HyperDbg Debugger
Loading...
Searching...
No Matches
VMM.h File Reference

HyperDbg's SDK for VMM project. More...

Go to the source code of this file.

Classes

struct  _VMM_CALLBACKS
 Prototype of each function needed by VMM module. More...

Typedefs

typedef BOOLEAN(* LOG_CALLBACK_PREPARE_AND_SEND_MESSAGE_TO_QUEUE) (UINT32 OperationCode, BOOLEAN IsImmediateMessage, BOOLEAN ShowCurrentSystemTime, BOOLEAN Priority, const CHAR *Fmt, va_list ArgList)
 A function from the message tracer that send the inputs to the queue of the messages.
typedef BOOLEAN(* LOG_CALLBACK_SEND_MESSAGE_TO_QUEUE) (UINT32 OperationCode, BOOLEAN IsImmediateMessage, CHAR *LogMessage, UINT32 BufferLen, BOOLEAN Priority)
 A function that sends the messages to message tracer buffers.
typedef BOOLEAN(* LOG_CALLBACK_SEND_BUFFER) (_In_ UINT32 OperationCode, _In_reads_bytes_(BufferLength) PVOID Buffer, _In_ UINT32 BufferLength, _In_ BOOLEAN Priority)
 A function that sends the messages to message tracer buffers.
typedef BOOLEAN(* LOG_CALLBACK_CHECK_IF_BUFFER_IS_FULL) (BOOLEAN Priority)
 A function that checks whether the priority or regular buffer is full or not.
typedef BOOLEAN(* HYPERTRACE_LBR_IS_SUPPORTED) (UINT32 *Capacity, BOOLEAN *IsArchLbr)
 A function that checks if LBR is supported on the current CPU and gets its capacity.
typedef VMM_CALLBACK_TRIGGERING_EVENT_STATUS_TYPE(* VMM_CALLBACK_TRIGGER_EVENTS) (VMM_EVENT_TYPE_ENUM EventType, VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE CallingStage, PVOID Context, BOOLEAN *PostEventRequired, GUEST_REGS *Regs)
 A function that handles trigger events.
typedef BOOLEAN(* DEBUGGING_CALLBACK_HANDLE_BREAKPOINT_EXCEPTION) (UINT32 CoreId)
 A function that checks and handles breakpoints.
typedef BOOLEAN(* DEBUGGING_CALLBACK_HANDLE_DEBUG_BREAKPOINT_EXCEPTION) (UINT32 CoreId)
 A function that checks and handles debug breakpoints.
typedef BOOLEAN(* DEBUGGING_CALLBACK_CHECK_THREAD_INTERCEPTION) (UINT32 CoreId)
 Check for thread interception in user-debugger.
typedef BOOLEAN(* DEBUGGING_CALLBACK_TRIGGER_ON_CLOCK_AND_IPI_EVENTS) (_In_ UINT32 CoreId)
 Trigger on clock and IPI events for checking process or thread change.
typedef BOOLEAN(* DEBUGGING_CALLBACK_IGNORE_HANDLING_MOV_2_DEBUG_REGS) (_In_ UINT32 CoreId)
 routine callback to ignore handling mov 2 debug registers
typedef BOOLEAN(* POOL_MANAGER_REQUEST_ALLOCATION) (SIZE_T Size, UINT32 Count, POOL_ALLOCATION_INTENTION Intention)
 Request pool allocation.
typedef UINT64(* POOL_MANAGER_REQUEST_POOL) (POOL_ALLOCATION_INTENTION Intention, BOOLEAN RequestNewPool, UINT32 Size)
 Request pool.
typedef BOOLEAN(* POOL_MANAGER_FREE_POOL) (UINT64 AddressToFree)
 Free pool.
typedef BOOLEAN(* VMM_CALLBACK_RESTORE_EPT_STATE) (UINT32 CoreId)
 Check for user-mode access for loaded module details.
typedef BOOLEAN(* VMM_CALLBACK_CHECK_UNHANDLED_EPT_VIOLATION) (UINT32 CoreId, UINT64 ViolationQualification, UINT64 GuestPhysicalAddr)
 Check for unhandled EPT violations.
typedef BOOLEAN(* VMM_CALLBACK_HANDLE_MTF_CALLBACK) (UINT32 CoreId)
 Handle MTF callback.
typedef VOID(* INTERCEPTION_CALLBACK_TRIGGER_CR3_CHANGE) (UINT32 CoreId)
 Handle cr3 process change callbacks.
typedef VOID(* VMM_CALLBACK_NMI_BROADCAST_REQUEST_HANDLER) (UINT32 CoreId, BOOLEAN IsOnVmxNmiHandler)
 Handle NMI broadcast.
typedef VOID(* VMM_CALLBACK_SET_LAST_ERROR) (UINT32 LastError)
 Set the top-level driver's error status.
typedef BOOLEAN(* VMM_CALLBACK_QUERY_TERMINATE_PROTECTED_RESOURCE) (UINT32 CoreId, PROTECTED_HV_RESOURCES_TYPE ResourceType, PVOID Context, PROTECTED_HV_RESOURCES_PASSING_OVERS PassOver)
 Check and modify the protected resources of the hypervisor.
typedef BOOLEAN(* VMM_CALLBACK_VMCALL_HANDLER) (UINT32 CoreId, UINT64 VmcallNumber, UINT64 OptionalParam1, UINT64 OptionalParam2, UINT64 OptionalParam3)
 Handler of debugger specific VMCALLs.
typedef struct _VMM_CALLBACKS VMM_CALLBACKS
 Prototype of each function needed by VMM module.
typedef struct _VMM_CALLBACKSPVMM_CALLBACKS

