v0.8.3

HyperDbg · May 3, 2024 · 78b01b3 · 78b01b3
2 parents 7710b92 + acb3d73
commit 78b01b3
Show file tree

Hide file tree

Showing 13 changed files with 91 additions and 24 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,18 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.8.3.0] - 2024-05-03
+New release of the HyperDbg Debugger.
+
+### Added
+- Added hwdbg headers ([link](https://hwdbg.hyperdbg.org))
+- Added support NUMA configuration with multiple count CPU sockets ([link](https://github.com/HyperDbg/HyperDbg/commit/040f70024fdad879ecf2ff2b31da066d4ed759fc))
+- Added citation to TRM paper ([link](https://arxiv.org/abs/2405.00298))
+
+### Changed
+- Change release flag of hyperdbg-cli to Multi-threaded Debug (/MTd)
+- Fix bitwise extended type, fixed memleaks, remove excess else and cmp int with EOF ([link](https://github.com/HyperDbg/HyperDbg/commit/7bcf1e5c71364aa3177eef0929c07463155ce5c6))
+
 ## [0.8.2.0] - 2024-03-19
 New release of the HyperDbg Debugger.
 

diff --git a/README.md b/README.md
@@ -41,7 +41,7 @@ If you're interested in understanding the internal design and architecture of hy
 
 ## Publications
 
-In case you use one of **HyperDbg**'s components in your work, please consider citing our paper.
+In case you use one of **HyperDbg**'s components in your work, please consider citing our papers.
 
 **1. [HyperDbg: Reinventing Hardware-Assisted Debugging (CCS'22)](https://dl.acm.org/doi/abs/10.1145/3548606.3560649)** [[arXiv](https://arxiv.org/abs/2207.05676)]
 
