From 78a20abc78782023858675d924d508c373a3b35a Mon Sep 17 00:00:00 2001 From: Admin <2762713521@qq.com> Date: Wed, 19 Jun 2024 13:18:52 +0800 Subject: [PATCH 01/48] bind sdk --- gengo/bind/sdkMerge/New Text Document.txt | 18 + gengo/bind/sdkMerge/Stderr.log | 56 + gengo/bind/sdkMerge/combined_headers.h | 4199 +++++++++++++++++++++ gengo/bind/sdkMerge/sdk_test.go | 97 + 4 files changed, 4370 insertions(+) create mode 100644 gengo/bind/sdkMerge/New Text Document.txt create mode 100644 gengo/bind/sdkMerge/Stderr.log create mode 100644 gengo/bind/sdkMerge/combined_headers.h create mode 100644 gengo/bind/sdkMerge/sdk_test.go diff --git a/gengo/bind/sdkMerge/New Text Document.txt b/gengo/bind/sdkMerge/New Text Document.txt new file mode 100644 index 000000000..35990dd88 --- /dev/null +++ b/gengo/bind/sdkMerge/New Text Document.txt @@ -0,0 +1,18 @@ +func Test_transFile(t *testing.T) { + includePaths := []string{ + "D:/fork/cpp2go/test/hyperdbg/dependencies", + "D:/fork/cpp2go/test/hyperdbg/hprdbgctrl", + "D:/fork/cpp2go/test/hyperdbg/hprdbgctrl/header", + "D:/fork/cpp2go/test/hyperdbg/include", + "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/MSVC/14.40.33807/include", + "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Tools/MSVC/14.40.33807/atlmfc/include", + "C:/Program Files/Microsoft Visual Studio/2022/Enterprise/VC/Auxiliary/VS/include", + "C:/Program Files (x86)/Windows Kits/10/Include/10.0.26100.0/ucrt", + "C:/Program Files (x86)/Windows Kits/10/Include/10.0.26100.0/um", + "C:/Program Files (x86)/Windows Kits/10/Include/10.0.26100.0/shared", + "C:/Program Files (x86)/Windows Kits/10/Include/10.0.26100.0/winrt", + "C:/Program Files (x86)/Windows Kits/10/Include/10.0.26100.0/cppwinrt", + "C:/Program Files (x86)/Windows Kits/NETFXSDK/4.8.1/Include/um", + } + + path := "D:\\fork\\cpp2go\\test\\hyperdbg\\hprdbgctrl\\code\\app\\hprdbgctrl" diff --git a/gengo/bind/sdkMerge/Stderr.log b/gengo/bind/sdkMerge/Stderr.log new file mode 100644 index 000000000..c7cb12103 --- /dev/null +++ b/gengo/bind/sdkMerge/Stderr.log @@ -0,0 +1,56 @@ +combined_headers.h:757:9: error: unknown type name 'wchar_t' + 757 | typedef wchar_t WCHAR; + | ^ +combined_headers.h:1793:5: error: unknown type name 'PVOID' + 1793 | PVOID Context; + | ^ +combined_headers.h:1848:1: warning: use of 'static_assert' without inclusion of is a Microsoft extension [-Wmicrosoft-static-assert] + 1848 | static_assert(sizeof(DEBUGGEE_UD_PAUSED_PACKET) < PacketChunkSize, + | ^~~~~~~~~~~~~ + | _Static_assert +combined_headers.h:1887:5: error: unknown type name 'HANDLE' + 1887 | HANDLE hEvent; + | ^ +combined_headers.h:1954:5: error: unknown type name 'PVOID' + 1954 | PVOID TargetAddress; + | ^ +combined_headers.h:1955:5: error: unknown type name 'PVOID' + 1955 | PVOID HookFunction; + | ^ +combined_headers.h:1967:5: error: unknown type name 'SIZE_T' + 1967 | SIZE_T PhysicalAddress; + | ^ +combined_headers.h:2690:5: error: unknown type name 'LIST_ENTRY' + 2690 | LIST_ENTRY + | ^ +combined_headers.h:2694:5: error: unknown type name 'time_t'; did you mean 'size_t'? + 2694 | time_t CreationTime; // Date of creating this event + | ^~~~~~ + | size_t +note: 'size_t' declared here +combined_headers.h:2732:5: error: unknown type name 'PVOID' + 2732 | PVOID CommandStringBuffer; + | ^ +combined_headers.h:2909:5: error: unknown type name 'PVOID' + 2909 | PVOID BufferAddress; + | ^ +combined_headers.h:3614:5: error: unknown type name 'PVOID' + 3614 | PVOID CustomCodeBufferAddress; + | ^ +combined_headers.h:3958:22: error: use of undeclared identifier 'MAX_PATH' + 3958 | char FilePath[MAX_PATH]; + | ^ +combined_headers.h:3959:30: error: use of undeclared identifier 'MAX_PATH' + 3959 | char ModuleSymbolPath[MAX_PATH]; + | ^ +combined_headers.h:3968:5: error: unknown type name 'wchar_t' + 3968 | wchar_t FilePath[MAX_PATH]; + | ^ +combined_headers.h:3968:22: error: use of undeclared identifier 'MAX_PATH' + 3968 | wchar_t FilePath[MAX_PATH]; + | ^ +combined_headers.h:4010:1: warning: use of 'static_assert' without inclusion of is a Microsoft extension [-Wmicrosoft-static-assert] + 4010 | static_assert(sizeof(DEBUGGER_UPDATE_SYMBOL_TABLE) < PacketChunkSize, + | ^~~~~~~~~~~~~ + | _Static_assert +2 warnings and 15 errors generated. diff --git a/gengo/bind/sdkMerge/combined_headers.h b/gengo/bind/sdkMerge/combined_headers.h new file mode 100644 index 000000000..a68546562 --- /dev/null +++ b/gengo/bind/sdkMerge/combined_headers.h @@ -0,0 +1,4199 @@ +/** + * @file Constants.h + * @author Sina Karvandi (sina@hyperdbg.org) + * @brief HyperDbg's SDK constants + * @details This file contains definitions of constants + * used in HyperDbg + * @version 0.2 + * @date 2022-06-24 + * + * @copyright This project is released under the GNU Public License v3. + * + */ +#pragma once + +////////////////////////////////////////////////// +// Version Information // +////////////////////////////////////////////////// + +#define VERSION_MAJOR 1 +#define VERSION_MINOR 0 +#define VERSION_PATCH 0 + +// +// Example of __DATE__ string: "Jul 27 2012" +// 01234567890 + +#define BUILD_YEAR_CH0 (__DATE__[7]) +#define BUILD_YEAR_CH1 (__DATE__[8]) +#define BUILD_YEAR_CH2 (__DATE__[9]) +#define BUILD_YEAR_CH3 (__DATE__[10]) + +#define BUILD_MONTH_IS_JAN (__DATE__[0] == 'J' && __DATE__[1] == 'a' && __DATE__[2] == 'n') +#define BUILD_MONTH_IS_FEB (__DATE__[0] == 'F') +#define BUILD_MONTH_IS_MAR (__DATE__[0] == 'M' && __DATE__[1] == 'a' && __DATE__[2] == 'r') +#define BUILD_MONTH_IS_APR (__DATE__[0] == 'A' && __DATE__[1] == 'p') +#define BUILD_MONTH_IS_MAY (__DATE__[0] == 'M' && __DATE__[1] == 'a' && __DATE__[2] == 'y') +#define BUILD_MONTH_IS_JUN (__DATE__[0] == 'J' && __DATE__[1] == 'u' && __DATE__[2] == 'n') +#define BUILD_MONTH_IS_JUL (__DATE__[0] == 'J' && __DATE__[1] == 'u' && __DATE__[2] == 'l') +#define BUILD_MONTH_IS_AUG (__DATE__[0] == 'A' && __DATE__[1] == 'u') +#define BUILD_MONTH_IS_SEP (__DATE__[0] == 'S') +#define BUILD_MONTH_IS_OCT (__DATE__[0] == 'O') +#define BUILD_MONTH_IS_NOV (__DATE__[0] == 'N') +#define BUILD_MONTH_IS_DEC (__DATE__[0] == 'D') + +#define BUILD_MONTH_CH0 \ + ((BUILD_MONTH_IS_OCT || BUILD_MONTH_IS_NOV || BUILD_MONTH_IS_DEC) ? '1' : '0') + +#define BUILD_MONTH_CH1 \ + ( \ + (BUILD_MONTH_IS_JAN) ? '1' : (BUILD_MONTH_IS_FEB) ? '2' \ + : (BUILD_MONTH_IS_MAR) ? '3' \ + : (BUILD_MONTH_IS_APR) ? '4' \ + : (BUILD_MONTH_IS_MAY) ? '5' \ + : (BUILD_MONTH_IS_JUN) ? '6' \ + : (BUILD_MONTH_IS_JUL) ? '7' \ + : (BUILD_MONTH_IS_AUG) ? '8' \ + : (BUILD_MONTH_IS_SEP) ? '9' \ + : (BUILD_MONTH_IS_OCT) ? '0' \ + : (BUILD_MONTH_IS_NOV) ? '1' \ + : (BUILD_MONTH_IS_DEC) ? '2' \ + : /* error default */ '?') + +#define BUILD_DAY_CH0 ((__DATE__[4] >= '0') ? (__DATE__[4]) : '0') +#define BUILD_DAY_CH1 (__DATE__[5]) + +// +// Example of __TIME__ string: "21:06:19" +// 01234567 + +#define BUILD_HOUR_CH0 (__TIME__[0]) +#define BUILD_HOUR_CH1 (__TIME__[1]) + +#define BUILD_MIN_CH0 (__TIME__[3]) +#define BUILD_MIN_CH1 (__TIME__[4]) + +#define BUILD_SEC_CH0 (__TIME__[6]) +#define BUILD_SEC_CH1 (__TIME__[7]) + +#if VERSION_MAJOR > 100 + +# define VERSION_MAJOR_INIT \ + ((VERSION_MAJOR / 100) + '0'), \ + (((VERSION_MAJOR % 100) / 10) + '0'), \ + ((VERSION_MAJOR % 10) + '0') + +#elif VERSION_MAJOR > 10 + +# define VERSION_MAJOR_INIT \ + ((VERSION_MAJOR / 10) + '0'), \ + ((VERSION_MAJOR % 10) + '0') + +#else + +# define VERSION_MAJOR_INIT \ + (VERSION_MAJOR + '0') + +#endif + +#if VERSION_MINOR > 100 + +# define VERSION_MINOR_INIT \ + ((VERSION_MINOR / 100) + '0'), \ + (((VERSION_MINOR % 100) / 10) + '0'), \ + ((VERSION_MINOR % 10) + '0') + +#elif VERSION_MINOR > 10 + +# define VERSION_MINOR_INIT \ + ((VERSION_MINOR / 10) + '0'), \ + ((VERSION_MINOR % 10) + '0') + +#else + +# define VERSION_MINOR_INIT \ + (VERSION_MINOR + '0') + +#endif + +#if VERSION_PATCH > 100 + +# define VERSION_PATCH_INIT \ + ((VERSION_PATCH / 100) + '0'), \ + (((VERSION_PATCH % 100) / 10) + '0'), \ + ((VERSION_PATCH % 10) + '0') + +#elif VERSION_PATCH > 10 + +# define VERSION_PATCH_INIT \ + ((VERSION_PATCH / 10) + '0'), \ + ((VERSION_PATCH % 10) + '0') + +#else + +# define VERSION_PATCH_INIT \ + (VERSION_PATCH + '0') + +#endif + +#ifndef HYPERDBG_KERNEL_MODE + +const unsigned char BuildDateTime[] = { + BUILD_YEAR_CH0, + BUILD_YEAR_CH1, + BUILD_YEAR_CH2, + BUILD_YEAR_CH3, + '-', + BUILD_MONTH_CH0, + BUILD_MONTH_CH1, + '-', + BUILD_DAY_CH0, + BUILD_DAY_CH1, + ' ', + BUILD_HOUR_CH0, + BUILD_HOUR_CH1, + ':', + BUILD_MIN_CH0, + BUILD_MIN_CH1, + ':', + BUILD_SEC_CH0, + BUILD_SEC_CH1, + + '\0'}; + +const unsigned char CompleteVersion[] = { + 'v', + VERSION_MAJOR_INIT, + '.', + VERSION_MINOR_INIT, + '.', + VERSION_PATCH_INIT, + '\0'}; + +const unsigned char BuildVersion[] = { + BUILD_YEAR_CH0, + BUILD_YEAR_CH1, + BUILD_YEAR_CH2, + BUILD_YEAR_CH3, + BUILD_MONTH_CH0, + BUILD_MONTH_CH1, + BUILD_DAY_CH0, + BUILD_DAY_CH1, + '.', + BUILD_HOUR_CH0, + BUILD_HOUR_CH1, + BUILD_MIN_CH0, + BUILD_MIN_CH1, + + '\0'}; + +const unsigned char BuildSignature[] = { + VERSION_MAJOR_INIT, + '.', + VERSION_MINOR_INIT, + '.', + VERSION_PATCH_INIT, + '-', + BUILD_YEAR_CH0, + BUILD_YEAR_CH1, + BUILD_YEAR_CH2, + BUILD_YEAR_CH3, + BUILD_MONTH_CH0, + BUILD_MONTH_CH1, + BUILD_DAY_CH0, + BUILD_DAY_CH1, + '.', + BUILD_HOUR_CH0, + BUILD_HOUR_CH1, + BUILD_MIN_CH0, + BUILD_MIN_CH1, + + '\0'}; + +#endif // SCRIPT_ENGINE_KERNEL_MODE + +////////////////////////////////////////////////// +// Message Tracing // +////////////////////////////////////////////////// + +/** + * @brief Default buffer count of packets for message tracing + * @details number of packets storage for regular buffers + */ +#define MaximumPacketsCapacity 1000 + +/** + * @brief Default buffer count of packets for message tracing + * @details number of packets storage for priority buffers + */ +#define MaximumPacketsCapacityPriority 50 + +/** + * @brief Size of normal OS (processor) pages + */ +#define NORMAL_PAGE_SIZE 4096 // PAGE_SIZE + +/** + * @brief Size of each packet + */ +#define PacketChunkSize NORMAL_PAGE_SIZE + +/** + * @brief size of user-mode buffer + * @details Because of operation code at the start of the + * buffer + 1 for null-termminating + * + */ +#define UsermodeBufferSize sizeof(UINT32) + PacketChunkSize + 1 + +/** + * @brief size of buffer for serial + * @details the maximum packet size for sending over serial + * + */ +#define MaxSerialPacketSize 10 * NORMAL_PAGE_SIZE + +/** + * @brief Final storage size of message tracing + * + */ +#define LogBufferSize \ + MaximumPacketsCapacity *(PacketChunkSize + sizeof(BUFFER_HEADER)) + +/** + * @brief Final storage size of message tracing + * + */ +#define LogBufferSizePriority \ + MaximumPacketsCapacityPriority *(PacketChunkSize + sizeof(BUFFER_HEADER)) + +/** + * @brief limitation of Windows DbgPrint message size + * @details currently is not functional + * + */ +#define DbgPrintLimitation 512 + +/** + * @brief The seeds that user-mode codes use as the starter + * of their events' tag + * + */ +#define DebuggerEventTagStartSeed 0x1000000 + +/** + * @brief The seeds that user-mode thread detail token start with it + * @details This seed should not start with zero (0), otherwise it's + * interpreted as error + */ +#define DebuggerThreadDebuggingTagStartSeed 0x1000000 + +/** + * @brief The seeds that user-mode codes use as the starter + * of their output source tag + * + */ +#define DebuggerOutputSourceTagStartSeed 0x1 + +/** + * @brief Determines how many sources a debugger can have for + * a single event + * + */ +#define DebuggerOutputSourceMaximumRemoteSourceForSingleEvent 0x5 + +/** + * @brief The size of each chunk of memory used in the 'memcpy' function + * of the script engine for transferring buffers in the VMX-root mode + * + */ +#define DebuggerScriptEngineMemcpyMovingBufferSize 64 + +////////////////////////////////////////////////// +// EPT Hook // +////////////////////////////////////////////////// + +/** + * @brief Maximum number of initial pre-allocated EPT hooks + * + */ +#define MAXIMUM_NUMBER_OF_INITIAL_PREALLOCATED_EPT_HOOKS 5 + +////////////////////////////////////////////////// +// Instant Event Configs // +////////////////////////////////////////////////// + +/** + * @brief Maximum number of (regular) instant events that are pre-allocated + * + */ +#define MAXIMUM_REGULAR_INSTANT_EVENTS 20 + +/** + * @brief Maximum number of (big) instant events that are pre-allocated + * + */ +#define MAXIMUM_BIG_INSTANT_EVENTS 0 + +/** + * @brief Pre-allocated size for a regular event + conditions buffer + * + */ +#define REGULAR_INSTANT_EVENT_CONDITIONAL_BUFFER sizeof(DEBUGGER_EVENT) + 100 + +/** + * @brief Pre-allocated size for a big event + conditions buffer + * + */ +#define BIG_INSTANT_EVENT_CONDITIONAL_BUFFER sizeof(DEBUGGER_EVENT) + PAGE_SIZE + +/** + * @brief Pre-allocated size for a regular action + custom code or script buffer + * + */ +#define REGULAR_INSTANT_EVENT_ACTION_BUFFER sizeof(DEBUGGER_EVENT_ACTION) + (PAGE_SIZE * 2) + +/** + * @brief Pre-allocated size for a big action + custom code or script buffer + * + */ +#define BIG_INSTANT_EVENT_ACTION_BUFFER sizeof(DEBUGGER_EVENT_ACTION) + MaxSerialPacketSize + +/** + * @brief Pre-allocated size for a regular requested safe buffer + * + */ +#define REGULAR_INSTANT_EVENT_REQUESTED_SAFE_BUFFER PAGE_SIZE + +/** + * @brief Pre-allocated size for a big requested safe buffer + * + */ +#define BIG_INSTANT_EVENT_REQUESTED_SAFE_BUFFER MaxSerialPacketSize + +////////////////////////////////////////////////// +// Remote Connection // +////////////////////////////////////////////////// + +/** + * @brief default port of HyperDbg for listening by + * debuggee (server, guest) + * + */ +#define DEFAULT_PORT "50000" + +/** + * @brief Packet size for TCP connections + * @details Note that we might add something to the kernel buffers + * that's why we add 0x100 to it + */ +#define COMMUNICATION_BUFFER_SIZE PacketChunkSize + 0x100 + +////////////////////////////////////////////////// +// VMCALL Numbers // +////////////////////////////////////////////////// + +/** + * @brief The start number of VMCALL number allowed to be + * used by top-level drivers + * + */ +#define TOP_LEVEL_DRIVERS_VMCALL_STARTING_NUMBER 0x00000200 + +/** + * @brief The start number of VMCALL number allowed to be + * used by top-level drivers + * + */ +#define TOP_LEVEL_DRIVERS_VMCALL_ENDING_NUMBER TOP_LEVEL_DRIVERS_VMCALL_STARTING_NUMBER + 0x100 + +////////////////////////////////////////////////// +// Operation Codes // +////////////////////////////////////////////////// + +/** + * @brief If a operation use this bit in its Operation code, + * then it means that the operation should be performed + * mandatorily in debuggee and should not be sent to the debugger + */ +#define OPERATION_MANDATORY_DEBUGGEE_BIT (1 << 31) + +/** + * @brief Message logs id that comes from kernel-mode to + * user-mode + * @details Message area >= 0x5 + */ +#define OPERATION_LOG_INFO_MESSAGE 1U +#define OPERATION_LOG_WARNING_MESSAGE 2U +#define OPERATION_LOG_ERROR_MESSAGE 3U +#define OPERATION_LOG_NON_IMMEDIATE_MESSAGE 4U +#define OPERATION_LOG_WITH_TAG 5U + +#define OPERATION_COMMAND_FROM_DEBUGGER_CLOSE_AND_UNLOAD_VMM \ + 6U | OPERATION_MANDATORY_DEBUGGEE_BIT +#define OPERATION_DEBUGGEE_USER_INPUT 7U | OPERATION_MANDATORY_DEBUGGEE_BIT +#define OPERATION_DEBUGGEE_REGISTER_EVENT 8U | OPERATION_MANDATORY_DEBUGGEE_BIT +#define OPERATION_DEBUGGEE_ADD_ACTION_TO_EVENT \ + 9 | OPERATION_MANDATORY_DEBUGGEE_BIT +#define OPERATION_DEBUGGEE_CLEAR_EVENTS 10U | OPERATION_MANDATORY_DEBUGGEE_BIT +#define OPERATION_DEBUGGEE_CLEAR_EVENTS_WITHOUT_NOTIFYING_DEBUGGER 11U | OPERATION_MANDATORY_DEBUGGEE_BIT +#define OPERATION_HYPERVISOR_DRIVER_IS_SUCCESSFULLY_LOADED \ + 12U | OPERATION_MANDATORY_DEBUGGEE_BIT +#define OPERATION_HYPERVISOR_DRIVER_END_OF_IRPS \ + 13U | OPERATION_MANDATORY_DEBUGGEE_BIT +#define OPERATION_COMMAND_FROM_DEBUGGER_RELOAD_SYMBOL \ + 14U | OPERATION_MANDATORY_DEBUGGEE_BIT + +#define OPERATION_NOTIFICATION_FROM_USER_DEBUGGER_PAUSE \ + 15U | OPERATION_MANDATORY_DEBUGGEE_BIT + +////////////////////////////////////////////////// +// Breakpoints & Debug Breakpoints // +////////////////////////////////////////////////// + +/** + * @brief maximum number of buffers to be allocated for a single + * breakpoint + */ +#define MAXIMUM_BREAKPOINTS_WITHOUT_CONTINUE 100 + +/** + * @brief maximum number of thread/process ids to be allocated for a simultaneous + * debugging + * @details it shows the maximum number of threads/processes that HyperDbg sets + * trap flag for them + * + */ +#define MAXIMUM_NUMBER_OF_THREAD_INFORMATION_FOR_TRAPS 200 + +////////////////////////////////////////////////// +// Pool tags used in HyperDbg // +////////////////////////////////////////////////// + +/** + * @brief Pool tag + * + */ +#define POOLTAG 0x48444247 // [H]yper[DBG] (HDBG) + +////////////////////////////////////////////////// +// End of Buffer Detection // +////////////////////////////////////////////////// + +/** + * @brief count of characters for serial end of buffer + */ +#define SERIAL_END_OF_BUFFER_CHARS_COUNT 0x4 + +/** + * @brief characters of the buffer that we set at the end of + * buffers for serial + */ +#define SERIAL_END_OF_BUFFER_CHAR_1 0x00 +#define SERIAL_END_OF_BUFFER_CHAR_2 0x80 +#define SERIAL_END_OF_BUFFER_CHAR_3 0xEE +#define SERIAL_END_OF_BUFFER_CHAR_4 0xFF + +/** + * @brief count of characters for tcp end of buffer + */ +#define TCP_END_OF_BUFFER_CHARS_COUNT 0x4 + +/** + * @brief characters of the buffer that we set at the end of + * buffers for tcp + */ +#define TCP_END_OF_BUFFER_CHAR_1 0x10 +#define TCP_END_OF_BUFFER_CHAR_2 0x20 +#define TCP_END_OF_BUFFER_CHAR_3 0x33 +#define TCP_END_OF_BUFFER_CHAR_4 0x44 + +////////////////////////////////////////////////// +// Name of OS // +////////////////////////////////////////////////// + +/** + * @brief maximum name for OS name buffer + * + */ +#define MAXIMUM_CHARACTER_FOR_OS_NAME 256 + +////////////////////////////////////////////////// +// Processor Details // +////////////////////////////////////////////////// + +/** + * @brief maximum instruction size in Intel + */ +#define MAXIMUM_INSTR_SIZE 16 + +/** + * @brief maximum size for call instruction in Intel + */ +#define MAXIMUM_CALL_INSTR_SIZE 7 + +////////////////////////////////////////////////// +// Symbols Details // +////////////////////////////////////////////////// + +/** + * @brief maximum supported modules to load + * their symbol information + */ +#define MAXIMUM_SUPPORTED_SYMBOLS 1000 + +/** + * @brief maximum size for GUID and Age of PE + * @detail It seems that 33 bytes is enough but let's + * have more space because there might be sth that we + * missed :) + */ +#define MAXIMUM_GUID_AND_AGE_SIZE 60 + +////////////////////////////////////////////////// +// Debuggee Communication // +////////////////////////////////////////////////// + +/** + * @brief constant indicator of a HyperDbg packet + * @warning used in hwdbg + * + */ +#define INDICATOR_OF_HYPERDBG_PACKET \ + 0x4859504552444247 // HYPERDBG = 0x4859504552444247 + +////////////////////////////////////////////////// +// Command Details // +////////////////////////////////////////////////// + +/** + * @brief maximum results that will be returned by !s* s* + * command + * + */ +#define MaximumSearchResults 0x1000 + +////////////////////////////////////////////////// +// Script Engine // +////////////////////////////////////////////////// + +/** + * @brief EFLAGS/RFLAGS + * + */ +#define X86_FLAGS_CF (1 << 0) +#define X86_FLAGS_PF (1 << 2) +#define X86_FLAGS_AF (1 << 4) +#define X86_FLAGS_ZF (1 << 6) +#define X86_FLAGS_SF (1 << 7) +#define X86_FLAGS_TF (1 << 8) +#define X86_FLAGS_IF (1 << 9) +#define X86_FLAGS_DF (1 << 10) +#define X86_FLAGS_OF (1 << 11) +#define X86_FLAGS_STATUS_MASK (0xfff) +#define X86_FLAGS_IOPL_MASK (3 << 12) +#define X86_FLAGS_IOPL_SHIFT (12) +#define X86_FLAGS_IOPL_SHIFT_2ND_BIT (13) +#define X86_FLAGS_NT (1 << 14) +#define X86_FLAGS_RF (1 << 16) +#define X86_FLAGS_VM (1 << 17) +#define X86_FLAGS_AC (1 << 18) +#define X86_FLAGS_VIF (1 << 19) +#define X86_FLAGS_VIP (1 << 20) +#define X86_FLAGS_ID (1 << 21) +#define X86_FLAGS_RESERVED_ONES 0x2 +#define X86_FLAGS_RESERVED 0xffc0802a + +#define X86_FLAGS_RESERVED_BITS 0xffc38028 +#define X86_FLAGS_FIXED 0x00000002 + +#ifndef LOWORD +# define LOWORD(l) ((WORD)(l)) +#endif // !LOWORD + +#ifndef HIWORD +# define HIWORD(l) ((WORD)(((DWORD)(l) >> 16) & 0xFFFF)) +#endif // !HIWORD + +#ifndef LOBYTE +# define LOBYTE(w) ((BYTE)(w)) +#endif // !LOBYTE + +#ifndef HIBYTE +# define HIBYTE(w) ((BYTE)(((WORD)(w) >> 8) & 0xFF)) +#endif // !HIBYTE + +#define MAX_TEMP_COUNT 128 + +#define MAX_STACK_BUFFER_COUNT 128 + +// TODO: Extract number of variables from input of ScriptEngine +// and allocate variableList Dynamically. +#define MAX_VAR_COUNT 512 + +#define MAX_FUNCTION_NAME_LENGTH 32 + +////////////////////////////////////////////////// +// Debugger // +////////////////////////////////////////////////// + +/** + * @brief Apply event modifications to all tags + * + */ +#define DEBUGGER_MODIFY_EVENTS_APPLY_TO_ALL_TAG 0xffffffffffffffff + +/** + * @brief Maximum length for a function (to be used in showing distance + * from symbol functions in the 'u' command) + * + */ +#define DISASSEMBLY_MAXIMUM_DISTANCE_FROM_OBJECT_NAME 0xffff + +/** + * @brief Read and write MSRs to all cores + * + */ +#define DEBUGGER_READ_AND_WRITE_ON_MSR_APPLY_ALL_CORES 0xffffffff + +/** + * @brief Apply the event to all the cores + * + */ +#define DEBUGGER_DEBUGGEE_IS_RUNNING_NO_CORE 0xffffffff + +/** + * @brief Apply the event to all the cores + * + */ +#define DEBUGGER_EVENT_APPLY_TO_ALL_CORES 0xffffffff + +/** + * @brief Apply the event to all the processes + * + */ +#define DEBUGGER_EVENT_APPLY_TO_ALL_PROCESSES 0xffffffff + +/** + * @brief Apply to all Model Specific Registers + * + */ +#define DEBUGGER_EVENT_MSR_READ_OR_WRITE_ALL_MSRS 0xffffffff + +/** + * @brief Apply to all first 32 exceptions + * + */ +#define DEBUGGER_EVENT_EXCEPTIONS_ALL_FIRST_32_ENTRIES 0xffffffff + +/** + * @brief Apply to all syscalls and sysrets + * + */ +#define DEBUGGER_EVENT_SYSCALL_ALL_SYSRET_OR_SYSCALLS 0xffffffff + +/** + * @brief Apply to all I/O ports + * + */ +#define DEBUGGER_EVENT_ALL_IO_PORTS 0xffffffff + +/** + * @brief The constant to apply to all cores for bp command + * + */ +#define DEBUGGEE_BP_APPLY_TO_ALL_CORES 0xffffffff + +/** + * @brief The constant to apply to all processes for bp command + * + */ +#define DEBUGGEE_BP_APPLY_TO_ALL_PROCESSES 0xffffffff + +/** + * @brief The constant to apply to all threads for bp command + * + */ +#define DEBUGGEE_BP_APPLY_TO_ALL_THREADS 0xffffffff + +/** + * @brief for reading all registers in r command. + * + */ +#define DEBUGGEE_SHOW_ALL_REGISTERS 0xffffffff + + +/** + * @file BasicTypes.h + * @author Sina Karvandi (sina@hyperdbg.org) + * @brief HyperDbg's SDK Headers For Basic Datatypes + * @details This file contains definitions of basic datatypes + * @version 0.2 + * @date 2022-06-28 + * + * @copyright This project is released under the GNU Public License v3. + * + */ +#pragma once + +#pragma warning(disable : 4201) // Suppress nameless struct/union warning + +////////////////////////////////////////////////// +// Basic Datatypes // +////////////////////////////////////////////////// + +typedef unsigned long long QWORD; +typedef unsigned __int64 UINT64, *PUINT64; +typedef unsigned long DWORD; +typedef int BOOL; +typedef unsigned char BYTE; +typedef unsigned short WORD; +typedef int INT; +typedef unsigned int UINT; +typedef