- Generated by
1.8.13
|
Bitdefender Hypervisor Memory Introspection
|
Describes a victim object. More...
#include <exceptions.h>
Data Fields | |
| INTRO_OBJECT_TYPE | Type |
| The type of the modified object. More... | |
| DWORD | NameHash |
| The hash of the modified object. More... | |
| union { | |
| char * Name | |
| The modified process name. More... | |
| WCHAR * NameWide | |
| The modified module name. More... | |
| }; | |
| QWORD | BaseAddress |
| Depending on INTRO_OBJECT_TYPE we have: CR3 for processes / ModuleBase for km drivers and um dll. More... | |
| union { | |
| union { | |
| EXCEPTION_VICTIM_MODULE Module | |
| Used when a module is modified. More... | |
| WIN_DRIVER_OBJECT * DriverObject | |
| Used when a driver object / fastio dispatch table is modified. More... | |
| } | |
| struct { | |
| VAD * Vad | |
| The internal structure of the modified VAD. More... | |
| EXCEPTION_VICTIM_MODULE Library | |
| The victim module of the modified library. More... | |
| union { | |
| void * Process | |
| The internal structure of the modified process. More... | |
| WIN_PROCESS_OBJECT * WinProc | |
| The internal structure of the modified Windows process. More... | |
| LIX_TASK_OBJECT * LixProc | |
| The internal structure of the modified Linux process. More... | |
| } | |
| } | |
| }; | |
Describes a victim object.
Definition at line 850 of file exceptions.h.
| union { ... } |
| union { ... } |
| QWORD _EXCEPTION_VICTIM_OBJECT::BaseAddress |
Depending on INTRO_OBJECT_TYPE we have: CR3 for processes / ModuleBase for km drivers and um dll.
Definition at line 863 of file exceptions.h.
Referenced by IntWinSudHandleFieldModification().
| WIN_DRIVER_OBJECT* _EXCEPTION_VICTIM_OBJECT::DriverObject |
Used when a driver object / fastio dispatch table is modified.
Definition at line 870 of file exceptions.h.
Referenced by IntWinDrvObjHandleModification().
| EXCEPTION_VICTIM_MODULE _EXCEPTION_VICTIM_OBJECT::Library |
The victim module of the modified library.
Definition at line 877 of file exceptions.h.
Referenced by IntWinProcHandleCopyMemory(), IntWinThrHandleQueueApc(), and IntWinThrHandleThreadHijack().
| LIX_TASK_OBJECT* _EXCEPTION_VICTIM_OBJECT::LixProc |
The internal structure of the modified Linux process.
Definition at line 883 of file exceptions.h.
| EXCEPTION_VICTIM_MODULE _EXCEPTION_VICTIM_OBJECT::Module |
Used when a module is modified.
Definition at line 869 of file exceptions.h.
Referenced by IntLixKernelHandleRead().
| char* _EXCEPTION_VICTIM_OBJECT::Name |
The modified process name.
Definition at line 858 of file exceptions.h.
Referenced by IntWinSudHandleFieldModification().
| DWORD _EXCEPTION_VICTIM_OBJECT::NameHash |
The hash of the modified object.
Definition at line 854 of file exceptions.h.
Referenced by IntLixVdsoHandleUserModeWrite(), IntWinSDCheckAclIntegrity(), IntWinSDCheckSecDescIntegrity(), IntWinSudHandleFieldModification(), and IntWinTokenPrivsCheckIntegrityOnProcess().
| WCHAR* _EXCEPTION_VICTIM_OBJECT::NameWide |
The modified module name.
Definition at line 859 of file exceptions.h.
| void* _EXCEPTION_VICTIM_OBJECT::Process |
The internal structure of the modified process.
Definition at line 881 of file exceptions.h.
Referenced by IntWinSDCheckAclIntegrity(), IntWinSDCheckSecDescIntegrity(), and IntWinTokenPrivsCheckIntegrityOnProcess().
| INTRO_OBJECT_TYPE _EXCEPTION_VICTIM_OBJECT::Type |
The type of the modified object.
Definition at line 852 of file exceptions.h.
Referenced by IntLixVdsoHandleUserModeWrite(), IntWinInfHookIntegrityHandleWrite(), IntWinIntObjHandleModification(), IntWinSDCheckAclIntegrity(), IntWinSDCheckSecDescIntegrity(), IntWinSudHandleFieldModification(), and IntWinTokenPrivsCheckIntegrityOnProcess().
| VAD* _EXCEPTION_VICTIM_OBJECT::Vad |
The internal structure of the modified VAD.
Definition at line 876 of file exceptions.h.
Referenced by IntWinProcHandleCopyMemory().
| WIN_PROCESS_OBJECT* _EXCEPTION_VICTIM_OBJECT::WinProc |
The internal structure of the modified Windows process.
Definition at line 882 of file exceptions.h.
1.8.13