- Generated by
1.8.13
|
Bitdefender Hypervisor Memory Introspection
|
#include "debugger.h"#include "codeblocks.h"#include "decoder.h"#include "deployer.h"#include "gpacache.h"#include "hook.h"#include "hook_cr.h"#include "icache.h"#include "introapi.h"#include "kernvm.h"#include "memcloak.h"#include "ptfilter.h"#include "swapmem.h"#include "vasmonitor.h"#include "vecore.h"#include "visibility.h"#include "winnet.h"#include "winpe.h"#include "winpfn.h"#include "winprocesshp.h"#include "lixksym.h"#include "swapgs.h"Go to the source code of this file.
Data Structures | |
| struct | _DEBUGGER_COMMAND |
Typedefs | |
| typedef void(* | PFUNC_DebuggerFunctionArgs) (DWORD Argc, const char *Argv[]) |
| typedef void(* | PFUNC_DebuggerFunctionNoArgs) (void) |
| typedef struct _DEBUGGER_COMMAND | DEBUGGER_COMMAND |
Functions | |
| static INTSTATUS | DbgSwapCallback (void *Context, QWORD Cr3, QWORD VirtualAddress, QWORD PhysicalAddress, void *Data, DWORD DataSize, DWORD Flags) |
| static INTSTATUS | DbgVaModificationHandler (void *Context, QWORD VirtualAddress, QWORD OldEntry, QWORD NewEntry, QWORD OldPageSize, QWORD NewPageSize) |
| static INTSTATUS | DbgVaSpaceIterationCallback (QWORD Cr3, QWORD VirtualAddress, QWORD Entry, QWORD PageSize) |
| static INTSTATUS | DbgVaSpaceIterationCallbackCount (QWORD Cr3, QWORD VirtualAddress, QWORD PhysicalAddress, QWORD PageSize) |
| static void | IntDbgCheckHooks (void) |
| static void | DbgDumpKmException (KM_EXCEPTION *Exception) |
| static void | DbgDumpUmException (UM_EXCEPTION *Exception) |
| static void | DbgDumpUmExceptionGlobMatch (UM_EXCEPTION_GLOB *Exception) |
| static INTSTATUS | DbgCrWriteTestCallback (void *Context, DWORD Cr, QWORD OldValue, QWORD NewValue, INTRO_ACTION *Action) |
| static void | DbgShowHelp (void) |
| static void | DbgDumpGuestModules (void) |
| static void | DbgInjectPf (DWORD Argc, const char *Argv[]) |
| static void | DbgDumpPfn (DWORD Argc, const char *Argv[]) |
| static void | DbgDumpCodeblocks (DWORD Argc, const char *Argv[]) |
| static void | DbgDumpExceptions (void) |
| static void | DbgDumpHooksGva (void) |
| static void | DbgDumpProcesses (void) |
| static void | DbgProcAdd (DWORD Argc, const char *Argv[]) |
| static void | DbgProcRem (DWORD Argc, const char *Argv[]) |
| static void | DbgProcClear (void) |
| static void | DbgProcList (void) |
| static void | DbgDumpGpaCache (void) |
| static void | DbgDisasm (DWORD Argc, const char *Argv[]) |
| static void | DbgInjectAgent (DWORD Argc, const char *Argv[]) |
| static void | DbgInjectFileAgent (DWORD Argc, const char *Argv[]) |
| static void | DbgSearchVaSpace (DWORD Argc, const char *Argv[]) |
| static void | DbgIterateVaSpace (void) |
| static void | DbgDumpTranslation (DWORD Argc, const char *Argv[]) |
| static void | DbgPtsHook (DWORD Argc, const char *Argv[]) |
| static void | DbgPtsUnhook (DWORD Argc, const char *Argv[]) |
| static void | DbgPtsWrite (DWORD Argc, const char *Argv[]) |
| static void | DbgDumpCpuState (void) |
| static void | DbgLogCoreOptions (void) |
| static void | DbgSetCoreOptions (DWORD Argc, const char *Argv[]) |
| static void | DbgLogCurrentProcess (void) |
