|
HyperDbg Debugger
|
Here we put global variables that are used more or less in all part of our hypervisor (not all of them). More...
Go to the source code of this file.
Variables | |
| COMPATIBILITY_CHECKS_STATUS | g_CompatibilityCheck |
| Different attributes and compatibility checks of the current processor. | |
| VMM_CALLBACKS | g_Callbacks |
| List of callbacks. | |
| VIRTUAL_MACHINE_STATE * | g_GuestState |
| Save the state and variables related to virtualization on each to logical core. | |
| MEMORY_MAPPER_ADDRESSES * | g_MemoryMapper |
| Save the state of memory mapper. | |
| EPT_STATE * | g_EptState |
| Save the state and variables related to EPT. | |
| LIST_ENTRY | g_EptHook2sDetourListHead |
| List header of hidden hooks detour. | |
| BOOLEAN | g_IsEptHook2sDetourListInitialized |
| List header of hidden hooks detour. | |
| VOID * | g_ApicBase |
| Local APIC Base. | |
| VOID * | g_IoApicBase |
| I/O APIC Base. | |
| BOOLEAN | g_NmiBroadcastingInitialized |
| check for broadcasting NMI mechanism support and its initialization | |
| PVOID | g_NmiHandlerForKeDeregisterNmiCallback |
| NMI handler pointer for KeDeregisterNmiCallback. | |
| BOOLEAN | g_IsUnsafeSyscallOrSysretHandling |
| Shows whether the debuggee is waiting for an trap step or not. | |
| UINT64 * | g_MsrBitmapInvalidMsrs |
| Bitmap of MSRs that cause #GP. | |
| BOOLEAN | g_ModeBasedExecutionControlState |
| Enable interception of Cr3 for Mode-based Execution detection. | |
| SYSCALL_CALLBACK_TRAP_FLAG_STATE * | g_SyscallCallbackTrapFlagState |
| State of syscall callback trap flags. | |
| BOOLEAN | g_SyscallCallbackStatus |
| Shows whether the syscall callback is enabled or not. | |
| PVOID | g_SystemCallHookAddress |
| Target hook address for the system call handler. | |
| BOOLEAN | g_CheckForFootprints |
| Shows whether the footprints (anti-debugging and anti-hypervisor) should be checked or not. | |
| BOOLEAN | g_TriggerEventForVmcalls |
| Showes whether the vmcall handler is allowed to trigger an event or not. | |
| BOOLEAN | g_TriggerEventForCpuids |
| Showes whether the cpuid handler is allowed to trigger an event or not. | |
| BOOLEAN | g_TriggerEventForXsetbvs |
| BOOLEAN | g_ExecTrapInitialized |
| Showes whether the execution trap handler is allowed to trigger an event or not. | |
| BOOLEAN | g_ExecTrapUnInitializationStarted |
| Showes whether the uninitialization of the exec trap is started or not. | |
| USER_KERNEL_EXECUTION_TRAP_STATE | g_ExecTrapState |
| State of the trap-flag. | |
| BOOLEAN | g_IsInterceptingInstructions |
| Test value for intercepting instructions. | |
| BOOLEAN | g_WaitingForInterruptWindowToInjectPageFault |
| Shows whether the VMM is waiting to inject a page-fault or not. | |
| UINT64 | g_PageFaultInjectionAddressFrom |
| The (from) address for page-fault injection. | |
| UINT64 | g_PageFaultInjectionAddressTo |
| The (to) address for page-fault injection. | |
| UINT32 | g_PageFaultInjectionErrorCode |
| The error code for page-fault injection. | |
| BOOLEAN | g_IsVpidSupported |
| Whether VPID is supported or not. | |
| BOOLEAN | g_IsTopLevelHypervisorHyperV |
| Whether the top level hypervisor is Hyper-V or not. | |
Here we put global variables that are used more or less in all part of our hypervisor (not all of them).
Note : All the global variables are not here, just those that will be used in all project. Special use global variables are located in their corresponding headers
| VOID* g_ApicBase |
Local APIC Base.
| VMM_CALLBACKS g_Callbacks |
List of callbacks.
| BOOLEAN g_CheckForFootprints |
Shows whether the footprints (anti-debugging and anti-hypervisor) should be checked or not.
| COMPATIBILITY_CHECKS_STATUS g_CompatibilityCheck |
Different attributes and compatibility checks of the current processor.
| LIST_ENTRY g_EptHook2sDetourListHead |
List header of hidden hooks detour.
| EPT_STATE* g_EptState |
Save the state and variables related to EPT.
| BOOLEAN g_ExecTrapInitialized |
Showes whether the execution trap handler is allowed to trigger an event or not.
| USER_KERNEL_EXECUTION_TRAP_STATE g_ExecTrapState |
State of the trap-flag.
| BOOLEAN g_ExecTrapUnInitializationStarted |
Showes whether the uninitialization of the exec trap is started or not.
| VIRTUAL_MACHINE_STATE* g_GuestState |
Save the state and variables related to virtualization on each to logical core.
| VOID* g_IoApicBase |
I/O APIC Base.
| BOOLEAN g_IsEptHook2sDetourListInitialized |
List header of hidden hooks detour.
| BOOLEAN g_IsInterceptingInstructions |
Test value for intercepting instructions.
| BOOLEAN g_IsTopLevelHypervisorHyperV |
Whether the top level hypervisor is Hyper-V or not.
| BOOLEAN g_IsUnsafeSyscallOrSysretHandling |
Shows whether the debuggee is waiting for an trap step or not.
| BOOLEAN g_IsVpidSupported |
Whether VPID is supported or not.
| MEMORY_MAPPER_ADDRESSES* g_MemoryMapper |
Save the state of memory mapper.
| BOOLEAN g_ModeBasedExecutionControlState |
Enable interception of Cr3 for Mode-based Execution detection.
| UINT64* g_MsrBitmapInvalidMsrs |
Bitmap of MSRs that cause #GP.
| BOOLEAN g_NmiBroadcastingInitialized |
check for broadcasting NMI mechanism support and its initialization
| PVOID g_NmiHandlerForKeDeregisterNmiCallback |
NMI handler pointer for KeDeregisterNmiCallback.
| UINT64 g_PageFaultInjectionAddressFrom |
The (from) address for page-fault injection.
| UINT64 g_PageFaultInjectionAddressTo |
The (to) address for page-fault injection.
| UINT32 g_PageFaultInjectionErrorCode |
The error code for page-fault injection.
| BOOLEAN g_SyscallCallbackStatus |
Shows whether the syscall callback is enabled or not.
| SYSCALL_CALLBACK_TRAP_FLAG_STATE* g_SyscallCallbackTrapFlagState |
State of syscall callback trap flags.
| PVOID g_SystemCallHookAddress |
Target hook address for the system call handler.
| BOOLEAN g_TriggerEventForCpuids |
Showes whether the cpuid handler is allowed to trigger an event or not.
| BOOLEAN g_TriggerEventForVmcalls |
Showes whether the vmcall handler is allowed to trigger an event or not.
| BOOLEAN g_TriggerEventForXsetbvs |
| BOOLEAN g_WaitingForInterruptWindowToInjectPageFault |
Shows whether the VMM is waiting to inject a page-fault or not.