95 #endif // _HOOK_GVA_H_
struct _HOOK_GVA_STATE * PHOOK_GVA_STATE
BOOLEAN IsPageWritable
True if the page is writable, false otherwise.
LIST_ENTRY Link
List entry element.
INTSTATUS IntHookGvaDeleteHook(HOOK_GVA **Hook, DWORD Flags)
Completely delete a GVA hook.
BOOLEAN IsIntegrityOn
True if integrity checks are enabled for this page. Integrity checks are enabled if the this is a wri...
WORD Offset
Offset inside the 4K page, interval [0, 4095].
LIST_HEAD RemovedHooksList
IntHookGvaCommitHooks function is called.
struct _HOOK_GVA HOOK_GVA
int INTSTATUS
The status data type.
QWORD GvaPage
Guest virtual page base address, aligned to 4K.
struct _HOOK_GVA * PHOOK_GVA
union _HOOK_GVA::@85 Callback
INTSTATUS IntHookGvaSetHook(QWORD Cr3, QWORD Gva, DWORD Length, BYTE Type, void *Callback, void *Context, void *ParentHook, DWORD Flags, HOOK_GVA **GvaHook)
Set a read, write, execute or swap hook on a guest virtual address.
HOOK_HEADER Header
The hook header.
struct _HOOK_GVA_STATE HOOK_GVA_STATE
INTSTATUS(* PFUNC_SwapCallback)(void *Context, QWORD VirtualAddress, QWORD OldEntry, QWORD NewEntry, QWORD OldPageSize, QWORD NewPageSize)
Callback invoked on translation modifications.
LIST_HEAD GvaHooks
The list of GVA hooks.
INTSTATUS IntHookGvaRemoveHook(HOOK_GVA **Hook, DWORD Flags)
Remove a GVA hook.
PHOOK_GPA GpaHook
The actual guest physical page hook. Valid as long as the page is mapped.
INTSTATUS IntHookGvaCommitHooks(void)
Commit all the modified GVA hooks.
DWORD Hash
Hash computed on the content of the page. Valid only if IsIntegrityOn is true.
INTSTATUS(* PFUNC_EptViolationCallback)(void *Context, void *Hook, QWORD Address, INTRO_ACTION *Action)
EPT callback handler.
PFUNC_EptViolationCallback Access
The read/write/execute access callback. Valid if Type != IG_EPT_HOOK_NONE.
PHOOK_PTS PtsHook
The page tables hook.
INTSTATUS IntHookGvaInit(void)
Initialize the GVA hooks system.
PFUNC_SwapCallback Swap
The swap callback. Valid if Type == IG_EPT_HOOK_NONE.
1.8.13