Bitdefender Hypervisor Memory Introspection
Data Fields
_API_HOOK_HANDLER Struct Reference

Described a detour handler. More...

#include <detours.h>

Data Fields

DWORD MinVersion
 The minimum version of the OS for which this handler works. More...
 
DWORD MaxVersion
 The maximum version of the OS for which this handler works. More...
 
DWORD CodeLength
 The size of the handler. Must not be larger than DETOUR_MAX_HANDLER_SIZE. More...
 
HYPERCALL_TYPE HypercallType
 The type of hypercall used. More...
 
BYTE Code [DETOUR_MAX_HANDLER_SIZE]
 The code of the detour handler. Only CodeLength bytes are valid. More...
 
BYTE HypercallOffset
 The offset inside the handler at which the hypercall instruction is placed. More...
 
BYTE RelocatedCodeOffset
 The offset inside the handler at which the original instructions were relocated. More...
 
API_HOOK_PUBLIC_DATA PublicDataOffsets [PUBLIC_DATA_MAX_DESCRIPTORS]
 Optional public data used to allow external changes to the detour handler. More...
 
BYTE NrPublicDataOffsets
 The number of valid entries inside the PublicDataOffsets array. More...
 

Detailed Description

Described a detour handler.

Definition at line 283 of file detours.h.

Field Documentation

◆ Code

BYTE _API_HOOK_HANDLER::Code[DETOUR_MAX_HANDLER_SIZE]

The code of the detour handler. Only CodeLength bytes are valid.

Definition at line 298 of file detours.h.

Referenced by IntWinPatchVadHandleCommit(), IntWinProcPatchCopyMemoryDetour(), IntWinProcPatchPspInsertProcess86(), IntWinProcPatchSwapOut32(), IntWinProcPatchSwapOut64(), IntWinProcPrepareInstrument(), IntWinThrPatchThreadHijackHandler(), IntWinThrPrepareApcHandler(), IntWinVadPatchDeleteVaRange(), IntWinVadPatchFinishVadDeletion(), IntWinVadPatchInsert(), IntWinVadPatchInsertMap(), IntWinVadPatchInsertPrivate(), and IntWinVadPatchVirtualProtect().

◆ CodeLength

DWORD _API_HOOK_HANDLER::CodeLength

The size of the handler. Must not be larger than DETOUR_MAX_HANDLER_SIZE.

Definition at line 294 of file detours.h.

◆ HypercallOffset

BYTE _API_HOOK_HANDLER::HypercallOffset

The offset inside the handler at which the hypercall instruction is placed.

A detour can have only one hypercall. This is used to identify the detour and to invoke to proper introcore handler when a hypercall is issued.

Definition at line 303 of file detours.h.

◆ HypercallType

HYPERCALL_TYPE _API_HOOK_HANDLER::HypercallType

The type of hypercall used.

Definition at line 296 of file detours.h.

◆ MaxVersion

DWORD _API_HOOK_HANDLER::MaxVersion

The maximum version of the OS for which this handler works.

If the OS is newer than this, the handler is ignored.

Definition at line 292 of file detours.h.

Referenced by IntWinApiHook().

◆ MinVersion

DWORD _API_HOOK_HANDLER::MinVersion

The minimum version of the OS for which this handler works.

If the OS is older than this, the handler is ignored.

Definition at line 288 of file detours.h.

Referenced by IntWinApiHook().

◆ NrPublicDataOffsets

BYTE _API_HOOK_HANDLER::NrPublicDataOffsets

The number of valid entries inside the PublicDataOffsets array.

Definition at line 309 of file detours.h.

◆ PublicDataOffsets

API_HOOK_PUBLIC_DATA _API_HOOK_HANDLER::PublicDataOffsets[PUBLIC_DATA_MAX_DESCRIPTORS]

Optional public data used to allow external changes to the detour handler.

Definition at line 307 of file detours.h.

◆ RelocatedCodeOffset

BYTE _API_HOOK_HANDLER::RelocatedCodeOffset

The offset inside the handler at which the original instructions were relocated.

Definition at line 305 of file detours.h.

The documentation for this struct was generated from the following file: