HyperDbg Debugger
Loading...
Searching...
No Matches
Loader.h File Reference

Routines for perform initial VMM and debugger loads. More...

Go to the source code of this file.

Functions

BOOLEAN LoaderInitHyperLog ()
 Initialize the hyper log module.
BOOLEAN LoaderInitHyperTrace (PDEBUGGER_INIT_HYPERTRACE_PACKET InitHyperTracePacket, BOOLEAN RunningOnHypervisorEnvironment)
 Initialize the hyper trace module.
BOOLEAN LoaderInitDebuggerAndVmm (PDEBUGGER_INIT_VMM_PACKET InitVmmPacket)
 Initialize the debugger and the vmm.
VOID LoaderUninitVmmAndDebugger ()
 Uninitialize the VMM and the debugger.
VOID LoaderUninitHyperTrace ()
 Uninitialize the hyper trace module.
VOID LoaderUninitLogTracer ()
 Uninitialize the log tracer.

Detailed Description

Routines for perform initial VMM and debugger loads.

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.2
Date
2023-01-15

Function Documentation

◆ LoaderInitDebuggerAndVmm()

BOOLEAN LoaderInitDebuggerAndVmm ( PDEBUGGER_INIT_VMM_PACKET InitVmmPacket)

Initialize the debugger and the vmm.

Parameters
InitVmmPacketThe packet to fill the result of the initialization
Returns
BOOLEAN
303{
304 //
305 // First we need to initialize the debugger
306 // because the VMM relies on the debugger for some of its functionalities,
307 // so if we cannot initialize the debugger we cannot initialize the VMM
308 //
309 if (!LoaderInitKd())
310 {
311 //
312 // Unable to initialize the debugger, so we cannot initialize the VMM, and we return false
313 //
315
316 return FALSE;
317 }
318
319 //
320 // Now we can initialize the VMM
321 //
322 if (!LoaderInitVmm(InitVmmPacket))
323 {
324 return FALSE;
325 }
326
327 //
328 // Set the kernel status to success
329 //
331
332 return TRUE;
333}
#define TRUE
Definition BasicTypes.h:114
#define FALSE
Definition BasicTypes.h:113
#define DEBUGGER_ERROR_CANNOT_INITIALIZE_DEBUGGER
error, cannot initialize the debugger
Definition ErrorCodes.h:654
#define DEBUGGER_OPERATION_WAS_SUCCESSFUL
General value to indicate that the operation or request was successful.
Definition ErrorCodes.h:23
BOOLEAN LoaderInitKd()
Initialize the debugger.
Definition Loader.c:264
BOOLEAN LoaderInitVmm(PDEBUGGER_INIT_VMM_PACKET InitVmmPacket)
Initialize the VMM.
Definition Loader.c:160
UINT32 KernelStatus
Definition RequestStructures.h:25

◆ LoaderInitHyperLog()

BOOLEAN LoaderInitHyperLog ( )

Initialize the hyper log module.

Returns
BOOLEAN
120{
121 MESSAGE_TRACING_CALLBACKS MsgTracingCallbacks = {0};
122
123 //
124 // *** Fill the callbacks for the message tracer ***
125 //
129
130 //
131 // Initialize message tracer (if not already initialized)
132 //
133 if (g_HyperLogInitialized == FALSE && LogInitialize(&MsgTracingCallbacks))
134 {
136
137 LogDebugInfo("HyperDbg's hyperlog loaded successfully");
138
139 return TRUE;
140 }
141 else
142 {
143 //
144 // We use DbgPrint here because if the hyperlog is not loaded we can't use it to log the error
145 // so we just log the error with DbgPrint and continue without loading hyperlog
146 //
147 DbgPrint("Err, HyperDbg's hyperlog was not loaded or already loaded");
148 return FALSE;
149 }
150}
BOOLEAN KdCheckImmediateMessagingMechanism(UINT32 OperationCode)
Checks whether the immediate messaging mechism is needed or not.
Definition Kd.c:107
_Use_decl_annotations_ BOOLEAN KdLoggingResponsePacketToDebugger(CHAR *OptionalBuffer, UINT32 OptionalBufferLength, UINT32 OperationCode)
Sends a HyperDbg logging response packet to the debugger.
Definition Kd.c:377
IMPORT_EXPORT_HYPERLOG BOOLEAN LogInitialize(MESSAGE_TRACING_CALLBACKS *MsgTracingCallbacks)
Initialize the buffer relating to log message tracing.
Definition Logging.c:98
#define LogDebugInfo(format,...)
Log, initialize boot information and debug information.
Definition HyperDbgHyperLogIntrinsics.h:155
IMPORT_EXPORT_VMM BOOLEAN VmFuncVmxGetCurrentExecutionMode()
Get the current VMX operation state.
Definition Export.c:802
struct _MESSAGE_TRACING_CALLBACKS MESSAGE_TRACING_CALLBACKS
Prototype of each function needed by message tracer.
BOOLEAN g_HyperLogInitialized
Shows whether the hyperlog module is initialized or not.
Definition Global.h:23
SEND_IMMEDIATE_MESSAGE SendImmediateMessage
Definition HyperLog.h:52
CHECK_IMMEDIATE_MESSAGE_SENDING CheckImmediateMessageSending
Definition HyperLog.h:51
CHECK_VMX_OPERATION VmxOperationCheck
Definition HyperLog.h:50

