HyperDbg Debugger
Loading...
Searching...
No Matches
Functions
tsc.cpp File Reference

!tsc commands More...

#include "pch.h"

Functions

VOID CommandTscHelp ()
 help of the !tsc command
 
VOID CommandTsc (vector< string > SplitCommand, string Command)
 handler of !tsc command
 

Detailed Description

!tsc commands

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.1
Date
2020-06-02
Copyright
This project is released under the GNU Public License v3.

Function Documentation

◆ CommandTsc()

VOID CommandTsc ( vector< string > SplitCommand,
string Command )

handler of !tsc command

Parameters
SplitCommand
Command
Returns
VOID
46{
47 PDEBUGGER_GENERAL_EVENT_DETAIL Event = NULL;
48 PDEBUGGER_GENERAL_ACTION ActionBreakToDebugger = NULL;
49 PDEBUGGER_GENERAL_ACTION ActionCustomCode = NULL;
50 PDEBUGGER_GENERAL_ACTION ActionScript = NULL;
51 UINT32 EventLength;
52 UINT32 ActionBreakToDebuggerLength = 0;
53 UINT32 ActionCustomCodeLength = 0;
54 UINT32 ActionScriptLength = 0;
55 vector<string> SplitCommandCaseSensitive {Split(Command, ' ')};
56 DEBUGGER_EVENT_PARSING_ERROR_CAUSE EventParsingErrorCause;
57
58 //
59 // Interpret and fill the general event and action fields
60 //
61 //
62 if (!InterpretGeneralEventAndActionsFields(
63 &SplitCommand,
64 &SplitCommandCaseSensitive,
65 TSC_INSTRUCTION_EXECUTION,
66 &Event,
67 &EventLength,
68 &ActionBreakToDebugger,
69 &ActionBreakToDebuggerLength,
70 &ActionCustomCode,
71 &ActionCustomCodeLength,
72 &ActionScript,
73 &ActionScriptLength,
74 &EventParsingErrorCause))
75 {
76 return;
77 }
78
79 //
80 // Check for size
81 //
82 if (SplitCommand.size() > 1)
83 {
84 ShowMessages("incorrect use of the '!tsc'\n");
85 CommandTscHelp();
86
87 FreeEventsAndActionsMemory(Event, ActionBreakToDebugger, ActionCustomCode, ActionScript);
88 return;
89 }
90
91 //
92 // Send the ioctl to the kernel for event registration
93 //
94 if (!SendEventToKernel(Event, EventLength))
95 {
96 //
97 // There was an error, probably the handle was not initialized
98 // we have to free the Action before exit, it is because, we
99 // already freed the Event and string buffers
100 //
101
102 FreeEventsAndActionsMemory(Event, ActionBreakToDebugger, ActionCustomCode, ActionScript);
103 return;
104 }
105
106 //
107 // Add the event to the kernel
108 //
109 if (!RegisterActionToEvent(Event,
110 ActionBreakToDebugger,
111 ActionBreakToDebuggerLength,
112 ActionCustomCode,
113 ActionCustomCodeLength,
114 ActionScript,
115 ActionScriptLength))
116 {
117 //
118 // There was an error
119 //
120
121 FreeEventsAndActionsMemory(Event, ActionBreakToDebugger, ActionCustomCode, ActionScript);
122 return;
123 }
124}
UINT32
unsigned int UINT32
Definition BasicTypes.h:48
Split
const vector< string > Split(const string &s, const char &c)
general split command
Definition common.cpp:117
FreeEventsAndActionsMemory
VOID FreeEventsAndActionsMemory(PDEBUGGER_GENERAL_EVENT_DETAIL Event, PDEBUGGER_GENERAL_ACTION ActionBreakToDebugger, PDEBUGGER_GENERAL_ACTION ActionCustomCode, PDEBUGGER_GENERAL_ACTION ActionScript)
