HyperDbg Debugger
Loading...
Searching...
No Matches
Functions
Loader.h File Reference

Routines for perform initial VMM and debugger loads. More...

Go to the source code of this file.

Functions

BOOLEAN LoaderInitVmmAndDebugger ()
 Initialize the VMM and Debugger.
 
VOID LoaderUninitializeLogTracer ()
 Uninitialize the log tracer.
 

Detailed Description

Routines for perform initial VMM and debugger loads.

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.2
Date
2023-01-15
Copyright
This project is released under the GNU Public License v3.

Function Documentation

◆ LoaderInitVmmAndDebugger()

BOOLEAN LoaderInitVmmAndDebugger ( )

Initialize the VMM and Debugger.

Returns
BOOLEAN
20{
21 MESSAGE_TRACING_CALLBACKS MsgTracingCallbacks = {0};
22 VMM_CALLBACKS VmmCallbacks = {0};
23
24 //
25 // Allow to server IOCTL
26 //
27 g_AllowIOCTLFromUsermode = TRUE;
28
29 //
30 // Fill the callbacks for the message tracer
31 //
32 MsgTracingCallbacks.VmxOperationCheck = VmFuncVmxGetCurrentExecutionMode;
33 MsgTracingCallbacks.CheckImmediateMessageSending = KdCheckImmediateMessagingMechanism;
34 MsgTracingCallbacks.SendImmediateMessage = KdLoggingResponsePacketToDebugger;
35
36 //
37 // Fill the callbacks for using hyperlog in VMM
38 //
39 VmmCallbacks.LogCallbackPrepareAndSendMessageToQueueWrapper = LogCallbackPrepareAndSendMessageToQueueWrapper;
40 VmmCallbacks.LogCallbackSendMessageToQueue = LogCallbackSendMessageToQueue;
41 VmmCallbacks.LogCallbackSendBuffer = LogCallbackSendBuffer;
42 VmmCallbacks.LogCallbackCheckIfBufferIsFull = LogCallbackCheckIfBufferIsFull;
43
44 //
45 // Fill the VMM callbacks
46 //
47 VmmCallbacks.VmmCallbackTriggerEvents = DebuggerTriggerEvents;
48 VmmCallbacks.VmmCallbackSetLastError = DebuggerSetLastError;
49 VmmCallbacks.VmmCallbackVmcallHandler = DebuggerVmcallHandler;
50 VmmCallbacks.VmmCallbackRegisteredMtfHandler = KdHandleRegisteredMtfCallback;
51 VmmCallbacks.VmmCallbackNmiBroadcastRequestHandler = KdHandleNmiBroadcastDebugBreaks;
52 VmmCallbacks.VmmCallbackQueryTerminateProtectedResource = TerminateQueryDebuggerResource;
53 VmmCallbacks.VmmCallbackRestoreEptState = UserAccessCheckForLoadedModuleDetails;
54 VmmCallbacks.VmmCallbackCheckUnhandledEptViolations = AttachingCheckUnhandledEptViolation;
55
56 //
57 // Fill the debugging callbacks
58 //
59 VmmCallbacks.DebuggingCallbackHandleBreakpointException = BreakpointHandleBreakpoints;
60 VmmCallbacks.DebuggingCallbackHandleDebugBreakpointException = BreakpointCheckAndHandleDebugBreakpoint;
61 VmmCallbacks.BreakpointCheckAndHandleReApplyingBreakpoint = BreakpointCheckAndHandleReApplyingBreakpoint;
62 VmmCallbacks.UdCheckForCommand = UdCheckForCommand;
63 VmmCallbacks.DebuggerCheckProcessOrThreadChange = DebuggerCheckProcessOrThreadChange;
64 VmmCallbacks.DebuggingCallbackConditionalPageFaultException = AttachingCheckPageFaultsWithUserDebugger;
