HyperDbg Debugger
Loading...
Searching...
No Matches
Functions | Variables
test.cpp File Reference

test command More...

#include "pch.h"

Functions

VOID CommandTestHelp ()
 help of the test command
 
BOOLEAN CommandTestPerformKernelTestsIoctl ()
 Send an IOCTL to the kernel to run the.
 
BOOLEAN CommandTestPerformTest ()
 perform test on the remote process
 
VOID CommandTestQueryState ()
 test command for query the state
 
VOID CommandTestQueryTrapState ()
 test command for query the trap state
 
VOID CommandTestQueryPreAllocPoolsState ()
 test command for query the state of pre-allocated pools
 
VOID CommandTestSetTargetTaskToHaltedCores (BOOLEAN Synchronous)
 test command for setting target tasks to halted cores
 
VOID CommandTestSetTargetTaskToTargetCore (UINT32 CoreNumber)
 test command for setting target task to the specified core
 
VOID CommandTestSetBreakpointState (BOOLEAN State)
 test command for turning on/off the breakpoints (#DB)
 
VOID CommandTestSetDebugBreakState (BOOLEAN State)
 test command for turning on/off the debug breaks (#DB)
 
VOID CommandTest (vector< string > SplitCommand, string Command)
 test command handler
 

Variables

BOOLEAN g_IsSerialConnectedToRemoteDebuggee
 Shows if the debugger was connected to remote debuggee over (A remote guest)
 

Detailed Description

test command

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.1
Date
2020-06-11
Copyright
This project is released under the GNU Public License v3.

Function Documentation

◆ CommandTest()

VOID CommandTest ( vector< string > SplitCommand,
string Command )

