|
HyperDbg Debugger
|
HyperDbg's SDK Headers Request Packets. More...
#include "Pcie.h"Go to the source code of this file.
Classes | |
| struct | _DEBUGGER_INIT_VMM_PACKET |
| request for initializing VMM More... | |
| struct | _DEBUGGER_INIT_HYPERTRACE_PACKET |
| request for initializing HyperTrace More... | |
| struct | _DEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS |
| request for !pte command More... | |
| struct | _DEBUGGER_VA2PA_AND_PA2VA_COMMANDS |
| requests for !va2pa and !pa2va commands More... | |
| struct | _DEBUGGER_PAGE_IN_REQUEST |
| requests for the '.pagein' command More... | |
| struct | _REVERSING_MACHINE_RECONSTRUCT_MEMORY_REQUEST |
| requests for !rev command More... | |
| struct | _DEBUGGER_DT_COMMAND_OPTIONS |
| requests options for dt and struct command More... | |
| struct | _DEBUGGER_PREALLOC_COMMAND |
| requests for the 'prealloc' command More... | |
| struct | _DEBUGGER_PREACTIVATE_COMMAND |
| requests for the 'preactivate' command More... | |
| struct | _DEBUGGER_READ_MEMORY |
| request for reading virtual and physical memory More... | |
| struct | _DEBUGGER_FLUSH_LOGGING_BUFFERS |
| request for flushing buffers More... | |
| struct | _DEBUGGER_DEBUGGER_TEST_QUERY_BUFFER |
| request for test query buffers More... | |
| struct | _DEBUGGER_PERFORM_KERNEL_TESTS |
| request performing kernel tests More... | |
| struct | _DEBUGGER_SEND_COMMAND_EXECUTION_FINISHED_SIGNAL |
| request for send a signal that command execution finished More... | |
| struct | _DEBUGGEE_SEND_GENERAL_PACKET_FROM_DEBUGGEE_TO_DEBUGGER |
| request for send general packets from debuggee to debugger More... | |
| struct | _DEBUGGER_SEND_USERMODE_MESSAGES_TO_DEBUGGER |
| request for send a user-mode message to debugger More... | |
| struct | _DEBUGGER_READ_AND_WRITE_ON_MSR |
| request to read or write on MSRs More... | |
| struct | _DEBUGGER_EDIT_MEMORY |
| request for edit virtual and physical memory More... | |
| struct | _DEBUGGER_SEARCH_MEMORY |
| request for searching memory More... | |
| struct | _SYSTEM_CALL_NUMBERS_INFORMATION |
| Windows System call values that are intercepted by transparency mode. More... | |
| struct | _DEBUGGER_HIDE_AND_TRANSPARENT_DEBUGGER_MODE |
| request for enable or disable transparent-mode More... | |
| struct | _DEBUGGER_PREPARE_DEBUGGEE |
| request to make this computer to a debuggee More... | |
| struct | _DEBUGGEE_CHANGE_CORE_PACKET |
| The structure of changing core packet in HyperDbg. More... | |
| struct | _DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS |
| request for attaching user-mode process More... | |
| struct | _DEBUGGEE_PROCESS_LIST_NEEDED_DETAILS |
| The structure of needed information to get the details of the process from nt!_EPROCESS and location of needed variables. More... | |
| struct | _DEBUGGEE_THREAD_LIST_NEEDED_DETAILS |
| The structure of needed information to get the details of the thread from nt!_ETHREAD and location of needed variables. More... | |
| struct | _DEBUGGEE_PROCESS_LIST_DETAILS_ENTRY |
| The structure showing list of processes (details of each entry). More... | |
| struct | _DEBUGGEE_THREAD_LIST_DETAILS_ENTRY |
| The structure showing list of threads (details of each entry). More... | |
| struct | _DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS |
| request for query count of active processes and threads More... | |
| struct | _DEBUGGER_SINGLE_CALLSTACK_FRAME |
| The structure for saving the callstack frame of one parameter. More... | |
| struct | _DEBUGGER_CALLSTACK_REQUEST |
| request for callstack frames More... | |
| struct | _USERMODE_DEBUGGING_THREAD_OR_PROCESS_STATE_DETAILS |
| struct | _DEBUGGER_EVENT_ACTION_RUN_SCRIPT_CONFIGURATION |
| Used for run the script. More... | |
| struct | _DEBUGGER_EVENT_REQUEST_BUFFER |
| used in the case of requesting a "request buffer" More... | |
| struct | _DEBUGGER_EVENT_REQUEST_CUSTOM_CODE |
| used in the case of custom code requests to the debugger More... | |
| struct | _DEBUGGER_UD_COMMAND_ACTION |
| Description of user-mode debugging actions. More... | |
| struct | _DEBUGGER_UD_COMMAND_PACKET |
| The structure of command packet in uHyperDbg. More... | |
| struct | _DEBUGGEE_DETAILS_AND_SWITCH_PROCESS_PACKET |
| The structure of changing process and show process packet in HyperDbg. More... | |
