#include "introtypes.h"
#include "memtags.h"
#include <stdlib.h>
#include <string.h>

Macros
#define	INT_LOG(loglevel, fmt, ...)

#define	NLOG(fmt, ...)

#define	TRACE(fmt, ...) INT_LOG(intLogLevelDebug, fmt, ##__VA_ARGS__)

#define	INFO(fmt, ...) INT_LOG(intLogLevelInfo, fmt, ##__VA_ARGS__)

#define	WARNING(fmt, ...) INT_LOG(intLogLevelWarning, fmt, ##__VA_ARGS__)

#define	LOG(fmt, ...) INT_LOG(intLogLevelError, fmt, ##__VA_ARGS__)

#define	ERROR(fmt, ...) INT_LOG(intLogLevelError, fmt, ##__VA_ARGS__)

#define	CRITICAL(fmt, ...) INT_LOG(intLogLevelCritical, fmt, ##__VA_ARGS__)

#define	INVALID_EPTP_INDEX 0xFFFFFFFF

#define	PHYS_MAP_FLG_NO_FASTMAP 0x80000000
	Indicates that IntPhysMemMap should not use the fast memory mapping mechanism. More...

#define	HpAllocWithTag(Len, Tag) (int)(Len) <= 0 ? NULL : calloc(1, (Len))

#define	HpFreeAndNullWithTag(Add, Tag)

Functions
void	IntGlueReset (void)
	Resets the global glue state (gIface. gUpIface, gIntHandle, gEventId, etc) More...

INTSTATUS	IntGlueInit (GLUE_IFACE const GlueInterface, UPPER_IFACE const UpperInterface)
	Initializes the instances of GLUE_IFACE and UPPER_IFACE that will be used. More...

INTSTATUS	IntQueryGuestInfo (DWORD InfoClass, void InfoParam, void Buffer, DWORD BufferLength)

INTSTATUS	IntGpaToHpa (QWORD Gpa, QWORD *Hpa)

__must_check INTSTATUS	IntPhysMemMap (QWORD PhysAddress, DWORD Length, DWORD Flags, void **HostPtr)
	Maps a guest physical address inside Introcore VA space. More...

INTSTATUS	IntPhysMemUnmap (void **HostPtr)
	Unmaps an address previously mapped with IntPhysMemMap. More...

INTSTATUS	IntReserveVaSpaceWithPt (void *FirstPageBase, DWORD PagesCount, void **PtBase)
	Reserves a contiguous region of virtual memory which will then be used to map physical pages. More...

INTSTATUS	GluePauseVcpus (void)

INTSTATUS	GlueResumeVcpus (void)

INTSTATUS	IntEnableMsrExit (DWORD Msr, BOOLEAN *OldValue)

INTSTATUS	IntDisableMsrExit (DWORD Msr, BOOLEAN *OldValue)

INTSTATUS	IntRegisterMSRHandler (PFUNC_IntMSRViolationCallback Callback)

INTSTATUS	IntUnregisterMSRHandler (void)

INTSTATUS	IntPhysMemGetTypeFromMtrrs (QWORD Gpa, IG_MEMTYPE *MemType)

INTSTATUS	IntEnableCrWriteExit (DWORD Cr)

INTSTATUS	IntDisableCrWriteExit (DWORD Cr)

INTSTATUS	IntRegisterCrWriteHandler (PFUNC_IntCrWriteCallback Callback)

INTSTATUS	IntUnregisterCrWriteHandler (void)

INTSTATUS	IntRegisterBreakpointHandler (PFUNC_IntBreakpointCallback Callback)

INTSTATUS	IntUnregisterBreakpointHandler (void)

INTSTATUS	IntRegisterEventInjectionHandler (PFUNC_IntEventInjectionCallback Callback)

INTSTATUS	IntUnregisterEventInjectionHandler (void)

INTSTATUS	IntRegisterEnginesResultCallback (PFUNC_IntEventEnginesResultCallback Callback)
	Thin wrapper over the optional GLUE_IFACE.RegisterEnginesResultCallback API. More...

INTSTATUS	IntUnregisterEnginesResultCalback (void)
	Thin wrapper over the optional GLUE_IFACE.UnregisterEnginesResultCalback API. More...

INTSTATUS	IntGetEPTPageProtection (DWORD EptIndex, QWORD Gpa, BYTE Read, BYTE Write, BYTE *Execute)

INTSTATUS	IntSetEPTPageProtection (DWORD EptIndex, QWORD Gpa, BYTE Read, BYTE Write, BYTE Execute)

INTSTATUS	IntGetSPPPageProtection (QWORD Gpa, QWORD *Spp)

INTSTATUS	IntSetSPPPageProtection (QWORD Gpa, QWORD Spp)

BOOLEAN	GlueIsSppApiAvailable (void)
	Checks if the SPP APIs in GLUE_IFACE are implemented. More...

INTSTATUS	IntRegisterEPTHandler (PFUNC_IntEPTViolationCallback Callback)

INTSTATUS	IntUnregisterEPTHandler (void)

INTSTATUS	IntRegisterIntroCallHandler (PFUNC_IntIntroCallCallback Callback)

INTSTATUS	IntUnregisterIntroCallHandler (void)

INTSTATUS	IntRegisterVmxTimerHandler (PFUNC_IntIntroTimerCallback Callback)

INTSTATUS	IntUnregisterVmxTimerHandler (void)

INTSTATUS	IntRegisterDtrHandler (PFUNC_IntIntroDescriptorTableCallback Callback)

INTSTATUS	IntUnregisterDtrHandler (void)

INTSTATUS	IntRegisterXcrWriteHandler (PFUNC_IntXcrWriteCallback Callback)

INTSTATUS	IntUnregisterXcrWriteHandler (void)

INTSTATUS	IntSpinLockInit (void *SpinLock, char Name)

INTSTATUS	IntSpinLockUnInit (void **SpinLock)

void	IntSpinLockAcquire (void *SpinLock)

void	IntSpinLockRelease (void *SpinLock)

INTSTATUS	IntRwSpinLockInit (void *SpinLock, char Name)

INTSTATUS	IntRwSpinLockUnInit (void **SpinLock)

INTSTATUS	IntRwSpinLockAcquireShared (void *SpinLock)

INTSTATUS	IntRwSpinLockAcquireExclusive (void *SpinLock)

INTSTATUS	IntRwSpinLockReleaseShared (void *SpinLock)

INTSTATUS	IntRwSpinLockReleaseExclusive (void *SpinLock)

__noreturn void	IntBugCheck (void)

INTSTATUS	IntNotifyIntroActive (void)

INTSTATUS	IntNotifyIntroInactive (void)

INTSTATUS	IntNotifyIntroDetectedOs (INTRO_GUEST_TYPE OsType, DWORD OsVersion, BOOLEAN Is64)
	Wrapper over GLUE_IFACE.NotifyIntrospectionDetectedOs. More...

INTSTATUS	IntNotifyIntroErrorState (INTRO_ERROR_STATE State, INTRO_ERROR_CONTEXT *Context)

INTSTATUS	IntNotifyEngines (void *Parameters)

INTSTATUS	IntSetIntroEmulatorContext (DWORD CpuNumber, QWORD VirtualAddress, DWORD BufferSize, BYTE *Buffer)

INTSTATUS	IntInjectTrap (DWORD CpuNumber, BYTE TrapNumber, DWORD ErrorCode, QWORD Cr2)

INTSTATUS	IntNotifyIntroEvent (INTRO_EVENT_TYPE EventClass, void *Param, size_t EventSize)
	Notifies the integrator about an introspection alert. More...

INTSTATUS	IntGetAgentContent (DWORD AgentTag, BOOLEAN Is64, DWORD Size, BYTE *Content)

INTSTATUS	IntReleaseBuffer (void *Buffer, DWORD Size)

INTSTATUS	IntToggleRepOptimization (BOOLEAN Enable)

INTSTATUS	IntQueryHeapSize (size_t TotalHeapSize, size_t FreeHeapSize)

INTSTATUS	IntSendMessage (char const *Message)
	Sends an Introcore message. More...

INTSTATUS	IntSetVEInfoPage (DWORD CpuNumber, QWORD VeInfoGpa)

INTSTATUS	IntCreateEPT (DWORD *EptIndex)

INTSTATUS	IntDestroyEPT (DWORD EptIndex)

INTSTATUS	IntSwitchEPT (DWORD NewEptIndex)

INTSTATUS	IntGetEPTPageConvertible (DWORD EptIndex, QWORD Address, BOOLEAN *Convertible)

INTSTATUS	IntSetEPTPageConvertible (DWORD EptIndex, QWORD Address, BOOLEAN Convertible)

INTSTATUS	IntFlushEPTPermissions (void)

BOOLEAN	GlueIsVeApiAvailable (void)
	Checks if the virtualization exception API is implemented. More...

BOOLEAN	GlueIsScanEnginesApiAvailable (void)
	Checks if the third party memory scanning engines are present. More...

Variables
DWORD	gCurLogBuffer
	Used for utf16_for_log to support calling that function 8 times in a single macro. More...

PFUNC_IntTracePrint	GlueTracePrint
	The trace API used. More...

PFUNC_IntEnterDebugger	GlueEnterDebugger
	The API used to break into the debugger. More...

IG_LOG_LEVEL	gLogLevel
	The currently used log level. More...

Macro Definition Documentation

◆ CRITICAL

#define CRITICAL	(	fmt,
		...
	)	INT_LOG(intLogLevelCritical, fmt, ##__VA_ARGS__)

Definition at line 63 of file glue.h.

Referenced by IntGetGprs(), IntHookGpaEnableDisableVe(), IntHookGpaSetHook(), IntLixTaskDeactivateExploitProtection(), IntSpinLockAcquire(), IntSpinLockRelease(), IntWinObjCleanup(), IntWinObjHandleDriverDirectoryEntryInMemory(), IntWinObjIsTypeObject(), IntWinPfnModifyRefCount(), and IntWinProcHandleCreateInternal().

◆ ERROR

#define ERROR	(	fmt,
		...
	)	INT_LOG(intLogLevelError, fmt, ##__VA_ARGS__)

Definition at line 62 of file glue.h.

◆ HpAllocWithTag

#define HpAllocWithTag	(	Len,
		Tag
	)	(int)(Len) <= 0 ? NULL : calloc(1, (Len))

Definition at line 516 of file glue.h.

