doxygen/html/hook__cr_8c_source.html

 /*
  * Copyright (c) 2020 Bitdefender
  * SPDX-License-Identifier: Apache-2.0
  */
 #include "hook_cr.h"
 #include "callbacks.h"
 #include "guests.h"


 INTSTATUS
 IntHookCrSetHook(
     _In_ DWORD Cr,
     _In_ DWORD Flags,
     _In_ PFUNC_CrWriteHookCallback Callback,
     _In_opt_ void *Context,
     _Out_opt_ HOOK_CR **Hook
     )
 {
     INTSTATUS status = INT_STATUS_SUCCESS;

     if (NULL == Callback)
     {
         return INT_STATUS_INVALID_PARAMETER_3;
     }

     HOOK_CR *pHook = HpAllocWithTag(sizeof(*pHook), IC_TAG_CRH);
     if (NULL == pHook)
     {
         return INT_STATUS_INSUFFICIENT_RESOURCES;
     }

     pHook->Callback = Callback;
     pHook->Context = Context;
     pHook->Disabled = FALSE;
     pHook->Flags = Flags;
     pHook->Cr = Cr;

     // Check if we already have a hook on this CR, in which case, we don't have to activate exits on it.
     BOOLEAN bCrAlreadyHooked = FALSE;

     list_for_each(gGuest.CrHooks->CrHooksList, HOOK_CR, pListHook)
     {
         if (Cr == pListHook->Cr)
         {
             bCrAlreadyHooked = TRUE;
             break;
         }
     }

     if (!bCrAlreadyHooked)
     {
         status = IntEnableCrWriteExit(Cr);
         if (!INT_SUCCESS(status))
         {
             ERROR("[ERROR] IntEnableCrWriteExit failed: 0x%08x\n", status);
         }
     }

     if (0 == gGuest.CrHooks->HooksCount++)
     {
         status = IntEnableCrNotifications();
         if (!INT_SUCCESS(status))
         {
             HpFreeAndNullWithTag(&pHook, IC_TAG_CRH);
             return status;
         }
     }

     InsertTailList(&gGuest.CrHooks->CrHooksList, &pHook->Link);

     if (NULL != Hook)
     {
         *Hook = pHook;
     }

     return status;
 }


 static INTSTATUS
 IntHookCrDeleteHook(
     _In_ HOOK_CR *Hook
     )
 {
     if (!Hook->Disabled)
     {
         return INT_STATUS_INVALID_PARAMETER_1;
     }

     HpFreeAndNullWithTag(&Hook, IC_TAG_CRH);

     if (0 >= --gGuest.CrHooks->HooksCount)
     {
         return IntDisableCrNotifications();
     }

     return INT_STATUS_SUCCESS;
 }


 INTSTATUS
 IntHookCrRemoveHook(
     _In_ HOOK_CR *Hook
     )
 {
     INTSTATUS status = INT_STATUS_SUCCESS;

     if (NULL == Hook)
     {
         return INT_STATUS_INVALID_PARAMETER_1;
     }

     CR_HOOK_STATE *pCrHooksState = gGuest.CrHooks;
     if (NULL == pCrHooksState)
     {
         return INT_STATUS_NOT_INITIALIZED;
     }

     Hook->Disabled = TRUE;

     BOOLEAN bCrStillHooked = FALSE;
     list_for_each(pCrHooksState->CrHooksList, HOOK_CR, pHook)
     {
         if ((pHook != Hook) && (pHook->Cr == Hook->Cr))
         {
             bCrStillHooked = TRUE;
             break;
         }
     }

     if (!bCrStillHooked)
     {
         status = IntDisableCrWriteExit(Hook->Cr);
         if (!INT_SUCCESS(status))
         {
             ERROR("[ERROR] IntDisableCrWriteExit failed: 0x%08x\n", status);
         }
     }

     if (CPU_STATE_CR_WRITE != gVcpu->State)
     {
         RemoveEntryList(&Hook->Link);

         status = IntHookCrDeleteHook(Hook);
         if (!INT_SUCCESS(status))
         {
             ERROR("[ERROR] IntHookCrDeleteHook failed: 0x%08x\n", status);
         }
     }

     return status;
 }


 static INTSTATUS
 IntHookCrRemoveAllHooks(
     void
     )
 {
     INTSTATUS status = INT_STATUS_SUCCESS;

