HyperDbg Debugger
Loading...
Searching...
No Matches
apic.cpp File Reference

!apic command More...

#include "pch.h"

Functions

VOID CommandApicHelp ()
 help of the !apic command
BOOLEAN CommandApicSendRequest (DEBUGGER_APIC_REQUEST_TYPE ApicType, PVOID ApicBuffer, UINT32 ExpectedRequestSize, PBOOLEAN IsUsingX2APIC)
 Send APIC requests.
BOOLEAN HyperDbgGetLocalApic (PLAPIC_PAGE LocalApic, PBOOLEAN IsUsingX2APIC)
 Request to get Local APIC.
VOID CommandApic (vector< CommandToken > CommandTokens, string Command)
 !apic command handler

Variables

BOOLEAN g_IsKdModuleLoaded
 shows whether the kernel debugger (KD) module is loaded or not
BOOLEAN g_IsSerialConnectedToRemoteDebuggee
 Shows if the debugger was connected to remote debuggee over (A remote guest).

Detailed Description

!apic command

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.11
Date
2024-11-08

Function Documentation

◆ CommandApic()

VOID CommandApic ( vector< CommandToken > CommandTokens,
string Command )

!apic command handler

Parameters
CommandTokens
Command
Returns
VOID
187{
188 BOOLEAN IsUsingX2APIC = FALSE;
189 UINT8 i = 0, j = 0;
190 UINT32 k = 0;
191 UINT32 Reg = 0;
192 LAPIC_PAGE LocalApic = {0};
193
194 if (CommandTokens.size() != 1)
195 {
196 ShowMessages("incorrect use of the '%s'\n\n",
197 GetCaseSensitiveStringFromCommandToken(CommandTokens.at(0)).c_str());
198
200 return;
201 }
202
203 //
204 // Get the local APIC results
205 //
206 if (HyperDbgGetLocalApic(&LocalApic, &IsUsingX2APIC) == FALSE)
207 {
208 return;
209 }
210
211 //
212 // Show different fields of the Local APIC
213 //
214 ShowMessages("*** (%s Mode) PHYSICAL LAPIC ID = %u, Ver = 0x%x, MaxLvtEntry = %d, DirectedEOI = P%d/E%d, (SW: '%s')\n"
215 " -> TPR = 0x%08x, PPR = 0x%08x\n"
216 " -> LDR = 0x%08x, SVR = 0x%08x, Err = 0x%08x\n"
217 " -> LVT_INT0 = 0x%08x, LVT_INT1 = 0x%08x\n"
218 " -> LVT_CMCI = 0x%08x, LVT_PMCR = 0x%08x\n"
219 " -> LVT_TMR = 0x%08x, LVT_TSR = 0x%08x\n"
220 " -> LVT_ERR = 0x%08x\n"
221 " -> InitialCount = 0x%08x, CurrentCount = 0x%08x, DivideConfig = 0x%08x\n",
222 IsUsingX2APIC ? "X2APIC" : "XAPIC",
223 LocalApic.Id >> 24,
224 LocalApic.Version,
225 (LocalApic.Version & 0xFF0000) >> 16,
226 (LocalApic.Version >> 24) & 1,
227 (LocalApic.SpuriousInterruptVector >> 12) & 1,
228 (LocalApic.SpuriousInterruptVector & LAPIC_SVR_FLAG_SW_ENABLE) != 0 ? "Enabled" : "Disabled",
229 LocalApic.TPR,
230 LocalApic.ProcessorPriority,
231 LocalApic.LogicalDestination,
232 LocalApic.SpuriousInterruptVector,
233 LocalApic.ErrorStatus,
234 LocalApic.LvtLINT0,
235 LocalApic.LvtLINT1,
236 LocalApic.LvtCmci,
237 LocalApic.LvtPerfMonCounters,
238 LocalApic.LvtTimer,
239 LocalApic.LvtThermalSensor,
240 LocalApic.LvtError,
241 LocalApic.InitialCount,
