|
HyperDbg Debugger
|
header for HyperDbg's general functions for reading and converting and etc More...
Go to the source code of this file.
Macros | |
| #define | AssertReturn return; |
| #define | AssertReturnFalse return FALSE; |
| #define | AssertReturnOne return 1; |
| #define | PAUSE_MESSAGE_IN_USER_DEBUGGER "\nTo pause the target process, run the 'pause' command" |
| #define | ASSERT_MESSAGE_DRIVER_NOT_LOADED "handle of the driver not found, probably the driver is not loaded. Did you use 'load' command?\n" |
| #define | ASSERT_MESSAGE_KD_NOT_LOADED "the kd (kernel debugger) module is not loaded. Did you use 'load kd' command?\n" |
| #define | ASSERT_MESSAGE_VMM_NOT_LOADED "the vmm (virtualization) module is not loaded. Did you use 'load vmm' command?\n" |
| #define | ASSERT_MESSAGE_HYPERTRACE_NOT_LOADED "the trace (hypertrace) module is not loaded. Did you use 'load trace' command?\n" |
| #define | ASSERT_MESSAGE_BUILD_SIGNATURE_DOESNT_MATCH |
| #define | ASSERT_MESSAGE_CANNOT_SPECIFY_PID |
| #define | AssertReturnStmt(expr, stmt, rc) |
| #define | AssertShowMessageReturnStmt(expr1, expr2, message1, message2, rc) |
| #define | PAGE_SIZE 0x1000 |
| Size of each page (4096 bytes). | |
| #define | PAGE_ALIGN(Va) |
| Aligning a page. | |
| #define | CPUID_ADDR_WIDTH 0x80000008 |
| Cpuid to get virtual address width. | |
| #define | DbgWaitForKernelResponse(KernelSyncObjectId) |
| #define | DbgWaitForUserResponse(UserSyncObjectId) |
| #define | DbgWaitSetKernelRequestData(KernelSyncObjectId, ReqData, ReqSize) |
| #define | DbgWaitSetUserRequestData(UserSyncObjectId, ReqData, ReqSize) |
| #define | DbgWaitGetKernelRequestData(KernelSyncObjectId, ReqData, ReqSize) |
| #define | DbgWaitGetUserRequestData(UserSyncObjectId, ReqData, ReqSize) |
| #define | DbgReceivedKernelResponse(KernelSyncObjectId) |
| #define | DbgReceivedUserResponse(UserSyncObjectId) |
Functions | |
| BOOLEAN | AsmVmxSupportDetection () |
| VOID | SpinlockLock (volatile LONG *Lock) |
| Tries to get the lock and won't return until successfully get the lock. | |
| VOID | SpinlockLockWithCustomWait (volatile LONG *Lock, UINT32 MaximumWait) |
| Tries to get the lock and won't return until successfully get the lock. | |
| VOID | SpinlockUnlock (volatile LONG *Lock) |
| Release the lock. | |
| VOID | PrintBits (const UINT32 size, const VOID *ptr) |
| BOOL | Replace (std::string &str, const std::string &from, const std::string &to) |
| VOID | ReplaceAll (string &str, const string &from, const string &to) |
| const vector< string > | Split (const string &s, const CHAR &c) |
| BOOLEAN | IsNumber (const string &str) |
| UINT32 | Log2Ceil (UINT32 n) |
| Function to compute log2Ceil. | |
| BOOLEAN | IsHexNotation (const string &s) |
| vector< CHAR > | HexToBytes (const string &hex) |
| BOOLEAN | ConvertStringToUInt64 (string TextToConvert, PUINT64 Result) |
| BOOLEAN | ConvertStringToUInt32 (string TextToConvert, PUINT32 Result) |
| BOOLEAN | ConvertTokenToUInt64 (CommandToken TargetToken, PUINT64 Result) |
| add ` between 64 bit values and convert them to string | |
| BOOLEAN | ConvertTokenToUInt32 (CommandToken TargetToken, PUINT32 Result) |
| check and convert command token to a 32 bit unsigned integer | |
| std::string | GetCaseSensitiveStringFromCommandToken (CommandToken TargetToken) |
| Get case sensitive string from command token. | |
| std::string | GetLowerStringFromCommandToken (CommandToken TargetToken) |
