v0.7.1

## [0.7.1.0] - 2023-12-20 New release of the HyperDbg Debugger. ### Changed - Fix the single core broadcasting events issue ([link](ab95cd7)) - Evaluate the '.pagin' ranges as expressions ([link](ab95cd7)) - Add hexadecimal escape sequence as string parameter for string functions ([link](60fbec6)) - Add hexadecimal escape sequence as wstring parameter for wstring functions ([link](e6dbc3f)) - Fix breakpoint and the '!epthook' problems in the same address ([link](#326))
HyperDbg · Dec 19, 2023 · 59d224e · 59d224e
2 parents fac10fd + c83cbf3
commit 59d224e
Show file tree

Hide file tree

Showing 23 changed files with 721 additions and 873 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,16 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.7.1.0] - 2023-12-20
+New release of the HyperDbg Debugger.
+
+### Changed
+- Fix the single core broadcasting events issue ([link](https://github.com/HyperDbg/HyperDbg/commit/ab95cd76285ef9aad084560c5c9dc8970bba84b7))
+- Evaluate the '.pagin' ranges as expressions ([link](https://github.com/HyperDbg/HyperDbg/commit/ab95cd76285ef9aad084560c5c9dc8970bba84b7))
+- Add hexadecimal escape sequence as string parameter for string functions ([link](https://github.com/HyperDbg/HyperDbg/commit/60fbec6936330643d8de1ec7b548f651ac8f106d))
+- Add hexadecimal escape sequence as wstring parameter for wstring functions ([link](https://github.com/HyperDbg/HyperDbg/commit/e6dbc3f49e2d20a51d2f20120316fd0392067fa2))
+- Fix breakpoint and the '!epthook' problems in the same address ([link](https://github.com/HyperDbg/HyperDbg/pull/326))
+
 ## [0.7.0.0] - 2023-11-22
 New release of the HyperDbg Debugger.
 

diff --git a/hyperdbg/hprdbgctrl/code/debugger/commands/debugging-commands/gu.cpp b/hyperdbg/hprdbgctrl/code/debugger/commands/debugging-commands/gu.cpp
@@ -32,12 +32,12 @@ CommandGuHelp()
  "gu : executes a single instruction (step-out) and optionally displays the "
  "resulting values of all registers and flags.\n\n");
 
- ShowMessages("syntax : \tg\n");
- ShowMessages("syntax : \tgur\n");
+ ShowMessages("syntax : \tgu\n");
+ ShowMessages("syntax : \tgu [Count (hex)]\n");
 
  ShowMessages("\n");
  ShowMessages("\t\te.g : gu\n");
- ShowMessages("\t\te.g : gur\n");
+ ShowMessages("\t\te.g : gu 10000\n");
 }
 
 /**
@@ -50,24 +50,42 @@ CommandGuHelp()
 VOID
 CommandGu(vector<string> SplittedCommand, string Command)
 {
- UINT32 CallInstructionSize;
+ UINT32 StepCount;
  DEBUGGER_REMOTE_STEPPING_REQUEST RequestFormat;
+ BOOLEAN BreakOnNextInstruction = FALSE;
 
  //
  // Validate the commands
  //
- if (SplittedCommand.size() != 1)
+ if (SplittedCommand.size() != 1 && SplittedCommand.size() != 2)
  {
  ShowMessages("incorrect use of the 'gu'\n\n");
  CommandGuHelp();
  return;
  }
 
  //
- // Set type of step
+ // Set type of request
  //
  RequestFormat = DEBUGGER_REMOTE_STEPPING_REQUEST_STEP_OVER_FOR_GU;
 
+ //
+ // Check if the command has a counter parameter
+ //
+ if (SplittedCommand.size() == 2)
+ {
+ if (!ConvertStringToUInt32(SplittedCommand.at(1), &StepCount))
+ {
+ ShowMessages("please specify a correct hex value for [count]\n\n");
+ CommandGuHelp();
+ return;
+ }
+ }
+ else
+ {
+ StepCount = DEBUGGER_REMOTE_TRACKING_DEFAULT_COUNT_OF_STEPPING;
+ }
+
  //
  // Check if the remote serial debuggee or user debugger are paused or not
  //
@@ -88,18 +106,30 @@ CommandGu(vector<string> SplittedCommand, string Command)
  //
  g_IsInstrumentingInstructions = TRUE;
 