| struct | _DEBUGGEE_DETAILS_AND_SWITCH_THREAD_PACKET |
| The structure of changing thead and show thread packet in HyperDbg. More... | |
| struct | _DEBUGGEE_STEP_PACKET |
| The structure of stepping packet in HyperDbg. More... | |
| struct | _DEBUGGER_APIC_REQUEST |
| The structure of actions for APIC. More... | |
| struct | _LAPIC_PAGE |
| LAPIC structure and offsets. More... | |
| struct | _IO_APIC_ENTRY_PACKETS |
| The structure of I/O APIC result packet in HyperDbg. More... | |
| struct | _SMI_OPERATION_PACKETS |
| The structure of I/O APIC result packet in HyperDbg. More... | |
| struct | _HYPERTRACE_LBR_OPERATION_PACKETS |
| The structure of HyperTrace LBR result packet in HyperDbg. More... | |
| struct | _HYPERTRACE_LBR_DUMP_PACKETS |
| The structure of HyperTrace LBR dump result packet in HyperDbg. More... | |
| struct | _HYPERTRACE_PT_OPERATION_PACKETS |
| The structure of HyperTrace PT result packet in HyperDbg. More... | |
| struct | _HYPERTRACE_PT_MMAP_PACKETS |
| Result packet for the HyperTrace PT mmap surface. More... | |
| struct | _INTERRUPT_DESCRIPTOR_TABLE_ENTRIES_PACKETS |
| The structure of IDT entries result packet in HyperDbg. More... | |
| struct | _DEBUGGEE_FORMATS_PACKET |
| check so the INTERRUPT_DESCRIPTOR_TABLE_ENTRIES_PACKETS should be smaller than packet size More... | |
| struct | _DEBUGGEE_SYMBOL_REQUEST_PACKET |
| The structure of .sym reload packet in HyperDbg. More... | |
| struct | _DEBUGGEE_BP_PACKET |
| The structure of bp command packet in HyperDbg. More... | |
| struct | _DEBUGGEE_BP_LIST_OR_MODIFY_PACKET |
| The structure of breakpoint modification requests packet in HyperDbg. More... | |
| struct | _DEBUGGEE_SCRIPT_PACKET |
| The structure of script packet in HyperDbg. More... | |
| struct | _DEBUGGEE_RESULT_OF_SEARCH_PACKET |
| The structure of result of search packet in HyperDbg. More... | |
| struct | _DEBUGGEE_REGISTER_READ_DESCRIPTION |
| Register Descriptor Structure to use in r command. More... | |
| struct | _DEBUGGEE_REGISTER_WRITE_DESCRIPTION |
| Register Descriptor Structure to write on registers. More... | |
| struct | _DEBUGGEE_PCITREE_REQUEST_RESPONSE_PACKET |
| Pcitree Request-Response Packet. Represents PCI device tree. More... | |
| struct | _DEBUGGEE_PCIDEVINFO_REQUEST_RESPONSE_PACKET |
| PCI device info Request-Response Packet, used by !pcicam and future PCI-related commands. Represents a PCI device. More... | |
HyperDbg's SDK Headers Request Packets.
This file contains definitions of request packets (enums, structs)
| #define DEBUGGER_REMOTE_TRACKING_DEFAULT_COUNT_OF_STEPPING 0xffffffff |
default number of instructions used in tracking and stepping
| #define HYPERTRACE_LBR_DUMP_ALL_CORES 0xffffffff |
In the case of dumping all cores, this value is used to specify that all cores should be dumped.
| #define LAPIC_LVT_DELIVERY_MODE_EXT_INT (7UL << 8) |
| #define LAPIC_LVT_FLAG_ENTRY_MASKED (1UL << 16) |
| #define LAPIC_SIZE 0x400 |
LAPIC structure size.
| #define LAPIC_SVR_FLAG_SW_ENABLE (1UL << 8) |
| #define MAX_NUMBER_OF_IDT_ENTRIES 256 |
Maximum number of IDT entries.
| #define MAX_NUMBER_OF_IO_APIC_ENTRIES 400 |
Maximum number of I/O APIC entries.
Usually 256 entries are enough (but we allocate 400 for systems with more I/O APIC entries) We're not gonna make the packet bigger than it's needed
| #define SIZEOF_DEBUGGEE_BP_PACKET sizeof(DEBUGGEE_BP_PACKET) |
Debugger size of DEBUGGEE_BP_PACKET.
| #define SIZEOF_DEBUGGEE_DETAILS_AND_SWITCH_PROCESS_PACKET sizeof(DEBUGGEE_DETAILS_AND_SWITCH_PROCESS_PACKET) |
Debugger size of DEBUGGEE_DETAILS_AND_SWITCH_PROCESS_PACKET.
| #define SIZEOF_DEBUGGEE_DETAILS_AND_SWITCH_THREAD_PACKET sizeof(DEBUGGEE_DETAILS_AND_SWITCH_THREAD_PACKET) |
Debugger size of DEBUGGEE_DETAILS_AND_SWITCH_THREAD_PACKET.
| #define SIZEOF_DEBUGGEE_PCIDEVINFO_REQUEST_RESPONSE_PACKET sizeof(DEBUGGEE_PCIDEVINFO_REQUEST_RESPONSE_PACKET) |
check so the DEBUGGEE_PCITREE_REQUEST_RESPONSE_PACKET should be smaller than packet size
| #define SIZEOF_DEBUGGEE_PCITREE_REQUEST_RESPONSE_PACKET sizeof(DEBUGGEE_PCITREE_REQUEST_RESPONSE_PACKET) |
| #define SIZEOF_DEBUGGEE_SEND_GENERAL_PACKET_FROM_DEBUGGEE_TO_DEBUGGER sizeof(DEBUGGEE_SEND_GENERAL_PACKET_FROM_DEBUGGEE_TO_DEBUGGER) |
| #define SIZEOF_DEBUGGER_APIC_REQUEST sizeof(DEBUGGER_APIC_REQUEST) |
Debugger size of DEBUGGER_APIC_REQUEST.