◆ LoaderInitHyperTrace()

BOOLEAN LoaderInitHyperTrace ( PDEBUGGER_INIT_HYPERTRACE_PACKET InitHyperTracePacket,
BOOLEAN RunningOnHypervisorEnvironment )

Initialize the hyper trace module.

Parameters
RunningOnHypervisorEnvironmentWhether the initialization is being done for hypervisor environment or not
Returns
BOOLEAN
22{
23 HYPERTRACE_CALLBACKS HyperTraceCallbacks = {0};
24
25 //
26 // *** Fill the callbacks for using hypertrace ***
27 //
28
29 //
30 // Fill the callbacks for using hyperlog in hypertrace
31 // We use the callbacks directly to avoid two calls to the same function
32 //
35 HyperTraceCallbacks.LogCallbackSendBuffer = LogCallbackSendBuffer;
37
38 //
39 // Fill the callbacks for using hyperhv in hypertrace
40 //
42
43 //
44 // *** Legacy LBR callbacks ***
45 //
46
48
49 HyperTraceCallbacks.VmFuncGetDebugctl = VmFuncGetDebugctl;
51 HyperTraceCallbacks.VmFuncSetDebugctl = VmFuncSetDebugctl;
53
58
59 HyperTraceCallbacks.VmFuncSetLbrSelect = VmFuncSetLbrSelect;
61
62 //
63 // *** Architectural LBR callbacks ***
64 //
65
67
72
77
78 //
79 // Initialize hypertrace module
80 //
81 if (HyperTraceInitCallback(&HyperTraceCallbacks, RunningOnHypervisorEnvironment))
82 {
83 LogDebugInfo("HyperDbg's hypertrace loaded successfully");
84
85 //
86 // Mark hypertrace as initialized
87 //
89
90 //
91 // Set the kernel status to success
92 //
93 InitHyperTracePacket->KernelStatus = DEBUGGER_OPERATION_WAS_SUCCESSFUL;
94
95 return TRUE;
96 }
97 else
98 {
99 //
100 // We won't fail the loading just because of hypertrace, so we just log the error and continue without loading hypertrace
101 //
102 LogDebugInfo("Err, HyperDbg's hypertrace was not loaded");
103
104 //
105 // Set the kernel status to indicate failure
106 //
108
109 return FALSE;
110 }
111}
#define DEBUGGER_ERROR_HYPERTRACE_NOT_INITIALIZED
error, HyperTrace is not initialized
Definition ErrorCodes.h:588
IMPORT_EXPORT_HYPERLOG BOOLEAN LogCallbackSendBuffer(_In_ UINT32 OperationCode, _In_reads_bytes_(BufferLength) PVOID Buffer, _In_ UINT32 BufferLength, _In_ BOOLEAN Priority)
routines callback for sending buffer
Definition HyperLogCallback.c:123
IMPORT_EXPORT_HYPERLOG BOOLEAN LogCallbackCheckIfBufferIsFull(BOOLEAN Priority)
Checks whether the priority or regular buffer is full or not.
Definition Logging.c:262
IMPORT_EXPORT_HYPERLOG BOOLEAN LogCallbackSendMessageToQueue(UINT32 OperationCode, BOOLEAN IsImmediateMessage, CHAR *LogMessage, UINT32 BufferLen, BOOLEAN Priority)
Send string messages and tracing for logging and monitoring.
Definition Logging.c:1214
IMPORT_EXPORT_HYPERLOG BOOLEAN LogCallbackPrepareAndSendMessageToQueueWrapper(UINT32 OperationCode, BOOLEAN IsImmediateMessage, BOOLEAN ShowCurrentSystemTime, BOOLEAN Priority, const CHAR *Fmt, va_list ArgList)
Prepare a printf-style message mapping and send string messages and tracing for logging and monitorin...
Definition Logging.c:987
IMPORT_EXPORT_HYPERTRACE BOOLEAN HyperTraceInitCallback(HYPERTRACE_CALLBACKS *HyperTraceCallbacks, BOOLEAN RunningOnHypervisorEnvironment)
Initialize the hypertrace module callbacks.
