HyperDbg Debugger
Loading...
Searching...
No Matches
SyscallCallback.h
Go to the documentation of this file.
1
14#include "pch.h"
15
17// Locks //
19
25
27// Definitions //
29
35#define MAXIMUM_NUMBER_OF_THREAD_INFORMATION_FOR_SYSCALL_CALLBACK_TRAPS 500
36
38// Structures //
40
59
74
76// Functions //
78
81
84
87
90 UINT32 ProcessId,
91 UINT32 ThreadId,
92 UINT64 Context,
94
97 UINT32 ProcessId,
98 UINT32 ThreadId);
99
100VOID
struct _SYSCALL_CALLBACK_PROCESS_THREAD_INFORMATION * PSYSCALL_CALLBACK_PROCESS_THREAD_INFORMATION
#define MAXIMUM_NUMBER_OF_THREAD_INFORMATION_FOR_SYSCALL_CALLBACK_TRAPS
maximum number of thread/process ids to be allocated for keeping track of of the trap flag
Definition SyscallCallback.h:35
volatile LONG SyscallCallbackModeTrapListLock
The lock for modifying list of process/thread for syscall callback trap flags.
Definition SyscallCallback.h:24
BOOLEAN SyscallCallbackIsInitialized()
Check whether the syscall callback is initialized.
Definition SyscallCallback.c:85
struct _SYSCALL_CALLBACK_TRAP_FLAG_STATE SYSCALL_CALLBACK_TRAP_FLAG_STATE
The threads that we expect to get the trap flag.
struct _SYSCALL_CALLBACK_TRAP_FLAG_STATE * PSYSCALL_CALLBACK_TRAP_FLAG_STATE
BOOLEAN SyscallCallbackInitialize()
Initialize the syscall callback.
Definition SyscallCallback.c:22
BOOLEAN SyscallCallbackCheckAndHandleAfterSyscallTrapFlags(VIRTUAL_MACHINE_STATE *VCpu, UINT32 ProcessId, UINT32 ThreadId)
Handle the trap flags as the result of interception of the return of the system-call.
Definition SyscallCallback.c:285
BOOLEAN SyscallCallbackUninitialize()
Uninitialize the syscall callback.
Definition SyscallCallback.c:96
VOID SyscallCallbackHandleSystemCallHook(VIRTUAL_MACHINE_STATE *VCpu)
Handle the system call hook callback.
Definition SyscallCallback.c:402
struct _SYSCALL_CALLBACK_PROCESS_THREAD_INFORMATION SYSCALL_CALLBACK_PROCESS_THREAD_INFORMATION
The thread/process information.
BOOLEAN SyscallCallbackSetTrapFlagAfterSyscall(GUEST_REGS *Regs, UINT32 ProcessId, UINT32 ThreadId, UINT64 Context, SYSCALL_CALLBACK_CONTEXT_PARAMS *Params)
Set the trap flag in the guest after a syscall.
Definition SyscallCallback.c:226
UCHAR BOOLEAN
Definition BasicTypes.h:35
long LONG
Definition BasicTypes.h:28
unsigned int UINT32
Definition BasicTypes.h:54
struct _SYSCALL_CALLBACK_CONTEXT_PARAMS SYSCALL_CALLBACK_CONTEXT_PARAMS
The (optional) context parameters for the transparent-mode.
struct _VIRTUAL_MACHINE_STATE VIRTUAL_MACHINE_STATE
The status of each core after and before VMX.
The thread/process information.
Definition SyscallCallback.h:46
UINT32 ProcessId
Definition SyscallCallback.h:53
struct _SYSCALL_CALLBACK_PROCESS_THREAD_INFORMATION::@244024325212031003046334246141250140302062174051::@007354050331305204056110162336245215053072211114 Fields
UINT64 asUInt
Definition SyscallCallback.h:49
UINT32 ThreadId
Definition SyscallCallback.h:54
The threads that we expect to get the trap flag.
Definition SyscallCallback.h:67
UINT64 Context[MAXIMUM_NUMBER_OF_THREAD_INFORMATION_FOR_SYSCALL_CALLBACK_TRAPS]
Definition SyscallCallback.h:70
SYSCALL_CALLBACK_PROCESS_THREAD_INFORMATION ThreadInformation[MAXIMUM_NUMBER_OF_THREAD_INFORMATION_FOR_SYSCALL_CALLBACK_TRAPS]
Definition SyscallCallback.h:69
SYSCALL_CALLBACK_CONTEXT_PARAMS Params[MAXIMUM_NUMBER_OF_THREAD_INFORMATION_FOR_SYSCALL_CALLBACK_TRAPS]
Definition SyscallCallback.h:71
UINT32 NumberOfItems
Definition SyscallCallback.h:68
Definition BasicTypes.h:136