HyperDbg Debugger
Loading...
Searching...
No Matches
Functions | Variables
va2pa.cpp File Reference

!va2pa command More...

#include "pch.h"

Functions

VOID CommandVa2paHelp ()
 help of the !va2pa command
 
VOID CommandVa2pa (vector< string > SplitCommand, string Command)
 !va2pa command handler
 

Variables

BOOLEAN g_IsSerialConnectedToRemoteDebuggee
 Shows if the debugger was connected to remote debuggee over (A remote guest)
 
ACTIVE_DEBUGGING_PROCESS g_ActiveProcessDebuggingState
 State of active debugging thread.
 

Detailed Description

!va2pa command

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.1
Date
2020-07-16
Copyright
This project is released under the GNU Public License v3.

Function Documentation

◆ CommandVa2pa()

VOID CommandVa2pa ( vector< string > SplitCommand,
string Command )

!va2pa command handler

Parameters
SplitCommand
Command
Returns
VOID
50{
51 BOOL Status;
52 ULONG ReturnedLength;
53 UINT64 TargetVa;
54 UINT32 Pid = 0;
55 DEBUGGER_VA2PA_AND_PA2VA_COMMANDS AddressDetails = {0};
56 vector<string> SplitCommandCaseSensitive {Split(Command, ' ')};
57
58 if (SplitCommand.size() == 1 || SplitCommand.size() >= 5 ||
59 SplitCommand.size() == 3)
60 {
61 ShowMessages("incorrect use of the '!va2pa'\n\n");
62 CommandVa2paHelp();
63 return;
64 }
65
66 //
67 // By default if the user-debugger is active, we use these commands
68 // on the memory layout of the debuggee process
69 //
70 if (g_ActiveProcessDebuggingState.IsActive)
71 {
72 Pid = g_ActiveProcessDebuggingState.ProcessId;
73 }
74
75 if (SplitCommand.size() == 2)
76 {
77 //
78 // It's just an address for current process
79 //
80 if (!SymbolConvertNameOrExprToAddress(SplitCommandCaseSensitive.at(1), &TargetVa))
81 {
82 //
83 // Couldn't resolve or unknown parameter
84 //
85 ShowMessages("err, couldn't resolve error at '%s'\n",
86 SplitCommandCaseSensitive.at(1).c_str());
87 return;
88 }
89 }
90 else
91 {
92 //
93 // It might be address + pid
94 //
95 if (!SplitCommand.at(1).compare("pid"))
96 {
97 if (!ConvertStringToUInt32(SplitCommand.at(2), &Pid))
98 {
99 ShowMessages("incorrect address, please enter a valid process id\n");
100 return;
101 }
102
103 if (!SymbolConvertNameOrExprToAddress(SplitCommandCaseSensitive.at(3), &TargetVa))
104 {
105 //
106 // Couldn't resolve or unknown parameter
107 //
108 ShowMessages("err, couldn't resolve error at '%s'\n",
109 SplitCommandCaseSensitive.at(3).c_str());
110 return;
111 }
112 }
113 else if (!SplitCommand.at(2).compare("pid"))
114 {
115 if (!SymbolConvertNameOrExprToAddress(SplitCommandCaseSensitive.at(1), &TargetVa))
116 {
117 //
118 // Couldn't resolve or unknown parameter
119 //
120 ShowMessages("err, couldn't resolve error at '%s'\n",
121 SplitCommandCaseSensitive.at(1).c_str());
122 return;
123 }
124
125 if (!ConvertStringToUInt32(SplitCommand.at(3), &Pid))
126 {
127 ShowMessages("incorrect address, please enter a valid process id\n");
128 return;
129 }
130 }
131 else
132 {
133 ShowMessages("incorrect use of the '!va2pa'\n\n");
134 CommandVa2paHelp();
135 return;
136 }
137 }
138
139 //
140 // Prepare the buffer
141 // We use same buffer for input and output
142 //
143 AddressDetails.VirtualAddress = TargetVa;
144 AddressDetails.ProcessId = Pid; // null in debugger mode
145 AddressDetails.IsVirtual2Physical = TRUE;
146
147 if (g_IsSerialConnectedToRemoteDebuggee)
148 {
149 //
150 // Check to prevent using process id in !va2pa command
151 //
152 if (Pid != 0)
153 {
154 ShowMessages(ASSERT_MESSAGE_CANNOT_SPECIFY_PID);
155 return;
156 }
157
158 //
159 // Send the request over serial kernel debugger
160 //
161
162 KdSendVa2paAndPa2vaPacketToDebuggee(&AddressDetails);
163 }
164 else
165 {
166 AssertShowMessageReturnStmt(g_DeviceHandle, ASSERT_MESSAGE_DRIVER_NOT_LOADED, AssertReturn);
167
168 if (Pid == 0)
169 {
170 Pid = GetCurrentProcessId();
171 AddressDetails.ProcessId = Pid;
172 }
173
174 //
175 // Send IOCTL
176 //
177 Status = DeviceIoControl(
178 g_DeviceHandle, // Handle to device
179 IOCTL_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS, // IO Control Code (IOCTL)
180 &AddressDetails, // Input Buffer to driver.
181 SIZEOF_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS, // Input buffer length
182 &AddressDetails, // Output Buffer from driver.
183 SIZEOF_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS, // Length of output
184 // buffer in bytes.
185 &ReturnedLength, // Bytes placed in buffer.
186 NULL // synchronous call
187 );
188
189 if (!Status)
190 {
191 ShowMessages("ioctl failed with code 0x%x\n", GetLastError());
192 return;
193 }
194
195 if (AddressDetails.KernelStatus == DEBUGGER_OPERATION_WAS_SUCCESSFUL)
196 {
197 //
198 // Show the results
199 //
200 ShowMessages("%llx\n", AddressDetails.PhysicalAddress);
201 }
202 else
203 {
204 //
205 // An err occurred, no results
206 //
207 ShowErrorMessage(AddressDetails.KernelStatus);
208 }
209 }
210}
BOOL
int BOOL
Definition BasicTypes.h:23
TRUE
#define TRUE
Definition BasicTypes.h:55
UINT64
unsigned __int64 UINT64
Definition BasicTypes.h:21
UINT32
unsigned int UINT32
Definition BasicTypes.h:48
ULONG
unsigned long ULONG
Definition BasicTypes.h:37
DEBUGGER_OPERATION_WAS_SUCCESSFUL
#define DEBUGGER_OPERATION_WAS_SUCCESSFUL
General value to indicate that the operation or request was successful.
Definition ErrorCodes.h:23
IOCTL_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS
#define IOCTL_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS
ioctl, for !va2pa and !pa2va commands
Definition Ioctls.h:127
SIZEOF_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS
#define SIZEOF_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS
Definition RequestStructures.h:46
Split
const vector< string > Split(const string &s, const char &c)
general split command
Definition common.cpp:117
ConvertStringToUInt32
BOOLEAN ConvertStringToUInt32(string TextToConvert, PUINT32 Result)
check and convert string to a 32 bit unsigned it and also check for special notations like 0x etc.
Definition common.cpp:347
ShowErrorMessage
BOOLEAN ShowErrorMessage(UINT32 Error)
shows the error message
Definition debugger.cpp:38
KdSendVa2paAndPa2vaPacketToDebuggee
BOOLEAN KdSendVa2paAndPa2vaPacketToDebuggee(PDEBUGGER_VA2PA_AND_PA2VA_COMMANDS Va2paAndPa2vaPacket)
Sends VA2PA and PA2VA packest, or '!va2pa' and '!pa2va' commands packet to the debuggee.
Definition kd.cpp:965
AssertShowMessageReturnStmt
#define AssertShowMessageReturnStmt(expr, message, rc)
Definition common.h:51
ASSERT_MESSAGE_CANNOT_SPECIFY_PID
#define ASSERT_MESSAGE_CANNOT_SPECIFY_PID
Definition common.h:31
AssertReturn
#define AssertReturn
Definition common.h:19
ASSERT_MESSAGE_DRIVER_NOT_LOADED
#define ASSERT_MESSAGE_DRIVER_NOT_LOADED
Definition common.h:25
g_DeviceHandle
HANDLE g_DeviceHandle
Holds the global handle of device which is used to send the request to the kernel by IOCTL,...
Definition globals.h:471
ShowMessages
VOID ShowMessages(const char *Fmt,...)
Show messages.
Definition libhyperdbg.cpp:96
_ACTIVE_DEBUGGING_PROCESS::ProcessId
UINT32 ProcessId
Definition ud.h:51
_ACTIVE_DEBUGGING_PROCESS::IsActive
BOOLEAN IsActive
Definition ud.h:49
_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS
requests for !va2pa and !pa2va commands
Definition RequestStructures.h:54
_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS::IsVirtual2Physical
BOOLEAN IsVirtual2Physical
Definition RequestStructures.h:58
_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS::KernelStatus
UINT32 KernelStatus
Definition RequestStructures.h:59
_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS::PhysicalAddress
UINT64 PhysicalAddress
Definition RequestStructures.h:56
_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS::ProcessId
UINT32 ProcessId
Definition RequestStructures.h:57
_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS::VirtualAddress
UINT64 VirtualAddress
Definition RequestStructures.h:55
SymbolConvertNameOrExprToAddress
BOOLEAN SymbolConvertNameOrExprToAddress(const string &TextToConvert, PUINT64 Result)
check and convert string to a 64 bit unsigned integer and also check for symbol object names and eval...
Definition symbol.cpp:360
g_IsSerialConnectedToRemoteDebuggee
BOOLEAN g_IsSerialConnectedToRemoteDebuggee
Shows if the debugger was connected to remote debuggee over (A remote guest)
Definition globals.h:231
g_ActiveProcessDebuggingState
ACTIVE_DEBUGGING_PROCESS g_ActiveProcessDebuggingState
State of active debugging thread.
Definition globals.h:362
CommandVa2paHelp
VOID CommandVa2paHelp()
help of the !va2pa command
Definition va2pa.cpp:26

