HyperDbg Debugger
Loading...
Searching...
No Matches
Functions | Variables
DpcRoutines.c File Reference

All the dpc routines which relates to executing on a single core for multi-core you can use Broadcast.c. More...

#include "pch.h"

Functions

NTSTATUS DpcRoutineRunTaskOnSingleCore (UINT32 CoreNumber, PVOID Routine, PVOID DeferredContext)
 This function synchronize the function execution for a single core You should only used it for one core, not in multiple threads simultaneously The function that needs to use this feature (Routine parameter function) should have the when it ends :
 
VOID DpcRoutinePerformWriteMsr (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Broadcast msr write.
 
VOID DpcRoutinePerformReadMsr (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Broadcast msr read.
 
VOID DpcRoutineWriteMsrToAllCores (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Broadcast Msr Write.
 
VOID DpcRoutineReadMsrToAllCores (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 Broadcast Msr read.
 
VOID DpcRoutineVmExitAndHaltSystemAllCores (KDPC *Dpc, PVOID DeferredContext, PVOID SystemArgument1, PVOID SystemArgument2)
 vm-exit and halt the system
 

Variables

volatile LONG OneCoreLock
 lock for one core execution
 

Detailed Description

All the dpc routines which relates to executing on a single core for multi-core you can use Broadcast.c.

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.1
Date
2020-04-29
Copyright
This project is released under the GNU Public License v3.

Function Documentation

◆ DpcRoutinePerformReadMsr()

VOID DpcRoutinePerformReadMsr ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Broadcast msr read.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
161{
162 ULONG CurrentCore = KeGetCurrentProcessorNumberEx(NULL);
163 PROCESSOR_DEBUGGING_STATE * CurrentDebuggingState = &g_DbgState[CurrentCore];
164
165 UNREFERENCED_PARAMETER(Dpc);
166 UNREFERENCED_PARAMETER(DeferredContext);
167 UNREFERENCED_PARAMETER(SystemArgument1);
168 UNREFERENCED_PARAMETER(SystemArgument2);
169
170 //
171 // read on MSR
172 //
173 CurrentDebuggingState->MsrState.Value = __readmsr(CurrentDebuggingState->MsrState.Msr);
174
175 //
176 // As this function is designed for a single,
177 // we have to release the synchronization lock here
178 //
179 SpinlockUnlock(&OneCoreLock);
180}
ULONG
unsigned long ULONG
Definition BasicTypes.h:37
SpinlockUnlock
void SpinlockUnlock(volatile LONG *Lock)
Release the lock.
Definition Spinlock.c:158
OneCoreLock
volatile LONG OneCoreLock
lock for one core execution
Definition DpcRoutines.c:19
g_DbgState
PROCESSOR_DEBUGGING_STATE * g_DbgState
Save the state and variables related to debugging on each to logical core.
Definition Global.h:17
_PROCESSOR_DEBUGGING_MSR_READ_OR_WRITE::Msr
UINT64 Msr
Definition State.h:24
_PROCESSOR_DEBUGGING_MSR_READ_OR_WRITE::Value
UINT64 Value
Definition State.h:25
_PROCESSOR_DEBUGGING_STATE
Saves the debugger state.
Definition State.h:165
_PROCESSOR_DEBUGGING_STATE::MsrState
PROCESSOR_DEBUGGING_MSR_READ_OR_WRITE MsrState
Definition State.h:172

◆ DpcRoutinePerformWriteMsr()

VOID DpcRoutinePerformWriteMsr ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Broadcast msr write.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
129{
130 ULONG CurrentCore = KeGetCurrentProcessorNumberEx(NULL);
131 PROCESSOR_DEBUGGING_STATE * CurrentDebuggingState = &g_DbgState[CurrentCore];
132
133 UNREFERENCED_PARAMETER(Dpc);
134 UNREFERENCED_PARAMETER(DeferredContext);
135 UNREFERENCED_PARAMETER(SystemArgument1);
136 UNREFERENCED_PARAMETER(SystemArgument2);
137
138 //
139 // write on MSR
140 //
141 __writemsr(CurrentDebuggingState->MsrState.Msr, CurrentDebuggingState->MsrState.Value);
142
143 //
144 // As this function is designed for a single,
145 // we have to release the synchronization lock here
146 //
147 SpinlockUnlock(&OneCoreLock);
148}

