routines for remote kernel debugging More...

Classes
struct	HKeyHolder

Macros
#define	DbgWaitForKernelResponse(KernelSyncObjectId)

#define	DbgWaitSetRequestData(KernelSyncObjectId, ReqData, ReqSize)

#define	DbgWaitGetRequestData(KernelSyncObjectId, ReqData, ReqSize)

#define	DbgReceivedKernelResponse(KernelSyncObjectId)

Functions
BOOLEAN	KdCommandPacketToDebuggee (DEBUGGER_REMOTE_PACKET_TYPE PacketType, DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION RequestedAction)

BOOLEAN	KdCommandPacketAndBufferToDebuggee (DEBUGGER_REMOTE_PACKET_TYPE PacketType, DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION RequestedAction, CHAR *Buffer, UINT32 BufferLength)

BOOLEAN	KdPrepareSerialConnectionToRemoteSystem (HANDLE SerialHandle, BOOLEAN IsNamedPipe)

BOOLEAN	KdPrepareAndConnectDebugPort (const char *PortName, DWORD Baudrate, UINT32 Port, BOOLEAN IsPreparing, BOOLEAN IsNamedPipe)

BOOLEAN	KdSendPacketToDebuggee (const CHAR *Buffer, UINT32 Length, BOOLEAN SendEndOfBuffer)

BOOLEAN	KdReceivePacketFromDebuggee (CHAR BufferToSave, UINT32 LengthReceived)

BOOLEAN	KdReceivePacketFromDebugger (CHAR BufferToSave, UINT32 LengthReceived)

BOOLEAN	KdCheckForTheEndOfTheBuffer (PUINT32 CurrentLoopIndex, BYTE *Buffer)
	compares the buffer with a string

BOOLEAN	KdSendSwitchCorePacketToDebuggee (UINT32 NewCore)
	Sends a change core or '~ x' command packet to the debuggee.

BOOLEAN	KdSendShortCircuitingEventToDebuggee (BOOLEAN IsEnabled)
	Sends a short-circuiting event request to debuggee.

BOOLEAN	KdSendEventQueryAndModifyPacketToDebuggee (UINT64 Tag, DEBUGGER_MODIFY_EVENTS_TYPE TypeOfAction, BOOLEAN *IsEnabled)
	Sends a query or request to enable/disable/clear for event.

BOOLEAN	KdSendFlushPacketToDebuggee ()
	Send a flush request to the debuggee.

BOOLEAN	KdSendCallStackPacketToDebuggee (UINT64 BaseAddress, UINT32 Size, DEBUGGER_CALLSTACK_DISPLAY_METHOD DisplayMethod, BOOLEAN Is32Bit)
	Send a callstack request to the debuggee.

BOOLEAN	KdSendTestQueryPacketToDebuggee (DEBUGGER_TEST_QUERY_STATE Type)
	Send a test query request to the debuggee.

BOOLEAN	KdSendTestQueryPacketWithContextToDebuggee (DEBUGGER_TEST_QUERY_STATE Type, UINT64 Context)
	Send a test query request to the debuggee with the specified context.

BOOLEAN	KdSendSymbolReloadPacketToDebuggee (UINT32 ProcessId)
	Send symbol reload packet to the debuggee.

BOOLEAN	KdSendReadRegisterPacketToDebuggee (PDEBUGGEE_REGISTER_READ_DESCRIPTION RegDes, UINT32 RegBuffSize)
	Send a read register packet to the debuggee.

BOOLEAN	KdSendWriteRegisterPacketToDebuggee (PDEBUGGEE_REGISTER_WRITE_DESCRIPTION RegDes)
	Send a write register packet to the debuggee.

BOOLEAN	KdSendReadMemoryPacketToDebuggee (PDEBUGGER_READ_MEMORY ReadMem, UINT32 RequestSize)
	Send a Read memory packet to the debuggee.

BOOLEAN	KdSendEditMemoryPacketToDebuggee (PDEBUGGER_EDIT_MEMORY EditMem, UINT32 Size)
	Send an Edit memory packet to the debuggee.

PDEBUGGER_EVENT_AND_ACTION_RESULT	KdSendRegisterEventPacketToDebuggee (PDEBUGGER_GENERAL_EVENT_DETAIL Event, UINT32 EventBufferLength)
	Send a register event request to the debuggee.

PDEBUGGER_EVENT_AND_ACTION_RESULT	KdSendAddActionToEventPacketToDebuggee (PDEBUGGER_GENERAL_ACTION GeneralAction, UINT32 GeneralActionLength)
	Send an add action to event request to the debuggee.

BOOLEAN	KdSendSwitchProcessPacketToDebuggee (DEBUGGEE_DETAILS_AND_SWITCH_PROCESS_TYPE ActionType, UINT32 NewPid, UINT64 NewProcess, BOOLEAN SetChangeByClockInterrupt, PDEBUGGEE_PROCESS_LIST_NEEDED_DETAILS SymDetailsForProcessList)
	Sends a change process or show process details packet to the debuggee.

BOOLEAN	KdSendSwitchThreadPacketToDebuggee (DEBUGGEE_DETAILS_AND_SWITCH_THREAD_TYPE ActionType, UINT32 NewTid, UINT64 NewThread, BOOLEAN CheckByClockInterrupt, PDEBUGGEE_THREAD_LIST_NEEDED_DETAILS SymDetailsForThreadList)
	Sends a change thread or show threads detail packet to the debuggee.

BOOLEAN	KdSendBpPacketToDebuggee (PDEBUGGEE_BP_PACKET BpPacket)
	Sends a breakpoint set or 'bp' command packet to the debuggee.

BOOLEAN	KdSendVa2paAndPa2vaPacketToDebuggee (PDEBUGGER_VA2PA_AND_PA2VA_COMMANDS Va2paAndPa2vaPacket)
	Sends VA2PA and PA2VA packest, or '!va2pa' and '!pa2va' commands packet to the debuggee.

BOOLEAN	KdSendPtePacketToDebuggee (PDEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS PtePacket)
	Sends a PTE or '!pte' command packet to the debuggee.

BOOLEAN	KdSendPageinPacketToDebuggee (PDEBUGGER_PAGE_IN_REQUEST PageinPacket)
	Sends a page-in or '.pagein' command packet to the debuggee.

BOOLEAN	KdSendListOrModifyPacketToDebuggee (PDEBUGGEE_BP_LIST_OR_MODIFY_PACKET ListOrModifyPacket)
	Sends a breakpoint list or modification packet to the debuggee.

BOOLEAN	KdSendScriptPacketToDebuggee (UINT64 BufferAddress, UINT32 BufferLength, UINT32 Pointer, BOOLEAN IsFormat)
	Sends a script packet to the debuggee.

BOOLEAN	KdSendUserInputPacketToDebuggee (const char *Sendbuf, int Len, BOOLEAN IgnoreBreakingAgain)
	Sends user input packet to the debuggee.

BOOLEAN	KdSendSearchRequestPacketToDebuggee (UINT64 *SearchRequestBuffer, UINT32 SearchRequestBufferSize)
	Sends search query request packet to the debuggee.

BOOLEAN	KdSendStepPacketToDebuggee (DEBUGGER_REMOTE_STEPPING_REQUEST StepRequestType)
	Sends p (step out) and t (step in) packet to the debuggee.