◆ CommandVa2paHelp()

VOID CommandVa2paHelp ( )

help of the !va2pa command

Returns
VOID
27{
28 ShowMessages("!va2pa : converts virtual address to physical address.\n\n");
29
30 ShowMessages("syntax : \t!va2pa [VirtualAddress (hex)] [pid ProcessId (hex)]\n");
31
32 ShowMessages("\n");
33 ShowMessages("\t\te.g : !va2pa nt!ExAllocatePoolWithTag\n");
34 ShowMessages("\t\te.g : !va2pa nt!ExAllocatePoolWithTag+5\n");
35 ShowMessages("\t\te.g : !va2pa @rcx\n");
36 ShowMessages("\t\te.g : !va2pa @rcx+5\n");
37 ShowMessages("\t\te.g : !va2pa fffff801deadbeef\n");
38 ShowMessages("\t\te.g : !va2pa fffff801deadbeef pid 0xc8\n");
39}

Variable Documentation

◆ g_ActiveProcessDebuggingState

ACTIVE_DEBUGGING_PROCESS g_ActiveProcessDebuggingState
extern

State of active debugging thread.

362{0};

◆ g_IsSerialConnectedToRemoteDebuggee

BOOLEAN g_IsSerialConnectedToRemoteDebuggee
extern

Shows if the debugger was connected to remote debuggee over (A remote guest)