| static void | DbgFindKsym (DWORD Argc, const char *Argv[]) |
| static void | DbgLogKpcr (void) |
| static void | DbgDumpProcToken (DWORD Argc, const char *Argv[]) |
| static void | DbgDumpEthreadToken (DWORD Argc, const char *Argv[]) |
| static void | DbgDumpVaSpace (DWORD Argc, const char *Argv[]) |
| static void | DbgSwap (DWORD Argc, const char *Argv[]) |
| static void | DbgDumpVadRoot (DWORD Argc, const char *Argv[]) |
| static void | DbgDumpVads (DWORD Argc, const char *Argv[]) |
| static void | DbgVadFind (DWORD Argc, const char *Argv[]) |
| static void | DbgLogFilePath (DWORD Argc, const char *Argv[]) |
| static void | DbgLoadPt (void) |
| static void | DbgUnloadPt (void) |
| static void | DbgLoadVe (void) |
| static void | DbgUnloadVe (void) |
| static void | DbgTestSse (DWORD Argc, const char *Argv[]) |
| static void | DbgTestRead (DWORD Argc, const char *Argv[]) |
| static void | DbgTestCrHookSet (DWORD Argc, const char *Argv[]) |
| static void | DbgTestCrHookRem (DWORD Argc, const char *Argv[]) |
| static void | DbgFailAllocs (void) |
| static void | DbgCheckEpt (void) |
| static void | DbgSetLogLevel (DWORD Argc, const char *Argv[]) |
| static void | DbgMitigateSwapgs (DWORD Argc, const char *Argv[]) |
| INTSTATUS | IntDbgProcessCommand (DWORD Argc, const char *Argv[]) |
Variables | |
| BOOLEAN | gFailAllocs = FALSE |
| BOOLEAN | gInsideDebugger = FALSE |
| Set to True when introcore is inside a debugger. More... | |
| LIST_HEAD | gWinProcesses |
| The list of all the processes inside the guest. More... | |
| BOOLEAN | gLoadPtDriver |
| BOOLEAN | gUnloadPtDriver |
| BOOLEAN | gInjectVeLoader |
| BOOLEAN | gInjectVeUnloader |
| static QWORD | gTargetPML4 |
| static QWORD | gPagesRead |
| static QWORD | gPagesWrite |
| static QWORD | gPagesDirty |
| static BYTE * | gPagesBitmap = NULL |
| BOOLEAN | swapgsMit = FALSE |
| static DEBUGGER_COMMAND | gDbgCommands [] |
| typedef struct _DEBUGGER_COMMAND DEBUGGER_COMMAND |
| typedef void(* PFUNC_DebuggerFunctionArgs) (DWORD Argc, const char *Argv[]) |
Definition at line 37 of file debugger.c.
| typedef void(* PFUNC_DebuggerFunctionNoArgs) (void) |
Definition at line 42 of file debugger.c.
|
static |
Definition at line 2359 of file debugger.c.
|
static |
Definition at line 392 of file debugger.c.
Referenced by DbgTestCrHookSet().
|
static |
Definition at line 1494 of file debugger.c.
|
static |
Definition at line 881 of file debugger.c.
|
static |
Definition at line 1766 of file debugger.c.
|
static |
Definition at line 1954 of file debugger.c.
|
static |
Definition at line 981 of file debugger.c.
|
static |
Definition at line 1485 of file debugger.c.
|
static |
Definition at line 652 of file debugger.c.
|
static |
Definition at line 1250 of file debugger.c.
|
static |
Definition at line 249 of file debugger.c.
Referenced by DbgDumpExceptions().
|
static |
Definition at line 782 of file debugger.c.
|
static |
Definition at line 1301 of file debugger.c.
|
static |
Definition at line 1916 of file debugger.c.
|
static |
Definition at line 1639 of file debugger.c.
|
static |
Definition at line 296 of file debugger.c.
Referenced by DbgDumpExceptions().
|
static |
Definition at line 344 of file debugger.c.