| Get lower case string from command token. | |
| BOOLEAN | CompareLowerCaseStrings (CommandToken TargetToken, const CHAR *StringToCompare) |
| Compare lower case strings. | |
| BOOLEAN | IsTokenBracketString (CommandToken TargetToken) |
| Is token bracket string. | |
| BOOLEAN | HasEnding (string const &fullString, string const &ending) |
| checks whether the string ends with a special string or not | |
| BOOLEAN | ValidateIP (const string &ip) |
| Function to validate an IP address. | |
| BOOL | SetPrivilege (HANDLE Token, LPCTSTR Privilege, BOOL EnablePrivilege) |
| SetPrivilege enables/disables process token privilege. | |
| VOID | Trim (std::string &s) |
| trim from both ends and start of a string (in place) | |
| std::string | RemoveSpaces (std::string str) |
| Remove all the spaces in a string. | |
| BOOLEAN | IsFileExistA (const CHAR *FileName) |
| check if a file exist or not (ASCII) | |
| BOOLEAN | IsFileExistW (const WCHAR *FileName) |
| check if a file exist or not (wide-char) | |
| VOID | GetConfigFilePath (PWCHAR ConfigPath) |
| Get config path. | |
| VOID | StringToWString (std::wstring &ws, const std::string &s) |
| convert std::string to std::wstring | |
| SIZE_T | FindCaseInsensitive (std::string Input, std::string ToSearch, SIZE_T Pos) |
| Find case insensitive sub string in a given substring. | |
| SIZE_T | FindCaseInsensitiveW (std::wstring Input, std::wstring ToSearch, SIZE_T Pos) |
| Find case insensitive sub string in a given substring (unicode). | |
| CHAR * | ConvertStringVectorToCharPointerArray (const std::string &s) |
| Convert vector<string> to char*. | |
| std::vector< std::string > | ListDirectory (const std::string &Directory, const std::string &Extension) |
| Create a list of special files in a directory. | |
| BOOLEAN | IsEmptyString (CHAR *Text) |
| Is empty character. | |
| VOID | CommonCpuidInstruction (UINT32 Func, UINT32 SubFunc, INT *CpuInfo) |
| Get cpuid results. | |
| BOOLEAN | CheckCpuSupportRtm () |
| Check whether the processor supports RTM or not. | |
| UINT32 | Getx86VirtualAddressWidth () |
| Get virtual address width for x86 processors. | |
| BOOLEAN | CheckAccessValidityAndSafety (UINT64 TargetAddress, UINT32 Size) |
| Check the safety to access the memory. | |
| BOOLEAN | VmxSupportDetection () |
| Detect whether the VMX is supported or not. | |
header for HyperDbg's general functions for reading and converting and etc
| #define ASSERT_MESSAGE_BUILD_SIGNATURE_DOESNT_MATCH |
| #define ASSERT_MESSAGE_CANNOT_SPECIFY_PID |
| #define ASSERT_MESSAGE_DRIVER_NOT_LOADED "handle of the driver not found, probably the driver is not loaded. Did you use 'load' command?\n" |
| #define ASSERT_MESSAGE_HYPERTRACE_NOT_LOADED "the trace (hypertrace) module is not loaded. Did you use 'load trace' command?\n" |
| #define ASSERT_MESSAGE_KD_NOT_LOADED "the kd (kernel debugger) module is not loaded. Did you use 'load kd' command?\n" |
| #define ASSERT_MESSAGE_VMM_NOT_LOADED "the vmm (virtualization) module is not loaded. Did you use 'load vmm' command?\n" |
| #define AssertReturn return; |
| #define AssertReturnOne return 1; |
| #define AssertReturnStmt | ( | expr, | |
| stmt, | |||
| rc ) |
| #define AssertShowMessageReturnStmt | ( | expr1, | |
| expr2, | |||
| message1, | |||
| message2, | |||
| rc ) |
| #define CPUID_ADDR_WIDTH 0x80000008 |
Cpuid to get virtual address width.
