HyperDbg Debugger
Loading...
Searching...
No Matches
debugger.h
Go to the documentation of this file.
1
12#pragma once
13
15// Debugger Synchronization Objects //
17
21#define DEBUGGER_MAXIMUM_SYNCRONIZATION_KERNEL_DEBUGGER_OBJECTS 0x40
22
29//
30// Kernel-debugger
31//
32#define DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_IS_DEBUGGER_RUNNING 0x0
33#define DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_STARTED_PACKET_RECEIVED 0x1
34#define DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_PAUSED_DEBUGGEE_DETAILS 0x2
35#define DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_CORE_SWITCHING_RESULT 0x3
36#define DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_PROCESS_SWITCHING_RESULT 0x4
37#define DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_THREAD_SWITCHING_RESULT 0x5
38#define DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_SCRIPT_RUNNING_RESULT 0x6
39#define DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_SCRIPT_FORMATS_RESULT 0x7
40#define DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_DEBUGGEE_FINISHED_COMMAND_EXECUTION 0x8
41#define DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_FLUSH_RESULT 0x9
42#define DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_REGISTER_EVENT 0xa
43#define DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_ADD_ACTION_TO_EVENT 0xb
44#define DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_MODIFY_AND_QUERY_EVENT 0xc
45#define DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_READ_REGISTERS 0xd
46#define DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_BP 0xe
47#define DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_LIST_OR_MODIFY_BREAKPOINTS 0xf
48#define DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_READ_MEMORY 0x10
49#define DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_EDIT_MEMORY 0x11
50#define DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_SYMBOL_RELOAD 0x12
51#define DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_TEST_QUERY 0x13
52#define DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_CALLSTACK_RESULT 0x14
53#define DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_SEARCH_QUERY_RESULT 0x15
54#define DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_VA2PA_AND_PA2VA_RESULT 0x16
55#define DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_PTE_RESULT 0x17
56#define DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_SHORT_CIRCUITING_EVENT_STATE 0x18
57#define DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_PAGE_IN_STATE 0x19
58#define DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_WRITE_REGISTER 0x1a
59
61// Event Details //
63
83 *PDEBUGGER_EVENT_PARSING_ERROR_CAUSE;
84
88#define DEBUGGER_MAXIMUM_SYNCRONIZATION_USER_DEBUGGER_OBJECTS 0x40
89
96//
97// User-debugger
98//
99#define DEBUGGER_SYNCRONIZATION_OBJECT_USER_DEBUGGER_IS_DEBUGGER_RUNNING 0x30
100
102// Event Details //
104
117
119// Functions //
121
122VOID
123InterpreterRemoveComments(char * CommandText);
124
125BOOLEAN
126ShowErrorMessage(UINT32 Error);
127
128BOOLEAN
129IsConnectedToAnyInstanceOfDebuggerOrDebuggee();
130
131BOOLEAN
132IsTagExist(UINT64 Tag);
