HyperDbg Debugger
Loading...
Searching...
No Matches
Functions | Variables
DpcRoutines.c File Reference

All the dpc routines which relates to executing on a single core for multi-core you can use Broadcast.c. More...

#include "pch.h"

Functions

NTSTATUS DpcRoutineRunTaskOnSingleCore (UINT32 CoreNumber, PVOID Routine, PVOID DeferredContext)
 This function synchronize the function execution for a single core You should only used it for one core, not in multiple threads simultaneously The function that needs to use this feature (Routine parameter function) should have the when it ends :
 
BOOLEAN DpcRoutinePerformVirtualization (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Broadcast VmxPerformVirtualizationOnSpecificCore.
 
VOID DpcRoutinePerformChangeMsrBitmapReadOnSingleCore (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 change msr bitmap read on a single core
 
VOID DpcRoutinePerformChangeMsrBitmapWriteOnSingleCore (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 change msr bitmap write on a single core
 
VOID DpcRoutinePerformEnableRdtscExitingOnSingleCore (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 set rdtsc/rdtscp exiting
 
VOID DpcRoutinePerformEnableRdpmcExitingOnSingleCore (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 set rdpmc exiting
 
VOID DpcRoutinePerformSetExceptionBitmapOnSingleCore (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 change exception bitmap on a single core
 
VOID DpcRoutinePerformEnableMovToDebugRegistersExiting (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Set the Mov to Debug Registers Exitings.
 
VOID DpcRoutinePerformEnableMovToControlRegisterExiting (KDPC *Dpc, DEBUGGER_EVENT_OPTIONS *EventOptions, PVOID SystemArgument1, PVOID SystemArgument2)
 Set the Mov to Control Registers Exitings.
 
VOID DpcRoutinePerformSetExternalInterruptExitingOnSingleCore (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Enable external interrupt exiting on a single core.
 
VOID DpcRoutinePerformEnableEferSyscallHookOnSingleCore (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Enable syscall hook EFER on a single core.
 
VOID DpcRoutinePerformChangeIoBitmapOnSingleCore (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 change I/O bitmap on a single core
 
VOID DpcRoutineEnableMovToCr3Exiting (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Broadcast to enable mov-to-cr3 exitings.
 
VOID DpcRoutineChangeToMbecSupportedEptp (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Broadcast to change to MBEC supported EPTP.
 
VOID DpcRoutineRestoreToNormalEptp (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Broadcast to restore to normal EPTP.
 
VOID DpcRoutineEnableOrDisableMbec (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Broadcast to enable or disable MBEC.
 
VOID DpcRoutineDisableMovToCr3Exiting (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Broadcast to disable mov-to-cr3 exitings.
 
VOID DpcRoutineEnableEferSyscallEvents (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Broadcast syscall hook to all cores.
 
VOID DpcRoutineDisableEferSyscallEvents (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Broadcast syscall unhook to all cores.
 
VOID DpcRoutineEnablePml (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Broadcast enable PML on all cores.
 
VOID DpcRoutineDisablePml (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Broadcast disable PML on all cores.
 
VOID DpcRoutineChangeMsrBitmapReadOnAllCores (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Disable Msr Bitmaps on all cores (vm-exit on all msrs)
 
VOID DpcRoutineResetMsrBitmapReadOnAllCores (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Reset Msr Bitmaps on all cores (vm-exit on all msrs)
 
VOID DpcRoutineChangeMsrBitmapWriteOnAllCores (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Disable Msr Bitmaps on all cores (vm-exit on all msrs)
 
VOID DpcRoutineResetMsrBitmapWriteOnAllCores (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Reset Msr Bitmaps on all cores (vm-exit on all msrs)
 
VOID DpcRoutineEnableRdtscExitingAllCores (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Enables rdtsc/rdtscp exiting in primary cpu-based controls.
 
VOID DpcRoutineDisableRdtscExitingAllCores (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Disables rdtsc/rdtscp exiting in primary cpu-based controls.
 
VOID DpcRoutineDisableRdtscExitingForClearingTscEventsAllCores (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Disables rdtsc/rdtscp exiting in primary cpu-based controls ONLY for clearing !tsc events.
 
VOID DpcRoutineDisableMov2DrExitingForClearingDrEventsAllCores (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Disables mov to debug registers exiting ONLY for clearing !dr events.
 
VOID DpcRoutineDisableMov2CrExitingForClearingCrEventsAllCores (KDPC *Dpc, DEBUGGER_EVENT_OPTIONS *EventOptions, PVOID SystemArgument1, PVOID SystemArgument2)
 Disables mov to control registers exiting ONLY for clearing !crwrite events.
 
VOID DpcRoutineEnableRdpmcExitingAllCores (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Enables rdpmc exiting in primary cpu-based controls.
 
VOID DpcRoutineDisableRdpmcExitingAllCores (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Disable rdpmc exiting in primary cpu-based controls.
 
VOID DpcRoutineSetExceptionBitmapOnAllCores (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Enable Exception Bitmaps on all cores.
 
VOID DpcRoutineUnsetExceptionBitmapOnAllCores (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Disable Exception Bitmaps on all cores.
 
VOID DpcRoutineResetExceptionBitmapOnlyOnClearingExceptionEventsOnAllCores (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Reset Exception Bitmaps on all cores.
 
VOID DpcRoutineEnableMovDebigRegisterExitingAllCores (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Enables mov debug registers exitings.
 
VOID DpcRoutineEnableMovControlRegisterExitingAllCores (KDPC *Dpc, DEBUGGER_EVENT_OPTIONS *EventOptions, PVOID SystemArgument1, PVOID SystemArgument2)
 Enables mov control registers exitings.
 
VOID DpcRoutineDisableMovControlRegisterExitingAllCores (KDPC *Dpc, DEBUGGER_EVENT_OPTIONS *EventOptions, PVOID SystemArgument1, PVOID SystemArgument2)
 Disables mov control registers exitings.
 
VOID DpcRoutineDisableMovDebigRegisterExitingAllCores (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Disables mov debug registers exitings.
 
VOID DpcRoutineSetEnableExternalInterruptExitingOnAllCores (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Enable vm-exit on all cores for external interrupts.
 
VOID DpcRoutineSetDisableExternalInterruptExitingOnlyOnClearingInterruptEventsOnAllCores (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Disable vm-exit on all cores for external interrupts only for clearing !interrupt events.
 
VOID DpcRoutineChangeIoBitmapOnAllCores (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Change I/O Bitmaps on all cores.
 
VOID DpcRoutineResetIoBitmapOnAllCores (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Reset I/O Bitmaps on all cores.
 
VOID DpcRoutineEnableBreakpointOnExceptionBitmapOnAllCores (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Enable breakpoint exiting on exception bitmaps on all cores.
 
VOID DpcRoutineDisableBreakpointOnExceptionBitmapOnAllCores (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Disable breakpoint exiting on exception bitmaps on all cores.
 
VOID DpcRoutineEnableNmiVmexitOnAllCores (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Enable vm-exit on NMIs on all cores.
 
VOID DpcRoutineDisableNmiVmexitOnAllCores (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Disable vm-exit on NMIs on all cores.
 
VOID DpcRoutineEnableDbAndBpExitingOnAllCores (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Enable vm-exit on #DBs and #BPs on all cores.
 
VOID DpcRoutineDisableDbAndBpExitingOnAllCores (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Disable vm-exit on #DBs and #BPs on all cores.
 
VOID DpcRoutineRemoveHookAndInvalidateAllEntriesOnAllCores (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 The broadcast function which removes all the hooks and invalidate TLB.
 
VOID DpcRoutineRemoveHookAndInvalidateSingleEntryOnAllCores (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 The broadcast function which removes the single hook and invalidate TLB.
 
VOID DpcRoutineInvalidateEptOnAllCores (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 The broadcast function which invalidate EPT using Vmcall.
 
VOID DpcRoutineInitializeGuest (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 The broadcast function which initialize the guest.
 
VOID DpcRoutineTerminateGuest (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 The broadcast function which terminate the guest.
 

Variables

volatile LONG OneCoreLock
 lock for one core execution
 

Detailed Description

All the dpc routines which relates to executing on a single core for multi-core you can use Broadcast.c.

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.1
Date
2020-04-29
Copyright
This project is released under the GNU Public License v3.

Function Documentation

◆ DpcRoutineChangeIoBitmapOnAllCores()

VOID DpcRoutineChangeIoBitmapOnAllCores ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Change I/O Bitmaps on all cores.

