HyperDbg Debugger
Loading...
Searching...
No Matches
smi.cpp File Reference

!smi command More...

#include "pch.h"

Functions

VOID CommandSmiHelp ()
 help of the !smi command
BOOLEAN CommandSmiSendRequest (SMI_OPERATION_PACKETS *SmiOperationRequest)
 Send SMI requests.
BOOLEAN HyperDbgPerformSmiOperation (SMI_OPERATION_PACKETS *SmiOperation)
 Request to perform an SMI operation.
VOID CommandSmi (vector< CommandToken > CommandTokens, string Command)
 !smi command handler

Variables

BOOLEAN g_IsKdModuleLoaded
 shows whether the kernel debugger (KD) module is loaded or not
BOOLEAN g_IsSerialConnectedToRemoteDebuggee
 Shows if the debugger was connected to remote debuggee over (A remote guest).

Detailed Description

!smi command

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.15
Date
2025-08-02

Function Documentation

◆ CommandSmi()

VOID CommandSmi ( vector< CommandToken > CommandTokens,
string Command )

!smi command handler

Parameters
CommandTokens
Command
Returns
VOID
124{
125 SMI_OPERATION_PACKETS SmiOperationRequest = {0};
126
127 if (CommandTokens.size() != 2)
128 {
129 ShowMessages("incorrect use of the '%s'\n\n",
130 GetCaseSensitiveStringFromCommandToken(CommandTokens.at(0)).c_str());
131
133 return;
134 }
135
136 if (CompareLowerCaseStrings(CommandTokens.at(1), "count"))
137 {
139 }
140 else if (CompareLowerCaseStrings(CommandTokens.at(1), "trigger"))
141 {
143 }
144 else
145 {
146 ShowMessages("incorrect use of the '%s'\n\n",
147 GetCaseSensitiveStringFromCommandToken(CommandTokens.at(0)).c_str());
149 return;
150 }
151
152 //
153 // Send the SMI operation request
154 //
155 if (CommandSmiSendRequest(&SmiOperationRequest))
156 {
158 {
159 if (SmiOperationRequest.SmiCount == 0)
160 {
161 ShowMessages("SMI count: 0 (for security reasons, nested-virtualization environment (VMs) are unable to communicate with UEFI firmware)\n");
162 }
163 else
164 {
165 ShowMessages("SMI count: 0x%x\n", SmiOperationRequest.SmiCount);
166 }
167 }
169 {
170 ShowMessages("power SMI triggered successfully (you can use '!smi count' to view the number of executed SMIs)\n");
171 }
172 }
173 else
174 {
175 ShowErrorMessage(SmiOperationRequest.KernelStatus);
176 return;
177 }
178}
@ SMI_OPERATION_REQUEST_TYPE_READ_COUNT
Definition RequestStructures.h:1254
@ SMI_OPERATION_REQUEST_TYPE_TRIGGER_POWER_SMI
Definition RequestStructures.h:1255
struct _SMI_OPERATION_PACKETS SMI_OPERATION_PACKETS
The structure of I/O APIC result packet in HyperDbg.
std::string GetCaseSensitiveStringFromCommandToken(CommandToken TargetToken)
Get case sensitive string from command token.
Definition common.cpp:467
BOOLEAN CompareLowerCaseStrings(CommandToken TargetToken, const CHAR *StringToCompare)
Compare lower case strings.
Definition common.cpp:503
BOOLEAN ShowErrorMessage(UINT32 Error)
shows the error message
Definition debugger.cpp:40
BOOLEAN CommandSmiSendRequest(SMI_OPERATION_PACKETS *SmiOperationRequest)
Send SMI requests.
Definition smi.cpp:46
VOID CommandSmiHelp()
help of the !smi command
Definition smi.cpp:26
UINT32 KernelStatus
Definition RequestStructures.h:1267
UINT64 SmiCount
Definition RequestStructures.h:1266
SMI_OPERATION_REQUEST_TYPE SmiOperationType
Definition RequestStructures.h:1265

◆ CommandSmiHelp()

VOID CommandSmiHelp ( )

help of the !smi command

Returns
VOID
27{
28 ShowMessages("!smi : shows details and triggers functionalities related to System Management Interrupt (SMI).\n");
29 ShowMessages("Note : SMIs are triggered using APM I/O Decode Registers and SMI count are from MSR_SMI_COUNT MSR (0x34).\n\n");
30
31 ShowMessages("syntax : \t!smi [Function (string)]\n");
32
33 ShowMessages("\n");
34 ShowMessages("\t\te.g : !smi count\n");
35 ShowMessages("\t\te.g : !smi trigger\n");
36}

◆ CommandSmiSendRequest()

BOOLEAN CommandSmiSendRequest ( SMI_OPERATION_PACKETS * SmiOperationRequest)

Send SMI requests.