133
134UINT64
135DebuggerGetNtoskrnlBase();
136
137UINT64
138DebuggerGetKernelBase();
139
140BOOLEAN
141DebuggerPauseDebuggee();
142
143BOOLEAN
144InterpretConditionsAndCodes(vector<string> * SplitCommand,
145 vector<string> * SplitCommandCaseSensitive,
146 BOOLEAN IsConditionBuffer,
147 PUINT64 BufferAddress,
148 PUINT32 BufferLength);
149
150VOID
151FreeEventsAndActionsMemory(PDEBUGGER_GENERAL_EVENT_DETAIL Event,
152 PDEBUGGER_GENERAL_ACTION ActionBreakToDebugger,
153 PDEBUGGER_GENERAL_ACTION ActionCustomCode,
154 PDEBUGGER_GENERAL_ACTION ActionScript);
155
156BOOLEAN
157SendEventToKernel(PDEBUGGER_GENERAL_EVENT_DETAIL Event,
158 UINT32 EventBufferLength);
159
160BOOLEAN
161RegisterActionToEvent(PDEBUGGER_GENERAL_EVENT_DETAIL Event,
162 PDEBUGGER_GENERAL_ACTION ActionBreakToDebugger,
163 UINT32 ActionBreakToDebuggerLength,
164 PDEBUGGER_GENERAL_ACTION ActionCustomCode,
165 UINT32 ActionCustomCodeLength,
166 PDEBUGGER_GENERAL_ACTION ActionScript,
167 UINT32 ActionScriptLength);
168
169BOOLEAN
170InterpretGeneralEventAndActionsFields(
171 vector<string> * SplitCommand,
172 vector<string> * SplitCommandCaseSensitive,
173 VMM_EVENT_TYPE_ENUM EventType,
174 PDEBUGGER_GENERAL_EVENT_DETAIL * EventDetailsToFill,
175 PUINT32 EventBufferLength,
176 PDEBUGGER_GENERAL_ACTION * ActionDetailsToFillBreakToDebugger,
177 PUINT32 ActionBufferLengthBreakToDebugger,
178 PDEBUGGER_GENERAL_ACTION * ActionDetailsToFillCustomCode,
179 PUINT32 ActionBufferLengthCustomCode,
180 PDEBUGGER_GENERAL_ACTION * ActionDetailsToFillScript,
181 PUINT32 ActionBufferLengthScript,
182 PDEBUGGER_EVENT_PARSING_ERROR_CAUSE ReasonForErrorInParsing);
183
184BOOLEAN
185CallstackReturnAddressToCallingAddress(UCHAR * ReturnAddress, PUINT32 IndexOfCallFromReturnAddress);
186
187VOID
188CallstackShowFrames(PDEBUGGER_SINGLE_CALLSTACK_FRAME CallstackFrames,
189 UINT32 FrameCount,
190 DEBUGGER_CALLSTACK_DISPLAY_METHOD DisplayMethod,
191 BOOLEAN Is32Bit);
192
193UINT64
194GetNewDebuggerEventTag();
195
196DWORD WINAPI
197ListeningSerialPauseDebuggeeThread(PVOID Param);
198
199DWORD WINAPI
200ListeningSerialPauseDebuggerThread(PVOID Param);
201
202VOID
203LogopenSaveToFile(const char * Text);
204
205BOOL
206BreakController(DWORD CtrlType);
207
208VOID
209CommandEventsShowEvents();
210
211BOOLEAN
212CommandEventsModifyAndQueryEvents(UINT64 Tag,
213 DEBUGGER_MODIFY_EVENTS_TYPE TypeOfAction);
214
215VOID
216CommandEventsHandleModifiedEvent(
217 UINT64 Tag,
218 PDEBUGGER_MODIFY_EVENTS ModifyEventRequest);
219
220VOID
221CommandEventsClearAllEventsAndResetTags();
222
223VOID
224CommandFlushRequestFlush();
225
226UINT64
227GetCommandAttributes(const string & FirstCommand);
228
229VOID
230DetachFromProcess();
231
232VOID
233CommandPauseRequest();
234
235VOID
236CommandGRequest();
237
238VOID
239CommandBpRequest(UINT64 Address, UINT32 Pid, UINT32 Tid, UINT32 CoreNumer);
240
241VOID
242CommandTrackHandleReceivedInstructions(unsigned char * BufferToDisassemble,
243 UINT32 BuffLength,
244 BOOLEAN Isx86_64,
245 UINT64 RipAddress);
246
247VOID
248CommandTrackHandleReceivedCallInstructions(const char * NameOfFunctionFromSymbols,
249 UINT64 ComputedAbsoluteAddress);
250
251VOID