Parameters
Dpc
DeferredContextI/O Port index
SystemArgument1
SystemArgument2
Returns
VOID
1351{
1352 UNREFERENCED_PARAMETER(Dpc);
1353
1354 //
1355 // Change I/O Bitmaps on all cores
1356 //
1357 AsmVmxVmcall(VMCALL_CHANGE_IO_BITMAP, (UINT64)DeferredContext, 0, 0);
1358
1359 //
1360 // Wait for all DPCs to synchronize at this point
1361 //
1362 KeSignalCallDpcSynchronize(SystemArgument2);
1363
1364 //
1365 // Mark the DPC as being complete
1366 //
1367 KeSignalCallDpcDone(SystemArgument1);
1368}
UINT64
unsigned __int64 UINT64
Definition BasicTypes.h:21
AsmVmxVmcall
NTSTATUS AsmVmxVmcall(unsigned long long VmcallNumber, unsigned long long OptionalParam1, unsigned long long OptionalParam2, long long OptionalParam3)
Request Vmcall.
VMCALL_CHANGE_IO_BITMAP
#define VMCALL_CHANGE_IO_BITMAP
VMCALL to change I/O Bitmaps (A & B)
Definition Vmcall.h:118

◆ DpcRoutineChangeMsrBitmapReadOnAllCores()

VOID DpcRoutineChangeMsrBitmapReadOnAllCores ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Disable Msr Bitmaps on all cores (vm-exit on all msrs)

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
727{
728 UNREFERENCED_PARAMETER(Dpc);
729
730 //
731 // Disable msr bitmaps from vmx-root
732 //
733 AsmVmxVmcall(VMCALL_CHANGE_MSR_BITMAP_READ, (UINT64)DeferredContext, 0, 0);
734
735 //
736 // Wait for all DPCs to synchronize at this point
737 //
738 KeSignalCallDpcSynchronize(SystemArgument2);
739
740 //
741 // Mark the DPC as being complete
742 //
743 KeSignalCallDpcDone(SystemArgument1);
744}
VMCALL_CHANGE_MSR_BITMAP_READ
#define VMCALL_CHANGE_MSR_BITMAP_READ
VMCALL to change MSR Bitmap Read.
Definition Vmcall.h:76

◆ DpcRoutineChangeMsrBitmapWriteOnAllCores()

VOID DpcRoutineChangeMsrBitmapWriteOnAllCores ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Disable Msr Bitmaps on all cores (vm-exit on all msrs)

Parameters
Dpc
DeferredContextMsr index to be masked on msr bitmap
SystemArgument1
SystemArgument2
Returns
VOID
788{
789 UNREFERENCED_PARAMETER(Dpc);
790
791 //
792 // Disable msr bitmaps from vmx-root
793 //
794 AsmVmxVmcall(VMCALL_CHANGE_MSR_BITMAP_WRITE, (UINT64)DeferredContext, 0, 0);
795
796 //
797 // Wait for all DPCs to synchronize at this point
798 //
799 KeSignalCallDpcSynchronize(SystemArgument2);
800
801 //
802 // Mark the DPC as being complete
803 //
804 KeSignalCallDpcDone(SystemArgument1);
805}
VMCALL_CHANGE_MSR_BITMAP_WRITE
#define VMCALL_CHANGE_MSR_BITMAP_WRITE
VMCALL to change MSR Bitmap Write.
Definition Vmcall.h:82

◆ DpcRoutineChangeToMbecSupportedEptp()

VOID DpcRoutineChangeToMbecSupportedEptp ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Broadcast to change to MBEC supported EPTP.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
479{
480 UNREFERENCED_PARAMETER(Dpc);
481 UNREFERENCED_PARAMETER(DeferredContext);
482
483 //
484 // Change to a MBEC supported EPTP from vmx-root
485 //
486 AsmVmxVmcall(VMCALL_CHANGE_TO_MBEC_SUPPORTED_EPTP, 0, 0, 0);
487
488 //
489 // Wait for all DPCs to synchronize at this point
490 //
491 KeSignalCallDpcSynchronize(SystemArgument2);
492
493 //
494 // Mark the DPC as being complete
495 //
496 KeSignalCallDpcDone(SystemArgument1);
497}
VMCALL_CHANGE_TO_MBEC_SUPPORTED_EPTP
#define VMCALL_CHANGE_TO_MBEC_SUPPORTED_EPTP
VMCALL to change EPTP to an MBEC-supported EPTP.
Definition Vmcall.h:286

◆ DpcRoutineDisableBreakpointOnExceptionBitmapOnAllCores()

VOID DpcRoutineDisableBreakpointOnExceptionBitmapOnAllCores ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Disable breakpoint exiting on exception bitmaps on all cores.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
1443{
1444 UNREFERENCED_PARAMETER(Dpc);
1445 UNREFERENCED_PARAMETER(DeferredContext);
1446
1447 //
1448 // Change exception bitmap
1449 //
1450 AsmVmxVmcall(VMCALL_UNSET_EXCEPTION_BITMAP, EXCEPTION_VECTOR_BREAKPOINT, 0, 0);
1451
1452 //
1453 // Wait for all DPCs to synchronize at this point
1454 //
1455 KeSignalCallDpcSynchronize(SystemArgument2);
1456
1457 //
1458 // Mark the DPC as being complete
1459 //
1460 KeSignalCallDpcDone(SystemArgument1);
1461}
VMCALL_UNSET_EXCEPTION_BITMAP
#define VMCALL_UNSET_EXCEPTION_BITMAP
VMCALL to unset exception bitmap on VMCS.
Definition Vmcall.h:192
EXCEPTION_VECTOR_BREAKPOINT
@ EXCEPTION_VECTOR_BREAKPOINT
Definition Events.h:27

◆ DpcRoutineDisableDbAndBpExitingOnAllCores()

VOID DpcRoutineDisableDbAndBpExitingOnAllCores ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Disable vm-exit on #DBs and #BPs on all cores.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
1572{
1573 UNREFERENCED_PARAMETER(Dpc);
1574 UNREFERENCED_PARAMETER(DeferredContext);
1575
1576 //
1577 // Cause no vm-exit on #BPs
1578 //
1579 AsmVmxVmcall(VMCALL_UNSET_EXCEPTION_BITMAP, EXCEPTION_VECTOR_BREAKPOINT, 0, 0);
1580
1581 //
1582 // Cause no vm-exit on #DBs
1583 //
1584 AsmVmxVmcall(VMCALL_UNSET_EXCEPTION_BITMAP, EXCEPTION_VECTOR_DEBUG_BREAKPOINT, 0, 0);
1585
1586 //
1587 // Wait for all DPCs to synchronize at this point
1588 //
1589 KeSignalCallDpcSynchronize(SystemArgument2);
1590
1591 //
1592 // Mark the DPC as being complete
1593 //
1594 KeSignalCallDpcDone(SystemArgument1);
1595}
EXCEPTION_VECTOR_DEBUG_BREAKPOINT
@ EXCEPTION_VECTOR_DEBUG_BREAKPOINT
Definition Events.h:25

◆ DpcRoutineDisableEferSyscallEvents()

VOID DpcRoutineDisableEferSyscallEvents ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Broadcast syscall unhook to all cores.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
634{
635 UNREFERENCED_PARAMETER(Dpc);
636 UNREFERENCED_PARAMETER(DeferredContext);
637
638 //
639 // Disable Syscall hook from vmx-root
640 //
641 AsmVmxVmcall(VMCALL_DISABLE_SYSCALL_HOOK_EFER, 0, 0, 0);
642
643 //
644 // Wait for all DPCs to synchronize at this point
645 //
646 KeSignalCallDpcSynchronize(SystemArgument2);
647
648 //
649 // Mark the DPC as being complete
650 //
651 KeSignalCallDpcDone(SystemArgument1);
652}
VMCALL_DISABLE_SYSCALL_HOOK_EFER
#define VMCALL_DISABLE_SYSCALL_HOOK_EFER
VMCALL to disable syscall hook using EFER SCE bit.
Definition Vmcall.h:70

◆ DpcRoutineDisableMov2CrExitingForClearingCrEventsAllCores()

VOID DpcRoutineDisableMov2CrExitingForClearingCrEventsAllCores ( KDPC * Dpc,
DEBUGGER_EVENT_OPTIONS * EventOptions,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Disables mov to control registers exiting ONLY for clearing !crwrite events.

