Clear register event conditionally

GDATASoftwareAG · Aug 2, 2023 · db7ad0b · db7ad0b
1 parent 6b020bd
commit db7ad0b
Show file tree

Hide file tree

Showing 5 changed files with 19 additions and 25 deletions.
diff --git a/vmicore/src/lib/vmi/InterruptEventSupervisor.cpp b/vmicore/src/lib/vmi/InterruptEventSupervisor.cpp
@@ -20,12 +20,12 @@ namespace VmiCore
         std::shared_ptr<ILibvmiInterface> vmiInterface,
         std::shared_ptr<ISingleStepSupervisor> singleStepSupervisor,
         std::shared_ptr<IActiveProcessesSupervisor> activeProcessesSupervisor,
-        std::shared_ptr<IRegisterEventSupervisor> registerSupervisor,
+        std::shared_ptr<IRegisterEventSupervisor> registerEventSupervisor,
         std::shared_ptr<ILogging> loggingLib)
         : vmiInterface(std::move(vmiInterface)),
           singleStepSupervisor(std::move(singleStepSupervisor)),
           activeProcessesSupervisor(std::move(activeProcessesSupervisor)),
-          registerSupervisor(std::move(registerSupervisor)),
+          registerEventSupervisor(std::move(registerEventSupervisor)),
           loggingLib(std::move(loggingLib)),
           logger(this->loggingLib->newNamedLogger(loggerName))
     {
@@ -44,17 +44,16 @@ namespace VmiCore
         event->interrupt_event.insn_length = 1;
         vmiInterface->registerEvent(*event);
         singleStepSupervisor->initializeSingleStepEvents();
-        registerSupervisor->initializeDtbMonitoring();
         singleStepCallbackFunction = VMICORE_SETUP_SAFE_MEMBER_CALLBACK(singleStepCallback);
         contextSwitchCallbackFunction = VMICORE_SETUP_SAFE_MEMBER_CALLBACK(contextSwitchCallback);
-        registerSupervisor->setContextSwitchCallback(contextSwitchCallbackFunction);
+        registerEventSupervisor->setContextSwitchCallback(contextSwitchCallbackFunction);
     }
 
     void InterruptEventSupervisor::teardown()
     {
         clearInterruptEventHandling();
         singleStepSupervisor->teardown();
-        registerSupervisor->teardown();
+        registerEventSupervisor->teardown();
     }
 
     std::shared_ptr<IBreakpoint>

diff --git a/vmicore/src/lib/vmi/InterruptEventSupervisor.h b/vmicore/src/lib/vmi/InterruptEventSupervisor.h
@@ -47,7 +47,7 @@ namespace VmiCore
         explicit InterruptEventSupervisor(std::shared_ptr<ILibvmiInterface> vmiInterface,
                                           std::shared_ptr<ISingleStepSupervisor> singleStepSupervisor,
                                           std::shared_ptr<IActiveProcessesSupervisor> activeProcessesSupervisor,
-                                          std::shared_ptr<IRegisterEventSupervisor> registerSupervisor,
+                                          std::shared_ptr<IRegisterEventSupervisor> registerEventSupervisor,
                                           std::shared_ptr<ILogging> loggingLib);
 
         ~InterruptEventSupervisor() noexcept override;
@@ -88,7 +88,7 @@ namespace VmiCore
         std::shared_ptr<ILibvmiInterface> vmiInterface;
         std::shared_ptr<ISingleStepSupervisor> singleStepSupervisor;
         std::shared_ptr<IActiveProcessesSupervisor> activeProcessesSupervisor;
-        std::shared_ptr<IRegisterEventSupervisor> registerSupervisor;
+        std::shared_ptr<IRegisterEventSupervisor> registerEventSupervisor;
         std::shared_ptr<ILogging> loggingLib;
         std::unique_ptr<ILogger> logger;
 

diff --git a/vmicore/src/lib/vmi/RegisterEventSupervisor.cpp b/vmicore/src/lib/vmi/RegisterEventSupervisor.cpp
@@ -14,15 +14,10 @@ namespace VmiCore
 
