|
HyperDbg Debugger
|
Headers relating exported functions from hypertrace (tracing) module. More...
Go to the source code of this file.
Macros | |
| #define | IMPORT_EXPORT_HYPERTRACE __declspec(dllimport) |
Functions | |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN | HyperTraceInitCallback (HYPERTRACE_CALLBACKS *HyperTraceCallbacks, BOOLEAN RunningOnHypervisorEnvironment) |
| Initialize the hypertrace module callbacks. | |
| IMPORT_EXPORT_HYPERTRACE VOID | HyperTraceUninit () |
| Uninitialize the hypertrace module. | |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN | HyperTraceLbrIsSupported (UINT32 *Capacity, BOOLEAN *IsArchLbr) |
| Check if LBR is supported on the current CPU and get its capacity. | |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN | HyperTraceLbrCheck () |
| Check if LBR is supported and enabled on the current core. | |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN | HyperTraceLbrRestore () |
| Restore (re-enable) LBR collection on the current core with previous filter options. | |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN | HyperTraceLbrRestoreByFilter (UINT64 FilterOptions) |
| Restore (re-enable) LBR collection on the current core with the specified filter options. | |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN | HyperTraceLbrSave (HYPERTRACE_LBR_OPERATION_PACKETS *HyperTraceOperationRequest) |
| Save LBR tracing for HyperTrace. | |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN | HyperTraceLbrPrint (HYPERTRACE_LBR_OPERATION_PACKETS *HyperTraceOperationRequest) |
| Print LBR tracing for HyperTrace. | |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN | HyperTraceLbrFlush (HYPERTRACE_LBR_OPERATION_PACKETS *HyperTraceOperationRequest) |
| Flush LBR tracing for HyperTrace. | |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN | HyperTraceLbrQueryStateOfLbrSaveAndLoadVmExitAndEntryControls (UINT32 CoreId) |
| Query the state of LBR save and load VM exit and entry controls. | |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN | HyperTraceLbrPerformDump (HYPERTRACE_LBR_DUMP_PACKETS *LbrDumpRequest) |
| Perform actions related to HyperTrace LBR dumping. | |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN | HyperTraceLbrPerformOperation (HYPERTRACE_LBR_OPERATION_PACKETS *LbrOperationRequest) |
| Perform actions related to HyperTrace LBR operations. | |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN | HyperTracePtEnable (HYPERTRACE_PT_OPERATION_PACKETS *PtOperationRequest) |
| Enable PT tracing for HyperTrace. | |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN | HyperTracePtDisable (HYPERTRACE_PT_OPERATION_PACKETS *PtOperationRequest) |
| Disable PT tracing for HyperTrace. | |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN | HyperTracePtPause (HYPERTRACE_PT_OPERATION_PACKETS *PtOperationRequest) |
| Pause PT tracing on every core. Buffers stay allocated and the per-CPU CTL is preserved, so HyperTracePtResume can restart the trace exactly where it stopped. | |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN | HyperTracePtResume (HYPERTRACE_PT_OPERATION_PACKETS *PtOperationRequest) |
| Resume PT tracing on every core after a prior HyperTracePtPause. | |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN | HyperTracePtSize (HYPERTRACE_PT_OPERATION_PACKETS *PtOperationRequest) |
| Snapshot the current PT output position on every core and write the per-CPU byte counts into HyperTraceOperationRequest->BytesPerCpu. The returned counts are the decode window — bytes [0, BytesPerCpu[i]) in CPU i's user mapping currently hold valid trace data. | |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN | HyperTracePtDump (HYPERTRACE_PT_OPERATION_PACKETS *PtOperationRequest) |
| Dump PT trace state for HyperTrace. | |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN | HyperTracePtFlush (HYPERTRACE_PT_OPERATION_PACKETS *PtOperationRequest) |
| Flush PT trace state on all cores (free buffers). | |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN | HyperTracePtFilter (HYPERTRACE_PT_OPERATION_PACKETS *PtOperationRequest) |
| Apply a new PT trace configuration (TraceUser / TraceKernel / TargetCr3 / BufferSize / NumAddrRanges + AddrRanges) on all cores. | |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN | HyperTracePtPerformOperation (HYPERTRACE_PT_OPERATION_PACKETS *PtOperationRequest) |
| Perform actions related to HyperTrace PT. | |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN | HyperTracePtMmap (HYPERTRACE_PT_MMAP_PACKETS *Req) |
| Map every per-CPU PT main output + overflow buffer into the calling user-mode process. See HYPERTRACE_PT_MMAP_PACKETS for the full lifetime / single-process contract. | |
Headers relating exported functions from hypertrace (tracing) module.
| #define IMPORT_EXPORT_HYPERTRACE __declspec(dllimport) |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN HyperTraceInitCallback | ( | HYPERTRACE_CALLBACKS * | HyperTraceCallbacks, |
| BOOLEAN | RunningOnHypervisorEnvironment ) |
Initialize the hypertrace module callbacks.
