doxygen/html/hook__dtr_8h_source.html

 /*
  * Copyright (c) 2020 Bitdefender
  * SPDX-License-Identifier: Apache-2.0
  */
 #ifndef _HOOK_DTR_H_
 #define _HOOK_DTR_H_

 #include "introcpu.h"
 #include "introtypes.h"


 typedef INTSTATUS
 (*PFUNC_DtrReadWriteHookCallback)(
     _In_ DTR *OldDtr,
     _In_ DTR *NewDtr,
     _In_ DWORD Flags,
     _Out_ INTRO_ACTION *Action
     );


 typedef struct _DTR_HOOK_STATE
 {
     LIST_HEAD   DtrHooksList;
     INT64       HooksCount;
 } DTR_HOOK_STATE, *PDTR_HOOK_STATE;


 typedef struct _HOOK_DTR
 {
     LIST_ENTRY                      Link;
     DWORD                           Flags;
     BOOLEAN                         Disabled;
     PFUNC_DtrReadWriteHookCallback  Callback;
 } HOOK_DTR, *PHOOK_DTR;


 //
 // DTR hooks related API
 //
 INTSTATUS
 IntHookDtrSetHook(
     _In_ DWORD Flags,
     _In_ PFUNC_DtrReadWriteHookCallback Callback,
     _Out_opt_ void **Hook
     );

 INTSTATUS
 IntHookDtrRemoveHook(
     _In_ HOOK_DTR *Hook
     );

 INTSTATUS
 IntHookDtrCommit(
     void
     );

 INTSTATUS
 IntHookDtrInit(
     void
     );

 INTSTATUS
 IntHookDtrUninit(
     void
     );

 #endif // _HOOK_DTR_H_
BOOLEAN
_Bool BOOLEAN
Definition: intro_types.h:58

_Out_
#define _Out_
Definition: intro_sal.h:22

_DTR_HOOK_STATE
Definition: hook_dtr.h:32

INT64
long long INT64
Definition: intro_types.h:45

_In_
#define _In_
Definition: intro_sal.h:21

_DTR_HOOK_STATE::HooksCount
INT64 HooksCount
The total number of DTR hooks.
Definition: hook_dtr.h:35

_HOOK_DTR::Link
LIST_ENTRY Link
List entry element.
Definition: hook_dtr.h:44

_HOOK_DTR::Flags
DWORD Flags
Hook flags, a combination of IG_DESC_ACCESS.
Definition: hook_dtr.h:45

IntHookDtrCommit
INTSTATUS IntHookDtrCommit(void)
Commit the descriptor registers hooks.
Definition: hook_dtr.c:165

_HOOK_DTR::Callback
PFUNC_DtrReadWriteHookCallback Callback
The callback.
Definition: hook_dtr.h:47

IntHookDtrSetHook
INTSTATUS IntHookDtrSetHook(DWORD Flags, PFUNC_DtrReadWriteHookCallback Callback, void **Hook)
Places a descriptor table register hook.
Definition: hook_dtr.c:11

INTSTATUS
int INTSTATUS
The status data type.
Definition: introstatus.h:24

PHOOK_DTR
struct _HOOK_DTR * PHOOK_DTR

DTR_HOOK_STATE
struct _DTR_HOOK_STATE DTR_HOOK_STATE

IntHookDtrUninit
INTSTATUS IntHookDtrUninit(void)
Uninit the descriptor registers hooks state.
Definition: hook_dtr.c:226

PDTR_HOOK_STATE
struct _DTR_HOOK_STATE * PDTR_HOOK_STATE

introtypes.h

_Out_opt_
#define _Out_opt_
Definition: intro_sal.h:30

introcpu.h

_HOOK_DTR
Definition: hook_dtr.h:42

HOOK_DTR
struct _HOOK_DTR HOOK_DTR

_DTR
A descriptor table register. Valid for IDTR and GDTR.
Definition: introcpu.h:71

DWORD
uint32_t DWORD
Definition: intro_types.h:49

INTRO_ACTION
enum _INTRO_ACTION INTRO_ACTION
Event actions.

PFUNC_DtrReadWriteHookCallback
INTSTATUS(* PFUNC_DtrReadWriteHookCallback)(DTR *OldDtr, DTR *NewDtr, DWORD Flags, INTRO_ACTION *Action)
Called when a descriptor table register is accessed.
Definition: hook_dtr.h:21

IntHookDtrInit
INTSTATUS IntHookDtrInit(void)
Initialize the descriptor registers hook state.
Definition: hook_dtr.c:203

_HOOK_DTR::Disabled
BOOLEAN Disabled
True if the hook has been removed/disabled.
Definition: hook_dtr.h:46

_LIST_ENTRY
Definition: introlists.h:16

IntHookDtrRemoveHook
INTSTATUS IntHookDtrRemoveHook(HOOK_DTR *Hook)
Remove a descriptor register hook.
Definition: hook_dtr.c:106

_DTR_HOOK_STATE::DtrHooksList
LIST_HEAD DtrHooksList
The list of DTR hooks.
Definition: hook_dtr.h:34