- Generated by
1.8.13
|
Bitdefender Hypervisor Memory Introspection
|
#include <hook_gva.h>
Data Fields | |
| HOOK_HEADER | Header |
| The hook header. More... | |
| LIST_ENTRY | Link |
| List entry element. More... | |
| union { | |
| PFUNC_EptViolationCallback Access | |
| The read/write/execute access callback. Valid if Type != IG_EPT_HOOK_NONE. More... | |
| PFUNC_SwapCallback Swap | |
| The swap callback. Valid if Type == IG_EPT_HOOK_NONE. More... | |
| } | Callback |
| PHOOK_GPA | GpaHook |
| The actual guest physical page hook. Valid as long as the page is mapped. More... | |
| PHOOK_PTS | PtsHook |
| The page tables hook. More... | |
| QWORD | GvaPage |
| Guest virtual page base address, aligned to 4K. More... | |
| WORD | Offset |
| Offset inside the 4K page, interval [0, 4095]. More... | |
| WORD | Length |
| DWORD | Hash |
| Hash computed on the content of the page. Valid only if IsIntegrityOn is true. More... | |
| BOOLEAN | IsIntegrityOn |
| True if integrity checks are enabled for this page. Integrity checks are enabled if the this is a write hook on a kernel page. More... | |
| BOOLEAN | IsPageWritable |
| True if the page is writable, false otherwise. More... | |
This structures describes a hooked guest virtual page. Page-table interception and guest physical page hooks are handled internally.
Definition at line 18 of file hook_gva.h.
| PFUNC_EptViolationCallback _HOOK_GVA::Access |
The read/write/execute access callback. Valid if Type != IG_EPT_HOOK_NONE.
Definition at line 25 of file hook_gva.h.
Referenced by IntHookGvaSetHook().
| union { ... } _HOOK_GVA::Callback |
Referenced by IntHookGvaSetHook().
| PHOOK_GPA _HOOK_GVA::GpaHook |
The actual guest physical page hook. Valid as long as the page is mapped.
Definition at line 30 of file hook_gva.h.
Referenced by DbgDumpHooksGva().
| QWORD _HOOK_GVA::GvaPage |
Guest virtual page base address, aligned to 4K.
Definition at line 32 of file hook_gva.h.
Referenced by DbgDumpHooksGva(), IntHookGetGlaFromGpaHook(), IntHookGvaCommitHooks(), IntHookGvaSetHook(), IntLixDrvHandleWrite(), IntLixDrvSendViolationEvent(), IntLixKernelHandleRead(), IntValidateTranslation(), and IntWinDrvObjHandleWrite().
| DWORD _HOOK_GVA::Hash |
Hash computed on the content of the page. Valid only if IsIntegrityOn is true.
Definition at line 36 of file hook_gva.h.
| HOOK_HEADER _HOOK_GVA::Header |
The hook header.
Definition at line 20 of file hook_gva.h.
Referenced by DbgDumpHooksGva(), IntHookGetGlaFromGpaHook(), IntHookGvaCommitHooks(), IntHookGvaSetHook(), IntMemClkHandleRead(), and IntWinDrvObjHandleWrite().
| BOOLEAN _HOOK_GVA::IsIntegrityOn |
True if integrity checks are enabled for this page. Integrity checks are enabled if the this is a write hook on a kernel page.
Definition at line 39 of file hook_gva.h.
Referenced by DbgDumpHooksGva(), and IntHookGvaSetHook().
| BOOLEAN _HOOK_GVA::IsPageWritable |
True if the page is writable, false otherwise.
Definition at line 40 of file hook_gva.h.
Referenced by DbgDumpHooksGva(), and IntHookGvaSetHook().
| WORD _HOOK_GVA::Length |
Length of the hook, interval [1, 4096].
Definition at line 34 of file hook_gva.h.
Referenced by DbgDumpHooksGva(), and IntHookGvaSetHook().
| LIST_ENTRY _HOOK_GVA::Link |
| WORD _HOOK_GVA::Offset |
Offset inside the 4K page, interval [0, 4095].
Definition at line 33 of file hook_gva.h.
Referenced by DbgDumpHooksGva(), and IntHookGvaSetHook().
| PHOOK_PTS _HOOK_GVA::PtsHook |
The page tables hook.
Definition at line 31 of file hook_gva.h.
Referenced by IntHookGvaSetHook(), and IntValidateTranslation().
| PFUNC_SwapCallback _HOOK_GVA::Swap |
The swap callback. Valid if Type == IG_EPT_HOOK_NONE.
Definition at line 26 of file hook_gva.h.
Referenced by IntHookGvaSetHook().
1.8.13