@@ -55,6 +55,17 @@ In case you use one of **HyperDbg**'s components in your work, please consider c
 }
 ```
 
+**2. [The Reversing Machine: Reconstructing Memory Assumptions](https://arxiv.org/pdf/2405.00298)** [[arXiv](https://arxiv.org/abs/2405.00298)]
+
+```
+@misc{karvandi2024reversing,
+  Author = {Mohammad Sina Karvandi and Soroush Meghdadizanjani and Sima Arasteh and Saleh Khalaj Monfared and Mohammad K. Fallah and Saeid Gorgin and Jeong-A Lee and Erik van der Kouwe},
+  Title = {The Reversing Machine: Reconstructing Memory Assumptions},
+  Year = {2024},
+  Eprint = {arXiv:2405.00298},
+}
+```
+
 You can also read [this article](https://research.hyperdbg.org/debugger/kernel-debugger-design.html) as it describes the overall architecture, technical difficulties, design decisions, and internals of HyperDbg Debugger, [this article](https://research.hyperdbg.org/debugger/transparency.html) about our efforts on vm-exit transparency, and [this article](https://research.hyperdbg.org/debugger/chasing-bugs.html) about chasing bugs within hypervisors. More articles, posts, and resources are available at the **[awesome](https://github.com/HyperDbg/awesome)** repo, and in addition, the **[slides](https://github.com/HyperDbg/slides)** repo provides presentation slides for further reference.
 
 ## Unique Features

diff --git a/...-engine-wrapper/script-engine-wrapper.cpp → ...r/script-engine/script-engine-wrapper.cpp b/...-engine-wrapper/script-engine-wrapper.cpp → ...r/script-engine/script-engine-wrapper.cpp
diff --git a/...r/script-engine-wrapper/script-engine.cpp → .../debugger/script-engine/script-engine.cpp b/...r/script-engine-wrapper/script-engine.cpp → .../debugger/script-engine/script-engine.cpp
diff --git a/...debugger/script-engine-wrapper/symbol.cpp → ...rl/code/debugger/script-engine/symbol.cpp b/...debugger/script-engine-wrapper/symbol.cpp → ...rl/code/debugger/script-engine/symbol.cpp
diff --git a/hyperdbg/hprdbgctrl/hprdbgctrl.vcxproj b/hyperdbg/hprdbgctrl/hprdbgctrl.vcxproj
@@ -179,7 +179,9 @@
     <ClCompile Include="code\debugger\misc\callstack.cpp" />
     <ClCompile Include="code\debugger\misc\disassembler.cpp" />
     <ClCompile Include="code\debugger\misc\readmem.cpp" />
-    <ClCompile Include="code\debugger\script-engine-wrapper\symbol.cpp" />
+    <ClCompile Include="code\debugger\script-engine\script-engine-wrapper.cpp" />
+    <ClCompile Include="code\debugger\script-engine\script-engine.cpp" />
+    <ClCompile Include="code\debugger\script-engine\symbol.cpp" />
     <ClCompile Include="code\debugger\user-level\pe-parser.cpp" />
     <ClCompile Include="code\debugger\user-level\ud.cpp" />
     <ClCompile Include="code\debugger\user-level\user-listening.cpp" />
@@ -267,8 +269,6 @@
     <ClCompile Include="code\debugger\communication\tcpclient.cpp" />
     <ClCompile Include="code\debugger\communication\tcpserver.cpp" />
     <ClCompile Include="code\debugger\driver-loader\install.cpp" />
-    <ClCompile Include="code\debugger\script-engine-wrapper\script-engine-wrapper.cpp" />
-    <ClCompile Include="code\debugger\script-engine-wrapper\script-engine.cpp" />
     <ClCompile Include="code\debugger\tests\tests.cpp" />
     <ClCompile Include="code\debugger\transparency\gaussian-rng.cpp" />
     <ClCompile Include="code\debugger\transparency\transparency.cpp" />

diff --git a/hyperdbg/hprdbgctrl/hprdbgctrl.vcxproj.filters b/hyperdbg/hprdbgctrl/hprdbgctrl.vcxproj.filters
@@ -373,12 +373,6 @@
     <ClCompile Include="code\debugger\driver-loader\install.cpp">
       <Filter>code\debugger\driver-loader</Filter>
     </ClCompile>
-    <ClCompile Include="code\debugger\script-engine-wrapper\script-engine.cpp">
-      <Filter>code\debugger\script-engine</Filter>
-    </ClCompile>
-    <ClCompile Include="code\debugger\script-engine-wrapper\script-engine-wrapper.cpp">
-      <Filter>code\debugger\script-engine</Filter>
-    </ClCompile>
     <ClCompile Include="code\debugger\tests\tests.cpp">
       <Filter>code\debugger\tests</Filter>
     </ClCompile>
@@ -433,9 +427,6 @@
     <ClCompile Include="code\debugger\kernel-level\kd.cpp">
       <Filter>code\debugger\kernel-level</Filter>
     </ClCompile>
-    <ClCompile Include="code\debugger\script-engine-wrapper\symbol.cpp">
-      <Filter>code\debugger\script-engine</Filter>
-    </ClCompile>
     <ClCompile Include="code\debugger\kernel-level\kernel-listening.cpp">
       <Filter>code\debugger\kernel-level</Filter>
     </ClCompile>
@@ -502,6 +493,15 @@
     <ClCompile Include="code\debugger\commands\debugging-commands\gu.cpp">
       <Filter>code\debugger\commands\debugging-commands</Filter>
     </ClCompile>
+    <ClCompile Include="code\debugger\script-engine\script-engine.cpp">
+      <Filter>code\debugger\script-engine</Filter>
+    </ClCompile>
+    <ClCompile Include="code\debugger\script-engine\script-engine-wrapper.cpp">
+      <Filter>code\debugger\script-engine</Filter>
