Bitdefender Hypervisor Memory Introspection
callbacks.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2020 Bitdefender
3  * SPDX-License-Identifier: Apache-2.0
4  */
5 #ifndef _CALLBACKS_H_
6 #define _CALLBACKS_H_
7 
8 #include "glue.h"
9 #include "introdefs.h"
10 
11 
12 INTSTATUS
13 IntHandleEptViolation(
14  _In_ void *GuestHandle,
15  _In_ QWORD PhysicalAddress,
16  _In_ DWORD Length,
17  _In_ QWORD LinearAddress,
18  _In_ DWORD CpuNumber,
19  _Out_ INTRO_ACTION *Action,
20  _In_ IG_EPT_ACCESS AccessType
21  );
22 
23 INTSTATUS
24 IntHandleMsrViolation(
25  _In_ void *GuestHandle,
26  _In_ DWORD Msr,
27  _In_ IG_MSR_HOOK_TYPE Flags,
28  _Out_ INTRO_ACTION *Action,
29  _In_opt_ QWORD OriginalValue,
30  _Inout_opt_ QWORD *NewValue,
31  _In_ DWORD CpuNumber
32  );
33 
34 INTSTATUS
35 IntHandleCrWrite(
36  _In_ void *GuestHandle,
37  _In_ DWORD Cr,
38  _In_ DWORD CpuNumber,
39  _In_ QWORD OldValue,
40  _In_ QWORD NewValue,
41  _Out_ INTRO_ACTION *Action
42  );
43 
44 INTSTATUS
45 IntHandleDtrViolation(
46  _In_ void *GuestHandle,
47  _In_ DWORD Flags,
48  _In_ DWORD CpuNumber,
49  _Out_ INTRO_ACTION *Action
50  );
51 
52 INTSTATUS
53 IntHandleIntroCall(
54  _In_ void *GuestHandle,
55  _In_ QWORD Rip,
56  _In_ DWORD CpuNumber
57  );
58 
59 INTSTATUS
60 IntHandleTimer(
61  _In_ void *GuestHandle
62  );
63 
64 INTSTATUS
65 IntHandleXcrWrite(
66  _In_ void *GuestHandle,
67  _In_ DWORD CpuNumber,
68  _Out_ INTRO_ACTION *Action
69  );
70 
71 INTSTATUS
72 IntHandleBreakpoint(
73  _In_ void *GuestHandle,
74  _In_ QWORD GuestPhysicalAddress,
75  _In_ DWORD CpuNumber
76  );
77 
78 
79 INTSTATUS
80 IntCallbacksInit(
81  void
82  );
83 
84 INTSTATUS
85 IntCallbacksUnInit(
86  void
87  );
88 
89 
90 static inline INTSTATUS
91 IntEnableEptNotifications(
92  void
93  )
94 {
95  TRACE("[CALLBACK] Register the EPT callback...\n");
96 
97  INTSTATUS status = IntRegisterEPTHandler(IntHandleEptViolation);
98  if (!INT_SUCCESS(status))
99  {
100  ERROR("[ERROR] IntRegisterEPTHandler failed: 0x%08x\n", status);
101  }
102 
103  return status;
104 }
105 
106 
107 static inline INTSTATUS
108 IntDisableEptNotifications(
109  void
110  )
111 {
112  TRACE("[CALLBACK] Unregister the EPT callback...\n");
113 
114  INTSTATUS status = IntUnregisterEPTHandler();
115  if (!INT_SUCCESS(status))
116  {
117  ERROR("[ERROR] IntUnregisterEPTHandler failed: 0x%08x\n", status);
118  }
119 
120  return status;
121 }
122 
123 
124 static inline INTSTATUS
125 IntEnableDtrNotifications(
126  void
127  )
128 {
129  TRACE("[CALLBACK] Register the DTR callback...\n");
130 
131  INTSTATUS status = IntRegisterDtrHandler(IntHandleDtrViolation);
132  if (!INT_SUCCESS(status))
133  {
134  ERROR("[ERROR] IntRegisterDtrHandler failed: 0x%08x\n", status);
135  }
136 
137  return status;
138 }
139 
140 
141 static inline INTSTATUS
142 IntDisableDtrNotifications(
143  void
144  )
145 {
146  TRACE("[CALLBACK] Unregister the DTR callback...\n");
147 
148  INTSTATUS status = IntUnregisterDtrHandler();
149  if (!INT_SUCCESS(status))
150  {
151  ERROR("[ERROR] IntUnregisterDtrHandler failed: 0x%08x\n", status);
152  }
153 
154  return status;
155 }
156 
157 
158 static inline INTSTATUS
159 IntEnableMsrNotifications(
160  void
161  )
162 {
163  TRACE("[CALLBACK] Register the MSR callback...\n");
164 
165  INTSTATUS status = IntRegisterMSRHandler(IntHandleMsrViolation);
166  if (!INT_SUCCESS(status))
167  {
168  ERROR("[ERROR] IntRegisterMSRHandler failed: 0x%08x\n", status);
169  }
170 
171  return status;
172 }
173 
174 
