Bitdefender Hypervisor Memory Introspection
Data Fields
_EVENT_MODULE_EVENT Struct Reference

Event structure for module loading and unloading. More...

#include <intro_types.h>

Data Fields

BOOLEAN Loaded
 True if the module was loaded, False if it was unloaded. More...
 
BOOLEAN Protected
 True if the module is protected. More...
 
BOOLEAN UserMode
 True if this is a user mode module, False if it is a kernel mode module. More...
 
INTRO_PROCESS CurrentProcess
 The currently active process. More...
 
INTRO_MODULE Module
 The module for which this event was triggered. More...
 

Detailed Description

Event structure for module loading and unloading.

User mode events are sent only when an alert is sent for a process, due to performance concerns. Sending one event for each user mode module load and unload when it happens may severely impact the guest.

Definition at line 1945 of file intro_types.h.

Field Documentation

◆ CurrentProcess

INTRO_PROCESS _EVENT_MODULE_EVENT::CurrentProcess

The currently active process.

If UserMode is True, this is the process in which the module was loaded.

Definition at line 1957 of file intro_types.h.

Referenced by IntLixDrvSendEvent(), IntWinDrvSendEvent(), and IntWinProcSendDllEvent().

◆ Loaded

BOOLEAN _EVENT_MODULE_EVENT::Loaded

True if the module was loaded, False if it was unloaded.

Definition at line 1948 of file intro_types.h.

Referenced by IntLixDrvSendEvent(), IntWinDrvSendEvent(), and IntWinProcSendDllEvent().

◆ Module

INTRO_MODULE _EVENT_MODULE_EVENT::Module

The module for which this event was triggered.

Definition at line 1960 of file intro_types.h.

Referenced by IntLixDrvSendEvent(), IntWinDrvSendEvent(), and IntWinProcSendDllEvent().

◆ Protected

BOOLEAN _EVENT_MODULE_EVENT::Protected

True if the module is protected.

Definition at line 1950 of file intro_types.h.

Referenced by IntLixDrvSendEvent(), IntWinDrvSendEvent(), and IntWinProcSendDllEvent().

◆ UserMode

BOOLEAN _EVENT_MODULE_EVENT::UserMode

True if this is a user mode module, False if it is a kernel mode module.

Definition at line 1952 of file intro_types.h.

Referenced by IntWinProcSendDllEvent().

The documentation for this struct was generated from the following file: