HyperDbg Debugger
Loading...
Searching...
No Matches
GlobalVariables.h File Reference

Here we put global variables that are used more or less in all part of our hypervisor (not all of them). More...

Go to the source code of this file.

Variables

COMPATIBILITY_CHECKS_STATUS g_CompatibilityCheck
 Different attributes and compatibility checks of the current processor.
VMM_CALLBACKS g_Callbacks
 List of callbacks.
VIRTUAL_MACHINE_STATEg_GuestState
 Save the state and variables related to virtualization on each to logical core.
MEMORY_MAPPER_ADDRESSESg_MemoryMapper
 Save the state of memory mapper.
EPT_STATEg_EptState
 Save the state and variables related to EPT.
LIST_ENTRY g_EptHook2sDetourListHead
 List header of hidden hooks detour.
BOOLEAN g_IsEptHook2sDetourListInitialized
 List header of hidden hooks detour.
VOID * g_ApicBase
 Local APIC Base.
VOID * g_IoApicBase
 I/O APIC Base.
BOOLEAN g_NmiBroadcastingInitialized
 check for broadcasting NMI mechanism support and its initialization
PVOID g_NmiHandlerForKeDeregisterNmiCallback
 NMI handler pointer for KeDeregisterNmiCallback.
BOOLEAN g_IsUnsafeSyscallOrSysretHandling
 Shows whether the debuggee is waiting for an trap step or not.
UINT64 * g_MsrBitmapInvalidMsrs
 Bitmap of MSRs that cause #GP.
BOOLEAN g_ModeBasedExecutionControlState
 Enable interception of Cr3 for Mode-based Execution detection.
SYSCALL_CALLBACK_TRAP_FLAG_STATEg_SyscallCallbackTrapFlagState
 State of syscall callback trap flags.
BOOLEAN g_SyscallCallbackStatus
 Shows whether the syscall callback is enabled or not.
PVOID g_SystemCallHookAddress
 Target hook address for the system call handler.
BOOLEAN g_CheckForFootprints
 Shows whether the footprints (anti-debugging and anti-hypervisor) should be checked or not.
BOOLEAN g_TriggerEventForVmcalls
 Showes whether the vmcall handler is allowed to trigger an event or not.
BOOLEAN g_TriggerEventForCpuids
 Showes whether the cpuid handler is allowed to trigger an event or not.
BOOLEAN g_TriggerEventForXsetbvs
BOOLEAN g_ExecTrapInitialized
 Showes whether the execution trap handler is allowed to trigger an event or not.
BOOLEAN g_ExecTrapUnInitializationStarted
 Showes whether the uninitialization of the exec trap is started or not.
USER_KERNEL_EXECUTION_TRAP_STATE g_ExecTrapState
 State of the trap-flag.
BOOLEAN g_IsInterceptingInstructions
 Test value for intercepting instructions.
BOOLEAN g_WaitingForInterruptWindowToInjectPageFault
 Shows whether the VMM is waiting to inject a page-fault or not.
UINT64 g_PageFaultInjectionAddressFrom
 The (from) address for page-fault injection.
UINT64 g_PageFaultInjectionAddressTo
 The (to) address for page-fault injection.
UINT32 g_PageFaultInjectionErrorCode
 The error code for page-fault injection.
BOOLEAN g_IsVpidSupported
 Whether VPID is supported or not.
BOOLEAN g_IsTopLevelHypervisorHyperV
 Whether the top level hypervisor is Hyper-V or not.

Detailed Description

Here we put global variables that are used more or less in all part of our hypervisor (not all of them).

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)

Note : All the global variables are not here, just those that will be used in all project. Special use global variables are located in their corresponding headers

Version
0.1
Date
2020-04-11

Variable Documentation

◆ g_ApicBase

VOID* g_ApicBase

Local APIC Base.

◆ g_Callbacks

VMM_CALLBACKS g_Callbacks

List of callbacks.

◆ g_CheckForFootprints

BOOLEAN g_CheckForFootprints

Shows whether the footprints (anti-debugging and anti-hypervisor) should be checked or not.