252CommandTrackHandleReceivedRetInstructions(UINT64 CurrentRip);
253
254BOOLEAN
255HyperDbgWriteMemory(PVOID DestinationAddress,
256 DEBUGGER_EDIT_MEMORY_TYPE MemoryType,
257 UINT32 ProcessId,
258 PVOID SourceAddress,
259 UINT32 NumberOfBytes);
260
262// Registers //
264
265BOOLEAN
266HyperDbgReadAllRegisters(GUEST_REGS * GuestRegisters, GUEST_EXTRA_REGISTERS * ExtraRegisters);
267
268BOOLEAN
269HyperDbgReadTargetRegister(REGS_ENUM RegisterId, UINT64 * TargetRegister);
270
271BOOLEAN
272HyperDbgWriteTargetRegister(REGS_ENUM RegisterId, UINT64 Value);
273
274BOOLEAN
275HyperDbgRegisterShowAll();
276
277BOOLEAN
278HyperDbgRegisterShowTargetRegister(REGS_ENUM RegisterId);
279
280BOOLEAN
281HyperDbgDebugRemoteDeviceUsingComPort(const CHAR * PortName, DWORD Baudrate);
282
283BOOLEAN
284HyperDbgDebugRemoteDeviceUsingNamedPipe(const CHAR * NamedPipe);
285
286BOOLEAN
287HyperDbgDebugCurrentDeviceUsingComPort(const CHAR * PortName, DWORD Baudrate);
BOOL
int BOOL
Definition BasicTypes.h:23
BOOLEAN
UCHAR BOOLEAN
Definition BasicTypes.h:39
UCHAR
unsigned char UCHAR
Definition BasicTypes.h:35
VOID
#define VOID
Definition BasicTypes.h:33
PUINT32
unsigned int * PUINT32
Definition BasicTypes.h:48
UINT64
unsigned __int64 UINT64
Definition BasicTypes.h:21
DWORD
unsigned long DWORD
Definition BasicTypes.h:22
PUINT64
unsigned __int64 * PUINT64
Definition BasicTypes.h:21
UINT32
unsigned int UINT32
Definition BasicTypes.h:48
CHAR
char CHAR
Definition BasicTypes.h:31
NumberOfBytes
POOL_TYPE SIZE_T NumberOfBytes
Definition Hooks.h:167
Tag
POOL_TYPE SIZE_T ULONG Tag
Definition Hooks.h:168
Address
UINT64 Address
Definition HyperDbgScriptImports.h:67
BufferAddress
UINT64 BOOLEAN PVOID BufferAddress
Definition HyperDbgScriptImports.h:67
DEBUGGER_CALLSTACK_DISPLAY_METHOD
enum _DEBUGGER_CALLSTACK_DISPLAY_METHOD DEBUGGER_CALLSTACK_DISPLAY_METHOD
callstack showing method
DEBUGGER_EDIT_MEMORY_TYPE
enum _DEBUGGER_EDIT_MEMORY_TYPE DEBUGGER_EDIT_MEMORY_TYPE
different type of addresses for editing memory
REGS_ENUM
REGS_ENUM
Definition ScriptEngineCommonDefinitions.h:313
VMM_EVENT_TYPE_ENUM
enum _VMM_EVENT_TYPE_ENUM VMM_EVENT_TYPE_ENUM
enum to show type of all HyperDbg events
DEBUGGER_MODIFY_EVENTS_TYPE
enum _DEBUGGER_MODIFY_EVENTS_TYPE DEBUGGER_MODIFY_EVENTS_TYPE
different types of modifying events request (enable/disable/clear)
Value
RequestedActionOfThePacket Value(0x1) 00000000
DebuggerGetKernelBase
UINT64 DebuggerGetKernelBase()
Get the base address of the kernel module.
Definition debugger.cpp:593
CommandEventsShowEvents
VOID CommandEventsShowEvents()
print every active and disabled events
Definition events.cpp:227
ListeningSerialPauseDebuggerThread
DWORD WINAPI ListeningSerialPauseDebuggerThread(PVOID Param)
Check if the remote debuggee needs to pause the system.
Definition kernel-listening.cpp:1227
CommandEventsHandleModifiedEvent
VOID CommandEventsHandleModifiedEvent(UINT64 Tag, PDEBUGGER_MODIFY_EVENTS ModifyEventRequest)
Handle events after modification.
Definition events.cpp:499
CommandPauseRequest
VOID CommandPauseRequest()
request to pause
Definition pause.cpp:40
_DEBUGGER_EVENT_PARSING_ERROR_CAUSE
_DEBUGGER_EVENT_PARSING_ERROR_CAUSE
Reason for error in parsing commands.
