HyperDbg Debugger
Loading...
Searching...
No Matches
HyperLogCallback.h File Reference

Header for VMM callback interface routines. More...

Go to the source code of this file.

Functions

BOOLEAN LogCallbackPrepareAndSendMessageToQueue (UINT32 OperationCode, BOOLEAN IsImmediateMessage, BOOLEAN ShowCurrentSystemTime, BOOLEAN Priority, const CHAR *Fmt,...)
 Prepare a printf-style message mapping and send string messages and tracing for logging and monitoring.
BOOLEAN LogCallbackSendMessageToQueue (UINT32 OperationCode, BOOLEAN IsImmediateMessage, CHAR *LogMessage, UINT32 BufferLen, BOOLEAN Priority)
 Send string messages and tracing for logging and monitoring.
BOOLEAN LogCallbackCheckIfBufferIsFull (BOOLEAN Priority)
 Checks whether the priority or regular buffer is full or not.
BOOLEAN LogCallbackSendBuffer (_In_ UINT32 OperationCode, _In_reads_bytes_(BufferLength) PVOID Buffer, _In_ UINT32 BufferLength, _In_ BOOLEAN Priority)
 routines callback for sending buffer

Detailed Description

Header for VMM callback interface routines.

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.2
Date
2023-01-29

Function Documentation

◆ LogCallbackCheckIfBufferIsFull()

BOOLEAN LogCallbackCheckIfBufferIsFull ( BOOLEAN Priority)

Checks whether the priority or regular buffer is full or not.

Parameters
PriorityWhether the buffer has priority
Returns
BOOLEAN Returns true if the buffer is full, otherwise, return false
263{
264 UINT32 Index;
265 BOOLEAN IsVmxRoot;
266 UINT32 CurrentIndexToWrite = NULL_ZERO;
267 UINT32 CurrentIndexToWritePriority = NULL_ZERO;
268
269 //
270 // Check that if we're in vmx root-mode
271 //
272 IsVmxRoot = LogCheckVmxOperation();
273
274 if (IsVmxRoot)
275 {
276 //
277 // Set the index
278 //
279 Index = 1;
280 }
281 else
282 {
283 //
284 // Set the index
285 //
286 Index = 0;
287 }
288
289 //
290 // check if the buffer is filled to it's maximum index or not
291 //
292 if (Priority)
293 {
294 CurrentIndexToWritePriority = g_MessageBufferInformation[Index].CurrentIndexToWritePriority;
295
296 if (g_MessageBufferInformation[Index].CurrentIndexToWritePriority > MaximumPacketsCapacityPriority - 1)
297 {
298 //
299 // start from the beginning
300 //
301 CurrentIndexToWritePriority = 0;
302 }
303 }
304 else
305 {
306 CurrentIndexToWrite = g_MessageBufferInformation[Index].CurrentIndexToWrite;
307
308 if (g_MessageBufferInformation[Index].CurrentIndexToWrite > MaximumPacketsCapacity - 1)
309 {
310 //
311 // start from the beginning
312 //
313 CurrentIndexToWrite = 0;
314 }
315 }
316
317 //
318 // Compute the start of the buffer header
319 //
320 BUFFER_HEADER * Header;
321
322 if (Priority)
323 {
324 Header = (BUFFER_HEADER *)((UINT64)g_MessageBufferInformation[Index].BufferStartAddressPriority + (CurrentIndexToWritePriority * (PacketChunkSize + sizeof(BUFFER_HEADER))));
325 }
326 else
327 {
328 Header = (BUFFER_HEADER *)((UINT64)g_MessageBufferInformation[Index].BufferStartAddress + (CurrentIndexToWrite * (PacketChunkSize + sizeof(BUFFER_HEADER))));
329 }
330
331 //
332 // If the next item is valid, then it means the buffer is full and the next
333 // item will replace the previous (not served items)
334 //
335 return Header->Valid;
336}
BOOLEAN LogCheckVmxOperation()
Checks whether the message tracing operates on vmx-root mode or not.
Definition Logging.c:19
LOG_BUFFER_INFORMATION * g_MessageBufferInformation
Global Variable for buffer on all cores.
Definition Logging.h:104
struct _BUFFER_HEADER BUFFER_HEADER
Message buffer structure.
UCHAR BOOLEAN
Definition BasicTypes.h:35
#define NULL_ZERO
Definition BasicTypes.h:110
unsigned int UINT32
Definition BasicTypes.h:54
#define MaximumPacketsCapacity
Default buffer count of packets for message tracing.
Definition Constants.h:171
#define PacketChunkSize
Size of each packet.
Definition Constants.h:187
#define MaximumPacketsCapacityPriority
Default buffer count of packets for message tracing.
Definition Constants.h:177
BOOLEAN Valid
Definition Logging.h:61

◆ LogCallbackPrepareAndSendMessageToQueue()

BOOLEAN LogCallbackPrepareAndSendMessageToQueue ( UINT32 OperationCode,
BOOLEAN IsImmediateMessage,
BOOLEAN ShowCurrentSystemTime,
BOOLEAN Priority,
const CHAR * Fmt,
... )

Prepare a printf-style message mapping and send string messages and tracing for logging and monitoring.