◆ DpcRoutineReadMsrToAllCores()

VOID DpcRoutineReadMsrToAllCores ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Broadcast Msr read.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
227{
228 ULONG CurrentCore = KeGetCurrentProcessorNumberEx(NULL);
229 PROCESSOR_DEBUGGING_STATE * CurrentDebuggingState = &g_DbgState[CurrentCore];
230
231 UNREFERENCED_PARAMETER(Dpc);
232 UNREFERENCED_PARAMETER(DeferredContext);
233
234 //
235 // read msr
236 //
237 CurrentDebuggingState->MsrState.Value = __readmsr(CurrentDebuggingState->MsrState.Msr);
238
239 //
240 // Wait for all DPCs to synchronize at this point
241 //
242 KeSignalCallDpcSynchronize(SystemArgument2);
243
244 //
245 // Mark the DPC as being complete
246 //
247 KeSignalCallDpcDone(SystemArgument1);
248}

◆ DpcRoutineRunTaskOnSingleCore()

NTSTATUS DpcRoutineRunTaskOnSingleCore ( UINT32 CoreNumber,
PVOID Routine,
PVOID DeferredContext )

This function synchronize the function execution for a single core You should only used it for one core, not in multiple threads simultaneously The function that needs to use this feature (Routine parameter function) should have the when it ends : 

         SpinlockUnlock(&OneCoreLock);
Parameters
CoreNumbercore number that the target function should run on it
Routinethe target function that should be ran
DeferredContextan optional parameter to Routine
Returns
NTSTATUS
36{
37 PRKDPC Dpc;
38 ULONG ProcessorsCount;
39
40 ProcessorsCount = KeQueryActiveProcessorCount(0);
41
42 //
43 // Check if the core number is not invalid
44 //
45 if (CoreNumber >= ProcessorsCount)
46 {
47 return STATUS_INVALID_PARAMETER;
48 }
49
50 //
51 // Allocate Memory for DPC
52 //
53 Dpc = PlatformMemAllocateZeroedNonPagedPool(sizeof(KDPC));
54
55 if (!Dpc)
56 {
57 return STATUS_INSUFFICIENT_RESOURCES;
58 }
59
60 //
61 // Creating a DPC that will run on the target process
62 //
63 KeInitializeDpc(Dpc, // Dpc
64 (PKDEFERRED_ROUTINE)Routine, // DeferredRoutine
65 DeferredContext // DeferredContext
66 );
67
68 //
69 // Set the target core
70 //
71 KeSetTargetProcessorDpc(Dpc, (CCHAR)CoreNumber);
72
73 //
74 // it's sure will be executed, but we want to free the above
75 // pool, so we have to wait on a spinlock that will be release
76 // by the DPC routine, actually Affinity Thread but that
77 // won't support more than 64 logical cores, I create a discussion
78 // here, and explained the problem, but no one answers
79 // link: https://community.osr.com/discussion/292064/putting-a-barrier-for-dpc-before-continuing-the-rest-of-code
80 // we also can't use the spinlock routine of Windows as this function
81 // raises the IRQL to DPC and we want to execute at DPC, means that
82 // If we're currently on the right core, we never find a chance to
83 // release the spinlock so a deadlock happens, all in all it's complicated :)
84 //
85
86 //
87 // Set the lock to be freed by the other DPC routine
88 //
89 if (!SpinlockTryLock(&OneCoreLock))
90 {
91 //
92 // We can't get the lock, probably sth goes wrong !
93 //
94 PlatformMemFreePool(Dpc);
95 return STATUS_UNSUCCESSFUL;
96 }
97
98 //
99 // Fire the DPC
100 //
101 KeInsertQueueDpc(Dpc, NULL, NULL);
102
103 //
104 // spin on lock to be release, immediately after we get the lock, we'll
105 // release it for because there is no need to it anymore and DPC is finished
106 //
107 SpinlockLock(&OneCoreLock);
108 SpinlockUnlock(&OneCoreLock);
109
110 //
111 // Now it's safe to deallocate the bugger
112 //
113 PlatformMemFreePool(Dpc);
114
115 return STATUS_SUCCESS;
116}
PlatformMemFreePool
VOID PlatformMemFreePool(PVOID BufferAddress)
Free (dellocate) a non-paged buffer.
Definition Mem.c:86
PlatformMemAllocateZeroedNonPagedPool
PVOID PlatformMemAllocateZeroedNonPagedPool(SIZE_T NumberOfBytes)
Allocate a non-paged buffer (zeroed)
Definition Mem.c:69
SpinlockLock
void SpinlockLock(volatile LONG *Lock)
Tries to get the lock and won't return until successfully get the lock.
Definition Spinlock.c:52
SpinlockTryLock
BOOLEAN SpinlockTryLock(volatile LONG *Lock)
Tries to get the lock otherwise returns.
Definition Spinlock.c:41
STATUS_UNSUCCESSFUL
#define STATUS_UNSUCCESSFUL
Definition Windows.h:172

