HyperDbg Debugger
Loading...
Searching...
No Matches
HyperEvade.h File Reference

HyperDbg's SDK for hyperevade project. More...

Go to the source code of this file.

Classes

struct  _HYPEREVADE_CALLBACKS
 Prototype of each function needed by hyperevade module. More...

Typedefs

typedef BOOLEAN(* LOG_CALLBACK_PREPARE_AND_SEND_MESSAGE_TO_QUEUE) (UINT32 OperationCode, BOOLEAN IsImmediateMessage, BOOLEAN ShowCurrentSystemTime, BOOLEAN Priority, const CHAR *Fmt, va_list ArgList)
 A function from the message tracer that send the inputs to the queue of the messages.
typedef BOOLEAN(* LOG_CALLBACK_SEND_MESSAGE_TO_QUEUE) (UINT32 OperationCode, BOOLEAN IsImmediateMessage, CHAR *LogMessage, UINT32 BufferLen, BOOLEAN Priority)
 A function that sends the messages to message tracer buffers.
typedef BOOLEAN(* LOG_CALLBACK_SEND_BUFFER) (_In_ UINT32 OperationCode, _In_reads_bytes_(BufferLength) PVOID Buffer, _In_ UINT32 BufferLength, _In_ BOOLEAN Priority)
 A function that sends the messages to message tracer buffers.
typedef BOOLEAN(* LOG_CALLBACK_CHECK_IF_BUFFER_IS_FULL) (BOOLEAN Priority)
 A function that checks whether the priority or regular buffer is full or not.
typedef BOOLEAN(* HYPERTRACE_LBR_IS_SUPPORTED) (UINT32 *Capacity, BOOLEAN *IsArchLbr)
 A function that checks if LBR is supported on the current CPU and gets its capacity.
typedef BOOLEAN(* CHECK_ACCESS_VALIDITY_AND_SAFETY) (UINT64 TargetAddress, UINT32 Size)
 A function that checks the validity and safety of the target address.
typedef BOOLEAN(* MEMORY_MAPPER_READ_MEMORY_SAFE_ON_TARGET_PROCESS) (UINT64 VaAddressToRead, PVOID BufferToSaveMemory, SIZE_T SizeToRead)
 A function that reads memory safely on the target process.
typedef BOOLEAN(* MEMORY_MAPPER_WRITE_MEMORY_SAFE_ON_TARGET_PROCESS) (UINT64 Destination, PVOID Source, SIZE_T Size)
 A function that writes memory safely on the target process.
typedef PCHAR(* COMMON_GET_PROCESS_NAME_FROM_PROCESS_CONTROL_BLOCK) (PVOID Eprocess)
 A function that gets the process name from the process control block.
typedef BOOLEAN(* SYSCALL_CALLBACK_SET_TRAP_FLAG_AFTER_SYSCALL) (GUEST_REGS *Regs, UINT32 ProcessId, UINT32 ThreadId, UINT64 Context, SYSCALL_CALLBACK_CONTEXT_PARAMS *Params)
 A function that sets the trap flag after a syscall.
typedef VOID(* HV_HANDLE_TRAPFLAG) ()
 A function that handles the trap flag.
typedef VOID(* EVENT_INJECT_GENERAL_PROTECTION) ()
 A function that injects a general protection (#GP).
typedef struct _HYPEREVADE_CALLBACKS HYPEREVADE_CALLBACKS
 Prototype of each function needed by hyperevade module.
typedef struct _HYPEREVADE_CALLBACKSPHYPEREVADE_CALLBACKS

Detailed Description

HyperDbg's SDK for hyperevade project.

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)

This file contains definitions of HyperEvade routines

Version
0.14
Date
2025-06-07

Typedef Documentation

◆ CHECK_ACCESS_VALIDITY_AND_SAFETY

typedef BOOLEAN(* CHECK_ACCESS_VALIDITY_AND_SAFETY) (UINT64 TargetAddress, UINT32 Size)

A function that checks the validity and safety of the target address.