Referenced by BitMaskAlloc(), DbgDumpCodeblocks(), DbgDumpEthreadToken(), DbgDumpProcToken(), DbgIterateVaSpace(), IntAddRemoveProtectedProcessUtf8(), IntCamiLoadLinux(), IntCamiLoadPatternSignatures(), IntCamiLoadWindows(), IntCamiProtectedProcessAllocate(), IntDetCreateObjectLix(), IntDetSetHook(), IntDumpGvaEx(), IntExceptInit(), IntExceptVerifyValueCodeSig(), IntExceptVerifyValueSig(), IntFragDumpBlocks(), IntGetXsaveArea(), IntGpaCacheAddVictim(), IntGpaCacheInit(), IntGuestInit(), IntHookCrInit(), IntHookCrSetHook(), IntHookDtrInit(), IntHookDtrSetHook(), IntHookGpaGetEptEntry(), IntHookGpaGetSppEntry(), IntHookGpaSetHook(), IntHookGvaSetHook(), IntHookInit(), IntHookMsrInit(), IntHookMsrSetHook(), IntHookObjectCreate(), IntHookObjectHookRegion(), IntHookPtmAddTable(), IntHookPtmSetHook(), IntHookPtmWriteCallback(), IntHookPtsCloneCallbacks(), IntHookPtsCreateEntry(), IntHookPtsSetHook(), IntHookXcrInit(), IntHookXcrSetHook(), IntIcAddInvdForInstruction(), IntIcCreate(), IntIntegrityAddRegion(), IntKsymInit(), IntKsymRelativeFindOffsetTableStart(), IntLdrFixImports(), IntLixAgentCreate(), IntLixAgentFillDataFromHandler(), IntLixAgentFillDataFromMemory(), IntLixAgentFindInstruction(), IntLixAgentNameCreate(), IntLixAgentThreadCreate(), IntLixCmdLineInspect(), IntLixCredAdd(), IntLixDentryGetName(), IntLixDrvCreateDriverObject(), IntLixDrvCreateKernel(), IntLixEngExecSendNotification(), IntLixFileCacheCreateDentryPath(), IntLixTaskAddProtected(), IntLixTaskCreate(), IntLixTaskCreateInitTask(), IntLixTaskFetchCmdLine(), IntLixTaskHandleExec(), IntLixTaskPathGetByDentry(), IntLixVmaCreate(), IntMemClkCloakRegion(), IntMtblCheckAccess(), IntPeFindExportByName(), IntPeValidateHeader(), IntPtiDeliverDriverForLoad(), IntPtiMonitorAllPtWriteCandidates(), IntReadString(), IntSlackAllocLinux(), IntSlackAllocWindows(), IntSwapgsInstallHandler(), IntSwapgsStartMitigation(), IntSwapMemReadData(), IntUDAddToPendingList(), IntUnpWatchPage(), IntUpdateAddCbSignature(), IntUpdateAddExportSignature(), IntUpdateAddIdtSignature(), IntUpdateAddKernelException(), IntUpdateAddKernelUserException(), IntUpdateAddKmException(), IntUpdateAddKmUmException(), IntUpdateAddProcessCreationSignature(), IntUpdateAddUmException(), IntUpdateAddUserException(), IntUpdateAddUserExceptionGlob(), IntUpdateAddValueCodeSignature(), IntUpdateAddValueSignature(), IntUpdateAddVersionIntroSignature(), IntUpdateAddVersionOsSignature(), IntUpdateCreateCbSignatureFromAlert(), IntUpdateCreateExportSignatureFromAlert(), IntUpdateCreateIdtSignatureFromAlert(), IntUpdateCreateProcessCreationSignatureFromAlert(), IntVasHookTables(), IntVasStartMonitorVaSpace(), IntVeDeliverDriverForLoad(), IntVeFindKernelKvaShadowAndKernelExit(), IntVeLockDriver(), IntVirtMemMapMultiPage(), IntVirtMemSafeWrite(), IntWinAgentActivatePendingAgent(), IntWinAgentDeployWinDriver(), IntWinAgentFindInstruction(), IntWinAgentHandleDriverVmcall(), IntWinAgentInject(), IntWinAgentInjectBreakpoint(), IntWinDrvCreateFromAddress(), IntWinDrvHeadersInMemory(), IntWinDrvObjCreateFromAddress(), IntWinEngExecSendNotification(), IntWinGetProcCmdLineHandleBufferInMemory(), IntWinGuestFindBuildNumber(), IntWinGuestFindKernelObjectsInternal(), IntWinGuestNew(), IntWinGuestReadKernel(), IntWinGuestValidateKernel(), IntWinHalHandleHalHeapExec(), IntWinHalHeadersInMemory(), IntWinHalReadHal(), IntWinInspectCommandLine(), IntWinIntObjProtect(), IntWinModBlockBlockModuleLoad(), IntWinModBlockRegisterCallbackForReason(), IntWinModCacheCreate(), IntWinModHandleExportsInMemory(), IntWinModHandleLoadFromVad(), IntWinModHookModule(), IntWinObjHandleDirectoryEntryInMemory(), IntWinObjHandleDriverDirectoryEntryInMemory(), IntWinObjHandleObjectInMemory(), IntWinObjHandleRootDirTagInMemory(), IntWinObjParseDriverDirectory(), IntWinPfnLockAddress(), IntWinProcAddProtectedProcess(), IntWinProcCreateProcessObject(), IntWinProcCreateProcessSubsystem(), IntWinSudProtectIntegrity(), IntWinUmModCacheFillHeaders(), IntWinUmPathCreate(), IntWinVadAdjustRange(), IntWinVadCreateObject(), and IntWinVadHandleProtectGeneric().

◆ HpFreeAndNullWithTag

#define HpFreeAndNullWithTag	(	Add,
		Tag
	)

Value:

do {                                        \
        free(*(Add));                           \
        *(Add) = NULL;                          \
    } while (0)

Definition at line 517 of file glue.h.

Referenced by BitMaskFree(), DbgDumpCodeblocks(), DbgDumpEthreadToken(), DbgDumpProcToken(), DbgIterateVaSpace(), IntAddRemoveProtectedProcessUtf8(), IntCamiLoadPatternSignatures(), IntCamiLoadWindows(), IntCamiProtectedProcessFree(), IntDetRemoveDetour(), IntDumpGvaEx(), IntExceptInit(), IntExceptUninit(), IntExceptVerifyValueCodeSig(), IntExceptVerifyValueSig(), IntFragDumpBlocks(), IntGetXsaveArea(), IntGpaCacheInit(), IntGpaCacheRelease(), IntGpaCacheUnInit(), IntGuestDetectOsSysCall(), IntGuestUninit(), IntHandleExecCallback(), IntHookCrDeleteHook(), IntHookCrSetHook(), IntHookCrUninit(), IntHookDtrDeleteHook(), IntHookDtrSetHook(), IntHookDtrUninit(), IntHookGpaDeleteHookInternal(), IntHookGpaSetHook(), IntHookGpaSetNewPageProtection(), IntHookGvaDeleteHookInternal(), IntHookInit(), IntHookMsrDeleteHook(), IntHookMsrSetHook(), IntHookMsrUninit(), IntHookObjectCommit(), IntHookObjectDeleteRegion(), IntHookPtmAddTable(), IntHookPtmDeleteHookInternal(), IntHookPtmDeleteTableHook(), IntHookPtmWriteCallback(), IntHookPtsCreateEntry(), IntHookPtsDeleteHookInternal(), IntHookPtsDeletePdHook(), IntHookPtsInvokeCallbacks(), IntHookPtsSetHook(), IntHookUninit(), IntHookXcrDeleteHook(), IntHookXcrSetHook(), IntHookXcrUninit(), IntIcCreate(), IntIcDestroy(), IntIcFreeInvdEntry(), IntIntegrityAddRegion(), IntIntegrityRemoveRegion(), IntKsymInit(), IntKsymRelativeFindOffsetTableStart(), IntKsymUninit(), IntLdrFixImports(), IntLixAgentCreate(), IntLixAgentFindInstruction(), IntLixAgentFree(), IntLixAgentNameRemove(), IntLixAgentThreadCreate(), IntLixAgentThreadFree(), IntLixCmdLineInspect(), IntLixCredAdd(), IntLixCredRemove(), IntLixDentryGetName(), IntLixDrvCreateDriverObject(), IntLixDrvCreateKernel(), IntLixDrvRemoveEntry(), IntLixEngExecSendNotification(), IntLixFileCacheCreateDentryPath(), IntLixFilesCacheUninit(), IntLixGuestFindKernel(), IntLixGuestUninit(), IntLixHandleCmdLineCallback(), IntLixMmListVmasInternal(), IntLixStackDumpUmStackTrace(), IntLixTaskAddProtected(), IntLixTaskCreate(), IntLixTaskPathFree(), IntLixTaskPathGetByDentry(), IntLixTaskRemoveEntry(), IntLixTaskRemoveProtected(), IntLixTaskUninit(), IntLixVmaCreate(), IntLixVmaDestroy(), IntMemClkCleanup(), IntMtblRemoveAgentEntries(), IntMtblUninit(), IntPeFindExportByName(), IntPeValidateHeader(), IntPtiDeleteInstruction(), IntPtiMonitorAllPtWriteCandidates(), IntPtiUnhookPtFilter(), IntReadString(), IntSlackAllocWindows(), IntSlackFree(), IntSlackUninit(), IntSwapgsUninit(), IntSwapMemCancelTransaction(), IntSwapMemCleanupCallback(), IntSwapMemPageSwappedIn(), IntUDRemoveEntry(), IntUninit(), IntUnpUnWatchPageInternal(), IntUpdateAddKmException(), IntUpdateAddKmUmException(), IntUpdateAddUmException(), IntVasDeleteTable(), IntVasHookTables(), IntVasStartMonitorVaSpace(), IntVasStopMonitorVaSpace(), IntVeFindKernelKvaShadowAndKernelExit(), IntVeUnhookVeAgent(), IntVeUnInit(), IntVeUnlockDriver(), IntVirtMemMapMultiPage(), IntVirtMemSafeWrite(), IntVirtMemUnmapMultiPage(), IntWinAgentActivatePendingAgent(), IntWinAgentCheckIfProcessAgentAndDecrement(), IntWinAgentDeployWinDriver(), IntWinAgentFindInstruction(), IntWinAgentFree(), IntWinAgentHandleDriverVmcall(), IntWinAgentInject(), IntWinAgentInjectBreakpoint(), IntWinAgentRemoveEntryByAgid(), IntWinAgentUnInit(), IntWinApiHookAll(), IntWinDrvCreateFromAddress(), IntWinDrvFreeEntry(), IntWinDrvObjFreeDriverObject(), IntWinDrvUnprotect(), IntWinEngExecSendNotification(), IntWinGuestCancelKernelRead(), IntWinGuestFindBuildNumber(), IntWinGuestFindKernelObjectsInternal(), IntWinGuestKernelHeadersInMemory(), IntWinGuestSectionInMemory(), IntWinGuestUninit(), IntWinGuestValidateKernel(), IntWinHalCancelRead(), IntWinHalHandleHalHeapExec(), IntWinHalSectionInMemory(), IntWinHalUninit(), IntWinHandleCmdLineCallback(), IntWinInspectCommandLine(), IntWinIntObjUnprotect(), IntWinModBlockBlockModuleLoad(), IntWinModBlockRegisterCallbackForReason(), IntWinModBlockRemoveBlockObject(), IntWinModHandleExportsInMemory(), IntWinModRemoveModule(), IntWinObjCleanup(), IntWinObjHandleDirectoryEntryInMemory(), IntWinObjHandleDriverDirectoryEntryInMemory(), IntWinObjHandleObjectInMemory(), IntWinObjHandleRootDirTagInMemory(), IntWinObjParseDriverDirectory(), IntWinPfnLockAddress(), IntWinPfnRemoveLock(), IntWinPfnUnlockAddress(), IntWinProcAddProtectedProcess(), IntWinProcRemoveAllProtectedProcesses(), IntWinProcRemoveProcess(), IntWinProcRemoveProtectedProcessInternal(), IntWinProcRemoveSubsystem(), IntWinProcUninit(), IntWinSudProtectIntegrity(), IntWinSudUnprotectIntegrity(), IntWinUmCacheRemoveCache(), IntWinUmPathCreate(), IntWinUmPathFree(), IntWinVadAdjustRange(), IntWinVadCreateObject(), IntWinVadDestroyObject(), IntWinVadRemoveAllPages(), and IntWinVadRemoveRange().

