- Generated by
1.8.13
|
Bitdefender Hypervisor Memory Introspection
|
#include "introcore.h"Go to the source code of this file.
Functions | |
| INTSTATUS | IntKsymInit (void) |
| Initialize the kallsyms subsystem based on the os info provided by LIX_FIELD(Info, HasKsym*). More... | |
| QWORD | IntKsymFindByName (const char *Name, QWORD *SymEnd) |
| Searches the given Name in kallsyms and returns the Start & End offset. More... | |
| INTSTATUS | IntKsymFindByAddress (QWORD Gva, DWORD Length, char *SymName, QWORD *SymStart, QWORD *SymEnd) |
| Finds the symbol which is located at the given address. More... | |
| void | IntKsymUninit (void) |
| INTSTATUS IntKsymFindByAddress | ( | QWORD | Gva, |
| DWORD | Length, | ||
| char * | SymName, | ||
| QWORD * | SymStart, | ||
| QWORD * | SymEnd | ||
| ) |
Finds the symbol which is located at the given address.
If there are multiple symbols starting at the same address only the last one will be taken into account.
| [in] | Gva | The address of the searched symbol. |
| [in] | Length | SymName buffer size. |
| [out] | SymName | Buffer which will store the symbol name. |
| [out] | SymStart | The symbol start address. |
| [out] | SymEnd | The symbol end address (makes sense only for function names). |
Definition at line 1283 of file lixksym.c.
Referenced by DbgFindKsym(), IntDisasmBuffer(), IntDisasmGva(), IntExceptKernelLogLinuxInformation(), IntExceptPrintMsrInfo(), IntLixAgentError(), IntLixAgentThreadError(), IntLixDrvSendViolationEvent(), IntLixDumpStacktrace(), IntLixGuestAgentContentHandler(), IntLixGuestDetourDataHandler(), IntLixKernelHandleRead(), and IntLixPatchSwapgs().
Searches the given Name in kallsyms and returns the Start & End offset.
If the symbol represents a variable, then the SymEnd may be wrong (we return the address of the next symbol). Supports a very basic regex: '*' at the end means we will do a memcmp only until there.
| [in] | Name | The name of the symbol to be found |
| [out] | SymEnd | Upon successfully return will contain the address of the following symbol (if not NULL) |
Definition at line 1399 of file lixksym.c.
Referenced by DbgFindKsym(), IntDisasmLixFunction(), IntLixAgentResolveOffset(), IntLixApiHijackHook(), IntLixApiHook(), IntLixCrashFetchDmesgSymbol(), IntLixFindDataStart(), IntLixGetInitTask(), IntLixGuestAllocateDeploy(), IntLixGuestFindPgd(), IntLixGuestGetSystemState(), IntLixGuestInit(), IntLixGuestResolveExTableLimits(), IntLixGuestResolveSymbols(), IntLixMmGetInitMm(), IntLixPatchSwapgs(), IntLixResolveCurrentCpuOffset(), IntLixResolveCurrentProcessOffset(), IntLixResolveExeFileOffset(), IntLixResolveThreadStructOffset(), IntLixVdsoDynamicProtect(), IntLixVdsoResolveDynamicOffset(), and IntLixVdsoResolveImageAddress().
| INTSTATUS IntKsymInit | ( | void | ) |
Initialize the kallsyms subsystem based on the os info provided by LIX_FIELD(Info, HasKsym*).
Before calling this function the following subsystem must be fully initialized.
Definition at line 1046 of file lixksym.c.
Referenced by IntLixGuestInit().
| void IntKsymUninit | ( | void | ) |
Tries to free the kallsyms internal buffers if they are initialized.
Definition at line 1256 of file lixksym.c.
Referenced by IntLixGuestNew(), and IntLixGuestUninit().
1.8.13