Bitdefender Hypervisor Memory Introspection
Data Structures | Macros | Typedefs | Functions
patsig.h File Reference
#include "introtypes.h"

Go to the source code of this file.

Data Structures

struct  _PATTERN_SIGNATURE
 Describes a signature that can be used for searching or matching guest contents. More...
 

Macros

#define SIG_MAX_PATTERN   128u
 The maximum size of a pattern. More...
 
#define SIG_NOT_FOUND   0xFFFFFFFF
 Signals that a signature was not matched. More...
 
#define SIG_FOUND   0
 Signals that a signature matched. More...
 

Typedefs

typedef struct _PATTERN_SIGNATURE PATTERN_SIGNATURE
 Describes a signature that can be used for searching or matching guest contents. More...
 
typedef struct _PATTERN_SIGNATUREPPATTERN_SIGNATURE
 

Functions

DWORD IntPatternMatch (const BYTE *Buffer, DWORD SigCount, const PATTERN_SIGNATURE *Sigs)
 Matches one of the given signatures on the given buffer. More...
 
DWORD IntPatternMatchAllOffsets (const BYTE *Buffer, const DWORD BufferSize, DWORD SigCount, const PATTERN_SIGNATURE *Sigs)
 Matches one of the given signatures on the given buffer at any offset inside the given buffer. More...
 

Macro Definition Documentation

◆ SIG_FOUND

#define SIG_FOUND   0

Signals that a signature matched.

Definition at line 15 of file patsig.h.

Referenced by IntExceptExtendedPatternMatch().

◆ SIG_MAX_PATTERN

#define SIG_MAX_PATTERN   128u

The maximum size of a pattern.

Definition at line 11 of file patsig.h.

Referenced by IntCamiLoadWindows(), and IntGuestDetectOsSysCall().

◆ SIG_NOT_FOUND

#define SIG_NOT_FOUND   0xFFFFFFFF

Signals that a signature was not matched.

Definition at line 13 of file patsig.h.

Referenced by IntExceptExtendedPatternMatch(), IntExceptVerifyValueCodeSig(), IntLixGuestFindKernelBase(), IntPatternMatch(), and IntPatternMatchAllOffsets().

Typedef Documentation

◆ PATTERN_SIGNATURE

typedef struct _PATTERN_SIGNATURE PATTERN_SIGNATURE

Describes a signature that can be used for searching or matching guest contents.

◆ PPATTERN_SIGNATURE

typedef struct _PATTERN_SIGNATURE * PPATTERN_SIGNATURE

Function Documentation

◆ IntPatternMatch()

DWORD IntPatternMatch ( const BYTE Buffer,
DWORD  SigCount,
const PATTERN_SIGNATURE Sigs 
)

Matches one of the given signatures on the given buffer.

Parameters
[in]BufferThe buffer to be checked. The caller must ensure that the buffer is large enough to properly check all the signatures.
[in]SigCountThe number of entries in the Sigs array.
[in]SigsThe array of signatures to check.
Returns
The index in the Sigs array of the first matching signature, or SIG_NOT_FOUND if no signature is matched or the Buffer or Sigs pointers are NULL.

Definition at line 9 of file patsig.c.

Referenced by IntLixGuestFindKernelBase(), and IntPatternMatchAllOffsets().

◆ IntPatternMatchAllOffsets()

DWORD IntPatternMatchAllOffsets ( const BYTE Buffer,
const DWORD  BufferSize,
DWORD  SigCount,
const PATTERN_SIGNATURE Sigs 
)

Matches one of the given signatures on the given buffer at any offset inside the given buffer.

Parameters
[in]BufferThe buffer to be checked.
[in]BufferSizeThe size of the buffer.
[in]SigCountThe number of entries in the Sigs array.
[in]SigsThe array of signatures to check.
Returns
The index in the Sigs array of the first matching signature, or SIG_NOT_FOUND if no signature is matched or the Buffer or Sigs pointers are NULL.

Definition at line 56 of file patsig.c.