◆ INFO

#define INFO	(	fmt,
		...
	)	INT_LOG(intLogLevelInfo, fmt, ##__VA_ARGS__)

Definition at line 59 of file glue.h.

Referenced by IntModBlockHandleBlockModHeadersInMemory(), IntWinModHookModule(), IntWinProcHandleCreateInternal(), and IntWinStackWow64CheckIsPivoted().

◆ INT_LOG

#define INT_LOG	(	loglevel,
		fmt,
		...
	)

Value:

do {                                                                \
        if ((loglevel) < gLogLevel) break;                              \
        GlueTracePrint(__FILENAME__, __LINE__, (fmt), ##__VA_ARGS__);   \
        gCurLogBuffer = 0;                                              \
    } while (0)

Definition at line 36 of file glue.h.

◆ INVALID_EPTP_INDEX

#define INVALID_EPTP_INDEX 0xFFFFFFFF

Definition at line 66 of file glue.h.

Referenced by IntHookGpaInit(), IntVeDumpStats(), IntVeInit(), and IntVeUnInit().

◆ LOG

#define LOG	(	fmt,
		...
	)	INT_LOG(intLogLevelError, fmt, ##__VA_ARGS__)

Definition at line 61 of file glue.h.

Referenced by DbgCheckEpt(), DbgCrWriteTestCallback(), DbgDumpCodeblocks(), DbgDumpCpuState(), DbgDumpEthreadToken(), DbgDumpExceptions(), DbgDumpGuestModules(), DbgDumpHooksGva(), DbgDumpKmException(), DbgDumpPfn(), DbgDumpTranslation(), DbgDumpUmException(), DbgDumpUmExceptionGlobMatch(), DbgDumpVadRoot(), DbgDumpVads(), DbgFailAllocs(), DbgFindKsym(), DbgIterateVaSpace(), DbgLogCoreOptions(), DbgLogCurrentProcess(), DbgLogKpcr(), DbgMitigateSwapgs(), DbgPtsHook(), DbgSearchVaSpace(), DbgSetCoreOptions(), DbgSwapCallback(), DbgTestCrHookSet(), DbgTestSse(), DbgVadFind(), DbgVaModificationHandler(), DbgVaSpaceIterationCallback(), IntCamiLoadLinux(), IntCamiLoadPatternSignatures(), IntCamiLoadWindows(), IntCamiSetCoreOptions(), IntCamiSetShemuOptions(), IntCamiSetUpdateBuffer(), IntCamiUpdateProtOptions(), IntDbgEnterDebugger2(), IntDepInjectFile(), IntDepInjectProcess(), IntDetCallCallback(), IntDetDumpDetours(), IntDetModifyPublicData(), IntDetSetHook(), IntDetSetLixHook(), IntDisasmBuffer(), IntDisasmGva(), IntDriverDump(), IntDumpArchRegs(), IntDumpBuffer(), IntDumpCode(), IntDumpInstruction(), IntDumpLixUmTrapFrame(), IntDumpWinTrapFrame32(), IntDumpWinTrapFrame64(), IntEnterDebugger2(), IntExcept(), IntExceptGetVictimIntegrity(), IntExceptKernelLogLinuxInformation(), IntExceptKernelLogWindowsInformation(), IntExceptKernelMatchVictim(), IntExceptKernelUserLogWindowsInformation(), IntExceptKernelUserMatchObjectType(), IntExceptUser(), IntExceptUserLogLinuxInformation(), IntExceptUserLogWindowsInformation(), IntExceptUserMatchZoneType(), IntExceptVerifyCodeBlocksSig(), IntExceptVerifyValueCodeSig(), IntFragLogCodeBlocks(), IntGetVersionString(), IntGpaCacheDump(), IntGuestDetectOsSysCall(), IntGuestDisableIntro(), IntGuestHandleCr3Write(), IntGuestInit(), IntGuestPreReturnCallback(), IntGuestUninitOnBugcheck(), IntGuestUpdateCoreOptions(), IntGuestUpdateShemuOptions(), IntHandleDtrViolation(), IntHandleEptViolation(), IntHandleExecCallback(), IntHandleIntroCall(), IntHookGpaFindConvertible(), IntHookObjectDestroyAll(), IntHookPtsCheckIntegrity(), IntHookPtsInvokeCallbacks(), IntHookPtwEmulateWrite(), IntHookPtwProcessWrite(), IntIcDumpIcache(), IntInit(), IntIntegrityDump(), IntIntegrityUninit(), IntLixAgentCreateThreadCompletion(), IntLixAgentError(), IntLixAgentHandleUserVmcall(), IntLixAgentInit(), IntLixAgentStart(), IntLixAgentThreadError(), IntLixAgentThreadExit(), IntLixApiHookAll(), IntLixCmdLineInspect(), IntLixCrashDumpDmesg(), IntLixCrashHandle(), IntLixCredAnalyzeStack(), IntLixCredsDump(), IntLixDepComplete(), IntLixDepInjectFile(), IntLixDepInjectProcess(), IntLixDepRunCommand(), IntLixDepRunCommandComplete(), IntLixDrvCreateFromAddress(), IntLixDrvFindList(), IntLixDrvIsLegitimateTextPoke(), IntLixDumpStacktrace(), IntLixFileCacheCreateDentryPath(), IntLixGuestDeployUninitAgent(), IntLixGuestFindKernelVersionAndRo(), IntLixGuestIsKptiActive(), IntLixHandleCmdLineCallback(), IntLixMmListVmasInternal(), IntLixPatchSwapgs(), IntLixResolveCurrentCpuOffset(), IntLixResolveCurrentProcessOffset(), IntLixResolveExeFileOffset(), IntLixResolveThreadStructOffset(), IntLixStackDumpUmStackTrace(), IntLixTaskAddProtected(), IntLixTaskChangeProtectionFlags(), IntLixTaskCreate(), IntLixTaskDeactivateProtection(), IntLixTaskDestroy(), IntLixTaskDump(), IntLixTaskDumpKernelThreadTree(), IntLixTaskDumpProtected(), IntLixTaskDumpTree(), IntLixTaskGuestTerminating(), IntLixTaskHandleDoExit(), IntLixTaskHandleExec(), IntLixTaskHandleInjection(), IntLixTaskRemoveProtected(), IntLixTaskSendCredViolationEvent(), IntLixUnpatchSwapgs(), IntLixValidateProcessCreationRights(), IntLixVdsoDynamicProtectRelocate(), IntLixVdsoFixedProtect(), IntLixVdsoResolveDynamicOffset(), IntLixVmaHandlePageExecution(), IntLixVmaProtect(), IntLogCriticalProcessHasDied(), IntLogCriticalStructureCoruption(), IntLogGuestRegisters(), IntMemClkDump(), IntMemClkHandleRead(), IntModBlockHandleBlockModHeadersInMemory(), IntModBlockHandlePreInjection(), IntMtblCheckAccess(), IntMtblUninit(), IntNewGuestNotification(), IntPtCompleteUnloader(), IntPtiCompleteLoader(), IntPtiDeliverDriverForLoad(), IntPtiDeliverDriverForUnload(), IntPtiDeployLoader(), IntPtiDeployUnloader(), IntPtiDisableFiltering(), IntPtiDumpStats(), IntPtiEnableFiltering(), IntPtiHandleExecute(), IntPtiHandleWrite(), IntPtiRemoveInstruction(), IntPtiRemovePtFilter(), IntSerializeString(), IntStatsDumpAll(), IntStatsInit(), IntSwapgsStartMitigation(), IntSwapMemDump(), IntSwapMemReinjectFailedPF(), IntThrSafeInspectRunningThreads(), IntThrSafeLixInspectRunningThreadOnCpu(), IntThrSafeLixInspectWaitingThread(), IntThrSafeMoveReturn(), IntThrSafeWinGetCurrentStack(), IntThrSafeWinInspectRunningThreadOnCpu(), IntThrSafeWinInspectWaitingThread(), IntUpdateLoadExceptions(), IntVasDumpTables(), IntVasPageTableWriteCallback(), IntVeCompleteLoader(), IntVeCompleteUnloader(), IntVeDeliverDriverForLoad(), IntVeDeliverDriverForUnload(), IntVeDeployLoader(), IntVeDeployUnloader(), IntVeDumpStats(), IntVeDumpVeInfoPage(), IntVeDumpVeInfoPages(), IntVeHandleAccess(), IntVeHandleEPTViolationInProtectedView(), IntVeHandleHypercall(), IntVeHandleSwap(), IntVeHookVeDriver(), IntVeInit(), IntVeLockDriver(), IntVePatchVeCoreJmpKiKernelExit(), IntVeRemoveAgent(), IntVeSetVeInfoPage(), IntVeUnhookVeAgent(), IntWinAgentHandleAppVmcall(), IntWinAgentHandleDriverVmcall(), IntWinApiHookAll(), IntWinApiHookVeHandler(), IntWinBcHandleBugCheck(), IntWinBcLogBsodEvent(), IntWinCrashHandleDepViolation(), IntWinDagentHandleDoubleAgent(), IntWinDagentHandleSuspModExecution(), IntWinDepComplete(), IntWinDepDeploy(), IntWinDepInjectFile(), IntWinDepInjectProcess(), IntWinDpiForceFeedbackIfNeeded(), IntWinDpiGetDpiMitreId(), IntWinDumpPrivileges(), IntWinDumpPrivilegesMask(), IntWinDumpSid(), IntWinDumpToken(), IntWinGetProcCmdLineHandleBufferInMemory(), IntWinGuestFindDriversNamespace(), IntWinGuestFindSelfMapIndex(), IntWinGuestFindSystemCr3(), IntWinGuestFinishInit(), IntWinGuestIsIncreasedUserVa(), IntWinGuestIsSupported(), IntWinGuestNew(), IntWinHalCreateHalData(), IntWinHalHandleDispatchTableWrite(), IntWinHalHandleHalHeapExec(), IntWinHandleCmdLineCallback(), IntWinInfHookEptSppHandleWrite(), IntWinInfHookGetCircularCtxLogger(), IntWinInfHookGetCpuClockIntegrityCallback(), IntWinInfHookGetEtwpDebuggerData(), IntWinInfHookGetWmiLoggerGetCpuClock(), IntWinInfHookHookSppWmiGetClock(), IntWinInfHookSiloWmiPtrIntegrityCallback(), IntWinInfHookSppHookWmiSiloPtr(), IntWinInfHookSppViolationCallbackWmiPtrChanged(), IntWinInfHookSppWmiSiloStatsCallback(), IntWinInfHookWmiGetCpuClockSppStatsCallback(), IntWinInspectCommandLine(), IntWinModHandlePreInjection(), IntWinModPolyHandler(), IntWinNetDumpConnection(), IntWinObjCheckDrvDirSearchState(), IntWinObjFindRootDirectory(), IntWinObjHandleRootDirTagInMemory(), IntWinObjParseDriverDirectory(), IntWinPfnDump(), IntWinPfnHandleTranslationChange(), IntWinPfnLockAddress(), IntWinPfnUnlockAddress(), IntWinPowDisableSpinWait(), IntWinPowEnableSpinWait(), IntWinPowHandleEventCommon(), IntWinPowHandlePowerStateChange(), IntWinProcAdd(), IntWinProcDumpEgFlags(), IntWinProcDumpProtected(), IntWinProcHandleCopyMemory(), IntWinProcHandleInstrument(), IntWinProcSendProcessExceptionEvent(), IntWinProcUpdateProtection(), IntWinSDCheckAclIntegrity(), IntWinSDDumpAclEntries(), IntWinSDDumpSecDesc(), IntWinSelfMapHandleCr3SelfMapModification(), IntWinSetUmExceptionEvent(), IntWinStackHandleUserStackPagedOut(), IntWinStackTraceGet32(), IntWinStackTraceGet64(), IntWinStackTraceGetUser32(), IntWinSudHandleKernelSudExec(), IntWinSudHandleUserSudExec(), IntWinThrHandleQueueApc(), IntWinThrHandleThreadHijack(), IntWinTokenPrivsHandleSwap(), IntWinTokenPtrCheckIntegrityOnProcess(), IntWinVadFindAndUpdateIfNecessary(), IntWinVadIsExecSuspicious(), IntWinVadRescanVad(), and Shemuprint().

◆ NLOG

#define NLOG	(	fmt,
		...
	)

Value:

do {                                                \
        GlueTracePrint(NULL, 0, (fmt), ##__VA_ARGS__);  \
        gCurLogBuffer = 0;                              \
    } while (0)

Definition at line 43 of file glue.h.

Referenced by DbgShowHelp(), IntGpaCacheDump(), IntGuestDetectOsSysCall(), IntHookGpaDump(), IntHookPtsDump(), IntHookPtsDumpPtsEntry(), IntIcDumpIcache(), IntLixTaskDumpKernelThreadTree(), IntLixTaskDumpTree(), IntLogBSODParams(), IntLogContextRecord(), IntLogCriticalProcessHasDied(), IntLogCurrentIP(), IntLogExceptionRecord(), IntLogGuestRegisters(), IntLogProcessInfo(), IntLogStackTrace(), IntLogTrapFrame(), IntMemClkDump(), IntWinBcLogBsodEvent(), IntWinDumpEflags(), IntWinDumpSid(), IntWinLogVAInfo(), IntWinProcDump(), IntWinProcDumpEgFlags(), IntWinProcDumpVads(), IntWinVadDump(), and IntWinVadShortDump().

◆ PHYS_MAP_FLG_NO_FASTMAP

#define PHYS_MAP_FLG_NO_FASTMAP 0x80000000

Indicates that IntPhysMemMap should not use the fast memory mapping mechanism.

This is always true for hypervisors that are not Napoca

Definition at line 71 of file glue.h.

Referenced by IntGpaCacheAddEntry(), and IntPhysMemMap().

◆ TRACE

#define TRACE	(	fmt,
		...
	)	INT_LOG(intLogLevelDebug, fmt, ##__VA_ARGS__)

Definition at line 58 of file glue.h.

◆ WARNING

#define WARNING	(	fmt,
		...
	)	INT_LOG(intLogLevelWarning, fmt, ##__VA_ARGS__)

Definition at line 60 of file glue.h.

