event_inject
Description of the 'event_inject' function in HyperDbg Scripts
Function
event_inject
Syntax
event_inject( InterruptionType, Vector);
Parameters
[ Expression (InterruptionType)]
Type of the target interrupt/exception/fault (see the Remarks section for more information). Can be selected from the following table:
| Interruption Type | Description |
|---|---|
0 | External interrupt |
1 | Reserved |
2 | Non-maskable interrupt (NMI) |
3 | Hardware exception (e.g,. #PF) |
4 | Software interrupt (INT n) |
5 | Privileged software exception (INT1) |
6 | Software exception (INT3 or INTO) |
7 | Other event |
[ Expression (Vector)]
The vector number (interrupt IDT vector number) of the target interrupt/exception/fault. Can be selected from the following table:
| Name | Vector nr. | Type | Mnemonic | Error code? |
|---|---|---|---|---|
Divide-by-zero Error | 0 (0x0) | Fault | #DE | No |
Debug | 1 (0x1) | Fault/Trap | #DB | No |
Non-maskable Interrupt | 2 (0x2) | Interrupt | - | No |
Breakpoint | 3 (0x3) | Trap | #BP | No |
Overflow | 4 (0x4) | Trap | #OF | No |
Bound Range Exceeded | 5 (0x5) | Fault | #BR | No |
Invalid Opcode | 6 (0x6) | Fault | #UD | No |
Device Not Available | 7 (0x7) | Fault | #NM | No |
Double Fault | 8 (0x8) | Abort | #DF | Yes (Zero) |
Coprocessor Segment Overrun | 9 (0x9) | Fault | - | No |
Invalid TSS | 10 (0xA) | Fault | #TS | Yes |
Segment Not Present | 11 (0xB) | Fault | #NP | Yes |
Stack-Segment Fault | 12 (0xC) | Fault | #SS | Yes |
General Protection Fault | 13 (0xD) | Fault | #GP | Yes |
Page Fault | 14 (0xE) | Fault | #PF | Yes |
Reserved | 15 (0xF) | - | - | No |
x87 Floating-Point Exception | 16 (0x10) | Fault | #MF | No |
Alignment Check | 17 (0x11) | Fault | #AC | Yes |
Machine Check | 18 (0x12) | Abort | #MC | No |
SIMD Floating-Point Exception | 19 (0x13) | Fault | #XM/#XF | No |
Virtualization Exception | 20 (0x14) | Fault | #VE | No |
Reserved | 21-29 (0x15-0x1D) | - | - | No |
Security Exception | 30 (0x1E) | - | #SX | Yes |
Reserved | 31 (0x1F) | - | - | No |
Triple Fault | - | - | - | No |
FPU Error Interrupt | IRQ 13 | Interrupt | #FERR | No |
Description
Injects an interrupt/exception/fault which will be delivered once you continue the debuggee.
Examples
event_inject(6, 3);
Injects a breakpoint (Software Exception = 6 and Vector equal to Breakpoint = 3) to the target debuggee.
Remarks
This function won't set the error code. If the target interrupt/exception/fault needs an error code (see the table above), you should use the event_inject_error_code.
The interruption type determines the details of how the injection is performed. In general, you should use the type hardware exception for all exceptions other than the following:
breakpoint exceptions (#BP; a VMM should use the type software exception);
overflow exceptions (#OF a VMM should use the use type software exception); and
those debug exceptions (#DB) that are generated by INT1 (a VMM should use the use type privileged software exception).
The type of other event is used for the injection of events that are not delivered through the IDT.
Starting from v0.6, this function was added to the HyperDbg debugger.
Related
Last updated