HyperDbg Debugger
Loading...
Searching...
No Matches
Constants.h
Go to the documentation of this file.
1
14#pragma once
15
17// Version Information //
19
20#define VERSION_MAJOR 0
21#define VERSION_MINOR 21
22#define VERSION_PATCH 0
23
24#define BETA_VERSION FALSE
25
26//
27// Example of __DATE__ string: "Jul 27 2012"
28// 01234567890
29
30#define BUILD_YEAR_CH0 (__DATE__[7])
31#define BUILD_YEAR_CH1 (__DATE__[8])
32#define BUILD_YEAR_CH2 (__DATE__[9])
33#define BUILD_YEAR_CH3 (__DATE__[10])
34
35#define BUILD_MONTH_IS_JAN (__DATE__[0] == 'J' && __DATE__[1] == 'a' && __DATE__[2] == 'n')
36#define BUILD_MONTH_IS_FEB (__DATE__[0] == 'F')
37#define BUILD_MONTH_IS_MAR (__DATE__[0] == 'M' && __DATE__[1] == 'a' && __DATE__[2] == 'r')
38#define BUILD_MONTH_IS_APR (__DATE__[0] == 'A' && __DATE__[1] == 'p')
39#define BUILD_MONTH_IS_MAY (__DATE__[0] == 'M' && __DATE__[1] == 'a' && __DATE__[2] == 'y')
40#define BUILD_MONTH_IS_JUN (__DATE__[0] == 'J' && __DATE__[1] == 'u' && __DATE__[2] == 'n')
41#define BUILD_MONTH_IS_JUL (__DATE__[0] == 'J' && __DATE__[1] == 'u' && __DATE__[2] == 'l')
42#define BUILD_MONTH_IS_AUG (__DATE__[0] == 'A' && __DATE__[1] == 'u')
43#define BUILD_MONTH_IS_SEP (__DATE__[0] == 'S')
44#define BUILD_MONTH_IS_OCT (__DATE__[0] == 'O')
45#define BUILD_MONTH_IS_NOV (__DATE__[0] == 'N')
46#define BUILD_MONTH_IS_DEC (__DATE__[0] == 'D')
47
48#define BUILD_MONTH_CH0 \
49 ((BUILD_MONTH_IS_OCT || BUILD_MONTH_IS_NOV || BUILD_MONTH_IS_DEC) ? '1' : '0')
50
51#define BUILD_MONTH_CH1 \
52 ( \
53 (BUILD_MONTH_IS_JAN) ? '1' : (BUILD_MONTH_IS_FEB) ? '2' \
54 : (BUILD_MONTH_IS_MAR) ? '3' \
55 : (BUILD_MONTH_IS_APR) ? '4' \
56 : (BUILD_MONTH_IS_MAY) ? '5' \
57 : (BUILD_MONTH_IS_JUN) ? '6' \
58 : (BUILD_MONTH_IS_JUL) ? '7' \
59 : (BUILD_MONTH_IS_AUG) ? '8' \
60 : (BUILD_MONTH_IS_SEP) ? '9' \
61 : (BUILD_MONTH_IS_OCT) ? '0' \
62 : (BUILD_MONTH_IS_NOV) ? '1' \
63 : (BUILD_MONTH_IS_DEC) ? '2' \
64 : /* error default */ '?')