Definition TraceApi.c:24
IMPORT_EXPORT_VMM VOID VmFuncSetLoadGuestIa32LbrCtl(UINT32 CoreId, BOOLEAN Set)
Set LOAD GUEST IA32_LBR_CTL on Vm-entry controls.
Definition Export.c:151
IMPORT_EXPORT_VMM BOOLEAN VmFuncCheckCpuSupportForSaveAndLoadDebugControls()
Check if CPU support save and load debug controls on exit and load entries.
Definition Export.c:488
IMPORT_EXPORT_VMM VOID VmFuncSetLoadGuestIa32LbrCtlVmcallOnTargetCore(BOOLEAN Set)
Set LOAD GUEST IA32_LBR_CTL on VM-entry controls on the target core from VMCS using VMCALL.
Definition Export.c:599
IMPORT_EXPORT_VMM VOID VmFuncSetLbrSelectVmcallOnTargetCore(UINT64 FilterOptions)
Set the guest state of MSR_LEGACY_LBR_SELECT on the target core from VMCS using VMCALL.
Definition Export.c:573
IMPORT_EXPORT_VMM BOOLEAN VmFuncCheckCpuSupportForLoadAndClearGuestIa32LbrCtlControls()
Check if CPU support load and clear guest IA32_LBR_CTL controls on VM-entry and VM-exit.
Definition Export.c:499
IMPORT_EXPORT_VMM VOID VmFuncSetDebugctl(UINT64 Value)
Set the guest state of IA32_DEBUGCTL.
Definition Export.c:511
IMPORT_EXPORT_VMM UINT64 VmFuncGetDebugctlVmcallOnTargetCore()
Get the guest state of IA32_DEBUGCTL on the target core from VMCS using VMCALL.
Definition Export.c:455
IMPORT_EXPORT_VMM VOID VmFuncSetGuestIa32LbrCtl(UINT64 Value)
Set the guest state of IA32_LBR_CTL.
Definition Export.c:536
IMPORT_EXPORT_VMM VOID VmFuncSetClearGuestIa32LbrCtl(UINT32 CoreId, BOOLEAN Set)
Set CLEAR GUEST IA32_LBR_CTL on Vm-exit controls.
Definition Export.c:179
IMPORT_EXPORT_VMM VOID VmFuncSetDebugctlVmcallOnTargetCore(UINT64 Value)
Set the guest state of IA32_DEBUGCTL on the target core from VMCS using VMCALL.
Definition Export.c:524
IMPORT_EXPORT_VMM UINT64 VmFuncGetGuestIa32LbrCtlVmcallOnTargetCore()
Get the guest state of IA32_LBR_CTL on the target core from VMCS.
Definition Export.c:477
IMPORT_EXPORT_VMM VOID VmFuncSetSaveDebugControls(UINT32 CoreId, BOOLEAN Set)
Set SAVE DEBUG CONTROLS on Vm-exit controls.
Definition Export.c:165
IMPORT_EXPORT_VMM VOID VmFuncSetLoadDebugControls(UINT32 CoreId, BOOLEAN Set)
Set LOAD DEBUG CONTROLS on Vm-entry controls.
Definition Export.c:137
IMPORT_EXPORT_VMM VOID VmFuncSetClearGuestIa32LbrCtlVmcallOnTargetCore(BOOLEAN Set)
Set CLEAR GUEST IA32_LBR_CTL on VM-exit controls on the target core from VMCS using VMCALL.
Definition Export.c:625
IMPORT_EXPORT_VMM VOID VmFuncSetSaveDebugControlsVmcallOnTargetCore(BOOLEAN Set)
Set SAVE DEBUG CONTROLS on VM-exit controls on the target core from VMCS using VMCALL.
Definition Export.c:612
IMPORT_EXPORT_VMM VOID VmFuncSetLbrSelect(UINT64 FilterOptions)
Set the guest state of MSR_LEGACY_LBR_SELECT.
Definition Export.c:561
IMPORT_EXPORT_VMM VOID VmFuncSetLoadDebugControlsVmcallOnTargetCore(BOOLEAN Set)
Set LOAD DEBUG CONTROLS on VM-entry controls on the target core from VMCS using VMCALL.
Definition Export.c:586
IMPORT_EXPORT_VMM UINT64 VmFuncGetGuestIa32LbrCtl()
Get the guest state of IA32_LBR_CTL.
Definition Export.c:466
IMPORT_EXPORT_VMM UINT64 VmFuncGetDebugctl()
Get the guest state of IA32_DEBUGCTL.
Definition Export.c:443