BYTE	KdComputeDataChecksum (PVOID Buffer, UINT32 Length)
	calculate the checksum of received buffer from debugger

BOOLEAN	KdRegisterEventInDebuggee (PDEBUGGER_GENERAL_EVENT_DETAIL EventRegBuffer, UINT32 Length)

BOOLEAN	KdAddActionToEventInDebuggee (PDEBUGGER_GENERAL_ACTION ActionAddingBuffer, UINT32 Length)

BOOLEAN	KdSendModifyEventInDebuggee (PDEBUGGER_MODIFY_EVENTS ModifyEvent, BOOLEAN SendTheResultBackToDebugger)

BOOLEAN	KdSendGeneralBuffersFromDebuggeeToDebugger (DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION RequestedAction, PVOID Buffer, UINT32 BufferLength, BOOLEAN PauseDebuggeeWhenSent)

BOOLEAN	KdCloseConnection ()

BOOLEAN	KdReloadSymbolsInDebuggee (BOOLEAN PauseDebuggee, UINT32 UserProcessId)

BOOLEAN	KdSendResponseOfThePingPacket ()

VOID	KdUninitializeConnection ()

VOID	KdSendUsermodePrints (CHAR *Input, UINT32 Length)

VOID	KdSendSymbolDetailPacket (PMODULE_SYMBOL_DETAIL SymbolDetailPacket, UINT32 CurrentSymbolInfoIndex, UINT32 TotalSymbols)

VOID	KdHandleUserInputInDebuggee (DEBUGGEE_USER_INPUT_PACKET *Descriptor)

VOID	KdTheRemoteSystemIsRunning ()

VOID	KdBreakControlCheckAndPauseDebugger ()

VOID	KdBreakControlCheckAndContinueDebugger ()

VOID	KdSetStatusAndWaitForPause ()

Detailed Description

routines for remote kernel debugging

Author: Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)

Version: 0.1

Date: 2020-12-22

Copyright: This project is released under the GNU Public License v3.

Macro Definition Documentation

◆ DbgReceivedKernelResponse

#define DbgReceivedKernelResponse ( KernelSyncObjectId )

Value:

    do                                                                     \
    {                                                                      \
        DEBUGGER_SYNCRONIZATION_EVENTS_STATE * SyncronizationObject =      \
            &g_KernelSyncronizationObjectsHandleTable[KernelSyncObjectId]; \
                                                                           \
        SyncronizationObject->IsOnWaitingState = FALSE;                    \
        SetEvent(SyncronizationObject->EventHandle);                       \
    } while (FALSE);

#define DbgReceivedKernelResponse(KernelSyncObjectId)                      \
    do                                                                     \
    {                                                                      \
        DEBUGGER_SYNCRONIZATION_EVENTS_STATE * SyncronizationObject =      \
            &g_KernelSyncronizationObjectsHandleTable[KernelSyncObjectId]; \
                                                                           \
        SyncronizationObject->IsOnWaitingState = FALSE;                    \
        SetEvent(SyncronizationObject->EventHandle);                       \
    } while (FALSE);

◆ DbgWaitForKernelResponse

#define DbgWaitForKernelResponse ( KernelSyncObjectId )

Value:

    do                                                                     \
    {                                                                      \
        DEBUGGER_SYNCRONIZATION_EVENTS_STATE * SyncronizationObject =      \
            &g_KernelSyncronizationObjectsHandleTable[KernelSyncObjectId]; \
                                                                           \
        SyncronizationObject->IsOnWaitingState = TRUE;                     \
        WaitForSingleObject(SyncronizationObject->EventHandle, INFINITE);  \
                                                                           \
    } while (FALSE);

#define DbgWaitForKernelResponse(KernelSyncObjectId)                       \
    do                                                                     \
    {                                                                      \
        DEBUGGER_SYNCRONIZATION_EVENTS_STATE * SyncronizationObject =      \
            &g_KernelSyncronizationObjectsHandleTable[KernelSyncObjectId]; \
                                                                           \
        SyncronizationObject->IsOnWaitingState = TRUE;                     \
        WaitForSingleObject(SyncronizationObject->EventHandle, INFINITE);  \
                                                                           \
    } while (FALSE);

◆ DbgWaitGetRequestData

#define DbgWaitGetRequestData	(	KernelSyncObjectId,
		ReqData,
		ReqSize )

Value:

    do                                                                         \
    {                                                                          \
        DEBUGGER_SYNCRONIZATION_EVENTS_STATE * SyncronizationObject =          \
            &g_KernelSyncronizationObjectsHandleTable[KernelSyncObjectId];     \
                                                                               \
        *ReqData                          = SyncronizationObject->RequestData; \
        *ReqSize                          = SyncronizationObject->RequestSize; \
        SyncronizationObject->RequestData = NULL;                              \
        SyncronizationObject->RequestSize = NULL_ZERO;                         \
                                                                               \
    } while (FALSE);

#define DbgWaitGetRequestData(KernelSyncObjectId, ReqData, ReqSize)            \
    do                                                                         \
    {                                                                          \
        DEBUGGER_SYNCRONIZATION_EVENTS_STATE * SyncronizationObject =          \
            &g_KernelSyncronizationObjectsHandleTable[KernelSyncObjectId];     \
                                                                               \
        *ReqData                          = SyncronizationObject->RequestData; \
        *ReqSize                          = SyncronizationObject->RequestSize; \
        SyncronizationObject->RequestData = NULL;                              \
        SyncronizationObject->RequestSize = NULL_ZERO;                         \
                                                                               \
    } while (FALSE);

◆ DbgWaitSetRequestData

#define DbgWaitSetRequestData	(	KernelSyncObjectId,
		ReqData,
		ReqSize )

Value:

    do                                                                     \
    {                                                                      \
        DEBUGGER_SYNCRONIZATION_EVENTS_STATE * SyncronizationObject =      \
            &g_KernelSyncronizationObjectsHandleTable[KernelSyncObjectId]; \
                                                                           \
        SyncronizationObject->RequestData = (PVOID)ReqData;                \
        SyncronizationObject->RequestSize = (UINT32)ReqSize;               \
                                                                           \
    } while (FALSE);

#define DbgWaitSetRequestData(KernelSyncObjectId, ReqData, ReqSize)        \
    do                                                                     \
    {                                                                      \
        DEBUGGER_SYNCRONIZATION_EVENTS_STATE * SyncronizationObject =      \
            &g_KernelSyncronizationObjectsHandleTable[KernelSyncObjectId]; \
                                                                           \
        SyncronizationObject->RequestData = (PVOID)ReqData;                \
        SyncronizationObject->RequestSize = (UINT32)ReqSize;               \
                                                                           \
    } while (FALSE);

Function Documentation

◆ KdAddActionToEventInDebuggee()

BOOLEAN KdAddActionToEventInDebuggee	(	PDEBUGGER_GENERAL_ACTION	ActionAddingBuffer,
		UINT32	Length )

◆ KdBreakControlCheckAndContinueDebugger()

VOID KdBreakControlCheckAndContinueDebugger ( )

◆ KdBreakControlCheckAndPauseDebugger()