65
66#define BUILD_DAY_CH0 ((__DATE__[4] >= '0') ? (__DATE__[4]) : '0')
67#define BUILD_DAY_CH1 (__DATE__[5])
68
69//
70// Example of __TIME__ string: "21:06:19"
71// 01234567
72
73#define BUILD_HOUR_CH0 (__TIME__[0])
74#define BUILD_HOUR_CH1 (__TIME__[1])
75
76#define BUILD_MIN_CH0 (__TIME__[3])
77#define BUILD_MIN_CH1 (__TIME__[4])
78
79#define BUILD_SEC_CH0 (__TIME__[6])
80#define BUILD_SEC_CH1 (__TIME__[7])
81
82#ifdef __cplusplus // because it's not valid in C
83
89 '-',
92 '-',
95 ' ',
98 ':',
101 ':',
104
105 '\0'};
106
107// Macro to convert a number to a string
108# define STRINGIFY(x) #x
109# define TOSTRING(x) STRINGIFY(x)
110
111// Complete version as a string
112
113# if BETA_VERSION == FALSE
114# define HYPERDBG_COMPLETE_VERSION "v" TOSTRING(VERSION_MAJOR) "." TOSTRING(VERSION_MINOR) "." TOSTRING(VERSION_PATCH) "\0"
115# else
116# define HYPERDBG_COMPLETE_VERSION "v" TOSTRING(VERSION_MAJOR) "." TOSTRING(VERSION_MINOR) "." TOSTRING(VERSION_PATCH) "-beta\0"
117# endif
118
120
137
140 '.',
142 '.',
144 '-',
153 '.',
158
159 '\0'};
160
161#endif
162
164// Message Tracing //
166
171#define MaximumPacketsCapacity 1000
172
177#define MaximumPacketsCapacityPriority 50
178
182#define NORMAL_PAGE_SIZE 4096 // PAGE_SIZE
183
187#define PacketChunkSize NORMAL_PAGE_SIZE
188
195#define UsermodeBufferSize sizeof(UINT32) + PacketChunkSize + 1
196
202#define MaxSerialPacketSize 20 * NORMAL_PAGE_SIZE
203
208#define LogBufferSize \
209 MaximumPacketsCapacity *(PacketChunkSize + sizeof(BUFFER_HEADER))
210
215#define LogBufferSizePriority \
216 MaximumPacketsCapacityPriority *(PacketChunkSize + sizeof(BUFFER_HEADER))
217
223#define DbgPrintLimitation 512
224
230#define DebuggerEventTagStartSeed 0x1000000
231
237#define DebuggerThreadDebuggingTagStartSeed 0x1000000
238
244#define DebuggerOutputSourceTagStartSeed 0x1
245
251#define DebuggerOutputSourceMaximumRemoteSourceForSingleEvent 0x5
252
258#define DebuggerScriptEngineMemcpyMovingBufferSize 64
259
261// EPT Hook //
263
268#define MAXIMUM_NUMBER_OF_INITIAL_PREALLOCATED_EPT_HOOKS 5
269
271// Instant Event Configs //
273
278#define MAXIMUM_REGULAR_INSTANT_EVENTS 20
279
284#define MAXIMUM_BIG_INSTANT_EVENTS 0
285
290#define REGULAR_INSTANT_EVENT_CONDITIONAL_BUFFER sizeof(DEBUGGER_EVENT) + 100
291
296#define BIG_INSTANT_EVENT_CONDITIONAL_BUFFER sizeof(DEBUGGER_EVENT) + PAGE_SIZE
297
302#define REGULAR_INSTANT_EVENT_ACTION_BUFFER sizeof(DEBUGGER_EVENT_ACTION) + (PAGE_SIZE * 2)
303
308#define BIG_INSTANT_EVENT_ACTION_BUFFER sizeof(DEBUGGER_EVENT_ACTION) + MaxSerialPacketSize
309
