HyperDbg Debugger
Loading...
Searching...
No Matches
Driver.h File Reference

Header for WDK driver functions. More...

Go to the source code of this file.

Functions

NTSTATUS DriverEntry (PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
 Load & Unload.
 
VOID DrvUnload (PDRIVER_OBJECT DriverObject)
 Run in the case of driver unload to unregister the devices.
 
NTSTATUS DrvCreate (PDEVICE_OBJECT DeviceObject, PIRP Irp)
 IRP Major Functions.
 
NTSTATUS DrvRead (PDEVICE_OBJECT DeviceObject, PIRP Irp)
 IRP_MJ_READ Function handler.
 
NTSTATUS DrvWrite (PDEVICE_OBJECT DeviceObject, PIRP Irp)
 IRP_MJ_WRITE Function handler.
 
NTSTATUS DrvClose (PDEVICE_OBJECT DeviceObject, PIRP Irp)
 IRP_MJ_CLOSE Function handler.
 
NTSTATUS DrvUnsupported (PDEVICE_OBJECT DeviceObject, PIRP Irp)
 Unsupported message for all other IRP_MJ_* handlers.
 
NTSTATUS DrvDispatchIoControl (PDEVICE_OBJECT DeviceObject, PIRP Irp)
 Driver IOCTL Dispatcher.
 

Detailed Description

Header for WDK driver functions.

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.2
Date
2023-01-13

Function Documentation

◆ DriverEntry()

NTSTATUS DriverEntry ( PDRIVER_OBJECT DriverObject,
PUNICODE_STRING RegistryPath )

Load & Unload.

Load & Unload.

Parameters
DriverObject
RegistryPath
Returns
NTSTATUS
27{
28 NTSTATUS Ntstatus = STATUS_SUCCESS;
29 UINT64 Index = 0;
30 PDEVICE_OBJECT DeviceObject = NULL;
31 UNICODE_STRING DriverName = RTL_CONSTANT_STRING(L"\\Device\\HyperDbgDebuggerDevice");
32 UNICODE_STRING DosDeviceName = RTL_CONSTANT_STRING(L"\\DosDevices\\HyperDbgDebuggerDevice");
33
34 UNREFERENCED_PARAMETER(RegistryPath);
35 UNREFERENCED_PARAMETER(DriverObject);
36
37 //
38 // Opt-in to using non-executable pool memory on Windows 8 and later.
39 // https://msdn.microsoft.com/en-us/library/windows/hardware/hh920402(v=vs.85).aspx
40 //
41 ExInitializeDriverRuntime(DrvRtPoolNxOptIn);
42
43 //
44 // Creating the device for interaction with user-mode
45 //
46 Ntstatus = IoCreateDevice(DriverObject,
47 0,
48 &DriverName,
50 FILE_DEVICE_SECURE_OPEN,
51 FALSE,
52 &DeviceObject);
53
54 if (Ntstatus == STATUS_SUCCESS)
55 {
56 for (Index = 0; Index < IRP_MJ_MAXIMUM_FUNCTION; Index++)
57 DriverObject->MajorFunction[Index] = DrvUnsupported;
58
59 //
60 // We cannot use logging mechanism of HyperDbg as it's not initialized yet
61 //
62 DbgPrint("Setting device major functions");
63
64 DriverObject->MajorFunction[IRP_MJ_CLOSE] = DrvClose;
65 DriverObject->MajorFunction[IRP_MJ_CREATE] = DrvCreate;
66 DriverObject->MajorFunction[IRP_MJ_READ] = DrvRead;
67 DriverObject->MajorFunction[IRP_MJ_WRITE] = DrvWrite;
68 DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DrvDispatchIoControl;
69
70 DriverObject->DriverUnload = DrvUnload;
71 IoCreateSymbolicLink(&DosDeviceName, &DriverName);
72 }
73
74 //
75 // Establish user-buffer access method.
76 //
77 DeviceObject->Flags |= DO_BUFFERED_IO;
78
79 //
80 // We cannot use logging mechanism of HyperDbg as it's not initialized yet
81 //
82 DbgPrint("HyperDbg's device and major functions are loaded");
83
84 ASSERT(NT_SUCCESS(Ntstatus));
85 return Ntstatus;
86}
#define FALSE
Definition BasicTypes.h:54
unsigned __int64 UINT64
Definition BasicTypes.h:21
#define FILE_DEVICE_UNKNOWN
Definition Ioctls.h:52
NTSTATUS DrvWrite(PDEVICE_OBJECT DeviceObject, PIRP Irp)
IRP_MJ_WRITE Function handler.
Definition Driver.c:213
NTSTATUS DrvUnsupported(PDEVICE_OBJECT DeviceObject, PIRP Irp)
Unsupported message for all other IRP_MJ_* handlers.
Definition Driver.c:263
NTSTATUS DrvRead(PDEVICE_OBJECT DeviceObject, PIRP Irp)
IRP_MJ_READ Function handler.
Definition Driver.c:189
NTSTATUS DrvClose(PDEVICE_OBJECT DeviceObject, PIRP Irp)
IRP_MJ_CLOSE Function handler.
Definition Driver.c:237
VOID DrvUnload(PDRIVER_OBJECT DriverObject)
Run in the case of driver unload to unregister the devices.
Definition Driver.c:95
NTSTATUS DrvCreate(PDEVICE_OBJECT DeviceObject, PIRP Irp)
IRP_MJ_CREATE Function handler.
Definition Driver.c:117
NTSTATUS DrvDispatchIoControl(PDEVICE_OBJECT DeviceObject, PIRP Irp)
Driver IOCTL Dispatcher.
Definition Ioctl.c:23
NULL()
Definition test-case-generator.py:530
Definition casting.cpp:25

◆ DrvClose()

NTSTATUS DrvClose ( PDEVICE_OBJECT DeviceObject,
PIRP Irp )

IRP_MJ_CLOSE Function handler.

Parameters
DeviceObject
Irp
Returns
NTSTATUS
238{
239 UNREFERENCED_PARAMETER(DeviceObject);
240
241 //
242 // If the close is called means that all of the IOCTLs
243 // are not in a pending state so we can safely allow
244 // a new handle creation for future calls to the driver
245 //
247
248 Irp->IoStatus.Status = STATUS_SUCCESS;
249 Irp->IoStatus.Information = 0;
250 IoCompleteRequest(Irp, IO_NO_INCREMENT);
251
252 return STATUS_SUCCESS;
253}
BOOLEAN g_HandleInUse
Determines whether the one application gets the handle or not this is used to ensure that only one ap...
Definition Global.h:36

◆ DrvCreate()

NTSTATUS DrvCreate ( PDEVICE_OBJECT DeviceObject,
PIRP Irp )

IRP Major Functions.

IRP Major Functions.

Parameters
DeviceObject
Irp
Returns
NTSTATUS
118{
119 UNREFERENCED_PARAMETER(DeviceObject);
120
121 //
122 // Check for privilege
123 //
124 // Check for the correct security access.
125 // The caller must have the SeDebugPrivilege.
126 //
127
128 LUID DebugPrivilege = {SE_DEBUG_PRIVILEGE, 0};
129
130 if (!SeSinglePrivilegeCheck(DebugPrivilege, Irp->RequestorMode))
131 {
132 Irp->IoStatus.Status = STATUS_ACCESS_DENIED;
133 Irp->IoStatus.Information = 0;
134 IoCompleteRequest(Irp, IO_NO_INCREMENT);
135
136 return STATUS_ACCESS_DENIED;
137 }
138
139 //
140 // Check to allow just one handle to the driver
141 // means that only one application can get the handle
142 // and new application won't allowed to create a new
143 // handle unless the IRP_MJ_CLOSE called.
144 //
145 if (g_HandleInUse)
146 {
147 //
148 // A driver got the handle before
149 //
150 Irp->IoStatus.Status = STATUS_SUCCESS;
151 Irp->IoStatus.Information = 0;
152 IoCompleteRequest(Irp, IO_NO_INCREMENT);
153
154 return STATUS_SUCCESS;
155 }
156
157 //
158 // Initialize the vmm and the debugger
159 //
161 {
162 Irp->IoStatus.Status = STATUS_SUCCESS;
163 Irp->IoStatus.Information = 0;
164 IoCompleteRequest(Irp, IO_NO_INCREMENT);
165
166 return STATUS_SUCCESS;
167 }
168 else
169 {
170 //
171 // There was a problem, so not loaded
172 //
173 Irp->IoStatus.Status = STATUS_UNSUCCESSFUL;
174 Irp->IoStatus.Information = 0;
175 IoCompleteRequest(Irp, IO_NO_INCREMENT);
176
177 return STATUS_UNSUCCESSFUL;
178 }
179}
#define STATUS_UNSUCCESSFUL
Definition Windows.h:172
BOOLEAN LoaderInitVmmAndDebugger()
Initialize the VMM and Debugger.
Definition Loader.c:19

◆ DrvDispatchIoControl()

NTSTATUS DrvDispatchIoControl ( PDEVICE_OBJECT DeviceObject,
PIRP Irp )

Driver IOCTL Dispatcher.

