- Generated by
1.8.13
|
Bitdefender Hypervisor Memory Introspection
|
Describes a function to be hooked. More...
#include <detours.h>
Data Fields | |
| PWCHAR | ModuleName |
| NULL-terminated string of the kernel module in which the function is found. More... | |
| PCHAR | FunctionName |
| NULL-terminated string of the function name. More... | |
| DWORD | MinVersion |
| The minimum OS version for which this hook should be applied. More... | |
| DWORD | MaxVersion |
| The maximum OS version for which this hook should be applied. More... | |
| PFUNC_DetourCallback | Callback |
| Callback to be invoked when the detour issues a hypercall. May be NULL. More... | |
| PFUNC_PreDetourCallback | PreCallback |
| Callback to be invoked before the detour is written inside the guest. May be NULL. More... | |
| PFUNC_PostDetourCallback | PostCallback |
| Callback to be invoked after the detour has been set. May be NULL. More... | |
| DETOUR_TAG | Tag |
| Detour tag. More... | |
| BOOLEAN | Exported |
| True if this function is exported by the module that owns it. More... | |
| BOOLEAN | NotCritical |
| If True, this hook is not critical. More... | |
| QWORD | DisableFlags |
| Core activation and protection flags that will cause introcore to skip this hook. More... | |
| QWORD | EnableFlags |
| Core activation and protection flags that must be set in order to set and activate this hook. More... | |
| WIN_UNEXPORTED_FUNCTION * | Patterns |
| Array of code patterns used to find this function. More... | |
| DETOUR_ARGS | Arguments |
| Encoding of the arguments needed by introcore from the hooked function. More... | |
| DWORD | HandlersCount |
| The number of valid entries inside the Handlers array. More... | |
| API_HOOK_HANDLER | Handlers [DETOUR_MAX_HANDLERS] |
| Handlers that can be set for this function. More... | |
Describes a function to be hooked.
This is used by IntDetSetHook and IntDetSetLixHook to know what to hook and how to find the hooked region.
| DETOUR_ARGS _API_HOOK_DESCRIPTOR::Arguments |
Encoding of the arguments needed by introcore from the hooked function.
Definition at line 379 of file detours.h.
Referenced by IntDetGetArgument(), IntDetGetArguments(), IntDetPatchArgument(), IntWinApiUpdateHookDescriptor(), IntWinProcPatchSwapOut32(), and IntWinProcPatchSwapOut64().
| PFUNC_DetourCallback _API_HOOK_DESCRIPTOR::Callback |
| QWORD _API_HOOK_DESCRIPTOR::DisableFlags |
Core activation and protection flags that will cause introcore to skip this hook.
These are checked against the current options from gGuest. If options are changed and the new options contain any of these bits, the hook is disabled.
Definition at line 367 of file detours.h.
Referenced by IntWinApiUpdateHooks().
| QWORD _API_HOOK_DESCRIPTOR::EnableFlags |
Core activation and protection flags that must be set in order to set and activate this hook.
These are checked against the current options from gGuest. At least one must be set. If options are changed and the new options do not contain any of these bits, the hook is disabled. DETOUR_ENABLE_ALWAYS can be used to always enable this hook.
| BOOLEAN _API_HOOK_DESCRIPTOR::Exported |
| PCHAR _API_HOOK_DESCRIPTOR::FunctionName |
| API_HOOK_HANDLER _API_HOOK_DESCRIPTOR::Handlers[DETOUR_MAX_HANDLERS] |
Handlers that can be set for this function.
The first entry in the array that matches the restrictions for this hook is used. Because of this, the order in which handlers should be set in this array is from the most to least restrictive. For example, if a function has to handlers: one available for Windows 9200 only, and another one available for all the other versions, the one for 9200 must be the first in the array.
Definition at line 388 of file detours.h.
Referenced by IntLixPatchSwapgs().
| DWORD _API_HOOK_DESCRIPTOR::HandlersCount |
| DWORD _API_HOOK_DESCRIPTOR::MaxVersion |
The maximum OS version for which this hook should be applied.
DETOUR_MAX_VERSION_ANY can be used if there is no lower limit.
Definition at line 345 of file detours.h.
Referenced by IntWinApiHookAll(), and IntWinApiUpdateHookDescriptor().
| DWORD _API_HOOK_DESCRIPTOR::MinVersion |
The minimum OS version for which this hook should be applied.
DETOUR_MIN_VERSION_ANY can be used if there is no lower limit.
Definition at line 341 of file detours.h.
Referenced by IntWinApiHookAll(), and IntWinApiUpdateHookDescriptor().
| PWCHAR _API_HOOK_DESCRIPTOR::ModuleName |
| BOOLEAN _API_HOOK_DESCRIPTOR::NotCritical |
| WIN_UNEXPORTED_FUNCTION* _API_HOOK_DESCRIPTOR::Patterns |
Array of code patterns used to find this function.
If Exported is True this field is ignored. If Exported is False this field must be valid.
Definition at line 377 of file detours.h.
Referenced by IntWinApiUpdateHookDescriptor().
| PFUNC_PostDetourCallback _API_HOOK_DESCRIPTOR::PostCallback |
| PFUNC_PreDetourCallback _API_HOOK_DESCRIPTOR::PreCallback |
| DETOUR_TAG _API_HOOK_DESCRIPTOR::Tag |
1.8.13