Bitdefender Hypervisor Memory Introspection
Data Fields
_INTRO_CPUCTX Struct Reference

Holds the CPU context for an event. More...

#include <intro_types.h>

Data Fields

BOOLEAN Valid
 Set to True if the information in the structure is valid, False otherwise. More...
 
DWORD Cpu
 
QWORD Rip
 The value of the guest RIP register when the event was generated. More...
 
QWORD Cr3
 The value of the guest CR3 register when the event was generated. More...
 
CHAR Instruction [ALERT_MAX_INSTRUX_LEN]
 The instruction found at RIP, in textual form. More...
 

Detailed Description

Holds the CPU context for an event.

Since certain operations that fill the fields in this structure may fail, the Valid field should be checked before using any information present in the structure.

Definition at line 962 of file intro_types.h.

Field Documentation

◆ Cpu

DWORD _INTRO_CPUCTX::Cpu

The VCPU number.

Definition at line 966 of file intro_types.h.

Referenced by IntWinCrashHandleDepViolation(), and IntWinModPolyHandler().

◆ Cr3

QWORD _INTRO_CPUCTX::Cr3

The value of the guest CR3 register when the event was generated.

Definition at line 970 of file intro_types.h.

Referenced by IntCrSendAlert(), IntDtrSendAlert(), IntWinCrashHandleDepViolation(), IntWinDpiSendProcessCreationViolation(), IntWinDrvObjSendIntegrityAlert(), IntWinHalSendPerfCntIntegrityAlert(), IntWinInfHookIntegritySendAlert(), IntWinModHandleKernelWrite(), IntWinModHandleUserWrite(), IntWinModPolyHandler(), IntWinMsrSendAlert(), IntWinProcHandleCopyMemory(), IntWinThrHandleQueueApc(), and IntWinThrHandleThreadHijack().

◆ Instruction

CHAR _INTRO_CPUCTX::Instruction[ALERT_MAX_INSTRUX_LEN]

The instruction found at RIP, in textual form.

Definition at line 971 of file intro_types.h.

Referenced by IntWinModPolyHandler().

◆ Rip

QWORD _INTRO_CPUCTX::Rip

The value of the guest RIP register when the event was generated.

Definition at line 968 of file intro_types.h.

Referenced by IntHookGvaEnableHooks(), IntHookPtsCheckIntegrity(), IntWinCrashHandleDepViolation(), and IntWinModPolyHandler().

◆ Valid

BOOLEAN _INTRO_CPUCTX::Valid

Set to True if the information in the structure is valid, False otherwise.

Definition at line 965 of file intro_types.h.

Referenced by IntDetSendIntegrityAlert(), IntLixTaskSendCredViolationEvent(), IntSlackSendIntegrityAlert(), IntWinCrashHandleDepViolation(), IntWinDrvObjSendIntegrityAlert(), IntWinHalHandleDispatchTableWrite(), IntWinHalSendPerfCntIntegrityAlert(), IntWinIdtSendIntegrityAlert(), IntWinInfHookIntegritySendAlert(), IntWinIntObjSendIntegrityAlert(), IntWinProcValidateSystemCr3(), IntWinSDSendAclIntegrityViolation(), IntWinSDSendSecDescIntViolation(), IntWinSelfMapHandleCr3SelfMapModification(), IntWinSudSendSudIntegrityAlert(), IntWinTokenPrivsSendIntegrityAlert(), and IntWinTokenPtrCheckIntegrityOnProcess().

The documentation for this struct was generated from the following file: