Bitdefender Hypervisor Memory Introspection
init.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2020 Bitdefender
3  * SPDX-License-Identifier: Apache-2.0
4  */
5 #include "init.h"
6 #include "../common.h"
7 
9 struct data _data __section(".adata") __aligned(1) = { 0 };
10 
11 #define PAGE_RW 0x02ULL
12 #define PAGE_NX 0x8000000000000000ULL
13 
14 __default_fn_attr
15 void init (void)
21 {
22  void *mod_ptr = _data.func.module_alloc(_data.args.module_alloc_size);
23  void *vm_ptr = _data.func.vmalloc(_data.args.vmalloc_size);
24  unsigned long ptr = 0;
25  int ret = 0;
26 
27  breakpoint_2(_data.token.hypercall, mod_ptr, vm_ptr);
28 
29  ptr = (unsigned long)(mod_ptr);
30  ret = _data.func.change_page_attr_set_clr(&ptr, 0x1, PAGE_NX, PAGE_RW, 0, 0, 0);
31  if (ret)
32  {
33  breakpoint_1(_data.token.error, ret);
34  return;
35  }
36 
37  ptr = (unsigned long)((unsigned long)(mod_ptr) + PAGE_SIZE);
38  ret = _data.func.change_page_attr_set_clr(&ptr, 0x2, 0, PAGE_NX | PAGE_RW, 0, 0, 0);
39  if (ret)
40  {
41  breakpoint_1(_data.token.error, ret);
42  return;
43  }
44 
45  breakpoint(_data.token.completion);
46 }
47 
48 
49 __fn_naked __section(".start")
50 void trampoline(void)
58 {
59  init();
60 
61  __exit;
62 }
breakpoint
static __default_fn_attr unsigned long breakpoint(unsigned long token)
Generate INT3 instruction for hypercall.
Definition: common.h:167
trampoline
__fn_naked void trampoline(void)
The trampoline of the agent.
Definition: init.c:50
init
__default_fn_attr void init(void)
Allocates memory for detours and agents.
Definition: init.c:15
__aligned
struct data _data __aligned(1)
The section used for this agent is .adata'.
__fn_naked
#define __fn_naked
Definition: common.h:79
__exit
#define __exit
Generates the exit asm-code for agents.
Definition: common.h:120
__section
#define __section(S)
Definition: common.h:76
breakpoint_1
#define breakpoint_1(token, p1)
Hypercall using 1 argument.
Definition: common.h:177
__default_fn_attr
#define __default_fn_attr
Definition: common.h:78
breakpoint_2
#define breakpoint_2(token, p1, p2)
Hypercall using 2 argument.
Definition: common.h:185
PAGE_NX
#define PAGE_NX
Definition: init.c:12
PAGE_SIZE
#define PAGE_SIZE
Definition: common.h:70
PAGE_RW
#define PAGE_RW
Definition: init.c:11
data
Definition: kthread.c:14