HyperDbg Debugger
Loading...
Searching...
No Matches
xsetbv.cpp File Reference

!xsetbv command More...

#include "pch.h"

Functions

VOID CommandXsetbvHelp ()
 help of the !xsetbv command
VOID CommandXsetbv (vector< CommandToken > CommandTokens, string Command)
 !xsetbv command handler

Detailed Description

!xsetbv command

Author
unrustled.jimmies

This command

Version
0.16
Date
2025-08-20

Function Documentation

◆ CommandXsetbv()

VOID CommandXsetbv ( vector< CommandToken > CommandTokens,
string Command )

!xsetbv command handler

Parameters
CommandTokens
Command
Returns
VOID
48{
50 PDEBUGGER_GENERAL_ACTION ActionBreakToDebugger = NULL;
51 PDEBUGGER_GENERAL_ACTION ActionCustomCode = NULL;
52 PDEBUGGER_GENERAL_ACTION ActionScript = NULL;
53 BOOLEAN GetXcr = FALSE;
54 UINT32 EventLength;
55 UINT64 SpecialTarget = 0;
56 UINT32 ActionBreakToDebuggerLength = 0;
57 UINT32 ActionCustomCodeLength = 0;
58 UINT32 ActionScriptLength = 0;
59 DEBUGGER_EVENT_PARSING_ERROR_CAUSE EventParsingErrorCause;
60
61 //
62 // Interpret and fill the general event and action fields
63 //
65 &CommandTokens,
67 &Event,
68 &EventLength,
69 &ActionBreakToDebugger,
70 &ActionBreakToDebuggerLength,
71 &ActionCustomCode,
72 &ActionCustomCodeLength,
73 &ActionScript,
74 &ActionScriptLength,
75 &EventParsingErrorCause))
76 {
77 return;
78 }
79
80 //
81 // Interpret command specific details (if any), of XCR index
82 //
83 for (auto Section : CommandTokens)
84 {
85 if (CompareLowerCaseStrings(Section, "!xsetbv"))
86 {
87 continue;
88 }
89 else if (!GetXcr)
90 {
91 //
92 // It's probably an XCR index
93 //
94 if (!ConvertTokenToUInt64(Section, &SpecialTarget))
95 {
96 //
97 // Unknown parameter
98 //
99 ShowMessages("unknown parameter '%s'\n\n",
102
103 FreeEventsAndActionsMemory(Event, ActionBreakToDebugger, ActionCustomCode, ActionScript);
104 return;
105 }
106 else
107 {
108 //
109 // A special XCR is set
110 //
111 GetXcr = TRUE;
112 }
113 }
114 else
115 {
116 //
117 // Unknown parameter
118 //
119 ShowMessages("unknown parameter '%s'\n\n",
121
123
124 FreeEventsAndActionsMemory(Event, ActionBreakToDebugger, ActionCustomCode, ActionScript);
125 return;
126 }
127 }
128
129 //
130 // Set the target XCR (if not specific then it means all XCRs)
131 //
132 Event->Options.OptionalParam1 = GetXcr;
133
134 if (GetXcr)
135 {
136 Event->Options.OptionalParam2 = SpecialTarget;
137 }
138
139 //
140 // Send the ioctl to the kernel for event registration
141 //
142 if (!SendEventToKernel(Event, EventLength))
143 {
144 //
145 // There was an error, probably the handle was not initialized
146 // we have to free the Action before exit, it is because, we
147 // already freed the Event and string buffers
148 //
149
150 FreeEventsAndActionsMemory(Event, ActionBreakToDebugger, ActionCustomCode, ActionScript);
151 return;
152 }
153
154 //
155 // Add the event to the kernel
156 //
157 if (!RegisterActionToEvent(Event,
158 ActionBreakToDebugger,
159 ActionBreakToDebuggerLength,
160 ActionCustomCode,
161 ActionCustomCodeLength,
162 ActionScript,
163 ActionScriptLength))
164 {
165 //
166 // There was an error
167 //
168 FreeEventsAndActionsMemory(Event, ActionBreakToDebugger, ActionCustomCode, ActionScript);
169 return;
170 }
171}
UCHAR BOOLEAN
Definition BasicTypes.h:35
#define TRUE
Definition BasicTypes.h:114
#define FALSE
Definition BasicTypes.h:113
unsigned int UINT32
Definition BasicTypes.h:54
@ XSETBV_INSTRUCTION_EXECUTION
Definition Events.h:175
struct _DEBUGGER_GENERAL_EVENT_DETAIL * PDEBUGGER_GENERAL_EVENT_DETAIL
struct _DEBUGGER_GENERAL_ACTION * PDEBUGGER_GENERAL_ACTION
std::string GetCaseSensitiveStringFromCommandToken(CommandToken TargetToken)
Get case sensitive string from command token.
Definition common.cpp:467
BOOLEAN CompareLowerCaseStrings(CommandToken TargetToken, const CHAR *StringToCompare)
Compare lower case strings.
Definition common.cpp:503
BOOLEAN ConvertTokenToUInt64(CommandToken TargetToken, PUINT64 Result)
add ` between 64 bit values and convert them to string
Definition common.cpp:447
VOID FreeEventsAndActionsMemory(PDEBUGGER_GENERAL_EVENT_DETAIL Event, PDEBUGGER_GENERAL_ACTION ActionBreakToDebugger, PDEBUGGER_GENERAL_ACTION ActionCustomCode, PDEBUGGER_GENERAL_ACTION ActionScript)
Deallocate buffers relating to events and actions.
Definition debugger.cpp:1688
BOOLEAN InterpretGeneralEventAndActionsFields(vector< CommandToken > *CommandTokens, VMM_EVENT_TYPE_ENUM EventType, PDEBUGGER_GENERAL_EVENT_DETAIL *EventDetailsToFill, PUINT32 EventBufferLength, PDEBUGGER_GENERAL_ACTION *ActionDetailsToFillBreakToDebugger, PUINT32 ActionBufferLengthBreakToDebugger, PDEBUGGER_GENERAL_ACTION *ActionDetailsToFillCustomCode, PUINT32 ActionBufferLengthCustomCode, PDEBUGGER_GENERAL_ACTION *ActionDetailsToFillScript, PUINT32 ActionBufferLengthScript, PDEBUGGER_EVENT_PARSING_ERROR_CAUSE ReasonForErrorInParsing)
Interpret general event fields.
Definition debugger.cpp:1736
BOOLEAN SendEventToKernel(PDEBUGGER_GENERAL_EVENT_DETAIL Event, UINT32 EventBufferLength)
Register the event to the kernel.
Definition debugger.cpp:1367
BOOLEAN RegisterActionToEvent(PDEBUGGER_GENERAL_EVENT_DETAIL Event, PDEBUGGER_GENERAL_ACTION ActionBreakToDebugger, UINT32 ActionBreakToDebuggerLength, PDEBUGGER_GENERAL_ACTION ActionCustomCode, UINT32 ActionCustomCodeLength, PDEBUGGER_GENERAL_ACTION ActionScript, UINT32 ActionScriptLength)
Register the action to the event.
Definition debugger.cpp:1483
enum _DEBUGGER_EVENT_PARSING_ERROR_CAUSE DEBUGGER_EVENT_PARSING_ERROR_CAUSE
Reason for error in parsing commands.
NULL()
Definition test-case-generator.py:530
UINT64 OptionalParam2
Definition Events.h:278
UINT64 OptionalParam1
Definition Events.h:277
DEBUGGER_EVENT_OPTIONS Options
Definition Events.h:396
VOID CommandXsetbvHelp()
help of the !xsetbv command
Definition xsetbv.cpp:20