test command handler

Parameters
SplitCommand
Command
Returns
VOID
365{
366 UINT64 Context = NULL;
367
368 if (SplitCommand.size() == 1)
369 {
370 //
371 // For testing functionalities
372 //
373 CommandTestPerformTest();
374 }
375 else if (SplitCommand.size() == 2 && !SplitCommand.at(1).compare("query"))
376 {
377 //
378 // Query the state of debuggee in debugger mode
379 //
380 CommandTestQueryState();
381 }
382 else if (SplitCommand.size() == 2 && !SplitCommand.at(1).compare("trap-status"))
383 {
384 //
385 // Query the state of trap flag in debugger mode
386 //
387 CommandTestQueryTrapState();
388 }
389 else if (SplitCommand.size() == 2 && !SplitCommand.at(1).compare("pool"))
390 {
391 //
392 // Query the state of pre-allocated pools in debugger mode
393 //
394 CommandTestQueryPreAllocPoolsState();
395 }
396 else if (SplitCommand.size() == 2 && !SplitCommand.at(1).compare("sync-task"))
397 {
398 //
399 // Send target task to the halted cores in debugger mode (synchronous)
400 //
401 CommandTestSetTargetTaskToHaltedCores(TRUE);
402 }
403 else if (SplitCommand.size() == 2 && !SplitCommand.at(1).compare("async-task"))
404 {
405 //
406 // Send target task to the halted cores in debugger mode (asynchronous)
407 //
408 CommandTestSetTargetTaskToHaltedCores(FALSE);
409 }
410 else if (SplitCommand.size() == 3 && !SplitCommand.at(1).compare("target-core-task"))
411 {
412 if (!ConvertStringToUInt64(SplitCommand.at(2), &Context))
413 {
414 ShowMessages("err, you should enter a valid hex number as the core id\n\n");
415 return;
416 }
417
418 //
419 // Send target task to the specific halted core in debugger mode
420 //
421 CommandTestSetTargetTaskToTargetCore((UINT32)Context);
422 }
423 else if (SplitCommand.size() == 3 && !SplitCommand.at(1).compare("breakpoint"))
424 {
425 //
426 // Change breakpoint state
427 //
428 if (!SplitCommand.at(2).compare("on"))
429 {
430 CommandTestSetBreakpointState(TRUE);
431 }
432 else if (!SplitCommand.at(2).compare("off"))
433 {
434 CommandTestSetBreakpointState(FALSE);
435 }
436 else
437 {
438 ShowMessages("err, couldn't resolve error at '%s'\n\n", SplitCommand.at(2).c_str());
439 return;
440 }
441 }
442 else if (SplitCommand.size() == 3 && !SplitCommand.at(1).compare("trap"))
443 {
444 //
445 // Change debug break state
446 //
447 if (!SplitCommand.at(2).compare("on"))
448 {
449 CommandTestSetDebugBreakState(TRUE);
450 }
451 else if (!SplitCommand.at(2).compare("off"))
452 {
453 CommandTestSetDebugBreakState(FALSE);
454 }
455 else
456 {
457 ShowMessages("err, couldn't resolve error at '%s'\n\n", SplitCommand.at(2).c_str());
458 return;
459 }
460 }
461 else
462 {
463 ShowMessages("incorrect use of the 'test'\n\n");
464 CommandTestHelp();
465 return;
466 }
467}
TRUE
#define TRUE
Definition BasicTypes.h:55
FALSE
#define FALSE
Definition BasicTypes.h:54
UINT64
unsigned __int64 UINT64
Definition BasicTypes.h:21
UINT32
unsigned int UINT32
Definition BasicTypes.h:48
ConvertStringToUInt64
BOOLEAN ConvertStringToUInt64(string TextToConvert, PUINT64 Result)
check and convert string to a 64 bit unsigned integer and also check for special notations like 0x,...
Definition common.cpp:240
Context
NTKERNELAPI _In_opt_ PVOID Context
Definition Dpc.h:25
ShowMessages
VOID ShowMessages(const char *Fmt,...)
Show messages.
Definition libhyperdbg.cpp:96
test-case-generator.NULL
NULL()
Definition test-case-generator.py:530
CommandTestSetTargetTaskToTargetCore
VOID CommandTestSetTargetTaskToTargetCore(UINT32 CoreNumber)
test command for setting target task to the specified core
Definition test.cpp:285
CommandTestSetTargetTaskToHaltedCores
VOID CommandTestSetTargetTaskToHaltedCores(BOOLEAN Synchronous)
test command for setting target tasks to halted cores
Definition test.cpp:263
CommandTestQueryPreAllocPoolsState
VOID CommandTestQueryPreAllocPoolsState()
test command for query the state of pre-allocated pools
Definition test.cpp:241
CommandTestSetDebugBreakState
VOID CommandTestSetDebugBreakState(BOOLEAN State)
test command for turning on/off the debug breaks (#DB)
Definition test.cpp:334
CommandTestPerformTest
BOOLEAN CommandTestPerformTest()
perform test on the remote process
Definition test.cpp:106
CommandTestQueryState
VOID CommandTestQueryState()
test command for query the state
Definition test.cpp:199
CommandTestSetBreakpointState
VOID CommandTestSetBreakpointState(BOOLEAN State)
test command for turning on/off the breakpoints (#DB)
Definition test.cpp:306
CommandTestHelp
VOID CommandTestHelp()
help of the test command
Definition test.cpp:25
CommandTestQueryTrapState
VOID CommandTestQueryTrapState()
test command for query the trap state
Definition test.cpp:220

◆ CommandTestHelp()

VOID CommandTestHelp ( )

help of the test command

Returns
VOID
26{
27 ShowMessages(
28 "test : tests essential features of HyperDbg in current machine.\n");
29
30 ShowMessages("syntax : \ttest [Task (string)]\n");
31
32 ShowMessages("\n");
33 ShowMessages("\t\te.g : test\n");
34 ShowMessages("\t\te.g : test query\n");
35 ShowMessages("\t\te.g : test trap-status\n");
36 ShowMessages("\t\te.g : test pool\n");
37 ShowMessages("\t\te.g : test query\n");
38 ShowMessages("\t\te.g : test breakpoint on\n");
39 ShowMessages("\t\te.g : test breakpoint off\n");
40 ShowMessages("\t\te.g : test trap on\n");
41 ShowMessages("\t\te.g : test trap off\n");
42}

◆ CommandTestPerformKernelTestsIoctl()

BOOLEAN CommandTestPerformKernelTestsIoctl ( )

Send an IOCTL to the kernel to run the.