| #define DbgReceivedKernelResponse | ( | KernelSyncObjectId | ) |
| #define DbgReceivedUserResponse | ( | UserSyncObjectId | ) |
| #define DbgWaitForKernelResponse | ( | KernelSyncObjectId | ) |
| #define DbgWaitForUserResponse | ( | UserSyncObjectId | ) |
| #define DbgWaitGetKernelRequestData | ( | KernelSyncObjectId, | |
| ReqData, | |||
| ReqSize ) |
| #define DbgWaitGetUserRequestData | ( | UserSyncObjectId, | |
| ReqData, | |||
| ReqSize ) |
| #define DbgWaitSetKernelRequestData | ( | KernelSyncObjectId, | |
| ReqData, | |||
| ReqSize ) |
| #define DbgWaitSetUserRequestData | ( | UserSyncObjectId, | |
| ReqData, | |||
| ReqSize ) |
| #define PAGE_ALIGN | ( | Va | ) |
| #define PAGE_SIZE 0x1000 |
Size of each page (4096 bytes).
| #define PAUSE_MESSAGE_IN_USER_DEBUGGER "\nTo pause the target process, run the 'pause' command" |
|
extern |
Check the safety to access the memory.
| TargetAddress | |
| Size |
| BOOLEAN CheckCpuSupportRtm | ( | ) |
Check whether the processor supports RTM or not.
Get cpuid results.
| Func | |
| SubFunc | |
| CpuInfo |
| BOOLEAN CompareLowerCaseStrings | ( | CommandToken | TargetToken, |
| const CHAR * | StringToCompare ) |
Compare lower case strings.
| TargetToken | the target command token |
| StringToCompare | the string to compare |
| BOOLEAN ConvertStringToUInt64 | ( | string | TextToConvert, |
| PUINT64 | Result ) |
| CHAR * ConvertStringVectorToCharPointerArray | ( | const std::string & | s | ) |
Convert vector<string> to char*.
use it like : std::transform(vs.begin(), vs.end(), std::back_inserter(vc), ConvertStringVectorToCharPointerArray); from: https://stackoverflow.com/questions/7048888/stdvectorstdstring-to-char-array
| s |
| BOOLEAN ConvertTokenToUInt32 | ( | CommandToken | TargetToken, |
| PUINT32 | Result ) |
check and convert command token to a 32 bit unsigned integer
| TargetToken | the target command token |
| Result | result will be save to the pointer |
| BOOLEAN ConvertTokenToUInt64 | ( | CommandToken | TargetToken, |
| PUINT64 | Result ) |
add ` between 64 bit values and convert them to string
| Value |
OstringStream << setw(16) << setfill('0') << hex << Value; Temp = OstringStream.str();
Temp.insert(8, 1, '`'); return Temp; }
/**
print bits and bytes for d* commands
| Size | |
| Ptr |
for (i = Size - 1; i >= 0; i–) { for (j = 7; j >= 0; j–) { Byte = (Buf[i] >> j) & 1; ShowMessages("%u", Byte); } ShowMessages(" ", Byte); } }
/**
general replace all function
| str | |
| from | |
| to |
/**
general replace all function
| str | |
| from | |
| to |
if (from.empty()) return;
while ((SartPos = str.find(from, SartPos)) != std::string::npos) { str.replace(SartPos, from.length(), to); // // In case 'to' contains 'from', like replacing // 'x' with 'yx' // SartPos += to.length(); } }
/**
general split command
| s | target string |
| c | splitter (delimiter) |
for (auto n : s) { if (n != c) buff += n; else if (n == c && !buff.empty()) { v.push_back(buff); buff.clear(); } } if (!buff.empty()) v.push_back(buff);
return v; }
/**
check if given string is a numeric string or not
| str |
/**
check whether the string is hex or not
| s |
for (auto & CptrChar : s) { IsAnyThing = TRUE;
if (!isxdigit(CptrChar)) { return FALSE; } } if (IsAnyThing) { return TRUE; } return FALSE; }
/**
check whether the string is decimal or not
| s |
for (auto & CptrChar : s) { IsAnyThing = TRUE;
if (!isdigit(CptrChar)) { return FALSE; } } if (IsAnyThing) { return TRUE; } return FALSE; }
/**
converts hex to bytes
| hex |
for (UINT32 i = 0; i < hex.length(); i += 2) { std::string byteString = hex.substr(i, 2); CHAR Byte = (CHAR)strtol(byteString.c_str(), NULL, 16); Bytes.push_back(Byte); }
return Bytes; }
/**
check and convert string to a 64 bit unsigned integer and also check for special notations like 0x, 0n, etc.