Deallocate buffers relating to events and actions.
Definition debugger.cpp:2292
InterpretGeneralEventAndActionsFields
BOOLEAN InterpretGeneralEventAndActionsFields(vector< string > *SplitCommand, vector< string > *SplitCommandCaseSensitive, VMM_EVENT_TYPE_ENUM EventType, PDEBUGGER_GENERAL_EVENT_DETAIL *EventDetailsToFill, PUINT32 EventBufferLength, PDEBUGGER_GENERAL_ACTION *ActionDetailsToFillBreakToDebugger, PUINT32 ActionBufferLengthBreakToDebugger, PDEBUGGER_GENERAL_ACTION *ActionDetailsToFillCustomCode, PUINT32 ActionBufferLengthCustomCode, PDEBUGGER_GENERAL_ACTION *ActionDetailsToFillScript, PUINT32 ActionBufferLengthScript, PDEBUGGER_EVENT_PARSING_ERROR_CAUSE ReasonForErrorInParsing)
Interpret general event fields.
Definition debugger.cpp:2342
SendEventToKernel
BOOLEAN SendEventToKernel(PDEBUGGER_GENERAL_EVENT_DETAIL Event, UINT32 EventBufferLength)
Register the event to the kernel.
Definition debugger.cpp:1969
RegisterActionToEvent
BOOLEAN RegisterActionToEvent(PDEBUGGER_GENERAL_EVENT_DETAIL Event, PDEBUGGER_GENERAL_ACTION ActionBreakToDebugger, UINT32 ActionBreakToDebuggerLength, PDEBUGGER_GENERAL_ACTION ActionCustomCode, UINT32 ActionCustomCodeLength, PDEBUGGER_GENERAL_ACTION ActionScript, UINT32 ActionScriptLength)
Register the action to the event.
Definition debugger.cpp:2086
TSC_INSTRUCTION_EXECUTION
@ TSC_INSTRUCTION_EXECUTION
Definition Events.h:151
DEBUGGER_EVENT_PARSING_ERROR_CAUSE
enum _DEBUGGER_EVENT_PARSING_ERROR_CAUSE DEBUGGER_EVENT_PARSING_ERROR_CAUSE
Reason for error in parsing commands.
ShowMessages
VOID ShowMessages(const char *Fmt,...)
Show messages.
Definition libhyperdbg.cpp:96
test-case-generator.NULL
NULL()
Definition test-case-generator.py:530
_DEBUGGER_GENERAL_ACTION
Each event can have multiple actions.
Definition Events.h:406
_DEBUGGER_GENERAL_EVENT_DETAIL
Each command is like the following struct, it also used for tracing works in user mode and sending it...
Definition Events.h:350
CommandTscHelp
VOID CommandTscHelp()
help of the !tsc command
Definition tsc.cpp:20

◆ CommandTscHelp()

VOID CommandTscHelp ( )

help of the !tsc command

Returns
VOID
21{
22 ShowMessages("!tsc : monitors execution of rdtsc/rdtscp instructions.\n\n");
23
24 ShowMessages("syntax : \t!tsc [pid ProcessId (hex)] [core CoreId (hex)] [imm IsImmediate (yesno)] "
25 "[sc EnableShortCircuiting (onoff)] [stage CallingStage (prepostall)] [buffer PreAllocatedBuffer (hex)] "
26 "[script { Script (string) }] [asm condition { Condition (assembly/hex) }] [asm code { Code (assembly/hex) }] "
27 "[output {OutputName (string)}]\n");
28
29 ShowMessages("\n");
30 ShowMessages("\t\te.g : !tsc\n");
31 ShowMessages("\t\te.g : !tsc pid 400\n");
32 ShowMessages("\t\te.g : !tsc core 2 pid 400\n");
33 ShowMessages("\t\te.g : !tsc script { printf(\"RDTSC/P instruction called at: %%llx\\n\", @rip); }\n");
34 ShowMessages("\t\te.g : !tsc asm code { nop; nop; nop }\n");
35}