Parameters
Dpc
Event
SystemArgument1
SystemArgument2
Returns
VOID
977{
978 UNREFERENCED_PARAMETER(Dpc);
979
980 //
981 // Disables mov 2 control regs exiting ONLY for clearing events
982 //
983 AsmVmxVmcall(VMCALL_DISABLE_MOV_TO_CR_EXITING_ONLY_FOR_CR_EVENTS, EventOptions->OptionalParam1, EventOptions->OptionalParam2, 0);
984
985 //
986 // Wait for all DPCs to synchronize at this point
987 //
988 KeSignalCallDpcSynchronize(SystemArgument2);
989
990 //
991 // Mark the DPC as being complete
992 //
993 KeSignalCallDpcDone(SystemArgument1);
994}
VMCALL_DISABLE_MOV_TO_CR_EXITING_ONLY_FOR_CR_EVENTS
#define VMCALL_DISABLE_MOV_TO_CR_EXITING_ONLY_FOR_CR_EVENTS
VMCALL to clear mov 2 cr exiting bit ONLY in the case of disabling the events for !...
Definition Vmcall.h:268
_DEBUGGER_EVENT_OPTIONS::OptionalParam2
UINT64 OptionalParam2
Definition Events.h:273
_DEBUGGER_EVENT_OPTIONS::OptionalParam1
UINT64 OptionalParam1
Definition Events.h:272

◆ DpcRoutineDisableMov2DrExitingForClearingDrEventsAllCores()

VOID DpcRoutineDisableMov2DrExitingForClearingDrEventsAllCores ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Disables mov to debug registers exiting ONLY for clearing !dr events.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
945{
946 UNREFERENCED_PARAMETER(Dpc);
947 UNREFERENCED_PARAMETER(DeferredContext);
948
949 //
950 // Disables mov 2 hw debug regs exiting ONLY for clearing events
951 //
952 AsmVmxVmcall(VMCALL_DISABLE_MOV_TO_HW_DR_EXITING_ONLY_FOR_DR_EVENTS, 0, 0, 0);
953
954 //
955 // Wait for all DPCs to synchronize at this point
956 //
957 KeSignalCallDpcSynchronize(SystemArgument2);
958
959 //
960 // Mark the DPC as being complete
961 //
962 KeSignalCallDpcDone(SystemArgument1);
963}
VMCALL_DISABLE_MOV_TO_HW_DR_EXITING_ONLY_FOR_DR_EVENTS
#define VMCALL_DISABLE_MOV_TO_HW_DR_EXITING_ONLY_FOR_DR_EVENTS
VMCALL to clear mov 2 hw dr exiting bit ONLY in the case of disabling the events for !...
Definition Vmcall.h:250

◆ DpcRoutineDisableMovControlRegisterExitingAllCores()

VOID DpcRoutineDisableMovControlRegisterExitingAllCores ( KDPC * Dpc,
DEBUGGER_EVENT_OPTIONS * EventOptions,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Disables mov control registers exitings.

Parameters
Dpc
Event
SystemArgument1
SystemArgument2
Returns
VOID
1225{
1226 UNREFERENCED_PARAMETER(Dpc);
1227
1228 //
1229 // Disable mov control registers exitings in primary cpu-based controls
1230 //
1231 AsmVmxVmcall(VMCALL_DISABLE_MOV_TO_CONTROL_REGS_EXITING, EventOptions->OptionalParam1, EventOptions->OptionalParam2, 0);
1232
1233 //
1234 // Wait for all DPCs to synchronize at this point
1235 //
1236 KeSignalCallDpcSynchronize(SystemArgument2);
1237
1238 //
1239 // Mark the DPC as being complete
1240 //
1241 KeSignalCallDpcDone(SystemArgument1);
1242}
VMCALL_DISABLE_MOV_TO_CONTROL_REGS_EXITING
#define VMCALL_DISABLE_MOV_TO_CONTROL_REGS_EXITING
VMCALL to disable mov to CR exiting.
Definition Vmcall.h:261

◆ DpcRoutineDisableMovDebigRegisterExitingAllCores()

VOID DpcRoutineDisableMovDebigRegisterExitingAllCores ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Disables mov debug registers exitings.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
1255{
1256 UNREFERENCED_PARAMETER(Dpc);
1257 UNREFERENCED_PARAMETER(DeferredContext);
1258
1259 //
1260 // Disable mov debug registers exitings in primary cpu-based controls
1261 //
1262 AsmVmxVmcall(VMCALL_DISABLE_MOV_TO_DEBUG_REGS_EXITING, 0, 0, 0);
1263
1264 //
1265 // Wait for all DPCs to synchronize at this point
1266 //
1267 KeSignalCallDpcSynchronize(SystemArgument2);
1268
1269 //
1270 // Mark the DPC as being complete
1271 //
1272 KeSignalCallDpcDone(SystemArgument1);
1273}
VMCALL_DISABLE_MOV_TO_DEBUG_REGS_EXITING
#define VMCALL_DISABLE_MOV_TO_DEBUG_REGS_EXITING
VMCALL to disable mov to debug registers exiting.
Definition Vmcall.h:148

◆ DpcRoutineDisableMovToCr3Exiting()

VOID DpcRoutineDisableMovToCr3Exiting ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Broadcast to disable mov-to-cr3 exitings.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
572{
573 UNREFERENCED_PARAMETER(Dpc);
574 UNREFERENCED_PARAMETER(DeferredContext);
575
576 //
577 // Disable mov-to-cr3 exiting from vmx-root
578 //
579 AsmVmxVmcall(VMCALL_DISABLE_MOV_TO_CR3_EXITING, 0, 0, 0);
580
581 //
582 // Wait for all DPCs to synchronize at this point
583 //
584 KeSignalCallDpcSynchronize(SystemArgument2);
585
586 //
587 // Mark the DPC as being complete
588 //
589 KeSignalCallDpcDone(SystemArgument1);
590}
VMCALL_DISABLE_MOV_TO_CR3_EXITING
#define VMCALL_DISABLE_MOV_TO_CR3_EXITING
VMCALL to disable cr3 exiting.
Definition Vmcall.h:186

◆ DpcRoutineDisableNmiVmexitOnAllCores()

VOID DpcRoutineDisableNmiVmexitOnAllCores ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Disable vm-exit on NMIs on all cores.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
1505{
1506 UNREFERENCED_PARAMETER(Dpc);
1507 UNREFERENCED_PARAMETER(DeferredContext);
1508
1509 //
1510 // Cause no vm-exit on NMIs
1511 //
1512 AsmVmxVmcall(VMCALL_UNSET_VM_EXIT_ON_NMIS, NULL64_ZERO, 0, 0);
1513
1514 //
1515 // Wait for all DPCs to synchronize at this point
1516 //
1517 KeSignalCallDpcSynchronize(SystemArgument2);
1518
1519 //
1520 // Mark the DPC as being complete
1521 //
1522 KeSignalCallDpcDone(SystemArgument1);
1523}
NULL64_ZERO
#define NULL64_ZERO
Definition BasicTypes.h:52
VMCALL_UNSET_VM_EXIT_ON_NMIS
#define VMCALL_UNSET_VM_EXIT_ON_NMIS
VMCALL to not cause vm-exit on NMIs.
Definition Vmcall.h:236

◆ DpcRoutineDisablePml()

VOID DpcRoutineDisablePml ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Broadcast disable PML on all cores.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
696{
697 UNREFERENCED_PARAMETER(Dpc);
698 UNREFERENCED_PARAMETER(DeferredContext);
699
700 //
701 // Disable PML from vmx-root
702 //
703 AsmVmxVmcall(VMCALL_DISABLE_DIRTY_LOGGING_MECHANISM, 0, 0, 0);
704
705 //
706 // Wait for all DPCs to synchronize at this point
707 //
708 KeSignalCallDpcSynchronize(SystemArgument2);
709
710 //
711 // Mark the DPC as being complete
712 //
713 KeSignalCallDpcDone(SystemArgument1);
714}
VMCALL_DISABLE_DIRTY_LOGGING_MECHANISM
#define VMCALL_DISABLE_DIRTY_LOGGING_MECHANISM
VMCALL to disable dirty logging (PML) mechanism.
Definition Vmcall.h:280

◆ DpcRoutineDisableRdpmcExitingAllCores()

VOID DpcRoutineDisableRdpmcExitingAllCores ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Disable rdpmc exiting in primary cpu-based controls.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
1038{
1039 UNREFERENCED_PARAMETER(Dpc);
1040 UNREFERENCED_PARAMETER(DeferredContext);
1041
1042 //
1043 // Disable rdpmc exiting in primary cpu-based controls
1044 //
1045 AsmVmxVmcall(VMCALL_UNSET_RDPMC_EXITING, 0, 0, 0);
1046
1047 //
1048 // Wait for all DPCs to synchronize at this point
1049 //
1050 KeSignalCallDpcSynchronize(SystemArgument2);
1051
1052 //
1053 // Mark the DPC as being complete
1054 //
1055 KeSignalCallDpcDone(SystemArgument1);
1056}
VMCALL_UNSET_RDPMC_EXITING
#define VMCALL_UNSET_RDPMC_EXITING
VMCALL to disable rdpmc exiting in primary cpu-based controls.
Definition Vmcall.h:142

◆ DpcRoutineDisableRdtscExitingAllCores()

