HyperDbg Debugger
Loading...
Searching...
No Matches
Constants.h File Reference

HyperDbg's SDK constants. More...

Go to the source code of this file.

Macros

#define VERSION_MAJOR   0
#define VERSION_MINOR   21
#define VERSION_PATCH   0
#define BETA_VERSION   FALSE
#define BUILD_YEAR_CH0   (__DATE__[7])
#define BUILD_YEAR_CH1   (__DATE__[8])
#define BUILD_YEAR_CH2   (__DATE__[9])
#define BUILD_YEAR_CH3   (__DATE__[10])
#define BUILD_MONTH_IS_JAN   (__DATE__[0] == 'J' && __DATE__[1] == 'a' && __DATE__[2] == 'n')
#define BUILD_MONTH_IS_FEB   (__DATE__[0] == 'F')
#define BUILD_MONTH_IS_MAR   (__DATE__[0] == 'M' && __DATE__[1] == 'a' && __DATE__[2] == 'r')
#define BUILD_MONTH_IS_APR   (__DATE__[0] == 'A' && __DATE__[1] == 'p')
#define BUILD_MONTH_IS_MAY   (__DATE__[0] == 'M' && __DATE__[1] == 'a' && __DATE__[2] == 'y')
#define BUILD_MONTH_IS_JUN   (__DATE__[0] == 'J' && __DATE__[1] == 'u' && __DATE__[2] == 'n')
#define BUILD_MONTH_IS_JUL   (__DATE__[0] == 'J' && __DATE__[1] == 'u' && __DATE__[2] == 'l')
#define BUILD_MONTH_IS_AUG   (__DATE__[0] == 'A' && __DATE__[1] == 'u')
#define BUILD_MONTH_IS_SEP   (__DATE__[0] == 'S')
#define BUILD_MONTH_IS_OCT   (__DATE__[0] == 'O')
#define BUILD_MONTH_IS_NOV   (__DATE__[0] == 'N')
#define BUILD_MONTH_IS_DEC   (__DATE__[0] == 'D')
#define BUILD_MONTH_CH0   ((BUILD_MONTH_IS_OCT || BUILD_MONTH_IS_NOV || BUILD_MONTH_IS_DEC) ? '1' : '0')
#define BUILD_MONTH_CH1
#define BUILD_DAY_CH0   ((__DATE__[4] >= '0') ? (__DATE__[4]) : '0')
#define BUILD_DAY_CH1   (__DATE__[5])
#define BUILD_HOUR_CH0   (__TIME__[0])
#define BUILD_HOUR_CH1   (__TIME__[1])
#define BUILD_MIN_CH0   (__TIME__[3])
#define BUILD_MIN_CH1   (__TIME__[4])
#define BUILD_SEC_CH0   (__TIME__[6])
#define BUILD_SEC_CH1   (__TIME__[7])
#define STRINGIFY(x)
#define TOSTRING(x)
#define HYPERDBG_COMPLETE_VERSION   "v" TOSTRING(VERSION_MAJOR) "." TOSTRING(VERSION_MINOR) "." TOSTRING(VERSION_PATCH) "\0"
#define MaximumPacketsCapacity   1000
 Default buffer count of packets for message tracing.
#define MaximumPacketsCapacityPriority   50
 Default buffer count of packets for message tracing.
#define NORMAL_PAGE_SIZE   4096
 Size of normal OS (processor) pages.
#define PacketChunkSize   NORMAL_PAGE_SIZE
 Size of each packet.
#define UsermodeBufferSize   sizeof(UINT32) + PacketChunkSize + 1
 size of user-mode buffer
#define MaxSerialPacketSize   20 * NORMAL_PAGE_SIZE
 size of buffer for serial
#define LogBufferSize   MaximumPacketsCapacity *(PacketChunkSize + sizeof(BUFFER_HEADER))
 Final storage size of message tracing.
#define LogBufferSizePriority   MaximumPacketsCapacityPriority *(PacketChunkSize + sizeof(BUFFER_HEADER))
 Final storage size of message tracing.
#define DbgPrintLimitation   512
 limitation of Windows DbgPrint message size
#define DebuggerEventTagStartSeed   0x1000000
 The seeds that user-mode codes use as the starter of their events' tag.
#define DebuggerThreadDebuggingTagStartSeed   0x1000000
 The seeds that user-mode thread detail token start with it.
#define DebuggerOutputSourceTagStartSeed   0x1
 The seeds that user-mode codes use as the starter of their output source tag.
#define DebuggerOutputSourceMaximumRemoteSourceForSingleEvent   0x5
 Determines how many sources a debugger can have for a single event.
#define DebuggerScriptEngineMemcpyMovingBufferSize   64
 The size of each chunk of memory used in the 'memcpy' function of the script engine for transferring buffers in the VMX-root mode.
#define MAXIMUM_NUMBER_OF_INITIAL_PREALLOCATED_EPT_HOOKS   5
 Maximum number of initial pre-allocated EPT hooks.
#define MAXIMUM_REGULAR_INSTANT_EVENTS   20
 Maximum number of (regular) instant events that are pre-allocated.
#define MAXIMUM_BIG_INSTANT_EVENTS   0
 Maximum number of (big) instant events that are pre-allocated.
#define REGULAR_INSTANT_EVENT_CONDITIONAL_BUFFER   sizeof(DEBUGGER_EVENT) + 100
 Pre-allocated size for a regular event + conditions buffer.
#define BIG_INSTANT_EVENT_CONDITIONAL_BUFFER   sizeof(DEBUGGER_EVENT) + PAGE_SIZE
 Pre-allocated size for a big event + conditions buffer.
#define REGULAR_INSTANT_EVENT_ACTION_BUFFER   sizeof(DEBUGGER_EVENT_ACTION) + (PAGE_SIZE * 2)
 Pre-allocated size for a regular action + custom code or script buffer.
#define BIG_INSTANT_EVENT_ACTION_BUFFER   sizeof(DEBUGGER_EVENT_ACTION) + MaxSerialPacketSize
 Pre-allocated size for a big action + custom code or script buffer.
#define REGULAR_INSTANT_EVENT_REQUESTED_SAFE_BUFFER   PAGE_SIZE
 Pre-allocated size for a regular requested safe buffer.
#define BIG_INSTANT_EVENT_REQUESTED_SAFE_BUFFER   MaxSerialPacketSize
 Pre-allocated size for a big requested safe buffer.
#define DEFAULT_PORT   "50000"
 default port of HyperDbg for listening by debuggee (server, guest)
#define COMMUNICATION_BUFFER_SIZE   PacketChunkSize + 0x100
 Packet size for TCP connections.
#define TOP_LEVEL_DRIVERS_VMCALL_STARTING_NUMBER   0x00000200
 The start number of VMCALL number allowed to be used by top-level drivers.
#define TOP_LEVEL_DRIVERS_VMCALL_ENDING_NUMBER   TOP_LEVEL_DRIVERS_VMCALL_STARTING_NUMBER + 0x100
 The start number of VMCALL number allowed to be used by top-level drivers.
#define OPERATION_MANDATORY_DEBUGGEE_BIT   (1 << 31)
 If a operation use this bit in its Operation code, then it means that the operation should be performed mandatorily in debuggee and should not be sent to the debugger.
#define OPERATION_LOG_INFO_MESSAGE   1U
 Message logs id that comes from kernel-mode to user-mode.
#define OPERATION_LOG_WARNING_MESSAGE   2U
#define OPERATION_LOG_ERROR_MESSAGE   3U
#define OPERATION_LOG_NON_IMMEDIATE_MESSAGE   4U
#define OPERATION_LOG_WITH_TAG   5U
#define OPERATION_LOG_MESSAGE_MANDATORY   6U | OPERATION_MANDATORY_DEBUGGEE_BIT
#define OPERATION_COMMAND_FROM_DEBUGGER_CLOSE_AND_UNLOAD_VMM   7U | OPERATION_MANDATORY_DEBUGGEE_BIT
#define OPERATION_DEBUGGEE_USER_INPUT   8U | OPERATION_MANDATORY_DEBUGGEE_BIT
#define OPERATION_DEBUGGEE_REGISTER_EVENT   9U | OPERATION_MANDATORY_DEBUGGEE_BIT
#define OPERATION_DEBUGGEE_ADD_ACTION_TO_EVENT   10U | OPERATION_MANDATORY_DEBUGGEE_BIT
#define OPERATION_DEBUGGEE_CLEAR_EVENTS   11U | OPERATION_MANDATORY_DEBUGGEE_BIT
#define OPERATION_DEBUGGEE_CLEAR_EVENTS_WITHOUT_NOTIFYING_DEBUGGER   12U | OPERATION_MANDATORY_DEBUGGEE_BIT
#define OPERATION_HYPERVISOR_DRIVER_IS_SUCCESSFULLY_LOADED   13U | OPERATION_MANDATORY_DEBUGGEE_BIT
#define OPERATION_HYPERVISOR_DRIVER_END_OF_IRPS   14U | OPERATION_MANDATORY_DEBUGGEE_BIT
#define OPERATION_COMMAND_FROM_DEBUGGER_RELOAD_SYMBOL   15U | OPERATION_MANDATORY_DEBUGGEE_BIT
#define OPERATION_NOTIFICATION_FROM_USER_DEBUGGER_PAUSE   16U | OPERATION_MANDATORY_DEBUGGEE_BIT
#define MAXIMUM_BREAKPOINTS_WITHOUT_CONTINUE   100
 maximum number of buffers to be allocated for a single breakpoint
#define MAXIMUM_NUMBER_OF_THREAD_INFORMATION_FOR_TRAPS   200
 maximum number of thread/process ids to be allocated for a simultaneous debugging
#define POOLTAG   0x48444247
 Pool tag.
#define SERIAL_END_OF_BUFFER_CHARS_COUNT   0x4
 count of characters for serial end of buffer