Parameters
DeviceObject
Irp
Returns
NTSTATUS
24{
25 UNREFERENCED_PARAMETER(DeviceObject);
26
27 PIO_STACK_LOCATION IrpStack;
28 PREGISTER_NOTIFY_BUFFER RegisterEventRequest;
29 PDEBUGGER_READ_MEMORY DebuggerReadMemRequest;
30 PDEBUGGER_READ_AND_WRITE_ON_MSR DebuggerReadOrWriteMsrRequest;
31 PDEBUGGER_HIDE_AND_TRANSPARENT_DEBUGGER_MODE DebuggerHideAndUnhideRequest;
33 PDEBUGGER_PAGE_IN_REQUEST DebuggerPageinRequest;
34 PDEBUGGER_VA2PA_AND_PA2VA_COMMANDS DebuggerVa2paAndPa2vaRequest;
35 PDEBUGGER_EDIT_MEMORY DebuggerEditMemoryRequest;
36 PDEBUGGER_SEARCH_MEMORY DebuggerSearchMemoryRequest;
37 PDEBUGGER_GENERAL_EVENT_DETAIL DebuggerNewEventRequest;
38 PDEBUGGER_MODIFY_EVENTS DebuggerModifyEventRequest;
39 PDEBUGGER_FLUSH_LOGGING_BUFFERS DebuggerFlushBuffersRequest;
40 PDEBUGGER_PREALLOC_COMMAND DebuggerReservePreallocPoolRequest;
41 PDEBUGGER_PREACTIVATE_COMMAND DebuggerPreactivationRequest;
42 PDEBUGGER_UD_COMMAND_PACKET DebuggerUdCommandRequest;
43 PUSERMODE_LOADED_MODULE_DETAILS DebuggerUsermodeModulesRequest;
44 PDEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS DebuggerUsermodeProcessOrThreadQueryRequest;
45 PDEBUGGEE_DETAILS_AND_SWITCH_PROCESS_PACKET GetInformationProcessRequest;
47 PDEBUGGEE_DETAILS_AND_SWITCH_THREAD_PACKET GetInformationThreadRequest;
48 PDEBUGGER_PERFORM_KERNEL_TESTS DebuggerKernelTestRequest;
49 PDEBUGGER_SEND_COMMAND_EXECUTION_FINISHED_SIGNAL DebuggerCommandExecutionFinishedRequest;
50 PDEBUGGER_SEND_USERMODE_MESSAGES_TO_DEBUGGER DebuggerSendUsermodeMessageRequest;
51 PDEBUGGEE_SEND_GENERAL_PACKET_FROM_DEBUGGEE_TO_DEBUGGER DebuggerSendBufferFromDebuggeeToDebuggerRequest;
52 PDEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS DebuggerAttachOrDetachToThreadRequest;
53 PDEBUGGER_PREPARE_DEBUGGEE DebuggeeRequest;
54 PDEBUGGER_PAUSE_PACKET_RECEIVED DebuggerPauseKernelRequest;
55 PDEBUGGER_GENERAL_ACTION DebuggerNewActionRequest;
56 PVOID BufferToStoreThreadsAndProcessesDetails;
57 NTSTATUS Status;
58 ULONG InBuffLength; // Input buffer length
59 ULONG OutBuffLength; // Output buffer length
60 SIZE_T ReturnSize;
61 BOOLEAN DoNotChangeInformation = FALSE;
62
63 //
64 // Here's the best place to see if there is any allocation pending
65 // to be allcated as we're in PASSIVE_LEVEL
66 //
68
70 {
71 IrpStack = IoGetCurrentIrpStackLocation(Irp);
72
73 switch (IrpStack->Parameters.DeviceIoControl.IoControlCode)
74 {
76
77 //
78 // First validate the parameters.
79 //
80 if (IrpStack->Parameters.DeviceIoControl.InputBufferLength < SIZEOF_REGISTER_EVENT || Irp->AssociatedIrp.SystemBuffer == NULL)
81 {
82 Status = STATUS_INVALID_PARAMETER;
83 LogError("Err, invalid parameter to IOCTL dispatcher");
84 break;
85 }
86
87 //
88 // IRPs supply a pointer to a buffer at Irp->AssociatedIrp.SystemBuffer.
89 // This buffer represents both the input buffer and the output buffer that
90 // are specified in calls to DeviceIoControl
91 //
92 RegisterEventRequest = (PREGISTER_NOTIFY_BUFFER)Irp->AssociatedIrp.SystemBuffer;
93
94 switch (RegisterEventRequest->Type)
95 {
96 case IRP_BASED:
97
98 LogRegisterIrpBasedNotification((PVOID)Irp, &Status);
99
100 break;
101 case EVENT_BASED:
102
103 if (LogRegisterEventBasedNotification((PVOID)Irp))
104 {
105 Status = STATUS_SUCCESS;
106 }
107 else
108 {
109 Status = STATUS_UNSUCCESSFUL;
110 }
111
112 break;
113 default:
114 LogError("Err, unknown notification type from user-mode");
115 Status = STATUS_INVALID_PARAMETER;
116 break;
117 }
118
119 break;
120
122
123 //
124 // Dis-allow new IOCTL
125 //
127
128 //
129 // Send an immediate message, and we're no longer get new IRP
130 //
132 "$",
133 sizeof(CHAR),
134 TRUE);
135
136 Status = STATUS_SUCCESS;
137
138 break;
139
141
142 //
143 // Uninitialize the debugger and its sub-mechanisms
144 //
146
147 //
148 // Terminate VMX
149 //
151
152 Status = STATUS_SUCCESS;
153
154 break;
155
157 //
158 // First validate the parameters.
159 //
160 if (IrpStack->Parameters.DeviceIoControl.InputBufferLength < SIZEOF_DEBUGGER_READ_MEMORY || Irp->AssociatedIrp.SystemBuffer == NULL)
161 {
162 Status = STATUS_INVALID_PARAMETER;
163 LogError("Err, invalid parameter to IOCTL dispatcher");
164 break;
165 }
166
167 InBuffLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
168 OutBuffLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
169
170 if (!InBuffLength || !OutBuffLength)
171 {
172 Status = STATUS_INVALID_PARAMETER;
173 break;
174 }
175
176 DebuggerReadMemRequest = (PDEBUGGER_READ_MEMORY)Irp->AssociatedIrp.SystemBuffer;
177
178 if (DebuggerCommandReadMemory(DebuggerReadMemRequest,
179 ((CHAR *)DebuggerReadMemRequest) + SIZEOF_DEBUGGER_READ_MEMORY,
180 &ReturnSize) == TRUE)
181 {
182 //
183 // Return the header a read bytes
184 //
185 Irp->IoStatus.Information = ReturnSize + SIZEOF_DEBUGGER_READ_MEMORY;
186 }
187 else
188 {
189 //
190 // Just return the header to the user-mode
191 //
192 Irp->IoStatus.Information = SIZEOF_DEBUGGER_READ_MEMORY;
193 }
194
195 Status = STATUS_SUCCESS;
196
197 //
198 // Avoid zeroing it
199 //
200 DoNotChangeInformation = TRUE;
201
202 break;
203
205 //
206 // First validate the parameters.
207 //
208 if (IrpStack->Parameters.DeviceIoControl.InputBufferLength < SIZEOF_DEBUGGER_READ_AND_WRITE_ON_MSR || Irp->AssociatedIrp.SystemBuffer == NULL)
209 {
210 Status = STATUS_INVALID_PARAMETER;
211 LogError("Err, invalid parameter to IOCTL dispatcher");
212 break;
213 }
214
215 InBuffLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
216 OutBuffLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
217
218 if (!InBuffLength)
219 {
220 Status = STATUS_INVALID_PARAMETER;
221 break;
222 }
223
224 DebuggerReadOrWriteMsrRequest = (PDEBUGGER_READ_AND_WRITE_ON_MSR)Irp->AssociatedIrp.SystemBuffer;
225
226 //
227 // Only the rdmsr needs and output buffer
228 //
229 if (DebuggerReadOrWriteMsrRequest->ActionType != DEBUGGER_MSR_WRITE)
230 {
231 if (!OutBuffLength)
232 {
233 Status = STATUS_INVALID_PARAMETER;
234 break;
235 }
236 }
237
238 //
239 // Both usermode and to send to usermode and the coming buffer are
240 // at the same place
241 //
242 Status = DebuggerReadOrWriteMsr(DebuggerReadOrWriteMsrRequest, (UINT64 *)DebuggerReadOrWriteMsrRequest, &ReturnSize);
243
244 //
245 // Set the size
246 //
247 if (Status == STATUS_SUCCESS)
248 {
249 Irp->IoStatus.Information = ReturnSize;
250
251 //
252 // Avoid zeroing it
253 //
254 DoNotChangeInformation = TRUE;
255 }
256
257 break;
258
260
261 //
262 // First validate the parameters.
263 //
264 if (IrpStack->Parameters.DeviceIoControl.InputBufferLength < SIZEOF_DEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS || Irp->AssociatedIrp.SystemBuffer == NULL)
265 {
266 Status = STATUS_INVALID_PARAMETER;
267 LogError("Err, invalid parameter to IOCTL dispatcher");
268 break;
269 }
270
271 InBuffLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
272 OutBuffLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
273
274 if (!InBuffLength)
275 {
276 Status = STATUS_INVALID_PARAMETER;
277 break;
278 }
279
280 DebuggerPteRequest = (PDEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS)Irp->AssociatedIrp.SystemBuffer;
281
282 //
283 // Both usermode and to send to usermode and the coming buffer are
284 // at the same place (it's not in vmx-root)
285 //
286 ExtensionCommandPte(DebuggerPteRequest, FALSE);
287
288 Irp->IoStatus.Information = SIZEOF_DEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS;
289 Status = STATUS_SUCCESS;
290
291 //
292 // Avoid zeroing it
293 //
294 DoNotChangeInformation = TRUE;
295
296 break;
297
299
300 //
301 // First validate the parameters.
302 //
303 if (IrpStack->Parameters.DeviceIoControl.InputBufferLength < sizeof(DEBUGGER_GENERAL_EVENT_DETAIL) || Irp->AssociatedIrp.SystemBuffer == NULL)
304 {
305 Status = STATUS_INVALID_PARAMETER;
306 LogError("Err, invalid parameter to IOCTL dispatcher");
307 break;
308 }
309
310 InBuffLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
311 OutBuffLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
312
313 if (!InBuffLength || !OutBuffLength)
314 {
315 Status = STATUS_INVALID_PARAMETER;
316 break;
317 }
318
319 DebuggerNewEventRequest = (PDEBUGGER_GENERAL_EVENT_DETAIL)Irp->AssociatedIrp.SystemBuffer;
320
321 //
322 // Both usermode and to send to usermode and the coming buffer are
323 // at the same place (not coming from the VMX-root mode)
324 //
325 DebuggerParseEvent(DebuggerNewEventRequest,
326 (PDEBUGGER_EVENT_AND_ACTION_RESULT)Irp->AssociatedIrp.SystemBuffer,
327 FALSE);
328
329 Irp->IoStatus.Information = sizeof(DEBUGGER_EVENT_AND_ACTION_RESULT);
330 Status = STATUS_SUCCESS;
331
332 //
333 // Avoid zeroing it
334 //
335 DoNotChangeInformation = TRUE;
336
337 break;
338
340
341 //
342 // First validate the parameters.
343 //
344 if (IrpStack->Parameters.DeviceIoControl.InputBufferLength < sizeof(DEBUGGER_GENERAL_ACTION) || Irp->AssociatedIrp.SystemBuffer == NULL)
345 {
346 Status = STATUS_INVALID_PARAMETER;
347 LogError("Err, invalid parameter to IOCTL dispatcher");
348 break;
349 }
350
351 InBuffLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
352 OutBuffLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
353
354 if (!InBuffLength || !OutBuffLength)
355 {
356 Status = STATUS_INVALID_PARAMETER;
357 break;
358 }
359
360 DebuggerNewActionRequest = (PDEBUGGER_GENERAL_ACTION)Irp->AssociatedIrp.SystemBuffer;
361
362 //
363 // Both usermode and to send to usermode and the coming buffer are
364 // at the same place
365 //
366 DebuggerParseAction(DebuggerNewActionRequest,
367 (PDEBUGGER_EVENT_AND_ACTION_RESULT)Irp->AssociatedIrp.SystemBuffer,
368 FALSE);
369
370 Irp->IoStatus.Information = sizeof(DEBUGGER_EVENT_AND_ACTION_RESULT);
371 Status = STATUS_SUCCESS;
372
373 //
374 // Avoid zeroing it
375 //
376 DoNotChangeInformation = TRUE;
377
378 break;
379
381
382 //
383 // First validate the parameters.
384 //
385 if (IrpStack->Parameters.DeviceIoControl.InputBufferLength < SIZEOF_DEBUGGER_HIDE_AND_TRANSPARENT_DEBUGGER_MODE || Irp->AssociatedIrp.SystemBuffer == NULL)
386 {
387 Status = STATUS_INVALID_PARAMETER;
