|
HyperDbg Debugger
|
HyperDbg's SDK for VMM project. More...
Go to the source code of this file.
Classes | |
| struct | _VMM_CALLBACKS |
| Prototype of each function needed by VMM module. More... | |
Typedefs | |
| typedef BOOLEAN(* | LOG_CALLBACK_PREPARE_AND_SEND_MESSAGE_TO_QUEUE) (UINT32 OperationCode, BOOLEAN IsImmediateMessage, BOOLEAN ShowCurrentSystemTime, BOOLEAN Priority, const CHAR *Fmt, va_list ArgList) |
| A function from the message tracer that send the inputs to the queue of the messages. | |
| typedef BOOLEAN(* | LOG_CALLBACK_SEND_MESSAGE_TO_QUEUE) (UINT32 OperationCode, BOOLEAN IsImmediateMessage, CHAR *LogMessage, UINT32 BufferLen, BOOLEAN Priority) |
| A function that sends the messages to message tracer buffers. | |
| typedef BOOLEAN(* | LOG_CALLBACK_SEND_BUFFER) (_In_ UINT32 OperationCode, _In_reads_bytes_(BufferLength) PVOID Buffer, _In_ UINT32 BufferLength, _In_ BOOLEAN Priority) |
| A function that sends the messages to message tracer buffers. | |
| typedef BOOLEAN(* | LOG_CALLBACK_CHECK_IF_BUFFER_IS_FULL) (BOOLEAN Priority) |
| A function that checks whether the priority or regular buffer is full or not. | |
| typedef BOOLEAN(* | HYPERTRACE_LBR_IS_SUPPORTED) (UINT32 *Capacity, BOOLEAN *IsArchLbr) |
| A function that checks if LBR is supported on the current CPU and gets its capacity. | |
| typedef VMM_CALLBACK_TRIGGERING_EVENT_STATUS_TYPE(* | VMM_CALLBACK_TRIGGER_EVENTS) (VMM_EVENT_TYPE_ENUM EventType, VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE CallingStage, PVOID Context, BOOLEAN *PostEventRequired, GUEST_REGS *Regs) |
| A function that handles trigger events. | |
| typedef BOOLEAN(* | DEBUGGING_CALLBACK_HANDLE_BREAKPOINT_EXCEPTION) (UINT32 CoreId) |
| A function that checks and handles breakpoints. | |
| typedef BOOLEAN(* | DEBUGGING_CALLBACK_HANDLE_DEBUG_BREAKPOINT_EXCEPTION) (UINT32 CoreId) |
| A function that checks and handles debug breakpoints. | |
| typedef BOOLEAN(* | DEBUGGING_CALLBACK_CHECK_THREAD_INTERCEPTION) (UINT32 CoreId) |
| Check for thread interception in user-debugger. | |
| typedef BOOLEAN(* | DEBUGGING_CALLBACK_TRIGGER_ON_CLOCK_AND_IPI_EVENTS) (_In_ UINT32 CoreId) |
| Trigger on clock and IPI events for checking process or thread change. | |
| typedef BOOLEAN(* | DEBUGGING_CALLBACK_IGNORE_HANDLING_MOV_2_DEBUG_REGS) (_In_ UINT32 CoreId) |
| routine callback to ignore handling mov 2 debug registers | |
| typedef BOOLEAN(* | POOL_MANAGER_REQUEST_ALLOCATION) (SIZE_T Size, UINT32 Count, POOL_ALLOCATION_INTENTION Intention) |
| Request pool allocation. | |
| typedef UINT64(* | POOL_MANAGER_REQUEST_POOL) (POOL_ALLOCATION_INTENTION Intention, BOOLEAN RequestNewPool, UINT32 Size) |
| Request pool. | |
| typedef BOOLEAN(* | POOL_MANAGER_FREE_POOL) (UINT64 AddressToFree) |
| Free pool. | |
| typedef BOOLEAN(* | VMM_CALLBACK_RESTORE_EPT_STATE) (UINT32 CoreId) |
| Check for user-mode access for loaded module details. | |
| typedef BOOLEAN(* | VMM_CALLBACK_CHECK_UNHANDLED_EPT_VIOLATION) (UINT32 CoreId, UINT64 ViolationQualification, UINT64 GuestPhysicalAddr) |
| Check for unhandled EPT violations. | |
| typedef BOOLEAN(* | VMM_CALLBACK_HANDLE_MTF_CALLBACK) (UINT32 CoreId) |
| Handle MTF callback. | |
| typedef VOID(* | INTERCEPTION_CALLBACK_TRIGGER_CR3_CHANGE) (UINT32 CoreId) |
| Handle cr3 process change callbacks. | |
| typedef VOID(* | VMM_CALLBACK_NMI_BROADCAST_REQUEST_HANDLER) (UINT32 CoreId, BOOLEAN IsOnVmxNmiHandler) |
| Handle NMI broadcast. | |
| typedef VOID(* | VMM_CALLBACK_SET_LAST_ERROR) (UINT32 LastError) |
| Set the top-level driver's error status. | |
| typedef BOOLEAN(* | VMM_CALLBACK_QUERY_TERMINATE_PROTECTED_RESOURCE) (UINT32 CoreId, PROTECTED_HV_RESOURCES_TYPE ResourceType, PVOID Context, PROTECTED_HV_RESOURCES_PASSING_OVERS PassOver) |
| Check and modify the protected resources of the hypervisor. | |
| typedef BOOLEAN(* | VMM_CALLBACK_VMCALL_HANDLER) (UINT32 CoreId, UINT64 VmcallNumber, UINT64 OptionalParam1, UINT64 OptionalParam2, UINT64 OptionalParam3) |
| Handler of debugger specific VMCALLs. | |
| typedef struct _VMM_CALLBACKS | VMM_CALLBACKS |
| Prototype of each function needed by VMM module. | |
HyperDbg's SDK for VMM project.