| #define SIZEOF_DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS sizeof(DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS) |
| #define SIZEOF_DEBUGGER_CALLSTACK_REQUEST sizeof(DEBUGGER_CALLSTACK_REQUEST) |
| #define SIZEOF_DEBUGGER_DT_COMMAND_OPTIONS sizeof(DEBUGGER_DT_COMMAND_OPTIONS) |
| #define SIZEOF_DEBUGGER_EDIT_MEMORY sizeof(DEBUGGER_EDIT_MEMORY) |
| #define SIZEOF_DEBUGGER_FLUSH_LOGGING_BUFFERS sizeof(DEBUGGER_FLUSH_LOGGING_BUFFERS) |
| #define SIZEOF_DEBUGGER_HIDE_AND_TRANSPARENT_DEBUGGER_MODE sizeof(DEBUGGER_HIDE_AND_TRANSPARENT_DEBUGGER_MODE) |
| #define SIZEOF_DEBUGGER_INIT_HYPERTRACE_PACKET sizeof(DEBUGGER_INIT_HYPERTRACE_PACKET) |
| #define SIZEOF_DEBUGGER_INIT_VMM_PACKET sizeof(DEBUGGER_INIT_VMM_PACKET) |
| #define SIZEOF_DEBUGGER_PAGE_IN_REQUEST sizeof(DEBUGGER_PAGE_IN_REQUEST) |
| #define SIZEOF_DEBUGGER_PERFORM_KERNEL_TESTS sizeof(DEBUGGER_PERFORM_KERNEL_TESTS) |
| #define SIZEOF_DEBUGGER_PREACTIVATE_COMMAND sizeof(DEBUGGER_PREACTIVATE_COMMAND) |
| #define SIZEOF_DEBUGGER_PREALLOC_COMMAND sizeof(DEBUGGER_PREALLOC_COMMAND) |
| #define SIZEOF_DEBUGGER_PREPARE_DEBUGGEE sizeof(DEBUGGER_PREPARE_DEBUGGEE) |
| #define SIZEOF_DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS sizeof(DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS) |
| #define SIZEOF_DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS sizeof(DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS) |
| #define SIZEOF_DEBUGGER_READ_AND_WRITE_ON_MSR sizeof(DEBUGGER_READ_AND_WRITE_ON_MSR) |
| #define SIZEOF_DEBUGGER_READ_AND_WRITE_ON_MSR sizeof(DEBUGGER_READ_AND_WRITE_ON_MSR) |
| #define SIZEOF_DEBUGGER_READ_MEMORY sizeof(DEBUGGER_READ_MEMORY) |
| #define SIZEOF_DEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS sizeof(DEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS) |
| #define SIZEOF_DEBUGGER_SEARCH_MEMORY sizeof(DEBUGGER_SEARCH_MEMORY) |
| #define SIZEOF_DEBUGGER_SEND_COMMAND_EXECUTION_FINISHED_SIGNAL sizeof(DEBUGGER_SEND_COMMAND_EXECUTION_FINISHED_SIGNAL) |
| #define SIZEOF_DEBUGGER_SEND_USERMODE_MESSAGES_TO_DEBUGGER sizeof(DEBUGGER_SEND_USERMODE_MESSAGES_TO_DEBUGGER) |
| #define SIZEOF_DEBUGGER_TEST_QUERY_BUFFER sizeof(DEBUGGER_TEST_QUERY_BUFFER) |
| #define SIZEOF_DEBUGGER_UD_COMMAND_PACKET sizeof(DEBUGGER_UD_COMMAND_PACKET) |
| #define SIZEOF_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS sizeof(DEBUGGER_VA2PA_AND_PA2VA_COMMANDS) |
| #define SIZEOF_HYPERTRACE_LBR_DUMP_PACKETS sizeof(HYPERTRACE_LBR_DUMP_PACKETS) |
Debugger size of HYPERTRACE_LBR_DUMP_PACKETS.
| #define SIZEOF_HYPERTRACE_LBR_OPERATION_PACKETS sizeof(HYPERTRACE_LBR_OPERATION_PACKETS) |
Debugger size of HYPERTRACE_LBR_OPERATION_PACKETS.
| #define SIZEOF_HYPERTRACE_PT_MMAP_PACKETS sizeof(HYPERTRACE_PT_MMAP_PACKETS) |
Debugger size of HYPERTRACE_PT_MMAP_PACKETS.
| #define SIZEOF_HYPERTRACE_PT_OPERATION_PACKETS sizeof(HYPERTRACE_PT_OPERATION_PACKETS) |
Debugger size of HYPERTRACE_PT_OPERATION_PACKETS.
| #define SIZEOF_INTERRUPT_DESCRIPTOR_TABLE_ENTRIES_PACKETS sizeof(INTERRUPT_DESCRIPTOR_TABLE_ENTRIES_PACKETS) |
Debugger size of INTERRUPT_DESCRIPTOR_TABLE_ENTRIES_PACKETS.
