HyperDbg Debugger
Loading...
Searching...
No Matches
Debugger.h
Go to the documentation of this file.
1
12#pragma once
13
15// Debugger Internals //
17
21#define DEBUGGER_DEBUG_REGISTER_FOR_STEP_OVER 0
22
26#define DEBUGGER_DEBUG_REGISTER_FOR_THREAD_MANAGEMENT 1
27
29// Structures //
31
36typedef struct _DEBUGGER_CORE_EVENTS
37{
38 //
39 // Warnings : Only list entries should be in this list, nothing else
40 //
41
42 //
43 // Do not add any variables to this this list, just LIST_ENTRY is allowed
44 //
45 LIST_ENTRY HiddenHookReadAndWriteAndExecuteEventsHead; // HIDDEN_HOOK_READ_AND_WRITE_AND_EXECUTE
46 LIST_ENTRY HiddenHookReadAndWriteEventsHead; // HIDDEN_HOOK_READ_AND_WRITE
47 LIST_ENTRY HiddenHookReadAndExecuteEventsHead; // HIDDEN_HOOK_READ_AND_EXECUTE
48 LIST_ENTRY HiddenHookWriteAndExecuteEventsHead; // HIDDEN_HOOK_WRITE_AND_EXECUTE
49 LIST_ENTRY HiddenHookReadEventsHead; // HIDDEN_HOOK_READ
50 LIST_ENTRY HiddenHookWriteEventsHead; // HIDDEN_HOOK_WRITE
51 LIST_ENTRY HiddenHookExecuteEventsHead; // HIDDEN_HOOK_EXECUTE
52 LIST_ENTRY EptHook2sExecDetourEventsHead; // HIDDEN_HOOK_EXEC_DETOURS
53 LIST_ENTRY EptHookExecCcEventsHead; // HIDDEN_HOOK_EXEC_CC
54 LIST_ENTRY SyscallHooksEferSyscallEventsHead; // SYSCALL_HOOK_EFER_SYSCALL
55 LIST_ENTRY SyscallHooksEferSysretEventsHead; // SYSCALL_HOOK_EFER_SYSRET
56 LIST_ENTRY CpuidInstructionExecutionEventsHead; // CPUID_INSTRUCTION_EXECUTION
57 LIST_ENTRY RdmsrInstructionExecutionEventsHead; // RDMSR_INSTRUCTION_EXECUTION
58 LIST_ENTRY WrmsrInstructionExecutionEventsHead; // WRMSR_INSTRUCTION_EXECUTION
59 LIST_ENTRY ExceptionOccurredEventsHead; // EXCEPTION_OCCURRED
60 LIST_ENTRY TscInstructionExecutionEventsHead; // TSC_INSTRUCTION_EXECUTION
61 LIST_ENTRY PmcInstructionExecutionEventsHead; // PMC_INSTRUCTION_EXECUTION
62 LIST_ENTRY InInstructionExecutionEventsHead; // IN_INSTRUCTION_EXECUTION
63 LIST_ENTRY OutInstructionExecutionEventsHead; // OUT_INSTRUCTION_EXECUTION
64 LIST_ENTRY DebugRegistersAccessedEventsHead; // DEBUG_REGISTERS_ACCESSED
65 LIST_ENTRY ExternalInterruptOccurredEventsHead; // EXTERNAL_INTERRUPT_OCCURRED
66 LIST_ENTRY VmcallInstructionExecutionEventsHead; // VMCALL_INSTRUCTION_EXECUTION
67 LIST_ENTRY TrapExecutionModeChangedEventsHead; // TRAP_EXECUTION_MODE_CHANGED
68 LIST_ENTRY TrapExecutionInstructionTraceEventsHead; // TRAP_EXECUTION_INSTRUCTION_TRACE
69 LIST_ENTRY ControlRegister3ModifiedEventsHead; // CONTROL_REGISTER_3_MODIFIED
70 LIST_ENTRY ControlRegisterModifiedEventsHead; // CONTROL_REGISTER_MODIFIED
71
72} DEBUGGER_CORE_EVENTS, *PDEBUGGER_CORE_EVENTS;
73
78typedef struct _DEBUGGER_EVENT_ACTION
79{
80 UINT64 Tag; // Action tag is same as Event's tag
81 UINT32 ActionOrderCode; // The code for this action (it also shows the order)
82 LIST_ENTRY ActionsList; // Holds the link list of next actions
83 DEBUGGER_EVENT_ACTION_TYPE_ENUM ActionType; // What action we wanna perform
84 BOOLEAN ImmediatelySendTheResults; // should we send the results immediately
85 // or store them in another structure and
86 // send multiple of them each time
87
88 DEBUGGER_EVENT_ACTION_RUN_SCRIPT_CONFIGURATION
89 ScriptConfiguration; // If it's run script
90
91 DEBUGGER_EVENT_REQUEST_BUFFER
