HyperDbg Debugger
Loading...
Searching...
No Matches
Ioctls.h
Go to the documentation of this file.
1
12#pragma once
13
15// Definitions //
17
18//
19// The following controls are mainly defined in <winioctl.h>
20//
21
22//
23// Macro definition for defining IOCTL and FSCTL function control codes. Note
24// that function codes 0-2047 are reserved for Microsoft Corporation, and
25// 2048-4095 are reserved for customers.
26//
27#ifndef CTL_CODE
28
29# define CTL_CODE(DeviceType, Function, Method, Access) ( \
30 ((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method))
31
32#endif // ! CTL_CODE
33
34#ifndef FILE_ANY_ACCESS
35
36# define FILE_ANY_ACCESS 0
37
38#endif // !FILE_ANY_ACCESS
39
40//
41// Define the method codes for how buffers are passed for I/O and FS controls
42//
43
44#ifndef METHOD_BUFFERED
45
46# define METHOD_BUFFERED 0
47
48#endif // !METHOD_BUFFERED
49
50#ifndef FILE_DEVICE_UNKNOWN
51
52# define FILE_DEVICE_UNKNOWN 0x00000022
53
54#endif // !FILE_DEVICE_UNKNOWN
55
60#define CTL_CODE_FUNCTION(Code) (((Code) >> 2) & 0xFFF)
61
66#define IOCTL_START_CODE 0x800
67
72#define IOCTL_BASIC_IOCTL IOCTL_START_CODE + 0x00
73
78#define IOCTL_KD_IOCTL IOCTL_START_CODE + 0x100
79
84#define IOCTL_VMM_IOCTL IOCTL_START_CODE + 0x200
85
90#define IOCTL_HYPERTRACE_IOCTL IOCTL_START_CODE + 0x300
91
93// Basic IOCTLs //
95
100#define IOCTL_INIT_VMM \
101 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_BASIC_IOCTL + 0x01, METHOD_BUFFERED, FILE_ANY_ACCESS)
102
107#define IOCTL_INIT_HYPERTRACE \
108 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_BASIC_IOCTL + 0x02, METHOD_BUFFERED, FILE_ANY_ACCESS)
109
114#define IOCTL_REGISTER_EVENT \
115 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_BASIC_IOCTL + 0x03, METHOD_BUFFERED, FILE_ANY_ACCESS)
116
121#define IOCTL_RETURN_IRP_PENDING_PACKETS_AND_DISALLOW_IOCTL \
122 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_BASIC_IOCTL + 0x04, METHOD_BUFFERED, FILE_ANY_ACCESS)
123
125// KD IOCTLs //
127
129// VMM IOCTLs //
131
136#define IOCTL_TERMINATE_VMX \
137 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x01, METHOD_BUFFERED, FILE_ANY_ACCESS)
138
143#define IOCTL_DEBUGGER_READ_MEMORY \
144 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x02, METHOD_BUFFERED, FILE_ANY_ACCESS)
145
150#define IOCTL_DEBUGGER_READ_OR_WRITE_MSR \
151 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x03, METHOD_BUFFERED, FILE_ANY_ACCESS)
152
157#define IOCTL_DEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS \
158 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x04, METHOD_BUFFERED, FILE_ANY_ACCESS)
159
164#define IOCTL_DEBUGGER_REGISTER_EVENT \
165 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x05, METHOD_BUFFERED, FILE_ANY_ACCESS)
166
171#define IOCTL_DEBUGGER_ADD_ACTION_TO_EVENT \
172 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x06, METHOD_BUFFERED, FILE_ANY_ACCESS)
173
178#define IOCTL_DEBUGGER_HIDE_AND_UNHIDE_TO_TRANSPARENT_THE_DEBUGGER \
179 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x07, METHOD_BUFFERED, FILE_ANY_ACCESS)
180
185#define IOCTL_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS \
186 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x08, METHOD_BUFFERED, FILE_ANY_ACCESS)
187
192#define IOCTL_DEBUGGER_EDIT_MEMORY \
193 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x09, METHOD_BUFFERED, FILE_ANY_ACCESS)
194
199#define IOCTL_DEBUGGER_SEARCH_MEMORY \
200 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x0a, METHOD_BUFFERED, FILE_ANY_ACCESS)
201
206#define IOCTL_DEBUGGER_MODIFY_EVENTS \
207 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x0b, METHOD_BUFFERED, FILE_ANY_ACCESS)
208
213#define IOCTL_DEBUGGER_FLUSH_LOGGING_BUFFERS \
214 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x0c, METHOD_BUFFERED, FILE_ANY_ACCESS)
215
220#define IOCTL_DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS \
221 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x0d, METHOD_BUFFERED, FILE_ANY_ACCESS)
222
228#define IOCTL_DEBUGGER_PRINT \
229 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x0e, METHOD_BUFFERED, FILE_ANY_ACCESS)
230
235#define IOCTL_PREPARE_DEBUGGEE \
