidating EPT (All Contexts)
Definition DirectVmcall.c:274
DirectVmcallResetIoBitmap
IMPORT_EXPORT_VMM NTSTATUS DirectVmcallResetIoBitmap(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS *DirectVmcallOptions)
routines for resetting I/O Bitmaps (A & B)
Definition DirectVmcall.c:426
ConfigureSetExternalInterruptExitingOnSingleCore
IMPORT_EXPORT_VMM VOID ConfigureSetExternalInterruptExitingOnSingleCore(UINT32 TargetCoreId)
set external interrupt exiting on a single core
Definition Configuration.c:459
ConfigureEptHookMonitor
IMPORT_EXPORT_VMM BOOLEAN ConfigureEptHookMonitor(UINT32 CoreId, EPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR *HookingDetails, UINT32 ProcessId)
This function allocates a buffer in VMX Non Root Mode and then invokes a VMCALL to set the hook.
Definition Configuration.c:318
SetGuestCsSel
IMPORT_EXPORT_VMM VOID SetGuestCsSel(PVMX_SEGMENT_SELECTOR Cs)
Set just the Guest Cs selector.
Definition ManageRegs.c:22
BroadcastDisableBreakpointExitingOnExceptionBitmapAllCores
IMPORT_EXPORT_VMM VOID BroadcastDisableBreakpointExitingOnExceptionBitmapAllCores()
routines to disable vm-exit for breakpoints (exception bitmap)
Definition Broadcast.c:77
BroadcastDisableDbAndBpExitingAllCores
IMPORT_EXPORT_VMM VOID BroadcastDisableDbAndBpExitingAllCores()
routines to unset vm-exit on all #DBs and #BP on all cores
Definition Broadcast.c:49
DirectVmcallResetExceptionBitmapOnlyOnClearingExceptionEvents
IMPORT_EXPORT_VMM NTSTATUS DirectVmcallResetExceptionBitmapOnlyOnClearingExceptionEvents(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS *DirectVmcallOptions)
routines for resetting exception bitmap on VMCS
Definition DirectVmcall.c:407
PoolManagerFreePool
IMPORT_EXPORT_VMM BOOLEAN PoolManagerFreePool(UINT64 AddressToFree)
This function set a pool flag to be freed, and it will be freed on the next IOCTL when it's safe to r...
Definition PoolManager.c:136
MemoryMapperReserveUsermodeAddressOnTargetProcess
IMPORT_EXPORT_VMM UINT64 MemoryMapperReserveUsermodeAddressOnTargetProcess(_In_ UINT32 ProcessId, _In_ BOOLEAN Allocate)
SetGuestRIP
IMPORT_EXPORT_VMM VOID SetGuestRIP(UINT64 RIP)
Set the Guest RIP Register.
Definition ManageRegs.c:423
VmFuncVmxCompatibleMemcmp
IMPORT_EXPORT_VMM INT32 VmFuncVmxCompatibleMemcmp(const CHAR *Address1, const CHAR *Address2, size_t Count)
VMX-root compatible memcmp.
Definition Export.c:787
DirectVmcallEnableRdtscpExiting
IMPORT_EXPORT_VMM NTSTATUS DirectVmcallEnableRdtscpExiting(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS *DirectVmcallOptions)
routines for enabling rdtsc/rdtscp exiting
Definition DirectVmcall.c:141
ConfigureEnableMovToControlRegisterExitingOnSingleCore
IMPORT_EXPORT_VMM VOID ConfigureEnableMovToControlRegisterExitingOnSingleCore(UINT32 TargetCoreId, DEBUGGER_EVENT_OPTIONS *BroadcastingOption)
enable mov 2 control register on a single core
Definition Configuration.c:526
SetGuestDr7
IMPORT_EXPORT_VMM VOID SetGuestDr7(UINT64 value)
Set the Guest Dr7 Register.
Definition ManageRegs.c:651
VmFuncSetLoadDebugControls
IMPORT_EXPORT_VMM VOID VmFuncSetLoadDebugControls(BOOLEAN Set)
Set LOAD DEBUG CONTROLS on Vm-entry controls.
