Documentation
¶
Index ¶
- Constants
- Variables
- type DEBUGGER_DT_COMMAND_OPTIONS
- type DEBUGGER_EDIT_MEMORY_TYPE
- type DEBUGGER_READ_MEMORY
- type DEBUGGER_READ_MEMORY_ADDRESS_MODE
- type DEBUGGER_READ_MEMORY_TYPE
- type DEBUGGER_READ_READING_TYPE
- type DEBUGGER_SHOW_MEMORY_STYLE
- type Debugger
- func (Debugger) Assemble(assembly_code string, start_address uint64, ...) bool
- func (Debugger) AssembleGetLength(assembly_code string, start_address uint64, length uint32) bool
- func (Debugger) CheckMultilineCommand(current_command string, reset bool) bool
- func (Debugger) ConnectLocalDebugger()
- func (Debugger) ConnectRemoteDebugger(ip string, port string) string
- func (Debugger) Continue()
- func (Debugger) ContinuePreviousCommand() bool
- func (Debugger) CpuReadVendorString() string
- func (Debugger) DebugCloseRemoteDebugger() bool
- func (Debugger) DebugCurrentDeviceUsingComPort(port_name string, baudrate uint32) bool
- func (Debugger) DebugRemoteDeviceUsingComPort(port_name string, baudrate uint32, pause_after_connection bool) bool
- func (Debugger) DebugRemoteDeviceUsingNamedPipe(named_pipe string, pause_after_connection bool) bool
- func (Debugger) DebuggerGetKernelBase() uint64
- func (Debugger) DisableTransparentMode() bool
- func (Debugger) EnableTransparentMode(ProcessId uint32, ProcessName string, IsProcessId bool) bool
- func (Debugger) GetIdtEntry(idt_packet INTERRUPT_DESCRIPTOR_TABLE_ENTRIES_PACKETS) bool
- func (Debugger) GetIoApic(io_apic IO_APIC_ENTRY_PACKETS) bool
- func (Debugger) GetLocalApic(local_apic PLAPIC_PAGE, is_using_x2apic bool) bool
- func (Debugger) HwdbgScriptRunScript(script string, instance_filepath_to_read string, ...) bool
- func (Debugger) InstallVmmDriver() string
- func (Debugger) LoadVmmModule() string
- func (Debugger) Pause()
- func (Debugger) ReadAllRegisters(guest_registers GUEST_REGS, extra_registers GUEST_EXTRA_REGISTERS) bool
- func (Debugger) ReadMemory(target_address uint64, memory_type DEBUGGER_READ_MEMORY_TYPE, ...) bool
- func (Debugger) ReadTargetRegister(register_id REGS_ENUM, target_register uint64) bool
- func (Debugger) RegisterShowAll() bool
- func (Debugger) RegisterShowTargetRegister(register_id REGS_ENUM) bool
- func (Debugger) RunCommand(command string) string
- func (Debugger) ScriptEngineWrapperTestParserForHwdbg(Expr string)
- func (Debugger) SetBreakPoint(address uint64, pid uint32, tid uint32, core_numer uint32)
- func (Debugger) SetCustomDriverPath(driver_file_path string, driver_name string) bool
- func (Debugger) SetupPathForFileName(filename string, file_location string, buffer_len uint32, ...) bool
- func (Debugger) ShowMemoryOrDisassemble(style DEBUGGER_SHOW_MEMORY_STYLE, address uint64, ...)
