11 #ifndef INT_COMPILER_MSVC 23 #ifdef INT_COMPILER_MSVC 24 #define INT_LOG(loglevel, fmt, ...) \ 26 if ((loglevel) < gLogLevel) break; \ 27 GlueTracePrint(__FILE__, __LINE__, (fmt), __VA_ARGS__); \ 30 #define NLOG(fmt, ...) \ 32 GlueTracePrint(NULL, 0, (fmt), __VA_ARGS__); \ 36 #define INT_LOG(loglevel, fmt, ...) \ 38 if ((loglevel) < gLogLevel) break; \ 39 GlueTracePrint(__FILENAME__, __LINE__, (fmt), ##__VA_ARGS__); \ 43 #define NLOG(fmt, ...) \ 45 GlueTracePrint(NULL, 0, (fmt), ##__VA_ARGS__); \ 50 #ifdef INT_COMPILER_MSVC 51 #define TRACE(fmt, ...) INT_LOG(intLogLevelDebug, fmt, __VA_ARGS__) 52 #define INFO(fmt, ...) INT_LOG(intLogLevelInfo, fmt, __VA_ARGS__) 53 #define WARNING(fmt, ...) INT_LOG(intLogLevelWarning, fmt, __VA_ARGS__) 54 #define LOG(fmt, ...) INT_LOG(intLogLevelError, fmt, __VA_ARGS__) 55 #define ERROR(fmt, ...) INT_LOG(intLogLevelError, fmt, __VA_ARGS__) 56 #define CRITICAL(fmt, ...) INT_LOG(intLogLevelCritical, fmt, __VA_ARGS__) 58 #define TRACE(fmt, ...) INT_LOG(intLogLevelDebug, fmt, ##__VA_ARGS__) 59 #define INFO(fmt, ...) INT_LOG(intLogLevelInfo, fmt, ##__VA_ARGS__) 60 #define WARNING(fmt, ...) INT_LOG(intLogLevelWarning, fmt, ##__VA_ARGS__) 61 #define LOG(fmt, ...) INT_LOG(intLogLevelError, fmt, ##__VA_ARGS__) 62 #define ERROR(fmt, ...) INT_LOG(intLogLevelError, fmt, ##__VA_ARGS__) 63 #define CRITICAL(fmt, ...) INT_LOG(intLogLevelCritical, fmt, ##__VA_ARGS__) 66 #define INVALID_EPTP_INDEX 0xFFFFFFFF 71 #define PHYS_MAP_FLG_NO_FASTMAP 0x80000000 303 _Inout_ _At_(*SpinLock, _Post_null_)
void **SpinLock
326 _Inout_ _At_(*SpinLock, _Post_null_)
void **SpinLock
402 _In_ size_t EventSize
426 _Out_ size_t *TotalHeapSize,
427 _Out_ size_t *FreeHeapSize
432 _In_ char const *Message
485 #ifdef INT_COMPILER_MSVC 487 __attribute__((malloc))
488 __attribute__ ((alloc_size (1)))
494 _In_ const
char *FileName,
504 #endif // INT_COMPILER_MSVC 506 #ifndef DEBUG_MEM_ALLOCS 508 # ifdef INT_COMPILER_MSVC 509 # define HpAllocWithTag(Len, Tag) IntAllocWithTag((Len), (Tag), __FILENAME__, __LINE__) 510 # define HpFreeAndNullWithTag(Add, Tag) \ 512 IntFreeWithTag(*(Add), (Tag)); \ 516 # define HpAllocWithTag(Len, Tag) (int)(Len) <= 0 ? NULL : calloc(1, (Len)) 517 # define HpFreeAndNullWithTag(Add, Tag) \ 522 # endif // INT_COMPILER_MSVC 524 #endif // DEBUG_MEM_ALLOCS
INTSTATUS IntRwSpinLockReleaseShared(void *SpinLock)
INTSTATUS IntRegisterDtrHandler(PFUNC_IntIntroDescriptorTableCallback Callback)
INTSTATUS IntGetEPTPageConvertible(DWORD EptIndex, QWORD Address, BOOLEAN *Convertible)
INTSTATUS IntReserveVaSpaceWithPt(void **FirstPageBase, DWORD *PagesCount, void **PtBase)
Reserves a contiguous region of virtual memory which will then be used to map physical pages...
INTSTATUS GluePauseVcpus(void)
void IntGlueReset(void)
Resets the global glue state (gIface. gUpIface, gIntHandle, gEventId, etc)
INTSTATUS GlueResumeVcpus(void)
INTSTATUS IntGpaToHpa(QWORD Gpa, QWORD *Hpa)
#define _Out_writes_bytes_(expr)
INTSTATUS PRINTF_ATTRIBUTE(* PFUNC_IntTracePrint)(const CHAR *File, DWORD Line, const CHAR *Format,...)