Referenced by DbgDumpCodeblocks(), DbgLogFilePath(), IntAddRemoveProtectedProcessUtf8(), IntAlertCoreGetFlags(), IntAlertCreateCbSignature(), IntAlertEptFillFromVictimZone(), IntAlertFillCodeBlocks(), IntAlertFillVersionInfo(), IntAlertProcGetFlags(), IntCamiClearUpdateBuffer(), IntCamiLoadWindows(), IntCamiSetUpdateBuffer(), IntCamiUpdateProcessProtectionInfoLix(), IntCamiUpdateProcessProtectionInfoWin(), IntCrLixHandleWrite(), IntCrSendAlert(), IntDecDecodeInstructionAtRipWithCache(), IntDecGetWrittenValueFromInstruction(), IntDetCallCallback(), IntDetGetArguments(), IntDetHandleWrite(), IntDetIsPtrInHandler(), IntDetRelocate(), IntDetSendIntegrityAlert(), IntDetSetHook(), IntDetSetLixHook(), IntDisasmLixFunction(), IntDtrSendAlert(), IntDumpBuffer(), IntEngSendExecViolation(), IntExceptDumpSignatures(), IntExceptGetOriginatorFromModification(), IntExceptGetVictimEpt(), IntExceptKernelUserMatchProcessHash(), IntExceptLixKernelGetOriginator(), IntExceptUserGetExecOriginator(), IntExceptUserGetOriginator(), IntExceptVerifyCodeBlocksSig(), IntExceptVerifyExportSig(), IntExceptVerifyValueCodeSig(), IntExceptWinKernelGetOriginator(), IntFindKernelPcr(), IntFragDumpBlocks(), IntFragExtractCodeBlocks(), IntFragExtractCodePattern(), IntFragExtractPattern(), IntGdtrProtect(), IntGetValueFromOperand(), IntGetVersionString(), IntGuestInit(), IntGuestIsSafeToDisable(), IntGuestUpdateCoreOptions(), IntHandleBreakpoint(), IntHandleDtrViolation(), IntHandleEptViolation(), IntHandleEventInjection(), IntHandleExecCallback(), IntHookGvaEnableHooks(), IntHookPtsCheckIntegrity(), IntHookPtsCleanupList(), IntIdtrProtect(), IntInjectFileAgentInGuest(), IntInjectProcessAgentInGuest(), IntIntegrityIsOverlappedRegions(), IntKsymExpandSymbol(), IntKsymInitAbsolute(), IntLdrFixRelocations(), IntLdrLoadPEImage(), IntLixAgentDecProcRef(), IntLixAgentHandleUserVmcall(), IntLixAgentInject(), IntLixAgentResolveOffset(), IntLixAgentSendEvent(), IntLixAgentThreadInject(), IntLixCmdLineSendViolationEvent(), IntLixCrashDumpDmesg(), IntLixCrashHandle(), IntLixDrvActivateProtection(), IntLixDrvIsLegitimateTextPoke(), IntLixDrvIterateList(), IntLixDrvRemoveDuplicate(), IntLixDrvSendEvent(), IntLixDrvSendViolationEvent(), IntLixEngExecSendNotification(), IntLixFindDataStart(), IntLixGuestDeployUninitAgent(), IntLixGuestFindKernel(), IntLixGuestFindKernelVersionAndRo(), IntLixGuestInit(), IntLixGuestIsKptiActive(), IntLixGuestNew(), IntLixGuestParseVersion(), IntLixGuestResolveOffsets(), IntLixHookKernelWrite(), IntLixIdtProtectOnCpu(), IntLixIdtWriteHandler(), IntLixKernelHandleRead(), IntLixMmFetchVma(), IntLixMsrHandleWrite(), IntLixNetGetConnectionFromSocket(), IntLixNetSendConnectionEvent(), IntLixPatchHandler(), IntLixPatchSwapgs(), IntLixProcUpdateProtectedProcess(), IntLixResolveCurrentCpuOffset(), IntLixResolveExeFileOffset(), IntLixResolveThreadStructOffset(), IntLixTaskActivateExploitProtection(), IntLixTaskAdd(), IntLixTaskChangeProtectionFlags(), IntLixTaskCreate(), IntLixTaskDeactivateProtection(), IntLixTaskDestroy(), IntLixTaskFetchCmdLine(), IntLixTaskGetCurrentTaskStruct(), IntLixTaskHandlePtrace(), IntLixTaskIsUserStackPivoted(), IntLixTaskIterateTasks(), IntLixTaskSendAgentEvent(), IntLixTaskSendBlockedEvent(), IntLixTaskSendCredViolationEvent(), IntLixTaskSendExceptionEvent(), IntLixTaskSendInjectionEvent(), IntLixTaskSendTaskEvent(), IntLixVdsoDynamicProtect(), IntLixVdsoDynamicProtectRelocate(), IntLixVdsoHandleWriteCommon(), IntLixVdsoProtect(), IntLixVdsoResolveDynamicOffset(), IntLixVmaHandlePageExecution(), IntLixVmaProtect(), IntMemClkHandleWrite(), IntMtblCheckAccess(), IntMtblIsPtrInReloc(), IntMtblPatchInstruction(), IntNewGuestNotification(), IntPeFindExportByName(), IntPeFindExportByNameInBuffer(), IntPeFindExportByOrdinal(), IntPeFindFunctionStart(), IntPeFindFunctionStartInBuffer(), IntPeGetExportNameByRva(), IntPeGetSectionHeaderByRva(), IntPeGetSectionHeadersByName(), IntPeParseUnwindData(), IntPeParseUnwindDataInBuffer(), IntPeValidateHeader(), IntPeValidateOptionalHeader(), IntPtiCompleteLoader(), IntSerializeCodeBlocks(), IntSerializeExtractCodeBlocks(), IntShcIsSuspiciousCode(), IntSlackSendIntegrityAlert(), IntStackAnalyzePointer(), IntSwapgsIsPtrInHandler(), IntThrSafeInspectRunningThreads(), IntThrSafeIsLiveRIPInIntro(), IntThrSafeIsStackPtrInIntro(), IntThrSafeLixInspectWaitingThread(), IntThrSafeMoveReturn(), IntThrSafeMoveRip(), IntThrSafeWinGetCurrentStack(), IntThrSafeWinInspectWaitingThread(), IntUDRemoveAllEntriesForCr3(), IntUpdateAddUmException(), IntUpdateCreateCbSignatureFromAlert(), IntUpdateLoadExceptions(), IntValidatePageRights(), IntValidatePageRightsEx(), IntVasStartMonitorVaSpace(), IntVeDeployAgent(), IntVeHandleAccess(), IntVeHandleEPTViolationInProtectedView(), IntVeUnlockDriver(), IntWinAgentCheckIfProcessAgentAndDecrement(), IntWinAgentHandleAppVmcall(), IntWinAgentHandleDriverVmcall(), IntWinAgentIsPtrInTrampoline(), IntWinApiHook(), IntWinApiHookAll(), IntWinBcSendBsodEvent(), IntWinCrashHandleDepViolation(), IntWinDagentHandleDoubleAgent(), IntWinDagentHandleSuspModHeaders(), IntWinDepComplete(), IntWinDepDeploy(), IntWinDpiSendProcessCreationViolation(), IntWinDpiValidatePivotedStack(), IntWinDpiValidateThreadStart(), IntWinDpiValidateTokenPrivs(), IntWinDrvHeadersInMemory(), IntWinDrvObjCreateFromAddress(), IntWinDrvObjHandleWrite(), IntWinDrvObjSendEptAlert(), IntWinDrvObjSendIntegrityAlert(), IntWinDrvRemoveFromAddress(), IntWinDrvSendAlert(), IntWinDrvSendEvent(), IntWinEngExecSendNotification(), IntWinGetActiveCpuCount(), IntWinGuestFindDriversNamespace(), IntWinGuestFindKernel(), IntWinGuestFinishInit(), IntWinGuestIsIncreasedUserVa(), IntWinGuestIsSystemCr3(), IntWinGuestNew(), IntWinGuestReadKernel(), IntWinGuestValidateKernel(), IntWinHalFindHalHeapAndInterruptController(), IntWinHalFindPerformanceCounterInternal(), IntWinHalHandleHalHeapExec(), IntWinHalProtectHalHeapExecs(), IntWinHalReadHal(), IntWinHalSendAlert(), IntWinHalSendPerfCntIntegrityAlert(), IntWinIdtSendIntegrityAlert(), IntWinIdtWriteHandler(), IntWinInfHookEptSppSendAlert(), IntWinInfHookGetWmiLoggerGetCpuClock(), IntWinInfHookIntegritySendAlert(), IntWinInfHookProtect(), IntWinInfHookSiloWmiPtrIntegrityCallback(), IntWinInfHookSppViolationCallbackWmiPtrChanged(), IntWinIntObjSendIntegrityAlert(), IntWinModBlockHandleExecution(), IntWinModFillDriverInjectionData(), IntWinModHandleExportsInMemory(), IntWinModHandleKernelWrite(), IntWinModHandleUserWrite(), IntWinModHookModule(), IntWinModPolyHandler(), IntWinMsrSendAlert(), IntWinNetGetTcpEndpoint(), IntWinNetGetTcpListener(), IntWinNetIterateConnections(), IntWinNetIterateLinkedList(), IntWinNetParseTcpBitmap(), IntWinNetParseTcpPartition(), IntWinNetSendConnectionEvent(), IntWinObjCancelRootTransactions(), IntWinPfnLockAddress(), IntWinPfnModifyRefCount(), IntWinPfnUnlockAddress(), IntWinPowFromGuestToIntroPowState(), IntWinProcCreateProcessObject(), IntWinProcHandleCopyMemory(), IntWinProcHandleInstrument(), IntWinProcIsExploitGuardEnabled(), IntWinProcMarkAsSystemProcess(), IntWinProcProtect(), IntWinProcReadCommandLine(), IntWinProcSendAgentEvent(), IntWinProcSendDllEvent(), IntWinProcSendProcessEvent(), IntWinProcSendProcessExceptionEvent(), IntWinProcUpdateProtectedProcess(), IntWinProcValidateSystemCr3(), IntWinReadToken(), IntWinSDCheckAclIntegrity(), IntWinSDCheckSecDescIntegrity(), IntWinSDDumpAclEntries(), IntWinSDDumpSecDesc(), IntWinSDFindAcls(), IntWinSDGatherAcl(), IntWinSDIsAclEdited(), IntWinSDIsSecDescPtrAltered(), IntWinSDProcessAcl(), IntWinSDProtectSecDesc(), IntWinSDReadSecDesc(), IntWinSDSendAclIntegrityViolation(), IntWinSDSendSecDescIntViolation(), IntWinSelfMapHandleCr3SelfMapModification(), IntWinSelfMapHandleCr3SelfMapWrite(), IntWinSendCmdLineViolation(), IntWinStackTraceGet32(), IntWinStackTraceGet64(), IntWinStackTraceGetUser32(), IntWinStackUserCheckIsPivoted(), IntWinStackUserTrapFrameGetGeneric(), IntWinStackWow64CheckIsPivoted(), IntWinSudCheckIntegrity(), IntWinSudSendSudExecAlert(), IntWinSudSendSudIntegrityAlert(), IntWinThrHandleQueueApc(), IntWinThrHandleThreadHijack(), IntWinTokenCheckCurrentPrivileges(), IntWinTokenPrivsCheckIntegrityOnProcess(), IntWinTokenPrivsSendEptAlert(), IntWinTokenPrivsSendIntegrityAlert(), IntWinTokenProtectPrivs(), IntWinTokenPtrCheckIntegrityOnProcess(), IntWinUmModCacheFillHeaders(), IntWinUmModCacheSetHeaders(), IntWinUmPathCreate(), IntWinVadHandleDeleteGeneric(), IntWinVadHandleInsertGeneric(), IntWinVadHandleProtectGeneric(), IntWinVadIsExecSuspicious(), and IntWinVadIsInTree().

Function Documentation

◆ GlueIsScanEnginesApiAvailable()

BOOLEAN GlueIsScanEnginesApiAvailable ( void )

Checks if the third party memory scanning engines are present.

If the API needed for the scanning engines is not present, the support will be considered to be off and the feature will not be available.

Return values

True	if the API is implemented
False	if it is not

Definition at line 1284 of file glue.c.

Referenced by IntWinProcCreateProcessObject().

◆ GlueIsSppApiAvailable()

BOOLEAN GlueIsSppApiAvailable ( void )

Checks if the SPP APIs in GLUE_IFACE are implemented.

Checks if GLUE_IFACE.GetSPPPageProtection and GLUE_IFACE.SetSPPPageProtection are implemented. These APIs are optional and their absence is treated as if the hypervisor does not have support for Intel SPP.

Return values

True	if the APIs are available
False	if the APIs are not available

Definition at line 705 of file glue.c.

Referenced by IntHookGpaInit().

◆ GlueIsVeApiAvailable()

BOOLEAN GlueIsVeApiAvailable ( void )

Checks if the virtualization exception API is implemented.

If at least one of the APIs is not implemented, we will not use the #VE filtering mechanism even if the INTRO_OPT_VE option is used.

Return values

True	if the API is implemented
False	if it is not

Definition at line 1261 of file glue.c.

Referenced by IntVeInit().

◆ GluePauseVcpus()

INTSTATUS GluePauseVcpus ( void )

Definition at line 481 of file glue.c.

Referenced by IntPauseVcpus().

◆ GlueResumeVcpus()

INTSTATUS GlueResumeVcpus ( void )

Definition at line 490 of file glue.c.

Referenced by IntResumeVcpus().

◆ IntBugCheck()

__noreturn void IntBugCheck ( void )

Definition at line 917 of file glue.c.

Referenced by IntDecEmulateRead(), IntGetCurrentCpu(), IntGetGprs(), IntHandleMemAccess(), IntHookGetGlaFromGpaHook(), IntLixCredRemove(), IntSpinLockAcquire(), IntSpinLockRelease(), IntWinAgentHandleBreakpointAgent(), IntWinAgentHandleLoader1Hypercall(), IntWinAgentHandleLoader2Hypercall(), IntWinAgentReleaseBootstrap(), IntWinSudHandleSudExec(), strlcat(), strlcpy(), and wstrlcpy().

◆ IntCreateEPT()

INTSTATUS IntCreateEPT ( DWORD * EptIndex )

Definition at line 1168 of file glue.c.

Referenced by IntVeInit().

◆ IntDestroyEPT()

INTSTATUS IntDestroyEPT ( DWORD EptIndex )

Definition at line 1182 of file glue.c.

Referenced by IntVeInit(), and IntVeUnInit().

◆ IntDisableCrWriteExit()

INTSTATUS IntDisableCrWriteExit ( DWORD Cr )

Definition at line 556 of file glue.c.

Referenced by IntHookCrRemoveHook().

◆ IntDisableMsrExit()

INTSTATUS IntDisableMsrExit	(	DWORD	Msr,
		BOOLEAN *	OldValue
	)

Definition at line 509 of file glue.c.

Referenced by IntHookMsrRemoveHook().

◆ IntEnableCrWriteExit()

INTSTATUS IntEnableCrWriteExit ( DWORD Cr )

Definition at line 547 of file glue.c.

Referenced by IntHookCrSetHook().

◆ IntEnableMsrExit()

INTSTATUS IntEnableMsrExit	(	DWORD	Msr,
		BOOLEAN *	OldValue
	)

Definition at line 499 of file glue.c.

Referenced by IntHookMsrSetHook().

◆ IntFlushEPTPermissions()

INTSTATUS IntFlushEPTPermissions ( void )

Definition at line 1242 of file glue.c.