VOID KdBreakControlCheckAndPauseDebugger ( )

◆ KdCheckForTheEndOfTheBuffer()

BOOLEAN KdCheckForTheEndOfTheBuffer	(	PUINT32	CurrentLoopIndex,
		BYTE *	Buffer )

compares the buffer with a string

Parameters

CurrentLoopIndex	Number of previously read bytes
Buffer

Returns: BOOLEAN

{
    UINT32 ActualBufferLength;
 
    ActualBufferLength = *CurrentLoopIndex;
 
    //
    // End of buffer is 4 character long
    //
    if (*CurrentLoopIndex <= 3)
    {
        return FALSE;
    }
 
    if (Buffer[ActualBufferLength] == SERIAL_END_OF_BUFFER_CHAR_4 &&
        Buffer[ActualBufferLength - 1] == SERIAL_END_OF_BUFFER_CHAR_3 &&
        Buffer[ActualBufferLength - 2] == SERIAL_END_OF_BUFFER_CHAR_2 &&
        Buffer[ActualBufferLength - 3] == SERIAL_END_OF_BUFFER_CHAR_1)
    {
        //
        // Clear the end character
        //
        Buffer[ActualBufferLength - 3] = NULL;
        Buffer[ActualBufferLength - 2] = NULL;
        Buffer[ActualBufferLength - 1] = NULL;
        Buffer[ActualBufferLength]     = NULL;
 
        //
        // Set the new length
        //
        *CurrentLoopIndex = ActualBufferLength - 3;
 
        return TRUE;
    }
    return FALSE;
}

◆ KdCloseConnection()

BOOLEAN KdCloseConnection ( )

◆ KdCommandPacketAndBufferToDebuggee()

BOOLEAN KdCommandPacketAndBufferToDebuggee	(	DEBUGGER_REMOTE_PACKET_TYPE	PacketType,
		DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION	RequestedAction,
		CHAR *	Buffer,
		UINT32	BufferLength )

◆ KdCommandPacketToDebuggee()

BOOLEAN KdCommandPacketToDebuggee	(	DEBUGGER_REMOTE_PACKET_TYPE	PacketType,
		DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION	RequestedAction )

◆ KdComputeDataChecksum()

BYTE KdComputeDataChecksum	(	PVOID	Buffer,
		UINT32	Length )

calculate the checksum of received buffer from debugger

Parameters

Buffer
LengthReceived

Returns: BYTE

{
    BYTE CalculatedCheckSum = 0;
    BYTE Temp               = 0;
    while (Length--)
    {
        Temp               = *(BYTE *)Buffer;
        CalculatedCheckSum = CalculatedCheckSum + Temp;
        Buffer             = (PVOID)((UINT64)Buffer + 1);
    }
    return CalculatedCheckSum;
}

◆ KdHandleUserInputInDebuggee()

VOID KdHandleUserInputInDebuggee ( DEBUGGEE_USER_INPUT_PACKET * Descriptor )

◆ KdPrepareAndConnectDebugPort()

BOOLEAN KdPrepareAndConnectDebugPort	(	const char *	PortName,
		DWORD	Baudrate,
		UINT32	Port,
		BOOLEAN	IsPreparing,
		BOOLEAN	IsNamedPipe )

◆ KdPrepareSerialConnectionToRemoteSystem()

BOOLEAN KdPrepareSerialConnectionToRemoteSystem	(	HANDLE	SerialHandle,
		BOOLEAN	IsNamedPipe )

◆ KdReceivePacketFromDebuggee()

BOOLEAN KdReceivePacketFromDebuggee	(	CHAR *	BufferToSave,
		UINT32 *	LengthReceived )

◆ KdReceivePacketFromDebugger()

BOOLEAN KdReceivePacketFromDebugger	(	CHAR *	BufferToSave,
		UINT32 *	LengthReceived )

◆ KdRegisterEventInDebuggee()

BOOLEAN KdRegisterEventInDebuggee	(	PDEBUGGER_GENERAL_EVENT_DETAIL	EventRegBuffer,
		UINT32	Length )

◆ KdReloadSymbolsInDebuggee()

BOOLEAN KdReloadSymbolsInDebuggee	(	BOOLEAN	PauseDebuggee,
		UINT32	UserProcessId )

◆ KdSendAddActionToEventPacketToDebuggee()

PDEBUGGER_EVENT_AND_ACTION_RESULT KdSendAddActionToEventPacketToDebuggee	(	PDEBUGGER_GENERAL_ACTION	GeneralAction,
		UINT32	GeneralActionLength )

Send an add action to event request to the debuggee.

as this command uses one global variable to transfer the buffers so should not be called simultaneously

Parameters

GeneralAction
GeneralActionLength

Returns: PDEBUGGER_EVENT_AND_ACTION_RESULT

{
    PDEBUGGEE_EVENT_AND_ACTION_HEADER_FOR_REMOTE_PACKET Header;
    UINT32                                              Len;
 
    Len = GeneralActionLength +
          sizeof(DEBUGGEE_EVENT_AND_ACTION_HEADER_FOR_REMOTE_PACKET);
 
    Header = (PDEBUGGEE_EVENT_AND_ACTION_HEADER_FOR_REMOTE_PACKET)malloc(Len);
 
    if (Header == NULL)
    {
        return NULL;
    }
 
    RtlZeroMemory(Header, Len);
 
    //
    // Set length in header
    //
    Header->Length = GeneralActionLength;
 
    //
    // Move buffer
    //
    memcpy((PVOID)((UINT64)Header +
                   sizeof(DEBUGGEE_EVENT_AND_ACTION_HEADER_FOR_REMOTE_PACKET)),
           (PVOID)GeneralAction,
           GeneralActionLength);
 
    RtlZeroMemory(&g_DebuggeeResultOfAddingActionsToEvent,
                  sizeof(DEBUGGER_EVENT_AND_ACTION_RESULT));
 
    //
    // Send add action to event packet
    //
    if (!KdCommandPacketAndBufferToDebuggee(
            DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_VMX_ROOT,
            DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_ADD_ACTION_TO_EVENT,
            (CHAR *)Header,
            Len))
    {
        free(Header);
        return NULL;
    }
 
    //
    // Wait until the result of adding action to event received
    //
    DbgWaitForKernelResponse(DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_ADD_ACTION_TO_EVENT);
 
    free(Header);
 
    return &g_DebuggeeResultOfAddingActionsToEvent;
}

◆ KdSendBpPacketToDebuggee()

BOOLEAN KdSendBpPacketToDebuggee ( PDEBUGGEE_BP_PACKET BpPacket )

Sends a breakpoint set or 'bp' command packet to the debuggee.

Parameters

BpPacket

Returns: BOOLEAN

{
    //
    // Send 'bp' as a breakpoint packet
    //
    if (!KdCommandPacketAndBufferToDebuggee(
            DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_VMX_ROOT,
            DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_BP,
            (CHAR *)BpPacket,
            sizeof(DEBUGGEE_BP_PACKET)))
    {
        return FALSE;
    }
 
    //
    // Wait until the result of putting breakpoint is received
    //
    DbgWaitForKernelResponse(DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_BP);
 
    return TRUE;
}

◆ KdSendCallStackPacketToDebuggee()

BOOLEAN KdSendCallStackPacketToDebuggee	(	UINT64	BaseAddress,
		UINT32	Size,
		DEBUGGER_CALLSTACK_DISPLAY_METHOD	DisplayMethod,
		BOOLEAN	Is32Bit )

Send a callstack request to the debuggee.