92 RequestedBuffer; // if it's a custom code and needs a buffer then we use
93 // this structs
94
95 UINT32 CustomCodeBufferSize; // if null, means it's not custom code type
96 PVOID CustomCodeBufferAddress; // address of custom code if any
97
98} DEBUGGER_EVENT_ACTION, *PDEBUGGER_EVENT_ACTION;
99
100/* ==============================================================================================
101 */
102
107typedef struct _DEBUGGER_EVENT
108{
109 UINT64 Tag;
110 LIST_ENTRY EventsOfSameTypeList; // Linked-list of events of a same type
111 VMM_EVENT_TYPE_ENUM EventType;
112 BOOLEAN Enabled;
113 UINT32 CoreId; // determines the core index to apply this event to, if it's
114 // 0xffffffff means that we have to apply it to all cores
115
116 UINT32
117 ProcessId; // determines the pid to apply this event to, if it's
118 // 0xffffffff means that we have to apply it to all processes
119
120 LIST_ENTRY ActionsListHead; // Each entry is in DEBUGGER_EVENT_ACTION struct
121 UINT32 CountOfActions; // The total count of actions
122
123 BOOLEAN EnableShortCircuiting; // indicates whether the short-circuiting event
124 // is enabled or not for this event
125
126 VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE EventMode; // reveals the execution mode
127 // of the event (whether it's a pre- or post- event)
128
129 DEBUGGER_EVENT_OPTIONS InitOptions; // The initial options of the event (used when event was created and sent)
130
131 DEBUGGER_EVENT_OPTIONS Options; // The options of the event (used when event is applied in the debugger)
132
133 UINT32 ConditionsBufferSize; // if null, means uncoditional
134 PVOID ConditionBufferAddress; // Address of the condition buffer (most of the
135 // time at the end of this buffer)
136
137} DEBUGGER_EVENT, *PDEBUGGER_EVENT;
138
139/* ==============================================================================================
140 */
141
143// Data Type //
145
158typedef UINT64
159DebuggerCheckForCondition(PGUEST_REGS Regs, PVOID Context);
160
174typedef PVOID
175DebuggerRunCustomCodeFunc(PVOID PreAllocatedBufferAddress, PGUEST_REGS Regs, PVOID Context);
176
178// Functions //
180
181UINT64
182DebuggerGetRegValueWrapper(PGUEST_REGS GuestRegs, UINT32 /* REGS_ENUM */ RegId);
183
184UINT32
185DebuggerGetLastError();
186
187VOID
188DebuggerSetLastError(UINT32 LastError);
189
190BOOLEAN
191DebuggerInitialize();
192
193VOID
194DebuggerUninitialize();
195
196PDEBUGGER_EVENT
197DebuggerCreateEvent(BOOLEAN Enabled,
198 UINT32 CoreId,
199 UINT32 ProcessId,
200 VMM_EVENT_TYPE_ENUM EventType,
201 UINT64 Tag,
202 DEBUGGER_EVENT_OPTIONS * Options,
203 UINT32 ConditionsBufferSize,
204 PVOID ConditionBuffer,
205 PDEBUGGER_EVENT_AND_ACTION_RESULT ResultsToReturn,
206 BOOLEAN InputFromVmxRoot);
207
208PDEBUGGER_EVENT_ACTION
209DebuggerAddActionToEvent(PDEBUGGER_EVENT Event,
210 DEBUGGER_EVENT_ACTION_TYPE_ENUM ActionType,
211 BOOLEAN SendTheResultsImmediately,
212 PDEBUGGER_EVENT_REQUEST_CUSTOM_CODE InTheCaseOfCustomCode,
213 PDEBUGGER_EVENT_ACTION_RUN_SCRIPT_CONFIGURATION InTheCaseOfRunScript,
214 PDEBUGGER_EVENT_AND_ACTION_RESULT ResultsToReturn,
215 BOOLEAN InputFromVmxRoot);
216
217BOOLEAN