| TextToConvert | the target string |
| Result | result will be save to the pointer |
if (TextToConvert.rfind("0x", 0) == 0 || TextToConvert.rfind("0X", 0) == 0 || TextToConvert.rfind("\\x", 0) == 0 || TextToConvert.rfind("\\X", 0) == 0) { TextToConvert = TextToConvert.erase(0, 2); } else if (TextToConvert.rfind('x', 0) == 0 || TextToConvert.rfind('X', 0) == 0) { TextToConvert = TextToConvert.erase(0, 1); } else if (TextToConvert.rfind("0n", 0) == 0 || TextToConvert.rfind("0N", 0) == 0 || TextToConvert.rfind("\\n", 0) == 0 || TextToConvert.rfind("\\N", 0) == 0) { TextToConvert = TextToConvert.erase(0, 2); IsDecimal = TRUE; } else if (TextToConvert.rfind('n', 0) == 0 || TextToConvert.rfind('N', 0) == 0) { TextToConvert = TextToConvert.erase(0, 1); IsDecimal = TRUE; }
// // Remove '`' (if any)
TextToConvert.erase(remove(TextToConvert.begin(), TextToConvert.end(), '`'), TextToConvert.end());
if (IsDecimal) { if (!IsDecimalNotation(TextToConvert)) { // // Not decimal // return FALSE; } else { errno = 0; CHAR * Unparsed = NULL; const CHAR * S = TextToConvert.c_str(); const UINT64 N = strtoull(S, &Unparsed, 10);
if (errno || (!N && S == Unparsed)) { // fflush(stdout); // perror(s); return FALSE; }
*Result = N; return TRUE; } } else { // // It's not decimal // if (!IsHexNotation(TextToConvert)) { // // Not decimal and not hex! // return FALSE; } else { // // It's a hex number // const CHAR * Text = TextToConvert.c_str(); errno = 0; UINT64 ResultValue = strtoull(Text, NULL, 16);
*Result = ResultValue;
if (errno == EINVAL) { return FALSE; } else if (errno == ERANGE) { return TRUE; }
return TRUE; } } }
/**
check and convert string to a 32 bit unsigned it and also check for special notations like 0x etc.
| TextToConvert | the target string |
| Result | result will be save to the pointer |
if (TextToConvert.rfind("0x", 0) == 0 || TextToConvert.rfind("0X", 0) == 0 || TextToConvert.rfind("\\x", 0) == 0 || TextToConvert.rfind("\\X", 0) == 0) { TextToConvert = TextToConvert.erase(0, 2); } else if (TextToConvert.rfind('x', 0) == 0 || TextToConvert.rfind('X', 0) == 0) { TextToConvert = TextToConvert.erase(0, 1); } else if (TextToConvert.rfind("0n", 0) == 0 || TextToConvert.rfind("0N", 0) == 0 || TextToConvert.rfind("\\n", 0) == 0 || TextToConvert.rfind("\\N", 0) == 0) { TextToConvert = TextToConvert.erase(0, 2); IsDecimal = TRUE; } else if (TextToConvert.rfind('n', 0) == 0 || TextToConvert.rfind('N', 0) == 0) { TextToConvert = TextToConvert.erase(0, 1); IsDecimal = TRUE; }
TextToConvert.erase(remove(TextToConvert.begin(), TextToConvert.end(), '`'), TextToConvert.end());
if (IsDecimal) { if (!IsDecimalNotation(TextToConvert)) { return FALSE; } else { try { INT I = std::stoi(TextToConvert); Result = I; return TRUE; } catch (std::invalid_argument const &) {
Bad input: std::invalid_argument thrown
return FALSE;
}
catch (std::out_of_range const &)
{
Integer overflow: std::out_of_range thrown
return FALSE;
}
return FALSE;
}
}
else
{
It's not decimal
if (!IsHexNotation(TextToConvert))
{
return FALSE;
}
else
{
It's hex number
UINT32 TempResult;
TempResult = stoi(TextToConvert, nullptr, 16);
Apply the results
Result = TempResult;
return TRUE;
}
}
}
/**
check and convert command token to a 64 bit unsigned integer
| TargetToken | the target command token |
| Result | result will be save to the pointer |
| SIZE_T FindCaseInsensitive | ( | std::string | Input, |
| std::string | ToSearch, | ||
| SIZE_T | Pos ) |
Find case insensitive sub string in a given substring.