65 VmmCallbacks.AttachingHandleCr3VmexitsForThreadInterception = AttachingHandleCr3VmexitsForThreadInterception;
66 VmmCallbacks.KdCheckAndHandleNmiCallback = KdCheckAndHandleNmiCallback;
67 VmmCallbacks.KdQueryDebuggerQueryThreadOrProcessTracingDetailsByCoreId = KdQueryDebuggerQueryThreadOrProcessTracingDetailsByCoreId;
68
69 //
70 // Fill the interception callbacks
71 //
72 VmmCallbacks.InterceptionCallbackTriggerCr3ProcessChange = ProcessTriggerCr3ProcessChange;
73
74 //
75 // Initialize message tracer
76 //
77 if (LogInitialize(&MsgTracingCallbacks))
78 {
79 //
80 // Initialize Vmx
81 //
82 if (VmFuncInitVmm(&VmmCallbacks))
83 {
84 LogDebugInfo("HyperDbg's hypervisor loaded successfully");
85
86 //
87 // Initialize the debugger
88 //
89 if (DebuggerInitialize())
90 {
91 LogDebugInfo("HyperDbg's debugger loaded successfully");
92
93 //
94 // Set the variable so no one else can get a handle anymore
95 //
96 g_HandleInUse = TRUE;
97
98 return TRUE;
99 }
100 else
101 {
102 LogError("Err, HyperDbg's debugger was not loaded");
103 }
104 }
105 else
106 {
107 LogError("Err, HyperDbg's hypervisor was not loaded");
108 }
109 }
110 else
111 {
112 LogError("Err, HyperDbg's message tracing module was not loaded");
113 }
114
115 //
116 // Not loaded
117 //
118 g_AllowIOCTLFromUsermode = FALSE;
119
120 return FALSE;
121}
AttachingHandleCr3VmexitsForThreadInterception
BOOLEAN AttachingHandleCr3VmexitsForThreadInterception(UINT32 CoreId, CR3_TYPE NewCr3)
Handle the cr3 vm-exits for thread interception.
Definition Attaching.c:1036
AttachingCheckPageFaultsWithUserDebugger
BOOLEAN AttachingCheckPageFaultsWithUserDebugger(UINT32 CoreId, UINT64 Address, UINT32 PageFaultErrorCode)
Check page-faults with user-debugger.
Definition Attaching.c:621
AttachingCheckUnhandledEptViolation
BOOLEAN AttachingCheckUnhandledEptViolation(UINT32 CoreId, UINT64 ViolationQualification, UINT64 GuestPhysicalAddr)
handling unhandled EPT violations
Definition Attaching.c:1102
TRUE
#define TRUE
Definition BasicTypes.h:55
FALSE
#define FALSE
Definition BasicTypes.h:54
BreakpointHandleBreakpoints
BOOLEAN BreakpointHandleBreakpoints(UINT32 CoreId)
Handle breakpoint vm-exits (#BP)
Definition BreakpointCommands.c:685
BreakpointCheckAndHandleDebugBreakpoint
BOOLEAN BreakpointCheckAndHandleDebugBreakpoint(UINT32 CoreId)
Check and handle debug breakpoint exceptions.
Definition BreakpointCommands.c:238
BreakpointCheckAndHandleReApplyingBreakpoint
BOOLEAN BreakpointCheckAndHandleReApplyingBreakpoint(UINT32 CoreId)
Check and reapply breakpoint.
Definition BreakpointCommands.c:442
LogCallbackSendMessageToQueue
BOOLEAN LogCallbackSendMessageToQueue(UINT32 OperationCode, BOOLEAN IsImmediateMessage, CHAR *LogMessage, UINT32 BufferLen, BOOLEAN Priority)
routines callback for sending message to queue
Definition Callback.c:71
LogCallbackCheckIfBufferIsFull
BOOLEAN LogCallbackCheckIfBufferIsFull(BOOLEAN Priority)
routines callback for checking if buffer is full
Definition Callback.c:100