VOID DpcRoutineDisableRdtscExitingAllCores ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Disables rdtsc/rdtscp exiting in primary cpu-based controls.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
880{
881 UNREFERENCED_PARAMETER(Dpc);
882 UNREFERENCED_PARAMETER(DeferredContext);
883
884 //
885 // Disables rdtsc/rdtscp exiting in primary cpu-based controls
886 //
887 AsmVmxVmcall(VMCALL_UNSET_RDTSC_EXITING, 0, 0, 0);
888
889 //
890 // Wait for all DPCs to synchronize at this point
891 //
892 KeSignalCallDpcSynchronize(SystemArgument2);
893
894 //
895 // Mark the DPC as being complete
896 //
897 KeSignalCallDpcDone(SystemArgument1);
898}
VMCALL_UNSET_RDTSC_EXITING
#define VMCALL_UNSET_RDTSC_EXITING
VMCALL to disable rdtsc/rdtscp exiting in primary cpu-based controls.
Definition Vmcall.h:130

◆ DpcRoutineDisableRdtscExitingForClearingTscEventsAllCores()

VOID DpcRoutineDisableRdtscExitingForClearingTscEventsAllCores ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Disables rdtsc/rdtscp exiting in primary cpu-based controls ONLY for clearing !tsc events.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
912{
913 UNREFERENCED_PARAMETER(Dpc);
914 UNREFERENCED_PARAMETER(DeferredContext);
915
916 //
917 // Disables rdtsc/rdtscp exiting in primary cpu-based controls
918 // ONLY for clearing events
919 //
920 AsmVmxVmcall(VMCALL_DISABLE_RDTSC_EXITING_ONLY_FOR_TSC_EVENTS, 0, 0, 0);
921
922 //
923 // Wait for all DPCs to synchronize at this point
924 //
925 KeSignalCallDpcSynchronize(SystemArgument2);
926
927 //
928 // Mark the DPC as being complete
929 //
930 KeSignalCallDpcDone(SystemArgument1);
931}
VMCALL_DISABLE_RDTSC_EXITING_ONLY_FOR_TSC_EVENTS
#define VMCALL_DISABLE_RDTSC_EXITING_ONLY_FOR_TSC_EVENTS
VMCALL to clear rdtsc exiting bit ONLY in the case of disabling the events for !tsc command.
Definition Vmcall.h:243

◆ DpcRoutineEnableBreakpointOnExceptionBitmapOnAllCores()

VOID DpcRoutineEnableBreakpointOnExceptionBitmapOnAllCores ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Enable breakpoint exiting on exception bitmaps on all cores.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
1412{
1413 UNREFERENCED_PARAMETER(Dpc);
1414 UNREFERENCED_PARAMETER(DeferredContext);
1415
1416 //
1417 // Change exception bitmap's #BP bit
1418 //
1419 AsmVmxVmcall(VMCALL_SET_EXCEPTION_BITMAP, EXCEPTION_VECTOR_BREAKPOINT, 0, 0);
1420
1421 //
1422 // Wait for all DPCs to synchronize at this point
1423 //
1424 KeSignalCallDpcSynchronize(SystemArgument2);
1425
1426 //
1427 // Mark the DPC as being complete
1428 //
1429 KeSignalCallDpcDone(SystemArgument1);
1430}
VMCALL_SET_EXCEPTION_BITMAP
#define VMCALL_SET_EXCEPTION_BITMAP
VMCALL to set exception bitmap on VMCS.
Definition Vmcall.h:100

◆ DpcRoutineEnableDbAndBpExitingOnAllCores()

VOID DpcRoutineEnableDbAndBpExitingOnAllCores ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Enable vm-exit on #DBs and #BPs on all cores.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
1536{
1537 UNREFERENCED_PARAMETER(Dpc);
1538 UNREFERENCED_PARAMETER(DeferredContext);
1539
1540 //
1541 // Cause vm-exit on #BPs
1542 //
1543 AsmVmxVmcall(VMCALL_SET_EXCEPTION_BITMAP, EXCEPTION_VECTOR_BREAKPOINT, 0, 0);
1544
1545 //
1546 // Cause vm-exit on #DBs
1547 //
1548 AsmVmxVmcall(VMCALL_SET_EXCEPTION_BITMAP, EXCEPTION_VECTOR_DEBUG_BREAKPOINT, 0, 0);
1549
1550 //
1551 // Wait for all DPCs to synchronize at this point
1552 //
1553 KeSignalCallDpcSynchronize(SystemArgument2);
1554
1555 //
1556 // Mark the DPC as being complete
1557 //
1558 KeSignalCallDpcDone(SystemArgument1);
1559}

◆ DpcRoutineEnableEferSyscallEvents()

VOID DpcRoutineEnableEferSyscallEvents ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Broadcast syscall hook to all cores.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
603{
604 UNREFERENCED_PARAMETER(Dpc);
605 UNREFERENCED_PARAMETER(DeferredContext);
606
607 //
608 // Enable Syscall hook from vmx-root
609 //
610 AsmVmxVmcall(VMCALL_ENABLE_SYSCALL_HOOK_EFER, 0, 0, 0);
611
612 //
613 // Wait for all DPCs to synchronize at this point
614 //
615 KeSignalCallDpcSynchronize(SystemArgument2);
616
617 //
618 // Mark the DPC as being complete
619 //
620 KeSignalCallDpcDone(SystemArgument1);
621}
VMCALL_ENABLE_SYSCALL_HOOK_EFER
#define VMCALL_ENABLE_SYSCALL_HOOK_EFER
VMCALL to enable syscall hook using EFER SCE bit.
Definition Vmcall.h:64

◆ DpcRoutineEnableMovControlRegisterExitingAllCores()

VOID DpcRoutineEnableMovControlRegisterExitingAllCores ( KDPC * Dpc,
DEBUGGER_EVENT_OPTIONS * EventOptions,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Enables mov control registers exitings.

Parameters
Dpc
Event
SystemArgument1
SystemArgument2
Returns
VOID
1195{
1196 UNREFERENCED_PARAMETER(Dpc);
1197
1198 //
1199 // Enables mov control registers exitings in primary cpu-based controls
1200 //
1201 AsmVmxVmcall(VMCALL_ENABLE_MOV_TO_CONTROL_REGS_EXITING, EventOptions->OptionalParam1, EventOptions->OptionalParam2, 0);
1202
1203 //
1204 // Wait for all DPCs to synchronize at this point
1205 //
1206 KeSignalCallDpcSynchronize(SystemArgument2);
1207
1208 //
1209 // Mark the DPC as being complete
1210 //
1211 KeSignalCallDpcDone(SystemArgument1);
1212}
VMCALL_ENABLE_MOV_TO_CONTROL_REGS_EXITING
#define VMCALL_ENABLE_MOV_TO_CONTROL_REGS_EXITING
VMCALL to enable mov to CR exiting.
Definition Vmcall.h:255

◆ DpcRoutineEnableMovDebigRegisterExitingAllCores()

VOID DpcRoutineEnableMovDebigRegisterExitingAllCores ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Enables mov debug registers exitings.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
1164{
1165 UNREFERENCED_PARAMETER(Dpc);
1166 UNREFERENCED_PARAMETER(DeferredContext);
1167
1168 //
1169 // Enables mov debug registers exitings in primary cpu-based controls
1170 //
1171 AsmVmxVmcall(VMCALL_ENABLE_MOV_TO_DEBUG_REGS_EXITING, 0, 0, 0);
1172
1173 //
1174 // Wait for all DPCs to synchronize at this point
1175 //
1176 KeSignalCallDpcSynchronize(SystemArgument2);
1177
1178 //
1179 // Mark the DPC as being complete
1180 //
1181 KeSignalCallDpcDone(SystemArgument1);
1182}
VMCALL_ENABLE_MOV_TO_DEBUG_REGS_EXITING
#define VMCALL_ENABLE_MOV_TO_DEBUG_REGS_EXITING
VMCALL to enable mov to debug registers exiting.
Definition Vmcall.h:106

◆ DpcRoutineEnableMovToCr3Exiting()

VOID DpcRoutineEnableMovToCr3Exiting ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Broadcast to enable mov-to-cr3 exitings.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
448{
449 UNREFERENCED_PARAMETER(Dpc);
450 UNREFERENCED_PARAMETER(DeferredContext);
451
452 //
453 // Enable mov-to-cr3 exiting from vmx-root
454 //
455 AsmVmxVmcall(VMCALL_ENABLE_MOV_TO_CR3_EXITING, 0, 0, 0);
456
457 //
458 // Wait for all DPCs to synchronize at this point
459 //
460 KeSignalCallDpcSynchronize(SystemArgument2);
461
462 //
463 // Mark the DPC as being complete
464 //
465 KeSignalCallDpcDone(SystemArgument1);
466}
VMCALL_ENABLE_MOV_TO_CR3_EXITING
#define VMCALL_ENABLE_MOV_TO_CR3_EXITING
VMCALL to enable cr3 exiting.
Definition Vmcall.h:180

◆ DpcRoutineEnableNmiVmexitOnAllCores()