#define SERIAL_END_OF_BUFFER_CHAR_1   0x00
 characters of the buffer that we set at the end of buffers for serial
#define SERIAL_END_OF_BUFFER_CHAR_2   0x80
#define SERIAL_END_OF_BUFFER_CHAR_3   0xEE
#define SERIAL_END_OF_BUFFER_CHAR_4   0xFF
#define TCP_END_OF_BUFFER_CHARS_COUNT   0x4
 count of characters for tcp end of buffer
#define TCP_END_OF_BUFFER_CHAR_1   0x10
 characters of the buffer that we set at the end of buffers for tcp
#define TCP_END_OF_BUFFER_CHAR_2   0x20
#define TCP_END_OF_BUFFER_CHAR_3   0x33
#define TCP_END_OF_BUFFER_CHAR_4   0x44
#define MAXIMUM_CHARACTER_FOR_OS_NAME   256
 maximum name for OS name buffer
#define MAXIMUM_INSTR_SIZE   16
 maximum instruction size in Intel
#define MAXIMUM_CALL_INSTR_SIZE   7
 maximum size for call instruction in Intel
#define MAXIMUM_SUPPORTED_SYMBOLS   1000
 maximum supported modules to load their symbol information
#define MAXIMUM_GUID_AND_AGE_SIZE   60
 maximum size for GUID and Age of PE @detail It seems that 33 bytes is enough but let's have more space because there might be sth that we missed :)
#define INDICATOR_OF_HYPERDBG_PACKET   0x4859504552444247
 constant indicator of a HyperDbg packet
#define MaximumSearchResults   0x1000
 maximum results that will be returned by !s* s* command
#define X86_FLAGS_CF   (1 << 0)
 EFLAGS/RFLAGS.
#define X86_FLAGS_PF   (1 << 2)
#define X86_FLAGS_AF   (1 << 4)
#define X86_FLAGS_ZF   (1 << 6)
#define X86_FLAGS_SF   (1 << 7)
#define X86_FLAGS_TF   (1 << 8)
#define X86_FLAGS_IF   (1 << 9)
#define X86_FLAGS_DF   (1 << 10)
#define X86_FLAGS_OF   (1 << 11)
#define X86_FLAGS_STATUS_MASK   (0xfff)
#define X86_FLAGS_IOPL_MASK   (3 << 12)
#define X86_FLAGS_IOPL_SHIFT   (12)
#define X86_FLAGS_IOPL_SHIFT_2ND_BIT   (13)
#define X86_FLAGS_NT   (1 << 14)
#define X86_FLAGS_RF   (1 << 16)
#define X86_FLAGS_VM   (1 << 17)
#define X86_FLAGS_AC   (1 << 18)
#define X86_FLAGS_VIF   (1 << 19)
#define X86_FLAGS_VIP   (1 << 20)
#define X86_FLAGS_ID   (1 << 21)
#define X86_FLAGS_RESERVED_ONES   0x2
#define X86_FLAGS_RESERVED   0xffc0802a
#define X86_FLAGS_RESERVED_BITS   0xffc38028
#define X86_FLAGS_FIXED   0x00000002
#define LOWORD(l)
#define HIWORD(l)
#define LOBYTE(w)
#define HIBYTE(w)
#define MAX_STACK_BUFFER_COUNT   256
 Maximum number of stack buffer count in the script engine.
#define MAX_EXECUTION_COUNT   1000000
 Maximum number of variables that can be used in the script engine.
#define MAX_VAR_COUNT   512
#define MAX_FUNCTION_NAME_LENGTH   32
#define PASSIVE_LEVEL   0
#define LOW_LEVEL   0
#define APC_LEVEL   1
#define DISPATCH_LEVEL   2
#define CMCI_LEVEL   5
#define CLOCK_LEVEL   13
#define IPI_LEVEL   14
#define DRS_LEVEL   14
#define POWER_LEVEL   14
#define PROFILE_LEVEL   15
#define HIGH_LEVEL   15
#define REG_CR0_PE   0x00000001 /* Enable Protected Mode (RW) */
 Intel CPU flags in CR0.
#define REG_CR0_MP   0x00000002 /* Monitor Coprocessor (RW) */
#define REG_CR0_EM   0x00000004 /* Require FPU Emulation (RO) */
#define REG_CR0_TS   0x00000008 /* Task Switched (RW) */
#define REG_CR0_ET   0x00000010 /* Extension type (RO) */
#define REG_CR0_NE   0x00000020 /* Numeric Error Reporting (RW) */
#define REG_CR0_WP   0x00010000 /* Supervisor Write Protect (RW) */
#define REG_CR0_AM   0x00040000 /* Alignment Checking (RW) */
#define REG_CR0_NW   0x20000000 /* Not Write-Through (RW) */
#define REG_CR0_CD   0x40000000 /* Cache Disable (RW) */
#define REG_CR0_PG   0x80000000 /* Paging */
#define REG_CR4_VME   0x0001 /* enable vm86 extensions */
 Intel CPU features in CR4.
#define REG_CR4_PVI   0x0002 /* virtual interrupts flag enable */
#define REG_CR4_TSD   0x0004 /* disable time stamp at ipl 3 */
#define REG_CR4_DE   0x0008 /* enable debugging extensions */
#define REG_CR4_PSE   0x0010 /* enable page size extensions */
#define REG_CR4_PAE   0x0020 /* enable physical address extensions */
#define REG_CR4_MCE   0x0040 /* Machine check enable */
#define REG_CR4_PGE   0x0080 /* enable global pages */
#define REG_CR4_PCE   0x0100 /* enable performance counters at ipl 3 */
#define REG_CR4_OSFXSR   0x0200 /* enable fast FPU save and restore */
#define REG_CR4_OSXMMEXCPT   0x0400 /* enable unmasked SSE exceptions */
#define REG_CR4_VMXE   0x2000 /* enable VMX */
#define KGDT64_NULL   (0 * 16)
#define KGDT64_R0_CODE   (1 * 16)
#define KGDT64_R0_DATA   (1 * 16) + 8
#define KGDT64_R3_CMCODE   (2 * 16)
#define KGDT64_R3_DATA   (2 * 16) + 8
#define KGDT64_R3_CODE   (3 * 16)
#define KGDT64_SYS_TSS   (4 * 16)
#define KGDT64_R3_CMTEB   (5 * 16)
#define KGDT64_R0_CMCODE   (6 * 16)
#define KGDT64_LAST   (7 * 16)
#define PCID_NONE   0x000
 PCID Flags.
#define PCID_MASK   0x003
#define CPUID_HV_VENDOR_AND_MAX_FUNCTIONS   0x40000000
 The Microsoft Hypervisor interface defined constants.
#define CPUID_HV_INTERFACE   0x40000001
#define TRANSPARENT_EVADE_MASK_SYSCALL_HOOK   0x00000001
 Transparent-mode feature mask.
#define TRANSPARENT_EVADE_MASK_CPUID   0x00000002
#define TRANSPARENT_EVADE_MASK_MSR   0x00000004
#define TRANSPARENT_EVADE_MASK_TRAP_FLAG   0x00000008
#define TRANSPARENT_EVADE_MASK_ALL   (TRANSPARENT_EVADE_MASK_SYSCALL_HOOK | TRANSPARENT_EVADE_MASK_CPUID | TRANSPARENT_EVADE_MASK_MSR | TRANSPARENT_EVADE_MASK_TRAP_FLAG)
#define TRANSPARENT_EVADE_MASK_DEFAULT   TRANSPARENT_EVADE_MASK_ALL
#define CPUID_ADDR_WIDTH   0x80000008
 Cpuid to get virtual address width.
#define CPUID_PROCESSOR_AND_PROCESSOR_FEATURE_IDENTIFIERS   0x00000001
 CPUID Features.
#define RESERVED_MSR_RANGE_LOW   0x40000000
 Hypervisor reserved range for RDMSR and WRMSR.
#define RESERVED_MSR_RANGE_HI   0x400000F0
#define DEBUGGER_MODIFY_EVENTS_APPLY_TO_ALL_TAG   0xffffffffffffffff
 Apply event modifications to all tags.
#define DISASSEMBLY_MAXIMUM_DISTANCE_FROM_OBJECT_NAME   0xffff
 Maximum length for a function (to be used in showing distance from symbol functions in the 'u' command).
#define DEBUGGER_READ_AND_WRITE_ON_MSR_APPLY_ALL_CORES   0xffffffff
 Read and write MSRs to all cores.
#define DEBUGGER_DEBUGGEE_IS_RUNNING_NO_CORE   0xffffffff
 Apply the event to all the cores.
#define DEBUGGER_EVENT_APPLY_TO_ALL_CORES   0xffffffff
 Apply the event to all the cores.
#define DEBUGGER_EVENT_APPLY_TO_ALL_PROCESSES   0xffffffff
 Apply the event to all the processes.
#define DEBUGGER_EVENT_MSR_READ_OR_WRITE_ALL_MSRS   0xffffffff
 Apply to all Model Specific Registers.
#define DEBUGGER_EVENT_EXCEPTIONS_ALL_FIRST_32_ENTRIES   0xffffffff
 Apply to all first 32 exceptions.
#define DEBUGGER_EVENT_SYSCALL_ALL_SYSRET_OR_SYSCALLS   0xffffffff
 Apply to all syscalls and sysrets.
#define DEBUGGER_EVENT_ALL_IO_PORTS   0xffffffff
 Apply to all I/O ports.
#define DEBUGGEE_BP_APPLY_TO_ALL_CORES   0xffffffff
 The constant to apply to all cores for bp command.
#define DEBUGGEE_BP_APPLY_TO_ALL_PROCESSES   0xffffffff
 The constant to apply to all processes for bp command.
#define DEBUGGEE_BP_APPLY_TO_ALL_THREADS   0xffffffff
 The constant to apply to all threads for bp command.
#define DEBUGGEE_SHOW_ALL_REGISTERS   0xffffffff
 for reading all registers in r command.

