HyperDbg Debugger
Loading...
Searching...
No Matches
Logging.h
Go to the documentation of this file.
1
13#pragma once
14
16// Global Variables //
18
23char * VmxLogMessage;
24
29char * VmxTempMessage;
30
32// Structures //
34
39typedef struct _NOTIFY_RECORD
40{
41 NOTIFY_TYPE Type;
42
43 union
44 {
45 PKEVENT Event;
46 PIRP PendingIrp;
47 } Message;
48
49 KDPC Dpc;
50 BOOLEAN CheckVmxRootMessagePool; // Set so that notify callback can understand where to check (Vmx root or Vmx non-root)
51} NOTIFY_RECORD, *PNOTIFY_RECORD;
52
57typedef struct _BUFFER_HEADER
58{
59 UINT32 OperationNumber; // Operation ID to user-mode
60 UINT32 BufferLength; // The actual length
61 BOOLEAN Valid; // Determine whether the buffer was valid to send or not
62} BUFFER_HEADER, *PBUFFER_HEADER;
63
68typedef struct _LOG_BUFFER_INFORMATION
69{
70 KSPIN_LOCK BufferLock; // SpinLock to protect access to the queue
71 KSPIN_LOCK BufferLockForNonImmMessage; // SpinLock to protect access to the queue of non-imm messages
72
73 UINT64 BufferForMultipleNonImmediateMessage; // Start address of the buffer for accumulating non-immadiate messages
74 UINT32 CurrentLengthOfNonImmBuffer; // the current size of the buffer for accumulating non-immadiate messages
75
76 //
77 // Regular buffers
78 //
79 UINT64 BufferStartAddress; // Start address of the buffer
80 UINT64 BufferEndAddress; // End address of the buffer
81
82 UINT32 CurrentIndexToSend; // Current buffer index to send to user-mode
83 UINT32 CurrentIndexToWrite; // Current buffer index to write new messages
84
85 //
86 // Priority buffers
87 //
88 UINT64 BufferStartAddressPriority; // Start address of the buffer
89 UINT64 BufferEndAddressPriority; // End address of the buffer
90
91 UINT32 CurrentIndexToSendPriority; // Current buffer index to send to user-mode for priority buffers
92 UINT32 CurrentIndexToWritePriority; // Current buffer index to write new messages for priority buffers
93
94} LOG_BUFFER_INFORMATION, *PLOG_BUFFER_INFORMATION;
95
97// Global Variables //
99
104LOG_BUFFER_INFORMATION * MessageBufferInformation;
105
110volatile LONG VmxRootLoggingLock;
111
116volatile LONG VmxRootLoggingLockForNonImmBuffers;
117
119// Illustration //
121
122/*
123
124A core buffer is like this , it's divided into MaximumPacketsCapacity chucks,
125each chunk has PacketChunkSize + sizeof(BUFFER_HEADER) size
126
127 _________________________
128 | BUFFER_HEADER |
129 |_________________________|
130 | |
131 | BODY |
132 | (Buffer) |
133 | size = PacketChunkSize |
134 | |
135 |_________________________|
136 | BUFFER_HEADER |
137 |_________________________|
138 | |
139 | BODY |
140 | (Buffer) |
141 | size = PacketChunkSize |
142 | |
143 |_________________________|
144 | |
145 | |
146 | |
147 | |
148 | |
149 | . |
150 | . |
151 | . |
152 | |
153 | |
154 | |
155 |_________________________|
156 | BUFFER_HEADER |
157 |_________________________|
158 | |
159 | BODY |
160 | (Buffer) |
161 | size = PacketChunkSize |
162 | |
163 |_________________________|
164
165*/
166
168// Global Variables //
170
175NOTIFY_RECORD * g_GlobalNotifyRecord;
176
181MESSAGE_TRACING_CALLBACKS g_MsgTracingCallbacks;
182
184// Functions //
186
187BOOLEAN
188LogReadBuffer(BOOLEAN IsVmxRoot, PVOID BufferToSaveMessage, UINT32 * ReturnedLength);
189
190VOID
191LogNotifyUsermodeCallback(PKDPC Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2);
BOOLEAN
UCHAR BOOLEAN
Definition BasicTypes.h:39
VOID
#define VOID
Definition BasicTypes.h:33
UINT64
unsigned __int64 UINT64
Definition BasicTypes.h:21
UINT32
unsigned int UINT32
Definition BasicTypes.h:48
NOTIFY_TYPE
enum _NOTIFY_TYPE NOTIFY_TYPE
Type of transferring buffer between user-to-kernel.
LogReadBuffer
BOOLEAN LogReadBuffer(BOOLEAN IsVmxRoot, PVOID BufferToSaveMessage, UINT32 *ReturnedLength)
Attempt to read the buffer.
Definition Logging.c:697
VmxRootLoggingLock
volatile LONG VmxRootLoggingLock
Vmx-root lock for logging.