| #define SIZEOF_REVERSING_MACHINE_RECONSTRUCT_MEMORY_REQUEST sizeof(REVERSING_MACHINE_RECONSTRUCT_MEMORY_REQUEST) |
| #define SIZEOF_SMI_OPERATION_PACKETS sizeof(SMI_OPERATION_PACKETS) |
Debugger size of SMI_OPERATION_PACKETS.
| #define SIZEOF_USERMODE_DEBUGGING_THREAD_OR_PROCESS_STATE_DETAILS sizeof(USERMODE_DEBUGGING_THREAD_OR_PROCESS_STATE_DETAILS) |
The structure of breakpoint modification requests packet in HyperDbg.
| typedef struct _DEBUGGEE_BP_PACKET DEBUGGEE_BP_PACKET |
The structure of bp command packet in HyperDbg.
breakpoint modification types
| typedef struct _DEBUGGEE_CHANGE_CORE_PACKET DEBUGGEE_CHANGE_CORE_PACKET |
The structure of changing core packet in HyperDbg.
| typedef struct _DEBUGGEE_DETAILS_AND_SWITCH_PROCESS_PACKET DEBUGGEE_DETAILS_AND_SWITCH_PROCESS_PACKET |
The structure of changing process and show process packet in HyperDbg.
Debugger process switch and process details.
The structure of changing thead and show thread packet in HyperDbg.
Debugger thread switch and thread details.
| typedef struct _DEBUGGEE_FORMATS_PACKET DEBUGGEE_FORMATS_PACKET |
check so the INTERRUPT_DESCRIPTOR_TABLE_ENTRIES_PACKETS should be smaller than packet size
The structure of .formats result packet in HyperDbg
| typedef struct _DEBUGGEE_PCIDEVINFO_REQUEST_RESPONSE_PACKET DEBUGGEE_PCIDEVINFO_REQUEST_RESPONSE_PACKET |
PCI device info Request-Response Packet, used by !pcicam and future PCI-related commands. Represents a PCI device.
Pcitree Request-Response Packet. Represents PCI device tree.
The structure showing list of processes (details of each entry).
The structure of needed information to get the details of the process from nt!_EPROCESS and location of needed variables.
Register Descriptor Structure to use in r command.
Register Descriptor Structure to write on registers.
The structure of result of search packet in HyperDbg.
| typedef struct _DEBUGGEE_SCRIPT_PACKET DEBUGGEE_SCRIPT_PACKET |
The structure of script packet in HyperDbg.
| typedef struct _DEBUGGEE_SEND_GENERAL_PACKET_FROM_DEBUGGEE_TO_DEBUGGER DEBUGGEE_SEND_GENERAL_PACKET_FROM_DEBUGGEE_TO_DEBUGGER |
request for send general packets from debuggee to debugger
| typedef struct _DEBUGGEE_STEP_PACKET DEBUGGEE_STEP_PACKET |
The structure of stepping packet in HyperDbg.
| typedef struct _DEBUGGEE_SYMBOL_REQUEST_PACKET DEBUGGEE_SYMBOL_REQUEST_PACKET |
The structure of .sym reload packet in HyperDbg.
The structure showing list of threads (details of each entry).
The structure of needed information to get the details of the thread from nt!_ETHREAD and location of needed variables.
| typedef struct _DEBUGGER_APIC_REQUEST DEBUGGER_APIC_REQUEST |
The structure of actions for APIC.
| typedef enum _DEBUGGER_APIC_REQUEST_TYPE DEBUGGER_APIC_REQUEST_TYPE |
Perform actions related to APIC.
request for attaching user-mode process
| typedef enum _DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS_ACTION_TYPE DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS_ACTION_TYPE |
different actions of switchings
callstack showing method
| typedef struct _DEBUGGER_CALLSTACK_REQUEST DEBUGGER_CALLSTACK_REQUEST |
request for callstack frames
Whether a jump is taken or not taken.
request for test query buffers
| typedef struct _DEBUGGER_DT_COMMAND_OPTIONS DEBUGGER_DT_COMMAND_OPTIONS |
requests options for dt and struct command
| typedef struct _DEBUGGER_EDIT_MEMORY DEBUGGER_EDIT_MEMORY |
request for edit virtual and physical memory
size of editing memory
| typedef enum _DEBUGGER_EDIT_MEMORY_TYPE DEBUGGER_EDIT_MEMORY_TYPE |
different type of addresses for editing memory
| typedef struct _DEBUGGER_EVENT_ACTION_RUN_SCRIPT_CONFIGURATION DEBUGGER_EVENT_ACTION_RUN_SCRIPT_CONFIGURATION |
Used for run the script.