unsigned int * PUINT; +typedef unsigned __int64 ULONG64, *PULONG64; +typedef unsigned __int64 DWORD64, *PDWORD64; +typedef char CHAR; +typedef wchar_t WCHAR; +#define VOID void + +typedef unsigned char UCHAR; +typedef unsigned short USHORT; +typedef unsigned long ULONG; + +typedef UCHAR BOOLEAN; // winnt +typedef BOOLEAN * PBOOLEAN; // winnt + +typedef signed char INT8, *PINT8; +typedef signed short INT16, *PINT16; +typedef signed int INT32, *PINT32; +typedef signed __int64 INT64, *PINT64; +typedef unsigned char UINT8, *PUINT8; +typedef unsigned short UINT16, *PUINT16; +typedef unsigned int UINT32, *PUINT32; +typedef unsigned __int64 UINT64, *PUINT64; + +#define NULL_ZERO 0 +#define NULL64_ZERO 0ull + +#define FALSE 0 +#define TRUE 1 + +#define UPPER_56_BITS 0xffffffffffffff00 +#define UPPER_48_BITS 0xffffffffffff0000 +#define UPPER_32_BITS 0xffffffff00000000 +#define LOWER_32_BITS 0x00000000ffffffff +#define LOWER_16_BITS 0x000000000000ffff +#define LOWER_8_BITS 0x00000000000000ff +#define SECOND_LOWER_8_BITS 0x000000000000ff00 +#define UPPER_48_BITS_AND_LOWER_8_BITS 0xffffffffffff00ff + +// +// DO NOT FUCKING TOUCH THIS STRUCTURE WITHOUT COORDINATION WITH SINA +// +typedef struct GUEST_REGS +{ + // + // DO NOT FUCKING TOUCH THIS STRUCTURE WITHOUT COORDINATION WITH SINA + // + + UINT64 rax; // 0x00 + UINT64 rcx; // 0x08 + UINT64 rdx; // 0x10 + UINT64 rbx; // 0x18 + UINT64 rsp; // 0x20 + UINT64 rbp; // 0x28 + UINT64 rsi; // 0x30 + UINT64 rdi; // 0x38 + UINT64 r8; // 0x40 + UINT64 r9; // 0x48 + UINT64 r10; // 0x50 + UINT64 r11; // 0x58 + UINT64 r12; // 0x60 + UINT64 r13; // 0x68 + UINT64 r14; // 0x70 + UINT64 r15; // 0x78 + + // + // DO NOT FUCKING TOUCH THIS STRUCTURE WITHOUT COORDINATION WITH SINA + // + +} GUEST_REGS, *PGUEST_REGS; + +/** + * @brief struct for extra registers + * + */ +typedef struct GUEST_EXTRA_REGISTERS +{ + UINT16 CS; + UINT16 DS; + UINT16 FS; + UINT16 GS; + UINT16 ES; + UINT16 SS; + UINT64 RFLAGS; + UINT64 RIP; +} GUEST_EXTRA_REGISTERS, *PGUEST_EXTRA_REGISTERS; + +/** + * @brief List of different variables + */ +typedef struct _SCRIPT_ENGINE_VARIABLES_LIST +{ + UINT64 * TempList; + UINT64 * GlobalVariablesList; + UINT64 * LocalVariablesList; + +} SCRIPT_ENGINE_VARIABLES_LIST, *PSCRIPT_ENGINE_VARIABLES_LIST; + +/** + * @brief CR3 Structure + * + */ +typedef struct _CR3_TYPE +{ + union + { + UINT64 Flags; + + struct + { + UINT64 Pcid : 12; + UINT64 PageFrameNumber : 36; + UINT64 Reserved1 : 12; + UINT64 Reserved_2 : 3; + UINT64 PcidInvalidate : 1; + } Fields; + }; +} CR3_TYPE, *PCR3_TYPE; + + +/** + * @file ErrorCodes.h + * @author Sina Karvandi (sina@hyperdbg.org) + * @brief HyperDbg's SDK Error codes + * @details This file contains definitions of error codes used in HyperDbg + * @version 0.2 + * @date 2022-06-24 + * + * @copyright This project is released under the GNU Public License v3. + * + */ +#pragma once + +////////////////////////////////////////////////// +// Success Codes // +////////////////////////////////////////////////// + +/** + * @brief General value to indicate that the operation or + * request was successful + * + */ +#define DEBUGGER_OPERATION_WAS_SUCCESSFUL 0xFFFFFFFF + +////////////////////////////////////////////////// +// Error Codes // +////////////////////////////////////////////////// + +/** + * @brief error, the tag not exist + * + */ +#define DEBUGGER_ERROR_TAG_NOT_EXISTS 0xc0000000 + +/** + * @brief error, invalid type of action + * + */ +#define DEBUGGER_ERROR_INVALID_ACTION_TYPE 0xc0000001 + +/** + * @brief error, the action buffer size is invalid + * + */ +#define DEBUGGER_ERROR_ACTION_BUFFER_SIZE_IS_ZERO 0xc0000002 + +/** + * @brief error, the event type is unknown + * + */ +#define DEBUGGER_ERROR_EVENT_TYPE_IS_INVALID 0xc0000003 + +/** + * @brief error, enable to create event + * + */ +#define DEBUGGER_ERROR_UNABLE_TO_CREATE_EVENT 0xc0000004 + +/** + * @brief error, invalid address specified for debugger + * + */ +#define DEBUGGER_ERROR_INVALID_ADDRESS 0xc0000005 + +/** + * @brief error, the core id is invalid + * + */ +#define DEBUGGER_ERROR_INVALID_CORE_ID 0xc0000006 + +/** + * @brief error, the index is greater than 32 in !exception command + * + */ +#define DEBUGGER_ERROR_EXCEPTION_INDEX_EXCEED_FIRST_32_ENTRIES 0xc0000007 + +/** + * @brief error, the index for !interrupt command is not between 32 to 256 + * + */ +#define DEBUGGER_ERROR_INTERRUPT_INDEX_IS_NOT_VALID 0xc0000008 + +/** + * @brief error, unable to hide the debugger and enter to transparent-mode + * + */ +#define DEBUGGER_ERROR_UNABLE_TO_HIDE_OR_UNHIDE_DEBUGGER 0xc0000009 + +/** + * @brief error, the debugger is already in transparent-mode + * + */ +#define DEBUGGER_ERROR_DEBUGGER_ALREADY_UHIDE 0xc000000a + +/** + * @brief error, invalid parameters in !e* e* commands + * + */ +#define DEBUGGER_ERROR_EDIT_MEMORY_STATUS_INVALID_PARAMETER 0xc000000b + +/** + * @brief error, an invalid address is specified based on current cr3 + * in !e* or e* commands + * + */ +#define DEBUGGER_ERROR_EDIT_MEMORY_STATUS_INVALID_ADDRESS_BASED_ON_CURRENT_PROCESS \ + 0xc000000c + +/** + * @brief error, an invalid address is specified based on anotehr process's cr3 + * in !e* or e* commands + * + */ +#define DEBUGGER_ERROR_EDIT_MEMORY_STATUS_INVALID_ADDRESS_BASED_ON_OTHER_PROCESS \ + 0xc000000d + +/** + * @brief error, invalid tag for 'events' command (tag id is unknown for kernel) + * + */ +#define DEBUGGER_ERROR_MODIFY_EVENTS_INVALID_TAG 0xc000000e + +/** + * @brief error, type of action (enable/disable/clear) is wrong + * + */ +#define DEBUGGER_ERROR_MODIFY_EVENTS_INVALID_TYPE_OF_ACTION 0xc000000f + +/** + * @brief error, invalid parameters steppings actions + * + */ +#define DEBUGGER_ERROR_STEPPING_INVALID_PARAMETER 0xc0000010 + +/** + * @brief error, thread is invalid (not found) or disabled in + * stepping (step-in & step-out) requests + * + */ +#define DEBUGGER_ERROR_STEPPINGS_EITHER_THREAD_NOT_FOUND_OR_DISABLED 0xc0000011 + +/** + * @brief error, baud rate is invalid + * + */ +#define DEBUGGER_ERROR_PREPARING_DEBUGGEE_INVALID_BAUDRATE 0xc0000012 + +/** + * @brief error, serial port address is invalid + * + */ +#define DEBUGGER_ERROR_PREPARING_DEBUGGEE_INVALID_SERIAL_PORT 0xc0000013 + +/** + * @brief error, invalid core selected in changing core in remote debuggee + * + */ +#define DEBUGGER_ERROR_PREPARING_DEBUGGEE_INVALID_CORE_IN_REMOTE_DEBUGGE \ + 0xc0000014 + +/** + * @brief error, invalid process selected in changing process in remote debuggee + * + */ +#define DEBUGGER_ERROR_PREPARING_DEBUGGEE_UNABLE_TO_SWITCH_TO_NEW_PROCESS \ + 0xc0000015 + +/** + * @brief error, unable to run script in remote debuggee + * + */ +#define DEBUGGER_ERROR_PREPARING_DEBUGGEE_TO_RUN_SCRIPT 0xc0000016 + +/** + * @brief error, invalid register number + * + */ +#define DEBUGGER_ERROR_INVALID_REGISTER_NUMBER 0xc0000017 + +/** + * @brief error, maximum pools were used without continuing debuggee + * + */ +#define DEBUGGER_ERROR_MAXIMUM_BREAKPOINT_WITHOUT_CONTINUE 0xc0000018 + +/** + * @brief error, breakpoint already exists on the target address + * + */ +#define DEBUGGER_ERROR_BREAKPOINT_ALREADY_EXISTS_ON_THE_ADDRESS 0xc0000019 + +/** + * @brief error, breakpoint id not found + * + */ +#define DEBUGGER_ERROR_BREAKPOINT_ID_NOT_FOUND 0xc000001a + +/** + * @brief error, breakpoint already disabled + * + */ +#define DEBUGGER_ERROR_BREAKPOINT_ALREADY_DISABLED 0xc000001b + +/** + * @brief error, breakpoint already enabled + * + */ +#define DEBUGGER_ERROR_BREAKPOINT_ALREADY_ENABLED 0xc000001c + +/** + * @brief error, memory type is invalid + * + */ +#define DEBUGGER_ERROR_MEMORY_TYPE_INVALID 0xc000001d + +/** + * @brief error, the process id is invalid + * + */ +#define DEBUGGER_ERROR_INVALID_PROCESS_ID 0xc000001e + +/** + * @brief error, for event specific reasons the event is not + * applied + * + */ +#define DEBUGGER_ERROR_EVENT_IS_NOT_APPLIED 0xc000001f + +/** + * @brief error, for process switch or process details, invalid parameter + * + */ +#define DEBUGGER_ERROR_DETAILS_OR_SWITCH_PROCESS_INVALID_PARAMETER 0xc0000020 + +/** + * @brief error, for thread switch or thread details, invalid parameter + * + */ +#define DEBUGGER_ERROR_DETAILS_OR_SWITCH_THREAD_INVALID_PARAMETER 0xc0000021 + +/** + * @brief error, maximum breakpoint for a single page is hit + * + */ +#define DEBUGGER_ERROR_MAXIMUM_BREAKPOINT_FOR_A_SINGLE_PAGE_IS_HIT 0xc0000022 + +/** + * @brief error, there is no pre-allocated buffer + * + */ +#define DEBUGGER_ERROR_PRE_ALLOCATED_BUFFER_IS_EMPTY 0xc0000023 + +/** + * @brief error, in the EPT handler, it could not split the 2MB pages to + * 512 entries of 4 KB pages + * + */ +#define DEBUGGER_ERROR_EPT_COULD_NOT_SPLIT_THE_LARGE_PAGE_TO_4KB_PAGES 0xc0000024 + +/** + * @brief error, failed to get PML1 entry of the target address + * + */ +#define DEBUGGER_ERROR_EPT_FAILED_TO_GET_PML1_ENTRY_OF_TARGET_ADDRESS 0xc0000025 + +/** + * @brief error, multiple EPT Hooks or Monitors are applied on a single page + * + */ +#define DEBUGGER_ERROR_EPT_MULTIPLE_HOOKS_IN_A_SINGLE_PAGE 0xc0000026 + +/** + * @brief error, could not build the EPT Hook + * + */ +#define DEBUGGER_ERROR_COULD_NOT_BUILD_THE_EPT_HOOK 0xc0000027 + +/** + * @brief error, could not find the type of allocation + * + */ +#define DEBUGGER_ERROR_COULD_NOT_FIND_ALLOCATION_TYPE 0xc0000028 + +/** + * @brief error, could not find the index of test query + * + */ +#define DEBUGGER_ERROR_INVALID_TEST_QUERY_INDEX 0xc0000029 + +/** + * @brief error, failed to attach to the target user-mode process + * + */ +#define DEBUGGER_ERROR_UNABLE_TO_ATTACH_TO_TARGET_USER_MODE_PROCESS 0xc000002a + +/** + * @brief error, failed to remove hooks as entrypoint is not reached yet + * @details The caller of this functionality should keep sending the previous + * IOCTL until the hook is remove successfully + * + */ +#define DEBUGGER_ERROR_UNABLE_TO_REMOVE_HOOKS_ENTRYPOINT_NOT_REACHED 0xc000002b + +/** + * @brief error, could not remove the previous hook + * + */ +#define DEBUGGER_ERROR_UNABLE_TO_REMOVE_HOOKS 0xc000002c + +/** + * @brief error, the needed routines for debugging is not initialized + * + */ +#define DEBUGGER_ERROR_FUNCTIONS_FOR_INITIALIZING_PEB_ADDRESSES_ARE_NOT_INITIALIZED 0xc000002d + +/** + * @brief error, unable to get 32-bit or 64-bit of the target process + * + */ +#define DEBUGGER_ERROR_UNABLE_TO_DETECT_32_BIT_OR_64_BIT_PROCESS 0xc000002e + +/** + * @brief error, unable to kill the target process + * + */ +#define DEBUGGER_ERROR_UNABLE_TO_KILL_THE_PROCESS 0xc000002f + +/** + * @brief error, invalid thread debugging token + * + */ +#define DEBUGGER_ERROR_INVALID_THREAD_DEBUGGING_TOKEN 0xc0000030 + +/** + * @brief error, unable to pause the process's threads + * + */ +#define DEBUGGER_ERROR_UNABLE_TO_PAUSE_THE_PROCESS_THREADS 0xc0000031 + +/** + * @brief error, user debugger already attached to this process + * + */ +#define DEBUGGER_ERROR_UNABLE_TO_ATTACH_TO_AN_ALREADY_ATTACHED_PROCESS 0xc0000032 + +/** + * @brief error, the user debugger is not attached to the target process + * + */ +#define DEBUGGER_ERROR_THE_USER_DEBUGGER_NOT_ATTACHED_TO_THE_PROCESS 0xc0000033 + +/** + * @brief error, cannot detach from the process as there are paused threads + * + */ +#define DEBUGGER_ERROR_UNABLE_TO_DETACH_AS_THERE_ARE_PAUSED_THREADS 0xc0000034 + +/** + * @brief error, cannot switch to new thread as the process id or thread id is not found + * + */ +#define DEBUGGER_ERROR_UNABLE_TO_SWITCH_PROCESS_ID_OR_THREAD_ID_IS_INVALID 0xc0000035 + +/** + * @brief error, cannot switch to new thread the process doesn't contain an active thread + * + */ +#define DEBUGGER_ERROR_UNABLE_TO_SWITCH_THERE_IS_NO_THREAD_ON_THE_PROCESS 0xc0000036 + +/** + * @brief error, unable to get modules + * + */ +#define DEBUGGER_ERROR_UNABLE_TO_GET_MODULES_OF_THE_PROCESS 0xc0000037 + +/** + * @brief error, unable to get the callstack + * + */ +#define DEBUGGER_ERROR_UNABLE_TO_GET_CALLSTACK 0xc0000038 + +/** + * @brief error, unable to query count of processes or threads + * + */ +#define DEBUGGER_ERROR_UNABLE_TO_QUERY_COUNT_OF_PROCESSES_OR_THREADS 0xc0000039 + +/** + * @brief error, using short-circuiting event with post-event mode is + * not supported in HyperDbg + * + */ +#define DEBUGGER_ERROR_USING_SHORT_CIRCUITING_EVENT_WITH_POST_EVENT_MODE_IS_FORBIDDEDN 0xc000003a + +/** + * @brief error, unknown test query is received + * + */ +#define DEBUGGER_ERROR_UNKNOWN_TEST_QUERY_RECEIVED 0xc000003b + +/** + * @brief error, for reading from memory in case of invalid parameters + * + */ +#define DEBUGGER_ERROR_READING_MEMORY_INVALID_PARAMETER 0xc000003c + +/** + * @brief error, the list of threads/process trap flag is full + * + */ +#define DEBUGGER_ERROR_THE_TRAP_FLAG_LIST_IS_FULL 0xc000003d + +/** + * @brief error, unable to kill the target process. process does not exists + * + */ +#define DEBUGGER_ERROR_UNABLE_TO_KILL_THE_PROCESS_DOES_NOT_EXISTS 0xc000003e + +/** + * @brief error, the execution mode is incorrect + * + */ +#define DEBUGGER_ERROR_MODE_EXECUTION_IS_INVALID 0xc000003f + +/** + * @brief error, the process id cannot be specified while the debugger is in VMX-root mode + * + */ +#define DEBUGGER_ERROR_PROCESS_ID_CANNOT_BE_SPECIFIED_WHILE_APPLYING_EVENT_FROM_VMX_ROOT_MODE 0xc0000040 + +/** + * @brief error, the preallocated buffer is not enough for storing event+conditional buffer + * + */ +#define DEBUGGER_ERROR_INSTANT_EVENT_PREALLOCATED_BUFFER_IS_NOT_ENOUGH_FOR_EVENT_AND_CONDITIONALS 0xc0000041 + +/** + * @brief error, the regular preallocated buffer not found + * + */ +#define DEBUGGER_ERROR_INSTANT_EVENT_REGULAR_PREALLOCATED_BUFFER_NOT_FOUND 0xc0000042 + +/** + * @brief error, the big preallocated buffer not found + * + */ +#define DEBUGGER_ERROR_INSTANT_EVENT_BIG_PREALLOCATED_BUFFER_NOT_FOUND 0xc0000043 + +/** + * @brief error, enable to create action (cannot allocate buffer) + * + */ +#define DEBUGGER_ERROR_UNABLE_TO_CREATE_ACTION_CANNOT_ALLOCATE_BUFFER 0xc0000044 + +/** + * @brief error, the regular preallocated buffer not found (for action) + * + */ +#define DEBUGGER_ERROR_INSTANT_EVENT_ACTION_REGULAR_PREALLOCATED_BUFFER_NOT_FOUND 0xc0000045 + +/** + * @brief error, the big preallocated buffer not found (for action) + * + */ +#define DEBUGGER_ERROR_INSTANT_EVENT_ACTION_BIG_PREALLOCATED_BUFFER_NOT_FOUND 0xc0000046 + +/** + * @brief error, the preallocated buffer is not enough for storing action buffer + * + */ +#define DEBUGGER_ERROR_INSTANT_EVENT_PREALLOCATED_BUFFER_IS_NOT_ENOUGH_FOR_ACTION_BUFFER 0xc0000047 + +/** + * @brief error, the requested optional buffer is bigger than send/receive stack of the debugger + * + */ +#define DEBUGGER_ERROR_INSTANT_EVENT_REQUESTED_OPTIONAL_BUFFER_IS_BIGGER_THAN_DEBUGGERS_SEND_RECEIVE_STACK 0xc0000048 + +/** + * @brief error, the requested safe buffer does not exist (regular) + * + */ +#define DEBUGGER_ERROR_INSTANT_EVENT_REGULAR_REQUESTED_SAFE_BUFFER_NOT_FOUND 0xc0000049 + +/** + * @brief error, the requested safe buffer does not exists (big) + * + */ +#define DEBUGGER_ERROR_INSTANT_EVENT_BIG_REQUESTED_SAFE_BUFFER_NOT_FOUND 0xc000004a + +/** + * @brief error, the preallocated buffer is not enough for storing safe requested buffer + * + */ +#define DEBUGGER_ERROR_INSTANT_EVENT_PREALLOCATED_BUFFER_IS_NOT_ENOUGH_FOR_REQUESTED_SAFE_BUFFER 0xc000004b + +/** + * @brief error, enable to create requested safe buffer (cannot allocate buffer) + * + */ +#define DEBUGGER_ERROR_UNABLE_TO_ALLOCATE_REQUESTED_SAFE_BUFFER 0xc000004c + +/** + * @brief error, could not find the type of preactivation + * + */ +#define DEBUGGER_ERROR_COULD_NOT_FIND_PREACTIVATION_TYPE 0xc000004d + +/** + * @brief error, the mode exec trap is not already initialized + * + */ +#define DEBUGGER_ERROR_THE_MODE_EXEC_TRAP_IS_NOT_INITIALIZED 0xc000004e + +/** + * @brief error, the target event(s) is/are disabled but cannot clear them because the buffer of the user-mode + * priority is full + * + */ +#define DEBUGGER_ERROR_THE_TARGET_EVENT_IS_DISABLED_BUT_CANNOT_BE_CLEARED_PRIRITY_BUFFER_IS_FULL 0xc000004f + +/** + * @brief error, not all cores are locked (probably due to a race condition in HyperDbg) in + * instant-event mechanism + * + */ +#define DEBUGGER_ERROR_NOT_ALL_CORES_ARE_LOCKED_FOR_APPLYING_INSTANT_EVENT 0xc0000050 + +/** + * @brief error, switching to the target core is not possible because core is not locked + * (probably due to a race condition in HyperDbg) + * + */ +#define DEBUGGER_ERROR_TARGET_SWITCHING_CORE_IS_NOT_LOCKED 0xc0000051 + +/** + * @brief error, invalid physical address + * + */ +#define DEBUGGER_ERROR_INVALID_PHYSICAL_ADDRESS 0xc0000052 + +// +// WHEN YOU ADD ANYTHING TO THIS LIST OF ERRORS, THEN +// MAKE SURE TO ADD AN ERROR MESSAGE TO ShowErrorMessage(UINT32 Error) +// FUNCTION +// + +/** + * @file Connection.h + * @author Sina Karvandi (sina@hyperdbg.org) + * @brief HyperDbg's SDK Headers For Native Structures, Enums and Constants + * @details These datatypes are used in all devices like HDL (FPGAs) + * @version 0.2 + * @date 2022-07-14 + * + * @copyright This project is released under the GNU Public License v3. + * + */ +#pragma once + +/** + * @brief enum for reasons why debuggee is paused + * + */ +typedef enum _DEBUGGEE_PAUSING_REASON +{ + + // + // For both kernel & user debugger + // + DEBUGGEE_PAUSING_REASON_NOT_PAUSED = 0, + DEBUGGEE_PAUSING_REASON_PAUSE, + DEBUGGEE_PAUSING_REASON_REQUEST_FROM_DEBUGGER, + DEBUGGEE_PAUSING_REASON_DEBUGGEE_STEPPED, + DEBUGGEE_PAUSING_REASON_DEBUGGEE_TRACKING_STEPPED, + DEBUGGEE_PAUSING_REASON_DEBUGGEE_SOFTWARE_BREAKPOINT_HIT, + DEBUGGEE_PAUSING_REASON_DEBUGGEE_HARDWARE_DEBUG_REGISTER_HIT, + DEBUGGEE_PAUSING_REASON_DEBUGGEE_CORE_SWITCHED, + DEBUGGEE_PAUSING_REASON_DEBUGGEE_PROCESS_SWITCHED, + DEBUGGEE_PAUSING_REASON_DEBUGGEE_THREAD_SWITCHED, + DEBUGGEE_PAUSING_REASON_DEBUGGEE_COMMAND_EXECUTION_FINISHED, + DEBUGGEE_PAUSING_REASON_DEBUGGEE_EVENT_TRIGGERED, + DEBUGGEE_PAUSING_REASON_DEBUGGEE_STARTING_MODULE_LOADED, + + // + // Only for user-debugger + // + DEBUGGEE_PAUSING_REASON_DEBUGGEE_GENERAL_DEBUG_BREAK, + DEBUGGEE_PAUSING_REASON_DEBUGGEE_GENERAL_THREAD_INTERCEPTED, + + // + // Only used for hardware debugging + // + DEBUGGEE_PAUSING_REASON_HARDWARE_BASED_DEBUGGEE_GENERAL_BREAK, + +} DEBUGGEE_PAUSING_REASON; + +/** + * @brief enum for requested action for HyperDbg packet + * + */ +typedef enum _DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION +{ + + // + // Debugger to debuggee (user-mode execution) + // + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_USER_MODE_PAUSE = 1, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_USER_MODE_DO_NOT_READ_ANY_PACKET, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_USER_MODE_DEBUGGER_VERSION, + + // + // Debuggee to debugger (user-mode execution) + // + DEBUGGER_REMOTE_PACKET_PING_AND_SEND_SUPPORTED_VERSION, + + // + // Debugger to debuggee (vmx-root mode execution) + // + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_MODE_STEP, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_MODE_CONTINUE, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_MODE_CLOSE_AND_UNLOAD_DEBUGGEE, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_MODE_CHANGE_CORE, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_MODE_FLUSH_BUFFERS, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_MODE_CALLSTACK, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_MODE_TEST_QUERY, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_MODE_CHANGE_PROCESS, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_MODE_CHANGE_THREAD, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_RUN_SCRIPT, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_USER_INPUT_BUFFER, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_SEARCH_QUERY, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_REGISTER_EVENT, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_ADD_ACTION_TO_EVENT, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_QUERY_AND_MODIFY_EVENT, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_READ_REGISTERS, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_READ_MEMORY, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_EDIT_MEMORY, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_BP, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_LIST_OR_MODIFY_BREAKPOINTS, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_SYMBOL_RELOAD, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_QUERY_PA2VA_AND_VA2PA, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_SYMBOL_QUERY_PTE, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_SET_SHORT_CIRCUITING_STATE, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_ON_VMX_ROOT_INJECT_PAGE_FAULT, + + // + // Debuggee to debugger + // + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_NO_ACTION, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_STARTED, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_LOGGING_MECHANISM, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_PAUSED_AND_CURRENT_INSTRUCTION, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_CHANGING_CORE, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_CHANGING_PROCESS, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_CHANGING_THREAD, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_RUNNING_SCRIPT, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_FORMATS, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_FLUSH, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_CALLSTACK, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_TEST_QUERY, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_REGISTERING_EVENT, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_ADDING_ACTION_TO_EVENT, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_QUERY_AND_MODIFY_EVENT, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_SHORT_CIRCUITING_EVENT, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_READING_REGISTERS, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_READING_MEMORY, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_EDITING_MEMORY, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_BP, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_SHORT_CIRCUITING_STATE, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_LIST_OR_MODIFY_BREAKPOINTS, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_UPDATE_SYMBOL_INFO, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RELOAD_SYMBOL_FINISHED, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RELOAD_SEARCH_QUERY, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_PTE, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_VA2PA_AND_PA2VA, + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION_DEBUGGEE_RESULT_OF_BRINGING_PAGES_IN, + + // + // hardware debuggee to debugger + // + + // + // hardware debugger to debuggee + // + +} DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION; + +/** + * @brief enum for different packet types in HyperDbg packets + * @warning used in hwdbg + * + */ +typedef enum _DEBUGGER_REMOTE_PACKET_TYPE +{ + + // + // Debugger to debuggee (vmx-root) + // + DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_VMX_ROOT = 1, + + // + // Debugger to debuggee (user-mode) + // + DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_USER_MODE = 2, + + // + // Debuggee to debugger (user-mode and kernel-mode, vmx-root mode) + // + DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGEE_TO_DEBUGGER = 3, + + // + // Debugger to debuggee (hardware), used in hwdbg + // + DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_HARDWARE_LEVEL = 