- Generated by
1.8.13
|
Bitdefender Hypervisor Memory Introspection
|
Go to the source code of this file.
Macros | |
| #define | IC_TAG_DRNU 'UND:' |
| Guest loaded module name buffer (Unicode) More... | |
| #define | IC_TAG_EXPN 'PXE:' |
| Export name buffer. More... | |
| #define | IC_TAG_DOBJ 'BOD:' |
| Driver Object List Entry. More... | |
| #define | IC_TAG_POBJ 'BOP:' |
| Process Object List Entry. More... | |
| #define | IC_TAG_MODU 'DOM:' |
| Loaded module. More... | |
| #define | IC_TAG_DETG 'SGTD' |
| Guest detour state. More... | |
| #define | IC_TAG_GVCA 'CVG:' |
| The GVA cache. More... | |
| #define | IC_TAG_GPCA 'CPG:' |
| The GPA cache. More... | |
| #define | IC_TAG_GPCV 'VPG:' |
| GPA cache victim. More... | |
| #define | IC_TAG_ITGR 'TGI:' |
| Integrity region. More... | |
| #define | IC_TAG_WPFN 'NFP:' |
| Windows PFN locked page. More... | |
| #define | IC_TAG_EXCP 'CXE:' |
| Exception structure. More... | |
| #define | IC_TAG_EXKM 'KXE:' |
| Kernel exceptions structures. More... | |
| #define | IC_TAG_EXKU 'UKXE' |
| Kernel-User mode exceptions structures. More... | |
| #define | IC_TAG_EXUM 'UXE:' |
| User exceptions structures. More... | |
| #define | IC_TAG_ESIG 'GSE:' |
| Exception signatures structures. More... | |
| #define | IC_TAG_DEBUG 'GBD:' |
| Debugger stuff. More... | |
| #define | IC_TAG_ALLOC 'CLA:' |
| Memory allocation. More... | |
| #define | IC_TAG_INSC 'SNI:' |
| Instruction cache. More... | |
| #define | IC_TAG_IINV 'VNII' |
| Instruction cache invalidation entry. More... | |
| #define | IC_TAG_CDBK 'KBDC' |
| Code blocks. More... | |
| #define | IC_TAG_MSRHK 'EDH:' |
| MSR Hook descriptor. More... | |
| #define | IC_TAG_HKOBJ 'DJOB' |
| Hook-object descriptor. More... | |
| #define | IC_TAG_GPAH 'HAPG' |
| GPA hook. More... | |
| #define | IC_TAG_GVAH 'HAVG' |
| GVA hook object. More... | |
| #define | IC_TAG_EPTE 'EPTE' |
| EPT hook entry. More... | |
| #define | IC_TAG_REGD 'DGER' |
| Object region descriptor. More... | |
| #define | IC_TAG_HKAR 'RAKH' |
| Hooks array in object region descriptor. More... | |
| #define | IC_TAG_UNPG 'GPNU' |
| Protected unpacker-page. More... | |
| #define | IC_TAG_SWCX 'XCS:' |
| Swapmem context. More... | |
| #define | IC_TAG_SWPP 'PPS:' |
| Swapmem pages data area. More... | |
| #define | IC_TAG_SWPG 'GPWS' |
| Swapmem page. More... | |
| #define | IC_TAG_SWPN 'NPWS' |
| Swap pending. More... | |
| #define | IC_TAG_UPDT 'TDU:' |
| Update structure, holding a chunk. More... | |
| #define | IC_TAG_EPTV 'EPTV' |
| EPT violations cache. More... | |
| #define | IC_TAG_RGCH 'HCGR' |
| Register cache. More... | |
| #define | IC_TAG_AGNE 'ENGA' |
| Agent entry. More... | |
| #define | IC_TAG_LAGE 'EGAL' |
| Linux agent entry. More... | |
| #define | IC_TAG_AGND 'DNGA' |
| Agent data. More... | |
| #define | IC_TAG_AGNN 'NNGA' |
| Agent name. More... | |
| #define | IC_TAG_IMGE 'IMGE' |
| PE image buffer. More... | |
| #define | IC_TAG_HDRS 'SRDH' |
| Module headers as cached inside a KERNEL_MODULE structure. More... | |
| #define | IC_TAG_PTHP 'PHTP' |
| Object path (cached) More... | |
| #define | IC_TAG_UMPT 'TPMU' |
| UM object path (cached) More... | |
| #define | IC_TAG_PATH 'HTAP' |
| Object path. More... | |
| #define | IC_TAG_NAME 'EMAN' |
| Object name. More... | |
| #define | IC_TAG_MCRG 'GRCM' |
| MemCloak region. More... | |