VOID DpcRoutineEnableNmiVmexitOnAllCores ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Enable vm-exit on NMIs on all cores.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
1474{
1475 UNREFERENCED_PARAMETER(Dpc);
1476 UNREFERENCED_PARAMETER(DeferredContext);
1477
1478 //
1479 // Cause vm-exit on NMIs
1480 //
1481 AsmVmxVmcall(VMCALL_SET_VM_EXIT_ON_NMIS, NULL64_ZERO, 0, 0);
1482
1483 //
1484 // Wait for all DPCs to synchronize at this point
1485 //
1486 KeSignalCallDpcSynchronize(SystemArgument2);
1487
1488 //
1489 // Mark the DPC as being complete
1490 //
1491 KeSignalCallDpcDone(SystemArgument1);
1492}
VMCALL_SET_VM_EXIT_ON_NMIS
#define VMCALL_SET_VM_EXIT_ON_NMIS
VMCALL to cause vm-exit on NMIs.
Definition Vmcall.h:230

◆ DpcRoutineEnableOrDisableMbec()

VOID DpcRoutineEnableOrDisableMbec ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Broadcast to enable or disable MBEC.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
541{
542 UNREFERENCED_PARAMETER(Dpc);
543 UNREFERENCED_PARAMETER(DeferredContext);
544
545 //
546 // Enable/Disable MBEC from vmx-root
547 //
548 AsmVmxVmcall(VMCALL_DISABLE_OR_ENABLE_MBEC, (UINT64)DeferredContext, 0, 0);
549
550 //
551 // Wait for all DPCs to synchronize at this point
552 //
553 KeSignalCallDpcSynchronize(SystemArgument2);
554
555 //
556 // Mark the DPC as being complete
557 //
558 KeSignalCallDpcDone(SystemArgument1);
559}
VMCALL_DISABLE_OR_ENABLE_MBEC
#define VMCALL_DISABLE_OR_ENABLE_MBEC
VMCALL to enable/disable MBEC.
Definition Vmcall.h:298

◆ DpcRoutineEnablePml()

VOID DpcRoutineEnablePml ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Broadcast enable PML on all cores.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
665{
666 UNREFERENCED_PARAMETER(Dpc);
667 UNREFERENCED_PARAMETER(DeferredContext);
668
669 //
670 // Enable PML from vmx-root
671 //
672 AsmVmxVmcall(VMCALL_ENABLE_DIRTY_LOGGING_MECHANISM, 0, 0, 0);
673
674 //
675 // Wait for all DPCs to synchronize at this point
676 //
677 KeSignalCallDpcSynchronize(SystemArgument2);
678
679 //
680 // Mark the DPC as being complete
681 //
682 KeSignalCallDpcDone(SystemArgument1);
683}
VMCALL_ENABLE_DIRTY_LOGGING_MECHANISM
#define VMCALL_ENABLE_DIRTY_LOGGING_MECHANISM
VMCALL to enable dirty logging (PML) mechanism.
Definition Vmcall.h:274

◆ DpcRoutineEnableRdpmcExitingAllCores()

VOID DpcRoutineEnableRdpmcExitingAllCores ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Enables rdpmc exiting in primary cpu-based controls.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
1007{
1008 UNREFERENCED_PARAMETER(Dpc);
1009 UNREFERENCED_PARAMETER(DeferredContext);
1010
1011 //
1012 // Enables rdpmc exiting in primary cpu-based controls
1013 //
1014 AsmVmxVmcall(VMCALL_SET_RDPMC_EXITING, 0, 0, 0);
1015
1016 //
1017 // Wait for all DPCs to synchronize at this point
1018 //
1019 KeSignalCallDpcSynchronize(SystemArgument2);
1020
1021 //
1022 // Mark the DPC as being complete
1023 //
1024 KeSignalCallDpcDone(SystemArgument1);
1025}
VMCALL_SET_RDPMC_EXITING
#define VMCALL_SET_RDPMC_EXITING
VMCALL to enable rdpmc exiting in primary cpu-based controls.
Definition Vmcall.h:94

◆ DpcRoutineEnableRdtscExitingAllCores()

VOID DpcRoutineEnableRdtscExitingAllCores ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Enables rdtsc/rdtscp exiting in primary cpu-based controls.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
849{
850 UNREFERENCED_PARAMETER(Dpc);
851 UNREFERENCED_PARAMETER(DeferredContext);
852
853 //
854 // Enables rdtsc/rdtscp exiting in primary cpu-based controls
855 //
856 AsmVmxVmcall(VMCALL_SET_RDTSC_EXITING, 0, 0, 0);
857
858 //
859 // Wait for all DPCs to synchronize at this point
860 //
861 KeSignalCallDpcSynchronize(SystemArgument2);
862
863 //
864 // Mark the DPC as being complete
865 //
866 KeSignalCallDpcDone(SystemArgument1);
867}
VMCALL_SET_RDTSC_EXITING
#define VMCALL_SET_RDTSC_EXITING
VMCALL to enable rdtsc/rdtscp exiting in primary cpu-based controls.
Definition Vmcall.h:88

◆ DpcRoutineInitializeGuest()

VOID DpcRoutineInitializeGuest ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

The broadcast function which initialize the guest.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
1715{
1716 UNREFERENCED_PARAMETER(Dpc);
1717 UNREFERENCED_PARAMETER(DeferredContext);
1718
1719 //
1720 // Save the vmx state and prepare vmcs setup and finally execute vmlaunch instruction
1721 //
1722 AsmVmxSaveState();
1723
1724 //
1725 // Wait for all DPCs to synchronize at this point
1726 //
1727 KeSignalCallDpcSynchronize(SystemArgument2);
1728
1729 //
1730 // Mark the DPC as being complete
1731 //
1732 KeSignalCallDpcDone(SystemArgument1);
1733}
AsmVmxSaveState
void AsmVmxSaveState()
Save state on vmx.

◆ DpcRoutineInvalidateEptOnAllCores()

VOID DpcRoutineInvalidateEptOnAllCores ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

The broadcast function which invalidate EPT using Vmcall.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
1672{
1673 UNREFERENCED_PARAMETER(Dpc);
1674
1675 if (DeferredContext == NULL)
1676 {
1677 //
1678 // We have to invalidate all contexts
1679 //
1680 AsmVmxVmcall(VMCALL_INVEPT_ALL_CONTEXTS, NULL64_ZERO, NULL64_ZERO, NULL64_ZERO);
1681 }
1682 else
1683 {
1684 //
1685 // We have to invalidate all contexts
1686 //
1687 AsmVmxVmcall(VMCALL_INVEPT_SINGLE_CONTEXT,
1688 g_GuestState[KeGetCurrentProcessorNumberEx(NULL)].EptPointer.AsUInt,
1689 NULL64_ZERO,
1690 NULL64_ZERO);
1691 }
1692
1693 //
1694 // Wait for all DPCs to synchronize at this point
1695 //
1696 KeSignalCallDpcSynchronize(SystemArgument2);
1697
1698 //
1699 // Mark the DPC as being complete
1700 //
1701 KeSignalCallDpcDone(SystemArgument1);
1702}
g_GuestState
VIRTUAL_MACHINE_STATE * g_GuestState
Save the state and variables related to virtualization on each to logical core.
Definition GlobalVariables.h:38
VMCALL_INVEPT_ALL_CONTEXTS
#define VMCALL_INVEPT_ALL_CONTEXTS
VMCALL to invalidate EPT (All Contexts)
Definition Vmcall.h:40
VMCALL_INVEPT_SINGLE_CONTEXT
#define VMCALL_INVEPT_SINGLE_CONTEXT
VMCALL to invalidate EPT (A Single Context)
Definition Vmcall.h:46

◆ DpcRoutinePerformChangeIoBitmapOnSingleCore()

VOID DpcRoutinePerformChangeIoBitmapOnSingleCore ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

change I/O bitmap on a single core

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
420{
421 UNREFERENCED_PARAMETER(Dpc);
422 UNREFERENCED_PARAMETER(SystemArgument1);
423 UNREFERENCED_PARAMETER(SystemArgument2);
424
425 //
426 // change I/O bitmap
427 //
428 AsmVmxVmcall(VMCALL_CHANGE_IO_BITMAP, (UINT64)DeferredContext, 0, 0);
429
430 //
431 // As this function is designed for a single,
432 // we have to release the synchronization lock here
433 //
434 SpinlockUnlock(&OneCoreLock);
435}
SpinlockUnlock
void SpinlockUnlock(volatile LONG *Lock)
Release the lock.
Definition Spinlock.c:158
OneCoreLock
volatile LONG OneCoreLock
lock for one core execution
Definition DpcRoutines.c:19

◆ DpcRoutinePerformChangeMsrBitmapReadOnSingleCore()

