HyperDbg Debugger
Loading...
Searching...
No Matches
Loader.c File Reference

The functions used in loading the debugger and VMM. More...

#include "pch.h"

Functions

BOOLEAN LoaderInitHyperTrace (PDEBUGGER_INIT_HYPERTRACE_PACKET InitHyperTracePacket, BOOLEAN RunningOnHypervisorEnvironment)
 Initialize the hyper trace module.
BOOLEAN LoaderInitHyperLog ()
 Initialize the hyper log module.
BOOLEAN LoaderInitVmm (PDEBUGGER_INIT_VMM_PACKET InitVmmPacket)
 Initialize the VMM.
BOOLEAN LoaderInitKd ()
 Initialize the debugger.
BOOLEAN LoaderInitDebuggerAndVmm (PDEBUGGER_INIT_VMM_PACKET InitVmmPacket)
 Initialize the debugger and the vmm.
VOID LoaderUninitHyperTrace ()
 Uninitialize the hyper trace module.
VOID LoaderUninitVmm ()
 Uninitialize the VMM.
VOID LoaderUninitKd ()
 Uninitialize the debugger.
VOID LoaderUninitVmmAndDebugger ()
 Uninitialize the VMM and the debugger.
VOID LoaderUninitLogTracer ()
 Uninitialize the log tracer.

Detailed Description

The functions used in loading the debugger and VMM.

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.2
Date
2023-01-15

Function Documentation

◆ LoaderInitDebuggerAndVmm()

BOOLEAN LoaderInitDebuggerAndVmm ( PDEBUGGER_INIT_VMM_PACKET InitVmmPacket)

Initialize the debugger and the vmm.

Parameters
InitVmmPacketThe packet to fill the result of the initialization
Returns
BOOLEAN
303{
304 //
305 // First we need to initialize the debugger
306 // because the VMM relies on the debugger for some of its functionalities,
307 // so if we cannot initialize the debugger we cannot initialize the VMM
308 //
309 if (!LoaderInitKd())
310 {
311 //
312 // Unable to initialize the debugger, so we cannot initialize the VMM, and we return false
313 //
315
316 return FALSE;
317 }
318
319 //
320 // Now we can initialize the VMM
321 //
322 if (!LoaderInitVmm(InitVmmPacket))
323 {
324 return FALSE;
325 }
326
327 //
328 // Set the kernel status to success
329 //
331
332 return TRUE;
333}
#define TRUE
Definition BasicTypes.h:114
#define FALSE
Definition BasicTypes.h:113
#define DEBUGGER_ERROR_CANNOT_INITIALIZE_DEBUGGER
error, cannot initialize the debugger
Definition ErrorCodes.h:654
#define DEBUGGER_OPERATION_WAS_SUCCESSFUL
General value to indicate that the operation or request was successful.
Definition ErrorCodes.h:23
BOOLEAN LoaderInitKd()
Initialize the debugger.
Definition Loader.c:264
BOOLEAN LoaderInitVmm(PDEBUGGER_INIT_VMM_PACKET InitVmmPacket)
Initialize the VMM.
Definition Loader.c:160
UINT32 KernelStatus
Definition RequestStructures.h:25

◆ LoaderInitHyperLog()

BOOLEAN LoaderInitHyperLog ( )

Initialize the hyper log module.

