doxygen/html/lixfastread_8c_source.html

 /*
  * Copyright (c) 2020 Bitdefender
  * SPDX-License-Identifier: Apache-2.0
  */
 #include "introcore.h"
 #include "guests.h"
 #include "introstatus.h"
 #include "lixguest.h"

 static QWORD gMappedGva = 0;

 static BYTE *gMapping1 = NULL;
 static BYTE *gMapping2 = NULL;


 INTSTATUS
 IntLixFsrInitMap(
     _In_ QWORD Gva
     )
 {
     INTSTATUS status;

     if (IS_KERNEL_POINTER_LIX(gMappedGva))
     {
         return INT_STATUS_ALREADY_INITIALIZED;
     }

     if (!IS_KERNEL_POINTER_LIX(Gva))
     {
         // We allow only kernel memory.
         return INT_STATUS_INVALID_PARAMETER_1;
     }

     status = IntVirtMemMap(Gva, PAGE_REMAINING(Gva), gGuest.Mm.SystemCr3, 0, &gMapping1);
     if (!INT_SUCCESS(status))
     {
         ERROR("[ERROR] IntVirtMemMap failed for %llx: %08x\n", Gva, status);

         gMapping1 = NULL;

         return status;
     }

     gMappedGva = Gva;

     return INT_STATUS_SUCCESS;
 }


 void
 IntLixFsrUninitMap(
     void
     )
 {
     if (NULL != gMapping1)
     {
         IntVirtMemUnmap(&gMapping1);
     }

     if (NULL != gMapping2)
     {
         IntVirtMemUnmap(&gMapping2);
     }

     gMappedGva = 0;

     gMapping1 = gMapping2 = NULL;
 }


 INTSTATUS
 IntLixFsrRead(
     _In_ QWORD Gva,
     _In_ DWORD Offset,
     _In_ DWORD Size,
     _Out_ void *Buffer
     )
 {
     QWORD gva;

     if (NULL == gMapping1)
     {
         return INT_STATUS_NOT_INITIALIZED;
     }

     if (gMappedGva != Gva)
     {
         return INT_STATUS_INVALID_PARAMETER_1;
     }

     if (PAGE_COUNT(gMappedGva, Offset + Size) > 2)
     {
         return INT_STATUS_INVALID_PARAMETER_MIX;
     }

     if (NULL == Buffer)
     {
         return INT_STATUS_INVALID_PARAMETER_3;
     }

     gva = gMappedGva + Offset;

     if (PAGE_COUNT(gMappedGva, (QWORD)Offset + Size) > 1)
     {
         DWORD remaining = Size;

         if (NULL == gMapping2)
         {
             INTSTATUS status;
             QWORD secondPage;

             secondPage = (gMappedGva + PAGE_SIZE) & PAGE_MASK;

             status = IntVirtMemMap(secondPage, PAGE_SIZE, gGuest.Mm.SystemCr3, 0, &gMapping2);
             if (!INT_SUCCESS(status))
             {
                 ERROR("[ERROR] IntVirtMemMap failed for 0x%llx with status 0x%08x", secondPage, status);

                 gMapping2 = NULL;

                 return status;
             }
         }

         if (PAGE_FRAME_NUMBER(gMappedGva) == PAGE_FRAME_NUMBER(gva))
         {
             DWORD toRead = PAGE_REMAINING(gva);

             memcpy(Buffer, gMapping1 + Offset, toRead);

             remaining -= toRead;
         }

         memcpy((BYTE *)Buffer + (Size - remaining), gMapping2 + ((gva + Size - remaining) & PAGE_OFFSET), remaining);
     }
     else
     {
         // The whole it's in the first page
         memcpy(Buffer, gMapping1 + Offset, Size);
     }

     return INT_STATUS_SUCCESS;
 }
IntLixFsrUninitMap
void IntLixFsrUninitMap(void)
Uninitialize the fast read mechanism.
Definition: lixfastread.c:62