Definition Export.c:122
MemoryMapperWriteMemoryUnsafe
IMPORT_EXPORT_VMM BOOLEAN MemoryMapperWriteMemoryUnsafe(_Inout_ UINT64 Destination, _In_ PVOID Source, _In_ SIZE_T SizeToWrite, _In_ UINT32 TargetProcessId)
VirtualAddressToPhysicalAddress
IMPORT_EXPORT_VMM UINT64 VirtualAddressToPhysicalAddress(_In_ PVOID VirtualAddress)
Converts Virtual Address to Physical Address.
Definition Conversion.c:154
BroadcastUnsetExternalInterruptExitingOnlyOnClearingInterruptEventsAllCores
IMPORT_EXPORT_VMM VOID BroadcastUnsetExternalInterruptExitingOnlyOnClearingInterruptEventsAllCores()
routines for ONLY terminate !interrupt command
Definition Broadcast.c:395
DirectVmcallDisableRdpmcExiting
IMPORT_EXPORT_VMM NTSTATUS DirectVmcallDisableRdpmcExiting(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS *DirectVmcallOptions)
routines for disabling rdpmc exiting in primary cpu-based controls
Definition DirectVmcall.c:465
BroadcastSetExceptionBitmapAllCores
IMPORT_EXPORT_VMM VOID BroadcastSetExceptionBitmapAllCores(UINT64 ExceptionIndex)
routines for !exception command which
Definition Broadcast.c:283
ConfigureEptHookUnHookSingleAddress
IMPORT_EXPORT_VMM BOOLEAN ConfigureEptHookUnHookSingleAddress(UINT64 VirtualAddress, UINT64 PhysAddress, UINT32 ProcessId)
Remove single hook from the hooked pages list and invalidate TLB.
Definition Configuration.c:188
VmFuncNmiBroadcastInvalidateEptAllContexts
IMPORT_EXPORT_VMM BOOLEAN VmFuncNmiBroadcastInvalidateEptAllContexts(UINT32 CoreId)
Broadcast NMI requests for all contexts EPT invalidation.
Definition Export.c:463
ConfigureEnableRdtscExitingOnSingleCore
IMPORT_EXPORT_VMM VOID ConfigureEnableRdtscExitingOnSingleCore(UINT32 TargetCoreId)
enable RDTSC exiting on a single core
Definition Configuration.c:472
ConfigureEptHook
IMPORT_EXPORT_VMM BOOLEAN ConfigureEptHook(PVOID TargetAddress, UINT32 ProcessId)
This function invokes a VMCALL to set the hook and broadcast the exiting for the breakpoints on excep...
Definition Configuration.c:261
BroadcastDisableMovToControlRegistersExitingAllCores
IMPORT_EXPORT_VMM VOID BroadcastDisableMovToControlRegistersExitingAllCores(PDEBUGGER_EVENT_OPTIONS BroadcastingOption)
routines for disabling !crwrite
Definition Broadcast.c:341
VirtualAddressToPhysicalAddressByProcessCr3
IMPORT_EXPORT_VMM UINT64 VirtualAddressToPhysicalAddressByProcessCr3(_In_ PVOID VirtualAddress, _In_ CR3_TYPE TargetCr3)
MemoryMapperWriteMemorySafeByPhysicalAddress
IMPORT_EXPORT_VMM BOOLEAN MemoryMapperWriteMemorySafeByPhysicalAddress(_Inout_ UINT64 DestinationPa, _In_ UINT64 Source, _In_ SIZE_T SizeToWrite)
LayoutGetExactGuestProcessCr3
IMPORT_EXPORT_VMM CR3_TYPE LayoutGetExactGuestProcessCr3()
Get cr3 of the target running process.