Definition debugger.h:69
DEBUGGER_EVENT_PARSING_ERROR_CAUSE_OUTPUT_NAME_NOT_FOUND
@ DEBUGGER_EVENT_PARSING_ERROR_CAUSE_OUTPUT_NAME_NOT_FOUND
Definition debugger.h:74
DEBUGGER_EVENT_PARSING_ERROR_CAUSE_SUCCESSFUL_NO_ERROR
@ DEBUGGER_EVENT_PARSING_ERROR_CAUSE_SUCCESSFUL_NO_ERROR
Definition debugger.h:70
DEBUGGER_EVENT_PARSING_ERROR_CAUSE_MAXIMUM_INPUT_REACHED
@ DEBUGGER_EVENT_PARSING_ERROR_CAUSE_MAXIMUM_INPUT_REACHED
Definition debugger.h:73
DEBUGGER_EVENT_PARSING_ERROR_CAUSE_USING_SHORT_CIRCUITING_IN_POST_EVENTS
@ DEBUGGER_EVENT_PARSING_ERROR_CAUSE_USING_SHORT_CIRCUITING_IN_POST_EVENTS
Definition debugger.h:80
DEBUGGER_EVENT_PARSING_ERROR_CAUSE_NO_INPUT
@ DEBUGGER_EVENT_PARSING_ERROR_CAUSE_NO_INPUT
Definition debugger.h:72
DEBUGGER_EVENT_PARSING_ERROR_CAUSE_OUTPUT_SOURCE_ALREADY_CLOSED
@ DEBUGGER_EVENT_PARSING_ERROR_CAUSE_OUTPUT_SOURCE_ALREADY_CLOSED
Definition debugger.h:75
DEBUGGER_EVENT_PARSING_ERROR_CAUSE_SCRIPT_SYNTAX_ERROR
@ DEBUGGER_EVENT_PARSING_ERROR_CAUSE_SCRIPT_SYNTAX_ERROR
Definition debugger.h:71
DEBUGGER_EVENT_PARSING_ERROR_CAUSE_IMMEDIATE_MESSAGING_IN_EVENT_FORWARDING_MODE
@ DEBUGGER_EVENT_PARSING_ERROR_CAUSE_IMMEDIATE_MESSAGING_IN_EVENT_FORWARDING_MODE
Definition debugger.h:79
DEBUGGER_EVENT_PARSING_ERROR_CAUSE_ALLOCATION_ERROR
@ DEBUGGER_EVENT_PARSING_ERROR_CAUSE_ALLOCATION_ERROR
Definition debugger.h:76
DEBUGGER_EVENT_PARSING_ERROR_CAUSE_ATTEMPT_TO_BREAK_ON_VMI_MODE
@ DEBUGGER_EVENT_PARSING_ERROR_CAUSE_ATTEMPT_TO_BREAK_ON_VMI_MODE
Definition debugger.h:78
DEBUGGER_EVENT_PARSING_ERROR_CAUSE_FORMAT_ERROR
@ DEBUGGER_EVENT_PARSING_ERROR_CAUSE_FORMAT_ERROR
Definition debugger.h:77
HyperDbgDebugRemoteDeviceUsingNamedPipe
BOOLEAN HyperDbgDebugRemoteDeviceUsingNamedPipe(const CHAR *NamedPipe)
Connect to a remote named pipe (Debugger)
Definition debug.cpp:156
CommandTrackHandleReceivedRetInstructions
VOID CommandTrackHandleReceivedRetInstructions(UINT64 CurrentRip)
Handle received 'ret'.
Definition track.cpp:281
DetachFromProcess
VOID DetachFromProcess()
perform detach from process
Definition detach.cpp:39
FreeEventsAndActionsMemory
VOID FreeEventsAndActionsMemory(PDEBUGGER_GENERAL_EVENT_DETAIL Event, PDEBUGGER_GENERAL_ACTION ActionBreakToDebugger, PDEBUGGER_GENERAL_ACTION ActionCustomCode, PDEBUGGER_GENERAL_ACTION ActionScript)
Deallocate buffers relating to events and actions.
Definition debugger.cpp:2292
CallstackShowFrames
VOID CallstackShowFrames(PDEBUGGER_SINGLE_CALLSTACK_FRAME CallstackFrames, UINT32 FrameCount, DEBUGGER_CALLSTACK_DISPLAY_METHOD DisplayMethod, BOOLEAN Is32Bit)
Show stack frames.
Definition callstack.cpp:212
HyperDbgReadTargetRegister
BOOLEAN HyperDbgReadTargetRegister(REGS_ENUM RegisterId, UINT64 *TargetRegister)
Read target register.
Definition r.cpp:247
HyperDbgReadAllRegisters
BOOLEAN HyperDbgReadAllRegisters(GUEST_REGS *GuestRegisters, GUEST_EXTRA_REGISTERS *ExtraRegisters)
Read all registers.
Definition r.cpp:174
InterpreterRemoveComments
VOID InterpreterRemoveComments(char *CommandText)
Remove batch comments.
Definition interpreter.cpp:509
HyperDbgDebugRemoteDeviceUsingComPort
BOOLEAN HyperDbgDebugRemoteDeviceUsingComPort(const CHAR *PortName, DWORD Baudrate)
Connect to a remote serial device (Debugger)
Definition debug.cpp:116
DEBUGGER_EVENT_PARSING_ERROR_CAUSE
enum _DEBUGGER_EVENT_PARSING_ERROR_CAUSE DEBUGGER_EVENT_PARSING_ERROR_CAUSE
Reason for error in parsing commands.
