11 #define LIX_MODULE_NAME_LEN 56 12 #define LIX_ACTIVE_PATCH_SIZE 27 129 #endif // _LIXMODULE_H_
WORD Length
The patch length.
Describes the information about a Linux active-patch.
DWORD GplSymbolsCount
The number of GPL-exported symbols (num_gpl_syms).
INTSTATUS IntLixDrvCreateKernel(void)
Create the KERNEL_DRIVER object for the operating system kernel and activate the protection for it...
INTSTATUS IntLixDrvRemoveEntry(KERNEL_DRIVER *Driver)
Disable protection and frees the driver structure from our internal list.
DWORD RoSize
The size of the .rodata (read-only).
INTSTATUS IntLixDrvRemoveFromAddress(QWORD DriverGva)
Disable protection and remove the driver structure from our internal list.
INTSTATUS IntLixDrvFindList(QWORD *Drivers)
Searches the Linux kernel for the 'modules' variable.
int INTSTATUS
The status data type.
LIX_MODULE_LAYOUT CoreLayout
The layout of the core section.
LIX_MODULE_LAYOUT InitLayout
The layout of the init section.
void * InitSwapHook
The hook on the init section.
#define _Out_writes_(expr)
#define LIX_ACTIVE_PATCH_SIZE
The maximum size of the active-patch data.
void IntLixDrvUpdateProtection(void)
Update Linux drivers protection according to the new core options.
QWORD GplSymbols
The GVA of the exported gpl symbols (gpl_syms).
Describes a kernel driver.
void * HookObjectRead
The hook object used to protect this driver against read. NULL if the driver is not protected...
DWORD Size
The total size of the section.
INTSTATUS IntLixDrvHandleWrite(void *Context, void *Hook, QWORD Address, INTRO_ACTION *Action)
Called if an write occurs on the protected memory zone.
struct _KERNEL_DRIVER * PKERNEL_DRIVER
INTSTATUS(* PFUNC_IterateListCallback)(QWORD Node, QWORD Aux)
struct _LIX_KERNEL_PATCH LIX_KERNEL_PATCH
The internal structure of the Linux active-patch.
void IntLixDrvGetSecName(KERNEL_DRIVER *Driver, QWORD Gva, CHAR *SectionName)
Get the section of the driver that contains the provided guest virtual address.
struct _LIX_ACTIVE_PATCH * PLIX_ACTIVE_PATCH
INTSTATUS IntLixDrvCreateFromAddress(QWORD DriverGva, QWORD StaticDetected)
Create the KERNEL_DRIVER object from the provided 'module struct' address and activate the protection...
QWORD KernelSymbols
The GVA of the exported symbols (syms).
enum _INTRO_ACTION INTRO_ACTION
Event actions.
INTSTATUS IntLixDrvIterateList(PFUNC_IterateListCallback Callback, QWORD Aux)
Iterates the 'modules' list form the guest and activate protection for each driver that is initialize...
The internal structure of the Linux active-patch.
INTSTATUS IntLixDrvIsLegitimateTextPoke(void *Hook, QWORD Address, LIX_ACTIVE_PATCH *ActivePatch, INTRO_ACTION *Action)
This function checks if the modified zone by the current instruction is a 'text_poke'.
struct _LIX_MODULE_LAYOUT LIX_MODULE_LAYOUT
The layout of the core/init sections.
struct _LIX_KERNEL_PATCH * PLIX_KERNEL_PATCH
LIST_ENTRY Link
List entry element.
struct _LIX_KERNEL_MODULE * PLIX_KERNEL_MODULE
struct _LIX_KERNEL_MODULE LIX_KERNEL_MODULE
The internal structure of the Linux-driver.
The layout of the core/init sections.
BOOLEAN Initialized
This means that the init section is discarded.
QWORD Base
The base GVA of the section.
struct _LIX_MODULE_LAYOUT * PLIX_MODULE_LAYOUT
WORD PatchedLength
The size of the already patched area.
QWORD Gva
The start of the region which follows to be patched.
DWORD SymbolsCount
The number of symbols (num_syms).
The internal structure of the Linux-driver.
DWORD TextSize
The size of the .text (code usually).
1.8.13