HyperDbg Debugger
Loading...
Searching...
No Matches
Functions
ioout.cpp File Reference

!ioout command More...

#include "pch.h"

Functions

VOID CommandIooutHelp ()
 help of the !ioout command
 
VOID CommandIoout (vector< string > SplitCommand, string Command)
 !ioout command handler
 

Detailed Description

!ioout command

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.1
Date
2020-06-11
Copyright
This project is released under the GNU Public License v3.

Function Documentation

◆ CommandIoout()

VOID CommandIoout ( vector< string > SplitCommand,
string Command )

!ioout command handler

Parameters
SplitCommand
Command
Returns
VOID
48{
49 PDEBUGGER_GENERAL_EVENT_DETAIL Event = NULL;
50 PDEBUGGER_GENERAL_ACTION ActionBreakToDebugger = NULL;
51 PDEBUGGER_GENERAL_ACTION ActionCustomCode = NULL;
52 PDEBUGGER_GENERAL_ACTION ActionScript = NULL;
53 UINT32 EventLength;
54 UINT32 ActionBreakToDebuggerLength = 0;
55 UINT32 ActionCustomCodeLength = 0;
56 UINT32 ActionScriptLength = 0;
57 UINT64 SpecialTarget = DEBUGGER_EVENT_ALL_IO_PORTS;
58 BOOLEAN GetPort = FALSE;
59 vector<string> SplitCommandCaseSensitive {Split(Command, ' ')};
60 DEBUGGER_EVENT_PARSING_ERROR_CAUSE EventParsingErrorCause;
61
62 //
63 // Interpret and fill the general event and action fields
64 //
65 //
66 if (!InterpretGeneralEventAndActionsFields(
67 &SplitCommand,
68 &SplitCommandCaseSensitive,
69 OUT_INSTRUCTION_EXECUTION,
70 &Event,
71 &EventLength,
72 &ActionBreakToDebugger,
73 &ActionBreakToDebuggerLength,
74 &ActionCustomCode,
75 &ActionCustomCodeLength,
76 &ActionScript,
77 &ActionScriptLength,
78 &EventParsingErrorCause))
79 {
80 return;
81 }
82
83 //
84 // Interpret command specific details (if any)
85 //
86 //
87 for (auto Section : SplitCommand)
88 {
89 if (!Section.compare("!ioout"))
90 {
91 continue;
92 }
93 else if (!GetPort)
94 {
95 //
96 // It's probably an I/O port
97 //
98 if (!ConvertStringToUInt64(Section, &SpecialTarget))
99 {
100 //
101 // Unknown parameter
102 //
103 ShowMessages("unknown parameter '%s'\n\n", Section.c_str());
104 CommandIooutHelp();
105
106 FreeEventsAndActionsMemory(Event, ActionBreakToDebugger, ActionCustomCode, ActionScript);
107 return;
108 }
109 else
110 {
111 GetPort = TRUE;
112 }
113 }
114 else
115 {
116 //
117 // Unknown parameter
118 //
119 ShowMessages("unknown parameter '%s'\n\n", Section.c_str());
120 CommandIooutHelp();
121
122 FreeEventsAndActionsMemory(Event, ActionBreakToDebugger, ActionCustomCode, ActionScript);
123 return;
124 }
125 }
126
127 //
128 // Set the target I/O port
129 //
130 Event->Options.OptionalParam1 = SpecialTarget;
131
132 //
133 // Send the ioctl to the kernel for event registration
134 //
135 if (!SendEventToKernel(Event, EventLength))
136 {
137 //
138 // There was an error, probably the handle was not initialized
139 // we have to free the Action before exit, it is because, we
140 // already freed the Event and string buffers
141 //
142
143 FreeEventsAndActionsMemory(Event, ActionBreakToDebugger, ActionCustomCode, ActionScript);
144 return;
145 }
146
147 //
148 // Add the event to the kernel
149 //
150 if (!RegisterActionToEvent(Event,
151 ActionBreakToDebugger,
152 ActionBreakToDebuggerLength,
153 ActionCustomCode,
154 ActionCustomCodeLength,
155 ActionScript,
156 ActionScriptLength))
157 {
158 //
159 // There was an error
160 //
161
162 FreeEventsAndActionsMemory(Event, ActionBreakToDebugger, ActionCustomCode, ActionScript);
163 return;
164 }
165}
BOOLEAN
UCHAR BOOLEAN
Definition BasicTypes.h:39
TRUE
#define TRUE
Definition BasicTypes.h:55
FALSE
#define FALSE
Definition BasicTypes.h:54
UINT64
unsigned __int64 UINT64
Definition BasicTypes.h:21
UINT32
unsigned int UINT32
Definition BasicTypes.h:48
DEBUGGER_EVENT_ALL_IO_PORTS
#define DEBUGGER_EVENT_ALL_IO_PORTS
Apply to all I/O ports.
Definition Constants.h:641
Split
const vector< string > Split(const string &s, const char &c)
general split command
Definition common.cpp:117
ConvertStringToUInt64
BOOLEAN ConvertStringToUInt64(string TextToConvert, PUINT64 Result)
check and convert string to a 64 bit unsigned integer and also check for special notations like 0x,...
Definition common.cpp:240
FreeEventsAndActionsMemory
VOID FreeEventsAndActionsMemory(PDEBUGGER_GENERAL_EVENT_DETAIL Event, PDEBUGGER_GENERAL_ACTION ActionBreakToDebugger, PDEBUGGER_GENERAL_ACTION ActionCustomCode, PDEBUGGER_GENERAL_ACTION ActionScript)
Deallocate buffers relating to events and actions.
Definition debugger.cpp:2292
InterpretGeneralEventAndActionsFields
BOOLEAN InterpretGeneralEventAndActionsFields(vector< string > *SplitCommand, vector< string > *SplitCommandCaseSensitive, VMM_EVENT_TYPE_ENUM EventType, PDEBUGGER_GENERAL_EVENT_DETAIL *EventDetailsToFill, PUINT32 EventBufferLength, PDEBUGGER_GENERAL_ACTION *ActionDetailsToFillBreakToDebugger, PUINT32 ActionBufferLengthBreakToDebugger, PDEBUGGER_GENERAL_ACTION *ActionDetailsToFillCustomCode, PUINT32 ActionBufferLengthCustomCode, PDEBUGGER_GENERAL_ACTION *ActionDetailsToFillScript, PUINT32 ActionBufferLengthScript, PDEBUGGER_EVENT_PARSING_ERROR_CAUSE ReasonForErrorInParsing)
Interpret general event fields.
Definition debugger.cpp:2342
SendEventToKernel
BOOLEAN SendEventToKernel(PDEBUGGER_GENERAL_EVENT_DETAIL Event, UINT32 EventBufferLength)
Register the event to the kernel.
Definition debugger.cpp:1969
RegisterActionToEvent
BOOLEAN RegisterActionToEvent(PDEBUGGER_GENERAL_EVENT_DETAIL Event, PDEBUGGER_GENERAL_ACTION ActionBreakToDebugger, UINT32 ActionBreakToDebuggerLength, PDEBUGGER_GENERAL_ACTION ActionCustomCode, UINT32 ActionCustomCodeLength, PDEBUGGER_GENERAL_ACTION ActionScript, UINT32 ActionScriptLength)
Register the action to the event.
Definition debugger.cpp:2086
OUT_INSTRUCTION_EXECUTION
@ OUT_INSTRUCTION_EXECUTION
Definition Events.h:135
CommandIooutHelp
VOID CommandIooutHelp()
help of the !ioout command
Definition ioout.cpp:20
DEBUGGER_EVENT_PARSING_ERROR_CAUSE
enum _DEBUGGER_EVENT_PARSING_ERROR_CAUSE DEBUGGER_EVENT_PARSING_ERROR_CAUSE
Reason for error in parsing commands.
ShowMessages
VOID ShowMessages(const char *Fmt,...)
Show messages.
Definition libhyperdbg.cpp:96
test-case-generator.NULL
NULL()
Definition test-case-generator.py:530
_DEBUGGER_EVENT_OPTIONS::OptionalParam1
UINT64 OptionalParam1
Definition Events.h:272
_DEBUGGER_GENERAL_ACTION
Each event can have multiple actions.
Definition Events.h:406
_DEBUGGER_GENERAL_EVENT_DETAIL
Each command is like the following struct, it also used for tracing works in user mode and sending it...
Definition Events.h:350
_DEBUGGER_GENERAL_EVENT_DETAIL::Options
DEBUGGER_EVENT_OPTIONS Options
Definition Events.h:391