Provides print-like trace functionality for introcore.
void IntSpinLockRelease(void *SpinLock)
Interface that exposes basic services to the introspection engines.
IG_LOG_LEVEL gLogLevel
The currently used log level.
INTSTATUS(* PFUNC_IntEPTViolationCallback)(void *GuestHandle, QWORD PhysicalAddress, DWORD Length, QWORD VirtualAddress, DWORD CpuNumber, INTRO_ACTION *Action, IG_EPT_ACCESS Type)
INTSTATUS IntRegisterVmxTimerHandler(PFUNC_IntIntroTimerCallback Callback)
INTSTATUS IntDisableCrWriteExit(DWORD Cr)
int INTSTATUS
The status data type.
INTSTATUS IntUnregisterEPTHandler(void)
INTSTATUS IntUnregisterVmxTimerHandler(void)
INTSTATUS IntQueryGuestInfo(DWORD InfoClass, void *InfoParam, void *Buffer, DWORD BufferLength)
PFUNC_IntTracePrint GlueTracePrint
The trace API used.
INTSTATUS IntFlushEPTPermissions(void)
INTSTATUS IntUnregisterDtrHandler(void)
INTSTATUS(* PFUNC_IntMSRViolationCallback)(void *GuestHandle, DWORD Msr, IG_MSR_HOOK_TYPE Flags, INTRO_ACTION *Action, QWORD OriginalValue, QWORD *NewValue, DWORD CpuNumber)
INTSTATUS IntQueryHeapSize(size_t *TotalHeapSize, size_t *FreeHeapSize)
PFUNC_IntEnterDebugger GlueEnterDebugger
The API used to break into the debugger.
INTSTATUS IntUnregisterXcrWriteHandler(void)
INTSTATUS IntGetSPPPageProtection(QWORD Gpa, QWORD *Spp)
Interface used for communicating between the introspection engine and the integrator.
INTSTATUS IntNotifyIntroActive(void)
INTSTATUS IntRegisterCrWriteHandler(PFUNC_IntCrWriteCallback Callback)
INTSTATUS(* PFUNC_IntIntroDescriptorTableCallback)(void *GuestHandle, DWORD Flags, DWORD CpuNumber, INTRO_ACTION *Action)
INTSTATUS IntEnableMsrExit(DWORD Msr, BOOLEAN *OldValue)
INTSTATUS IntSpinLockUnInit(void **SpinLock)
INTSTATUS(* PFUNC_IntBreakpointCallback)(void *GuestHandle, QWORD PhysicalAddress, DWORD CpuNumber)
INTSTATUS IntSetEPTPageProtection(DWORD EptIndex, QWORD Gpa, BYTE Read, BYTE Write, BYTE Execute)
INTSTATUS IntRwSpinLockInit(void **SpinLock, char *Name)
#define _Acquires_lock_(expr)
INTSTATUS IntRwSpinLockUnInit(void **SpinLock)
INTSTATUS(* PFUNC_IntEventInjectionCallback)(void *GuestHandle, DWORD Vector, QWORD ErrorCode, QWORD Cr2, DWORD CpuNumber)
The context of an error state.
INTSTATUS IntRegisterEnginesResultCallback(PFUNC_IntEventEnginesResultCallback Callback)
Thin wrapper over the optional GLUE_IFACE.RegisterEnginesResultCallback API.
__noreturn void IntBugCheck(void)
INTSTATUS IntNotifyIntroEvent(INTRO_EVENT_TYPE EventClass, void *Param, size_t EventSize)
Notifies the integrator about an introspection alert.
INTSTATUS IntRwSpinLockAcquireShared(void *SpinLock)
INTSTATUS IntSetIntroEmulatorContext(DWORD CpuNumber, QWORD VirtualAddress, DWORD BufferSize, BYTE *Buffer)
DWORD gCurLogBuffer
Used for utf16_for_log to support calling that function 8 times in a single macro.
#define _Releases_lock_(expr)
INTSTATUS IntEnableCrWriteExit(DWORD Cr)
INTSTATUS IntNotifyEngines(void *Parameters)
void(* PFUNC_IntEnterDebugger)(void)
Breaks into the debugger.
INTSTATUS(* PFUNC_IntEventEnginesResultCallback)(void *GuestHandle, PENG_NOTIFICATION_HEADER EngineNotification)
INTSTATUS IntNotifyIntroInactive(void)
#define _Outptr_result_bytebuffer_(expr)
INTSTATUS IntSpinLockInit(void **SpinLock, char *Name)
INTSTATUS IntUnregisterEventInjectionHandler(void)
void IntSpinLockAcquire(void *SpinLock)
INTSTATUS IntReleaseBuffer(void *Buffer, DWORD Size)
INTSTATUS IntRegisterMSRHandler(PFUNC_IntMSRViolationCallback Callback)
INTRO_GUEST_TYPE
The type of the introspected operating system.