314#define REGULAR_INSTANT_EVENT_REQUESTED_SAFE_BUFFER PAGE_SIZE
315
320#define BIG_INSTANT_EVENT_REQUESTED_SAFE_BUFFER MaxSerialPacketSize
321
323// Remote Connection //
325
331#define DEFAULT_PORT "50000"
332
338#define COMMUNICATION_BUFFER_SIZE PacketChunkSize + 0x100
339
341// VMCALL Numbers //
343
349#define TOP_LEVEL_DRIVERS_VMCALL_STARTING_NUMBER 0x00000200
350
356#define TOP_LEVEL_DRIVERS_VMCALL_ENDING_NUMBER TOP_LEVEL_DRIVERS_VMCALL_STARTING_NUMBER + 0x100
357
359// Operation Codes //
361
367#define OPERATION_MANDATORY_DEBUGGEE_BIT (1 << 31)
368
374#define OPERATION_LOG_INFO_MESSAGE 1U
375#define OPERATION_LOG_WARNING_MESSAGE 2U
376#define OPERATION_LOG_ERROR_MESSAGE 3U
377#define OPERATION_LOG_NON_IMMEDIATE_MESSAGE 4U
378#define OPERATION_LOG_WITH_TAG 5U
379
380#define OPERATION_LOG_MESSAGE_MANDATORY 6U | OPERATION_MANDATORY_DEBUGGEE_BIT
381#define OPERATION_COMMAND_FROM_DEBUGGER_CLOSE_AND_UNLOAD_VMM 7U | OPERATION_MANDATORY_DEBUGGEE_BIT
382#define OPERATION_DEBUGGEE_USER_INPUT 8U | OPERATION_MANDATORY_DEBUGGEE_BIT
383#define OPERATION_DEBUGGEE_REGISTER_EVENT 9U | OPERATION_MANDATORY_DEBUGGEE_BIT
384#define OPERATION_DEBUGGEE_ADD_ACTION_TO_EVENT 10U | OPERATION_MANDATORY_DEBUGGEE_BIT
385#define OPERATION_DEBUGGEE_CLEAR_EVENTS 11U | OPERATION_MANDATORY_DEBUGGEE_BIT
386#define OPERATION_DEBUGGEE_CLEAR_EVENTS_WITHOUT_NOTIFYING_DEBUGGER 12U | OPERATION_MANDATORY_DEBUGGEE_BIT
387#define OPERATION_HYPERVISOR_DRIVER_IS_SUCCESSFULLY_LOADED 13U | OPERATION_MANDATORY_DEBUGGEE_BIT
388#define OPERATION_HYPERVISOR_DRIVER_END_OF_IRPS 14U | OPERATION_MANDATORY_DEBUGGEE_BIT
389#define OPERATION_COMMAND_FROM_DEBUGGER_RELOAD_SYMBOL 15U | OPERATION_MANDATORY_DEBUGGEE_BIT
390#define OPERATION_NOTIFICATION_FROM_USER_DEBUGGER_PAUSE 16U | OPERATION_MANDATORY_DEBUGGEE_BIT
391
393// Breakpoints & Debug Breakpoints //
395
400#define MAXIMUM_BREAKPOINTS_WITHOUT_CONTINUE 100
401
409#define MAXIMUM_NUMBER_OF_THREAD_INFORMATION_FOR_TRAPS 200
410
412// Pool tags used in HyperDbg //
414
419#define POOLTAG 0x48444247 // [H]yper[DBG] (HDBG)
420
422// End of Buffer Detection //
424
428#define SERIAL_END_OF_BUFFER_CHARS_COUNT 0x4
429
434#define SERIAL_END_OF_BUFFER_CHAR_1 0x00
435#define SERIAL_END_OF_BUFFER_CHAR_2 0x80
436#define SERIAL_END_OF_BUFFER_CHAR_3 0xEE
437#define SERIAL_END_OF_BUFFER_CHAR_4 0xFF
438
442#define TCP_END_OF_BUFFER_CHARS_COUNT 0x4
443
448#define TCP_END_OF_BUFFER_CHAR_1 0x10
449#define TCP_END_OF_BUFFER_CHAR_2 0x20
450#define TCP_END_OF_BUFFER_CHAR_3 0x33
451#define TCP_END_OF_BUFFER_CHAR_4 0x44
452
454// Name of OS //
456
461#define MAXIMUM_CHARACTER_FOR_OS_NAME 256
