From 3e94d49b7a2dc0143945588d4d76179743b8d08b Mon Sep 17 00:00:00 2001 From: SinaKarvandi Date: Sun, 4 Aug 2024 19:28:33 +0900 Subject: [PATCH] update --- {papers => academic-papers}/papers.md | 2 +- debugger-script/debugger-script.md | 4 +- debugger-script/grammar.md | 277 -------------------------- debugger-script/specifications.md | 13 -- index.md | 18 +- 5 files changed, 14 insertions(+), 300 deletions(-) rename {papers => academic-papers}/papers.md (98%) delete mode 100644 debugger-script/grammar.md delete mode 100644 debugger-script/specifications.md diff --git a/papers/papers.md b/academic-papers/papers.md similarity index 98% rename from papers/papers.md rename to academic-papers/papers.md index c3df845..bc02f89 100644 --- a/papers/papers.md +++ b/academic-papers/papers.md @@ -1,6 +1,6 @@ --- layout: default -title: Papers +title: Academic Papers nav_order: 2 has_children: false permalink: /papers diff --git a/debugger-script/debugger-script.md b/debugger-script/debugger-script.md index 89c9d3a..cb09a5d 100644 --- a/debugger-script/debugger-script.md +++ b/debugger-script/debugger-script.md @@ -1,9 +1,9 @@ --- layout: default -title: Debugger Script +title: Debugger Script (dslang) nav_order: 4 has_children: true -permalink: /debugger-script +permalink: /dslang --- # Debugger Script (DS) diff --git a/debugger-script/grammar.md b/debugger-script/grammar.md deleted file mode 100644 index c692f37..0000000 --- a/debugger-script/grammar.md +++ /dev/null @@ -1,277 +0,0 @@ ---- -layout: default -title: Grammar -parent: Debugger Script -nav_order: 2 ---- - -# Language Grammar - -HyperDbg operates based on the following grammar. - -``` -# ThreeOpFunc1 inputs are three numbers and returns a number. -.ThreeOpFunc1->interlocked_compare_exchange - - -# TwoOpFunc1 inputs are two numbers and returns a number. -.TwoOpFunc1->ed eb eq interlocked_exchange interlocked_exchange_add - -# TwoOpFunc2 inputs are two numbers and returns no value -.TwoOpFunc2->spinlock_lock_custom_wait - - - -# OneOpFunc1 input is a number and returns a number. -.OneOpFunc1->poi db dd dw dq neg hi low not check_address strlen wcslen interlocked_exchange_increment interlocked_exchange_decrement - -# OneOpFunc2 input is a number. -.OneOpFunc2->print formats disable_event enable_event test_statement spinlock_lock spinlock_unlock - -.ZeroOpFunc1->pause - -.VarArgFunc1->printf - -.OperatorsTwoOperand->or xor and asr asl add sub mul div mod gt lt egt elt equal neq -.OperatorsOneOperand->inc dec - -.SemantiRules->start_of_if jmp jz jnz jmp_to_end_and_jzcompleted end_of_if start_of_while end_of_while vargstart mov start_of_do_while start_of_do_while_commands end_of_do_while start_of_for for_inc_dec start_of_for_ommands end_of_if ignore_lvalue - -.Registers->rax eax ax ah al rcx ecx cx ch cl rdx edx dx dh dl rbx ebx bx bh bl rsp esp sp spl rbp ebp bp bpl rsi esi si sil rdi edi di dil r8 r8d r8w r8h r8l r9 r9d r9w r9h r9l r10 r10d r10w r10h r10l r11 r11d r11w r11h r11l r12 r12d r12w r12h r12l r13 r13d r13w r13h r13l r14 r14d r14w r14h r14l r15 r15d r15w r15h r15l ds es fs gs cs ss rflags eflags flags rip eip ip idtr ldtr gdtr tr cr0 cr2 cr3 cr4 cr8 dr0 dr1 dr2 dr3 dr6 dr7 - -.PseudoRegisters->pid tid proc thread peb teb ip buffer context - -S->STATEMENT S -S->eps - -STATEMENT->IF_STATEMENT -STATEMENT->WHILE_STATEMENT -STATEMENT->DO_WHILE_STATEMENT -STATEMENT->FOR_STATEMENT -STATEMENT->ASSIGN_STATEMENT ; -STATEMENT->CALL_FUNC_STATEMENT ; -STATEMENT->break @BREAK ; -STATEMENT->continue @CONTINUE ; - - - -ASSIGN_STATEMENT->L_VALUE = EXPRESSION @MOV NULL -CALL_FUNC_STATEMENT->.OneOpFunc2 ( EXPRESSION @.OneOpFunc2 ) -CALL_FUNC_STATEMENT->.VarArgFunc1 ( STRING @VARGSTART VA @.VarArgFunc1 ) -CALL_FUNC_STATEMENT->.ZeroOpFunc1 ( @.ZeroOpFunc1 ) -CALL_FUNC_STATEMENT->.TwoOpFunc2 ( EXPRESSION , EXPRESSION @.TwoOpFunc2 ) -CALL_FUNC_STATEMENT->@IGNORE_LVALUE .TwoOpFunc1 ( EXPRESSION , EXPRESSION @.TwoOpFunc1 ) -VA->, EXPRESSION VA -VA->eps - -IF_STATEMENT->if @START_OF_IF ( BOOLEAN_EXPRESSION ) @JZ { S } ELSIF_STATEMENT ELSE_STATEMENT @END_OF_IF END_OF_IF -ELSIF_STATEMENT->elsif @JMP_TO_END_AND_JZCOMPLETED ( BOOLEAN_EXPRESSION ) @JZ { S } ELSIF_STATEMENT -ELSIF_STATEMENT->@JMP_TO_END_AND_JZCOMPLETED ELSIF_STATEMENT' -ELSIF_STATEMENT'->eps -ELSE_STATEMENT->else { S } -ELSE_STATEMENT->eps -END_OF_IF->eps - - - -WHILE_STATEMENT->while @START_OF_WHILE ( BOOLEAN_EXPRESSION ) @START_OF_WHILE_COMMANDS { S @END_OF_WHILE } -DO_WHILE_STATEMENT->do @START_OF_DO_WHILE { S } while ( BOOLEAN_EXPRESSION ) @END_OF_DO_WHILE ; - -FOR_STATEMENT->for ( SIMPLE_ASSIGNMENT ; @START_OF_FOR BOOLEAN_EXPRESSION ; @FOR_INC_DEC INC_DEC ) { @START_OF_FOR_COMMANDS S @END_OF_FOR } -SIMPLE_ASSIGNMENT->L_VALUE = EXPRESSION @MOV SIMPLE_ASSIGNMENT' -SIMPLE_ASSIGNMENT->eps -SIMPLE_ASSIGNMENT'->eps - - -INC_DEC->L_VALUE INC_DEC' -INC_DEC'->++ @INC INC' -INC_DEC'->-- @DEC DEC' -INC'->eps -DEC'->eps -INC_DEC'->eps - -BOOLEAN_EXPRESSION->eps - - -EXPRESSION->E1 E0' -E0'->| E1 @OR E0' -E0'->eps - - -E1->E2 E1' -E1'->^ E2 @XOR E1' -E1'->eps - -E2->E3 E2' -E2'->& E3 @AND E2' -E2'->eps - -E3->E4 E3' -E3'->>> E4 @ASR E3' -E3'->eps - -E4->E5 E4' -E4'-><< E5 @ASL E4' -E4'->eps - -E5->E6 E5' -E5'->+ E6 @ADD E5' -E5'->eps - -E6->E7 E6' -E6'->- E7 @SUB E6' -E6'->eps - -E7->E8 E7' -E7'->* E8 @MUL E7' -E7'->eps - -E8->E9 E8' -E8'->/ E9 @DIV E8' -E8'->eps - - -E9->E10 E9' -E9'->% E10 @MOD E9' -E9'->eps - - - - -E10->E12 - - - -E12->.OneOpFunc1 ( EXPRESSION @.OneOpFunc1 ) -E12->.TwoOpFunc1 ( EXPRESSION , EXPRESSION @.TwoOpFunc1 ) -E12->.ThreeOpFunc1 ( EXPRESSION , EXPRESSION , EXPRESSION @.ThreeOpFunc1 ) - - -E12->( EXPRESSION ) - - -# Types must have '_' at the first -E12->@PUSH _register -E12->@PUSH _id - - -# numbers -E12->@PUSH _hex -E12->@PUSH _decimal -E12->@PUSH _octal -E12->@PUSH _binary - - -E12->@PUSH _pseudo_register - -E12->- E12 @NEG E13 -E12->+ E12 E13 -E12->~ E12 @NOT E13 - -E13->eps - - -STRING->@PUSH _string -L_VALUE->@PUSH _id -L_VALUE->@PUSH _register -NULL->eps - -``` - -# Boolean Expression Grammar - -HyperDbg operates based on the following boolean expression grammar. - -```text -# OneOpFunc1 input is a number and returns a number. -.OneOpFunc1->poi db dd dw dq neg hi low not - -S->BE - -BE->B1 - -B1->B2 B1' -B1'->&& B2 B1' @AND -B1'->eps - -B2->B3 B2' -B2'->|| B3 B2' @OR -B2'->eps - -B3->CMP -B3->EXP - -CMP->EXP > EXP @GT -CMP->EXP < EXP @LT -CMP->EXP >= EXP @EGT -CMP->EXP <= EXP @ELT -CMP->EXP == EXP @EQ -CMP->EXP != EXP @NEQ - -CMP->( CMP ) - -EXP->E1 E0' -E0'->| E1 E0' @OR -E0'->eps - -E1->E2 E1' -E1'->^ E2 E1' @XOR -E1'->eps - -E2->E3 E2' -E2'->& E3 E2' @AND -E2'->eps - -E3->E4 E3' -E3'->>> E4 E3' @ASR -E3'->eps - -E4->E5 E4' -E4'-><< E5 E4' @ASL -E4'->eps - -E5->E6 E5' -E5'->+ E6 E5' @ADD -E5'->eps - -E6->E7 E6' -E6'->- E7 E6' @SUB -E6'->eps - -E7->E8 E7' -E7'->* E8 E7' @MUL -E7'->eps - -E8->E9 E8' -E8'->/ E9 E8' @DIV -E8'->eps - - -E9->E10 E9' -E9'->% E10 E9' @MOD -E9'->eps - -E10->E12 - -E12->.OneOpFunc1 ( EXP ) @.OneOpFunc1 -E12->( EXP ) - - -# Types