This file contains definitions of VMM routines
Check for thread interception in user-debugger.
A function that checks and handles breakpoints.
A function that checks and handles debug breakpoints.
Trigger on clock and IPI events for checking process or thread change.
A function that checks if LBR is supported on the current CPU and gets its capacity.
| typedef VOID(* INTERCEPTION_CALLBACK_TRIGGER_CR3_CHANGE) (UINT32 CoreId) |
Handle cr3 process change callbacks.
A function that checks whether the priority or regular buffer is full or not.
| typedef BOOLEAN(* LOG_CALLBACK_PREPARE_AND_SEND_MESSAGE_TO_QUEUE) (UINT32 OperationCode, BOOLEAN IsImmediateMessage, BOOLEAN ShowCurrentSystemTime, BOOLEAN Priority, const CHAR *Fmt, va_list ArgList) |
A function from the message tracer that send the inputs to the queue of the messages.
| typedef BOOLEAN(* LOG_CALLBACK_SEND_BUFFER) (_In_ UINT32 OperationCode, _In_reads_bytes_(BufferLength) PVOID Buffer, _In_ UINT32 BufferLength, _In_ BOOLEAN Priority) |
A function that sends the messages to message tracer buffers.
| typedef BOOLEAN(* LOG_CALLBACK_SEND_MESSAGE_TO_QUEUE) (UINT32 OperationCode, BOOLEAN IsImmediateMessage, CHAR *LogMessage, UINT32 BufferLen, BOOLEAN Priority) |
A function that sends the messages to message tracer buffers.
| typedef BOOLEAN(* POOL_MANAGER_FREE_POOL) (UINT64 AddressToFree) |
Free pool.
| typedef BOOLEAN(* POOL_MANAGER_REQUEST_ALLOCATION) (SIZE_T Size, UINT32 Count, POOL_ALLOCATION_INTENTION Intention) |
Request pool allocation.
| typedef UINT64(* POOL_MANAGER_REQUEST_POOL) (POOL_ALLOCATION_INTENTION Intention, BOOLEAN RequestNewPool, UINT32 Size) |
Request pool.
| typedef BOOLEAN(* VMM_CALLBACK_CHECK_UNHANDLED_EPT_VIOLATION) (UINT32 CoreId, UINT64 ViolationQualification, UINT64 GuestPhysicalAddr) |
Check for unhandled EPT violations.
| typedef VOID(* VMM_CALLBACK_NMI_BROADCAST_REQUEST_HANDLER) (UINT32 CoreId, BOOLEAN IsOnVmxNmiHandler) |
Handle NMI broadcast.
| typedef BOOLEAN(* VMM_CALLBACK_QUERY_TERMINATE_PROTECTED_RESOURCE) (UINT32 CoreId, PROTECTED_HV_RESOURCES_TYPE ResourceType, PVOID Context, PROTECTED_HV_RESOURCES_PASSING_OVERS PassOver) |
Check and modify the protected resources of the hypervisor.
Check for user-mode access for loaded module details.
| typedef VOID(* VMM_CALLBACK_SET_LAST_ERROR) (UINT32 LastError) |
Set the top-level driver's error status.
| typedef VMM_CALLBACK_TRIGGERING_EVENT_STATUS_TYPE(* VMM_CALLBACK_TRIGGER_EVENTS) (VMM_EVENT_TYPE_ENUM EventType, VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE CallingStage, PVOID Context, BOOLEAN *PostEventRequired, GUEST_REGS *Regs) |
A function that handles trigger events.
| typedef BOOLEAN(* VMM_CALLBACK_VMCALL_HANDLER) (UINT32 CoreId, UINT64 VmcallNumber, UINT64 OptionalParam1, UINT64 OptionalParam2, UINT64 OptionalParam3) |
Handler of debugger specific VMCALLs.
| typedef struct _VMM_CALLBACKS VMM_CALLBACKS |
Prototype of each function needed by VMM module.