Bitdefender Hypervisor Memory Introspection
Typedefs | Enumerations | Functions
memcloak.h File Reference
#include "introtypes.h"

Go to the source code of this file.

Typedefs

typedef INTSTATUS(* PFUNC_IntMemCloakWriteHandle) (void *Hook, QWORD Address, QWORD RegionVirtualAddress, void *CloakHandle, INTRO_ACTION *Action)
 The type of custom write handlers that can be used by cloak regions. More...
 

Enumerations

enum  MEMCLOAK_OPTIONS { MEMCLOAK_OPT_ALLOW_INTERNAL = 0x00000001, MEMCLOAK_OPT_APPLY_PATCH = 0x00000002 }
 Options that control the way a cloaked memory region is handled. More...
 

Functions

INTSTATUS IntMemClkCloakRegion (QWORD VirtualAddress, QWORD Cr3, DWORD Size, DWORD Options, PBYTE OriginalData, PBYTE PatchedData, PFUNC_IntMemCloakWriteHandle WriteHandler, void **CloakHandle)
 Hides a memory zone from the guest. More...
 
INTSTATUS IntMemClkModifyOriginalData (void *CloakHandle, DWORD Offset, DWORD Size, void *Data)
 Modifies the internal copy of the original data buffer held by a cloak region. More...
 
INTSTATUS IntMemClkModifyPatchedData (void *CloakHandle, DWORD Offset, DWORD Size, const void *Data)
 Modifies the patched data inside the guest memory. More...
 
INTSTATUS IntMemClkUncloakRegion (void *CloakHandle, DWORD Options)
 Removes a cloak region, making the original memory contents available again to the guest. More...
 
INTSTATUS IntMemClkHashRegion (QWORD VirtualAddress, QWORD PhysicalAddress, DWORD Size, DWORD *Crc32)
 Hashes the contents of a cloaked memory page. More...
 
BOOLEAN IntMemClkIsPtrInCloak (const void *Cloak, QWORD Ptr)
 Checks if a guest virtual address is located inside a cloak region. More...
 
INTSTATUS IntMemClkGetOriginalData (void *CloakHandle, BYTE **OriginalData, DWORD *Length)
 Returns the original data of a cloaked region. More...
 
INTSTATUS IntMemClkUnInit (void)
 Uninits the memory cloak subsystem. More...
 
void IntMemClkDump (void)
 Dumps all the active cloak regions. More...