HyperDbg Debugger
Loading...
Searching...
No Matches
Functions | Variables
i.cpp File Reference

i command More...

#include "pch.h"

Functions

VOID CommandIHelp ()
 help of the i command
 
VOID CommandI (vector< string > SplitCommand, string Command)
 handler of i command
 

Variables

BOOLEAN g_IsSerialConnectedToRemoteDebuggee
 Shows if the debugger was connected to remote debuggee over (A remote guest)
 
BOOLEAN g_IsInstrumentingInstructions
 Shows whether the user is running 't', 'p', or 'i' command.
 
ACTIVE_DEBUGGING_PROCESS g_ActiveProcessDebuggingState
 State of active debugging thread.
 

Detailed Description

i command

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.1
Date
2021-03-19
Copyright
This project is released under the GNU Public License v3.

Function Documentation

◆ CommandI()

VOID CommandI ( vector< string > SplitCommand,
string Command )

handler of i command

Parameters
SplitCommand
Command
Returns
VOID
56{
57 UINT32 StepCount;
58 DEBUGGER_REMOTE_STEPPING_REQUEST RequestFormat;
59
60 //
61 // Validate the commands
62 //
63 if (SplitCommand.size() != 1 && SplitCommand.size() != 2)
64 {
65 ShowMessages("incorrect use of the 'i'\n\n");
66 CommandIHelp();
67 return;
68 }
69
70 //
71 // Check if we're in VMI mode
72 //
73 if (g_ActiveProcessDebuggingState.IsActive)
74 {
75 ShowMessages("the instrumentation step-in is only supported in Debugger Mode\n");
76 return;
77 }
78
79 //
80 // Set type of step
81 //
82 RequestFormat = DEBUGGER_REMOTE_STEPPING_REQUEST_INSTRUMENTATION_STEP_IN;
83
84 //
85 // Check if the command has a counter parameter
86 //
87 if (SplitCommand.size() == 2)
88 {
89 if (!ConvertStringToUInt32(SplitCommand.at(1), &StepCount))
90 {
91 ShowMessages("please specify a correct hex value for [count]\n\n");
92 CommandIHelp();
93 return;
94 }
95 }
96 else
97 {
98 StepCount = 1;
99 }
100
101 //
102 // Check if the remote serial debuggee or user debugger are paused or not
103 //
104 if (g_IsSerialConnectedToRemoteDebuggee)
105 {
106 //
107 // Indicate that we're instrumenting
108 //
109 g_IsInstrumentingInstructions = TRUE;
110
111 for (size_t i = 0; i < StepCount; i++)
112 {
113 //
114 // For logging purpose
115 //
116 // ShowMessages("percentage : %f %% (%x)\n", 100.0 * (i /
117 // (float)StepCount), i);
118 //
119
120 //
121 // It's stepping over serial connection in kernel debugger
122 //
123 KdSendStepPacketToDebuggee(RequestFormat);
124
125 if (!SplitCommand.at(0).compare("ir"))
126 {
127 //
128 // Show registers
129 //
130 HyperDbgRegisterShowAll();
131
132 if (i != StepCount - 1)
133 {
134 ShowMessages("\n");
135 }
136 }
137
138 //
139 // Check if user pressed CTRL+C
140 //
141 if (!g_IsInstrumentingInstructions)
142 {
143 break;
144 }
145 }
146
147 //
148 // We're not instrumenting instructions anymore
149 //
150 g_IsInstrumentingInstructions = FALSE;
151 }
152 else
153 {
154 ShowMessages("err, stepping (i) is not valid in the current context, you "
155 "should connect to a debuggee\n");
156 }
157}
TRUE
#define TRUE
Definition BasicTypes.h:55
FALSE
#define FALSE
Definition BasicTypes.h:54
UINT32
unsigned int UINT32
Definition BasicTypes.h:48
DEBUGGER_REMOTE_STEPPING_REQUEST_INSTRUMENTATION_STEP_IN
@ DEBUGGER_REMOTE_STEPPING_REQUEST_INSTRUMENTATION_STEP_IN
Definition RequestStructures.h:993
DEBUGGER_REMOTE_STEPPING_REQUEST
enum _DEBUGGER_REMOTE_STEPPING_REQUEST DEBUGGER_REMOTE_STEPPING_REQUEST
stepping and tracking types
ConvertStringToUInt32
BOOLEAN ConvertStringToUInt32(string TextToConvert, PUINT32 Result)
check and convert string to a 32 bit unsigned it and also check for special notations like 0x etc.
Definition common.cpp:347
CommandIHelp
VOID CommandIHelp()
help of the i command
Definition i.cpp:27
g_IsInstrumentingInstructions
BOOLEAN g_IsInstrumentingInstructions
Shows whether the user is running 't', 'p', or 'i' command.
Definition globals.h:561
g_IsSerialConnectedToRemoteDebuggee
BOOLEAN g_IsSerialConnectedToRemoteDebuggee
Shows if the debugger was connected to remote debuggee over (A remote guest)
Definition globals.h:231
g_ActiveProcessDebuggingState
ACTIVE_DEBUGGING_PROCESS g_ActiveProcessDebuggingState
State of active debugging thread.
Definition globals.h:362
KdSendStepPacketToDebuggee
BOOLEAN KdSendStepPacketToDebuggee(DEBUGGER_REMOTE_STEPPING_REQUEST StepRequestType)
Sends p (step out) and t (step in) packet to the debuggee.
Definition kd.cpp:1206
ShowMessages
VOID ShowMessages(const char *Fmt,...)
Show messages.
Definition libhyperdbg.cpp:96
HyperDbgRegisterShowAll
BOOLEAN HyperDbgRegisterShowAll()
handler of r show all registers
Definition r.cpp:317
_ACTIVE_DEBUGGING_PROCESS::IsActive
BOOLEAN IsActive
Definition ud.h:49

◆ CommandIHelp()

VOID CommandIHelp ( )

help of the i command

Returns
VOID
28{
29 ShowMessages(
30 "i : executes a single instruction (step-in) and guarantees that no "
31 "other instruction is executed other than the displayed instruction "
32 "including user to the kernel (syscalls) and kernel to the user "
33 "(sysrets) and exceptions and page-faults and optionally displays all "
34 "registers and flags' resulting values.\n\n");
35
36 ShowMessages("syntax : \ti\n");
37 ShowMessages("syntax : \ti [Count (hex)]\n");
38 ShowMessages("syntax : \tir\n");
39 ShowMessages("syntax : \tir [Count (hex)]\n");
40
41 ShowMessages("\n");
42 ShowMessages("\t\te.g : i\n");
43 ShowMessages("\t\te.g : ir\n");
44 ShowMessages("\t\te.g : ir 1f\n");
45}

Variable Documentation

◆ g_ActiveProcessDebuggingState

ACTIVE_DEBUGGING_PROCESS g_ActiveProcessDebuggingState
extern

State of active debugging thread.

362{0};

◆ g_IsInstrumentingInstructions

BOOLEAN g_IsInstrumentingInstructions
extern

Shows whether the user is running 't', 'p', or 'i' command.

◆ g_IsSerialConnectedToRemoteDebuggee

BOOLEAN g_IsSerialConnectedToRemoteDebuggee
extern

Shows if the debugger was connected to remote debuggee over (A remote guest)