| Input | |
| ToSearch | |
| Pos |
| SIZE_T FindCaseInsensitiveW | ( | std::wstring | Input, |
| std::wstring | ToSearch, | ||
| SIZE_T | Pos ) |
Find case insensitive sub string in a given substring (unicode).
| Input | |
| ToSearch | |
| Pos |
| std::string GetCaseSensitiveStringFromCommandToken | ( | CommandToken | TargetToken | ) |
Get case sensitive string from command token.
| TargetToken | the target command token |
| VOID GetConfigFilePath | ( | PWCHAR | ConfigPath | ) |
Get config path.
| ConfigPath |
| std::string GetLowerStringFromCommandToken | ( | CommandToken | TargetToken | ) |
Get lower case string from command token.
| TargetToken | the target command token |
| UINT32 Getx86VirtualAddressWidth | ( | ) |
| BOOLEAN HasEnding | ( | string const & | fullString, |
| string const & | ending ) |
checks whether the string ends with a special string or not
| fullString | |
| ending |
| vector< CHAR > HexToBytes | ( | const string & | hex | ) |
Is empty character.
| Text |
check if a file exist or not (ASCII)
| FileName | path of file |
| BOOLEAN IsFileExistW | ( | const WCHAR * | FileName | ) |
check if a file exist or not (wide-char)
| FileName | path of file |
| BOOLEAN IsHexNotation | ( | const string & | s | ) |
| BOOLEAN IsNumber | ( | const string & | str | ) |
| BOOLEAN IsTokenBracketString | ( | CommandToken | TargetToken | ) |
Is token bracket string.
| TargetToken | the target command token |
| std::vector< std::string > ListDirectory | ( | const std::string & | Directory, |
| const std::string & | Extension ) |
Create a list of special files in a directory.
| Directory | |
| Extension |
Function to compute log2Ceil.
| n |
| VOID PrintBits | ( | const UINT32 | size, |
| const VOID * | ptr ) |
| std::string RemoveSpaces | ( | std::string | str | ) |
Remove all the spaces in a string.
| str |
| BOOL Replace | ( | std::string & | str, |
| const std::string & | from, | ||
| const std::string & | to ) |
| VOID ReplaceAll | ( | string & | str, |
| const string & | from, | ||
| const string & | to ) |
SetPrivilege enables/disables process token privilege.
| Token | |
| Privilege | |
| EnablePrivilege |
| VOID SpinlockLock | ( | volatile LONG * | Lock | ) |
Tries to get the lock and won't return until successfully get the lock.
| Lock | Lock variable |
Tries to get the lock and won't return until successfully get the lock.
| Lock | Lock variable |
| MaximumWait | Maximum wait (pause) count |
| VOID SpinlockUnlock | ( | volatile LONG * | Lock | ) |
Release the lock.
| Lock | Lock variable |
| const vector< string > Split | ( | const string & | s, |
| const CHAR & | c ) |
| VOID StringToWString | ( | std::wstring & | ws, |
| const std::string & | s ) |
convert std::string to std::wstring
| ws | |
| s |
| VOID Trim | ( | std::string & | s | ) |
trim from both ends and start of a string (in place)
| s |
| BOOLEAN ValidateIP | ( | const string & | ip | ) |
Function to validate an IP address.
| ip |
| BOOLEAN VmxSupportDetection | ( | ) |
Detect whether the VMX is supported or not.