◆ DpcRoutineVmExitAndHaltSystemAllCores()

VOID DpcRoutineVmExitAndHaltSystemAllCores ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

vm-exit and halt the system

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
261{
262 UNREFERENCED_PARAMETER(Dpc);
263 UNREFERENCED_PARAMETER(DeferredContext);
264
265 //
266 // vm-exit and halt current core
267 //
268 VmFuncVmxVmcall(DEBUGGER_VMCALL_VM_EXIT_HALT_SYSTEM, 0, 0, 0);
269
270 //
271 // Wait for all DPCs to synchronize at this point
272 //
273 KeSignalCallDpcSynchronize(SystemArgument2);
274
275 //
276 // Mark the DPC as being complete
277 //
278 KeSignalCallDpcDone(SystemArgument1);
279}
DEBUGGER_VMCALL_VM_EXIT_HALT_SYSTEM
#define DEBUGGER_VMCALL_VM_EXIT_HALT_SYSTEM
VMCALL to cause vm-exit and halt the system.
Definition DebuggerVmcalls.h:22
VmFuncVmxVmcall
NTSTATUS VmFuncVmxVmcall(unsigned long long VmcallNumber, unsigned long long OptionalParam1, unsigned long long OptionalParam2, unsigned long long OptionalParam3)
Export for running VMX VMCALLs.
Definition Export.c:683

◆ DpcRoutineWriteMsrToAllCores()

VOID DpcRoutineWriteMsrToAllCores ( KDPC * Dpc,
PVOID DeferredContext,
PVOID SystemArgument1,
PVOID SystemArgument2 )

Broadcast Msr Write.

Parameters
Dpc
DeferredContext
SystemArgument1
SystemArgument2
Returns
VOID
193{
194 ULONG CurrentCore = KeGetCurrentProcessorNumberEx(NULL);
195 PROCESSOR_DEBUGGING_STATE * CurrentDebuggingState = &g_DbgState[CurrentCore];
196
197 UNREFERENCED_PARAMETER(Dpc);
198 UNREFERENCED_PARAMETER(DeferredContext);
199
200 //
201 // write on MSR
202 //
203 __writemsr(CurrentDebuggingState->MsrState.Msr, CurrentDebuggingState->MsrState.Value);
204
205 //
206 // Wait for all DPCs to synchronize at this point
207 //
208 KeSignalCallDpcSynchronize(SystemArgument2);
209
210 //
211 // Mark the DPC as being complete
212 //
213 KeSignalCallDpcDone(SystemArgument1);
214}

Variable Documentation

◆ OneCoreLock

volatile LONG OneCoreLock

lock for one core execution