| typedef struct _DEBUGGER_EVENT_REQUEST_BUFFER DEBUGGER_EVENT_REQUEST_BUFFER |
used in the case of requesting a "request buffer"
used in the case of custom code requests to the debugger
| typedef struct _DEBUGGER_FLUSH_LOGGING_BUFFERS DEBUGGER_FLUSH_LOGGING_BUFFERS |
request for flushing buffers
| typedef struct _DEBUGGER_HIDE_AND_TRANSPARENT_DEBUGGER_MODE DEBUGGER_HIDE_AND_TRANSPARENT_DEBUGGER_MODE |
request for enable or disable transparent-mode
| typedef struct _DEBUGGER_INIT_HYPERTRACE_PACKET DEBUGGER_INIT_HYPERTRACE_PACKET |
request for initializing HyperTrace
| typedef struct _DEBUGGER_INIT_VMM_PACKET DEBUGGER_INIT_VMM_PACKET |
request for initializing VMM
| typedef enum _DEBUGGER_MSR_ACTION_TYPE DEBUGGER_MSR_ACTION_TYPE |
different types of actions on MSRs
| typedef struct _DEBUGGER_PAGE_IN_REQUEST DEBUGGER_PAGE_IN_REQUEST |
requests for the '.pagein' command
| typedef struct _DEBUGGER_PERFORM_KERNEL_TESTS DEBUGGER_PERFORM_KERNEL_TESTS |
request performing kernel tests
| typedef struct _DEBUGGER_PREACTIVATE_COMMAND DEBUGGER_PREACTIVATE_COMMAND |
requests for the 'preactivate' command
different types of preactivate requests
| typedef struct _DEBUGGER_PREALLOC_COMMAND DEBUGGER_PREALLOC_COMMAND |
requests for the 'prealloc' command
different types of prealloc requests
| typedef struct _DEBUGGER_PREPARE_DEBUGGEE DEBUGGER_PREPARE_DEBUGGEE |
request to make this computer to a debuggee
| typedef struct _DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS |
request for query count of active processes and threads
| typedef enum _DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS_ACTIONS DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS_ACTIONS |
different actions on showing or querying list of process or threads
| typedef enum _DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS_TYPES DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS_TYPES |
different type of process or thread queries
| typedef struct _DEBUGGER_READ_AND_WRITE_ON_MSR DEBUGGER_READ_AND_WRITE_ON_MSR |
request to read or write on MSRs
| typedef struct _DEBUGGER_READ_MEMORY DEBUGGER_READ_MEMORY |
request for reading virtual and physical memory
different address mode
| typedef enum _DEBUGGER_READ_MEMORY_TYPE DEBUGGER_READ_MEMORY_TYPE |
different type of addresses
request for !pte command
| typedef enum _DEBUGGER_READ_READING_TYPE DEBUGGER_READ_READING_TYPE |
different types of reading memory
stepping and tracking types
| typedef struct _DEBUGGER_SEARCH_MEMORY DEBUGGER_SEARCH_MEMORY |
request for searching memory
different sizes on searching memory
| typedef enum _DEBUGGER_SEARCH_MEMORY_TYPE DEBUGGER_SEARCH_MEMORY_TYPE |
different types of address for searching on memory
| typedef struct _DEBUGGER_SEND_COMMAND_EXECUTION_FINISHED_SIGNAL DEBUGGER_SEND_COMMAND_EXECUTION_FINISHED_SIGNAL |
request for send a signal that command execution finished
| typedef struct _DEBUGGER_SEND_USERMODE_MESSAGES_TO_DEBUGGER DEBUGGER_SEND_USERMODE_MESSAGES_TO_DEBUGGER |
request for send a user-mode message to debugger
| typedef enum _DEBUGGER_SHOW_MEMORY_STYLE DEBUGGER_SHOW_MEMORY_STYLE |
the way that debugger should show the details of memory or disassemble them
| typedef struct _DEBUGGER_SINGLE_CALLSTACK_FRAME DEBUGGER_SINGLE_CALLSTACK_FRAME |
The structure for saving the callstack frame of one parameter.
| typedef enum _DEBUGGER_TEST_QUERY_STATE DEBUGGER_TEST_QUERY_STATE |
test query used for test purposed
| typedef struct _DEBUGGER_UD_COMMAND_ACTION DEBUGGER_UD_COMMAND_ACTION |
Description of user-mode debugging actions.
User-mode debugging actions.
| typedef struct _DEBUGGER_UD_COMMAND_PACKET DEBUGGER_UD_COMMAND_PACKET |
The structure of command packet in uHyperDbg.
requests for !va2pa and !pa2va commands
| typedef struct _HYPERTRACE_LBR_DUMP_PACKETS HYPERTRACE_LBR_DUMP_PACKETS |
The structure of HyperTrace LBR dump result packet in HyperDbg.
The structure of HyperTrace LBR result packet in HyperDbg.
Perform actions related to HyperTrace for LBR.
| typedef struct _HYPERTRACE_PT_MMAP_PACKETS HYPERTRACE_PT_MMAP_PACKETS |
Result packet for the HyperTrace PT mmap surface.
On success KernelStatus is DEBUGGER_OPERATION_WAS_SUCCESSFUL,
NumCpus gives the number of CPUs that were mapped, and
Cpus[0..NumCpus) hand back a single { UserVa, Size } per CPU.
Each Size covers the main output buffer immediately followed
by the 4 KB overflow page as one contiguous byte stream.
Mapping contract (cooperative single-process):
- The IOCTL maps into the address space of the process that
calls DeviceIoControl. The returned user VAs are not
portable across processes.
- Mapping is tied to the PT enable cycle. PT disable / flush
tears the mapping down; the caller must not touch the
user VAs afterwards.
