//Get potential virtual address from physical one. uint64_t FDP_physical_virtual(uint64_t physical_addr, analysisContext_t *context){ Put8Pipe(context->toVMPipe, PHYSICAL_VIRTUAL); Put64Pipe(context->toVMPipe, physical_addr); FlushFileBuffers(context->toVMPipe); uint64_t result = Get64Pipe(context->toVMPipe); return result; }
//Get physical address from virtual one. uint64_t FDP_virtual_physical(uint64_t virtual_addr, HANDLE toVMPipe){ Put8Pipe(toVMPipe, VIRTUAL_PHYSICAL); Put64Pipe(toVMPipe, virtual_addr); FlushFileBuffers(toVMPipe); uint64_t result = Get64Pipe(toVMPipe); return result; }
uint64_t FDP_readRegister(HANDLE toVMPipe, uint8_t registerId){ Put8Pipe(toVMPipe, READ_REGISTER_64); Put8Pipe(toVMPipe, registerId); FlushFileBuffers(toVMPipe); uint64_t result = Get64Pipe(toVMPipe); return result; }
uint64_t FDP_searchMemory(uint8_t *patternData, uint64_t patternSize, uint64_t startOffset, HANDLE toVMPipe){ Put8Pipe(toVMPipe, SEARCH_MEMORY); Put64Pipe(toVMPipe, patternSize); for (int i = 0; i < patternSize; i++){ Put8Pipe(toVMPipe, patternData[i]); } Put64Pipe(toVMPipe, startOffset); return Get64Pipe(toVMPipe); }
uint64_t readPhysical64(uint64_t physicalAddress, analysisContext_t *context){ uint64_t result; if (context->curMode == STOCK_VBOX_TYPE){ Put8Pipe(context->toVMPipe, READ_PHYSICAL_64); Put64Pipe(context->toVMPipe, physicalAddress); FlushFileBuffers(context->toVMPipe); result = Get64Pipe(context->toVMPipe); }else{ readPhysical((uint8_t*)&result, sizeof(result), physicalAddress, context); } return result; }