CommandTrackHandleReceivedCallInstructions
VOID CommandTrackHandleReceivedCallInstructions(const char *NameOfFunctionFromSymbols, UINT64 ComputedAbsoluteAddress)
Handle received 'call'.
Definition track.cpp:234
HyperDbgRegisterShowAll
BOOLEAN HyperDbgRegisterShowAll()
handler of r show all registers
Definition r.cpp:317
ListeningSerialPauseDebuggeeThread
DWORD WINAPI ListeningSerialPauseDebuggeeThread(PVOID Param)
Check if the remote debugger needs to pause the system.
Definition kernel-listening.cpp:1244
CommandBpRequest
VOID CommandBpRequest(UINT64 Address, UINT32 Pid, UINT32 Tid, UINT32 CoreNumer)
request breakpoint
Definition bp.cpp:57
HyperDbgDebugCurrentDeviceUsingComPort
BOOLEAN HyperDbgDebugCurrentDeviceUsingComPort(const CHAR *PortName, DWORD Baudrate)
Connect to a remote serial device (Debuggee)
Definition debug.cpp:170
IsTagExist
BOOLEAN IsTagExist(UINT64 Tag)
Check whether the tag exists or not, if the tag is DEBUGGER_MODIFY_EVENTS_APPLY_TO_ALL_TAG then if we...
Definition debugger.cpp:719
DEBUGGER_SYNCRONIZATION_EVENTS_STATE
struct _DEBUGGER_SYNCRONIZATION_EVENTS_STATE DEBUGGER_SYNCRONIZATION_EVENTS_STATE
In debugger holds the state of events.
InterpretGeneralEventAndActionsFields
BOOLEAN InterpretGeneralEventAndActionsFields(vector< string > *SplitCommand, vector< string > *SplitCommandCaseSensitive, VMM_EVENT_TYPE_ENUM EventType, PDEBUGGER_GENERAL_EVENT_DETAIL *EventDetailsToFill, PUINT32 EventBufferLength, PDEBUGGER_GENERAL_ACTION *ActionDetailsToFillBreakToDebugger, PUINT32 ActionBufferLengthBreakToDebugger, PDEBUGGER_GENERAL_ACTION *ActionDetailsToFillCustomCode, PUINT32 ActionBufferLengthCustomCode, PDEBUGGER_GENERAL_ACTION *ActionDetailsToFillScript, PUINT32 ActionBufferLengthScript, PDEBUGGER_EVENT_PARSING_ERROR_CAUSE ReasonForErrorInParsing)
Interpret general event fields.
Definition debugger.cpp:2342
InterpretConditionsAndCodes
BOOLEAN InterpretConditionsAndCodes(vector< string > *SplitCommand, vector< string > *SplitCommandCaseSensitive, BOOLEAN IsConditionBuffer, PUINT64 BufferAddress, PUINT32 BufferLength)
Interpret conditions (if an event has condition) and custom code.
Definition debugger.cpp:1246
LogopenSaveToFile
VOID LogopenSaveToFile(const char *Text)
Append text to the file object.
Definition logopen.cpp:119
GetCommandAttributes
UINT64 GetCommandAttributes(const string &FirstCommand)
Get Command Attributes.
Definition interpreter.cpp:734
CommandGRequest
VOID CommandGRequest()
Request to unpause.
Definition g.cpp:41
DebuggerGetNtoskrnlBase
UINT64 DebuggerGetNtoskrnlBase()
Get ntoskrnl.exe base in the kernel.
Definition debugger.cpp:551
BreakController
BOOL BreakController(DWORD CtrlType)
handle CTRL+C and CTRL+Break events
Definition break-control.cpp:34
HyperDbgRegisterShowTargetRegister
BOOLEAN HyperDbgRegisterShowTargetRegister(REGS_ENUM RegisterId)
handler of r show the target register
Definition r.cpp:387
SendEventToKernel
BOOLEAN SendEventToKernel(PDEBUGGER_GENERAL_EVENT_DETAIL Event, UINT32 EventBufferLength)
Register the event to the kernel.
Definition debugger.cpp:1969
HyperDbgWriteMemory
BOOLEAN HyperDbgWriteMemory(PVOID DestinationAddress, DEBUGGER_EDIT_MEMORY_TYPE MemoryType, UINT32 ProcessId, PVOID SourceAddress, UINT32 NumberOfBytes)
API function for writing the memory content.