| #define | IC_TAG_MCBF 'FBCM' |
| MemCloak original buffer. More... | |
| #define | IC_TAG_VASR 'RSVA' |
| VAS Root Object. More... | |
| #define | IC_TAG_VAST 'TSAV' |
| VAS Monitor Table. More... | |
| #define | IC_TAG_VASE 'ESAV' |
| VAS Monitor Table Entries array. More... | |
| #define | IC_TAG_VASP 'PSAV' |
| VAS Monitor Table Pointers array. More... | |
| #define | IC_TAG_PTPT 'TPTP' |
| PTS Page Table hook. More... | |
| #define | IC_TAG_PTPS 'SPTP' |
| PTS Page Hook Context. More... | |
| #define | IC_TAG_SUBS 'SUBS' |
| Process subsystem structure. More... | |
| #define | IC_TAG_CPUS 'SUPC' |
| CPU state. More... | |
| #define | IC_TAG_XCRH 'HRCX' |
| XCR hook. More... | |
| #define | IC_TAG_XCRS 'SRCX' |
| XCR hook state. More... | |
| #define | IC_TAG_MSRS 'SRSM' |
| MSR hook state. More... | |
| #define | IC_TAG_CRH 'KHRC' |
| CR hook. More... | |
| #define | IC_TAG_CRS 'TSRC' |
| CR hook state. More... | |
| #define | IC_TAG_DTRH 'HRTD' |
| IDTR & GDTR hook. More... | |
| #define | IC_TAG_DTRS 'SRTD' |
| IDTR & GDTR hook state. More... | |
| #define | IC_TAG_HOOKS 'AHTS' |
| Global hook state. More... | |
| #define | IC_TAG_SLKE 'EKLS' |
| Slack space entry. More... | |
| #define | IC_TAG_PPAG 'GAPP' |
| Process VAD page. More... | |
| #define | IC_TAG_VADP 'PDAV' |
| VAD pages hash table. More... | |
| #define | IC_TAG_PCMD 'LDMC' |
| Process command line. More... | |
| #define | IC_TAG_FSTM 'PMSF' |
| Linux fast map. More... | |
| #define | IC_TAG_MLMP 'PMLM' |
| Multi-page mappings. More... | |
| #define | IC_TAG_PPIF 'FIPP' |
| Protected process info. More... | |
| #define | IC_TAG_MDHS 'SHDM' |
| Module hashes. More... | |
| #define | IC_TAG_INVC 'CVNI' |
| Invocation context. More... | |
| #define | IC_TAG_NSPX 'XPSN' |
| NsProxy object. More... | |
| #define | IC_TAG_UDCX 'XCDU' |
| UD pending context. More... | |
| #define | IC_TAG_PTPM 'MPTP' |
| Page Table Hook Manager entry. More... | |
| #define | IC_TAG_PTPP 'PPTP' |
| Page Table Hook Manager page. More... | |
| #define | IC_TAG_PTPA 'APTP' |
| Page Table Hook Manager array. More... | |
| #define | IC_TAG_KRNB 'BNRK' |
| Kernel Buffer, cached by the introspection. More... | |
| #define | IC_TAG_HALB 'BLAH' |
| Hal Buffer, cached by the introspection. More... | |
| #define | IC_TAG_VAD ':daV' |
| Virtual Address Descriptor for user mode address ranges. More... | |
| #define | IC_TAG_VAD_PGARR 'PGAR' |
| Virtual page array with the pages contained by a VAD. More... | |
| #define | IC_TAG_VAD_PAGE 'PGEN' |
| Virtual page from a VAD page array. More... | |
| #define | IC_TAG_HAL_HEAP 'GPHH' |
| Page in Hal Heap. More... | |
| #define | IC_TAG_KSYM 'MYSK' |
| Kallsym cache. More... | |
| #define | IC_TAG_EPTE 'EPTE' |
| EPT hook entry. More... | |
| #define | IC_TAG_IATB 'BTAI' |
| IAT entries bitmap. More... | |
| #define | IC_TAG_VEVE 'EVEV' |
| #VE state More... | |
| #define | IC_TAG_EXPCH 'HCXE' |
| Windows UM exports cache. More... | |
| #define | IC_TAG_MODCH 'HCDM' |
| Windows UM module cache. More... | |
| #define | IC_TAG_WINOBJ_SWAP 'JBOS' |
| Winobj swap handle. More... | |
| #define | IC_TAG_WSWP 'PWSW' |
| Win init swap handle. More... | |
| #define | IC_TAG_POKE 'EKOP' |
| Linux text poke kprobes. More... | |
| #define | IC_TAG_MTBL 'LBTM' |
| Mem Table. More... | |
| #define | IC_TAG_PTI_DRV 'ITPD' |
