- Generated by
1.8.13
|
Bitdefender Hypervisor Memory Introspection
|
Describes a guest process. More...
#include <intro_types.h>
Data Fields | |
| BOOLEAN | Valid |
| Set to True if the information in the structure is valid, False otherwise. More... | |
| DWORD | Pid |
| The PID of the process. More... | |
| QWORD | Cr3 |
| QWORD | CreationTime |
| The Process Creation Time, in 100 ns units since 1 January 1601. More... | |
| CHAR | ImageName [ALERT_IMAGE_NAME_LEN] |
| Image base name of the current process.. More... | |
| WCHAR | Path [ALERT_PATH_MAX_LEN] |
| INTRO_TOKEN | SecurityInfo |
| The thread token (if impersonating) or the process token (Windows only). More... | |
| CHAR | CmdLine [ALERT_CMDLINE_MAX_LEN] |
| Process command line. May not always be available. More... | |
| QWORD | Context |
| The context supplied when the process was protected. More... | |
| BOOLEAN | Wow64 |
| A boolean which is TRUE if the process is WoW64. More... | |
Describes a guest process.
Since certain operations that fill the fields in this structure may fail, the Valid field should be checked before using any information present in the structure.
Definition at line 901 of file intro_types.h.
| CHAR _INTRO_PROCESS::CmdLine[ALERT_CMDLINE_MAX_LEN] |
Process command line. May not always be available.
Definition at line 913 of file intro_types.h.
| QWORD _INTRO_PROCESS::Context |
The context supplied when the process was protected.
Definition at line 914 of file intro_types.h.
| QWORD _INTRO_PROCESS::Cr3 |
The process Cr3 (NOT necessary the current CR3).
Definition at line 906 of file intro_types.h.
Referenced by IntLixTaskSendExceptionEvent().
| QWORD _INTRO_PROCESS::CreationTime |
The Process Creation Time, in 100 ns units since 1 January 1601.
Definition at line 908 of file intro_types.h.
| CHAR _INTRO_PROCESS::ImageName[ALERT_IMAGE_NAME_LEN] |
Image base name of the current process..
Definition at line 909 of file intro_types.h.
Referenced by IntLixCmdLineInspect(), IntLixTaskSendExceptionEvent(), and IntWinInspectCommandLine().
| WCHAR _INTRO_PROCESS::Path[ALERT_PATH_MAX_LEN] |
The full path of the process. May not always be available.
Definition at line 910 of file intro_types.h.
| DWORD _INTRO_PROCESS::Pid |
The PID of the process.
Definition at line 905 of file intro_types.h.
Referenced by IntLixCmdLineInspect(), IntLixTaskSendExceptionEvent(), and IntWinInspectCommandLine().
| INTRO_TOKEN _INTRO_PROCESS::SecurityInfo |
The thread token (if impersonating) or the process token (Windows only).
Definition at line 912 of file intro_types.h.
Referenced by IntCrSendAlert().
| BOOLEAN _INTRO_PROCESS::Valid |
Set to True if the information in the structure is valid, False otherwise.
Definition at line 904 of file intro_types.h.
Referenced by IntHookGvaEnableHooks(), IntLixDrvSendEvent(), IntLixTaskSendCredViolationEvent(), IntLixTaskSendTaskEvent(), IntWinIdtSendIntegrityAlert(), IntWinIntObjSendIntegrityAlert(), IntWinProcSendProcessEvent(), and IntWinSelfMapHandleCr3SelfMapModification().
| BOOLEAN _INTRO_PROCESS::Wow64 |
A boolean which is TRUE if the process is WoW64.
Definition at line 915 of file intro_types.h.
1.8.13