HyperDbg Debugger
Loading...
Searching...
No Matches
va2pa.cpp File Reference

!va2pa command More...

#include "pch.h"

Functions

VOID CommandVa2paHelp ()
 help of the !va2pa command
VOID CommandVa2pa (vector< CommandToken > CommandTokens, string Command)
 !va2pa command handler

Variables

BOOLEAN g_IsKdModuleLoaded
 shows whether the kernel debugger (KD) module is loaded or not
BOOLEAN g_IsSerialConnectedToRemoteDebuggee
 Shows if the debugger was connected to remote debuggee over (A remote guest).
ACTIVE_DEBUGGING_PROCESS g_ActiveProcessDebuggingState
 State of active debugging thread.

Detailed Description

!va2pa command

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.1
Date
2020-07-16

Function Documentation

◆ CommandVa2pa()

VOID CommandVa2pa ( vector< CommandToken > CommandTokens,
string Command )

!va2pa command handler

Parameters
CommandTokens
Command
Returns
VOID
52{
53 BOOL Status;
54 ULONG ReturnedLength;
55 UINT64 TargetVa;
56 UINT32 Pid = 0;
57 DEBUGGER_VA2PA_AND_PA2VA_COMMANDS AddressDetails = {0};
58
59 if (CommandTokens.size() == 1 || CommandTokens.size() >= 5 || CommandTokens.size() == 3)
60 {
61 ShowMessages("incorrect use of the '%s'\n\n",
62 GetCaseSensitiveStringFromCommandToken(CommandTokens.at(0)).c_str());
64 return;
65 }
66
67 //
68 // By default if the user-debugger is active, we use these commands
69 // on the memory layout of the debuggee process
70 //
72 {
73 Pid = g_ActiveProcessDebuggingState.ProcessId;
74 }
75
76 if (CommandTokens.size() == 2)
77 {
78 //
79 // It's just an address for current process
80 //
82 {
83 //
84 // Couldn't resolve or unknown parameter
85 //
86 ShowMessages("err, couldn't resolve error at '%s'\n",
87 GetCaseSensitiveStringFromCommandToken(CommandTokens.at(1)).c_str());
88 return;
89 }
90 }
91 else
92 {
93 //
94 // It might be address + pid
95 //
96 if (CompareLowerCaseStrings(CommandTokens.at(1), "pid"))
97 {
98 if (!ConvertTokenToUInt32(CommandTokens.at(2), &Pid))
99 {
100 ShowMessages("incorrect address, please enter a valid process id\n");
101 return;
102 }
103
105 {
106 //
107 // Couldn't resolve or unknown parameter
108 //
109 ShowMessages("err, couldn't resolve error at '%s'\n",
110 GetCaseSensitiveStringFromCommandToken(CommandTokens.at(3)).c_str());
111 return;
112 }
113 }
114 else if (CompareLowerCaseStrings(CommandTokens.at(2), "pid"))
115 {
117 {
118 //
119 // Couldn't resolve or unknown parameter
120 //
121 ShowMessages("err, couldn't resolve error at '%s'\n",
122 GetCaseSensitiveStringFromCommandToken(CommandTokens.at(1)).c_str());
123 return;
124 }
125
126 if (!ConvertTokenToUInt32(CommandTokens.at(3), &Pid))
127 {
128 ShowMessages("incorrect address, please enter a valid process id\n");
129 return;
130 }
131 }
132 else
133 {
134 ShowMessages("incorrect use of the '%s'\n\n",
135 GetCaseSensitiveStringFromCommandToken(CommandTokens.at(0)).c_str());
137 return;
138 }
139 }
140
141 //
142 // Prepare the buffer
143 // We use same buffer for input and output
144 //
145 AddressDetails.VirtualAddress = TargetVa;
146 AddressDetails.ProcessId = Pid; // null in debugger mode
147 AddressDetails.IsVirtual2Physical = TRUE;
148
150 {
151 //
152 // Check to prevent using process id in !va2pa command
153 //
154 if (Pid != 0)
155 {
157 return;
158 }
159
160 //
161 // Send the request over serial kernel debugger
162 //
163
165 }
166 else
167 {
169
170 if (Pid == 0)
171 {
172 Pid = GetCurrentProcessId();
173 AddressDetails.ProcessId = Pid;
174 }
175
176 //
177 // Send IOCTL
178 //
179 Status = DeviceIoControl(
180 g_DeviceHandle, // Handle to device
181 IOCTL_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS, // IO Control Code (IOCTL)
182 &AddressDetails, // Input Buffer to driver.
183 SIZEOF_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS, // Input buffer length
184 &AddressDetails, // Output Buffer from driver.
186 // buffer in bytes.
187 &ReturnedLength, // Bytes placed in buffer.
188 NULL // synchronous call
189 );
190
191 if (!Status)
192 {
193 ShowMessages("ioctl failed with code 0x%x\n", GetLastError());
194 return;
195 }
196
198 {
199 //
200 // Show the results
201 //
202 ShowMessages("%llx\n", AddressDetails.PhysicalAddress);
203 }
204 else
205 {
206 //
207 // An err occurred, no results
208 //
209 ShowErrorMessage(AddressDetails.KernelStatus);
210 }
211 }
212}
BOOLEAN g_IsSerialConnectedToRemoteDebuggee
Shows if the debugger was connected to remote debuggee over (A remote guest).
Definition globals.h:253
ACTIVE_DEBUGGING_PROCESS g_ActiveProcessDebuggingState
State of active debugging thread.
Definition globals.h:372
int BOOL
Definition BasicTypes.h:25
#define TRUE
Definition BasicTypes.h:114
unsigned int UINT32
Definition BasicTypes.h:54
unsigned long ULONG
Definition BasicTypes.h:31
#define DEBUGGER_OPERATION_WAS_SUCCESSFUL
General value to indicate that the operation or request was successful.
Definition ErrorCodes.h:23
#define IOCTL_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS
ioctl, for !va2pa and !pa2va commands
Definition Ioctls.h:185
#define SIZEOF_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS
Definition RequestStructures.h:77
struct _DEBUGGER_VA2PA_AND_PA2VA_COMMANDS DEBUGGER_VA2PA_AND_PA2VA_COMMANDS
requests for !va2pa and !pa2va commands
std::string GetCaseSensitiveStringFromCommandToken(CommandToken TargetToken)
Get case sensitive string from command token.
Definition common.cpp:467
BOOLEAN CompareLowerCaseStrings(CommandToken TargetToken, const CHAR *StringToCompare)
Compare lower case strings.
Definition common.cpp:503
BOOLEAN ConvertTokenToUInt32(CommandToken TargetToken, PUINT32 Result)
check and convert command token to a 32 bit unsigned integer
Definition common.cpp:546
BOOLEAN ShowErrorMessage(UINT32 Error)
shows the error message
Definition debugger.cpp:40
BOOLEAN KdSendVa2paAndPa2vaPacketToDebuggee(PDEBUGGER_VA2PA_AND_PA2VA_COMMANDS Va2paAndPa2vaPacket)
Sends VA2PA and PA2VA packest, or '!va2pa' and '!pa2va' commands packet to the debuggee.
Definition kd.cpp:965
#define ASSERT_MESSAGE_KD_NOT_LOADED
Definition common.h:29
#define ASSERT_MESSAGE_CANNOT_SPECIFY_PID
Definition common.h:39
#define AssertShowMessageReturnStmt(expr1, expr2, message1, message2, rc)
Definition common.h:59
#define AssertReturn
Definition common.h:19
#define ASSERT_MESSAGE_DRIVER_NOT_LOADED
Definition common.h:27
HANDLE g_DeviceHandle
Holds the global handle of device which is used to send the request to the kernel by IOCTL,...
Definition globals.h:481
BOOLEAN g_IsKdModuleLoaded
shows whether the kernel debugger (KD) module is loaded or not
Definition globals.h:22
BOOLEAN IsVirtual2Physical
Definition RequestStructures.h:89
UINT32 KernelStatus
Definition RequestStructures.h:90
UINT64 PhysicalAddress
Definition RequestStructures.h:87
UINT32 ProcessId
Definition RequestStructures.h:88
UINT64 VirtualAddress
Definition RequestStructures.h:86
BOOLEAN SymbolConvertNameOrExprToAddress(const string &TextToConvert, PUINT64 Result)
check and convert string to a 64 bit unsigned integer and also check for symbol object names and eval...
Definition symbol.cpp:359
VOID CommandVa2paHelp()
help of the !va2pa command
Definition va2pa.cpp:27