- func (Debugger) ShowSignature() string
- func (Debugger) StartProcess(path string) bool
- func (Debugger) StartProcessWithArgs(path string, arguments string) bool
- func (Debugger) SteppingInstrumentationStepIn() bool
- func (Debugger) SteppingInstrumentationStepInForTracking() bool
- func (Debugger) SteppingRegularStepIn() bool
- func (Debugger) SteppingStepOver() bool
- func (Debugger) SteppingStepOverForGu(last_instruction bool) bool
- func (Debugger) StopVmmDriver() string
- func (Debugger) TestCommandParserShowTokens(command string) string
- func (Debugger) UninstallVmmDriver() string
- func (Debugger) UnloadVmm() string
- func (Debugger) UseDefaultDriverPath()
- func (Debugger) VmxSupportDetection() bool
- func (Debugger) WriteMemory(destination_address uint64, memory_type DEBUGGER_EDIT_MEMORY_TYPE, ...) bool
- func (Debugger) WriteTargetRegister(register_id REGS_ENUM, value uint64) bool
- type GUEST_EXTRA_REGISTERS
- type GUEST_REGS
- type INTERRUPT_DESCRIPTOR_TABLE_ENTRIES_PACKETS
- type IO_APIC_ENTRY_PACKETS
- type LAPIC_PAGE
- type PLAPIC_PAGE
- type REGS_ENUM
- type Type
Constants ¶
View Source
const DefaultHyperdbgServer = "http://127.0.0.1:8888/"
View Source
const MAX_NUMBER_OF_IDT_ENTRIES = 256
View Source
const MAX_NUMBER_OF_IO_APIC_ENTRIES = 400
Variables ¶
View Source
var RegistersNames = []string{}/* 120 elements not displayed */
Functions ¶
This section is empty.
Types ¶
type DEBUGGER_EDIT_MEMORY_TYPE ¶
type DEBUGGER_EDIT_MEMORY_TYPE byte
const ( EDIT_VIRTUAL_MEMORY DEBUGGER_EDIT_MEMORY_TYPE = iota EDIT_PHYSICAL_MEMORY )
type DEBUGGER_READ_MEMORY ¶
type DEBUGGER_READ_MEMORY struct {
Pid uint32 // Read from cr3 of what process
Address uint64
Size uint32
GetAddressMode bool // Debugger sets whether the read memory is for diassembler or not
//AddressMode DEBUGGER_READ_MEMORY_ADDRESS_MODE // Debuggee sets the mode of address
MemoryType DEBUGGER_READ_MEMORY_TYPE
ReadingType DEBUGGER_READ_READING_TYPE
}
type DEBUGGER_READ_MEMORY_ADDRESS_MODE ¶
type DEBUGGER_READ_MEMORY_ADDRESS_MODE byte
const ( DEBUGGER_READ_ADDRESS_MODE_32_BIT DEBUGGER_READ_MEMORY_ADDRESS_MODE = iota DEBUGGER_READ_ADDRESS_MODE_64_BIT )
type DEBUGGER_READ_MEMORY_TYPE ¶
type DEBUGGER_READ_MEMORY_TYPE byte
const ( DEBUGGER_READ_PHYSICAL_ADDRESS DEBUGGER_READ_MEMORY_TYPE = iota DEBUGGER_READ_VIRTUAL_ADDRESS )
type DEBUGGER_READ_READING_TYPE ¶
type DEBUGGER_READ_READING_TYPE byte
const ( READ_FROM_KERNEL DEBUGGER_READ_READING_TYPE = iota READ_FROM_VMX_ROOT )
type DEBUGGER_SHOW_MEMORY_STYLE ¶