- Calling the IOCTL twice within the same enable cycle
returns the existing mapping (idempotent).
| typedef struct _HYPERTRACE_PT_OPERATION_PACKETS HYPERTRACE_PT_OPERATION_PACKETS |
The structure of HyperTrace PT result packet in HyperDbg.
Configuration fields (TraceUser/TraceKernel/TargetCr3/BufferSize/ NumAddrRanges/AddrRanges) are populated by the caller for ENABLE and FILTER operations. For other operations they are ignored. BufferSize must be a power of two multiple of 4 KB (4KB ... 128MB). Pass 0 to keep the existing per-CPU value (default 2 MB on first enable). For SIZE operations the kernel fills NumCpus and BytesPerCpu[] with each CPU's current PT output position, i.e. how many bytes of valid trace data are currently sitting in that CPU's main + overflow buffer; the rest of the packet is unused on output.
Perform actions related to HyperTrace for PT.
| typedef struct _INTERRUPT_DESCRIPTOR_TABLE_ENTRIES_PACKETS INTERRUPT_DESCRIPTOR_TABLE_ENTRIES_PACKETS |
The structure of IDT entries result packet in HyperDbg.
| typedef struct _IO_APIC_ENTRY_PACKETS IO_APIC_ENTRY_PACKETS |
The structure of I/O APIC result packet in HyperDbg.
| typedef struct _LAPIC_PAGE LAPIC_PAGE |
LAPIC structure and offsets.
| typedef struct _DEBUGGEE_BP_LIST_OR_MODIFY_PACKET * PDEBUGGEE_BP_LIST_OR_MODIFY_PACKET |
| typedef struct _DEBUGGEE_BP_PACKET * PDEBUGGEE_BP_PACKET |
| typedef struct _DEBUGGEE_CHANGE_CORE_PACKET * PDEBUGGEE_CHANGE_CORE_PACKET |
| typedef struct _DEBUGGEE_DETAILS_AND_SWITCH_PROCESS_PACKET * PDEBUGGEE_DETAILS_AND_SWITCH_PROCESS_PACKET |
| typedef struct _DEBUGGEE_DETAILS_AND_SWITCH_THREAD_PACKET * PDEBUGGEE_DETAILS_AND_SWITCH_THREAD_PACKET |
| typedef struct _DEBUGGEE_FORMATS_PACKET * PDEBUGGEE_FORMATS_PACKET |
| typedef struct _DEBUGGEE_PCIDEVINFO_REQUEST_RESPONSE_PACKET * PDEBUGGEE_PCIDEVINFO_REQUEST_RESPONSE_PACKET |
| typedef struct _DEBUGGEE_PCITREE_REQUEST_RESPONSE_PACKET * PDEBUGGEE_PCITREE_REQUEST_RESPONSE_PACKET |
| typedef struct _DEBUGGEE_PROCESS_LIST_DETAILS_ENTRY * PDEBUGGEE_PROCESS_LIST_DETAILS_ENTRY |
| typedef struct _DEBUGGEE_REGISTER_READ_DESCRIPTION * PDEBUGGEE_REGISTER_READ_DESCRIPTION |
| typedef struct _DEBUGGEE_REGISTER_WRITE_DESCRIPTION * PDEBUGGEE_REGISTER_WRITE_DESCRIPTION |
| typedef struct _DEBUGGEE_RESULT_OF_SEARCH_PACKET * PDEBUGGEE_RESULT_OF_SEARCH_PACKET |
| typedef struct _DEBUGGEE_SCRIPT_PACKET * PDEBUGGEE_SCRIPT_PACKET |
| typedef struct _DEBUGGEE_SEND_GENERAL_PACKET_FROM_DEBUGGEE_TO_DEBUGGER * PDEBUGGEE_SEND_GENERAL_PACKET_FROM_DEBUGGEE_TO_DEBUGGER |
| typedef struct _DEBUGGEE_STEP_PACKET * PDEBUGGEE_STEP_PACKET |
| typedef struct _DEBUGGEE_SYMBOL_REQUEST_PACKET * PDEBUGGEE_SYMBOL_REQUEST_PACKET |
| typedef struct _DEBUGGEE_THREAD_LIST_DETAILS_ENTRY * PDEBUGGEE_THREAD_LIST_DETAILS_ENTRY |
| typedef struct _DEBUGGEE_THREAD_LIST_NEEDED_DETAILS * PDEBUGGEE_THREAD_LIST_NEEDED_DETAILS |
| typedef struct _DEBUGGER_APIC_REQUEST * PDEBUGGER_APIC_REQUEST |
| typedef struct _DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS * PDEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS |
| typedef struct _DEBUGGER_CALLSTACK_REQUEST * PDEBUGGER_CALLSTACK_REQUEST |
| typedef struct _DEBUGGER_DEBUGGER_TEST_QUERY_BUFFER * PDEBUGGER_DEBUGGER_TEST_QUERY_BUFFER |
| typedef struct _DEBUGGER_DT_COMMAND_OPTIONS * PDEBUGGER_DT_COMMAND_OPTIONS |
| typedef struct _DEBUGGER_EDIT_MEMORY * PDEBUGGER_EDIT_MEMORY |
| typedef struct _DEBUGGER_EVENT_ACTION_RUN_SCRIPT_CONFIGURATION * PDEBUGGER_EVENT_ACTION_RUN_SCRIPT_CONFIGURATION |