◆ CommandIooutHelp()

VOID CommandIooutHelp ( )

help of the !ioout command

Returns
VOID
21{
22 ShowMessages("!ioout : detects the execution of OUT (I/O instructions) "
23 "instructions.\n\n");
24
25 ShowMessages("syntax : \t!ioout [Port (hex)] [pid ProcessId (hex)] "
26 "[core CoreId (hex)] [imm IsImmediate (yesno)] [sc EnableShortCircuiting (onoff)] "
27 "[stage CallingStage (prepostall)] [buffer PreAllocatedBuffer (hex)] [script { Script (string) }] "
28 "[asm condition { Condition (assembly/hex) }] [asm code { Code (assembly/hex) }] [output {OutputName (string)}]\n");
29
30 ShowMessages("\n");
31 ShowMessages("\t\te.g : !ioout\n");
32 ShowMessages("\t\te.g : !ioout 0x64\n");
33 ShowMessages("\t\te.g : !ioout pid 400\n");
34 ShowMessages("\t\te.g : !ioout core 2 pid 400\n");
35 ShowMessages("\t\te.g : !ioout script { printf(\"OUT instruction is executed at port: %%llx\\n\", $context); }\n");
36 ShowMessages("\t\te.g : !ioout asm code { nop; nop; nop }\n");
37}