Typedefs

typedef enum _SEGMENT_REGISTERS SEGMENT_REGISTERS
 Segment selector registers in x86.

Enumerations

enum  _SEGMENT_REGISTERS {
  ES = 0 , CS , SS , DS ,
  FS , GS , LDTR , TR
}
 Segment selector registers in x86. More...

Variables

const UCHAR BuildDateTime []
const UCHAR CompleteVersion [] = HYPERDBG_COMPLETE_VERSION
const UCHAR BuildVersion []
const UCHAR BuildSignature []

Detailed Description

HyperDbg's SDK constants.

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
jtaw5649

This file contains definitions of constants used in HyperDbg

Version
0.2
Date
2022-06-24

Macro Definition Documentation

◆ APC_LEVEL

#define APC_LEVEL   1

◆ BETA_VERSION

#define BETA_VERSION   FALSE

◆ BIG_INSTANT_EVENT_ACTION_BUFFER

#define BIG_INSTANT_EVENT_ACTION_BUFFER   sizeof(DEBUGGER_EVENT_ACTION) + MaxSerialPacketSize

Pre-allocated size for a big action + custom code or script buffer.

◆ BIG_INSTANT_EVENT_CONDITIONAL_BUFFER

#define BIG_INSTANT_EVENT_CONDITIONAL_BUFFER   sizeof(DEBUGGER_EVENT) + PAGE_SIZE

Pre-allocated size for a big event + conditions buffer.

◆ BIG_INSTANT_EVENT_REQUESTED_SAFE_BUFFER

#define BIG_INSTANT_EVENT_REQUESTED_SAFE_BUFFER   MaxSerialPacketSize

Pre-allocated size for a big requested safe buffer.