388 LogError("Err, invalid parameter to IOCTL dispatcher");
389 break;
390 }
391
392 InBuffLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
393 OutBuffLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
394
395 if (!InBuffLength || !OutBuffLength)
396 {
397 Status = STATUS_INVALID_PARAMETER;
398 break;
399 }
400
401 DebuggerHideAndUnhideRequest = (PDEBUGGER_HIDE_AND_TRANSPARENT_DEBUGGER_MODE)Irp->AssociatedIrp.SystemBuffer;
402
403 //
404 // Here we should validate whether the input parameter is
405 // valid or in other words whether we received enough space or not
406 //
407 if (DebuggerHideAndUnhideRequest->TrueIfProcessIdAndFalseIfProcessName == FALSE && IrpStack->Parameters.DeviceIoControl.InputBufferLength != SIZEOF_DEBUGGER_HIDE_AND_TRANSPARENT_DEBUGGER_MODE + DebuggerHideAndUnhideRequest->LengthOfProcessName)
408 {
409 Status = STATUS_INVALID_PARAMETER;
410 break;
411 }
412
413 //
414 // check if it's a !hide or !unhide command
415 //
416 if (DebuggerHideAndUnhideRequest->IsHide == TRUE)
417 {
418 //
419 // It's a hide request
420 //
421 Status = TransparentHideDebugger(DebuggerHideAndUnhideRequest);
422 }
423 else
424 {
425 //
426 // It's a unhide request
427 //
428 Status = TransparentUnhideDebugger();
429 }
430
431 if (Status == STATUS_SUCCESS)
432 {
433 //
434 // Set the status
435 //
436 DebuggerHideAndUnhideRequest->KernelStatus = DEBUGGER_OPERATION_WAS_SUCCESSFUL;
437 }
438 else
439 {
440 //
441 // Set the status
442 //
443 if (DebuggerHideAndUnhideRequest->IsHide)
444 {
446 }
447 else
448 {
449 DebuggerHideAndUnhideRequest->KernelStatus = DEBUGGER_ERROR_DEBUGGER_ALREADY_UHIDE;
450 }
451 }
452
453 //
454 // Set size
455 //
456 Irp->IoStatus.Information = SIZEOF_DEBUGGER_HIDE_AND_TRANSPARENT_DEBUGGER_MODE;
457
458 //
459 // Avoid zeroing it
460 //
461 DoNotChangeInformation = TRUE;
462
463 break;
464
466
467 //
468 // First validate the parameters.
469 //
470 if (IrpStack->Parameters.DeviceIoControl.InputBufferLength < SIZEOF_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS || Irp->AssociatedIrp.SystemBuffer == NULL)
471 {
472 Status = STATUS_INVALID_PARAMETER;
473 LogError("Err, invalid parameter to IOCTL dispatcher");
474 break;
475 }
476
477 InBuffLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
478 OutBuffLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
479
480 if (!InBuffLength || !OutBuffLength)
481 {
482 Status = STATUS_INVALID_PARAMETER;
483 break;
484 }
485
486 DebuggerVa2paAndPa2vaRequest = (PDEBUGGER_VA2PA_AND_PA2VA_COMMANDS)Irp->AssociatedIrp.SystemBuffer;
487
488 //
489 // Both usermode and to send to usermode and the coming buffer are
490 // at the same place (we're not in vmx-root here)
491 //
492 ExtensionCommandVa2paAndPa2va(DebuggerVa2paAndPa2vaRequest, FALSE);
493
494 //
495 // Configure IRP status
496 //
497 Irp->IoStatus.Information = SIZEOF_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS;
498 Status = STATUS_SUCCESS;
499
500 //
501 // Avoid zeroing it
502 //
503 DoNotChangeInformation = TRUE;
504
505 break;
506
508
509 //
510 // First validate the parameters.
511 //
512 if (IrpStack->Parameters.DeviceIoControl.InputBufferLength < SIZEOF_DEBUGGER_EDIT_MEMORY || Irp->AssociatedIrp.SystemBuffer == NULL)
513 {
514 Status = STATUS_INVALID_PARAMETER;
515 LogError("Err, invalid parameter to IOCTL dispatcher");
516 break;
517 }
518
519 InBuffLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
520 OutBuffLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
521
522 if (!InBuffLength || !OutBuffLength)
523 {
524 Status = STATUS_INVALID_PARAMETER;
525 break;
526 }
527
528 //
529 // Cast buffer to understandable buffer
530 //
531 DebuggerEditMemoryRequest = (PDEBUGGER_EDIT_MEMORY)Irp->AssociatedIrp.SystemBuffer;
532
533 //
534 // Here we should validate whether the input parameter is
535 // valid or in other words whether we received enough space or not
536 //
537 if (IrpStack->Parameters.DeviceIoControl.InputBufferLength != SIZEOF_DEBUGGER_EDIT_MEMORY + DebuggerEditMemoryRequest->CountOf64Chunks * sizeof(UINT64))
538 {
539 Status = STATUS_INVALID_PARAMETER;
540 break;
541 }
542
543 //
544 // Both usermode and to send to usermode and the coming buffer are
545 // at the same place
546 //
547 DebuggerCommandEditMemory(DebuggerEditMemoryRequest);
548
549 //
550 // Configure IRP status
551 //
552 Irp->IoStatus.Information = SIZEOF_DEBUGGER_EDIT_MEMORY;
553 Status = STATUS_SUCCESS;
554
555 //
556 // Avoid zeroing it
557 //
558 DoNotChangeInformation = TRUE;
559
560 break;
561
563
564 //
565 // First validate the parameters.
566 //
567 if (IrpStack->Parameters.DeviceIoControl.InputBufferLength < SIZEOF_DEBUGGER_SEARCH_MEMORY || Irp->AssociatedIrp.SystemBuffer == NULL)
568 {
569 Status = STATUS_INVALID_PARAMETER;
570 LogError("Err, invalid parameter to IOCTL dispatcher");
571 break;
572 }
573
574 InBuffLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
575 OutBuffLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
576
577 //
578 // The OutBuffLength should have at least MaximumSearchResults * sizeof(UINT64)
579 // free space to store the results
580 //
581 if (!InBuffLength || OutBuffLength < MaximumSearchResults * sizeof(UINT64))
582 {
583 Status = STATUS_INVALID_PARAMETER;
584 break;
585 }
586
587 //
588 // Cast buffer to understandable buffer
589 //
590 DebuggerSearchMemoryRequest = (PDEBUGGER_SEARCH_MEMORY)Irp->AssociatedIrp.SystemBuffer;
591
592 //
593 // Here we should validate whether the input parameter is
594 // valid or in other words whether we received enough space or not
595 //
596 if (IrpStack->Parameters.DeviceIoControl.InputBufferLength != SIZEOF_DEBUGGER_SEARCH_MEMORY + DebuggerSearchMemoryRequest->CountOf64Chunks * sizeof(UINT64))
597 {
598 Status = STATUS_INVALID_PARAMETER;
599 break;
600 }
601
602 //
603 // Both usermode and to send to usermode and the coming buffer are
604 // at the same place
605 //
606 if (DebuggerCommandSearchMemory(DebuggerSearchMemoryRequest) != STATUS_SUCCESS)
607 {
608 //
609 // It is because it was not valid in any of the ways to the function
610 // then we're sure that the usermode code won't interpret it's previous
611 // buffer as a valid buffer and will not show it to the user
612 //
613 RtlZeroMemory(DebuggerSearchMemoryRequest, MaximumSearchResults * sizeof(UINT64));
614 }
615
616 //
617 // Configure IRP status, and also we send the results
618 // buffer, with it's null values (if any)
619 //
620 Irp->IoStatus.Information = MaximumSearchResults * sizeof(UINT64);
621 Status = STATUS_SUCCESS;
622
623 //
624 // Avoid zeroing it
625 //
626 DoNotChangeInformation = TRUE;
627
628 break;
629
631
632 //
633 // First validate the parameters.
634 //
635 if (IrpStack->Parameters.DeviceIoControl.InputBufferLength < sizeof(DEBUGGER_MODIFY_EVENTS) || Irp->AssociatedIrp.SystemBuffer == NULL)
636 {
637 Status = STATUS_INVALID_PARAMETER;
638 LogError("Err, invalid parameter to IOCTL dispatcher");
639 break;
640 }
641
642 InBuffLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
643 OutBuffLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
644
645 if (!InBuffLength || !OutBuffLength)
646 {
647 Status = STATUS_INVALID_PARAMETER;
648 break;
649 }
650
651 DebuggerModifyEventRequest = (PDEBUGGER_MODIFY_EVENTS)Irp->AssociatedIrp.SystemBuffer;
652
653 //
654 // Both usermode and to send to usermode and the coming buffer are
655 // at the same place
656 //
658
659 Irp->IoStatus.Information = SIZEOF_DEBUGGER_MODIFY_EVENTS;
660 Status = STATUS_SUCCESS;
661
662 //
663 // Avoid zeroing it
664 //
665 DoNotChangeInformation = TRUE;
666
667 break;
668
670
671 //
672 // First validate the parameters.
673 //
674 if (IrpStack->Parameters.DeviceIoControl.InputBufferLength < SIZEOF_DEBUGGER_FLUSH_LOGGING_BUFFERS || Irp->AssociatedIrp.SystemBuffer == NULL)
675 {
676 Status = STATUS_INVALID_PARAMETER;
677 LogError("Err, invalid parameter to IOCTL dispatcher");
678 break;
679 }
680
681 InBuffLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
682 OutBuffLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
683
684 if (!InBuffLength || !OutBuffLength)
685 {
686 Status = STATUS_INVALID_PARAMETER;
687 break;
688 }
689
690 //
691 // Both usermode and to send to usermode and the coming buffer are
692 // at the same place
693 //
694 DebuggerFlushBuffersRequest = (PDEBUGGER_FLUSH_LOGGING_BUFFERS)Irp->AssociatedIrp.SystemBuffer;
695
696 //
697 // Perform the flush
698 //
699 DebuggerCommandFlush(DebuggerFlushBuffersRequest);
700
701 Irp->IoStatus.Information = SIZEOF_DEBUGGER_FLUSH_LOGGING_BUFFERS;
702 Status = STATUS_SUCCESS;
703
704 //
705 // Avoid zeroing it
706 //
707 DoNotChangeInformation = TRUE;
708
709 break;
710
712
713 //
714 // First validate the parameters.
715 //
716 if (IrpStack->Parameters.DeviceIoControl.InputBufferLength < SIZEOF_DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS || Irp->AssociatedIrp.SystemBuffer == NULL)
717 {
718 Status = STATUS_INVALID_PARAMETER;
719 LogError("Err, invalid parameter to IOCTL dispatcher");
720 break;
721 }
722
723 InBuffLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
724 OutBuffLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
725
726 if (!InBuffLength || !OutBuffLength)
727 {
728 Status = STATUS_INVALID_PARAMETER;
729 break;
730 }
731
732 //
733 // Both usermode and to send to usermode and the coming buffer are
734 // at the same place
735 //
736 DebuggerAttachOrDetachToThreadRequest = (PDEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS)Irp->AssociatedIrp.SystemBuffer;
737
738 //
739 // Perform the attach to the target process
740 //
741 AttachingTargetProcess(DebuggerAttachOrDetachToThreadRequest);
742
743 Irp->IoStatus.Information = SIZEOF_DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS;
744 Status = STATUS_SUCCESS;
745
746 //
747 // Avoid zeroing it
748 //
749 DoNotChangeInformation = TRUE;
750
751 break;
752
754
755 //
756 // First validate the parameters.
757 //
758 if (IrpStack->Parameters.DeviceIoControl.InputBufferLength < SIZEOF_DEBUGGER_PREPARE_DEBUGGEE || Irp->AssociatedIrp.SystemBuffer == NULL)
759 {