| PTI driver image. More... | |
| #define | IC_TAG_XSAVE 'EVSX' |
| XSAVE area. More... | |
| #define | IC_TAG_VEPG 'GPEV' |
| #VE agent pages More... | |
| #define | IC_TAG_SPPE 'EPPS' |
| SPP entry. More... | |
| #define | IC_TAG_WINMOD_BLOCK 'LBOM' |
| Win um module load-blocking objects. More... | |
| #define | IC_TAG_WINMOD_CB_LIST 'LBCM' |
| Win um module call back list for a reason (in DllMain) More... | |
| #define | IC_TAG_WINMOD_CB_OBJ 'OBCM' |
| Win um module call back object for reason (in DllMain) More... | |
| #define | IC_TAG_CAMI 'IMAC' |
| Live update allocations. More... | |
| #define | IC_TAG_SGDG 'GDGS' |
| SWAPGS gadget. More... | |
| #define | IC_TAG_SGDH 'HDGS' |
| SWAPGS handler. More... | |
| #define | IC_TAG_CRED 'DERC' |
| Linux cred struct. More... | |
| #define | IC_TAG_CMD_LINE 'DMC:' |
| Windows command line. More... | |
| #define | IC_TAG_ENGINE_NOT 'GNE:' |
| Used for asynchronous engine notifications. More... | |
| #define | IC_TAG_VMA 'AMV:' |
| Used for Linux VMA structs. More... | |
| #define | IC_TAG_GUEST 'TSG:' |
| Used for Linux/Windows guest structure. More... | |
| #define | IC_TAG_SUD_BUFFER 'BDUS' |
| Used for keeping the SharedUserData buffer internally. More... | |
| #define | IC_TAG_IOBD 'DBOI' |
| Used for interrupt object protection descriptors. More... | |
| #define | IC_TAG_SMALL_MZPE ':EPS' |
| Small MZPE. More... | |
| #define IC_TAG_AGNE 'ENGA' |
Agent entry.
Definition at line 47 of file memtags.h.
Referenced by IntWinAgentFree(), IntWinAgentInject(), and IntWinAgentInjectBreakpoint().
| #define IC_TAG_AGNN 'NNGA' |
Agent name.
Definition at line 50 of file memtags.h.
Referenced by IntLixAgentNameCreate(), IntLixAgentNameRemove(), IntWinAgentCheckIfProcessAgentAndDecrement(), IntWinAgentInject(), IntWinAgentRemoveEntryByAgid(), and IntWinAgentUnInit().
| #define IC_TAG_ALLOC 'CLA:' |
Memory allocation.
Definition at line 28 of file memtags.h.
Referenced by BitMaskAlloc(), BitMaskFree(), DbgCrWriteTestCallback(), DbgIterateVaSpace(), IntAddRemoveProtectedProcessUtf8(), IntDumpGvaEx(), IntKsymRelativeFindOffsetTableStart(), IntLixAgentFindInstruction(), IntPtiDeleteInstruction(), IntPtiMonitorAllPtWriteCandidates(), IntSlackAllocWindows(), IntVeDeliverDriverForLoad(), IntVeFindKernelKvaShadowAndKernelExit(), IntVeUnhookVeAgent(), IntVeUnInit(), IntVirtMemSafeWrite(), IntWinAgentActivatePendingAgent(), and IntWinAgentFindInstruction().
| #define IC_TAG_CAMI 'IMAC' |
Live update allocations.
Definition at line 124 of file memtags.h.
Referenced by IntCamiLoadLinux(), IntCamiLoadPatternSignatures(), IntCamiLoadWindows(), IntCamiProtectedProcessAllocate(), IntCamiProtectedProcessFree(), IntGuestDetectOsSysCall(), IntLixGuestFindKernel(), IntLixGuestUninit(), IntWinApiHookAll(), and IntWinGuestFindBuildNumber().
| #define IC_TAG_CDBK 'KBDC' |
Code blocks.
Definition at line 31 of file memtags.h.
Referenced by DbgDumpCodeblocks(), and IntFragDumpBlocks().
| #define IC_TAG_CMD_LINE 'DMC:' |
Windows command line.
Definition at line 131 of file memtags.h.
Referenced by IntLixCmdLineInspect(), IntLixHandleCmdLineCallback(), IntWinHandleCmdLineCallback(), and IntWinInspectCommandLine().
| #define IC_TAG_CPUS 'SUPC' |
CPU state.
Definition at line 66 of file memtags.h.
Referenced by IntGuestInit(), and IntGuestUninit().
| #define IC_TAG_CRED 'DERC' |
Linux cred struct.