242 LocalApic.CurrentCount,
243 LocalApic.DivideConfiguration);
244
245 //
246 // Print the ISR, TMR and IRR
247 //
248 ShowMessages("ISR : ");
249
250 for (i = 0; i < 8; i++)
251 {
252 k = 1;
253 Reg = (UINT32)LocalApic.ISR[i * 4];
254 for (j = 0; j < 32; j++)
255 {
256 if (0 != (Reg & k))
257 {
258 ShowMessages("0x%02hhx ", (UINT8)(i * 32 + j));
259 }
260 k = k << 1;
261 }
262 }
263 ShowMessages("\n");
264
265 ShowMessages("TMR : ");
266
267 for (i = 0; i < 8; i++)
268 {
269 k = 1;
270 Reg = (UINT32)LocalApic.TMR[i * 4];
271 for (j = 0; j < 32; j++)
272 {
273 if (Reg & k)
274 {
275 ShowMessages("0x%02hhx ", (UINT8)(i * 32 + j));
276 }
277 k = k << 1;
278 }
279 }
280
281 ShowMessages("\n");
282
283 ShowMessages("IRR : ");
284
285 for (i = 0; i < 8; i++)
286 {
287 k = 1;
288 Reg = (UINT32)LocalApic.IRR[i * 4];
289 for (j = 0; j < 32; j++)
290 {
291 if (Reg & k)
292 {
293 ShowMessages("0x%02hhx ", (UINT8)(i * 32 + j));
294 }
295 k = k << 1;
296 }
297 }
298
299 ShowMessages("\n");
300}
BOOLEAN HyperDbgGetLocalApic(PLAPIC_PAGE LocalApic, PBOOLEAN IsUsingX2APIC)
Request to get Local APIC.
Definition apic.cpp:169
VOID CommandApicHelp()
help of the !apic command
Definition apic.cpp:26
UCHAR BOOLEAN
Definition BasicTypes.h:35
#define FALSE
Definition BasicTypes.h:113
unsigned char UINT8
Definition BasicTypes.h:52
unsigned int UINT32
Definition BasicTypes.h:54
#define LAPIC_SVR_FLAG_SW_ENABLE
Definition RequestStructures.h:1118
struct _LAPIC_PAGE LAPIC_PAGE
LAPIC structure and offsets.
std::string GetCaseSensitiveStringFromCommandToken(CommandToken TargetToken)
Get case sensitive string from command token.
Definition common.cpp:467
UINT32 LvtLINT1
Definition RequestStructures.h:1192
UINT32 LvtError
Definition RequestStructures.h:1195
UINT32 TMR[32]
Definition RequestStructures.h:1162
UINT32 Version
Definition RequestStructures.h:1131
UINT32 LvtCmci
Definition RequestStructures.h:1171
UINT32 LvtThermalSensor
Definition RequestStructures.h:1183
UINT32 InitialCount
Definition RequestStructures.h:1198
UINT32 CurrentCount
Definition RequestStructures.h:1201
UINT32 ISR[32]
Definition RequestStructures.h:1160
UINT32 DivideConfiguration
Definition RequestStructures.h:1206
UINT32 TPR
Definition RequestStructures.h:1136
UINT32 ErrorStatus
Definition RequestStructures.h:1166
UINT32 LvtTimer
Definition RequestStructures.h:1180
UINT32 LogicalDestination
Definition RequestStructures.h:1151
UINT32 IRR[32]
Definition RequestStructures.h:1164
UINT32 LvtLINT0
Definition RequestStructures.h:1189
UINT32 Id
Definition RequestStructures.h:1128
UINT32 ProcessorPriority
Definition RequestStructures.h:1142
UINT32 LvtPerfMonCounters
Definition RequestStructures.h:1186
UINT32 SpuriousInterruptVector
Definition RequestStructures.h:1157