INTSTATUS IntRegisterIntroCallHandler(PFUNC_IntIntroCallCallback Callback)
INTSTATUS(* PFUNC_IntIntroCallCallback)(void *GuestHandle, QWORD Rip, DWORD Cpu)
INTSTATUS IntSetVEInfoPage(DWORD CpuNumber, QWORD VeInfoGpa)
INTSTATUS IntSwitchEPT(DWORD NewEptIndex)
#define _In_reads_bytes_(expr)
INTSTATUS IntUnregisterMSRHandler(void)
INTSTATUS(* PFUNC_IntCrWriteCallback)(void *GuestHandle, DWORD Cr, DWORD CpuNumber, QWORD OldValue, QWORD NewValue, INTRO_ACTION *Action)
INTSTATUS IntGetEPTPageProtection(DWORD EptIndex, QWORD Gpa, BYTE *Read, BYTE *Write, BYTE *Execute)
INTSTATUS IntDestroyEPT(DWORD EptIndex)
INTSTATUS IntGetAgentContent(DWORD AgentTag, BOOLEAN Is64, DWORD *Size, BYTE **Content)
INTSTATUS IntRegisterBreakpointHandler(PFUNC_IntBreakpointCallback Callback)
INTSTATUS(* PFUNC_IntIntroTimerCallback)(void *GuestHandle)
INTRO_ERROR_STATE
Error states.
#define _When_(expr, arg)
enum _IG_LOG_LEVEL IG_LOG_LEVEL
Controls the verbosity of the logs.
INTSTATUS IntInjectTrap(DWORD CpuNumber, BYTE TrapNumber, DWORD ErrorCode, QWORD Cr2)
BOOLEAN GlueIsScanEnginesApiAvailable(void)
Checks if the third party memory scanning engines are present.
INTSTATUS IntPhysMemGetTypeFromMtrrs(QWORD Gpa, IG_MEMTYPE *MemType)
INTSTATUS IntUnregisterCrWriteHandler(void)
__must_check INTSTATUS IntPhysMemMap(QWORD PhysAddress, DWORD Length, DWORD Flags, void **HostPtr)
Maps a guest physical address inside Introcore VA space.
INTSTATUS IntRwSpinLockReleaseExclusive(void *SpinLock)
INTSTATUS IntCreateEPT(DWORD *EptIndex)
IG_MEMTYPE
Memory type values.
BOOLEAN GlueIsVeApiAvailable(void)
Checks if the virtualization exception API is implemented.
INTSTATUS IntNotifyIntroErrorState(INTRO_ERROR_STATE State, INTRO_ERROR_CONTEXT *Context)
enum _INTRO_EVENT_TYPE INTRO_EVENT_TYPE
Event classes.
INTSTATUS IntSendMessage(char const *Message)
Sends an Introcore message.
INTSTATUS IntUnregisterIntroCallHandler(void)
INTSTATUS IntRegisterEPTHandler(PFUNC_IntEPTViolationCallback Callback)
INTSTATUS IntRegisterXcrWriteHandler(PFUNC_IntXcrWriteCallback Callback)
INTSTATUS IntRegisterEventInjectionHandler(PFUNC_IntEventInjectionCallback Callback)
INTSTATUS IntRwSpinLockAcquireExclusive(void *SpinLock)
INTSTATUS IntPhysMemUnmap(void **HostPtr)
Unmaps an address previously mapped with IntPhysMemMap.
INTSTATUS IntToggleRepOptimization(BOOLEAN Enable)
BOOLEAN GlueIsSppApiAvailable(void)
Checks if the SPP APIs in GLUE_IFACE are implemented.
INTSTATUS IntNotifyIntroDetectedOs(INTRO_GUEST_TYPE OsType, DWORD OsVersion, BOOLEAN Is64)
Wrapper over GLUE_IFACE.NotifyIntrospectionDetectedOs.
INTSTATUS IntSetEPTPageConvertible(DWORD EptIndex, QWORD Address, BOOLEAN Convertible)
INTSTATUS IntUnregisterBreakpointHandler(void)
INTSTATUS IntGlueInit(GLUE_IFACE const *GlueInterface, UPPER_IFACE const *UpperInterface)
Initializes the instances of GLUE_IFACE and UPPER_IFACE that will be used.
INTSTATUS(* PFUNC_IntXcrWriteCallback)(void *GuestHandle, DWORD CpuNumber, INTRO_ACTION *Action)
INTSTATUS IntSetSPPPageProtection(QWORD Gpa, QWORD Spp)
INTSTATUS IntUnregisterEnginesResultCalback(void)
Thin wrapper over the optional GLUE_IFACE.UnregisterEnginesResultCalback API.
INTSTATUS IntDisableMsrExit(DWORD Msr, BOOLEAN *OldValue)
1.8.13