Definition Logging.h:110
PNOTIFY_RECORD
struct _NOTIFY_RECORD * PNOTIFY_RECORD
NOTIFY_RECORD
struct _NOTIFY_RECORD NOTIFY_RECORD
The usermode request.
LogNotifyUsermodeCallback
VOID LogNotifyUsermodeCallback(PKDPC Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
Complete the IRP in IRP Pending state and fill the usermode buffers with pool data.
Definition Logging.c:1350
BUFFER_HEADER
struct _BUFFER_HEADER BUFFER_HEADER
Message buffer structure.
VmxRootLoggingLockForNonImmBuffers
volatile LONG VmxRootLoggingLockForNonImmBuffers
Vmx-root lock for logging.
Definition Logging.h:116
MessageBufferInformation
LOG_BUFFER_INFORMATION * MessageBufferInformation
Global Variable for buffer on all cores.
Definition Logging.h:104
VmxTempMessage
char * VmxTempMessage
VMX temporary buffer for logging messages.
Definition Logging.h:29
g_GlobalNotifyRecord
NOTIFY_RECORD * g_GlobalNotifyRecord
Save the state of the thread that waits for messages to deliver to user-mode.
Definition Logging.h:175
PBUFFER_HEADER
struct _BUFFER_HEADER * PBUFFER_HEADER
LOG_BUFFER_INFORMATION
struct _LOG_BUFFER_INFORMATION LOG_BUFFER_INFORMATION
Core-specific buffers.
PLOG_BUFFER_INFORMATION
struct _LOG_BUFFER_INFORMATION * PLOG_BUFFER_INFORMATION
VmxLogMessage
char * VmxLogMessage
VMX buffer for logging messages.
Definition Logging.h:23
g_MsgTracingCallbacks
MESSAGE_TRACING_CALLBACKS g_MsgTracingCallbacks
Global variable that holds callbacks.
Definition Logging.h:181
_BUFFER_HEADER
Message buffer structure.
Definition Logging.h:58
_BUFFER_HEADER::BufferLength
UINT32 BufferLength
Definition Logging.h:60
_BUFFER_HEADER::OperationNumber
UINT32 OperationNumber
Definition Logging.h:59
_BUFFER_HEADER::Valid
BOOLEAN Valid
Definition Logging.h:61
_LOG_BUFFER_INFORMATION
Core-specific buffers.
Definition Logging.h:69
_LOG_BUFFER_INFORMATION::BufferLockForNonImmMessage
KSPIN_LOCK BufferLockForNonImmMessage
Definition Logging.h:71
_LOG_BUFFER_INFORMATION::CurrentIndexToSend
UINT32 CurrentIndexToSend
Definition Logging.h:82
_LOG_BUFFER_INFORMATION::BufferEndAddressPriority
UINT64 BufferEndAddressPriority
Definition Logging.h:89
_LOG_BUFFER_INFORMATION::CurrentLengthOfNonImmBuffer
UINT32 CurrentLengthOfNonImmBuffer
Definition Logging.h:74
_LOG_BUFFER_INFORMATION::BufferStartAddress
UINT64 BufferStartAddress
Definition Logging.h:79
_LOG_BUFFER_INFORMATION::BufferStartAddressPriority
UINT64 BufferStartAddressPriority
Definition Logging.h:88
_LOG_BUFFER_INFORMATION::CurrentIndexToSendPriority
UINT32 CurrentIndexToSendPriority
Definition Logging.h:91
_LOG_BUFFER_INFORMATION::CurrentIndexToWritePriority
UINT32 CurrentIndexToWritePriority
Definition Logging.h:92
_LOG_BUFFER_INFORMATION::BufferEndAddress
UINT64 BufferEndAddress
Definition Logging.h:80
_LOG_BUFFER_INFORMATION::CurrentIndexToWrite
UINT32 CurrentIndexToWrite
Definition Logging.h:83
_LOG_BUFFER_INFORMATION::BufferForMultipleNonImmediateMessage
UINT64 BufferForMultipleNonImmediateMessage
Definition Logging.h:73
_LOG_BUFFER_INFORMATION::BufferLock
KSPIN_LOCK BufferLock
Definition Logging.h:70
_MESSAGE_TRACING_CALLBACKS
Prototype of each function needed by message tracer.
Definition HyperLog.h:49
_NOTIFY_RECORD
The usermode request.
Definition Logging.h:40
_NOTIFY_RECORD::PendingIrp
PIRP PendingIrp
Definition Logging.h:46
_NOTIFY_RECORD::Type
NOTIFY_TYPE Type
Definition Logging.h:41
_NOTIFY_RECORD::Message
union _NOTIFY_RECORD::@55 Message
_NOTIFY_RECORD::Event
PKEVENT Event
Definition Logging.h:45
_NOTIFY_RECORD::CheckVmxRootMessagePool
BOOLEAN CheckVmxRootMessagePool
Definition Logging.h:50
_NOTIFY_RECORD::Dpc
KDPC Dpc
Definition Logging.h:49