Referenced by DbgDumpExceptions().
|
static |
Definition at line 2052 of file debugger.c.
|
static |
Definition at line 2107 of file debugger.c.
|
static |
Definition at line 1996 of file debugger.c.
|
static |
Definition at line 2348 of file debugger.c.
|
static |
Definition at line 1835 of file debugger.c.
|
static |
Definition at line 1526 of file debugger.c.
|
static |
Definition at line 1553 of file debugger.c.
|
static |
Definition at line 755 of file debugger.c.
|
static |
Definition at line 1604 of file debugger.c.
|
static |
Definition at line 2165 of file debugger.c.
|
static |
Definition at line 2183 of file debugger.c.
|
static |
Definition at line 1786 of file debugger.c.
|
static |
Definition at line 1817 of file debugger.c.
|
static |
Definition at line 2152 of file debugger.c.
|
static |
Definition at line 1883 of file debugger.c.
|
static |
Definition at line 2406 of file debugger.c.
|
static |
Definition at line 1317 of file debugger.c.
|
static |
Definition at line 1460 of file debugger.c.
|
static |
Definition at line 1469 of file debugger.c.
|
static |
Definition at line 1389 of file debugger.c.
|
static |
Definition at line 1676 of file debugger.c.
|
static |
Definition at line 1710 of file debugger.c.
|
static |
Definition at line 1736 of file debugger.c.
|
static |
Definition at line 1579 of file debugger.c.
|
static |
Definition at line 1795 of file debugger.c.
|
static |
Definition at line 2379 of file debugger.c.
|
static |
Definition at line 2822 of file debugger.c.
Referenced by DbgCrWriteTestCallback().
|
static |
Definition at line 2021 of file debugger.c.
|
static |
Definition at line 48 of file debugger.c.
Referenced by DbgSwap().
|
static |
Definition at line 2323 of file debugger.c.
|
static |
Definition at line 2293 of file debugger.c.
|
static |
Definition at line 2257 of file debugger.c.
|
static |
Definition at line 2201 of file debugger.c.
|
static |
Definition at line 2174 of file debugger.c.
|
static |
Definition at line 2192 of file debugger.c.
|
static |
Definition at line 2126 of file debugger.c.
|
static |
Definition at line 69 of file debugger.c.
Referenced by DbgPtsHook().
|
static |
Definition at line 98 of file debugger.c.
Referenced by DbgSearchVaSpace().
|
static |
Definition at line 120 of file debugger.c.
Referenced by DbgIterateVaSpace().
|
static |
Definition at line 182 of file debugger.c.
Referenced by IntHookCommitAllHooks().
Definition at line 2857 of file debugger.c.
Referenced by IntDbgEnterDebugger2(), and IntProcessDebugCommand().
|
static |
Definition at line 2443 of file debugger.c.
Definition at line 27 of file debugger.c.
Referenced by DbgFailAllocs().
| BOOLEAN gInjectVeLoader |
Definition at line 30 of file callbacks.c.
Referenced by DbgLoadVe(), and IntHandleTimer().
| BOOLEAN gInjectVeUnloader |
Definition at line 30 of file callbacks.c.
Referenced by DbgUnloadVe(), and IntHandleTimer().
Set to True when introcore is inside a debugger.
This is used to avoid pausing VCPUs while trapped inside a debugger, as that can lead to deadlocks
Definition at line 28 of file debugger.c.
Referenced by IntDbgProcessCommand(), IntPauseVcpus(), and IntResumeVcpus().
| BOOLEAN gLoadPtDriver |
Definition at line 31 of file callbacks.c.
Referenced by DbgLoadPt(), and IntHandleTimer().
|
static |
Definition at line 116 of file debugger.c.
|
static |
Definition at line 115 of file debugger.c.
|
static |
Definition at line 115 of file debugger.c.
|
static |
Definition at line 115 of file debugger.c.
|
static |
Definition at line 94 of file debugger.c.
| BOOLEAN gUnloadPtDriver |
Definition at line 31 of file callbacks.c.
Referenced by DbgUnloadPt(), and IntHandleTimer().
| LIST_HEAD gWinProcesses |
The list of all the processes inside the guest.
Definition at line 11 of file winprocesshp.c.
Definition at line 2403 of file debugger.c.
1.8.13