◆ CommandApicHelp()

VOID CommandApicHelp ( )

help of the !apic command

Returns
VOID
27{
28 ShowMessages("!apic : shows the details of Local APIC in both xAPIC and x2APIC modes.\n\n");
29
30 ShowMessages("syntax : \t!apic\n");
31
32 ShowMessages("\n");
33 ShowMessages("\t\te.g : !apic\n");
34}

◆ CommandApicSendRequest()

BOOLEAN CommandApicSendRequest ( DEBUGGER_APIC_REQUEST_TYPE ApicType,
PVOID ApicBuffer,
UINT32 ExpectedRequestSize,
PBOOLEAN IsUsingX2APIC )

Send APIC requests.

Parameters
ApicType
ApicBuffer
ExpectedRequestSize
IsUsingX2APIC
Returns
VOID
51{
52 BOOL Status;
53 ULONG ReturnedLength;
54 PDEBUGGER_APIC_REQUEST ApicRequest;
55 UINT32 RequestSize = 0;
56
57 RequestSize = SIZEOF_DEBUGGER_APIC_REQUEST + ExpectedRequestSize;
58
59 //
60 // Allocate buffer to fill the request
61 //
62 ApicRequest = (PDEBUGGER_APIC_REQUEST)malloc(RequestSize);
63
64 if (ApicRequest == NULL)
65 {
66 //
67 // Unable to allocate buffer
68 //
69 return FALSE;
70 }
71
72 RtlZeroMemory(ApicRequest, RequestSize);
73
74 //
75 // Set the APIC type to local apic
76 // Note that the APIC mode (xAPIC and x2APIC) is determined in the debugger
77 //
78 ApicRequest->ApicType = ApicType;
79
81 {
82 //
83 // Send the request over serial kernel debugger
84 //
85 if (!KdSendApicActionPacketsToDebuggee(ApicRequest, RequestSize))
86 {
87 free(ApicRequest);
88 return FALSE;
89 }
90 else
91 {
92 *IsUsingX2APIC = ApicRequest->IsUsingX2APIC;
93 RtlCopyMemory(ApicBuffer, (PVOID)(((CHAR *)ApicRequest) + sizeof(DEBUGGER_APIC_REQUEST)), ExpectedRequestSize);
94
95 free(ApicRequest);
96 return TRUE;
97 }
98 }
99 else
100 {
102
103 //
104 // Send IOCTL
105 //
106 Status = DeviceIoControl(
107 g_DeviceHandle, // Handle to device
108 IOCTL_PERFORM_ACTIONS_ON_APIC, // IO Control Code (IOCTL)
109 ApicRequest, // Input Buffer to driver.
110 SIZEOF_DEBUGGER_APIC_REQUEST, // Input buffer length
111 ApicRequest, // Output Buffer from driver.
112 RequestSize, // Length of output buffer in bytes.
113 &ReturnedLength, // Bytes placed in buffer.
114 NULL // synchronous call
115 );
116
117 if (!Status)
118 {
119 ShowMessages("ioctl failed with code 0x%x\n", GetLastError());
120
121 free(ApicRequest);
122 return FALSE;
123 }
124
125 if (ReturnedLength != RequestSize && ReturnedLength != SIZEOF_DEBUGGER_APIC_REQUEST)
126 {
127 //
128 // An err occurred
129 //
130 ShowMessages("err, apic request failed\n");
131
132 free(ApicRequest);
133 return FALSE;
134 }
135
137 {
138 //
139 // Fill the request buffer
140 //
141 *IsUsingX2APIC = ApicRequest->IsUsingX2APIC;
142 RtlCopyMemory(ApicBuffer, (PVOID)(((CHAR *)ApicRequest) + sizeof(DEBUGGER_APIC_REQUEST)), ExpectedRequestSize);
143
144 free(ApicRequest);
145 return TRUE;
146 }
147 else
148 {
149 //
150 // An err occurred, no results
151 //
152 ShowErrorMessage(ApicRequest->KernelStatus);
153
154 free(ApicRequest);
155 return FALSE;
156 }
157 }
158}
BOOLEAN g_IsSerialConnectedToRemoteDebuggee
Shows if the debugger was connected to remote debuggee over (A remote guest).
Definition globals.h:253
int BOOL
Definition BasicTypes.h:25
void * PVOID
Definition BasicTypes.h:56
#define TRUE
Definition BasicTypes.h:114
char CHAR
Definition BasicTypes.h:33
unsigned long ULONG
Definition BasicTypes.h:31
#define DEBUGGER_OPERATION_WAS_SUCCESSFUL
General value to indicate that the operation or request was successful.
Definition ErrorCodes.h:23
#define IOCTL_PERFORM_ACTIONS_ON_APIC
ioctl, to perform actions related to APIC
Definition Ioctls.h:361
struct _DEBUGGER_APIC_REQUEST * PDEBUGGER_APIC_REQUEST
#define SIZEOF_DEBUGGER_APIC_REQUEST
Debugger size of DEBUGGER_APIC_REQUEST.
Definition RequestStructures.h:1108
struct _DEBUGGER_APIC_REQUEST DEBUGGER_APIC_REQUEST
The structure of actions for APIC.
BOOLEAN ShowErrorMessage(UINT32 Error)
shows the error message
Definition debugger.cpp:40
BOOLEAN KdSendApicActionPacketsToDebuggee(PDEBUGGER_APIC_REQUEST ApicRequest, UINT32 ExpectedRequestSize)
Send requests for APIC packet to the debuggee.
Definition kd.cpp:995
#define ASSERT_MESSAGE_KD_NOT_LOADED
Definition common.h:29
#define AssertShowMessageReturnStmt(expr1, expr2, message1, message2, rc)
Definition common.h:59
#define ASSERT_MESSAGE_DRIVER_NOT_LOADED
Definition common.h:27
#define AssertReturnFalse
Definition common.h:21
HANDLE g_DeviceHandle
Holds the global handle of device which is used to send the request to the kernel by IOCTL,...
Definition globals.h:481
BOOLEAN g_IsKdModuleLoaded
shows whether the kernel debugger (KD) module is loaded or not
Definition globals.h:22
UINT32 KernelStatus
Definition RequestStructures.h:1100
BOOLEAN IsUsingX2APIC
Definition RequestStructures.h:1099
DEBUGGER_APIC_REQUEST_TYPE ApicType
Definition RequestStructures.h:1098

◆ HyperDbgGetLocalApic()

BOOLEAN HyperDbgGetLocalApic ( PLAPIC_PAGE LocalApic,
PBOOLEAN IsUsingX2APIC )

Request to get Local APIC.

Parameters
LocalApic
IsUsingX2APIC
Returns
BOOLEAN
170{
172 LocalApic,
173 sizeof(LAPIC_PAGE),
174 IsUsingX2APIC);
175}
BOOLEAN CommandApicSendRequest(DEBUGGER_APIC_REQUEST_TYPE ApicType, PVOID ApicBuffer, UINT32 ExpectedRequestSize, PBOOLEAN IsUsingX2APIC)
Send APIC requests.
Definition apic.cpp:47
@ DEBUGGER_APIC_REQUEST_TYPE_READ_LOCAL_APIC
Definition RequestStructures.h:1087

Variable Documentation

◆ g_IsKdModuleLoaded

BOOLEAN g_IsKdModuleLoaded
extern

shows whether the kernel debugger (KD) module is loaded or not

◆ g_IsSerialConnectedToRemoteDebuggee

BOOLEAN g_IsSerialConnectedToRemoteDebuggee
extern

Shows if the debugger was connected to remote debuggee over (A remote guest).