4, + + // + // Debuggee to debugger (hardware), used in hwdbg + // + DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGEE_TO_DEBUGGER_HARDWARE_LEVEL = 5, + +} DEBUGGER_REMOTE_PACKET_TYPE; + +/** + * @brief The structure of remote packets in HyperDbg + * + */ +typedef struct _DEBUGGER_REMOTE_PACKET +{ + BYTE Checksum; + UINT64 Indicator; /* Shows the type of the packet */ + DEBUGGER_REMOTE_PACKET_TYPE TypeOfThePacket; + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION RequestedActionOfThePacket; + +} DEBUGGER_REMOTE_PACKET, *PDEBUGGER_REMOTE_PACKET; + +/** + * @file DataTypes.h + * @author Sina Karvandi (sina@hyperdbg.org) + * @brief HyperDbg's SDK data type definitions + * @details This file contains definitions of structures, enums, etc. + * used in HyperDbg + * @version 0.2 + * @date 2022-06-22 + * + * @copyright This project is released under the GNU Public License v3. + * + */ +#pragma once + +////////////////////////////////////////////////// +// Memory Stages // +////////////////////////////////////////////////// + +/** + * @brief Different levels of paging + * + */ +typedef enum _PAGING_LEVEL +{ + PagingLevelPageTable = 0, + PagingLevelPageDirectory, + PagingLevelPageDirectoryPointerTable, + PagingLevelPageMapLevel4 +} PAGING_LEVEL; + +////////////////////////////////////////////////// +// Pool Manager // +////////////////////////////////////////////////// + +/** + * @brief Inum of intentions for buffers (buffer tag) + * + */ +typedef enum _POOL_ALLOCATION_INTENTION +{ + TRACKING_HOOKED_PAGES, + EXEC_TRAMPOLINE, + SPLIT_2MB_PAGING_TO_4KB_PAGE, + DETOUR_HOOK_DETAILS, + BREAKPOINT_DEFINITION_STRUCTURE, + PROCESS_THREAD_HOLDER, + + // + // Instant event buffers + // + INSTANT_REGULAR_EVENT_BUFFER, + INSTANT_BIG_EVENT_BUFFER, + INSTANT_REGULAR_EVENT_ACTION_BUFFER, + INSTANT_BIG_EVENT_ACTION_BUFFER, + + // + // Use for request safe buffers of the event + // + INSTANT_REGULAR_SAFE_BUFFER_FOR_EVENTS, + INSTANT_BIG_SAFE_BUFFER_FOR_EVENTS, + +} POOL_ALLOCATION_INTENTION; + +////////////////////////////////////////////////// +// Debug Registers Modifications // +////////////////////////////////////////////////// + +typedef enum _DEBUG_REGISTER_TYPE +{ + BREAK_ON_INSTRUCTION_FETCH, + BREAK_ON_WRITE_ONLY, + BREAK_ON_IO_READ_OR_WRITE_NOT_SUPPORTED, + BREAK_ON_READ_AND_WRITE_BUT_NOT_FETCH +} DEBUG_REGISTER_TYPE; + +////////////////////////////////////////////////// +// Execution Stages // +////////////////////////////////////////////////// + +typedef enum _VMX_EXECUTION_MODE +{ + VmxExecutionModeNonRoot = FALSE, + VmxExecutionModeRoot = TRUE +} VMX_EXECUTION_MODE; + +/** + * @brief Type of calling the event + * + */ +typedef enum _VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE +{ + VMM_CALLBACK_CALLING_STAGE_INVALID_EVENT_EMULATION = 0, + VMM_CALLBACK_CALLING_STAGE_PRE_EVENT_EMULATION = 1, + VMM_CALLBACK_CALLING_STAGE_POST_EVENT_EMULATION = 2, + VMM_CALLBACK_CALLING_STAGE_ALL_EVENT_EMULATION = 3 + +} VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE; + +/** + * @brief enum to query different process and thread interception mechanisms + * + */ +typedef enum _DEBUGGER_THREAD_PROCESS_TRACING +{ + + DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_INTERRUPTS_FOR_THREAD_CHANGE, + DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_INTERRUPTS_FOR_PROCESS_CHANGE, + DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_DEBUG_REGISTER_INTERCEPTION, + DEBUGGER_THREAD_PROCESS_TRACING_INTERCEPT_CLOCK_WAITING_FOR_MOV_CR3_VM_EXITS, + +} DEBUGGER_THREAD_PROCESS_TRACING; + +////////////////////////////////////////////////// +// Callback Definitions // +////////////////////////////////////////////////// + +/** + * @brief Callback type that can be used to be used + * as a custom ShowMessages function + * + */ +typedef int (*Callback)(const char * Text); + +////////////////////////////////////////////////// +// Communications // +////////////////////////////////////////////////// + +/** + * @brief The structure of user-input packet in HyperDbg + * + */ +typedef struct _DEBUGGEE_USER_INPUT_PACKET +{ + UINT32 CommandLen; + BOOLEAN IgnoreFinishedSignal; + UINT32 Result; + + // + // The user's input is here + // + +} DEBUGGEE_USER_INPUT_PACKET, *PDEBUGGEE_USER_INPUT_PACKET; + +/** + * @brief The structure of user-input packet in HyperDbg + * + */ +typedef struct _DEBUGGEE_EVENT_AND_ACTION_HEADER_FOR_REMOTE_PACKET +{ + UINT32 Length; + + // + // The buffer for event and action is here + // + +} DEBUGGEE_EVENT_AND_ACTION_HEADER_FOR_REMOTE_PACKET, + *PDEBUGGEE_EVENT_AND_ACTION_HEADER_FOR_REMOTE_PACKET; + +////////////////////////////////////////////////// +// Pausing // +////////////////////////////////////////////////// + +#define SIZEOF_DEBUGGER_PAUSE_PACKET_RECEIVED \ + sizeof(DEBUGGER_PAUSE_PACKET_RECEIVED) + +/** + * @brief request to pause and halt the system + * + */ +typedef struct _DEBUGGER_PAUSE_PACKET_RECEIVED +{ + UINT32 Result; // Result from kernel + +} DEBUGGER_PAUSE_PACKET_RECEIVED, *PDEBUGGER_PAUSE_PACKET_RECEIVED; + +/* ============================================================================================== + */ + +/** + * @brief The structure of detail of a triggered event in HyperDbg + * @details This structure is also used for transferring breakpoint ids, RIP as the context, etc. + * + */ +typedef struct _DEBUGGER_TRIGGERED_EVENT_DETAILS +{ + UINT64 Tag; /* in breakpoints Tag is breakpoint id, not event tag */ + PVOID Context; + VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE Stage; + +} DEBUGGER_TRIGGERED_EVENT_DETAILS, *PDEBUGGER_TRIGGERED_EVENT_DETAILS; + +/* ============================================================================================== + */ + +/** + * @brief The structure of pausing packet in kHyperDbg + * + */ +typedef struct _DEBUGGEE_KD_PAUSED_PACKET +{ + UINT64 Rip; + BOOLEAN IsProcessorOn32BitMode; // if true shows that the address should be interpreted in 32-bit mode + BOOLEAN IgnoreDisassembling; // if check if diassembling should be ignored or not + DEBUGGEE_PAUSING_REASON PausingReason; + ULONG CurrentCore; + UINT64 EventTag; + VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE EventCallingStage; + UINT64 Rflags; + BYTE InstructionBytesOnRip[MAXIMUM_INSTR_SIZE]; + UINT16 ReadInstructionLen; + +} DEBUGGEE_KD_PAUSED_PACKET, *PDEBUGGEE_KD_PAUSED_PACKET; + +/* ============================================================================================== + */ + +/** + * @brief The structure of pausing packet in uHyperDbg + * + */ +typedef struct _DEBUGGEE_UD_PAUSED_PACKET +{ + UINT64 Rip; + UINT64 ProcessDebuggingToken; + BOOLEAN Is32Bit; // if true shows that the address should be interpreted in 32-bit mode + DEBUGGEE_PAUSING_REASON PausingReason; + UINT32 ProcessId; + UINT32 ThreadId; + UINT64 Rflags; + UINT64 EventTag; + VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE EventCallingStage; + BYTE InstructionBytesOnRip[MAXIMUM_INSTR_SIZE]; + UINT16 ReadInstructionLen; + GUEST_REGS GuestRegs; + +} DEBUGGEE_UD_PAUSED_PACKET, *PDEBUGGEE_UD_PAUSED_PACKET; + +/** + * @brief check so the DEBUGGEE_UD_PAUSED_PACKET should be smaller than packet size + * + */ +static_assert(sizeof(DEBUGGEE_UD_PAUSED_PACKET) < PacketChunkSize, + "err (static_assert), size of PacketChunkSize should be bigger than DEBUGGEE_UD_PAUSED_PACKET"); + +////////////////////////////////////////////////// +// Message Tracing Enums // +////////////////////////////////////////////////// + +/** + * @brief Type of transferring buffer between user-to-kernel + * + */ +typedef enum _NOTIFY_TYPE +{ + IRP_BASED, + EVENT_BASED +} NOTIFY_TYPE; + +////////////////////////////////////////////////// +// Structures // +////////////////////////////////////////////////// + +/** + * @brief The structure of message packet in HyperDbg + * + */ +typedef struct _DEBUGGEE_MESSAGE_PACKET +{ + UINT32 OperationCode; + CHAR Message[PacketChunkSize]; + +} DEBUGGEE_MESSAGE_PACKET, *PDEBUGGEE_MESSAGE_PACKET; + +/** + * @brief Used to register event for transferring buffer between user-to-kernel + * + */ +typedef struct _REGISTER_NOTIFY_BUFFER +{ + NOTIFY_TYPE Type; + HANDLE hEvent; + +} REGISTER_NOTIFY_BUFFER, *PREGISTER_NOTIFY_BUFFER; + +////////////////////////////////////////////////// +// Direct VMCALL // +////////////////////////////////////////////////// + +/** + * @brief Used for sending direct VMCALLs on the VMX root-mode + * + */ +typedef struct _DIRECT_VMCALL_PARAMETERS +{ + UINT64 OptionalParam1; + UINT64 OptionalParam2; + UINT64 OptionalParam3; + +} DIRECT_VMCALL_PARAMETERS, *PDIRECT_VMCALL_PARAMETERS; + +////////////////////////////////////////////////// +// EPT Hook // +////////////////////////////////////////////////// + +/** + * @brief different type of memory addresses + * + */ +typedef enum _DEBUGGER_HOOK_MEMORY_TYPE +{ + DEBUGGER_MEMORY_HOOK_VIRTUAL_ADDRESS, + DEBUGGER_MEMORY_HOOK_PHYSICAL_ADDRESS +} DEBUGGER_HOOK_MEMORY_TYPE; + +/** + * @brief Temporary $context used in some EPT hook commands + * + */ +typedef struct _EPT_HOOKS_CONTEXT +{ + UINT64 HookingTag; // This is same as the event tag + UINT64 PhysicalAddress; + UINT64 VirtualAddress; +} EPT_HOOKS_CONTEXT, *PEPT_HOOKS_CONTEXT; + +/** + * @brief Setting details for EPT Hooks (!monitor) + * + */ +typedef struct _EPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR +{ + UINT64 StartAddress; + UINT64 EndAddress; + BOOLEAN SetHookForRead; + BOOLEAN SetHookForWrite; + BOOLEAN SetHookForExec; + DEBUGGER_HOOK_MEMORY_TYPE MemoryType; + UINT64 Tag; + +} EPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR, *PEPT_HOOKS_ADDRESS_DETAILS_FOR_MEMORY_MONITOR; + +/** + * @brief Setting details for EPT Hooks (!epthook2) + * + */ +typedef struct _EPT_HOOKS_ADDRESS_DETAILS_FOR_EPTHOOK2 +{ + PVOID TargetAddress; + PVOID HookFunction; + +} EPT_HOOKS_ADDRESS_DETAILS_FOR_EPTHOOK2, *PEPT_HOOKS_ADDRESS_DETAILS_FOR_EPTHOOK2; + +/** + * @brief Details of unhooking single EPT hooks + * + */ +typedef struct _EPT_SINGLE_HOOK_UNHOOKING_DETAILS +{ + BOOLEAN CallerNeedsToRestoreEntryAndInvalidateEpt; + BOOLEAN RemoveBreakpointInterception; + SIZE_T PhysicalAddress; + UINT64 /* EPT_PML1_ENTRY */ OriginalEntry; + +} EPT_SINGLE_HOOK_UNHOOKING_DETAILS, *PEPT_SINGLE_HOOK_UNHOOKING_DETAILS; + +////////////////////////////////////////////////// +// Segment Types // +////////////////////////////////////////////////// + +/** + * @brief Describe segment selector in VMX + * @details This structure is copied from ia32.h to the SDK to + * be used as a data type for functions + * + */ +typedef union +{ + struct + { + /** + * [Bits 3:0] Segment type. + */ + UINT32 Type : 4; + + /** + * [Bit 4] S - Descriptor type (0 = system; 1 = code or data). + */ + UINT32 DescriptorType : 1; + + /** + * [Bits 6:5] DPL - Descriptor privilege level. + */ + UINT32 DescriptorPrivilegeLevel : 2; + + /** + * [Bit 7] P - Segment present. + */ + UINT32 Present : 1; + + UINT32 Reserved1 : 4; + + /** + * [Bit 12] AVL - Available for use by system software. + */ + UINT32 AvailableBit : 1; + + /** + * [Bit 13] Reserved (except for CS). L - 64-bit mode active (for CS only). + */ + UINT32 LongMode : 1; + + /** + * [Bit 14] D/B - Default operation size (0 = 16-bit segment; 1 = 32-bit segment). + */ + UINT32 DefaultBig : 1; + + /** + * [Bit 15] G - Granularity. + */ + UINT32 Granularity : 1; + /** + * [Bit 16] Segment unusable (0 = usable; 1 = unusable). + */ + UINT32 Unusable : 1; + UINT32 Reserved2 : 15; + }; + + UINT32 AsUInt; +} VMX_SEGMENT_ACCESS_RIGHTS_TYPE; + +/** + * @brief Segment selector + * + */ +typedef struct _VMX_SEGMENT_SELECTOR +{ + UINT16 Selector; + VMX_SEGMENT_ACCESS_RIGHTS_TYPE Attributes; + UINT32 Limit; + UINT64 Base; +} VMX_SEGMENT_SELECTOR, *PVMX_SEGMENT_SELECTOR; + +/** + * @file Ioctls.h + * @author Sina Karvandi (sina@hyperdbg.org) + * @brief HyperDbg's SDK IOCTL codes + * @details This file contains definitions of IOCTLs used in HyperDbg + * @version 0.2 + * @date 2022-06-24 + * + * @copyright This project is released under the GNU Public License v3. + * + */ +#pragma once + +////////////////////////////////////////////////// +// Definitions // +////////////////////////////////////////////////// + +// +// The following controls are mainly defined in +// + +// +// Macro definition for defining IOCTL and FSCTL function control codes. Note +// that function codes 0-2047 are reserved for Microsoft Corporation, and +// 2048-4095 are reserved for customers. +// +#ifndef CTL_CODE + +# define CTL_CODE(DeviceType, Function, Method, Access) ( \ + ((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method)) + +#endif // ! CTL_CODE + +#ifndef FILE_ANY_ACCESS + +# define FILE_ANY_ACCESS 0 + +#endif // !FILE_ANY_ACCESS + +// +// Define the method codes for how buffers are passed for I/O and FS controls +// + +#ifndef METHOD_BUFFERED + +# define METHOD_BUFFERED 0 + +#endif // !METHOD_BUFFERED + +#ifndef FILE_DEVICE_UNKNOWN + +# define FILE_DEVICE_UNKNOWN 0x00000022 + +#endif // !FILE_DEVICE_UNKNOWN + +////////////////////////////////////////////////// +// IOCTLs // +////////////////////////////////////////////////// + +/** + * @brief ioctl, register a new event + * + */ +#define IOCTL_REGISTER_EVENT \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_BUFFERED, FILE_ANY_ACCESS) + +/** + * @brief ioctl, irp pending mechanism for reading from message tracing buffers + * + */ +#define IOCTL_RETURN_IRP_PENDING_PACKETS_AND_DISALLOW_IOCTL \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x801, METHOD_BUFFERED, FILE_ANY_ACCESS) + +/** + * @brief ioctl, to terminate vmx and exit form debugger + * + */ +#define IOCTL_TERMINATE_VMX \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x802, METHOD_BUFFERED, FILE_ANY_ACCESS) + +/** + * @brief ioctl, request to read memory + * + */ +#define IOCTL_DEBUGGER_READ_MEMORY \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x803, METHOD_BUFFERED, FILE_ANY_ACCESS) + +/** + * @brief ioctl, request to read or write on a special MSR + * + */ +#define IOCTL_DEBUGGER_READ_OR_WRITE_MSR \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x804, METHOD_BUFFERED, FILE_ANY_ACCESS) + +/** + * @brief ioctl, request to read page table entries + * + */ +#define IOCTL_DEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x805, METHOD_BUFFERED, FILE_ANY_ACCESS) + +/** + * @brief ioctl, register an event + * + */ +#define IOCTL_DEBUGGER_REGISTER_EVENT \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x806, METHOD_BUFFERED, FILE_ANY_ACCESS) + +/** + * @brief ioctl, add action to event + * + */ +#define IOCTL_DEBUGGER_ADD_ACTION_TO_EVENT \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x807, METHOD_BUFFERED, FILE_ANY_ACCESS) + +/** + * @brief ioctl, request to enable or disable transparent-mode + * + */ +#define IOCTL_DEBUGGER_HIDE_AND_UNHIDE_TO_TRANSPARENT_THE_DEBUGGER \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x808, METHOD_BUFFERED, FILE_ANY_ACCESS) + +/** + * @brief ioctl, for !va2pa and !pa2va commands + * + */ +#define IOCTL_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x809, METHOD_BUFFERED, FILE_ANY_ACCESS) + +/** + * @brief ioctl, request to edit virtual and physical memory + * + */ +#define IOCTL_DEBUGGER_EDIT_MEMORY \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x80a, METHOD_BUFFERED, FILE_ANY_ACCESS) + +/** + * @brief ioctl, request to search virtual and physical memory + * + */ +#define IOCTL_DEBUGGER_SEARCH_MEMORY \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x80b, METHOD_BUFFERED, FILE_ANY_ACCESS) + +/** + * @brief ioctl, request to modify an event (enable/disable/clear) + * + */ +#define IOCTL_DEBUGGER_MODIFY_EVENTS \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x80c, METHOD_BUFFERED, FILE_ANY_ACCESS) + +/** + * @brief ioctl, flush the kernel buffers + * + */ +#define IOCTL_DEBUGGER_FLUSH_LOGGING_BUFFERS \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x80d, METHOD_BUFFERED, FILE_ANY_ACCESS) + +/** + * @brief ioctl, attach or detach user-mode processes + * + */ +#define IOCTL_DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x80e, METHOD_BUFFERED, FILE_ANY_ACCESS) + +/** + * @brief ioctl, print states (Deprecated) + * + * + */ +#define IOCTL_DEBUGGER_PRINT \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x80f, METHOD_BUFFERED, FILE_ANY_ACCESS) + +/** + * @brief ioctl, prepare debuggee + * + */ +#define IOCTL_PREPARE_DEBUGGEE \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x810, METHOD_BUFFERED, FILE_ANY_ACCESS) + +/** + * @brief ioctl, pause and halt the system + * + */ +#define IOCTL_PAUSE_PACKET_RECEIVED \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x811, METHOD_BUFFERED, FILE_ANY_ACCESS) + +/** + * @brief ioctl, send a signal that execution of command finished + * + */ +#define IOCTL_SEND_SIGNAL_EXECUTION_IN_DEBUGGEE_FINISHED \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x812, METHOD_BUFFERED, FILE_ANY_ACCESS) + +/** + * @brief ioctl, send user-mode messages to the debugger + * + */ +#define IOCTL_SEND_USERMODE_MESSAGES_TO_DEBUGGER \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x813, METHOD_BUFFERED, FILE_ANY_ACCESS) + +/** + * @brief ioctl, send general buffer from debuggee to debugger + * + */ +#define IOCTL_SEND_GENERAL_BUFFER_FROM_DEBUGGEE_TO_DEBUGGER \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x814, METHOD_BUFFERED, FILE_ANY_ACCESS) + +/** + * @brief ioctl, to perform kernel-side tests + * + */ +#define IOCTL_PERFROM_KERNEL_SIDE_TESTS \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x815, METHOD_BUFFERED, FILE_ANY_ACCESS) + +/** + * @brief ioctl, to reserve pre-allocated pools + * + */ +#define IOCTL_RESERVE_PRE_ALLOCATED_POOLS \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x816, METHOD_BUFFERED, FILE_ANY_ACCESS) + +/** + * @brief ioctl, to send user debugger commands + * + */ +#define IOCTL_SEND_USER_DEBUGGER_COMMANDS \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x817, METHOD_BUFFERED, FILE_ANY_ACCESS) + +/** + * @brief ioctl, to get active threads/processes that are debugging + * + */ +#define IOCTL_GET_DETAIL_OF_ACTIVE_THREADS_AND_PROCESSES \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x818, METHOD_BUFFERED, FILE_ANY_ACCESS) + +/** + * @brief ioctl, to get user mode modules details + * + */ +#define IOCTL_GET_USER_MODE_MODULE_DETAILS \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x819, METHOD_BUFFERED, FILE_ANY_ACCESS) + +/** + * @brief ioctl, query count of active threads or processes + * + */ +#define IOCTL_QUERY_COUNT_OF_ACTIVE_PROCESSES_OR_THREADS \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x81a, METHOD_BUFFERED, FILE_ANY_ACCESS) + +/** + * @brief ioctl, to get list threads/processes + * + */ +#define IOCTL_GET_LIST_OF_THREADS_AND_PROCESSES \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x81b, METHOD_BUFFERED, FILE_ANY_ACCESS) + +/** + * @brief ioctl, query the current process details + * + */ +#define IOCTL_QUERY_CURRENT_PROCESS \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x81c, METHOD_BUFFERED, FILE_ANY_ACCESS) + +/** + * @brief ioctl, query the current thread details + * + */ +#define IOCTL_QUERY_CURRENT_THREAD \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x81d, METHOD_BUFFERED, FILE_ANY_ACCESS) + +/** + * @brief ioctl, request service from the reversing machine + * + */ +#define IOCTL_REQUEST_REV_MACHINE_SERVICE \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x81e, METHOD_BUFFERED, FILE_ANY_ACCESS) + +/** + * @brief ioctl, request to bring pages in + * + */ +#define IOCTL_DEBUGGER_BRING_PAGES_IN \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x81f, METHOD_BUFFERED, FILE_ANY_ACCESS) + +/** + * @brief ioctl, to preactivate a functionality + * + */ +#define IOCTL_PREACTIVATE_FUNCTIONALITY \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x820, METHOD_BUFFERED, FILE_ANY_ACCESS) + +/** + * @file Events.h + * @author Sina Karvandi (sina@hyperdbg.org) + * @brief HyperDbg's SDK Headers for Events + * @details This file contains definitions of event datatypes + * @version 0.2 + * @date 2022-06-28 + * + * @copyright This project is released under the GNU Public License v3. + * + */ +#pragma once + +////////////////////////////////////////////////// +// System Events // +////////////////////////////////////////////////// + +/** + * @brief Exceptions enum + * + */ +typedef enum _EXCEPTION_VECTORS +{ + EXCEPTION_VECTOR_DIVIDE_ERROR, + EXCEPTION_VECTOR_DEBUG_BREAKPOINT, + EXCEPTION_VECTOR_NMI, + EXCEPTION_VECTOR_BREAKPOINT, + EXCEPTION_VECTOR_OVERFLOW, + EXCEPTION_VECTOR_BOUND_RANGE_EXCEEDED, + EXCEPTION_VECTOR_UNDEFINED_OPCODE, + EXCEPTION_VECTOR_NO_MATH_COPROCESSOR, + EXCEPTION_VECTOR_DOUBLE_FAULT, + EXCEPTION_VECTOR_RESERVED0, + EXCEPTION_VECTOR_INVALID_TASK_SEGMENT_SELECTOR, + EXCEPTION_VECTOR_SEGMENT_NOT_PRESENT, + EXCEPTION_VECTOR_STACK_SEGMENT_FAULT, + EXCEPTION_VECTOR_GENERAL_PROTECTION_FAULT, + EXCEPTION_VECTOR_PAGE_FAULT, + EXCEPTION_VECTOR_RESERVED1, + EXCEPTION_VECTOR_MATH_FAULT, + EXCEPTION_VECTOR_ALIGNMENT_CHECK, + EXCEPTION_VECTOR_MACHINE_CHECK, + EXCEPTION_VECTOR_SIMD_FLOATING_POINT_NUMERIC_ERROR, + EXCEPTION_VECTOR_VIRTUAL_EXCEPTION, + EXCEPTION_VECTOR_RESERVED2, + EXCEPTION_VECTOR_RESERVED3, + EXCEPTION_VECTOR_RESERVED4, + EXCEPTION_VECTOR_RESERVED5, + EXCEPTION_VECTOR_RESERVED6, + EXCEPTION_VECTOR_RESERVED7, + EXCEPTION_VECTOR_RESERVED8, + EXCEPTION_VECTOR_RESERVED9, + EXCEPTION_VECTOR_RESERVED10, + EXCEPTION_VECTOR_RESERVED11, + EXCEPTION_VECTOR_RESERVED12, + + // + // NT (Windows) specific exception vectors. + // + APC_INTERRUPT = 31, + DPC_INTERRUPT = 47, + CLOCK_INTERRUPT = 209, + IPI_INTERRUPT = 225, + PMI_INTERRUPT = 254, + +} EXCEPTION_VECTORS; + +////////////////////////////////////////////////// +// Callback Enums // +////////////////////////////////////////////////// + +/** + * @brief The status of triggering events + * + */ +typedef enum _VMM_CALLBACK_TRIGGERING_EVENT_STATUS_TYPE +{ + VMM_CALLBACK_TRIGGERING_EVENT_STATUS_SUCCESSFUL_NO_INITIALIZED = 0, + VMM_CALLBACK_TRIGGERING_EVENT_STATUS_SUCCESSFUL = 0, + VMM_CALLBACK_TRIGGERING_EVENT_STATUS_SUCCESSFUL_IGNORE_EVENT = 1, + VMM_CALLBACK_TRIGGERING_EVENT_STATUS_DEBUGGER_NOT_ENABLED = 2, + VMM_CALLBACK_TRIGGERING_EVENT_STATUS_INVALID_EVENT_TYPE = 3, + +} VMM_CALLBACK_TRIGGERING_EVENT_STATUS_TYPE; + +////////////////////////////////////////////////// +// Event Details // +////////////////////////////////////////////////// + +/** + * @brief enum to show type of all HyperDbg events + * + */ +typedef enum _VMM_EVENT_TYPE_ENUM +{ + + // + // EPT Memory Monitoring Events + // + HIDDEN_HOOK_READ_AND_WRITE_AND_EXECUTE, + HIDDEN_HOOK_READ_AND_WRITE, + HIDDEN_HOOK_READ_AND_EXECUTE, + HIDDEN_HOOK_WRITE_AND_EXECUTE, + HIDDEN_HOOK_READ, + HIDDEN_HOOK_WRITE, + HIDDEN_HOOK_EXECUTE, + + // + // EPT Hook Events + // + HIDDEN_HOOK_EXEC_DETOURS, + HIDDEN_HOOK_EXEC_CC, + + // + // System-call Events + // + SYSCALL_HOOK_EFER_SYSCALL, + SYSCALL_HOOK_EFER_SYSRET, + + // + // CPUID Instruction Execution Events + // + CPUID_INSTRUCTION_EXECUTION, + + // + // Model-Specific Registers (MSRs) Reads/Modifications Events + // + RDMSR_INSTRUCTION_EXECUTION, + WRMSR_INSTRUCTION_EXECUTION, + + // + // PMIO Events + // + IN_INSTRUCTION_EXECUTION, + OUT_INSTRUCTION_EXECUTION, + + // + // Interrupts/Exceptions/Faults Events + // + EXCEPTION_OCCURRED, + EXTERNAL_INTERRUPT_OCCURRED, + + // + // Debug Registers Events + // + DEBUG_REGISTERS_ACCESSED, + + // + // Timing & Performance Events + // + TSC_INSTRUCTION_EXECUTION, + PMC_INSTRUCTION_EXECUTION, + + // + // VMCALL Instruction Execution Events + // + VMCALL_INSTRUCTION_EXECUTION, + + // + // Control Registers Events + // + CONTROL_REGISTER_MODIFIED, + CONTROL_REGISTER_READ, + CONTROL_REGISTER_3_MODIFIED, + + // + // Execution Trap Events + // + TRAP_EXECUTION_MODE_CHANGED, + TRAP_EXECUTION_INSTRUCTION_TRACE, + +} VMM_EVENT_TYPE_ENUM; + +/** + * @brief Type of Actions + * + */ +typedef enum _DEBUGGER_EVENT_ACTION_TYPE_ENUM +{ + BREAK_TO_DEBUGGER, + RUN_SCRIPT, + RUN_CUSTOM_CODE + +} DEBUGGER_EVENT_ACTION_TYPE_ENUM; + +/** + * @brief Type of handling !syscall or !sysret + * + */ +typedef enum _DEBUGGER_EVENT_SYSCALL_SYSRET_TYPE +{ + DEBUGGER_EVENT_SYSCALL_SYSRET_SAFE_ACCESS_MEMORY = 0, + DEBUGGER_EVENT_SYSCALL_SYSRET_HANDLE_ALL_UD = 1, + +} DEBUGGER_EVENT_SYSCALL_SYSRET_TYPE; + +#define SIZEOF_DEBUGGER_MODIFY_EVENTS sizeof(DEBUGGER_MODIFY_EVENTS) + +/** + * @brief Type of mode change traps + * + */ +typedef enum _DEBUGGER_EVENT_MODE_TYPE +{ + DEBUGGER_EVENT_MODE_TYPE_USER_MODE_AND_KERNEL_MODE = 1, + DEBUGGER_EVENT_MODE_TYPE_USER_MODE = 3, + DEBUGGER_EVENT_MODE_TYPE_KERNEL_MODE = 0, + DEBUGGER_EVENT_MODE_TYPE_INVALID = 0xffffffff, + +} DEBUGGER_EVENT_MODE_TYPE; + +/** + * @brief Type of tracing events + * + */ +typedef enum _DEBUGGER_EVENT_TRACE_TYPE +{ + DEBUGGER_EVENT_TRACE_TYPE_INVALID = 0, + DEBUGGER_EVENT_TRACE_TYPE_STEP_IN = 1, + DEBUGGER_EVENT_TRACE_TYPE_STEP_OUT = 2, + DEBUGGER_EVENT_TRACE_TYPE_INSTRUMENTATION_STEP_IN = 3, + +} DEBUGGER_EVENT_TRACE_TYPE; + +/** + * @brief different types of modifying events request (enable/disable/clear) + * + */ +typedef enum _DEBUGGER_MODIFY_EVENTS_TYPE +{ + DEBUGGER_MODIFY_EVENTS_QUERY_STATE, + DEBUGGER_MODIFY_EVENTS_ENABLE, + DEBUGGER_MODIFY_EVENTS_DISABLE, + DEBUGGER_MODIFY_EVENTS_CLEAR, +} DEBUGGER_MODIFY_EVENTS_TYPE; + +/** + * @brief request for modifying events (enable/disable/clear) + * + */ +typedef struct _DEBUGGER_MODIFY_EVENTS +{ + UINT64 Tag; // Tag of the target event that we want to modify + UINT64 KernelStatus; // Kernel put the status in this field + DEBUGGER_MODIFY_EVENTS_TYPE + TypeOfAction; // Determines what's the action (enable | disable | clear) + BOOLEAN IsEnabled; // Determines what's the action (enable | disable | clear) + +} DEBUGGER_MODIFY_EVENTS, *PDEBUGGER_MODIFY_EVENTS; + +/** + * @brief request for performing a short-circuiting event + * + */ +typedef struct _DEBUGGER_SHORT_CIRCUITING_EVENT +{ + UINT64 KernelStatus; // Kernel put the status in this field + BOOLEAN IsShortCircuiting; // Determines whether to perform short circuting (on | off) + +} DEBUGGER_SHORT_CIRCUITING_EVENT, *PDEBUGGER_SHORT_CIRCUITING_EVENT; + +////////////////////////////////////////////////// +// Event Options // +////////////////////////////////////////////////// + +/** + * @brief request for performing a short-circuiting event + * + */ +typedef struct _DEBUGGER_EVENT_OPTIONS +{ + UINT64 OptionalParam1; // Optional parameter + UINT64 OptionalParam2; // Optional parameter + UINT64 OptionalParam3; // Optional parameter + UINT64 OptionalParam4; // Optional parameter + UINT64 OptionalParam5; // Optional parameter + UINT64 OptionalParam6; // Optional parameter + +} DEBUGGER_EVENT_OPTIONS, *PDEBUGGER_EVENT_OPTIONS; + +////////////////////////////////////////////////// +// Enums For Event And Debugger Resources // +////////////////////////////////////////////////// + +/** + * @brief Things to consider when applying resources + * + */ +typedef enum _PROTECTED_HV_RESOURCES_PASSING_OVERS +{ + // + // for exception bitmap + // + PASSING_OVER_NONE = 0, + PASSING_OVER_UD_EXCEPTIONS_FOR_SYSCALL_SYSRET_HOOK = 1, + PASSING_OVER_EXCEPTION_EVENTS, + + // + // for external interupts-exitings + // + PASSING_OVER_INTERRUPT_EVENTS, + + // + // for external rdtsc/p exitings + // + PASSING_OVER_TSC_EVENTS, + + // + // for external mov to hardware debug registers exitings + // + PASSING_OVER_MOV_TO_HW_DEBUG_REGS_EVENTS, + + // + // for external mov to control registers exitings + // + PASSING_OVER_MOV_TO_CONTROL_REGS_EVENTS, + +} PROTECTED_HV_RESOURCES_PASSING_OVERS; + +/** + * @brief Type of protected (multi-used) resources + * + */ +typedef enum _PROTECTED_HV_RESOURCES_TYPE +{ + PROTECTED_HV_RESOURCES_EXCEPTION_BITMAP, + + PROTECTED_HV_RESOURCES_EXTERNAL_INTERRUPT_EXITING, + + PROTECTED_HV_RESOURCES_RDTSC_RDTSCP_EXITING, + + PROTECTED_HV_RESOURCES_MOV_TO_DEBUG_REGISTER_EXITING, + + PROTECTED_HV_RESOURCES_MOV_CONTROL_REGISTER_EXITING, + + PROTECTED_HV_RESOURCES_MOV_TO_CR3_EXITING, + +} PROTECTED_HV_RESOURCES_TYPE; + +////////////////////////////////////////////////// +// Event Details // +////////////////////////////////////////////////// + +/** + * @brief Each command is like the following struct, it also used for + * tracing works in user mode and sending it to the kernl mode + * @details THIS IS NOT WHAT HYPERDBG SAVES FOR EVENTS IN KERNEL-MODE + */ +typedef struct _DEBUGGER_GENERAL_EVENT_DETAIL +{ + LIST_ENTRY + CommandsEventList; // Linked-list of commands list (used for tracing purpose + // in user mode) + + time_t CreationTime; // Date of creating this event + + UINT32 CoreId; // determines the core index to apply this event to, if it's + // 0xffffffff means that we have to apply it to all cores + + UINT32 ProcessId; // determines the process id to apply this to + // only that 0xffffffff means that we have to + // apply it to all processes + + BOOLEAN IsEnabled; + + BOOLEAN EnableShortCircuiting; // indicates whether the short-circuiting event + // is enabled or not for this event + + VMM_CALLBACK_EVENT_CALLING_STAGE_TYPE EventStage; // reveals the calling stage of the event + // (whether it's a all- pre- or post- event) + + BOOLEAN HasCustomOutput; // Shows whether this event has a custom output + // source or not + + UINT64 + OutputSourceTags + [DebuggerOutputSourceMaximumRemoteSourceForSingleEvent]; // tags of + // multiple + // sources which + // can be used to + // send the event + // results of + // scripts to + // remote sources + + UINT32 CountOfActions; + + UINT64 Tag; // is same as operation code + VMM_EVENT_TYPE_ENUM EventType; + + DEBUGGER_EVENT_OPTIONS Options; + + PVOID CommandStringBuffer; + + UINT32 ConditionBufferSize; + +} DEBUGGER_GENERAL_EVENT_DETAIL, *PDEBUGGER_GENERAL_EVENT_DETAIL; + +/** + * @brief Each event can have multiple actions + * @details THIS STRUCTURE IS ONLY USED IN USER MODE + * WE USE SEPARATE STRUCTURE FOR ACTIONS IN + * KERNEL MODE + */ +typedef struct _DEBUGGER_GENERAL_ACTION +{ + UINT64 EventTag; + DEBUGGER_EVENT_ACTION_TYPE_ENUM ActionType; + BOOLEAN ImmediateMessagePassing; + UINT32 PreAllocatedBuffer; + + UINT32 CustomCodeBufferSize; + UINT32 ScriptBufferSize; + UINT32 ScriptBufferPointer; + +} DEBUGGER_GENERAL_ACTION, *PDEBUGGER_GENERAL_ACTION; + +/** + * @brief Status of register buffers + * + */ +typedef struct _DEBUGGER_EVENT_AND_ACTION_RESULT +{ + BOOLEAN IsSuccessful; + UINT32 Error; // If IsSuccessful was, FALSE + +} DEBUGGER_EVENT_AND_ACTION_RESULT, *PDEBUGGER_EVENT_AND_ACTION_RESULT; + +#define SIZEOF_REGISTER_EVENT sizeof(REGISTER_NOTIFY_BUFFER) + +/** + * @file RequestStructures.h + * @author Sina Karvandi (sina@hyperdbg.org) + * @brief HyperDbg's SDK Headers Request Packets + * @details This file contains definitions of request packets (enums, structs) + * @version 0.2 + * @date 2022-06-28 + * + * @copyright This project is released under the GNU Public License v3. + * + */ +#pragma once + +#define SIZEOF_DEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS \ + sizeof(DEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS) + +/** + * @brief request for !pte command + * + */ +typedef struct _DEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS +{ + UINT64 VirtualAddress; + UINT32 ProcessId; + + UINT64 Pml4eVirtualAddress; + UINT64 Pml4eValue; + + UINT64 PdpteVirtualAddress; + UINT64 PdpteValue; + + UINT64 PdeVirtualAddress; + UINT64 PdeValue; + + UINT64 PteVirtualAddress; + UINT64 PteValue; + + UINT32 KernelStatus; + +} DEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS, + *PDEBUGGER_READ_PAGE_TABLE_ENTRIES_DETAILS; + +/* ============================================================================================== + */ + +#define SIZEOF_DEBUGGER_VA2PA_AND_PA2VA_COMMANDS \ + sizeof(DEBUGGER_VA2PA_AND_PA2VA_COMMANDS) + +/** + * @brief requests for !va2pa and !pa2va commands + * + */ +typedef struct _DEBUGGER_VA2PA_AND_PA2VA_COMMANDS +{ + UINT64 VirtualAddress; + UINT64 PhysicalAddress; + UINT32 ProcessId; + BOOLEAN IsVirtual2Physical; + UINT32 KernelStatus; + +} DEBUGGER_VA2PA_AND_PA2VA_COMMANDS, *PDEBUGGER_VA2PA_AND_PA2VA_COMMANDS; + +/* ============================================================================================== + */ +#define SIZEOF_DEBUGGER_PAGE_IN_REQUEST \ + sizeof(DEBUGGER_PAGE_IN_REQUEST) + +/** + * @brief requests for the '.pagein' command + * + */ +typedef struct _DEBUGGER_PAGE_IN_REQUEST +{ + UINT64 VirtualAddressFrom; + UINT64 VirtualAddressTo; + UINT32 ProcessId; + UINT32 PageFaultErrorCode; + UINT32 KernelStatus; + +} DEBUGGER_PAGE_IN_REQUEST, *PDEBUGGER_PAGE_IN_REQUEST; + +/* ============================================================================================== + */ + +/** + * @brief different modes of reconstruct requests + * + */ +typedef enum _REVERSING_MACHINE_RECONSTRUCT_MEMORY_MODE +{ + REVERSING_MACHINE_RECONSTRUCT_MEMORY_MODE_UNKNOWN = 0, + REVERSING_MACHINE_RECONSTRUCT_MEMORY_MODE_USER_MODE, + REVERSING_MACHINE_RECONSTRUCT_MEMORY_MODE_KERNEL_MODE, +} REVERSING_MACHINE_RECONSTRUCT_MEMORY_MODE; + +/** + * @brief different types of reconstruct requests + * + */ +typedef enum _REVERSING_MACHINE_RECONSTRUCT_MEMORY_TYPE +{ + REVERSING_MACHINE_RECONSTRUCT_MEMORY_TYPE_UNKNOWN = 0, + REVERSING_MACHINE_RECONSTRUCT_MEMORY_TYPE_RECONSTRUCT, + REVERSING_MACHINE_RECONSTRUCT_MEMORY_TYPE_PATTERN, +} REVERSING_MACHINE_RECONSTRUCT_MEMORY_TYPE; + +#define SIZEOF_REVERSING_MACHINE_RECONSTRUCT_MEMORY_REQUEST \ + sizeof(REVERSING_MACHINE_RECONSTRUCT_MEMORY_REQUEST) + +/** + * @brief requests for !rev command + * + */ +typedef struct _REVERSING_MACHINE_RECONSTRUCT_MEMORY_REQUEST +{ + UINT32 ProcessId; + UINT32 Size; + REVERSING_MACHINE_RECONSTRUCT_MEMORY_MODE Mode; + REVERSING_MACHINE_RECONSTRUCT_MEMORY_TYPE Type; + UINT32 KernelStatus; + +} REVERSING_MACHINE_RECONSTRUCT_MEMORY_REQUEST, *PREVERSING_MACHINE_RECONSTRUCT_MEMORY_REQUEST; + +/* ============================================================================================== + */ + +#define SIZEOF_DEBUGGER_DT_COMMAND_OPTIONS \ + sizeof(DEBUGGER_DT_COMMAND_OPTIONS) + +/** + * @brief requests options for dt and struct command + * + */ +typedef struct _DEBUGGER_DT_COMMAND_OPTIONS +{ + const char * TypeName; + UINT64 SizeOfTypeName; + UINT64 Address; + BOOLEAN IsStruct; + PVOID BufferAddress; + UINT32 TargetPid; + const char * AdditionalParameters; + +} DEBUGGER_DT_COMMAND_OPTIONS, *PDEBUGGER_DT_COMMAND_OPTIONS; + +/* ============================================================================================== + */ + +/** + * @brief different types of prealloc requests + * + */ +typedef enum _DEBUGGER_PREALLOC_COMMAND_TYPE +{ + DEBUGGER_PREALLOC_COMMAND_TYPE_THREAD_INTERCEPTION, + DEBUGGER_PREALLOC_COMMAND_TYPE_MONITOR, + DEBUGGER_PREALLOC_COMMAND_TYPE_EPTHOOK, + DEBUGGER_PREALLOC_COMMAND_TYPE_EPTHOOK2, + DEBUGGER_PREALLOC_COMMAND_TYPE_REGULAR_EVENT, + DEBUGGER_PREALLOC_COMMAND_TYPE_BIG_EVENT, + DEBUGGER_PREALLOC_COMMAND_TYPE_REGULAR_SAFE_BUFFER, + DEBUGGER_PREALLOC_COMMAND_TYPE_BIG_SAFE_BUFFER, + +} DEBUGGER_PREALLOC_COMMAND_TYPE; + +#define SIZEOF_DEBUGGER_PREALLOC_COMMAND \ + sizeof(DEBUGGER_PREALLOC_COMMAND) + +/** + * @brief requests for the 'prealloc' command + * + */ +typedef struct _DEBUGGER_PREALLOC_COMMAND +{ + DEBUGGER_PREALLOC_COMMAND_TYPE Type; + UINT32 Count; + UINT32 KernelStatus; + +} DEBUGGER_PREALLOC_COMMAND, *PDEBUGGER_PREALLOC_COMMAND; + +/* ============================================================================================== + */ + +/** + * @brief different types of preactivate requests + * + */ +typedef enum _DEBUGGER_PREACTIVATE_COMMAND_TYPE +{ + DEBUGGER_PREACTIVATE_COMMAND_TYPE_MODE, + +} DEBUGGER_PREACTIVATE_COMMAND_TYPE; + +#define SIZEOF_DEBUGGER_PREACTIVATE_COMMAND \ + sizeof(DEBUGGER_PREACTIVATE_COMMAND) + +/** + * @brief requests for the 'preactivate' command + * + */ +typedef struct _DEBUGGER_PREACTIVATE_COMMAND +{ + DEBUGGER_PREACTIVATE_COMMAND_TYPE Type; + UINT32 KernelStatus; + +} DEBUGGER_PREACTIVATE_COMMAND, *PDEBUGGER_PREACTIVATE_COMMAND; + +/* ============================================================================================== + */ + +#define SIZEOF_DEBUGGER_READ_MEMORY sizeof(DEBUGGER_READ_MEMORY) + +/** + * @brief different types of reading memory + * + */ +typedef enum _DEBUGGER_READ_READING_TYPE +{ + READ_FROM_KERNEL, + READ_FROM_VMX_ROOT +} DEBUGGER_READ_READING_TYPE; + +/** + * @brief different type of addresses + * + */ +typedef enum _DEBUGGER_READ_MEMORY_TYPE +{ + DEBUGGER_READ_PHYSICAL_ADDRESS, + DEBUGGER_READ_VIRTUAL_ADDRESS +} DEBUGGER_READ_MEMORY_TYPE; + +/** + * @brief the way that debugger should show + * the details of memory or disassemble them + * + */ +typedef enum _DEBUGGER_SHOW_MEMORY_STYLE +{ + DEBUGGER_SHOW_COMMAND_DT = 1, + DEBUGGER_SHOW_COMMAND_DISASSEMBLE64, + DEBUGGER_SHOW_COMMAND_DISASSEMBLE32, + DEBUGGER_SHOW_COMMAND_DB, + DEBUGGER_SHOW_COMMAND_DC, + DEBUGGER_SHOW_COMMAND_DQ, + DEBUGGER_SHOW_COMMAND_DD, + DEBUGGER_SHOW_COMMAND_DUMP +} DEBUGGER_SHOW_MEMORY_STYLE; + +/** + * @brief request for reading virtual and physical memory + * + */ +typedef struct _DEBUGGER_READ_MEMORY +{ + UINT32 Pid; // Read from cr3 of what process + UINT64 Address; + UINT32 Size; + BOOLEAN IsForDisasm; // Debugger sets whether the read memory is for diassembler or not + BOOLEAN Is32BitAddress; // Debuggee sets the status of address + DEBUGGER_READ_MEMORY_TYPE MemoryType; + DEBUGGER_READ_READING_TYPE ReadingType; + PDEBUGGER_DT_COMMAND_OPTIONS DtDetails; + DEBUGGER_SHOW_MEMORY_STYLE Style; // not used in local debugging + UINT32 ReturnLength; // not used in local debugging + UINT32 KernelStatus; // not used in local debugging + + // + // Here is the target buffer (actual memory) + // + +} DEBUGGER_READ_MEMORY, *PDEBUGGER_READ_MEMORY; + +/* ============================================================================================== + */ + +#define SIZEOF_DEBUGGER_FLUSH_LOGGING_BUFFERS \ + sizeof(DEBUGGER_FLUSH_LOGGING_BUFFERS) + +/** + * @brief request for flushing buffers + * + */ +typedef struct _DEBUGGER_FLUSH_LOGGING_BUFFERS +{ + UINT32 KernelStatus; + UINT32 CountOfMessagesThatSetAsReadFromVmxRoot; + UINT32 CountOfMessagesThatSetAsReadFromVmxNonRoot; + +} DEBUGGER_FLUSH_LOGGING_BUFFERS, *PDEBUGGER_FLUSH_LOGGING_BUFFERS; + +/* ============================================================================================== + */ + +#define SIZEOF_DEBUGGER_TEST_QUERY_BUFFER \ + sizeof(DEBUGGER_TEST_QUERY_BUFFER) + +/** + * @brief test query used for test purposed + * + */ +typedef enum _DEBUGGER_TEST_QUERY_STATE +{ + TEST_QUERY_HALTING_CORE_STATUS = 1, // Query constant to show detail of halting of core + TEST_QUERY_PREALLOCATED_POOL_STATE = 2, // Query pre-allocated pool state + TEST_QUERY_TRAP_STATE = 3, // Query trap state + TEST_BREAKPOINT_TURN_OFF_BPS = 4, // Turn off the breakpoints (#BP) + TEST_BREAKPOINT_TURN_ON_BPS = 5, // Turn on the breakpoints (#BP) + TEST_BREAKPOINT_TURN_OFF_BPS_AND_EVENTS_FOR_COMMANDS_IN_REMOTE_COMPUTER = 6, // Turn off the breakpoints and events for executing the commands in the remote computer + TEST_BREAKPOINT_TURN_ON_BPS_AND_EVENTS_FOR_COMMANDS_IN_REMOTE_COMPUTER = 7, // Turn on the breakpoints and events for executing the commands in the remote computer + TEST_SETTING_TARGET_TASKS_ON_HALTED_CORES_SYNCHRONOUS = 8, // For testing synchronized event + TEST_SETTING_TARGET_TASKS_ON_HALTED_CORES_ASYNCHRONOUS = 9, // For testing unsynchronized event + TEST_SETTING_TARGET_TASKS_ON_TARGET_HALTED_CORES = 10, // Send the task to the halted core + TEST_BREAKPOINT_TURN_OFF_DBS = 11, // Turn off the debug breaks (#DB) + TEST_BREAKPOINT_TURN_ON_DBS = 12, // Turn on the debug breaks (#DB) + +} DEBUGGER_TEST_QUERY_STATE; + +/** + * @brief request for test query buffers + * + */ +typedef struct _DEBUGGER_DEBUGGER_TEST_QUERY_BUFFER +{ + DEBUGGER_TEST_QUERY_STATE RequestType; + UINT64 Context; + UINT32 KernelStatus; + +} DEBUGGER_DEBUGGER_TEST_QUERY_BUFFER, *PDEBUGGER_DEBUGGER_TEST_QUERY_BUFFER; + +/* ============================================================================================== + */ + +#define SIZEOF_DEBUGGER_PERFORM_KERNEL_TESTS \ + sizeof(DEBUGGER_PERFORM_KERNEL_TESTS) + +/** + * @brief request performing kernel tests + * + */ +typedef struct _DEBUGGER_PERFORM_KERNEL_TESTS +{ + UINT32 KernelStatus; + +} DEBUGGER_PERFORM_KERNEL_TESTS, *PDEBUGGER_PERFORM_KERNEL_TESTS; + +/* ============================================================================================== + */ + +#define SIZEOF_DEBUGGER_SEND_COMMAND_EXECUTION_FINISHED_SIGNAL \ + sizeof(DEBUGGER_SEND_COMMAND_EXECUTION_FINISHED_SIGNAL) + +/** + * @brief request for send a signal that command execution finished + * + */ +typedef struct _DEBUGGER_SEND_COMMAND_EXECUTION_FINISHED_SIGNAL +{ + UINT32 KernelStatus; + +} DEBUGGER_SEND_COMMAND_EXECUTION_FINISHED_SIGNAL, + *PDEBUGGER_SEND_COMMAND_EXECUTION_FINISHED_SIGNAL; + +/* ============================================================================================== + */ + +#define SIZEOF_DEBUGGEE_SEND_GENERAL_PACKET_FROM_DEBUGGEE_TO_DEBUGGER \ + sizeof(DEBUGGEE_SEND_GENERAL_PACKET_FROM_DEBUGGEE_TO_DEBUGGER) + +/** + * @brief request for send general packets from debuggee to debugger + * + */ +typedef struct _DEBUGGEE_SEND_GENERAL_PACKET_FROM_DEBUGGEE_TO_DEBUGGER +{ + DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION RequestedAction; + UINT32 LengthOfBuffer; + BOOLEAN PauseDebuggeeWhenSent; + UINT32 KernelResult; + + // + // The buffer for the general packet is here + // + +} DEBUGGEE_SEND_GENERAL_PACKET_FROM_DEBUGGEE_TO_DEBUGGER, + *PDEBUGGEE_SEND_GENERAL_PACKET_FROM_DEBUGGEE_TO_DEBUGGER; + +/* ============================================================================================== + */ + +#define SIZEOF_DEBUGGER_SEND_USERMODE_MESSAGES_TO_DEBUGGER \ + sizeof(DEBUGGER_SEND_USERMODE_MESSAGES_TO_DEBUGGER) + +/** + * @brief request for send a user-mode message to debugger + * + */ +typedef struct _DEBUGGER_SEND_USERMODE_MESSAGES_TO_DEBUGGER +{ + UINT32 KernelStatus; + UINT32 Length; + + // + // Here is the messages + // + +} DEBUGGER_SEND_USERMODE_MESSAGES_TO_DEBUGGER, + *PDEBUGGER_SEND_USERMODE_MESSAGES_TO_DEBUGGER; + +/* ============================================================================================== + */ + +#define SIZEOF_DEBUGGER_READ_AND_WRITE_ON_MSR \ + sizeof(DEBUGGER_READ_AND_WRITE_ON_MSR) + +/** + * @brief different types of actions on MSRs + * + */ +typedef enum _DEBUGGER_MSR_ACTION_TYPE +{ + DEBUGGER_MSR_READ, + DEBUGGER_MSR_WRITE +} DEBUGGER_MSR_ACTION_TYPE; + +/** + * @brief request to read or write on MSRs + * + */ +typedef struct _DEBUGGER_READ_AND_WRITE_ON_MSR +{ + UINT64 Msr; // It's actually a 32-Bit value but let's not mess with a register + UINT32 CoreNumber; // specifies the core to execute wrmsr or read the msr + // (DEBUGGER_READ_AND_WRITE_ON_MSR_APPLY_ALL_CORES mean all + // the cores) + DEBUGGER_MSR_ACTION_TYPE + ActionType; // Detects whether user needs wrmsr or rdmsr + UINT64 Value; + +} DEBUGGER_READ_AND_WRITE_ON_MSR, *PDEBUGGER_READ_AND_WRITE_ON_MSR; + +/* ============================================================================================== + */ + +#define SIZEOF_DEBUGGER_EDIT_MEMORY sizeof(DEBUGGER_EDIT_MEMORY) + +/** + * @brief different type of addresses for editing memory + * + */ +typedef enum _DEBUGGER_EDIT_MEMORY_TYPE +{ + EDIT_PHYSICAL_MEMORY, + EDIT_VIRTUAL_MEMORY +} DEBUGGER_EDIT_MEMORY_TYPE; + +/** + * @brief size of editing memory + * + */ +typedef enum _DEBUGGER_EDIT_MEMORY_BYTE_SIZE +{ + EDIT_BYTE, + EDIT_DWORD, + EDIT_QWORD +} DEBUGGER_EDIT_MEMORY_BYTE_SIZE; + +/** + * @brief request for edit virtual and physical memory + * + */ +typedef struct _DEBUGGER_EDIT_MEMORY +{ + UINT32 Result; // Result from kernel + UINT64 Address; // Target address to modify + UINT32 ProcessId; // specifies the process id + DEBUGGER_EDIT_MEMORY_TYPE MemoryType; // Type of memory + DEBUGGER_EDIT_MEMORY_BYTE_SIZE ByteSize; // Modification size + UINT32 CountOf64Chunks; + UINT32 FinalStructureSize; + UINT32 KernelStatus; // not used in local debugging + +} DEBUGGER_EDIT_MEMORY, *PDEBUGGER_EDIT_MEMORY; + +/* ============================================================================================== + */ + +#define SIZEOF_DEBUGGER_SEARCH_MEMORY sizeof(DEBUGGER_SEARCH_MEMORY) + +/** + * @brief different types of address for searching on memory + * + */ +typedef enum _DEBUGGER_SEARCH_MEMORY_TYPE +{ + SEARCH_PHYSICAL_MEMORY, + SEARCH_VIRTUAL_MEMORY, + SEARCH_PHYSICAL_FROM_VIRTUAL_MEMORY, + +} DEBUGGER_SEARCH_MEMORY_TYPE; + +/** + * @brief different sizes on searching memory + * + */ +typedef enum _DEBUGGER_SEARCH_MEMORY_BYTE_SIZE +{ + SEARCH_BYTE, + SEARCH_DWORD, + SEARCH_QWORD + +} DEBUGGER_SEARCH_MEMORY_BYTE_SIZE; + +/** + * @brief request for searching memory + * + */ +typedef struct _DEBUGGER_SEARCH_MEMORY +{ + UINT64 Address; // Target address to start searching + UINT64 Length; // Length of bytes to search + UINT32 ProcessId; // specifies the process id + DEBUGGER_SEARCH_MEMORY_TYPE MemoryType; // Type of memory + DEBUGGER_SEARCH_MEMORY_BYTE_SIZE ByteSize; // Modification size + UINT32 CountOf64Chunks; + UINT32 FinalStructureSize; + +} DEBUGGER_SEARCH_MEMORY, *PDEBUGGER_SEARCH_MEMORY; + +/* ============================================================================================== + */ + +#define SIZEOF_DEBUGGER_HIDE_AND_TRANSPARENT_DEBUGGER_MODE \ + sizeof(DEBUGGER_HIDE_AND_TRANSPARENT_DEBUGGER_MODE) + +/** + * @brief request for enable or disable transparent-mode + * + */ +typedef struct _DEBUGGER_HIDE_AND_TRANSPARENT_DEBUGGER_MODE +{ + BOOLEAN IsHide; + + UINT64 CpuidAverage; + UINT64 CpuidStandardDeviation; + UINT64 CpuidMedian; + + UINT64 RdtscAverage; + UINT64 RdtscStandardDeviation; + UINT64 RdtscMedian; + + BOOLEAN TrueIfProcessIdAndFalseIfProcessName; + UINT32 ProcId; + UINT32 LengthOfProcessName; // in the case of !hide name xxx, this parameter + // shows the length of xxx + + UINT64 KernelStatus; /* DEBUGGER_OPERATION_WAS_SUCCESSFUL , + DEBUGGER_ERROR_UNABLE_TO_HIDE_OR_UNHIDE_DEBUGGER + */ + +} DEBUGGER_HIDE_AND_TRANSPARENT_DEBUGGER_MODE, + *PDEBUGGER_HIDE_AND_TRANSPARENT_DEBUGGER_MODE; + +/* ============================================================================================== + */ + +#define SIZEOF_DEBUGGER_PREPARE_DEBUGGEE sizeof(DEBUGGER_PREPARE_DEBUGGEE) + +/** + * @brief request to make this computer to a debuggee + * + */ +typedef struct _DEBUGGER_PREPARE_DEBUGGEE +{ + UINT32 PortAddress; + UINT32 Baudrate; + UINT64 NtoskrnlBaseAddress; + UINT32 Result; // Result from the kernel + CHAR OsName[MAXIMUM_CHARACTER_FOR_OS_NAME]; + +} DEBUGGER_PREPARE_DEBUGGEE, *PDEBUGGER_PREPARE_DEBUGGEE; + +/* ============================================================================================== + */ + +/** + * @brief The structure of changing core packet in HyperDbg + * + */ +typedef struct _DEBUGGEE_CHANGE_CORE_PACKET +{ + UINT32 NewCore; + UINT32 Result; + +} DEBUGGEE_CHANGE_CORE_PACKET, *PDEBUGGEE_CHANGE_CORE_PACKET; + +/* ============================================================================================== + */ +#define SIZEOF_DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS \ + sizeof(DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS) + +/** + * @brief different actions of switchings + * + */ +typedef enum _DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS_ACTION_TYPE +{ + DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS_ACTION_ATTACH, + DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS_ACTION_DETACH, + DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS_ACTION_REMOVE_HOOKS, + DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS_ACTION_KILL_PROCESS, + DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS_ACTION_PAUSE_PROCESS, + DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS_ACTION_SWITCH_BY_PROCESS_OR_THREAD, + DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS_ACTION_QUERY_COUNT_OF_ACTIVE_DEBUGGING_THREADS, + +} DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS_ACTION_TYPE; + +/** + * @brief request for attaching user-mode process + * + */ +typedef struct _DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS +{ + BOOLEAN IsStartingNewProcess; + UINT32 ProcessId; + UINT32 ThreadId; + BOOLEAN CheckCallbackAtFirstInstruction; + BOOLEAN Is32Bit; + BOOLEAN IsPaused; // used in switching to threads + DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS_ACTION_TYPE Action; + UINT32 CountOfActiveDebuggingThreadsAndProcesses; // used in showing the list of active threads/processes + UINT64 Token; + UINT64 Result; + +} DEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS, + *PDEBUGGER_ATTACH_DETACH_USER_MODE_PROCESS; + +/* ============================================================================================== + */ +#define SIZEOF_DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS \ + sizeof(DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS) + +/** + * @brief different type of process or thread queries + * + */ +typedef enum _DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS_TYPES +{ + DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS_QUERY_PROCESS_COUNT = 1, + DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS_QUERY_THREAD_COUNT = 2, + DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS_QUERY_PROCESS_LIST = 3, + DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS_QUERY_THREAD_LIST = 4, + DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS_QUERY_CURRENT_PROCESS = 5, + DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS_QUERY_CURRENT_THREAD = 6, + +} DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS_TYPES; + +/** + * @brief different actions on showing or querying list of process or threads + * + */ +typedef enum _DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS_ACTIONS +{ + DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS_ACTION_SHOW_INSTANTLY = 1, + DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS_ACTION_QUERY_COUNT = 2, + DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS_ACTION_QUERY_SAVE_DETAILS = 3, + +} DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS_ACTIONS; + +/** + * @brief The structure of needed information to get the details + * of the process from nt!