760 Status = STATUS_INVALID_PARAMETER;
761 LogError("Err, invalid parameter to IOCTL dispatcher");
762 break;
763 }
764
765 InBuffLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
766 OutBuffLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
767
768 if (!InBuffLength || !OutBuffLength)
769 {
770 Status = STATUS_INVALID_PARAMETER;
771 break;
772 }
773
774 //
775 // Both usermode and to send to usermode and the coming buffer are
776 // at the same place
777 //
778 DebuggeeRequest = (PDEBUGGER_PREPARE_DEBUGGEE)Irp->AssociatedIrp.SystemBuffer;
779
780 //
781 // Perform the action
782 //
783 SerialConnectionPrepare(DebuggeeRequest);
784
785 Irp->IoStatus.Information = SIZEOF_DEBUGGER_PREPARE_DEBUGGEE;
786 Status = STATUS_SUCCESS;
787
788 //
789 // Avoid zeroing it
790 //
791 DoNotChangeInformation = TRUE;
792
793 break;
794
796
797 //
798 // First validate the parameters.
799 //
800 if (IrpStack->Parameters.DeviceIoControl.InputBufferLength < SIZEOF_DEBUGGER_PAUSE_PACKET_RECEIVED || Irp->AssociatedIrp.SystemBuffer == NULL)
801 {
802 Status = STATUS_INVALID_PARAMETER;
803 LogError("Err, invalid parameter to IOCTL dispatcher");
804 break;
805 }
806
807 InBuffLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
808 OutBuffLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
809
810 if (!InBuffLength || !OutBuffLength)
811 {
812 Status = STATUS_INVALID_PARAMETER;
813 break;
814 }
815
816 //
817 // Both usermode and to send to usermode and the coming buffer are
818 // at the same place
819 //
820 DebuggerPauseKernelRequest = (PDEBUGGER_PAUSE_PACKET_RECEIVED)Irp->AssociatedIrp.SystemBuffer;
821
822 //
823 // Perform the action
824 //
825 KdHaltSystem(DebuggerPauseKernelRequest);
826
827 Irp->IoStatus.Information = SIZEOF_DEBUGGER_PAUSE_PACKET_RECEIVED;
828 Status = STATUS_SUCCESS;
829
830 //
831 // Avoid zeroing it
832 //
833 DoNotChangeInformation = TRUE;
834
835 break;
836
838
839 //
840 // First validate the parameters.
841 //
842 if (IrpStack->Parameters.DeviceIoControl.InputBufferLength < SIZEOF_DEBUGGER_SEND_COMMAND_EXECUTION_FINISHED_SIGNAL || Irp->AssociatedIrp.SystemBuffer == NULL)
843 {
844 Status = STATUS_INVALID_PARAMETER;
845 LogError("Err, invalid parameter to IOCTL dispatcher");
846 break;
847 }
848
849 InBuffLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
850 OutBuffLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
851
852 if (!InBuffLength || !OutBuffLength)
853 {
854 Status = STATUS_INVALID_PARAMETER;
855 break;
856 }
857
858 //
859 // Both usermode and to send to usermode and the coming buffer are
860 // at the same place
861 //
862 DebuggerCommandExecutionFinishedRequest = (PDEBUGGER_SEND_COMMAND_EXECUTION_FINISHED_SIGNAL)Irp->AssociatedIrp.SystemBuffer;
863
864 //
865 // Perform the signal operation
866 //
867 DebuggerCommandSignalExecutionState(DebuggerCommandExecutionFinishedRequest);
868
870 Status = STATUS_SUCCESS;
871
872 //
873 // Avoid zeroing it
874 //
875 DoNotChangeInformation = TRUE;
876
877 break;
878
880
881 //
882 // First validate the parameters.
883 //
884 if (IrpStack->Parameters.DeviceIoControl.InputBufferLength < SIZEOF_DEBUGGER_SEND_USERMODE_MESSAGES_TO_DEBUGGER || Irp->AssociatedIrp.SystemBuffer == NULL)
885 {
886 Status = STATUS_INVALID_PARAMETER;
887 LogError("Err, invalid parameter to IOCTL dispatcher");
888 break;
889 }
890
891 InBuffLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
892 OutBuffLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
893
894 if (!InBuffLength || !OutBuffLength)
895 {
896 Status = STATUS_INVALID_PARAMETER;
897 break;
898 }
899
900 //
901 // Both usermode and to send to usermode and the coming buffer are
902 // at the same place
903 //
904 DebuggerSendUsermodeMessageRequest = (PDEBUGGER_SEND_USERMODE_MESSAGES_TO_DEBUGGER)Irp->AssociatedIrp.SystemBuffer;
905
906 //
907 // Second validation phase
908 //
909 if (DebuggerSendUsermodeMessageRequest->Length == NULL_ZERO ||
910 IrpStack->Parameters.DeviceIoControl.InputBufferLength != SIZEOF_DEBUGGER_SEND_USERMODE_MESSAGES_TO_DEBUGGER + DebuggerSendUsermodeMessageRequest->Length)
911 {
912 Status = STATUS_INVALID_PARAMETER;
913 break;
914 }
915
916 //
917 // Perform the signal operation
918 //
919 DebuggerCommandSendMessage(DebuggerSendUsermodeMessageRequest);
920
921 Irp->IoStatus.Information = SIZEOF_DEBUGGER_SEND_USERMODE_MESSAGES_TO_DEBUGGER;
922 Status = STATUS_SUCCESS;
923
924 //
925 // Avoid zeroing it
926 //
927 DoNotChangeInformation = TRUE;
928
929 break;
930
932
933 //
934 // First validate the parameters.
935 //
936 if (IrpStack->Parameters.DeviceIoControl.InputBufferLength < SIZEOF_DEBUGGEE_SEND_GENERAL_PACKET_FROM_DEBUGGEE_TO_DEBUGGER || Irp->AssociatedIrp.SystemBuffer == NULL)
937 {
938 Status = STATUS_INVALID_PARAMETER;
939 LogError("Err, invalid parameter to IOCTL dispatcher");
940 break;
941 }
942
943 InBuffLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
944 OutBuffLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
945
946 if (!InBuffLength || !OutBuffLength)
947 {
948 Status = STATUS_INVALID_PARAMETER;
949 break;
950 }
951
952 //
953 // Both usermode and to send to usermode and the coming buffer are
954 // at the same place
955 //
956 DebuggerSendBufferFromDebuggeeToDebuggerRequest = (PDEBUGGEE_SEND_GENERAL_PACKET_FROM_DEBUGGEE_TO_DEBUGGER)Irp->AssociatedIrp.SystemBuffer;
957
958 //
959 // Second validation phase
960 //
961 if (DebuggerSendBufferFromDebuggeeToDebuggerRequest->LengthOfBuffer == NULL_ZERO ||
962 IrpStack->Parameters.DeviceIoControl.InputBufferLength != SIZEOF_DEBUGGEE_SEND_GENERAL_PACKET_FROM_DEBUGGEE_TO_DEBUGGER + DebuggerSendBufferFromDebuggeeToDebuggerRequest->LengthOfBuffer)
963 {
964 Status = STATUS_INVALID_PARAMETER;
965 break;
966 }
967
968 //
969 // Perform the signal operation
970 //
971 DebuggerCommandSendGeneralBufferToDebugger(DebuggerSendBufferFromDebuggeeToDebuggerRequest);
972
974 Status = STATUS_SUCCESS;
975
976 //
977 // Avoid zeroing it
978 //
979 DoNotChangeInformation = TRUE;
980
981 break;
982
984
985 //
986 // First validate the parameters.
987 //
988 if (IrpStack->Parameters.DeviceIoControl.InputBufferLength < SIZEOF_DEBUGGER_PERFORM_KERNEL_TESTS || Irp->AssociatedIrp.SystemBuffer == NULL)
989 {
990 Status = STATUS_INVALID_PARAMETER;
991 LogError("Err, invalid parameter to IOCTL dispatcher");
992 break;
993 }
994
995 InBuffLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
996 OutBuffLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
997
998 if (!InBuffLength || !OutBuffLength)
999 {
1000 Status = STATUS_INVALID_PARAMETER;
1001 break;
1002 }
1003
1004 //
1005 // Both usermode and to send to usermode and the coming buffer are
1006 // at the same place
1007 //
1008 DebuggerKernelTestRequest = (PDEBUGGER_PERFORM_KERNEL_TESTS)Irp->AssociatedIrp.SystemBuffer;
1009
1010 //
1011 // Perform the kernel-side tests
1012 //
1013 TestKernelPerformTests(DebuggerKernelTestRequest);
1014
1015 Irp->IoStatus.Information = SIZEOF_DEBUGGER_PERFORM_KERNEL_TESTS;
1016 Status = STATUS_SUCCESS;
1017
1018 //
1019 // Avoid zeroing it
1020 //
1021 DoNotChangeInformation = TRUE;
1022
1023 break;
1024
1026
1027 //
1028 // First validate the parameters.
1029 //
1030 if (IrpStack->Parameters.DeviceIoControl.InputBufferLength < SIZEOF_DEBUGGER_PREALLOC_COMMAND || Irp->AssociatedIrp.SystemBuffer == NULL)
1031 {
1032 Status = STATUS_INVALID_PARAMETER;
1033 LogError("Err, invalid parameter to IOCTL dispatcher");
1034 break;
1035 }
1036
1037 InBuffLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
1038 OutBuffLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
1039
1040 if (!InBuffLength || !OutBuffLength)
1041 {
1042 Status = STATUS_INVALID_PARAMETER;
1043 break;
1044 }
1045
1046 //
1047 // Both usermode and to send to usermode and the coming buffer are
1048 // at the same place
1049 //
1050 DebuggerReservePreallocPoolRequest = (PDEBUGGER_PREALLOC_COMMAND)Irp->AssociatedIrp.SystemBuffer;
1051
1052 //
1053 // Perform the reservation pools
1054 //
1055 DebuggerCommandReservePreallocatedPools(DebuggerReservePreallocPoolRequest);
1056
1057 Irp->IoStatus.Information = SIZEOF_DEBUGGER_PREALLOC_COMMAND;
1058 Status = STATUS_SUCCESS;
1059
1060 //
1061 // Avoid zeroing it
1062 //
1063 DoNotChangeInformation = TRUE;
1064
1065 break;
1066
1068
1069 //
1070 // First validate the parameters.
1071 //
1072 if (IrpStack->Parameters.DeviceIoControl.InputBufferLength < SIZEOF_DEBUGGER_PREACTIVATE_COMMAND || Irp->AssociatedIrp.SystemBuffer == NULL)
1073 {
1074 Status = STATUS_INVALID_PARAMETER;
1075 LogError("Err, invalid parameter to IOCTL dispatcher");
1076 break;
1077 }
1078
1079 InBuffLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
1080 OutBuffLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
1081
1082 if (!InBuffLength || !OutBuffLength)
1083 {
1084 Status = STATUS_INVALID_PARAMETER;
1085 break;
1086 }
1087
1088 //
1089 // Both usermode and to send to usermode and the coming buffer are
1090 // at the same place
1091 //
1092 DebuggerPreactivationRequest = (PDEBUGGER_PREACTIVATE_COMMAND)Irp->AssociatedIrp.SystemBuffer;
1093
1094 //
1095 // Perform the activation of the functionality
1096 //
1097 DebuggerCommandPreactivateFunctionality(DebuggerPreactivationRequest);
1098
1099 Irp->IoStatus.Information = SIZEOF_DEBUGGER_PREACTIVATE_COMMAND;
1100 Status = STATUS_SUCCESS;
1101
1102 //
1103 // Avoid zeroing it
1104 //
1105 DoNotChangeInformation = TRUE;
1106
1107 break;
1108
1110
1111 //
1112 // First validate the parameters.
1113 //
1114 if (IrpStack->Parameters.DeviceIoControl.InputBufferLength < sizeof(DEBUGGER_UD_COMMAND_PACKET) || Irp->AssociatedIrp.SystemBuffer == NULL)
1115 {
1116 Status = STATUS_INVALID_PARAMETER;
1117 LogError("Err, invalid parameter to IOCTL dispatcher");
1118 break;
1119 }
1120
1121 InBuffLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
1122 OutBuffLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
1123
1124 if (!InBuffLength || !OutBuffLength)
1125 {
1126 Status = STATUS_INVALID_PARAMETER;
1127 break;
1128 }
1129
1130 //
