HyperDbg Debugger
Loading...
Searching...
No Matches
Functions
interrupt.cpp File Reference

!interrupt command More...

#include "pch.h"

Functions

VOID CommandInterruptHelp ()
 help of the !interrupt command
 
VOID CommandInterrupt (vector< string > SplitCommand, string Command)
 !interrupt command handler
 

Detailed Description

!interrupt command

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.1
Date
2020-06-11
Copyright
This project is released under the GNU Public License v3.

Function Documentation

◆ CommandInterrupt()

VOID CommandInterrupt ( vector< string > SplitCommand,
string Command )

!interrupt command handler

Parameters
SplitCommand
Command
Returns
VOID
49{
50 PDEBUGGER_GENERAL_EVENT_DETAIL Event = NULL;
51 PDEBUGGER_GENERAL_ACTION ActionBreakToDebugger = NULL;
52 PDEBUGGER_GENERAL_ACTION ActionCustomCode = NULL;
53 PDEBUGGER_GENERAL_ACTION ActionScript = NULL;
54 UINT32 EventLength;
55 UINT32 ActionBreakToDebuggerLength = 0;
56 UINT32 ActionCustomCodeLength = 0;
57 UINT32 ActionScriptLength = 0;
58 UINT64 SpecialTarget = 0;
59 BOOLEAN GetEntry = FALSE;
60 vector<string> SplitCommandCaseSensitive {Split(Command, ' ')};
61 DEBUGGER_EVENT_PARSING_ERROR_CAUSE EventParsingErrorCause;
62
63 //
64 // Interpret and fill the general event and action fields
65 //
66 //
67 if (!InterpretGeneralEventAndActionsFields(
68 &SplitCommand,
69 &SplitCommandCaseSensitive,
70 EXTERNAL_INTERRUPT_OCCURRED,
71 &Event,
72 &EventLength,
73 &ActionBreakToDebugger,
74 &ActionBreakToDebuggerLength,
75 &ActionCustomCode,
76 &ActionCustomCodeLength,
77 &ActionScript,
78 &ActionScriptLength,
79 &EventParsingErrorCause))
80 {
81 return;
82 }
83
84 //
85 // Interpret command specific details (if any)
86 //
87 //
88 for (auto Section : SplitCommand)
89 {
90 if (!Section.compare("!interrupt"))
91 {
92 continue;
93 }
94 else if (!GetEntry)
95 {
96 //
97 // It's probably an index
98 //
99 if (!ConvertStringToUInt64(Section, &SpecialTarget))
100 {
101 //
102 // Unknown parameter
103 //
104 ShowMessages("unknown parameter '%s'\n\n", Section.c_str());
105 CommandInterruptHelp();
106
107 FreeEventsAndActionsMemory(Event, ActionBreakToDebugger, ActionCustomCode, ActionScript);
108 return;
109 }
110 else
111 {
112 //
113 // Check if entry is valid or not
114 //
115 if (!(SpecialTarget >= 32 && SpecialTarget <= 0xff))
116 {
117 //
118 // Entry is invalid (this command is designed for just entries
119 // between 32 to 255)
120 //
121 ShowMessages("the entry should be between 0x20 to 0xFF or the "
122 "entries between 32 to 255\n\n");
123 CommandInterruptHelp();
124
125 FreeEventsAndActionsMemory(Event, ActionBreakToDebugger, ActionCustomCode, ActionScript);
126 return;
127 }
128 GetEntry = TRUE;
129 }
130 }
131 else
132 {
133 //
134 // Unknown parameter
135 //
136 ShowMessages("unknown parameter '%s'\n\n", Section.c_str());
137 CommandInterruptHelp();
138
139 FreeEventsAndActionsMemory(Event, ActionBreakToDebugger, ActionCustomCode, ActionScript);
140 return;
141 }
142 }
143
144 if (SpecialTarget == 0)
145 {
146 //
147 // The user didn't set the target interrupt, even though it's possible to
148 // get all interrupts but it makes the system not responsive so it's wrong
149 // to trigger event on all interrupts and we're not going to support it
150 //
151 ShowMessages("please specify an interrupt index to monitor, HyperDbg "
152 "doesn't support to trigger events on all interrupts because "
153 "it's not reasonable and make the system unresponsive\n");
154 CommandInterruptHelp();
155
156 FreeEventsAndActionsMemory(Event, ActionBreakToDebugger, ActionCustomCode, ActionScript);
157 return;
158 }
159
160 //
161 // Set the target interrupt
162 //
163 Event->Options.OptionalParam1 = SpecialTarget;
164
165 //
166 // Send the ioctl to the kernel for event registration
167 //
168 if (!SendEventToKernel(Event, EventLength))
169 {
170 //
171 // There was an error, probably the handle was not initialized
172 // we have to free the Action before exit, it is because, we
173 // already freed the Event and string buffers
174 //
175
176 FreeEventsAndActionsMemory(Event, ActionBreakToDebugger, ActionCustomCode, ActionScript);
177 return;
178 }
179
180 //
181 // Add the event to the kernel
182 //
183 if (!RegisterActionToEvent(Event,
184 ActionBreakToDebugger,
185 ActionBreakToDebuggerLength,
186 ActionCustomCode,
187 ActionCustomCodeLength,
188 ActionScript,
189 ActionScriptLength))
190 {
191 //
192 // There was an error
193 //
194
195 FreeEventsAndActionsMemory(Event, ActionBreakToDebugger, ActionCustomCode, ActionScript);
196 return;
197 }
198}
BOOLEAN
UCHAR BOOLEAN
Definition BasicTypes.h:39
TRUE
#define TRUE
Definition BasicTypes.h:55
FALSE
#define FALSE
Definition BasicTypes.h:54
UINT64
unsigned __int64 UINT64
Definition BasicTypes.h:21
UINT32
unsigned int UINT32
Definition BasicTypes.h:48
Split
const vector< string > Split(const string &s, const char &c)
general split command
Definition common.cpp:117
ConvertStringToUInt64
BOOLEAN ConvertStringToUInt64(string TextToConvert, PUINT64 Result)
check and convert string to a 64 bit unsigned integer and also check for special notations like 0x,...
Definition common.cpp:240
FreeEventsAndActionsMemory
VOID FreeEventsAndActionsMemory(PDEBUGGER_GENERAL_EVENT_DETAIL Event, PDEBUGGER_GENERAL_ACTION ActionBreakToDebugger, PDEBUGGER_GENERAL_ACTION ActionCustomCode, PDEBUGGER_GENERAL_ACTION ActionScript)
Deallocate buffers relating to events and actions.
Definition debugger.cpp:2292
InterpretGeneralEventAndActionsFields
BOOLEAN InterpretGeneralEventAndActionsFields(vector< string > *SplitCommand, vector< string > *SplitCommandCaseSensitive, VMM_EVENT_TYPE_ENUM EventType, PDEBUGGER_GENERAL_EVENT_DETAIL *EventDetailsToFill, PUINT32 EventBufferLength, PDEBUGGER_GENERAL_ACTION *ActionDetailsToFillBreakToDebugger, PUINT32 ActionBufferLengthBreakToDebugger, PDEBUGGER_GENERAL_ACTION *ActionDetailsToFillCustomCode, PUINT32 ActionBufferLengthCustomCode, PDEBUGGER_GENERAL_ACTION *ActionDetailsToFillScript, PUINT32 ActionBufferLengthScript, PDEBUGGER_EVENT_PARSING_ERROR_CAUSE ReasonForErrorInParsing)
Interpret general event fields.
Definition debugger.cpp:2342
SendEventToKernel
BOOLEAN SendEventToKernel(PDEBUGGER_GENERAL_EVENT_DETAIL Event, UINT32 EventBufferLength)
Register the event to the kernel.
Definition debugger.cpp:1969
RegisterActionToEvent
BOOLEAN RegisterActionToEvent(PDEBUGGER_GENERAL_EVENT_DETAIL Event, PDEBUGGER_GENERAL_ACTION ActionBreakToDebugger, UINT32 ActionBreakToDebuggerLength, PDEBUGGER_GENERAL_ACTION ActionCustomCode, UINT32 ActionCustomCodeLength, PDEBUGGER_GENERAL_ACTION ActionScript, UINT32 ActionScriptLength)
Register the action to the event.
Definition debugger.cpp:2086
EXTERNAL_INTERRUPT_OCCURRED
@ EXTERNAL_INTERRUPT_OCCURRED
Definition Events.h:141
CommandInterruptHelp
VOID CommandInterruptHelp()
help of the !interrupt command
Definition interrupt.cpp:20
DEBUGGER_EVENT_PARSING_ERROR_CAUSE
enum _DEBUGGER_EVENT_PARSING_ERROR_CAUSE DEBUGGER_EVENT_PARSING_ERROR_CAUSE
Reason for error in parsing commands.
ShowMessages
VOID ShowMessages(const char *Fmt,...)
Show messages.
Definition libhyperdbg.cpp:96
test-case-generator.NULL
NULL()
Definition test-case-generator.py:530
_DEBUGGER_EVENT_OPTIONS::OptionalParam1
UINT64 OptionalParam1
Definition Events.h:272
_DEBUGGER_GENERAL_ACTION
Each event can have multiple actions.
Definition Events.h:406
_DEBUGGER_GENERAL_EVENT_DETAIL
Each command is like the following struct, it also used for tracing works in user mode and sending it...
Definition Events.h:350
_DEBUGGER_GENERAL_EVENT_DETAIL::Options
DEBUGGER_EVENT_OPTIONS Options
Definition Events.h:391