Returns
BOOLEAN
51{
52 BOOL Status;
53 ULONG ReturnedLength;
54 DEBUGGER_PERFORM_KERNEL_TESTS KernelTestRequest = {0};
55
56 AssertShowMessageReturnStmt(g_DeviceHandle, ASSERT_MESSAGE_DRIVER_NOT_LOADED, AssertReturnFalse);
57
58 //
59 // By the way, we don't need to send an input buffer
60 // to the kernel, but let's keep it like this, if we
61 // want to pass some other arguments to the kernel in
62 // the future
63 //
64 Status = DeviceIoControl(
65 g_DeviceHandle, // Handle to device
66 IOCTL_PERFROM_KERNEL_SIDE_TESTS, // IO Control Code (IOCTL)
67 &KernelTestRequest, // Input Buffer to driver.
68 SIZEOF_DEBUGGER_PERFORM_KERNEL_TESTS, // Input buffer length
69 &KernelTestRequest, // Output Buffer from driver.
70 SIZEOF_DEBUGGER_PERFORM_KERNEL_TESTS, // Length of output buffer in
71 // bytes.
72 &ReturnedLength, // Bytes placed in buffer.
73 NULL // synchronous call
74 );
75
76 if (!Status)
77 {
78 ShowMessages("ioctl failed with code 0x%x\n", GetLastError());
79 return FALSE;
80 }
81
82 if (KernelTestRequest.KernelStatus == DEBUGGER_OPERATION_WAS_SUCCESSFUL)
83 {
84 //
85 // Nothing to show
86 //
87 return TRUE;
88 }
89 else
90 {
91 //
92 // Show err message
93 //
94 ShowErrorMessage(KernelTestRequest.KernelStatus);
95 return FALSE;
96 }
97}
BOOL
int BOOL
Definition BasicTypes.h:23
ULONG
unsigned long ULONG
Definition BasicTypes.h:37
DEBUGGER_OPERATION_WAS_SUCCESSFUL
#define DEBUGGER_OPERATION_WAS_SUCCESSFUL
General value to indicate that the operation or request was successful.
Definition ErrorCodes.h:23
IOCTL_PERFROM_KERNEL_SIDE_TESTS
#define IOCTL_PERFROM_KERNEL_SIDE_TESTS
ioctl, to perform kernel-side tests
Definition Ioctls.h:212
SIZEOF_DEBUGGER_PERFORM_KERNEL_TESTS
#define SIZEOF_DEBUGGER_PERFORM_KERNEL_TESTS
Definition RequestStructures.h:343
ShowErrorMessage
BOOLEAN ShowErrorMessage(UINT32 Error)
shows the error message
Definition debugger.cpp:38
AssertShowMessageReturnStmt
#define AssertShowMessageReturnStmt(expr, message, rc)
Definition common.h:51
ASSERT_MESSAGE_DRIVER_NOT_LOADED
#define ASSERT_MESSAGE_DRIVER_NOT_LOADED
Definition common.h:25
AssertReturnFalse
#define AssertReturnFalse
Definition common.h:21
g_DeviceHandle
HANDLE g_DeviceHandle
Holds the global handle of device which is used to send the request to the kernel by IOCTL,...
Definition globals.h:471
_DEBUGGER_PERFORM_KERNEL_TESTS
request performing kernel tests
Definition RequestStructures.h:351
_DEBUGGER_PERFORM_KERNEL_TESTS::KernelStatus
UINT32 KernelStatus
Definition RequestStructures.h:352