◆ CommandXsetbvHelp()

VOID CommandXsetbvHelp ( )

help of the !xsetbv command

Returns
VOID
21{
22 ShowMessages("!xsetbv : monitors execution of xsetbv instructions.\n\n");
23
24 ShowMessages("syntax : \t!xsetbv [Xcr (hex)] [pid ProcessId (hex)] [core CoreId (hex)] "
25 "[imm IsImmediate (yesno)] [sc EnableShortCircuiting (onoff)] [stage CallingStage (prepostall)] "
26 "[buffer PreAllocatedBuffer (hex)] [script { Script (string) }] [asm condition { Condition (assembly/hex) }] "
27 "[asm code { Code (assembly/hex) }] [output {OutputName (string)}]\n");
28
29 ShowMessages("\n");
30 ShowMessages("\t\te.g : !xsetbv\n");
31 ShowMessages("\t\te.g : !xsetbv 0\n");
32 ShowMessages("\t\te.g : !xsetbv pid 400\n");
33 ShowMessages("\t\te.g : !xsetbv core 2 pid 400\n");
34 ShowMessages("\t\te.g : !xsetbv script { printf(\"XSETBV instruction is executed with XCR index: %%llx\\n\", @rcx); }\n");
35 ShowMessages("\t\te.g : !xsetbv asm code { nop; nop; nop }\n");
36}