- Generated by
1.11.0
|
HyperDbg Debugger
|
Header files for common functions. More...
Go to the source code of this file.
Classes | |
| struct | _CPUID |
| CPUID Registers. More... | |
| union | _CR_FIXED |
| struct | _NT_KPROCESS |
| KPROCESS Brief structure. More... | |
Macros | |
| #define | PASSIVE_LEVEL 0 |
| #define | LOW_LEVEL 0 |
| #define | APC_LEVEL 1 |
| #define | DISPATCH_LEVEL 2 |
| #define | CMCI_LEVEL 5 |
| #define | CLOCK_LEVEL 13 |
| #define | IPI_LEVEL 14 |
| #define | DRS_LEVEL 14 |
| #define | POWER_LEVEL 14 |
| #define | PROFILE_LEVEL 15 |
| #define | HIGH_LEVEL 15 |
| #define | X86_CR0_PE 0x00000001 /* Enable Protected Mode (RW) */ |
| Intel CPU flags in CR0. | |
| #define | X86_CR0_MP 0x00000002 /* Monitor Coprocessor (RW) */ |
| #define | X86_CR0_EM 0x00000004 /* Require FPU Emulation (RO) */ |
| #define | X86_CR0_TS 0x00000008 /* Task Switched (RW) */ |
| #define | X86_CR0_ET 0x00000010 /* Extension type (RO) */ |
| #define | X86_CR0_NE 0x00000020 /* Numeric Error Reporting (RW) */ |
| #define | X86_CR0_WP 0x00010000 /* Supervisor Write Protect (RW) */ |
| #define | X86_CR0_AM 0x00040000 /* Alignment Checking (RW) */ |
| #define | X86_CR0_NW 0x20000000 /* Not Write-Through (RW) */ |
| #define | X86_CR0_CD 0x40000000 /* Cache Disable (RW) */ |
| #define | X86_CR0_PG 0x80000000 /* Paging */ |
| #define | X86_CR4_VME 0x0001 /* enable vm86 extensions */ |
| Intel CPU features in CR4. | |
| #define | X86_CR4_PVI 0x0002 /* virtual interrupts flag enable */ |
| #define | X86_CR4_TSD 0x0004 /* disable time stamp at ipl 3 */ |
| #define | X86_CR4_DE 0x0008 /* enable debugging extensions */ |
| #define | X86_CR4_PSE 0x0010 /* enable page size extensions */ |
| #define | X86_CR4_PAE 0x0020 /* enable physical address extensions */ |
| #define | X86_CR4_MCE 0x0040 /* Machine check enable */ |
| #define | X86_CR4_PGE 0x0080 /* enable global pages */ |
| #define | X86_CR4_PCE 0x0100 /* enable performance counters at ipl 3 */ |
| #define | X86_CR4_OSFXSR 0x0200 /* enable fast FPU save and restore */ |
| #define | X86_CR4_OSXMMEXCPT 0x0400 /* enable unmasked SSE exceptions */ |
| #define | X86_CR4_VMXE 0x2000 /* enable VMX */ |
| #define | X86_FLAGS_CF (1 << 0) |
| EFLAGS/RFLAGS. | |
| #define | X86_FLAGS_PF (1 << 2) |
| #define | X86_FLAGS_AF (1 << 4) |
| #define | X86_FLAGS_ZF (1 << 6) |
| #define | X86_FLAGS_SF (1 << 7) |
| #define | X86_FLAGS_TF (1 << 8) |
| #define | X86_FLAGS_IF (1 << 9) |
| #define | X86_FLAGS_DF (1 << 10) |
| #define | X86_FLAGS_OF (1 << 11) |
| #define | X86_FLAGS_STATUS_MASK (0xfff) |
| #define | X86_FLAGS_IOPL_MASK (3 << 12) |
| #define | X86_FLAGS_IOPL_SHIFT (12) |
| #define | X86_FLAGS_IOPL_SHIFT_2ND_BIT (13) |
| #define | X86_FLAGS_NT (1 << 14) |
| #define | X86_FLAGS_RF (1 << 16) |
| #define | X86_FLAGS_VM (1 << 17) |
| #define | X86_FLAGS_AC (1 << 18) |
| #define | X86_FLAGS_VIF (1 << 19) |
| #define | X86_FLAGS_VIP (1 << 20) |
| #define | X86_FLAGS_ID (1 << 21) |
| #define | X86_FLAGS_RESERVED_ONES 0x2 |
| #define | X86_FLAGS_RESERVED 0xffc0802a |
| #define | X86_FLAGS_RESERVED_BITS 0xffc38028 |
| #define | X86_FLAGS_FIXED 0x00000002 |
| #define | KGDT64_NULL (0 * 16) |
| #define | KGDT64_R0_CODE (1 * 16) |
| #define | KGDT64_R0_DATA (1 * 16) + 8 |
| #define | KGDT64_R3_CMCODE (2 * 16) |
| #define | KGDT64_R3_DATA (2 * 16) + 8 |
| #define | KGDT64_R3_CODE (3 * 16) |
| #define | KGDT64_SYS_TSS (4 * 16) |
| #define | KGDT64_R3_CMTEB (5 * 16) |
| #define | KGDT64_R0_CMCODE (6 * 16) |
| #define | KGDT64_LAST (7 * 16) |
| #define | PCID_NONE 0x000 |
| PCID Flags. | |
| #define | PCID_MASK 0x003 |
| #define | CPUID_HV_VENDOR_AND_MAX_FUNCTIONS 0x40000000 |
| The Microsoft Hypervisor interface defined constants. | |
| #define | CPUID_HV_INTERFACE 0x40000001 |
| #define | CPUID_ADDR_WIDTH 0x80000008 |
| Cpuid to get virtual address width. | |
| #define | CPUID_PROCESSOR_AND_PROCESSOR_FEATURE_IDENTIFIERS 0x00000001 |
| CPUID Features. | |
| #define | RESERVED_MSR_RANGE_LOW 0x40000000 |
| Hypervisor reserved range for RDMSR and WRMSR. | |
| #define | RESERVED_MSR_RANGE_HI 0x400000F0 |
| #define | __CPU_INDEX__ KeGetCurrentProcessorNumberEx(NULL) |
| Core Id. | |
| #define | ALIGNMENT_PAGE_SIZE 4096 |
| Alignment Size. | |
| #define | MAXIMUM_ADDRESS 0xffffffffffffffff |
| Maximum x64 Address. | |
| #define | DPL_USER 3 |
| System and User ring definitions. | |
| #define | DPL_SYSTEM 0 |
| #define | RPL_MASK 3 |
| RPL Mask. | |
| #define | BITS_PER_LONG (sizeof(unsigned long) * 8) |
| #define | ORDER_LONG (sizeof(unsigned long) == 4 ? 5 : 6) |
| #define | BITMAP_ENTRY(_nr, _bmap) ((_bmap))[(_nr) / BITS_PER_LONG] |
| #define | BITMAP_SHIFT(_nr) ((_nr) % BITS_PER_LONG) |
| #define | PAGE_OFFSET(Va) ((PVOID)((ULONG_PTR)(Va) & (PAGE_SIZE - 1))) |
| Offset from a page's 4096 bytes. | |
| #define | _XBEGIN_STARTED (~0u) |
| Intel TSX Constants. | |
| #define | _XABORT_EXPLICIT (1 << 0) |
| #define | _XABORT_RETRY (1 << 1) |
| #define | _XABORT_CONFLICT (1 << 2) |
| #define | _XABORT_CAPACITY (1 << 3) |
| #define | _XABORT_DEBUG (1 << 4) |
| #define | _XABORT_NESTED (1 << 5) |
| #define | _XABORT_CODE(x) (((x) >> 24) & 0xFF) |
Typedefs | |
| typedef enum _SEGMENT_REGISTERS | SEGMENT_REGISTERS |
| Segment selector registers in x86. | |
| typedef SEGMENT_DESCRIPTOR_32 * | PSEGMENT_DESCRIPTOR |
| typedef struct _CPUID | CPUID |
| CPUID Registers. | |
| typedef struct _CPUID * | PCPUID |
| typedef union _CR_FIXED | CR_FIXED |
| typedef union _CR_FIXED * | PCR_FIXED |
| typedef struct _NT_KPROCESS | NT_KPROCESS |
| KPROCESS Brief structure. | |
| typedef struct _NT_KPROCESS * | PNT_KPROCESS |
| typedef void(* | RunOnLogicalCoreFunc) (ULONG ProcessorId) |
| Prototype to run a function on a logical core. | |
Enumerations | |
| enum | _SEGMENT_REGISTERS { ES = 0 , CS , SS , DS , FS , GS , LDTR , TR } |
| Segment selector registers in x86. More... | |
Functions | |
| UCHAR * | PsGetProcessImageFileName (IN PEPROCESS Process) |
| BOOLEAN | CommonAffinityBroadcastToProcessors (_In_ ULONG ProcessorNumber, _In_ RunOnLogicalCoreFunc Routine) |
| BOOLEAN | CommonIsStringStartsWith (const char *pre, const char *str) |
| Detects whether the string starts with another string. | |
| BOOLEAN | CommonIsGuestOnUsermode32Bit () |
| determines if the guest was in 32-bit user-mode or 64-bit (long mode) | |
| PCHAR | CommonGetProcessNameFromProcessControlBlock (PEPROCESS eprocess) |
| Get process name by eprocess. | |
| VOID | CommonCpuidInstruction (UINT32 Func, UINT32 SubFunc, int *CpuInfo) |
| Get cpuid results. | |
| VOID | CommonWriteDebugInformation (VIRTUAL_MACHINE_STATE *VCpu) |
| Produce debug information from unrecoverable bugs. | |
Header files for common functions.
| #define __CPU_INDEX__ KeGetCurrentProcessorNumberEx(NULL) |
Core Id.
| #define _XABORT_CAPACITY (1 << 3) |
| #define _XABORT_CONFLICT (1 << 2) |
| #define _XABORT_DEBUG (1 << 4) |
| #define _XABORT_EXPLICIT (1 << 0) |
| #define _XABORT_NESTED (1 << 5) |
| #define _XABORT_RETRY (1 << 1) |
| #define _XBEGIN_STARTED (~0u) |
Intel TSX Constants.
| #define ALIGNMENT_PAGE_SIZE 4096 |
Alignment Size.
| #define APC_LEVEL 1 |
| #define BITMAP_ENTRY | ( | _nr, | |
| _bmap ) ((_bmap))[(_nr) / BITS_PER_LONG] |
| #define BITMAP_SHIFT | ( | _nr | ) | ((_nr) % BITS_PER_LONG) |
| #define BITS_PER_LONG (sizeof(unsigned long) * 8) |
| #define CLOCK_LEVEL 13 |
| #define CMCI_LEVEL 5 |
| #define CPUID_ADDR_WIDTH 0x80000008 |
Cpuid to get virtual address width.
| #define CPUID_HV_INTERFACE 0x40000001 |
| #define CPUID_HV_VENDOR_AND_MAX_FUNCTIONS 0x40000000 |
The Microsoft Hypervisor interface defined constants.
| #define CPUID_PROCESSOR_AND_PROCESSOR_FEATURE_IDENTIFIERS 0x00000001 |
CPUID Features.
| #define DISPATCH_LEVEL 2 |
| #define DPL_SYSTEM 0 |
| #define DPL_USER 3 |
System and User ring definitions.
| #define DRS_LEVEL 14 |
| #define HIGH_LEVEL 15 |
| #define IPI_LEVEL 14 |
| #define KGDT64_LAST (7 * 16) |
| #define KGDT64_NULL (0 * 16) |
| #define KGDT64_R0_CMCODE (6 * 16) |
| #define KGDT64_R0_CODE (1 * 16) |
| #define KGDT64_R0_DATA (1 * 16) + 8 |
| #define KGDT64_R3_CMCODE (2 * 16) |
| #define KGDT64_R3_CMTEB (5 * 16) |
| #define KGDT64_R3_CODE (3 * 16) |
| #define KGDT64_R3_DATA (2 * 16) + 8 |
| #define KGDT64_SYS_TSS (4 * 16) |
| #define LOW_LEVEL 0 |
| #define MAXIMUM_ADDRESS 0xffffffffffffffff |
Maximum x64 Address.
| #define ORDER_LONG (sizeof(unsigned long) == 4 ? 5 : 6) |
| #define PAGE_OFFSET | ( | Va | ) | ((PVOID)((ULONG_PTR)(Va) & (PAGE_SIZE - 1))) |
Offset from a page's 4096 bytes.
| #define PASSIVE_LEVEL 0 |
| #define PCID_MASK 0x003 |
| #define PCID_NONE 0x000 |
PCID Flags.
| #define POWER_LEVEL 14 |
| #define PROFILE_LEVEL 15 |
| #define RESERVED_MSR_RANGE_HI 0x400000F0 |
| #define RESERVED_MSR_RANGE_LOW 0x40000000 |
Hypervisor reserved range for RDMSR and WRMSR.
| #define RPL_MASK 3 |
RPL Mask.
| #define X86_CR0_AM 0x00040000 /* Alignment Checking (RW) */ |
| #define X86_CR0_CD 0x40000000 /* Cache Disable (RW) */ |
| #define X86_CR0_EM 0x00000004 /* Require FPU Emulation (RO) */ |
| #define X86_CR0_ET 0x00000010 /* Extension type (RO) */ |
| #define X86_CR0_MP 0x00000002 /* Monitor Coprocessor (RW) */ |
| #define X86_CR0_NE 0x00000020 /* Numeric Error Reporting (RW) */ |
| #define X86_CR0_NW 0x20000000 /* Not Write-Through (RW) */ |
| #define X86_CR0_PE 0x00000001 /* Enable Protected Mode (RW) */ |
Intel CPU flags in CR0.