     void RegisterEventSupervisor::teardown()
     {
-        clearDtbEventHandling();
-    }
-
-    void RegisterEventSupervisor::initializeDtbMonitoring()
-    {
-        SETUP_REG_EVENT(contextSwitchEvent, CR3, VMI_REGACCESS_W, 0, RegisterEventSupervisor::_defaultRegisterCallback);
-        contextSwitchEvent->reg_event.onchange = true;
-        contextSwitchEvent->reg_event.async = 0;
-        contextSwitchEvent->data = this;
+        if (contextSwitchEvent)
+        {
+            vmiInterface->clearEvent(*contextSwitchEvent, false);
+        }
     }
 
     void RegisterEventSupervisor::setContextSwitchCallback(const std::function<void(vmi_event_t*)>& eventCallback)
@@ -33,6 +28,7 @@ namespace VmiCore
                                            std::source_location::current().function_name()));
         }
         callback = eventCallback;
+        initializeRegisterEvent();
         vmiInterface->registerEvent(*contextSwitchEvent);
     }
 
@@ -56,8 +52,12 @@ namespace VmiCore
         return VMI_EVENT_RESPONSE_NONE;
     }
 
-    void RegisterEventSupervisor::clearDtbEventHandling()
+    void RegisterEventSupervisor::initializeRegisterEvent()
     {
-        vmiInterface->clearEvent(*contextSwitchEvent, false);
+        contextSwitchEvent = std::make_unique<vmi_event_t>();
+        SETUP_REG_EVENT(contextSwitchEvent, CR3, VMI_REGACCESS_W, 0, RegisterEventSupervisor::_defaultRegisterCallback);
+        contextSwitchEvent->reg_event.onchange = true;
+        contextSwitchEvent->reg_event.async = 0;
+        contextSwitchEvent->data = this;
     }
 }
diff --git a/vmicore/src/lib/vmi/RegisterEventSupervisor.h b/vmicore/src/lib/vmi/RegisterEventSupervisor.h
@@ -16,8 +16,6 @@ namespace VmiCore
 
         virtual void teardown() = 0;
 
-        virtual void initializeDtbMonitoring() = 0;
-
         virtual void setContextSwitchCallback(const std::function<void(vmi_event_t*)>& eventCallback) = 0;
 
       protected:
@@ -36,21 +34,19 @@ namespace VmiCore
 
         void teardown() override;
 
-        void initializeDtbMonitoring() override;
-
         void setContextSwitchCallback(const std::function<void(vmi_event_t*)>& eventCallback) override;
 
         static event_response_t _defaultRegisterCallback([[maybe_unused]] vmi_instance_t vmi, vmi_event_t* event);
 
       private:
         std::shared_ptr<ILibvmiInterface> vmiInterface;
-        std::unique_ptr<vmi_event_t> contextSwitchEvent = std::make_unique<vmi_event_t>();
+        std::unique_ptr<vmi_event_t> contextSwitchEvent;
         std::function<void(vmi_event_t*)> callback{};
         std::unique_ptr<ILogger> logger;
 
         event_response_t registerCallback(vmi_event_t* event) const;
 
-        void clearDtbEventHandling();
+        void initializeRegisterEvent();
     };
 }
 

diff --git a/vmicore/test/lib/vmi/ContextSwitchHandler_UnitTest.cpp b/vmicore/test/lib/vmi/ContextSwitchHandler_UnitTest.cpp
@@ -42,7 +42,6 @@ namespace VmiCore
                     });
 
             contextSwitchHandler = std::make_shared<RegisterEventSupervisor>(vmiInterface, mockLogging);
-            contextSwitchHandler->initializeDtbMonitoring();
         }
     };
-Original file line number
+Diff line change
@@ Expand Up / @@ -42,7 +42,6 @@ namespace VmiCore @@
                         });
                 contextSwitchHandler = std::make_shared<RegisterEventSupervisor>(vmiInterface, mockLogging);
-                contextSwitchHandler->initializeDtbMonitoring();
             }
         };
@@ Expand Down @@