- Generated by
1.8.13
|
Bitdefender Hypervisor Memory Introspection
|
Holds register state. More...
#include <glueiface.h>
Data Fields | |
| QWORD | Rax |
| QWORD | Rcx |
| QWORD | Rdx |
| QWORD | Rbx |
| QWORD | Rsp |
| QWORD | Rbp |
| QWORD | Rsi |
| QWORD | Rdi |
| QWORD | R8 |
| QWORD | R9 |
| QWORD | R10 |
| QWORD | R11 |
| QWORD | R12 |
| QWORD | R13 |
| QWORD | R14 |
| QWORD | R15 |
| QWORD | Cr2 |
| QWORD | Flags |
| QWORD | Dr7 |
| QWORD | Rip |
| QWORD | Cr0 |
| QWORD | Cr4 |
| QWORD | Cr3 |
| QWORD | Cr8 |
| QWORD | IdtBase |
| QWORD | IdtLimit |
| QWORD | GdtBase |
| QWORD | GdtLimit |
Holds register state.
Definition at line 30 of file glueiface.h.
| QWORD _IG_ARCH_REGS::Cr0 |
Definition at line 52 of file glueiface.h.
Referenced by IntCr0Read(), IntGuestGetPagingMode(), IntGuestHandleCr3Write(), IntGuestInitMemoryInfo(), IntLogGuestRegisters(), IntTranslateVirtualAddressEx(), and IntWinHalHandleHalHeapExec().
| QWORD _IG_ARCH_REGS::Cr2 |
Definition at line 48 of file glueiface.h.
Referenced by IntLogGuestRegisters().
| QWORD _IG_ARCH_REGS::Cr3 |
Definition at line 54 of file glueiface.h.
Referenced by DbgLogCurrentProcess(), IntAlertEptFillFromVictimZone(), IntAlertFillCpuContext(), IntAlertFillExecContext(), IntCr3Read(), IntDecEmulateRead(), IntDispatchVeAsEpt(), IntExceptUserLogInformation(), IntExceptVerifyCodeBlocksSig(), IntExceptVerifyValueCodeSig(), IntGetGprs(), IntGuestHandleCr3Write(), IntHandleCowOnPage(), IntHandleDtrViolation(), IntHandleEptViolation(), IntHandleFetchRetryOnPageBoundary(), IntHookPtwEmulateWrite(), IntLixAgentHandleUserVmcall(), IntLixIdtWriteHandler(), IntLixVdsoHandleWriteCommon(), IntLixVmaHandlePageExecution(), IntLogGuestRegisters(), IntLogProcessInfo(), IntMemClkHandleRead(), IntPtiRemoveInstruction(), IntSerializeRipCode(), IntThrSafeInspectRunningThreads(), IntValidatePageRights(), IntValidatePageRightsEx(), IntVeHandleAccess(), IntVeHandleEPTViolationInProtectedView(), IntWinAgentHandleVmcall(), IntWinCrashHandleDepViolation(), IntWinDpiValidateHeapSpray(), IntWinDpiValidateThreadStart(), IntWinDrvObjSendEptAlert(), IntWinDrvSendAlert(), IntWinHalSendAlert(), IntWinIdtWriteHandler(), IntWinInfHookEptSppSendAlert(), IntWinLogVAInfo(), IntWinModBlockHandleExecution(), IntWinModHandleKernelWrite(), IntWinModHandleUserWrite(), IntWinProcHandleCopyMemory(), IntWinProcHandleCreateInternal(), IntWinProcHandleInstrument(), IntWinSelfMapHandleCr3SelfMapWrite(), IntWinSetUmExceptionEvent(), IntWinStackHandleUserStackPagedOut(), IntWinStackUserCheckIsPivoted(), IntWinSudHandleSudExec(), IntWinSudHandleUserSudExec(), IntWinSudSendSudExecAlert(), IntWinThrGetCurrentStackBaseAndLimit(), IntWinTokenPrivsSendEptAlert(), IntWinVadHandleCommit(), IntWinVadHandleDeleteVaRange(), IntWinVadHandleFinishVadDeletion(), IntWinVadHandleInsertMap(), IntWinVadHandleInsertPrivate(), IntWinVadHandlePageExecution(), and IntWinVadIsExecSuspicious().
| QWORD _IG_ARCH_REGS::Cr4 |
Definition at line 53 of file glueiface.h.
