- Generated by
1.8.13
|
Bitdefender Hypervisor Memory Introspection
|
#include <hook_pts.h>
Data Fields | |
| HOOK_HEADER | Header |
| Hook header - must be present for every hook. More... | |
| PHOOK_PTM | PtPaHook |
| QWORD | PtPaAddress |
| Physical address of the PT/PD/PDP/PML4/PML5 entry associated to this particular page. More... | |
| BOOLEAN | PtPaHookSet |
| True if a hook is placed on the PT entry. More... | |
| BOOLEAN | IsLeaf |
| BOOLEAN | IsValid |
| This referrers to the entry contained by this PTE. If true, it points to a valid table. More... | |
| BOOLEAN | IsPs |
| True if this entry is a page size extension, and points to a 2M/4M/1G page. More... | |
| BYTE | EntrySize |
| 4 (32 bit paging) or 8 (PAE or 64 bit paging) More... | |
| BYTE | Level |
| Page table level (1 - PT, 5 - PML5) More... | |
| HOOK_PTEWS | WriteState |
| Write state. More... | |
| LIST_ENTRY | Link |
| Link inside the containing list. More... | |
| LIST_HEAD | ChildrenEntries |
| Children entries. Will be empty for leafs. Each entry is a HOOK_PTS_ENTRY. More... | |
| LIST_HEAD | ContextEntries |
| The actual contexts. Each context will be a HOOK_PTS structure. More... | |
| DWORD | RefCount |
| Number of references. More... | |
| WORD | EntryOffset |
| Entry offset inside the monitored page-table. More... | |
Describes one page table entry hook. Please note that "Page Table" is being generically referred to, as it may be any level page table (PT, PD, PDP, PML4, PML5). Each monitored page-table entry will have exactly one such structure attached. If multiple virtual addresses which translate through this entry are monitored, the ref count will simply be incremented accordingly.
Definition at line 57 of file hook_pts.h.
| LIST_HEAD _HOOK_PTS_ENTRY::ChildrenEntries |
Children entries. Will be empty for leafs. Each entry is a HOOK_PTS_ENTRY.
Definition at line 72 of file hook_pts.h.
Referenced by IntHookPtsCreateEntry(), and IntHookPtsSetHook().
| LIST_HEAD _HOOK_PTS_ENTRY::ContextEntries |
The actual contexts. Each context will be a HOOK_PTS structure.
Definition at line 73 of file hook_pts.h.
Referenced by IntHookPtsCreateEntry(), IntHookPtsHandleModification(), and IntHookPtsSetHook().
| WORD _HOOK_PTS_ENTRY::EntryOffset |
Entry offset inside the monitored page-table.
Definition at line 75 of file hook_pts.h.
Referenced by IntHookPtsCreateEntry(), and IntHookPtsHandleModification().
| BYTE _HOOK_PTS_ENTRY::EntrySize |
4 (32 bit paging) or 8 (PAE or 64 bit paging)
Definition at line 68 of file hook_pts.h.
Referenced by IntHookPtsCreateEntry(), IntHookPtsHandleModification(), and IntHookPtsWriteCallback().
| HOOK_HEADER _HOOK_PTS_ENTRY::Header |
Hook header - must be present for every hook.
Definition at line 59 of file hook_pts.h.
Referenced by IntHookPtsCleanupList(), IntHookPtsCreateEntry(), IntHookPtsRemoveHookInternal(), and IntHookPtsWriteCallback().
| BOOLEAN _HOOK_PTS_ENTRY::IsLeaf |
True if this is the last level of translation.
Definition at line 64 of file hook_pts.h.
Referenced by IntHookPtsCreateEntry(), and IntHookPtsSetHook().
| BOOLEAN _HOOK_PTS_ENTRY::IsPs |
True if this entry is a page size extension, and points to a 2M/4M/1G page.
Definition at line 67 of file hook_pts.h.
Referenced by IntHookPtsCreateEntry().
| BOOLEAN _HOOK_PTS_ENTRY::IsValid |
This referrers to the entry contained by this PTE. If true, it points to a valid table.
Definition at line 66 of file hook_pts.h.
Referenced by IntHookPtsCreateEntry().
| BYTE _HOOK_PTS_ENTRY::Level |
Page table level (1 - PT, 5 - PML5)
Definition at line 69 of file hook_pts.h.
Referenced by IntHookPtsCreateEntry().
| LIST_ENTRY _HOOK_PTS_ENTRY::Link |
Link inside the containing list.
Definition at line 71 of file hook_pts.h.
Referenced by IntHookPtsCreateEntry(), and IntHookPtsSetHook().
| QWORD _HOOK_PTS_ENTRY::PtPaAddress |
Physical address of the PT/PD/PDP/PML4/PML5 entry associated to this particular page.
Definition at line 62 of file hook_pts.h.
Referenced by IntHookPtsCreateEntry(), IntHookPtsDump(), IntHookPtsFindEntry(), and IntHookPtsSetHook().
| PHOOK_PTM _HOOK_PTS_ENTRY::PtPaHook |
The PA hook on the PT/PD/PDP/PML4/PML5 entry.
Definition at line 60 of file hook_pts.h.
Referenced by IntHookPtsCreateEntry().
| BOOLEAN _HOOK_PTS_ENTRY::PtPaHookSet |
True if a hook is placed on the PT entry.
Definition at line 63 of file hook_pts.h.
Referenced by IntHookPtsCreateEntry().
| DWORD _HOOK_PTS_ENTRY::RefCount |
Number of references.
Definition at line 74 of file hook_pts.h.
Referenced by IntHookPtsCreateEntry(), IntHookPtsDump(), IntHookPtsHandleModification(), IntHookPtsRemoveHookInternal(), and IntHookPtsSetHook().
| HOOK_PTEWS _HOOK_PTS_ENTRY::WriteState |
Write state.
Definition at line 70 of file hook_pts.h.
Referenced by IntHookPtsCloneCallbacks(), IntHookPtsCreateEntry(), IntHookPtsHandleModification(), IntHookPtsSetHook(), IntHookPtsWriteCallback(), and IntValidateTranslation().
1.8.13