Bitdefender Hypervisor Memory Introspection
|
Event structure for module loading and unloading. More...
#include <intro_types.h>
Data Fields | |
BOOLEAN | Loaded |
True if the module was loaded, False if it was unloaded. More... | |
BOOLEAN | Protected |
True if the module is protected. More... | |
BOOLEAN | UserMode |
True if this is a user mode module, False if it is a kernel mode module. More... | |
INTRO_PROCESS | CurrentProcess |
The currently active process. More... | |
INTRO_MODULE | Module |
The module for which this event was triggered. More... | |
Event structure for module loading and unloading.
User mode events are sent only when an alert is sent for a process, due to performance concerns. Sending one event for each user mode module load and unload when it happens may severely impact the guest.
Definition at line 1945 of file intro_types.h.
INTRO_PROCESS _EVENT_MODULE_EVENT::CurrentProcess |
The currently active process.
If UserMode is True, this is the process in which the module was loaded.
Definition at line 1957 of file intro_types.h.
Referenced by IntLixDrvSendEvent(), IntWinDrvSendEvent(), and IntWinProcSendDllEvent().
BOOLEAN _EVENT_MODULE_EVENT::Loaded |
True if the module was loaded, False if it was unloaded.
Definition at line 1948 of file intro_types.h.
Referenced by IntLixDrvSendEvent(), IntWinDrvSendEvent(), and IntWinProcSendDllEvent().
INTRO_MODULE _EVENT_MODULE_EVENT::Module |
The module for which this event was triggered.
Definition at line 1960 of file intro_types.h.
Referenced by IntLixDrvSendEvent(), IntWinDrvSendEvent(), and IntWinProcSendDllEvent().
BOOLEAN _EVENT_MODULE_EVENT::Protected |
True if the module is protected.
Definition at line 1950 of file intro_types.h.
Referenced by IntLixDrvSendEvent(), IntWinDrvSendEvent(), and IntWinProcSendDllEvent().
BOOLEAN _EVENT_MODULE_EVENT::UserMode |
True if this is a user mode module, False if it is a kernel mode module.
Definition at line 1952 of file intro_types.h.
Referenced by IntWinProcSendDllEvent().