Definition Layout.c:75
VmFuncEventInjectBreakpoint
IMPORT_EXPORT_VMM VOID VmFuncEventInjectBreakpoint()
Inject #BP to the guest (Event Injection)
Definition Export.c:719
ConfigureEnableEferSyscallHookOnSingleCore
IMPORT_EXPORT_VMM VOID ConfigureEnableEferSyscallHookOnSingleCore(UINT32 TargetCoreId)
routines for enabling EFER syscall hooks on a single core
Definition Configuration.c:426
ConfigureEptHookModifyPageReadState
IMPORT_EXPORT_VMM BOOLEAN ConfigureEptHookModifyPageReadState(UINT32 CoreId, PVOID PhysicalAddress, BOOLEAN IsUnset)
Change PML EPT state for read @detail should be called from VMX-root.
Definition Configuration.c:393
SetGuestCr4
IMPORT_EXPORT_VMM VOID SetGuestCr4(UINT64 Cr4)
Set the Guest Cr4 Register.
Definition ManageRegs.c:567
VmFuncNmiBroadcastInvalidateEptSingleContext
IMPORT_EXPORT_VMM BOOLEAN VmFuncNmiBroadcastInvalidateEptSingleContext(UINT32 CoreId)
Broadcast NMI requests for single-context EPT invalidation.
Definition Export.c:448
VmFuncSetMovControlRegsExiting
IMPORT_EXPORT_VMM VOID VmFuncSetMovControlRegsExiting(BOOLEAN Set, UINT64 ControlRegister, UINT64 MaskRegister)
Set vm-exit for mov-to-cr0/4.
Definition Export.c:162
VmFuncEventInjectInterruption
IMPORT_EXPORT_VMM VOID VmFuncEventInjectInterruption(UINT32 InterruptionType, UINT32 Vector, BOOLEAN DeliverErrorCode, UINT32 ErrorCode)
Inject interrupt/faults/exceptions.
Definition Export.c:662
DirectVmcallDisableMov2CrExitingForClearingCrEvents
IMPORT_EXPORT_VMM NTSTATUS DirectVmcallDisableMov2CrExitingForClearingCrEvents(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS *DirectVmcallOptions)
routines for clearing mov 2 cr exiting bit ONLY in the case of disabling the events for !...
Definition DirectVmcall.c:524
BroadcastDisableMov2ControlRegsExitingForClearingEventsAllCores
IMPORT_EXPORT_VMM VOID BroadcastDisableMov2ControlRegsExitingForClearingEventsAllCores(PDEBUGGER_EVENT_OPTIONS BroadcastingOption)
routines ONLY for disabling !crwrite command
Definition Broadcast.c:227
GetGuestCr3
IMPORT_EXPORT_VMM UINT64 GetGuestCr3()
Get the Guest Cr3 value.
Definition ManageRegs.c:488
DirectVmcallSetHiddenBreakpointHook
IMPORT_EXPORT_VMM NTSTATUS DirectVmcallSetHiddenBreakpointHook(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS *DirectVmcallOptions)
routines for putting hidden breakpoints (using EPT)
Definition DirectVmcall.c:255
CheckAddressValidityUsingTsx
IMPORT_EXPORT_VMM BOOLEAN CheckAddressValidityUsingTsx(CHAR *Address)
This function checks whether the address is valid or not using Intel TSX.
Definition AddressCheck.c:24
BroadcastChangeAllMsrBitmapWriteAllCores
IMPORT_EXPORT_VMM VOID BroadcastChangeAllMsrBitmapWriteAllCores(UINT64 BitmapMask)
routines for !msrwrite command which
Definition Broadcast.c:187
VmFuncCheckAndEnableExternalInterrupts
IMPORT_EXPORT_VMM VOID VmFuncCheckAndEnableExternalInterrupts(UINT32 CoreId)
Check and enable external interrupts.
Definition Export.c:505
SetGuestCs
IMPORT_EXPORT_VMM VOID SetGuestCs(PVMX_SEGMENT_SELECTOR Cs)
Set the Guest Cs.
Definition ManageRegs.c:35
VmFuncSetTriggerEventForCpuids
IMPORT_EXPORT_VMM VOID VmFuncSetTriggerEventForCpuids(BOOLEAN Set)
Set triggering events for CPUIDs.
Definition Export.c:587
SetGuestFsSel
IMPORT_EXPORT_VMM VOID SetGuestFsSel(PVMX_SEGMENT_SELECTOR Fs)
Set just the Guest Fs selector.