     CR_HOOK_STATE *pCrHookState = gGuest.CrHooks;
     if (NULL == pCrHookState)
     {
         return INT_STATUS_NOT_INITIALIZED;
     }

     list_for_each(pCrHookState->CrHooksList, HOOK_CR, pHook)
     {
         status = IntHookCrRemoveHook(pHook);
         if (!INT_SUCCESS(status))
         {
             ERROR("[ERROR] IntHookCrRemoveHook failed: 0x%08x\n", status);
         }
     }

     return status;
 }


 INTSTATUS
 IntHookCrCommit(
     void
     )
 {
     INTSTATUS status = INT_STATUS_SUCCESS;

     if (NULL == gGuest.CrHooks)
     {
         return INT_STATUS_NOT_INITIALIZED;
     }

     list_for_each(gGuest.CrHooks->CrHooksList, HOOK_CR, pHook)
     {
         if (pHook->Disabled)
         {
             RemoveEntryList(&pHook->Link);

             status = IntHookCrDeleteHook(pHook);
             if (!INT_SUCCESS(status))
             {
                 ERROR("[ERROR] IntHookCrDeleteHook failed: 0x%08x\n", status);
             }
         }
     }

     return status;
 }


 INTSTATUS
 IntHookCrInit(
     void
     )
 {
     gGuest.CrHooks = HpAllocWithTag(sizeof(*gGuest.CrHooks), IC_TAG_CRS);
     if (NULL == gGuest.CrHooks)
     {
         return INT_STATUS_INSUFFICIENT_RESOURCES;
     }

     InitializeListHead(&gGuest.CrHooks->CrHooksList);

     return INT_STATUS_SUCCESS;
 }


 INTSTATUS
 IntHookCrUninit(
     void
     )
 {
     if (NULL == gGuest.CrHooks)
     {
         return INT_STATUS_NOT_INITIALIZED_HINT;
     }

     IntHookCrRemoveAllHooks();

     HpFreeAndNullWithTag(&gGuest.CrHooks, IC_TAG_CRS);

     return INT_STATUS_SUCCESS;
 }
_In_opt_
#define _In_opt_
Definition: intro_sal.h:16

BOOLEAN
_Bool BOOLEAN
Definition: intro_types.h:58

_HOOK_CR::Link
LIST_ENTRY Link
List entry link.
Definition: hook_cr.h:45

_CR_HOOK_STATE::HooksCount
INT64 HooksCount
Total number of CR hooks.
Definition: hook_cr.h:36

IntHookCrUninit
INTSTATUS IntHookCrUninit(void)
Uninit the control register hooks state.
Definition: hook_cr.c:295

IntDisableCrNotifications
static INTSTATUS IntDisableCrNotifications(void)
Definition: callbacks.h:210

_In_
#define _In_
Definition: intro_sal.h:21

_HOOK_CR::Context
void * Context
Optional context, will be passed to the callback.
Definition: hook_cr.h:50

INT_STATUS_SUCCESS
#define INT_STATUS_SUCCESS
Definition: introstatus.h:54

_GUEST_STATE::CrHooks
CR_HOOK_STATE * CrHooks
CR hook state.
Definition: guests.h:389

INT_SUCCESS
#define INT_SUCCESS(Status)
Definition: introstatus.h:42

ERROR
#define ERROR(fmt,...)
Definition: glue.h:62

CPU_STATE_CR_WRITE
Handling a CR load.
Definition: guests.h:25

HpAllocWithTag
#define HpAllocWithTag(Len, Tag)
Definition: glue.h:516

IntDisableCrWriteExit
INTSTATUS IntDisableCrWriteExit(DWORD Cr)
Definition: glue.c:556

INTSTATUS
int INTSTATUS
The status data type.
Definition: introstatus.h:24

_CR_HOOK_STATE
Definition: hook_cr.h:33

guests.h

PFUNC_CrWriteHookCallback
INTSTATUS(* PFUNC_CrWriteHookCallback)(void *Context, DWORD Cr, QWORD OldValue, QWORD NewValue, INTRO_ACTION *Action)
Called when a control-register write takes place.
Definition: hook_cr.h:21

