Read kernel buffers using IRP Pending.
33{
38 HANDLE Handle;
40
43
44
45
46
47
48
49 Handle = CreateFileA(
50 "\\\\.\\HyperDbgDebuggerDevice",
51 GENERIC_READ | GENERIC_WRITE,
52 FILE_SHARE_READ | FILE_SHARE_WRITE,
53 NULL,
54 OPEN_EXISTING,
55 FILE_ATTRIBUTE_NORMAL,
56 NULL);
57
58 if (Handle == INVALID_HANDLE_VALUE)
59 {
60 ErrorNum = GetLastError();
61
62 if (ErrorNum == ERROR_ACCESS_DENIED)
63 {
64 ShowMessages("err, access denied\nare you sure you have administrator "
65 "rights?\n");
66 }
67 else if (ErrorNum == ERROR_GEN_FAILURE)
68 {
69 ShowMessages("err, a device attached to the system is not functioning\n"
70 "vmx feature might be disabled from BIOS or VBS/HVCI is active\n");
71 }
72 else
73 {
74 ShowMessages("err, CreateFile failed with (%x)\n", ErrorNum);
75 }
76
79
80 return;
81 }
82
83
84
85
87
88 try
89 {
91 {
92
93
94
96
97 Status = DeviceIoControl(
98 Handle,
100 &RegisterEvent,
102
103 OutputBuffer,
105 &ReturnedLength,
106 NULL
107 );
108
109 if (!Status)
110 {
111
112
113
114
115
116
117
118
119
120 continue;
121 }
122
123
124
125
126 memcpy(&OperationCode, OutputBuffer,
sizeof(
UINT32));
127
128
129
130
131
132
133
134
136 {
138 }
139
140 switch (OperationCode)
141 {
143
145 {
146
147
148
149
150 continue;
151 }
152
153 ShowMessages(
"%s", OutputBuffer +
sizeof(
UINT32));
154
155 break;
156
158
159 ShowMessages(
"%s", OutputBuffer +
sizeof(
UINT32));
160
161 break;
162
164
166 {
167
168
169
170
171 continue;
172 }
173
174 ShowMessages(
"%s", OutputBuffer +
sizeof(
UINT32));
175
176 break;
177
180 {
181
182
183
184
185 continue;
186 }
187
188 ShowMessages(
"%s", OutputBuffer +
sizeof(
UINT32));
189
190 break;
191
193
195 {
196
197
198
199
200 continue;
201 }
202
203 ShowMessages(
"%s", OutputBuffer +
sizeof(
UINT32));
204
205 break;
206
208
210
211 break;
212
214
216
217 break;
218
220
223 ReturnedLength);
224
225 break;
226
228
231 ReturnedLength);
232
233 break;
234
236
240
241 break;
242
244
248
249 break;
250
252
253
254
255
257
258 break;
259
261
262
263
264
265
266
267 break;
268
270
271
272
273
276
277 break;
278
280
281
282
283
286
287 break;
288
289 default:
290
291
292
293
295 OutputBuffer +
sizeof(
UINT32),
296 ReturnedLength -
sizeof(
UINT32) - 1))
297 {
299 {
300
301
302
303
304 continue;
305 }
306
307 ShowMessages(
"%s", OutputBuffer +
sizeof(
UINT32));
308 }
309
310 break;
311 }
312 }
313 }
314 catch (const std::exception &)
315 {
316 ShowMessages("err, exception occurred in creating handle or parsing buffer\n");
317 }
318
319 free(OutputBuffer);
320
321
322
323
324 if (!CloseHandle(Handle))
325 {
326 ShowMessages("err, closing handle 0x%x\n", GetLastError());
327 }
328}
#define DefaultSpeedOfReadingKernelMessages
The speed delay for showing messages from kernel-mode to user-mode in VMI-mode, using a lower value c...
Definition Definition.h:132
BOOLEAN ForwardingCheckAndPerformEventForwarding(UINT32 OperationCode, CHAR *Message, UINT32 MessageLength)
Check and send the event result to the corresponding sources.
Definition forwarding.cpp:439
BOOLEAN KdRegisterEventInDebuggee(PDEBUGGER_GENERAL_EVENT_DETAIL EventRegBuffer, UINT32 Length)
Register an event in the debuggee.
Definition kd.cpp:3144
BOOLEAN KdSendModifyEventInDebuggee(PDEBUGGER_MODIFY_EVENTS ModifyEvent, BOOLEAN SendTheResultBackToDebugger)
Modify the event ioctl in the debuggee.
Definition kd.cpp:3248
BOOLEAN KdCloseConnection()
Send close packet to the debuggee and debugger.
Definition kd.cpp:3056
VOID KdHandleUserInputInDebuggee(DEBUGGEE_USER_INPUT_PACKET *Descriptor)
Handle user-input in debuggee.
Definition kd.cpp:3308
BOOLEAN KdReloadSymbolsInDebuggee(BOOLEAN PauseDebuggee, UINT32 UserProcessId)
Send the packets of reloading symbols to build a new symbol table to the debugger and send the finish...
Definition kd.cpp:3015
BOOLEAN KdAddActionToEventInDebuggee(PDEBUGGER_GENERAL_ACTION ActionAddingBuffer, UINT32 Length)
Add action to an event in the debuggee.
Definition kd.cpp:3198
HANDLE g_DeviceHandle
Holds the global handle of device which is used to send the request to the kernel by IOCTL,...
Definition globals.h:481
HANDLE g_IsDriverLoadedSuccessfully
Handle to show that if the debugger is loaded successfully.
Definition globals.h:152
BOOLEAN g_IsMessageLoggingWindowClosed
Shows whether the message logging window is closed or not.
Definition globals.h:472
NULL()
Definition test-case-generator.py:530
BOOLEAN g_OutputSourcesInitialized
it shows whether the debugger started using output sources or not or in other words,...
Definition globals.h:418
BOOLEAN g_BreakPrintingOutput
Shows whether the pause command or CTRL+C or CTRL+Break is executed or not.
Definition globals.h:509
NOTIFY_TYPE Type
Definition DataTypes.h:312
HANDLE hEvent
Definition DataTypes.h:313
VOID UdHandleUserDebuggerPausing(PDEBUGGEE_UD_PAUSED_PACKET PausePacket)
Handle pause packets from user debugger.
Definition user-listening.cpp:29