1131 // Both usermode and to send to usermode and the coming buffer are
1132 // at the same place
1133 //
1134 DebuggerUdCommandRequest = (PDEBUGGER_UD_COMMAND_PACKET)Irp->AssociatedIrp.SystemBuffer;
1135
1136 //
1137 // Perform the dispatching of user debugger command
1138 //
1139 UdDispatchUsermodeCommands(DebuggerUdCommandRequest);
1140
1141 Irp->IoStatus.Information = sizeof(DEBUGGER_UD_COMMAND_PACKET);
1142 Status = STATUS_SUCCESS;
1143
1144 //
1145 // Avoid zeroing it
1146 //
1147 DoNotChangeInformation = TRUE;
1148
1149 break;
1150
1152
1153 OutBuffLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
1154
1155 if (!OutBuffLength)
1156 {
1157 Status = STATUS_INVALID_PARAMETER;
1158 break;
1159 }
1160
1161 //
1162 // Both usermode and to send to usermode is here
1163 //
1164 BufferToStoreThreadsAndProcessesDetails = (PVOID)Irp->AssociatedIrp.SystemBuffer;
1165
1166 //
1167 // Perform the dispatching of user debugger command
1168 //
1169 AttachingQueryDetailsOfActiveDebuggingThreadsAndProcesses(BufferToStoreThreadsAndProcessesDetails, OutBuffLength);
1170
1171 Irp->IoStatus.Information = OutBuffLength;
1172 Status = STATUS_SUCCESS;
1173
1174 //
1175 // Avoid zeroing it
1176 //
1177 DoNotChangeInformation = TRUE;
1178
1179 break;
1180
1182
1183 //
1184 // First validate the parameters.
1185 //
1186 if (IrpStack->Parameters.DeviceIoControl.InputBufferLength < sizeof(USERMODE_LOADED_MODULE_DETAILS) || Irp->AssociatedIrp.SystemBuffer == NULL)
1187 {
1188 Status = STATUS_INVALID_PARAMETER;
1189 LogError("Err, invalid parameter to IOCTL dispatcher");
1190 break;
1191 }
1192
1193 InBuffLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
1194 OutBuffLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
1195
1196 if (!InBuffLength || !OutBuffLength)
1197 {
1198 Status = STATUS_INVALID_PARAMETER;
1199 break;
1200 }
1201
1202 //
1203 // Both usermode and to send to usermode and the coming buffer are
1204 // at the same place
1205 //
1206 DebuggerUsermodeModulesRequest = (PUSERMODE_LOADED_MODULE_DETAILS)Irp->AssociatedIrp.SystemBuffer;
1207
1208 //
1209 // Getting the modules details
1210 //
1211 UserAccessGetLoadedModules(DebuggerUsermodeModulesRequest, OutBuffLength);
1212
1213 Irp->IoStatus.Information = OutBuffLength;
1214 Status = STATUS_SUCCESS;
1215
1216 //
1217 // Avoid zeroing it
1218 //
1219 DoNotChangeInformation = TRUE;
1220
1221 break;
1222
1224
1225 //
1226 // First validate the parameters.
1227 //
1228 if (IrpStack->Parameters.DeviceIoControl.InputBufferLength < sizeof(DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS) || Irp->AssociatedIrp.SystemBuffer == NULL)
1229 {
1230 Status = STATUS_INVALID_PARAMETER;
1231 LogError("Err, invalid parameter to IOCTL dispatcher");
1232 break;
1233 }
1234
1235 InBuffLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
1236 OutBuffLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
1237
1238 if (!InBuffLength || !OutBuffLength)
1239 {
1240 Status = STATUS_INVALID_PARAMETER;
1241 break;
1242 }
1243
1244 //
1245 // Both usermode and to send to usermode and the coming buffer are
1246 // at the same place
1247 //
1248 DebuggerUsermodeProcessOrThreadQueryRequest = (PDEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS)Irp->AssociatedIrp.SystemBuffer;
1249
1250 //
1251 // Getting the count result
1252 //
1253 if (DebuggerUsermodeProcessOrThreadQueryRequest->QueryType == DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS_QUERY_PROCESS_COUNT)
1254 {
1255 ProcessQueryCount(DebuggerUsermodeProcessOrThreadQueryRequest);
1256 }
1257 else if (DebuggerUsermodeProcessOrThreadQueryRequest->QueryType == DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS_QUERY_THREAD_COUNT)
1258 {
1259 ThreadQueryCount(DebuggerUsermodeProcessOrThreadQueryRequest);
1260 }
1261
1262 Irp->IoStatus.Information = SIZEOF_DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS;
1263 Status = STATUS_SUCCESS;
1264
1265 //
1266 // Avoid zeroing it
1267 //
1268 DoNotChangeInformation = TRUE;
1269
1270 break;
1271
1273
1274 //
1275 // First validate the parameters.
1276 //
1277 if (IrpStack->Parameters.DeviceIoControl.InputBufferLength < sizeof(DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS) || Irp->AssociatedIrp.SystemBuffer == NULL)
1278 {
1279 Status = STATUS_INVALID_PARAMETER;
1280 LogError("Err, invalid parameter to IOCTL dispatcher");
1281 break;
1282 }
1283
1284 InBuffLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
1285 OutBuffLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
1286
1287 if (!InBuffLength || !OutBuffLength)
1288 {
1289 Status = STATUS_INVALID_PARAMETER;
1290 break;
1291 }
1292
1293 //
1294 // Both usermode and to send to usermode and the coming buffer are
1295 // at the same place
1296 //
1297 DebuggerUsermodeProcessOrThreadQueryRequest = (PDEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS)Irp->AssociatedIrp.SystemBuffer;
1298
1299 //
1300 // Getting the list of processes or threads
1301 //
1302 if (DebuggerUsermodeProcessOrThreadQueryRequest->QueryType == DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS_QUERY_PROCESS_LIST)
1303 {
1304 ProcessQueryList(DebuggerUsermodeProcessOrThreadQueryRequest,
1305 DebuggerUsermodeProcessOrThreadQueryRequest,
1306 OutBuffLength);
1307 }
1308 else if (DebuggerUsermodeProcessOrThreadQueryRequest->QueryType == DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS_QUERY_THREAD_LIST)
1309 {
1310 ThreadQueryList(DebuggerUsermodeProcessOrThreadQueryRequest,
1311 DebuggerUsermodeProcessOrThreadQueryRequest,
1312 OutBuffLength);
1313 }
1314
1315 Irp->IoStatus.Information = OutBuffLength;
1316 Status = STATUS_SUCCESS;
1317
1318 //
1319 // Avoid zeroing it
1320 //
1321 DoNotChangeInformation = TRUE;
1322
1323 break;
1324
1326
1327 //
1328 // First validate the parameters.
1329 //
1330 if (IrpStack->Parameters.DeviceIoControl.InputBufferLength < SIZEOF_DEBUGGEE_DETAILS_AND_SWITCH_THREAD_PACKET || Irp->AssociatedIrp.SystemBuffer == NULL)
1331 {
1332 Status = STATUS_INVALID_PARAMETER;
1333 LogError("Err, invalid parameter to IOCTL dispatcher");
1334 break;
1335 }
1336
1337 InBuffLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
1338 OutBuffLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
1339
1340 if (!InBuffLength || !OutBuffLength)
1341 {
1342 Status = STATUS_INVALID_PARAMETER;
1343 break;
1344 }
1345
1346 //
1347 // Both usermode and to send to usermode and the coming buffer are
1348 // at the same place
1349 //
1350 GetInformationThreadRequest = (PDEBUGGEE_DETAILS_AND_SWITCH_THREAD_PACKET)Irp->AssociatedIrp.SystemBuffer;
1351
1352 //
1353 // Get the information
1354 //
1355 ThreadQueryDetails(GetInformationThreadRequest);
1356
1357 Irp->IoStatus.Information = SIZEOF_DEBUGGEE_DETAILS_AND_SWITCH_THREAD_PACKET;
1358 Status = STATUS_SUCCESS;
1359
1360 //
1361 // Avoid zeroing it
1362 //
1363 DoNotChangeInformation = TRUE;
1364
1365 break;
1366
1368
1369 //
1370 // First validate the parameters.
1371 //
1372 if (IrpStack->Parameters.DeviceIoControl.InputBufferLength < SIZEOF_DEBUGGEE_DETAILS_AND_SWITCH_PROCESS_PACKET || Irp->AssociatedIrp.SystemBuffer == NULL)
1373 {
1374 Status = STATUS_INVALID_PARAMETER;
1375 LogError("Err, invalid parameter to IOCTL dispatcher");
1376 break;
1377 }
1378
1379 InBuffLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
1380 OutBuffLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
1381
1382 if (!InBuffLength || !OutBuffLength)
1383 {
1384 Status = STATUS_INVALID_PARAMETER;
1385 break;
1386 }
1387
1388 //
1389 // Both usermode and to send to usermode and the coming buffer are
1390 // at the same place
1391 //
1392 GetInformationProcessRequest = (PDEBUGGEE_DETAILS_AND_SWITCH_PROCESS_PACKET)Irp->AssociatedIrp.SystemBuffer;
1393
1394 //
1395 // Get the information
1396 //
1397 ProcessQueryDetails(GetInformationProcessRequest);
1398
1399 Irp->IoStatus.Information = SIZEOF_DEBUGGEE_DETAILS_AND_SWITCH_PROCESS_PACKET;
1400 Status = STATUS_SUCCESS;
1401
1402 //
1403 // Avoid zeroing it
1404 //
1405 DoNotChangeInformation = TRUE;
1406
1407 break;
1408
1410
1411 //
1412 // First validate the parameters.
1413 //
1414 if (IrpStack->Parameters.DeviceIoControl.InputBufferLength < SIZEOF_REVERSING_MACHINE_RECONSTRUCT_MEMORY_REQUEST || Irp->AssociatedIrp.SystemBuffer == NULL)
1415 {
1416 Status = STATUS_INVALID_PARAMETER;
1417 LogError("Err, invalid parameter to IOCTL dispatcher");
1418 break;
1419 }
1420
1421 InBuffLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
1422 OutBuffLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
1423
1424 if (!InBuffLength || !OutBuffLength)
1425 {
1426 Status = STATUS_INVALID_PARAMETER;
1427 break;
1428 }
1429
1430 //
1431 // Both usermode and to send to usermode and the coming buffer are
1432 // at the same place
1433 //
1434 RevServiceRequest = (PREVERSING_MACHINE_RECONSTRUCT_MEMORY_REQUEST)Irp->AssociatedIrp.SystemBuffer;
1435
1436 //
1437 // Perform the service request
1438 //
1440
1441 Irp->IoStatus.Information = SIZEOF_REVERSING_MACHINE_RECONSTRUCT_MEMORY_REQUEST;
1442 Status = STATUS_SUCCESS;
1443
1444 //
1445 // Avoid zeroing it
1446 //
1447 DoNotChangeInformation = TRUE;
1448
1449 break;
1450
1452
1453 //
1454 // First validate the parameters.
1455 //
1456 if (IrpStack->Parameters.DeviceIoControl.InputBufferLength < SIZEOF_DEBUGGER_PAGE_IN_REQUEST || Irp->AssociatedIrp.SystemBuffer == NULL)
1457 {
1458 Status = STATUS_INVALID_PARAMETER;
1459 LogError("Err, invalid parameter to IOCTL dispatcher");
1460 break;
1461 }
1462
1463 InBuffLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
1464 OutBuffLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
1465
1466 if (!InBuffLength)
1467 {
1468 Status = STATUS_INVALID_PARAMETER;
1469 break;
1470 }
1471
1472 DebuggerPageinRequest = (PDEBUGGER_PAGE_IN_REQUEST)Irp->AssociatedIrp.SystemBuffer;
1473
1474 //
1475 // Both usermode and to send to usermode and the coming buffer are
1476 // at the same place (it's in VMI-mode)
1477 //
1478 DebuggerCommandBringPagein(DebuggerPageinRequest);
1479
1480 Irp->IoStatus.Information = SIZEOF_DEBUGGER_PAGE_IN_REQUEST;
