78 _In_ void const *Detour
83 _In_ void const *Detour
103 _In_ const void *Name
KERNEL_DRIVER * IntDriverFindByLoadOrder(DWORD LoadOrder)
Searches a driver by its module load order.
struct _DRIVER_EXPORT_CACHE_ENTRY DRIVER_EXPORT_CACHE_ENTRY
Describes an entry in the gDriverExportCache.
BYTE Unknown
Set if the function at this RIP is not exported.
WIN_KERNEL_DRIVER Win
Valid only for Windows guests.
QWORD BaseVa
The guest virtual address of the kernel module that owns this driver object.
void IntDriverCacheCreateExport(const QWORD Rip)
Adds a new export entry to the gDriverExportCache.
INTSTATUS IntDriverUnloadHandler(void const *Detour)
The detour handler that will be invoked when a guest driver is unloaded.This handles driver unloading...
int INTSTATUS
The status data type.
QWORD Size
The size of the kernel module that owns this driver object.
BOOLEAN Protected
True if the driver is protected, False if it is not.
struct _DRIVER_EXPORT_CACHE_ENTRY::@23 Type
BYTE Export
Set if the function at this RIP is exported.
Describes a kernel driver.
KERNEL_DRIVER * IntDriverFindByName(const void *Name)
Searches for a driver by its name.
DWORD NameHash
The hash of the name.
INTSTATUS IntDriverLoadHandler(void const *Detour)
The detour handler that will be invoked when a guest loads a new driver.This handles driver loading i...
struct _KERNEL_DRIVER * PKERNEL_DRIVER
SIZE_T NameLength
The length of the Name. This is the number of characters in the Name buffer.
QWORD Rip
The guest RIP for which this entry exists.
struct _DRIVER_EXPORT_CACHE_ENTRY * PDRIVER_EXPORT_CACHE_ENTRY
DRIVER_EXPORT_CACHE_ENTRY * IntDriverCacheExportFind(const QWORD Rip)
Finds an entry inside the gDriverExportCache.
void * Name
The name of the driver.
KERNEL_DRIVER * IntDriverFindByPath(const WCHAR *Path)
Searches for a driver by its module path.
LIX_KERNEL_MODULE Lix
Valid only for Linux guests.
void * HookObject
The hook object used to protect this driver. NULL if the driver is not protected. ...
void IntDriverUninit(void)
Uninitializes the drivers submodule.
QWORD ProtectionFlag
The introcore option that decided that this driver must be protected.
LIST_ENTRY Link
Entry inside the gKernelDrivers list.
KERNEL_DRIVER * IntDriverFindByBase(QWORD Gva)
Searches a driver object by its module base.
struct _KERNEL_DRIVER KERNEL_DRIVER
Describes a kernel driver.
KERNEL_DRIVER * IntDriverFindByAddress(QWORD Gva)
Returns the driver in which Gva resides.
void IntDriverCacheCreateUnknown(const QWORD Rip)
Adds a new entry to the gDriverExportCache.
Describes an entry in the gDriverExportCache.
void IntDriverDump(void)
Prints all the currently loaded drivers.
QWORD EntryPoint
The entry point of this driver.
Exposes the types, constants and functions used to handle Windows Drivers related events...
QWORD ObjectGva
The guest virtual address at which this object resides.
The internal structure of the Linux-driver.
void IntDriverCacheInv(const QWORD BaseAddress, const QWORD Length)
Invalidates all cache entries for a given guest memory range.
1.8.13