175 static inline INTSTATUS
176 IntDisableMsrNotifications(
177  void
178  )
179 {
180  TRACE("[CALLBACK] Unregister the MSR callback...\n");
181 
182  INTSTATUS status = IntUnregisterMSRHandler();
183  if (!INT_SUCCESS(status))
184  {
185  ERROR("[ERROR] IntUnregisterMSRHandler failed: 0x%08x\n", status);
186  }
187 
188  return status;
189 }
190 
191 
192 static inline INTSTATUS
193 IntEnableCrNotifications(
194  void
195  )
196 {
197  TRACE("[CALLBACK] Register the CR callback...\n");
198 
199  INTSTATUS status = IntRegisterCrWriteHandler(IntHandleCrWrite);
200  if (!INT_SUCCESS(status))
201  {
202  ERROR("[ERROR] IntRegisterCrWriteHandler failed: 0x%08x\n", status);
203  }
204 
205  return status;
206 }
207 
208 
209 static inline INTSTATUS
210 IntDisableCrNotifications(
211  void
212  )
213 {
214  TRACE("[CALLBACK] Unregister the CR callback...\n");
215 
216  INTSTATUS status = IntUnregisterCrWriteHandler();
217  if (!INT_SUCCESS(status))
218  {
219  ERROR("[ERROR] IntUnregisterCrWriteHandler failed: 0x%08x\n", status);
220  }
221 
222  return status;
223 }
224 
225 
226 static inline INTSTATUS
227 IntEnableXcrNotifications(
228  void
229  )
230 {
231  TRACE("[CALLBACK] Register the XCR callback...\n");
232 
233  INTSTATUS status = IntRegisterXcrWriteHandler(IntHandleXcrWrite);
234  if (!INT_SUCCESS(status))
235  {
236  ERROR("[ERROR] IntRegisterXcrWriteHandler failed: 0x%08x\n", status);
237  }
238 
239  return status;
240 }
241 
242 
243 static inline INTSTATUS
244 IntDisableXcrNotifications(
245  void
246  )
247 {
248  TRACE("[CALLBACK] Unregister the XCR callback...\n");
249 
250  INTSTATUS status = IntUnregisterXcrWriteHandler();
251  if (!INT_SUCCESS(status))
252  {
253  ERROR("[ERROR] IntUnregisterXcrHandler failed: 0x%08x\n", status);
254  }
255 
256  return status;
257 }
258 
259 
260 static inline INTSTATUS
261 IntEnableBreakpointNotifications(
262  void
263  )
264 {
265  TRACE("[CALLBACK] Register the INT3 callback...\n");
266 
267  INTSTATUS status = IntRegisterBreakpointHandler(IntHandleBreakpoint);
268  if (!INT_SUCCESS(status))
269  {
270  ERROR("[ERROR] IntRegisterBreakpointHandler failed: 0x%08x\n", status);
271  }
272 
273  return status;
274 }
275 
276 
277 static inline INTSTATUS
278 IntDisableBreakpointNotifications(
279  void
280  )
281 {
282  TRACE("[CALLBACK] Unregister the INT3 callback...\n");
283 
284  INTSTATUS status = IntUnregisterBreakpointHandler();
285  if (!INT_SUCCESS(status))
286  {
287  ERROR("[ERROR] IntUnregisterBreakpointHandler failed: 0x%08x\n", status);
288  }
289 
290  return status;
291 }
292 
293 
294 #endif // _CALLBACKS_H_
_In_opt_
#define _In_opt_
Definition: intro_sal.h:16
_Out_
#define _Out_
Definition: intro_sal.h:22
IntRegisterDtrHandler
INTSTATUS IntRegisterDtrHandler(PFUNC_IntIntroDescriptorTableCallback Callback)
Definition: glue.c:777
IntDisableCrNotifications
static INTSTATUS IntDisableCrNotifications(void)
Definition: callbacks.h:210
IntHandleXcrWrite
INTSTATUS IntHandleXcrWrite(void *GuestHandle, DWORD CpuNumber, INTRO_ACTION *Action)
Handle extended control registers writes.
Definition: callbacks.c:2580
_In_
#define _In_
Definition: intro_sal.h:21
INT_SUCCESS
#define INT_SUCCESS(Status)
Definition: introstatus.h:42
ERROR
#define ERROR(fmt,...)
Definition: glue.h:62
INTSTATUS
int INTSTATUS
The status data type.
Definition: introstatus.h:24
IntUnregisterEPTHandler
INTSTATUS IntUnregisterEPTHandler(void)
Definition: glue.c:732
IntCallbacksUnInit
INTSTATUS IntCallbacksUnInit(void)
Uninit all the Introcore callbacks.