236 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x0f, METHOD_BUFFERED, FILE_ANY_ACCESS)
237
242#define IOCTL_PAUSE_PACKET_RECEIVED \
243 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x10, METHOD_BUFFERED, FILE_ANY_ACCESS)
244
249#define IOCTL_SEND_SIGNAL_EXECUTION_IN_DEBUGGEE_FINISHED \
250 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x11, METHOD_BUFFERED, FILE_ANY_ACCESS)
251
256#define IOCTL_SEND_USERMODE_MESSAGES_TO_DEBUGGER \
257 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x12, METHOD_BUFFERED, FILE_ANY_ACCESS)
258
263#define IOCTL_SEND_GENERAL_BUFFER_FROM_DEBUGGEE_TO_DEBUGGER \
264 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x13, METHOD_BUFFERED, FILE_ANY_ACCESS)
265
270#define IOCTL_PERFORM_KERNEL_SIDE_TESTS \
271 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x14, METHOD_BUFFERED, FILE_ANY_ACCESS)
272
277#define IOCTL_RESERVE_PRE_ALLOCATED_POOLS \
278 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x15, METHOD_BUFFERED, FILE_ANY_ACCESS)
279
284#define IOCTL_SEND_USER_DEBUGGER_COMMANDS \
285 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x16, METHOD_BUFFERED, FILE_ANY_ACCESS)
286
291#define IOCTL_GET_DETAIL_OF_ACTIVE_THREADS_AND_PROCESSES \
292 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x17, METHOD_BUFFERED, FILE_ANY_ACCESS)
293
298#define IOCTL_GET_USER_MODE_MODULE_DETAILS \
299 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x18, METHOD_BUFFERED, FILE_ANY_ACCESS)
300
305#define IOCTL_QUERY_COUNT_OF_ACTIVE_PROCESSES_OR_THREADS \
306 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x19, METHOD_BUFFERED, FILE_ANY_ACCESS)
307
312#define IOCTL_GET_LIST_OF_THREADS_AND_PROCESSES \
313 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x1a, METHOD_BUFFERED, FILE_ANY_ACCESS)
314
319#define IOCTL_QUERY_CURRENT_PROCESS \
320 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x1b, METHOD_BUFFERED, FILE_ANY_ACCESS)
321
326#define IOCTL_QUERY_CURRENT_THREAD \
327 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x1c, METHOD_BUFFERED, FILE_ANY_ACCESS)
328
333#define IOCTL_REQUEST_REV_MACHINE_SERVICE \
334 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x1d, METHOD_BUFFERED, FILE_ANY_ACCESS)
335
340#define IOCTL_DEBUGGER_BRING_PAGES_IN \
341 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x1e, METHOD_BUFFERED, FILE_ANY_ACCESS)
342
347#define IOCTL_PREACTIVATE_FUNCTIONALITY \
348 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x1f, METHOD_BUFFERED, FILE_ANY_ACCESS)
349
354#define IOCTL_PCIE_ENDPOINT_ENUM \
355 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x20, METHOD_BUFFERED, FILE_ANY_ACCESS)
356
361#define IOCTL_PERFORM_ACTIONS_ON_APIC \
362 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x21, METHOD_BUFFERED, FILE_ANY_ACCESS)
363
368#define IOCTL_PCIDEVINFO_ENUM \
369 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x22, METHOD_BUFFERED, FILE_ANY_ACCESS)
370
375#define IOCTL_QUERY_IDT_ENTRY \
376 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x24, METHOD_BUFFERED, FILE_ANY_ACCESS)
377
382#define IOCTL_SET_BREAKPOINT_USER_DEBUGGER \
383 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x25, METHOD_BUFFERED, FILE_ANY_ACCESS)
384
389#define IOCTL_PERFORM_SMI_OPERATION \
390 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_VMM_IOCTL + 0x26, METHOD_BUFFERED, FILE_ANY_ACCESS)
391
393// HyperTrace IOCTLs //
395
400#define IOCTL_PERFORM_HYPERTRACE_UNLOAD \
401 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_HYPERTRACE_IOCTL + 0x01, METHOD_BUFFERED, FILE_ANY_ACCESS)
402
407#define IOCTL_PERFORM_HYPERTRACE_LBR_OPERATION \
408 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_HYPERTRACE_IOCTL + 0x02, METHOD_BUFFERED, FILE_ANY_ACCESS)
409
414#define IOCTL_PERFORM_HYPERTRACE_LBR_DUMP \
415 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_HYPERTRACE_IOCTL + 0x03, METHOD_BUFFERED, FILE_ANY_ACCESS)
416
421#define IOCTL_PERFORM_HYPERTRACE_PT_OPERATION \
422 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_HYPERTRACE_IOCTL + 0x04, METHOD_BUFFERED, FILE_ANY_ACCESS)
423
429#define IOCTL_PERFORM_HYPERTRACE_PT_MMAP \
430 CTL_CODE(FILE_DEVICE_UNKNOWN, IOCTL_HYPERTRACE_IOCTL + 0x05, METHOD_BUFFERED, FILE_ANY_ACCESS)