Parameters

BaseAddress
Size
DisplayMethod
Is32Bit

Returns: BOOLEAN

{
    UINT32                      FrameCount;
    UINT32                      CallstackRequestSize = 0;
    PDEBUGGER_CALLSTACK_REQUEST CallstackPacket      = NULL;
 
    if (Size == 0)
    {
        return FALSE;
    }
 
    if (Is32Bit)
    {
        FrameCount = Size / sizeof(UINT32);
    }
    else
    {
        FrameCount = Size / sizeof(UINT64);
    }
 
    CallstackRequestSize = sizeof(DEBUGGER_CALLSTACK_REQUEST) + (sizeof(DEBUGGER_SINGLE_CALLSTACK_FRAME) * FrameCount);
 
    //
    // Allocate buffer for request
    //
    CallstackPacket = (PDEBUGGER_CALLSTACK_REQUEST)malloc(CallstackRequestSize);
 
    if (CallstackPacket == NULL)
    {
        return FALSE;
    }
 
    RtlZeroMemory(CallstackPacket, CallstackRequestSize);
 
    //
    // Set the details
    //
    CallstackPacket->BaseAddress   = BaseAddress;
    CallstackPacket->Is32Bit       = Is32Bit;
    CallstackPacket->Size          = Size;
    CallstackPacket->BufferSize    = CallstackRequestSize;
    CallstackPacket->FrameCount    = FrameCount;
    CallstackPacket->DisplayMethod = DisplayMethod;
 
    //
    // Send 'k' command as callstack request packet
    //
    if (!KdCommandPacketAndBufferToDebuggee(
            DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_VMX_ROOT,
            DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_MODE_CALLSTACK,
            (CHAR *)CallstackPacket,
            CallstackRequestSize))
    {
        free(CallstackPacket);
        return FALSE;
    }
 
    //
    // Wait until the result of callstack is received
    //
    DbgWaitForKernelResponse(DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_CALLSTACK_RESULT);
 
    free(CallstackPacket);
    return TRUE;
}

◆ KdSendEditMemoryPacketToDebuggee()

BOOLEAN KdSendEditMemoryPacketToDebuggee	(	PDEBUGGER_EDIT_MEMORY	EditMem,
		UINT32	Size )

Send an Edit memory packet to the debuggee.

Parameters

EditMem
Size

Returns: BOOLEAN

{
    //
    // Set the request data
    //
    DbgWaitSetRequestData(DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_EDIT_MEMORY, EditMem, sizeof(DEBUGGER_EDIT_MEMORY));
 
    //
    // Send d command as read memory packet
    //
    if (!KdCommandPacketAndBufferToDebuggee(
            DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_VMX_ROOT,
            DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_EDIT_MEMORY,
            (CHAR *)EditMem,
            Size))
    {
        return FALSE;
    }
 
    //
    // Wait until the result of read registers received
    //
    DbgWaitForKernelResponse(DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_EDIT_MEMORY);
 
    return TRUE;
}

◆ KdSendEventQueryAndModifyPacketToDebuggee()

BOOLEAN KdSendEventQueryAndModifyPacketToDebuggee	(	UINT64	Tag,
		DEBUGGER_MODIFY_EVENTS_TYPE	TypeOfAction,
		BOOLEAN *	IsEnabled )

Sends a query or request to enable/disable/clear for event.

if IsQueryState is TRUE then TypeOfAction is ignored

Parameters

Tag
TypeOfAction
IsEnabled	If it's a query state then this argument can be used

Returns: BOOLEAN

{
    DEBUGGER_MODIFY_EVENTS ModifyAndQueryEventPacket = {0};
 
    g_SharedEventStatus = FALSE;
 
    //
    // Fill the structure of packet
    //
    ModifyAndQueryEventPacket.Tag          = Tag;
    ModifyAndQueryEventPacket.TypeOfAction = TypeOfAction;
 
    //
    // Send modify and query event packet
    //
    if (!KdCommandPacketAndBufferToDebuggee(
            DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_VMX_ROOT,
            DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_QUERY_AND_MODIFY_EVENT,
            (CHAR *)&ModifyAndQueryEventPacket,
            sizeof(DEBUGGER_MODIFY_EVENTS)))
    {
        return FALSE;
    }
 
    //
    // Wait until the result of query and modify event is received
    //
    DbgWaitForKernelResponse(DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_MODIFY_AND_QUERY_EVENT);
 
    if (TypeOfAction == DEBUGGER_MODIFY_EVENTS_QUERY_STATE)
    {
        //
        // We should read the results to set IsEnabled variable
        //
        *IsEnabled = g_SharedEventStatus;
    }
 
    return TRUE;
}

◆ KdSendFlushPacketToDebuggee()

BOOLEAN KdSendFlushPacketToDebuggee ( )

Send a flush request to the debuggee.

Returns: BOOLEAN

{
    DEBUGGER_FLUSH_LOGGING_BUFFERS FlushPacket = {0};
 
    //
    // Send 'flush' command as flush packet
    //
    if (!KdCommandPacketAndBufferToDebuggee(
            DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_VMX_ROOT,
            DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_MODE_FLUSH_BUFFERS,
            (CHAR *)&FlushPacket,
            sizeof(DEBUGGER_FLUSH_LOGGING_BUFFERS)))
    {
        return FALSE;
    }
 
    //
    // Wait until the result of flushing received
    //
    DbgWaitForKernelResponse(DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_FLUSH_RESULT);
 
    return TRUE;
}

◆ KdSendGeneralBuffersFromDebuggeeToDebugger()

BOOLEAN KdSendGeneralBuffersFromDebuggeeToDebugger	(	DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION	RequestedAction,
		PVOID	Buffer,
		UINT32	BufferLength,
		BOOLEAN	PauseDebuggeeWhenSent )

◆ KdSendListOrModifyPacketToDebuggee()

BOOLEAN KdSendListOrModifyPacketToDebuggee ( PDEBUGGEE_BP_LIST_OR_MODIFY_PACKET ListOrModifyPacket )

Sends a breakpoint list or modification packet to the debuggee.

Parameters

ListOrModifyPacket

Returns: BOOLEAN

{
    //
    // Send list or modify breakpoint packet
    //
    if (!KdCommandPacketAndBufferToDebuggee(
            DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_VMX_ROOT,
            DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_LIST_OR_MODIFY_BREAKPOINTS,
            (CHAR *)ListOrModifyPacket,
            sizeof(DEBUGGEE_BP_LIST_OR_MODIFY_PACKET)))
    {
        return FALSE;
    }
 
    //
    // Wait until the result of listing or modifying breakpoints is received
    //
    DbgWaitForKernelResponse(DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_LIST_OR_MODIFY_BREAKPOINTS);
 
    return TRUE;
}

◆ KdSendModifyEventInDebuggee()

BOOLEAN KdSendModifyEventInDebuggee	(	PDEBUGGER_MODIFY_EVENTS	ModifyEvent,
		BOOLEAN	SendTheResultBackToDebugger )

◆ KdSendPacketToDebuggee()

BOOLEAN KdSendPacketToDebuggee	(	const CHAR *	Buffer,
		UINT32	Length,
		BOOLEAN	SendEndOfBuffer )

◆ KdSendPageinPacketToDebuggee()

BOOLEAN KdSendPageinPacketToDebuggee ( PDEBUGGER_PAGE_IN_REQUEST PageinPacket )

Sends a page-in or '.pagein' command packet to the debuggee.