LogCallbackSendBuffer
BOOLEAN LogCallbackSendBuffer(_In_ UINT32 OperationCode, _In_reads_bytes_(BufferLength) PVOID Buffer, _In_ UINT32 BufferLength, _In_ BOOLEAN Priority)
routines callback for sending buffer
Definition Callback.c:123
DebuggerInitialize
BOOLEAN DebuggerInitialize()
Initialize Debugger Structures and Routines.
Definition Debugger.c:56
DebuggerTriggerEvents
VMM_CALLBACK_TRIGGERING_EVENT_STATUS_TYPE DebuggerTriggerEvents(VMM_EVENT_TYPE_ENUM EventType, VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE CallingStage, PVOID Context, BOOLEAN *PostEventRequired, GUEST_REGS *Regs)
Trigger events of a special type to be managed by debugger.
Definition Debugger.c:1110
DebuggerSetLastError
VOID DebuggerSetLastError(UINT32 LastError)
Debugger set the last error.
Definition Debugger.c:44
DebuggerCheckProcessOrThreadChange
BOOLEAN DebuggerCheckProcessOrThreadChange(_In_ UINT32 CoreId)
Handle process or thread switches.
Definition DebuggerEvents.c:114
DebuggerVmcallHandler
BOOLEAN DebuggerVmcallHandler(UINT32 CoreId, UINT64 VmcallNumber, UINT64 OptionalParam1, UINT64 OptionalParam2, UINT64 OptionalParam3)
Termination function for external-interrupts.
Definition DebuggerVmcalls.c:27
VmFuncVmxGetCurrentExecutionMode
BOOLEAN VmFuncVmxGetCurrentExecutionMode()
Get the current VMX operation state.
Definition Export.c:552
VmFuncInitVmm
BOOLEAN VmFuncInitVmm(VMM_CALLBACKS *VmmCallbacks)
Initializes hypervisor.
Definition Export.c:530
LogDebugInfo
#define LogDebugInfo(format,...)
Log, initialize boot information and debug information.
Definition HyperDbgHyperLogIntrinsics.h:155
LogError
#define LogError(format,...)
Log in the case of error.
Definition HyperDbgHyperLogIntrinsics.h:113
KdCheckImmediateMessagingMechanism
BOOLEAN KdCheckImmediateMessagingMechanism(UINT32 OperationCode)
Checks whether the immediate messaging mechism is needed or not.
Definition Kd.c:120
KdHandleRegisteredMtfCallback
_Use_decl_annotations_ VOID KdHandleRegisteredMtfCallback(UINT32 CoreId)
Handle #DBs and #BPs for kernel debugger.
Definition Kd.c:1143
KdHandleNmiBroadcastDebugBreaks
VOID KdHandleNmiBroadcastDebugBreaks(UINT32 CoreId, BOOLEAN IsOnVmxNmiHandler)
Handle broadcast NMIs for halting cores in vmx-root mode.
Definition Kd.c:1062
KdCheckAndHandleNmiCallback
_Use_decl_annotations_ BOOLEAN KdCheckAndHandleNmiCallback(UINT32 CoreId)
Handle NMI vm-exits.
Definition Kd.c:1322
KdLoggingResponsePacketToDebugger
_Use_decl_annotations_ BOOLEAN KdLoggingResponsePacketToDebugger(CHAR *OptionalBuffer, UINT32 OptionalBufferLength, UINT32 OperationCode)
Sends a HyperDbg logging response packet to the debugger.
Definition Kd.c:372
KdQueryDebuggerQueryThreadOrProcessTracingDetailsByCoreId
BOOLEAN KdQueryDebuggerQueryThreadOrProcessTracingDetailsByCoreId(UINT32 CoreId, DEBUGGER_THREAD_PROCESS_TRACING TracingType)
Query for process/thread interception status.
Definition Kd.c:219
LogInitialize
