Bitdefender Hypervisor Memory Introspection
Data Structures | Macros | Typedefs | Functions
lixfiles.h File Reference
#include "lixprocess.h"

Go to the source code of this file.

Data Structures

struct  _LIX_QSTR
 Describes a string used for paths by the linux kernel (quick string). More...
 

Macros

#define LIX_MAX_PATH   256u
 The maximum length of a dentry-path. More...
 
#define LIX_MAX_DENTRY_DEPTH   30
 The maximum entries to be parsed. More...
 
#define LIX_FILE_HAS_SUID(mode)
 Checks if a file has the SU rights. More...
 

Typedefs

typedef struct _LIX_QSTR LIX_QSTR
 Describes a string used for paths by the linux kernel (quick string). More...
 
typedef struct _LIX_QSTRPLIX_QSTR
 

Functions

INTSTATUS IntLixFileGetDentry (QWORD File, QWORD *Dentry)
 Reads the value of the dentry field of the 'struct file'. More...
 
INTSTATUS IntLixDentryGetName (QWORD Dentry, char **FileName, DWORD *NameLength)
 Gets the file-name that corresponds to the provided Dentry (guest virtual address). More...
 
INTSTATUS IntLixGetFileName (QWORD FileStruct, char **FileName, DWORD *NameLength, QWORD *DentryGva)
 Gets the file-name that corresponds to the provided FileStruct (guest virtual address). More...
 
INTSTATUS IntLixFileGetPath (QWORD FileStructGva, char **Path, DWORD *Length)
 Gets the path that corresponds to the provided FileStructGva (guest virtual address of the 'struct file'). More...
 
void IntLixFilesCacheUninit (void)
 Removes and frees the entries of the dentry-cache. More...
 

Macro Definition Documentation

◆ LIX_FILE_HAS_SUID

#define LIX_FILE_HAS_SUID (   mode)
Value:
({ __auto_type mode_suid_ = (mode); \
((mode_suid_ & S_ISUID) || ((mode_suid_ & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))); })
S_ISGID
#define S_ISGID
Definition: lixddefs.h:244
S_IXGRP
#define S_IXGRP
Definition: common.h:31
S_ISUID
#define S_ISUID
Definition: lixddefs.h:243

Checks if a file has the SU rights.

Definition at line 46 of file lixfiles.h.

◆ LIX_MAX_DENTRY_DEPTH

#define LIX_MAX_DENTRY_DEPTH   30

The maximum entries to be parsed.

Definition at line 38 of file lixfiles.h.

Referenced by IntLixFileGetPath().

◆ LIX_MAX_PATH

#define LIX_MAX_PATH   256u

The maximum length of a dentry-path.

Definition at line 33 of file lixfiles.h.

Referenced by IntLixDentryGetName(), IntLixDepInjectProcess(), IntLixFileGetPath(), and IntLixFileReadDentry().

Typedef Documentation

◆ LIX_QSTR

typedef struct _LIX_QSTR LIX_QSTR

Describes a string used for paths by the linux kernel (quick string).

◆ PLIX_QSTR

typedef struct _LIX_QSTR * PLIX_QSTR

Function Documentation

◆ IntLixDentryGetName()

INTSTATUS IntLixDentryGetName ( QWORD  Dentry,
char **  FileName,
DWORD NameLength 
)

Gets the file-name that corresponds to the provided Dentry (guest virtual address).

NOTE: The caller must free the file-name.

Parameters
[in]DentryThe guest virtual address of the 'struct dentry'.
[in]FileNameOn success, contains a pointer to the file-name.
[in]NameLengthOn success, the length of the file-name.
Return values
INT_STATUS_SUCCESSOn success.
INT_STATUS_INSUFFICIENT_RESOURCESIf the alloc fails.
INT_STATUS_INVALID_DATA_SIZEIf the length of the file-name is invalid.
INT_STATUS_INVALID_PARAMETER_1If the pointer to the 'struct dentry' is not a kernel pointer.
INT_STATUS_INVALID_PARAMETER_2If the pointer to the file-name parameter is invalid.

Definition at line 227 of file lixfiles.c.

Referenced by IntLixGetFileName().

◆ IntLixFileGetDentry()

INTSTATUS IntLixFileGetDentry ( QWORD  File,
QWORD Dentry 
)

Reads the value of the dentry field of the 'struct file'.

Parameters
[in]FileThe guest virtual address of the 'struct file'
[in]DentryThe guest virtual address of the 'struct dentry'.
Return values
INT_STATUS_SUCCESSOn success.
INT_STATUS_NOT_SUPPORTEDIf the guest virtual address of the 'struct dentry' is not a kernel pointer.

Definition at line 195 of file lixfiles.c.

Referenced by IntLixFileGetPath(), IntLixGetFileName(), IntLixTaskCreate(), IntLixTaskGetPath(), and IntLixTaskPathGetByFile().

◆ IntLixFileGetPath()

INTSTATUS IntLixFileGetPath ( QWORD  FileStructGva,
char **  Path,
DWORD Length 
)

Gets the path that corresponds to the provided FileStructGva (guest virtual address of the 'struct file').

For each iteration the parent of the dentry is fetched; the loop of iteration ends when the dentry.parent is equal with the current dentry guest virtual address or the dentry.parent is not a valid kernel guest virtual address.

Parameters
[in]FileStructGvaThe guest virtual address of the 'struct file'.
[out]PathOn success, contains a pointer to the path of the file.
[out]LengthOn success, the length of the path.
Return values
INT_STATUS_SUCCESSOn success.
INT_STATUS_INVALID_PARAMETER_1If the pointer to the 'struct dentry' is not a kernel pointer.
INT_STATUS_INVALID_PARAMETER_2If the pointer to the Path parameter is invalid.
INT_STATUS_NOT_SUPPORTEDIf the guest virtual address of the 'struct dentry' is not a kernel pointer.

Definition at line 352 of file lixfiles.c.

Referenced by IntLixCredAnalyzeStack(), IntLixTaskPathGetByDentry(), and IntSerializeLixVma().

◆ IntLixFilesCacheUninit()

void IntLixFilesCacheUninit ( void  )

Removes and frees the entries of the dentry-cache.

Definition at line 86 of file lixfiles.c.

Referenced by IntLixGuestUninit().

◆ IntLixGetFileName()

INTSTATUS IntLixGetFileName ( QWORD  FileStruct,
char **  FileName,
DWORD NameLength,
QWORD DentryGva 
)

Gets the file-name that corresponds to the provided FileStruct (guest virtual address).

Parameters
[in]FileStructThe guest virtual address of the 'struct file'.
[in]FileNameOn success, contains a pointer to the file-name.
[in]NameLengthThe length of the file-name.
[in]DentryGvaThe guest virtual address of the 'struct dentry'.
Return values
INT_STATUS_SUCCESSOn success.
INT_STATUS_INVALID_PARAMETER_1If the pointer to the 'struct file' is not a kernel pointer.
INT_STATUS_INVALID_PARAMETER_2If the pointer to the file-name parameter is invalid.

Definition at line 565 of file lixfiles.c.

Referenced by IntLixMmListVmasInternal(), and IntLixStackDumpUmStackTrace().