_EVENT_TRANSLATION_VIOLATION Struct Reference

Event structure for illegal paging-structures modifications. More...

#include <intro_types.h>

Data Fields
INTRO_VIOLATION_HEADER	Header
	The alert header. More...
struct {
INTRO_MODULE   Module
	The module that modified the translation. More...
INTRO_MODULE   ReturnModule
	The module to which the current code return to. More...
}	Originator
struct {
QWORD   VirtualAddress
	The Virtual Address whose translation is being modified. More...
}	Victim
INTRO_WRITE_INFO	WriteInfo
	The original and new address to which VirtualAddress translates. More...
TRANS_VIOLATION_TYPE	ViolationType

Detailed Description

Event structure for illegal paging-structures modifications.

Definition at line 1540 of file intro_types.h.

Field Documentation

Header

INTRO_VIOLATION_HEADER _EVENT_TRANSLATION_VIOLATION::Header

The alert header.

Definition at line 1542 of file intro_types.h.

Referenced by IntHookGvaEnableHooks(), IntHookPtsCheckIntegrity(), IntWinProcValidateSystemCr3(), and IntWinSelfMapHandleCr3SelfMapModification().

Module

INTRO_MODULE _EVENT_TRANSLATION_VIOLATION::Module

The module that modified the translation.

Definition at line 1546 of file intro_types.h.

Referenced by IntHookGvaEnableHooks(), IntHookPtsCheckIntegrity(), and IntWinSelfMapHandleCr3SelfMapModification().

Originator

struct { ... } _EVENT_TRANSLATION_VIOLATION::Originator

Referenced by IntHookGvaEnableHooks(), IntHookPtsCheckIntegrity(), and IntWinSelfMapHandleCr3SelfMapModification().

ReturnModule

INTRO_MODULE _EVENT_TRANSLATION_VIOLATION::ReturnModule

The module to which the current code return to.

Definition at line 1547 of file intro_types.h.

Referenced by IntHookGvaEnableHooks().

Victim

struct { ... } _EVENT_TRANSLATION_VIOLATION::Victim

Referenced by IntHookGvaEnableHooks(), IntHookPtsCheckIntegrity(), IntWinProcValidateSystemCr3(), and IntWinSelfMapHandleCr3SelfMapModification().

ViolationType

TRANS_VIOLATION_TYPE _EVENT_TRANSLATION_VIOLATION::ViolationType

Definition at line 1562 of file intro_types.h.

Referenced by IntHookGvaEnableHooks(), IntHookPtsCheckIntegrity(), IntWinProcValidateSystemCr3(), and IntWinSelfMapHandleCr3SelfMapModification().

VirtualAddress

QWORD _EVENT_TRANSLATION_VIOLATION::VirtualAddress

The Virtual Address whose translation is being modified.

Definition at line 1552 of file intro_types.h.

Referenced by IntHookGvaEnableHooks(), IntHookPtsCheckIntegrity(), IntWinProcValidateSystemCr3(), and IntWinSelfMapHandleCr3SelfMapModification().

WriteInfo

INTRO_WRITE_INFO _EVENT_TRANSLATION_VIOLATION::WriteInfo

The original and new address to which VirtualAddress translates.

If VirtualAddress is 0xFFFFFFFFFFFFFFFF, this indicates that an invalid Cr3 was loaded for the indicated process and WriteInfo.OldValue is the original Cr3 of the process and WriteInfo.NewValue is the new Cr3 of the process.

Definition at line 1560 of file intro_types.h.

Referenced by IntHookGvaEnableHooks(), IntHookPtsCheckIntegrity(), IntWinProcValidateSystemCr3(), and IntWinSelfMapHandleCr3SelfMapModification().

---

The documentation for this struct was generated from the following file:

• include/public/intro_types.h