Referenced by IntHookPtmAddTable(), IntValidatePageRights(), and IntValidatePageRightsEx().

◆ IntGetAgentContent()

INTSTATUS IntGetAgentContent	(	DWORD	AgentTag,
		BOOLEAN	Is64,
		DWORD *	Size,
		BYTE **	Content
	)

Definition at line 1066 of file glue.c.

Referenced by IntLixDepGetInternalContent(), and IntWinDepInjectProcess().

◆ IntGetEPTPageConvertible()

INTSTATUS IntGetEPTPageConvertible	(	DWORD	EptIndex,
		QWORD	Address,
		BOOLEAN *	Convertible
	)

Definition at line 1210 of file glue.c.

Referenced by IntHookGpaFindConvertible(), IntVeDumpVeInfoPage(), and IntVeHandleEPTViolationInProtectedView().

◆ IntGetEPTPageProtection()

INTSTATUS IntGetEPTPageProtection	(	DWORD	EptIndex,
		QWORD	Gpa,
		BYTE *	Read,
		BYTE *	Write,
		BYTE *	Execute
	)

Definition at line 659 of file glue.c.

Referenced by DbgCheckEpt(), IntDbgCheckHooks(), IntHookGpaDump(), IntValidatePageRights(), IntValidatePageRightsEx(), IntVeHandleEPTViolationInProtectedView(), IntVeHandleSwap(), and IntWinHalProtectHalHeapExecs().

◆ IntGetSPPPageProtection()

INTSTATUS IntGetSPPPageProtection	(	QWORD	Gpa,
		QWORD *	Spp
	)

Definition at line 685 of file glue.c.

◆ IntGlueInit()

INTSTATUS IntGlueInit	(	GLUE_IFACE const *	GlueInterface,
		UPPER_IFACE const *	UpperInterface
	)

Initializes the instances of GLUE_IFACE and UPPER_IFACE that will be used.

This is one of the first functions called when introcore starts, it needs to set up the interfaces used for communication with the integrator. On Napoca, it will also initialize the fast page map mechanism. Failure to initialize this is not treated as an error, and initialization can continue. Once this function returns, gIface and gUpIface can safely be used to call functions exposed by the integrator. It is important to note, that a failure reported by this function can't even be logged, as there is no logging API available before gUpIface is initialized.

Parameters

[in]	GlueInterface	Instance of the GLUE_IFACE interface which has the APIs exposed by the integrator initialized
[in]	UpperInterface	Instance of the UPPER_IFACE interface which has the APIs exposed by the integrator initialized

Return values

INT_STATUS_SUCCESS	in case of success
INT_STATUS_ALREADY_INITIALIZED_HINT	if gIface or gUpIface is already initialized
INT_STATUS_NOT_SUPPORTED	if the sizes reported inside the interfaces do not match GLUE_IFACE_VERSION_LATEST or GLUE_IFACE_VERSION_LATEST_SIZE, or the versions reported inside the interfaces do not match UPPER_IFACE_VERSION_LATEST or UPPER_IFACE_VERSION_LATEST_SIZE
INT_STATUS_INVALID_PARAMETER_1	if one of the mandatory APIs inside GLUE_IFACE are not found in GlueInterface
INT_STATUS_INVALID_PARAMETER_2	if one of the mandatory APIs inside UPPER_IFACE are not found in UpperInterface

Definition at line 101 of file glue.c.

Referenced by IntInit().

◆ IntGlueReset()

void IntGlueReset ( void )

Resets the global glue state (gIface. gUpIface, gIntHandle, gEventId, etc)

Definition at line 77 of file glue.c.

Referenced by IntPreinit(), and IntUninit().

◆ IntGpaToHpa()

INTSTATUS IntGpaToHpa	(	QWORD	Gpa,
		QWORD *	Hpa
	)

Definition at line 240 of file glue.c.

Referenced by IntPhysMemFastMap().

◆ IntInjectTrap()

INTSTATUS IntInjectTrap	(	DWORD	CpuNumber,
		BYTE	TrapNumber,
		DWORD	ErrorCode,
		QWORD	Cr2
	)

Definition at line 1030 of file glue.c.

Referenced by IntInjectExceptionInGuest().

◆ IntNotifyEngines()

INTSTATUS IntNotifyEngines ( void * Parameters )

Definition at line 1004 of file glue.c.

Referenced by IntLixCmdLineInspect(), IntLixEngExecSendNotification(), IntWinEngExecSendNotification(), and IntWinInspectCommandLine().

◆ IntNotifyIntroActive()

INTSTATUS IntNotifyIntroActive ( void )

Definition at line 927 of file glue.c.

Referenced by IntLixGuestInitAgentCompletion(), and IntWinGuestFinishInit().

◆ IntNotifyIntroDetectedOs()

INTSTATUS IntNotifyIntroDetectedOs	(	INTRO_GUEST_TYPE	OsType,
		DWORD	OsVersion,
		BOOLEAN	Is64
	)

Wrapper over GLUE_IFACE.NotifyIntrospectionDetectedOs.

Simply encapsulates the guest information into a GUEST_INFO structure and sends it to the integrator.

Parameters

[in]	OsType	The type of the OS
[in]	OsVersion	The version of the OS kernel
[in]	Is64	True for 64-bit kernels, False for 32-bit kernels

Returns: INT_STATUS_SUCCESS if successful, or an appropriate INTSTATUS error value

Definition at line 955 of file glue.c.

Referenced by IntLixGuestNew(), and IntWinGuestFinishInit().

◆ IntNotifyIntroErrorState()

INTSTATUS IntNotifyIntroErrorState	(	INTRO_ERROR_STATE	State,
		INTRO_ERROR_CONTEXT *	Context
	)

Definition at line 989 of file glue.c.

Referenced by IntGuestDisableIntro(), IntGuestHandleCr3Write(), IntNewGuestNotification(), IntWinProcProtect(), and IntWinProcUpdateProtection().

◆ IntNotifyIntroEvent()

INTSTATUS IntNotifyIntroEvent	(	INTRO_EVENT_TYPE	EventClass,
		void *	Param,
		size_t	EventSize
	)

Notifies the integrator about an introspection alert.

It also sets the exception information inside the event before sending it

Parameters

[in]	EventClass	The type of the event
[in]	Param	The event buffer
[in]	EventSize	The size of the Param buffer, in bytes

Returns: INT_STATUS_SUCCESS if successful, or an appropriate INTSTATUS error value

Definition at line 1042 of file glue.c.

Referenced by IntAgentHandleLogGatherVmcall(), IntAgentHandleRemediationVmcall(), IntCrSendAlert(), IntDetSendIntegrityAlert(), IntDtrSendAlert(), IntEngSendExecViolation(), IntHookGvaEnableHooks(), IntHookPtsCheckIntegrity(), IntLixAgentHandleUserVmcall(), IntLixAgentSendEvent(), IntLixCmdLineSendViolationEvent(), IntLixCrashSendPanicEvent(), IntLixDrvSendEvent(), IntLixDrvSendViolationEvent(), IntLixIdtWriteHandler(), IntLixKernelHandleRead(), IntLixMsrHandleWrite(), IntLixNetSendConnectionEvent(), IntLixTaskSendAgentEvent(), IntLixTaskSendBlockedEvent(), IntLixTaskSendCredViolationEvent(), IntLixTaskSendExceptionEvent(), IntLixTaskSendInjectionEvent(), IntLixTaskSendTaskEvent(), IntLixVdsoHandleWriteCommon(), IntLixVmaHandlePageExecution(), IntSendMessage(), IntSlackSendIntegrityAlert(), IntVeHandleAccess(), IntVeHandleEPTViolationInProtectedView(), IntWinAgentHandleAppVmcall(), IntWinAgentHandleDriverVmcall(), IntWinBcSendBsodEvent(), IntWinCrashHandleDepViolation(), IntWinDagentSendDoubleAgentAlert(), IntWinDepComplete(), IntWinDepDeploy(), IntWinDpiSendProcessCreationViolation(), IntWinDrvObjSendEptAlert(), IntWinDrvObjSendIntegrityAlert(), IntWinDrvSendAlert(), IntWinDrvSendEvent(), IntWinHalHandleDispatchTableWrite(), IntWinHalHandleHalHeapExec(), IntWinHalSendAlert(), IntWinHalSendPerfCntIntegrityAlert(), IntWinIdtSendIntegrityAlert(), IntWinIdtWriteHandler(), IntWinInfHookEptSppSendAlert(), IntWinInfHookIntegritySendAlert(), IntWinIntObjSendIntegrityAlert(), IntWinModHandleKernelWrite(), IntWinModHandleUserWrite(), IntWinModPolyHandler(), IntWinMsrSendAlert(), IntWinNetSendConnectionEvent(), IntWinProcHandleCopyMemory(), IntWinProcHandleInstrument(), IntWinProcSendAgentEvent(), IntWinProcSendDllEvent(), IntWinProcSendProcessEvent(), IntWinProcSendProcessExceptionEvent(), IntWinProcValidateSystemCr3(), IntWinSDSendAclIntegrityViolation(), IntWinSDSendSecDescIntViolation(), IntWinSelfMapHandleCr3SelfMapModification(), IntWinSelfMapHandleCr3SelfMapWrite(), IntWinSendCmdLineViolation(), IntWinSudSendSudExecAlert(), IntWinSudSendSudIntegrityAlert(), IntWinThrHandleQueueApc(), IntWinThrHandleThreadHijack(), IntWinTokenPrivsSendEptAlert(), IntWinTokenPrivsSendIntegrityAlert(), IntWinTokenPtrCheckIntegrityOnProcess(), and IntWinVadIsExecSuspicious().

◆ IntNotifyIntroInactive()

INTSTATUS IntNotifyIntroInactive ( void )

Definition at line 941 of file glue.c.

Referenced by IntGuestUninit().

◆ IntPhysMemGetTypeFromMtrrs()

INTSTATUS IntPhysMemGetTypeFromMtrrs	(	QWORD	Gpa,
		IG_MEMTYPE *	MemType
	)

Definition at line 537 of file glue.c.

Referenced by IntPhysMemFastMap().

◆ IntPhysMemMap()

__must_check INTSTATUS IntPhysMemMap	(	QWORD	PhysAddress,
		DWORD	Length,
		DWORD	Flags,
		void **	HostPtr
	)

Maps a guest physical address inside Introcore VA space.