◆ CommandTestPerformTest()

BOOLEAN CommandTestPerformTest ( )

perform test on the remote process

Returns
BOOLEAN returns true if the results was true and false if the results was not ok
107{
108 BOOLEAN ResultOfTest = FALSE;
109 HANDLE PipeHandle;
110 HANDLE ThreadHandle;
111 HANDLE ProcessHandle;
112 UINT32 ReadBytes;
113 CHAR * Buffer = NULL;
114
115 //
116 // Allocate memory
117 //
118 Buffer = (CHAR *)malloc(TEST_CASE_MAXIMUM_BUFFERS_TO_COMMUNICATE);
119
120 if (!Buffer)
121 {
122 ShowMessages("err, enable allocate communication buffer\n");
123 return FALSE;
124 }
125
126 RtlZeroMemory(Buffer, TEST_CASE_MAXIMUM_BUFFERS_TO_COMMUNICATE);
127
128 //
129 // Create tests process to create a thread for us
130 //
131 if (!CreateProcessAndOpenPipeConnection(&PipeHandle,
132 &ThreadHandle,
133 &ProcessHandle))
134 {
135 ShowMessages("err, enable to connect to the test process\n");
136
137 free(Buffer);
138
139 return FALSE;
140 }
141
142 //
143 // ***** Perform test specific routines *****
144 //
145
146 //
147 // Wait for the result of test to be received
148 //
149
150SendCommandAndWaitForResponse:
151
152 CHAR TestCommand[] = "this is a test command";
153
154 BOOLEAN SentMessageResult = NamedPipeServerSendMessageToClient(
155 PipeHandle,
156 TestCommand,
157 (UINT32)strlen(TestCommand) + 1);
158
159 if (!SentMessageResult)
160 {
161 //
162 // error in sending
163 //
164 return FALSE;
165 }
166
167 RtlZeroMemory(Buffer, TEST_CASE_MAXIMUM_BUFFERS_TO_COMMUNICATE);
168 ReadBytes =
169 NamedPipeServerReadClientMessage(PipeHandle, (char *)Buffer, TEST_CASE_MAXIMUM_BUFFERS_TO_COMMUNICATE);
170
171 if (!ReadBytes)
172 {
173 //
174 // Nothing to read
175 //
176 free(Buffer);
177
178 return FALSE;
179 }
180
181 goto SendCommandAndWaitForResponse;
182
183 //
184 // Close connection and remote process
185 //
186 CloseProcessAndClosePipeConnection(PipeHandle, ThreadHandle, ProcessHandle);
187
188 free(Buffer);
189
190 return ResultOfTest;
191}
BOOLEAN
UCHAR BOOLEAN
Definition BasicTypes.h:39
CHAR
char CHAR
Definition BasicTypes.h:31
TEST_CASE_MAXIMUM_BUFFERS_TO_COMMUNICATE
#define TEST_CASE_MAXIMUM_BUFFERS_TO_COMMUNICATE
Maximum buffer to communicate between debugger and debuggee process.
Definition Definition.h:60
NamedPipeServerReadClientMessage
UINT32 NamedPipeServerReadClientMessage(HANDLE PipeHandle, char *BufferToSave, int MaximumReadBufferLength)
read client message from the named pipe
Definition namedpipe.cpp:88
NamedPipeServerSendMessageToClient
BOOLEAN NamedPipeServerSendMessageToClient(HANDLE PipeHandle, char *BufferToSend, int BufferSize)
Definition namedpipe.cpp:123
CreateProcessAndOpenPipeConnection
BOOLEAN CreateProcessAndOpenPipeConnection(PHANDLE ConnectionPipeHandle, PHANDLE ThreadHandle, PHANDLE ProcessHandle)
Create a Process And Open Pipe Connection object.
Definition tests.cpp:111
CloseProcessAndClosePipeConnection
VOID CloseProcessAndClosePipeConnection(HANDLE ConnectionPipeHandle, HANDLE ThreadHandle, HANDLE ProcessHandle)
Close the pipe connection and the remote process.
Definition tests.cpp:311

