HyperDbg Debugger
Loading...
Searching...
No Matches
Functions | Variables
pa2va.cpp File Reference

!pa2va command More...

#include "pch.h"

Functions

VOID CommandPa2vaHelp ()
 help of the !pa2va command
 
VOID CommandPa2va (vector< string > SplitCommand, string Command)
 !pa2va command handler
 

Variables

BOOLEAN g_IsSerialConnectedToRemoteDebuggee
 Shows if the debugger was connected to remote debuggee over (A remote guest)
 
ACTIVE_DEBUGGING_PROCESS g_ActiveProcessDebuggingState
 State of active debugging thread.
 

Detailed Description

!pa2va command

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.1
Date
2020-07-16
Copyright
This project is released under the GNU Public License v3.

Function Documentation

◆ CommandPa2va()

VOID CommandPa2va ( vector< string > SplitCommand,
string Command )

!pa2va command handler

Parameters
SplitCommand
Command
Returns
VOID
49{
50 BOOL Status;
51 ULONG ReturnedLength;
52 UINT64 TargetPa;
53 UINT32 Pid = 0;
54 DEBUGGER_VA2PA_AND_PA2VA_COMMANDS AddressDetails = {0};
55 vector<string> SplitCommandCaseSensitive {Split(Command, ' ')};
56
57 if (SplitCommand.size() == 1 || SplitCommand.size() >= 5 ||
58 SplitCommand.size() == 3)
59 {
60 ShowMessages("incorrect use of the '!pa2va'\n\n");
61 CommandPa2vaHelp();
62 return;
63 }
64
65 //
66 // By default if the user-debugger is active, we use these commands
67 // on the memory layout of the debuggee process
68 //
69 if (g_ActiveProcessDebuggingState.IsActive)
70 {
71 Pid = g_ActiveProcessDebuggingState.ProcessId;
72 }
73
74 if (SplitCommand.size() == 2)
75 {
76 //
77 // It's just a address for current process
78 //
79 if (!SymbolConvertNameOrExprToAddress(SplitCommandCaseSensitive.at(1), &TargetPa))
80 {
81 //
82 // Couldn't resolve or unknown parameter
83 //
84 ShowMessages("err, couldn't resolve error at '%s'\n",
85 SplitCommandCaseSensitive.at(1).c_str());
86 return;
87 }
88 }
89 else
90 {
91 //
92 // It might be address + pid
93 //
94 if (!SplitCommand.at(1).compare("pid"))
95 {
96 if (!ConvertStringToUInt32(SplitCommand.at(2), &Pid))
97 {
98 ShowMessages("incorrect address, please enter a valid process id\n");
99 return;
100 }
101 if (!SymbolConvertNameOrExprToAddress(SplitCommandCaseSensitive.at(3), &TargetPa))
102 {
103 //
104 // Couldn't resolve or unknown parameter
105 //
106 ShowMessages("err, couldn't resolve error at '%s'\n",
107 SplitCommandCaseSensitive.at(3).c_str());
108 return;
109 }
110 }
111 else if (!SplitCommand.at(2).compare("pid"))
112 {
113 if (!SymbolConvertNameOrExprToAddress(SplitCommandCaseSensitive.at(1), &TargetPa))
114 {
115 //
116 // Couldn't resolve or unknown parameter
117 //
118 ShowMessages("err, couldn't resolve error at '%s'\n",
119 SplitCommandCaseSensitive.at(1).c_str());
120
121 return;
122 }
123 if (!ConvertStringToUInt32(SplitCommand.at(3), &Pid))
124 {
125 ShowMessages("incorrect address, please enter a valid process id\n");
126 return;
127 }
128 }
129 else
130 {
131 ShowMessages("incorrect use of the '!pa2va'\n\n");
132 CommandPa2vaHelp();
133 return;
134 }
135 }
136
137 //
138 // Prepare the buffer
139 // We use same buffer for input and output
140 //
141 AddressDetails.PhysicalAddress = TargetPa;
142 AddressDetails.ProcessId = Pid; // it's null if in debugger mode
143 AddressDetails.IsVirtual2Physical = FALSE;
144
145 if (g_IsSerialConnectedToRemoteDebuggee)
146 {
147 //
148 // Check to prevent using process id in !pa2va command
149 //
150 if (Pid != 0)
151 {
152 ShowMessages(ASSERT_MESSAGE_CANNOT_SPECIFY_PID);
153 return;
154 }
155
156 //
157 // Send the request over serial kernel debugger
158 //
159
160 KdSendVa2paAndPa2vaPacketToDebuggee(&AddressDetails);
161 }
162 else
163 {
164 AssertShowMessageReturnStmt(g_DeviceHandle, ASSERT_MESSAGE_DRIVER_NOT_LOADED, AssertReturn);
165
166 if (Pid == 0)
167 {
168 Pid = GetCurrentProcessId();
169 AddressDetails.ProcessId = Pid;
170 }
171
172 //
173 // Send IOCTL
174 //
175 Status = DeviceIoControl(
176 g_DeviceHandle, // Handle to device
177 IOCTL_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS, // IO Control Code (IOCTL)
178 &AddressDetails, // Input Buffer to driver.
179 SIZEOF_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS, // Input buffer length
180 &AddressDetails, // Output Buffer from driver.
181 SIZEOF_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS, // Length of output
182 // buffer in bytes.
183 &ReturnedLength, // Bytes placed in buffer.
184 NULL // synchronous call
185 );
186
187 if (!Status)
188 {
189 ShowMessages("ioctl failed with code 0x%x\n", GetLastError());
190 return;
191 }
192
193 if (AddressDetails.KernelStatus == DEBUGGER_OPERATION_WAS_SUCCESSFUL)
194 {
195 //
196 // Show the results
197 //
198 ShowMessages("%llx\n", AddressDetails.VirtualAddress);
199 }
200 else
201 {
202 //
203 // An err occurred, no results
204 //
205 ShowErrorMessage(AddressDetails.KernelStatus);
206 }
207 }
208}
BOOL
int BOOL
Definition BasicTypes.h:23
FALSE
#define FALSE
Definition BasicTypes.h:54
UINT64
unsigned __int64 UINT64
Definition BasicTypes.h:21
UINT32
unsigned int UINT32
Definition BasicTypes.h:48
ULONG
unsigned long ULONG
Definition BasicTypes.h:37
DEBUGGER_OPERATION_WAS_SUCCESSFUL
#define DEBUGGER_OPERATION_WAS_SUCCESSFUL
General value to indicate that the operation or request was successful.
Definition ErrorCodes.h:23
IOCTL_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS
#define IOCTL_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS
ioctl, for !va2pa and !pa2va commands
Definition Ioctls.h:127
SIZEOF_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS
#define SIZEOF_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS
Definition RequestStructures.h:46
Split
const vector< string > Split(const string &s, const char &c)
general split command
Definition common.cpp:117
ConvertStringToUInt32
BOOLEAN ConvertStringToUInt32(string TextToConvert, PUINT32 Result)
check and convert string to a 32 bit unsigned it and also check for special notations like 0x etc.
Definition common.cpp:347
ShowErrorMessage
BOOLEAN ShowErrorMessage(UINT32 Error)
shows the error message
Definition debugger.cpp:38
KdSendVa2paAndPa2vaPacketToDebuggee
BOOLEAN KdSendVa2paAndPa2vaPacketToDebuggee(PDEBUGGER_VA2PA_AND_PA2VA_COMMANDS Va2paAndPa2vaPacket)
Sends VA2PA and PA2VA packest, or '!va2pa' and '!pa2va' commands packet to the debuggee.
Definition kd.cpp:965
AssertShowMessageReturnStmt
#define AssertShowMessageReturnStmt(expr, message, rc)
Definition common.h:51
ASSERT_MESSAGE_CANNOT_SPECIFY_PID
#define ASSERT_MESSAGE_CANNOT_SPECIFY_PID
Definition common.h:31
AssertReturn
#define AssertReturn
Definition common.h:19
ASSERT_MESSAGE_DRIVER_NOT_LOADED
#define ASSERT_MESSAGE_DRIVER_NOT_LOADED
Definition common.h:25
g_DeviceHandle
HANDLE g_DeviceHandle
Holds the global handle of device which is used to send the request to the kernel by IOCTL,...
Definition globals.h:471
ShowMessages
VOID ShowMessages(const char *Fmt,...)
Show messages.
Definition libhyperdbg.cpp:96
CommandPa2vaHelp
VOID CommandPa2vaHelp()
help of the !pa2va command
Definition pa2va.cpp:26
g_IsSerialConnectedToRemoteDebuggee
BOOLEAN g_IsSerialConnectedToRemoteDebuggee
Shows if the debugger was connected to remote debuggee over (A remote guest)
Definition globals.h:231
g_ActiveProcessDebuggingState
ACTIVE_DEBUGGING_PROCESS g_ActiveProcessDebuggingState
State of active debugging thread.
Definition globals.h:362
_ACTIVE_DEBUGGING_PROCESS::ProcessId
UINT32 ProcessId
Definition ud.h:51
_ACTIVE_DEBUGGING_PROCESS::IsActive
BOOLEAN IsActive
Definition ud.h:49
_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS
requests for !va2pa and !pa2va commands
Definition RequestStructures.h:54
_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS::IsVirtual2Physical
BOOLEAN IsVirtual2Physical
Definition RequestStructures.h:58
_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS::KernelStatus
UINT32 KernelStatus
Definition RequestStructures.h:59
_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS::PhysicalAddress
UINT64 PhysicalAddress
Definition RequestStructures.h:56
_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS::ProcessId
UINT32 ProcessId
Definition RequestStructures.h:57
_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS::VirtualAddress
UINT64 VirtualAddress
Definition RequestStructures.h:55
SymbolConvertNameOrExprToAddress
BOOLEAN SymbolConvertNameOrExprToAddress(const string &TextToConvert, PUINT64 Result)
check and convert string to a 64 bit unsigned integer and also check for symbol object names and eval...
Definition symbol.cpp:360

◆ CommandPa2vaHelp()

VOID CommandPa2vaHelp ( )

help of the !pa2va command

Returns
VOID
27{
28 ShowMessages("!pa2va : converts virtual address to physical address.\n\n");
29
30 ShowMessages("syntax : \t!pa2va [PhysicalAddress (hex)] [pid ProcessId (hex)]\n");
31
32 ShowMessages("\n");
33 ShowMessages("\t\te.g : !pa2va nt!ExAllocatePoolWithTag\n");
34 ShowMessages("\t\te.g : !pa2va nt!ExAllocatePoolWithTag+5\n");
35 ShowMessages("\t\te.g : !pa2va @rax+5\n");
36 ShowMessages("\t\te.g : !pa2va fffff801deadbeef\n");
37 ShowMessages("\t\te.g : !pa2va fffff801deadbeef pid 0xc8\n");
38}

Variable Documentation

◆ g_ActiveProcessDebuggingState

ACTIVE_DEBUGGING_PROCESS g_ActiveProcessDebuggingState
extern

State of active debugging thread.

362{0};

◆ g_IsSerialConnectedToRemoteDebuggee

BOOLEAN g_IsSerialConnectedToRemoteDebuggee
extern

Shows if the debugger was connected to remote debuggee over (A remote guest)