Parameters

PageinPacket

Returns: BOOLEAN

{
    //
    // Send the '.pagein' packet
    //
    if (!KdCommandPacketAndBufferToDebuggee(
            DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_VMX_ROOT,
            DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_INJECT_PAGE_FAULT,
            (CHAR *)PageinPacket,
            sizeof(DEBUGGER_PAGE_IN_REQUEST)))
    {
        return FALSE;
    }
 
    //
    // Wait until the result of page-in packet is received
    //
    DbgWaitForKernelResponse(DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_PAGE_IN_STATE);
 
    return TRUE;
}

◆ KdSendPtePacketToDebuggee()

BOOLEAN KdSendPtePacketToDebuggee ( PDEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS PtePacket )

Sends a PTE or '!pte' command packet to the debuggee.

Parameters

PtePacket

Returns: BOOLEAN

{
    //
    // Send the '!pte' packet
    //
    if (!KdCommandPacketAndBufferToDebuggee(
            DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_VMX_ROOT,
            DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_SYMBOL_QUERY_PTE,
            (CHAR *)PtePacket,
            sizeof(DEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS)))
    {
        return FALSE;
    }
 
    //
    // Wait until the result of PTE packet is received
    //
    DbgWaitForKernelResponse(DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_PTE_RESULT);
 
    return TRUE;
}

◆ KdSendReadMemoryPacketToDebuggee()

BOOLEAN KdSendReadMemoryPacketToDebuggee	(	PDEBUGGER_READ_MEMORY	ReadMem,
		UINT32	RequestSize )

Send a Read memory packet to the debuggee.

Parameters

ReadMem
Size

Returns: BOOLEAN

{
    //
    // Set the request data
    //
    DbgWaitSetRequestData(DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_READ_MEMORY, ReadMem, RequestSize);
 
    //
    // Send u-d command as read memory packet
    //
    if (!KdCommandPacketAndBufferToDebuggee(
            DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_VMX_ROOT,
            DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_READ_MEMORY,
            (CHAR *)ReadMem,
            sizeof(DEBUGGER_READ_MEMORY) // only the header is enough, no need to send the entire buffer
            ))
    {
        return FALSE;
    }
 
    //
    // Wait until the result of read registers received
    //
    DbgWaitForKernelResponse(DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_READ_MEMORY);
 
    return TRUE;
}

◆ KdSendReadRegisterPacketToDebuggee()

BOOLEAN KdSendReadRegisterPacketToDebuggee	(	PDEBUGGEE_REGISTER_READ_DESCRIPTION	RegDes,
		UINT32	RegBuffSize )

Send a read register packet to the debuggee.

Parameters

RegDes
RegBuffSize

Returns: BOOLEAN

{
    //
    // Set the request data
    //
    DbgWaitSetRequestData(DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_READ_REGISTERS, RegDes, RegBuffSize);
 
    //
    // Send the 'r' command as read register packet
    //
    if (!KdCommandPacketAndBufferToDebuggee(
            DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_VMX_ROOT,
            DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_READ_REGISTERS,
            (CHAR *)RegDes,
            sizeof(DEBUGGEE_REGISTER_READ_DESCRIPTION) // only the header is enough, no need to send the entire buffer
            ))
    {
        return FALSE;
    }
 
    //
    // Wait until the result of read registers received
    //
    DbgWaitForKernelResponse(DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_READ_REGISTERS);
 
    return TRUE;
}

◆ KdSendRegisterEventPacketToDebuggee()

PDEBUGGER_EVENT_AND_ACTION_RESULT KdSendRegisterEventPacketToDebuggee	(	PDEBUGGER_GENERAL_EVENT_DETAIL	Event,
		UINT32	EventBufferLength )

Send a register event request to the debuggee.

as this command uses one global variable to transfer the buffers so should not be called simultaneously

Parameters

Event
EventBufferLength

Returns: PDEBUGGER_EVENT_AND_ACTION_RESULT

{
    PDEBUGGEE_EVENT_AND_ACTION_HEADER_FOR_REMOTE_PACKET Header;
    UINT32                                              Len;
 
    Len = EventBufferLength +
          sizeof(DEBUGGEE_EVENT_AND_ACTION_HEADER_FOR_REMOTE_PACKET);
 
    Header = (PDEBUGGEE_EVENT_AND_ACTION_HEADER_FOR_REMOTE_PACKET)malloc(Len);
 
    if (Header == NULL)
    {
        return NULL;
    }
 
    RtlZeroMemory(Header, Len);
 
    //
    // Set length in header
    //
    Header->Length = EventBufferLength;
 
    //
    // Move buffer
    //
    memcpy((PVOID)((UINT64)Header +
                   sizeof(DEBUGGEE_EVENT_AND_ACTION_HEADER_FOR_REMOTE_PACKET)),
           (PVOID)Event,
           EventBufferLength);
 
    RtlZeroMemory(&g_DebuggeeResultOfRegisteringEvent,
                  sizeof(DEBUGGER_EVENT_AND_ACTION_RESULT));
 
    //
    // Send register event packet
    //
    if (!KdCommandPacketAndBufferToDebuggee(
            DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_VMX_ROOT,
            DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_REGISTER_EVENT,
            (CHAR *)Header,
            Len))
    {
        free(Header);
        return NULL;
    }
 
    //
    // Wait until the result of registering received
    //
    DbgWaitForKernelResponse(DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_REGISTER_EVENT);
 
    free(Header);
 
    return &g_DebuggeeResultOfRegisteringEvent;
}

◆ KdSendResponseOfThePingPacket()

BOOLEAN KdSendResponseOfThePingPacket ( )

◆ KdSendScriptPacketToDebuggee()

BOOLEAN KdSendScriptPacketToDebuggee	(	UINT64	BufferAddress,
		UINT32	BufferLength,
		UINT32	Pointer,
		BOOLEAN	IsFormat )

Sends a script packet to the debuggee.