◆ CommandTestQueryPreAllocPoolsState()

VOID CommandTestQueryPreAllocPoolsState ( )

test command for query the state of pre-allocated pools

Returns
VOID
242{
243 if (!g_IsSerialConnectedToRemoteDebuggee)
244 {
245 ShowMessages("err, query state of the debuggee is only possible when you connected "
246 "in debugger mode\n");
247 return;
248 }
249
250 //
251 // Send the query to the debuggee
252 //
253 KdSendTestQueryPacketToDebuggee(TEST_QUERY_PREALLOCATED_POOL_STATE);
254}
TEST_QUERY_PREALLOCATED_POOL_STATE
@ TEST_QUERY_PREALLOCATED_POOL_STATE
Definition RequestStructures.h:314
KdSendTestQueryPacketToDebuggee
BOOLEAN KdSendTestQueryPacketToDebuggee(DEBUGGER_TEST_QUERY_STATE Type)
Send a test query request to the debuggee.
Definition kd.cpp:425
g_IsSerialConnectedToRemoteDebuggee
BOOLEAN g_IsSerialConnectedToRemoteDebuggee
Shows if the debugger was connected to remote debuggee over (A remote guest)
Definition globals.h:231

◆ CommandTestQueryState()

VOID CommandTestQueryState ( )

test command for query the state

Returns
VOID
200{
201 if (!g_IsSerialConnectedToRemoteDebuggee)
202 {
203 ShowMessages("err, query state of the debuggee is only possible when you connected "
204 "in debugger mode\n");
205 return;
206 }
207
208 //
209 // Send the query to the debuggee
210 //
211 KdSendTestQueryPacketToDebuggee(TEST_QUERY_HALTING_CORE_STATUS);
212}
TEST_QUERY_HALTING_CORE_STATUS
@ TEST_QUERY_HALTING_CORE_STATUS
Definition RequestStructures.h:313

◆ CommandTestQueryTrapState()

VOID CommandTestQueryTrapState ( )

test command for query the trap state

Returns
VOID
221{
222 if (!g_IsSerialConnectedToRemoteDebuggee)
223 {
224 ShowMessages("err, query state of the debuggee is only possible when you connected "
225 "in debugger mode\n");
226 return;
227 }
228
229 //
230 // Send the query to the debuggee
231 //
232 KdSendTestQueryPacketToDebuggee(TEST_QUERY_TRAP_STATE);
233}
TEST_QUERY_TRAP_STATE
@ TEST_QUERY_TRAP_STATE
Definition RequestStructures.h:315

◆ CommandTestSetBreakpointState()

VOID CommandTestSetBreakpointState ( BOOLEAN State)

test command for turning on/off the breakpoints (#DB)

Parameters
State
Returns
VOID
307{
308 if (!g_IsSerialConnectedToRemoteDebuggee)
309 {
310 ShowMessages("err, query state of the debuggee is only possible when you connected "
311 "in debugger mode\n");
312 return;
313 }
314
315 //
316 // Send the breakpoint settings to the debuggee
317 //
318 if (State)
319 {
320 KdSendTestQueryPacketToDebuggee(TEST_BREAKPOINT_TURN_ON_BPS);
321 }
322 else
323 {
324 KdSendTestQueryPacketToDebuggee(TEST_BREAKPOINT_TURN_OFF_BPS);
325 }
326}
TEST_BREAKPOINT_TURN_OFF_BPS
@ TEST_BREAKPOINT_TURN_OFF_BPS
Definition RequestStructures.h:316
TEST_BREAKPOINT_TURN_ON_BPS
@ TEST_BREAKPOINT_TURN_ON_BPS
Definition RequestStructures.h:317