- //
- // Send gu until the current instruction is ret
- //
- while (1)
+ for (size_t i = 0; i < StepCount; i++)
  {
+ //
+ // For logging purpose
+ //
+ // ShowMessages("percentage : %f %% (%x)\n", 100.0 * (i /
+ // (float)StepCount), i);
+ //
+
+ //
+ // Check if the current instruction is 'ret' or not
+ //
  if (HyperDbgCheckWhetherTheCurrentInstructionIsRet(
  g_CurrentRunningInstruction,
  MAXIMUM_INSTR_SIZE,
- g_IsRunningInstruction32Bit ? FALSE : TRUE, // equals to !g_IsRunningInstruction32Bit
- &CallInstructionSize))
+ g_IsRunningInstruction32Bit ? FALSE : TRUE // equals to !g_IsRunningInstruction32Bit
+ ))
  {
- break;
+ BreakOnNextInstruction = TRUE;
+
+ //
+ // It's the last instruction, so we gonna show the instruction
+ //
+ RequestFormat = DEBUGGER_REMOTE_STEPPING_REQUEST_STEP_OVER_FOR_GU_LAST_INSTRUCTION;
  }
 
  if (g_IsSerialConnectedToRemoteDebuggee)
@@ -126,38 +156,13 @@ CommandGu(vector<string> SplittedCommand, string Command)
  {
  break;
  }
- }
-
- //
- // Send a step-in after the ret instruction if we are instrumenting instructions
- //
- if (g_IsInstrumentingInstructions)
- {
- RequestFormat = DEBUGGER_REMOTE_STEPPING_REQUEST_STEP_IN;
-
- if (g_IsSerialConnectedToRemoteDebuggee)
- {
- //
- // It's stepping over serial connection in kernel debugger
- //
- KdSendStepPacketToDebuggee(RequestFormat);
- }
- else
- {
- //
- // It's stepping over user debugger
- //
- UdSendStepPacketToDebuggee(g_ActiveProcessDebuggingState.ProcessDebuggingToken,
- g_ActiveProcessDebuggingState.ThreadId,
- RequestFormat);
- }
 
- if (!SplittedCommand.at(0).compare("gur"))
+ //
+ // Check if we see 'ret' in the previous instruction or not
+ //
+ if (BreakOnNextInstruction)
  {
- //
- // Show registers
- //
- ShowAllRegisters();
+ break;
  }
  }
 
@@ -168,7 +173,7 @@ CommandGu(vector<string> SplittedCommand, string Command)
  }
  else
  {
- ShowMessages("err, stepping (gu) is not valid in the current context, you "
+ ShowMessages("err, going up (gu) is not valid in the current context, you "
  "should connect to a debuggee\n");
  }
 }
diff --git a/hyperdbg/hprdbgctrl/code/debugger/commands/meta-commands/pagein.cpp b/hyperdbg/hprdbgctrl/code/debugger/commands/meta-commands/pagein.cpp
@@ -164,16 +164,14 @@ CommandPageinCheckAndInterpretModeString(const std::string & ModeString,
  * @param TargetVirtualAddrTo
  * @param PageFaultErrorCode
  * @param Pid
- * @param Length
  *
  * @return VOID
  */
 VOID
 CommandPageinRequest(UINT64 TargetVirtualAddrFrom,
  UINT64 TargetVirtualAddrTo,
  PAGE_FAULT_EXCEPTION PageFaultErrorCode,
- UINT32 Pid,
- UINT32 Length)
+ UINT32 Pid)
 {
  BOOL Status;
  ULONG ReturnedLength;
@@ -266,7 +264,7 @@ VOID
 CommandPagein(vector<string> SplittedCommand, string Command)
 {
  UINT32 Pid = 0;
- UINT32 Length = 0;
+ UINT64 Length = 0;
  UINT64 TargetAddressFrom = NULL;
  UINT64 TargetAddressTo = NULL;
  BOOLEAN IsNextProcessId = FALSE;
@@ -317,7 +315,7 @@ CommandPagein(vector<string> SplittedCommand, string Command)
 
  if (IsNextLength == TRUE)
  {
- if (!ConvertStringToUInt32(Section, &Length))
+ if (!SymbolConvertNameOrExprToAddress(Section, &Length))
  {
  ShowMessages("err, you should enter a valid length\n\n");
  return;
@@ -404,7 +402,7 @@ CommandPagein(vector<string> SplittedCommand, string Command)
  //
  // Send the request
  //
- // ShowMessages(".pagin address from: %llx -> to %llx, page-fault code: 0x%x, pid: %x, length: 0x%x",
+ // ShowMessages(".pagin address from: %llx -> to %llx, page-fault code: 0x%x, pid: %x, length: 0x%llx",
  // TargetAddressFrom,
  // TargetAddressTo,
  // PageFaultErrorCode.AsUInt,
@@ -417,6 +415,5 @@ CommandPagein(vector<string> SplittedCommand, string Command)
  CommandPageinRequest(TargetAddressFrom,
  TargetAddressTo,
  PageFaultErrorCode,
- Pid,
- Length);
+ Pid);
 }