218DebuggerRegisterEvent(PDEBUGGER_EVENT Event);
219
220VMM_CALLBACK_TRIGGERING_EVENT_STATUS_TYPE
221DebuggerTriggerEvents(VMM_EVENT_TYPE_ENUM EventType,
222 VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE CallingStage,
223 PVOID Context,
224 BOOLEAN * PostEventRequired,
225 GUEST_REGS * Regs);
226
227PDEBUGGER_EVENT
228DebuggerGetEventByTag(UINT64 Tag);
229
230BOOLEAN
231DebuggerRemoveEvent(UINT64 Tag, BOOLEAN PoolManagerAllocatedMemory);
232
233BOOLEAN
234DebuggerQueryDebuggerStatus();
235
236BOOLEAN
237DebuggerParseEvent(PDEBUGGER_GENERAL_EVENT_DETAIL EventDetails,
238 PDEBUGGER_EVENT_AND_ACTION_RESULT ResultsToReturn,
239 BOOLEAN InputFromVmxRoot);
240
241BOOLEAN
242DebuggerApplyEvent(PDEBUGGER_EVENT Event,
243 PDEBUGGER_EVENT_AND_ACTION_RESULT ResultsToReturn,
244 BOOLEAN InputFromVmxRoot);
245
246BOOLEAN
247DebuggerParseAction(PDEBUGGER_GENERAL_ACTION Action,
248 PDEBUGGER_EVENT_AND_ACTION_RESULT ResultsToReturn,
249 BOOLEAN InputFromVmxRoot);
250
251BOOLEAN
252DebuggerParseEventsModification(PDEBUGGER_MODIFY_EVENTS DebuggerEventModificationRequest,
253 BOOLEAN InputFromVmxRoot,
254 BOOLEAN PoolManagerAllocatedMemory);
255
256BOOLEAN
257DebuggerTerminateEvent(UINT64 Tag, BOOLEAN InputFromVmxRoot);
258
259UINT32
260DebuggerEventListCount(PLIST_ENTRY TargetEventList);
261
262VOID
263DebuggerClearAllEvents(BOOLEAN InputFromVmxRoot, BOOLEAN PoolManagerAllocatedMemory);
264
265BOOLEAN
266DebuggerEnableOrDisableAllEvents(BOOLEAN IsEnable);
267
268UINT32
269DebuggerEventListCountByCore(PLIST_ENTRY TargetEventList, UINT32 TargetCore);
270
271UINT32
272DebuggerEventListCountByEventType(VMM_EVENT_TYPE_ENUM EventType, UINT32 TargetCore);
273
274UINT32
275DebuggerExceptionEventBitmapMask(UINT32 CoreIndex);
276
277BOOLEAN
278DebuggerIsTagValid(UINT64 Tag);
279
280BOOLEAN
281DebuggerEnableEvent(UINT64 Tag);
282
283BOOLEAN
284DebuggerQueryStateEvent(UINT64 Tag);
285
286BOOLEAN
287DebuggerDisableEvent(UINT64 Tag);
288
289BOOLEAN
290DebuggerClearEvent(UINT64 Tag, BOOLEAN InputFromVmxRoot, BOOLEAN PoolManagerAllocatedMemory);
291
292VOID
293DebuggerPerformActions(PROCESSOR_DEBUGGING_STATE * DbgState, DEBUGGER_EVENT * Event, DEBUGGER_TRIGGERED_EVENT_DETAILS * EventTriggerDetail);
294
295VOID
296DebuggerPerformBreakToDebugger(PROCESSOR_DEBUGGING_STATE * DbgState, DEBUGGER_EVENT_ACTION * Action, DEBUGGER_TRIGGERED_EVENT_DETAILS * EventTriggerDetail);
297
298BOOLEAN
299DebuggerPerformRunScript(PROCESSOR_DEBUGGING_STATE * DbgState, DEBUGGER_EVENT_ACTION * Action, DEBUGGEE_SCRIPT_PACKET * ScriptDetails, DEBUGGER_TRIGGERED_EVENT_DETAILS * EventTriggerDetail);
300
301VOID
302DebuggerPerformRunTheCustomCode(PROCESSOR_DEBUGGING_STATE * DbgState, DEBUGGER_EVENT_ACTION * Action, DEBUGGER_TRIGGERED_EVENT_DETAILS * EventTriggerDetail);
303
304PLIST_ENTRY
305DebuggerGetEventListByEventType(VMM_EVENT_TYPE_ENUM EventType);
BOOLEAN
UCHAR BOOLEAN
Definition BasicTypes.h:39
VOID
#define VOID
Definition BasicTypes.h:33
UINT64
unsigned __int64 UINT64
Definition BasicTypes.h:21
UINT32
unsigned int UINT32
Definition BasicTypes.h:48
VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE
enum _VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE
Type of calling the event.