Parameters
SmiRequest
Returns
VOID
47{
48 BOOL Status;
49 ULONG ReturnedLength;
50
52 {
53 //
54 // Send the request over serial kernel debugger
55 //
57 {
58 return FALSE;
59 }
60 else
61 {
62 return TRUE;
63 }
64 }
65 else
66 {
68
69 //
70 // Send IOCTL
71 //
72 Status = DeviceIoControl(
73 g_DeviceHandle, // Handle to device
74 IOCTL_PERFORM_SMI_OPERATION, // IO Control Code (IOCTL)
75 SmiOperationRequest, // Input Buffer to driver.
76 SIZEOF_SMI_OPERATION_PACKETS, // Input buffer length
77 SmiOperationRequest, // Output Buffer from driver.
78 SIZEOF_SMI_OPERATION_PACKETS, // Length of output buffer in bytes.
79 &ReturnedLength, // Bytes placed in buffer.
80 NULL // synchronous call
81 );
82
83 if (!Status)
84 {
85 ShowMessages("ioctl failed with code 0x%x\n", GetLastError());
86
87 return FALSE;
88 }
89
90 if (SmiOperationRequest->KernelStatus == DEBUGGER_OPERATION_WAS_SUCCESSFUL)
91 {
92 return TRUE;
93 }
94 else
95 {
96 return FALSE;
97 }
98 }
99}
BOOLEAN g_IsSerialConnectedToRemoteDebuggee
Shows if the debugger was connected to remote debuggee over (A remote guest).
Definition globals.h:253
int BOOL
Definition BasicTypes.h:25
#define TRUE
Definition BasicTypes.h:114
#define FALSE
Definition BasicTypes.h:113
unsigned long ULONG
Definition BasicTypes.h:31
#define DEBUGGER_OPERATION_WAS_SUCCESSFUL
General value to indicate that the operation or request was successful.
Definition ErrorCodes.h:23
#define IOCTL_PERFORM_SMI_OPERATION
ioctl, to perform SMI operations
Definition Ioctls.h:389
#define SIZEOF_SMI_OPERATION_PACKETS
Debugger size of SMI_OPERATION_PACKETS.
Definition RequestStructures.h:1275
BOOLEAN KdSendSmiPacketsToDebuggee(PSMI_OPERATION_PACKETS SmiOperationRequest, UINT32 ExpectedRequestSize)
Send requests for SMI operation packet to the debuggee.
Definition kd.cpp:1031
#define ASSERT_MESSAGE_KD_NOT_LOADED
Definition common.h:29
#define AssertShowMessageReturnStmt(expr1, expr2, message1, message2, rc)
Definition common.h:59
#define ASSERT_MESSAGE_DRIVER_NOT_LOADED
Definition common.h:27
#define AssertReturnFalse
Definition common.h:21
HANDLE g_DeviceHandle
Holds the global handle of device which is used to send the request to the kernel by IOCTL,...
Definition globals.h:481
BOOLEAN g_IsKdModuleLoaded
shows whether the kernel debugger (KD) module is loaded or not
Definition globals.h:22

◆ HyperDbgPerformSmiOperation()

BOOLEAN HyperDbgPerformSmiOperation ( SMI_OPERATION_PACKETS * SmiOperation)

Request to perform an SMI operation.

Parameters
SmiOperation
Returns
BOOLEAN
110{
111 return CommandSmiSendRequest(SmiOperation);
112}

Variable Documentation

◆ g_IsKdModuleLoaded

BOOLEAN g_IsKdModuleLoaded
extern

shows whether the kernel debugger (KD) module is loaded or not

◆ g_IsSerialConnectedToRemoteDebuggee

BOOLEAN g_IsSerialConnectedToRemoteDebuggee
extern

Shows if the debugger was connected to remote debuggee over (A remote guest).