Detailed Description

HyperDbg's SDK for VMM project.

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)

This file contains definitions of VMM routines

Version
0.2
Date
2023-01-15

Typedef Documentation

◆ DEBUGGING_CALLBACK_CHECK_THREAD_INTERCEPTION

typedef BOOLEAN(* DEBUGGING_CALLBACK_CHECK_THREAD_INTERCEPTION) (UINT32 CoreId)

Check for thread interception in user-debugger.

◆ DEBUGGING_CALLBACK_HANDLE_BREAKPOINT_EXCEPTION

typedef BOOLEAN(* DEBUGGING_CALLBACK_HANDLE_BREAKPOINT_EXCEPTION) (UINT32 CoreId)

A function that checks and handles breakpoints.

◆ DEBUGGING_CALLBACK_HANDLE_DEBUG_BREAKPOINT_EXCEPTION

typedef BOOLEAN(* DEBUGGING_CALLBACK_HANDLE_DEBUG_BREAKPOINT_EXCEPTION) (UINT32 CoreId)

A function that checks and handles debug breakpoints.

◆ DEBUGGING_CALLBACK_IGNORE_HANDLING_MOV_2_DEBUG_REGS

typedef BOOLEAN(* DEBUGGING_CALLBACK_IGNORE_HANDLING_MOV_2_DEBUG_REGS) (_In_ UINT32 CoreId)

routine callback to ignore handling mov 2 debug registers

Parameters
CoreId
Returns
BOOLEAN

◆ DEBUGGING_CALLBACK_TRIGGER_ON_CLOCK_AND_IPI_EVENTS

typedef BOOLEAN(* DEBUGGING_CALLBACK_TRIGGER_ON_CLOCK_AND_IPI_EVENTS) (_In_ UINT32 CoreId)

Trigger on clock and IPI events for checking process or thread change.

◆ HYPERTRACE_LBR_IS_SUPPORTED

typedef BOOLEAN(* HYPERTRACE_LBR_IS_SUPPORTED) (UINT32 *Capacity, BOOLEAN *IsArchLbr)

A function that checks if LBR is supported on the current CPU and gets its capacity.

◆ INTERCEPTION_CALLBACK_TRIGGER_CR3_CHANGE

typedef VOID(* INTERCEPTION_CALLBACK_TRIGGER_CR3_CHANGE) (UINT32 CoreId)

Handle cr3 process change callbacks.

◆ LOG_CALLBACK_CHECK_IF_BUFFER_IS_FULL

typedef BOOLEAN(* LOG_CALLBACK_CHECK_IF_BUFFER_IS_FULL) (BOOLEAN Priority)

A function that checks whether the priority or regular buffer is full or not.

◆ LOG_CALLBACK_PREPARE_AND_SEND_MESSAGE_TO_QUEUE

typedef BOOLEAN(* LOG_CALLBACK_PREPARE_AND_SEND_MESSAGE_TO_QUEUE) (UINT32 OperationCode, BOOLEAN IsImmediateMessage, BOOLEAN ShowCurrentSystemTime, BOOLEAN Priority, const CHAR *Fmt, va_list ArgList)

A function from the message tracer that send the inputs to the queue of the messages.

