|
HyperDbg Debugger
|
Last Branch Record (LBR) related data structures. More...
Go to the source code of this file.
Classes | |
| union | MSR_LBR_INFO |
| struct | _LBR_BRANCH_ENTRY |
| The structure to hold a single LBR entry (from and to addresses). More... | |
| struct | _LBR_STACK_ENTRY |
| The structure to hold the LBR stack for a single processor core, including the branch entries and the TOS index. More... | |
Macros | |
| #define | MSR_LEGACY_LBR_SELECT 0x000001C8 |
| MSR address of LBR_SELECT, which is used to configure the LBR filtering options. | |
| #define | MAXIMUM_LBR_CAPACITY 0x20 |
| Maximum LBR capacity that is supported by processors. | |
| #define | LBR_KERNEL_BIT 0 /* do not capture at ring0 */ |
| #define | LBR_USER_BIT 1 /* do not capture at ring > 0 */ |
| #define | LBR_JCC_BIT 2 /* do not capture conditional branches */ |
| #define | LBR_REL_CALL_BIT 3 /* do not capture relative calls */ |
| #define | LBR_IND_CALL_BIT 4 /* do not capture indirect calls */ |
| #define | LBR_RETURN_BIT 5 /* do not capture near returns */ |
| #define | LBR_IND_JMP_BIT 6 /* do not capture indirect jumps */ |
| #define | LBR_REL_JMP_BIT 7 /* do not capture relative jumps */ |
| #define | LBR_FAR_BIT 8 /* do not capture far branches */ |
| #define | LBR_CALL_STACK_BIT 9 /* enable call stack: not available on all CPUs */ |
| #define | LBR_KERNEL (1 << LBR_KERNEL_BIT) |
| #define | LBR_USER (1 << LBR_USER_BIT) |
| #define | LBR_JCC (1 << LBR_JCC_BIT) |
| #define | LBR_REL_CALL (1 << LBR_REL_CALL_BIT) |
| #define | LBR_IND_CALL (1 << LBR_IND_CALL_BIT) |
| #define | LBR_RETURN (1 << LBR_RETURN_BIT) |
| #define | LBR_IND_JMP (1 << LBR_IND_JMP_BIT) |
| #define | LBR_REL_JMP (1 << LBR_REL_JMP_BIT) |
| #define | LBR_FAR_OTHER_BRANCHES (1 << LBR_FAR_BIT) |
| #define | LBR_CALL_STACK (1 << LBR_CALL_STACK_BIT) |
| #define | LBR_CALL_STACK_BASE_FLAGS (LBR_CALL_STACK | (LBR_JCC | LBR_IND_JMP | LBR_REL_JMP | LBR_FAR_OTHER_BRANCHES)) |
| For call-stack mode, only CALLs and RETs should be captured Capturing other branch types may lead to undefined behavior. | |
| #define | LBR_BR_TYPE_COND 0x0 |
| Branch Type Encodings (Only on Architectural LBR, not available in Legacy LBR). | |
| #define | LBR_BR_TYPE_JMP_INDIRECT 0x1 |
| #define | LBR_BR_TYPE_JMP_DIRECT 0x2 |
| #define | LBR_BR_TYPE_CALL_INDIRECT 0x3 |
| #define | LBR_BR_TYPE_CALL_DIRECT 0x4 |
| #define | LBR_BR_TYPE_RET 0x5 |
| #define | LBR_BR_TYPE_RESERVED_MIN 0x6 /* 011xb */ |
| #define | LBR_BR_TYPE_RESERVED_MAX 0x7 /* 011xb */ |
| #define | LBR_BR_TYPE_OTHER_MIN 0x8 /* 1xxxb */ |
| #define | LBR_BR_TYPE_OTHER_MAX 0xF /* 1xxxb */ |
| #define | LBR_BR_TYPE_NAME_MAX_LEN 16 /* longest string is "CALL Indirect\0" = 14 chars, rounded up */ |
Typedefs | |
| typedef union MSR_LBR_INFO * | PMSR_LBR_INFO |
| typedef struct _LBR_BRANCH_ENTRY | LBR_BRANCH_ENTRY |
| The structure to hold a single LBR entry (from and to addresses). | |
| typedef struct _LBR_BRANCH_ENTRY | PLBR_BRANCH_ENTRY |
| typedef struct _LBR_STACK_ENTRY | LBR_STACK_ENTRY |
| The structure to hold the LBR stack for a single processor core, including the branch entries and the TOS index. | |
| typedef struct _LBR_STACK_ENTRY | PLBR_STACK_ENTRY |
Last Branch Record (LBR) related data structures.