Tag
POOL_TYPE SIZE_T ULONG Tag
Definition Hooks.h:168
Context
NTKERNELAPI _In_opt_ PVOID Context
Definition Dpc.h:25
DebuggerParseEvent
BOOLEAN DebuggerParseEvent(PDEBUGGER_GENERAL_EVENT_DETAIL EventDetails, PDEBUGGER_EVENT_AND_ACTION_RESULT ResultsToReturn, BOOLEAN InputFromVmxRoot)
Routine for parsing events.
Definition Debugger.c:3116
DebuggerPerformActions
VOID DebuggerPerformActions(PROCESSOR_DEBUGGING_STATE *DbgState, DEBUGGER_EVENT *Event, DEBUGGER_TRIGGERED_EVENT_DETAILS *EventTriggerDetail)
Run a special event's action(s)
Definition Debugger.c:1550
DebuggerApplyEvent
BOOLEAN DebuggerApplyEvent(PDEBUGGER_EVENT Event, PDEBUGGER_EVENT_AND_ACTION_RESULT ResultsToReturn, BOOLEAN InputFromVmxRoot)
Applying events.
Definition Debugger.c:2884
DebuggerParseAction
BOOLEAN DebuggerParseAction(PDEBUGGER_GENERAL_ACTION Action, PDEBUGGER_EVENT_AND_ACTION_RESULT ResultsToReturn, BOOLEAN InputFromVmxRoot)
Routine for validating and parsing actions that are coming from the user-mode.
Definition Debugger.c:3260
DebuggerEventListCountByEventType
UINT32 DebuggerEventListCountByEventType(VMM_EVENT_TYPE_ENUM EventType, UINT32 TargetCore)
Count the list of events by a special event type that are activate on a target core.
Definition Debugger.c:2232
DebuggerQueryDebuggerStatus
BOOLEAN DebuggerQueryDebuggerStatus()
Detect whether the user or kernel debugger is active or not.
Definition Debugger.c:2498
DebuggerTerminateEvent
BOOLEAN DebuggerTerminateEvent(UINT64 Tag, BOOLEAN InputFromVmxRoot)
Terminate one event's effect by its tag.
Definition Debugger.c:3436
DebuggerRegisterEvent
BOOLEAN DebuggerRegisterEvent(PDEBUGGER_EVENT Event)
Register an event to a list of active events.
Definition Debugger.c:1075
DebuggerGetEventByTag
PDEBUGGER_EVENT DebuggerGetEventByTag(UINT64 Tag)
Find event object by tag.
Definition Debugger.c:1858
DebuggerUninitialize
VOID DebuggerUninitialize()
Uninitialize Debugger Structures and Routines.
Definition Debugger.c:257
DebuggerParseEventsModification
BOOLEAN DebuggerParseEventsModification(PDEBUGGER_MODIFY_EVENTS DebuggerEventModificationRequest, BOOLEAN InputFromVmxRoot, BOOLEAN PoolManagerAllocatedMemory)
Parse and validate requests to enable/disable/clear from the user-mode.
Definition Debugger.c:3671
DebuggerEventListCountByCore
UINT32 DebuggerEventListCountByCore(PLIST_ENTRY TargetEventList, UINT32 TargetCore)
Count the list of events in a special list that are activate on a target core.
Definition Debugger.c:2194
DebuggerEnableOrDisableAllEvents
BOOLEAN DebuggerEnableOrDisableAllEvents(BOOLEAN IsEnable)
Enable or disable all events from all the types.
Definition Debugger.c:1901
DebuggerExceptionEventBitmapMask
UINT32 DebuggerExceptionEventBitmapMask(UINT32 CoreIndex)
Get the mask related to the !exception command for the target core.