This only for callback initialization, not for LBR, PT, etc. initialization
| HyperTraceCallbacks | Pointer to the HyperTrace callbacks structure to be registered |
| RunningOnHypervisorEnvironment | Whether the initialization is being done for hypervisor environment or not, it can be used to skip some of the initialization steps if it is not for hypervisor environment and behave differently based on that |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN HyperTraceLbrCheck | ( | ) |
Check if LBR is supported and enabled on the current core.
| IMPORT_EXPORT_HYPERTRACE BOOLEAN HyperTraceLbrFlush | ( | HYPERTRACE_LBR_OPERATION_PACKETS * | HyperTraceOperationRequest | ) |
Flush LBR tracing for HyperTrace.
| HyperTraceOperationRequest |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN HyperTraceLbrIsSupported | ( | UINT32 * | Capacity, |
| BOOLEAN * | IsArchLbr ) |
Check if LBR is supported on the current CPU and get its capacity.
| Capacity | Pointer to a variable to receive the LBR capacity (number of entries) |
| IsArchLbr | Pointer to a variable to receive whether the supported LBR is architectural LBR or not (legacy LBR) |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN HyperTraceLbrPerformDump | ( | HYPERTRACE_LBR_DUMP_PACKETS * | LbrDumpRequest | ) |
Perform actions related to HyperTrace LBR dumping.
| LbrDumpRequest |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN HyperTraceLbrPerformOperation | ( | HYPERTRACE_LBR_OPERATION_PACKETS * | LbrOperationRequest | ) |
Perform actions related to HyperTrace LBR operations.
| LbrOperationRequest |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN HyperTraceLbrPrint | ( | HYPERTRACE_LBR_OPERATION_PACKETS * | HyperTraceOperationRequest | ) |
Print LBR tracing for HyperTrace.
| HyperTraceOperationRequest |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN HyperTraceLbrQueryStateOfLbrSaveAndLoadVmExitAndEntryControls | ( | UINT32 | CoreId | ) |
Query the state of LBR save and load VM exit and entry controls.
| CoreId | The index of the processor core to query |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN HyperTraceLbrRestore | ( | ) |
Restore (re-enable) LBR collection on the current core with previous filter options.
| IMPORT_EXPORT_HYPERTRACE BOOLEAN HyperTraceLbrRestoreByFilter | ( | UINT64 | FilterOptions | ) |
Restore (re-enable) LBR collection on the current core with the specified filter options.
| FilterOptions | A bitmask of filter options to apply to the LBR branches |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN HyperTraceLbrSave | ( | HYPERTRACE_LBR_OPERATION_PACKETS * | HyperTraceOperationRequest | ) |
Save LBR tracing for HyperTrace.
| HyperTraceOperationRequest |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN HyperTracePtDisable | ( | HYPERTRACE_PT_OPERATION_PACKETS * | PtOperationRequest | ) |
Disable PT tracing for HyperTrace.
| PtOperationRequest | Pointer to the HyperTrace PT operation request packet |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN HyperTracePtDump | ( | HYPERTRACE_PT_OPERATION_PACKETS * | HyperTraceOperationRequest | ) |
Dump PT trace state for HyperTrace.
| HyperTraceOperationRequest |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN HyperTracePtEnable | ( | HYPERTRACE_PT_OPERATION_PACKETS * | PtOperationRequest | ) |
Enable PT tracing for HyperTrace.
| PtOperationRequest | Pointer to the HyperTrace PT operation request packet |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN HyperTracePtFilter | ( | HYPERTRACE_PT_OPERATION_PACKETS * | Req | ) |
Apply a new PT trace configuration (TraceUser / TraceKernel / TargetCr3 / BufferSize / NumAddrRanges + AddrRanges) on all cores.
Mirrors HyperTraceLbrUpdateFilterOptions / LbrFilter:
Must be called at IRQL == PASSIVE_LEVEL because of the contiguous-memory allocator.
| IMPORT_EXPORT_HYPERTRACE BOOLEAN HyperTracePtFlush | ( | HYPERTRACE_PT_OPERATION_PACKETS * | HyperTraceOperationRequest | ) |
Flush PT trace state on all cores (free buffers).
| HyperTraceOperationRequest |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN HyperTracePtMmap | ( | HYPERTRACE_PT_MMAP_PACKETS * | Req | ) |
Map every per-CPU PT main output + overflow buffer into the calling user-mode process. See HYPERTRACE_PT_MMAP_PACKETS for the full lifetime / single-process contract.
| IMPORT_EXPORT_HYPERTRACE BOOLEAN HyperTracePtPause | ( | HYPERTRACE_PT_OPERATION_PACKETS * | HyperTraceOperationRequest | ) |
Pause PT tracing on every core. Buffers stay allocated and the per-CPU CTL is preserved, so HyperTracePtResume can restart the trace exactly where it stopped.
| HyperTraceOperationRequest |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN HyperTracePtPerformOperation | ( | HYPERTRACE_PT_OPERATION_PACKETS * | PtOperationRequest | ) |
Perform actions related to HyperTrace PT.
| PtOperationRequest |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN HyperTracePtResume | ( | HYPERTRACE_PT_OPERATION_PACKETS * | HyperTraceOperationRequest | ) |
Resume PT tracing on every core after a prior HyperTracePtPause.
| HyperTraceOperationRequest |
| IMPORT_EXPORT_HYPERTRACE BOOLEAN HyperTracePtSize | ( | HYPERTRACE_PT_OPERATION_PACKETS * | HyperTraceOperationRequest | ) |
Snapshot the current PT output position on every core and write the per-CPU byte counts into HyperTraceOperationRequest->BytesPerCpu. The returned counts are the decode window — bytes [0, BytesPerCpu[i]) in CPU i's user mapping currently hold valid trace data.
| HyperTraceOperationRequest |
| IMPORT_EXPORT_HYPERTRACE VOID HyperTraceUninit | ( | ) |
Uninitialize the hypertrace module.