Referenced by IntCr4Read(), IntGuestGetPagingMode(), IntGuestHandleCr3Write(), IntGuestInitMemoryInfo(), and IntLogGuestRegisters().
| QWORD _IG_ARCH_REGS::Cr8 |
Definition at line 55 of file glueiface.h.
Referenced by IntCr8Read(), and IntLogGuestRegisters().
| QWORD _IG_ARCH_REGS::Dr7 |
Definition at line 50 of file glueiface.h.
Referenced by IntLogGuestRegisters().
| QWORD _IG_ARCH_REGS::Flags |
Definition at line 49 of file glueiface.h.
Referenced by IntDecEmulatePTWrite(), IntDispatchVeAsEpt(), IntLogGuestRegisters(), IntRtlpVirtualUnwindCheckAccess(), and IntVeDumpVeInfoPage().
| QWORD _IG_ARCH_REGS::GdtBase |
Definition at line 58 of file glueiface.h.
Referenced by IntGdtFindBase(), and IntLogGuestRegisters().
| QWORD _IG_ARCH_REGS::GdtLimit |
Definition at line 59 of file glueiface.h.
Referenced by IntGdtFindBase(), and IntLogGuestRegisters().
| QWORD _IG_ARCH_REGS::IdtBase |
Definition at line 56 of file glueiface.h.
Referenced by IntIdtFindBase(), and IntLogGuestRegisters().
| QWORD _IG_ARCH_REGS::IdtLimit |
Definition at line 57 of file glueiface.h.
Referenced by IntIdtFindBase(), and IntLogGuestRegisters().
| QWORD _IG_ARCH_REGS::R10 |
Definition at line 42 of file glueiface.h.
Referenced by IntDispatchPtAsEpt(), IntDispatchVeAsEpt(), IntLixAccessRemoteVmHandler(), IntLixPatchHandler(), IntLixTaskHandleExec(), IntLixVmaAdjust(), and store_regs().
| QWORD _IG_ARCH_REGS::R11 |
Definition at line 43 of file glueiface.h.
Referenced by IntDispatchPtAsEpt(), IntDispatchVeAsEpt(), IntLixAccessRemoteVmHandler(), IntLixVmaAdjust(), and store_regs().
| QWORD _IG_ARCH_REGS::R12 |
Definition at line 44 of file glueiface.h.
Referenced by IntDispatchVeAsEpt(), and store_regs().
| QWORD _IG_ARCH_REGS::R13 |
Definition at line 45 of file glueiface.h.
Referenced by IntDispatchVeAsEpt(), and store_regs().
| QWORD _IG_ARCH_REGS::R14 |
Definition at line 46 of file glueiface.h.
Referenced by IntDispatchVeAsEpt(), and store_regs().
| QWORD _IG_ARCH_REGS::R15 |
Definition at line 47 of file glueiface.h.
Referenced by IntDispatchVeAsEpt(), IntLixAgentError(), and store_regs().
| QWORD _IG_ARCH_REGS::R8 |
Definition at line 40 of file glueiface.h.
Referenced by IntDispatchPtAsEpt(), IntDispatchVeAsEpt(), IntDriverLoadHandler(), IntDriverUnloadHandler(), IntHandleIntroCall(), IntLixAccessRemoteVmHandler(), IntLixAgentCreateThreadHypercall(), IntLixAgentError(), IntLixAgentThreadError(), IntLixCommitCredsHandle(), IntLixCrashHandle(), IntLixDepDeployFileHypercall(), IntLixGuestAllocateFill(), IntLixJumpLabelHandler(), IntLixPatchHandler(), IntLixTaskHandleDoExit(), IntLixTaskHandleExec(), IntLixTaskHandlePtrace(), IntLixVmaAdjust(), IntLixVmaChangeProtection(), IntLixVmaExpandDownwards(), IntLixVmaInsert(), IntLixVmaRemove(), IntWinBcHandleBugCheck(), IntWinModBlockHandleExecution(), and store_regs().
| QWORD _IG_ARCH_REGS::R9 |
Definition at line 41 of file glueiface.h.