◆ BUILD_DAY_CH0

#define BUILD_DAY_CH0   ((__DATE__[4] >= '0') ? (__DATE__[4]) : '0')

◆ BUILD_DAY_CH1

#define BUILD_DAY_CH1   (__DATE__[5])

◆ BUILD_HOUR_CH0

#define BUILD_HOUR_CH0   (__TIME__[0])

◆ BUILD_HOUR_CH1

#define BUILD_HOUR_CH1   (__TIME__[1])

◆ BUILD_MIN_CH0

#define BUILD_MIN_CH0   (__TIME__[3])

◆ BUILD_MIN_CH1

#define BUILD_MIN_CH1   (__TIME__[4])

◆ BUILD_MONTH_CH0

#define BUILD_MONTH_CH0   ((BUILD_MONTH_IS_OCT || BUILD_MONTH_IS_NOV || BUILD_MONTH_IS_DEC) ? '1' : '0')
48#define BUILD_MONTH_CH0 \
49 ((BUILD_MONTH_IS_OCT || BUILD_MONTH_IS_NOV || BUILD_MONTH_IS_DEC) ? '1' : '0')

◆ BUILD_MONTH_CH1

#define BUILD_MONTH_CH1
Value:
( \
: (BUILD_MONTH_IS_MAR) ? '3' \
: (BUILD_MONTH_IS_APR) ? '4' \
: (BUILD_MONTH_IS_MAY) ? '5' \
: (BUILD_MONTH_IS_JUN) ? '6' \
: (BUILD_MONTH_IS_JUL) ? '7' \
: (BUILD_MONTH_IS_AUG) ? '8' \
: (BUILD_MONTH_IS_SEP) ? '9' \
: (BUILD_MONTH_IS_OCT) ? '0' \
: (BUILD_MONTH_IS_NOV) ? '1' \
: (BUILD_MONTH_IS_DEC) ? '2' \
: /* error default */ '?')
#define BUILD_MONTH_IS_MAR
Definition Constants.h:37
#define BUILD_MONTH_IS_JAN
Definition Constants.h:35
#define BUILD_MONTH_IS_OCT
Definition Constants.h:44
#define BUILD_MONTH_IS_JUN
Definition Constants.h:40
#define BUILD_MONTH_IS_FEB
Definition Constants.h:36
#define BUILD_MONTH_IS_MAY
Definition Constants.h:39
#define BUILD_MONTH_IS_DEC
Definition Constants.h:46
#define BUILD_MONTH_IS_AUG
Definition Constants.h:42
#define BUILD_MONTH_IS_JUL
Definition Constants.h:41
#define BUILD_MONTH_IS_SEP
Definition Constants.h:43
#define BUILD_MONTH_IS_APR
Definition Constants.h:38
#define BUILD_MONTH_IS_NOV
Definition Constants.h:45
51#define BUILD_MONTH_CH1 \
52 ( \
53 (BUILD_MONTH_IS_JAN) ? '1' : (BUILD_MONTH_IS_FEB) ? '2' \
54 : (BUILD_MONTH_IS_MAR) ? '3' \
55 : (BUILD_MONTH_IS_APR) ? '4' \
56 : (BUILD_MONTH_IS_MAY) ? '5' \
57 : (BUILD_MONTH_IS_JUN) ? '6' \
58 : (BUILD_MONTH_IS_JUL) ? '7' \
59 : (BUILD_MONTH_IS_AUG) ? '8' \
60 : (BUILD_MONTH_IS_SEP) ? '9' \
61 : (BUILD_MONTH_IS_OCT) ? '0' \
62 : (BUILD_MONTH_IS_NOV) ? '1' \
63 : (BUILD_MONTH_IS_DEC) ? '2' \
64 : /* error default */ '?')

◆ BUILD_MONTH_IS_APR

#define BUILD_MONTH_IS_APR   (__DATE__[0] == 'A' && __DATE__[1] == 'p')

◆ BUILD_MONTH_IS_AUG

#define BUILD_MONTH_IS_AUG   (__DATE__[0] == 'A' && __DATE__[1] == 'u')

◆ BUILD_MONTH_IS_DEC

#define BUILD_MONTH_IS_DEC   (__DATE__[0] == 'D')

◆ BUILD_MONTH_IS_FEB

#define BUILD_MONTH_IS_FEB   (__DATE__[0] == 'F')

◆ BUILD_MONTH_IS_JAN

#define BUILD_MONTH_IS_JAN   (__DATE__[0] == 'J' && __DATE__[1] == 'a' && __DATE__[2] == 'n')

◆ BUILD_MONTH_IS_JUL

#define BUILD_MONTH_IS_JUL   (__DATE__[0] == 'J' && __DATE__[1] == 'u' && __DATE__[2] == 'l')

◆ BUILD_MONTH_IS_JUN

#define BUILD_MONTH_IS_JUN   (__DATE__[0] == 'J' && __DATE__[1] == 'u' && __DATE__[2] == 'n')

◆ BUILD_MONTH_IS_MAR

#define BUILD_MONTH_IS_MAR   (__DATE__[0] == 'M' && __DATE__[1] == 'a' && __DATE__[2] == 'r')

◆ BUILD_MONTH_IS_MAY

#define BUILD_MONTH_IS_MAY   (__DATE__[0] == 'M' && __DATE__[1] == 'a' && __DATE__[2] == 'y')

◆ BUILD_MONTH_IS_NOV

#define BUILD_MONTH_IS_NOV   (__DATE__[0] == 'N')

◆ BUILD_MONTH_IS_OCT

#define BUILD_MONTH_IS_OCT   (__DATE__[0] == 'O')

◆ BUILD_MONTH_IS_SEP

#define BUILD_MONTH_IS_SEP   (__DATE__[0] == 'S')

◆ BUILD_SEC_CH0

#define BUILD_SEC_CH0   (__TIME__[6])

◆ BUILD_SEC_CH1

#define BUILD_SEC_CH1   (__TIME__[7])

◆ BUILD_YEAR_CH0

#define BUILD_YEAR_CH0   (__DATE__[7])

◆ BUILD_YEAR_CH1

#define BUILD_YEAR_CH1   (__DATE__[8])

◆ BUILD_YEAR_CH2

#define BUILD_YEAR_CH2   (__DATE__[9])

◆ BUILD_YEAR_CH3

#define BUILD_YEAR_CH3   (__DATE__[10])

◆ CLOCK_LEVEL

#define CLOCK_LEVEL   13

◆ CMCI_LEVEL

#define CMCI_LEVEL   5

◆ COMMUNICATION_BUFFER_SIZE

#define COMMUNICATION_BUFFER_SIZE   PacketChunkSize + 0x100

Packet size for TCP connections.

Note that we might add something to the kernel buffers that's why we add 0x100 to it

◆ CPUID_ADDR_WIDTH

#define CPUID_ADDR_WIDTH   0x80000008

Cpuid to get virtual address width.

◆ CPUID_HV_INTERFACE

#define CPUID_HV_INTERFACE   0x40000001

◆ CPUID_HV_VENDOR_AND_MAX_FUNCTIONS

#define CPUID_HV_VENDOR_AND_MAX_FUNCTIONS   0x40000000

The Microsoft Hypervisor interface defined constants.