462
464// Processor Details //
466
470#define MAXIMUM_INSTR_SIZE 16
471
475#define MAXIMUM_CALL_INSTR_SIZE 7
476
478// Symbols Details //
480
485#define MAXIMUM_SUPPORTED_SYMBOLS 1000
486
493#define MAXIMUM_GUID_AND_AGE_SIZE 60
494
496// Debuggee Communication //
498
504#define INDICATOR_OF_HYPERDBG_PACKET \
505 0x4859504552444247 // HYPERDBG = 0x4859504552444247
506
508// Command Details //
510
516#define MaximumSearchResults 0x1000
517
519// Script Engine //
521
526#define X86_FLAGS_CF (1 << 0)
527#define X86_FLAGS_PF (1 << 2)
528#define X86_FLAGS_AF (1 << 4)
529#define X86_FLAGS_ZF (1 << 6)
530#define X86_FLAGS_SF (1 << 7)
531#define X86_FLAGS_TF (1 << 8)
532#define X86_FLAGS_IF (1 << 9)
533#define X86_FLAGS_DF (1 << 10)
534#define X86_FLAGS_OF (1 << 11)
535#define X86_FLAGS_STATUS_MASK (0xfff)
536#define X86_FLAGS_IOPL_MASK (3 << 12)
537#define X86_FLAGS_IOPL_SHIFT (12)
538#define X86_FLAGS_IOPL_SHIFT_2ND_BIT (13)
539#define X86_FLAGS_NT (1 << 14)
540#define X86_FLAGS_RF (1 << 16)
541#define X86_FLAGS_VM (1 << 17)
542#define X86_FLAGS_AC (1 << 18)
543#define X86_FLAGS_VIF (1 << 19)
544#define X86_FLAGS_VIP (1 << 20)
545#define X86_FLAGS_ID (1 << 21)
546#define X86_FLAGS_RESERVED_ONES 0x2
547#define X86_FLAGS_RESERVED 0xffc0802a
548
549#define X86_FLAGS_RESERVED_BITS 0xffc38028
550#define X86_FLAGS_FIXED 0x00000002
551
552#ifndef LOWORD
553# define LOWORD(l) ((WORD)(l))
554#endif // !LOWORD
555
556#ifndef HIWORD
557# define HIWORD(l) ((WORD)(((DWORD)(l) >> 16) & 0xFFFF))
558#endif // !HIWORD
559
560#ifndef LOBYTE
561# define LOBYTE(w) ((BYTE)(w))
562#endif // !LOBYTE
563
564#ifndef HIBYTE
565# define HIBYTE(w) ((BYTE)(((WORD)(w) >> 8) & 0xFF))
566#endif // !HIBYTE
567
571#define MAX_STACK_BUFFER_COUNT 256
572
576#define MAX_EXECUTION_COUNT 1000000
577
578// TODO: Extract number of variables from input of ScriptEngine
579// and allocate variableList Dynamically.
580#define MAX_VAR_COUNT 512
581
582#define MAX_FUNCTION_NAME_LENGTH 32
583
585// Debugger //
587
603
604/*
605 * @brief Windows IRQ Levels
606 */
607#define PASSIVE_LEVEL 0 // Passive release level
608#define LOW_LEVEL 0 // Lowest interrupt level
609#define APC_LEVEL 1 // APC interrupt level
610#define DISPATCH_LEVEL 2 // Dispatcher level
611#define CMCI_LEVEL 5 // CMCI handler level
612#define CLOCK_LEVEL 13 // Interval clock level
613#define IPI_LEVEL 14 // Interprocessor interrupt level
614#define DRS_LEVEL 14 // Deferred Recovery Service level
615#define POWER_LEVEL 14 // Power failure level
616#define PROFILE_LEVEL 15 // timer used for profiling.
