HyperDbg Debugger
Loading...
Searching...
No Matches
Functions
Tracing.h File Reference

Headers for the tracing functions. More...

Go to the source code of this file.

Functions

VOID TracingHandleMtf (PROCESSOR_DEBUGGING_STATE *DbgState)
 Callback for handling VM-exits for MTF in the case of tracing instructions.
 
VOID TracingRestoreSystemState (PROCESSOR_DEBUGGING_STATE *DbgState)
 Restore the system state in the case of tracing instructions.
 
VOID TracingCheckForContinuingSteps (PROCESSOR_DEBUGGING_STATE *DbgState)
 Change for continuing the stepping state in the case of tracing instructions.
 
VOID TracingPerformInstrumentationStepIn (PROCESSOR_DEBUGGING_STATE *DbgState)
 Perform tracing of instructions (instrumentation step-in)
 
VOID TracingPerformRegularStepInInstruction (PROCESSOR_DEBUGGING_STATE *DbgState)
 Regular step-in | step one instruction to the debuggee.
 

Detailed Description

Headers for the tracing functions.

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.7
Date
2023-11-03
Copyright
This project is released under the GNU Public License v3.

Function Documentation

◆ TracingCheckForContinuingSteps()

VOID TracingCheckForContinuingSteps ( PROCESSOR_DEBUGGING_STATE * DbgState)

Change for continuing the stepping state in the case of tracing instructions.

Parameters
DbgStateThe state of the debugger on the current core
Returns
VOID
95{
96 //
97 // As it's called from a step itself, we need to double
98 // check whether the MTF should be ignored or not
99 //
100 if (DbgState->TracingMode)
101 {
102 VmFuncChangeMtfUnsettingState(DbgState->CoreId, TRUE);
103 }
104}
TRUE
#define TRUE
Definition BasicTypes.h:55
VmFuncChangeMtfUnsettingState
VOID VmFuncChangeMtfUnsettingState(UINT32 CoreId, BOOLEAN Set)
Suppress unsetting MTF.
Definition Export.c:47
_PROCESSOR_DEBUGGING_STATE::CoreId
UINT32 CoreId
Definition State.h:169
_PROCESSOR_DEBUGGING_STATE::TracingMode
BOOLEAN TracingMode
Definition State.h:177

◆ TracingHandleMtf()

VOID TracingHandleMtf ( PROCESSOR_DEBUGGING_STATE * DbgState)

Callback for handling VM-exits for MTF in the case of tracing instructions.

Parameters
DbgStateThe state of the debugger on the current core
Returns
VOID
44{
45 //
46 // Handle system-state after handling single instrumentation step-in
47 //
48 TracingRestoreSystemState(DbgState);
49
50 //
51 // Dispatch and trigger the related events
52 //
53 MetaDispatchEventInstrumentationTrace(DbgState);
54
55 //
56 // Check whether the steps needs to be continued or not
57 //
58 TracingCheckForContinuingSteps(DbgState);
59}
MetaDispatchEventInstrumentationTrace
VOID MetaDispatchEventInstrumentationTrace(PROCESSOR_DEBUGGING_STATE *DbgState)
Handling debugger functions related to instrumentation trace events.
Definition MetaDispatch.c:22
TracingCheckForContinuingSteps
VOID TracingCheckForContinuingSteps(PROCESSOR_DEBUGGING_STATE *DbgState)
Change for continuing the stepping state in the case of tracing instructions.
Definition Tracing.c:94
TracingRestoreSystemState
VOID TracingRestoreSystemState(PROCESSOR_DEBUGGING_STATE *DbgState)
Restore the system state in the case of tracing instructions.
Definition Tracing.c:68

◆ TracingPerformInstrumentationStepIn()

VOID TracingPerformInstrumentationStepIn ( PROCESSOR_DEBUGGING_STATE * DbgState)

Perform tracing of instructions (instrumentation step-in)