Definition ManageRegs.c:158
VmFuncSetSaveDebugControls
IMPORT_EXPORT_VMM VOID VmFuncSetSaveDebugControls(BOOLEAN Set)
Set SAVE DEBUG CONTROLS on Vm-exit controls.
Definition Export.c:134
BroadcastResetExceptionBitmapAllCores
IMPORT_EXPORT_VMM VOID BroadcastResetExceptionBitmapAllCores()
routines for reset !exception command
Definition Broadcast.c:312
PhysicalAddressToVirtualAddressByCr3
IMPORT_EXPORT_VMM UINT64 PhysicalAddressToVirtualAddressByCr3(_In_ PVOID PhysicalAddress, _In_ CR3_TYPE TargetCr3)
VmFuncVmxBroadcastInitialize
IMPORT_EXPORT_VMM VOID VmFuncVmxBroadcastInitialize()
Export for initialize the VMX Broadcast mechanism.
Definition Export.c:697
VmFuncNmiBroadcastRequest
IMPORT_EXPORT_VMM BOOLEAN VmFuncNmiBroadcastRequest(UINT32 CoreId)
Broadcast NMI requests.
Definition Export.c:433
DisassemblerLengthDisassembleEngineInVmxRootOnTargetProcess
IMPORT_EXPORT_VMM UINT32 DisassemblerLengthDisassembleEngineInVmxRootOnTargetProcess(PVOID Address, BOOLEAN Is32Bit)
Disassembler length disassembler engine.
Definition Disassembler.c:297
VmFuncInjectPendingExternalInterrupts
IMPORT_EXPORT_VMM VOID VmFuncInjectPendingExternalInterrupts(UINT32 CoreId)
Inject pending external interrupts.
Definition Export.c:330
MemoryMapperGetPteVaByCr3
IMPORT_EXPORT_VMM PVOID MemoryMapperGetPteVaByCr3(_In_ PVOID Va, _In_ PAGING_LEVEL Level, _In_ CR3_TYPE TargetCr3)
SetGuestDs
IMPORT_EXPORT_VMM VOID SetGuestDs(PVMX_SEGMENT_SELECTOR Ds)
Set the Guest Ds selector.
Definition ManageRegs.c:125
DirectVmcallEnableMov2DebugRegsExiting
IMPORT_EXPORT_VMM NTSTATUS DirectVmcallEnableMov2DebugRegsExiting(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS *DirectVmcallOptions)
routines for enabling mov to debug registers exiting
Definition DirectVmcall.c:160
CheckAddressPhysical
IMPORT_EXPORT_VMM BOOLEAN CheckAddressPhysical(UINT64 PAddr)
Checks if the physical address is correct or not based on physical address width.
Definition AddressCheck.c:120
GetGuestTr
IMPORT_EXPORT_VMM UINT64 GetGuestTr()
Get the Guest Tr.
Definition ManageRegs.c:383
ConfigureExecTrapRemoveProcessFromWatchingList
IMPORT_EXPORT_VMM BOOLEAN ConfigureExecTrapRemoveProcessFromWatchingList(UINT32 ProcessId)
Remove the target process from the watching list.
Definition Configuration.c:72
DirectVmcallResetMsrBitmapRead
IMPORT_EXPORT_VMM NTSTATUS DirectVmcallResetMsrBitmapRead(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS *DirectVmcallOptions)
routines for resetting MSR Bitmap Read
Definition DirectVmcall.c:369
MemoryMapperReadMemorySafeByPhysicalAddress
IMPORT_EXPORT_VMM BOOLEAN MemoryMapperReadMemorySafeByPhysicalAddress(_In_ UINT64 PaAddressToRead, _Inout_ UINT64 BufferToSaveMemory, _In_ SIZE_T SizeToRead)
GetGuestDr7
IMPORT_EXPORT_VMM UINT64 GetGuestDr7()
Get the Guest Dr7 (breakpoint trigger) value.
Definition ManageRegs.c:727
SetGuestDr3
IMPORT_EXPORT_VMM VOID SetGuestDr3(UINT64 value)
Set the Guest Dr3 Register.