Definition at line 129 of file memtags.h.
Referenced by IntLixCredAdd(), and IntLixCredRemove().
| #define IC_TAG_CRH 'KHRC' |
CR hook.
Definition at line 70 of file memtags.h.
Referenced by IntHookCrDeleteHook(), and IntHookCrSetHook().
| #define IC_TAG_CRS 'TSRC' |
CR hook state.
Definition at line 71 of file memtags.h.
Referenced by IntHookCrInit(), and IntHookCrUninit().
| #define IC_TAG_DEBUG 'GBD:' |
Debugger stuff.
Definition at line 27 of file memtags.h.
Referenced by DbgDumpEthreadToken(), and DbgDumpProcToken().
| #define IC_TAG_DETG 'SGTD' |
Guest detour state.
Definition at line 16 of file memtags.h.
Referenced by IntDetCreateObjectLix(), IntDetRemoveDetour(), and IntDetSetHook().
| #define IC_TAG_DOBJ 'BOD:' |
Driver Object List Entry.
Definition at line 13 of file memtags.h.
Referenced by IntWinDrvObjCreateFromAddress(), and IntWinDrvObjFreeDriverObject().
| #define IC_TAG_DRNU 'UND:' |
Guest loaded module name buffer (Unicode)
Definition at line 11 of file memtags.h.
Referenced by IntLdrFixImports(), IntLixDrvCreateDriverObject(), IntLixDrvCreateKernel(), IntLixDrvRemoveEntry(), IntWinAgentHandleDriverVmcall(), IntWinDrvCreateFromAddress(), IntWinDrvFreeEntry(), IntWinDrvObjCreateFromAddress(), and IntWinDrvObjFreeDriverObject().
| #define IC_TAG_DTRH 'HRTD' |
IDTR & GDTR hook.
Definition at line 72 of file memtags.h.
Referenced by IntHookDtrDeleteHook(), and IntHookDtrSetHook().
| #define IC_TAG_DTRS 'SRTD' |
IDTR & GDTR hook state.
Definition at line 73 of file memtags.h.
Referenced by IntHookDtrInit(), and IntHookDtrUninit().
| #define IC_TAG_ENGINE_NOT 'GNE:' |
Used for asynchronous engine notifications.
Definition at line 132 of file memtags.h.
Referenced by IntHandleExecCallback(), IntLixCmdLineInspect(), IntLixEngExecSendNotification(), IntLixHandleCmdLineCallback(), IntWinEngExecSendNotification(), IntWinHandleCmdLineCallback(), and IntWinInspectCommandLine().
| #define IC_TAG_EPTE 'EPTE' |
EPT hook entry.
Definition at line 102 of file memtags.h.
Referenced by IntHookGpaGetEptEntry(), and IntHookGpaSetNewPageProtection().
| #define IC_TAG_ESIG 'GSE:' |
Exception signatures structures.
Definition at line 26 of file memtags.h.
Referenced by IntExceptAlertRemove(), IntExceptRemove(), IntUpdateAddCbSignature(), IntUpdateAddExportSignature(), IntUpdateAddIdtSignature(), IntUpdateAddKmException(), IntUpdateAddKmUmException(), IntUpdateAddProcessCreationSignature(), IntUpdateAddUmException(), IntUpdateAddValueCodeSignature(), IntUpdateAddValueSignature(), IntUpdateAddVersionIntroSignature(), IntUpdateAddVersionOsSignature(), IntUpdateCreateCbSignatureFromAlert(), IntUpdateCreateExportSignatureFromAlert(), IntUpdateCreateIdtSignatureFromAlert(), IntUpdateCreateProcessCreationSignatureFromAlert(), and IntUpdateRemoveSignaturesForException().
| #define IC_TAG_EXCP 'CXE:' |
Exception structure.
Definition at line 22 of file memtags.h.
Referenced by IntExceptInit(), IntExceptUninit(), IntExceptVerifyValueCodeSig(), and IntExceptVerifyValueSig().
| #define IC_TAG_EXKM 'KXE:' |
Kernel exceptions structures.
Definition at line 23 of file memtags.h.
Referenced by IntExceptRemoveKmListExceptions(), IntUpdateAddKernelException(), and IntUpdateAddKmException().
| #define IC_TAG_EXKU 'UKXE' |
Kernel-User mode exceptions structures.
Definition at line 24 of file memtags.h.
Referenced by IntExceptRemoveKernelUserListExceptions(), IntUpdateAddKernelUserException(), and IntUpdateAddKmUmException().
| #define IC_TAG_EXPCH 'HCXE' |
Windows UM exports cache.
