HyperDbg Debugger
Loading...
Searching...
No Matches
idt.cpp File Reference

!idt command More...

#include "pch.h"

Functions

VOID CommandIdtHelp ()
 help of the !idt command
BOOLEAN HyperDbgGetIdtEntry (INTERRUPT_DESCRIPTOR_TABLE_ENTRIES_PACKETS *IdtPacket)
 Send IDT entry requests.
VOID CommandIdt (vector< CommandToken > CommandTokens, string Command)
 !idt command handler

Variables

BOOLEAN g_IsSerialConnectedToRemoteDebuggee
 Shows if the debugger was connected to remote debuggee over (A remote guest).
BOOLEAN g_IsKdModuleLoaded
 shows whether the kernel debugger (KD) module is loaded or not
BOOLEAN g_AddressConversion
 Whether converting addresses to object names or not.

Detailed Description

!idt command

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.12
Date
2024-12-30

Function Documentation

◆ CommandIdt()

VOID CommandIdt ( vector< CommandToken > CommandTokens,
string Command )

!idt command handler

Parameters
CommandTokens
Command
Returns
VOID
116{
117 UINT32 IdtEntry;
119 BOOLEAN ShowAllEntries = TRUE;
120 UINT64 UsedBaseAddress = NULL;
121
122 //
123 // Check if the command should show all entries or just one entry
124 //
125 if (CommandTokens.size() == 1)
126 {
127 ShowAllEntries = TRUE;
128 }
129 else if (CommandTokens.size() == 2)
130 {
131 ShowAllEntries = FALSE;
132
133 //
134 // Get the IDT entry number
135 //
136 if (ConvertTokenToUInt32(CommandTokens.at(1), &IdtEntry) == FALSE)
137 {
138 ShowMessages("err, invalid IDT entry number\n");
139 return;
140 }
141
142 if (IdtEntry > MAX_NUMBER_OF_IDT_ENTRIES)
143 {
144 ShowMessages("err, invalid IDT entry number\n");
145 return;
146 }
147 }
148 else
149 {
150 ShowMessages("incorrect use of the '%s'\n\n",
151 GetCaseSensitiveStringFromCommandToken(CommandTokens.at(0)).c_str());
152
154 return;
155 }
156
157 //
158 // Allocate buffer for IDT entry
159 //
161
162 if (IdtPacket == NULL)
163 {
164 ShowMessages("err, allocating buffer for receiving IDT entries");
165 }
166
167 RtlZeroMemory(IdtPacket, sizeof(INTERRUPT_DESCRIPTOR_TABLE_ENTRIES_PACKETS));
168
169 //
170 // Get the IDT buffer
171 //
172 if (HyperDbgGetIdtEntry(IdtPacket) == TRUE)
173 {
174 //
175 // Show (dump) entries
176 //
177 if (ShowAllEntries)
178 {
179 ShowMessages("IDT Entries:\n\n");
180
181 for (UINT32 i = 0; i < MAX_NUMBER_OF_IDT_ENTRIES; i++)
182 {
183 ShowMessages("IDT[0x%x:%d]\t: %s\t",
184 i,
185 i,
186 SeparateTo64BitValue(IdtPacket->IdtEntry[i]).c_str());
187
188 //
189 // Apply addressconversion of settings here
190 //
192 {
193 //
194 // Showing function names here
195 //
196 if (SymbolShowFunctionNameBasedOnAddress(IdtPacket->IdtEntry[i], &UsedBaseAddress))
197 {
198 //
199 // The symbol address is showed (nothing to do)
200 //
201 }
202 }
203
204 ShowMessages("\n");
205 }
206 }
207 else
208 {
209 ShowMessages("IDT[0x%x:%d] : %s\t",
210 IdtEntry,
211 IdtEntry,
212 SeparateTo64BitValue(IdtPacket->IdtEntry[IdtEntry]).c_str());
213
214 //
215 // Apply addressconversion of settings here
216 //
218 {
219 //
220 // Showing function names here
221 //
222 if (SymbolShowFunctionNameBasedOnAddress(IdtPacket->IdtEntry[IdtEntry], &UsedBaseAddress))
223 {
224 //
225 // The symbol address is showed (nothing to do)
226 //
227 }
228
229 ShowMessages("\n");
230 }
231 }
232 }
233
234 //
235 // Deallocate the buffer
236 //
237 free(IdtPacket);
238}
UCHAR BOOLEAN
Definition BasicTypes.h:35
#define TRUE
Definition BasicTypes.h:114
#define FALSE
Definition BasicTypes.h:113
unsigned int UINT32
Definition BasicTypes.h:54
struct _INTERRUPT_DESCRIPTOR_TABLE_ENTRIES_PACKETS INTERRUPT_DESCRIPTOR_TABLE_ENTRIES_PACKETS
The structure of IDT entries result packet in HyperDbg.
#define MAX_NUMBER_OF_IDT_ENTRIES
Maximum number of IDT entries.
Definition RequestStructures.h:1457
string SeparateTo64BitValue(UINT64 Value)
std::string GetCaseSensitiveStringFromCommandToken(CommandToken TargetToken)
Get case sensitive string from command token.
Definition common.cpp:467
BOOLEAN ConvertTokenToUInt32(CommandToken TargetToken, PUINT32 Result)
check and convert command token to a 32 bit unsigned integer
Definition common.cpp:546
BOOLEAN HyperDbgGetIdtEntry(INTERRUPT_DESCRIPTOR_TABLE_ENTRIES_PACKETS *IdtPacket)
Send IDT entry requests.
Definition idt.cpp:46
VOID CommandIdtHelp()
help of the !idt command
Definition idt.cpp:27
NULL()
Definition test-case-generator.py:530
BOOLEAN g_AddressConversion
Whether converting addresses to object names or not.
Definition globals.h:594
UINT64 IdtEntry[MAX_NUMBER_OF_IDT_ENTRIES]
Definition RequestStructures.h:1466
BOOLEAN SymbolShowFunctionNameBasedOnAddress(UINT64 Address, PUINT64 UsedBaseAddress)
shows the functions' name for the disassembler
Definition symbol.cpp:161