Referenced by IntDispatchPtAsEpt(), IntDispatchVeAsEpt(), IntHandleIntroCall(), IntLixAccessRemoteVmHandler(), IntLixAgentError(), IntLixAgentThreadError(), IntLixCommitCredsHandle(), IntLixCrashHandle(), IntLixGuestAllocateFill(), IntLixPatchHandler(), IntLixTaskHandleDoExit(), IntLixTaskHandleExec(), IntLixTaskHandleFork(), IntLixTaskHandlePtrace(), IntLixTaskHandleVmRw(), IntLixVmaAdjust(), IntLixVmaChangeProtection(), IntLixVmaExpandDownwards(), IntLixVmaInsert(), IntLixVmaRemove(), IntWinBcHandleBugCheck(), and store_regs().
| QWORD _IG_ARCH_REGS::Rax |
Definition at line 32 of file glueiface.h.
Referenced by IntDecEmulatePTWrite(), IntDispatchVeAsEpt(), IntHandleXcrWrite(), IntLixAgentCreateThreadCompletion(), IntLixAgentCreateThreadHypercall(), IntLixAgentHandleBreakpoint(), IntLixAgentThreadHandleBreakpoint(), IntLixDepDeployFileHypercall(), IntPtiInspectInstruction(), IntWinAgentHandleVmcall(), IntWinModBlockHandleExecution(), IntWinThrHandleThreadHijack(), and store_regs().
| QWORD _IG_ARCH_REGS::Rbp |
Definition at line 37 of file glueiface.h.
Referenced by IntDispatchVeAsEpt(), IntExceptWinKernelGetOriginator(), IntRtlpVirtualUnwindCheckAccess(), IntWinModFillInjectionData(), and store_regs().
| QWORD _IG_ARCH_REGS::Rbx |
Definition at line 35 of file glueiface.h.
Referenced by IntDecEmulatePTWrite(), IntDetCallCallback(), IntDispatchVeAsEpt(), IntLixAgentHandleUserVmcall(), IntVeHandleHypercall(), IntWinAgentHandleVmcall(), and store_regs().
| QWORD _IG_ARCH_REGS::Rcx |
Definition at line 33 of file glueiface.h.
Referenced by IntDecEmulatePTWrite(), IntDispatchVeAsEpt(), IntHandleEptViolation(), IntHandleXcrWrite(), IntHookPtwEmulateWrite(), IntLixAgentHandleUserVmcall(), IntLixDrvIsLegitimateTextPoke(), IntRtlpVirtualUnwindCheckAccess(), IntVeHandleHypercall(), IntWinAgentHandleVmcall(), IntWinBcHandleBugCheck(), IntWinDrvHandleDriverEntry(), IntWinHandleException(), IntWinModBlockHandleExecution(), IntWinPowGetRequestedPowerState(), and store_regs().
| QWORD _IG_ARCH_REGS::Rdi |
Definition at line 39 of file glueiface.h.
Referenced by IntDispatchVeAsEpt(), IntDriverLoadHandler(), IntDriverUnloadHandler(), and store_regs().
| QWORD _IG_ARCH_REGS::Rdx |
Definition at line 34 of file glueiface.h.
Referenced by IntDecEmulatePTWrite(), IntDispatchVeAsEpt(), IntHandleXcrWrite(), IntHookPtwEmulateWrite(), IntLixAgentHandleUserVmcall(), IntVeHandleHypercall(), IntWinAgentHandleVmcall(), IntWinBcHandleBugCheck(), IntWinModBlockHandleExecution(), IntWinPowGetRequestedPowerState(), and store_regs().
| QWORD _IG_ARCH_REGS::Rip |
Definition at line 51 of file glueiface.h.
Referenced by IntAlertFillCpuContext(), IntAlertFillExecContext(), IntCrLixHandleWrite(), IntDecEmulateInstruction(), IntDecEmulatePTWrite(), IntDecEmulateRead(), IntDetCallCallback(), IntDispatchVeAsEpt(), IntExceptGetVictimEpt(), IntExceptKernelGetOriginator(), IntExceptLixKernelGetOriginator(), IntExceptUserGetExecOriginator(), IntExceptWinKernelGetOriginator(), IntGuestHandleCr3Write(), IntGuestUninitOnBugcheck(), IntHandleBreakpoint(), IntHandleDtrViolation(), IntHandleEptViolation(), IntHandleFetchRetryOnPageBoundary(), IntHandleIntroCall(), IntHandleMemAccess(), IntHookPtwEmulateWrite(), IntHookPtwProcessWrite(), IntLixAgentExit(), IntLixAgentHandleKernelVmcall(), IntLixAgentStart(), IntLixDrvIsLegitimateTextPoke(), IntLixGuestAgentContentHandler(), IntLixGuestDetourDataHandler(), IntLixKernelHandleRead(), IntLixUnpatchSwapgs(), IntLixVdsoHandleUserModeWrite(), IntLixVdsoHandleWrite(), IntLixVdsoHandleWriteCommon(), IntLixVmaHandlePageExecution(), IntMemClkHandleRead(), IntMtblCheckAccess(), IntMtblPatchInstruction(), IntPtiHandleExecute(), IntPtiHandleInt3(), IntPtiHandleWrite(), IntRipRead(), IntRtlpVirtualUnwindCheckAccess(), IntSerializeRipCode(), IntThrSafeInspectRunningThreads(), IntValidatePageRights(), IntValidatePageRightsEx(), IntVasPageTableWriteCallback(), IntVeDumpVeInfoPage(), IntVeHandleAccess(), IntVeHandleEPTViolationInProtectedView(), IntVeIsCurrentRipInAgent(), IntWinAgentActivatePendingAgent(), IntWinAgentHandleInt3(), IntWinAgentHandleVmcall(), IntWinCrashHandleDepViolation(), IntWinDagentSendDoubleAgentAlert(), IntWinDpiValidateHeapSpray(), IntWinDpiValidateThreadStart(), IntWinDrvHandleDriverEntry(), IntWinDrvHandleRead(), IntWinHalHandleHalHeapExec(), IntWinInfHookEptSppHandleWrite(), IntWinInfHookSppViolationCallbackWmiPtrChanged(), IntWinModBlockHandleExecution(), IntWinModHandleUserWrite(), IntWinModHandleWrite(), IntWinProcHandleCreate(), IntWinSelfMapHandleCr3SelfMapWrite(), IntWinSudHandleKernelSudExec(), IntWinSudHandleSudExec(), IntWinSudHandleUserSudExec(), IntWinSudSendSudExecAlert(), IntWinVadHandlePageExecution(), and IntWinVadIsExecSuspicious().
| QWORD _IG_ARCH_REGS::Rsi |
Definition at line 38 of file glueiface.h.
Referenced by IntDispatchVeAsEpt(), IntLixDrvIsLegitimateTextPoke(), and store_regs().
| QWORD _IG_ARCH_REGS::Rsp |
Definition at line 36 of file glueiface.h.
Referenced by IntDetGetArgumentInternal(), IntDetGetArguments(), IntDetPatchArgument(), IntDispatchVeAsEpt(), IntExceptGetVictimEpt(), IntExceptWinKernelGetOriginator(), IntLixDumpStacktrace(), IntLixGuestInitAgentCompletion(), IntLixVmaHandlePageExecution(), IntLogStackTrace(), IntPtiRemoveInstruction(), IntWinBcHandleBugCheck(), IntWinCrashHandleDepViolation(), IntWinDpiValidateHeapSpray(), IntWinDpiValidateThreadStart(), IntWinDrvHandleDriverEntry(), IntWinModBlockHandleExecution(), IntWinPowGetRequestedPowerState(), IntWinStackHandleUserStackPagedOut(), IntWinSudSendSudExecAlert(), IntWinVadIsExecSuspicious(), and store_regs().
1.8.13