uint64_t FDP_readRegister(HANDLE toVMPipe, uint8_t registerId){
Put8Pipe(toVMPipe, READ_REGISTER_64);
Put8Pipe(toVMPipe, registerId);
FlushFileBuffers(toVMPipe);
uint64_t result = Get64Pipe(toVMPipe);
return result;
}
uint64_t FDP_searchMemory(uint8_t *patternData, uint64_t patternSize, uint64_t startOffset, HANDLE toVMPipe){
Put8Pipe(toVMPipe, SEARCH_MEMORY);
Put64Pipe(toVMPipe, patternSize);
for (int i = 0; i < patternSize; i++){
Put8Pipe(toVMPipe, patternData[i]);
}
Put64Pipe(toVMPipe, startOffset);
return Get64Pipe(toVMPipe);
}
//Get potential virtual address from physical one.
uint64_t FDP_physical_virtual(uint64_t physical_addr, analysisContext_t *context){
Put8Pipe(context->toVMPipe, PHYSICAL_VIRTUAL);
Put64Pipe(context->toVMPipe, physical_addr);
FlushFileBuffers(context->toVMPipe);
uint64_t result = Get64Pipe(context->toVMPipe);
return result;
}
//Get physical address from virtual one.
uint64_t FDP_virtual_physical(uint64_t virtual_addr, HANDLE toVMPipe){
Put8Pipe(toVMPipe, VIRTUAL_PHYSICAL);
Put64Pipe(toVMPipe, virtual_addr);
FlushFileBuffers(toVMPipe);
uint64_t result = Get64Pipe(toVMPipe);
return result;
}
uint64_t readPhysical64(uint64_t physicalAddress, analysisContext_t *context){
uint64_t result;
if (context->curMode == STOCK_VBOX_TYPE){
Put8Pipe(context->toVMPipe, READ_PHYSICAL_64);
Put64Pipe(context->toVMPipe, physicalAddress);
FlushFileBuffers(context->toVMPipe);
result = Get64Pipe(context->toVMPipe);
}else{
readPhysical((uint8_t*)&result, sizeof(result), physicalAddress, context);
}
return result;
}
//TODO: move in FDP.cpp
bool readPhysical(uint8_t *dstBuffer, uint64_t size, uint64_t physicalAdress, analysisContext_t *context){
if (context->curMode == STOCK_VBOX_TYPE){
Put8Pipe(context->toVMPipe, READ_PHYSICAL);
Put64Pipe(context->toVMPipe, physicalAdress);
Put64Pipe(context->toVMPipe, size);
FlushFileBuffers(context->toVMPipe);
for (int i = 0; i < size; i++){
dstBuffer[i] = Get8Pipe(context->toVMPipe);
}
}else{
memcpy(dstBuffer, context->physicalMemory + physicalAdress, size);
}
return true;
}
uint8_t FDP_resume(HANDLE toVMPipe){
Put8Pipe(toVMPipe, RESUME_VM);
FlushFileBuffers(toVMPipe);
uint8_t result = Get8Pipe(toVMPipe);
return result;
}
uint8_t FDP_pause(HANDLE toVMPipe){
Put8Pipe(toVMPipe, PAUSE_VM);
FlushFileBuffers(toVMPipe);
uint8_t result = Get8Pipe(toVMPipe);
return result;
}