Parameters

BufferAddress
BufferLength
Pointer
IsFormat

Returns: BOOLEAN

{
    PDEBUGGEE_SCRIPT_PACKET ScriptPacket;
    UINT32                  SizeOfStruct = 0;
 
    SizeOfStruct = sizeof(DEBUGGEE_SCRIPT_PACKET) + BufferLength;
 
    ScriptPacket = (DEBUGGEE_SCRIPT_PACKET *)malloc(SizeOfStruct);
 
    RtlZeroMemory(ScriptPacket, SizeOfStruct);
 
    //
    // Fill the script packet buffer
    //
    ScriptPacket->ScriptBufferSize    = BufferLength;
    ScriptPacket->ScriptBufferPointer = Pointer;
    ScriptPacket->IsFormat            = IsFormat;
 
    //
    // Move the buffer at the bottom of the script packet
    //
    memcpy((PVOID)((UINT64)ScriptPacket + sizeof(DEBUGGEE_SCRIPT_PACKET)),
           (PVOID)BufferAddress,
           BufferLength);
 
    //
    // Send script packet
    //
    if (!KdCommandPacketAndBufferToDebuggee(
            DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_VMX_ROOT,
            DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_RUN_SCRIPT,
            (CHAR *)ScriptPacket,
            SizeOfStruct))
    {
        free(ScriptPacket);
        return FALSE;
    }
 
    if (IsFormat)
    {
        //
        // Wait for formats results too
        //
        DbgWaitForKernelResponse(DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_SCRIPT_FORMATS_RESULT);
    }
 
    //
    // Wait until the result of script engine received
    //
    DbgWaitForKernelResponse(DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_SCRIPT_RUNNING_RESULT);
 
    free(ScriptPacket);
    return TRUE;
}

◆ KdSendSearchRequestPacketToDebuggee()

BOOLEAN KdSendSearchRequestPacketToDebuggee	(	UINT64 *	SearchRequestBuffer,
		UINT32	SearchRequestBufferSize )

Sends search query request packet to the debuggee.

Parameters

SearchRequestBuffer
SearchRequestBufferSize

Returns: BOOLEAN

{
    //
    // Send search request packet
    //
    if (!KdCommandPacketAndBufferToDebuggee(
            DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_VMX_ROOT,
            DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_SEARCH_QUERY,
            (CHAR *)SearchRequestBuffer,
            SearchRequestBufferSize))
    {
        return FALSE;
    }
 
    //
    // Wait until the result of search request received
    //
    DbgWaitForKernelResponse(DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_SEARCH_QUERY_RESULT);
 
    return TRUE;
}

◆ KdSendShortCircuitingEventToDebuggee()

BOOLEAN KdSendShortCircuitingEventToDebuggee ( BOOLEAN IsEnabled )

Sends a short-circuiting event request to debuggee.

Parameters

IsEnabled

Returns: BOOLEAN

{
    DEBUGGER_SHORT_CIRCUITING_EVENT ShortCircuitEventPacket = {0};
 
    //
    // Fill the structure of the packet
    //
    ShortCircuitEventPacket.IsShortCircuiting = IsEnabled;
 
    //
    // Send modify and query event packet
    //
    if (!KdCommandPacketAndBufferToDebuggee(
            DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_VMX_ROOT,
            DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_SET_SHORT_CIRCUITING_STATE,
            (CHAR *)&ShortCircuitEventPacket,
            sizeof(DEBUGGER_SHORT_CIRCUITING_EVENT)))
    {
        return FALSE;
    }
 
    //
    // Wait until the result of setting short-circuiting event state is received
    //
    DbgWaitForKernelResponse(DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_SHORT_CIRCUITING_EVENT_STATE);
 
    return TRUE;
}

◆ KdSendStepPacketToDebuggee()

BOOLEAN KdSendStepPacketToDebuggee ( DEBUGGER_REMOTE_STEPPING_REQUEST StepRequestType )

Sends p (step out) and t (step in) packet to the debuggee.

Returns: BOOLEAN

{
    DEBUGGEE_STEP_PACKET StepPacket = {0};
    UINT32               CallInstructionSize;
 
    //
    // Set the type of step packet
    //
    StepPacket.StepType = StepRequestType;
 
    //
    // Check if it's a step-over
    //
    if (StepRequestType == DEBUGGER_REMOTE_STEPPING_REQUEST_STEP_OVER ||
        StepRequestType == DEBUGGER_REMOTE_STEPPING_REQUEST_STEP_OVER_FOR_GU)
    {
        //
        // It's not needed to check for DEBUGGER_REMOTE_STEPPING_REQUEST_STEP_OVER_FOR_GU_LAST_INSTRUCTION
        // as the last instruction is a 'RET' not a 'CALL'
        //
 
        //
        // We should check whether the current instruction is a 'call'
        // instruction or not, if yes we have to compute the length of call
        //
        if (HyperDbgCheckWhetherTheCurrentInstructionIsCall(
                g_CurrentRunningInstruction,
                MAXIMUM_INSTR_SIZE,
                g_IsRunningInstruction32Bit ? FALSE : TRUE, // equals to !g_IsRunningInstruction32Bit
                &CallInstructionSize))
        {
            //
            // It's a call in step-over
            //
            StepPacket.IsCurrentInstructionACall = TRUE;
            StepPacket.CallLength                = CallInstructionSize;
        }
    }
 
    //
    // Set the debuggee is running after this command
    //
    if (StepRequestType == DEBUGGER_REMOTE_STEPPING_REQUEST_STEP_OVER ||
        StepRequestType == DEBUGGER_REMOTE_STEPPING_REQUEST_STEP_OVER_FOR_GU ||
        StepRequestType == DEBUGGER_REMOTE_STEPPING_REQUEST_STEP_IN)
    {
        //
        // The debuggee is also running after this type of command
        // This is because this way the debuggee is running after the step-over or step-in
        // so, if the program either terminates or couldn't run the next instruction, the
        // user could pause the debuggee again
        //
        g_IsDebuggeeRunning = TRUE;
    }
 
    //
    // Send step packet to the serial
    //
    if (!KdCommandPacketAndBufferToDebuggee(
            DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_VMX_ROOT,
            DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_MODE_STEP,
            (CHAR *)&StepPacket,
            sizeof(DEBUGGEE_STEP_PACKET)))
    {
        return FALSE;
    }
 
    //
    // Wait until the result of user-input received
    //
    DbgWaitForKernelResponse(DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_IS_DEBUGGER_RUNNING);
 
    return TRUE;
}

◆ KdSendSwitchCorePacketToDebuggee()

BOOLEAN KdSendSwitchCorePacketToDebuggee ( UINT32 NewCore )

Sends a change core or '~ x' command packet to the debuggee.

Returns: BOOLEAN

{
    DEBUGGEE_CHANGE_CORE_PACKET CoreChangePacket = {0};
 
    CoreChangePacket.NewCore = NewCore;
 
    if (CoreChangePacket.NewCore == g_CurrentRemoteCore)
    {
        //
        // We show an error message here when there is no core change (because the
        // target core and current operating core is the same)
        //
        ShowMessages("the current operating core is %x (not changed)\n",
                     CoreChangePacket.NewCore);
 
        return FALSE;
    }
 
    //
    // Send '~' as switch packet
    //
    if (!KdCommandPacketAndBufferToDebuggee(
            DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_VMX_ROOT,
            DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_MODE_CHANGE_CORE,
            (CHAR *)&CoreChangePacket,
            sizeof(DEBUGGEE_CHANGE_CORE_PACKET)))
    {
        return FALSE;
    }
 
    //
    // Wait until the result of core change received
    //
    DbgWaitForKernelResponse(DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_CORE_SWITCHING_RESULT);
 
    return TRUE;
}

◆ KdSendSwitchProcessPacketToDebuggee()

BOOLEAN KdSendSwitchProcessPacketToDebuggee	(	DEBUGGEE_DETAILS_AND_SWITCH_PROCESS_TYPE	ActionType,
		UINT32	NewPid,
		UINT64	NewProcess,
		BOOLEAN	SetChangeByClockInterrupt,
		PDEBUGGEE_PROCESS_LIST_NEEDED_DETAILS	SymDetailsForProcessList )

Sends a change process or show process details packet to the debuggee.