◆ CPUID_PROCESSOR_AND_PROCESSOR_FEATURE_IDENTIFIERS

#define CPUID_PROCESSOR_AND_PROCESSOR_FEATURE_IDENTIFIERS   0x00000001

CPUID Features.

◆ DbgPrintLimitation

#define DbgPrintLimitation   512

limitation of Windows DbgPrint message size

currently is not functional

◆ DEBUGGEE_BP_APPLY_TO_ALL_CORES

#define DEBUGGEE_BP_APPLY_TO_ALL_CORES   0xffffffff

The constant to apply to all cores for bp command.

◆ DEBUGGEE_BP_APPLY_TO_ALL_PROCESSES

#define DEBUGGEE_BP_APPLY_TO_ALL_PROCESSES   0xffffffff

The constant to apply to all processes for bp command.

◆ DEBUGGEE_BP_APPLY_TO_ALL_THREADS

#define DEBUGGEE_BP_APPLY_TO_ALL_THREADS   0xffffffff

The constant to apply to all threads for bp command.

◆ DEBUGGEE_SHOW_ALL_REGISTERS

#define DEBUGGEE_SHOW_ALL_REGISTERS   0xffffffff

for reading all registers in r command.

◆ DEBUGGER_DEBUGGEE_IS_RUNNING_NO_CORE

#define DEBUGGER_DEBUGGEE_IS_RUNNING_NO_CORE   0xffffffff

Apply the event to all the cores.

◆ DEBUGGER_EVENT_ALL_IO_PORTS

#define DEBUGGER_EVENT_ALL_IO_PORTS   0xffffffff

Apply to all I/O ports.

◆ DEBUGGER_EVENT_APPLY_TO_ALL_CORES

#define DEBUGGER_EVENT_APPLY_TO_ALL_CORES   0xffffffff

Apply the event to all the cores.

◆ DEBUGGER_EVENT_APPLY_TO_ALL_PROCESSES

#define DEBUGGER_EVENT_APPLY_TO_ALL_PROCESSES   0xffffffff

Apply the event to all the processes.

◆ DEBUGGER_EVENT_EXCEPTIONS_ALL_FIRST_32_ENTRIES

#define DEBUGGER_EVENT_EXCEPTIONS_ALL_FIRST_32_ENTRIES   0xffffffff

Apply to all first 32 exceptions.

◆ DEBUGGER_EVENT_MSR_READ_OR_WRITE_ALL_MSRS

#define DEBUGGER_EVENT_MSR_READ_OR_WRITE_ALL_MSRS   0xffffffff

Apply to all Model Specific Registers.

◆ DEBUGGER_EVENT_SYSCALL_ALL_SYSRET_OR_SYSCALLS

#define DEBUGGER_EVENT_SYSCALL_ALL_SYSRET_OR_SYSCALLS   0xffffffff

Apply to all syscalls and sysrets.

◆ DEBUGGER_MODIFY_EVENTS_APPLY_TO_ALL_TAG

#define DEBUGGER_MODIFY_EVENTS_APPLY_TO_ALL_TAG   0xffffffffffffffff

Apply event modifications to all tags.

◆ DEBUGGER_READ_AND_WRITE_ON_MSR_APPLY_ALL_CORES

#define DEBUGGER_READ_AND_WRITE_ON_MSR_APPLY_ALL_CORES   0xffffffff

Read and write MSRs to all cores.

◆ DebuggerEventTagStartSeed

#define DebuggerEventTagStartSeed   0x1000000

The seeds that user-mode codes use as the starter of their events' tag.

◆ DebuggerOutputSourceMaximumRemoteSourceForSingleEvent

#define DebuggerOutputSourceMaximumRemoteSourceForSingleEvent   0x5

Determines how many sources a debugger can have for a single event.

◆ DebuggerOutputSourceTagStartSeed

#define DebuggerOutputSourceTagStartSeed   0x1

The seeds that user-mode codes use as the starter of their output source tag.

◆ DebuggerScriptEngineMemcpyMovingBufferSize

#define DebuggerScriptEngineMemcpyMovingBufferSize   64

The size of each chunk of memory used in the 'memcpy' function of the script engine for transferring buffers in the VMX-root mode.

◆ DebuggerThreadDebuggingTagStartSeed

#define DebuggerThreadDebuggingTagStartSeed   0x1000000

The seeds that user-mode thread detail token start with it.

This seed should not start with zero (0), otherwise it's interpreted as error

◆ DEFAULT_PORT

#define DEFAULT_PORT   "50000"

default port of HyperDbg for listening by debuggee (server, guest)

◆ DISASSEMBLY_MAXIMUM_DISTANCE_FROM_OBJECT_NAME

#define DISASSEMBLY_MAXIMUM_DISTANCE_FROM_OBJECT_NAME   0xffff

Maximum length for a function (to be used in showing distance from symbol functions in the 'u' command).

◆ DISPATCH_LEVEL

#define DISPATCH_LEVEL   2

◆ DRS_LEVEL

#define DRS_LEVEL   14

◆ HIBYTE

#define HIBYTE ( w)
Value:
((BYTE)(((WORD)(w) >> 8) & 0xFF))
unsigned short WORD
Definition BasicTypes.h:42
unsigned char BYTE
Definition BasicTypes.h:40

◆ HIGH_LEVEL

#define HIGH_LEVEL   15

◆ HIWORD

#define HIWORD ( l)
Value:
((WORD)(((DWORD)(l) >> 16) & 0xFFFF))
unsigned long DWORD
Definition BasicTypes.h:38

◆ HYPERDBG_COMPLETE_VERSION

#define HYPERDBG_COMPLETE_VERSION   "v" TOSTRING(VERSION_MAJOR) "." TOSTRING(VERSION_MINOR) "." TOSTRING(VERSION_PATCH) "\0"

◆ INDICATOR_OF_HYPERDBG_PACKET

#define INDICATOR_OF_HYPERDBG_PACKET   0x4859504552444247

constant indicator of a HyperDbg packet

Warning
used in hwdbg
504#define INDICATOR_OF_HYPERDBG_PACKET \
505 0x4859504552444247 // HYPERDBG = 0x4859504552444247

◆ IPI_LEVEL

#define IPI_LEVEL   14

◆ KGDT64_LAST

#define KGDT64_LAST   (7 * 16)

◆ KGDT64_NULL

#define KGDT64_NULL   (0 * 16)

◆ KGDT64_R0_CMCODE

#define KGDT64_R0_CMCODE   (6 * 16)

◆ KGDT64_R0_CODE

#define KGDT64_R0_CODE   (1 * 16)

◆ KGDT64_R0_DATA

#define KGDT64_R0_DATA   (1 * 16) + 8

◆ KGDT64_R3_CMCODE

#define KGDT64_R3_CMCODE   (2 * 16)

◆ KGDT64_R3_CMTEB

#define KGDT64_R3_CMTEB   (5 * 16)

◆ KGDT64_R3_CODE

#define KGDT64_R3_CODE   (3 * 16)

◆ KGDT64_R3_DATA

#define KGDT64_R3_DATA   (2 * 16) + 8

◆ KGDT64_SYS_TSS

#define KGDT64_SYS_TSS   (4 * 16)

◆ LOBYTE

#define LOBYTE ( w)
Value:
((BYTE)(w))

◆ LogBufferSize

#define LogBufferSize   MaximumPacketsCapacity *(PacketChunkSize + sizeof(BUFFER_HEADER))

Final storage size of message tracing.

