- Generated by
1.8.13
|
Bitdefender Hypervisor Memory Introspection
|
#include "introtypes.h"Go to the source code of this file.
Typedefs | |
| typedef struct _LIX_TASK_OBJECT | LIX_TASK_OBJECT |
| typedef struct _LIX_TASK_OBJECT * | PLIX_TASK_OBJECT |
Functions | |
| INTSTATUS | IntLixTaskSendExceptionEvent (DWORD Signal, LIX_TASK_OBJECT *Task) |
| Sends an event that contains the information about signal received by the provided task. This function sends the event only if the guest options has the INTRO_OPT_EVENT_PROCESS_CRASH flag. More... | |
| INTSTATUS | IntLixCrashHandle (void *Detour) |
| Sends an event that contains the information about signal received by the current task. This function overwrite the return value of the 'complete_signal' with SIGKILL if the current task must be killed; the current task must be killed if an exploit has been detected by the introspection engine. More... | |
| INTSTATUS | IntLixCrashPanicHandler (void *Detour) |
| Called if the 'panic' or 'kcrash_exec' handler is hit. More... | |
| void | IntLixCrashDumpDmesg (void) |
| Dumps the 'dmesg' buffer from guest. More... | |
| typedef struct _LIX_TASK_OBJECT LIX_TASK_OBJECT |
Definition at line 10 of file lixcrash.h.
| typedef struct _LIX_TASK_OBJECT * PLIX_TASK_OBJECT |
Definition at line 10 of file lixcrash.h.
| void IntLixCrashDumpDmesg | ( | void | ) |
Dumps the 'dmesg' buffer from guest.
This function search for the 'log_buf', 'log_buf_len' and 'first_idx' and parse the buffer. For Linux kernel 2.6 the 'dmesg' is a continuously buffer of chars. For kernel versions bigger than 2.6 the 'dmesg' has a header 'printk_log' for each line.
Definition at line 340 of file lixcrash.c.
Referenced by IntLixCrashPanicHandler().
| INTSTATUS IntLixCrashHandle | ( | void * | Detour | ) |
Sends an event that contains the information about signal received by the current task. This function overwrite the return value of the 'complete_signal' with SIGKILL if the current task must be killed; the current task must be killed if an exploit has been detected by the introspection engine.
| [in] | Detour | The internal detour structure. |
| INT_STATUS_SUCCESS | On success. |
Definition at line 298 of file lixcrash.c.
| INTSTATUS IntLixCrashPanicHandler | ( | void * | Detour | ) |
Called if the 'panic' or 'kcrash_exec' handler is hit.
This function dumps the 'dmesg' buffer and send an crash event; also set the disable and the bugcheck vars to true in order to uninit the introspection.
| [in] | Detour | The internal detour structure. |
| INT_STATUS_DISABLE_DETOUR_ON_RET | The detours must be removed/disabled because the guest crashed. |
Definition at line 493 of file lixcrash.c.
| INTSTATUS IntLixTaskSendExceptionEvent | ( | DWORD | Signal, |
| LIX_TASK_OBJECT * | Task | ||
| ) |
Sends an event that contains the information about signal received by the provided task. This function sends the event only if the guest options has the INTRO_OPT_EVENT_PROCESS_CRASH flag.
| [in] | Signal | The signal number sent to the task. |
| [in] | Task | The task that received the signal. |
| INT_STATUS_SUCCESS | On success. |
| INT_STATUS_NOT_NEEDED_HINT | If the INTRO_OPT_EVENT_PROCESS_CRASH flag is not set. |
Definition at line 240 of file lixcrash.c.
Referenced by IntLixCrashHandle(), and IntLixTaskDestroy().
1.8.13