| typedef struct _DEBUGGER_EVENT_REQUEST_BUFFER * PDEBUGGER_EVENT_REQUEST_BUFFER |
| typedef struct _DEBUGGER_EVENT_REQUEST_CUSTOM_CODE * PDEBUGGER_EVENT_REQUEST_CUSTOM_CODE |
| typedef struct _DEBUGGER_FLUSH_LOGGING_BUFFERS * PDEBUGGER_FLUSH_LOGGING_BUFFERS |
| typedef struct _DEBUGGER_HIDE_AND_TRANSPARENT_DEBUGGER_MODE * PDEBUGGER_HIDE_AND_TRANSPARENT_DEBUGGER_MODE |
| typedef struct _DEBUGGER_INIT_HYPERTRACE_PACKET * PDEBUGGER_INIT_HYPERTRACE_PACKET |
| typedef struct _DEBUGGER_INIT_VMM_PACKET * PDEBUGGER_INIT_VMM_PACKET |
| typedef struct _DEBUGGER_PAGE_IN_REQUEST * PDEBUGGER_PAGE_IN_REQUEST |
| typedef struct _DEBUGGER_PERFORM_KERNEL_TESTS * PDEBUGGER_PERFORM_KERNEL_TESTS |
| typedef struct _DEBUGGER_PREACTIVATE_COMMAND * PDEBUGGER_PREACTIVATE_COMMAND |
| typedef struct _DEBUGGER_PREALLOC_COMMAND * PDEBUGGER_PREALLOC_COMMAND |
| typedef struct _DEBUGGER_PREPARE_DEBUGGEE * PDEBUGGER_PREPARE_DEBUGGEE |
| typedef struct _DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS * PDEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS |
| typedef struct _DEBUGGER_READ_AND_WRITE_ON_MSR * PDEBUGGER_READ_AND_WRITE_ON_MSR |
| typedef struct _DEBUGGER_READ_MEMORY * PDEBUGGER_READ_MEMORY |
| typedef struct _DEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS * PDEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS |
| typedef struct _DEBUGGER_SEARCH_MEMORY * PDEBUGGER_SEARCH_MEMORY |
| typedef struct _DEBUGGER_SEND_COMMAND_EXECUTION_FINISHED_SIGNAL * PDEBUGGER_SEND_COMMAND_EXECUTION_FINISHED_SIGNAL |
| typedef struct _DEBUGGER_SEND_USERMODE_MESSAGES_TO_DEBUGGER * PDEBUGGER_SEND_USERMODE_MESSAGES_TO_DEBUGGER |
| typedef struct _DEBUGGER_SINGLE_CALLSTACK_FRAME * PDEBUGGER_SINGLE_CALLSTACK_FRAME |
| typedef struct _DEBUGGER_UD_COMMAND_ACTION * PDEBUGGER_UD_COMMAND_ACTION |
| typedef struct _DEBUGGER_UD_COMMAND_PACKET * PDEBUGGER_UD_COMMAND_PACKET |
| typedef struct _DEBUGGER_VA2PA_AND_PA2VA_COMMANDS * PDEBUGGER_VA2PA_AND_PA2VA_COMMANDS |
| typedef struct _HYPERTRACE_LBR_DUMP_PACKETS * PHYPERTRACE_LBR_DUMP_PACKETS |
| typedef struct _HYPERTRACE_LBR_OPERATION_PACKETS * PHYPERTRACE_LBR_OPERATION_PACKETS |
| typedef struct _HYPERTRACE_PT_MMAP_PACKETS * PHYPERTRACE_PT_MMAP_PACKETS |
| typedef struct _HYPERTRACE_PT_OPERATION_PACKETS * PHYPERTRACE_PT_OPERATION_PACKETS |
| typedef struct _INTERRUPT_DESCRIPTOR_TABLE_ENTRIES_PACKETS * PINTERRUPT_DESCRIPTOR_TABLE_ENTRIES_PACKETS |
| typedef struct _IO_APIC_ENTRY_PACKETS * PIO_APIC_ENTRY_PACKETS |
| typedef struct _LAPIC_PAGE * PLAPIC_PAGE |
| typedef struct _REVERSING_MACHINE_RECONSTRUCT_MEMORY_REQUEST * PREVERSING_MACHINE_RECONSTRUCT_MEMORY_REQUEST |
| typedef struct _SMI_OPERATION_PACKETS * PSMI_OPERATION_PACKETS |
| typedef struct _SYSTEM_CALL_NUMBERS_INFORMATION * PSYSTEM_CALL_NUMBERS_INFORMATION |
| typedef struct _USERMODE_DEBUGGING_THREAD_OR_PROCESS_STATE_DETAILS * PUSERMODE_DEBUGGING_THREAD_OR_PROCESS_STATE_DETAILS |
different modes of reconstruct requests
| typedef struct _REVERSING_MACHINE_RECONSTRUCT_MEMORY_REQUEST REVERSING_MACHINE_RECONSTRUCT_MEMORY_REQUEST |
requests for !rev command
different types of reconstruct requests
| typedef struct _SMI_OPERATION_PACKETS SMI_OPERATION_PACKETS |
The structure of I/O APIC result packet in HyperDbg.
| typedef enum _SMI_OPERATION_REQUEST_TYPE SMI_OPERATION_REQUEST_TYPE |
check so the IO_APIC_ENTRY_PACKETS should be smaller than packet size
Perform actions related to SMIs
| typedef struct _SYSTEM_CALL_NUMBERS_INFORMATION SYSTEM_CALL_NUMBERS_INFORMATION |
Windows System call values that are intercepted by transparency mode.
