- Generated by
1.8.13
|
Bitdefender Hypervisor Memory Introspection
|
#include <winpe.h>
Data Fields | |
| BOOLEAN | Image64Bit |
| True if the image is 64 bit. More... | |
| WORD | Subsystem |
| Subsystem. More... | |
| WORD | Machine |
| Machine type. More... | |
| DWORD | SizeOfImage |
| Size of the image. More... | |
| DWORD | TimeDateStamp |
| Time/date stamp. More... | |
| DWORD | EntryPoint |
| Entry point (RVA). More... | |
| QWORD | SectionOffset |
| Offset of the first section header. More... | |
| QWORD | NumberOfSections |
| Number of sections. More... | |
| DWORD | SectionAlignment |
| Sections alignment. More... | |
| QWORD | ImageBase |
| Image base. More... | |
| DWORD _INTRO_PE_INFO::EntryPoint |
Entry point (RVA).
Definition at line 601 of file winpe.h.
Referenced by IntLdrGetImageSizeAndEntryPoint(), IntModBlockHandleBlockModHeadersInMemory(), IntWinDrvHeadersInMemory(), and IntWinDrvObjIsValidDriverObject().
| BOOLEAN _INTRO_PE_INFO::Image64Bit |
True if the image is 64 bit.
Definition at line 596 of file winpe.h.
Referenced by IntPeFindFunctionStart(), IntPeFindFunctionStartInBuffer(), IntPeGetDirectory(), IntPeGetRuntimeFunction(), IntPeGetRuntimeFunctionInBuffer(), IntWinDepInjectProcess(), IntWinGuestReadKernel(), IntWinHalReadHal(), and IntWinUmModCacheFillHeaders().
| QWORD _INTRO_PE_INFO::ImageBase |
| WORD _INTRO_PE_INFO::Machine |
| QWORD _INTRO_PE_INFO::NumberOfSections |
Number of sections.
Definition at line 603 of file winpe.h.
Referenced by IntLdrGetImageSizeAndEntryPoint(), IntLdrLoadPEImage(), IntModBlockHandleBlockModHeadersInMemory(), IntPeFindFunctionByPattern(), IntPeGetSectionHeaderByIndex(), IntPeGetSectionHeaderByRva(), IntPeGetSectionHeadersByName(), IntPeListSectionsHeaders(), IntSlackAllocWindows(), IntWinDrvHeadersInMemory(), and IntWinModHookPoly().
| DWORD _INTRO_PE_INFO::SectionAlignment |
Sections alignment.
Definition at line 604 of file winpe.h.
Referenced by IntPeGetSectionHeaderByRva(), and IntWinDrvHeadersInMemory().
| QWORD _INTRO_PE_INFO::SectionOffset |
Offset of the first section header.
Definition at line 602 of file winpe.h.
Referenced by IntLdrGetImageSizeAndEntryPoint(), IntLdrLoadPEImage(), IntModBlockHandleBlockModHeadersInMemory(), IntPeFindFunctionByPattern(), IntPeGetSectionHeaderByIndex(), IntPeGetSectionHeaderByRva(), IntPeGetSectionHeadersByName(), IntPeListSectionsHeaders(), IntSlackAllocWindows(), IntWinDrvHeadersInMemory(), and IntWinModHookPoly().
| DWORD _INTRO_PE_INFO::SizeOfImage |
Size of the image.
Definition at line 599 of file winpe.h.
Referenced by IntLdrGetImageSizeAndEntryPoint(), IntPeFindFunctionByPattern(), IntPeGetDirectory(), IntPeGetSectionHeaderByIndex(), IntPeGetSectionHeaderByRva(), IntPeGetSectionHeadersByName(), IntWinDrvObjIsValidDriverObject(), IntWinGuestReadKernel(), IntWinHalReadHal(), IntWinModHookPoly(), and IntWinUmModCacheFillHeaders().
| WORD _INTRO_PE_INFO::Subsystem |
Subsystem.
Definition at line 597 of file winpe.h.
Referenced by IntLdrLoadPEImage(), and IntWinDagentCheckNativeSubsystem().
| DWORD _INTRO_PE_INFO::TimeDateStamp |
Time/date stamp.
Definition at line 600 of file winpe.h.
Referenced by IntWinDrvHeadersInMemory(), and IntWinUmModCacheFillHeaders().
1.8.13