Returns
BOOLEAN
120{
121 MESSAGE_TRACING_CALLBACKS MsgTracingCallbacks = {0};
122
123 //
124 // *** Fill the callbacks for the message tracer ***
125 //
129
130 //
131 // Initialize message tracer (if not already initialized)
132 //
133 if (g_HyperLogInitialized == FALSE && LogInitialize(&MsgTracingCallbacks))
134 {
136
137 LogDebugInfo("HyperDbg's hyperlog loaded successfully");
138
139 return TRUE;
140 }
141 else
142 {
143 //
144 // We use DbgPrint here because if the hyperlog is not loaded we can't use it to log the error
145 // so we just log the error with DbgPrint and continue without loading hyperlog
146 //
147 DbgPrint("Err, HyperDbg's hyperlog was not loaded or already loaded");
148 return FALSE;
149 }
150}
BOOLEAN KdCheckImmediateMessagingMechanism(UINT32 OperationCode)
Checks whether the immediate messaging mechism is needed or not.
Definition Kd.c:107
_Use_decl_annotations_ BOOLEAN KdLoggingResponsePacketToDebugger(CHAR *OptionalBuffer, UINT32 OptionalBufferLength, UINT32 OperationCode)
Sends a HyperDbg logging response packet to the debugger.
Definition Kd.c:377
IMPORT_EXPORT_HYPERLOG BOOLEAN LogInitialize(MESSAGE_TRACING_CALLBACKS *MsgTracingCallbacks)
Initialize the buffer relating to log message tracing.
Definition Logging.c:98
#define LogDebugInfo(format,...)
Log, initialize boot information and debug information.
Definition HyperDbgHyperLogIntrinsics.h:155
IMPORT_EXPORT_VMM BOOLEAN VmFuncVmxGetCurrentExecutionMode()
Get the current VMX operation state.
Definition Export.c:802
struct _MESSAGE_TRACING_CALLBACKS MESSAGE_TRACING_CALLBACKS
Prototype of each function needed by message tracer.
BOOLEAN g_HyperLogInitialized
Shows whether the hyperlog module is initialized or not.
Definition Global.h:23
SEND_IMMEDIATE_MESSAGE SendImmediateMessage
Definition HyperLog.h:52
CHECK_IMMEDIATE_MESSAGE_SENDING CheckImmediateMessageSending
Definition HyperLog.h:51
CHECK_VMX_OPERATION VmxOperationCheck
Definition HyperLog.h:50

◆ LoaderInitHyperTrace()

BOOLEAN LoaderInitHyperTrace ( PDEBUGGER_INIT_HYPERTRACE_PACKET InitHyperTracePacket,
BOOLEAN RunningOnHypervisorEnvironment )

Initialize the hyper trace module.