Definition at line 106 of file memtags.h.
Referenced by IntWinModHandleExportsInMemory(), and IntWinUmCacheRemoveCache().
| #define IC_TAG_EXPN 'PXE:' |
| #define IC_TAG_EXUM 'UXE:' |
User exceptions structures.
Definition at line 25 of file memtags.h.
Referenced by IntExceptRemoveUmGlobListExceptions(), IntExceptRemoveUmListExceptions(), IntUpdateAddUmException(), IntUpdateAddUserException(), IntUpdateAddUserExceptionGlob(), and IntUpdateRemoveException().
| #define IC_TAG_GPAH 'HAPG' |
GPA hook.
Definition at line 34 of file memtags.h.
Referenced by IntHookGpaDeleteHookInternal(), and IntHookGpaSetHook().
| #define IC_TAG_GPCA 'CPG:' |
The GPA cache.
Definition at line 18 of file memtags.h.
Referenced by IntGpaCacheInit(), and IntGpaCacheUnInit().
| #define IC_TAG_GPCV 'VPG:' |
GPA cache victim.
Definition at line 19 of file memtags.h.
Referenced by IntGpaCacheAddVictim(), IntGpaCacheRelease(), and IntGpaCacheUnInit().
| #define IC_TAG_GUEST 'TSG:' |
| #define IC_TAG_GVAH 'HAVG' |
GVA hook object.
Definition at line 35 of file memtags.h.
Referenced by IntHookGvaDeleteHookInternal(), and IntHookGvaSetHook().
| #define IC_TAG_HAL_HEAP 'GPHH' |
Page in Hal Heap.
Definition at line 99 of file memtags.h.
Referenced by IntWinHalHandleHalHeapExec().
| #define IC_TAG_HALB 'BLAH' |
Hal Buffer, cached by the introspection.
Definition at line 92 of file memtags.h.
Referenced by IntWinHalReadHal(), and IntWinHalUninit().
| #define IC_TAG_HDRS 'SRDH' |
Module headers as cached inside a KERNEL_MODULE structure.
Definition at line 52 of file memtags.h.
Referenced by IntWinDrvFreeEntry(), IntWinDrvHeadersInMemory(), IntWinDrvUnprotect(), IntWinHalHeadersInMemory(), IntWinUmCacheRemoveCache(), and IntWinUmModCacheFillHeaders().
| #define IC_TAG_HKAR 'RAKH' |
Hooks array in object region descriptor.
Definition at line 38 of file memtags.h.
Referenced by IntHookObjectDeleteRegion(), and IntHookObjectHookRegion().
| #define IC_TAG_HKOBJ 'DJOB' |
Hook-object descriptor.
Definition at line 33 of file memtags.h.
Referenced by IntHookObjectCommit(), and IntHookObjectCreate().
| #define IC_TAG_HOOKS 'AHTS' |
Global hook state.
Definition at line 74 of file memtags.h.
Referenced by IntHookInit(), and IntHookUninit().
| #define IC_TAG_IATB 'BTAI' |
IAT entries bitmap.
Definition at line 103 of file memtags.h.
Referenced by IntWinModHookModule(), and IntWinModRemoveModule().
| #define IC_TAG_IINV 'VNII' |
Instruction cache invalidation entry.
Definition at line 30 of file memtags.h.
Referenced by IntIcAddInvdForInstruction(), and IntIcFreeInvdEntry().
| #define IC_TAG_IMGE 'IMGE' |
PE image buffer.
Definition at line 51 of file memtags.h.
Referenced by IntWinAgentDeployWinDriver(), IntWinGuestFindKernelObjectsInternal(), and IntWinGuestValidateKernel().
| #define IC_TAG_INSC 'SNI:' |
Instruction cache.
Definition at line 29 of file memtags.h.
Referenced by IntIcCreate(), and IntIcDestroy().
| #define IC_TAG_INVC 'CVNI' |
Invocation context.
Definition at line 83 of file memtags.h.
Referenced by IntHookPtmWriteCallback(), IntHookPtsCloneCallbacks(), and IntHookPtsInvokeCallbacks().
| #define IC_TAG_IOBD 'DBOI' |
Used for interrupt object protection descriptors.
Definition at line 139 of file memtags.h.
Referenced by IntWinIntObjProtect(), and IntWinIntObjUnprotect().
| #define IC_TAG_ITGR 'TGI:' |
Integrity region.
Definition at line 20 of file memtags.h.
Referenced by IntIntegrityAddRegion(), and IntIntegrityRemoveRegion().
| #define IC_TAG_KRNB 'BNRK' |
Kernel Buffer, cached by the introspection.
Definition at line 91 of file memtags.h.
