HyperDbg Debugger
Loading...
Searching...
No Matches
Functions
exception.cpp File Reference

!exception command More...

#include "pch.h"

Functions

VOID CommandExceptionHelp ()
 help of the !exception command
 
VOID CommandException (vector< string > SplitCommand, string Command)
 !exception command handler
 

Detailed Description

!exception command

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.1
Date
2020-06-03
Copyright
This project is released under the GNU Public License v3.

Function Documentation

◆ CommandException()

VOID CommandException ( vector< string > SplitCommand,
string Command )

!exception command handler

Parameters
SplitCommand
Command
Returns
VOID
51{
52 PDEBUGGER_GENERAL_EVENT_DETAIL Event = NULL;
53 PDEBUGGER_GENERAL_ACTION ActionBreakToDebugger = NULL;
54 PDEBUGGER_GENERAL_ACTION ActionCustomCode = NULL;
55 PDEBUGGER_GENERAL_ACTION ActionScript = NULL;
56 UINT32 EventLength;
57 UINT32 ActionBreakToDebuggerLength = 0;
58 UINT32 ActionCustomCodeLength = 0;
59 UINT32 ActionScriptLength = 0;
60 UINT64 SpecialTarget = DEBUGGER_EVENT_EXCEPTIONS_ALL_FIRST_32_ENTRIES;
61 BOOLEAN GetEntry = FALSE;
62 vector<string> SplitCommandCaseSensitive {Split(Command, ' ')};
63 DEBUGGER_EVENT_PARSING_ERROR_CAUSE EventParsingErrorCause;
64
65 //
66 // Interpret and fill the general event and action fields
67 //
68 //
69 if (!InterpretGeneralEventAndActionsFields(
70 &SplitCommand,
71 &SplitCommandCaseSensitive,
72 EXCEPTION_OCCURRED,
73 &Event,
74 &EventLength,
75 &ActionBreakToDebugger,
76 &ActionBreakToDebuggerLength,
77 &ActionCustomCode,
78 &ActionCustomCodeLength,
79 &ActionScript,
80 &ActionScriptLength,
81 &EventParsingErrorCause))
82 {
83 return;
84 }
85
86 //
87 // Interpret command specific details (if any)
88 //
89 for (auto Section : SplitCommand)
90 {
91 if (!Section.compare("!exception"))
92 {
93 continue;
94 }
95 else if (!GetEntry)
96 {
97 //
98 // It's probably an index
99 //
100 if (!ConvertStringToUInt64(Section, &SpecialTarget))
101 {
102 //
103 // Unknown parameter
104 //
105 ShowMessages("unknown parameter '%s'\n\n", Section.c_str());
106 CommandExceptionHelp();
107
108 FreeEventsAndActionsMemory(Event, ActionBreakToDebugger, ActionCustomCode, ActionScript);
109 return;
110 }
111 else
112 {
113 //
114 // Check if entry is valid or not (start from zero)
115 //
116 if (SpecialTarget >= 31)
117 {
118 //
119 // Entry is invalid (this command is designed for just first 32
120 // entries)
121 //
122 ShowMessages("the entry should be between 0x0 to 0x1f or first 32 "
123 "entries'\n\n");
124 CommandExceptionHelp();
125
126 FreeEventsAndActionsMemory(Event, ActionBreakToDebugger, ActionCustomCode, ActionScript);
127 return;
128 }
129 GetEntry = TRUE;
130 }
131 }
132 else
133 {
134 //
135 // Unknown parameter
136 //
137 ShowMessages("unknown parameter '%s'\n\n", Section.c_str());
138 CommandExceptionHelp();
139
140 FreeEventsAndActionsMemory(Event, ActionBreakToDebugger, ActionCustomCode, ActionScript);
141 return;
142 }
143 }
144
145 //
146 // Set the target exception (if not specific then it means all exceptions)
147 //
148 Event->Options.OptionalParam1 = SpecialTarget;
149
150 //
151 // Send the ioctl to the kernel for event registration
152 //
153 if (!SendEventToKernel(Event, EventLength))
154 {
155 //
156 // There was an error, probably the handle was not initialized
157 // we have to free the Action before exit, it is because, we
158 // already freed the Event and string buffers
159 //
160
161 FreeEventsAndActionsMemory(Event, ActionBreakToDebugger, ActionCustomCode, ActionScript);
162 return;
163 }
164
165 //
166 // Add the event to the kernel
167 //
168 if (!RegisterActionToEvent(Event,
169 ActionBreakToDebugger,
170 ActionBreakToDebuggerLength,
171 ActionCustomCode,
172 ActionCustomCodeLength,
173 ActionScript,
174 ActionScriptLength))
175 {
176 //
177 // There was an error
178 //
179
180 FreeEventsAndActionsMemory(Event, ActionBreakToDebugger, ActionCustomCode, ActionScript);
181 return;
182 }
183}
BOOLEAN
UCHAR BOOLEAN
Definition BasicTypes.h:39
TRUE
#define TRUE
Definition BasicTypes.h:55
FALSE
#define FALSE
Definition BasicTypes.h:54
UINT64
unsigned __int64 UINT64
Definition BasicTypes.h:21
UINT32
unsigned int UINT32
Definition BasicTypes.h:48
DEBUGGER_EVENT_EXCEPTIONS_ALL_FIRST_32_ENTRIES
#define DEBUGGER_EVENT_EXCEPTIONS_ALL_FIRST_32_ENTRIES
Apply to all first 32 exceptions.
Definition Constants.h:629
Split
const vector< string > Split(const string &s, const char &c)
general split command
Definition common.cpp:117
ConvertStringToUInt64
BOOLEAN ConvertStringToUInt64(string TextToConvert, PUINT64 Result)
check and convert string to a 64 bit unsigned integer and also check for special notations like 0x,...
Definition common.cpp:240
FreeEventsAndActionsMemory
VOID FreeEventsAndActionsMemory(PDEBUGGER_GENERAL_EVENT_DETAIL Event, PDEBUGGER_GENERAL_ACTION ActionBreakToDebugger, PDEBUGGER_GENERAL_ACTION ActionCustomCode, PDEBUGGER_GENERAL_ACTION ActionScript)
Deallocate buffers relating to events and actions.
Definition debugger.cpp:2292
InterpretGeneralEventAndActionsFields
BOOLEAN InterpretGeneralEventAndActionsFields(vector< string > *SplitCommand, vector< string > *SplitCommandCaseSensitive, VMM_EVENT_TYPE_ENUM EventType, PDEBUGGER_GENERAL_EVENT_DETAIL *EventDetailsToFill, PUINT32 EventBufferLength, PDEBUGGER_GENERAL_ACTION *ActionDetailsToFillBreakToDebugger, PUINT32 ActionBufferLengthBreakToDebugger, PDEBUGGER_GENERAL_ACTION *ActionDetailsToFillCustomCode, PUINT32 ActionBufferLengthCustomCode, PDEBUGGER_GENERAL_ACTION *ActionDetailsToFillScript, PUINT32 ActionBufferLengthScript, PDEBUGGER_EVENT_PARSING_ERROR_CAUSE ReasonForErrorInParsing)
Interpret general event fields.
Definition debugger.cpp:2342
SendEventToKernel
BOOLEAN SendEventToKernel(PDEBUGGER_GENERAL_EVENT_DETAIL Event, UINT32 EventBufferLength)
Register the event to the kernel.
Definition debugger.cpp:1969
RegisterActionToEvent
BOOLEAN RegisterActionToEvent(PDEBUGGER_GENERAL_EVENT_DETAIL Event, PDEBUGGER_GENERAL_ACTION ActionBreakToDebugger, UINT32 ActionBreakToDebuggerLength, PDEBUGGER_GENERAL_ACTION ActionCustomCode, UINT32 ActionCustomCodeLength, PDEBUGGER_GENERAL_ACTION ActionScript, UINT32 ActionScriptLength)
Register the action to the event.
Definition debugger.cpp:2086
CommandExceptionHelp
VOID CommandExceptionHelp()
help of the !exception command
Definition exception.cpp:20
EXCEPTION_OCCURRED
@ EXCEPTION_OCCURRED
Definition Events.h:140
DEBUGGER_EVENT_PARSING_ERROR_CAUSE
enum _DEBUGGER_EVENT_PARSING_ERROR_CAUSE DEBUGGER_EVENT_PARSING_ERROR_CAUSE
Reason for error in parsing commands.
ShowMessages
VOID ShowMessages(const char *Fmt,...)
Show messages.
Definition libhyperdbg.cpp:96
test-case-generator.NULL
NULL()
Definition test-case-generator.py:530
_DEBUGGER_EVENT_OPTIONS::OptionalParam1
UINT64 OptionalParam1
Definition Events.h:272
_DEBUGGER_GENERAL_ACTION
Each event can have multiple actions.
Definition Events.h:406
_DEBUGGER_GENERAL_EVENT_DETAIL
Each command is like the following struct, it also used for tracing works in user mode and sending it...
Definition Events.h:350
_DEBUGGER_GENERAL_EVENT_DETAIL::Options
DEBUGGER_EVENT_OPTIONS Options
Definition Events.h:391