IMPORT_EXPORT_VMM VOID VmFuncSetGuestIa32LbrCtlVmcallOnTargetCore(UINT64 Value)
Set the guest state of IA32_LBR_CTL on the target core from VMCS using VMCALL.
Definition Export.c:549
struct _HYPERTRACE_CALLBACKS HYPERTRACE_CALLBACKS
Prototype of each function needed by hypertrace module.
BOOLEAN g_HyperTraceInitialized
Shows whether the hypertrace module is initialized or not.
Definition Global.h:41
UINT32 KernelStatus
Definition RequestStructures.h:40
VM_FUNC_SET_LOAD_GUEST_IA32_LBR_CTL VmFuncSetLoadGuestIa32LbrCtl
Definition HyperTrace.h:250
VM_FUNC_SET_DEBUGCTL_VMCALL_ON_TARGET_CORE VmFuncSetDebugctlVmcallOnTargetCore
Definition HyperTrace.h:229
VM_FUNC_SET_GUEST_IA32_LBR_CTL VmFuncSetGuestIa32LbrCtl
Definition HyperTrace.h:247
VM_FUNC_SET_CLEAR_GUEST_IA32_LBR_CTL VmFuncSetClearGuestIa32LbrCtl
Definition HyperTrace.h:252
VM_FUNC_GET_DEBUGCTL_VMCALL_ON_TARGET_CORE VmFuncGetDebugctlVmcallOnTargetCore
Definition HyperTrace.h:227
VM_FUNC_CHECK_CPU_SUPPORT_FOR_SAVE_AND_LOAD_DEBUG_CONTROLS VmFuncCheckCpuSupportForSaveAndLoadDebugControls
Definition HyperTrace.h:224
VM_FUNC_SET_LBR_SELECT_VMCALL_ON_TARGET_CORE VmFuncSetLbrSelectVmcallOnTargetCore
Definition HyperTrace.h:237
VM_FUNC_SET_CLEAR_GUEST_IA32_LBR_CTL_VMCALL_ON_TARGET_CORE VmFuncSetClearGuestIa32LbrCtlVmcallOnTargetCore
Definition HyperTrace.h:253
VM_FUNC_SET_GUEST_IA32_LBR_CTL_VMCALL_ON_TARGET_CORE VmFuncSetGuestIa32LbrCtlVmcallOnTargetCore
Definition HyperTrace.h:248
LOG_CALLBACK_SEND_MESSAGE_TO_QUEUE LogCallbackSendMessageToQueue
Definition HyperTrace.h:211
VM_FUNC_SET_SAVE_DEBUG_CONTROLS_VMCALL_ON_TARGET_CORE VmFuncSetSaveDebugControlsVmcallOnTargetCore
Definition HyperTrace.h:234
LOG_CALLBACK_CHECK_IF_BUFFER_IS_FULL LogCallbackCheckIfBufferIsFull
Definition HyperTrace.h:213
VM_FUNC_GET_DEBUGCTL VmFuncGetDebugctl
Definition HyperTrace.h:226
LOG_CALLBACK_PREPARE_AND_SEND_MESSAGE_TO_QUEUE LogCallbackPrepareAndSendMessageToQueueWrapper
Definition HyperTrace.h:210
VM_FUNC_SET_LBR_SELECT VmFuncSetLbrSelect
Definition HyperTrace.h:236
VM_FUNC_SET_LOAD_DEBUG_CONTROLS_VMCALL_ON_TARGET_CORE VmFuncSetLoadDebugControlsVmcallOnTargetCore
Definition HyperTrace.h:232
VM_FUNC_SET_SAVE_DEBUG_CONTROLS VmFuncSetSaveDebugControls
Definition HyperTrace.h:233
VM_FUNC_SET_LOAD_DEBUG_CONTROLS VmFuncSetLoadDebugControls
Definition HyperTrace.h:231
VM_FUNC_GET_GUEST_IA32_LBR_CTL VmFuncGetGuestIa32LbrCtl
Definition HyperTrace.h:245
VM_FUNC_CHECK_CPU_SUPPORT_FOR_LOAD_AND_CLEAR_GUEST_IA32_LBR_CTL_CONTROLS VmFuncCheckCpuSupportForLoadAndClearGuestIa32LbrCtlControls
Definition HyperTrace.h:243
VM_FUNC_GET_GUEST_IA32_LBR_CTL_VMCALL_ON_TARGET_CORE VmFuncGetGuestIa32LbrCtlVmcallOnTargetCore
Definition HyperTrace.h:246
VM_FUNC_VMX_GET_CURRENT_EXECUTION_MODE VmFuncVmxGetCurrentExecutionMode
Definition HyperTrace.h:218
VM_FUNC_SET_LOAD_GUEST_IA32_LBR_CTL_VMCALL_ON_TARGET_CORE VmFuncSetLoadGuestIa32LbrCtlVmcallOnTargetCore
Definition HyperTrace.h:251
VM_FUNC_SET_DEBUGCTL VmFuncSetDebugctl
Definition HyperTrace.h:228
LOG_CALLBACK_SEND_BUFFER LogCallbackSendBuffer
Definition HyperTrace.h:212

