- Generated by
1.8.13
|
Bitdefender Hypervisor Memory Introspection
|
Options that control the way EPT hooks are placed. More...
Macros | |
| #define | HOOK_FLG_GLOBAL_MASK 0xFFFF0000 |
| Global flags must be defined here and must be handled by each hooks layer (even if it ignores them, but it must not define or use hooks that overlap existing global hooks). More... | |
| #define | HOOK_FLG_INTERNAL_MASK 0x0000FFFF |
| Local flags are reserved for internal use inside each hook layer. These flags must not be propagated from one layer to another, as they have different meaning between different hook layers. More... | |
| #define | HOOK_FLG_REMOVE 0x80000000 |
| If flag is set, the hook has been removed, and waits the next commit to be actually deleted. More... | |
| #define | HOOK_FLG_DISABLED 0x40000000 |
| If flag is set, the hook is disabled, therefore ignored on EPT violations. More... | |
| #define | HOOK_FLG_CHAIN_DELETE 0x20000000 |
| If flag is set, then we won't remove the hook on commit phase; we'll let the parent hook handle the delete. More... | |
| #define | HOOK_FLG_PAGING_STRUCTURE 0x08000000 |
| If flag is set, the hook is set on paging structures. More... | |
| #define | HOOK_FLG_PAE_ROOT 0x04000000 |
| #define | HOOK_FLG_PT_UM_ROOT 0x02000000 |
| If flag is set, the hook is set on the root paging structure, and only the low, user-mode entires are hooked. More... | |
| #define | HOOK_FLG_HIGH_PRIORITY 0x01000000 |
| If flag is set, the callback associated to this hook will have a higher priority than the others. More... | |
| #define | HOOK_PAGE_TABLE_FLAGS (HOOK_FLG_PAGING_STRUCTURE|HOOK_FLG_PAE_ROOT|HOOK_FLG_PT_UM_ROOT) |
| Any of these flags set indicates that we are dealing with a page table page. More... | |
Options that control the way EPT hooks are placed.
| #define HOOK_FLG_CHAIN_DELETE 0x20000000 |
If flag is set, then we won't remove the hook on commit phase; we'll let the parent hook handle the delete.
Definition at line 48 of file hook.h.
Referenced by IntHookGpaCommitHooks(), IntHookGpaRemoveHook(), IntHookGpaRemoveHookInternal(), IntHookGvaCommitHooks(), IntHookGvaRemoveHook(), IntHookGvaRemoveHookInternal(), IntHookObjectRemoveRegionInternal(), IntHookPtmCommitHooks(), IntHookPtmRemoveHook(), IntHookPtmRemoveHookInternal(), IntHookPtmRemoveTableHook(), IntHookPtsCleanupList(), IntHookPtsCommitHooks(), IntHookPtsRemoveHook(), IntHookPtsRemoveHookInternal(), and IntHookPtsRemovePteHook().
| #define HOOK_FLG_DISABLED 0x40000000 |
If flag is set, the hook is disabled, therefore ignored on EPT violations.
Definition at line 46 of file hook.h.
Referenced by IntHandleMemAccess(), IntHookGpaDisableHook(), IntHookGpaEnableHook(), IntHookGpaIsPageHooked(), IntHookGpaRemoveHookInternal(), IntHookGvaRemoveHookInternal(), IntHookObjectDestroy(), IntHookObjectDestroyAll(), IntHookObjectRemoveRegionInternal(), IntHookPtmRemoveHookInternal(), IntHookPtmRemoveTableHook(), IntHookPtsCheckIntegrity(), IntHookPtsInvokeCallbacks(), and IntHookPtsWriteCallback().
| #define HOOK_FLG_GLOBAL_MASK 0xFFFF0000 |
Global flags must be defined here and must be handled by each hooks layer (even if it ignores them, but it must not define or use hooks that overlap existing global hooks).
Definition at line 35 of file hook.h.
Referenced by IntHookGpaDeleteHook(), IntHookGpaRemoveHook(), IntHookGpaSetHook(), IntHookGvaDeleteHook(), IntHookGvaRemoveHook(), IntHookGvaSetHook(), IntHookObjectDestroy(), IntHookObjectDestroyAll(), IntHookObjectHookRegion(), IntHookObjectRemoveRegion(), IntHookPtmDeleteHook(), IntHookPtmRemoveHookInternal(), IntHookPtmSetHook(), IntHookPtsDeleteHook(), IntHookPtsRemoveHook(), and IntHookPtsSetHook().
| #define HOOK_FLG_HIGH_PRIORITY 0x01000000 |
If flag is set, the callback associated to this hook will have a higher priority than the others.
Definition at line 54 of file hook.h.
Referenced by IntHookAddCallbackToList(), IntHookGpaInsertHookInList(), IntHookPtsInvokeCallbacks(), IntMemClkCloakRegion(), IntVeLockDriver(), IntWinSelfMapProtectSelfMapIndex(), and IntWinTokenProtectPrivsInternal().
| #define HOOK_FLG_INTERNAL_MASK 0x0000FFFF |
| #define HOOK_FLG_PAE_ROOT 0x04000000 |
If flag is set, the hook is set on the 4 PDPTEs used on PAE.
Definition at line 50 of file hook.h.
Referenced by IntHookPtmAddTable(), and IntHookPtsCreateEntry().
| #define HOOK_FLG_PAGING_STRUCTURE 0x08000000 |
If flag is set, the hook is set on paging structures.
Definition at line 49 of file hook.h.
Referenced by IntHookPtsCreateEntry(), IntHookPtsEnableEntry(), IntVasHookTables(), and IntWinSelfMapProtectSelfMapIndex().
| #define HOOK_FLG_PT_UM_ROOT 0x02000000 |
If flag is set, the hook is set on the root paging structure, and only the low, user-mode entires are hooked.
Definition at line 52 of file hook.h.
Referenced by IntHookPtmAddTable(), and IntHookPtsCreateEntry().
| #define HOOK_FLG_REMOVE 0x80000000 |
If flag is set, the hook has been removed, and waits the next commit to be actually deleted.
Definition at line 44 of file hook.h.
Referenced by IntHandleMemAccess(), IntHookGpaCommitHooks(), IntHookGpaIsPageHooked(), IntHookGpaRemoveHookInternal(), IntHookGvaCommitHooks(), IntHookGvaDeleteHookInternal(), IntHookGvaRemoveHookInternal(), IntHookObjectCommit(), IntHookObjectDestroy(), IntHookObjectDestroyAll(), IntHookObjectRemoveRegionInternal(), IntHookPtmCommitHooks(), IntHookPtmRemoveHookInternal(), IntHookPtmRemoveTableHook(), IntHookPtsCheckIntegrity(), IntHookPtsCleanupList(), IntHookPtsCommitHooks(), IntHookPtsInvokeCallbacks(), IntHookPtsRemoveHookInternal(), IntHookPtsRemovePteHook(), and IntHookPtsWriteCallback().
| #define HOOK_PAGE_TABLE_FLAGS (HOOK_FLG_PAGING_STRUCTURE|HOOK_FLG_PAE_ROOT|HOOK_FLG_PT_UM_ROOT) |
Any of these flags set indicates that we are dealing with a page table page.
Definition at line 57 of file hook.h.
Referenced by IntHandleMemAccess(), IntHookGpaSetHook(), and IntHookGpaSetNewPageProtection().
1.8.13