Definition Debugger.c:2270
DEBUGGER_CORE_EVENTS
struct _DEBUGGER_CORE_EVENTS DEBUGGER_CORE_EVENTS
List of all the different events.
DebuggerPerformRunTheCustomCode
VOID DebuggerPerformRunTheCustomCode(PROCESSOR_DEBUGGING_STATE *DbgState, DEBUGGER_EVENT_ACTION *Action, DEBUGGER_TRIGGERED_EVENT_DETAILS *EventTriggerDetail)
Manage running the custom code action.
Definition Debugger.c:1760
DebuggerPerformRunScript
BOOLEAN DebuggerPerformRunScript(PROCESSOR_DEBUGGING_STATE *DbgState, DEBUGGER_EVENT_ACTION *Action, DEBUGGEE_SCRIPT_PACKET *ScriptDetails, DEBUGGER_TRIGGERED_EVENT_DETAILS *EventTriggerDetail)
Managing run script action.
Definition Debugger.c:1608
DebuggerInitialize
BOOLEAN DebuggerInitialize()
Initialize Debugger Structures and Routines.
Definition Debugger.c:56
DebuggerTriggerEvents
VMM_CALLBACK_TRIGGERING_EVENT_STATUS_TYPE DebuggerTriggerEvents(VMM_EVENT_TYPE_ENUM EventType, VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE CallingStage, PVOID Context, BOOLEAN *PostEventRequired, GUEST_REGS *Regs)
Trigger events of a special type to be managed by debugger.
Definition Debugger.c:1110
DebuggerDisableEvent
BOOLEAN DebuggerDisableEvent(UINT64 Tag)
Disable an event by tag.
Definition Debugger.c:2363
DebuggerGetRegValueWrapper
UINT64 DebuggerGetRegValueWrapper(PGUEST_REGS GuestRegs, UINT32 RegId)
A wrapper for GetRegValue() in script-engine.
Definition Debugger.c:21
DebuggerAddActionToEvent
PDEBUGGER_EVENT_ACTION DebuggerAddActionToEvent(PDEBUGGER_EVENT Event, DEBUGGER_EVENT_ACTION_TYPE_ENUM ActionType, BOOLEAN SendTheResultsImmediately, PDEBUGGER_EVENT_REQUEST_CUSTOM_CODE InTheCaseOfCustomCode, PDEBUGGER_EVENT_ACTION_RUN_SCRIPT_CONFIGURATION InTheCaseOfRunScript, PDEBUGGER_EVENT_AND_ACTION_RESULT ResultsToReturn, BOOLEAN InputFromVmxRoot)
Create an action and add the action to an event.
Definition Debugger.c:669
DebuggerPerformBreakToDebugger
VOID DebuggerPerformBreakToDebugger(PROCESSOR_DEBUGGING_STATE *DbgState, DEBUGGER_EVENT_ACTION *Action, DEBUGGER_TRIGGERED_EVENT_DETAILS *EventTriggerDetail)
Manage breaking to the debugger action.
Definition Debugger.c:1821
DEBUGGER_EVENT
struct _DEBUGGER_EVENT DEBUGGER_EVENT
The structure of events in HyperDbg.
DebuggerRunCustomCodeFunc
PVOID DebuggerRunCustomCodeFunc(PVOID PreAllocatedBufferAddress, PGUEST_REGS Regs, PVOID Context)
The prototype that Custom code buffers are called.
Definition Debugger.h:175
DebuggerGetLastError
UINT32 DebuggerGetLastError()
Debugger get the last error.
Definition Debugger.c:32
PDEBUGGER_EVENT
struct _DEBUGGER_EVENT * PDEBUGGER_EVENT
DebuggerEventListCount
UINT32 DebuggerEventListCount(PLIST_ENTRY TargetEventList)
Count the list of events in a special list.
Definition Debugger.c:2054
DebuggerIsTagValid
BOOLEAN DebuggerIsTagValid(UINT64 Tag)
Detect whether the tag exists or not.
Definition Debugger.c:2471
DebuggerRemoveEvent
BOOLEAN DebuggerRemoveEvent(UINT64 Tag, BOOLEAN PoolManagerAllocatedMemory)
Remove the event by its tags and also remove its actions and de-allocate their buffers.