type DEBUGGER_SHOW_MEMORY_STYLE byte
const ( DEBUGGER_SHOW_COMMAND_DT DEBUGGER_SHOW_MEMORY_STYLE = iota + 1 DEBUGGER_SHOW_COMMAND_DISASSEMBLE64 DEBUGGER_SHOW_COMMAND_DISASSEMBLE32 DEBUGGER_SHOW_COMMAND_DB DEBUGGER_SHOW_COMMAND_DC DEBUGGER_SHOW_COMMAND_DQ DEBUGGER_SHOW_COMMAND_DD DEBUGGER_SHOW_COMMAND_DUMP )
type Debugger ¶
type Debugger struct{}
func (Debugger) AssembleGetLength ¶
func (Debugger) CheckMultilineCommand ¶
func (Debugger) ConnectLocalDebugger ¶
func (Debugger) ConnectLocalDebugger()
func (Debugger) ConnectRemoteDebugger ¶
func (Debugger) ContinuePreviousCommand ¶
func (Debugger) CpuReadVendorString ¶
func (Debugger) DebugCloseRemoteDebugger ¶
func (Debugger) DebugCurrentDeviceUsingComPort ¶
func (Debugger) DebugRemoteDeviceUsingComPort ¶
func (Debugger) DebugRemoteDeviceUsingNamedPipe ¶
func (Debugger) DebuggerGetKernelBase ¶
func (Debugger) DisableTransparentMode ¶
func (Debugger) EnableTransparentMode ¶
func (Debugger) GetIdtEntry ¶
func (Debugger) GetIdtEntry(idt_packet INTERRUPT_DESCRIPTOR_TABLE_ENTRIES_PACKETS) bool
func (Debugger) GetIoApic ¶
func (Debugger) GetIoApic(io_apic IO_APIC_ENTRY_PACKETS) bool
func (Debugger) GetLocalApic ¶
func (Debugger) GetLocalApic(local_apic PLAPIC_PAGE, is_using_x2apic bool) bool
func (Debugger) HwdbgScriptRunScript ¶
func (Debugger) InstallVmmDriver ¶
func (Debugger) LoadVmmModule ¶
func (Debugger) ReadAllRegisters ¶
func (Debugger) ReadAllRegisters(guest_registers GUEST_REGS, extra_registers GUEST_EXTRA_REGISTERS) bool
func (Debugger) ReadMemory ¶
func (Debugger) ReadMemory(target_address uint64, memory_type DEBUGGER_READ_MEMORY_TYPE, reading_Type DEBUGGER_READ_READING_TYPE, pid uint32, size uint32, get_address_mode bool, address_mode DEBUGGER_READ_MEMORY_ADDRESS_MODE, target_buffer_to_store []byte, return_length uint32) bool
func (Debugger) ReadTargetRegister ¶
func (Debugger) RegisterShowAll ¶
func (Debugger) RegisterShowTargetRegister ¶
func (Debugger) RunCommand ¶
func (Debugger) ScriptEngineWrapperTestParserForHwdbg ¶
func (Debugger) SetBreakPoint ¶
func (Debugger) SetCustomDriverPath ¶
func (Debugger) SetupPathForFileName ¶
func (Debugger) ShowMemoryOrDisassemble ¶
func (Debugger) ShowMemoryOrDisassemble(style DEBUGGER_SHOW_MEMORY_STYLE, address uint64, memory_type DEBUGGER_READ_MEMORY_TYPE, reading_type DEBUGGER_READ_READING_TYPE, pid uint32, size uint32, dt_details DEBUGGER_DT_COMMAND_OPTIONS)
func (Debugger) ShowSignature ¶
func (Debugger) StartProcess ¶
func (Debugger) StartProcessWithArgs ¶
func (Debugger) SteppingInstrumentationStepIn ¶
