Bitdefender Hypervisor Memory Introspection
Data Fields
_EVENT_ENGINES_DETECTION_VIOLATION Struct Reference

Event structure for detections provided by additional scan engines. More...

#include <intro_types.h>

Data Fields

INTRO_VIOLATION_HEADER Header
 The alert header. More...
 
INTRO_ENG_NOTIF_TYPE Type
 The type of the alert. More...
 
CHAR DetectionName [ALERT_MAX_DETECTION_NAME]
 A NULL-terminated string with the detection name, as provided by the engines. More...
 
CHAR EnginesVersion [ALERT_MAX_ENGINES_VERSION]
 A NULL-terminated string with the engines versions. More...
 
union {
   INTRO_EXEC_DATA   ExecViolation
 Execution context. More...
 
   struct {
      INTRO_PROCESS   Victim
 The process that received the command line. More...
 
      INTRO_PROCESS   Originator
 The process that provided the command line. More...
 
   }   CmdLineViolation
 Command line of the process. More...
 
}; 
 

Detailed Description

Event structure for detections provided by additional scan engines.

Definition at line 1865 of file intro_types.h.

Field Documentation

◆ @321

union { ... }

◆ CmdLineViolation

struct { ... } _EVENT_ENGINES_DETECTION_VIOLATION::CmdLineViolation

Command line of the process.

Valid only if Type is introEngineNotificationCmdLine.

Referenced by IntLixCmdLineSendViolationEvent(), and IntWinSendCmdLineViolation().

◆ DetectionName

CHAR _EVENT_ENGINES_DETECTION_VIOLATION::DetectionName[ALERT_MAX_DETECTION_NAME]

A NULL-terminated string with the detection name, as provided by the engines.

Definition at line 1871 of file intro_types.h.

Referenced by IntEngSendExecViolation(), IntLixCmdLineSendViolationEvent(), and IntWinSendCmdLineViolation().

◆ EnginesVersion

CHAR _EVENT_ENGINES_DETECTION_VIOLATION::EnginesVersion[ALERT_MAX_ENGINES_VERSION]

A NULL-terminated string with the engines versions.

Definition at line 1873 of file intro_types.h.

Referenced by IntEngSendExecViolation(), IntLixCmdLineSendViolationEvent(), and IntWinSendCmdLineViolation().

◆ ExecViolation

INTRO_EXEC_DATA _EVENT_ENGINES_DETECTION_VIOLATION::ExecViolation

Execution context.

Valid only if Type is introEngineNotificationCodeExecution.

Definition at line 1880 of file intro_types.h.

Referenced by IntEngSendExecViolation().

◆ Header

INTRO_VIOLATION_HEADER _EVENT_ENGINES_DETECTION_VIOLATION::Header

The alert header.

Definition at line 1867 of file intro_types.h.

Referenced by IntEngSendExecViolation(), IntLixCmdLineSendViolationEvent(), and IntWinSendCmdLineViolation().

◆ Originator

INTRO_PROCESS _EVENT_ENGINES_DETECTION_VIOLATION::Originator

The process that provided the command line.

Definition at line 1890 of file intro_types.h.

◆ Type

INTRO_ENG_NOTIF_TYPE _EVENT_ENGINES_DETECTION_VIOLATION::Type

The type of the alert.

Definition at line 1868 of file intro_types.h.

Referenced by IntEngSendExecViolation(), IntLixCmdLineSendViolationEvent(), and IntWinSendCmdLineViolation().

◆ Victim

INTRO_PROCESS _EVENT_ENGINES_DETECTION_VIOLATION::Victim

The process that received the command line.

Definition at line 1888 of file intro_types.h.

The documentation for this struct was generated from the following file: