HyperDbg Debugger
Loading...
Searching...
No Matches
Common.h
Go to the documentation of this file.
1
12#pragma once
13
15// Enums //
17
33
35// Constants //
37
38/*
39 * @brief Windows IRQ Levels
40 */
41#define PASSIVE_LEVEL 0 // Passive release level
42#define LOW_LEVEL 0 // Lowest interrupt level
43#define APC_LEVEL 1 // APC interrupt level
44#define DISPATCH_LEVEL 2 // Dispatcher level
45#define CMCI_LEVEL 5 // CMCI handler level
46#define CLOCK_LEVEL 13 // Interval clock level
47#define IPI_LEVEL 14 // Interprocessor interrupt level
48#define DRS_LEVEL 14 // Deferred Recovery Service level
49#define POWER_LEVEL 14 // Power failure level
50#define PROFILE_LEVEL 15 // timer used for profiling.
51#define HIGH_LEVEL 15 // Highest interrupt level
52
56#define X86_CR0_PE 0x00000001 /* Enable Protected Mode (RW) */
57#define X86_CR0_MP 0x00000002 /* Monitor Coprocessor (RW) */
58#define X86_CR0_EM 0x00000004 /* Require FPU Emulation (RO) */
59#define X86_CR0_TS 0x00000008 /* Task Switched (RW) */
60#define X86_CR0_ET 0x00000010 /* Extension type (RO) */
61#define X86_CR0_NE 0x00000020 /* Numeric Error Reporting (RW) */
62#define X86_CR0_WP 0x00010000 /* Supervisor Write Protect (RW) */
63#define X86_CR0_AM 0x00040000 /* Alignment Checking (RW) */
64#define X86_CR0_NW 0x20000000 /* Not Write-Through (RW) */
65#define X86_CR0_CD 0x40000000 /* Cache Disable (RW) */
66#define X86_CR0_PG 0x80000000 /* Paging */
67
72#define X86_CR4_VME 0x0001 /* enable vm86 extensions */
73#define X86_CR4_PVI 0x0002 /* virtual interrupts flag enable */
74#define X86_CR4_TSD 0x0004 /* disable time stamp at ipl 3 */
75#define X86_CR4_DE 0x0008 /* enable debugging extensions */
76#define X86_CR4_PSE 0x0010 /* enable page size extensions */
77#define X86_CR4_PAE 0x0020 /* enable physical address extensions */
78#define X86_CR4_MCE 0x0040 /* Machine check enable */
79#define X86_CR4_PGE 0x0080 /* enable global pages */
80#define X86_CR4_PCE 0x0100 /* enable performance counters at ipl 3 */
81#define X86_CR4_OSFXSR 0x0200 /* enable fast FPU save and restore */
82#define X86_CR4_OSXMMEXCPT 0x0400 /* enable unmasked SSE exceptions */
83#define X86_CR4_VMXE 0x2000 /* enable VMX */
84
89#define X86_FLAGS_CF (1 << 0)
90#define X86_FLAGS_PF (1 << 2)
91#define X86_FLAGS_AF (1 << 4)
92#define X86_FLAGS_ZF (1 << 6)
93#define X86_FLAGS_SF (1 << 7)
94#define X86_FLAGS_TF (1 << 8)
95#define X86_FLAGS_IF (1 << 9)
96#define X86_FLAGS_DF (1 << 10)
97#define X86_FLAGS_OF (1 << 11)
98#define X86_FLAGS_STATUS_MASK (0xfff)
99#define X86_FLAGS_IOPL_MASK (3 << 12)
100#define X86_FLAGS_IOPL_SHIFT (12)
101#define X86_FLAGS_IOPL_SHIFT_2ND_BIT (13)
102#define X86_FLAGS_NT (1 << 14)
103#define X86_FLAGS_RF (1 << 16)
104#define X86_FLAGS_VM (1 << 17)
105#define X86_FLAGS_AC (1 << 18)
106#define X86_FLAGS_VIF (1 << 19)
107#define X86_FLAGS_VIP (1 << 20)
108#define X86_FLAGS_ID (1 << 21)
109#define X86_FLAGS_RESERVED_ONES 0x2
110#define X86_FLAGS_RESERVED 0xffc0802a
111
112#define X86_FLAGS_RESERVED_BITS 0xffc38028
113#define X86_FLAGS_FIXED 0x00000002
114
116// Constants //
118
119/*
120 * @brief Segment register and corresponding GDT meaning in Windows
121 */
122#define KGDT64_NULL (0 * 16) // NULL descriptor
123#define KGDT64_R0_CODE (1 * 16) // kernel mode 64-bit code
124#define KGDT64_R0_DATA (1 * 16) + 8 // kernel mode 64-bit data (stack)
125#define KGDT64_R3_CMCODE (2 * 16) // user mode 32-bit code
126#define KGDT64_R3_DATA (2 * 16) + 8 // user mode 32-bit data
127#define KGDT64_R3_CODE (3 * 16) // user mode 64-bit code
128#define KGDT64_SYS_TSS (4 * 16) // kernel mode system task state
129#define KGDT64_R3_CMTEB (5 * 16) // user mode 32-bit TEB
130#define KGDT64_R0_CMCODE (6 * 16) // kernel mode 32-bit code
131#define KGDT64_LAST (7 * 16) // last entry
132
137#define PCID_NONE 0x000
138#define PCID_MASK 0x003
139
144#define CPUID_HV_VENDOR_AND_MAX_FUNCTIONS 0x40000000
145#define CPUID_HV_INTERFACE 0x40000001
146
151#define CPUID_ADDR_WIDTH 0x80000008
152
157#define CPUID_PROCESSOR_AND_PROCESSOR_FEATURE_IDENTIFIERS 0x00000001
158
163#define RESERVED_MSR_RANGE_LOW 0x40000000
164#define RESERVED_MSR_RANGE_HI 0x400000F0
165
170#define __CPU_INDEX__ KeGetCurrentProcessorNumberEx(NULL)
171
176#define ALIGNMENT_PAGE_SIZE 4096
177
182#define MAXIMUM_ADDRESS 0xffffffffffffffff
183
188#define DPL_USER 3
189#define DPL_SYSTEM 0
190
195#define RPL_MASK 3
196
197#define BITS_PER_LONG (sizeof(unsigned long) * 8)
198#define ORDER_LONG (sizeof(unsigned long) == 4 ? 5 : 6)
199
200#define BITMAP_ENTRY(_nr, _bmap) ((_bmap))[(_nr) / BITS_PER_LONG]
201#define BITMAP_SHIFT(_nr) ((_nr) % BITS_PER_LONG)
202
207#define PAGE_OFFSET(Va) ((PVOID)((ULONG_PTR)(Va) & (PAGE_SIZE - 1)))
208
213#define _XBEGIN_STARTED (~0u)
214#define _XABORT_EXPLICIT (1 << 0)
215#define _XABORT_RETRY (1 << 1)
216#define _XABORT_CONFLICT (1 << 2)
217#define _XABORT_CAPACITY (1 << 3)
218#define _XABORT_DEBUG (1 << 4)
219#define _XABORT_NESTED (1 << 5)
220
221#ifndef _XABORT_CODE
222# define _XABORT_CODE(x) (((x) >> 24) & 0xFF)
223#endif // !_XABORT_CODE
224
226// Structures //
228
229typedef SEGMENT_DESCRIPTOR_32 * PSEGMENT_DESCRIPTOR;
230
235typedef struct _CPUID
236{
237 int eax;
238 int ebx;
239 int ecx;
240 int edx;
241} CPUID, *PCPUID;
242
243typedef union _CR_FIXED
244{
245 UINT64 Flags;
246
247 struct
248 {
249 unsigned long Low;
250 long High;
251
252 } Fields;
253
254} CR_FIXED, *PCR_FIXED;
255
257// Windows-specific structures //
259
264typedef struct _NT_KPROCESS
265{
266 DISPATCHER_HEADER Header;
267 LIST_ENTRY ProfileListHead;
268 ULONG_PTR DirectoryTableBase;
269 UCHAR Data[1];
270} NT_KPROCESS, *PNT_KPROCESS;
271
273// Function Types //
275
280typedef void (*RunOnLogicalCoreFunc)(ULONG ProcessorId);
281
283// External Functions //
285
286UCHAR *
287PsGetProcessImageFileName(IN PEPROCESS Process);
288
290// Function Definitions //
292
293// ----------------------------------------------------------------------------
294// Private Interfaces
295//
296
297static NTSTATUS
298CommonGetHandleFromProcess(_In_ UINT32 ProcessId, _Out_ PHANDLE Handle);
299
300// ----------------------------------------------------------------------------
301// Public Interfaces
302//
303
304BOOLEAN
305CommonAffinityBroadcastToProcessors(_In_ ULONG ProcessorNumber, _In_ RunOnLogicalCoreFunc Routine);
306
307BOOLEAN
308CommonIsStringStartsWith(const char * pre, const char * str);
309
310BOOLEAN
311CommonIsGuestOnUsermode32Bit();
312
313PCHAR
314CommonGetProcessNameFromProcessControlBlock(PEPROCESS eprocess);
315
316VOID
317CommonCpuidInstruction(UINT32 Func, UINT32 SubFunc, int * CpuInfo);
318
319VOID
320CommonWriteDebugInformation(VIRTUAL_MACHINE_STATE * VCpu);
BOOLEAN
UCHAR BOOLEAN
Definition BasicTypes.h:39
UCHAR
unsigned char UCHAR
Definition BasicTypes.h:35
VOID
#define VOID
Definition BasicTypes.h:33
UINT64
unsigned __int64 UINT64
Definition BasicTypes.h:21
UINT32
unsigned int UINT32
Definition BasicTypes.h:48
ULONG
unsigned long ULONG
Definition BasicTypes.h:37
CommonIsGuestOnUsermode32Bit
BOOLEAN CommonIsGuestOnUsermode32Bit()
determines if the guest was in 32-bit user-mode or 64-bit (long mode)
Definition Common.c:97
CommonCpuidInstruction
VOID CommonCpuidInstruction(UINT32 Func, UINT32 SubFunc, int *CpuInfo)
Get cpuid results.