_EPROCESS and location of needed variables + * + */ +typedef struct _DEBUGGEE_PROCESS_LIST_NEEDED_DETAILS +{ + UINT64 PsActiveProcessHead; // nt!PsActiveProcessHead + ULONG ImageFileNameOffset; // nt!_EPROCESS.ImageFileName + ULONG UniquePidOffset; // nt!_EPROCESS.UniqueProcessId + ULONG ActiveProcessLinksOffset; // nt!_EPROCESS.ActiveProcessLinks + +} DEBUGGEE_PROCESS_LIST_NEEDED_DETAILS, *PDEBUGGEE_PROCESS_LIST_NEEDED_DETAILS; + +/** + * @brief The structure of needed information to get the details + * of the thread from nt!_ETHREAD and location of needed variables + * + */ +typedef struct _DEBUGGEE_THREAD_LIST_NEEDED_DETAILS +{ + UINT32 ThreadListHeadOffset; // nt!_EPROCESS.ThreadListHead + UINT32 ThreadListEntryOffset; // nt!_ETHREAD.ThreadListEntry + UINT32 CidOffset; // nt!_ETHREAD.Cid + UINT64 PsActiveProcessHead; // nt!PsActiveProcessHead + ULONG ActiveProcessLinksOffset; // nt!_EPROCESS.ActiveProcessLinks + UINT64 Process; + +} DEBUGGEE_THREAD_LIST_NEEDED_DETAILS, *PDEBUGGEE_THREAD_LIST_NEEDED_DETAILS; + +/** + * @brief The structure showing list of processes (details of each + * entry) + * + */ +typedef struct _DEBUGGEE_PROCESS_LIST_DETAILS_ENTRY +{ + UINT64 Eprocess; + UINT32 ProcessId; + UINT64 Cr3; + UCHAR ImageFileName[15 + 1]; + +} DEBUGGEE_PROCESS_LIST_DETAILS_ENTRY, *PDEBUGGEE_PROCESS_LIST_DETAILS_ENTRY; + +/** + * @brief The structure showing list of threads (details of each + * entry) + * + */ +typedef struct _DEBUGGEE_THREAD_LIST_DETAILS_ENTRY +{ + UINT64 Eprocess; + UINT64 Ethread; + UINT32 ProcessId; + UINT32 ThreadId; + UCHAR ImageFileName[15 + 1]; + +} DEBUGGEE_THREAD_LIST_DETAILS_ENTRY, *PDEBUGGEE_THREAD_LIST_DETAILS_ENTRY; + +/** + * @brief request for query count of active processes and threads + * + */ +typedef struct _DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS +{ + DEBUGGEE_PROCESS_LIST_NEEDED_DETAILS ProcessListNeededDetails; + DEBUGGEE_THREAD_LIST_NEEDED_DETAILS ThreadListNeededDetails; + DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS_TYPES QueryType; + DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS_ACTIONS QueryAction; + UINT32 Count; + UINT64 Result; + +} DEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS, + *PDEBUGGER_QUERY_ACTIVE_PROCESSES_OR_THREADS; + +/* ============================================================================================== + */ + +/** + * @brief The structure for saving the callstack frame of one parameter + * + */ +typedef struct _DEBUGGER_SINGLE_CALLSTACK_FRAME +{ + BOOLEAN IsStackAddressValid; + BOOLEAN IsValidAddress; + BOOLEAN IsExecutable; + UINT64 Value; + BYTE InstructionBytesOnRip[MAXIMUM_CALL_INSTR_SIZE]; + +} DEBUGGER_SINGLE_CALLSTACK_FRAME, *PDEBUGGER_SINGLE_CALLSTACK_FRAME; + +#define SIZEOF_DEBUGGER_CALLSTACK_REQUEST \ + sizeof(DEBUGGER_CALLSTACK_REQUEST) + +/** + * @brief callstack showing method + * + */ +typedef enum _DEBUGGER_CALLSTACK_DISPLAY_METHOD +{ + DEBUGGER_CALLSTACK_DISPLAY_METHOD_WITHOUT_PARAMS, + DEBUGGER_CALLSTACK_DISPLAY_METHOD_WITH_PARAMS, + +} DEBUGGER_CALLSTACK_DISPLAY_METHOD; + +/** + * @brief request for callstack frames + * + */ +typedef struct _DEBUGGER_CALLSTACK_REQUEST +{ + BOOLEAN Is32Bit; + UINT32 KernelStatus; + DEBUGGER_CALLSTACK_DISPLAY_METHOD DisplayMethod; + UINT32 Size; + UINT32 FrameCount; + UINT64 BaseAddress; + UINT64 BufferSize; + + // + // Here is the size of stack frames + // + +} DEBUGGER_CALLSTACK_REQUEST, *PDEBUGGER_CALLSTACK_REQUEST; + +/* ============================================================================================== + */ +#define SIZEOF_USERMODE_DEBUGGING_THREAD_OR_PROCESS_STATE_DETAILS \ + sizeof(USERMODE_DEBUGGING_THREAD_OR_PROCESS_STATE_DETAILS) + +typedef struct _USERMODE_DEBUGGING_THREAD_OR_PROCESS_STATE_DETAILS +{ + UINT32 ProcessId; + UINT32 ThreadId; + BOOLEAN IsProcess; + +} USERMODE_DEBUGGING_THREAD_OR_PROCESS_STATE_DETAILS, *PUSERMODE_DEBUGGING_THREAD_OR_PROCESS_STATE_DETAILS; + +/* ============================================================================================== + */ + +/** + * @brief Used for run the script + * + */ +typedef struct _DEBUGGER_EVENT_ACTION_RUN_SCRIPT_CONFIGURATION +{ + UINT64 ScriptBuffer; + UINT32 ScriptLength; + UINT32 ScriptPointer; + UINT32 OptionalRequestedBufferSize; + +} DEBUGGER_EVENT_ACTION_RUN_SCRIPT_CONFIGURATION, + *PDEBUGGER_EVENT_ACTION_RUN_SCRIPT_CONFIGURATION; + +/** + * @brief used in the case of requesting a "request buffer" + * + */ +typedef struct _DEBUGGER_EVENT_REQUEST_BUFFER +{ + BOOLEAN EnabledRequestBuffer; + UINT32 RequestBufferSize; + UINT64 RequstBufferAddress; + +} DEBUGGER_EVENT_REQUEST_BUFFER, *PDEBUGGER_EVENT_REQUEST_BUFFER; + +/** + * @brief used in the case of custom code requests to the debugger + * + */ +typedef struct _DEBUGGER_EVENT_REQUEST_CUSTOM_CODE +{ + UINT32 CustomCodeBufferSize; + PVOID CustomCodeBufferAddress; + UINT32 OptionalRequestedBufferSize; + +} DEBUGGER_EVENT_REQUEST_CUSTOM_CODE, *PDEBUGGER_EVENT_REQUEST_CUSTOM_CODE; + +/* ============================================================================================== + */ + +/** + * @brief User-mode debugging actions + * + */ +typedef enum _DEBUGGER_UD_COMMAND_ACTION_TYPE +{ + DEBUGGER_UD_COMMAND_ACTION_TYPE_NONE = 0, + DEBUGGER_UD_COMMAND_ACTION_TYPE_PAUSE, + DEBUGGER_UD_COMMAND_ACTION_TYPE_CONTINUE, + DEBUGGER_UD_COMMAND_ACTION_TYPE_REGULAR_STEP, + +} DEBUGGER_UD_COMMAND_ACTION_TYPE; + +/** + * @brief Description of user-mode debugging actions + * + */ +typedef struct _DEBUGGER_UD_COMMAND_ACTION +{ + DEBUGGER_UD_COMMAND_ACTION_TYPE ActionType; + UINT64 OptionalParam1; + UINT64 OptionalParam2; + UINT64 OptionalParam3; + UINT64 OptionalParam4; + +} DEBUGGER_UD_COMMAND_ACTION, *PDEBUGGER_UD_COMMAND_ACTION; + +/** + * @brief The structure of command packet in uHyperDbg + * + */ +typedef struct _DEBUGGER_UD_COMMAND_PACKET +{ + DEBUGGER_UD_COMMAND_ACTION UdAction; + UINT64 ProcessDebuggingDetailToken; + UINT32 TargetThreadId; + BOOLEAN ApplyToAllPausedThreads; + UINT32 Result; + +} DEBUGGER_UD_COMMAND_PACKET, *PDEBUGGER_UD_COMMAND_PACKET; + +/* ============================================================================================== + */ + +/** + * @brief Debugger process switch and process details + * + */ +typedef enum _DEBUGGEE_DETAILS_AND_SWITCH_PROCESS_TYPE +{ + + DEBUGGEE_DETAILS_AND_SWITCH_PROCESS_GET_PROCESS_DETAILS, + DEBUGGEE_DETAILS_AND_SWITCH_PROCESS_GET_PROCESS_LIST, + DEBUGGEE_DETAILS_AND_SWITCH_PROCESS_PERFORM_SWITCH, + +} DEBUGGEE_DETAILS_AND_SWITCH_PROCESS_TYPE; + +/** + * @brief The structure of changing process and show process + * packet in HyperDbg + * + */ +typedef struct _DEBUGGEE_DETAILS_AND_SWITCH_PROCESS_PACKET +{ + DEBUGGEE_DETAILS_AND_SWITCH_PROCESS_TYPE ActionType; + UINT32 ProcessId; + UINT64 Process; + BOOLEAN IsSwitchByClkIntr; + UCHAR ProcessName[16]; + DEBUGGEE_PROCESS_LIST_NEEDED_DETAILS ProcessListSymDetails; + UINT32 Result; + +} DEBUGGEE_DETAILS_AND_SWITCH_PROCESS_PACKET, *PDEBUGGEE_DETAILS_AND_SWITCH_PROCESS_PACKET; + +/* ============================================================================================== + */ + +/** + * @brief Debugger size of DEBUGGEE_DETAILS_AND_SWITCH_PROCESS_PACKET + * + */ +#define SIZEOF_DEBUGGEE_DETAILS_AND_SWITCH_PROCESS_PACKET \ + sizeof(DEBUGGEE_DETAILS_AND_SWITCH_PROCESS_PACKET) + +/** + * @brief Debugger thread switch and thread details + * + */ +typedef enum _DEBUGGEE_DETAILS_AND_SWITCH_THREAD_TYPE +{ + + DEBUGGEE_DETAILS_AND_SWITCH_THREAD_PERFORM_SWITCH, + DEBUGGEE_DETAILS_AND_SWITCH_THREAD_GET_THREAD_DETAILS, + DEBUGGEE_DETAILS_AND_SWITCH_THREAD_GET_THREAD_LIST, + +} DEBUGGEE_DETAILS_AND_SWITCH_THREAD_TYPE; + +/** + * @brief The structure of changing thead and show thread + * packet in HyperDbg + */ +typedef struct _DEBUGGEE_DETAILS_AND_SWITCH_THREAD_PACKET +{ + DEBUGGEE_DETAILS_AND_SWITCH_THREAD_TYPE ActionType; + UINT32 ThreadId; + UINT32 ProcessId; + UINT64 Thread; + UINT64 Process; + BOOLEAN CheckByClockInterrupt; + UCHAR ProcessName[16]; + DEBUGGEE_THREAD_LIST_NEEDED_DETAILS ThreadListSymDetails; + UINT32 Result; + +} DEBUGGEE_DETAILS_AND_SWITCH_THREAD_PACKET, *PDEBUGGEE_DETAILS_AND_SWITCH_THREAD_PACKET; + +/** + * @brief Debugger size of DEBUGGEE_DETAILS_AND_SWITCH_THREAD_PACKET + * + */ +#define SIZEOF_DEBUGGEE_DETAILS_AND_SWITCH_THREAD_PACKET \ + sizeof(DEBUGGEE_DETAILS_AND_SWITCH_THREAD_PACKET) + +/* ============================================================================================== + */ + +/** + * @brief stepping and tracking types + * + */ +typedef enum _DEBUGGER_REMOTE_STEPPING_REQUEST +{ + DEBUGGER_REMOTE_STEPPING_REQUEST_STEP_IN, + DEBUGGER_REMOTE_STEPPING_REQUEST_INSTRUMENTATION_STEP_IN, + DEBUGGER_REMOTE_STEPPING_REQUEST_INSTRUMENTATION_STEP_IN_FOR_TRACKING, + + DEBUGGER_REMOTE_STEPPING_REQUEST_STEP_OVER, + DEBUGGER_REMOTE_STEPPING_REQUEST_STEP_OVER_FOR_GU, + DEBUGGER_REMOTE_STEPPING_REQUEST_STEP_OVER_FOR_GU_LAST_INSTRUCTION, + +} DEBUGGER_REMOTE_STEPPING_REQUEST; + +/** + * @brief The structure of stepping packet in HyperDbg + * + */ +typedef struct _DEBUGGEE_STEP_PACKET +{ + DEBUGGER_REMOTE_STEPPING_REQUEST StepType; + + // + // Only in the case of call instructions + // the 'p' command + // + BOOLEAN IsCurrentInstructionACall; + UINT32 CallLength; + +} DEBUGGEE_STEP_PACKET, *PDEBUGGEE_STEP_PACKET; + +/** + * @brief default number of instructions used in tracking and stepping + * + */ +#define DEBUGGER_REMOTE_TRACKING_DEFAULT_COUNT_OF_STEPPING 0xffffffff + +/* ============================================================================================== + */ + +/** + * @brief The structure of .formats result packet in HyperDbg + * + */ +typedef struct _DEBUGGEE_FORMATS_PACKET +{ + UINT64 Value; + UINT32 Result; + +} DEBUGGEE_FORMATS_PACKET, *PDEBUGGEE_FORMATS_PACKET; + +/* ============================================================================================== + */ + +/** + * @brief The structure of .sym reload packet in HyperDbg + * + */ +typedef struct _DEBUGGEE_SYMBOL_REQUEST_PACKET +{ + UINT32 ProcessId; + +} DEBUGGEE_SYMBOL_REQUEST_PACKET, *PDEBUGGEE_SYMBOL_REQUEST_PACKET; + +/* ============================================================================================== + */ + +/** + * @brief The structure of bp command packet in HyperDbg + * + */ +typedef struct _DEBUGGEE_BP_PACKET +{ + UINT64 Address; + UINT32 Pid; + UINT32 Tid; + UINT32 Core; + BOOLEAN RemoveAfterHit; + BOOLEAN CheckForCallbacks; + UINT32 Result; + +} DEBUGGEE_BP_PACKET, *PDEBUGGEE_BP_PACKET; + +/** + * @brief breakpoint modification types + * + */ +typedef enum _DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST +{ + + DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST_LIST_BREAKPOINTS, + DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST_ENABLE, + DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST_DISABLE, + DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST_CLEAR, + +} DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST; + +/** + * @brief The structure of breakpoint modification requests packet in HyperDbg + * + */ +typedef struct _DEBUGGEE_BP_LIST_OR_MODIFY_PACKET +{ + UINT64 BreakpointId; + DEBUGGEE_BREAKPOINT_MODIFICATION_REQUEST Request; + UINT32 Result; + +} DEBUGGEE_BP_LIST_OR_MODIFY_PACKET, *PDEBUGGEE_BP_LIST_OR_MODIFY_PACKET; + +/* ============================================================================================== + */ + +/** + * @brief Whether a jump is taken or not taken + * + */ +typedef enum _DEBUGGER_CONDITIONAL_JUMP_STATUS +{ + + DEBUGGER_CONDITIONAL_JUMP_STATUS_ERROR = 0, + DEBUGGER_CONDITIONAL_JUMP_STATUS_NOT_CONDITIONAL_JUMP, + DEBUGGER_CONDITIONAL_JUMP_STATUS_JUMP_IS_TAKEN, + DEBUGGER_CONDITIONAL_JUMP_STATUS_JUMP_IS_NOT_TAKEN, + +} DEBUGGER_CONDITIONAL_JUMP_STATUS; + +/* ============================================================================================== + */ + +/** + * @brief The structure of script packet in HyperDbg + * + */ +typedef struct _DEBUGGEE_SCRIPT_PACKET +{ + UINT32 ScriptBufferSize; + UINT32 ScriptBufferPointer; + BOOLEAN IsFormat; + UINT32 Result; + + // + // The script buffer is here + // + +} DEBUGGEE_SCRIPT_PACKET, *PDEBUGGEE_SCRIPT_PACKET; + +/* ============================================================================================== + */ + +/** + * @brief The structure of result of search packet in HyperDbg + * + */ +typedef struct _DEBUGGEE_RESULT_OF_SEARCH_PACKET +{ + UINT32 CountOfResults; + UINT32 Result; + +} DEBUGGEE_RESULT_OF_SEARCH_PACKET, *PDEBUGGEE_RESULT_OF_SEARCH_PACKET; + +/* ============================================================================================== + */ + +/** + * @brief Register Descriptor Structure to use in r command. + * + */ +typedef struct _DEBUGGEE_REGISTER_READ_DESCRIPTION +{ + UINT32 RegisterID; // the number is from REGS_ENUM + UINT64 Value; + UINT32 KernelStatus; + +} DEBUGGEE_REGISTER_READ_DESCRIPTION, *PDEBUGGEE_REGISTER_READ_DESCRIPTION; + +/* ============================================================================================== + */ + +/** + * @file Symbols.h + * @author Sina Karvandi (sina@hyperdbg.org) + * @brief HyperDbg's SDK Header Files For Symbol Parsing + * @details This file contains definitions of symbol parsers + * @version 0.2 + * @date 2022-06-24 + * + * @copyright This project is released under the GNU Public License v3. + * + */ +#pragma once + +////////////////////////////////////////////////// +// Symbols Details // +////////////////////////////////////////////////// + +/** + * @brief structures for sending and saving details + * about each module and symbols details + * + */ +typedef struct _MODULE_SYMBOL_DETAIL +{ + BOOLEAN IsSymbolDetailsFound; // TRUE if the details of symbols found, FALSE if not found + BOOLEAN IsLocalSymbolPath; // TRUE if the ModuleSymbolPath is a real path + // and FALSE if ModuleSymbolPath is just a module name + BOOLEAN IsSymbolPDBAvaliable; // TRUE if the module's pdb is available(if exists in the sympath) + BOOLEAN IsUserMode; // TRUE if the module is a user-mode module + BOOLEAN Is32Bit; // TRUE if the module is a 32-bit + UINT64 BaseAddress; + char FilePath[MAX_PATH]; + char ModuleSymbolPath[MAX_PATH]; + char ModuleSymbolGuidAndAge[MAXIMUM_GUID_AND_AGE_SIZE]; + +} MODULE_SYMBOL_DETAIL, *PMODULE_SYMBOL_DETAIL; + +typedef struct _USERMODE_LOADED_MODULE_SYMBOLS +{ + UINT64 BaseAddress; + UINT64 Entrypoint; + wchar_t FilePath[MAX_PATH]; + +} USERMODE_LOADED_MODULE_SYMBOLS, *PUSERMODE_LOADED_MODULE_SYMBOLS; + +typedef struct _USERMODE_LOADED_MODULE_DETAILS +{ + UINT32 ProcessId; + BOOLEAN OnlyCountModules; + BOOLEAN Is32Bit; + UINT32 ModulesCount; + UINT32 Result; + + // + // Here is a list of USERMODE_LOADED_MODULE_SYMBOLS (appended) + // + +} USERMODE_LOADED_MODULE_DETAILS, *PUSERMODE_LOADED_MODULE_DETAILS; + +/** + * @brief Callback type that should be used to add + * list of Addresses to ObjectNames + * + */ +typedef VOID (*SymbolMapCallback)(UINT64 Address, char * ModuleName, char * ObjectName, unsigned int ObjectSize); + +/** + * @brief request to add new symbol detail or update a previous + * symbol table entry + * + */ +typedef struct _DEBUGGER_UPDATE_SYMBOL_TABLE +{ + UINT32 TotalSymbols; + UINT32 CurrentSymbolIndex; + MODULE_SYMBOL_DETAIL SymbolDetailPacket; + +} DEBUGGER_UPDATE_SYMBOL_TABLE, *PDEBUGGER_UPDATE_SYMBOL_TABLE; + +/** + * @brief check so the DEBUGGER_UPDATE_SYMBOL_TABLE should be smaller than packet size + * + */ +static_assert(sizeof(DEBUGGER_UPDATE_SYMBOL_TABLE) < PacketChunkSize, + "err (static_assert), size of PacketChunkSize should be bigger than DEBUGGER_UPDATE_SYMBOL_TABLE (MODULE_SYMBOL_DETAIL)"); + +/* +============================================================================================== + */ + +/** + * @brief request that shows, symbol reload process is finished + * + */ +typedef struct _DEBUGGEE_SYMBOL_UPDATE_RESULT +{ + UINT64 KernelStatus; // Kernel put the status in this field + +} DEBUGGEE_SYMBOL_UPDATE_RESULT, *PDEBUGGEE_SYMBOL_UPDATE_RESULT; + +/* +============================================================================================== + */ + +/** + * @file HardwareDebugger.h + * @author Sina Karvandi (sina@hyperdbg.org) + * @brief HyperDbg's Hardware Debugger (hwdbg) types and constants + * @details This file contains definitions of hwdbg elements + * used in HyperDbg + * @version 0.9 + * @date 2024-04-28 + * + * @copyright This project is released under the GNU Public License v3. + * + */ +#pragma once + +////////////////////////////////////////////////// +// Definitions // +////////////////////////////////////////////////// + +/** + * @brief Initial debuggee to debugger offset + * + */ +#define DEFAULT_INITIAL_DEBUGGEE_TO_DEBUGGER_OFFSET 0x200 + +/** + * @brief Initial debugger to debuggee offset + * + */ +#define DEFAULT_INITIAL_DEBUGGER_TO_DEBUGGEE_OFFSET 0x0 + +////////////////////////////////////////////////// +// Enums // +////////////////////////////////////////////////// + +/** + * @brief Different action of hwdbg + * @warning This file should be changed along with hwdbg files + * + */ +typedef enum _HWDBG_ACTION_ENUMS +{ + hwdbgActionSendInstanceInfo = 1, + hwdbgActionConfigureScriptBuffer = 2, + +} HWDBG_ACTION_ENUMS; + +/** + * @brief Different responses come from hwdbg + * @warning This file should be changed along with hwdbg files + * + */ +typedef enum _HWDBG_RESPONSE_ENUMS +{ + hwdbgResponseSuccessOrErrorMessage = 1, + hwdbgResponseInstanceInfo = 2, + +} HWDBG_RESPONSE_ENUMS; + +/** + * @brief Different success or error codes in hwdbg + * @warning This file should be changed along with hwdbg files + * + */ +typedef enum _HWDBG_SUCCESS_OR_ERROR_ENUMS +{ + hwdbgOperationWasSuccessful = 0x7FFFFFFF, + hwdbgErrorInvalidPacket = 1, + +} HWDBG_SUCCESS_OR_ERROR_ENUMS; + +////////////////////////////////////////////////// +// Structures // +////////////////////////////////////////////////// + +/** + * @brief The structure of port information (each item) in hwdbg + * + */ +typedef struct _HWDBG_PORT_INFORMATION_ITEMS +{ + UINT32 PortSize; + +} HWDBG_PORT_INFORMATION_ITEMS, *PHWDBG_PORT_INFORMATION_ITEMS; + +/** + * @brief The structure of script capabilities information in hwdbg + * + */ +typedef struct _HWDBG_INSTANCE_INFORMATION +{ + // + // ANY ADDITION TO THIS STRUCTURE SHOULD BE SYNCHRONIZED WITH SCALA AND INSTANCE INFO SENDER MODULE + // + UINT32 version; // Target version of HyperDbg (same as hwdbg) + UINT32 maximumNumberOfStages; // Number of stages that this instance of hwdbg supports (NumberOfSupportedStages == 0 means script engine is disabled) + UINT32 scriptVariableLength; // maximum length of variables (and other script elements) + UINT32 maximumNumberOfSupportedGetScriptOperators; // Maximum supported GET operators in a single func + UINT32 maximumNumberOfSupportedSetScriptOperators; // Maximum supported SET operators in a single func + UINT32 sharedMemorySize; // Size of shared memory + UINT32 debuggerAreaOffset; // The memory offset of debugger + UINT32 debuggeeAreaOffset; // The memory offset of debuggee + UINT32 numberOfPins; // Number of pins + UINT32 numberOfPorts; // Number of ports + + // + // ANY ADDITION TO THIS STRUCTURE SHOULD BE SYNCHRONIZED WITH SCALA AND INSTANCE INFO SENDER MODULE + // + + struct _HWDBG_SCRIPT_CAPABILITIES + { + // + // ANY ADDITION TO THIS MASK SHOULD BE ADDED TO HwdbgInterpreterShowScriptCapabilities + // and HwdbgInterpreterCheckScriptBufferWithScriptCapabilities as well Scala file + // + UINT64 func_or : 1; + UINT64 func_xor : 1; + UINT64 func_and : 1; + UINT64 func_asr : 1; + UINT64 func_asl : 1; + UINT64 func_add : 1; + UINT64 func_sub : 1; + UINT64 func_mul : 1; + UINT64 func_div : 1; + UINT64 func_mod : 1; + UINT64 func_gt : 1; + UINT64 func_lt : 1; + UINT64 func_egt : 1; + UINT64 func_elt : 1; + UINT64 func_equal : 1; + UINT64 func_neq : 1; + UINT64 func_jmp : 1; + UINT64 func_jz : 1; + UINT64 func_jnz : 1; + UINT64 func_mov : 1; + UINT64 func_printf : 1; + + // + // ANY ADDITION TO THIS MASK SHOULD BE ADDED TO HwdbgInterpreterShowScriptCapabilities + // and HwdbgInterpreterCheckScriptBufferWithScriptCapabilities as well Scala file + // + + } scriptCapabilities; + + UINT32 bramAddrWidth; // BRAM address width + UINT32 bramDataWidth; // BRAM data width + + // + // Here the details of port arrangements are located (HWDBG_PORT_INFORMATION_ITEMS) + // As the following type: + // HWDBG_PORT_INFORMATION_ITEMS portsConfiguration[numberOfPorts] ; Port arrangement + // + +} HWDBG_INSTANCE_INFORMATION, *PHWDBG_INSTANCE_INFORMATION; + +/** + * @brief The structure of script buffer in hwdbg + * + */ +typedef struct _HWDBG_SCRIPT_BUFFER +{ + UINT32 scriptNumberOfSymbols; // Number of symbols in the script + + // + // Here the script buffer is located + // + // UINT8 scriptBuffer[scriptNumberOfSymbols]; // The script buffer + // + +} HWDBG_SCRIPT_BUFFER, *PHWDBG_SCRIPT_BUFFER; diff --git a/gengo/bind/sdkMerge/sdk_test.go b/gengo/bind/sdkMerge/sdk_test.go new file mode 100644 index 000000000..ebd3b8b62 --- /dev/null +++ b/gengo/bind/sdkMerge/sdk_test.go @@ -0,0 +1,97 @@ +package sdk + +import ( + "io/fs" + "path/filepath" + "strings" + "testing" + + "github.com/can1357/gengo/clang" + "github.com/can1357/gengo/gengo" + "github.com/ddkwork/golibrary/mylog" +) + +func TestName(t *testing.T) { + mylog.Todo("test bind bitset") + //typedef struct _CR3_TYPE + //{ + // union + // { + // UINT64 Flags; + // + // struct + // { + // UINT64 Pcid : 12; + // UINT64 PageFrameNumber : 36; + // UINT64 Reserved1 : 12; + // UINT64 Reserved_2 : 3; + // UINT64 PcidInvalidate : 1; + // } Fields; + // }; + //} CR3_TYPE, *PCR3_TYPE; +} + +func TestBindAll(t *testing.T) { + // mylog.Warning("cpp stl not supported") + // root := "../../../bin/debug" + // root = "D:\\workspace\\workspace\\branch\\gui\\bin\\debug\\SDK\\Imports" + root := "." + filepath.Walk(root, func(path string, info fs.FileInfo, err error) error { + if filepath.Ext(path) == ".h" { + if strings.Contains(path, "Examples") { // todo bug:Imports dir was skipped + return err + } + mylog.Trace("binding", path) + mylog.Call(func() { bindOne(path) }) + } + return err + }) +} + +func bindOne(path string) { + // todo "需要实现处理多个dll导出函数的头文件问题," + // "是像zydis一样合并头文件还是修改gengo支持的方案好?