Skip to main content

vmi_os_windows/comps/
trap_frame.rs

1use vmi_core::{Va, VmiError, VmiState, VmiVa, driver::VmiRead};
2
3use super::WindowsObject;
4use crate::{ArchAdapter, WindowsOs, offset};
5
6/// A Windows trap frame.
7///
8/// A trap frame is a kernel structure that contains the context of a thread
9/// when it is interrupted by an exception or an interrupt. It is used to save
10/// the state of the thread so that it can be resumed later.
11///
12/// # Implementation Details
13///
14/// Corresponds to `_KTRAP_FRAME`.
15pub struct WindowsTrapFrame<'a, Driver>
16where
17    Driver: VmiRead,
18    Driver::Architecture: ArchAdapter<Driver>,
19{
20    /// The VMI state.
21    vmi: VmiState<'a, WindowsOs<Driver>>,
22
23    /// Address of the `_KTRAP_FRAME` structure.
24    va: Va,
25}
26
27impl<'a, Driver> From<WindowsTrapFrame<'a, Driver>> for WindowsObject<'a, Driver>
28where
29    Driver: VmiRead,
30    Driver::Architecture: ArchAdapter<Driver>,
31{
32    fn from(value: WindowsTrapFrame<'a, Driver>) -> Self {
33        Self::new(value.vmi, value.va)
34    }
35}
36
37impl<Driver> VmiVa for WindowsTrapFrame<'_, Driver>
38where
39    Driver: VmiRead,
40    Driver::Architecture: ArchAdapter<Driver>,
41{
42    fn va(&self) -> Va {
43        self.va
44    }
45}
46
47impl<'a, Driver> WindowsTrapFrame<'a, Driver>
48where
49    Driver: VmiRead,
50    Driver::Architecture: ArchAdapter<Driver>,
51{
52    /// Creates a new Windows trap frame.
53    pub fn new(vmi: VmiState<'a, WindowsOs<Driver>>, va: Va) -> Self {
54        Self { vmi, va }
55    }
56
57    /// Returns the instruction pointer.
58    ///
59    /// # Implementation Details
60    ///
61    /// Corresponds to `_KTRAP_FRAME.Rip`.
62    pub fn instruction_pointer(&self) -> Result<Va, VmiError> {
63        let KTRAP_FRAME = offset!(self.vmi, _KTRAP_FRAME);
64
65        self.vmi.read_va_native(self.va + KTRAP_FRAME.Rip.offset())
66    }
67
68    /// Returns the stack pointer.
69    ///
70    /// # Implementation Details
71    ///
72    /// Corresponds to `_KTRAP_FRAME.Rsp`.
73    pub fn stack_pointer(&self) -> Result<Va, VmiError> {
74        let KTRAP_FRAME = offset!(self.vmi, _KTRAP_FRAME);
75
76        self.vmi.read_va_native(self.va + KTRAP_FRAME.Rsp.offset())
77    }
78}