◆ CommandInterruptHelp()

VOID CommandInterruptHelp ( )

help of the !interrupt command

Returns
VOID
21{
22 ShowMessages("!interrupt : monitors the external interrupt (IDT >= 32).\n\n");
23
24 ShowMessages("syntax : \t[IdtIndex (hex)] [pid ProcessId (hex)] "
25 "[core CoreId (hex)] [imm IsImmediate (yesno)] [sc EnableShortCircuiting (onoff)] "
26 "[stage CallingStage (prepostall)] [buffer PreAllocatedBuffer (hex)] [script { Script (string) }] "
27 "[asm condition { Condition (assembly/hex) }] [asm code { Code (assembly/hex) }] [output {OutputName (string)}]\n");
28
29 ShowMessages("\nnote : The index should be greater than 0x20 (32) and less "
30 "than 0xFF (255) - starting from zero.\n");
31
32 ShowMessages("\n");
33 ShowMessages("\t\te.g : !interrupt 0x2f\n");
34 ShowMessages("\t\te.g : !interrupt 0x2f pid 400\n");
35 ShowMessages("\t\te.g : !interrupt 0x2f core 2 pid 400\n");
36 ShowMessages("\t\te.g : !interrupt 0xd1 script { printf(\"clock interrupt received at the core: %%x\\n\", $core); }\n");
37 ShowMessages("\t\te.g : !interrupt 0x2f asm code { nop; nop; nop }\n");
38}