不确定,都需要尝试一下," + // "问题是输出文件是一个而不是多个" + pkg := gengo.NewPackage("HPRDBGCTRL", + gengo.WithRemovePrefix( + //"Zydis_", "Zyan_", "Zycore_", + //"Zydis", "Zyan", "Zycore", + ), + gengo.WithInferredMethods([]gengo.MethodInferenceRule{ + //{Name: "ZydisDecoder", Receiver: "Decoder"}, + }), + gengo.WithForcedSynthetic( + //"ZydisShortString_", + //"struct ZydisShortString_", + ), + ) + mylog.Check(pkg.Transform("HPRDBGCTRL", &clang.Options{ + Sources: []string{path}, + AdditionalParams: []string{ + //"-DZYAN_NO_LIBC", + //"-DZYAN_STATIC_ASSERT", + //"-DZYDIS_STATIC_BUILD", + //"-DHYPERDBG_HPRDBGCTRL", + + //"-IC:\\Program Files (x86)\\Windows Kits\\10\\Include\\10.0.26100.0\\shared", + //"-IC:\\Program Files (x86)\\Windows Kits\\10\\Include\\10.0.26100.0\\ucrt", + //"-IC:\\Program Files (x86)\\Windows Kits\\10\\Include\\10.0.26100.0\\um", + //"-IC:\\Program Files (x86)\\Windows Kits\\10\\Include\\10.0.26100.0\\km", + //"-IC:\\Program Files (x86)\\Windows Kits\\10\\Include\\10.0.26100.0\\km\\crt", + + //"-IC:\\Program Files (x86)\\Windows Kits\\10\\Include\\10.0.26100.0\\winrt", + //"-IC:\\Program Files\\Microsoft Visual Studio\\2022\\Enterprise\\VC\\Tools\\MSVC\\14.40.33807\\include", + + //"-ID:\\fork\\HyperDbg\\hyperdbg\\hprdbgctrl", + //"-ID:\\fork\\HyperDbg\\hyperdbg\\hprdbghv", + //"-ID:\\fork\\HyperDbg\\hyperdbg\\hprdbgctrl\\header", + //"-ID:\\fork\\HyperDbg\\hyperdbg\\include", + //"-ID:\\fork\\HyperDbg\\hyperdbg\\dependencies", + //"-ID:\\fork\\HyperDbg\\hyperdbg\\dependencies\\phnt", + }, + })) + mylog.Check(pkg.WriteToDir(".")) + //pkg.Fprint(func(path_ string) (io.WriteCloser, error) { + // return os.Create(path + ".go") + //}) +} From 2a0f00f7ac8457f48075b4afaa815701c700fe66 Mon Sep 17 00:00:00 2001 From: Admin <2762713521@qq.com> Date: Wed, 19 Jun 2024 13:26:51 +0800 Subject: [PATCH 02/48] bind sdk --- bin/debug/SDK/Headers/BasicTypes.h | 2 +- gengo/bind/sdkMerge/Stderr.log | 71 +++++++++++--------------- gengo/bind/sdkMerge/combined_headers.h | 2 + 3 files changed, 33 insertions(+), 42 deletions(-) diff --git a/bin/debug/SDK/Headers/BasicTypes.h b/bin/debug/SDK/Headers/BasicTypes.h index ea153fbef..9c77c2083 100644 --- a/bin/debug/SDK/Headers/BasicTypes.h +++ b/bin/debug/SDK/Headers/BasicTypes.h @@ -17,7 +17,7 @@ // Basic Datatypes // ////////////////////////////////////////////////// -#include // 或者 #include +#include typedef unsigned long long QWORD; diff --git a/gengo/bind/sdkMerge/Stderr.log b/gengo/bind/sdkMerge/Stderr.log index c7cb12103..18afe3c01 100644 --- a/gengo/bind/sdkMerge/Stderr.log +++ b/gengo/bind/sdkMerge/Stderr.log @@ -1,56 +1,45 @@ -combined_headers.h:757:9: error: unknown type name 'wchar_t' - 757 | typedef wchar_t WCHAR; - | ^ -combined_headers.h:1793:5: error: unknown type name 'PVOID' - 1793 | PVOID Context; - | ^ -combined_headers.h:1848:1: warning: use of 'static_assert' without inclusion of is a Microsoft extension [-Wmicrosoft-static-assert] - 1848 | static_assert(sizeof(DEBUGGEE_UD_PAUSED_PACKET) < PacketChunkSize, +combined_headers.h:1795:5: error: unknown type name 'PVOID' + 1795 | PVOID Context; + | ^ +combined_headers.h:1850:1: warning: use of 'static_assert' without inclusion of is a Microsoft extension [-Wmicrosoft-static-assert] + 1850 | static_assert(sizeof(DEBUGGEE_UD_PAUSED_PACKET) < PacketChunkSize, | ^~~~~~~~~~~~~ | _Static_assert -combined_headers.h:1887:5: error: unknown type name 'HANDLE' - 1887 | HANDLE hEvent; +combined_headers.h:1889:5: error: unknown type name 'HANDLE' + 1889 | HANDLE hEvent; | ^ -combined_headers.h:1954:5: error: unknown type name 'PVOID' - 1954 | PVOID TargetAddress; +combined_headers.h:1956:5: error: unknown type name 'PVOID' + 1956 | PVOID TargetAddress; | ^ -combined_headers.h:1955:5: error: unknown type name 'PVOID' - 1955 | PVOID HookFunction; +combined_headers.h:1957:5: error: unknown type name 'PVOID' + 1957 | PVOID HookFunction; | ^ -combined_headers.h:1967:5: error: unknown type name 'SIZE_T' - 1967 | SIZE_T PhysicalAddress; +combined_headers.h:1969:5: error: unknown type name 'SIZE_T' + 1969 | SIZE_T PhysicalAddress; | ^ -combined_headers.h:2690:5: error: unknown type name 'LIST_ENTRY' - 2690 | LIST_ENTRY +combined_headers.h:2692:5: error: unknown type name 'LIST_ENTRY' + 2692 | LIST_ENTRY | ^ -combined_headers.h:2694:5: error: unknown type name 'time_t'; did you mean 'size_t'? - 2694 | time_t CreationTime; // Date of creating this event - | ^~~~~~ - | size_t -note: 'size_t' declared here -combined_headers.h:2732:5: error: unknown type name 'PVOID' - 2732 | PVOID CommandStringBuffer; +combined_headers.h:2734:5: error: unknown type name 'PVOID' + 2734 | PVOID CommandStringBuffer; | ^ -combined_headers.h:2909:5: error: unknown type name 'PVOID' - 2909 | PVOID BufferAddress; +combined_headers.h:2911:5: error: unknown type name 'PVOID' + 2911 | PVOID BufferAddress; | ^ -combined_headers.h:3614:5: error: unknown type name 'PVOID' - 3614 | PVOID CustomCodeBufferAddress; +combined_headers.h:3616:5: error: unknown type name 'PVOID' + 3616 | PVOID CustomCodeBufferAddress; | ^ -combined_headers.h:3958:22: error: use of undeclared identifier 'MAX_PATH' - 3958 | char FilePath[MAX_PATH]; +combined_headers.h:3960:22: error: use of undeclared identifier 'MAX_PATH' + 3960 | char FilePath[MAX_PATH]; | ^ -combined_headers.h:3959:30: error: use of undeclared identifier 'MAX_PATH' - 3959 | char ModuleSymbolPath[MAX_PATH]; +combined_headers.h:3961:30: error: use of undeclared identifier 'MAX_PATH' + 3961 | char ModuleSymbolPath[MAX_PATH]; | ^ -combined_headers.h:3968:5: error: unknown type name 'wchar_t' - 3968 | wchar_t FilePath[MAX_PATH]; - | ^ -combined_headers.h:3968:22: error: use of undeclared identifier 'MAX_PATH' - 3968 | wchar_t FilePath[MAX_PATH]; +combined_headers.h:3970:22: error: use of undeclared identifier 'MAX_PATH' + 3970 | wchar_t FilePath[MAX_PATH]; | ^ -combined_headers.h:4010:1: warning: use of 'static_assert' without inclusion of is a Microsoft extension [-Wmicrosoft-static-assert] - 4010 | static_assert(sizeof(DEBUGGER_UPDATE_SYMBOL_TABLE) < PacketChunkSize, +combined_headers.h:4012:1: warning: use of 'static_assert' without inclusion of is a Microsoft extension [-Wmicrosoft-static-assert] + 4012 | static_assert(sizeof(DEBUGGER_UPDATE_SYMBOL_TABLE) < PacketChunkSize, | ^~~~~~~~~~~~~ | _Static_assert -2 warnings and 15 errors generated. +2 warnings and 12 errors generated. diff --git a/gengo/bind/sdkMerge/combined_headers.h b/gengo/bind/sdkMerge/combined_headers.h index a68546562..5966ceb6e 100644 --- a/gengo/bind/sdkMerge/combined_headers.h +++ b/gengo/bind/sdkMerge/combined_headers.h @@ -742,6 +742,8 @@ const unsigned char BuildSignature[] = { // Basic Datatypes // ////////////////////////////////////////////////// +#include + typedef unsigned long long QWORD; typedef unsigned __int64 UINT64, *PUINT64; typedef unsigned long DWORD; From e584412bd591a8d422adfb93ab2f9b85946f1cf2 Mon Sep 17 00:00:00 2001 From: Admin <2762713521@qq.com> Date: Wed, 19 Jun 2024 13:31:35 +0800 Subject: [PATCH 03/48] bind sdk --- gengo/bind/sdkMerge/Stderr.log | 46 +++----------------------- gengo/bind/sdkMerge/combined_headers.h | 3 +- 2 files changed, 7 insertions(+), 42 deletions(-) diff --git a/gengo/bind/sdkMerge/Stderr.log b/gengo/bind/sdkMerge/Stderr.log index 18afe3c01..d36f7e744 100644 --- a/gengo/bind/sdkMerge/Stderr.log +++ b/gengo/bind/sdkMerge/Stderr.log @@ -1,45 +1,9 @@ -combined_headers.h:1795:5: error: unknown type name 'PVOID' - 1795 | PVOID Context; - | ^ -combined_headers.h:1850:1: warning: use of 'static_assert' without inclusion of is a Microsoft extension [-Wmicrosoft-static-assert] - 1850 | static_assert(sizeof(DEBUGGEE_UD_PAUSED_PACKET) < PacketChunkSize, +combined_headers.h:1851:1: warning: use of 'static_assert' without inclusion of is a Microsoft extension [-Wmicrosoft-static-assert] + 1851 | static_assert(sizeof(DEBUGGEE_UD_PAUSED_PACKET) < PacketChunkSize, | ^~~~~~~~~~~~~ | _Static_assert -combined_headers.h:1889:5: error: unknown type name 'HANDLE' - 1889 | HANDLE hEvent; - | ^ -combined_headers.h:1956:5: error: unknown type name 'PVOID' - 1956 | PVOID TargetAddress; - | ^ -combined_headers.h:1957:5: error: unknown type name 'PVOID' - 1957 | PVOID HookFunction; - | ^ -combined_headers.h:1969:5: error: unknown type name 'SIZE_T' - 1969 | SIZE_T PhysicalAddress; - | ^ -combined_headers.h:2692:5: error: unknown type name 'LIST_ENTRY' - 2692 | LIST_ENTRY - | ^ -combined_headers.h:2734:5: error: unknown type name 'PVOID' - 2734 | PVOID CommandStringBuffer; - | ^ -combined_headers.h:2911:5: error: unknown type name 'PVOID' - 2911 | PVOID BufferAddress; - | ^ -combined_headers.h:3616:5: error: unknown type name 'PVOID' - 3616 | PVOID CustomCodeBufferAddress; - | ^ -combined_headers.h:3960:22: error: use of undeclared identifier 'MAX_PATH' - 3960 | char FilePath[MAX_PATH]; - | ^ -combined_headers.h:3961:30: error: use of undeclared identifier 'MAX_PATH' - 3961 | char ModuleSymbolPath[MAX_PATH]; - | ^ -combined_headers.h:3970:22: error: use of undeclared identifier 'MAX_PATH' - 3970 | wchar_t FilePath[MAX_PATH]; - | ^ -combined_headers.h:4012:1: warning: use of 'static_assert' without inclusion of is a Microsoft extension [-Wmicrosoft-static-assert] - 4012 | static_assert(sizeof(DEBUGGER_UPDATE_SYMBOL_TABLE) < PacketChunkSize, +combined_headers.h:4013:1: warning: use of 'static_assert' without inclusion of is a Microsoft extension [-Wmicrosoft-static-assert] + 4013 | static_assert(sizeof(DEBUGGER_UPDATE_SYMBOL_TABLE) < PacketChunkSize, | ^~~~~~~~~~~~~ | _Static_assert -2 warnings and 12 errors generated. +2 warnings generated. diff --git a/gengo/bind/sdkMerge/combined_headers.h b/gengo/bind/sdkMerge/combined_headers.h index 5966ceb6e..1bcb5ba14 100644 --- a/gengo/bind/sdkMerge/combined_headers.h +++ b/gengo/bind/sdkMerge/combined_headers.h @@ -742,7 +742,8 @@ const unsigned char BuildSignature[] = { // Basic Datatypes // ////////////////////////////////////////////////// -#include +#include //for wchar_t +#include //for PVOID typedef unsigned long long QWORD; typedef unsigned __int64 UINT64, *PUINT64; From c0974ea979764e064963c3ef137c653ec3c78233 Mon Sep 17 00:00:00 2001 From: Admin <2762713521@qq.com> Date: Wed, 19 Jun 2024 13:32:54 +0800 Subject: [PATCH 04/48] bind sdk --- gengo/clang/layout_parse.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gengo/clang/layout_parse.go b/gengo/clang/layout_parse.go index 0e939cb8f..176bb3186 100644 --- a/gengo/clang/layout_parse.go +++ b/gengo/clang/layout_parse.go @@ -81,7 +81,7 @@ func (r *RecordLayout) UnmarshalString(data string) error { } // Parse offset - offset := mylog.Check2(strconv.Atoi(strings.TrimSpace(before))) + offset := mylog.Check2(strconv.Atoi(strings.TrimSpace(before))) //todo bitset bug // Determine indentation level indent := len(after) From ed9c972a680d0479db15cc6ad37682177229f5b9 Mon Sep 17 00:00:00 2001 From: Admin <2762713521@qq.com> Date: Wed, 19 Jun 2024 18:16:00 +0800 Subject: [PATCH 05/48] bind sdk --- gengo/bind/sdkMerge/Stderr.log | 9 --------- gengo/bind/sdkMerge/combined_headers.h | 1 + gengo/bind/sdkMerge/sdk_test.go | 10 ++++++---- gengo/clang/layout_parse.go | 7 ++++++- 4 files changed, 13 insertions(+), 14 deletions(-) diff --git a/gengo/bind/sdkMerge/Stderr.log b/gengo/bind/sdkMerge/Stderr.log index d36f7e744..e69de29bb 100644 --- a/gengo/bind/sdkMerge/Stderr.log +++ b/gengo/bind/sdkMerge/Stderr.log @@ -1,9 +0,0 @@ -combined_headers.h:1851:1: warning: use of 'static_assert' without inclusion of is a Microsoft extension [-Wmicrosoft-static-assert] - 1851 | static_assert(sizeof(DEBUGGEE_UD_PAUSED_PACKET) < PacketChunkSize, - | ^~~~~~~~~~~~~ - | _Static_assert -combined_headers.h:4013:1: warning: use of 'static_assert' without inclusion of is a Microsoft extension [-Wmicrosoft-static-assert] - 4013 | static_assert(sizeof(DEBUGGER_UPDATE_SYMBOL_TABLE) < PacketChunkSize, - | ^~~~~~~~~~~~~ - | _Static_assert -2 warnings generated. diff --git a/gengo/bind/sdkMerge/combined_headers.h b/gengo/bind/sdkMerge/combined_headers.h index 1bcb5ba14..aa6584507 100644 --- a/gengo/bind/sdkMerge/combined_headers.h +++ b/gengo/bind/sdkMerge/combined_headers.h @@ -744,6 +744,7 @@ const unsigned char BuildSignature[] = { #include //for wchar_t #include //for PVOID +#include //warning: use of 'static_assert' without inclusion of is a Microsoft extension [-Wmicrosoft-static-assert] typedef unsigned long long QWORD; typedef unsigned __int64 UINT64, *PUINT64; diff --git a/gengo/bind/sdkMerge/sdk_test.go b/gengo/bind/sdkMerge/sdk_test.go index ebd3b8b62..1e25d2548 100644 --- a/gengo/bind/sdkMerge/sdk_test.go +++ b/gengo/bind/sdkMerge/sdk_test.go @@ -1,7 +1,9 @@ package sdk import ( + "io" "io/fs" + "os" "path/filepath" "strings" "testing" @@ -90,8 +92,8 @@ func bindOne(path string) { //"-ID:\\fork\\HyperDbg\\hyperdbg\\dependencies\\phnt", }, })) - mylog.Check(pkg.WriteToDir(".")) - //pkg.Fprint(func(path_ string) (io.WriteCloser, error) { - // return os.Create(path + ".go") - //}) + // mylog.Check(pkg.WriteToDir(".")) + pkg.Fprint(func(path_ string) (io.WriteCloser, error) { + return os.Create(path + ".go") + }) } diff --git a/gengo/clang/layout_parse.go b/gengo/clang/layout_parse.go index 176bb3186..b8b4b6f11 100644 --- a/gengo/clang/layout_parse.go +++ b/gengo/clang/layout_parse.go @@ -80,8 +80,13 @@ func (r *RecordLayout) UnmarshalString(data string) error { break } + if strings.Contains(before, ":") && strings.Contains(before, "-") { + mylog.Todo("bitset bug") + //continue + } + // Parse offset - offset := mylog.Check2(strconv.Atoi(strings.TrimSpace(before))) //todo bitset bug + offset := mylog.Check2Ignore(strconv.Atoi(strings.TrimSpace(before))) // Determine indentation level indent := len(after) From 0401b9c749cc2bcb26a760f1e4c4b76a398bba67 Mon Sep 17 00:00:00 2001 From: Admin <2762713521@qq.com> Date: Wed, 19 Jun 2024 19:03:58 +0800 Subject: [PATCH 06/48] bind sdk --- gengo/gengo/generate.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/gengo/gengo/generate.go b/gengo/gengo/generate.go index 3acdf2c06..1230cac37 100644 --- a/gengo/gengo/generate.go +++ b/gengo/gengo/generate.go @@ -2,6 +2,7 @@ package gengo import ( "fmt" + "github.com/ddkwork/golibrary/mylog" "go/token" "strconv" "strings" @@ -637,6 +638,8 @@ func (mod Module) EmitFrom(ast clang.Node, layouts *clang.LayoutMap) { return true }) + mylog.Todo("clang ast dumped define vars?") + // Define typedefs. clang.Visit(ast, func(td *clang.TypedefDecl) bool { mod.EmitTypedef(td) From 20ddecfd43e98c29cf13ae3037f22752a50fa6b4 Mon Sep 17 00:00:00 2001 From: Admin <2762713521@qq.com> Date: Wed, 19 Jun 2024 20:08:33 +0800 Subject: [PATCH 07/48] bind sdk --- bin/debug/SDK/Headers/BasicTypes.h | 6 ++- bin/debug/SDK/Headers/DataTypes.h | 2 + gengo/bind/sdk/Stderr.log | 63 ++---------------------------- gengo/bind/sdk/sdk_test.go | 42 ++++++++++++-------- gengo/bind/sdkMerge/sdk_test.go | 22 ++++++++--- 5 files changed, 53 insertions(+), 82 deletions(-) diff --git a/bin/debug/SDK/Headers/BasicTypes.h b/bin/debug/SDK/Headers/BasicTypes.h index 9c77c2083..0db4b7857 100644 --- a/bin/debug/SDK/Headers/BasicTypes.h +++ b/bin/debug/SDK/Headers/BasicTypes.h @@ -17,7 +17,8 @@ // Basic Datatypes // ////////////////////////////////////////////////// -#include +//#include +#include typedef unsigned long long QWORD; @@ -34,6 +35,9 @@ typedef unsigned __int64 DWORD64, *PDWORD64; typedef char CHAR; typedef wchar_t WCHAR; #define VOID void +//#define PVOID void* +//#define LPVOID void* +//#define HANDLE void* typedef unsigned char UCHAR; typedef unsigned short USHORT; diff --git a/bin/debug/SDK/Headers/DataTypes.h b/bin/debug/SDK/Headers/DataTypes.h index 50e54205e..ed34b50e1 100644 --- a/bin/debug/SDK/Headers/DataTypes.h +++ b/bin/debug/SDK/Headers/DataTypes.h @@ -12,6 +12,8 @@ */ #pragma once +#include "BasicTypes.h" + ////////////////////////////////////////////////// // Memory Stages // ////////////////////////////////////////////////// diff --git a/gengo/bind/sdk/Stderr.log b/gengo/bind/sdk/Stderr.log index 99641c484..1ddd179b8 100644 --- a/gengo/bind/sdk/Stderr.log +++ b/gengo/bind/sdk/Stderr.log @@ -1,59 +1,4 @@ -D:\workspace\workspace\branch\gui\bin\debug\SDK\Imports\HyperDbgVmmImports.h:23:19: error: unknown type name 'NTSTATUS' - 23 | IMPORT_EXPORT_VMM NTSTATUS - | ^ -D:\workspace\workspace\branch\gui\bin\debug\SDK\Imports\HyperDbgVmmImports.h:29:19: error: unknown type name 'VOID' - 29 | IMPORT_EXPORT_VMM VOID - | ^ -D:\workspace\workspace\branch\gui\bin\debug\SDK\Imports\HyperDbgVmmImports.h:30:27: error: unknown type name 'UINT32' - 30 | VmFuncPerformRipIncrement(UINT32 CoreId); - | ^ -D:\workspace\workspace\branch\gui\bin\debug\SDK\Imports\HyperDbgVmmImports.h:32:19: error: unknown type name 'VOID' - 32 | IMPORT_EXPORT_VMM VOID - | ^ -D:\workspace\workspace\branch\gui\bin\debug\SDK\Imports\HyperDbgVmmImports.h:33:28: error: unknown type name 'UINT32' - 33 | VmFuncSuppressRipIncrement(UINT32 CoreId); - | ^ -D:\workspace\workspace\branch\gui\bin\debug\SDK\Imports\HyperDbgVmmImports.h:35:19: error: unknown type name 'VOID' - 35 | IMPORT_EXPORT_VMM VOID - | ^ -D:\workspace\workspace\branch\gui\bin\debug\SDK\Imports\HyperDbgVmmImports.h:36:31: error: unknown type name 'UINT32' - 36 | VmFuncChangeMtfUnsettingState(UINT32 CoreId, BOOLEAN Set); - | ^ -D:\workspace\workspace\branch\gui\bin\debug\SDK\Imports\HyperDbgVmmImports.h:36:46: error: unknown type name 'BOOLEAN' - 36 | VmFuncChangeMtfUnsettingState(UINT32 CoreId, BOOLEAN Set); - | ^ -D:\workspace\workspace\branch\gui\bin\debug\SDK\Imports\HyperDbgVmmImports.h:38:19: error: unknown type name 'VOID' - 38 | IMPORT_EXPORT_VMM VOID - | ^ -D:\workspace\workspace\branch\gui\bin\debug\SDK\Imports\HyperDbgVmmImports.h:39:31: error: unknown type name 'UINT32' - 39 | VmFuncChangeIgnoreOneMtfState(UINT32 CoreId, BOOLEAN Set); - | ^ -D:\workspace\workspace\branch\gui\bin\debug\SDK\Imports\HyperDbgVmmImports.h:39:46: error: unknown type name 'BOOLEAN' - 39 | VmFuncChangeIgnoreOneMtfState(UINT32 CoreId, BOOLEAN Set); - | ^ -D:\workspace\workspace\branch\gui\bin\debug\SDK\Imports\HyperDbgVmmImports.h:41:19: error: unknown type name 'VOID' - 41 | IMPORT_EXPORT_VMM VOID - | ^ -D:\workspace\workspace\branch\gui\bin\debug\SDK\Imports\HyperDbgVmmImports.h:42:26: error: unknown type name 'BOOLEAN' - 42 | VmFuncSetMonitorTrapFlag(BOOLEAN Set); - | ^ -D:\workspace\workspace\branch\gui\bin\debug\SDK\Imports\HyperDbgVmmImports.h:44:19: error: unknown type name 'VOID' - 44 | IMPORT_EXPORT_VMM VOID - | ^ -D:\workspace\workspace\branch\gui\bin\debug\SDK\Imports\HyperDbgVmmImports.h:45:24: error: unknown type name 'BOOLEAN' - 45 | VmFuncSetRflagTrapFlag(BOOLEAN Set); - | ^ -D:\workspace\workspace\branch\gui\bin\debug\SDK\Imports\HyperDbgVmmImports.h:47:19: error: unknown type name 'VOID' - 47 | IMPORT_EXPORT_VMM VOID - | ^ -D:\workspace\workspace\branch\gui\bin\debug\SDK\Imports\HyperDbgVmmImports.h:48:24: error: unknown type name 'UINT32' - 48 | VmFuncRegisterMtfBreak(UINT32 CoreId); - | ^ -D:\workspace\workspace\branch\gui\bin\debug\SDK\Imports\HyperDbgVmmImports.h:50:19: error: unknown type name 'VOID' - 50 | IMPORT_EXPORT_VMM VOID - | ^ -D:\workspace\workspace\branch\gui\bin\debug\SDK\Imports\HyperDbgVmmImports.h:51:26: error: unknown type name 'UINT32' - 51 | VmFuncUnRegisterMtfBreak(UINT32 CoreId); - | ^ -fatal error: too many errors emitted, stopping now [-ferror-limit=] -20 errors generated. +D:\workspace\workspace\branch\gui\bin\debug\SDK\HyperDbgSdk.h:3:10: fatal error: 'SDK/Headers/Constants.h' file not found + 3 | #include "SDK/Headers/Constants.h" + | ^~~~~~~~~~~~~~~~~~~~~~~~~ +1 error generated. diff --git a/gengo/bind/sdk/sdk_test.go b/gengo/bind/sdk/sdk_test.go index 5233540ca..215ddf1fa 100644 --- a/gengo/bind/sdk/sdk_test.go +++ b/gengo/bind/sdk/sdk_test.go @@ -1,7 +1,6 @@ package sdk import ( - "io" "io/fs" "os" "path/filepath" @@ -36,20 +35,25 @@ func TestName(t *testing.T) { func TestBindAll(t *testing.T) { mylog.Warning("cpp stl not supported") root := "../../../bin/debug" - root = "D:\\workspace\\workspace\\branch\\gui\\bin\\debug\\SDK\\Imports" + root = "D:\\workspace\\workspace\\branch\\gui\\bin\\debug\\SDK\\HyperDbgSdk.h" + // root = "D:\\workspace\\workspace\\branch\\gui\\bin\\debug\\SDK\\Imports" + Sources := []string{} filepath.Walk(root, func(path string, info fs.FileInfo, err error) error { if filepath.Ext(path) == ".h" { - if strings.Contains(path, "Examples") { //todo bug:Imports dir was skipped + if strings.Contains(path, "Examples") { // todo bug:Imports dir was skipped return err } - mylog.Trace("binding", path) - mylog.Call(func() { bindOne(path) }) + // mylog.Trace("binding", path) + // mylog.Call(func() { bindOne(path) }) + Sources = append(Sources, path) } return err }) + mylog.Check(os.Chdir("../../../bin/debug")) + mylog.Call(func() { bindOne(Sources) }) } -func bindOne(path string) { +func bindOne(Sources []string) { // todo "需要实现处理多个dll导出函数的头文件问题," // "是像zydis一样合并头文件还是修改gengo支持的方案好?