Definition e.cpp:193
ShowErrorMessage
BOOLEAN ShowErrorMessage(UINT32 Error)
shows the error message
Definition debugger.cpp:38
IsConnectedToAnyInstanceOfDebuggerOrDebuggee
BOOLEAN IsConnectedToAnyInstanceOfDebuggerOrDebuggee()
Shows whether the debugger is connected to a debugger or debuggee connected to a debugger.
Definition debugger.cpp:668
PDEBUGGER_SYNCRONIZATION_EVENTS_STATE
struct _DEBUGGER_SYNCRONIZATION_EVENTS_STATE * PDEBUGGER_SYNCRONIZATION_EVENTS_STATE
PDEBUGGER_EVENT_PARSING_ERROR_CAUSE
enum _DEBUGGER_EVENT_PARSING_ERROR_CAUSE * PDEBUGGER_EVENT_PARSING_ERROR_CAUSE
CommandEventsModifyAndQueryEvents
BOOLEAN CommandEventsModifyAndQueryEvents(UINT64 Tag, DEBUGGER_MODIFY_EVENTS_TYPE TypeOfAction)
modify a special event (enable/disable/clear) and send the request directly to the kernel
Definition events.cpp:654
DebuggerPauseDebuggee
BOOLEAN DebuggerPauseDebuggee()
pauses the debuggee
Definition debugger.cpp:617
CommandTrackHandleReceivedInstructions
VOID CommandTrackHandleReceivedInstructions(unsigned char *BufferToDisassemble, UINT32 BuffLength, BOOLEAN Isx86_64, UINT64 RipAddress)
Handle received 'call' or 'ret'.
Definition track.cpp:211
RegisterActionToEvent
BOOLEAN RegisterActionToEvent(PDEBUGGER_GENERAL_EVENT_DETAIL Event, PDEBUGGER_GENERAL_ACTION ActionBreakToDebugger, UINT32 ActionBreakToDebuggerLength, PDEBUGGER_GENERAL_ACTION ActionCustomCode, UINT32 ActionCustomCodeLength, PDEBUGGER_GENERAL_ACTION ActionScript, UINT32 ActionScriptLength)
Register the action to the event.
Definition debugger.cpp:2086
CallstackReturnAddressToCallingAddress
BOOLEAN CallstackReturnAddressToCallingAddress(UCHAR *ReturnAddress, PUINT32 IndexOfCallFromReturnAddress)
Walkthrough the stack.
Definition callstack.cpp:30
GetNewDebuggerEventTag
UINT64 GetNewDebuggerEventTag()
Get the New Debugger Event Tag object and increase the global variable for tag.
Definition debugger.cpp:2280
CommandFlushRequestFlush
VOID CommandFlushRequestFlush()
flush command handler
Definition flush.cpp:39
HyperDbgWriteTargetRegister
BOOLEAN HyperDbgWriteTargetRegister(REGS_ENUM RegisterId, UINT64 Value)
Write target register.
Definition r.cpp:285
CommandEventsClearAllEventsAndResetTags
VOID CommandEventsClearAllEventsAndResetTags()
Clears all the events and resets the tag.
Definition events.cpp:470
_DEBUGGER_GENERAL_ACTION
Each event can have multiple actions.
Definition Events.h:406
_DEBUGGER_GENERAL_EVENT_DETAIL
Each command is like the following struct, it also used for tracing works in user mode and sending it...
Definition Events.h:350
_DEBUGGER_MODIFY_EVENTS
request for modifying events (enable/disable/clear)
Definition Events.h:242
_DEBUGGER_SINGLE_CALLSTACK_FRAME
The structure for saving the callstack frame of one parameter.
Definition RequestStructures.h:761
_DEBUGGER_SYNCRONIZATION_EVENTS_STATE
In debugger holds the state of events.
Definition debugger.h:110
_DEBUGGER_SYNCRONIZATION_EVENTS_STATE::RequestSize
UINT32 RequestSize
Definition debugger.h:114
_DEBUGGER_SYNCRONIZATION_EVENTS_STATE::EventHandle
HANDLE EventHandle
Definition debugger.h:111
_DEBUGGER_SYNCRONIZATION_EVENTS_STATE::RequestData
PVOID RequestData
Definition debugger.h:113
_DEBUGGER_SYNCRONIZATION_EVENTS_STATE::IsOnWaitingState
BOOLEAN IsOnWaitingState
Definition debugger.h:112
GUEST_EXTRA_REGISTERS
struct for extra registers
Definition BasicTypes.h:103
GUEST_REGS
Definition BasicTypes.h:70