Definition Debugger.c:2643
DebuggerSetLastError
VOID DebuggerSetLastError(UINT32 LastError)
Debugger set the last error.
Definition Debugger.c:44
PDEBUGGER_CORE_EVENTS
struct _DEBUGGER_CORE_EVENTS * PDEBUGGER_CORE_EVENTS
DebuggerEnableEvent
BOOLEAN DebuggerEnableEvent(UINT64 Tag)
Enable an event by tag.
Definition Debugger.c:2302
DEBUGGER_EVENT_ACTION
struct _DEBUGGER_EVENT_ACTION DEBUGGER_EVENT_ACTION
The structure of actions in HyperDbg.
DebuggerQueryStateEvent
BOOLEAN DebuggerQueryStateEvent(UINT64 Tag)
returns whether an event is enabled/disabled by tag
Definition Debugger.c:2336
DebuggerCreateEvent
PDEBUGGER_EVENT DebuggerCreateEvent(BOOLEAN Enabled, UINT32 CoreId, UINT32 ProcessId, VMM_EVENT_TYPE_ENUM EventType, UINT64 Tag, DEBUGGER_EVENT_OPTIONS *Options, UINT32 ConditionsBufferSize, PVOID ConditionBuffer, PDEBUGGER_EVENT_AND_ACTION_RESULT ResultsToReturn, BOOLEAN InputFromVmxRoot)
Create an Event Object.
Definition Debugger.c:383
DebuggerClearEvent
BOOLEAN DebuggerClearEvent(UINT64 Tag, BOOLEAN InputFromVmxRoot, BOOLEAN PoolManagerAllocatedMemory)
Clear an event by tag.
Definition Debugger.c:2400
PDEBUGGER_EVENT_ACTION
struct _DEBUGGER_EVENT_ACTION * PDEBUGGER_EVENT_ACTION
DebuggerGetEventListByEventType
PLIST_ENTRY DebuggerGetEventListByEventType(VMM_EVENT_TYPE_ENUM EventType)
Get List of event based on event type.
Definition Debugger.c:2085
DebuggerClearAllEvents
VOID DebuggerClearAllEvents(BOOLEAN InputFromVmxRoot, BOOLEAN PoolManagerAllocatedMemory)
Clear all events.
Definition Debugger.c:2437
DebuggerCheckForCondition
UINT64 DebuggerCheckForCondition(PGUEST_REGS Regs, PVOID Context)
The prototype that Condition codes are called.
Definition Debugger.h:159
VMM_CALLBACK_TRIGGERING_EVENT_STATUS_TYPE
enum _VMM_CALLBACK_TRIGGERING_EVENT_STATUS_TYPE VMM_CALLBACK_TRIGGERING_EVENT_STATUS_TYPE
The status of triggering events.
DEBUGGER_EVENT_ACTION_TYPE_ENUM
enum _DEBUGGER_EVENT_ACTION_TYPE_ENUM DEBUGGER_EVENT_ACTION_TYPE_ENUM
Type of Actions.
VMM_EVENT_TYPE_ENUM
enum _VMM_EVENT_TYPE_ENUM VMM_EVENT_TYPE_ENUM
enum to show type of all HyperDbg events
_DEBUGGEE_SCRIPT_PACKET
The structure of script packet in HyperDbg.
Definition RequestStructures.h:1122
_DEBUGGER_CORE_EVENTS
List of all the different events.