IntPhysMemUnmap must be used to unmap memory obtained from this function. For scenarios in which Introcore runs directly inside the VMX root, and if the fast map mechanism is implemented (by providing a GLUE_IFACE.ReserveVaSpaceWithPt implementation), it will map the page directly inside a predefined range reserved at startup. In this way, we avoid making long, slow calls to mapping APIs, which has a significant performance impact. If the fast mapping is not available, or no more free pages are found, we use the standard mapping API: GLUE_IFACE.PhysMemMapToHost. For most use-cases this is true, and this function can be considered a thin wrapper over GLUE_IFACE.PhysMemMapToHost.

Parameters

[in]	PhysAddress	The guest physical address to be mapped
[in]	Length	The size to be mapped, in bytes
[in]	Flags	Flags that control the mapping. Either 0 or PHYS_MAP_FLG_NO_FASTMAP. PHYS_MAP_FLG_NO_FASTMAP is ignored if the hypervisor is not Napoca, since that is true by default in those cases.
[out]	HostPtr	On success, will hold a pointer to the memory at which PhysicalAddress is mapped

Returns: INT_STATUS_SUCCESS if successful, or an appropriate INTSTATUS error value

Definition at line 338 of file glue.c.

Referenced by IntDecEmulatePageWalk(), IntDumpCodeAndRegs(), IntGpaCacheAddEntry(), IntIterateVirtualAddressSpaceRec(), IntLixGuestFindKernelVersionAndRo(), IntMapGpaForTranslation(), IntPeFindFunctionStart(), IntPhysMemReadWrite(), IntPhysMemReadWriteAnySize(), IntVasHookTables(), IntVeHandleSwap(), IntVeSetVeInfoPage(), IntVirtMemMap(), IntVirtMemSafeWrite(), IntWinDrvObjIsValidDriverObject(), IntWinGuestFindSelfMapIndex(), IntWinGuestIsSystemCr3(), IntWinHalFindHalHeapAndInterruptController(), IntWinSelfMapHandleCr3SelfMapModification(), and IntWinSelfMapHandleCr3SelfMapWrite().

◆ IntPhysMemUnmap()

INTSTATUS IntPhysMemUnmap ( void ** HostPtr )

Unmaps an address previously mapped with IntPhysMemMap.

This function handles the cases in which memory came from the fast mapping mechanism by checking if the provided address is in the range [gFastPaPageBase, gFastPaPageBase + gFastPaPagesCount * PAGE_SIZE]. For most use-cases this is a thin wrapper over GLUE_IFACE.PhysMemUnmap.

Parameters

[in,out] HostPtr Points to the address at the start of the area that must be unmapped. Must be the same address as obtained from IntPhysMemMap, partial unmaps are not possible. After this function returns it will point to NULL and the old address is no longer valid.

Returns: INT_STATUS_SUCCESS if successful, or an appropriate INTSTATUS error value

Definition at line 396 of file glue.c.

Referenced by IntDecEmulatePageWalk(), IntDumpCodeAndRegs(), IntGpaCacheAddEntry(), IntGpaCacheFlush(), IntGpaCacheRelease(), IntGpaCacheUnInit(), IntIterateVirtualAddressSpaceRec(), IntLixGuestFindKernelVersionAndRo(), IntPeFindFunctionStart(), IntPhysMemReadWrite(), IntUnmapGpaForTranslation(), IntVasHookTables(), IntVeHandleSwap(), IntVeSetVeInfoPage(), IntVirtMemSafeWrite(), IntVirtMemUnmap(), IntWinDrvObjIsValidDriverObject(), IntWinGuestFindSelfMapIndex(), IntWinGuestIsSystemCr3(), IntWinHalFindHalHeapAndInterruptController(), IntWinSelfMapHandleCr3SelfMapModification(), and IntWinSelfMapHandleCr3SelfMapWrite().

◆ IntQueryGuestInfo()

INTSTATUS IntQueryGuestInfo	(	DWORD	InfoClass,
		void *	InfoParam,
		void *	Buffer,
		DWORD	BufferLength
	)

◆ IntQueryHeapSize()

INTSTATUS IntQueryHeapSize	(	size_t *	TotalHeapSize,
		size_t *	FreeHeapSize
	)

Definition at line 1112 of file glue.c.

Referenced by IntLixCrashEnoughHeapAvailable(), and IntWinProcIsEnoughHeapAvailable().

◆ IntRegisterBreakpointHandler()

INTSTATUS IntRegisterBreakpointHandler ( PFUNC_IntBreakpointCallback Callback )

Definition at line 583 of file glue.c.

Referenced by IntEnableBreakpointNotifications(), and IntWinGuestInit().

◆ IntRegisterCrWriteHandler()

INTSTATUS IntRegisterCrWriteHandler ( PFUNC_IntCrWriteCallback Callback )

Definition at line 565 of file glue.c.

Referenced by IntEnableCrNotifications().

◆ IntRegisterDtrHandler()

INTSTATUS IntRegisterDtrHandler ( PFUNC_IntIntroDescriptorTableCallback Callback )

Definition at line 777 of file glue.c.

Referenced by IntEnableDtrNotifications().

◆ IntRegisterEnginesResultCallback()

INTSTATUS IntRegisterEnginesResultCallback ( PFUNC_IntEventEnginesResultCallback Callback )

Thin wrapper over the optional GLUE_IFACE.RegisterEnginesResultCallback API.

Parameters

[in] Callback The callback to be registered

Returns: Since the API is optional, it either returns the same values as the API, or INT_STATUS_NOT_NEEDED_HINT if it is not implemented

Definition at line 619 of file glue.c.

Referenced by IntCallbacksInit().

◆ IntRegisterEPTHandler()

INTSTATUS IntRegisterEPTHandler ( PFUNC_IntEPTViolationCallback Callback )

Definition at line 723 of file glue.c.

Referenced by IntEnableEptNotifications().

◆ IntRegisterEventInjectionHandler()

INTSTATUS IntRegisterEventInjectionHandler ( PFUNC_IntEventInjectionCallback Callback )

Definition at line 601 of file glue.c.

Referenced by IntCallbacksInit().

◆ IntRegisterIntroCallHandler()

INTSTATUS IntRegisterIntroCallHandler ( PFUNC_IntIntroCallCallback Callback )

Definition at line 741 of file glue.c.

Referenced by IntCallbacksInit().

◆ IntRegisterMSRHandler()

INTSTATUS IntRegisterMSRHandler ( PFUNC_IntMSRViolationCallback Callback )

Definition at line 519 of file glue.c.

Referenced by IntEnableMsrNotifications().

◆ IntRegisterVmxTimerHandler()

INTSTATUS IntRegisterVmxTimerHandler ( PFUNC_IntIntroTimerCallback Callback )

Definition at line 759 of file glue.c.

Referenced by IntCallbacksInit().

◆ IntRegisterXcrWriteHandler()

INTSTATUS IntRegisterXcrWriteHandler ( PFUNC_IntXcrWriteCallback Callback )

Definition at line 795 of file glue.c.

Referenced by IntEnableXcrNotifications().

◆ IntReleaseBuffer()

INTSTATUS IntReleaseBuffer	(	void *	Buffer,
		DWORD	Size
	)

Definition at line 1083 of file glue.c.

Referenced by IntCamiClearUpdateBuffer(), IntLixAgentThreadFree(), and IntWinAgentFree().

◆ IntReserveVaSpaceWithPt()

INTSTATUS IntReserveVaSpaceWithPt	(	void **	FirstPageBase,
		DWORD *	PagesCount,
		void **	PtBase
	)

Reserves a contiguous region of virtual memory which will then be used to map physical pages.

Will return the base address of the region, the number of pages reserved , and the Page Table base, which maps the given virtual address range. Calling this function more than once should be avoided.

Parameters

[in]	FirstPageBase	On success, will contain the start of the virtual address range
[in]	PagesCount	On success, will contain the number of pages reserved
[in]	PtBase	On success, will contain a pointer to the page table that was reserved

Return values

INT_STATUS_SUCCESS	in case of success
INT_STATUS_OPERATION_NOT_IMPLEMENTED	if GLUE_IFACE.ReserveVaSpaceWithPt is not implemented. Since this API is optional, this should not be treated as a fatal error

Definition at line 451 of file glue.c.

Referenced by IntGlueInit().

◆ IntRwSpinLockAcquireExclusive()

INTSTATUS IntRwSpinLockAcquireExclusive ( void * SpinLock )

Definition at line 890 of file glue.c.

◆ IntRwSpinLockAcquireShared()

INTSTATUS IntRwSpinLockAcquireShared ( void * SpinLock )

Definition at line 881 of file glue.c.

◆ IntRwSpinLockInit()

INTSTATUS IntRwSpinLockInit	(	void **	SpinLock,
		char *	Name
	)

Definition at line 862 of file glue.c.

◆ IntRwSpinLockReleaseExclusive()

INTSTATUS IntRwSpinLockReleaseExclusive ( void * SpinLock )

Definition at line 908 of file glue.c.

◆ IntRwSpinLockReleaseShared()

INTSTATUS IntRwSpinLockReleaseShared ( void * SpinLock )

Definition at line 899 of file glue.c.

◆ IntRwSpinLockUnInit()

INTSTATUS IntRwSpinLockUnInit ( void ** SpinLock )

Definition at line 872 of file glue.c.

◆ IntSendMessage()

INTSTATUS IntSendMessage ( char const * Message )

Sends an Introcore message.

This will encapsulate Message inside a EVENT_INTROSPECTION_MESSAGE structure and will send an event of type introEventMessage

Parameters

[in] Message NULL terminated string with the message

Returns: INT_STATUS_SUCCESS if successful, or an appropriate INTSTATUS error value

Definition at line 1130 of file glue.c.

◆ IntSetEPTPageConvertible()

INTSTATUS IntSetEPTPageConvertible	(	DWORD	EptIndex,
		QWORD	Address,
		BOOLEAN	Convertible
	)

Definition at line 1226 of file glue.c.

Referenced by IntHookGpaEnableDisableVe(), IntHookGpaSetHook(), and IntHookGpaSetNewPageProtection().

◆ IntSetEPTPageProtection()

INTSTATUS IntSetEPTPageProtection	(	DWORD	EptIndex,
		QWORD	Gpa,
		BYTE	Read,
		BYTE	Write,
		BYTE	Execute
	)

Definition at line 672 of file glue.c.

Referenced by IntHookGpaEnableDisablePtCache(), IntHookGpaSetHook(), IntHookGpaSetNewPageProtection(), IntValidatePageRights(), IntValidatePageRightsEx(), IntVeEnableDisableDriverAccessInProtectedView(), IntVeHandleSwap(), and IntVeInit().