Parameters
RunningOnHypervisorEnvironmentWhether the initialization is being done for hypervisor environment or not
Returns
BOOLEAN
22{
23 HYPERTRACE_CALLBACKS HyperTraceCallbacks = {0};
24
25 //
26 // *** Fill the callbacks for using hypertrace ***
27 //
28
29 //
30 // Fill the callbacks for using hyperlog in hypertrace
31 // We use the callbacks directly to avoid two calls to the same function
32 //
35 HyperTraceCallbacks.LogCallbackSendBuffer = LogCallbackSendBuffer;
37
38 //
39 // Fill the callbacks for using hyperhv in hypertrace
40 //
42
43 //
44 // *** Legacy LBR callbacks ***
45 //
46
48
49 HyperTraceCallbacks.VmFuncGetDebugctl = VmFuncGetDebugctl;
51 HyperTraceCallbacks.VmFuncSetDebugctl = VmFuncSetDebugctl;
53
58
59 HyperTraceCallbacks.VmFuncSetLbrSelect = VmFuncSetLbrSelect;
61
62 //
63 // *** Architectural LBR callbacks ***
64 //
65
67
72
77
78 //
79 // Initialize hypertrace module
80 //
81 if (HyperTraceInitCallback(&HyperTraceCallbacks, RunningOnHypervisorEnvironment))
82 {
83 LogDebugInfo("HyperDbg's hypertrace loaded successfully");
84
85 //
86 // Mark hypertrace as initialized
87 //
89
90 //
91 // Set the kernel status to success
92 //
93 InitHyperTracePacket->KernelStatus = DEBUGGER_OPERATION_WAS_SUCCESSFUL;
94
95 return TRUE;
96 }
97 else
98 {
99 //
100 // We won't fail the loading just because of hypertrace, so we just log the error and continue without loading hypertrace
101 //
102 LogDebugInfo("Err, HyperDbg's hypertrace was not loaded");
103
104 //
105 // Set the kernel status to indicate failure
106 //
108
109 return FALSE;
110 }
111}
#define DEBUGGER_ERROR_HYPERTRACE_NOT_INITIALIZED
error, HyperTrace is not initialized
Definition ErrorCodes.h:588
IMPORT_EXPORT_HYPERLOG BOOLEAN LogCallbackSendBuffer(_In_ UINT32 OperationCode, _In_reads_bytes_(BufferLength) PVOID Buffer, _In_ UINT32 BufferLength, _In_ BOOLEAN Priority)
routines callback for sending buffer
Definition HyperLogCallback.c:123
IMPORT_EXPORT_HYPERLOG BOOLEAN LogCallbackCheckIfBufferIsFull(BOOLEAN Priority)
Checks whether the priority or regular buffer is full or not.
Definition Logging.c:262
IMPORT_EXPORT_HYPERLOG BOOLEAN LogCallbackSendMessageToQueue(UINT32 OperationCode, BOOLEAN IsImmediateMessage, CHAR *LogMessage, UINT32 BufferLen, BOOLEAN Priority)
Send string messages and tracing for logging and monitoring.
Definition Logging.c:1214
IMPORT_EXPORT_HYPERLOG BOOLEAN LogCallbackPrepareAndSendMessageToQueueWrapper(UINT32 OperationCode, BOOLEAN IsImmediateMessage, BOOLEAN ShowCurrentSystemTime, BOOLEAN Priority, const CHAR *Fmt, va_list ArgList)
Prepare a printf-style message mapping and send string messages and tracing for logging and monitorin...
Definition Logging.c:987
IMPORT_EXPORT_HYPERTRACE BOOLEAN HyperTraceInitCallback(HYPERTRACE_CALLBACKS *HyperTraceCallbacks, BOOLEAN RunningOnHypervisorEnvironment)
Initialize the hypertrace module callbacks.
Definition TraceApi.c:24
IMPORT_EXPORT_VMM VOID VmFuncSetLoadGuestIa32LbrCtl(UINT32 CoreId, BOOLEAN Set)