Definition Debugger.h:37
_DEBUGGER_CORE_EVENTS::HiddenHookReadAndExecuteEventsHead
LIST_ENTRY HiddenHookReadAndExecuteEventsHead
Definition Debugger.h:47
_DEBUGGER_CORE_EVENTS::EptHookExecCcEventsHead
LIST_ENTRY EptHookExecCcEventsHead
Definition Debugger.h:53
_DEBUGGER_CORE_EVENTS::PmcInstructionExecutionEventsHead
LIST_ENTRY PmcInstructionExecutionEventsHead
Definition Debugger.h:61
_DEBUGGER_CORE_EVENTS::OutInstructionExecutionEventsHead
LIST_ENTRY OutInstructionExecutionEventsHead
Definition Debugger.h:63
_DEBUGGER_CORE_EVENTS::HiddenHookReadAndWriteEventsHead
LIST_ENTRY HiddenHookReadAndWriteEventsHead
Definition Debugger.h:46
_DEBUGGER_CORE_EVENTS::ControlRegister3ModifiedEventsHead
LIST_ENTRY ControlRegister3ModifiedEventsHead
Definition Debugger.h:69
_DEBUGGER_CORE_EVENTS::HiddenHookReadEventsHead
LIST_ENTRY HiddenHookReadEventsHead
Definition Debugger.h:49
_DEBUGGER_CORE_EVENTS::ExternalInterruptOccurredEventsHead
LIST_ENTRY ExternalInterruptOccurredEventsHead
Definition Debugger.h:65
_DEBUGGER_CORE_EVENTS::HiddenHookReadAndWriteAndExecuteEventsHead
LIST_ENTRY HiddenHookReadAndWriteAndExecuteEventsHead
Definition Debugger.h:45
_DEBUGGER_CORE_EVENTS::EptHook2sExecDetourEventsHead
LIST_ENTRY EptHook2sExecDetourEventsHead
Definition Debugger.h:52
_DEBUGGER_CORE_EVENTS::RdmsrInstructionExecutionEventsHead
LIST_ENTRY RdmsrInstructionExecutionEventsHead
Definition Debugger.h:57
_DEBUGGER_CORE_EVENTS::HiddenHookExecuteEventsHead
LIST_ENTRY HiddenHookExecuteEventsHead
Definition Debugger.h:51
_DEBUGGER_CORE_EVENTS::VmcallInstructionExecutionEventsHead
LIST_ENTRY VmcallInstructionExecutionEventsHead
Definition Debugger.h:66
_DEBUGGER_CORE_EVENTS::ControlRegisterModifiedEventsHead
LIST_ENTRY ControlRegisterModifiedEventsHead
Definition Debugger.h:70
_DEBUGGER_CORE_EVENTS::SyscallHooksEferSyscallEventsHead
LIST_ENTRY SyscallHooksEferSyscallEventsHead
Definition Debugger.h:54
_DEBUGGER_CORE_EVENTS::InInstructionExecutionEventsHead
LIST_ENTRY InInstructionExecutionEventsHead
Definition Debugger.h:62
_DEBUGGER_CORE_EVENTS::HiddenHookWriteEventsHead
LIST_ENTRY HiddenHookWriteEventsHead
Definition Debugger.h:50
_DEBUGGER_CORE_EVENTS::TrapExecutionInstructionTraceEventsHead
LIST_ENTRY TrapExecutionInstructionTraceEventsHead
Definition Debugger.h:68
_DEBUGGER_CORE_EVENTS::WrmsrInstructionExecutionEventsHead
LIST_ENTRY WrmsrInstructionExecutionEventsHead
Definition Debugger.h:58
_DEBUGGER_CORE_EVENTS::DebugRegistersAccessedEventsHead
LIST_ENTRY DebugRegistersAccessedEventsHead
Definition Debugger.h:64
_DEBUGGER_CORE_EVENTS::HiddenHookWriteAndExecuteEventsHead
LIST_ENTRY HiddenHookWriteAndExecuteEventsHead
Definition Debugger.h:48
_DEBUGGER_CORE_EVENTS::ExceptionOccurredEventsHead
LIST_ENTRY ExceptionOccurredEventsHead
Definition Debugger.h:59
_DEBUGGER_CORE_EVENTS::CpuidInstructionExecutionEventsHead
LIST_ENTRY CpuidInstructionExecutionEventsHead
Definition Debugger.h:56
_DEBUGGER_CORE_EVENTS::TscInstructionExecutionEventsHead
LIST_ENTRY TscInstructionExecutionEventsHead
Definition Debugger.h:60
_DEBUGGER_CORE_EVENTS::TrapExecutionModeChangedEventsHead
LIST_ENTRY TrapExecutionModeChangedEventsHead
Definition Debugger.h:67
_DEBUGGER_CORE_EVENTS::SyscallHooksEferSysretEventsHead
LIST_ENTRY SyscallHooksEferSysretEventsHead
Definition Debugger.h:55
_DEBUGGER_EVENT_ACTION_RUN_SCRIPT_CONFIGURATION
Used for run the script.
Definition RequestStructures.h:825
_DEBUGGER_EVENT_ACTION
The structure of actions in HyperDbg.