617#define HIGH_LEVEL 15 // Highest interrupt level
618
622#define REG_CR0_PE 0x00000001 /* Enable Protected Mode (RW) */
623#define REG_CR0_MP 0x00000002 /* Monitor Coprocessor (RW) */
624#define REG_CR0_EM 0x00000004 /* Require FPU Emulation (RO) */
625#define REG_CR0_TS 0x00000008 /* Task Switched (RW) */
626#define REG_CR0_ET 0x00000010 /* Extension type (RO) */
627#define REG_CR0_NE 0x00000020 /* Numeric Error Reporting (RW) */
628#define REG_CR0_WP 0x00010000 /* Supervisor Write Protect (RW) */
629#define REG_CR0_AM 0x00040000 /* Alignment Checking (RW) */
630#define REG_CR0_NW 0x20000000 /* Not Write-Through (RW) */
631#define REG_CR0_CD 0x40000000 /* Cache Disable (RW) */
632#define REG_CR0_PG 0x80000000 /* Paging */
633
638#define REG_CR4_VME 0x0001 /* enable vm86 extensions */
639#define REG_CR4_PVI 0x0002 /* virtual interrupts flag enable */
640#define REG_CR4_TSD 0x0004 /* disable time stamp at ipl 3 */
641#define REG_CR4_DE 0x0008 /* enable debugging extensions */
642#define REG_CR4_PSE 0x0010 /* enable page size extensions */
643#define REG_CR4_PAE 0x0020 /* enable physical address extensions */
644#define REG_CR4_MCE 0x0040 /* Machine check enable */
645#define REG_CR4_PGE 0x0080 /* enable global pages */
646#define REG_CR4_PCE 0x0100 /* enable performance counters at ipl 3 */
647#define REG_CR4_OSFXSR 0x0200 /* enable fast FPU save and restore */
648#define REG_CR4_OSXMMEXCPT 0x0400 /* enable unmasked SSE exceptions */
649#define REG_CR4_VMXE 0x2000 /* enable VMX */
650
651/*
652 * @brief Segment register and corresponding GDT meaning in Windows
653 */
654#define KGDT64_NULL (0 * 16) // NULL descriptor
655#define KGDT64_R0_CODE (1 * 16) // kernel mode 64-bit code
656#define KGDT64_R0_DATA (1 * 16) + 8 // kernel mode 64-bit data (stack)
657#define KGDT64_R3_CMCODE (2 * 16) // user mode 32-bit code
658#define KGDT64_R3_DATA (2 * 16) + 8 // user mode 32-bit data
659#define KGDT64_R3_CODE (3 * 16) // user mode 64-bit code
660#define KGDT64_SYS_TSS (4 * 16) // kernel mode system task state
661#define KGDT64_R3_CMTEB (5 * 16) // user mode 32-bit TEB
662#define KGDT64_R0_CMCODE (6 * 16) // kernel mode 32-bit code
663#define KGDT64_LAST (7 * 16) // last entry
664
669#define PCID_NONE 0x000
670#define PCID_MASK 0x003
671
676#define CPUID_HV_VENDOR_AND_MAX_FUNCTIONS 0x40000000
677#define CPUID_HV_INTERFACE 0x40000001
678
683#define TRANSPARENT_EVADE_MASK_SYSCALL_HOOK 0x00000001
684#define TRANSPARENT_EVADE_MASK_CPUID 0x00000002
685#define TRANSPARENT_EVADE_MASK_MSR 0x00000004
686#define TRANSPARENT_EVADE_MASK_TRAP_FLAG 0x00000008
687#define TRANSPARENT_EVADE_MASK_ALL \
688 (TRANSPARENT_EVADE_MASK_SYSCALL_HOOK | TRANSPARENT_EVADE_MASK_CPUID | TRANSPARENT_EVADE_MASK_MSR | TRANSPARENT_EVADE_MASK_TRAP_FLAG)