◆ CommandExceptionHelp()

VOID CommandExceptionHelp ( )

help of the !exception command

Returns
VOID
21{
22 ShowMessages("!exception : monitors the first 32 entry of IDT (starting from "
23 "zero).\n\n");
24
25 ShowMessages(
26 "syntax : \t!exception [IdtIndex (hex)] [pid ProcessId (hex)] "
27 "[core CoreId (hex)] [imm IsImmediate (yesno)] [sc EnableShortCircuiting (onoff)] "
28 "[stage CallingStage (prepostall)] [buffer PreAllocatedBuffer (hex)] [script { Script (string) }] "
29 "[asm condition { Condition (assembly/hex) }] [asm code { Code (assembly/hex) }] [output {OutputName (string)}]\n");
30
31 ShowMessages("\nnote: monitoring page-faults (entry 0xe) is implemented differently (for more information, check the documentation).\n");
32
33 ShowMessages("\n");
34 ShowMessages("\t\te.g : !exception\n");
35 ShowMessages("\t\te.g : !exception 0xe\n");
36 ShowMessages("\t\te.g : !exception pid 400\n");
37 ShowMessages("\t\te.g : !exception core 2 pid 400\n");
38 ShowMessages("\t\te.g : !exception 0xe stage post script { printf(\"page-fault occurred at: %%llx\\n\", @cr2); }\n");
39 ShowMessages("\t\te.g : !exception asm code { nop; nop; nop }\n");
40}