load.cpp File Reference

load command More...

#include "pch.h"

Functions
VOID	CommandLoadHelp ()
	help of the load command
VOID	CommandLoad (vector< string > SplitCommand, string Command)
	load command handler

Variables
HANDLE	g_IsDriverLoadedSuccessfully
	Handle to show that if the debugger is loaded successfully.
HANDLE	g_DeviceHandle
	Holds the global handle of device which is used to send the request to the kernel by IOCTL, this handle is not used for IRP Pending of message tracing this handle is used in KD VMM.
BOOLEAN	g_IsConnectedToHyperDbgLocally
	Shows whether the user is allowed to use 'load' command to load modules locally in VMI (virtual machine introspection) mode.
BOOLEAN	g_IsDebuggerModulesLoaded
	this variable is used to indicate that modules are loaded so we make sure to later use a trace of loading in 'unload' command (used in Debugger VMM)

Detailed Description

load command

Author

Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)

Version

0.1

Date

2020-05-27

Copyright

This project is released under the GNU Public License v3.

Function Documentation

CommandLoad()

VOID CommandLoad	(	vector< string >	SplitCommand,
		string	Command )

load command handler

Parameters

SplitCommand
Command

Returns

VOID

{
    if (SplitCommand.size() != 2)
    {
        ShowMessages("incorrect use of the 'load'\n\n");
        CommandLoadHelp();
        return;
    }
 
    if (!g_IsConnectedToHyperDbgLocally)
    {
        ShowMessages("you're not connected to any instance of HyperDbg, did you "
                     "use '.connect'? \n");
        return;
    }
 
    //
    // Check for the module
    //
    if (!SplitCommand.at(1).compare("vmm"))
    {
        //
        // Check to make sure that the driver is not already loaded
        //
        if (g_DeviceHandle)
        {
            ShowMessages("handle of the driver found, if you use 'load' before, please "
                         "first unload it then call 'unload'\n");
            return;
        }
 
        //
        // Load VMM Module
        //
        ShowMessages("loading the vmm driver\n");
 
        if (HyperDbgInstallVmmDriver() == 1 || HyperDbgLoadVmmModule() == 1)
        {
            ShowMessages("failed to install or load the driver\n");
            return;
        }
 
        //
        // If in vmi-mode then initialize and load symbols (pdb)
        // for previously downloaded symbols
        // When the VMM module is loaded, we use the current
        // process (HyperDbg's process) as the base for user-mode
        // symbols
        //
        SymbolLocalReload(GetCurrentProcessId());
    }
    else
    {
        //
        // Module not found
        //
        ShowMessages("err, module not found\n");
    }
}

CommandLoadHelp()

VOID CommandLoadHelp

(

)

help of the load command

Returns

VOID

{
    ShowMessages("load : installs the drivers and load the modules.\n\n");
 
    ShowMessages("syntax : \tload [ModuleName (string)]\n");
 
    ShowMessages("\n");
    ShowMessages("\t\te.g : load vmm\n");
}

Variable Documentation

g_DeviceHandle

HANDLE g_DeviceHandle

extern

Holds the global handle of device which is used to send the request to the kernel by IOCTL, this handle is not used for IRP Pending of message tracing this handle is used in KD VMM.

g_IsConnectedToHyperDbgLocally

BOOLEAN g_IsConnectedToHyperDbgLocally

extern

Shows whether the user is allowed to use 'load' command to load modules locally in VMI (virtual machine introspection) mode.

g_IsDebuggerModulesLoaded

BOOLEAN g_IsDebuggerModulesLoaded

extern

this variable is used to indicate that modules are loaded so we make sure to later use a trace of loading in 'unload' command (used in Debugger VMM)

g_IsDriverLoadedSuccessfully

HANDLE g_IsDriverLoadedSuccessfully

extern

Handle to show that if the debugger is loaded successfully.