1481 Status = STATUS_SUCCESS;
1482
1483 //
1484 // Avoid zeroing it
1485 //
1486 DoNotChangeInformation = TRUE;
1487
1488 break;
1489
1490 default:
1491 LogError("Err, unknown IOCTL");
1492 Status = STATUS_NOT_IMPLEMENTED;
1493 break;
1494 }
1495 }
1496 else
1497 {
1498 //
1499 // We're no longer serve IOCTL
1500 //
1501 Status = STATUS_SUCCESS;
1502 }
1503
1504 if (Status != STATUS_PENDING)
1505 {
1506 Irp->IoStatus.Status = Status;
1507 if (!DoNotChangeInformation)
1508 {
1509 Irp->IoStatus.Information = 0;
1510 }
1511 IoCompleteRequest(Irp, IO_NO_INCREMENT);
1512 }
1513
1514 return Status;
1515}
BOOLEAN AttachingQueryDetailsOfActiveDebuggingThreadsAndProcesses(PVOID BufferToStoreDetails, UINT32 BufferSize)
Query details of active debugging threads.
Definition Attaching.c:1476
VOID AttachingTargetProcess(PDEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS Request)
Dispatch and perform attaching tasks.
Definition Attaching.c:1508
UCHAR BOOLEAN
Definition BasicTypes.h:39
#define NULL_ZERO
Definition BasicTypes.h:51
#define TRUE
Definition BasicTypes.h:55
char CHAR
Definition BasicTypes.h:31
unsigned long ULONG
Definition BasicTypes.h:37
BOOLEAN LogCallbackSendBuffer(_In_ UINT32 OperationCode, _In_reads_bytes_(BufferLength) PVOID Buffer, _In_ UINT32 BufferLength, _In_ BOOLEAN Priority)
routines callback for sending buffer
Definition Callback.c:123
BOOLEAN ConfigureInitializeExecTrapOnAllProcessors()
routines for initializing user-mode, kernel-mode exec trap
Definition Configuration.c:37
#define EnableInstantEventMechanism
Enable or disable the instant event mechanism.
Definition Configuration.h:75
#define OPERATION_HYPERVISOR_DRIVER_END_OF_IRPS
Definition Constants.h:382
#define MaximumSearchResults
maximum results that will be returned by !s* s* command
Definition Constants.h:514
struct _REGISTER_NOTIFY_BUFFER * PREGISTER_NOTIFY_BUFFER
#define SIZEOF_DEBUGGER_PAUSE_PACKET_RECEIVED
Definition DataTypes.h:170
struct _DEBUGGER_PAUSE_PACKET_RECEIVED * PDEBUGGER_PAUSE_PACKET_RECEIVED
@ EVENT_BASED
Definition DataTypes.h:256
@ IRP_BASED
Definition DataTypes.h:255
BOOLEAN DebuggerParseEvent(PDEBUGGER_GENERAL_EVENT_DETAIL EventDetails, PDEBUGGER_EVENT_AND_ACTION_RESULT ResultsToReturn, BOOLEAN InputFromVmxRoot)
Routine for parsing events.
Definition Debugger.c:3116
VOID DebuggerUninitialize()
Uninitialize Debugger Structures and Routines.
Definition Debugger.c:257
BOOLEAN DebuggerParseEventsModification(PDEBUGGER_MODIFY_EVENTS DebuggerEventModificationRequest, BOOLEAN InputFromVmxRoot, BOOLEAN PoolManagerAllocatedMemory)
Parse and validate requests to enable/disable/clear from the user-mode.
Definition Debugger.c:3671
BOOLEAN DebuggerParseAction(PDEBUGGER_GENERAL_ACTION ActionDetails, PDEBUGGER_EVENT_AND_ACTION_RESULT ResultsToReturn, BOOLEAN InputFromVmxRoot)
Routine for validating and parsing actions that are coming from the user-mode.
Definition Debugger.c:3260
BOOLEAN DebuggerCommandBringPagein(PDEBUGGER_PAGE_IN_REQUEST PageinRequest)
routines for the .pagein command
Definition DebuggerCommands.c:1475
NTSTATUS DebuggerCommandPreactivateFunctionality(PDEBUGGER_PREACTIVATE_COMMAND PreactivateRequest)
Preactivate a special functionality.
Definition DebuggerCommands.c:1443
NTSTATUS DebuggerCommandReservePreallocatedPools(PDEBUGGER_PREALLOC_COMMAND PreallocRequest)
Reserve and allocate pre-allocated buffers.
Definition DebuggerCommands.c:1319
NTSTATUS DebuggerReadOrWriteMsr(PDEBUGGER_READ_AND_WRITE_ON_MSR ReadOrWriteMsrRequest, UINT64 *UserBuffer, PSIZE_T ReturnSize)
Perform rdmsr, wrmsr commands.
Definition DebuggerCommands.c:288
NTSTATUS DebuggerCommandSignalExecutionState(PDEBUGGER_SEND_COMMAND_EXECUTION_FINISHED_SIGNAL DebuggerFinishedExecutionRequest)
Perform the command finished signal.
Definition DebuggerCommands.c:1255
NTSTATUS DebuggerCommandSearchMemory(PDEBUGGER_SEARCH_MEMORY SearchMemRequest)
Start searching memory.
Definition DebuggerCommands.c:1134
BOOLEAN DebuggerCommandReadMemory(PDEBUGGER_READ_MEMORY ReadMemRequest, PVOID UserBuffer, PSIZE_T ReturnSize)
Read memory for different commands.
Definition DebuggerCommands.c:25
NTSTATUS DebuggerCommandSendMessage(PDEBUGGER_SEND_USERMODE_MESSAGES_TO_DEBUGGER DebuggerSendUsermodeMessageRequest)
Send the user-mode buffer to debugger.
Definition DebuggerCommands.c:1274
NTSTATUS DebuggerCommandSendGeneralBufferToDebugger(PDEBUGGEE_SEND_GENERAL_PACKET_FROM_DEBUGGEE_TO_DEBUGGER DebuggeeBufferRequest)
Send general buffers from the debuggee to the debugger.
Definition DebuggerCommands.c:1296
NTSTATUS DebuggerCommandFlush(PDEBUGGER_FLUSH_LOGGING_BUFFERS DebuggerFlushBuffersRequest)
Perform the flush requests to vmx-root and vmx non-root buffers.
Definition DebuggerCommands.c:1235
NTSTATUS DebuggerCommandEditMemory(PDEBUGGER_EDIT_MEMORY EditMemRequest)
Edit physical and virtual memory.
Definition DebuggerCommands.c:441
#define DEBUGGER_ERROR_UNABLE_TO_HIDE_OR_UNHIDE_DEBUGGER
error, unable to hide the debugger and enter to transparent-mode
Definition ErrorCodes.h:87
#define DEBUGGER_ERROR_DEBUGGER_ALREADY_UHIDE
error, the debugger is already in transparent-mode
Definition ErrorCodes.h:93
#define DEBUGGER_OPERATION_WAS_SUCCESSFUL
General value to indicate that the operation or request was successful.
Definition ErrorCodes.h:23
VOID VmFuncUninitVmm()
Uninitialize Terminate Vmx on all logical cores.
Definition Export.c:541
VOID ExtensionCommandVa2paAndPa2va(PDEBUGGER_VA2PA_AND_PA2VA_COMMANDS AddressDetails, BOOLEAN OperateOnVmxRoot)
routines for !va2pa and !pa2va commands
Definition ExtensionCommands.c:23
BOOLEAN ExtensionCommandPte(PDEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS PteDetails, BOOLEAN IsOperatingInVmxRoot)
routines for !pte command
Definition ExtensionCommands.c:170
#define LogError(format,...)
Log in the case of error.
Definition HyperDbgHyperLogIntrinsics.h:113
#define IOCTL_SEND_GENERAL_BUFFER_FROM_DEBUGGEE_TO_DEBUGGER
ioctl, send general buffer from debuggee to debugger
Definition Ioctls.h:205
#define IOCTL_DEBUGGER_EDIT_MEMORY
ioctl, request to edit virtual and physical memory
Definition Ioctls.h:134
#define IOCTL_DEBUGGER_READ_OR_WRITE_MSR
ioctl, request to read or write on a special MSR
Definition Ioctls.h:92
#define IOCTL_DEBUGGER_READ_MEMORY
ioctl, request to read memory
Definition Ioctls.h:85
#define IOCTL_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS
ioctl, for !va2pa and !pa2va commands
Definition Ioctls.h:127
#define IOCTL_QUERY_CURRENT_THREAD
ioctl, query the current thread details
Definition Ioctls.h:268
#define IOCTL_PREACTIVATE_FUNCTIONALITY
ioctl, to preactivate a functionality
Definition Ioctls.h:289
#define IOCTL_DEBUGGER_FLUSH_LOGGING_BUFFERS
ioctl, flush the kernel buffers
Definition Ioctls.h:155
#define IOCTL_SEND_USERMODE_MESSAGES_TO_DEBUGGER
ioctl, send user-mode messages to the debugger
Definition Ioctls.h:198
#define IOCTL_RETURN_IRP_PENDING_PACKETS_AND_DISALLOW_IOCTL
ioctl, irp pending mechanism for reading from message tracing buffers
Definition Ioctls.h:71
#define IOCTL_REQUEST_REV_MACHINE_SERVICE
ioctl, request service from the reversing machine
Definition Ioctls.h:275
#define IOCTL_DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS
ioctl, attach or detach user-mode processes
Definition Ioctls.h:162
#define IOCTL_PREPARE_DEBUGGEE
ioctl, prepare debuggee
Definition Ioctls.h:177
#define IOCTL_DEBUGGER_SEARCH_MEMORY
ioctl, request to search virtual and physical memory
Definition Ioctls.h:141
#define IOCTL_QUERY_CURRENT_PROCESS
ioctl, query the current process details
Definition Ioctls.h:261
#define IOCTL_DEBUGGER_REGISTER_EVENT
ioctl, register an event
Definition Ioctls.h:106
#define IOCTL_TERMINATE_VMX
ioctl, to terminate vmx and exit form debugger
Definition Ioctls.h:78
#define IOCTL_PERFROM_KERNEL_SIDE_TESTS
ioctl, to perform kernel-side tests
Definition Ioctls.h:212
#define IOCTL_SEND_USER_DEBUGGER_COMMANDS
ioctl, to send user debugger commands
Definition Ioctls.h:226
#define IOCTL_DEBUGGER_BRING_PAGES_IN
ioctl, request to bring pages in
Definition Ioctls.h:282
#define IOCTL_PAUSE_PACKET_RECEIVED
ioctl, pause and halt the system
Definition Ioctls.h:184
#define IOCTL_SEND_SIGNAL_EXECUTION_IN_DEBUGGEE_FINISHED
ioctl, send a signal that execution of command finished
Definition Ioctls.h:191
#define IOCTL_GET_LIST_OF_THREADS_AND_PROCESSES
ioctl, to get list threads/processes
Definition Ioctls.h:254
#define IOCTL_DEBUGGER_HIDE_AND_UNHIDE_TO_TRANSPARENT_THE_DEBUGGER
ioctl, request to enable or disable transparent-mode
Definition Ioctls.h:120
#define IOCTL_DEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS
ioctl, request to read page table entries
Definition Ioctls.h:99
#define IOCTL_GET_DETAIL_OF_ACTIVE_THREADS_AND_PROCESSES
ioctl, to get active threads/processes that are debugging
Definition Ioctls.h:233
#define IOCTL_REGISTER_EVENT
ioctl, register a new event
Definition Ioctls.h:64
#define IOCTL_QUERY_COUNT_OF_ACTIVE_PROCESSES_OR_THREADS
ioctl, query count of active threads or processes
Definition Ioctls.h:247
#define IOCTL_DEBUGGER_ADD_ACTION_TO_EVENT
ioctl, add action to event
Definition Ioctls.h:113
#define IOCTL_DEBUGGER_MODIFY_EVENTS
ioctl, request to modify an event (enable/disable/clear)
Definition Ioctls.h:148
#define IOCTL_RESERVE_PRE_ALLOCATED_POOLS
ioctl, to reserve pre-allocated pools
Definition Ioctls.h:219
#define IOCTL_GET_USER_MODE_MODULE_DETAILS
ioctl, to get user mode modules details
Definition Ioctls.h:240
VOID KdHaltSystem(PDEBUGGER_PAUSE_PACKET_RECEIVED PausePacket)
Halt the system.
Definition Kd.c:3376
VOID TestKernelPerformTests(PDEBUGGER_PERFORM_KERNEL_TESTS KernelTestRequest)
Perform the kernel-side tests.
Definition KernelTests.c:22
BOOLEAN LogRegisterEventBasedNotification(PVOID TargetIrp)
Create an event-based usermode notifying mechanism.
Definition Logging.c:1583
BOOLEAN LogRegisterIrpBasedNotification(PVOID TargetIrp, LONG *Status)
Register a new IRP Pending thread which listens for new buffers.
Definition Logging.c:1464
BOOLEAN PoolManagerCheckAndPerformAllocationAndDeallocation()