Definition ManageRegs.c:627
MemoryMapperSetExecuteDisableToPteOnTargetProcess
IMPORT_EXPORT_VMM PVOID MemoryMapperSetExecuteDisableToPteOnTargetProcess(_In_ PVOID Va, _In_ BOOLEAN Set)
BroadcastDisableRdtscExitingForClearingEventsAllCores
IMPORT_EXPORT_VMM VOID BroadcastDisableRdtscExitingForClearingEventsAllCores()
routines ONLY for disabling !tsc command
Definition Broadcast.c:213
VmFuncVmxCompatibleStrlen
IMPORT_EXPORT_VMM UINT32 VmFuncVmxCompatibleStrlen(const CHAR *s)
VMX-root compatible strlen.
Definition Export.c:599
SetGuestFs
IMPORT_EXPORT_VMM VOID SetGuestFs(PVMX_SEGMENT_SELECTOR Fs)
Set the Guest Fs selector.
Definition ManageRegs.c:170
ConfigureEptHookModifyInstructionFetchState
IMPORT_EXPORT_VMM BOOLEAN ConfigureEptHookModifyInstructionFetchState(UINT32 CoreId, PVOID PhysicalAddress, BOOLEAN IsUnset)
Change PML EPT state for execution (execute) @detail should be called from VMX-root.
Definition Configuration.c:375
VmFuncGetLastVmexitRip
IMPORT_EXPORT_VMM UINT64 VmFuncGetLastVmexitRip(UINT32 CoreId)
get the last vm-exit RIP
Definition Export.c:318
SwitchToProcessMemoryLayoutByCr3
IMPORT_EXPORT_VMM CR3_TYPE SwitchToProcessMemoryLayoutByCr3(_In_ CR3_TYPE TargetCr3)
GetGuestDr0
IMPORT_EXPORT_VMM UINT64 GetGuestDr0()
Get the Guest Dr0 value.
Definition ManageRegs.c:662
VmFuncQueryModeExecTrap
IMPORT_EXPORT_VMM BOOLEAN VmFuncQueryModeExecTrap()
Get the current state of mode exec trap mechanism.
Definition Export.c:563
SetGuestRFlags
IMPORT_EXPORT_VMM VOID SetGuestRFlags(UINT64 RFlags)
Set the Guest RFLAGS Register.
Definition ManageRegs.c:398
ConfigureEptHook2FromVmxRoot
IMPORT_EXPORT_VMM BOOLEAN ConfigureEptHook2FromVmxRoot(UINT32 CoreId, PVOID TargetAddress, PVOID HookFunction)
This function allocates a buffer in VMX Non Root Mode and then invokes a VMCALL to set the hook (inli...
Definition Configuration.c:338
VmFuncSetNmiExiting
IMPORT_EXPORT_VMM VOID VmFuncSetNmiExiting(BOOLEAN Set)
Set the NMI Exiting.
Definition Export.c:239
VirtualAddressToPhysicalAddressByProcessId
IMPORT_EXPORT_VMM UINT64 VirtualAddressToPhysicalAddressByProcessId(_In_ PVOID VirtualAddress, _In_ UINT32 ProcessId)
VmFuncInvalidateEptAllContexts
IMPORT_EXPORT_VMM VOID VmFuncInvalidateEptAllContexts()
Requests for all contexts EPT invalidation.
Definition Export.c:489
VmFuncSetInterruptWindowExiting
IMPORT_EXPORT_VMM VOID VmFuncSetInterruptWindowExiting(BOOLEAN Set)
Set Interrupt-window exiting.
Definition Export.c:215
MemoryMapperCheckPteIsPresentOnTargetProcess
IMPORT_EXPORT_VMM BOOLEAN MemoryMapperCheckPteIsPresentOnTargetProcess(PVOID Va, PAGING_LEVEL Level)
This function checks whether the virtual address is present in the RAM or not.