Referenced by IntWinGuestReadKernel(), and IntWinGuestUninit().
| #define IC_TAG_KSYM 'MYSK' |
Kallsym cache.
Definition at line 101 of file memtags.h.
Referenced by IntKsymInit(), and IntKsymUninit().
| #define IC_TAG_LAGE 'EGAL' |
Linux agent entry.
Definition at line 48 of file memtags.h.
Referenced by IntLixAgentCreate(), IntLixAgentFillDataFromHandler(), IntLixAgentFillDataFromMemory(), IntLixAgentFree(), IntLixAgentThreadCreate(), and IntLixAgentThreadFree().
| #define IC_TAG_MCBF 'FBCM' |
MemCloak original buffer.
Definition at line 58 of file memtags.h.
Referenced by IntMemClkCleanup(), and IntMemClkCloakRegion().
| #define IC_TAG_MCRG 'GRCM' |
MemCloak region.
Definition at line 57 of file memtags.h.
Referenced by IntMemClkCleanup(), and IntMemClkCloakRegion().
| #define IC_TAG_MLMP 'PMLM' |
Multi-page mappings.
Definition at line 80 of file memtags.h.
Referenced by IntUninit(), IntVirtMemMapMultiPage(), and IntVirtMemUnmapMultiPage().
| #define IC_TAG_MODCH 'HCDM' |
Windows UM module cache.
Definition at line 107 of file memtags.h.
Referenced by IntWinModCacheCreate(), and IntWinUmCacheRemoveCache().
| #define IC_TAG_MODU 'DOM:' |
Loaded module.
Definition at line 15 of file memtags.h.
Referenced by IntLixDrvCreateDriverObject(), IntLixDrvCreateKernel(), IntLixDrvRemoveEntry(), IntWinDrvCreateFromAddress(), IntWinDrvFreeEntry(), IntWinModHandleLoadFromVad(), and IntWinModRemoveModule().
| #define IC_TAG_MSRHK 'EDH:' |
MSR Hook descriptor.
Definition at line 32 of file memtags.h.
Referenced by IntHookMsrDeleteHook(), and IntHookMsrSetHook().
| #define IC_TAG_MSRS 'SRSM' |
MSR hook state.
Definition at line 69 of file memtags.h.
Referenced by IntHookMsrInit(), and IntHookMsrUninit().
| #define IC_TAG_MTBL 'LBTM' |
Mem Table.
Definition at line 113 of file memtags.h.
Referenced by IntMtblCheckAccess(), IntMtblRemoveAgentEntries(), and IntMtblUninit().
| #define IC_TAG_NAME 'EMAN' |
Object name.
Definition at line 56 of file memtags.h.
Referenced by IntCamiLoadWindows(), IntLixDentryGetName(), IntLixFileCacheCreateDentryPath(), IntLixFilesCacheUninit(), IntLixMmListVmasInternal(), IntLixStackDumpUmStackTrace(), IntLixTaskAddProtected(), IntLixTaskPathFree(), IntLixTaskPathGetByDentry(), IntLixTaskRemoveEntry(), IntLixTaskRemoveProtected(), IntLixTaskUninit(), IntReadString(), IntWinGuestUninit(), IntWinModHandleExportsInMemory(), and IntWinUmCacheRemoveCache().
| #define IC_TAG_PATH 'HTAP' |
Object path.
Definition at line 55 of file memtags.h.
Referenced by IntLixTaskPathFree(), IntLixTaskPathGetByDentry(), IntWinProcAddProtectedProcess(), IntWinProcRemoveAllProtectedProcesses(), IntWinProcRemoveProtectedProcessInternal(), and IntWinProcUninit().
| #define IC_TAG_PCMD 'LDMC' |
Process command line.
Definition at line 78 of file memtags.h.
Referenced by IntLixTaskFetchCmdLine(), IntLixTaskRemoveEntry(), IntWinGetProcCmdLineHandleBufferInMemory(), and IntWinProcRemoveProcess().
| #define IC_TAG_POBJ 'BOP:' |
Process Object List Entry.
Definition at line 14 of file memtags.h.
Referenced by IntLixTaskAddProtected(), IntLixTaskCreate(), IntLixTaskCreateInitTask(), IntLixTaskHandleExec(), IntLixTaskRemoveEntry(), IntLixTaskRemoveProtected(), IntLixTaskUninit(), IntWinProcCreateProcessObject(), and IntWinProcRemoveProcess().
| #define IC_TAG_PPIF 'FIPP' |
Protected process info.
Definition at line 81 of file memtags.h.