◆ g_CompatibilityCheck

COMPATIBILITY_CHECKS_STATUS g_CompatibilityCheck

Different attributes and compatibility checks of the current processor.

◆ g_EptHook2sDetourListHead

LIST_ENTRY g_EptHook2sDetourListHead

List header of hidden hooks detour.

◆ g_EptState

EPT_STATE* g_EptState

Save the state and variables related to EPT.

◆ g_ExecTrapInitialized

BOOLEAN g_ExecTrapInitialized

Showes whether the execution trap handler is allowed to trigger an event or not.

◆ g_ExecTrapState

State of the trap-flag.

◆ g_ExecTrapUnInitializationStarted

BOOLEAN g_ExecTrapUnInitializationStarted

Showes whether the uninitialization of the exec trap is started or not.

◆ g_GuestState

VIRTUAL_MACHINE_STATE* g_GuestState

Save the state and variables related to virtualization on each to logical core.

◆ g_IoApicBase

VOID* g_IoApicBase

I/O APIC Base.

◆ g_IsEptHook2sDetourListInitialized

BOOLEAN g_IsEptHook2sDetourListInitialized

List header of hidden hooks detour.

◆ g_IsInterceptingInstructions

BOOLEAN g_IsInterceptingInstructions

Test value for intercepting instructions.

◆ g_IsTopLevelHypervisorHyperV

BOOLEAN g_IsTopLevelHypervisorHyperV

Whether the top level hypervisor is Hyper-V or not.

◆ g_IsUnsafeSyscallOrSysretHandling

BOOLEAN g_IsUnsafeSyscallOrSysretHandling

Shows whether the debuggee is waiting for an trap step or not.

◆ g_IsVpidSupported

BOOLEAN g_IsVpidSupported

Whether VPID is supported or not.

◆ g_MemoryMapper

MEMORY_MAPPER_ADDRESSES* g_MemoryMapper

Save the state of memory mapper.

◆ g_ModeBasedExecutionControlState

BOOLEAN g_ModeBasedExecutionControlState

Enable interception of Cr3 for Mode-based Execution detection.

◆ g_MsrBitmapInvalidMsrs

UINT64* g_MsrBitmapInvalidMsrs

Bitmap of MSRs that cause #GP.

◆ g_NmiBroadcastingInitialized

BOOLEAN g_NmiBroadcastingInitialized

check for broadcasting NMI mechanism support and its initialization

◆ g_NmiHandlerForKeDeregisterNmiCallback

PVOID g_NmiHandlerForKeDeregisterNmiCallback

NMI handler pointer for KeDeregisterNmiCallback.

◆ g_PageFaultInjectionAddressFrom

UINT64 g_PageFaultInjectionAddressFrom

The (from) address for page-fault injection.

◆ g_PageFaultInjectionAddressTo

UINT64 g_PageFaultInjectionAddressTo

The (to) address for page-fault injection.

◆ g_PageFaultInjectionErrorCode

UINT32 g_PageFaultInjectionErrorCode

The error code for page-fault injection.

◆ g_SyscallCallbackStatus

BOOLEAN g_SyscallCallbackStatus

Shows whether the syscall callback is enabled or not.

◆ g_SyscallCallbackTrapFlagState

SYSCALL_CALLBACK_TRAP_FLAG_STATE* g_SyscallCallbackTrapFlagState

State of syscall callback trap flags.

◆ g_SystemCallHookAddress

PVOID g_SystemCallHookAddress

Target hook address for the system call handler.

◆ g_TriggerEventForCpuids

BOOLEAN g_TriggerEventForCpuids

Showes whether the cpuid handler is allowed to trigger an event or not.

◆ g_TriggerEventForVmcalls

BOOLEAN g_TriggerEventForVmcalls

Showes whether the vmcall handler is allowed to trigger an event or not.

◆ g_TriggerEventForXsetbvs

BOOLEAN g_TriggerEventForXsetbvs

◆ g_WaitingForInterruptWindowToInjectPageFault

BOOLEAN g_WaitingForInterruptWindowToInjectPageFault

Shows whether the VMM is waiting to inject a page-fault or not.