Bitdefender Hypervisor Memory Introspection
Typedefs | Enumerations | Functions
agent.h File Reference
#include "thread_safeness.h"

Go to the source code of this file.

Typedefs

typedef enum _AG_WAITSTATE AG_WAITSTATE
 

Enumerations

enum  _AG_WAITSTATE { agNone, agActive, agWaiting }
 

Functions

INTSTATUS IntAgentHandleInt3 (QWORD Rip, DWORD CpuNumber)
 Dispatch a breakpoint event to the Windows or Linux agent breakpoint handler. More...
 
INTSTATUS IntAgentHandleVmcall (QWORD Rip)
 Dispatch a VMCALL event to the Windows or Linux agent VMCALL handler. More...
 
INTSTATUS IntAgentActivatePendingAgent (void)
 Activate a pending Windows or Linux agent. More...
 
void IntAgentDisablePendingAgents (void)
 Disable the Windows or Linux pending agents. More...
 
AG_WAITSTATE IntAgentGetState (DWORD *Tag)
 Get the current Windows or Linux agent state. More...
 
INTSTATUS IntAgentEnableInjection (void)
 Enable Windows or Linux agent injection. More...
 
BOOLEAN IntAgentIsPtrInTrampoline (QWORD Ptr, THS_PTR_TYPE Type)
 Check if the provided pointer points inside the Windows trampoline code. More...
 

Typedef Documentation

◆ AG_WAITSTATE

typedef enum _AG_WAITSTATE AG_WAITSTATE

Enumeration Type Documentation

◆ _AG_WAITSTATE

enum _AG_WAITSTATE
Enumerator
agNone 

No active/pending agents.

agActive 

We have an active agent, currently injected inside the guest.

agWaiting 

We have at least pending agent waiting to be injected inside the guest.

Definition at line 13 of file agent.h.

Function Documentation

◆ IntAgentActivatePendingAgent()

INTSTATUS IntAgentActivatePendingAgent ( void  )

Activate a pending Windows or Linux agent.

Return values
INT_STATUS_SUCCESSOn success.
INT_STATUS_NOT_INITIALIZED_HINTIf the guest OS is not initialized.
INT_STATUS_NOT_SUPPORTEDIf the OS is not recognized.

Definition at line 70 of file agent.c.

Referenced by IntGuestPreReturnCallback().

◆ IntAgentDisablePendingAgents()

void IntAgentDisablePendingAgents ( void  )

Disable the Windows or Linux pending agents.

Definition at line 102 of file agent.c.

Referenced by IntGuestPrepareUninit().

◆ IntAgentEnableInjection()

INTSTATUS IntAgentEnableInjection ( void  )

Enable Windows or Linux agent injection.

Return values
INT_STATUS_SUCCESSOn success.
INT_STATUS_NOT_SUPPORTEDIf the OS is not recognized.

Definition at line 152 of file agent.c.

Referenced by IntWinProcCreateProcessObject().

◆ IntAgentGetState()

AG_WAITSTATE IntAgentGetState ( DWORD Tag)

Get the current Windows or Linux agent state.

Parameters
[out]TagOptional active agent tag.
Returns
The current agent state.

Definition at line 121 of file agent.c.

Referenced by IntGuestIsSafeToDisable().

◆ IntAgentHandleInt3()

INTSTATUS IntAgentHandleInt3 ( QWORD  Rip,
DWORD  CpuNumber 
)

Dispatch a breakpoint event to the Windows or Linux agent breakpoint handler.

Parameters
[in]RipThe RIP the breakpoint took place at.
[in]CpuNumberThe VCPU number.
Return values
INT_STATUS_SUCCESSOn success.
INT_STATUS_NOT_SUPPORTEDIf the OS is not recognized.

Definition at line 12 of file agent.c.

Referenced by IntHandleBreakpoint().

◆ IntAgentHandleVmcall()

INTSTATUS IntAgentHandleVmcall ( QWORD  Rip)

Dispatch a VMCALL event to the Windows or Linux agent VMCALL handler.

Parameters
[in]RipThe RIP the VMCALL took place at.
Return values
INT_STATUS_SUCCESSOn success.
INT_STATUS_NOT_SUPPORTEDIf the OS is not recognized.

Definition at line 42 of file agent.c.

Referenced by IntHandleIntroCall().

◆ IntAgentIsPtrInTrampoline()

BOOLEAN IntAgentIsPtrInTrampoline ( QWORD  Ptr,
THS_PTR_TYPE  Type 
)

Check if the provided pointer points inside the Windows trampoline code.

Parameters
[in]PtrThe pointer to be checked.
[in]TypePointer type - live RIP or stack value.
Returns
True if the provided pointer points inside the trampoline code, false otherwise.

Definition at line 180 of file agent.c.

Referenced by IntThrSafeIsLiveRIPInIntro(), and IntThrSafeIsStackPtrInIntro().