Bitdefender Hypervisor Memory Introspection
Data Fields
_DETOUR_ARGS Struct Reference

Describes the arguments passed by a in-guest detour handler to introcore. More...

#include <detours.h>

Data Fields

DWORD Argc
 The number of valid entries inside the Argv array. More...
 
DWORD Argv [DET_ARGS_MAX]
 Argument encoding. See DET_ARG_REGS and DET_ARG_ON_STACK. More...
 

Detailed Description

Describes the arguments passed by a in-guest detour handler to introcore.

These definitions help describe argument passing between the handler injected by introcore inside the guest and the detour handler invoked inside introcore. These can match the way the guest passes the arguments, but the handler inside the guest can change this order and can also obtain additional information, so these do not describe any in-guest calling convention. Arguments can be passed either in the guest general purpose registers, or on the stack. The argument is always encoded in a 32-bit integer. In the case in which arguments are passed through the guest GPRs, the argument is encoded as the index of the register which holds it. The index respects the order defined by Intel docs and can be seen in the IG_ARCH_REGS structure. For arguments passed on the stack, the lower word of the index is set to 0xFFFF and the upper word is the index on the stack. In other words, the first parameter is encoded as 0x1FFFF, the second parameter is encoded as 0x2FFFF and so on. This closely follows the way parameters are passed on the stack, stack[0] being the return address, stack[1] the first parameter and so on. We pass only integers or guest pointers.

Definition at line 108 of file detours.h.

Field Documentation

◆ Argc

DWORD _DETOUR_ARGS::Argc

The number of valid entries inside the Argv array.

Definition at line 110 of file detours.h.

Referenced by IntCamiLoadWindows(), IntDetGetArguments(), IntDetPatchArgument(), IntWinApiFindFunctionRva(), IntWinApiHook(), and IntWinApiUpdateHookDescriptor().

◆ Argv

DWORD _DETOUR_ARGS::Argv[DET_ARGS_MAX]

Argument encoding. See DET_ARG_REGS and DET_ARG_ON_STACK.

Definition at line 111 of file detours.h.

Referenced by IntCamiLoadWindows(), IntDetGetArgument(), IntDetGetArguments(), IntDetPatchArgument(), IntWinApiHook(), IntWinApiUpdateHookDescriptor(), IntWinProcPatchSwapOut32(), and IntWinProcPatchSwapOut64().

The documentation for this struct was generated from the following file: