- Generated by
1.8.13
|
Bitdefender Hypervisor Memory Introspection
|
Describes the modified zone. More...
#include <exceptions.h>
Data Fields | |
| EXCEPTION_VICTIM_OBJECT | Object |
| The modified object. More... | |
| ZONE_TYPE | ZoneType |
| The type of the modified zone. More... | |
| QWORD | ZoneFlags |
| The flags of the modified zone. More... | |
| QWORD | ProtectionFlag |
| The protection flags of the modified zone. More... | |
| union { | |
| EXCEPTION_VICTIM_EPT Ept | |
| Valid if the modified zone is EPT. More... | |
| EXCEPTION_VICTIM_MSR Msr | |
| Valid if the modified zone is MSR. More... | |
| EXCEPTION_VICTIM_CR Cr | |
| Valid if the modified zone is CR. More... | |
| EXCEPTION_VICTIM_DTR Dtr | |
| Valid if the modified zone is DTR. More... | |
| EXCEPTION_VICTIM_INTEGRITY Integrity | |
| Valid if the modified zone is Integrity. More... | |
| EXCEPTION_VICTIM_INJECTION Injection | |
| Valid if the modified zone is Injection. More... | |
| }; | |
| union { | |
| struct { | |
| QWORD OldValue [8] | |
| The original value (maximum 512 bits in case of AVX2). More... | |
| QWORD NewValue [8] | |
| The new value written (maximum 512 bits in case of AVX2). More... | |
| DWORD AccessSize | |
| The actual size of the write. More... | |
| } WriteInfo | |
| struct { | |
| QWORD Value [8] | |
| The original value (maximum 512 bits in case of AVX2). More... | |
| DWORD AccessSize | |
| The actual size of the write. More... | |
| } ReadInfo | |
| struct { | |
| QWORD Rsp | |
| The value of the guest RSP register at the moment of execution. More... | |
| QWORD StackBase | |
| The stack base for the thread that attempted the execution. More... | |
| QWORD StackLimit | |
| The stack limit for the thread that attempted the execution. More... | |
| DWORD Length | |
| The length of the instruction. More... | |
| } ExecInfo | |
| }; | |
Describes the modified zone.
Definition at line 893 of file exceptions.h.
| union { ... } |
| union { ... } |
| DWORD _EXCEPTION_VICTIM_ZONE::AccessSize |
The actual size of the write.
Definition at line 919 of file exceptions.h.
| EXCEPTION_VICTIM_CR _EXCEPTION_VICTIM_ZONE::Cr |
Valid if the modified zone is CR.
Definition at line 906 of file exceptions.h.
| EXCEPTION_VICTIM_DTR _EXCEPTION_VICTIM_ZONE::Dtr |
Valid if the modified zone is DTR.
Definition at line 907 of file exceptions.h.
| EXCEPTION_VICTIM_EPT _EXCEPTION_VICTIM_ZONE::Ept |
Valid if the modified zone is EPT.
Definition at line 904 of file exceptions.h.
Referenced by IntVeHandleAccess(), and IntVeHandleEPTViolationInProtectedView().
| struct { ... } _EXCEPTION_VICTIM_ZONE::ExecInfo |
| EXCEPTION_VICTIM_INJECTION _EXCEPTION_VICTIM_ZONE::Injection |
Valid if the modified zone is Injection.
Definition at line 909 of file exceptions.h.
| EXCEPTION_VICTIM_INTEGRITY _EXCEPTION_VICTIM_ZONE::Integrity |
Valid if the modified zone is Integrity.
Definition at line 908 of file exceptions.h.
Referenced by IntWinDrvObjHandleModification(), IntWinIdtHandleModification(), IntWinInfHookIntegrityHandleWrite(), IntWinIntObjHandleModification(), IntWinSDCheckAclIntegrity(), IntWinSDCheckSecDescIntegrity(), and IntWinSudHandleFieldModification().
| DWORD _EXCEPTION_VICTIM_ZONE::Length |
The length of the instruction.