Definition MemoryMapper.c:174
MemoryMapperReadMemorySafeOnTargetProcess
IMPORT_EXPORT_VMM BOOLEAN MemoryMapperReadMemorySafeOnTargetProcess(_In_ UINT64 VaAddressToRead, _Inout_ PVOID BufferToSaveMemory, _In_ SIZE_T SizeToRead)
LayoutGetCurrentProcessCr3
IMPORT_EXPORT_VMM CR3_TYPE LayoutGetCurrentProcessCr3()
Get cr3 of the target running process.
Definition Layout.c:55
BroadcastEnableMovControlRegisterExitingAllCores
IMPORT_EXPORT_VMM VOID BroadcastEnableMovControlRegisterExitingAllCores(PDEBUGGER_EVENT_OPTIONS BroadcastingOption)
routines for !crwrite
Definition Broadcast.c:327
ConfigureChangeMsrBitmapWriteOnSingleCore
IMPORT_EXPORT_VMM VOID ConfigureChangeMsrBitmapWriteOnSingleCore(UINT32 TargetCoreId, UINT64 MsrMask)
change the mask of msr bitmaps for write on a single core
Definition Configuration.c:540
VmFuncUninitVmm
IMPORT_EXPORT_VMM VOID VmFuncUninitVmm()
Uninitialize Terminate Vmx on all logical cores.
Definition Export.c:541
ConfigureInitializeExecTrapOnAllProcessors
IMPORT_EXPORT_VMM BOOLEAN ConfigureInitializeExecTrapOnAllProcessors()
routines for initializing user-mode, kernel-mode exec trap
Definition Configuration.c:37
VmFuncGetRip
IMPORT_EXPORT_VMM UINT64 VmFuncGetRip()
Read guest's RIP.
Definition Export.c:375
ConfigureEptHookUnHookAllByHookingTag
IMPORT_EXPORT_VMM BOOLEAN ConfigureEptHookUnHookAllByHookingTag(UINT64 HookingTag)
Remove all hooks from the hooked pages list using Hooking Tag.
Definition Configuration.c:157
BroadcastDisableRdtscExitingAllCores
IMPORT_EXPORT_VMM VOID BroadcastDisableRdtscExitingAllCores()
a broadcast that causes for disabling rdtsc/p exiting
Definition Broadcast.c:145
PhysicalAddressToVirtualAddressByProcessId
IMPORT_EXPORT_VMM UINT64 PhysicalAddressToVirtualAddressByProcessId(_In_ PVOID PhysicalAddress, _In_ UINT32 ProcessId)
VmFuncVmxCompatibleWcsncmp
IMPORT_EXPORT_VMM INT32 VmFuncVmxCompatibleWcsncmp(const wchar_t *Address1, const wchar_t *Address2, SIZE_T Num)
VMX-root compatible wcsncmp.
Definition Export.c:773
VmFuncSetExceptionBitmap
IMPORT_EXPORT_VMM VOID VmFuncSetExceptionBitmap(UINT32 CoreId, UINT32 IdtIndex)
Set exception bitmap in VMCS.
Definition Export.c:253
PoolManagerRequestAllocation
IMPORT_EXPORT_VMM BOOLEAN PoolManagerRequestAllocation(SIZE_T Size, UINT32 Count, POOL_ALLOCATION_INTENTION Intention)
Request to allocate new buffers.
Definition PoolManager.c:415
BroadcastDisableEferSyscallEventsOnAllProcessors
IMPORT_EXPORT_VMM VOID BroadcastDisableEferSyscallEventsOnAllProcessors()
routines for disabling syscall hooks on all cores
Definition Broadcast.c:513
DirectVmcallSetExceptionBitmap
IMPORT_EXPORT_VMM NTSTATUS DirectVmcallSetExceptionBitmap(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS *DirectVmcallOptions)
routines for setting exception bitmap
Definition DirectVmcall.c:179
GetGuestCr2
IMPORT_EXPORT_VMM UINT64 GetGuestCr2()
Get the Guest Cr2 value.
Definition ManageRegs.c:474
PoolManagerCheckAndPerformAllocationAndDeallocation
IMPORT_EXPORT_VMM BOOLEAN PoolManagerCheckAndPerformAllocationAndDeallocation()
This function performs allocations from VMX non-root based on g_RequestNewAllocation.