689#define TRANSPARENT_EVADE_MASK_DEFAULT TRANSPARENT_EVADE_MASK_ALL
690
695#define CPUID_ADDR_WIDTH 0x80000008
696
701#define CPUID_PROCESSOR_AND_PROCESSOR_FEATURE_IDENTIFIERS 0x00000001
702
707#define RESERVED_MSR_RANGE_LOW 0x40000000
708#define RESERVED_MSR_RANGE_HI 0x400000F0
709
714#define DEBUGGER_MODIFY_EVENTS_APPLY_TO_ALL_TAG 0xffffffffffffffff
715
721#define DISASSEMBLY_MAXIMUM_DISTANCE_FROM_OBJECT_NAME 0xffff
722
727#define DEBUGGER_READ_AND_WRITE_ON_MSR_APPLY_ALL_CORES 0xffffffff
728
733#define DEBUGGER_DEBUGGEE_IS_RUNNING_NO_CORE 0xffffffff
734
739#define DEBUGGER_EVENT_APPLY_TO_ALL_CORES 0xffffffff
740
745#define DEBUGGER_EVENT_APPLY_TO_ALL_PROCESSES 0xffffffff
746
751#define DEBUGGER_EVENT_MSR_READ_OR_WRITE_ALL_MSRS 0xffffffff
752
757#define DEBUGGER_EVENT_EXCEPTIONS_ALL_FIRST_32_ENTRIES 0xffffffff
758
763#define DEBUGGER_EVENT_SYSCALL_ALL_SYSRET_OR_SYSCALLS 0xffffffff
764
769#define DEBUGGER_EVENT_ALL_IO_PORTS 0xffffffff
770
775#define DEBUGGEE_BP_APPLY_TO_ALL_CORES 0xffffffff
776
781#define DEBUGGEE_BP_APPLY_TO_ALL_PROCESSES 0xffffffff
782
787#define DEBUGGEE_BP_APPLY_TO_ALL_THREADS 0xffffffff
788
793#define DEBUGGEE_SHOW_ALL_REGISTERS 0xffffffff
unsigned char UCHAR
Definition BasicTypes.h:34
#define BUILD_YEAR_CH3
Definition Constants.h:33
#define BUILD_YEAR_CH2
Definition Constants.h:32
#define BUILD_HOUR_CH1
Definition Constants.h:74
#define BUILD_MONTH_CH1
Definition Constants.h:51
#define BUILD_YEAR_CH1
Definition Constants.h:31
#define VERSION_MAJOR
Definition Constants.h:20
#define BUILD_MIN_CH0
Definition Constants.h:76
#define BUILD_YEAR_CH0
Definition Constants.h:30
#define BUILD_MIN_CH1
Definition Constants.h:77
#define BUILD_SEC_CH0
Definition Constants.h:79
const UCHAR BuildVersion[]
Definition Constants.h:121
const UCHAR BuildDateTime[]
Definition Constants.h:84
#define BUILD_DAY_CH0
Definition Constants.h:66
_SEGMENT_REGISTERS
Segment selector registers in x86.
Definition Constants.h:593
@ TR
Definition Constants.h:601
@ LDTR
Definition Constants.h:600
@ FS
Definition Constants.h:598
@ ES
Definition Constants.h:594
@ CS
Definition Constants.h:595
@ GS
Definition Constants.h:599
@ DS
Definition Constants.h:597
@ SS
Definition Constants.h:596
const UCHAR BuildSignature[]
Definition Constants.h:138
enum _SEGMENT_REGISTERS SEGMENT_REGISTERS
Segment selector registers in x86.
#define VERSION_PATCH
Definition Constants.h:22
#define TOSTRING(x)
Definition Constants.h:109
#define BUILD_DAY_CH1
Definition Constants.h:67
#define BUILD_SEC_CH1
Definition Constants.h:80
#define HYPERDBG_COMPLETE_VERSION
Definition Constants.h:114
#define BUILD_HOUR_CH0
Definition Constants.h:73
const UCHAR CompleteVersion[]
Definition Constants.h:119
#define VERSION_MINOR
Definition Constants.h:21
#define BUILD_MONTH_CH0
Definition Constants.h:48