Parameters
DbgStateThe state of the debugger on the current core
Returns
VOID
23{
24 DisassemblerShowOneInstructionInVmxRootMode((PVOID)VmFuncGetLastVmexitRip(DbgState->CoreId), FALSE);
25
26 DbgState->TracingMode = TRUE;
27
28 //
29 // Register break on MTF
30 //
31 VmFuncRegisterMtfBreak(DbgState->CoreId);
32
33 VmFuncEnableMtfAndChangeExternalInterruptState(DbgState->CoreId);
34}
FALSE
#define FALSE
Definition BasicTypes.h:54
DisassemblerShowOneInstructionInVmxRootMode
UINT32 DisassemblerShowOneInstructionInVmxRootMode(PVOID Address, BOOLEAN Is32Bit)
Shows the disassembly of only one instruction.
Definition Disassembler.c:328
VmFuncRegisterMtfBreak
VOID VmFuncRegisterMtfBreak(UINT32 CoreId)
Register for break in the case of an MTF.
Definition Export.c:73
VmFuncEnableMtfAndChangeExternalInterruptState
VOID VmFuncEnableMtfAndChangeExternalInterruptState(UINT32 CoreId)
Enables MTF and adjust external interrupt state.
Definition Export.c:799
VmFuncGetLastVmexitRip
UINT64 VmFuncGetLastVmexitRip(UINT32 CoreId)
get the last vm-exit RIP
Definition Export.c:318

◆ TracingPerformRegularStepInInstruction()

VOID TracingPerformRegularStepInInstruction ( PROCESSOR_DEBUGGING_STATE * DbgState)

Regular step-in | step one instruction to the debuggee.

Parameters
DbgStateThe state of the debugger on the current core
Returns
VOID
114{
115 UNREFERENCED_PARAMETER(DbgState);
116
117 UINT64 Interruptibility;
118 UINT64 InterruptibilityOld = NULL64_ZERO;
119
120 //
121 // Adjust RFLAG's trap-flag
122 //
123 VmFuncSetRflagTrapFlag(TRUE);
124
125 //
126 // During testing single-step, we realized that after single-stepping
127 // on 'STI' instruction, after one instruction, the guest (target core)
128 // starts Invalid Guest State (0x21) vm-exits, after some searches we
129 // realized that KVM developer's encountered the same error; so, in order
130 // to solve the problem of stepping on 'STI' and 'MOV SS', we check the
131 // interruptibility state, here is a comment from KVM :
132 //
133 // When single stepping over STI and MOV SS, we must clear the
134 // corresponding interruptibility bits in the guest state
135 // Otherwise vmentry fails as it then expects bit 14 (BS)
136 // in pending debug exceptions being set, but that's not
137 // correct for the guest debugging case
138 //
139 InterruptibilityOld = VmFuncGetInterruptibilityState();
140
141 Interruptibility = InterruptibilityOld;
142
143 Interruptibility = VmFuncClearSteppingBits(Interruptibility);
144
145 if ((Interruptibility != InterruptibilityOld))
146 {
147 VmFuncSetInterruptibilityState(Interruptibility);
148 }
149}
NULL64_ZERO
#define NULL64_ZERO
Definition BasicTypes.h:52
UINT64
unsigned __int64 UINT64
Definition BasicTypes.h:21
VmFuncSetInterruptibilityState
VOID VmFuncSetInterruptibilityState(UINT64 InterruptibilityState)
Set guest's interruptibility state.
Definition Export.c:421
VmFuncClearSteppingBits
UINT64 VmFuncClearSteppingBits(UINT64 Interruptibility)
Clear STI and MOV SS bits.
Definition Export.c:409
VmFuncGetInterruptibilityState
UINT64 VmFuncGetInterruptibilityState()
Read guest's interruptibility state.
Definition Export.c:398
VmFuncSetRflagTrapFlag
VOID VmFuncSetRflagTrapFlag(BOOLEAN Set)
Set Rflag's trap flag.
Definition Export.c:110

◆ TracingRestoreSystemState()

VOID TracingRestoreSystemState ( PROCESSOR_DEBUGGING_STATE * DbgState)

Restore the system state in the case of tracing instructions.

Parameters
DbgStateThe state of the debugger on the current core
Returns
VOID
69{
70 //
71 // Indicate that we're no longer looking for the tracing
72 //
73 DbgState->TracingMode = FALSE;
74
75 //
76 // Unregister break on MTF
77 //
78 VmFuncUnRegisterMtfBreak(DbgState->CoreId);
79
80 //
81 // Check for reenabling external interrupts
82 //
83 VmFuncEnableAndCheckForPreviousExternalInterrupts(DbgState->CoreId);
84}
VmFuncEnableAndCheckForPreviousExternalInterrupts
VOID VmFuncEnableAndCheckForPreviousExternalInterrupts(UINT32 CoreId)
Checks to enable and reinject previous interrupts.
Definition Export.c:812
VmFuncUnRegisterMtfBreak
VOID VmFuncUnRegisterMtfBreak(UINT32 CoreId)
Unregister for break in the case of an MTF.
Definition Export.c:86