Bitdefender Hypervisor Memory Introspection
|
#include "introtypes.h"
Go to the source code of this file.
Data Structures | |
struct | _LIX_CREDS |
Describes one set of credentials. More... | |
Typedefs | |
typedef struct _LIX_CREDS | LIX_CREDS |
Describes one set of credentials. More... | |
typedef struct _LIX_TASK_OBJECT | LIX_TASK_OBJECT |
Functions | |
INTSTATUS | IntLixCredAdd (QWORD CredsGva, LIX_CREDS **Creds) |
Adds a cred structure in the integrity protected credentials list. More... | |
void | IntLixCredRemove (LIX_CREDS **Creds) |
Removes the integrity protection for the credentials set that belong to a process. More... | |
void | IntLixCredsVerify (LIX_TASK_OBJECT *Task) |
Verifies whether the credentials of a process has been altered or not. More... | |
INTSTATUS | IntLixCommitCredsHandle (void *Detour) |
Detour handler for "commit_creds" function. More... | |
typedef struct _LIX_CREDS LIX_CREDS |
Describes one set of credentials.
typedef struct _LIX_TASK_OBJECT LIX_TASK_OBJECT |
INTSTATUS IntLixCommitCredsHandle | ( | void * | Detour | ) |
Detour handler for "commit_creds" function.
Because a process is able to change it's credentials (by calling setuid(), setgid(), etc) we have to keep track of these changes. The kernel is nice and creates a new "cred" structure for any change, then calls "commit_creds" to install the new credentials set on the current task. However, this new credentials set is based on the previous one which may have been already altered. So, in order to avoid registering an altered credentials set as a clean one, we make one last integrity check on the current set.
This function also checks if the syscall that triggered this change was performed from a known user mode library. Otherwise, a feedback only alert will be sent.
[in] | Detour | Unused. |
Adds a cred structure in the integrity protected credentials list.
[in] | CredsGva | The guest virtual address of the cred structure. |
[in] | Creds | Will contain upon success the reference to the LIX_CRED structure. |
Definition at line 365 of file lixcred.c.
Referenced by IntLixCommitCredsHandle(), IntLixTaskCreate(), and IntLixTaskCreateFromBinprm().
void IntLixCredRemove | ( | LIX_CREDS ** | Creds | ) |
Removes the integrity protection for the credentials set that belong to a process.
This function will decrement the credentials refcount and will completely remove them when the refcount reaches 0.
[in] | Creds | The credentials to be unprotected. |
Definition at line 441 of file lixcred.c.
Referenced by IntLixCommitCredsHandle(), IntLixTaskDestroy(), and IntLixTaskRemoveEntry().
void IntLixCredsVerify | ( | LIX_TASK_OBJECT * | Task | ) |
Verifies whether the credentials of a process has been altered or not.
[in] | Task | The Linux process. |
Definition at line 534 of file lixcred.c.
Referenced by IntLixCommitCredsHandle(), IntLixTaskAdd(), IntLixTaskDestroy(), and IntLixTaskHandleExec().