◆ CommandVa2paHelp()

VOID CommandVa2paHelp ( )

help of the !va2pa command

Returns
VOID
28{
29 ShowMessages("!va2pa : converts virtual address to physical address.\n\n");
30
31 ShowMessages("syntax : \t!va2pa [VirtualAddress (hex)] [pid ProcessId (hex)]\n");
32
33 ShowMessages("\n");
34 ShowMessages("\t\te.g : !va2pa nt!ExAllocatePoolWithTag\n");
35 ShowMessages("\t\te.g : !va2pa nt!ExAllocatePoolWithTag+5\n");
36 ShowMessages("\t\te.g : !va2pa @rcx\n");
37 ShowMessages("\t\te.g : !va2pa @rcx+5\n");
38 ShowMessages("\t\te.g : !va2pa fffff801deadbeef\n");
39 ShowMessages("\t\te.g : !va2pa fffff801deadbeef pid 0xc8\n");
40}

Variable Documentation

◆ g_ActiveProcessDebuggingState

ACTIVE_DEBUGGING_PROCESS g_ActiveProcessDebuggingState
extern

State of active debugging thread.

372{0};

◆ g_IsKdModuleLoaded

BOOLEAN g_IsKdModuleLoaded
extern

shows whether the kernel debugger (KD) module is loaded or not

◆ g_IsSerialConnectedToRemoteDebuggee

BOOLEAN g_IsSerialConnectedToRemoteDebuggee
extern

Shows if the debugger was connected to remote debuggee over (A remote guest).