VOID DpcRoutinePerformChangeMsrBitmapReadOnSingleCore ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

change msr bitmap read on a single core

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
162{
163 UNREFERENCED_PARAMETER(Dpc);
164 UNREFERENCED_PARAMETER(SystemArgument1);
165 UNREFERENCED_PARAMETER(SystemArgument2);
166
167 //
168 // change msr bitmap (read)
169 //
170 AsmVmxVmcall(VMCALL_CHANGE_MSR_BITMAP_READ, (UINT64)DeferredContext, 0, 0);
171
172 //
173 // As this function is designed for a single,
174 // we have to release the synchronization lock here
175 //
176 SpinlockUnlock(&OneCoreLock);
177}

◆ DpcRoutinePerformChangeMsrBitmapWriteOnSingleCore()

VOID DpcRoutinePerformChangeMsrBitmapWriteOnSingleCore ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

change msr bitmap write on a single core

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
190{
191 UNREFERENCED_PARAMETER(Dpc);
192 UNREFERENCED_PARAMETER(SystemArgument1);
193 UNREFERENCED_PARAMETER(SystemArgument2);
194
195 //
196 // change msr bitmap (write)
197 //
198 AsmVmxVmcall(VMCALL_CHANGE_MSR_BITMAP_WRITE, (UINT64)DeferredContext, 0, 0);
199
200 //
201 // As this function is designed for a single,
202 // we have to release the synchronization lock here
203 //
204 SpinlockUnlock(&OneCoreLock);
205}

◆ DpcRoutinePerformEnableEferSyscallHookOnSingleCore()

VOID DpcRoutinePerformEnableEferSyscallHookOnSingleCore ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Enable syscall hook EFER on a single core.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
391{
392 UNREFERENCED_PARAMETER(Dpc);
393 UNREFERENCED_PARAMETER(DeferredContext);
394 UNREFERENCED_PARAMETER(SystemArgument1);
395 UNREFERENCED_PARAMETER(SystemArgument2);
396
397 //
398 // Enable syscall hook EFER
399 //
400 AsmVmxVmcall(VMCALL_ENABLE_SYSCALL_HOOK_EFER, NULL64_ZERO, 0, 0);
401
402 //
403 // As this function is designed for a single,
404 // we have to release the synchronization lock here
405 //
406 SpinlockUnlock(&OneCoreLock);
407}

◆ DpcRoutinePerformEnableMovToControlRegisterExiting()

VOID DpcRoutinePerformEnableMovToControlRegisterExiting ( KDPC * Dpc,
DEBUGGER_EVENT_OPTIONS * EventOptions,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Set the Mov to Control Registers Exitings.

Parameters
Dpc
Event
SystemArgument1
SystemArgument2
Returns
VOID
334{
335 UNREFERENCED_PARAMETER(Dpc);
336 UNREFERENCED_PARAMETER(SystemArgument1);
337 UNREFERENCED_PARAMETER(SystemArgument2);
338
339 //
340 // enable Mov to Control Registers Exitings
341 //
342 AsmVmxVmcall(VMCALL_ENABLE_MOV_TO_CONTROL_REGS_EXITING, EventOptions->OptionalParam1, EventOptions->OptionalParam2, 0);
343
344 //
345 // As this function is designed for a single,
346 // we have to release the synchronization lock here
347 //
348 SpinlockUnlock(&OneCoreLock);
349}

◆ DpcRoutinePerformEnableMovToDebugRegistersExiting()

VOID DpcRoutinePerformEnableMovToDebugRegistersExiting ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Set the Mov to Debug Registers Exitings.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
305{
306 UNREFERENCED_PARAMETER(Dpc);
307 UNREFERENCED_PARAMETER(DeferredContext);
308 UNREFERENCED_PARAMETER(SystemArgument1);
309 UNREFERENCED_PARAMETER(SystemArgument2);
310
311 //
312 // enable Mov to Debug Registers Exitings
313 //
314 AsmVmxVmcall(VMCALL_ENABLE_MOV_TO_DEBUG_REGS_EXITING, 0, 0, 0);
315
316 //
317 // As this function is designed for a single,
318 // we have to release the synchronization lock here
319 //
320 SpinlockUnlock(&OneCoreLock);
321}

◆ DpcRoutinePerformEnableRdpmcExitingOnSingleCore()

VOID DpcRoutinePerformEnableRdpmcExitingOnSingleCore ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

set rdpmc exiting

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
247{
248 UNREFERENCED_PARAMETER(Dpc);
249 UNREFERENCED_PARAMETER(DeferredContext);
250 UNREFERENCED_PARAMETER(SystemArgument1);
251 UNREFERENCED_PARAMETER(SystemArgument2);
252
253 //
254 // enable rdtsc/rdtscp exiting
255 //
256 AsmVmxVmcall(VMCALL_SET_RDPMC_EXITING, 0, 0, 0);
257
258 //
259 // As this function is designed for a single,
260 // we have to release the synchronization lock here
261 //
262 SpinlockUnlock(&OneCoreLock);
263}

◆ DpcRoutinePerformEnableRdtscExitingOnSingleCore()

VOID DpcRoutinePerformEnableRdtscExitingOnSingleCore ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

set rdtsc/rdtscp exiting

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
218{
219 UNREFERENCED_PARAMETER(Dpc);
220 UNREFERENCED_PARAMETER(DeferredContext);
221 UNREFERENCED_PARAMETER(SystemArgument1);
222 UNREFERENCED_PARAMETER(SystemArgument2);
223
224 //
225 // enable rdtsc/rdtscp exiting
226 //
227 AsmVmxVmcall(VMCALL_SET_RDTSC_EXITING, 0, 0, 0);
228
229 //
230 // As this function is designed for a single,
231 // we have to release the synchronization lock here
232 //
233 SpinlockUnlock(&OneCoreLock);
234}

◆ DpcRoutinePerformSetExceptionBitmapOnSingleCore()

VOID DpcRoutinePerformSetExceptionBitmapOnSingleCore ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

change exception bitmap on a single core

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
276{
277 UNREFERENCED_PARAMETER(Dpc);
278 UNREFERENCED_PARAMETER(DeferredContext);
279 UNREFERENCED_PARAMETER(SystemArgument1);
280 UNREFERENCED_PARAMETER(SystemArgument2);
281
282 //
283 // change exception bitmap
284 //
285 AsmVmxVmcall(VMCALL_SET_EXCEPTION_BITMAP, (UINT64)DeferredContext, 0, 0);
286
287 //
288 // As this function is designed for a single,
289 // we have to release the synchronization lock here
290 //
291 SpinlockUnlock(&OneCoreLock);
292}

◆ DpcRoutinePerformSetExternalInterruptExitingOnSingleCore()

VOID DpcRoutinePerformSetExternalInterruptExitingOnSingleCore ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Enable external interrupt exiting on a single core.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
362{
363 UNREFERENCED_PARAMETER(Dpc);
364 UNREFERENCED_PARAMETER(DeferredContext);
365 UNREFERENCED_PARAMETER(SystemArgument1);
366 UNREFERENCED_PARAMETER(SystemArgument2);
367
368 //
369 // Enable external interrupt exiting
370 //
371 AsmVmxVmcall(VMCALL_ENABLE_EXTERNAL_INTERRUPT_EXITING, NULL64_ZERO, 0, 0);
372
373 //
374 // As this function is designed for a single,
375 // we have to release the synchronization lock here
376 //
377 SpinlockUnlock(&OneCoreLock);
378}
VMCALL_ENABLE_EXTERNAL_INTERRUPT_EXITING
#define VMCALL_ENABLE_EXTERNAL_INTERRUPT_EXITING
VMCALL to enable external interrupt exiting.
Definition Vmcall.h:112

◆ DpcRoutinePerformVirtualization()

BOOLEAN DpcRoutinePerformVirtualization ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Broadcast VmxPerformVirtualizationOnSpecificCore.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
BOOLEAN
129{
130 UNREFERENCED_PARAMETER(Dpc);
131 UNREFERENCED_PARAMETER(DeferredContext);
132
133 //
134 // Allocates Vmx regions for all logical cores (Vmxon region and Vmcs region)
135 //
136 VmxPerformVirtualizationOnSpecificCore();
137
138 //
139 // Wait for all DPCs to synchronize at this point
140 //
141 KeSignalCallDpcSynchronize(SystemArgument2);
142
143 //
144 // Mark the DPC as being complete
145 //
146 KeSignalCallDpcDone(SystemArgument1);
147
148 return TRUE;
149}
TRUE
#define TRUE
Definition BasicTypes.h:55
VmxPerformVirtualizationOnSpecificCore
BOOLEAN VmxPerformVirtualizationOnSpecificCore()
Allocates Vmx regions for all logical cores (Vmxon region and Vmcs region)
Definition Vmx.c:500

◆ DpcRoutineRemoveHookAndInvalidateAllEntriesOnAllCores()

VOID DpcRoutineRemoveHookAndInvalidateAllEntriesOnAllCores ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