Parameters
OperationCodeOptional operation code
IsImmediateMessageShould be sent immediately
ShowCurrentSystemTimeShow system-time
PriorityWhether the message has priority
FmtMessage format-string
...
Returns
BOOLEAN if it was successful then return TRUE, otherwise returns FALSE
1184{
1185 va_list ArgList;
1186 BOOLEAN Result;
1187
1188 va_start(ArgList, Fmt);
1189
1191 IsImmediateMessage,
1192 ShowCurrentSystemTime,
1193 Priority,
1194 Fmt,
1195 ArgList);
1196
1197 va_end(ArgList);
1198
1199 return Result;
1200}
BOOLEAN LogCallbackPrepareAndSendMessageToQueueWrapper(UINT32 OperationCode, BOOLEAN IsImmediateMessage, BOOLEAN ShowCurrentSystemTime, BOOLEAN Priority, const CHAR *Fmt, va_list ArgList)
Prepare a printf-style message mapping and send string messages and tracing for logging and monitorin...
Definition Logging.c:987

◆ LogCallbackSendBuffer()

BOOLEAN LogCallbackSendBuffer ( _In_ UINT32 OperationCode,
_In_reads_bytes_(BufferLength) PVOID Buffer,
_In_ UINT32 BufferLength,
_In_ BOOLEAN Priority )

routines callback for sending buffer

Parameters
OperationCode
Buffer
BufferLength
Priority
Returns
BOOLEAN
128{
129 if (g_Callbacks.LogCallbackSendBuffer == NULL)
130 {
131 //
132 // Ignore sending buffer
133 //
134 return FALSE;
135 }
136
137 return g_Callbacks.LogCallbackSendBuffer(OperationCode,
138 Buffer,
139 BufferLength,
140 Priority);
141}
#define FALSE
Definition BasicTypes.h:113
HYPEREVADE_CALLBACKS g_Callbacks
List of callbacks.
Definition Transparency.h:23

◆ LogCallbackSendMessageToQueue()

BOOLEAN LogCallbackSendMessageToQueue ( UINT32 OperationCode,
BOOLEAN IsImmediateMessage,
CHAR * LogMessage,
UINT32 BufferLen,
BOOLEAN Priority )

Send string messages and tracing for logging and monitoring.