BOOLEAN LogInitialize(MESSAGE_TRACING_CALLBACKS *MsgTracingCallbacks)
Initialize the buffer relating to log message tracing.
Definition Logging.c:98
LogCallbackPrepareAndSendMessageToQueueWrapper
BOOLEAN LogCallbackPrepareAndSendMessageToQueueWrapper(UINT32 OperationCode, BOOLEAN IsImmediateMessage, BOOLEAN ShowCurrentSystemTime, BOOLEAN Priority, const char *Fmt, va_list ArgList)
Prepare a printf-style message mapping and send string messages and tracing for logging and monitorin...
Definition Logging.c:976
ProcessTriggerCr3ProcessChange
VOID ProcessTriggerCr3ProcessChange(UINT32 CoreId)
handle process changes for cr3 registers
Definition Process.c:22
TerminateQueryDebuggerResource
BOOLEAN TerminateQueryDebuggerResource(UINT32 CoreId, PROTECTED_HV_RESOURCES_TYPE ResourceType, PVOID Context, PROTECTED_HV_RESOURCES_PASSING_OVERS PassOver)
Termination query state of debugger.
Definition Termination.c:1713
UdCheckForCommand
BOOLEAN UdCheckForCommand()
Check for the user-mode commands.
Definition Ud.c:257
UserAccessCheckForLoadedModuleDetails
BOOLEAN UserAccessCheckForLoadedModuleDetails(UINT32 CoreId)
Checks whether the loaded module is available or not.
Definition UserAccess.c:854
g_AllowIOCTLFromUsermode
BOOLEAN g_AllowIOCTLFromUsermode
Determines whether the clients are allowed to send IOCTL to the drive or not.
Definition Global.h:42
g_HandleInUse
BOOLEAN g_HandleInUse
Determines whether the one application gets the handle or not this is used to ensure that only one ap...
Definition Global.h:36
_MESSAGE_TRACING_CALLBACKS
Prototype of each function needed by message tracer.
Definition HyperLog.h:49
_MESSAGE_TRACING_CALLBACKS::SendImmediateMessage
SEND_IMMEDIATE_MESSAGE SendImmediateMessage
Definition HyperLog.h:52
_MESSAGE_TRACING_CALLBACKS::CheckImmediateMessageSending
CHECK_IMMEDIATE_MESSAGE_SENDING CheckImmediateMessageSending
Definition HyperLog.h:51
_MESSAGE_TRACING_CALLBACKS::VmxOperationCheck
CHECK_VMX_OPERATION VmxOperationCheck
Definition HyperLog.h:50
_VMM_CALLBACKS
Prototype of each function needed by VMM module.
Definition VMM.h:181
_VMM_CALLBACKS::BreakpointCheckAndHandleReApplyingBreakpoint
BREAKPOINT_CHECK_AND_HANDLE_REAPPLYING_BREAKPOINT BreakpointCheckAndHandleReApplyingBreakpoint
Definition VMM.h:216
_VMM_CALLBACKS::DebuggingCallbackHandleDebugBreakpointException
DEBUGGING_CALLBACK_HANDLE_DEBUG_BREAKPOINT_EXCEPTION DebuggingCallbackHandleDebugBreakpointException
Definition VMM.h:205
_VMM_CALLBACKS::DebuggerCheckProcessOrThreadChange
INTERCEPTION_CALLBACK_TRIGGER_CLOCK_AND_IPI DebuggerCheckProcessOrThreadChange
Definition VMM.h:220
_VMM_CALLBACKS::DebuggingCallbackConditionalPageFaultException
DEBUGGING_CALLBACK_CONDITIONAL_PAGE_FAULT_EXCEPTION DebuggingCallbackConditionalPageFaultException
Definition VMM.h:206
_VMM_CALLBACKS::VmmCallbackNmiBroadcastRequestHandler
VMM_CALLBACK_NMI_BROADCAST_REQUEST_HANDLER VmmCallbackNmiBroadcastRequestHandler
Definition VMM.h:196