func (Debugger) SteppingInstrumentationStepInForTracking ¶
func (Debugger) SteppingRegularStepIn ¶
func (Debugger) SteppingStepOver ¶
func (Debugger) SteppingStepOverForGu ¶
func (Debugger) StopVmmDriver ¶
func (Debugger) TestCommandParserShowTokens ¶
func (Debugger) UninstallVmmDriver ¶
func (Debugger) UseDefaultDriverPath ¶
func (Debugger) UseDefaultDriverPath()
func (Debugger) VmxSupportDetection ¶
func (Debugger) WriteMemory ¶
type GUEST_EXTRA_REGISTERS ¶
type GUEST_REGS ¶
type GUEST_REGS struct {
// contains filtered or unexported fields
}
type INTERRUPT_DESCRIPTOR_TABLE_ENTRIES_PACKETS ¶
type INTERRUPT_DESCRIPTOR_TABLE_ENTRIES_PACKETS struct {
KernelStatus uint32
IdtEntry [MAX_NUMBER_OF_IDT_ENTRIES]uint64
}
type IO_APIC_ENTRY_PACKETS ¶
type LAPIC_PAGE ¶
type LAPIC_PAGE struct {
Reserved000 [0x10]byte // 偏移 0x00-0x0F
Reserved010 [0x10]byte // 偏移 0x10-0x1F
Id uint32 // 偏移 0x020 - APIC ID
Reserved024 [0x0C]byte // 偏移 0x024-0x02F
Version uint32 // 偏移 0x030 - 版本号
Reserved034 [0x0C]byte // 偏移 0x034-0x03F
Reserved040 [0x40]byte // 偏移 0x040-0x07F
TPR uint32 // 偏移 0x080 - 任务优先级
Reserved084 [0x0C]byte // 偏移 0x084-0x08F
ArbitrationPriority uint32 // 偏移 0x090 - 仲裁优先级
Reserved094 [0x0C]byte // 偏移 0x094-0x09F
ProcessorPriority uint32 // 偏移 0x0A0 - 处理器优先级
Reserved0A4 [0x0C]byte // 偏移 0x0A4-0x0AF
EOI uint32 // 偏移 0x0B0 - 中断结束寄存器
Reserved0B4 [0x0C]byte // 偏移 0x0B4-0x0BF
RemoteRead uint32 // 偏移 0x0C0 - 远程读寄存器
Reserved0C4 [0x0C]byte // 偏移 0x0C4-0x0CF
LogicalDestination uint32 // 偏移 0x0D0 - 逻辑目标寄存器
Reserved0D4 [0x0C]byte // 偏移 0x0D4-0x0DF
DestinationFormat uint32 // 偏移 0x0E0 - 目标格式寄存器
Reserved0E4 [0x0C]byte // 偏移 0x0E4-0x0EF
SpuriousInterruptVector uint32 // 偏移 0x0F0 - 伪中断向量
Reserved0F4 [0x0C]byte // 偏移 0x0F4-0x0FF
ISR [8]uint32 // 偏移 0x100-0x13F (实际32位数组,分8个32位组存储)
//_ [0x40]byte // 对齐填充 0x140-0x17F
TMR [8]uint32 // 偏移 0x180-0x1BF (实际32位数组,分8个32位组存储)
//_ [0x40]byte // 对齐填充 0x1C0-0x1FF
IRR [8]uint32 // 偏移 0x200-0x23F (实际32位数组,分8个32位组存储)
//_ [0x40]byte // 对齐填充 0x240-0x27F
ErrorStatus uint32 // 偏移 0x280 - 错误状态寄存器
Reserved284 [0x0C]byte // 偏移 0x284-0x28F
Reserved290 [0x60]byte // 偏移 0x290-0x2EF
LvtCmci uint32 // 偏移 0x2F0 - CMCI中断向量
Reserved2F4 [0x0C]byte // 偏移 0x2F4-0x2FF
IcrLow uint32 // 偏移 0x300 - 中断命令寄存器低32位
Reserved304 [0x0C]byte // 偏移 0x304-0x30F
IcrHigh uint32 // 偏移 0x310 - 中断命令寄存器高32位
Reserved314 [0x0C]byte // 偏移 0x314-0x31F
LvtTimer uint32 // 偏移 0x320 - 定时器中断向量
Reserved324 [0x0C]byte // 偏移 0x324-0x32F
LvtThermalSensor uint32 // 偏移 0x330 - 热传感器中断向量