208#define LogBufferSize \
209 MaximumPacketsCapacity *(PacketChunkSize + sizeof(BUFFER_HEADER))

◆ LogBufferSizePriority

#define LogBufferSizePriority   MaximumPacketsCapacityPriority *(PacketChunkSize + sizeof(BUFFER_HEADER))

Final storage size of message tracing.

215#define LogBufferSizePriority \
216 MaximumPacketsCapacityPriority *(PacketChunkSize + sizeof(BUFFER_HEADER))

◆ LOW_LEVEL

#define LOW_LEVEL   0

◆ LOWORD

#define LOWORD ( l)
Value:
((WORD)(l))

◆ MAX_EXECUTION_COUNT

#define MAX_EXECUTION_COUNT   1000000

Maximum number of variables that can be used in the script engine.

◆ MAX_FUNCTION_NAME_LENGTH

#define MAX_FUNCTION_NAME_LENGTH   32

◆ MAX_STACK_BUFFER_COUNT

#define MAX_STACK_BUFFER_COUNT   256

Maximum number of stack buffer count in the script engine.

◆ MAX_VAR_COUNT

#define MAX_VAR_COUNT   512

◆ MAXIMUM_BIG_INSTANT_EVENTS

#define MAXIMUM_BIG_INSTANT_EVENTS   0

Maximum number of (big) instant events that are pre-allocated.

◆ MAXIMUM_BREAKPOINTS_WITHOUT_CONTINUE

#define MAXIMUM_BREAKPOINTS_WITHOUT_CONTINUE   100

maximum number of buffers to be allocated for a single breakpoint

◆ MAXIMUM_CALL_INSTR_SIZE

#define MAXIMUM_CALL_INSTR_SIZE   7

maximum size for call instruction in Intel

◆ MAXIMUM_CHARACTER_FOR_OS_NAME

#define MAXIMUM_CHARACTER_FOR_OS_NAME   256

maximum name for OS name buffer

◆ MAXIMUM_GUID_AND_AGE_SIZE

#define MAXIMUM_GUID_AND_AGE_SIZE   60

maximum size for GUID and Age of PE @detail It seems that 33 bytes is enough but let's have more space because there might be sth that we missed :)

◆ MAXIMUM_INSTR_SIZE

#define MAXIMUM_INSTR_SIZE   16

maximum instruction size in Intel

◆ MAXIMUM_NUMBER_OF_INITIAL_PREALLOCATED_EPT_HOOKS

#define MAXIMUM_NUMBER_OF_INITIAL_PREALLOCATED_EPT_HOOKS   5

Maximum number of initial pre-allocated EPT hooks.

◆ MAXIMUM_NUMBER_OF_THREAD_INFORMATION_FOR_TRAPS

#define MAXIMUM_NUMBER_OF_THREAD_INFORMATION_FOR_TRAPS   200

maximum number of thread/process ids to be allocated for a simultaneous debugging

it shows the maximum number of threads/processes that HyperDbg sets trap flag for them

◆ MAXIMUM_REGULAR_INSTANT_EVENTS

#define MAXIMUM_REGULAR_INSTANT_EVENTS   20

Maximum number of (regular) instant events that are pre-allocated.

◆ MAXIMUM_SUPPORTED_SYMBOLS

#define MAXIMUM_SUPPORTED_SYMBOLS   1000

maximum supported modules to load their symbol information

◆ MaximumPacketsCapacity

#define MaximumPacketsCapacity   1000

Default buffer count of packets for message tracing.

number of packets storage for regular buffers

◆ MaximumPacketsCapacityPriority

#define MaximumPacketsCapacityPriority   50

Default buffer count of packets for message tracing.

number of packets storage for priority buffers

◆ MaximumSearchResults

#define MaximumSearchResults   0x1000

maximum results that will be returned by !s* s* command

◆ MaxSerialPacketSize

#define MaxSerialPacketSize   20 * NORMAL_PAGE_SIZE

size of buffer for serial

the maximum packet size for sending over serial

◆ NORMAL_PAGE_SIZE

#define NORMAL_PAGE_SIZE   4096

Size of normal OS (processor) pages.

◆ OPERATION_COMMAND_FROM_DEBUGGER_CLOSE_AND_UNLOAD_VMM

#define OPERATION_COMMAND_FROM_DEBUGGER_CLOSE_AND_UNLOAD_VMM   7U | OPERATION_MANDATORY_DEBUGGEE_BIT

◆ OPERATION_COMMAND_FROM_DEBUGGER_RELOAD_SYMBOL

#define OPERATION_COMMAND_FROM_DEBUGGER_RELOAD_SYMBOL   15U | OPERATION_MANDATORY_DEBUGGEE_BIT

◆ OPERATION_DEBUGGEE_ADD_ACTION_TO_EVENT

#define OPERATION_DEBUGGEE_ADD_ACTION_TO_EVENT   10U | OPERATION_MANDATORY_DEBUGGEE_BIT

◆ OPERATION_DEBUGGEE_CLEAR_EVENTS

#define OPERATION_DEBUGGEE_CLEAR_EVENTS   11U | OPERATION_MANDATORY_DEBUGGEE_BIT

◆ OPERATION_DEBUGGEE_CLEAR_EVENTS_WITHOUT_NOTIFYING_DEBUGGER

#define OPERATION_DEBUGGEE_CLEAR_EVENTS_WITHOUT_NOTIFYING_DEBUGGER   12U | OPERATION_MANDATORY_DEBUGGEE_BIT

◆ OPERATION_DEBUGGEE_REGISTER_EVENT

#define OPERATION_DEBUGGEE_REGISTER_EVENT   9U | OPERATION_MANDATORY_DEBUGGEE_BIT

◆ OPERATION_DEBUGGEE_USER_INPUT

#define OPERATION_DEBUGGEE_USER_INPUT   8U | OPERATION_MANDATORY_DEBUGGEE_BIT

◆ OPERATION_HYPERVISOR_DRIVER_END_OF_IRPS

#define OPERATION_HYPERVISOR_DRIVER_END_OF_IRPS   14U | OPERATION_MANDATORY_DEBUGGEE_BIT

◆ OPERATION_HYPERVISOR_DRIVER_IS_SUCCESSFULLY_LOADED

#define OPERATION_HYPERVISOR_DRIVER_IS_SUCCESSFULLY_LOADED   13U | OPERATION_MANDATORY_DEBUGGEE_BIT

◆ OPERATION_LOG_ERROR_MESSAGE

#define OPERATION_LOG_ERROR_MESSAGE   3U

◆ OPERATION_LOG_INFO_MESSAGE

#define OPERATION_LOG_INFO_MESSAGE   1U

Message logs id that comes from kernel-mode to user-mode.