Definition Common.c:85
CPUID
struct _CPUID CPUID
CPUID Registers.
CommonIsStringStartsWith
BOOLEAN CommonIsStringStartsWith(const char *pre, const char *str)
Detects whether the string starts with another string.
Definition Common.c:69
PCR_FIXED
union _CR_FIXED * PCR_FIXED
PSEGMENT_DESCRIPTOR
SEGMENT_DESCRIPTOR_32 * PSEGMENT_DESCRIPTOR
Definition Common.h:229
PNT_KPROCESS
struct _NT_KPROCESS * PNT_KPROCESS
_SEGMENT_REGISTERS
_SEGMENT_REGISTERS
Segment selector registers in x86.
Definition Common.h:23
TR
@ TR
Definition Common.h:31
LDTR
@ LDTR
Definition Common.h:30
FS
@ FS
Definition Common.h:28
ES
@ ES
Definition Common.h:24
CS
@ CS
Definition Common.h:25
GS
@ GS
Definition Common.h:29
DS
@ DS
Definition Common.h:27
SS
@ SS
Definition Common.h:26
SEGMENT_REGISTERS
enum _SEGMENT_REGISTERS SEGMENT_REGISTERS
Segment selector registers in x86.
PCPUID
struct _CPUID * PCPUID
CommonGetProcessNameFromProcessControlBlock
PCHAR CommonGetProcessNameFromProcessControlBlock(PEPROCESS eprocess)
Get process name by eprocess.
Definition Common.c:48
CommonWriteDebugInformation
VOID CommonWriteDebugInformation(VIRTUAL_MACHINE_STATE *VCpu)
Produce debug information from unrecoverable bugs.
Definition Common.c:149
CommonAffinityBroadcastToProcessors
BOOLEAN CommonAffinityBroadcastToProcessors(_In_ ULONG ProcessorNumber, _In_ RunOnLogicalCoreFunc Routine)
NT_KPROCESS
struct _NT_KPROCESS NT_KPROCESS
KPROCESS Brief structure.
PsGetProcessImageFileName
UCHAR * PsGetProcessImageFileName(IN PEPROCESS Process)
RunOnLogicalCoreFunc
void(* RunOnLogicalCoreFunc)(ULONG ProcessorId)
Prototype to run a function on a logical core.
Definition Common.h:280
CR_FIXED
union _CR_FIXED CR_FIXED
_CPUID
CPUID Registers.
Definition Common.h:236
_CPUID::ebx
int ebx
Definition Common.h:238
_CPUID::eax
int eax
Definition Common.h:237
_CPUID::edx
int edx
Definition Common.h:240
_CPUID::ecx
int ecx
Definition Common.h:239
_NT_KPROCESS
KPROCESS Brief structure.
Definition Common.h:265
_NT_KPROCESS::DirectoryTableBase
ULONG_PTR DirectoryTableBase
Definition Common.h:268
_NT_KPROCESS::Data
UCHAR Data[1]
Definition Common.h:269
_NT_KPROCESS::Header
DISPATCHER_HEADER Header
Definition Common.h:266
_NT_KPROCESS::ProfileListHead
LIST_ENTRY ProfileListHead
Definition Common.h:267
_VIRTUAL_MACHINE_STATE
The status of each core after and before VMX.
Definition State.h:290
_CR_FIXED
Definition Common.h:244
_CR_FIXED::Low
unsigned long Low
Definition Common.h:249
_CR_FIXED::Fields
struct _CR_FIXED::@0 Fields
_CR_FIXED::Flags
UINT64 Flags
Definition Common.h:245
_CR_FIXED::High
long High
Definition Common.h:250