| #define LBR_BR_TYPE_CALL_DIRECT 0x4 |
| #define LBR_BR_TYPE_CALL_INDIRECT 0x3 |
| #define LBR_BR_TYPE_COND 0x0 |
Branch Type Encodings (Only on Architectural LBR, not available in Legacy LBR).
| #define LBR_BR_TYPE_JMP_DIRECT 0x2 |
| #define LBR_BR_TYPE_JMP_INDIRECT 0x1 |
| #define LBR_BR_TYPE_NAME_MAX_LEN 16 /* longest string is "CALL Indirect\0" = 14 chars, rounded up */ |
| #define LBR_BR_TYPE_OTHER_MAX 0xF /* 1xxxb */ |
| #define LBR_BR_TYPE_OTHER_MIN 0x8 /* 1xxxb */ |
| #define LBR_BR_TYPE_RESERVED_MAX 0x7 /* 011xb */ |
| #define LBR_BR_TYPE_RESERVED_MIN 0x6 /* 011xb */ |
| #define LBR_BR_TYPE_RET 0x5 |
| #define LBR_CALL_STACK (1 << LBR_CALL_STACK_BIT) |
| #define LBR_CALL_STACK_BASE_FLAGS (LBR_CALL_STACK | (LBR_JCC | LBR_IND_JMP | LBR_REL_JMP | LBR_FAR_OTHER_BRANCHES)) |
For call-stack mode, only CALLs and RETs should be captured Capturing other branch types may lead to undefined behavior.
| #define LBR_CALL_STACK_BIT 9 /* enable call stack: not available on all CPUs */ |
| #define LBR_FAR_BIT 8 /* do not capture far branches */ |
| #define LBR_FAR_OTHER_BRANCHES (1 << LBR_FAR_BIT) |
| #define LBR_IND_CALL (1 << LBR_IND_CALL_BIT) |
| #define LBR_IND_CALL_BIT 4 /* do not capture indirect calls */ |
| #define LBR_IND_JMP (1 << LBR_IND_JMP_BIT) |
| #define LBR_IND_JMP_BIT 6 /* do not capture indirect jumps */ |
| #define LBR_JCC (1 << LBR_JCC_BIT) |
| #define LBR_JCC_BIT 2 /* do not capture conditional branches */ |
| #define LBR_KERNEL (1 << LBR_KERNEL_BIT) |
| #define LBR_REL_CALL (1 << LBR_REL_CALL_BIT) |
| #define LBR_REL_CALL_BIT 3 /* do not capture relative calls */ |
| #define LBR_REL_JMP (1 << LBR_REL_JMP_BIT) |
| #define LBR_REL_JMP_BIT 7 /* do not capture relative jumps */ |
| #define LBR_RETURN (1 << LBR_RETURN_BIT) |
| #define LBR_RETURN_BIT 5 /* do not capture near returns */ |
| #define LBR_USER (1 << LBR_USER_BIT) |
| #define MAXIMUM_LBR_CAPACITY 0x20 |
Maximum LBR capacity that is supported by processors.
| #define MSR_LEGACY_LBR_SELECT 0x000001C8 |
MSR address of LBR_SELECT, which is used to configure the LBR filtering options.
| typedef struct _LBR_BRANCH_ENTRY LBR_BRANCH_ENTRY |
The structure to hold a single LBR entry (from and to addresses).
| typedef struct _LBR_STACK_ENTRY LBR_STACK_ENTRY |
The structure to hold the LBR stack for a single processor core, including the branch entries and the TOS index.
| typedef struct _LBR_BRANCH_ENTRY PLBR_BRANCH_ENTRY |
| typedef struct _LBR_STACK_ENTRY PLBR_STACK_ENTRY |
| typedef union MSR_LBR_INFO * PMSR_LBR_INFO |