Message area >= 0x5

◆ OPERATION_LOG_MESSAGE_MANDATORY

#define OPERATION_LOG_MESSAGE_MANDATORY   6U | OPERATION_MANDATORY_DEBUGGEE_BIT

◆ OPERATION_LOG_NON_IMMEDIATE_MESSAGE

#define OPERATION_LOG_NON_IMMEDIATE_MESSAGE   4U

◆ OPERATION_LOG_WARNING_MESSAGE

#define OPERATION_LOG_WARNING_MESSAGE   2U

◆ OPERATION_LOG_WITH_TAG

#define OPERATION_LOG_WITH_TAG   5U

◆ OPERATION_MANDATORY_DEBUGGEE_BIT

#define OPERATION_MANDATORY_DEBUGGEE_BIT   (1 << 31)

If a operation use this bit in its Operation code, then it means that the operation should be performed mandatorily in debuggee and should not be sent to the debugger.

◆ OPERATION_NOTIFICATION_FROM_USER_DEBUGGER_PAUSE

#define OPERATION_NOTIFICATION_FROM_USER_DEBUGGER_PAUSE   16U | OPERATION_MANDATORY_DEBUGGEE_BIT

◆ PacketChunkSize

#define PacketChunkSize   NORMAL_PAGE_SIZE

Size of each packet.

◆ PASSIVE_LEVEL

#define PASSIVE_LEVEL   0

◆ PCID_MASK

#define PCID_MASK   0x003

◆ PCID_NONE

#define PCID_NONE   0x000

PCID Flags.

◆ POOLTAG

#define POOLTAG   0x48444247

Pool tag.

◆ POWER_LEVEL

#define POWER_LEVEL   14

◆ PROFILE_LEVEL

#define PROFILE_LEVEL   15

◆ REG_CR0_AM

#define REG_CR0_AM   0x00040000 /* Alignment Checking (RW) */

◆ REG_CR0_CD

#define REG_CR0_CD   0x40000000 /* Cache Disable (RW) */

◆ REG_CR0_EM

#define REG_CR0_EM   0x00000004 /* Require FPU Emulation (RO) */

◆ REG_CR0_ET

#define REG_CR0_ET   0x00000010 /* Extension type (RO) */

◆ REG_CR0_MP

#define REG_CR0_MP   0x00000002 /* Monitor Coprocessor (RW) */

◆ REG_CR0_NE

#define REG_CR0_NE   0x00000020 /* Numeric Error Reporting (RW) */

◆ REG_CR0_NW

#define REG_CR0_NW   0x20000000 /* Not Write-Through (RW) */

◆ REG_CR0_PE

#define REG_CR0_PE   0x00000001 /* Enable Protected Mode (RW) */

Intel CPU flags in CR0.

◆ REG_CR0_PG

#define REG_CR0_PG   0x80000000 /* Paging */

◆ REG_CR0_TS

#define REG_CR0_TS   0x00000008 /* Task Switched (RW) */

◆ REG_CR0_WP

#define REG_CR0_WP   0x00010000 /* Supervisor Write Protect (RW) */

◆ REG_CR4_DE

#define REG_CR4_DE   0x0008 /* enable debugging extensions */

◆ REG_CR4_MCE

#define REG_CR4_MCE   0x0040 /* Machine check enable */

◆ REG_CR4_OSFXSR

#define REG_CR4_OSFXSR   0x0200 /* enable fast FPU save and restore */

◆ REG_CR4_OSXMMEXCPT

#define REG_CR4_OSXMMEXCPT   0x0400 /* enable unmasked SSE exceptions */

◆ REG_CR4_PAE

#define REG_CR4_PAE   0x0020 /* enable physical address extensions */

◆ REG_CR4_PCE

#define REG_CR4_PCE   0x0100 /* enable performance counters at ipl 3 */

◆ REG_CR4_PGE

#define REG_CR4_PGE   0x0080 /* enable global pages */

◆ REG_CR4_PSE

#define REG_CR4_PSE   0x0010 /* enable page size extensions */

◆ REG_CR4_PVI

#define REG_CR4_PVI   0x0002 /* virtual interrupts flag enable */

◆ REG_CR4_TSD

#define REG_CR4_TSD   0x0004 /* disable time stamp at ipl 3 */

◆ REG_CR4_VME

#define REG_CR4_VME   0x0001 /* enable vm86 extensions */

Intel CPU features in CR4.

◆ REG_CR4_VMXE

#define REG_CR4_VMXE   0x2000 /* enable VMX */

◆ REGULAR_INSTANT_EVENT_ACTION_BUFFER

#define REGULAR_INSTANT_EVENT_ACTION_BUFFER   sizeof(DEBUGGER_EVENT_ACTION) + (PAGE_SIZE * 2)

Pre-allocated size for a regular action + custom code or script buffer.

◆ REGULAR_INSTANT_EVENT_CONDITIONAL_BUFFER

#define REGULAR_INSTANT_EVENT_CONDITIONAL_BUFFER   sizeof(DEBUGGER_EVENT) + 100

Pre-allocated size for a regular event + conditions buffer.

◆ REGULAR_INSTANT_EVENT_REQUESTED_SAFE_BUFFER

#define REGULAR_INSTANT_EVENT_REQUESTED_SAFE_BUFFER   PAGE_SIZE

Pre-allocated size for a regular requested safe buffer.

◆ RESERVED_MSR_RANGE_HI

#define RESERVED_MSR_RANGE_HI   0x400000F0

◆ RESERVED_MSR_RANGE_LOW

#define RESERVED_MSR_RANGE_LOW   0x40000000

Hypervisor reserved range for RDMSR and WRMSR.

◆ SERIAL_END_OF_BUFFER_CHAR_1

#define SERIAL_END_OF_BUFFER_CHAR_1   0x00

characters of the buffer that we set at the end of buffers for serial

◆ SERIAL_END_OF_BUFFER_CHAR_2

#define SERIAL_END_OF_BUFFER_CHAR_2   0x80

◆ SERIAL_END_OF_BUFFER_CHAR_3

#define SERIAL_END_OF_BUFFER_CHAR_3   0xEE

◆ SERIAL_END_OF_BUFFER_CHAR_4

#define SERIAL_END_OF_BUFFER_CHAR_4   0xFF

◆ SERIAL_END_OF_BUFFER_CHARS_COUNT

#define SERIAL_END_OF_BUFFER_CHARS_COUNT   0x4

count of characters for serial end of buffer

◆ STRINGIFY

#define STRINGIFY ( x)
Value:
#x

◆ TCP_END_OF_BUFFER_CHAR_1

#define TCP_END_OF_BUFFER_CHAR_1   0x10

characters of the buffer that we set at the end of buffers for tcp

◆ TCP_END_OF_BUFFER_CHAR_2

#define TCP_END_OF_BUFFER_CHAR_2   0x20

◆ TCP_END_OF_BUFFER_CHAR_3

#define TCP_END_OF_BUFFER_CHAR_3   0x33

◆ TCP_END_OF_BUFFER_CHAR_4

#define TCP_END_OF_BUFFER_CHAR_4   0x44

◆ TCP_END_OF_BUFFER_CHARS_COUNT

#define TCP_END_OF_BUFFER_CHARS_COUNT   0x4

count of characters for tcp end of buffer

◆ TOP_LEVEL_DRIVERS_VMCALL_ENDING_NUMBER

#define TOP_LEVEL_DRIVERS_VMCALL_ENDING_NUMBER   TOP_LEVEL_DRIVERS_VMCALL_STARTING_NUMBER + 0x100

The start number of VMCALL number allowed to be used by top-level drivers.