_Out_
#define _Out_
Definition: intro_sal.h:22

IntVirtMemUnmap
INTSTATUS IntVirtMemUnmap(void **HostPtr)
Unmaps a memory range previously mapped with IntVirtMemMap.
Definition: introcore.c:2234

BYTE
uint8_t BYTE
Definition: intro_types.h:47

_In_
#define _In_
Definition: intro_sal.h:21

introcore.h

_MM::SystemCr3
QWORD SystemCr3
The Cr3 used to map the kernel.
Definition: guests.h:211

INT_STATUS_SUCCESS
#define INT_STATUS_SUCCESS
Definition: introstatus.h:54

PAGE_REMAINING
#define PAGE_REMAINING(addr)
Definition: pgtable.h:163

gMapping2
static BYTE * gMapping2
The mapping point of the second page mapped.
Definition: lixfastread.c:13

INT_SUCCESS
#define INT_SUCCESS(Status)
Definition: introstatus.h:42

PAGE_OFFSET
#define PAGE_OFFSET
Definition: pgtable.h:32

ERROR
#define ERROR(fmt,...)
Definition: glue.h:62

INTSTATUS
int INTSTATUS
The status data type.
Definition: introstatus.h:24

PAGE_COUNT
#define PAGE_COUNT(addr, bytes)
Definition: pgtable.h:189

guests.h

PAGE_FRAME_NUMBER
#define PAGE_FRAME_NUMBER(addr)
Definition: pgtable.h:181

INT_STATUS_ALREADY_INITIALIZED
#define INT_STATUS_ALREADY_INITIALIZED
Definition: introstatus.h:263

IS_KERNEL_POINTER_LIX
#define IS_KERNEL_POINTER_LIX(p)
Definition: lixguest.h:11

INT_STATUS_NOT_INITIALIZED
#define INT_STATUS_NOT_INITIALIZED
Definition: introstatus.h:266

QWORD
unsigned long long QWORD
Definition: intro_types.h:53

IntLixFsrInitMap
INTSTATUS IntLixFsrInitMap(QWORD Gva)
Initialize the fast read mechanism.
Definition: lixfastread.c:17

PAGE_SIZE
#define PAGE_SIZE
Definition: common.h:70

DWORD
uint32_t DWORD
Definition: intro_types.h:49

lixguest.h

IntVirtMemMap
__must_check INTSTATUS IntVirtMemMap(QWORD Gva, DWORD Length, QWORD Cr3, DWORD Flags, void **HostPtr)
Maps a guest virtual memory range inside Introcore virtual address space.
Definition: introcore.c:2134

_GUEST_STATE::Mm
MM Mm
Guest memory information, such as paging mode, system Cr3 value, etc.
Definition: guests.h:374

gGuest
GUEST_STATE gGuest
The current guest state.
Definition: guests.c:50

gMapping1
static BYTE * gMapping1
The mapping point of the first page mapped.
Definition: lixfastread.c:12

INT_STATUS_INVALID_PARAMETER_1
#define INT_STATUS_INVALID_PARAMETER_1
Definition: introstatus.h:62

gMappedGva
static QWORD gMappedGva
The guest virtual address that is currently mapped.
Definition: lixfastread.c:10

IntLixFsrRead
INTSTATUS IntLixFsrRead(QWORD Gva, DWORD Offset, DWORD Size, void *Buffer)
Performs a read from a previously mapped guest virtual address.
Definition: lixfastread.c:86

INT_STATUS_INVALID_PARAMETER_MIX
#define INT_STATUS_INVALID_PARAMETER_MIX
Definition: introstatus.h:98

PAGE_MASK
#define PAGE_MASK
Definition: pgtable.h:35

introstatus.h
Status values returned by most functions that can signal different success or failure states...

INT_STATUS_INVALID_PARAMETER_3
#define INT_STATUS_INVALID_PARAMETER_3
Definition: introstatus.h:68