◆ CommandTestSetDebugBreakState()

VOID CommandTestSetDebugBreakState ( BOOLEAN State)

test command for turning on/off the debug breaks (#DB)

Parameters
State
Returns
VOID
335{
336 if (!g_IsSerialConnectedToRemoteDebuggee)
337 {
338 ShowMessages("err, query state of the debuggee is only possible when you connected "
339 "in debugger mode\n");
340 return;
341 }
342
343 //
344 // Send the debug break settings to the debuggee
345 //
346 if (State)
347 {
348 KdSendTestQueryPacketToDebuggee(TEST_BREAKPOINT_TURN_ON_DBS);
349 }
350 else
351 {
352 KdSendTestQueryPacketToDebuggee(TEST_BREAKPOINT_TURN_OFF_DBS);
353 }
354}
TEST_BREAKPOINT_TURN_OFF_DBS
@ TEST_BREAKPOINT_TURN_OFF_DBS
Definition RequestStructures.h:323
TEST_BREAKPOINT_TURN_ON_DBS
@ TEST_BREAKPOINT_TURN_ON_DBS
Definition RequestStructures.h:324

◆ CommandTestSetTargetTaskToHaltedCores()

VOID CommandTestSetTargetTaskToHaltedCores ( BOOLEAN Synchronous)

test command for setting target tasks to halted cores

Parameters
Synchronous
Returns
VOID
264{
265 if (!g_IsSerialConnectedToRemoteDebuggee)
266 {
267 ShowMessages("err, query state of the debuggee is only possible when you connected "
268 "in debugger mode\n");
269 return;
270 }
271
272 //
273 // Send the target tasks to the halted cores
274 //
275 KdSendTestQueryPacketToDebuggee(Synchronous ? TEST_SETTING_TARGET_TASKS_ON_HALTED_CORES_SYNCHRONOUS : TEST_SETTING_TARGET_TASKS_ON_HALTED_CORES_ASYNCHRONOUS);
276}
TEST_SETTING_TARGET_TASKS_ON_HALTED_CORES_ASYNCHRONOUS
@ TEST_SETTING_TARGET_TASKS_ON_HALTED_CORES_ASYNCHRONOUS
Definition RequestStructures.h:321
TEST_SETTING_TARGET_TASKS_ON_HALTED_CORES_SYNCHRONOUS
@ TEST_SETTING_TARGET_TASKS_ON_HALTED_CORES_SYNCHRONOUS
Definition RequestStructures.h:320

◆ CommandTestSetTargetTaskToTargetCore()

VOID CommandTestSetTargetTaskToTargetCore ( UINT32 CoreNumber)

test command for setting target task to the specified core

Parameters
CoreNumber
Returns
VOID
286{
287 if (!g_IsSerialConnectedToRemoteDebuggee)
288 {
289 ShowMessages("err, query state of the debuggee is only possible when you connected "
290 "in debugger mode\n");
291 return;
292 }
293
294 //
295 // Send the target task to the target halted core
296 //
297 KdSendTestQueryPacketWithContextToDebuggee(TEST_SETTING_TARGET_TASKS_ON_TARGET_HALTED_CORES, (UINT64)CoreNumber);
298}
TEST_SETTING_TARGET_TASKS_ON_TARGET_HALTED_CORES
@ TEST_SETTING_TARGET_TASKS_ON_TARGET_HALTED_CORES
Definition RequestStructures.h:322
KdSendTestQueryPacketWithContextToDebuggee
BOOLEAN KdSendTestQueryPacketWithContextToDebuggee(DEBUGGER_TEST_QUERY_STATE Type, UINT64 Context)
Send a test query request to the debuggee with the specified context.
Definition kd.cpp:460

Variable Documentation

◆ g_IsSerialConnectedToRemoteDebuggee

BOOLEAN g_IsSerialConnectedToRemoteDebuggee
extern

Shows if the debugger was connected to remote debuggee over (A remote guest)