IC_TAG_CRH
#define IC_TAG_CRH
CR hook.
Definition: memtags.h:70

IntHookCrInit
INTSTATUS IntHookCrInit(void)
Initialize the control registers hook state.
Definition: hook_cr.c:272

_Out_opt_
#define _Out_opt_
Definition: intro_sal.h:30

INT_STATUS_NOT_INITIALIZED
#define INT_STATUS_NOT_INITIALIZED
Definition: introstatus.h:266

IC_TAG_CRS
#define IC_TAG_CRS
CR hook state.
Definition: memtags.h:71

RemoveEntryList
static BOOLEAN RemoveEntryList(LIST_ENTRY *Entry)
Definition: introlists.h:87

_VCPU_STATE::State
CPU_STATE State
The state of this VCPU. Describes what action is the VCPU currently doing.
Definition: guests.h:173

IntHookCrCommit
INTSTATUS IntHookCrCommit(void)
Commit the control register hooks.
Definition: hook_cr.c:234

TRUE
#define TRUE
Definition: intro_types.h:30

IntEnableCrNotifications
static INTSTATUS IntEnableCrNotifications(void)
Definition: callbacks.h:193

HpFreeAndNullWithTag
#define HpFreeAndNullWithTag(Add, Tag)
Definition: glue.h:517

IntEnableCrWriteExit
INTSTATUS IntEnableCrWriteExit(DWORD Cr)
Definition: glue.c:547

IntHookCrRemoveAllHooks
static INTSTATUS IntHookCrRemoveAllHooks(void)
Remove all control register write hooks.
Definition: hook_cr.c:202

InsertTailList
static void InsertTailList(LIST_ENTRY *ListHead, LIST_ENTRY *Entry)
Definition: introlists.h:135

IntHookCrRemoveHook
INTSTATUS IntHookCrRemoveHook(HOOK_CR *Hook)
Remove a control register hook.
Definition: hook_cr.c:135

InitializeListHead
static void InitializeListHead(LIST_ENTRY *ListHead)
Definition: introlists.h:69

_HOOK_CR
Definition: hook_cr.h:43

DWORD
uint32_t DWORD
Definition: intro_types.h:49

_HOOK_CR::Callback
PFUNC_CrWriteHookCallback Callback
Callback.
Definition: hook_cr.h:49

_HOOK_CR::Cr
DWORD Cr
The CR number.
Definition: hook_cr.h:47

gGuest
GUEST_STATE gGuest
The current guest state.
Definition: guests.c:50

_HOOK_CR::Disabled
BOOLEAN Disabled
If true, the hook is disabled, and the callback will no longer be called.
Definition: hook_cr.h:48

IntHookCrDeleteHook
static INTSTATUS IntHookCrDeleteHook(HOOK_CR *Hook)
Permanently delete a control register hook.
Definition: hook_cr.c:105

INT_STATUS_NOT_INITIALIZED_HINT
#define INT_STATUS_NOT_INITIALIZED_HINT
Definition: introstatus.h:320

INT_STATUS_INVALID_PARAMETER_1
#define INT_STATUS_INVALID_PARAMETER_1
Definition: introstatus.h:62

gVcpu
VCPU_STATE * gVcpu
The state of the current VCPU.
Definition: guests.c:59

_CR_HOOK_STATE::CrHooksList
LIST_HEAD CrHooksList
The list of CR hooks.
Definition: hook_cr.h:35

_HOOK_CR::Flags
DWORD Flags
Flags. Can be used by the caller.
Definition: hook_cr.h:46

hook_cr.h

callbacks.h

list_for_each
#define list_for_each(_head, _struct_type, _var)
Definition: introlists.h:41

IntHookCrSetHook
INTSTATUS IntHookCrSetHook(DWORD Cr, DWORD Flags, PFUNC_CrWriteHookCallback Callback, void *Context, HOOK_CR **Hook)
Set a control register write hook.
Definition: hook_cr.c:11

FALSE
#define FALSE
Definition: intro_types.h:34

INT_STATUS_INSUFFICIENT_RESOURCES
#define INT_STATUS_INSUFFICIENT_RESOURCES
Definition: introstatus.h:281

INT_STATUS_INVALID_PARAMETER_3
#define INT_STATUS_INVALID_PARAMETER_3
Definition: introstatus.h:68