不确定,都需要尝试一下," // "问题是输出文件是一个而不是多个" @@ -67,7 +71,7 @@ func bindOne(path string) { ), ) mylog.Check(pkg.Transform("HPRDBGCTRL", &clang.Options{ - Sources: []string{path}, + Sources: Sources, AdditionalParams: []string{ //"-DZYAN_NO_LIBC", //"-DZYAN_STATIC_ASSERT", @@ -83,16 +87,20 @@ func bindOne(path string) { //"-IC:\\Program Files (x86)\\Windows Kits\\10\\Include\\10.0.26100.0\\winrt", //"-IC:\\Program Files\\Microsoft Visual Studio\\2022\\Enterprise\\VC\\Tools\\MSVC\\14.40.33807\\include", - "-ID:\\fork\\HyperDbg\\hyperdbg\\hprdbgctrl", - "-ID:\\fork\\HyperDbg\\hyperdbg\\hprdbghv", - "-ID:\\fork\\HyperDbg\\hyperdbg\\hprdbgctrl\\header", - "-ID:\\fork\\HyperDbg\\hyperdbg\\include", - "-ID:\\fork\\HyperDbg\\hyperdbg\\dependencies", - "-ID:\\fork\\HyperDbg\\hyperdbg\\dependencies\\phnt", + //"-ID:\\fork\\HyperDbg\\hyperdbg\\hprdbgctrl", + //"-ID:\\fork\\HyperDbg\\hyperdbg\\hprdbghv", + //"-ID:\\fork\\HyperDbg\\hyperdbg\\hprdbgctrl\\header", + //"-ID:\\fork\\HyperDbg\\hyperdbg\\include", + //"-ID:\\fork\\HyperDbg\\hyperdbg\\dependencies", + //"-ID:\\fork\\HyperDbg\\hyperdbg\\dependencies\\phnt", + //"-ID:\\workspace\\workspace\\branch\\gui\\bin\\debug\\SDK", + "-I.", }, })) - // mylog.Check(pkg.WriteToDir("../../../bin/debug")) - pkg.Fprint(func(path_ string) (io.WriteCloser, error) { - return os.Create(path + ".go") - }) + return + mylog.Check(pkg.WriteToDir("../../../bin/debug")) + //return + //pkg.Fprint(func(path_ string) (io.WriteCloser, error) { + // return os.Create(path + ".go") + //}) } diff --git a/gengo/bind/sdkMerge/sdk_test.go b/gengo/bind/sdkMerge/sdk_test.go index 1e25d2548..e60b08674 100644 --- a/gengo/bind/sdkMerge/sdk_test.go +++ b/gengo/bind/sdkMerge/sdk_test.go @@ -13,6 +13,18 @@ import ( "github.com/ddkwork/golibrary/mylog" ) +func mergeHeader() { + +} + +func handleDefileVars() { + +} + +func fixBitset() { + +} + func TestName(t *testing.T) { mylog.Todo("test bind bitset") //typedef struct _CR3_TYPE @@ -56,19 +68,19 @@ func bindOne(path string) { // "问题是输出文件是一个而不是多个" pkg := gengo.NewPackage("HPRDBGCTRL", gengo.WithRemovePrefix( - //"Zydis_", "Zyan_", "Zycore_", - //"Zydis", "Zyan", "Zycore", + //"Zydis_", "Zyan_", "Zycore_", + //"Zydis", "Zyan", "Zycore", ), gengo.WithInferredMethods([]gengo.MethodInferenceRule{ //{Name: "ZydisDecoder", Receiver: "Decoder"}, }), gengo.WithForcedSynthetic( - //"ZydisShortString_", - //"struct ZydisShortString_", + //"ZydisShortString_", + //"struct ZydisShortString_", ), ) mylog.Check(pkg.Transform("HPRDBGCTRL", &clang.Options{ - Sources: []string{path}, + Sources: []string{path}, AdditionalParams: []string{ //"-DZYAN_NO_LIBC", //"-DZYAN_STATIC_ASSERT", From a8dccb481003b82db5968ff2f39597efb65886fc Mon Sep 17 00:00:00 2001 From: Admin <2762713521@qq.com> Date: Wed, 19 Jun 2024 22:10:02 +0800 Subject: [PATCH 08/48] bind sdk --- gengo/bind/sdkMerge/bug/bug.h | 24 ++++++++++++++++++++++++ gengo/bind/sdkMerge/bug/bug_test.go | 20 ++++++++++++++++++++ gengo/bind/sdkMerge/sdk_test.go | 18 +++++++++++++----- 3 files changed, 57 insertions(+), 5 deletions(-) create mode 100644 gengo/bind/sdkMerge/bug/bug.h create mode 100644 gengo/bind/sdkMerge/bug/bug_test.go diff --git a/gengo/bind/sdkMerge/bug/bug.h b/gengo/bind/sdkMerge/bug/bug.h new file mode 100644 index 000000000..d6479fdc0 --- /dev/null +++ b/gengo/bind/sdkMerge/bug/bug.h @@ -0,0 +1,24 @@ +##include + + #define X86_FLAGS_RESERVED_BITS 0xffc38028 + #define X86_FLAGS_FIXED 0x00000002 + + #define IOCTL_PREACTIVATE_FUNCTIONALITY \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x820, METHOD_BUFFERED, FILE_ANY_ACCESS) + + typedef struct _CR3_TYPE + { + union + { + UINT64 Flags; + + struct + { + UINT64 Pcid : 12; + UINT64 PageFrameNumber : 36; + UINT64 Reserved1 : 12; + UINT64 Reserved_2 : 3; + UINT64 PcidInvalidate : 1; + } Fields; + }; + } CR3_TYPE, *PCR3_TYPE; \ No newline at end of file diff --git a/gengo/bind/sdkMerge/bug/bug_test.go b/gengo/bind/sdkMerge/bug/bug_test.go new file mode 100644 index 000000000..38306ac5e --- /dev/null +++ b/gengo/bind/sdkMerge/bug/bug_test.go @@ -0,0 +1,20 @@ +package bug + +import ( + "testing" + + "github.com/can1357/gengo/clang" + "github.com/can1357/gengo/gengo" + "github.com/ddkwork/golibrary/mylog" +) + +func TestDemoDll(t *testing.T) { + pkg := gengo.NewPackage("bug") + path := "bug.h" + mylog.Check(pkg.Transform("bug", &clang.Options{ + Sources: []string{path}, + AdditionalParams: []string{}, + }), + ) + mylog.Check(pkg.WriteToDir(".")) +} diff --git a/gengo/bind/sdkMerge/sdk_test.go b/gengo/bind/sdkMerge/sdk_test.go index e60b08674..e9e7d91b3 100644 --- a/gengo/bind/sdkMerge/sdk_test.go +++ b/gengo/bind/sdkMerge/sdk_test.go @@ -27,6 +27,14 @@ func fixBitset() { func TestName(t *testing.T) { mylog.Todo("test bind bitset") + /* + #define X86_FLAGS_RESERVED_BITS 0xffc38028 + #define X86_FLAGS_FIXED 0x00000002 + + #define IOCTL_PREACTIVATE_FUNCTIONALITY \ + CTL_CODE(FILE_DEVICE_UNKNOWN, 0x820, METHOD_BUFFERED, FILE_ANY_ACCESS) + + */ //typedef struct _CR3_TYPE //{ // union @@ -68,19 +76,19 @@ func bindOne(path string) { // "问题是输出文件是一个而不是多个" pkg := gengo.NewPackage("HPRDBGCTRL", gengo.WithRemovePrefix( - //"Zydis_", "Zyan_", "Zycore_", - //"Zydis", "Zyan", "Zycore", + //"Zydis_", "Zyan_", "Zycore_", + //"Zydis", "Zyan", "Zycore", ), gengo.WithInferredMethods([]gengo.MethodInferenceRule{ //{Name: "ZydisDecoder", Receiver: "Decoder"}, }), gengo.WithForcedSynthetic( - //"ZydisShortString_", - //"struct ZydisShortString_", + //"ZydisShortString_", + //"struct ZydisShortString_", ), ) mylog.Check(pkg.Transform("HPRDBGCTRL", &clang.Options{ - Sources: []string{path}, + Sources: []string{path}, AdditionalParams: []string{ //"-DZYAN_NO_LIBC", //"-DZYAN_STATIC_ASSERT", From 9305cc6867af1dcf27f56a459fefa55204ee5d1a Mon Sep 17 00:00:00 2001 From: Admin <2762713521@qq.com> Date: Wed, 19 Jun 2024 22:10:15 +0800 Subject: [PATCH 09/48] bind sdk --- gengo/bind/sdkMerge/bug/Stderr.log | 19 ++++++++++ gengo/bind/sdkMerge/bug/bug.go | 58 ++++++++++++++++++++++++++++++ 2 files changed, 77 insertions(+) create mode 100644 gengo/bind/sdkMerge/bug/Stderr.log create mode 100644 gengo/bind/sdkMerge/bug/bug.go diff --git a/gengo/bind/sdkMerge/bug/Stderr.log b/gengo/bind/sdkMerge/bug/Stderr.log new file mode 100644 index 000000000..fb6f4b9ec --- /dev/null +++ b/gengo/bind/sdkMerge/bug/Stderr.log @@ -0,0 +1,19 @@ +bug.h:11:10: error: unknown type name 'UINT64' + 11 | UINT64 Flags; + | ^ +bug.h:15:14: error: unknown type name 'UINT64' + 15 | UINT64 Pcid : 12; + | ^ +bug.h:16:14: error: unknown type name 'UINT64' + 16 | UINT64 PageFrameNumber : 36; + | ^ +bug.h:17:14: error: unknown type name 'UINT64' + 17 | UINT64 Reserved1 : 12; + | ^ +bug.h:18:14: error: unknown type name 'UINT64' + 18 | UINT64 Reserved_2 : 3; + | ^ +bug.h:19:14: error: unknown type name 'UINT64' + 19 | UINT64 PcidInvalidate : 1; + | ^ +6 errors generated. diff --git a/gengo/bind/sdkMerge/bug/bug.go b/gengo/bind/sdkMerge/bug/bug.go new file mode 100644 index 000000000..1e03a2b6b --- /dev/null +++ b/gengo/bind/sdkMerge/bug/bug.go @@ -0,0 +1,58 @@ +// Code generated by gengo. DO NOT EDIT. +package bug + +import ( + "unsafe" + + "github.com/can1357/gengo/gengort" +) + +const GengoLibraryName = "bug" + +var GengoLibrary = gengort.NewLibrary(GengoLibraryName) + +type ( + Cr3Type struct{} + Anon9_6 struct { + Raw [1]int32 + } +) +type Anon13_10 struct { + Pcid int32 + PageFrameNumber int32 + Reserved1 int32 + Reserved_2 int32 + PcidInvalidate int32 +} +type ( + _Int128T = any + _Uint128T = any + __NSConstantString = any + SizeT = uint64 + _BuiltinMsVaList = *byte + _BuiltinVaList = *byte + Pcr3Type = *Cr3Type +) + +func (s Anon9_6) Flags() int32 { + return gengort.ReadBitcast[int32](unsafe.Add(unsafe.Pointer(unsafe.SliceData(s.Raw[:])), 0)) +} + +func (s *Anon9_6) SetFlags(v int32) { + gengort.WriteBitcast(unsafe.Add(unsafe.Pointer(unsafe.SliceData(s.Raw[:])), 0), v) +} + +func (s Anon9_6) Fields() Anon13_10 { + return gengort.ReadBitcast[Anon13_10](unsafe.Add(unsafe.Pointer(unsafe.SliceData(s.Raw[:])), 0)) +} + +func (s *Anon9_6) SetFields(v Anon13_10) { + gengort.WriteBitcast(unsafe.Add(unsafe.Pointer(unsafe.SliceData(s.Raw[:])), 0), v) +} + +// Gengo init function. +func init() { + gengort.Validate((*Cr3Type)(nil), 0x4, 0x1) + gengort.Validate((*Anon9_6)(nil), 0x4, 0x4) + gengort.Validate((*Anon13_10)(nil), 0x14, 0x4, "Pcid", 0x0, "PageFrameNumber", 0x4, "Reserved1", 0x8, "Reserved_2", 0xc, "PcidInvalidate", 0x10) +} From 7fa7e8e04591a3ea54dd27d6b3599fc0961bc33f Mon Sep 17 00:00:00 2001 From: Admin <2762713521@qq.com> Date: Wed, 19 Jun 2024 22:15:10 +0800 Subject: [PATCH 10/48] bind sdk --- gengo/bind/sdkMerge/bug/CMakeLists.txt | 9 +++++ gengo/bind/sdkMerge/bug/Stderr.log | 19 --------- gengo/bind/sdkMerge/bug/bug.go | 56 -------------------------- gengo/bind/sdkMerge/bug/bug.h | 2 +- 4 files changed, 10 insertions(+), 76 deletions(-) create mode 100644 gengo/bind/sdkMerge/bug/CMakeLists.txt diff --git a/gengo/bind/sdkMerge/bug/CMakeLists.txt b/gengo/bind/sdkMerge/bug/CMakeLists.txt new file mode 100644 index 000000000..9a3a7ade7 --- /dev/null +++ b/gengo/bind/sdkMerge/bug/CMakeLists.txt @@ -0,0 +1,9 @@ +cmake_minimum_required(VERSION 3.28) +project(bug C) + +set(CMAKE_C_STANDARD 11) + +include_directories(.) + +add_executable(bug + bug.h) diff --git a/gengo/bind/sdkMerge/bug/Stderr.log b/gengo/bind/sdkMerge/bug/Stderr.log index fb6f4b9ec..e69de29bb 100644 --- a/gengo/bind/sdkMerge/bug/Stderr.log +++ b/gengo/bind/sdkMerge/bug/Stderr.log @@ -1,19 +0,0 @@ -bug.h:11:10: error: unknown type name 'UINT64' - 11 | UINT64 Flags; - | ^ -bug.h:15:14: error: unknown type name 'UINT64' - 15 | UINT64 Pcid : 12; - | ^ -bug.h:16:14: error: unknown type name 'UINT64' - 16 | UINT64 PageFrameNumber : 36; - | ^ -bug.h:17:14: error: unknown type name 'UINT64' - 17 | UINT64 Reserved1 : 12; - | ^ -bug.h:18:14: error: unknown type name 'UINT64' - 18 | UINT64 Reserved_2 : 3; - | ^ -bug.h:19:14: error: unknown type name 'UINT64' - 19 | UINT64 PcidInvalidate : 1; - | ^ -6 errors generated. diff --git a/gengo/bind/sdkMerge/bug/bug.go b/gengo/bind/sdkMerge/bug/bug.go index 1e03a2b6b..c749144ed 100644 --- a/gengo/bind/sdkMerge/bug/bug.go +++ b/gengo/bind/sdkMerge/bug/bug.go @@ -1,58 +1,2 @@ // Code generated by gengo. DO NOT EDIT. package bug - -import ( - "unsafe" - - "github.com/can1357/gengo/gengort" -) - -const GengoLibraryName = "bug" - -var GengoLibrary = gengort.NewLibrary(GengoLibraryName) - -type ( - Cr3Type struct{} - Anon9_6 struct { - Raw [1]int32 - } -) -type Anon13_10 struct { - Pcid int32 - PageFrameNumber int32 - Reserved1 int32 - Reserved_2 int32 - PcidInvalidate int32 -} -type ( - _Int128T = any - _Uint128T = any - __NSConstantString = any - SizeT = uint64 - _BuiltinMsVaList = *byte - _BuiltinVaList = *byte - Pcr3Type = *Cr3Type -) - -func (s Anon9_6) Flags() int32 { - return gengort.ReadBitcast[int32](unsafe.Add(unsafe.Pointer(unsafe.SliceData(s.Raw[:])), 0)) -} - -func (s *Anon9_6) SetFlags(v int32) { - gengort.WriteBitcast(unsafe.Add(unsafe.Pointer(unsafe.SliceData(s.Raw[:])), 0), v) -} - -func (s Anon9_6) Fields() Anon13_10 { - return gengort.ReadBitcast[Anon13_10](unsafe.Add(unsafe.Pointer(unsafe.SliceData(s.Raw[:])), 0)) -} - -func (s *Anon9_6) SetFields(v Anon13_10) { - gengort.WriteBitcast(unsafe.Add(unsafe.Pointer(unsafe.SliceData(s.Raw[:])), 0), v) -} - -// Gengo init function. -func init() { - gengort.Validate((*Cr3Type)(nil), 0x4, 0x1) - gengort.Validate((*Anon9_6)(nil), 0x4, 0x4) - gengort.Validate((*Anon13_10)(nil), 0x14, 0x4, "Pcid", 0x0, "PageFrameNumber", 0x4, "Reserved1", 0x8, "Reserved_2", 0xc, "PcidInvalidate", 0x10) -} diff --git a/gengo/bind/sdkMerge/bug/bug.h b/gengo/bind/sdkMerge/bug/bug.h index d6479fdc0..1d5189966 100644 --- a/gengo/bind/sdkMerge/bug/bug.h +++ b/gengo/bind/sdkMerge/bug/bug.h @@ -1,4 +1,4 @@ -##include +#include #define X86_FLAGS_RESERVED_BITS 0xffc38028 #define X86_FLAGS_FIXED 0x00000002 From e45d5df9e92e9250bd0c90250ae4ba4fd43872ea Mon Sep 17 00:00:00 2001 From: Admin <2762713521@qq.com> Date: Wed, 19 Jun 2024 23:45:48 +0800 Subject: [PATCH 11/48] bind sdk --- gengo/bind/sdkMerge/bug/bug.h | 97 +- gengo/clang/invoke.go | 4 + old_delete/sdk_old.tar | Bin 4030976 -> 0 bytes .../sdk_old/sdk_old/Headers/BasicTypes.h | 129 ++ .../sdk_old/sdk_old/Headers/BasicTypes.h.go | 110 ++ .../sdk_old/sdk_old/Headers/Connection.h | 211 ++++ .../sdk_old/sdk_old/Headers/Connection.h.go | 135 +++ .../sdk_old/sdk_old/Headers/Constants.h | 578 +++++++++ .../sdk_old/sdk_old/Headers/Constants.h.go | 121 ++ .../sdk_old/Headers/Constants.h_test.go | 20 + .../sdk_old/sdk_old/Headers/Datatypes.h | 141 +++ .../sdk_old/sdk_old/Headers/Datatypes.h.go | 82 ++ .../sdk_old/sdk_old/Headers/ErrorCodes.h | 399 +++++++ .../sdk_old/sdk_old/Headers/ErrorCodes.h.go | 196 +++ old_delete/sdk_old/sdk_old/Headers/Events.h | 129 ++ .../sdk_old/sdk_old/Headers/Events.h.go | 89 ++ old_delete/sdk_old/sdk_old/Headers/Ioctls.h | 234 ++++ .../sdk_old/sdk_old/Headers/Ioctls.h.go | 122 ++ .../sdk_old/Headers/Ioctls.h.go_test.go | 118 ++ .../sdk_old/sdk_old/Headers/MAX_PATH_linux.go | 5 + .../sdk_old/Headers/MAX_PATH_windows.go | 7 + .../sdk_old/Headers/RequestStructures.h | 1059 +++++++++++++++++ .../sdk_old/Headers/RequestStructures.h.go | 683 +++++++++++ old_delete/sdk_old/sdk_old/Headers/Symbols.h | 101 ++ .../sdk_old/sdk_old/Headers/Symbols.h.go | 65 + .../sdk_old/sdk_old/old_delete/sdk_windows.go | 151 +++ .../sdk_old/old_delete/sdk_windows_test.go | 45 + .../sdk_old/sdk_old/old_delete/uint_test.go | 65 + 28 files changed, 5080 insertions(+), 16 deletions(-) delete mode 100644 old_delete/sdk_old.tar create mode 100644 old_delete/sdk_old/sdk_old/Headers/BasicTypes.h create mode 100644 old_delete/sdk_old/sdk_old/Headers/BasicTypes.h.go create mode 100644 old_delete/sdk_old/sdk_old/Headers/Connection.h create mode 100644 old_delete/sdk_old/sdk_old/Headers/Connection.h.go create mode 100644 old_delete/sdk_old/sdk_old/Headers/Constants.h create mode 100644 old_delete/sdk_old/sdk_old/Headers/Constants.h.go create mode 100644 old_delete/sdk_old/sdk_old/Headers/Constants.h_test.go create mode 100644 old_delete/sdk_old/sdk_old/Headers/Datatypes.h create mode 100644 old_delete/sdk_old/sdk_old/Headers/Datatypes.h.go create mode 100644 old_delete/sdk_old/sdk_old/Headers/ErrorCodes.h create mode 100644 old_delete/sdk_old/sdk_old/Headers/ErrorCodes.h.go create mode 100644 old_delete/sdk_old/sdk_old/Headers/Events.h create mode 100644 old_delete/sdk_old/sdk_old/Headers/Events.h.go create mode 100644 old_delete/sdk_old/sdk_old/Headers/Ioctls.h create mode 100644 old_delete/sdk_old/sdk_old/Headers/Ioctls.h.go create mode 100644 old_delete/sdk_old/sdk_old/Headers/Ioctls.h.go_test.go create mode 100644 old_delete/sdk_old/sdk_old/Headers/MAX_PATH_linux.go create mode 100644 old_delete/sdk_old/sdk_old/Headers/MAX_PATH_windows.go create mode 100644 old_delete/sdk_old/sdk_old/Headers/RequestStructures.h create mode 100644 old_delete/sdk_old/sdk_old/Headers/RequestStructures.h.go create mode 100644 old_delete/sdk_old/sdk_old/Headers/Symbols.h create mode 100644 old_delete/sdk_old/sdk_old/Headers/Symbols.h.go create mode 100644 old_delete/sdk_old/sdk_old/old_delete/sdk_windows.go create mode 100644 old_delete/sdk_old/sdk_old/old_delete/sdk_windows_test.go create mode 100644 old_delete/sdk_old/sdk_old/old_delete/uint_test.go diff --git a/gengo/bind/sdkMerge/bug/bug.h b/gengo/bind/sdkMerge/bug/bug.h index 1d5189966..5f46fa835 100644 --- a/gengo/bind/sdkMerge/bug/bug.h +++ b/gengo/bind/sdkMerge/bug/bug.h @@ -6,19 +6,84 @@ #define IOCTL_PREACTIVATE_FUNCTIONALITY \ CTL_CODE(FILE_DEVICE_UNKNOWN, 0x820, METHOD_BUFFERED, FILE_ANY_ACCESS) - typedef struct _CR3_TYPE - { - union - { - UINT64 Flags; - - struct - { - UINT64 Pcid : 12; - UINT64 PageFrameNumber : 36; - UINT64 Reserved1 : 12; - UINT64 Reserved_2 : 3; - UINT64 PcidInvalidate : 1; - } Fields; - }; - } CR3_TYPE, *PCR3_TYPE; \ No newline at end of file +// typedef struct _CR3_TYPE +// { +// union +// { +// UINT64 Flags; +// +// struct +// { +// UINT64 Pcid : 12; +// UINT64 PageFrameNumber : 36; +// UINT64 Reserved1 : 12; +// UINT64 Reserved_2 : 3; +// UINT64 PcidInvalidate : 1; +// } Fields; +// }; +// } CR3_TYPE, *PCR3_TYPE; + +typedef union +{ + struct + { + /** + * [Bits 3:0] Segment type. + */ + UINT32 Type : 4; + + /** + * [Bit 4] S - Descriptor type (0 = system; 1 = code or data). + */ + UINT32 DescriptorType : 1; + + /** + * [Bits 6:5] DPL - Descriptor privilege level. + */ + UINT32 DescriptorPrivilegeLevel : 2; + + /** + * [Bit 7] P - Segment present. + */ + UINT32 Present : 1; + + UINT32 Reserved1 : 4; + + /** + * [Bit 12] AVL - Available for use by system software. + */ + UINT32 AvailableBit : 1; + + /** + * [Bit 13] Reserved (except for CS). L - 64-bit mode active (for CS only). + */ + UINT32 LongMode : 1; + + /** + * [Bit 14] D/B - Default operation size (0 = 16-bit segment; 1 = 32-bit segment). + */ + UINT32 DefaultBig : 1; + + /** + * [Bit 15] G - Granularity. + */ + UINT32 Granularity : 1; + /** + * [Bit 16] Segment unusable (0 = usable; 1 = unusable). + */ + UINT32 Unusable : 1; + UINT32 Reserved2 : 15; + }; + + UINT32 AsUInt; +} VMX_SEGMENT_ACCESS_RIGHTS_TYPE; + + +// typedef struct xed_immdis_s { +//// union xed_immdis_values_t value; +// unsigned int currently_used_space :4; // current number of assigned bytes +// unsigned int max_allocated_space :4; // max allocation, 4 or 8 +// int present : 1; +// int immediate_is_unsigned : 1; +// } xed_immdis_t; +// diff --git a/gengo/clang/invoke.go b/gengo/clang/invoke.go index c61afe9cf..dee58480a 100644 --- a/gengo/clang/invoke.go +++ b/gengo/clang/invoke.go @@ -50,6 +50,8 @@ func CreateAST(opt *Options) ([]byte, error) { "-nobuiltininc", "-Xclang", "-ast-dump=json", + "-Xclang", + "-fmacro-backtrace-limit=0", ) } @@ -62,6 +64,8 @@ func CreateLayoutMap(opt *Options) ([]byte, error) { "-fdump-record-layouts", "-Xclang", "-fdump-record-layouts-complete", + "-Xclang", + "-fmacro-backtrace-limit=0", ) } diff --git a/old_delete/sdk_old.tar b/old_delete/sdk_old.tar deleted file mode 100644 index 0f709ad24bc765687b7b8e5bea11dc87d4524f19..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4030976 zcmeEvdv_Z-j_>?ypEKW~#(VC@$)pp%;&k_J_Kqyei6*wB(Ie^1<7j2MoM>Z9UP(^k zo$c>_e*oVsvL2E<(|b2MC$UsTf*=TjAOQl4i;u(E)y31_{DPkye4aml{u}y>kN=mS z?H(NN9~>O)>>TXk{qz09=f6pw{en1Y(6@`_Xr3hc_y4jl3pxI;($PgaU;H9`Km%N2 z{P&*i9qt|OKKsqi?#}aP``^a@Yp|j}{zs$5WZb{INf%E(+*kVrVKz^Clj$gV zJ(_n^#|%@J7ot+1uIM`)=p(yS?w}p?EQ#-Q3M5?>{U>Q#bS3f28AOf>!70RXSRv7s>4u zVlY{LNRyYXLDIQBze0njlW{s-q{*lKCkoip-){cX&3yF!dX&tj+4Q~m?@w>r-Q#}=6d4XD)8*j-kQg*u z{lkOD$)k?=7AnmE8R26OAfWgiIcm30LqNtKXf>wK(Yt;lRAK>s6ySh@~c(e5P+Mf|LU)5U8}@rDl&8^`c@YCC!Q~9 z@}}K9PCm^h7r~JiO$mC8Nya#-o%R~Z zj(O1U4jM_aOXH}@3_6`gclhjZc+~9oG!yDCJ6|rH&yEF6R6Y2+7{8sn(3ae5z z`k1Px?YBTUr>dy1v!n3#tM118s;bgos_s{fbv4=fVppZgrfRQIZ?}$z0`DvYx9a7k z-B*Xg!aUxvmr1{k8JqN9HG4@9Y*6nHx{c&*v;V3+ z=qL3y)`VuO)^E03{4nX^mjI=flErdpwa6OyN#E<-){aL>mxqYp!l2IN23a) z04f+fnUB8w3&|IvmiuC?U(ni*kE(H@UhH}`&h-ng#^Oe{vFF#&FZ>!4S!3U;aiL#$ zHNF>ea_7r|SK|l$!mF{nBinf9)!5xtFZ>#N^2MQFV_&`SYaGZI&;1(D)C<&5!>s<^ z^Kk!cF&7DH!)lO#U`D093cXYE<0bUW^viNSf>!r_vRFbr1bUC?AJ{U;yp5mw-5RlQ zv)6BQ4IdNZ>>eid9-32(gx|;B?-TF$OYe8X``xpDL%-^toYtH=^sL!Iqly3?f`%5} zix64*P-X>bZs#d!(L&#*Z=+-hefWJkhd!8oN};ArrdoZE6K#0hI2ycs38CBXHtBEU zc-VN;X!Y@;Uu&Ma1Vm^0qxWE%M+E(Ro{m1=%&@XS;UB#x<=Z?;CKr#B>1-*HS>ip7 z8IiujI!#i?&H#hU{rov8!h`5kR3=2SQ?LzFYI1oA;(#unM)S$&{7P(DvTQW$)iGfG zVWai3*=h{m)Vj^u(P^VMJOxK-u_)!xqoki+-%uN9Td@_W^eB0GH9H?&y-{t2ik!~I z*%HJkc^D8K^4FK_NAFX0NVB;)xxS(O^%izEqsw$_lNZcndvk+N36fg~?!$x4 z4Jckxnu#Y6V^5#X)0-4$FBgegWcBt)ZBCRfMgmFH{}+ZOeEu6{j9=7ov?>%9eo3I|EfkjI5#CC&?C*)XL{xfBzv(so#!u=a zfo3wu-}IV(6B(&#*%p%#znMsAn_g36Y7F>29`JkaC<;(>RDheO8hF43=mGt9h%6td zVF1Rg1_oo{Xk-Qbb;_~GUz4id4FgL}os_eHX^xgoZ^FOppvl>EIe%4c@F zs#0{9>sKQ2rz%A^sdgo*K%dQxf}Jf@5=G74R#l4bY3)i>nRd0RQg$zj(WZ}IiK=aG z6zpUDO0<(zgpkzB?qI1Bp`pBk7xSF&tP<`qmRsY z@T~aZDgHJw>f+Q!O~Z|2@ArxK`=$50;r;G;zr}V%BfA03mv}_c#UStFDEr|(Mwg0o zbh~%7X|S8ykXr(=L)hG)<_qCHDk=e_@)TwVA*swWR`Ne3ur@XVD!o}UHnQ5h6sN>( z)RSB!9_78=d{{=O_w_#za|)XX>?vQ%{NKDS7&CLf{49-k)LC!LqIg)~X#SqGngw|hWsiS~YB>!5p9m7>=PomAmC zWI@)=&mZp4lk;1g#-wy8axd_tZGe;6mpHtt_1Y~yYCt7?tTR}$ zyq?dNACiyhe41V*|4j6otLElzc_|rv$U__*b7PHT(gq%jO0mL(Rbwa*lZVI6Uafal zP^H`W6CWg>blYdDd)rNYL=kQgtU$#0F{bR1q z?dx;HDj@1@wB7@O>aWV9-RZXLjb5*Ez5Xk7^SE-gdi(5*EDVjG8ubAg0){8eRylk`@-P)<(IKdBP z(Nt9>dBH@DZoSdz^MHo2Ww}Mu9wyw2&m_qN+LP&fw}Qsco!>*vdPlV$PF-~|g$pw@ zIzT6a`lSmabl_=;qyM~3ab|vzj93d``YMMG2&M7I6vo`lX}Tknx|k7X?LJA6`s)Un zhInQJ-CCX4C@iFoh46#(#Y{;iDEvIM*RzWhNBZgbmJ|~b?3R3!y)0^U2=;|c>JHD^ z$3nI>Ajfvyv91Q>xXnV5=T@x+hUM-u@ofabso}nTy8iOre1_BR`|97Dv!90DHsmz- zkz``^?zu2vr|dUdgT~r$PTN=yNSF*-r)|h0#hYsbepPF|Yz#@9t_$kq6vr~dqru4u zOhD@btJh9Xdwnp(x`6s*T*dt9zFQX(&Yy@>auK;FXhQa_0jxV{N#n^HKzL#|Tb)5) zj^7%vdW~AQ{%UQKD`TQCjIDuB?O4gpVZXgLH0C6ph>#J@lXq(aWa+0myUw&>KxbGu z*5dTWaTDTiT_{KE2u?Ej4colX5P^+~xej%D@6L|er&vl!dal7uV*ER`y*D-Hf;Y9j zPHhc%5-$n1zm5>@K~-RQ}g?x7t!K$?j_k z>#Ajp@azi3kCy(jI*G1++I|Vc@k?+nN$IA)St^eQZ@eHdu+r8C-7eYWn=Rqq1I?@A zKx_26jo#oCOnoxsMT9V2Va3e@x7w6tM#kOf&gNy zudI*Hs+x+A(aMU74+vbQ))S&T?;+RkCYDixCUzjJuA~7}?`1&^z|Ba)d!hp^vqT6* z;(K631#+cjH_&xj!wJRvf>(Jp58#v;4z)0?B<_toy*Fh+<2>jbW62!Kg}K=}X|Fzc zc&jEMh0lJnbs%0cSuX;>jJDw&*WifOoKje7M`1nZ zbi}iR}%*{?1!?O5XbP}(Xr3t zM3IV5fvRKKu;@j{GbsJ zSa^ew7dtsHg@%gXNkL=P4W47-^iS;^%GU5iSlNvN=sKA#M}%DEmgLT4rMj7I$x2Z2 z_arNUG%J9!A-OMDayN2c;KWvBO=#{uWKCdl6S6K8Ix$@nhTeXx1IO$=)`1e*c&rI8 zyz5vKXn4!9CeVz6%lnNrfvTN>-fY|xJh3xa6PUZrSQFS$XH5VZ`tt^3O`!4J#Y%v) zTZ@&zsGWc~(p3A3wLn>C_AA0sn*r=7)`Z|~CkPt-BaK68JjTH3Y$M_Yy?w*er_kG2 zCn422v?a(~`kANKGhB-o8v|!g0F9A7U@RXKd6P=%;hrL-@3UwpY*N8i}GgI_ffYhXND&gOh~sP|#^dBHdH*%cJGm*|$h+~}xVLJ{qVsN}TPhc{{a z5=82-MOz{ksqNdZlWr=FWj3eU+b zUOMPs7B8-mlCEWCN`}44O4QW5Xl_-X&5}b|iQ0}YS&8z#8(E1e(#1(Rtd*z{cOENI znRQQdxwK4;tjic&xWS-dC$SO`l}D8r61L)2s3i$z`Gi^MSo{ z=;DGMw=U8#xlX~Wc6p0?ws%Q7pTqf#9xkZdhg9zO)jsOPkJ|awnY7h$paysi&es39mk65%1>+^5HT0A zbzmCrur;7Kj$v!S(MKI?z%VBrYXEUQ!PW;PgxzXzjQ`ha^)s$ttAVl2Qma8wXB@&{ zy&8;wuh(jT!be1_!D7cO)w|vrFvO|NY5*+1uGIh>bylkvKSEgzp5w^18VE7Co)6b* zpnUhO6`@2uw@4q6Ru_uZGr3Hz(>bo2)7Jgd=<1fQx_q7^6dfyTA&X3Tlq#EJDzEw0 zrhwhO%HyVMW=tw8z{oeKtN<`#PPrdQa=URqz^X1an(n5Ht|4VDw4@njJs4y}Sqs7n zdWBDxRn!U}M#y}!R=>i=leIvuyDkR$oH@AX&FflNX3Qq{0xQ_(tU&8t9XhHQUnO zPflZ=YmaV>FLvknJC*9Uo7pFtypN4F6#3&?aAb{MtqPQTD!R9uh^&*-KL;7b^VA=&NFeB9m^tLUFMdSO8v<6B~afjG}W@6~K7 z|C4G3?0+H#!~KQ-;CvtP_-_Y0&z@)Ef9&q;ezX654L-`m|4^e(UIF(K{)4ywp{O23 z!T#NfY%{SunFW4%(LE6R|LaBfs2r4^T|zcCk~cDYL34_*0M`hQf=mY9N4SMlZGl{Y zRY>nQxY11U8_sHfY?sJsLDmkB9G|tm3-aPO`0<`OEXa z!R;kjYS$|DeYDh`RqBUmseP-|?hY068$H9V_*cVbZ}>-q=`-l<{4II$B6;w~2gyJG zv!=~ocE!_?`*cq{oj%C)NCQ7<9A$x@*vxZ)*E#{tbGFIQ}?5WFgIpxnms$ewBlHZSXP+JWSo&95B5`Ckv*RQ=wh& zXDhUGDzw^fvK3l66^uJ4+?iREWh(6uyxlsGQ$DNE3sy{}R%GU+z6nL5-fi07+Jk3zF!ptW~&78!>S-KBP58O zRY73-ND!DR7I#M3E6Z9u*O;|Ra%T=~M2QzpD#%zey1iN=0DSV`|AwaTaqXSZ4~$ek z_*?RCSb;Iy!RPklhgt}@>Vtq`YY)%Ff-iI~SJ~+|&l*EZ+1cCuap&;I-5)AwI$5cQ zY#Un55e@u>bq*I#S&9*rrFMgwNwcMNCRuDhtLL0?Asf~~2o|Eddaw?&utXsn7At9x z?XdM}?UL2be@k{LQwLtr@T*Kkwq}Y@1x*>Y+2s(6Ew{H_s80#%!{qlo>W}SeRwa78 z?brN2q9y?_^)r>+)~Jpu%w0*Zg8eMtO{+m4!F4fPa9XkgYTNC*eHA1Xy@V$=^4EBy z%6o?VQKcdkN0p(jG^$*);;8C6Iit#DsGreMr4mjzZK@iEWk6*|HHKNvs2Viv_VuVT z#G+9Z8@}98w1B$GsEV4^M%C1bkE$q>H>zC1>84FpJ*omw$x)4B79Uj$ z4ZD3cssdtURFTXO=@@Z{+C4scIegvdwi>7Gut%IM{4#Wie$HTabUV4aKzhcsKe$ZFF|{;XFCP4utuGec0QO=rE~qWnVyl#BTrR(OZU*APUw0n-j2k84 z5w6eZ^k$jLbEn`KKlo(huQ-hlk9a;9(be@bZ$CPR@M^xK=%RZj`!m9veFjk9#Ipqn85`Djd@ z-u`FxQ%HTrEYfrxOU3^DmXa&M8T}Udm2jG3A zs}6k~^Ju^70=Xo_Ak1b?c!zopg?pxo~nG0-k-ekEF3DhGn+HW4Vf zfzWbr^%8MXu|ceLdk6+MXd%s6hHp+VkXNt{h}p?h!0-nqw>QeCv-j2jOB^Co_tAEC zys0I0OXBznA+H+UhkWGdG4{P6sAps@qPo;t2wzREC%DZ+Qwx-QJDFb4tym=626*t0 zA}tZX<>T?~oFW4uVm9noVu4AGX^!bH zIiK$s(eGqL@AwkZ9Fv=|5;9ecye)LFy^w1h|#E`@e z3+*UM%MS>)e}R(+N;i%GP9M`Lc#~w(=Lv%2PdKo(S!OsLIrS|;%HG?n3*nbx%Kuk7 zpC#Kn4<9E8t)I?6Pte!N@`1=+z=?@&a94^VX)nZ)R-|`*MoahyL7J@J&vK-n-7ar# zm&sywJ0HWjC3gVYT(-wWef$DUag1)yA;giC0hhKRKBsrG9VB{Cci*w{kEXa0k8}`_ zrOXy1$fN0d*cO>Bau~wKM~a0m-)|Qvp3LS*SPwwVIAE4%0VJ7CNdAHud9@tVl1RU< z0cw6nyvsQzhyN z4LQ(^In{a~l6s&nUB_gJMKy$&u~ZtmDLZI2>orcXAlEEX!~%*8L%F9>hmJNED@mR1 zgSsP5zwT|+o0MsGrkkTh0R+T_)Cnh?ogfvgL58FkZ3Q0@ZKog?<|Ag47ziS_0VL(} zIl@4sa}4LTNSHzb2kBy;DdQj`l(1L%=UdXM0geDy4)~&Pi1*^W& zJ>3e8ZkM85drjQ<{`5_X^DI*8%DIz4 zW?1*{mA*MUQ)=zbm&4@06Vt8m2#3&<8goPBl;F_wjOEUk=j%dLSM9__LUi~0bs+|> z6&ecsurBoaDS7Jft%n}49jyqDk15|Yd*G?