Definition: callbacks.c:3576
IntUnregisterDtrHandler
INTSTATUS IntUnregisterDtrHandler(void)
Definition: glue.c:786
IntUnregisterXcrWriteHandler
INTSTATUS IntUnregisterXcrWriteHandler(void)
Definition: glue.c:804
IntRegisterCrWriteHandler
INTSTATUS IntRegisterCrWriteHandler(PFUNC_IntCrWriteCallback Callback)
Definition: glue.c:565
IntEnableEptNotifications
static INTSTATUS IntEnableEptNotifications(void)
Definition: callbacks.h:91
IntDisableEptNotifications
static INTSTATUS IntDisableEptNotifications(void)
Definition: callbacks.h:108
_Inout_opt_
#define _Inout_opt_
Definition: intro_sal.h:31
QWORD
unsigned long long QWORD
Definition: intro_types.h:53
IntEnableCrNotifications
static INTSTATUS IntEnableCrNotifications(void)
Definition: callbacks.h:193
TRACE
#define TRACE(fmt,...)
Definition: glue.h:58
IntEnableMsrNotifications
static INTSTATUS IntEnableMsrNotifications(void)
Definition: callbacks.h:159
IntDisableXcrNotifications
static INTSTATUS IntDisableXcrNotifications(void)
Definition: callbacks.h:244
IntRegisterMSRHandler
INTSTATUS IntRegisterMSRHandler(PFUNC_IntMSRViolationCallback Callback)
Definition: glue.c:519
IntDisableDtrNotifications
static INTSTATUS IntDisableDtrNotifications(void)
Definition: callbacks.h:142
IntHandleTimer
INTSTATUS IntHandleTimer(void *GuestHandle)
Periodically called by the integrator, once every second.
Definition: callbacks.c:2359
DWORD
uint32_t DWORD
Definition: intro_types.h:49
IG_EPT_ACCESS
BYTE IG_EPT_ACCESS
Definition: glueiface.h:303
IG_MSR_HOOK_TYPE
IG_MSR_HOOK_TYPE
The type of the MSR access.
Definition: glueiface.h:171
IntHandleCrWrite
INTSTATUS IntHandleCrWrite(void *GuestHandle, DWORD Cr, DWORD CpuNumber, QWORD OldValue, QWORD NewValue, INTRO_ACTION *Action)
Handle a control register violation.
Definition: callbacks.c:1692
INTRO_ACTION
enum _INTRO_ACTION INTRO_ACTION
Event actions.
IntUnregisterMSRHandler
INTSTATUS IntUnregisterMSRHandler(void)
Definition: glue.c:528
IntRegisterBreakpointHandler
INTSTATUS IntRegisterBreakpointHandler(PFUNC_IntBreakpointCallback Callback)
Definition: glue.c:583
IntEnableBreakpointNotifications
static INTSTATUS IntEnableBreakpointNotifications(void)
Definition: callbacks.h:261
IntDisableBreakpointNotifications
static INTSTATUS IntDisableBreakpointNotifications(void)
Definition: callbacks.h:278
IntUnregisterCrWriteHandler
INTSTATUS IntUnregisterCrWriteHandler(void)
Definition: glue.c:574
IntEnableXcrNotifications
static INTSTATUS IntEnableXcrNotifications(void)
Definition: callbacks.h:227
IntEnableDtrNotifications
static INTSTATUS IntEnableDtrNotifications(void)
Definition: callbacks.h:125
IntRegisterEPTHandler
INTSTATUS IntRegisterEPTHandler(PFUNC_IntEPTViolationCallback Callback)
Definition: glue.c:723
IntHandleMsrViolation
INTSTATUS IntHandleMsrViolation(void *GuestHandle, DWORD Msr, IG_MSR_HOOK_TYPE Flags, INTRO_ACTION *Action, QWORD OriginalValue, QWORD *NewValue, DWORD CpuNumber)
Handle a model specific register violation.
Definition: callbacks.c:1536
IntCallbacksInit
INTSTATUS IntCallbacksInit(void)
Initialize the callbacks.
Definition: callbacks.c:3527
IntRegisterXcrWriteHandler
INTSTATUS IntRegisterXcrWriteHandler(PFUNC_IntXcrWriteCallback Callback)
Definition: glue.c:795
IntHandleIntroCall
INTSTATUS IntHandleIntroCall(void *GuestHandle, QWORD Rip, DWORD CpuNumber)
Handle a VMCALL issued inside the guest.
Definition: callbacks.c:2140
IntHandleDtrViolation
INTSTATUS IntHandleDtrViolation(void *GuestHandle, DWORD Flags, DWORD CpuNumber, INTRO_ACTION *Action)
Handle GDTR, IDTR, LDTR, TR accesses.
Definition: callbacks.c:3116
IntHandleBreakpoint
INTSTATUS IntHandleBreakpoint(void *GuestHandle, QWORD GuestPhysicalAddress, DWORD CpuNumber)
Handle guest breakpoints.
Definition: callbacks.c:2734
IntUnregisterBreakpointHandler
INTSTATUS IntUnregisterBreakpointHandler(void)
Definition: glue.c:592
IntHandleEptViolation
INTSTATUS IntHandleEptViolation(void *GuestHandle, QWORD PhysicalAddress, DWORD Length, QWORD LinearAddress, DWORD CpuNumber, INTRO_ACTION *Action, IG_EPT_ACCESS AccessType)
Handle an EPT violation.
Definition: callbacks.c:825
IntDisableMsrNotifications
static INTSTATUS IntDisableMsrNotifications(void)
Definition: callbacks.h:176