Set LOAD GUEST IA32_LBR_CTL on Vm-entry controls.
Definition Export.c:151
IMPORT_EXPORT_VMM BOOLEAN VmFuncCheckCpuSupportForSaveAndLoadDebugControls()
Check if CPU support save and load debug controls on exit and load entries.
Definition Export.c:488
IMPORT_EXPORT_VMM VOID VmFuncSetLoadGuestIa32LbrCtlVmcallOnTargetCore(BOOLEAN Set)
Set LOAD GUEST IA32_LBR_CTL on VM-entry controls on the target core from VMCS using VMCALL.
Definition Export.c:599
IMPORT_EXPORT_VMM VOID VmFuncSetLbrSelectVmcallOnTargetCore(UINT64 FilterOptions)
Set the guest state of MSR_LEGACY_LBR_SELECT on the target core from VMCS using VMCALL.
Definition Export.c:573
IMPORT_EXPORT_VMM BOOLEAN VmFuncCheckCpuSupportForLoadAndClearGuestIa32LbrCtlControls()
Check if CPU support load and clear guest IA32_LBR_CTL controls on VM-entry and VM-exit.
Definition Export.c:499
IMPORT_EXPORT_VMM VOID VmFuncSetDebugctl(UINT64 Value)
Set the guest state of IA32_DEBUGCTL.
Definition Export.c:511
IMPORT_EXPORT_VMM UINT64 VmFuncGetDebugctlVmcallOnTargetCore()
Get the guest state of IA32_DEBUGCTL on the target core from VMCS using VMCALL.
Definition Export.c:455
IMPORT_EXPORT_VMM VOID VmFuncSetGuestIa32LbrCtl(UINT64 Value)
Set the guest state of IA32_LBR_CTL.
Definition Export.c:536
IMPORT_EXPORT_VMM VOID VmFuncSetClearGuestIa32LbrCtl(UINT32 CoreId, BOOLEAN Set)
Set CLEAR GUEST IA32_LBR_CTL on Vm-exit controls.
Definition Export.c:179
IMPORT_EXPORT_VMM VOID VmFuncSetDebugctlVmcallOnTargetCore(UINT64 Value)
Set the guest state of IA32_DEBUGCTL on the target core from VMCS using VMCALL.
Definition Export.c:524
IMPORT_EXPORT_VMM UINT64 VmFuncGetGuestIa32LbrCtlVmcallOnTargetCore()
Get the guest state of IA32_LBR_CTL on the target core from VMCS.
Definition Export.c:477
IMPORT_EXPORT_VMM VOID VmFuncSetSaveDebugControls(UINT32 CoreId, BOOLEAN Set)
Set SAVE DEBUG CONTROLS on Vm-exit controls.
Definition Export.c:165
IMPORT_EXPORT_VMM VOID VmFuncSetLoadDebugControls(UINT32 CoreId, BOOLEAN Set)
Set LOAD DEBUG CONTROLS on Vm-entry controls.
Definition Export.c:137
IMPORT_EXPORT_VMM VOID VmFuncSetClearGuestIa32LbrCtlVmcallOnTargetCore(BOOLEAN Set)
Set CLEAR GUEST IA32_LBR_CTL on VM-exit controls on the target core from VMCS using VMCALL.
Definition Export.c:625
IMPORT_EXPORT_VMM VOID VmFuncSetSaveDebugControlsVmcallOnTargetCore(BOOLEAN Set)
Set SAVE DEBUG CONTROLS on VM-exit controls on the target core from VMCS using VMCALL.
Definition Export.c:612
IMPORT_EXPORT_VMM VOID VmFuncSetLbrSelect(UINT64 FilterOptions)
Set the guest state of MSR_LEGACY_LBR_SELECT.
Definition Export.c:561
IMPORT_EXPORT_VMM VOID VmFuncSetLoadDebugControlsVmcallOnTargetCore(BOOLEAN Set)
Set LOAD DEBUG CONTROLS on VM-entry controls on the target core from VMCS using VMCALL.
Definition Export.c:586
IMPORT_EXPORT_VMM UINT64 VmFuncGetGuestIa32LbrCtl()
Get the guest state of IA32_LBR_CTL.
Definition Export.c:466
IMPORT_EXPORT_VMM UINT64 VmFuncGetDebugctl()
Get the guest state of IA32_DEBUGCTL.
Definition Export.c:443
IMPORT_EXPORT_VMM VOID VmFuncSetGuestIa32LbrCtlVmcallOnTargetCore(UINT64 Value)