This function performs allocations from VMX non-root based on g_RequestNewAllocation.
Definition PoolManager.c:302
BOOLEAN ProcessQueryList(PDEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS DebuggerUsermodeProcessOrThreadQueryRequest, PVOID AddressToSaveDetail, UINT32 BufferSize)
Query process details (list)
Definition Process.c:649
BOOLEAN ProcessQueryCount(PDEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS DebuggerUsermodeProcessOrThreadQueryRequest)
Query process details (count)
Definition Process.c:616
BOOLEAN ProcessQueryDetails(PDEBUGGEE_DETAILS_AND_SWITCH_PROCESS_PACKET GetInformationProcessRequest)
Query process details.
Definition Process.c:675
@ DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS_QUERY_THREAD_COUNT
Definition RequestStructures.h:658
@ DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS_QUERY_PROCESS_LIST
Definition RequestStructures.h:659
@ DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS_QUERY_THREAD_LIST
Definition RequestStructures.h:660
@ DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS_QUERY_PROCESS_COUNT
Definition RequestStructures.h:657
#define SIZEOF_DEBUGGER_PERFORM_KERNEL_TESTS
Definition RequestStructures.h:343
struct _DEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS * PDEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS
#define SIZEOF_DEBUGGER_SEND_USERMODE_MESSAGES_TO_DEBUGGER
Definition RequestStructures.h:400
struct _DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS * PDEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS
#define SIZEOF_DEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS
Definition RequestStructures.h:14
#define SIZEOF_DEBUGGER_READ_AND_WRITE_ON_MSR
Definition RequestStructures.h:422
#define SIZEOF_REVERSING_MACHINE_RECONSTRUCT_MEMORY_REQUEST
Definition RequestStructures.h:107
#define SIZEOF_DEBUGGER_PREALLOC_COMMAND
Definition RequestStructures.h:166
struct _DEBUGGER_SEND_USERMODE_MESSAGES_TO_DEBUGGER * PDEBUGGER_SEND_USERMODE_MESSAGES_TO_DEBUGGER
struct _DEBUGGER_SEARCH_MEMORY * PDEBUGGER_SEARCH_MEMORY
#define SIZEOF_DEBUGGER_PAGE_IN_REQUEST
Definition RequestStructures.h:65
#define SIZEOF_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS
Definition RequestStructures.h:46
struct _DEBUGGER_PERFORM_KERNEL_TESTS * PDEBUGGER_PERFORM_KERNEL_TESTS
#define SIZEOF_DEBUGGEE_DETAILS_AND_SWITCH_THREAD_PACKET
Debugger size of DEBUGGEE_DETAILS_AND_SWITCH_THREAD_PACKET.
Definition RequestStructures.h:980
struct _DEBUGGER_UD_COMMAND_PACKET DEBUGGER_UD_COMMAND_PACKET
The structure of command packet in uHyperDbg.
struct _DEBUGGEE_DETAILS_AND_SWITCH_THREAD_PACKET * PDEBUGGEE_DETAILS_AND_SWITCH_THREAD_PACKET
struct _DEBUGGER_PREACTIVATE_COMMAND * PDEBUGGER_PREACTIVATE_COMMAND
#define SIZEOF_DEBUGGER_FLUSH_LOGGING_BUFFERS
Definition RequestStructures.h:286
struct _DEBUGGER_READ_AND_WRITE_ON_MSR * PDEBUGGER_READ_AND_WRITE_ON_MSR
struct _DEBUGGER_UD_COMMAND_PACKET * PDEBUGGER_UD_COMMAND_PACKET
struct _DEBUGGER_PREALLOC_COMMAND * PDEBUGGER_PREALLOC_COMMAND
struct _DEBUGGER_PAGE_IN_REQUEST * PDEBUGGER_PAGE_IN_REQUEST
struct _DEBUGGER_HIDE_AND_TRANSPARENT_DEBUGGER_MODE * PDEBUGGER_HIDE_AND_TRANSPARENT_DEBUGGER_MODE
#define SIZEOF_DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS
Definition RequestStructures.h:607
struct _DEBUGGER_SEND_COMMAND_EXECUTION_FINISHED_SIGNAL * PDEBUGGER_SEND_COMMAND_EXECUTION_FINISHED_SIGNAL
#define SIZEOF_DEBUGGER_PREPARE_DEBUGGEE
Definition RequestStructures.h:575
#define SIZEOF_DEBUGGER_EDIT_MEMORY
Definition RequestStructures.h:454
struct _REVERSING_MACHINE_RECONSTRUCT_MEMORY_REQUEST * PREVERSING_MACHINE_RECONSTRUCT_MEMORY_REQUEST
struct _DEBUGGER_PREPARE_DEBUGGEE * PDEBUGGER_PREPARE_DEBUGGEE
@ DEBUGGER_MSR_WRITE
Definition RequestStructures.h:432
struct _DEBUGGER_EDIT_MEMORY * PDEBUGGER_EDIT_MEMORY
struct _DEBUGGER_READ_MEMORY * PDEBUGGER_READ_MEMORY
#define SIZEOF_DEBUGGEE_DETAILS_AND_SWITCH_PROCESS_PACKET
Debugger size of DEBUGGEE_DETAILS_AND_SWITCH_PROCESS_PACKET.
Definition RequestStructures.h:942
#define SIZEOF_DEBUGGER_SEARCH_MEMORY
Definition RequestStructures.h:496
#define SIZEOF_DEBUGGEE_SEND_GENERAL_PACKET_FROM_DEBUGGEE_TO_DEBUGGER
Definition RequestStructures.h:376
#define SIZEOF_DEBUGGER_SEND_COMMAND_EXECUTION_FINISHED_SIGNAL
Definition RequestStructures.h:359
#define SIZEOF_DEBUGGER_HIDE_AND_TRANSPARENT_DEBUGGER_MODE
Definition RequestStructures.h:541
struct _DEBUGGEE_DETAILS_AND_SWITCH_PROCESS_PACKET * PDEBUGGEE_DETAILS_AND_SWITCH_PROCESS_PACKET
struct _DEBUGGEE_SEND_GENERAL_PACKET_FROM_DEBUGGEE_TO_DEBUGGER * PDEBUGGEE_SEND_GENERAL_PACKET_FROM_DEBUGGEE_TO_DEBUGGER
#define SIZEOF_DEBUGGER_READ_MEMORY
Definition RequestStructures.h:211
#define SIZEOF_DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS
Definition RequestStructures.h:648
struct _DEBUGGER_FLUSH_LOGGING_BUFFERS * PDEBUGGER_FLUSH_LOGGING_BUFFERS
#define SIZEOF_DEBUGGER_PREACTIVATE_COMMAND
Definition RequestStructures.h:194
struct _DEBUGGER_VA2PA_AND_PA2VA_COMMANDS * PDEBUGGER_VA2PA_AND_PA2VA_COMMANDS
struct _DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS * PDEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS
NTSTATUS SerialConnectionPrepare(PDEBUGGER_PREPARE_DEBUGGEE DebuggeeRequest)
Perform tasks relating to stepping (step-in & step-out) requests.
Definition SerialConnection.c:341
struct _USERMODE_LOADED_MODULE_DETAILS * PUSERMODE_LOADED_MODULE_DETAILS
BOOLEAN ThreadQueryDetails(PDEBUGGEE_DETAILS_AND_SWITCH_THREAD_PACKET GetInformationThreadRequest)
Query thread details.
Definition Thread.c:695
BOOLEAN ThreadQueryList(PDEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS DebuggerUsermodeProcessOrThreadQueryRequest, PVOID AddressToSaveDetail, UINT32 BufferSize)
Query thread details (list)
Definition Thread.c:669
BOOLEAN ThreadQueryCount(PDEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS DebuggerUsermodeProcessOrThreadQueryRequest)
Query thread details (count)
Definition Thread.c:636
NTSTATUS TransparentHideDebugger(PDEBUGGER_HIDE_AND_TRANSPARENT_DEBUGGER_MODE Measurements)
Hide debugger on transparent-mode (activate transparent-mode)
Definition Transparency.c:356
NTSTATUS TransparentUnhideDebugger()
Deactivate transparent-mode.
Definition Transparency.c:425
BOOLEAN UdDispatchUsermodeCommands(PDEBUGGER_UD_COMMAND_PACKET ActionRequest)
Dispatch the user-mode commands.
Definition Ud.c:337
BOOLEAN UserAccessGetLoadedModules(PUSERMODE_LOADED_MODULE_DETAILS ProcessLoadedModuleRequest, UINT32 BufferSize)
Get details about loaded modules.
Definition UserAccess.c:779
BOOLEAN g_AllowIOCTLFromUsermode
Determines whether the clients are allowed to send IOCTL to the drive or not.
Definition Global.h:42
BOOLEAN g_KernelDebuggerState
shows whether the kernel debugger is enabled or disabled
Definition Global.h:103
#define SIZEOF_REGISTER_EVENT
Definition Events.h:429
struct _DEBUGGER_GENERAL_EVENT_DETAIL * PDEBUGGER_GENERAL_EVENT_DETAIL
struct _DEBUGGER_MODIFY_EVENTS * PDEBUGGER_MODIFY_EVENTS
#define SIZEOF_DEBUGGER_MODIFY_EVENTS
Definition Events.h:197
struct _DEBUGGER_GENERAL_ACTION * PDEBUGGER_GENERAL_ACTION
struct _DEBUGGER_EVENT_AND_ACTION_RESULT DEBUGGER_EVENT_AND_ACTION_RESULT
Status of register buffers.
The structure of changing process and show process packet in HyperDbg.
Definition RequestStructures.h:924
The structure of changing thead and show thread packet in HyperDbg.
Definition RequestStructures.h:963
request for send general packets from debuggee to debugger
Definition RequestStructures.h:384
UINT32 LengthOfBuffer
Definition RequestStructures.h:386
request for attaching user-mode process
Definition RequestStructures.h:631
request for edit virtual and physical memory
Definition RequestStructures.h:482
UINT32 CountOf64Chunks
Definition RequestStructures.h:488
Status of register buffers.
Definition Events.h:423
request for flushing buffers
Definition RequestStructures.h:294
Each event can have multiple actions.
Definition Events.h:406
Each command is like the following struct, it also used for tracing works in user mode and sending it...
Definition Events.h:350
request for enable or disable transparent-mode
Definition RequestStructures.h:549
UINT64 KernelStatus
Definition RequestStructures.h:565
BOOLEAN IsHide
Definition RequestStructures.h:550
UINT32 LengthOfProcessName
Definition RequestStructures.h:562
BOOLEAN TrueIfProcessIdAndFalseIfProcessName
Definition RequestStructures.h:560
request for modifying events (enable/disable/clear)
Definition Events.h:242
requests for the '.pagein' command
Definition RequestStructures.h:73
request to pause and halt the system
Definition DataTypes.h:178
request performing kernel tests
Definition RequestStructures.h:351
requests for the 'preactivate' command
Definition RequestStructures.h:202
requests for the 'prealloc' command
Definition RequestStructures.h:174
request to make this computer to a debuggee
Definition RequestStructures.h:582
request for query count of active processes and threads
Definition RequestStructures.h:742
DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS_TYPES QueryType
Definition RequestStructures.h:745
request to read or write on MSRs
Definition RequestStructures.h:440
DEBUGGER_MSR_ACTION_TYPE ActionType
Definition RequestStructures.h:446
request for reading virtual and physical memory
Definition RequestStructures.h:266
request for !pte command
Definition RequestStructures.h:22
request for searching memory
Definition RequestStructures.h:527
UINT32 CountOf64Chunks
Definition RequestStructures.h:533
request for send a signal that command execution finished
Definition RequestStructures.h:367
request for send a user-mode message to debugger
Definition RequestStructures.h:408
UINT32 Length
Definition RequestStructures.h:410
The structure of command packet in uHyperDbg.
Definition RequestStructures.h:893
requests for !va2pa and !pa2va commands
Definition RequestStructures.h:54
Used to register event for transferring buffer between user-to-kernel.
Definition DataTypes.h:279
NOTIFY_TYPE Type
Definition DataTypes.h:280
requests for !rev command
Definition RequestStructures.h:115
Definition Symbols.h:47