_VMM_CALLBACKS::LogCallbackSendBuffer
LOG_CALLBACK_SEND_BUFFER LogCallbackSendBuffer
Definition VMM.h:187
_VMM_CALLBACKS::VmmCallbackVmcallHandler
VMM_CALLBACK_VMCALL_HANDLER VmmCallbackVmcallHandler
Definition VMM.h:195
_VMM_CALLBACKS::VmmCallbackRegisteredMtfHandler
VMM_CALLBACK_REGISTERED_MTF_HANDLER VmmCallbackRegisteredMtfHandler
Definition VMM.h:219
_VMM_CALLBACKS::LogCallbackCheckIfBufferIsFull
LOG_CALLBACK_CHECK_IF_BUFFER_IS_FULL LogCallbackCheckIfBufferIsFull
Definition VMM.h:188
_VMM_CALLBACKS::VmmCallbackSetLastError
VMM_CALLBACK_SET_LAST_ERROR VmmCallbackSetLastError
Definition VMM.h:194
_VMM_CALLBACKS::LogCallbackPrepareAndSendMessageToQueueWrapper
LOG_CALLBACK_PREPARE_AND_SEND_MESSAGE_TO_QUEUE LogCallbackPrepareAndSendMessageToQueueWrapper
Definition VMM.h:185
_VMM_CALLBACKS::LogCallbackSendMessageToQueue
LOG_CALLBACK_SEND_MESSAGE_TO_QUEUE LogCallbackSendMessageToQueue
Definition VMM.h:186
_VMM_CALLBACKS::InterceptionCallbackTriggerCr3ProcessChange
INTERCEPTION_CALLBACK_TRIGGER_CR3_CHANGE InterceptionCallbackTriggerCr3ProcessChange
Definition VMM.h:211
_VMM_CALLBACKS::VmmCallbackRestoreEptState
VMM_CALLBACK_RESTORE_EPT_STATE VmmCallbackRestoreEptState
Definition VMM.h:198
_VMM_CALLBACKS::AttachingHandleCr3VmexitsForThreadInterception
ATTACHING_HANDLE_CR3_EVENTS_FOR_THREAD_INTERCEPTION AttachingHandleCr3VmexitsForThreadInterception
Definition VMM.h:221
_VMM_CALLBACKS::VmmCallbackCheckUnhandledEptViolations
VMM_CALLBACK_CHECK_UNHANDLED_EPT_VIOLATION VmmCallbackCheckUnhandledEptViolations
Definition VMM.h:199
_VMM_CALLBACKS::UdCheckForCommand
UD_CHECK_FOR_COMMAND UdCheckForCommand
Definition VMM.h:217
_VMM_CALLBACKS::KdCheckAndHandleNmiCallback
KD_CHECK_AND_HANDLE_NMI_CALLBACK KdCheckAndHandleNmiCallback
Definition VMM.h:218
_VMM_CALLBACKS::DebuggingCallbackHandleBreakpointException
DEBUGGING_CALLBACK_HANDLE_BREAKPOINT_EXCEPTION DebuggingCallbackHandleBreakpointException
Definition VMM.h:204
_VMM_CALLBACKS::VmmCallbackTriggerEvents
VMM_CALLBACK_TRIGGER_EVENTS VmmCallbackTriggerEvents
Definition VMM.h:193
_VMM_CALLBACKS::KdQueryDebuggerQueryThreadOrProcessTracingDetailsByCoreId
KD_QUERY_DEBUGGER_THREAD_OR_PROCESS_TRACING_DETAILS_BY_CORE_ID KdQueryDebuggerQueryThreadOrProcessTracingDetailsByCoreId
Definition VMM.h:222
_VMM_CALLBACKS::VmmCallbackQueryTerminateProtectedResource
VMM_CALLBACK_QUERY_TERMINATE_PROTECTED_RESOURCE VmmCallbackQueryTerminateProtectedResource
Definition VMM.h:197

◆ LoaderUninitializeLogTracer()

VOID LoaderUninitializeLogTracer ( )

Uninitialize the log tracer.

Returns
VOID
130{
131 LogDebugInfo("Unloading HyperDbg's debugger...\n");
132
133#if !UseDbgPrintInsteadOfUsermodeMessageTracking
134
135 //
136 // Uinitialize log buffer
137 //
138 LogDebugInfo("Uninitializing logs\n");
139 LogUnInitialize();
140#endif
141}
LogUnInitialize
VOID LogUnInitialize()
Uninitialize the buffer relating to log message tracing.
Definition Logging.c:211