Wrapper for hiding debugger on transparent-mode (activate transparent-mode).
26{
29
30 if (EvadeMask == 0)
31 {
33 }
34
36 {
39 }
40
41 TransparentModeRequest->
EvadeMask = EvadeMask;
42
43
44
45
46
47
48
49
50
55
56
57
58
60
61
62
63
67
68
69
70
72
73
74
75
77
78
79
80
83
84
85
86
88 {
89
90
91
92
94 {
96
100 }
101
102
103
104
107 }
108 else
109 {
110
111
112
115 }
116}
BOOLEAN HyperTraceCallbackLbrIsSupported(UINT32 *Capacity, BOOLEAN *IsArchLbr)
routine callback to check if LBR is supported and get the LBR capacity if supported
Definition Callback.c:211
VOID EventInjectGeneralProtection()
Inject GP to the guest (Event Injection).
Definition Events.c:62
VOID HvHandleTrapFlag()
Handle the case when the trap flag is set, and we need to inject the single-step exception right afte...
Definition Hv.c:1754
BOOLEAN SyscallCallbackInitialize()
Initialize the syscall callback.
Definition SyscallCallback.c:22
BOOLEAN SyscallCallbackSetTrapFlagAfterSyscall(GUEST_REGS *Regs, UINT32 ProcessId, UINT32 ThreadId, UINT64 Context, SYSCALL_CALLBACK_CONTEXT_PARAMS *Params)
Set the trap flag in the guest after a syscall.
Definition SyscallCallback.c:226
IMPORT_EXPORT_HYPEREVADE BOOLEAN TransparentUnhideDebugger()
Deactivate transparent-mode.
Definition Transparency.c:105
IMPORT_EXPORT_HYPEREVADE BOOLEAN TransparentHideDebugger(HYPEREVADE_CALLBACKS *HyperevadeCallbacks, DEBUGGER_HIDE_AND_TRANSPARENT_DEBUGGER_MODE *TransparentModeRequest)
Hide debugger on transparent-mode (activate transparent-mode).
Definition Transparency.c:24
IMPORT_EXPORT_VMM BOOLEAN CheckAccessValidityAndSafety(UINT64 TargetAddress, UINT32 Size)
Check the safety to access the memory.
Definition AddressCheck.c:318
IMPORT_EXPORT_VMM BOOLEAN MemoryMapperWriteMemorySafeOnTargetProcess(_Inout_ UINT64 Destination, _In_ PVOID Source, _In_ SIZE_T Size)
IMPORT_EXPORT_VMM BOOLEAN MemoryMapperReadMemorySafeOnTargetProcess(_In_ UINT64 VaAddressToRead, _Inout_ PVOID BufferToSaveMemory, _In_ SIZE_T SizeToRead)
struct _HYPEREVADE_CALLBACKS HYPEREVADE_CALLBACKS
Prototype of each function needed by hyperevade module.
PCHAR CommonGetProcessNameFromProcessControlBlock(PEPROCESS Eprocess)
Get process name by eprocess.
Definition Common.c:48
UINT32 KernelStatus
Definition RequestStructures.h:613
UINT32 EvadeMask
Definition RequestStructures.h:617
EVENT_INJECT_GENERAL_PROTECTION EventInjectGeneralProtection
Definition HyperEvade.h:151
LOG_CALLBACK_SEND_MESSAGE_TO_QUEUE LogCallbackSendMessageToQueue
Definition HyperEvade.h:117
CHECK_ACCESS_VALIDITY_AND_SAFETY CheckAccessValidityAndSafety
Definition HyperEvade.h:133
LOG_CALLBACK_PREPARE_AND_SEND_MESSAGE_TO_QUEUE LogCallbackPrepareAndSendMessageToQueueWrapper
Definition HyperEvade.h:116
LOG_CALLBACK_CHECK_IF_BUFFER_IS_FULL LogCallbackCheckIfBufferIsFull
Definition HyperEvade.h:119
COMMON_GET_PROCESS_NAME_FROM_PROCESS_CONTROL_BLOCK CommonGetProcessNameFromProcessControlBlock
Definition HyperEvade.h:140
HYPERTRACE_LBR_IS_SUPPORTED HyperTraceLbrIsSupported
Definition HyperEvade.h:124
MEMORY_MAPPER_WRITE_MEMORY_SAFE_ON_TARGET_PROCESS MemoryMapperWriteMemorySafeOnTargetProcess
Definition HyperEvade.h:135
LOG_CALLBACK_SEND_BUFFER LogCallbackSendBuffer
Definition HyperEvade.h:118
MEMORY_MAPPER_READ_MEMORY_SAFE_ON_TARGET_PROCESS MemoryMapperReadMemorySafeOnTargetProcess
Definition HyperEvade.h:134
SYSCALL_CALLBACK_SET_TRAP_FLAG_AFTER_SYSCALL SyscallCallbackSetTrapFlagAfterSyscall
Definition HyperEvade.h:145
HV_HANDLE_TRAPFLAG HvHandleTrapFlag
Definition HyperEvade.h:150