◆ DrvRead()

NTSTATUS DrvRead ( PDEVICE_OBJECT DeviceObject,
PIRP Irp )

IRP_MJ_READ Function handler.

Parameters
DeviceObject
Irp
Returns
NTSTATUS
190{
191 UNREFERENCED_PARAMETER(DeviceObject);
192
193 //
194 // Not used
195 //
196 DbgPrint("This function is not used");
197
198 Irp->IoStatus.Status = STATUS_SUCCESS;
199 Irp->IoStatus.Information = 0;
200 IoCompleteRequest(Irp, IO_NO_INCREMENT);
201
202 return STATUS_SUCCESS;
203}

◆ DrvUnload()

VOID DrvUnload ( PDRIVER_OBJECT DriverObject)

Run in the case of driver unload to unregister the devices.

Parameters
DriverObject
Returns
VOID
96{
97 UNICODE_STRING DosDeviceName;
98
99 RtlInitUnicodeString(&DosDeviceName, L"\\DosDevices\\HyperDbgDebuggerDevice");
100 IoDeleteSymbolicLink(&DosDeviceName);
101 IoDeleteDevice(DriverObject->DeviceObject);
102
103 //
104 // Unloading VMM and Debugger
105 //
107}
VOID LoaderUninitializeLogTracer()
Uninitialize the log tracer.
Definition Loader.c:129

◆ DrvUnsupported()

NTSTATUS DrvUnsupported ( PDEVICE_OBJECT DeviceObject,
PIRP Irp )

Unsupported message for all other IRP_MJ_* handlers.

Parameters
DeviceObject
Irp
Returns
NTSTATUS
264{
265 UNREFERENCED_PARAMETER(DeviceObject);
266
267 //
268 // Not supported
269 //
270 DbgPrint("This function is not supported");
271
272 Irp->IoStatus.Status = STATUS_SUCCESS;
273 Irp->IoStatus.Information = 0;
274 IoCompleteRequest(Irp, IO_NO_INCREMENT);
275
276 return STATUS_SUCCESS;
277}

◆ DrvWrite()

NTSTATUS DrvWrite ( PDEVICE_OBJECT DeviceObject,
PIRP Irp )

IRP_MJ_WRITE Function handler.

Parameters
DeviceObject
Irp
Returns
NTSTATUS
214{
215 UNREFERENCED_PARAMETER(DeviceObject);
216
217 //
218 // Not used
219 //
220 DbgPrint("This function is not used");
221
222 Irp->IoStatus.Status = STATUS_SUCCESS;
223 Irp->IoStatus.Information = 0;
224 IoCompleteRequest(Irp, IO_NO_INCREMENT);
225
226 return STATUS_SUCCESS;
227}