The broadcast function which removes all the hooks and invalidate TLB.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
1608{
1609 UNREFERENCED_PARAMETER(Dpc);
1610 UNREFERENCED_PARAMETER(DeferredContext);
1611
1612 //
1613 // Execute the VMCALL to remove the hook and invalidate
1614 //
1615 AsmVmxVmcall(VMCALL_UNHOOK_ALL_PAGES, NULL64_ZERO, NULL64_ZERO, NULL64_ZERO);
1616
1617 //
1618 // Wait for all DPCs to synchronize at this point
1619 //
1620 KeSignalCallDpcSynchronize(SystemArgument2);
1621
1622 //
1623 // Mark the DPC as being complete
1624 //
1625 KeSignalCallDpcDone(SystemArgument1);
1626}
VMCALL_UNHOOK_ALL_PAGES
#define VMCALL_UNHOOK_ALL_PAGES
VMCALL to remove a all physical addresses from hook list.
Definition Vmcall.h:52

◆ DpcRoutineRemoveHookAndInvalidateSingleEntryOnAllCores()

VOID DpcRoutineRemoveHookAndInvalidateSingleEntryOnAllCores ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

The broadcast function which removes the single hook and invalidate TLB.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
1639{
1640 UNREFERENCED_PARAMETER(Dpc);
1641 UNREFERENCED_PARAMETER(DeferredContext);
1642
1643 EPT_SINGLE_HOOK_UNHOOKING_DETAILS * UnhookingDetail = (EPT_SINGLE_HOOK_UNHOOKING_DETAILS *)DeferredContext;
1644
1645 //
1646 // Execute the VMCALL to remove the hook and invalidate
1647 //
1648 AsmVmxVmcall(VMCALL_UNHOOK_SINGLE_PAGE, UnhookingDetail->PhysicalAddress, UnhookingDetail->OriginalEntry, NULL64_ZERO);
1649
1650 //
1651 // Wait for all DPCs to synchronize at this point
1652 //
1653 KeSignalCallDpcSynchronize(SystemArgument2);
1654
1655 //
1656 // Mark the DPC as being complete
1657 //
1658 KeSignalCallDpcDone(SystemArgument1);
1659}
VMCALL_UNHOOK_SINGLE_PAGE
#define VMCALL_UNHOOK_SINGLE_PAGE
VMCALL to restore a single EPT entry and invalidate EPT cache.
Definition Vmcall.h:58
_EPT_SINGLE_HOOK_UNHOOKING_DETAILS
Details of unhooking single EPT hooks.
Definition DataTypes.h:358
_EPT_SINGLE_HOOK_UNHOOKING_DETAILS::PhysicalAddress
SIZE_T PhysicalAddress
Definition DataTypes.h:361
_EPT_SINGLE_HOOK_UNHOOKING_DETAILS::OriginalEntry
UINT64 OriginalEntry
Definition DataTypes.h:362

◆ DpcRoutineResetExceptionBitmapOnlyOnClearingExceptionEventsOnAllCores()

VOID DpcRoutineResetExceptionBitmapOnlyOnClearingExceptionEventsOnAllCores ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Reset Exception Bitmaps on all cores.

This function should ONLY be used in clearing !exception events

Parameters
Dpc
DeferredContextException index on IDT
SystemArgument1
SystemArgument2
Returns
VOID
1133{
1134 UNREFERENCED_PARAMETER(Dpc);
1135 UNREFERENCED_PARAMETER(DeferredContext);
1136
1137 //
1138 // Reset Exception Bitmaps from vmx-root
1139 //
1140 AsmVmxVmcall(VMCALL_RESET_EXCEPTION_BITMAP_ONLY_ON_CLEARING_EXCEPTION_EVENTS, NULL64_ZERO, 0, 0);
1141
1142 //
1143 // Wait for all DPCs to synchronize at this point
1144 //
1145 KeSignalCallDpcSynchronize(SystemArgument2);
1146
1147 //
1148 // Mark the DPC as being complete
1149 //
1150 KeSignalCallDpcDone(SystemArgument1);
1151}
VMCALL_RESET_EXCEPTION_BITMAP_ONLY_ON_CLEARING_EXCEPTION_EVENTS
#define VMCALL_RESET_EXCEPTION_BITMAP_ONLY_ON_CLEARING_EXCEPTION_EVENTS
VMCALL to reset exception bitmap on VMCS.
Definition Vmcall.h:168

◆ DpcRoutineResetIoBitmapOnAllCores()

VOID DpcRoutineResetIoBitmapOnAllCores ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Reset I/O Bitmaps on all cores.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
1381{
1382 UNREFERENCED_PARAMETER(Dpc);
1383 UNREFERENCED_PARAMETER(DeferredContext);
1384
1385 //
1386 // Reset I/O Bitmaps on all cores
1387 //
1388 AsmVmxVmcall(VMCALL_RESET_IO_BITMAP, NULL64_ZERO, 0, 0);
1389
1390 //
1391 // Wait for all DPCs to synchronize at this point
1392 //
1393 KeSignalCallDpcSynchronize(SystemArgument2);
1394
1395 //
1396 // Mark the DPC as being complete
1397 //
1398 KeSignalCallDpcDone(SystemArgument1);
1399}
VMCALL_RESET_IO_BITMAP
#define VMCALL_RESET_IO_BITMAP
VMCALL to reset I/O Bitmaps (A & B)
Definition Vmcall.h:174

◆ DpcRoutineResetMsrBitmapReadOnAllCores()

VOID DpcRoutineResetMsrBitmapReadOnAllCores ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Reset Msr Bitmaps on all cores (vm-exit on all msrs)

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
757{
758 UNREFERENCED_PARAMETER(Dpc);
759 UNREFERENCED_PARAMETER(DeferredContext);
760
761 //
762 // Reset msr bitmaps from vmx-root
763 //
764 AsmVmxVmcall(VMCALL_RESET_MSR_BITMAP_READ, NULL64_ZERO, 0, 0);
765
766 //
767 // Wait for all DPCs to synchronize at this point
768 //
769 KeSignalCallDpcSynchronize(SystemArgument2);
770
771 //
772 // Mark the DPC as being complete
773 //
774 KeSignalCallDpcDone(SystemArgument1);
775}
VMCALL_RESET_MSR_BITMAP_READ
#define VMCALL_RESET_MSR_BITMAP_READ
VMCALL to reset MSR Bitmap Read.
Definition Vmcall.h:154

◆ DpcRoutineResetMsrBitmapWriteOnAllCores()

VOID DpcRoutineResetMsrBitmapWriteOnAllCores ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Reset Msr Bitmaps on all cores (vm-exit on all msrs)

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
818{
819 UNREFERENCED_PARAMETER(Dpc);
820 UNREFERENCED_PARAMETER(DeferredContext);
821
822 //
823 // Reset msr bitmaps from vmx-root
824 //
825 AsmVmxVmcall(VMCALL_RESET_MSR_BITMAP_WRITE, NULL64_ZERO, 0, 0);
826
827 //
828 // Wait for all DPCs to synchronize at this point
829 //
830 KeSignalCallDpcSynchronize(SystemArgument2);
831
832 //
833 // Mark the DPC as being complete
834 //
835 KeSignalCallDpcDone(SystemArgument1);
836}
VMCALL_RESET_MSR_BITMAP_WRITE
#define VMCALL_RESET_MSR_BITMAP_WRITE
VMCALL to reset MSR Bitmap Write.
Definition Vmcall.h:160

◆ DpcRoutineRestoreToNormalEptp()

VOID DpcRoutineRestoreToNormalEptp ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Broadcast to restore to normal EPTP.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
510{
511 UNREFERENCED_PARAMETER(Dpc);
512 UNREFERENCED_PARAMETER(DeferredContext);
513
514 //
515 // Restore to normal EPTP from vmx-root
516 //
517 AsmVmxVmcall(VMCALL_RESTORE_TO_NORMAL_EPTP, 0, 0, 0);
518
519 //
520 // Wait for all DPCs to synchronize at this point
521 //
522 KeSignalCallDpcSynchronize(SystemArgument2);
523
524 //
525 // Mark the DPC as being complete
526 //
527 KeSignalCallDpcDone(SystemArgument1);
528}
VMCALL_RESTORE_TO_NORMAL_EPTP
#define VMCALL_RESTORE_TO_NORMAL_EPTP
VMCALL to restore EPTP to normal EPTP.
Definition Vmcall.h:292

◆ DpcRoutineRunTaskOnSingleCore()

NTSTATUS DpcRoutineRunTaskOnSingleCore ( UINT32 CoreNumber,
PVOID Routine,
PVOID DeferredContext )

This function synchronize the function execution for a single core You should only used it for one core, not in multiple threads simultaneously The function that needs to use this feature (Routine parameter function) should have the when it ends : 

