Bitdefender Hypervisor Memory Introspection
intronet.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2020 Bitdefender
3  * SPDX-License-Identifier: Apache-2.0
4  */
5 #ifndef _INTRO_NET_H_
6 #define _INTRO_NET_H_
7 
8 #include "lixprocess.h"
9 #include "winprocess.h"
10 
12 #define INTRONET_MIN_BUFFER_SIZE (sizeof("[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]"))
13 
16 typedef union _INTRONET_ADDRESS
17 {
18  BYTE Ipv6[16];
19  BYTE Ipv4[4];
20 } INTRONET_ADDRESS;
21 
22 typedef WORD INTRONET_PORT;
23 
26 typedef struct _INTRONET_ENDPOINT
27 {
29  INTRO_NET_AF AddressFamily;
30 
32  INTRO_NET_STATE State;
33 
35  INTRONET_ADDRESS LocalAddress;
37  INTRONET_PORT LocalPort;
38 
42  INTRONET_ADDRESS RemoteAddress;
46  INTRONET_PORT RemotePort;
47 
48  union
49  {
53  LIX_TASK_OBJECT *OwnerTask;
57  WIN_PROCESS_OBJECT *OwnerProcess;
58  };
59 
61  QWORD Endpoint;
62 } INTRONET_ENDPOINT;
63 
64 
65 //
66 // IntNetStateToString
67 //
68 __forceinline const char *
69 IntNetStateToString(
70  _In_ INTRO_NET_STATE State
71  )
75 {
76  switch (State)
77  {
78  case introNetStateClosed:
79  return "CLOSED";
80  case introNetStateListening:
81  return "LISTENING";
82  case introNetStateSynSent:
83  return "SYN-SENT";
84  case introNetStateSynRecv:
85  return "SYN-RECV";
86  case introNetStateEstablished:
87  return "ESTABLISHED";
88  case introNetStateFinWait:
89  return "FIN-WAIT";
90  case introNetStateFinWait2:
91  return "FIN-WAIT2";
92  case introNetStateCloseWait:
93  return "CLOSE-WAIT";
94  case introNetStateClosing:
95  return "CLOSING";
96  case introNetStateLastAck:
97  return "LAST-ACK";
98  case introNetStateTimeWait:
99  return "TIME-WAIT";
100  case introNetStateDeleteTcb:
101  return "DELETE-TCB";
102  default:
103  return "UNKNOWN";
104  }
105 }
106 
107 INTRO_NET_STATE
108 IntNetConvertState(
109  _In_ const DWORD State
110  );
111 
112 _Success_(return > 0)
113 DWORD
114 IntNetAddrToStr(
115  _In_ const INTRO_NET_AF Family,
116  _In_ const INTRONET_ADDRESS *Address,
117  _Out_writes_(INTRONET_MIN_BUFFER_SIZE) CHAR *String
118  );
119 
120 #endif // _INTRO_NET_H
winprocess.h
Exposes the types, constants and functions used to handle Windows processes events (creation...
BYTE
uint8_t BYTE
Definition: intro_types.h:47
_In_
#define _In_
Definition: intro_sal.h:21
introNetStateClosing
Definition: intro_types.h:322
_INTRONET_ENDPOINT::LocalPort
INTRONET_PORT LocalPort
Local port.
Definition: intronet.h:37
WORD
uint16_t WORD
Definition: intro_types.h:48
_Success_
#define _Success_(expr)
Definition: intro_sal.h:47
introNetStateFinWait
Definition: intro_types.h:315
INTRO_NET_STATE
enum _INTRO_NET_STATE INTRO_NET_STATE
Connection states.
_INTRONET_ENDPOINT::RemotePort
INTRONET_PORT RemotePort
Remote port.
Definition: intronet.h:46
_INTRONET_ENDPOINT::AddressFamily
INTRO_NET_AF AddressFamily
Address family.
Definition: intronet.h:29
_INTRONET_ENDPOINT::OwnerProcess
WIN_PROCESS_OBJECT * OwnerProcess
Pointer to the process that owns the connection.
Definition: intronet.h:57
introNetStateSynSent
Definition: intro_types.h:313
_INTRONET_ENDPOINT::OwnerTask
LIX_TASK_OBJECT * OwnerTask
Pointer to the task that owns the connection.
Definition: intronet.h:53
IntNetStateToString
const char * IntNetStateToString(INTRO_NET_STATE State)
Converts a connection state to a string.
Definition: intronet.h:69
_Out_writes_
#define _Out_writes_(expr)
Definition: intro_sal.h:28
introNetStateFinWait2
Definition: intro_types.h:316
introNetStateListening
Definition: intro_types.h:321
INTRONET_MIN_BUFFER_SIZE
#define INTRONET_MIN_BUFFER_SIZE
The minimum buffer size needed for the textual representation of an IP address.
Definition: intronet.h:12
introNetStateDeleteTcb
Available only on Windows.
Definition: intro_types.h:324
introNetStateLastAck
Definition: intro_types.h:320
INTRONET_ADDRESS
union _INTRONET_ADDRESS INTRONET_ADDRESS
An IP address.
QWORD
unsigned long long QWORD
Definition: intro_types.h:53
IntNetAddrToStr
DWORD IntNetAddrToStr(const INTRO_NET_AF Family, const INTRONET_ADDRESS *Address, CHAR *String)
Converts an IP address to a string.
Definition: intronet.c:11
_INTRONET_ENDPOINT
An endpoint.
Definition: intronet.h:26
introNetStateTimeWait
Definition: intro_types.h:317
_INTRONET_ENDPOINT::State
INTRO_NET_STATE State
Connection state.
Definition: intronet.h:32
_LIX_TASK_OBJECT
Definition: lixprocess.h:38
INTRONET_PORT
WORD INTRONET_PORT
Definition: intronet.h:22
__forceinline
#define __forceinline
Definition: introtypes.h:61
DWORD
uint32_t DWORD
Definition: intro_types.h:49
_INTRONET_ADDRESS::Ipv6
BYTE Ipv6[16]
IPv6 address.
Definition: intronet.h:18
introNetStateSynRecv
Definition: intro_types.h:314
_INTRONET_ENDPOINT::RemoteAddress
INTRONET_ADDRESS RemoteAddress
Remote address.
Definition: intronet.h:42
introNetStateCloseWait
Definition: intro_types.h:319
INTRONET_ENDPOINT
struct _INTRONET_ENDPOINT INTRONET_ENDPOINT
An endpoint.
_INTRONET_ADDRESS
An IP address.
Definition: intronet.h:16
introNetStateEstablished
Definition: intro_types.h:312
_INTRONET_ENDPOINT::LocalAddress
INTRONET_ADDRESS LocalAddress
Local address.
Definition: intronet.h:35
INTRO_NET_AF
enum _INTRO_NET_AF INTRO_NET_AF
Address family.
CHAR
char CHAR
Definition: intro_types.h:56
_INTRONET_ENDPOINT::Endpoint
QWORD Endpoint
Guest virtual address of the endpoint/socket object.
Definition: intronet.h:61
introNetStateClosed
Definition: intro_types.h:318
IntNetConvertState
INTRO_NET_STATE IntNetConvertState(const DWORD State)
Converts a guest connection state to an Introcore connection state.
Definition: intronet.c:210
_INTRONET_ADDRESS::Ipv4
BYTE Ipv4[4]
IPv4 address.
Definition: intronet.h:19
_WIN_PROCESS_OBJECT
This structure describes a running process inside the guest.
Definition: winprocess.h:83