Parameters

ActionType
NewPid
NewProcess
SetChangeByClockInterrupt
SymDetailsForProcessList

Returns: BOOLEAN

{
    DEBUGGEE_DETAILS_AND_SWITCH_PROCESS_PACKET ProcessChangePacket = {0};
 
    ProcessChangePacket.ActionType        = ActionType;
    ProcessChangePacket.ProcessId         = NewPid;
    ProcessChangePacket.Process           = NewProcess;
    ProcessChangePacket.IsSwitchByClkIntr = SetChangeByClockInterrupt;
 
    //
    // Check if the command really needs these information or not
    // it's because some of the command don't need symbol offset information
    //
    if (SymDetailsForProcessList != NULL)
    {
        memcpy(&ProcessChangePacket.ProcessListSymDetails, SymDetailsForProcessList, sizeof(DEBUGGEE_PROCESS_LIST_NEEDED_DETAILS));
    }
 
    //
    // Send '.process' as switch packet
    //
    if (!KdCommandPacketAndBufferToDebuggee(
            DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_VMX_ROOT,
            DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_MODE_CHANGE_PROCESS,
            (CHAR *)&ProcessChangePacket,
            sizeof(DEBUGGEE_DETAILS_AND_SWITCH_PROCESS_PACKET)))
    {
        return FALSE;
    }
 
    //
    // Wait until the result of process change received
    //
    DbgWaitForKernelResponse(DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_PROCESS_SWITCHING_RESULT);
 
    return TRUE;
}

◆ KdSendSwitchThreadPacketToDebuggee()

BOOLEAN KdSendSwitchThreadPacketToDebuggee	(	DEBUGGEE_DETAILS_AND_SWITCH_THREAD_TYPE	ActionType,
		UINT32	NewTid,
		UINT64	NewThread,
		BOOLEAN	CheckByClockInterrupt,
		PDEBUGGEE_THREAD_LIST_NEEDED_DETAILS	SymDetailsForThreadList )

Sends a change thread or show threads detail packet to the debuggee.

Parameters

ActionType
NewTid
NewThread
CheckByClockInterrupt
SymDetailsForThreadList

Returns: BOOLEAN

{
    DEBUGGEE_DETAILS_AND_SWITCH_THREAD_PACKET ThreadChangePacket = {0};
 
    ThreadChangePacket.ActionType            = ActionType;
    ThreadChangePacket.ThreadId              = NewTid;
    ThreadChangePacket.Thread                = NewThread;
    ThreadChangePacket.CheckByClockInterrupt = CheckByClockInterrupt;
 
    //
    // Check if the command really needs these information or not
    // it's because some of the command don't need symbol offset information
    //
    if (SymDetailsForThreadList != NULL)
    {
        memcpy(&ThreadChangePacket.ThreadListSymDetails, SymDetailsForThreadList, sizeof(DEBUGGEE_THREAD_LIST_NEEDED_DETAILS));
    }
 
    //
    // Send '.thread' as switch packet
    //
    if (!KdCommandPacketAndBufferToDebuggee(
            DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_VMX_ROOT,
            DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_MODE_CHANGE_THREAD,
            (CHAR *)&ThreadChangePacket,
            sizeof(DEBUGGEE_DETAILS_AND_SWITCH_THREAD_PACKET)))
    {
        return FALSE;
    }
 
    //
    // Wait until the result of thread change received
    //
    DbgWaitForKernelResponse(DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_THREAD_SWITCHING_RESULT);
 
    return TRUE;
}

◆ KdSendSymbolDetailPacket()

VOID KdSendSymbolDetailPacket	(	PMODULE_SYMBOL_DETAIL	SymbolDetailPacket,
		UINT32	CurrentSymbolInfoIndex,
		UINT32	TotalSymbols )

◆ KdSendSymbolReloadPacketToDebuggee()

BOOLEAN KdSendSymbolReloadPacketToDebuggee ( UINT32 ProcessId )

Send symbol reload packet to the debuggee.

Returns: BOOLEAN

{
    DEBUGGEE_SYMBOL_REQUEST_PACKET SymbolRequest = {0};
 
    SymbolRequest.ProcessId = ProcessId;
 
    //
    // Send '.sym reload' as symbol reload packet
    //
    if (!KdCommandPacketAndBufferToDebuggee(
            DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_VMX_ROOT,
            DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_SYMBOL_RELOAD,
            (CHAR *)&SymbolRequest,
            sizeof(DEBUGGEE_SYMBOL_REQUEST_PACKET)))
    {
        return FALSE;
    }
 
    //
    // Wait until all of the symbol packets are received
    //
    DbgWaitForKernelResponse(DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_SYMBOL_RELOAD);
 
    return TRUE;
}

◆ KdSendTestQueryPacketToDebuggee()

BOOLEAN KdSendTestQueryPacketToDebuggee ( DEBUGGER_TEST_QUERY_STATE Type )

Send a test query request to the debuggee.

Parameters

Type

Returns: BOOLEAN

{
    DEBUGGER_DEBUGGER_TEST_QUERY_BUFFER TestQueryPacket = {0};
 
    TestQueryPacket.RequestType = Type;
 
    //
    // Send 'test query' command as query packet
    //
    if (!KdCommandPacketAndBufferToDebuggee(
            DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_VMX_ROOT,
            DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_MODE_TEST_QUERY,
            (CHAR *)&TestQueryPacket,
            sizeof(DEBUGGER_DEBUGGER_TEST_QUERY_BUFFER)))
    {
        return FALSE;
    }
 
    //
    // Wait until the result of test query is received
    //
    DbgWaitForKernelResponse(DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_TEST_QUERY);
 
    return TRUE;
}

◆ KdSendTestQueryPacketWithContextToDebuggee()

BOOLEAN KdSendTestQueryPacketWithContextToDebuggee	(	DEBUGGER_TEST_QUERY_STATE	Type,
		UINT64	Context )

Send a test query request to the debuggee with the specified context.

Parameters

Type
Context

Returns: BOOLEAN

{
    DEBUGGER_DEBUGGER_TEST_QUERY_BUFFER TestQueryPacket = {0};
 
    TestQueryPacket.RequestType = Type;
    TestQueryPacket.Context     = Context;
 
    //
    // Send 'test query' command as query packet
    //
    if (!KdCommandPacketAndBufferToDebuggee(
            DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_VMX_ROOT,
            DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_MODE_TEST_QUERY,
            (CHAR *)&TestQueryPacket,
            sizeof(DEBUGGER_DEBUGGER_TEST_QUERY_BUFFER)))
    {
        return FALSE;
    }
 
    //
    // Wait until the result of test query is received
    //
    DbgWaitForKernelResponse(DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_TEST_QUERY);
 
    return TRUE;
}

◆ KdSendUserInputPacketToDebuggee()

BOOLEAN KdSendUserInputPacketToDebuggee	(	const char *	Sendbuf,
		int	Len,
		BOOLEAN	IgnoreBreakingAgain )

Sends user input packet to the debuggee.