Set the guest state of IA32_LBR_CTL on the target core from VMCS using VMCALL.
Definition Export.c:549
struct _HYPERTRACE_CALLBACKS HYPERTRACE_CALLBACKS
Prototype of each function needed by hypertrace module.
BOOLEAN g_HyperTraceInitialized
Shows whether the hypertrace module is initialized or not.
Definition Global.h:41
UINT32 KernelStatus
Definition RequestStructures.h:40
VM_FUNC_SET_LOAD_GUEST_IA32_LBR_CTL VmFuncSetLoadGuestIa32LbrCtl
Definition HyperTrace.h:250
VM_FUNC_SET_DEBUGCTL_VMCALL_ON_TARGET_CORE VmFuncSetDebugctlVmcallOnTargetCore
Definition HyperTrace.h:229
VM_FUNC_SET_GUEST_IA32_LBR_CTL VmFuncSetGuestIa32LbrCtl
Definition HyperTrace.h:247
VM_FUNC_SET_CLEAR_GUEST_IA32_LBR_CTL VmFuncSetClearGuestIa32LbrCtl
Definition HyperTrace.h:252
VM_FUNC_GET_DEBUGCTL_VMCALL_ON_TARGET_CORE VmFuncGetDebugctlVmcallOnTargetCore
Definition HyperTrace.h:227
VM_FUNC_CHECK_CPU_SUPPORT_FOR_SAVE_AND_LOAD_DEBUG_CONTROLS VmFuncCheckCpuSupportForSaveAndLoadDebugControls
Definition HyperTrace.h:224
VM_FUNC_SET_LBR_SELECT_VMCALL_ON_TARGET_CORE VmFuncSetLbrSelectVmcallOnTargetCore
Definition HyperTrace.h:237
VM_FUNC_SET_CLEAR_GUEST_IA32_LBR_CTL_VMCALL_ON_TARGET_CORE VmFuncSetClearGuestIa32LbrCtlVmcallOnTargetCore
Definition HyperTrace.h:253
VM_FUNC_SET_GUEST_IA32_LBR_CTL_VMCALL_ON_TARGET_CORE VmFuncSetGuestIa32LbrCtlVmcallOnTargetCore
Definition HyperTrace.h:248
LOG_CALLBACK_SEND_MESSAGE_TO_QUEUE LogCallbackSendMessageToQueue
Definition HyperTrace.h:211
VM_FUNC_SET_SAVE_DEBUG_CONTROLS_VMCALL_ON_TARGET_CORE VmFuncSetSaveDebugControlsVmcallOnTargetCore
Definition HyperTrace.h:234
LOG_CALLBACK_CHECK_IF_BUFFER_IS_FULL LogCallbackCheckIfBufferIsFull
Definition HyperTrace.h:213
VM_FUNC_GET_DEBUGCTL VmFuncGetDebugctl
Definition HyperTrace.h:226
LOG_CALLBACK_PREPARE_AND_SEND_MESSAGE_TO_QUEUE LogCallbackPrepareAndSendMessageToQueueWrapper
Definition HyperTrace.h:210
VM_FUNC_SET_LBR_SELECT VmFuncSetLbrSelect
Definition HyperTrace.h:236
VM_FUNC_SET_LOAD_DEBUG_CONTROLS_VMCALL_ON_TARGET_CORE VmFuncSetLoadDebugControlsVmcallOnTargetCore
Definition HyperTrace.h:232
VM_FUNC_SET_SAVE_DEBUG_CONTROLS VmFuncSetSaveDebugControls
Definition HyperTrace.h:233
VM_FUNC_SET_LOAD_DEBUG_CONTROLS VmFuncSetLoadDebugControls
Definition HyperTrace.h:231
VM_FUNC_GET_GUEST_IA32_LBR_CTL VmFuncGetGuestIa32LbrCtl
Definition HyperTrace.h:245
VM_FUNC_CHECK_CPU_SUPPORT_FOR_LOAD_AND_CLEAR_GUEST_IA32_LBR_CTL_CONTROLS VmFuncCheckCpuSupportForLoadAndClearGuestIa32LbrCtlControls
Definition HyperTrace.h:243
VM_FUNC_GET_GUEST_IA32_LBR_CTL_VMCALL_ON_TARGET_CORE VmFuncGetGuestIa32LbrCtlVmcallOnTargetCore
Definition HyperTrace.h:246
VM_FUNC_VMX_GET_CURRENT_EXECUTION_MODE VmFuncVmxGetCurrentExecutionMode
Definition HyperTrace.h:218
VM_FUNC_SET_LOAD_GUEST_IA32_LBR_CTL_VMCALL_ON_TARGET_CORE VmFuncSetLoadGuestIa32LbrCtlVmcallOnTargetCore
Definition HyperTrace.h:251
VM_FUNC_SET_DEBUGCTL VmFuncSetDebugctl
Definition HyperTrace.h:228
LOG_CALLBACK_SEND_BUFFER LogCallbackSendBuffer
Definition HyperTrace.h:212