Referenced by IntWinProcAddProtectedProcess(), IntWinProcRemoveAllProtectedProcesses(), IntWinProcRemoveProtectedProcessInternal(), and IntWinProcUninit().
| #define IC_TAG_PTHP 'PHTP' |
Object path (cached)
Definition at line 53 of file memtags.h.
Referenced by IntWinUmPathCreate(), and IntWinUmPathFree().
| #define IC_TAG_PTI_DRV 'ITPD' |
PTI driver image.
Definition at line 114 of file memtags.h.
Referenced by IntPtiDeliverDriverForLoad(), and IntPtiUnhookPtFilter().
| #define IC_TAG_PTPA 'APTP' |
Page Table Hook Manager array.
Definition at line 89 of file memtags.h.
Referenced by IntHookPtmAddTable(), and IntHookPtmDeleteTableHook().
| #define IC_TAG_PTPM 'MPTP' |
Page Table Hook Manager entry.
Definition at line 87 of file memtags.h.
Referenced by IntHookPtmDeleteHookInternal(), and IntHookPtmSetHook().
| #define IC_TAG_PTPP 'PPTP' |
Page Table Hook Manager page.
Definition at line 88 of file memtags.h.
Referenced by IntHookPtmAddTable(), and IntHookPtmDeleteTableHook().
| #define IC_TAG_PTPS 'SPTP' |
PTS Page Hook Context.
Definition at line 64 of file memtags.h.
Referenced by IntHookPtsDeleteHookInternal(), and IntHookPtsSetHook().
| #define IC_TAG_PTPT 'TPTP' |
PTS Page Table hook.
Definition at line 63 of file memtags.h.
Referenced by IntHookPtsCreateEntry(), and IntHookPtsDeletePdHook().
| #define IC_TAG_REGD 'DGER' |
Object region descriptor.
Definition at line 37 of file memtags.h.
Referenced by IntHookObjectDeleteRegion(), and IntHookObjectHookRegion().
| #define IC_TAG_SGDG 'GDGS' |
SWAPGS gadget.
Definition at line 126 of file memtags.h.
Referenced by IntSwapgsStartMitigation(), and IntSwapgsUninit().
| #define IC_TAG_SGDH 'HDGS' |
SWAPGS handler.
Definition at line 127 of file memtags.h.
Referenced by IntSwapgsInstallHandler(), and IntSwapgsUninit().
| #define IC_TAG_SLKE 'EKLS' |
Slack space entry.
Definition at line 75 of file memtags.h.
Referenced by IntSlackAllocLinux(), IntSlackAllocWindows(), IntSlackFree(), and IntSlackUninit().
| #define IC_TAG_SMALL_MZPE ':EPS' |
| #define IC_TAG_SPPE 'EPPS' |
SPP entry.
Definition at line 118 of file memtags.h.
Referenced by IntHookGpaGetSppEntry(), and IntHookGpaSetNewPageProtection().
| #define IC_TAG_SUBS 'SUBS' |
Process subsystem structure.
Definition at line 65 of file memtags.h.
Referenced by IntWinProcCreateProcessSubsystem(), and IntWinProcRemoveSubsystem().
| #define IC_TAG_SUD_BUFFER 'BDUS' |
Used for keeping the SharedUserData buffer internally.
Definition at line 137 of file memtags.h.
Referenced by IntWinSudProtectIntegrity(), and IntWinSudUnprotectIntegrity().
| #define IC_TAG_SWCX 'XCS:' |
Swapmem context.
Definition at line 40 of file memtags.h.
Referenced by IntSwapMemCleanupCallback(), and IntSwapMemReadData().
| #define IC_TAG_SWPG 'GPWS' |
Swapmem page.
Definition at line 42 of file memtags.h.
Referenced by IntSwapMemCancelTransaction(), IntSwapMemPageSwappedIn(), and IntSwapMemReadData().
| #define IC_TAG_SWPP 'PPS:' |
Swapmem pages data area.
Definition at line 41 of file memtags.h.
Referenced by IntSwapMemCleanupCallback(), and IntSwapMemReadData().
| #define IC_TAG_UDCX 'XCDU' |
UD pending context.
Definition at line 85 of file memtags.h.
Referenced by IntUDAddToPendingList(), and IntUDRemoveEntry().
| #define IC_TAG_UMPT 'TPMU' |
UM object path (cached)
Definition at line 54 of file memtags.h.
Referenced by IntWinUmPathCreate(), and IntWinUmPathFree().
| #define IC_TAG_UNPG 'GPNU' |
Protected unpacker-page.
Definition at line 39 of file memtags.h.
Referenced by IntUnpUnWatchPageInternal(), and IntUnpWatchPage().
| #define IC_TAG_UPDT 'TDU:' |
| #define IC_TAG_VAD ':daV' |
Virtual Address Descriptor for user mode address ranges.