must have '_' at the first -E12->_register @PUSH -E12->_id @PUSH - -# numbers -E12->_hex @PUSH -E12->_decimal @PUSH -E12->_octal @PUSH -E12->_binary @PUSH - -E12->_pseudo_register @PUSH - -E12->- E12 @NEG -E12->+ E12 -E12->~ E12 @NEG - -E13->eps -``` diff --git a/debugger-script/specifications.md b/debugger-script/specifications.md deleted file mode 100644 index 22d1b99..0000000 --- a/debugger-script/specifications.md +++ /dev/null @@ -1,13 +0,0 @@ ---- -layout: default -title: Language Specifications -parent: Debugger Script -nav_order: 1 ---- - -# Specifications -{: .no_toc } - -## Edition 1 - -The 1st specifications of the debugger script will be added soon! diff --git a/index.md b/index.md index 3b30902..6e6d32d 100644 --- a/index.md +++ b/index.md @@ -16,18 +16,22 @@ You can find the research reports, documentation, manuals, and academic papers h --- -## Debugger +## Debugger (kHyperDbg) -HyperDbg Debugger is a Windows debugger designed with a focus on using modern hardware technologies to provide new features to the debuggers' world. This debugger contains multiple software and hardware modules. +HyperDbg Debugger is a Windows user-mode and kernel-mode debugger designed with a focus on using modern hardware technologies to provide new features to the debuggers' world. This debugger contains multiple software and hardware modules. -## Debugger Script +## Debugger Script (dslang) -Debugger Script is a language designed to be fast, flexible, and to satisfy the debugger's needs to examine the target debuggee and automate the debugging and analyzing tasks. +Debugger Script or **dslang** is a language designed to be fast, flexible, and to satisfy the debugger's needs to examine the target debuggee and automate the debugging and analyzing tasks. ## Virtual Machine Monitor (VMM) -VMM is a HyperDbg module that operates on top of Windows by virtualizing an already running system using Intel VT-x and Intel PT. This module aims not to use any APIs and software debugging mechanisms; instead, it uses Second Layer Page Table (a.k.a. Extended Page Table or EPT) extensively to monitor both kernel and user executions. +VMM is a HyperDbg module that operates on top of Windows by virtualizing an already running system using Intel VT-x and Intel EPT. This module aims not to use any APIs and software debugging mechanisms; instead, it uses the Second Layer Page Table (a.k.a. Extended Page Table or EPT) extensively to monitor both kernel and user executions. -## Clkr Circuit +## Standard VMI and Debugging Library (libhyperdbg) -Clkr (Clocker) Circuit is an HDL module integrated into the HyperDbg Debugger to bring the power of digital circuit debugging to the HyperDbg. (This module is under development and not in a working state yet!) \ No newline at end of file +The libhyperdbg provides comprehensive standard Virtual Machine Introspection (VMI) and debugging functionalities, enabling user-mode applications to perform detailed system analysis, monitor virtual machines, and debug software efficiently. + +## hwdbg Chip Debugger + +The hwdbg debugger chip generator is a gate-level debugging tool designed to make configurable and synthesizable hardware debuggers for white-box and black-box chip fuzzing, testing, and reverse engineering. The primary goal of hwdbg is to provide control over hardware, enabling monitoring and modification of signals down to the granular level of a single clock cycle. It is written in Chisel and Verilog. \ No newline at end of file