Definition PoolManager.c:302
VmFuncVmxCompatibleStrcmp
IMPORT_EXPORT_VMM INT32 VmFuncVmxCompatibleStrcmp(const CHAR *Address1, const CHAR *Address2)
VMX-root compatible strcmp.
Definition Export.c:732
DirectVmcallChangeMsrBitmapWrite
IMPORT_EXPORT_VMM NTSTATUS DirectVmcallChangeMsrBitmapWrite(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS *DirectVmcallOptions)
routines for changing MSR Bitmap (Write)
Definition DirectVmcall.c:84
SetGuestGs
IMPORT_EXPORT_VMM VOID SetGuestGs(PVMX_SEGMENT_SELECTOR Gs)
Set the Guest Gs selector.
Definition ManageRegs.c:215
VmFuncSetRdtscExiting
IMPORT_EXPORT_VMM VOID VmFuncSetRdtscExiting(UINT32 CoreId, BOOLEAN Set)
Set the RDTSC/P Exiting.
Definition Export.c:293
ConfigureEptHookAllocateExtraHookingPagesForMemoryMonitorsAndExecEptHooks
IMPORT_EXPORT_VMM VOID ConfigureEptHookAllocateExtraHookingPagesForMemoryMonitorsAndExecEptHooks(UINT32 Count)
Allocate (reserve) extra pages for storing details of page hooks for memory monitor and regular hidde...
Definition Configuration.c:227
VmFuncPerformRipIncrement
IMPORT_EXPORT_VMM VOID VmFuncPerformRipIncrement(UINT32 CoreId)
Perform the incrementation of RIP.
Definition Export.c:22
DisassemblerLengthDisassembleEngine
IMPORT_EXPORT_VMM UINT32 DisassemblerLengthDisassembleEngine(PVOID Address, BOOLEAN Is32Bit)
Disassembler length disassemble engine.
Definition Disassembler.c:225
ConfigureDirtyLoggingInitializeOnAllProcessors
IMPORT_EXPORT_VMM VOID ConfigureDirtyLoggingInitializeOnAllProcessors()
routines for initializing dirty logging mechanism
Definition Configuration.c:94
DirectVmcallEnableEferSyscall
IMPORT_EXPORT_VMM NTSTATUS DirectVmcallEnableEferSyscall(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS *DirectVmcallOptions)
routines for enabling syscall hook using EFER SCE bit
Definition DirectVmcall.c:236
GetGuestFs
IMPORT_EXPORT_VMM VMX_SEGMENT_SELECTOR GetGuestFs()
Get the Guest Fs Selector.
Definition ManageRegs.c:184
DirectVmcallInvalidateSingleContext
IMPORT_EXPORT_VMM NTSTATUS DirectVmcallInvalidateSingleContext(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS *DirectVmcallOptions)
routines for invalidating EPT (A Single Context)
Definition DirectVmcall.c:293
DirectVmcallEnableMovToCrExiting
IMPORT_EXPORT_VMM NTSTATUS DirectVmcallEnableMovToCrExiting(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS *DirectVmcallOptions)
routines for enabling mov to CR exiting
Definition DirectVmcall.c:217
ConfigureEnableEferSyscallEventsOnAllProcessors
IMPORT_EXPORT_VMM VOID ConfigureEnableEferSyscallEventsOnAllProcessors()
routines for enabling syscall hooks on all cores
Definition Configuration.c:132
VmFuncEventInjectPageFaultWithCr2
IMPORT_EXPORT_VMM VOID VmFuncEventInjectPageFaultWithCr2(UINT32 CoreId, UINT64 Address, UINT32 PageFaultCode)
Inject #PF and configure CR2 register.
Definition Export.c:626
BroadcastDisableRdpmcExitingAllCores
IMPORT_EXPORT_VMM VOID BroadcastDisableRdpmcExitingAllCores()
routines for disabling !pmc
Definition Broadcast.c:267
ConfigureEptHookUnHookSingleHookByHookingTagFromVmxRoot
IMPORT_EXPORT_VMM BOOLEAN ConfigureEptHookUnHookSingleHookByHookingTagFromVmxRoot(UINT64 HookingTag, EPT_SINGLE_HOOK_UNHOOKING_DETAILS *TargetUnhookingDetails)
Remove single hook from the hooked pages by the given hooking tag.