◆ CommandIdtHelp()

VOID CommandIdtHelp ( )

help of the !idt command

Returns
VOID
28{
29 ShowMessages("!ioapic : shows entries of Interrupt Descriptor Table (IDT).\n\n");
30
31 ShowMessages("syntax : \t!idt [IdtEntry (hex)]\n");
32
33 ShowMessages("\n");
34 ShowMessages("\t\te.g : !idt\n");
35 ShowMessages("\t\te.g : !idt 1d\n");
36}

◆ HyperDbgGetIdtEntry()

BOOLEAN HyperDbgGetIdtEntry ( INTERRUPT_DESCRIPTOR_TABLE_ENTRIES_PACKETS * IdtPacket)

Send IDT entry requests.

Parameters
IdtPacket
Returns
VOID
47{
48 BOOL Status;
49 ULONG ReturnedLength;
50
52 {
53 //
54 // Send the request over serial kernel debugger
55 //
56 if (!KdSendQueryIdtPacketsToDebuggee(IdtPacket))
57 {
58 return FALSE;
59 }
60 else
61 {
62 return TRUE;
63 }
64 }
65 else
66 {
68
69 //
70 // Send IOCTL
71 //
72 Status = DeviceIoControl(
73 g_DeviceHandle, // Handle to device
74 IOCTL_QUERY_IDT_ENTRY, // IO Control Code (IOCTL)
75 IdtPacket, // Input Buffer to driver.
76 SIZEOF_INTERRUPT_DESCRIPTOR_TABLE_ENTRIES_PACKETS, // Input buffer length (not used in this case)
77 IdtPacket, // Output Buffer from driver.
78 SIZEOF_INTERRUPT_DESCRIPTOR_TABLE_ENTRIES_PACKETS, // Length of output buffer in bytes.
79 &ReturnedLength, // Bytes placed in buffer.
80 NULL // synchronous call
81 );
82
83 if (!Status)
84 {
85 ShowMessages("ioctl failed with code 0x%x\n", GetLastError());
86
87 return FALSE;
88 }
89
91 {
92 return TRUE;
93 }
94 else
95 {
96 //
97 // An err occurred, no results
98 //
100
101 return FALSE;
102 }
103 }
104}
BOOLEAN g_IsSerialConnectedToRemoteDebuggee
Shows if the debugger was connected to remote debuggee over (A remote guest).
Definition globals.h:253
int BOOL
Definition BasicTypes.h:25
unsigned long ULONG
Definition BasicTypes.h:31
#define DEBUGGER_OPERATION_WAS_SUCCESSFUL
General value to indicate that the operation or request was successful.
Definition ErrorCodes.h:23
#define IOCTL_QUERY_IDT_ENTRY
ioctl, to query the IDT entries
Definition Ioctls.h:375
#define SIZEOF_INTERRUPT_DESCRIPTOR_TABLE_ENTRIES_PACKETS
Debugger size of INTERRUPT_DESCRIPTOR_TABLE_ENTRIES_PACKETS.
Definition RequestStructures.h:1474
BOOLEAN ShowErrorMessage(UINT32 Error)
shows the error message
Definition debugger.cpp:40
BOOLEAN KdSendQueryIdtPacketsToDebuggee(PINTERRUPT_DESCRIPTOR_TABLE_ENTRIES_PACKETS IdtRequest)
Send requests for IDT packet to the debuggee.
Definition kd.cpp:1135
#define ASSERT_MESSAGE_KD_NOT_LOADED
Definition common.h:29
#define AssertShowMessageReturnStmt(expr1, expr2, message1, message2, rc)
Definition common.h:59
#define ASSERT_MESSAGE_DRIVER_NOT_LOADED
Definition common.h:27
#define AssertReturnFalse
Definition common.h:21
HANDLE g_DeviceHandle
Holds the global handle of device which is used to send the request to the kernel by IOCTL,...
Definition globals.h:481
BOOLEAN g_IsKdModuleLoaded
shows whether the kernel debugger (KD) module is loaded or not
Definition globals.h:22
UINT32 KernelStatus
Definition RequestStructures.h:1465

Variable Documentation

◆ g_AddressConversion

BOOLEAN g_AddressConversion
extern

Whether converting addresses to object names or not.

it is enabled by default

◆ g_IsKdModuleLoaded

BOOLEAN g_IsKdModuleLoaded
extern

shows whether the kernel debugger (KD) module is loaded or not

◆ g_IsSerialConnectedToRemoteDebuggee

BOOLEAN g_IsSerialConnectedToRemoteDebuggee
extern

Shows if the debugger was connected to remote debuggee over (A remote guest).