Definition at line 95 of file memtags.h.
Referenced by IntWinVadCreateObject(), and IntWinVadDestroyObject().
| #define IC_TAG_VAD_PAGE 'PGEN' |
Virtual page from a VAD page array.
Definition at line 97 of file memtags.h.
Referenced by IntWinVadAdjustRange(), IntWinVadHandleProtectGeneric(), and IntWinVadRemoveRange().
| #define IC_TAG_VAD_PGARR 'PGAR' |
Virtual page array with the pages contained by a VAD.
Definition at line 96 of file memtags.h.
Referenced by IntWinVadAdjustRange(), IntWinVadHandleProtectGeneric(), and IntWinVadRemoveAllPages().
| #define IC_TAG_VADP 'PDAV' |
VAD pages hash table.
Definition at line 77 of file memtags.h.
Referenced by IntWinProcRemoveProcess().
| #define IC_TAG_VASE 'ESAV' |
VAS Monitor Table Entries array.
Definition at line 61 of file memtags.h.
Referenced by IntVasDeleteTable(), and IntVasHookTables().
| #define IC_TAG_VASP 'PSAV' |
VAS Monitor Table Pointers array.
Definition at line 62 of file memtags.h.
Referenced by IntVasDeleteTable(), and IntVasHookTables().
| #define IC_TAG_VASR 'RSVA' |
VAS Root Object.
Definition at line 59 of file memtags.h.
Referenced by IntVasStartMonitorVaSpace(), and IntVasStopMonitorVaSpace().
| #define IC_TAG_VAST 'TSAV' |
VAS Monitor Table.
Definition at line 60 of file memtags.h.
Referenced by IntVasDeleteTable(), and IntVasHookTables().
| #define IC_TAG_VEPG 'GPEV' |
#VE agent pages
Definition at line 117 of file memtags.h.
Referenced by IntVeLockDriver(), and IntVeUnlockDriver().
| #define IC_TAG_VMA 'AMV:' |
Used for Linux VMA structs.
Definition at line 134 of file memtags.h.
Referenced by IntLixVmaCreate(), and IntLixVmaDestroy().
| #define IC_TAG_WINMOD_BLOCK 'LBOM' |
Win um module load-blocking objects.
Definition at line 120 of file memtags.h.
Referenced by IntWinModBlockBlockModuleLoad(), and IntWinModBlockRemoveBlockObject().
| #define IC_TAG_WINMOD_CB_LIST 'LBCM' |
Win um module call back list for a reason (in DllMain)
Definition at line 121 of file memtags.h.
Referenced by IntWinModBlockRegisterCallbackForReason(), and IntWinModBlockRemoveBlockObject().
| #define IC_TAG_WINMOD_CB_OBJ 'OBCM' |
Win um module call back object for reason (in DllMain)
Definition at line 122 of file memtags.h.
Referenced by IntWinModBlockRegisterCallbackForReason(), and IntWinModBlockRemoveBlockObject().
| #define IC_TAG_WINOBJ_SWAP 'JBOS' |
Winobj swap handle.
Definition at line 109 of file memtags.h.
Referenced by IntWinObjCleanup(), IntWinObjHandleDirectoryEntryInMemory(), IntWinObjHandleDriverDirectoryEntryInMemory(), IntWinObjHandleObjectInMemory(), IntWinObjHandleRootDirTagInMemory(), and IntWinObjParseDriverDirectory().
| #define IC_TAG_WPFN 'NFP:' |
Windows PFN locked page.
Definition at line 21 of file memtags.h.
Referenced by IntWinPfnLockAddress(), IntWinPfnRemoveLock(), and IntWinPfnUnlockAddress().
| #define IC_TAG_WSWP 'PWSW' |
Win init swap handle.
Definition at line 110 of file memtags.h.
Referenced by IntWinGuestCancelKernelRead(), IntWinGuestKernelHeadersInMemory(), IntWinGuestNew(), IntWinGuestReadKernel(), IntWinGuestSectionInMemory(), IntWinHalCancelRead(), IntWinHalReadHal(), and IntWinHalSectionInMemory().
| #define IC_TAG_XCRH 'HRCX' |
XCR hook.
Definition at line 67 of file memtags.h.
Referenced by IntHookXcrDeleteHook(), and IntHookXcrSetHook().
| #define IC_TAG_XCRS 'SRCX' |
XCR hook state.
Definition at line 68 of file memtags.h.
Referenced by IntHookXcrInit(), and IntHookXcrUninit().
| #define IC_TAG_XSAVE 'EVSX' |
1.8.13