Parameters
OperationCodeOptional operation code
IsImmediateMessageShould be sent immediately
LogMessageLink of message buffer
BufferLenLength of buffer
PriorityWhether the buffer has priority
Returns
BOOLEAN if it was successful then return TRUE, otherwise returns FALSE
1215{
1216 BOOLEAN Result;
1217 UINT32 Index;
1218 BOOLEAN IsVmxRootMode;
1219 KIRQL OldIRQL = NULL_ZERO;
1220
1221 //
1222 // Set Vmx State
1223 //
1224 IsVmxRootMode = LogCheckVmxOperation();
1225
1226#if UseWPPTracing
1227
1228 if (OperationCode == OPERATION_LOG_INFO_MESSAGE)
1229 {
1230 HypervisorTraceLevelMessage(
1231 TRACE_LEVEL_INFORMATION, // ETW Level defined in evntrace.h
1232 HVFS_LOG_INFO,
1233 "%s", // Flag defined in WPP_CONTROL_GUIDS
1234 LogMessage);
1235 }
1236 else if (OperationCode == OPERATION_LOG_WARNING_MESSAGE)
1237 {
1238 HypervisorTraceLevelMessage(
1239 TRACE_LEVEL_WARNING, // ETW Level defined in evntrace.h
1240 HVFS_LOG_WARNING,
1241 "%s", // Flag defined in WPP_CONTROL_GUIDS
1242 LogMessage);
1243 }
1244 else if (OperationCode == OPERATION_LOG_ERROR_MESSAGE)
1245 {
1246 HypervisorTraceLevelMessage(
1247 TRACE_LEVEL_ERROR, // ETW Level defined in evntrace.h
1248 HVFS_LOG_ERROR,
1249 "%s", // Flag defined in WPP_CONTROL_GUIDS
1250 LogMessage);
1251 }
1252 else
1253 {
1254 HypervisorTraceLevelMessage(
1255 TRACE_LEVEL_NONE, // ETW Level defined in evntrace.h
1256 HVFS_LOG,
1257 "%s", // Flag defined in WPP_CONTROL_GUIDS
1258 LogMessage);
1259 }
1260
1261#else
1262 if (IsImmediateMessage)
1263 {
1264 return LogCallbackSendBuffer(OperationCode, LogMessage, BufferLen, Priority);
1265 }
1266 else
1267 {
1268 //
1269 // Check if we're in Vmx-root, if it is then we use our customized HIGH_IRQL Spinlock,
1270 // if not we use the windows spinlock
1271 //
1272 if (IsVmxRootMode)
1273 {
1274 //
1275 // Set the index
1276 //
1277 Index = 1;
1279 }
1280 else
1281 {
1282 //
1283 // Set the index
1284 //
1285 Index = 0;
1286
1287 //
1288 // Acquire the lock
1289 //
1290 PlatformSpinlockAcquire(&g_MessageBufferInformation[Index].BufferLockForNonImmMessage, &OldIRQL);
1291 }
1292 //
1293 // Set the result to True
1294 //
1295 Result = TRUE;
1296
1297 //
1298 // If log message WrittenSize is above the buffer then we have to send the previous buffer
1299 //
1300 if ((g_MessageBufferInformation[Index].CurrentLengthOfNonImmBuffer + BufferLen) > PacketChunkSize - 1 && g_MessageBufferInformation[Index].CurrentLengthOfNonImmBuffer != 0)
1301 {
1302 //
1303 // Send the previous buffer (non-immediate message),
1304 // accumulated messages don't have priority
1305 //
1307 (PVOID)g_MessageBufferInformation[Index].BufferForMultipleNonImmediateMessage,
1308 g_MessageBufferInformation[Index].CurrentLengthOfNonImmBuffer,
1309 FALSE);
1310
1311 //
1312 // Free the immediate buffer
1313 //
1314 g_MessageBufferInformation[Index].CurrentLengthOfNonImmBuffer = 0;
1315 PlatformZeroMemory((PVOID)g_MessageBufferInformation[Index].BufferForMultipleNonImmediateMessage, PacketChunkSize);
1316 }
1317
1318 //
1319 // We have to save the message
1320 //
1321 PlatformWriteMemory((PVOID)(g_MessageBufferInformation[Index].BufferForMultipleNonImmediateMessage +
1322 g_MessageBufferInformation[Index].CurrentLengthOfNonImmBuffer),
1323 LogMessage,
1324 BufferLen);
1325
1326 //
1327 // add the length
1328 //
1329 g_MessageBufferInformation[Index].CurrentLengthOfNonImmBuffer += BufferLen;
1330
1331 // Check if we're in Vmx-root, if it is then we use our customized HIGH_IRQL Spinlock,
1332 // if not we use the windows spinlock
1333 //
1334 if (IsVmxRootMode)
1335 {
1337 }
1338 else
1339 {
1340 //
1341 // Release the lock
1342 //
1343 PlatformSpinlockRelease(&g_MessageBufferInformation[Index].BufferLockForNonImmMessage, OldIRQL);
1344 }
1345
1346 return Result;
1347 }
1348#endif
1349}
_Use_decl_annotations_ BOOLEAN LogCallbackSendBuffer(UINT32 OperationCode, PVOID Buffer, UINT32 BufferLength, BOOLEAN Priority)
Save buffer to the pool.
Definition Logging.c:350
volatile LONG g_VmxRootLoggingLockForNonImmBuffers
Vmx-root lock for logging.
Definition Logging.h:116
VOID PlatformZeroMemory(PVOID Destination, SIZE_T Size)
Zeros a memory block.
Definition PlatformMem.c:155
VOID PlatformWriteMemory(PVOID Address, PVOID Buffer, SIZE_T Size)
Writes data from a buffer to a memory address.
Definition PlatformMem.c:115
VOID PlatformSpinlockRelease(PKSPIN_LOCK SpinLock, KIRQL OldIrql)
Release a previously acquired kernel spinlock and restore IRQL.
Definition PlatformSpinlock.c:75
VOID PlatformSpinlockAcquire(PKSPIN_LOCK SpinLock, PKIRQL OldIrql)
Acquire a kernel spinlock, raising IRQL to DISPATCH_LEVEL.
Definition PlatformSpinlock.c:50
VOID SpinlockLock(volatile LONG *Lock)
Tries to get the lock and won't return until successfully get the lock.
Definition Spinlock.c:53
VOID SpinlockUnlock(volatile LONG *Lock)
Release the lock.
Definition Spinlock.c:162
#define TRACE_LEVEL_WARNING
Definition Trace.h:32
#define TRACE_LEVEL_NONE
Definition Trace.h:29
#define TRACE_LEVEL_ERROR
Definition Trace.h:31
#define TRACE_LEVEL_INFORMATION
Definition Trace.h:33
void * PVOID
Definition BasicTypes.h:56
#define TRUE
Definition BasicTypes.h:114
#define OPERATION_LOG_ERROR_MESSAGE
Definition Constants.h:376
#define OPERATION_LOG_WARNING_MESSAGE
Definition Constants.h:375
#define OPERATION_LOG_INFO_MESSAGE
Message logs id that comes from kernel-mode to user-mode.
Definition Constants.h:374
#define OPERATION_LOG_NON_IMMEDIATE_MESSAGE
Definition Constants.h:377