doxygen/html/dumper_8h_source.html

 /*
  * Copyright (c) 2020 Bitdefender
  * SPDX-License-Identifier: Apache-2.0
  */

 #ifndef _DUMPER_H_
 #define _DUMPER_H_

 #include "glue.h"
 #include "bddisasm.h"
 #include "wddefs.h"

 typedef struct _LIX_TRAP_FRAME LIX_TRAP_FRAME;

 TIMER_FRIENDLY
 __nonnull() void
 IntDumpArchRegs(
     _In_ IG_ARCH_REGS const *Registers
     );

 TIMER_FRIENDLY
 __nonnull() void
 IntDumpBuffer(
     _In_reads_bytes_(Length) const void *Buffer,
     _In_opt_ QWORD Gva,
     _In_ DWORD Length,
     _In_opt_ DWORD RowLength,
     _In_opt_ DWORD ElementLength,
     _In_opt_ BOOLEAN LogHeader,
     _In_opt_ BOOLEAN DumpAscii
     );

 TIMER_FRIENDLY void
 IntDumpGvaEx(
     _In_ QWORD Gva,
     _In_ DWORD Length,
     _In_opt_ QWORD Cr3,
     _In_opt_ DWORD RowLength,
     _In_opt_ DWORD ElementLength,
     _In_opt_ BOOLEAN LogHeader,
     _In_opt_ BOOLEAN DumpAscii
     );

 TIMER_FRIENDLY void
 IntDumpGva(
     _In_ QWORD Gva,
     _In_ DWORD Length,
     _In_opt_ QWORD Cr3
     );

 __nonnull() void
 IntDisasmBuffer(
     _In_ void *Buffer,
     _In_ DWORD Length,
     _In_opt_ QWORD Rip
     );

 void
 IntDisasmGva(
     _In_ QWORD Gva,
     _In_ DWORD Length
     );

 TIMER_FRIENDLY void
 IntDumpInstruction(
     _In_ INSTRUX *Instruction,
     _In_opt_ QWORD Rip
     );

 __nonnull() void
 IntDisasmLixFunction(
     _In_ const char *FunctionName
     );

 __nonnull() void
 IntDumpCode(
     _In_ BYTE *Page,
     _In_ DWORD Offset,
     _In_ IG_CS_TYPE CsType,
     _In_ IG_ARCH_REGS *Registers
     );

 __nonnull() INTSTATUS
 IntDumpCodeAndRegs(
     _In_ QWORD Gva,
     _In_ QWORD Gpa,
     _In_ IG_ARCH_REGS *Registers
     );

 void
 IntDumpLixUmTrapFrame(
     _In_ LIX_TRAP_FRAME *TrapFrame
     );

 void
 IntDumpWinTrapFrame64(
     _In_ KTRAP_FRAME64 *TrapFrame
     );

 void
 IntDumpWinTrapFrame32(
     _In_ KTRAP_FRAME32 *TrapFrame
     );

 #endif // _DUMPER_H_
IntDumpArchRegs
TIMER_FRIENDLY void IntDumpArchRegs(IG_ARCH_REGS const *Registers)
This function dumps the register values in a user friendly format.
Definition: dumper.c:20

_In_opt_
#define _In_opt_
Definition: intro_sal.h:16

BOOLEAN
_Bool BOOLEAN
Definition: intro_types.h:58

BYTE
uint8_t BYTE
Definition: intro_types.h:47

_In_
#define _In_
Definition: intro_sal.h:21

IntDumpLixUmTrapFrame
void IntDumpLixUmTrapFrame(LIX_TRAP_FRAME *TrapFrame)
This function dumps a Linux UM trap frame.
Definition: dumper.c:741

IntDisasmLixFunction
void IntDisasmLixFunction(const char *FunctionName)
This function dumps a Linux function (textual disassembly) given its name.
Definition: dumper.c:614

_KTRAP_FRAME64
Definition: wddefs.h:990

IntDumpWinTrapFrame32
void IntDumpWinTrapFrame32(KTRAP_FRAME32 *TrapFrame)
This function dumps a windows 64 guest trap frame.
Definition: dumper.c:789

INTSTATUS
int INTSTATUS
The status data type.
Definition: introstatus.h:24

IntDumpCodeAndRegs
INTSTATUS IntDumpCodeAndRegs(QWORD Gva, QWORD Gpa, IG_ARCH_REGS *Registers)
This function dumps an entire page (textual disassembly and opcodes) as well as the values of the reg...
Definition: dumper.c:692

_LIX_TRAP_FRAME
Definition: lixddefs.h:321

IG_CS_TYPE
IG_CS_TYPE
The type of the code segment.
Definition: glueiface.h:183

IntDumpInstruction
TIMER_FRIENDLY void IntDumpInstruction(INSTRUX *Instruction, QWORD Rip)
This function dumps a given instruction (textual disassembly).
Definition: dumper.c:583

QWORD
unsigned long long QWORD
Definition: intro_types.h:53

glue.h

IntDumpBuffer
TIMER_FRIENDLY void IntDumpBuffer(const void *Buffer, QWORD Gva, DWORD Length, DWORD RowLength, DWORD ElementLength, BOOLEAN LogHeader, BOOLEAN DumpAscii)
This function dumps a given buffer in a user friendly format.
Definition: dumper.c:48

TIMER_FRIENDLY
#define TIMER_FRIENDLY
Definition: introdefs.h:83

IntDumpWinTrapFrame64
void IntDumpWinTrapFrame64(KTRAP_FRAME64 *TrapFrame)
This function dumps a windows 64 guest trap frame.
Definition: dumper.c:765

IntDumpCode
void IntDumpCode(BYTE *Page, DWORD Offset, IG_CS_TYPE CsType, IG_ARCH_REGS *Registers)
This function dumps an entire page (textual disassembly and opcodes).
Definition: dumper.c:637

_KTRAP_FRAME32
Definition: wddefs.h:941

DWORD
uint32_t DWORD
Definition: intro_types.h:49

IntDumpGvaEx
TIMER_FRIENDLY void IntDumpGvaEx(QWORD Gva, DWORD Length, QWORD Cr3, DWORD RowLength, DWORD ElementLength, BOOLEAN LogHeader, BOOLEAN DumpAscii)
This function dumps a given GVA in a user friendly format. This function uses IntDumpBuffer to perfor...
Definition: dumper.c:204

_In_reads_bytes_
#define _In_reads_bytes_(expr)
Definition: intro_sal.h:25

IntDumpGva
TIMER_FRIENDLY void IntDumpGva(QWORD Gva, DWORD Length, QWORD Cr3)
This function is a wrapper over IntDumpGvaEx (it uses RowLength = 16, ElementLength = 1...
Definition: dumper.c:273

_LIX_TRAP_FRAME::Rip
QWORD Rip
Definition: lixddefs.h:346

Page
VE_CACHE_LINE * Page
Mapped page inside Introspection virtual address space.
Definition: vecore.c:120

wddefs.h
Contains definitions for structures and constants used by the Windows kernel.

_IG_ARCH_REGS
Holds register state.
Definition: glueiface.h:30

IntDisasmGva
void IntDisasmGva(QWORD Gva, DWORD Length)
This function disassembles a code buffer (given its GVA) and then dumps the instructions (textual dis...
Definition: dumper.c:432

IntDisasmBuffer
void IntDisasmBuffer(void *Buffer, DWORD Length, QWORD Rip)
This function disassembles a given code buffer and then dumps the instructions (textual disassembly)...
Definition: dumper.c:294