◆ LoaderInitKd()

BOOLEAN LoaderInitKd ( )

Initialize the debugger.

Returns
BOOLEAN
265{
266 //
267 // If the debugger is already initialized, we don't need to initialize it again
268 // and simply return true
269 //
270 if (g_KdInitialized)
271 {
272 return TRUE;
273 }
274
275 //
276 // The debugger is not initialized, so we try to initialize it
277 //
278 if (DebuggerInitialize())
279 {
280 LogDebugInfo("HyperDbg's debugger loaded successfully");
281
282 //
283 // KD module initialized
284 //
286
287 return TRUE;
288 }
289
290 LogError("Err, HyperDbg's debugger was not loaded");
291 return FALSE;
292}
BOOLEAN DebuggerInitialize()
Initialize Debugger Structures and Routines.
Definition Debugger.c:227
#define LogError(format,...)
Log in the case of error.
Definition HyperDbgHyperLogIntrinsics.h:113
BOOLEAN g_KdInitialized
Shows whether the KD module is initialized or not.
Definition Global.h:29

◆ LoaderInitVmm()

BOOLEAN LoaderInitVmm ( PDEBUGGER_INIT_VMM_PACKET InitVmmPacket)

Initialize the VMM.

Parameters
InitVmmPacketThe packet to fill the result of the initialization
Returns
BOOLEAN
161{
162 VMM_CALLBACKS VmmCallbacks = {0};
163
164 //
165 // Check if KD is not already initialized, if so we cannot initialize VMM
166 //
167 if (!g_KdInitialized)
168 {
170 return FALSE;
171 }
172
173 //
174 // Check if HyperTrace is already initialized, if so we cannot initialize VMM
175 //
177 {
179 return FALSE;
180 }
181
182 //
183 // *** Fill the callbacks for using hyperlog in VMM ***
184 //
189
190 //
191 // Fill the HyperTrace callback(s)
192 //
194
195 //
196 // Fill the VMM callbacks
197 //
206
207 //
208 // Fill the debugging callbacks
209 //
215
216 //
217 // Fill the pool manager callbacks
218 //
222
223 //
224 // Fill the interception callbacks
225 //
227
228 //
229 // Initialize VMX
230 //
231 if (VmFuncInitVmm(&VmmCallbacks))
232 {
233 LogDebugInfo("HyperDbg's hypervisor loaded successfully");
234
235 //
236 // Initialize VMM opeartions (event related state from the debugger)
237 //
239 {
240 return FALSE;
241 }
242
243 //
244 // VMM module initialized
245 //
247
248 return TRUE;
249 }
250 else
251 {
252 LogError("Err, HyperDbg's hypervisor was not loaded");
253 }
254
255 return FALSE;
256}
BOOLEAN AttachingCheckThreadInterceptionWithUserDebugger(UINT32 CoreId)
Check thread interceptions with user-mode debugger.
Definition Attaching.c:625
BOOLEAN AttachingCheckUnhandledEptViolation(UINT32 CoreId, UINT64 ViolationQualification, UINT64 GuestPhysicalAddr)
handling unhandled EPT violations
Definition Attaching.c:976
BOOLEAN BreakpointHandleBreakpoints(UINT32 CoreId)
Handle breakpoint vm-exits (BP).
Definition BreakpointCommands.c:662
BOOLEAN BreakpointCheckAndHandleDebugBreakpoint(UINT32 CoreId)
Check and handle debug breakpoint exceptions.
Definition BreakpointCommands.c:239
BOOLEAN DebuggerInitializeVmmOperations()
Initialize VMM operations (events and related operations).
Definition Debugger.c:148
VMM_CALLBACK_TRIGGERING_EVENT_STATUS_TYPE DebuggerTriggerEvents(VMM_EVENT_TYPE_ENUM EventType, VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE CallingStage, PVOID Context, BOOLEAN *PostEventRequired, GUEST_REGS *Regs)
Trigger events of a special type to be managed by debugger.
Definition Debugger.c:1148
VOID DebuggerSetLastError(UINT32 LastError)
Debugger set the last error.
Definition Debugger.c:44
BOOLEAN DebuggerCheckProcessOrThreadChange(_In_ UINT32 CoreId)
Handle process or thread switches.
Definition DebuggerEvents.c:114
BOOLEAN DebuggerVmcallHandler(UINT32 CoreId, UINT64 VmcallNumber, UINT64 OptionalParam1, UINT64 OptionalParam2, UINT64 OptionalParam3)
Termination function for external-interrupts.
Definition DebuggerVmcalls.c:27
BOOLEAN KdHandleMtfCallback(UINT32 CoreId)
Handle Monitor Trap Flag (MTF) callback for kernel debugger.
Definition Kd.c:1212
BOOLEAN KdQueryIgnoreHandlingMov2DebugRegs(UINT32 CoreId)
Query to ignore handling mov 2 debug regs exiting.
Definition Kd.c:255
VOID KdHandleNmiBroadcastDebugBreaks(UINT32 CoreId, BOOLEAN IsOnVmxNmiHandler)
