HyperDbg Debugger
Loading...
Searching...
No Matches
pa2va.cpp File Reference

!pa2va command More...

#include "pch.h"

Functions

VOID CommandPa2vaHelp ()
 help of the !pa2va command
VOID CommandPa2va (vector< CommandToken > CommandTokens, string Command)
 !pa2va command handler

Variables

BOOLEAN g_IsKdModuleLoaded
 shows whether the kernel debugger (KD) module is loaded or not
BOOLEAN g_IsSerialConnectedToRemoteDebuggee
 Shows if the debugger was connected to remote debuggee over (A remote guest).
ACTIVE_DEBUGGING_PROCESS g_ActiveProcessDebuggingState
 State of active debugging thread.

Detailed Description

!pa2va command

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.1
Date
2020-07-16

Function Documentation

◆ CommandPa2va()

VOID CommandPa2va ( vector< CommandToken > CommandTokens,
string Command )

!pa2va command handler

Parameters
CommandTokens
Command
Returns
VOID
51{
52 BOOL Status;
53 ULONG ReturnedLength;
54 UINT64 TargetPa;
55 UINT32 Pid = 0;
56 DEBUGGER_VA2PA_AND_PA2VA_COMMANDS AddressDetails = {0};
57
58 if (CommandTokens.size() == 1 || CommandTokens.size() >= 5 || CommandTokens.size() == 3)
59 {
60 ShowMessages("incorrect use of the '%s'\n\n",
61 GetCaseSensitiveStringFromCommandToken(CommandTokens.at(0)).c_str());
62
64 return;
65 }
66
67 //
68 // By default if the user-debugger is active, we use these commands
69 // on the memory layout of the debuggee process
70 //
72 {
73 Pid = g_ActiveProcessDebuggingState.ProcessId;
74 }
75
76 if (CommandTokens.size() == 2)
77 {
78 //
79 // It's just a address for current process
80 //
82 {
83 //
84 // Couldn't resolve or unknown parameter
85 //
86 ShowMessages("err, couldn't resolve error at '%s'\n",
87 GetCaseSensitiveStringFromCommandToken(CommandTokens.at(1)).c_str());
88 return;
89 }
90 }
91 else
92 {
93 //
94 // It might be address + pid
95 //
96 if (CompareLowerCaseStrings(CommandTokens.at(1), "pid"))
97 {
98 if (!ConvertTokenToUInt32(CommandTokens.at(2), &Pid))
99 {
100 ShowMessages("incorrect address, please enter a valid process id\n");
101 return;
102 }
104 {
105 //
106 // Couldn't resolve or unknown parameter
107 //
108 ShowMessages("err, couldn't resolve error at '%s'\n",
109 GetCaseSensitiveStringFromCommandToken(CommandTokens.at(3)).c_str());
110 return;
111 }
112 }
113 else if (CompareLowerCaseStrings(CommandTokens.at(2), "pid"))
114 {
116 {
117 //
118 // Couldn't resolve or unknown parameter
119 //
120 ShowMessages("err, couldn't resolve error at '%s'\n",
121 GetCaseSensitiveStringFromCommandToken(CommandTokens.at(1)).c_str());
122
123 return;
124 }
125 if (!ConvertTokenToUInt32(CommandTokens.at(3), &Pid))
126 {
127 ShowMessages("incorrect address, please enter a valid process id\n");
128 return;
129 }
130 }
131 else
132 {
133 ShowMessages("incorrect use of the '%s'\n\n",
134 GetCaseSensitiveStringFromCommandToken(CommandTokens.at(0)).c_str());
136 return;
137 }
138 }
139
140 //
141 // Prepare the buffer
142 // We use same buffer for input and output
143 //
144 AddressDetails.PhysicalAddress = TargetPa;
145 AddressDetails.ProcessId = Pid; // it's null if in debugger mode
146 AddressDetails.IsVirtual2Physical = FALSE;
147
149 {
150 //
151 // Check to prevent using process id in !pa2va command
152 //
153 if (Pid != 0)
154 {
156 return;
157 }
158
159 //
160 // Send the request over serial kernel debugger
161 //
162
164 }
165 else
166 {
168
169 if (Pid == 0)
170 {
171 Pid = GetCurrentProcessId();
172 AddressDetails.ProcessId = Pid;
173 }
174
175 //
176 // Send IOCTL
177 //
178 Status = DeviceIoControl(
179 g_DeviceHandle, // Handle to device
180 IOCTL_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS, // IO Control Code (IOCTL)
181 &AddressDetails, // Input Buffer to driver.
182 SIZEOF_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS, // Input buffer length
183 &AddressDetails, // Output Buffer from driver.
185 // buffer in bytes.
186 &ReturnedLength, // Bytes placed in buffer.
187 NULL // synchronous call
188 );
189
190 if (!Status)
191 {
192 ShowMessages("ioctl failed with code 0x%x\n", GetLastError());
193 return;
194 }
195
197 {
198 //
199 // Show the results
200 //
201 ShowMessages("%llx\n", AddressDetails.VirtualAddress);
202 }
203 else
204 {
205 //
206 // An err occurred, no results
207 //
208 ShowErrorMessage(AddressDetails.KernelStatus);
209 }
210 }
211}
BOOLEAN g_IsSerialConnectedToRemoteDebuggee
Shows if the debugger was connected to remote debuggee over (A remote guest).
Definition globals.h:253
ACTIVE_DEBUGGING_PROCESS g_ActiveProcessDebuggingState
State of active debugging thread.
Definition globals.h:372
int BOOL
Definition BasicTypes.h:25
#define FALSE
Definition BasicTypes.h:113
unsigned int UINT32
Definition BasicTypes.h:54
unsigned long ULONG
Definition BasicTypes.h:31
#define DEBUGGER_OPERATION_WAS_SUCCESSFUL
General value to indicate that the operation or request was successful.
Definition ErrorCodes.h:23
#define IOCTL_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS
ioctl, for !va2pa and !pa2va commands
Definition Ioctls.h:185
#define SIZEOF_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS
Definition RequestStructures.h:77
struct _DEBUGGER_VA2PA_AND_PA2VA_COMMANDS DEBUGGER_VA2PA_AND_PA2VA_COMMANDS
requests for !va2pa and !pa2va commands
std::string GetCaseSensitiveStringFromCommandToken(CommandToken TargetToken)
Get case sensitive string from command token.
Definition common.cpp:467
BOOLEAN CompareLowerCaseStrings(CommandToken TargetToken, const CHAR *StringToCompare)
Compare lower case strings.
Definition common.cpp:503
BOOLEAN ConvertTokenToUInt32(CommandToken TargetToken, PUINT32 Result)
check and convert command token to a 32 bit unsigned integer
Definition common.cpp:546
BOOLEAN ShowErrorMessage(UINT32 Error)
shows the error message
Definition debugger.cpp:40
BOOLEAN KdSendVa2paAndPa2vaPacketToDebuggee(PDEBUGGER_VA2PA_AND_PA2VA_COMMANDS Va2paAndPa2vaPacket)
Sends VA2PA and PA2VA packest, or '!va2pa' and '!pa2va' commands packet to the debuggee.
Definition kd.cpp:965
#define ASSERT_MESSAGE_KD_NOT_LOADED
Definition common.h:29
#define ASSERT_MESSAGE_CANNOT_SPECIFY_PID
Definition common.h:39
#define AssertShowMessageReturnStmt(expr1, expr2, message1, message2, rc)
Definition common.h:59
#define AssertReturn
Definition common.h:19
#define ASSERT_MESSAGE_DRIVER_NOT_LOADED
Definition common.h:27
HANDLE g_DeviceHandle
Holds the global handle of device which is used to send the request to the kernel by IOCTL,...
Definition globals.h:481
BOOLEAN g_IsKdModuleLoaded
shows whether the kernel debugger (KD) module is loaded or not
Definition globals.h:22
VOID CommandPa2vaHelp()
help of the !pa2va command
Definition pa2va.cpp:27
BOOLEAN IsVirtual2Physical
Definition RequestStructures.h:89
UINT32 KernelStatus
Definition RequestStructures.h:90
UINT64 PhysicalAddress
Definition RequestStructures.h:87
UINT32 ProcessId
Definition RequestStructures.h:88
UINT64 VirtualAddress
Definition RequestStructures.h:86
BOOLEAN SymbolConvertNameOrExprToAddress(const string &TextToConvert, PUINT64 Result)
check and convert string to a 64 bit unsigned integer and also check for symbol object names and eval...
Definition symbol.cpp:359