Definition at line 934 of file exceptions.h.
| EXCEPTION_VICTIM_MSR _EXCEPTION_VICTIM_ZONE::Msr |
Valid if the modified zone is MSR.
Definition at line 905 of file exceptions.h.
| QWORD _EXCEPTION_VICTIM_ZONE::NewValue[8] |
The new value written (maximum 512 bits in case of AVX2).
Definition at line 917 of file exceptions.h.
| EXCEPTION_VICTIM_OBJECT _EXCEPTION_VICTIM_ZONE::Object |
The modified object.
Definition at line 895 of file exceptions.h.
Referenced by IntLixKernelHandleRead(), IntLixVdsoHandleUserModeWrite(), IntWinDrvObjHandleModification(), IntWinInfHookIntegrityHandleWrite(), IntWinIntObjHandleModification(), IntWinProcHandleCopyMemory(), IntWinSDCheckAclIntegrity(), IntWinSDCheckSecDescIntegrity(), IntWinSudHandleFieldModification(), IntWinThrHandleQueueApc(), IntWinThrHandleThreadHijack(), and IntWinTokenPrivsCheckIntegrityOnProcess().
| QWORD _EXCEPTION_VICTIM_ZONE::OldValue[8] |
The original value (maximum 512 bits in case of AVX2).
Definition at line 916 of file exceptions.h.
| QWORD _EXCEPTION_VICTIM_ZONE::ProtectionFlag |
The protection flags of the modified zone.
Definition at line 900 of file exceptions.h.
| struct { ... } _EXCEPTION_VICTIM_ZONE::ReadInfo |
| QWORD _EXCEPTION_VICTIM_ZONE::Rsp |
The value of the guest RSP register at the moment of execution.
Definition at line 931 of file exceptions.h.
| QWORD _EXCEPTION_VICTIM_ZONE::StackBase |
The stack base for the thread that attempted the execution.
Definition at line 932 of file exceptions.h.
| QWORD _EXCEPTION_VICTIM_ZONE::StackLimit |
The stack limit for the thread that attempted the execution.
Definition at line 933 of file exceptions.h.
| QWORD _EXCEPTION_VICTIM_ZONE::Value[8] |
The original value (maximum 512 bits in case of AVX2).
Definition at line 924 of file exceptions.h.
| struct { ... } _EXCEPTION_VICTIM_ZONE::WriteInfo |
Referenced by IntWinDrvObjHandleModification(), IntWinIdtHandleModification(), IntWinInfHookIntegrityHandleWrite(), IntWinIntObjHandleModification(), IntWinSDCheckAclIntegrity(), IntWinSDCheckSecDescIntegrity(), IntWinSelfMapHandleCr3SelfMapWrite(), IntWinSudHandleFieldModification(), and IntWinTokenPrivsCheckIntegrityOnProcess().
| QWORD _EXCEPTION_VICTIM_ZONE::ZoneFlags |
The flags of the modified zone.
Definition at line 898 of file exceptions.h.
Referenced by IntWinInfHookIntegrityHandleWrite(), IntWinIntObjHandleModification(), IntWinSDCheckAclIntegrity(), IntWinSDCheckSecDescIntegrity(), IntWinSudHandleFieldModification(), and IntWinTokenPrivsCheckIntegrityOnProcess().
| ZONE_TYPE _EXCEPTION_VICTIM_ZONE::ZoneType |
The type of the modified zone.
Definition at line 897 of file exceptions.h.
Referenced by IntWinInfHookIntegrityHandleWrite(), IntWinIntObjHandleModification(), IntWinSDCheckAclIntegrity(), IntWinSDCheckSecDescIntegrity(), IntWinSudHandleFieldModification(), and IntWinTokenPrivsCheckIntegrityOnProcess().
1.8.13