         SpinlockUnlock(&OneCoreLock);
Parameters
CoreNumbercore number that the target function should run on it
Routinethe target function that should be ran
DeferredContextan optional parameter to Routine
Returns
NTSTATUS
36{
37 PRKDPC Dpc;
38 ULONG ProcessorsCount;
39
40 ProcessorsCount = KeQueryActiveProcessorCount(0);
41
42 //
43 // Check if the core number is not invalid
44 //
45 if (CoreNumber >= ProcessorsCount)
46 {
47 return STATUS_INVALID_PARAMETER;
48 }
49
50 //
51 // Allocate Memory for DPC
52 //
53 Dpc = PlatformMemAllocateNonPagedPool(sizeof(KDPC));
54
55 if (!Dpc)
56 {
57 return STATUS_INSUFFICIENT_RESOURCES;
58 }
59
60 //
61 // Creating a DPC that will run on the target process
62 //
63 KeInitializeDpc(Dpc, // Dpc
64 (PKDEFERRED_ROUTINE)Routine, // DeferredRoutine
65 DeferredContext // DeferredContext
66 );
67
68 //
69 // Set the target core
70 //
71 KeSetTargetProcessorDpc(Dpc, (CCHAR)CoreNumber);
72
73 //
74 // it's sure will be executed, but we want to free the above
75 // pool, so we have to wait on a spinlock that will be release
76 // by the DPC routine, actually Affinity Thread but that
77 // won't support more than 64 logical cores, I create a discussion
78 // here, and explained the problem, but no one answers
79 // link: https://community.osr.com/discussion/292064/putting-a-barrier-for-dpc-before-continuing-the-rest-of-code
80 // we also can't use the spinlock routine of Windows as this function
81 // raises the IRQL to DPC and we want to execute at DPC, means that
82 // If we're currently on the right core, we never find a chance to
83 // release the spinlock so a deadlock happens, all in all it's complicated :)
84 //
85
86 //
87 // Set the lock to be freed by the other DPC routine
88 //
89 if (!SpinlockTryLock(&OneCoreLock))
90 {
91 //
92 // We can't get the lock, probably sth goes wrong !
93 //
94 PlatformMemFreePool(Dpc);
95 return STATUS_UNSUCCESSFUL;
96 }
97
98 //
99 // Fire the DPC
100 //
101 KeInsertQueueDpc(Dpc, NULL, NULL);
102
103 //
104 // spin on lock to be release, immediately after we get the lock, we'll
105 // release it for because there is no need to it anymore and DPC is finished
106 //
107 SpinlockLock(&OneCoreLock);
108 SpinlockUnlock(&OneCoreLock);
109
110 //
111 // Now it's safe to deallocate the bugger
112 //
113 PlatformMemFreePool(Dpc);
114
115 return STATUS_SUCCESS;
116}
ULONG
unsigned long ULONG
Definition BasicTypes.h:37
PlatformMemAllocateNonPagedPool
PVOID PlatformMemAllocateNonPagedPool(SIZE_T NumberOfBytes)
Allocate a non-paged buffer.
Definition Mem.c:41
PlatformMemFreePool
VOID PlatformMemFreePool(PVOID BufferAddress)
Free (dellocate) a non-paged buffer.
Definition Mem.c:86
SpinlockLock
void SpinlockLock(volatile LONG *Lock)
Tries to get the lock and won't return until successfully get the lock.
Definition Spinlock.c:52
SpinlockTryLock
BOOLEAN SpinlockTryLock(volatile LONG *Lock)
Tries to get the lock otherwise returns.
Definition Spinlock.c:41
STATUS_UNSUCCESSFUL
#define STATUS_UNSUCCESSFUL
Definition Windows.h:172

◆ DpcRoutineSetDisableExternalInterruptExitingOnlyOnClearingInterruptEventsOnAllCores()

VOID DpcRoutineSetDisableExternalInterruptExitingOnlyOnClearingInterruptEventsOnAllCores ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Disable vm-exit on all cores for external interrupts only for clearing !interrupt events.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
1320{
1321 UNREFERENCED_PARAMETER(Dpc);
1322 UNREFERENCED_PARAMETER(DeferredContext);
1323
1324 //
1325 // Disable External Interrupts vm-exit from vmx-root
1326 //
1327 AsmVmxVmcall(VMCALL_DISABLE_EXTERNAL_INTERRUPT_EXITING_ONLY_TO_CLEAR_INTERRUPT_COMMANDS, 0, 0, 0);
1328
1329 //
1330 // Wait for all DPCs to synchronize at this point
1331 //
1332 KeSignalCallDpcSynchronize(SystemArgument2);
1333
1334 //
1335 // Mark the DPC as being complete
1336 //
1337 KeSignalCallDpcDone(SystemArgument1);
1338}
VMCALL_DISABLE_EXTERNAL_INTERRUPT_EXITING_ONLY_TO_CLEAR_INTERRUPT_COMMANDS
#define VMCALL_DISABLE_EXTERNAL_INTERRUPT_EXITING_ONLY_TO_CLEAR_INTERRUPT_COMMANDS
VMCALL to disable external interrupt exiting only to clear !interrupt commands.
Definition Vmcall.h:136

◆ DpcRoutineSetEnableExternalInterruptExitingOnAllCores()

VOID DpcRoutineSetEnableExternalInterruptExitingOnAllCores ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Enable vm-exit on all cores for external interrupts.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
1286{
1287 UNREFERENCED_PARAMETER(Dpc);
1288 UNREFERENCED_PARAMETER(DeferredContext);
1289
1290 //
1291 // Enable External Interrupts vm-exit from vmx-root
1292 //
1293 AsmVmxVmcall(VMCALL_ENABLE_EXTERNAL_INTERRUPT_EXITING, 0, 0, 0);
1294
1295 //
1296 // Wait for all DPCs to synchronize at this point
1297 //
1298 KeSignalCallDpcSynchronize(SystemArgument2);
1299
1300 //
1301 // Mark the DPC as being complete
1302 //
1303 KeSignalCallDpcDone(SystemArgument1);
1304}

◆ DpcRoutineSetExceptionBitmapOnAllCores()

VOID DpcRoutineSetExceptionBitmapOnAllCores ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Enable Exception Bitmaps on all cores.

Parameters
Dpc
DeferredContextException index on IDT
SystemArgument1
SystemArgument2
Returns
VOID
1069{
1070 UNREFERENCED_PARAMETER(Dpc);
1071
1072 //
1073 // Enable Exception Bitmaps from vmx-root
1074 //
1075 AsmVmxVmcall(VMCALL_SET_EXCEPTION_BITMAP, (UINT64)DeferredContext, 0, 0);
1076
1077 //
1078 // Wait for all DPCs to synchronize at this point
1079 //
1080 KeSignalCallDpcSynchronize(SystemArgument2);
1081
1082 //
1083 // Mark the DPC as being complete
1084 //
1085 KeSignalCallDpcDone(SystemArgument1);
1086}

◆ DpcRoutineTerminateGuest()

VOID DpcRoutineTerminateGuest ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

The broadcast function which terminate the guest.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
1746{
1747 UNREFERENCED_PARAMETER(Dpc);
1748 UNREFERENCED_PARAMETER(DeferredContext);
1749
1750 //
1751 // Terminate Vmx using vmcall
1752 //
1753 if (!VmxTerminate())
1754 {
1755 LogError("Err, there were an error terminating vmx");
1756 }
1757
1758 //
1759 // Wait for all DPCs to synchronize at this point
1760 //
1761 KeSignalCallDpcSynchronize(SystemArgument2);
1762
1763 //
1764 // Mark the DPC as being complete
1765 //
1766 KeSignalCallDpcDone(SystemArgument1);
1767}
LogError
#define LogError(format,...)
Log in the case of error.
Definition HyperDbgHyperLogIntrinsics.h:113
VmxTerminate
BOOLEAN VmxTerminate()
Broadcast to terminate VMX on all logical cores.
Definition Vmx.c:699

◆ DpcRoutineUnsetExceptionBitmapOnAllCores()

VOID DpcRoutineUnsetExceptionBitmapOnAllCores ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Disable Exception Bitmaps on all cores.

Parameters
Dpc
DeferredContextException index on IDT
SystemArgument1
SystemArgument2
Returns
VOID
1099{
1100 UNREFERENCED_PARAMETER(Dpc);
1101
1102 //
1103 // Disable Exception Bitmaps from vmx-root
1104 //
1105 AsmVmxVmcall(VMCALL_UNSET_EXCEPTION_BITMAP, (UINT64)DeferredContext, 0, 0);
1106
1107 //
1108 // Wait for all DPCs to synchronize at this point
1109 //
1110 KeSignalCallDpcSynchronize(SystemArgument2);
1111
1112 //
1113 // Mark the DPC as being complete
1114 //
1115 KeSignalCallDpcDone(SystemArgument1);
1116}

Variable Documentation

◆ OneCoreLock

volatile LONG OneCoreLock

lock for one core execution