Definition Configuration.c:170
SetGuestIdtr
IMPORT_EXPORT_VMM VOID SetGuestIdtr(UINT64 Idtr)
Set the Guest Idtr.
Definition ManageRegs.c:293
SetGuestEs
IMPORT_EXPORT_VMM VOID SetGuestEs(PVMX_SEGMENT_SELECTOR Es)
Set the Guest Es selector.
Definition ManageRegs.c:260
VmFuncVmxVmcall
IMPORT_EXPORT_VMM NTSTATUS VmFuncVmxVmcall(unsigned long long VmcallNumber, unsigned long long OptionalParam1, unsigned long long OptionalParam2, unsigned long long OptionalParam3)
Export for running VMX VMCALLs.
Definition Export.c:683
ConfigureEptHookReservePreallocatedPoolsForEptHooks
IMPORT_EXPORT_VMM VOID ConfigureEptHookReservePreallocatedPoolsForEptHooks(UINT32 Count)
Allocate (reserve) pages for storing EPT hooks page hooks.
Definition Configuration.c:239
VmFuncSetExternalInterruptExiting
IMPORT_EXPORT_VMM VOID VmFuncSetExternalInterruptExiting(UINT32 CoreId, BOOLEAN Set)
Set the External Interrupt Exiting.
Definition Export.c:280
VmFuncDisableExternalInterruptsAndInterruptWindow
IMPORT_EXPORT_VMM VOID VmFuncDisableExternalInterruptsAndInterruptWindow(UINT32 CoreId)
Disable external-interrupts and interrupt window.
Definition Export.c:518
DirectVmcallSetDisableExternalInterruptExitingOnlyOnClearingInterruptEvents
IMPORT_EXPORT_VMM NTSTATUS DirectVmcallSetDisableExternalInterruptExitingOnlyOnClearingInterruptEvents(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS *DirectVmcallOptions)
routines for disabling external interrupt exiting only to clear !interrupt commands
Definition DirectVmcall.c:350
DirectVmcallChangeIoBitmap
IMPORT_EXPORT_VMM NTSTATUS DirectVmcallChangeIoBitmap(UINT32 CoreId, DIRECT_VMCALL_PARAMETERS *DirectVmcallOptions)
routines for changing IO Bitmap
Definition DirectVmcall.c:103
GetGuestDr6
IMPORT_EXPORT_VMM UINT64 GetGuestDr6()
Get the Guest Dr6 (breakpoint status) value.
Definition ManageRegs.c:714
DEBUGGER_READ_MEMORY_TYPE
enum _DEBUGGER_READ_MEMORY_TYPE DEBUGGER_READ_MEMORY_TYPE
different type of addresses
DEBUGGER_EVENT_SYSCALL_SYSRET_TYPE
enum _DEBUGGER_EVENT_SYSCALL_SYSRET_TYPE DEBUGGER_EVENT_SYSCALL_SYSRET_TYPE
Type of handling !syscall or !sysret.
_CR3_TYPE
CR3 Structure.
Definition BasicTypes.h:130
_DEBUGGER_EVENT_OPTIONS
request for performing a short-circuiting event
Definition Events.h:271
_DEBUGGER_HIDE_AND_TRANSPARENT_DEBUGGER_MODE
request for enable or disable transparent-mode
Definition RequestStructures.h:549
_DIRECT_VMCALL_PARAMETERS
Used for sending direct VMCALLs on the VMX root-mode.
Definition DataTypes.h:294
_EPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR
Setting details for EPT Hooks (!monitor)
Definition DataTypes.h:331
_EPT_SINGLE_HOOK_UNHOOKING_DETAILS
Details of unhooking single EPT hooks.
Definition DataTypes.h:358
_VMM_CALLBACKS
Prototype of each function needed by VMM module.
Definition VMM.h:181
_VMX_SEGMENT_SELECTOR
Segment selector.
Definition DataTypes.h:436