#ZWD)28+#-H@E&k$p&N z**jm(@2w@dr)hROJp+EcBKR;HIzf+2BNwF_32`9uF*Q%rs=+MJp4oaU$Ct!RLutu| zswxv=k+5gzkO~uVs6j%h!ySR8$h~J#?A~al&)Mjp zAIW{-cgR%1a)Uz;Xs?Wkpr1#QqMbixy--EnQzNS(sVNKSVikm5v`C>*iL)WmycijA zaAzS`7MsVnpk`;$lSTeM@|(3T`r+xEIt*4mfl1vXFhuk$YM@m!H3hyuIRNZX%uZ47SVQ0i6QM) z3L2m*v{0FmC_}XJ{Ju!rySqN0fuLc+{sQbJFAibJ!!h~o6*d}J3a@4(P9;fODxA74 z7%9+)_DsA5d{8RjJW5h|CIC)A_ zB>v64LsIB}W3!PE?4!(c(!?T@(XV3Ny4i5GXo|COd6~^5&2ve`X{SW{>rLNPK zJHq>`6TmyfSG_N5;i|v{h<^3E#iL}whs?AGC)|ije5ospJ-u`^ zAAjgdkm9`g-YAnK;&=}RA3ig**n+;^8)X_Nr?r>8ry^l@pszoDe>mhK!}^Jb103e~ zTw@1wM=_i!-ia083l^`%iXQ}v|2bCtFj%}7EB-uKydNw6eXw{lR{V!x@#9!=I1Yv= z*^ZW{1EnnG>7M(bhnqaT*J{MJcfMR+UIt4y+Z{OkSYaXK zg++&ZFbRs2u>BwwEdx#C%*?eL9{+BXCSeA6bEd%Rzk+#p!yHhn>vHOgEFWfpH(4H# z<-&gslNRV6L(#4O{T?|1f) zP9Vf!stS!Lo#&wRK1zQdDtprW2?sLjLwhg&;KN2czCFZOi%VWL z{ny*u$EsZNZ*b5%e29eAw6i)nu`8aoDg5yEXM#)L9^$J5*MF^=M-71eUO^RhVKvd9 za}WECvyL!nW167fylL;ZkJ~@OADlc=mWerV_%y=y`JD7DKG2;^$*2Z>$F|=v09pyv zc?4n~iCU*Hc_hbo*atvExVpM~V(3PgyrC;_WLr<9_0>l6WYFSty1X42o;F%9`>&FH zrhVme3Ft-{n-GRoYB6&)!uH>LTcm0?H#nzflOO4AvF1v8JZzJ!pLz?mKIyVE zS@wptP6ua&2$Vo7JslpibcBF3A0AS72XQ7{Jg#8HgAyr@ivi)+Y^3uk9cWdC z$SO%-LDnt1IxpWor4%{8elvvH@>3z%gG#~Ykv>n zN5|<6ZEi}m-1v#|qvIwrrYV{{X?Bq+b$<_sT*wh$srQS!1qn>}6M)_E18RPW_IvMo zywj(~@x6<MTA(G~n6^yhpwyAr{A+!h`=KQ$(BSYmOx zcr%(~YA!c7p;;$D9{OA_>n8gm8DJ87{=>hA9}4yFNe|v&5m(s1|4h!XQFD^?fZg11 z9amMaUL;bz6z)gH?fg*^a9*{sae56T5ZKCTLOYeln$QJSX(~W0bm@gdFENmCgN%4y z(@=??6DhbX9t--@dr1hS!swwjEUqs0=?>iio#CyMkcwG@XtCBDH_&Qch(~631 zZivA$j`9kK{QDxwc+LZXfa9!JFZA;T?e9=I>hBt=q@K|kuJndAAo83_RYmhR2*P%< zbeuj-J?k5TFzwrw<)GwvXj0{8rn0?vj`%)0Egv4BuI&J5z0LpnLiq}AZp7X2@<6PL;#XUE#`LM7MI-(JNee->)2Y`U+RZFuE;= z9l*ks!9S*Q*as)*3dS~&GHzfte7#*Y;pekh$tN@*Wt_r-@Rjl?oxwtl5d1POVnO&J z*D$XUf?vi-EC}Cm4)Xw8^eN*sX2UP-EQU4+|1z#(`S5KQF}EKCzl^V#4L{7Eu8){% zh2WQQ6SLu$a}E1f+TZ8a-j7#irfVQ}WgPQ^g4!o1n;T&l7^!VW>r0}AE9X)SAgMBGKatvb6qB|0 z;dGgH?x@MH&EzUfNq9t>l$e6i(pBb z$;Pl1uvf>bgQbNf+pZrlU>DVgUS!%2ShS1kgEdY4fQh@PJ~+(O57@km>VwTp{eTg? zsQ&kM{j5baT3ylq2fKd2OdbUw$B(3v=|I44UI<{<1`sf$=Kx@vi(S2$wXEk1Aw-Nrt{o5*VVT7yt)vnrf$F(pI4Wi1sv85Smz4?IJ_G$*B1hCm^Wa*F9hIl zZ@{2m2*6?AfQ7#Z04(6_R8RjNqEq^D5ZyQkrdGbzPnsE&^nfp$xk{RQ*_y$krBXN0Y;Zn}>D*>qb zgoOn|?}r2CTh+Aw8-Wq9iwdKau4sKJ55pLptm^zV7eG za$z_oNL3^IHwYtUNz7K~CnaIT2L(_{!cca+ASMwQ0i#^7dbTe(#^$^W%AHACFdp*X z-9wWYl@7#r56R!@XH|nek*=H?-zTO9rBJZSD~~9re5eKG9VOd&)hyKx)!I8C?8tbO zWB(f>0Lk(`jDRGy9wr#HrfJ*kijV)pcSOm9V>DYRYpc%L4 zPhbmw3j1HW9DkTU<@c9&Pe<^(pD)>B$g`%8dSqThP!>dVl~A4_b}h1th_X)_|B0|o z+sntv?(Sp9!lV~XCp!ll!;p1YgO}`|0skra@r9g9aFpHM-P_yWKRAFP&2N{dA(cQx z4+-oO8QlDGa)Jw3T$Vi;gJmU5wD&lX4vWEZ8YbgLWi?DOPs@zuDrNlnkJx`BN}{y* zYWY8q>VxP1v%_b5JBK?vd%xM)-QRh3@Xh|e%6L|-qpwn2P7rs+8hvtYxtIJOh{P~T zI4>81e@vzm?JDL)+F=A>DaHjfM0>Exk~ghzFt~*e<6~S9y1k}9%Q5@k=r}DZmWaR{ z;X)R4<7VdxJYxCc5$*vaF~#2AcRR=o!VkrZ@$BYq&e1(M;tw31{sXsg=_=AZy-G)P zf#?>2G?8iw{#h?ugQRnNeg%)a)5$oUB9z6aea8>z29fBl5$=NhLhs`$Q62tA=Wx@2 zH?F3itF+vkE3R&e$4dmOK#(3>qhZ%q;|0rWjE$lf{ShqBnVu0AI3*sw*xvF`cOH@-XTXb?V4g>O=fEb{6) z`2`B^X7=Y7S6K6@R2m@}0M#O4>8gUXm1j-Z>%W62j^y_k_^d8z)XfD7Y=rBITB+kO z6_S16m0WKi^oNe|LHBv>@Pxs_aHvN=TzCF?`kxdjio9rVI3^{H)`t<&36Kznzwk1> zrb$TuEa~J;#4hjx7yH=xj3eh0*+0ZrJGPHAWg-BrX%i_Srw;N9{gNL^jSMw2lay#m z9Ac!~$139O^|2r<{h=h64nYqCX1?y^1{5HERASEO&E{f%?`X2DU0gs%So{l(1)}A` zEfJ%QrAb~2rNKuqE-In|L1Asfnv~9EtUd_p{k`ufFcoNJq0EIq706yxSe0t5|De@L-aScu4kT5|a{ zE$O$o#{PnLH_-H@K&N$=76Z8;z{Pqw84txl$hNyELksly|6%g4zEh;sYzz&ykmD!W zcHrWKgdlUQ2v(Yn=dFy{2T^@KdH-JF8tvTHeeNN?(j~~u5{nRl9FE;Au~lS}46YYi zUorJ`utf^|C}$;k%V2!u9_}w4cL->KaQM`1z~NH&6)ILellWHt>ro)*{O>-F{<$Ls z=l=%>`~La=J_43}JOBF{TtMQ5GAF!(hKCcg&CQbcf9M2bi2RetRaJEi9-et?eeXg?v$=W<4E_Z%I(?RdqI*uk^L;J zH=BGWNO!gJi`rz9gDr+Pyx(@{6KUPb_#WKg2l?0E#5j0OvOz8d7t+;~4R>>@Sd|#~ zp7yC|!`Y0gCd^TtyLCl*YeT9_TN6j^LalfBN`&VgiQT9B(t2&}70tdg32i*dKn85G z8%%;NtYXfHW;c_1Fte|MRYo=s4=KZ;k4;$?qp! zW6f;N$Ocaf<@Ft+ls~D{{&D*k?g5PyZ1-$sG7Er?2`;xS_RMs)EQUcy{W$>S>;G`a*nf`u|Bn5C_xZDL z`v2G94Q)4J^SeFzboO&E4gd@kAv2I;LcqL`L1x+9o@@5UDG>#8rK-XL?b%V2KNOhx z5hqxjVkLk0HJbT1Hb`*czuxVbBJko$d?*vg>Q*;Byy9^1WjaO9k1K>9yMkc^#xdlN zqG($(%?X)DOm+>Klt-D;KEvF<5NKZBa-d#$I;bprT8%f?aNpMK5dLuBrXX(gVFSQQ z=1NVnMDSIZV$iF}wpsNf>=Mp-Dzo5YHX9-i8RvjXzaY|*Vl1?iA%M6r4M*-F?qLoa zKOvGA1%DZnAjBu$%4CX>p)?`zmY{=Bgqnj7OL0@p)|=WXg|ZbE?>;iVn)X7;@2p;l zHk?d#uxCq5ikp^A%0LygQ>45Ne{OW!1_Ke3&b8257zleh_ZclC3Db1;xkRVMHkSHI zElLuYM)%`nPNx*HkNAI#7(d{C#-O;bgI4Y6v_Y}u>M#K!N*beJniNsVgZ)$^tF4bB zZWnxu$fMvw27V|;L67wDF)ndfTop=jWzm?zM^OTrDnqNnY!dS1=9k~oguw{r^AJ*AWFr3)^79|O!{G-+=%dp@E-e$9c=esAu~d(dx-FzacA+kh?aE{1`l`@Kr%`t3byHukePB( z;&LM0TQH2Ly51!trZ|_p6l;l)q>}ouvc}MJb%11BELu+ybCedZr(?LL&T-m~By;nb z$dF7d6<0^xD`y%TT0Y^AC6;l+?U!-H6suda5AIYqH}F${NMMbn#N_Ms8=Ve0(EkOlGQoAfp;c?3iG$w?eZZ!ec4~E z0^Yr01KG*IdEy!pi~19U>P1jyB(TEWJZK7L$=uCR!p=vx7YQ=)VPUGEcXhfAP>cwu zk2Vw~k7|Qsq^vWtG?=+n5)$5?l>UcMBt@Ko6YjwjC;vTWCTTH~JFJyj2v@=aTUSz*S$>*Eb2LD!QKf_`fnTX%)%~o% z&QbRQjf=%Oluksexk4uhk)C&z)>@IHlF8J>YOh>cN=q$QY?j4gfuVDbjzk*2mR$C7 zTTEp&AEjnyZyNhwwO-<|rbDTnFzT<6saFYGy8RWSA()JG3}P^harzznTx1H#Xr4B2ibL0+xX*2* zX2KRs9*hA4WR>W@GdScbLd@$3m5w_L(+hZKg1u-J(pl(luJD`Y!`|5u(~AQA^L#)c zQQVMQ&L=oB#|h#=@>&)sW=FI~*(OefFz#W7^m#Qnt#v^|CM4GLgV#s=-JCt`<>*G2 zNGAs+4u=-BLUqngcNx1o!j14>j;bwPgyRV&4JZp-ULt@y!Q=q)?`R*>CtUlP1#B-z z|G7resL2h^1Bu?RX0wkV+&np(!MZv_z;7J0C?P}Zt;40|XnKakYUo( zae|{fHB0D{mUCn+ldc30$pV;&^E_fGy7GgK+?>@ms}kd82t^yV zH)>K*28nk<$0kh@8h8DbwZ8A=sB?y+Btmuv7}+YrXJcgsDo3TG)}|>g$KntGdyUDI zQVBr-iG2p`ICwFlJEXWf4YL1N8Er>JDC+UO$7ZY9Z^A(*fY#90LMiT7u&J@r-JmA|?u6UQqQWZKvH==|$NDhKLRHPvt9`Lu!9LUin4UQiv z8z50yt~Ve9waz3806@V>PSN?VduB+`6OdWH+qWcp{3L-IwO~d6EukZ_UlGV z^VfckQfP=EZbAy~=7g^}s1=BnIQKI1PPj~3lmJx-J0q9&bCf@ljcN}Kolja2gcucy z!tw(ceuV)tg0qGdRvHz=Lud>BsL4cG!8L|R36p-G+cKmDKZ8XM%`3%+ zetf%nR_H>Q=l^+M7r@BpDIWiAfA`rT`F|en;~v-{+(0S*)8XE?`(K4)cOL~}_rJC- zuMxgYcxdzN5`K1cxyz*U(OOK@lm!IMJlfyJwDPGE(Dp!#F$*w;+?L?e?eDM0W)lPQ(3AAHGUf3;11NOdH?PS-VKs&BqjR!2} zr`1k&{ZZ?j??ICTFZRl6C%gUxOt!SyY!Ar%*uoZc5DaD&YRhUTyZ(fHE%+{m@8%MM z>^`&F$*wC7tDWrnW3{7JI_}S^>)1SD>*@GARX|u*jgPCME4$MmO! z-8Q!wyFc0W$Fx)4${K0TqFZ+T$+S~!3ym~m_b0pln09ikoH5AmbE`ku^~Y_;*fCuY zrG8oMWY-_lP8lO*ZhKZcf%S)jBCl>nv|6^>8BtIk&hD}eS4SO|hTaAqu+j2|kB}ZF3`Kd4F#--v|)zxRWoP+h&H4~_7yI|x95W?U5HoHG}4&fysEPiwgN<3 zP|#|^18qPpL?D+r_m8&IxR@-@;DI~8>miErt(pKGb#=XZn?*K&s;JZivmenV_4ZW8 z1?-5c-1mT;V>wt4w>J5*6_9f}mHj@##cH}&UA;-m98tN|9$%>Lz>lkXyJ7Q0WfXYDnRfY- zw4_OST#V2TnlQ>EqhxrG@67dQt@LyL+zs%6W9KN}bbr>po%Z-9bEM;nxjb7(v6fS=Q->D}+Li?zckn zoYL)3>Scd+@cNv-#5U2@Y$16#obZj+{_JJC>|9^%(k|+*ec9)Gs`-+zgq;WK#; zm9L;Sr`8xp2yg5dS$j#eAw}XNx<(2TgX+{^VG|)!Nns;MLwF&130u^h^9m);d{arZ z1vvpJukfGf!Y6M?Bb_iBjXB?q*+-%cDs8657e4zl!4L!7X2J#{%~xy;0woM5g&2@t z_bFvAVdi8t0h6XHZgCb8!N#FVV-djXSW%+QpU4cN3kbWWy7vf~*GbRi984Frd5T`^ zx6wt&P`|+Z62(T1J(eQGB;rJK?fKyW^39bUci$jW*wkxWSj6nihp%T%&=3=CL(LuD zp^5zgNXt3KB4cbw7`4PiTT{fN1O=(-l2}J$;@mW7rfiN$rm%4}Yim=f6^aMxMLvNm zS!|+6pwlEL)QJQZ&Yf62-=xCXw+)PKv~O<$QVi9F`;-r?u{MY2aEMG91dJI1(m4`OnJdBnv~ z7ly@UWBc|qm4X;V$QV>rp)tGiLNH$>Yaq%Zr*8(y@qwN1xPg@Gh$}=fSPcFDk9&~$wiu}4>#~V?#_pV2aq`;^EciL4uZ-);0Y zfO=Y+xeHEVEDj_Pf>6Eh6;&OJQix(Wh#=+{cDK?DZ#ihd z=~41Mb)V0WDIS@!K}&p1=u_)KebDQ-&v4V>xIyI2VD7h)*8vKi0PO}*C9*jTa_24$ z23_?>00o40qnWI8u&X|>f@#XYI3wqM1HQmDIR~isu?i-1fL$Zd<18|HeddUG)al$-)@+Fy;f;}m?kQagP)Pnu}gCv<=N%7M#p)JFbRl_;Ksdy1sq;K zw9pdSIB?)KnZ=3BDeD9X)`h?s2(K27LtadH2Zsp7-7;b)LV@|!;t}o;<{|~#_Q${l zChbP~h3cn`S{FsEIq5>t4x=Sv8YiDeG`=&5pb*Ov*6VaWO|OK53MY`qgLI0h;D~)pvISd5 zxUNv-Z4SlC4ack5Mu^P+1{+?o zn6V~OxGN5Y!$m;qf<4T)*Q-+?w*SAc*e`@x!T$eXe|N`^|FW~Q|84)j`lyz#8IAvv zPH~O}`SnyJ7FDrew7mD!?1WQon$R%*KF@3f&644Rc#%wIOI$nh>$*>Pdx!+wb}4&f z7(8)XHx2=vj1!hZ;O! zdPimUc6b%t)gfPMY(s}?d0RQW&TP_Hi@_!?@QU_tI!Uv~TK+!B=djGC%V(?%0L5Qs zTZR!tb_#1p7DFbxMe)(m*t&Tcs}n^%xNQmS zcr;qU3gI3Eiw3qtti9y_hg}o(Hk6s((U?KTKvrZ=lQWsB_z5!I2HC&h`*H zqrmvfaV|~u=EB<^D5CiNudqpQQnurKHW-RBF_Z`w07=SgJl{&%6!7)`=4`yY`l|Ln zWd7dS&Dj5*eT)BS57RI9T_0qz{ZEZPolV?}{ZEAcCyThW+?6-{an;5DmubJ<<%568 z-Ui;>p8;?}bNew)a>X46oJ>*tZ9XKl4x`i&Gh?JT4&vNPWyM222R2}ApCA(ptR8Qg zbzE(4y>7MNwjLv-=Jz{0j}f;QF`ZNb9N2IYE{ur4^87q>5G_%h%x{t#nNH$5rSyN3 z#Wfp|$y13=)i~1mHBzQit{^0z9n(XRp~tr8_?_twy0El$J4k}iIws>r2LYrTeQb+h zrzFJ+d3)Xt1=s#noHiEsb$6}4QtA*s3#AN@pRT`%RKH)4--k{Rb*TL42x0Sg)@)HW z>NjUUl^>wJwUAb4oj{&OBoTSZqBv@OnQg-2LPU8~_wN-|9MONCPe5yt%;zSZz=)K< zL|YPj#P#MQh#{(!@58~p_JK2GEjfufj5d_(sU-3ui4$irr;I60#3`3oB+7T?*_vHZ z(q~#AdMu_9hUuy@=x{AWM;8~$AOSAVmy#M)+|7k_BjYHUgL%(ep0Ll?!q=LTA{!yu zMK8py%Q6|mg}m22!SNbwm5_=uQ8>EO@77v9WTc~uLgX2%%9iip_iOc#tZTpfG}^lv zv5frP&1mn_2<~>**GQ69Vg|ga?R9G0r%r9}O${s9*%^A+E06yVYvFH?5N?GhpC>mv>*@B~H8U^e zCW{h`vb?#F(US6eM3WN7)(wdFUJpKI$Q)(d;ra= zGc_aT`Tcp>Xf?VRBAL$hqze~5DN^A-w@TO6+YyXsSCnKP=}DcAiN)Z%1%ladHcZ+T zPo}hy91&;6l_X|Ex>oWU-lC0Da3sc#Z(}xFxUzi44u9pxZM{7LMn(CT_#KM(pwsB` zsQ4WyzqakJw_yO*^AyV&vV37Buo4H~P*(XUdvzO_D#&9=mO?sy5NU%u@Nueu`FdLi zV6G>-Fo;^~cub%0fw1+!WAFdd@fK+G@p z!j#90HgOmfncYro8btQhMulNnZ@(ZrN1~XV_EMFvjdds7p2+Qr(TX63k*-bltpf7v zZ5F&VYwifq)>IEtv>V=4G&v-}3~QyA#`Sg&azw5W0|ud~^d<4R?A~uvTp@xj+W+aZ0Wlk9E@U$1oHuKg=KwM&mJzH|!3w zzxPo7rSPpXDC_pNssAwf*MCiR4@3nU25O&wsh?XKLA-tO~2tg}c$V!-f_98K0 zxAm|Dx>??0hug~vp(>U%iCaa4%52azLar4oON`)?iU^h2R%?Xxd7EwW3SwbBtcXyV z-EjmV$BJcP;C-!#P?RDh)^YcNFr2l1g}W58bX!yq4{{Zxs=$qz_d%R5nOe zM5vNJRD3#Y@X+5XB2-Bq3ZM1rro&$Zm!t=?Jgt&S?BGT`p?V3kr{pXwRRy zeYZ*HOeF)dubh_OTz_%vg^oTl)m1diF5HJj)bl(b_HjinsP_CVIrp9|bZ~w_J{PC> zVM8u(jzmpfw+-QRi;xo(#Vm?=?pPZF2#46fm}{g1`~N7Sh>t7c8ue#+AS>+PqfJqE z9}+(SfX=KuG!cw~8`LPk6LJweoxOh#tG9^b9^=%4eP*-;5yqBg z!T7@fR%&#?k67%DI&UDO@H!Mu)9t&z)63Kq$zK$=>0B?OT@kHV-0{#ZVp$Lr1y@MK zZaPlkNucu?2r#VXmGaTb!0tib_9o;c)==(Y&8eLFDZ-<(bC}y@tyD&LO2JlW0LV+= zOk9dt^k+)K1i+VdX9~9TQg~Deo;sP&u2p{un#|wXM4DR4i>nYd6zsieoSEEiMK>!M zxE;ji0n#p9Z))W1G&1nI!s*9Oo6sST9~VD8s@bhV1|l&H4W}Bwu(T_$>t`B3*kQ4D ziO5W!5SN>s8A!Y;-x(MEJUu=HUWo&U1VlFuE|ldp@k|4MqLBYGz%VU#pOn}Mgc%l7 zxKPW^v;i8O!q0=^G8fRs)la2!LN@BD*AZ!3Z@s7m7d(K(djFP3Yn6t&h{$ zXZX1P&x=j`RSe+&%Nxn@{}?VIZ|}noq#*v&v;BR#|9!ZBuzzrP@a*t6JG%!52jAj9 zeHG5k^Z$51dn!DKA!4==n{GUtev)6IQquaiwYZy(=`XPgo*_z<<1TV>@$vI){t@mX zSCjMkXnyzf`tE8*$rWv0W(# zRfi6=E&r0XfR`I5ldJScIvdy$E)h>YY(2(f()n{ezMS6u0kzkiG{erU*I>n>&Gr=LRA|B7=dUW#_(UNLV4ly~?Y++<6%E|uT zmaf*EE@wX`m!qpi3P?Y*i_j9_5;)sfTw{k$A@1RWCD9PtmyDB8DRdG~m}#hxej-Vc zXi`YL8Bzvq`I4~XuqqT7MV&TzyiNZ6iG?cj|M~3VF8T2VHIJF|1i2Q4dcM821tS%` zeZmJLJx2I+y1k`lK4mH(kWXZ%&}y)}=ufgu@aQJy@Nu%B7P0Ba6?}%Ex=e!}XcD-Q z2zm0S+u1VRUWi->p@LfvBS>>AOzJ?Vwzqg3sVaS8Zz|xo1!+V0etevK^6(`#BH>}m zzeqj?aNqt2m;%uz7!fHScJ%|7s-K8@i0KpP{T9Wm64WDp3XK(akGKucDX_69L$dZs zH@&$UjVUqPHbv@qBF1t1;p61r|4M;a|NSvKifa6lb|lMf^~=I=8&L5WF{9xd59nOF zKRc!0D346%xFdpS`z%ahQr?nx!$88>bS#jD#DCJpkH4dv)Flq?VKKSn4Qj)XTeL`| zo?OZ)vUox{Ek~2-Vw>JRmaQ^3Z=fFtG0QlDYnTEj{DjM*3mZTcK}CQgIUr6iw)rO{ zGne|y?%%kKKMbH9fmN@83zMAqfM*^{EAHx(fqjwe*;4#TQtYARcQM26eA2H z+!~vLTSOIv=;aJ23S*FA>!D&vfzRL3$?!Z_a6Z@sGmjZoh!Pq;!!BZMiSQXBZHhF)?DqGUuH243513F(TA^P}tZYCx{9%y{5CT2LP5h&0S8&L%?* z`JE#CBp%kr?XTIL+h6^(GJi#0nZIs5M$0j{Kj*$+b?nI>7c*dhi*nX3aqBVGA*>o| zRDt$lb~_(qqVhm(3)S#Rj~{Mx*`qrsW!p>zOszEe-HT*8x#9@~I?}qtvZy}?3*n;d zww8Cl-@-mawWy$AgauKUN6P^aDAJ<-RkY{-`HlGdKV&S$mD>KRA!PFHm;2cL6~_PF z*?E@n|9}21|IgRqEu{s@4Upw7uQ&lq?B3xHl+mw)(6?5;Dg~nRpSE1H&x`wz00rki zJG;Ak{`t@T-p;r9-(Q0fGV@<<^Ki1m$yIQoBlZN?9$OMYzI~z|eG?B~W3YaKHvIYD z6=`0e^&u6>E$*}5Ln^@h`TzXc0nh(uhtKwQ4tI9;==}Ha@Z0(CFEH9!kZ%0X!06Mh z=6eYRs!{>UHWE5+f(w#>e^ELgpbDZzf(z9tS6;z35oxcQ*)oC?nHYx7BGEkL{@>p_PBApgBJe%^MNV zOeW|?-WEFQqzps*dx^AoHZM4Hj(UMGZ#QEM9&_)C zadxbH4ofdMAZ)3CfKd*QHS4o>lE-FAM+WZ;a=yd*#P}xNk_5V^>SOHG%mCNqvP}$e zC!tcT(659?j*-M#gkT)DI}|fh2Pg66UbbW|U(9Ye*b(!`1){^?TD4dnstCVqo0=(v zMvSn;bF7VhNY56I1FgZ+*%Nw@-*6zwDdDn=Vh!Q~q&E{Tg`r(@&^*Z z3knPO9+8x_-eB%`6AuR4U>e6nu3sZ2YW;G#Q;F0DO-QLaga|3;mvL_MThWszpD;X~ z&`lztOioB&Lm&44vWk+(jC}GIU>{M3&Ha}=0AG*EV?)h4fDD}K%S!8AXk-Hu1@nYs zs%JvaMrH}OK>twyQD=tm8!HN%oD1eLLX;1??RMYExtM_`sm!TdlRtzeIE7doU0h&) zx^M!9=3y-8_r9n%p0_V55zIi}r0Z<^iyz?8}M#A+wh5emQbd2}a2 zlU>MQij+t3_6o}sa&v?EAIV6IB1t;>DuzZybVjGIaSMS8+2JuGokz};w=&8u^8LO$ z4W#fu4zlKXr4C6Dr7Q(o^JjQ*7W`q&w# z3`s%*W$&ES6!}ytWV0HGj8J4Q6a1m&p|foJ@{1O5%H`RmAp4y2U_9R^=BKQwDuh}I zX_=!b_)U_|0&+N{w(u7Du<%w~dFVs836`cRN@R|xMS(DhBI1m_|A~Ui~UN*jqc4LzORb= zOVo;P!$W2BMo$LurCIw?M5(8-EH!+gru>1+8=g>oXJA4FekDV~SA~=|W@3V?IN&l` zcx--^tDQG&wCCe^z(`%rSJ#BDDtCX0iE|zZZXT7z<TViR86jxCO*lQ(QQ7LG7MF;>p-;}lJu zrjrWD$88A?w%-3`fA4QRJo>n*7_!d>#Wj8<48Yu~u4~GhtcB6%eQu}(q=+?GG^nWh z$_&SQ6U8Z!u=-K9sDz&85xul_8)t2#KhxKIp@sDN4V8!qTMsA?$Rr`J#baEFopQHb zR6u^jKA?RmPF!VW=bToR4E*iT&EjLR$4}pWNT;~j>FJAsTJ9sU%E6`k_KKMaMfO?0D$18;{|tclF1_Zkj^RP2iG7N*379y{OmNURQ*>mr;uira&8RDWTD{dCe?F503y1h3a288(@^J@)k`tnZkgDvNEKo{koI~n( zJ?L6GQUSt9Qr~&by|JVLQcb(yB>A0_ShXw1O(i-OqeIEhDxqQo=kP(8Pfv|Iu_ac2 z1aYxXb(%|PAfOLYrd{13@5%n&cSn>(jV$hvfXf6o#!!NeSBO;;Tr>E9Vk+IKU|Y%Y z_1Qda-Cm!kXaO>Gag&ZGxEmrEeTn6Mr6ENsf{A}8%!#V07?%#8=n9mSWaGkr3?`299ggB-JuUNG<~Vtg#9}B9=(IUMLtb>%5ux} z*v9nuZM&=F4j1?nJ#g5`##loQp{=A2ZB7aGlDP+?>!;PQ?t~N$;dxDG*sO!`YfLKf zQ=H0+;|*u_#Gt67czO>g!cb4fEVgEm+(8tV$>p5^7Cos>EZ-6a=E^aZ++#x7$MDf2 z!|J;}&UX&<88HYC;uFo!F$j9t61ut5BlCgi8e)GysN$v%L=n%nQeBbG>D`#x)SaZa9U*?N;T%_MAYl@hw~N@9r0&9|CI^X0X1s_xsZF*(7 zCsKiuydzF+$cy4Yyy1MXfd7vmsc zep3LL%XolQM{svIZC+|`as(_pp_|wGk>`m?Go1>v-?_q_9;#zK35lzb^q5Tftb;F^ zLxlY91IU(4;Uk%R`SRs4-r+C=Auff}q#y@@jeY=AR_l6&RK*vM#1eu2DMPwM>WBe`mUabQ8axrMVWtw|$o zR{`aHZ7H+l`c3KyPTT{2?jY)pT3^j1#fziS?Zq5-?cJ%{TFw?9=hLer#8L=WQ(GOd zuf5HoLkN4TQ-4+Kg8kYHnm>QRWx(dy;A}`wk*pEcDp;0>?cT6eJ8O6rn=a)$b;#^2 z9RAC%%o?6^aUb0lLxRl(O<&lerW96{Ph=nu=qeJ4j#t<-&5zIRB%={2-XJQqUg8f< zfTZcdA5;YKp>ry0=rEviWV}QCEHI0lp|-v%L1S*L1#xF%>u^D}&~!8^ygp#XeJ2h? zf?+Ii%v#W9{t;}+%A%N*oJuYaOID`Twe?pkRwfG?vfaLFw_j(RUQ4$Bx{2dV8T)cY zEM&A^k!E*A7`?a6e*M+(=$*o42oWTl?N@{-e46U*L5mZ($}F^Ec-X=56&-jI*&L;~ zB-zM)TF%AbAv+y+jg}N(nZ%8;8p*SrGHXWxCR*w!6)UVyM4r+m6>Qpo9Hf<0rd)v) zsTg@IL1gr`Nb&Gv5g1j&Sg~XKdoVA^zN`p>?Z3i<7ejYJON16Wqy#KQXj!phSDo?1 zI*B;wUx(syTS$ODNn15WGZ6HaEeX0CP-=-INh9EN$XFFgw1%>98-*lyA0Haa{_JB) zy9;_J73EN|__NS*34>Xmge5dQ{zH~v+}=ULdslv0%4Ye2=&zH-SdpCT$rL2Za3T8)laNvZD#M}o!kRSWaCdbT<`h+je5s+? z>h)`_{^>gwW-BqM1Sd$U8B}oA3QX#N>(!tjlE7@9_9UY^`cCmUN;-u`GPA)V+cdA2 z(0{Il0SU_`ZnW}(Bcnx-Tp__jYmgdR_CuR4e>ZH%$;G#S=@JNAp-@_aM(D~3rE&?e zfVchD>%x$x*Ra)S9K*Xz(n1frT%I}$v64zfhN50bCkE`Lfmqh|R&B6&LXb;q7KB^?-p=>)uwyF*TW;sb$$fgwwZnEy>_CmaY&oPL~6V2e}W zd??wHjxwA}KWCq63q+63zYN>Rh01V^lvH$Od|jroM6%Zxhi9;-7s?i88z6R3R1S@o zTT%|XI07=SC_B-e1w{>)K@ST@T-ssjpp z$s13yC0#@WFEhL76H6R?@-8hjfgJ{n7c1sJweonY4NOqTWv_2?rr62>;YSHPLFaeS ztcni*yxAkg&alzyci%aTgi&ZnF$iR7%+%o^E)kjsC{~~Es|Vr)&k-em*?oq1uDjlW zT^A_W@M@M0scWU;0%`)LGS<)!hYaZ&@ z*@U4`w*jWXcK5Gh2Ki?ZnS!CS2QzeP%|#5G4>Qt8{2}uW8Vva3X0LNvdxyXX{a5W{ zJ!E=D$4U-y!2GH`=)-1%vCf>9=Ty!%`Sk@GG3drtLM9od zB|>b%l~^ieo=~U`fQ5x`ajgzU&k4ojQZ>;Q1@&BPrSxMpg_;Xlfyw`KQXK;t)#|mr z>S)t}w1H-GhJvLw1$ZK+f* zmXW|Sa%1T=kwNjT>K30vi9E~Us&#B9(cR-D|JlG1S@X%eC} z91^%`hgu}Mh~gw5>HT6UUK{(3l%6!s4-ffUBgoYj$D#V>=a7GlowX% z+6xmrPuFvCs1JJmHe6lW$41?gJXYrh>u4`S6B)zLFJZ`{2#3|KGCwN%S*Ya@(JJ*1 z7aQ^>q!SiOrBOd@yN8g5iU1uwOb7wX7Bj+jYx5JP$*dz zqO0F*4b**@B22oCmxI$9bnAYjgBG0W5ymFO|HrA2xpd(I`UK=g1=41ua;9A^9twIR ztsosd2?U=CQq{cVaM^tuk<0+y#1xBED zb8~gqpVh7qt&~N~z&mYKoaB=XY)u%BZZWOa0vyjiqaoRjoo*6}d-r z!4;OdZBi%8O+Mw`sYp!ZrlST$bE5N#ZlCJ>IWP#}nOfMTu(XX#K6jqTd8{`uMG{xn zmK8xwdZe^P{W|sq2Vv}Ud30C5`iP8sS_Ky;=CNw#xonr+jdu^pL_zN~yDEMR*l8Jt ztWHPFy*s3>x6hYz1c_;%zJ*Rta|cO`t0iVil>U{79d$CHDO`emwJPnM2b725odcAw z7&!1+{ZTr?qlCdguY`NNL96sCC24^_T6c_dg0T|m{9W`1##8;V(p{API8J6D| zB4`I;6c(9LybxeHy^))FL1@d4(Vik0k9TX53{!Zf&5+ud!N!k7s9jd?C9(fOyq_7?C&JNjfg?%^GP2_4 zf+D%r`aOSu<+5QLi>0<3mX~isv_Kdag*sql|=+3>ZA;b{(leUdxe6cs7>31gYC~NUonsGCRw5 zW*)*;K$31THGg;36!bPnnLkvD_F)jW%( z8DtT2NyRE63vy`Kz4NpqT>N|8X@g1W_E7T#sYB={fRY|r#iTJTs3QDRO(D;{q_}>A zulc*`N^vdt!ccU8s@3YJjT&iE?r`K2B{U3~Nf;X!ZN6JgxPw!8&cXeF#|w8v;j`61 zGMc}O31`hK;^z3raHF2hdh2dRFUS?jUJ61Gd}>lo%6N11CcIL|y5!G;V87*9{DV{= zgu`7TEG?|p|8aYL!$C$7C;@gWL?%QC$0hv$jnv*qd388*5dKW<)^U?&9WwI#ad6gw zf?MkkdfB-bEjr`?86hiR1U9UO?3v)S>&~5cV~k_7H|*D5H!|CbSc9q(HLNOHlP=oY zKX!mK(^}XjS5zvbM@V4C()6)?L8QkOO&T@3?ANaIhgxHsixa+S+Jv%&4L8B7iLox0xv< zf!0VN9i1f(6Gk=PJmy>75X1@6C?gy$$zi??1yDU)G8vqibqbngU<>I4F7lLtC_df* zMX>&=LzK;p{lDQ!iTv+R-p|&fM1KDFXFJc3^BpPQ_Yd|D4iBCkBLDldz30z=lkBY5 zY`NNS)Bn$iIO`GdZvozRsiwblZ$d_9cx6?Nya6p99_D(oMUrJypq)&cSInH$_@*TgoBw zUA8n%5;(VX5zrUOWVRexGBXTK8Ub68%DyZU`lbrdchT0iTA6{a{(ti~r2}?;4d_P7FtB4_l?i0VI|M*HwfEl=el}6bN zd$y_?a#Kg;Sk7`Hml2qY5XC$_15C&Tbp&pi4cWuOhNF;hyQpGs%lcV-vdLUy2xUqR z&tc=y&1GI=V7!^YMU<~NQXCh45P`*-NN#mI{c(vxB=22ZH6lmRH}&Y7KSkdhYZ}`k z#Ts^d!a0&rOcsg{(j})I-U0?v4P)jx(pt|vlJJ_OYUXX6rPniYVH)o=1uT5jbf!k3 zY|tfpz{C0tyHy z2Y~uf1jvzT7CkL-W<8BbvS2>hm`n>6Hqy;zxL{G6^&B#&K8OEmUXq7HMcH@>N|ib? z8LzJ6P&V8Vvt$I{$Ecl2L>r@YreK)LnPN7D<*h7EYODL^>Z6KEPLK60$wD{X&b*6t zSvfhrZgg9XQ%+t_A&^;^e^-})nP+3B_0(!8f(s!fUC$= zTr@@~CUfa5ph0GXR}`f^EDIz|!b%`)dP;eul5k2{uceLjzY}HwWkA;{Jh1``Hv^T1 zQ&u;EEtqK2-GvJSf~sjP5?E`=m~+loXZZp%9fyZ=XgUWb6)CFM=8E;gJb|l%#aS$a zj8LX#X!Og}vxht=hUGxYVNk+(17lzZL{Ow#TBDoK+bR@&O=;qsl-MKmhb?7F4MiHFuuf$jhUX3&3;s5r)0KoqTp_oAiluSZE0Fv7}mF|xqiSFTDHuaQw=d3OQ3rQ9< zl)Ia^bT=nsre2?&r?FY+q_&F9L#I$+COYqfb5Z$Ayn5Gzd*LaUZmh0{r<}jCbbJOo;OseEedcjg)4<##ldzSC z4xA{|Pr+vL|AJY~uw^w&93qsJiw+>G&ua#`;>>oaCOD1zQFU&+a10~d@9cJ_sMDl1 zNuB4hY5J;(u>Pbi#IwCcl;q-?Wf-u~Q*wXk}!xxJ~eydf)T&vawX; zeJa-%sne|L>OBD1nc1uox`A+hHU&V|&ugGef;P1=qbbmI%ySk>>Z_3IKwWJC<;2Mt z8@YlgO{%7MCn-OZ8^EIqUGWcOY9lMZv)l-3B}n+71!O!)8!7`cU9e<2Hq?6b)YBqM zaF$Uiiwno54D4V|Vy@WY=9ddk2fvif{8rX7HQHu@Ka!ct^c#H9ybwrWX7Q-FLSuIjbz#9Y;DJ2|NYYg49laDk@8yYn&@2q(W01t163l;0X-?>sCtC2FiGkR254Y7jvMJ z%!MUmV!ALGcT7+hRt$*h!aBUi=taeJ$@;FFN6AX)r|0}pTv3!z@q<{#SOThSed$=W zYIW5--PT&Y^%ZNYTul;*71~!21QoOx*218eiYiFHcdSqyLRG#|4X?mCGVUaMmFOH! zm8d5n2=Y|t9jCgTrb&;0tzX(a=B1^v7r{Wj79r$>Y@^j8oXiNa)yXCz(zuwqxO^h& znj}O{dDQpP7a8Fy*1}AEFNqN#h!sSx%U0?lYu&JOLVVD1`Tw!^7Eo2S-x}{06BRMBl`s$y5ydW4>_7zrEJ{ErDZ2v$yBoW^8w0z$ zyHM=z`mYEne&bH)>=#Dw%pORZqI3bASh|dDJ>zr z`J1AyY2KWsdg5Oze>ETNNe-#9yOCmhUh;sCZ}(_Du4cqn~Zc< z+iI}%^@{%mmio>kwM_Yy9$i|Tt7;h%2792IVxU!`|4FWBGW;LN>dklk-wM&rY&~B- z!J(u93hSl;K05RENr}lHJxPvWJ*RZa#< z{wj#rO{#NRU;a>ERu-}3SG#MZm6z$-XzybQ*YjbI6!#tNSZe~2Tq{!rNvC}M`!7W3 zl)HZqkX#<=RQ`K)?OaZtHc1M0^0Y|OrKE3Zs9Ozb;{FSEZT`KE-g5hozTu$lrS_`_ zq^M~B(=^-0Dj_|Kj7TR%LM5breStQNwvgscto1@Hfm< zHy8t8%4un>LAC)g%|{siE~)+f1-&_*%7S)ItNMV-O)^q3|KcV0AWe>{zIULky$FfHbfhP3^PZsHxI)s*K*(6>A1wY1ExG_4K@NUsKT1 z)Kl8isaI(#Xd6l~mzbuO=9vlAijSURl(x3=MO@m&N~cPx^Ict_(!>&nlZ%(m{sK*2 zYf7JXc~Tbz)eu7WP4!AabzxGMT%8>V9=woVHI&eRr+krda&Bpgf}V*Vi0dz^8sb`o zG|edJ6xx3vD|wcB@bV87bvl**B#%_=k~@=W>8OYE|F+(!)l!zr!c?o>wWXMrtkOH+Lk=Onfy_Qq?>S>lXm~z%BGIsKdEaeME^xqOQH8K zYFY}tR29weyPgg8>e75ew!BhXQ?(33>(nWOf~uEPH))wvjSNc~c;U9*+mF`EpS5o^ znwMMul|OZa;r%~)-?d6qb{A>A?3#-P-)yZZ>&dUQ)~PD`Iw>jMbDcCdmEx-2K%{(! zvvw@h^J+=;Qhh7Z)bbSf9vu`-@5s4p$^^X(^u7jJn@DnNqt~{6{bUMy)Acgp1)6%A zQXii%`PfoY95i$B8ZySbD_5C8Nf+d47rByjL30<^Tu2eSWUI-Xldc)!nfxwW?MP|A ziZq!p1vNQA`A%VTWoJXR_)xxlM2JrapOOq#zGg0vsdzg%nAf3^ ziHMh~hCcbV!&=G7#59rAPUN>HN=bn=l&*=hp>(ZR#%oWf2!4gic&GhZVl51HzfI3; ziA6}`yWaN^t5bFJS1Y$tzSF{nyv@8kpbxt6r*?3Ts-rziM*3NwJaQuL`^{ zP+laQ)Nub@LH+9Cf1#m#>#(6ZqAcXP@Av(Cbx}_*sR~3=U-U0;@})FsD!EcoQ-*a* zf__dZ3WZ*gBp=m;48G>oK*2C5uYTk0Utx7}-!PuO7vd)6s9`nDYi*UUwEY+INw2|8 zijejOhZL_<)y{hDnOMzKoF>oIGq9@pMa>jzQljSNu&VN*I;JtNkfcW|>`EUXT;FSA zQ!E2;&(?lDtoFTJ`?_9#4ZPk|+jI54I#p>^-PV*ZE=y5-lN;d_1=tXLa``nNVSucG zSAA;JO@28kp;iS`_IyZp%Fs(nsf#Jr1Vu}EKT5G`q{$c^2MtlucF}+gPX2%Uoshck z|6~N^6%rV3=l?(GR@(3Xw69#Dvb_J(v9hCsePw&z1!`Zx!O^ke|Goe7e=rLSLM43> zp?d(YN=nLodD*aeUC+n}e|ax4ZvZuK<{1{n7kdKCt;0F3>(2wBVLo1db|GPYd`3#7 zy}|-~yPIo1MpQc7ylsPK>i3G8Hv~Q0oL6kCO_($B4UV5mQ~d!x8cTWmun^(Bczl~N zIGitZcMk|wzNjx;ofS-Sa%2H@pNDm(ImRBD0(HLJ(`F?$5un#XmmZqjrOE+_uNUy*E zZ}a8>-oC-Sk2$KM_FI^(Lc=`$f;`Pbg1vp^y~pMM^*_e`# zawabz|JP>FN%dh_)x=R`7`eiihj_a;Su3BCmk*tKM#)dDuOgazdWA$rnEQHq`^$$i zBFP}7pqi|fq{LazXZ-lwf*ac@)Wb5>)LYUksgqy9uJT^(dqcLv_$c2_?b^o8**u`T zGFQ~LlFNedN6^;1p;Pm=N-=r(S9uLG{7Z&!9>RyIR5n~ZBm8Sfs@$Tr;CVtB?~-Mt zYRG6dmy%~xK%fX(6Dr?64Clf%&%lNE4HEWJPx+S|5H~6j^ngzOrxOr0MP(S+YOnsB zxaz73PV>N+IDTM`EIL501hdl{*MG3MY44$*vHAw zH|Zg*Ms7{`4m=aOPK_vRP28QukbEdXU-^?)kn6jyRFQ!hO^>Em(lu%KK=W2k4R|k2 z3Psh|Cd5<2vCyO_cVH^NE2IumZwW%z2>n44?rEDAFVdFyH~y$6#gnS0=KBdr(=lq& znj$2VVam>>DhG95*)Pxglds`Q3ALsMQPuTSa+APmeON)Wf5y{XIVC}(pSFMI)}EoE zG+(|x>hdjEX#`H~V;X@|ODM@D-5*tVH<_RF;+5Iv%8`47zbB80`-emZ`j~t9sve)= z)%~76@?krhB>w6-6V>zIt-R!(BTGm6zA)6TRg(th);6lz-@-FgW3P<0x&W!MY|WK* z$3`7uflIoSY{8b>S$Ke7F!we3!{(|48Typb=UW)ND12#`R34ZI`}Wq{ZdHx0e3>OO z)JJZvo_q*f^?4_yqqHw_SB{X@$DHr>h4q!o@?X!rAZgg?=F-5)HR-0{Dia5(3Z9gW zq<^lw+g9Cv>z1@68Tq09dY~$Z$~WMt3tx&_%jXeXotiXP-*Qzq9T&3JS3bX$;_E7U zh-!VmfG^6Yc0^x%z2)<&=HVgA`&e30&?-{lK@>P;hlII0^;eH%Q<+wLd09b3fOl8V za9ZaGI%oZSL%JuwEk_TxGUheueu<;?{Ud{WN_kL!y(T$|mVEq`o}M;z8C!D!mpiYH zwiaKn06#ws-85aa)|VG$EHwqwBx|kz=s$JYOw}z)ssrkp-8&qwRi#_=T|v#eRHUaG z91!mBtE}v47xtu5uFekCkU2$Z=e0}PV^!tdo(sOg^gQT$Nsm;rBT{`+S9X+r1F@}D zRP~$DDy#Yh)P?o`rI;HWiu_-~|3U-|j{pDLU;RjS<}c&_ihKb?=ldTOD^#iUf8+n; z2>$1O$vs8i_dl3XP5lWFtt|@rnr}^SSzao~#(!nAsXdreu9WDGxc<$6PKm2Cij#Ym z%*E>B>W(RNMsh&?*9K}@zPV_P&J3^!QucuV%@|FIuNjyn-;mS9SNWzpJOfEvnsUkGv*af)QV-Bn24q53Z;7(ecU604`7dJw zt^G0Du}BI)@^DNw)2y5`){aWDi(!$$e9A(Y{>5hUR&%|B#ecwFJpj?JPe~&%O;%~< zvW<1eV4BrR?ZKB)DM>?T+FvurPCip5{u{%uG^3;O$xw9E=}FO1H6L0-AoK2#!QR%I z^=DNM+NK!)BoBPdZKPb;YK?f5>j+xySDKwutx}^s=1_+|DUPYf8OiI|+O40eyR3H- zBE>3@-jPJoT9DpU2^X0b6e1%F?cRD;i58>2fC%d{<}}F63F&?7wx00;n}t%35ClVt zM^N9u5I;NRel6?&wLyYJZD6Wbo$Bx0YF8rd4z@C@q`IeA3{uZfrs$?8<$!(zWWj&# z_WU15*7X0HC_noZUj9E}@Gt#8N!IlL94c0j^`8p%4wV(=j{gZVx|shz|Nfh9{(FW7 z{15j0Rl!a>|0`6gRJnpC|JC3BbEx3>fBk>mlKLMx*Yy9@^*^iT`+xNRyYdl0J_+i> zr~iyC{Q@HVBfadrLxRft`1I@@64tZ4Ur1npR~X+0EU&yN7!uR06h;P=r?8b*e`wG$ z=|(TBAI$<-F-fuWRJ!xZO=`S{-8>*7tFdNXv3ZE6PrINX^CUIRE)|V{TX3LCBw0r` zg)xtYT7xj&EEJZU!mA?;rnQX-3Du+0B$&^(GX2Rh8K*68A8N}?D-$$f^b$2(*iYu_ z+b2T(%@WOIu2#BoXNY|KM*5trW~iQd_N^Zh6vQG@V1RTvHDL8w6AcKC^wn%(QwwPc z$OL1H$iRpIQA|o!?R#+!_T!=~y8`JFM*m3FMNw^eNpUGF`Lw==@ zQI7wdy!e`=tWeH`yN0N{btxr8P2!>=nleq5%T9rs`Cxsi+M||~ z>1~xCGgjfUDBZ#{yk|;*M!pdZ1DIY@y}cw=S_97rPkGu)=1x;4)@Q9SLe1D!=EH&K z5oMX34dRRl>6RqxuHv$sf%{ooo@4o?+hpy1CIeC{-pXFX_Y{T7M6D z5_jE5r%p&Cz{&!x6;zm~9ZTiACZvpnbXUf-RJN0HF;z>cb5TxHx0bqa z`YTl`sZ=edu7tiCs4J7QGU}%4)=T~A+Er9nLQieg6-ilf^`vUoVcq1vRp(Uls{2Ta zn*BE!LzP@tFJ(KLD%D`^S4tXcOVx=6^HR4xRm;mDSKmtDQwgW)D&~wLC9CLrcfVygxgBlnrbk zmwMW%+u$(gFk7WTX64b{);GR8~fvLId<5w~e5``$7 zP4k}e+nYOa(!M!$>s_68MNPs|r(w6$(MW3C_30!f>T2n>{`!=4Wppu8-zD^+q?Xdf zNpU~X2a!TRS6l0*qfb{WSywZ~eMz5g3V~GGdT(BOVf0F-!u$KJPA~Z1)pRWxxJ&9o zHz1k{QQu8fFP=U@4O*%@ur@-fM2%LeTeP-Tszg0n2IMu8sc-Mv3aL{ydfJ5bcL20; z{w}Q-H&vIxAZ98_eR%qAN`?^i$?C&Q*VmQqR|j_wW65R$H(VJz)#PTFYNlKSxU zbczfC>Jin4nDQoV2rQ+P0UYh#RvJLsV)~H&)-f{#{Wm?mw)Au;4C3pN{U?})I)VSx zjv;-0wo`T_4OvJjr5DFwm(w7oL5(DQLmkx=kcNb`Q1mqjIvDyyv=CA@0y?@W6ScH- zE4+@LZgMJ3?aHlJS6e_!TTe~aQP(4(rJu6$>ZqnnOsS<^Q&X#Hr)uf_ts3e8{Y_jO zSx*JjMbjga27;lg^%qn_YFd`G#uqwZS}9uchDRSd>V^fi(6ojsI_g>}TJmX580jFS zDGMgs**%#X*4AQ^CwqFk2P@~BRNs7OTw`kvs=bj|P%kjpCFz7KmCD#@ zMqx?@>b;Z}wahIom1MLRwpEFIE0VQgH8s^GX#Gc4VgC0(b=UtIyR>OguTg#1HqGrQ z3jZ^_(pdkiP`OftN~-l=?dSh0R;cXwfBXObXQH1rN(=W%iu8zN;QyaL3dK&fcwP11 zwEozqQz&v2- znV4iPp$48iGy46#&k2h(|4+?-6?=;FQ}bWMUQqr`jLpa212K6Q-Btd56?;zk_eJa# z<=@2E3H&`Z|9R{s{_cr+9($X=_dY*gREWRMvtGrXRbEewU9bH6B35wr#3ZQynkjMj z#Jp6Vw+Zm}7cPeUc5zlHd`4wcwC@+?t&w@Fur$wRl*3%HyQD%fE3fi$ulKnWik!-y zLkN@Vw~<1TNqH&xuOha&D)?MCQglO9rKI_j`doFTTd_up7&30>iDrse!8C8KC?y$r zzKP=YHl;ma_{B50iqX%v&A+Nc~3Ga5^7YlR3tn+Qdp6&E;k9!V{$4ItTN?MB-AdHO_5OW6e6*f z7K((4QRx*4g)$dXBrIENsz^Bh6ty+w`Sp2LW<^4;srkYC!fD0KMHC5#u4h*y6upg& z0!_0h62iB0?X_rpD_TI2@bQn4BH`XKGw{}P@ZAHzkoy@F358EvDH0l5ayoQhIz>YB z)(|RfRaBAi-VGF!j?k!@8-V&fAz3UJ)T-?Us?uo;of{88)BIeUJ~N{t!DSZ0%?6k& z60R0QH(djM*$#r=v!hVk+z1=%E+LoY3WqH@NC>V3)Q!{m6bVNxarHn8T(!wpP>~QH z1-$)L;Ioy^fxmtD_0FCMWj~Nhkq~_rL%DktQzQ&L4AY%?gc65ecge`|Rj|kn(7jXI17`xp}k@L7fgpO{@tw^xA3xmA}kc%#aAxwx@mT9yp2Np%1n1livNo$3#^djBYA^5}G#m*HzXO%^2!?95g!r{D zWXco;PIs=xX$MyvoH`%h?q-C>iL2N+@(_^?k3gQ2fT58CLAhU$(`>f zyf~QEBd0HH#Q5#}99F!B1{OsrG zep~>dkO0Dz;VFSAEYXOwLFC68xIFbF^+GP}t{sW)mk~4o!;ZnA#ajRh?7*5;X)>Vp zWm0EvL3rzZto`Xlgub_ef$x2|Olpd7woV*IZ3Xm!v{yCjaN6D-fO@|GIMV>8*3ZdM zD_4rt`gn4|xFIMFj&ZG(JK-#p3A;~@k&rV3{+8_m`xy?L4h=>wM%2DI2|qJ3s@yDS zTtAHNa4EpGrvT8gBWkWr$W6=-)Y!Lp>6{Ic8>iu5|I$Dm?LjF?*NX-v(F<1BMvxVj zIq+@WTTcDGkgM;9-C{+7>e!N~HCT@g(>plxeG5>LElBA0maP48SMv7~Hr|y0V1Pft zdA5S$eeo==mRrtY=U`~0Ux(c;QYLq8z}mDxn7*;1G}){qR{5Tx7MhpL^T> z