Definition Debugger.h:79
_DEBUGGER_EVENT_ACTION::ScriptConfiguration
DEBUGGER_EVENT_ACTION_RUN_SCRIPT_CONFIGURATION ScriptConfiguration
Definition Debugger.h:89
_DEBUGGER_EVENT_ACTION::ActionsList
LIST_ENTRY ActionsList
Definition Debugger.h:82
_DEBUGGER_EVENT_ACTION::CustomCodeBufferAddress
PVOID CustomCodeBufferAddress
Definition Debugger.h:96
_DEBUGGER_EVENT_ACTION::CustomCodeBufferSize
UINT32 CustomCodeBufferSize
Definition Debugger.h:95
_DEBUGGER_EVENT_ACTION::ActionType
DEBUGGER_EVENT_ACTION_TYPE_ENUM ActionType
Definition Debugger.h:83
_DEBUGGER_EVENT_ACTION::Tag
UINT64 Tag
Definition Debugger.h:80
_DEBUGGER_EVENT_ACTION::RequestedBuffer
DEBUGGER_EVENT_REQUEST_BUFFER RequestedBuffer
Definition Debugger.h:92
_DEBUGGER_EVENT_ACTION::ImmediatelySendTheResults
BOOLEAN ImmediatelySendTheResults
Definition Debugger.h:84
_DEBUGGER_EVENT_ACTION::ActionOrderCode
UINT32 ActionOrderCode
Definition Debugger.h:81
_DEBUGGER_EVENT_AND_ACTION_RESULT
Status of register buffers.
Definition Events.h:423
_DEBUGGER_EVENT_OPTIONS
request for performing a short-circuiting event
Definition Events.h:271
_DEBUGGER_EVENT_REQUEST_BUFFER
used in the case of requesting a "request buffer"
Definition RequestStructures.h:839
_DEBUGGER_EVENT_REQUEST_CUSTOM_CODE
used in the case of custom code requests to the debugger
Definition RequestStructures.h:851
_DEBUGGER_EVENT
The structure of events in HyperDbg.
Definition Debugger.h:108
_DEBUGGER_EVENT::ConditionsBufferSize
UINT32 ConditionsBufferSize
Definition Debugger.h:133
_DEBUGGER_EVENT::ConditionBufferAddress
PVOID ConditionBufferAddress
Definition Debugger.h:134
_DEBUGGER_EVENT::EventMode
VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE EventMode
Definition Debugger.h:126
_DEBUGGER_EVENT::ActionsListHead
LIST_ENTRY ActionsListHead
Definition Debugger.h:120
_DEBUGGER_EVENT::CountOfActions
UINT32 CountOfActions
Definition Debugger.h:121
_DEBUGGER_EVENT::EventsOfSameTypeList
LIST_ENTRY EventsOfSameTypeList
Definition Debugger.h:110
_DEBUGGER_EVENT::EnableShortCircuiting
BOOLEAN EnableShortCircuiting
Definition Debugger.h:123
_DEBUGGER_EVENT::InitOptions
DEBUGGER_EVENT_OPTIONS InitOptions
Definition Debugger.h:129
_DEBUGGER_EVENT::CoreId
UINT32 CoreId
Definition Debugger.h:113
_DEBUGGER_EVENT::Enabled
BOOLEAN Enabled
Definition Debugger.h:112
_DEBUGGER_EVENT::Tag
UINT64 Tag
Definition Debugger.h:109
_DEBUGGER_EVENT::Options
DEBUGGER_EVENT_OPTIONS Options
Definition Debugger.h:131
_DEBUGGER_EVENT::ProcessId
UINT32 ProcessId
Definition Debugger.h:117
_DEBUGGER_EVENT::EventType
VMM_EVENT_TYPE_ENUM EventType
Definition Debugger.h:111
_DEBUGGER_GENERAL_ACTION
Each event can have multiple actions.
Definition Events.h:406
_DEBUGGER_GENERAL_EVENT_DETAIL
Each command is like the following struct, it also used for tracing works in user mode and sending it...
Definition Events.h:350
_DEBUGGER_MODIFY_EVENTS
request for modifying events (enable/disable/clear)
Definition Events.h:242
_DEBUGGER_TRIGGERED_EVENT_DETAILS
The structure of detail of a triggered event in HyperDbg.
Definition DataTypes.h:192
_PROCESSOR_DEBUGGING_STATE
Saves the debugger state.
Definition State.h:165
GUEST_REGS
Definition BasicTypes.h:70