41 _In_reads_bytes_(BufferLength)
PVOID Buffer,
VOID EventInjectGeneralProtection()
Inject GP to the guest (Event Injection).
Definition Events.c:62
VOID HvHandleTrapFlag()
Handle the case when the trap flag is set, and we need to inject the single-step exception right afte...
Definition Hv.c:1754
BOOLEAN SyscallCallbackSetTrapFlagAfterSyscall(GUEST_REGS *Regs, UINT32 ProcessId, UINT32 ThreadId, UINT64 Context, SYSCALL_CALLBACK_CONTEXT_PARAMS *Params)
Set the trap flag in the guest after a syscall.
Definition SyscallCallback.c:226
IMPORT_EXPORT_HYPERLOG BOOLEAN LogCallbackSendBuffer(_In_ UINT32 OperationCode, _In_reads_bytes_(BufferLength) PVOID Buffer, _In_ UINT32 BufferLength, _In_ BOOLEAN Priority)
routines callback for sending buffer
Definition HyperLogCallback.c:123
IMPORT_EXPORT_HYPERLOG BOOLEAN LogCallbackCheckIfBufferIsFull(BOOLEAN Priority)
Checks whether the priority or regular buffer is full or not.
Definition Logging.c:262
IMPORT_EXPORT_HYPERLOG BOOLEAN LogCallbackSendMessageToQueue(UINT32 OperationCode, BOOLEAN IsImmediateMessage, CHAR *LogMessage, UINT32 BufferLen, BOOLEAN Priority)
Send string messages and tracing for logging and monitoring.
Definition Logging.c:1214
IMPORT_EXPORT_HYPERLOG BOOLEAN LogCallbackPrepareAndSendMessageToQueueWrapper(UINT32 OperationCode, BOOLEAN IsImmediateMessage, BOOLEAN ShowCurrentSystemTime, BOOLEAN Priority, const CHAR *Fmt, va_list ArgList)
Prepare a printf-style message mapping and send string messages and tracing for logging and monitorin...
Definition Logging.c:987
IMPORT_EXPORT_HYPERTRACE BOOLEAN HyperTraceLbrIsSupported(UINT32 *Capacity, BOOLEAN *IsArchLbr)
Check if LBR is supported on the current CPU and get its capacity.
Definition LbrApi.c:157
IMPORT_EXPORT_VMM BOOLEAN CheckAccessValidityAndSafety(UINT64 TargetAddress, UINT32 Size)
Check the safety to access the memory.
Definition AddressCheck.c:318
IMPORT_EXPORT_VMM BOOLEAN MemoryMapperWriteMemorySafeOnTargetProcess(_Inout_ UINT64 Destination, _In_ PVOID Source, _In_ SIZE_T Size)
IMPORT_EXPORT_VMM BOOLEAN MemoryMapperReadMemorySafeOnTargetProcess(_In_ UINT64 VaAddressToRead, _Inout_ PVOID BufferToSaveMemory, _In_ SIZE_T SizeToRead)
BOOLEAN(* LOG_CALLBACK_SEND_MESSAGE_TO_QUEUE)(UINT32 OperationCode, BOOLEAN IsImmediateMessage, CHAR *LogMessage, UINT32 BufferLen, BOOLEAN Priority)
A function that sends the messages to message tracer buffers.
Definition HyperEvade.h:34
BOOLEAN(* CHECK_ACCESS_VALIDITY_AND_SAFETY)(UINT64 TargetAddress, UINT32 Size)
A function that checks the validity and safety of the target address.
Definition HyperEvade.h:61
BOOLEAN(* LOG_CALLBACK_PREPARE_AND_SEND_MESSAGE_TO_QUEUE)(UINT32 OperationCode, BOOLEAN IsImmediateMessage, BOOLEAN ShowCurrentSystemTime, BOOLEAN Priority, const CHAR *Fmt, va_list ArgList)
A function from the message tracer that send the inputs to the queue of the messages.
Definition HyperEvade.h:23
BOOLEAN(* LOG_CALLBACK_CHECK_IF_BUFFER_IS_FULL)(BOOLEAN Priority)
A function that checks whether the priority or regular buffer is full or not.
Definition HyperEvade.h:49
BOOLEAN(* SYSCALL_CALLBACK_SET_TRAP_FLAG_AFTER_SYSCALL)(GUEST_REGS *Regs, UINT32 ProcessId, UINT32 ThreadId, UINT64 Context, SYSCALL_CALLBACK_CONTEXT_PARAMS *Params)
A function that sets the trap flag after a syscall.
Definition HyperEvade.h:85
VOID(* HV_HANDLE_TRAPFLAG)()
A function that handles the trap flag.
Definition HyperEvade.h:95
BOOLEAN(* MEMORY_MAPPER_READ_MEMORY_SAFE_ON_TARGET_PROCESS)(UINT64 VaAddressToRead, PVOID BufferToSaveMemory, SIZE_T SizeToRead)
A function that reads memory safely on the target process.
Definition HyperEvade.h:67
BOOLEAN(* HYPERTRACE_LBR_IS_SUPPORTED)(UINT32 *Capacity, BOOLEAN *IsArchLbr)
A function that checks if LBR is supported on the current CPU and gets its capacity.
Definition HyperEvade.h:55
struct _HYPEREVADE_CALLBACKS * PHYPEREVADE_CALLBACKS
PCHAR(* COMMON_GET_PROCESS_NAME_FROM_PROCESS_CONTROL_BLOCK)(PVOID Eprocess)
A function that gets the process name from the process control block.
Definition HyperEvade.h:79
BOOLEAN(* MEMORY_MAPPER_WRITE_MEMORY_SAFE_ON_TARGET_PROCESS)(UINT64 Destination, PVOID Source, SIZE_T Size)
A function that writes memory safely on the target process.
Definition HyperEvade.h:73
struct _HYPEREVADE_CALLBACKS HYPEREVADE_CALLBACKS
Prototype of each function needed by hyperevade module.
BOOLEAN(* LOG_CALLBACK_SEND_BUFFER)(_In_ UINT32 OperationCode, _In_reads_bytes_(BufferLength) PVOID Buffer, _In_ UINT32 BufferLength, _In_ BOOLEAN Priority)
A function that sends the messages to message tracer buffers.
Definition HyperEvade.h:40
VOID(* EVENT_INJECT_GENERAL_PROTECTION)()
A function that injects a general protection (GP).
Definition HyperEvade.h:101
PCHAR CommonGetProcessNameFromProcessControlBlock(PEPROCESS Eprocess)
Get process name by eprocess.
Definition Common.c:48
Prototype of each function needed by hyperevade module.
Definition HyperEvade.h:112
Definition BasicTypes.h:136