◆ TOP_LEVEL_DRIVERS_VMCALL_STARTING_NUMBER

#define TOP_LEVEL_DRIVERS_VMCALL_STARTING_NUMBER   0x00000200

The start number of VMCALL number allowed to be used by top-level drivers.

◆ TOSTRING

#define TOSTRING ( x)
Value:
x
Definition 01-expressions-correct.txt:2
#define STRINGIFY(x)
Definition Constants.h:108

◆ TRANSPARENT_EVADE_MASK_ALL

687#define TRANSPARENT_EVADE_MASK_ALL \
688 (TRANSPARENT_EVADE_MASK_SYSCALL_HOOK | TRANSPARENT_EVADE_MASK_CPUID | TRANSPARENT_EVADE_MASK_MSR | TRANSPARENT_EVADE_MASK_TRAP_FLAG)

◆ TRANSPARENT_EVADE_MASK_CPUID

#define TRANSPARENT_EVADE_MASK_CPUID   0x00000002

◆ TRANSPARENT_EVADE_MASK_DEFAULT

#define TRANSPARENT_EVADE_MASK_DEFAULT   TRANSPARENT_EVADE_MASK_ALL

◆ TRANSPARENT_EVADE_MASK_MSR

#define TRANSPARENT_EVADE_MASK_MSR   0x00000004

◆ TRANSPARENT_EVADE_MASK_SYSCALL_HOOK

#define TRANSPARENT_EVADE_MASK_SYSCALL_HOOK   0x00000001

Transparent-mode feature mask.

◆ TRANSPARENT_EVADE_MASK_TRAP_FLAG

#define TRANSPARENT_EVADE_MASK_TRAP_FLAG   0x00000008

◆ UsermodeBufferSize

#define UsermodeBufferSize   sizeof(UINT32) + PacketChunkSize + 1

size of user-mode buffer

Because of operation code at the start of the buffer + 1 for null-termminating

◆ VERSION_MAJOR

#define VERSION_MAJOR   0

◆ VERSION_MINOR

#define VERSION_MINOR   21

◆ VERSION_PATCH

#define VERSION_PATCH   0

◆ X86_FLAGS_AC

#define X86_FLAGS_AC   (1 << 18)

◆ X86_FLAGS_AF

#define X86_FLAGS_AF   (1 << 4)

◆ X86_FLAGS_CF

#define X86_FLAGS_CF   (1 << 0)

EFLAGS/RFLAGS.

◆ X86_FLAGS_DF

#define X86_FLAGS_DF   (1 << 10)

◆ X86_FLAGS_FIXED

#define X86_FLAGS_FIXED   0x00000002

◆ X86_FLAGS_ID

#define X86_FLAGS_ID   (1 << 21)

◆ X86_FLAGS_IF

#define X86_FLAGS_IF   (1 << 9)

◆ X86_FLAGS_IOPL_MASK

#define X86_FLAGS_IOPL_MASK   (3 << 12)

◆ X86_FLAGS_IOPL_SHIFT

#define X86_FLAGS_IOPL_SHIFT   (12)

◆ X86_FLAGS_IOPL_SHIFT_2ND_BIT

#define X86_FLAGS_IOPL_SHIFT_2ND_BIT   (13)

◆ X86_FLAGS_NT

#define X86_FLAGS_NT   (1 << 14)

◆ X86_FLAGS_OF

#define X86_FLAGS_OF   (1 << 11)

◆ X86_FLAGS_PF

#define X86_FLAGS_PF   (1 << 2)

◆ X86_FLAGS_RESERVED

#define X86_FLAGS_RESERVED   0xffc0802a

◆ X86_FLAGS_RESERVED_BITS

#define X86_FLAGS_RESERVED_BITS   0xffc38028

◆ X86_FLAGS_RESERVED_ONES

#define X86_FLAGS_RESERVED_ONES   0x2

◆ X86_FLAGS_RF

#define X86_FLAGS_RF   (1 << 16)

◆ X86_FLAGS_SF

#define X86_FLAGS_SF   (1 << 7)

◆ X86_FLAGS_STATUS_MASK

#define X86_FLAGS_STATUS_MASK   (0xfff)

◆ X86_FLAGS_TF

#define X86_FLAGS_TF   (1 << 8)

◆ X86_FLAGS_VIF

#define X86_FLAGS_VIF   (1 << 19)

◆ X86_FLAGS_VIP

#define X86_FLAGS_VIP   (1 << 20)

◆ X86_FLAGS_VM

#define X86_FLAGS_VM   (1 << 17)

◆ X86_FLAGS_ZF

#define X86_FLAGS_ZF   (1 << 6)

Typedef Documentation

◆ SEGMENT_REGISTERS

Segment selector registers in x86.

Enumeration Type Documentation

◆ _SEGMENT_REGISTERS

Segment selector registers in x86.

Enumerator
ES 
CS 
SS 
DS 
FS 
GS 
LDTR 
TR 
593{
594 ES = 0,
595 CS,
596 SS,
597 DS,
598 FS,
599 GS,
600 LDTR,
601 TR
@ TR
Definition Constants.h:601
@ LDTR
Definition Constants.h:600
@ FS
Definition Constants.h:598
@ ES
Definition Constants.h:594
@ CS
Definition Constants.h:595
@ GS
Definition Constants.h:599
@ DS
Definition Constants.h:597
@ SS
Definition Constants.h:596
enum _SEGMENT_REGISTERS SEGMENT_REGISTERS
Segment selector registers in x86.

Variable Documentation

◆ BuildDateTime

const UCHAR BuildDateTime[]
Initial value:
= {
'-',
'-',
' ',
':',
':',
'\0'}
#define BUILD_YEAR_CH3
Definition Constants.h:33
#define BUILD_YEAR_CH2
Definition Constants.h:32
#define BUILD_HOUR_CH1
Definition Constants.h:74
#define BUILD_MONTH_CH1
Definition Constants.h:51
#define BUILD_YEAR_CH1
Definition Constants.h:31
#define BUILD_MIN_CH0
Definition Constants.h:76
#define BUILD_YEAR_CH0
Definition Constants.h:30
#define BUILD_MIN_CH1
Definition Constants.h:77
#define BUILD_SEC_CH0
Definition Constants.h:79
#define BUILD_DAY_CH0
Definition Constants.h:66
#define BUILD_DAY_CH1
Definition Constants.h:67
#define BUILD_SEC_CH1
Definition Constants.h:80
#define BUILD_HOUR_CH0
Definition Constants.h:73
#define BUILD_MONTH_CH0
Definition Constants.h:48
84 {
89 '-',
92 '-',
95 ' ',
98 ':',
101 ':',
104
105 '\0'};

◆ BuildSignature

const UCHAR BuildSignature[]
Initial value:
= {
'.',
'.',
'-',
'.',
'\0'}
#define VERSION_MAJOR
Definition Constants.h:20
#define VERSION_PATCH
Definition Constants.h:22
#define TOSTRING(x)
Definition Constants.h:109
#define VERSION_MINOR
Definition Constants.h:21
138 {
140 '.',
142 '.',
144 '-',
153 '.',
158
159 '\0'};

◆ BuildVersion

◆ CompleteVersion

const UCHAR CompleteVersion[] = HYPERDBG_COMPLETE_VERSION