+    </ClCompile>
+    <ClCompile Include="code\debugger\script-engine\symbol.cpp">
+      <Filter>code\debugger\script-engine</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <MASM Include="code\assembly\asm-vmx-checks.asm">

diff --git a/hyperdbg/hyperdbg-cli/hyperdbg-cli.cpp b/hyperdbg/hyperdbg-cli/hyperdbg-cli.cpp
@@ -20,8 +20,6 @@
 
 using namespace std;
 
-#pragma comment(lib, "HPRDBGCTRL.lib")
-
 /**
  * @brief CLI main function
  *

diff --git a/hyperdbg/hyperdbg-cli/hyperdbg-cli.vcxproj b/hyperdbg/hyperdbg-cli/hyperdbg-cli.vcxproj
@@ -111,7 +111,7 @@ copy "$(OutDir)hprdbghv.dll" "$(OutDir)SDK\Libraries\hprdbghv.dll"</Command>
       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <ConformanceMode>true</ConformanceMode>
       <AdditionalIncludeDirectories>$(SolutionDir)\include;$(SolutionDir)dependencies;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
       <TreatWarningAsError>true</TreatWarningAsError>
     </ClCompile>
     <Link>

diff --git a/hyperdbg/hyperdbg.sln b/hyperdbg/hyperdbg.sln
@@ -59,6 +59,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Headers", "Headers", "{D67D
 		include\SDK\Headers\DataTypes.h = include\SDK\Headers\DataTypes.h
 		include\SDK\Headers\ErrorCodes.h = include\SDK\Headers\ErrorCodes.h
 		include\SDK\Headers\Events.h = include\SDK\Headers\Events.h
+		include\SDK\Headers\HardwareDebugger.h = include\SDK\Headers\HardwareDebugger.h
 		include\SDK\Headers\Ioctls.h = include\SDK\Headers\Ioctls.h
 		include\SDK\Headers\RequestStructures.h = include\SDK\Headers\RequestStructures.h
 		include\SDK\Headers\Symbols.h = include\SDK\Headers\Symbols.h

diff --git a/hyperdbg/include/SDK/Headers/Connection.h b/hyperdbg/include/SDK/Headers/Connection.h
@@ -140,6 +140,7 @@ typedef enum _DEBUGGER_REMOTE_PACKET_REQUESTED_ACTION
 
 /**
  * @brief enum for different packet types in HyperDbg packets
+ * @warning used in hwdbg
  *
  */
 typedef enum _DEBUGGER_REMOTE_PACKET_TYPE
@@ -153,22 +154,22 @@ typedef enum _DEBUGGER_REMOTE_PACKET_TYPE
     //
     // Debugger to debuggee (user-mode)
     //
-    DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_USER_MODE,
+    DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_EXECUTE_ON_USER_MODE = 2,
 
     //
     // Debuggee to debugger (user-mode and kernel-mode, vmx-root mode)
     //
-    DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGEE_TO_DEBUGGER,
+    DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGEE_TO_DEBUGGER = 3,
 
     //
-    // Debugger to debuggee (hardware)
+    // Debugger to debuggee (hardware), used in hwdbg
     //
-    DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_HARDWARE_LEVEL = 1,
+    DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGER_TO_DEBUGGEE_HARDWARE_LEVEL = 4,
 
     //
-    // Debuggee to debugger (hardware)
+    // Debuggee to debugger (hardware), used in hwdbg
     //
-    DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGEE_TO_DEBUGGER_HARDWARE_LEVEL,
+    DEBUGGER_REMOTE_PACKET_TYPE_DEBUGGEE_TO_DEBUGGER_HARDWARE_LEVEL = 5,
 
 } DEBUGGER_REMOTE_PACKET_TYPE;
 

diff --git a/hyperdbg/include/SDK/Headers/Constants.h b/hyperdbg/include/SDK/Headers/Constants.h
@@ -17,8 +17,8 @@
 //////////////////////////////////////////////////
 
 #define VERSION_MAJOR 0
-#define VERSION_MINOR 8
-#define VERSION_PATCH 2
+#define VERSION_MINOR 9
+#define VERSION_PATCH 0
 
 //
 // Example of __DATE__ string: "Jul 27 2012"
@@ -554,6 +554,11 @@ const unsigned char BuildSignature[] = {
 //            Debuggee Communication            //
 //////////////////////////////////////////////////
 
+/**
+ * @brief constant indicator of a HyperDbg packet
+ * @warning used in hwdbg
+ *
+ */
 #define INDICATOR_OF_HYPERDBG_PACKET \
     0x4859504552444247 // HYPERDBG = 0x4859504552444247
 

diff --git a/hyperdbg/include/SDK/Headers/HardwareDebugger.h b/hyperdbg/include/SDK/Headers/HardwareDebugger.h
@@ -0,0 +1,39 @@
+/**
+ * @file HardwareDebugger.h
+ * @author Sina Karvandi (sina@hyperdbg.org)
+ * @brief HyperDbg's Hardware Debugger (hwdbg) types and constants
+ * @details This file contains definitions of hwdbg elements
+ * used in HyperDbg
+ * @version 0.9
+ * @date 2024-04-28
+ *
+ * @copyright This project is released under the GNU Public License v3.
+ *
+ */
+#pragma once
+
+/**
+ * @brief Different action of hwdbg
+ * @warning This file should be changed along with hwdbg files
+ *
+ */
+typedef enum _HWDBG_ACTION_ENUMS
+{
+    hwdbgActionSendVersion           = 0,
+    hwdbgActionSendPinInformation    = 1,
+    hwdbgActionConfigureScriptBuffer = 2,
+
+} HWDBG_ACTION_ENUMS;
+
+/**
+ * @brief Different responses come from hwdbg
+ * @warning This file should be changed along with hwdbg files
+ *
+ */
+typedef enum _HWDBG_RESPONSE_ENUMS
+{
+    hwdbgResponseVersion                         = 0,
+    hwdbgResponsePinInformation                  = 1,
+    hwdbgResponseScriptBufferConfigurationResult = 2,
+
+} HWDBG_RESPONSE_ENUMS;