◆ COMMON_GET_PROCESS_NAME_FROM_PROCESS_CONTROL_BLOCK

typedef PCHAR(* COMMON_GET_PROCESS_NAME_FROM_PROCESS_CONTROL_BLOCK) (PVOID Eprocess)

A function that gets the process name from the process control block.

◆ EVENT_INJECT_GENERAL_PROTECTION

typedef VOID(* EVENT_INJECT_GENERAL_PROTECTION) ()

A function that injects a general protection (#GP).

◆ HV_HANDLE_TRAPFLAG

typedef VOID(* HV_HANDLE_TRAPFLAG) ()

A function that handles the trap flag.

◆ HYPEREVADE_CALLBACKS

Prototype of each function needed by hyperevade module.

◆ HYPERTRACE_LBR_IS_SUPPORTED

typedef BOOLEAN(* HYPERTRACE_LBR_IS_SUPPORTED) (UINT32 *Capacity, BOOLEAN *IsArchLbr)

A function that checks if LBR is supported on the current CPU and gets its capacity.

◆ LOG_CALLBACK_CHECK_IF_BUFFER_IS_FULL

typedef BOOLEAN(* LOG_CALLBACK_CHECK_IF_BUFFER_IS_FULL) (BOOLEAN Priority)

A function that checks whether the priority or regular buffer is full or not.

◆ LOG_CALLBACK_PREPARE_AND_SEND_MESSAGE_TO_QUEUE

typedef BOOLEAN(* LOG_CALLBACK_PREPARE_AND_SEND_MESSAGE_TO_QUEUE) (UINT32 OperationCode, BOOLEAN IsImmediateMessage, BOOLEAN ShowCurrentSystemTime, BOOLEAN Priority, const CHAR *Fmt, va_list ArgList)

A function from the message tracer that send the inputs to the queue of the messages.

◆ LOG_CALLBACK_SEND_BUFFER

typedef BOOLEAN(* LOG_CALLBACK_SEND_BUFFER) (_In_ UINT32 OperationCode, _In_reads_bytes_(BufferLength) PVOID Buffer, _In_ UINT32 BufferLength, _In_ BOOLEAN Priority)

A function that sends the messages to message tracer buffers.

◆ LOG_CALLBACK_SEND_MESSAGE_TO_QUEUE

typedef BOOLEAN(* LOG_CALLBACK_SEND_MESSAGE_TO_QUEUE) (UINT32 OperationCode, BOOLEAN IsImmediateMessage, CHAR *LogMessage, UINT32 BufferLen, BOOLEAN Priority)

A function that sends the messages to message tracer buffers.

◆ MEMORY_MAPPER_READ_MEMORY_SAFE_ON_TARGET_PROCESS

typedef BOOLEAN(* MEMORY_MAPPER_READ_MEMORY_SAFE_ON_TARGET_PROCESS) (UINT64 VaAddressToRead, PVOID BufferToSaveMemory, SIZE_T SizeToRead)

A function that reads memory safely on the target process.

◆ MEMORY_MAPPER_WRITE_MEMORY_SAFE_ON_TARGET_PROCESS

typedef BOOLEAN(* MEMORY_MAPPER_WRITE_MEMORY_SAFE_ON_TARGET_PROCESS) (UINT64 Destination, PVOID Source, SIZE_T Size)

A function that writes memory safely on the target process.

◆ PHYPEREVADE_CALLBACKS

◆ SYSCALL_CALLBACK_SET_TRAP_FLAG_AFTER_SYSCALL

typedef BOOLEAN(* SYSCALL_CALLBACK_SET_TRAP_FLAG_AFTER_SYSCALL) (GUEST_REGS *Regs, UINT32 ProcessId, UINT32 ThreadId, UINT64 Context, SYSCALL_CALLBACK_CONTEXT_PARAMS *Params)

A function that sets the trap flag after a syscall.