Bitdefender Hypervisor Memory Introspection
Functions
lixcmdline.c File Reference

This file handles command line scanning. More...

#include "lixcmdline.h"
#include "alerts.h"

Go to the source code of this file.

Functions

static INTSTATUS IntLixCmdLineSendViolationEvent (ENG_NOTIFICATION_CMD_LINE *EngineNotification)
 Send a command line violation event. More...
 
INTSTATUS IntLixCmdLineInspect (LIX_TASK_OBJECT *Task)
 Send a command line scan request to the scan engines. More...
 
INTSTATUS IntLixHandleCmdLineCallback (ENG_NOTIFICATION_CMD_LINE *EngineNotification)
 Send a command line violation event. More...
 

Detailed Description

This file handles command line scanning.

Introcore may request the AV engines to scan the command line of certain processes. Unfortunately, the scheduling of a command line scan could bring a considerable performance penalty so the scan will be carried out in an asynchronous fashion. If the scan scheduling was successful, the integrator must invoke the registered callback (PFUNC_IntEventEnginesResultCallback) in order to provide the scan result. For now, if a malicious command line is being used, the process will not be blocked (since the scan is asynchronous, blocking it would require the injection of an agent).

Definition in file lixcmdline.c.

Function Documentation

◆ IntLixCmdLineInspect()

INTSTATUS IntLixCmdLineInspect ( LIX_TASK_OBJECT Task)

Send a command line scan request to the scan engines.

If this function succeeds, the integrator must call the PFUNC_IntEventEnginesResultCallback, otherwise a memory leak will occur.

Parameters
[in]TaskThe process structure (it contains the command line and other fields).
Return values
INT_STATUS_SUCCESSOn success.
INT_STATUS_INSUFFICIENT_RESOURCESIf the allocation fails.

Definition at line 70 of file lixcmdline.c.

Referenced by IntLixTaskHandleExec().

◆ IntLixCmdLineSendViolationEvent()

static INTSTATUS IntLixCmdLineSendViolationEvent ( ENG_NOTIFICATION_CMD_LINE EngineNotification)
static

Send a command line violation event.

Parameters
[in]EngineNotificationThe engine notification containing the scan result.
Return values
INT_STATUS_SUCCESSOn success.

Definition at line 23 of file lixcmdline.c.

Referenced by IntLixHandleCmdLineCallback().

◆ IntLixHandleCmdLineCallback()

INTSTATUS IntLixHandleCmdLineCallback ( ENG_NOTIFICATION_CMD_LINE EngineNotification)

Send a command line violation event.

Parameters
[in]EngineNotificationThe engine notification containing the scan result.
Return values
INT_STATUS_SUCCESSOn success.

Definition at line 140 of file lixcmdline.c.

Referenced by IntEnginesResultCallback().