◆ LoaderUninitHyperTrace()

VOID LoaderUninitHyperTrace ( )

Uninitialize the hyper trace module.

Returns
VOID
342{
343 //
344 // Mark hypertrace as uninitialized before uninitializing it to avoid any potential reentrancy issues during the uninitialization process
345 //
347
348 //
349 // Uninitialize the hypertrace
350 //
352}
IMPORT_EXPORT_HYPERTRACE VOID HyperTraceUninit()
Uninitialize the hypertrace module.
Definition TraceApi.c:104

◆ LoaderUninitLogTracer()

VOID LoaderUninitLogTracer ( )

Uninitialize the log tracer.

Returns
VOID
105{
106 LogDebugInfo("Unloading HyperDbg's debugger...\n");
107
108#if !UseDbgPrintInsteadOfUsermodeMessageTracking
109
110 //
111 // Uinitialize log buffer
112 //
113 LogDebugInfo("Uninitializing logs\n");
115#endif
116}
IMPORT_EXPORT_HYPERLOG VOID LogUnInitialize()
Uninitialize the buffer relating to log message tracing.
Definition Logging.c:211

◆ LoaderUninitVmmAndDebugger()

VOID LoaderUninitVmmAndDebugger ( )

Uninitialize the VMM and the debugger.

Returns
VOID
418{
419 //
420 // Uninitialize the VMM first because it relies on the debugger for some
421 //
423
424 //
425 // Uninitialize the debugger
426 //
428}
VOID LoaderUninitVmm()
Uninitialize the VMM.
Definition Loader.c:360
VOID LoaderUninitKd()
Uninitialize the debugger.
Definition Loader.c:398