◆ IntSetIntroEmulatorContext()

INTSTATUS IntSetIntroEmulatorContext	(	DWORD	CpuNumber,
		QWORD	VirtualAddress,
		DWORD	BufferSize,
		BYTE *	Buffer
	)

Definition at line 1018 of file glue.c.

Referenced by IntHandleEptViolation().

◆ IntSetSPPPageProtection()

INTSTATUS IntSetSPPPageProtection	(	QWORD	Gpa,
		QWORD	Spp
	)

Definition at line 695 of file glue.c.

Referenced by IntHookGpaSetHook(), and IntHookGpaSetNewPageProtection().

◆ IntSetVEInfoPage()

INTSTATUS IntSetVEInfoPage	(	DWORD	CpuNumber,
		QWORD	VeInfoGpa
	)

Definition at line 1153 of file glue.c.

Referenced by IntVeSetVeInfoPage().

◆ IntSpinLockAcquire()

void IntSpinLockAcquire ( void * SpinLock )

Definition at line 833 of file glue.c.

Referenced by IntAddExceptionFromAlert(), IntAddRemoveProtectedProcessUtf16(), IntAddRemoveProtectedProcessUtf8(), IntDisableIntro(), IntEnginesResultCallback(), IntFlushAlertExceptions(), IntFlushGpaCache(), IntGetCurrentInstructionLength(), IntGetCurrentInstructionMnemonic(), IntGetCurrentIntroOptions(), IntGetExceptionsVersion(), IntGetGuestInfo(), IntGetSupportVersion(), IntGetVersionString(), IntHandleBreakpoint(), IntHandleCrWrite(), IntHandleDtrViolation(), IntHandleEptViolation(), IntHandleEventInjection(), IntHandleIntroCall(), IntHandleMsrViolation(), IntHandleTimer(), IntHandleXcrWrite(), IntInjectFileAgentInGuest(), IntInjectProcessAgentInGuest(), IntIterateVaSpace(), IntModifyDynamicOptions(), IntNewGuestNotification(), IntNotifyGuestPowerStateChange(), IntRemoveAllProtectedProcesses(), IntRemoveException(), IntSetLogLevel(), IntUpdateExceptions(), and IntUpdateSupport().

◆ IntSpinLockInit()

INTSTATUS IntSpinLockInit	(	void **	SpinLock,
		char *	Name
	)

Definition at line 813 of file glue.c.

Referenced by IntInit().

◆ IntSpinLockRelease()

void IntSpinLockRelease ( void * SpinLock )

Definition at line 848 of file glue.c.

Referenced by IntAddExceptionFromAlert(), IntAddRemoveProtectedProcessUtf16(), IntAddRemoveProtectedProcessUtf8(), IntDisableIntro(), IntEnginesResultCallback(), IntFlushAlertExceptions(), IntFlushGpaCache(), IntGetCurrentInstructionLength(), IntGetCurrentInstructionMnemonic(), IntGetCurrentIntroOptions(), IntGetExceptionsVersion(), IntGetGuestInfo(), IntGetSupportVersion(), IntGetVersionString(), IntHandleBreakpoint(), IntHandleCrWrite(), IntHandleDtrViolation(), IntHandleEptViolation(), IntHandleEventInjection(), IntHandleIntroCall(), IntHandleMsrViolation(), IntHandleTimer(), IntHandleXcrWrite(), IntInjectFileAgentInGuest(), IntInjectProcessAgentInGuest(), IntIterateVaSpace(), IntModifyDynamicOptions(), IntNewGuestNotification(), IntNotifyGuestPowerStateChange(), IntRemoveAllProtectedProcesses(), IntRemoveException(), IntSetLogLevel(), IntUpdateExceptions(), and IntUpdateSupport().

◆ IntSpinLockUnInit()

INTSTATUS IntSpinLockUnInit ( void ** SpinLock )

Definition at line 823 of file glue.c.

Referenced by IntUninit().

◆ IntSwitchEPT()

INTSTATUS IntSwitchEPT ( DWORD NewEptIndex )

Definition at line 1196 of file glue.c.

◆ IntToggleRepOptimization()

INTSTATUS IntToggleRepOptimization ( BOOLEAN Enable )

Definition at line 1098 of file glue.c.

Referenced by IntHandleEptViolation().

◆ IntUnregisterBreakpointHandler()

INTSTATUS IntUnregisterBreakpointHandler ( void )

Definition at line 592 of file glue.c.

Referenced by IntCallbacksUnInit(), and IntDisableBreakpointNotifications().

◆ IntUnregisterCrWriteHandler()

INTSTATUS IntUnregisterCrWriteHandler ( void )

Definition at line 574 of file glue.c.

Referenced by IntDisableCrNotifications().

◆ IntUnregisterDtrHandler()

INTSTATUS IntUnregisterDtrHandler ( void )

Definition at line 786 of file glue.c.

Referenced by IntDisableDtrNotifications().

◆ IntUnregisterEnginesResultCalback()

INTSTATUS IntUnregisterEnginesResultCalback ( void )

Thin wrapper over the optional GLUE_IFACE.UnregisterEnginesResultCalback API.

Returns: Since the API is optional, it either returns the same values as the API, or INT_STATUS_NOT_NEEDED_HINT if it is not implemented

Definition at line 640 of file glue.c.

Referenced by IntCallbacksUnInit().

◆ IntUnregisterEPTHandler()

INTSTATUS IntUnregisterEPTHandler ( void )

Definition at line 732 of file glue.c.

Referenced by IntDisableEptNotifications().

◆ IntUnregisterEventInjectionHandler()

INTSTATUS IntUnregisterEventInjectionHandler ( void )

Definition at line 610 of file glue.c.

Referenced by IntCallbacksUnInit().

◆ IntUnregisterIntroCallHandler()

INTSTATUS IntUnregisterIntroCallHandler ( void )

Definition at line 750 of file glue.c.

Referenced by IntCallbacksUnInit().

◆ IntUnregisterMSRHandler()

INTSTATUS IntUnregisterMSRHandler ( void )

Definition at line 528 of file glue.c.

Referenced by IntDisableMsrNotifications().

◆ IntUnregisterVmxTimerHandler()

INTSTATUS IntUnregisterVmxTimerHandler ( void )

Definition at line 768 of file glue.c.

Referenced by IntCallbacksUnInit().

◆ IntUnregisterXcrWriteHandler()

INTSTATUS IntUnregisterXcrWriteHandler ( void )

Definition at line 804 of file glue.c.

Referenced by IntDisableXcrNotifications().

Variable Documentation

◆ gCurLogBuffer

DWORD gCurLogBuffer

Used for utf16_for_log to support calling that function 8 times in a single macro.

Definition at line 58 of file glue.c.

Referenced by utf16_for_log().

◆ gLogLevel

IG_LOG_LEVEL gLogLevel

The currently used log level.

For debug builds, this defaults to intLogLevelDebug; for Release builds the default value is intLogLevelWarning. Can be changed at runtime by the integrator using the GLUE_IFACE.SetLogLevel API. INT_LOG will check this before deciding if a message will be logged or not.

Definition at line 68 of file glue.c.

Referenced by DbgSetLogLevel(), and IntSetLogLevel().

◆ GlueEnterDebugger

PFUNC_IntEnterDebugger GlueEnterDebugger

The API used to break into the debugger.

Definition at line 74 of file glue.c.

Referenced by IntDbgEnterDebugger2(), IntEnterDebugger2(), and IntGlueInit().

◆ GlueTracePrint

PFUNC_IntTracePrint GlueTracePrint

The trace API used.

Definition at line 72 of file glue.c.

Referenced by IntGlueInit().

Macros

Functions

Variables

Macro Definition Documentation

◆ CRITICAL

◆ ERROR

◆ HpAllocWithTag

◆ HpFreeAndNullWithTag

◆ INFO

◆ INT_LOG

◆ INVALID_EPTP_INDEX

◆ LOG

◆ NLOG

◆ PHYS_MAP_FLG_NO_FASTMAP

◆ TRACE

◆ WARNING

Function Documentation

◆ GlueIsScanEnginesApiAvailable()

◆ GlueIsSppApiAvailable()

◆ GlueIsVeApiAvailable()

◆ GluePauseVcpus()

◆ GlueResumeVcpus()

◆ IntBugCheck()

◆ IntCreateEPT()

◆ IntDestroyEPT()

◆ IntDisableCrWriteExit()

◆ IntDisableMsrExit()

◆ IntEnableCrWriteExit()

◆ IntEnableMsrExit()

◆ IntFlushEPTPermissions()

◆ IntGetAgentContent()

◆ IntGetEPTPageConvertible()

◆ IntGetEPTPageProtection()

◆ IntGetSPPPageProtection()

◆ IntGlueInit()

◆ IntGlueReset()

◆ IntGpaToHpa()

◆ IntInjectTrap()

◆ IntNotifyEngines()

◆ IntNotifyIntroActive()

◆ IntNotifyIntroDetectedOs()

◆ IntNotifyIntroErrorState()

◆ IntNotifyIntroEvent()

◆ IntNotifyIntroInactive()

◆ IntPhysMemGetTypeFromMtrrs()

◆ IntPhysMemMap()

◆ IntPhysMemUnmap()

◆ IntQueryGuestInfo()

◆ IntQueryHeapSize()

◆ IntRegisterBreakpointHandler()

◆ IntRegisterCrWriteHandler()

◆ IntRegisterDtrHandler()

◆ IntRegisterEnginesResultCallback()

◆ IntRegisterEPTHandler()

◆ IntRegisterEventInjectionHandler()

◆ IntRegisterIntroCallHandler()

◆ IntRegisterMSRHandler()

◆ IntRegisterVmxTimerHandler()

◆ IntRegisterXcrWriteHandler()

◆ IntReleaseBuffer()

◆ IntReserveVaSpaceWithPt()

◆ IntRwSpinLockAcquireExclusive()

◆ IntRwSpinLockAcquireShared()

◆ IntRwSpinLockInit()

◆ IntRwSpinLockReleaseExclusive()

◆ IntRwSpinLockReleaseShared()

◆ IntRwSpinLockUnInit()

◆ IntSendMessage()

◆ IntSetEPTPageConvertible()

◆ IntSetEPTPageProtection()

◆ IntSetIntroEmulatorContext()

◆ IntSetSPPPageProtection()

◆ IntSetVEInfoPage()

◆ IntSpinLockAcquire()

◆ IntSpinLockInit()

◆ IntSpinLockRelease()

◆ IntSpinLockUnInit()

◆ IntSwitchEPT()

◆ IntToggleRepOptimization()

◆ IntUnregisterBreakpointHandler()