NOTE: Windows system calls can change values on each version This structure is used to keep track of the system call numbers based on the current running Windows version
| typedef struct _USERMODE_DEBUGGING_THREAD_OR_PROCESS_STATE_DETAILS USERMODE_DEBUGGING_THREAD_OR_PROCESS_STATE_DETAILS |
breakpoint modification types
Debugger process switch and process details.
| Enumerator | |
|---|---|
| DEBUGGEE_DETAILS_AND_SWITCH_PROCESS_GET_PROCESS_DETAILS | |
| DEBUGGEE_DETAILS_AND_SWITCH_PROCESS_GET_PROCESS_LIST | |
| DEBUGGEE_DETAILS_AND_SWITCH_PROCESS_PERFORM_SWITCH | |
Debugger thread switch and thread details.
| Enumerator | |
|---|---|
| DEBUGGEE_DETAILS_AND_SWITCH_THREAD_PERFORM_SWITCH | |
| DEBUGGEE_DETAILS_AND_SWITCH_THREAD_GET_THREAD_DETAILS | |
| DEBUGGEE_DETAILS_AND_SWITCH_THREAD_GET_THREAD_LIST | |
Perform actions related to APIC.
| Enumerator | |
|---|---|
| DEBUGGER_APIC_REQUEST_TYPE_READ_LOCAL_APIC | |
| DEBUGGER_APIC_REQUEST_TYPE_READ_IO_APIC | |
different actions of switchings
callstack showing method
| Enumerator | |
|---|---|
| DEBUGGER_CALLSTACK_DISPLAY_METHOD_WITHOUT_PARAMS | |
| DEBUGGER_CALLSTACK_DISPLAY_METHOD_WITH_PARAMS | |
Whether a jump is taken or not taken.
size of editing memory
| Enumerator | |
|---|---|
| EDIT_BYTE | |
| EDIT_DWORD | |
| EDIT_QWORD | |
different type of addresses for editing memory
| Enumerator | |
|---|---|
| EDIT_VIRTUAL_MEMORY | |
| EDIT_PHYSICAL_MEMORY | |
different types of actions on MSRs
| Enumerator | |
|---|---|
| DEBUGGER_MSR_READ | |
| DEBUGGER_MSR_WRITE | |
different types of prealloc requests
different actions on showing or querying list of process or threads
different type of process or thread queries
different address mode
| Enumerator | |
|---|---|
| DEBUGGER_READ_ADDRESS_MODE_32_BIT | |
| DEBUGGER_READ_ADDRESS_MODE_64_BIT | |
different types of reading memory
| Enumerator | |
|---|---|
| READ_FROM_KERNEL | |
| READ_FROM_VMX_ROOT | |
stepping and tracking types
different sizes on searching memory
| Enumerator | |
|---|---|
| SEARCH_BYTE | |
| SEARCH_DWORD | |
| SEARCH_QWORD | |
different types of address for searching on memory
| Enumerator | |
|---|---|
| SEARCH_PHYSICAL_MEMORY | |
| SEARCH_VIRTUAL_MEMORY | |
| SEARCH_PHYSICAL_FROM_VIRTUAL_MEMORY | |
the way that debugger should show the details of memory or disassemble them
test query used for test purposed
User-mode debugging actions.
Perform actions related to HyperTrace for LBR.
| Enumerator | |
|---|---|
| HYPERTRACE_LBR_OPERATION_REQUEST_TYPE_ENABLE | |
| HYPERTRACE_LBR_OPERATION_REQUEST_TYPE_DISABLE | |
| HYPERTRACE_LBR_OPERATION_REQUEST_TYPE_FLUSH | |
| HYPERTRACE_LBR_OPERATION_REQUEST_TYPE_FILTER | |
Perform actions related to HyperTrace for PT.
different modes of reconstruct requests
| Enumerator | |
|---|---|
| REVERSING_MACHINE_RECONSTRUCT_MEMORY_MODE_UNKNOWN | |
| REVERSING_MACHINE_RECONSTRUCT_MEMORY_MODE_USER_MODE | |
| REVERSING_MACHINE_RECONSTRUCT_MEMORY_MODE_KERNEL_MODE | |
different types of reconstruct requests
| Enumerator | |
|---|---|
| REVERSING_MACHINE_RECONSTRUCT_MEMORY_TYPE_UNKNOWN | |
| REVERSING_MACHINE_RECONSTRUCT_MEMORY_TYPE_RECONSTRUCT | |
| REVERSING_MACHINE_RECONSTRUCT_MEMORY_TYPE_PATTERN | |
check so the IO_APIC_ENTRY_PACKETS should be smaller than packet size
Perform actions related to SMIs
| Enumerator | |
|---|---|
| SMI_OPERATION_REQUEST_TYPE_READ_COUNT | |
| SMI_OPERATION_REQUEST_TYPE_TRIGGER_POWER_SMI | |