| #define X86_CR0_PG 0x80000000 /* Paging */ |
| #define X86_CR0_TS 0x00000008 /* Task Switched (RW) */ |
| #define X86_CR0_WP 0x00010000 /* Supervisor Write Protect (RW) */ |
| #define X86_CR4_DE 0x0008 /* enable debugging extensions */ |
| #define X86_CR4_MCE 0x0040 /* Machine check enable */ |
| #define X86_CR4_OSFXSR 0x0200 /* enable fast FPU save and restore */ |
| #define X86_CR4_OSXMMEXCPT 0x0400 /* enable unmasked SSE exceptions */ |
| #define X86_CR4_PAE 0x0020 /* enable physical address extensions */ |
| #define X86_CR4_PCE 0x0100 /* enable performance counters at ipl 3 */ |
| #define X86_CR4_PGE 0x0080 /* enable global pages */ |
| #define X86_CR4_PSE 0x0010 /* enable page size extensions */ |
| #define X86_CR4_PVI 0x0002 /* virtual interrupts flag enable */ |
| #define X86_CR4_TSD 0x0004 /* disable time stamp at ipl 3 */ |
| #define X86_CR4_VME 0x0001 /* enable vm86 extensions */ |
Intel CPU features in CR4.
| #define X86_CR4_VMXE 0x2000 /* enable VMX */ |
| #define X86_FLAGS_AC (1 << 18) |
| #define X86_FLAGS_AF (1 << 4) |
| #define X86_FLAGS_CF (1 << 0) |
EFLAGS/RFLAGS.
| #define X86_FLAGS_DF (1 << 10) |
| #define X86_FLAGS_FIXED 0x00000002 |
| #define X86_FLAGS_ID (1 << 21) |
| #define X86_FLAGS_IF (1 << 9) |
| #define X86_FLAGS_IOPL_MASK (3 << 12) |
| #define X86_FLAGS_IOPL_SHIFT (12) |
| #define X86_FLAGS_IOPL_SHIFT_2ND_BIT (13) |
| #define X86_FLAGS_NT (1 << 14) |
| #define X86_FLAGS_OF (1 << 11) |
| #define X86_FLAGS_PF (1 << 2) |
| #define X86_FLAGS_RESERVED 0xffc0802a |
| #define X86_FLAGS_RESERVED_BITS 0xffc38028 |
| #define X86_FLAGS_RESERVED_ONES 0x2 |
| #define X86_FLAGS_RF (1 << 16) |
| #define X86_FLAGS_SF (1 << 7) |
| #define X86_FLAGS_STATUS_MASK (0xfff) |
| #define X86_FLAGS_TF (1 << 8) |
| #define X86_FLAGS_VIF (1 << 19) |
| #define X86_FLAGS_VIP (1 << 20) |
| #define X86_FLAGS_VM (1 << 17) |
| #define X86_FLAGS_ZF (1 << 6) |
| typedef struct _NT_KPROCESS NT_KPROCESS |
KPROCESS Brief structure.
| typedef struct _NT_KPROCESS * PNT_KPROCESS |
| typedef SEGMENT_DESCRIPTOR_32* PSEGMENT_DESCRIPTOR |
| typedef void(* RunOnLogicalCoreFunc) (ULONG ProcessorId) |
Prototype to run a function on a logical core.
| typedef enum _SEGMENT_REGISTERS SEGMENT_REGISTERS |
Segment selector registers in x86.
| enum _SEGMENT_REGISTERS |
| BOOLEAN CommonAffinityBroadcastToProcessors | ( | _In_ ULONG | ProcessorNumber, |
| _In_ RunOnLogicalCoreFunc | Routine ) |
Get cpuid results.
| UINT32 | Func |
| UINT32 | SubFunc |
| int | * CpuInfo |
| PCHAR CommonGetProcessNameFromProcessControlBlock | ( | PEPROCESS | Eprocess | ) |
Get process name by eprocess.
| Eprocess | Process eprocess |
| BOOLEAN CommonIsGuestOnUsermode32Bit | ( | ) |
determines if the guest was in 32-bit user-mode or 64-bit (long mode)
this function should be called from vmx-root
| BOOLEAN CommonIsStringStartsWith | ( | const char * | pre, |
| const char * | str ) |
Detects whether the string starts with another string.
| const | char * pre |
| const | char * str |
| VOID CommonWriteDebugInformation | ( | VIRTUAL_MACHINE_STATE * | VCpu | ) |
Produce debug information from unrecoverable bugs.
| VCpu | The virtual processor's state |
| UCHAR * PsGetProcessImageFileName | ( | IN PEPROCESS | Process | ) |
1.11.0