Parameters

Sendbuf
Len
IgnoreBreakingAgain

Returns: BOOLEAN

{
    PDEBUGGEE_USER_INPUT_PACKET UserInputPacket;
    UINT32                      SizeOfStruct = 0;
 
    SizeOfStruct = sizeof(DEBUGGEE_USER_INPUT_PACKET) + Len;
 
    UserInputPacket = (DEBUGGEE_USER_INPUT_PACKET *)malloc(SizeOfStruct);
 
    RtlZeroMemory(UserInputPacket, SizeOfStruct);
 
    //
    // Fill the script packet buffer descriptors
    //
    UserInputPacket->CommandLen           = Len;
    UserInputPacket->IgnoreFinishedSignal = IgnoreBreakingAgain;
 
    //
    // Move the user input buffer at the bottom of the structure packet
    //
    memcpy((PVOID)((UINT64)UserInputPacket + sizeof(DEBUGGEE_USER_INPUT_PACKET)),
           (PVOID)Sendbuf,
           Len);
 
    //
    // Send user-input packet
    //
    if (!KdCommandPacketAndBufferToDebuggee(
            DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_VMX_ROOT,
            DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_USER_INPUT_BUFFER,
            (CHAR *)UserInputPacket,
            SizeOfStruct))
    {
        free(UserInputPacket);
        return FALSE;
    }
 
    //
    // Wait until the result of user-input received
    //
    if (!IgnoreBreakingAgain)
    {
        DbgWaitForKernelResponse(DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_DEBUGGEE_FINISHED_COMMAND_EXECUTION);
    }
 
    free(UserInputPacket);
 
    return TRUE;
}

◆ KdSendUsermodePrints()

VOID KdSendUsermodePrints	(	CHAR *	Input,
		UINT32	Length )

◆ KdSendVa2paAndPa2vaPacketToDebuggee()

BOOLEAN KdSendVa2paAndPa2vaPacketToDebuggee ( PDEBUGGER_VA2PA_AND_PA2VA_COMMANDS Va2paAndPa2vaPacket )

Sends VA2PA and PA2VA packest, or '!va2pa' and '!pa2va' commands packet to the debuggee.

Parameters

Va2paAndPa2vaPacket

Returns: BOOLEAN

{
    //
    // Send '!va2pa' or '!pa2va' as a query packet
    //
    if (!KdCommandPacketAndBufferToDebuggee(
            DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_VMX_ROOT,
            DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_QUERY_PA2VA_AND_VA2PA,
            (CHAR *)Va2paAndPa2vaPacket,
            sizeof(DEBUGGER_VA2PA_AND_PA2VA_COMMANDS)))
    {
        return FALSE;
    }
 
    //
    // Wait until the result of VA2PA or PA2VA packet is received
    //
    DbgWaitForKernelResponse(DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_VA2PA_AND_PA2VA_RESULT);
 
    return TRUE;
}

◆ KdSendWriteRegisterPacketToDebuggee()

BOOLEAN KdSendWriteRegisterPacketToDebuggee ( PDEBUGGEE_REGISTER_WRITE_DESCRIPTION RegDes )

Send a write register packet to the debuggee.

Parameters

RegDes

Returns: BOOLEAN

{
    //
    // Set the request data
    //
    DbgWaitSetRequestData(DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_WRITE_REGISTER, RegDes, sizeof(DEBUGGEE_REGISTER_WRITE_DESCRIPTION));
 
    //
    // Send write register packet
    //
    if (!KdCommandPacketAndBufferToDebuggee(
            DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_VMX_ROOT,
            DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_WRITE_REGISTER,
            (CHAR *)RegDes,
            sizeof(DEBUGGEE_REGISTER_WRITE_DESCRIPTION)))
    {
        return FALSE;
    }
 
    //
    // Wait until the result of write register received
    //
    DbgWaitForKernelResponse(DEBUGGER_SYNCRONIZATION_OBJECT_KERNEL_DEBUGGER_WRITE_REGISTER);
 
    return TRUE;
}

◆ KdSetStatusAndWaitForPause()

VOID KdSetStatusAndWaitForPause ( )

◆ KdTheRemoteSystemIsRunning()

VOID KdTheRemoteSystemIsRunning ( )

◆ KdUninitializeConnection()

VOID KdUninitializeConnection ( )

Classes

Macros

Functions

Detailed Description

Macro Definition Documentation

◆ DbgReceivedKernelResponse

◆ DbgWaitForKernelResponse

◆ DbgWaitGetRequestData

◆ DbgWaitSetRequestData

Function Documentation

◆ KdAddActionToEventInDebuggee()

◆ KdBreakControlCheckAndContinueDebugger()

◆ KdBreakControlCheckAndPauseDebugger()

◆ KdCheckForTheEndOfTheBuffer()

◆ KdCloseConnection()

◆ KdCommandPacketAndBufferToDebuggee()

◆ KdCommandPacketToDebuggee()

◆ KdComputeDataChecksum()

◆ KdHandleUserInputInDebuggee()

◆ KdPrepareAndConnectDebugPort()

◆ KdPrepareSerialConnectionToRemoteSystem()

◆ KdReceivePacketFromDebuggee()

◆ KdReceivePacketFromDebugger()

◆ KdRegisterEventInDebuggee()

◆ KdReloadSymbolsInDebuggee()

◆ KdSendAddActionToEventPacketToDebuggee()

◆ KdSendBpPacketToDebuggee()

◆ KdSendCallStackPacketToDebuggee()

◆ KdSendEditMemoryPacketToDebuggee()

◆ KdSendEventQueryAndModifyPacketToDebuggee()

◆ KdSendFlushPacketToDebuggee()

◆ KdSendGeneralBuffersFromDebuggeeToDebugger()

◆ KdSendListOrModifyPacketToDebuggee()

◆ KdSendModifyEventInDebuggee()

◆ KdSendPacketToDebuggee()

◆ KdSendPageinPacketToDebuggee()

◆ KdSendPtePacketToDebuggee()

◆ KdSendReadMemoryPacketToDebuggee()

◆ KdSendReadRegisterPacketToDebuggee()

◆ KdSendRegisterEventPacketToDebuggee()

◆ KdSendResponseOfThePingPacket()

◆ KdSendScriptPacketToDebuggee()

◆ KdSendSearchRequestPacketToDebuggee()

◆ KdSendShortCircuitingEventToDebuggee()

◆ KdSendStepPacketToDebuggee()

◆ KdSendSwitchCorePacketToDebuggee()

◆ KdSendSwitchProcessPacketToDebuggee()

◆ KdSendSwitchThreadPacketToDebuggee()

◆ KdSendSymbolDetailPacket()

◆ KdSendSymbolReloadPacketToDebuggee()

◆ KdSendTestQueryPacketToDebuggee()

◆ KdSendTestQueryPacketWithContextToDebuggee()

◆ KdSendUserInputPacketToDebuggee()

◆ KdSendUsermodePrints()

◆ KdSendVa2paAndPa2vaPacketToDebuggee()

◆ KdSendWriteRegisterPacketToDebuggee()

◆ KdSetStatusAndWaitForPause()

◆ KdTheRemoteSystemIsRunning()

◆ KdUninitializeConnection()