|
HyperDbg Debugger
|
Message logging and tracing implementation. More...
Go to the source code of this file.
Classes | |
| union | _CPUID28_EAX |
| union | _CPUID28_EBX |
| union | _CPUID28_ECX |
| struct | _CPUID28_LEAFS |
| union | _IA32_LBR_CTL_REGISTER |
| The structure to hold the IA32_LBR_CTL MSR, which is used to enable and configure the LBR feature. More... | |
| struct | _CPU_LBR_MAP |
| The structure to hold the mapping of CPU model to its LBR capacity. More... | |
Macros | |
| #define | MSR_LEGACY_LBR_SELECT 0x000001C8 |
| #define | MSR_LBR_TOS 0x000001C9 |
| #define | MSR_LASTBRANCH_0_FROM_IP 0x00000680 |
| #define | MSR_LASTBRANCH_0_TO_IP 0x000006C0 |
| #define | MSR_LASTBRANCH_INFO_0 0x00000DC0 |
| #define | LBR_SELECT_WITHOUT_FILTER 0x00000000 |
| #define | IA32_LBR_0_FROM_IP 0x1500 |
| #define | IA32_LBR_0_TO_IP 0x1600 |
| #define | IA32_LBR_0_INFO 0x1200 |
| #define | CPUID_ARCH_LAST_BRANCH_RECORD_INFORMATION 0x1c |
| #define | IA32_LBR_CTL 0x000014CE |
Typedefs | |
| typedef union _CPUID28_EAX | CPUID28_EAX |
| typedef union _CPUID28_EAX * | PCPUID28_EAX |
| typedef union _CPUID28_EBX | CPUID28_EBX |
| typedef union _CPUID28_EBX * | PCPUID28_EBX |
| typedef union _CPUID28_ECX | CPUID28_ECX |
| typedef union _CPUID28_ECX * | PCPUID28_ECX |
| typedef struct _CPUID28_LEAFS | CPUID28_LEAFS |
| typedef struct _CPUID28_LEAFS * | PCPUID28_LEAFS |
| typedef union _IA32_LBR_CTL_REGISTER | IA32_LBR_CTL_REGISTER |
| The structure to hold the IA32_LBR_CTL MSR, which is used to enable and configure the LBR feature. | |
| typedef union _IA32_LBR_CTL_REGISTER * | PIA32_LBR_CTL_REGISTER |
| typedef struct _CPU_LBR_MAP | CPU_LBR_MAP |
| The structure to hold the mapping of CPU model to its LBR capacity. | |
| typedef struct _CPU_LBR_MAP * | PCPU_LBR_MAP |
Functions | |
| BOOLEAN | LbrCheckAndReadLegacyLbrDetails () |
| Check if the current CPU supports LBR by examining the CPU family and model and looking up the corresponding LBR capacity. | |
| BOOLEAN | LbrCheckAndReadArchitecturalLbrDetails () |
| Check if the current CPU supports architectural LBR. | |
| BOOLEAN | LbrStart (UINT64 FilterOptions) |
| Start collecting LBR branches. | |
| BOOLEAN | LbrCheck () |
| Check if LBR is enabled or not. | |
| VOID | LbrFilter (UINT64 FilterOptions) |
| Filter LBR branches based on the provided options. | |
| VOID | LbrStop () |
| Stop collecting LBR branches. | |
| VOID | LbrFlush () |
| Flush LBR MSRs by disabling LBR and clearing all LBR entries. | |
| VOID | LbrSave () |
| Save LBR branches. | |
| VOID | LbrPrint () |
| Print collected LBR branches. | |
Variables | |
| CPU_LBR_MAP | CPU_LBR_MAPS [] |
| The global variable to hold the mapping of CPU model to its LBR capacity. | |
Message logging and tracing implementation.
Modified from LIBIHT project (Thomasaon Zhao et al) with Windows style updates.
| #define CPUID_ARCH_LAST_BRANCH_RECORD_INFORMATION 0x1c |
| #define IA32_LBR_0_FROM_IP 0x1500 |
| #define IA32_LBR_0_INFO 0x1200 |
| #define IA32_LBR_0_TO_IP 0x1600 |
| #define IA32_LBR_CTL 0x000014CE |
| #define LBR_SELECT_WITHOUT_FILTER 0x00000000 |
| #define MSR_LASTBRANCH_0_FROM_IP 0x00000680 |
| #define MSR_LASTBRANCH_0_TO_IP 0x000006C0 |
| #define MSR_LASTBRANCH_INFO_0 0x00000DC0 |
| #define MSR_LBR_TOS 0x000001C9 |
| #define MSR_LEGACY_LBR_SELECT 0x000001C8 |
| typedef struct _CPU_LBR_MAP CPU_LBR_MAP |
The structure to hold the mapping of CPU model to its LBR capacity.
| typedef union _CPUID28_EAX CPUID28_EAX |
| typedef union _CPUID28_EBX CPUID28_EBX |
| typedef union _CPUID28_ECX CPUID28_ECX |
| typedef struct _CPUID28_LEAFS CPUID28_LEAFS |
| typedef union _IA32_LBR_CTL_REGISTER IA32_LBR_CTL_REGISTER |
| typedef struct _CPU_LBR_MAP * PCPU_LBR_MAP |
| typedef union _CPUID28_EAX * PCPUID28_EAX |
| typedef union _CPUID28_EBX * PCPUID28_EBX |
| typedef union _CPUID28_ECX * PCPUID28_ECX |
| typedef struct _CPUID28_LEAFS * PCPUID28_LEAFS |
| typedef union _IA32_LBR_CTL_REGISTER * PIA32_LBR_CTL_REGISTER |
| BOOLEAN LbrCheck | ( | ) |
Check if LBR is enabled or not.
| BOOLEAN LbrCheckAndReadArchitecturalLbrDetails | ( | ) |
Check if the current CPU supports architectural LBR.
| BOOLEAN LbrCheckAndReadLegacyLbrDetails | ( | ) |
Check if the current CPU supports LBR by examining the CPU family and model and looking up the corresponding LBR capacity.
| VOID LbrFilter | ( | UINT64 | FilterOptions | ) |
Filter LBR branches based on the provided options.
| FilterOptions | A bitmask of filter options to apply to the LBR branches |
| VOID LbrFlush | ( | ) |
Flush LBR MSRs by disabling LBR and clearing all LBR entries.
| VOID LbrPrint | ( | ) |
Print collected LBR branches.
| VOID LbrSave | ( | ) |
Save LBR branches.
| BOOLEAN LbrStart | ( | UINT64 | FilterOptions | ) |
Start collecting LBR branches.
| FilterOptions | A bitmask of filter options to apply to the LBR branches (e.g., filtering by branch type, privilege level, etc.) |
| VOID LbrStop | ( | ) |
Stop collecting LBR branches.
|
extern |
The global variable to hold the mapping of CPU model to its LBR capacity.