disconnect.cpp File Reference

.disconnect command More...

#include "pch.h"

Functions
VOID	CommandDisconnectHelp ()
	help of the .disconnect command
VOID	CommandDisconnect (vector< string > SplitCommand, string Command)
	.disconnect command handler

Variables
BOOLEAN	g_IsConnectedToHyperDbgLocally
	Shows whether the user is allowed to use 'load' command to load modules locally in VMI (virtual machine introspection) mode.
BOOLEAN	g_IsConnectedToRemoteDebuggee
	Shows whether the current debugger is the host and connected to a remote debuggee (guest)
HANDLE	g_RemoteDebuggeeListeningThread
	In debugger (not debuggee), we save the ip of server debuggee in this variable to use it later e.g, in signature.
HANDLE	g_EndOfMessageReceivedEvent
	Handle to if the end of the message received (for showing signature)

Detailed Description

.disconnect command

Author

Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)

Version

0.1

Date

2020-05-27

Copyright

This project is released under the GNU Public License v3.

Function Documentation

CommandDisconnect()

VOID CommandDisconnect	(	vector< string >	SplitCommand,
		string	Command )

.disconnect command handler

Parameters

SplitCommand
Command

Returns

VOID

{
    if (SplitCommand.size() != 1)
    {
        ShowMessages("incorrect use of the '.disconnect'\n\n");
        CommandDisconnectHelp();
        return;
    }
 
    if (!g_IsConnectedToHyperDbgLocally && !g_IsConnectedToRemoteDebuggee)
    {
        ShowMessages("you're not connected to any instance of HyperDbg, did you "
                     "use '.connect'? \n");
        return;
    }
 
    //
    // Check if it's local debugger and the driver is still
    // loading (not unloaded)
    //
    if (g_IsConnectedToHyperDbgLocally && g_DeviceHandle)
    {
        ShowMessages("you cannot disconnect in local debugging while the "
                     "driver is still loaded. please use 'unload' command before "
                     "disconnecting from the current instance of debugger\n");
        return;
    }
 
    //
    // Disconnect the session
    //
    g_IsConnectedToHyperDbgLocally = FALSE;
 
    //
    // This computer is connected to a remote system
    //
    if (g_IsConnectedToRemoteDebuggee)
    {
        //
        // We should kill the thread that was listening for the
        // remote commands and close the connection
        //
        TerminateThread(g_RemoteDebuggeeListeningThread, 0);
        CloseHandle(g_RemoteDebuggeeListeningThread);
        CloseHandle(g_EndOfMessageReceivedEvent);
        g_EndOfMessageReceivedEvent = NULL;
 
        RemoteConnectionCloseTheConnectionWithDebuggee();
 
        g_IsConnectedToRemoteDebuggee = FALSE;
    }
 
    ShowMessages("disconnected successfully\n");
}

CommandDisconnectHelp()

VOID CommandDisconnectHelp

(

)

help of the .disconnect command

Returns

VOID

{
    ShowMessages(".disconnect : disconnects from a debugging session (it won't "
                 "unload the modules).\n\n");
 
    ShowMessages("syntax : \t.disconnect \n");
}

Variable Documentation

g_EndOfMessageReceivedEvent

HANDLE g_EndOfMessageReceivedEvent

extern

Handle to if the end of the message received (for showing signature)

g_IsConnectedToHyperDbgLocally

BOOLEAN g_IsConnectedToHyperDbgLocally

extern

Shows whether the user is allowed to use 'load' command to load modules locally in VMI (virtual machine introspection) mode.

g_IsConnectedToRemoteDebuggee

BOOLEAN g_IsConnectedToRemoteDebuggee

extern

Shows whether the current debugger is the host and connected to a remote debuggee (guest)

g_RemoteDebuggeeListeningThread

HANDLE g_RemoteDebuggeeListeningThread

extern

In debugger (not debuggee), we save the ip of server debuggee in this variable to use it later e.g, in signature.