#include "introcpu.h"
#include "introtypes.h"

Data Structures
struct	_DTR_HOOK_STATE

struct	_HOOK_DTR

Typedefs
typedef INTSTATUS(*	PFUNC_DtrReadWriteHookCallback) (DTR OldDtr, DTR NewDtr, DWORD Flags, INTRO_ACTION *Action)
	Called when a descriptor table register is accessed. More...

typedef struct _DTR_HOOK_STATE	DTR_HOOK_STATE

typedef struct _DTR_HOOK_STATE *	PDTR_HOOK_STATE

typedef struct _HOOK_DTR	HOOK_DTR

typedef struct _HOOK_DTR *	PHOOK_DTR

Functions
INTSTATUS	IntHookDtrSetHook (DWORD Flags, PFUNC_DtrReadWriteHookCallback Callback, void **Hook)
	Places a descriptor table register hook. More...

INTSTATUS	IntHookDtrRemoveHook (HOOK_DTR *Hook)
	Remove a descriptor register hook. More...

INTSTATUS	IntHookDtrCommit (void)
	Commit the descriptor registers hooks. More...

INTSTATUS	IntHookDtrInit (void)
	Initialize the descriptor registers hook state. More...

INTSTATUS	IntHookDtrUninit (void)
	Uninit the descriptor registers hooks state. More...

Typedef Documentation

◆ DTR_HOOK_STATE

typedef struct _DTR_HOOK_STATE DTR_HOOK_STATE

Global DTR hooks state.

◆ HOOK_DTR

typedef struct _HOOK_DTR HOOK_DTR

Describes a DTR hook.

◆ PDTR_HOOK_STATE

typedef struct _DTR_HOOK_STATE * PDTR_HOOK_STATE

◆ PFUNC_DtrReadWriteHookCallback

typedef INTSTATUS(* PFUNC_DtrReadWriteHookCallback) (DTR *OldDtr, DTR *NewDtr, DWORD Flags, INTRO_ACTION *Action)

Called when a descriptor table register is accessed.

Parameters

[in]	OldDtr	Old descriptor table register value.
[in]	NewDtr	New descriptor table register value.
[in]	Flags	A combination of IG_DESC_ACCESS.
[out]	Action	The desired action.

Definition at line 21 of file hook_dtr.h.

◆ PHOOK_DTR

typedef struct _HOOK_DTR * PHOOK_DTR

Function Documentation

◆ IntHookDtrCommit()

INTSTATUS IntHookDtrCommit ( void )

Commit the descriptor registers hooks.

This function will iterate the list of DTR hooks, and it will delete all the hooks that were flagged for removal.

Return values

INT_STATUS_SUCCESS	On success.
INT_STATUS_NOT_INITIALIZED	If the DTR hooks state is not initialized.

Definition at line 165 of file hook_dtr.c.

Referenced by IntGuestPreReturnCallback().

◆ IntHookDtrInit()

INTSTATUS IntHookDtrInit ( void )

Initialize the descriptor registers hook state.

Return values

INT_STATUS_SUCCESS	On success.
INT_STATUS_INSUFFICIENT_RESOURCES	If a memory alloc fails.

Definition at line 203 of file hook_dtr.c.

Referenced by IntGuestInit().

◆ IntHookDtrRemoveHook()

INTSTATUS IntHookDtrRemoveHook ( HOOK_DTR * Hook )

Remove a descriptor register hook.

Removes a DTR hook. First of all, this function will mark the hook as being disabled (the callback will never be called again). If we are currently in the context of a DTR violation, we will wait for the commit phase to permanently delete the hook. Otherwise, the hook will be deleted immediately.

Parameters

[in] Hook The hook to be removed.

Return values

INT_STATUS_SUCCESS	On success.
INT_STATUS_INVALID_PARAMETER	If an invalid parameter is supplied.

Definition at line 106 of file hook_dtr.c.

Referenced by IntGdtrUnprotect(), IntHandleDtrViolation(), IntHookDtrRemoveAllHooks(), and IntIdtrUnprotect().

◆ IntHookDtrSetHook()

INTSTATUS IntHookDtrSetHook	(	DWORD	Flags,
		PFUNC_DtrReadWriteHookCallback	Callback,
		void **	Hook
	)

Places a descriptor table register hook.

Establishes a hook on a descriptor table register. The Flags argument indicates which register is hooked and for what access. On each load or store on the hooked register, the callback will be called. NOTE: Make sure that the Flags contains only one of:

IG_DESC_ACCESS_IDTR, IG_DESC_ACCESS_GDTR, IG_DESC_ACCESS_LDTR & IG_DESC_ACCESS_TR and only one of:
IG_DESC_ACCESS_READ, IG_DESC_ACCESS_WRITE Any other combination of flags will prevent the callback from being called for any kind of access. NOTE: Intel has a single VMCS control which enabled/disables VM exits for all descriptor registers. Hooking any one of them will trigger VM exits for all of them. NOTE: Descriptor table exiting is normally disabled; it will be enabled when the first hook is set.

Parameters

[in]	Flags	A combination of IG_DESC_ACCESS indicating what register & for what access the hook is set.
[in]	Callback	The callback to be called when the indicated register is loaded/stored.
[out]	Hook	The handle to the newly placed hook.

Return values

INT_STATUS_SUCCESS	On success.
INT_STATUS_INVALID_PARAMETER	If an invalid parameter is supplied.
INT_STATUS_INSUFFICIENT_RESOURCES	If a memory alloc fails.

Definition at line 11 of file hook_dtr.c.

Referenced by IntGdtrProtect(), and IntIdtrProtect().

◆ IntHookDtrUninit()

INTSTATUS IntHookDtrUninit ( void )

Uninit the descriptor registers hooks state.

Return values

INT_STATUS_SUCCESS	On success.
INT_STATUS_NOT_INITIALIZED_HINT	If the DTR hooks state is not initialized.

Definition at line 226 of file hook_dtr.c.

Referenced by IntGuestUninit().

Data Structures

Typedefs

Functions

Typedef Documentation

◆ DTR_HOOK_STATE

◆ HOOK_DTR

◆ PDTR_HOOK_STATE

◆ PFUNC_DtrReadWriteHookCallback

◆ PHOOK_DTR

Function Documentation

◆ IntHookDtrCommit()

◆ IntHookDtrInit()

◆ IntHookDtrRemoveHook()

◆ IntHookDtrSetHook()

◆ IntHookDtrUninit()