Reserved334 [0x0C]byte // 偏移 0x334-0x33F
LvtPerfMonCounters uint32 // 偏移 0x340 - 性能监控计数器中断向量
Reserved344 [0x0C]byte // 偏移 0x344-0x34F
LvtLINT0 uint32 // 偏移 0x350 - LINT0中断向量
Reserved354 [0x0C]byte // 偏移 0x354-0x35F
LvtLINT1 uint32 // 偏移 0x360 - LINT1中断向量
Reserved364 [0x0C]byte // 偏移 0x364-0x36F
LvtError uint32 // 偏移 0x370 - 错误中断向量
Reserved374 [0x0C]byte // 偏移 0x374-0x37F
InitialCount uint32 // 偏移 0x380 - 初始计数寄存器
Reserved384 [0x0C]byte // 偏移 0x384-0x38F
CurrentCount uint32 // 偏移 0x390 - 当前计数寄存器
Reserved394 [0x0C]byte // 偏移 0x394-0x39F
Reserved3A0 [0x40]byte // 偏移 0x3A0-0x3DF
DivideConfiguration uint32 // 偏移 0x3E0 - 分频配置寄存器
Reserved3E4 [0x0C]byte // 偏移 0x3E4-0x3EF
SelfIpi uint32 // 偏移 0x3F0 - 自中断寄存器(X2APIC)
Reserved3F4 [0x0C]byte // 偏移 0x3F4-0x3FF(X2APIC保留)
}
LAPIC_PAGE 表示本地高级可编程中断控制器(LAPIC)的寄存器页面布局 总大小固定为 0x400 字节 (1024 字节)
type REGS_ENUM ¶
type REGS_ENUM byte
const ( REGISTER_RAX REGS_ENUM = iota REGISTER_EAX REGISTER_AX REGISTER_AH REGISTER_AL REGISTER_RCX REGISTER_ECX REGISTER_CX REGISTER_CH REGISTER_CL REGISTER_RDX REGISTER_EDX REGISTER_DX REGISTER_DH REGISTER_DL REGISTER_RBX REGISTER_EBX REGISTER_BX REGISTER_BH REGISTER_BL REGISTER_RSP REGISTER_ESP REGISTER_SP REGISTER_SPL REGISTER_RBP REGISTER_EBP REGISTER_BP REGISTER_BPL REGISTER_RSI REGISTER_ESI REGISTER_SI REGISTER_SIL REGISTER_RDI REGISTER_EDI REGISTER_DI REGISTER_DIL REGISTER_R8 REGISTER_R8D REGISTER_R8W REGISTER_R8H REGISTER_R8L REGISTER_R9 REGISTER_R9D REGISTER_R9W REGISTER_R9H REGISTER_R9L REGISTER_R10 REGISTER_R10D REGISTER_R10W REGISTER_R10H REGISTER_R10L REGISTER_R11 REGISTER_R11D REGISTER_R11W REGISTER_R11H REGISTER_R11L REGISTER_R12 REGISTER_R12D REGISTER_R12W REGISTER_R12H REGISTER_R12L REGISTER_R13 REGISTER_R13D REGISTER_R13W REGISTER_R13H REGISTER_R13L REGISTER_R14 REGISTER_R14D REGISTER_R14W REGISTER_R14H REGISTER_R14L REGISTER_R15 REGISTER_R15D REGISTER_R15W REGISTER_R15H REGISTER_R15L REGISTER_DS REGISTER_ES REGISTER_FS REGISTER_GS REGISTER_CS REGISTER_SS REGISTER_RFLAGS REGISTER_EFLAGS REGISTER_FLAGS REGISTER_CF REGISTER_PF REGISTER_AF REGISTER_ZF REGISTER_SF REGISTER_TF REGISTER_IF REGISTER_DF REGISTER_OF REGISTER_IOPL REGISTER_NT REGISTER_RF REGISTER_VM REGISTER_AC REGISTER_VIF REGISTER_VIP REGISTER_ID REGISTER_RIP REGISTER_EIP REGISTER_IP REGISTER_IDTR REGISTER_LDTR REGISTER_GDTR REGISTER_TR REGISTER_CR0 REGISTER_CR2 REGISTER_CR3 REGISTER_CR4 REGISTER_CR8 REGISTER_DR0 REGISTER_DR1 REGISTER_DR2 REGISTER_DR3 REGISTER_DR6 REGISTER_DR7 )
Source Files
Click to show internal directories.
Click to hide internal directories.