Handle broadcast NMIs for halting cores in vmx-root mode.
Definition Kd.c:1025
UINT64 PoolManagerRequestPool(POOL_ALLOCATION_INTENTION Intention, BOOLEAN RequestNewPool, UINT32 Size)
This function should be called from vmx-root in order to get a pool from the list.
Definition PoolManager.c:230
BOOLEAN PoolManagerRequestAllocation(SIZE_T Size, UINT32 Count, POOL_ALLOCATION_INTENTION Intention)
Request to allocate new buffers.
Definition PoolManager.c:436
BOOLEAN PoolManagerFreePool(UINT64 AddressToFree)
This function set a pool flag to be freed, and it will be freed on the next IOCTL when it's safe to r...
Definition PoolManager.c:154
VOID ProcessTriggerCr3ProcessChange(UINT32 CoreId)
handle process changes for cr3 registers
Definition Process.c:22
BOOLEAN TerminateQueryDebuggerResource(UINT32 CoreId, PROTECTED_HV_RESOURCES_TYPE ResourceType, PVOID Context, PROTECTED_HV_RESOURCES_PASSING_OVERS PassOver)
Termination query state of debugger.
Definition Termination.c:1756
BOOLEAN UserAccessCheckForLoadedModuleDetails(UINT32 CoreId)
Checks whether the loaded module is available or not.
Definition UserAccess.c:854
#define DEBUGGER_ERROR_VMM_CANNOT_BE_INITIALIZED_IF_HYPERTRACE_IS_LOADED
error, VMM cannot be initialized while HyperTrace module is already loaded
Definition ErrorCodes.h:642
#define DEBUGGER_ERROR_VMM_CANNOT_BE_INITIALIZED_IF_DEBUGGER_IS_NOT_LOADED
error, VMM cannot be initialized if the debugger is not loaded
Definition ErrorCodes.h:648
IMPORT_EXPORT_HYPERTRACE BOOLEAN HyperTraceLbrIsSupported(UINT32 *Capacity, BOOLEAN *IsArchLbr)
Check if LBR is supported on the current CPU and get its capacity.
Definition LbrApi.c:157
IMPORT_EXPORT_VMM BOOLEAN VmFuncInitVmm(VMM_CALLBACKS *VmmCallbacks)
Initializes hypervisor.
Definition Export.c:780
struct _VMM_CALLBACKS VMM_CALLBACKS
Prototype of each function needed by VMM module.
BOOLEAN g_VmmInitialized
Shows whether the VMM is initialized or not.
Definition Global.h:24
HYPERTRACE_LBR_IS_SUPPORTED HyperTraceCallbackLbrIsSupported
Definition VMM.h:194
DEBUGGING_CALLBACK_HANDLE_DEBUG_BREAKPOINT_EXCEPTION DebuggingCallbackHandleDebugBreakpointException
Definition VMM.h:212
VMM_CALLBACK_NMI_BROADCAST_REQUEST_HANDLER VmmCallbackNmiBroadcastRequestHandler
Definition VMM.h:202
LOG_CALLBACK_SEND_BUFFER LogCallbackSendBuffer
Definition VMM.h:188
POOL_MANAGER_REQUEST_POOL PoolManagerCallbackRequestPool
Definition VMM.h:221
VMM_CALLBACK_VMCALL_HANDLER VmmCallbackVmcallHandler
Definition VMM.h:201
LOG_CALLBACK_CHECK_IF_BUFFER_IS_FULL LogCallbackCheckIfBufferIsFull
Definition VMM.h:189
VMM_CALLBACK_HANDLE_MTF_CALLBACK VmmCallbackHandleMtfCallback
Definition VMM.h:206
VMM_CALLBACK_SET_LAST_ERROR VmmCallbackSetLastError
Definition VMM.h:200
LOG_CALLBACK_PREPARE_AND_SEND_MESSAGE_TO_QUEUE LogCallbackPrepareAndSendMessageToQueueWrapper
Definition VMM.h:186
LOG_CALLBACK_SEND_MESSAGE_TO_QUEUE LogCallbackSendMessageToQueue
Definition VMM.h:187
INTERCEPTION_CALLBACK_TRIGGER_CR3_CHANGE InterceptionCallbackTriggerCr3ProcessChange
Definition VMM.h:227
VMM_CALLBACK_RESTORE_EPT_STATE VmmCallbackRestoreEptState
Definition VMM.h:204
VMM_CALLBACK_CHECK_UNHANDLED_EPT_VIOLATION VmmCallbackCheckUnhandledEptViolations
Definition VMM.h:205
DEBUGGING_CALLBACK_IGNORE_HANDLING_MOV_2_DEBUG_REGS DebuggingCallbackIgnoreHandlingMov2DebugRegs
Definition VMM.h:215
DEBUGGING_CALLBACK_CHECK_THREAD_INTERCEPTION DebuggingCallbackCheckThreadInterception
Definition VMM.h:213
POOL_MANAGER_FREE_POOL PoolManagerCallbackFreePool
Definition VMM.h:222
DEBUGGING_CALLBACK_HANDLE_BREAKPOINT_EXCEPTION DebuggingCallbackHandleBreakpointException
Definition VMM.h:211
VMM_CALLBACK_TRIGGER_EVENTS VmmCallbackTriggerEvents
Definition VMM.h:199
DEBUGGING_CALLBACK_TRIGGER_ON_CLOCK_AND_IPI_EVENTS DebuggingCallbackTriggerOnClockAndIpiEvents
Definition VMM.h:214
VMM_CALLBACK_QUERY_TERMINATE_PROTECTED_RESOURCE VmmCallbackQueryTerminateProtectedResource
Definition VMM.h:203
POOL_MANAGER_REQUEST_ALLOCATION PoolManagerCallbackRequestAllocation
Definition VMM.h:220