◆ LOG_CALLBACK_SEND_BUFFER

typedef BOOLEAN(* LOG_CALLBACK_SEND_BUFFER) (_In_ UINT32 OperationCode, _In_reads_bytes_(BufferLength) PVOID Buffer, _In_ UINT32 BufferLength, _In_ BOOLEAN Priority)

A function that sends the messages to message tracer buffers.

◆ LOG_CALLBACK_SEND_MESSAGE_TO_QUEUE

typedef BOOLEAN(* LOG_CALLBACK_SEND_MESSAGE_TO_QUEUE) (UINT32 OperationCode, BOOLEAN IsImmediateMessage, CHAR *LogMessage, UINT32 BufferLen, BOOLEAN Priority)

A function that sends the messages to message tracer buffers.

◆ POOL_MANAGER_FREE_POOL

typedef BOOLEAN(* POOL_MANAGER_FREE_POOL) (UINT64 AddressToFree)

Free pool.

◆ POOL_MANAGER_REQUEST_ALLOCATION

typedef BOOLEAN(* POOL_MANAGER_REQUEST_ALLOCATION) (SIZE_T Size, UINT32 Count, POOL_ALLOCATION_INTENTION Intention)

Request pool allocation.

◆ POOL_MANAGER_REQUEST_POOL

typedef UINT64(* POOL_MANAGER_REQUEST_POOL) (POOL_ALLOCATION_INTENTION Intention, BOOLEAN RequestNewPool, UINT32 Size)

Request pool.

◆ PVMM_CALLBACKS

typedef struct _VMM_CALLBACKS * PVMM_CALLBACKS

◆ VMM_CALLBACK_CHECK_UNHANDLED_EPT_VIOLATION

typedef BOOLEAN(* VMM_CALLBACK_CHECK_UNHANDLED_EPT_VIOLATION) (UINT32 CoreId, UINT64 ViolationQualification, UINT64 GuestPhysicalAddr)

Check for unhandled EPT violations.

◆ VMM_CALLBACK_HANDLE_MTF_CALLBACK

typedef BOOLEAN(* VMM_CALLBACK_HANDLE_MTF_CALLBACK) (UINT32 CoreId)

Handle MTF callback.

◆ VMM_CALLBACK_NMI_BROADCAST_REQUEST_HANDLER

typedef VOID(* VMM_CALLBACK_NMI_BROADCAST_REQUEST_HANDLER) (UINT32 CoreId, BOOLEAN IsOnVmxNmiHandler)

Handle NMI broadcast.

◆ VMM_CALLBACK_QUERY_TERMINATE_PROTECTED_RESOURCE

typedef BOOLEAN(* VMM_CALLBACK_QUERY_TERMINATE_PROTECTED_RESOURCE) (UINT32 CoreId, PROTECTED_HV_RESOURCES_TYPE ResourceType, PVOID Context, PROTECTED_HV_RESOURCES_PASSING_OVERS PassOver)

Check and modify the protected resources of the hypervisor.

◆ VMM_CALLBACK_RESTORE_EPT_STATE

typedef BOOLEAN(* VMM_CALLBACK_RESTORE_EPT_STATE) (UINT32 CoreId)

Check for user-mode access for loaded module details.

◆ VMM_CALLBACK_SET_LAST_ERROR

typedef VOID(* VMM_CALLBACK_SET_LAST_ERROR) (UINT32 LastError)

Set the top-level driver's error status.

◆ VMM_CALLBACK_TRIGGER_EVENTS

typedef VMM_CALLBACK_TRIGGERING_EVENT_STATUS_TYPE(* VMM_CALLBACK_TRIGGER_EVENTS) (VMM_EVENT_TYPE_ENUM EventType, VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE CallingStage, PVOID Context, BOOLEAN *PostEventRequired, GUEST_REGS *Regs)

A function that handles trigger events.

◆ VMM_CALLBACK_VMCALL_HANDLER

typedef BOOLEAN(* VMM_CALLBACK_VMCALL_HANDLER) (UINT32 CoreId, UINT64 VmcallNumber, UINT64 OptionalParam1, UINT64 OptionalParam2, UINT64 OptionalParam3)

Handler of debugger specific VMCALLs.

◆ VMM_CALLBACKS

typedef struct _VMM_CALLBACKS VMM_CALLBACKS

Prototype of each function needed by VMM module.