◆ CommandPa2vaHelp()

VOID CommandPa2vaHelp ( )

help of the !pa2va command

Returns
VOID
28{
29 ShowMessages("!pa2va : converts virtual address to physical address.\n\n");
30
31 ShowMessages("syntax : \t!pa2va [PhysicalAddress (hex)] [pid ProcessId (hex)]\n");
32
33 ShowMessages("\n");
34 ShowMessages("\t\te.g : !pa2va nt!ExAllocatePoolWithTag\n");
35 ShowMessages("\t\te.g : !pa2va nt!ExAllocatePoolWithTag+5\n");
36 ShowMessages("\t\te.g : !pa2va @rax+5\n");
37 ShowMessages("\t\te.g : !pa2va fffff801deadbeef\n");
38 ShowMessages("\t\te.g : !pa2va fffff801deadbeef pid 0xc8\n");
39}

Variable Documentation

◆ g_ActiveProcessDebuggingState

ACTIVE_DEBUGGING_PROCESS g_ActiveProcessDebuggingState
extern

State of active debugging thread.

372{0};

◆ g_IsKdModuleLoaded

BOOLEAN g_IsKdModuleLoaded
extern

shows whether the kernel debugger (KD) module is loaded or not

◆ g_IsSerialConnectedToRemoteDebuggee

BOOLEAN g_IsSerialConnectedToRemoteDebuggee
extern

Shows if the debugger was connected to remote debuggee over (A remote guest).