◆ LoaderUninitHyperTrace()

VOID LoaderUninitHyperTrace ( )

Uninitialize the hyper trace module.

Returns
VOID
342{
343 //
344 // Mark hypertrace as uninitialized before uninitializing it to avoid any potential reentrancy issues during the uninitialization process
345 //
347
348 //
349 // Uninitialize the hypertrace
350 //
352}
IMPORT_EXPORT_HYPERTRACE VOID HyperTraceUninit()
Uninitialize the hypertrace module.
Definition TraceApi.c:104

◆ LoaderUninitKd()

VOID LoaderUninitKd ( )

Uninitialize the debugger.

Returns
VOID
399{
400 //
401 // Mark KD as uninitialized before uninitializing it to avoid any potential reentrancy issues during the uninitialization process
402 //
404
405 //
406 // Uninitialize the debugger and its sub-mechanisms
407 //
409}
VOID DebuggerUninitialize()
Uninitialize Debugger Structures and Routines.
Definition Debugger.c:354

◆ LoaderUninitLogTracer()

VOID LoaderUninitLogTracer ( )

Uninitialize the log tracer.

Returns
VOID
437{
438#if !UseDbgPrintInsteadOfUsermodeMessageTracking
439
440 LogDebugInfo("Unloading hyperlog...\n");
441
442 //
443 // Uinitialize log buffer if it was initialized
444 //
446 {
449 }
450#endif
451}
IMPORT_EXPORT_HYPERLOG VOID LogUnInitialize()
Uninitialize the buffer relating to log message tracing.
Definition Logging.c:211

◆ LoaderUninitVmm()

VOID LoaderUninitVmm ( )

Uninitialize the VMM.

Returns
VOID
361{
362 //
363 // Mark VMM as uninitialized before uninitializing it to avoid any potential reentrancy issues during the uninitialization process
364 //
366
367 //
368 // Uninitialize the HyperTrace (if it was initialized)
369 //
370 // If the trace module is currently loaded, it must be unloaded before the VMM module can be unloaded
371 // HyperTrace can operate both with and without the VMM module. When loaded after the VMM module, HyperTrace can make
372 // use of hypervisor-specific features. Otherwise, it will operate normally, but those features will not be available
373 // The trace module will be unloaded automatically and may be reloaded later if needed
374 //
375 // Note: The user mode should automatically request to unload the 'trace' module if it is already loaded
376 // however, here we also unload it just in case if this function is directly called or the user mode
377 // code did not unload it
378 //
380
381 //
382 // First remove all VMM related state from the debugger
383 //
385
386 //
387 // Terminate VMM and its sub-mechanisms
388 //
390}
VOID DebuggerUninitializeVmmOperations()
Uninitialize Debugger VMM Operations (Events and other related operations).
Definition Debugger.c:299
IMPORT_EXPORT_VMM VOID VmFuncUninitVmm()
Uninitialize Terminate Vmx on all logical cores.
Definition Export.c:791
VOID LoaderUninitHyperTrace()
Uninitialize the hyper trace module.
Definition Loader.c:341

◆ LoaderUninitVmmAndDebugger()

VOID LoaderUninitVmmAndDebugger ( )

Uninitialize the VMM and the debugger.

Returns
VOID
418{
419 //
420 // Uninitialize the VMM first because it relies on the debugger for some
421 //
423
424 //
425 // Uninitialize the debugger
426 //
428}
VOID LoaderUninitVmm()
Uninitialize the VMM.
Definition Loader.c:360
VOID LoaderUninitKd()
Uninitialize the debugger.
Definition Loader.c:398