!measure command More...

#include "pch.h"

Functions
VOID	CommandMeasureHelp ()
	help of the !measure command

VOID	CommandMeasure (vector< string > SplitCommand, string Command)
	!measure command handler

Variables
UINT64	g_CpuidAverage
	The average calculated from the measurements of cpuid '!measure' command.

UINT64	g_CpuidStandardDeviation
	The standard deviation calculated from the measurements of cpuid '!measure' command.

UINT64	g_CpuidMedian
	The median calculated from the measurements of cpuid '!measure' command.

UINT64	g_RdtscAverage
	The average calculated from the measurements of rdtsc/p '!measure' command.

UINT64	g_RdtscStandardDeviation
	The standard deviation calculated from the measurements of rdtsc/p '!measure' command.

UINT64	g_RdtscMedian
	The median calculated from the measurements of rdtsc/p '!measure' command.

BOOLEAN	g_TransparentResultsMeasured
	Shows whether the user executed and mesaured '!measure' command or not, it is because we want to use these measurements later in '!hide' command.

Detailed Description

!measure command

Author: Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)

Version: 0.1

Date: 2020-08-06

Copyright: This project is released under the GNU Public License v3.

Function Documentation

◆ CommandMeasure()

VOID CommandMeasure	(	vector< string >	SplitCommand,
		string	Command )

!measure command handler

Parameters

SplitCommand
Command

Returns: VOID

{
    BOOLEAN DefaultMode = FALSE;
 
    if (SplitCommand.size() >= 3)
    {
        ShowMessages("incorrect use of the '!measure'\n\n");
        CommandMeasureHelp();
        return;
    }
 
    if (SplitCommand.size() == 2 && SplitCommand.at(1).compare("default"))
    {
        ShowMessages("incorrect use of the '!measure'\n\n");
        CommandMeasureHelp();
        return;
    }
    else if (SplitCommand.size() == 2 &&
             !SplitCommand.at(1).compare("default"))
    {
        DefaultMode = TRUE;
    }
 
    //
    // Check if debugger is loaded or not
    //
    if (g_DeviceHandle && !DefaultMode)
    {
        ShowMessages(
            "Debugger is loaded and your machine is already in a hypervisor, you "
            "should measure the times before 'load'-ing the debugger, please "
            "'unload' the debugger and use '!measure' again or use '!measure "
            "default' to use hardcoded measurements\n");
        return;
    }
 
    if (!DefaultMode)
    {
        if (TransparentModeCheckHypervisorPresence(
                &g_CpuidAverage,
                &g_CpuidStandardDeviation,
                &g_CpuidMedian))
        {
            ShowMessages(
                "we detected that there is a hypervisor, on your system, it "
                "leads to wrong measurement results for our transparent-mode, please "
                "make sure that you're not in a hypervisor then measure the result "
                "again; otherwise the transparent-mode will not work but you can use "
                "'!measure default' to use the hardcoded measurements !\n\n");
 
            return;
        }
 
        if (TransparentModeCheckRdtscpVmexit(
                &g_RdtscAverage,
                &g_RdtscStandardDeviation,
                &g_RdtscMedian))
        {
            ShowMessages(
                "we detected that there is a hypervisor, on your system, it "
                "leads to wrong measurement results for our transparent-mode, please "
                "make sure that you're not in a hypervisor then measure the result "
                "again; otherwise the transparent-mode will not work but you can use "
                "'!measure default' to use the hardcoded measurements !\n\n");
 
            return;
        }
    }
    else
    {
        //
        // It's a default mode
        //
 
        //
        // Default values for cpuid
        //
        g_CpuidAverage           = 0x5f;
        g_CpuidStandardDeviation = 0x10;
        g_CpuidMedian            = 0x5f;
 
        //
        // Default values for rdtsc/p
        //
        g_RdtscAverage           = 0x16;
        g_RdtscStandardDeviation = 0x5;
        g_RdtscMedian            = 0x16;
    }
 
    ShowMessages("the measurements were successful\nyou can use the '!hide' command now\n");
 
    //
    // Indicate that the measurements was successful
    //
    g_TransparentResultsMeasured = TRUE;
}

◆ CommandMeasureHelp()

VOID CommandMeasureHelp ( )

help of the !measure command

Returns: VOID

{
    ShowMessages(
        "!measure : measures the arguments needs for the '!hide' command.\n\n");
 
    ShowMessages("syntax : \t!measure [default]\n");
 
    ShowMessages("\n");
    ShowMessages("\t\te.g : !measure\n");
    ShowMessages("\t\te.g : !measure default\n");
}

Variable Documentation

◆ g_CpuidAverage

UINT64 g_CpuidAverage

extern

The average calculated from the measurements of cpuid '!measure' command.

◆ g_CpuidMedian

UINT64 g_CpuidMedian

extern

The median calculated from the measurements of cpuid '!measure' command.

◆ g_CpuidStandardDeviation

UINT64 g_CpuidStandardDeviation

extern

The standard deviation calculated from the measurements of cpuid '!measure' command.

◆ g_RdtscAverage

UINT64 g_RdtscAverage

extern

The average calculated from the measurements of rdtsc/p '!measure' command.

◆ g_RdtscMedian

UINT64 g_RdtscMedian

extern

The median calculated from the measurements of rdtsc/p '!measure' command.

◆ g_RdtscStandardDeviation

UINT64 g_RdtscStandardDeviation

extern

The standard deviation calculated from the measurements of rdtsc/p '!measure' command.

◆ g_TransparentResultsMeasured

BOOLEAN g_TransparentResultsMeasured

extern

Shows whether the user executed and mesaured '!measure' command or not, it is because we want to use these measurements later in '!hide' command.

Functions

Variables

Detailed Description

Function Documentation

◆ CommandMeasure()

◆ CommandMeasureHelp()

Variable Documentation

◆ g_CpuidAverage

◆ g_CpuidMedian

◆ g_CpuidStandardDeviation

◆ g_RdtscAverage

◆ g_RdtscMedian

◆ g_RdtscStandardDeviation

◆ g_TransparentResultsMeasured