Bitdefender Hypervisor Memory Introspection
|
Common violation header. More...
#include <intro_types.h>
Data Fields | |
DWORD | ViolationVersion |
INTRO_VERSION_INFO | VerInfo |
Information about the version of Introcore and the guest operating system. More... | |
INTRO_ACTION | Action |
The action that was taken as the result of this alert. More... | |
INTRO_ACTION_REASON | Reason |
The reason for which Action was taken. More... | |
INTRO_CPUCTX | CpuContext |
The context of the CPU that triggered the alert. More... | |
INTRO_PROCESS | CurrentProcess |
The current process. More... | |
QWORD | Flags |
A combination of ALERT_FLAG_* values describing the alert. More... | |
MITRE_ID | MitreID |
The Mitre ID that corresponds to this attack. More... | |
union { | |
BYTE Exception [ALERT_EXCEPTION_SIZE] | |
Exception information used by GLUE_IFACE.AddExceptionFromAlert. More... | |
INTRO_ALERT_EXCEPTION_HEADER ExHeader | |
The header of the exception information. More... | |
}; | |
Common violation header.
Definition at line 1189 of file intro_types.h.
union { ... } |
INTRO_ACTION _INTRO_VIOLATION_HEADER::Action |
The action that was taken as the result of this alert.
Definition at line 1194 of file intro_types.h.
Referenced by IntCrSendAlert(), IntDetSendIntegrityAlert(), IntDtrSendAlert(), IntEngSendExecViolation(), IntHookGvaEnableHooks(), IntHookPtsCheckIntegrity(), IntLixCmdLineSendViolationEvent(), IntLixDrvSendViolationEvent(), IntLixIdtWriteHandler(), IntLixKernelHandleRead(), IntLixMsrHandleWrite(), IntLixTaskSendBlockedEvent(), IntLixTaskSendCredViolationEvent(), IntLixTaskSendInjectionEvent(), IntLixVdsoHandleWriteCommon(), IntLixVmaHandlePageExecution(), IntSlackSendIntegrityAlert(), IntVeHandleAccess(), IntVeHandleEPTViolationInProtectedView(), IntWinCrashHandleDepViolation(), IntWinDagentSendDoubleAgentAlert(), IntWinDpiSendProcessCreationViolation(), IntWinDrvObjSendEptAlert(), IntWinDrvObjSendIntegrityAlert(), IntWinDrvSendAlert(), IntWinHalHandleDispatchTableWrite(), IntWinHalHandleHalHeapExec(), IntWinHalSendAlert(), IntWinHalSendPerfCntIntegrityAlert(), IntWinIdtSendIntegrityAlert(), IntWinIdtWriteHandler(), IntWinInfHookEptSppSendAlert(), IntWinInfHookIntegritySendAlert(), IntWinIntObjSendIntegrityAlert(), IntWinModHandleKernelWrite(), IntWinModHandleUserWrite(), IntWinModPolyHandler(), IntWinMsrSendAlert(), IntWinProcHandleCopyMemory(), IntWinProcHandleInstrument(), IntWinProcValidateSystemCr3(), IntWinSDSendAclIntegrityViolation(), IntWinSDSendSecDescIntViolation(), IntWinSelfMapHandleCr3SelfMapModification(), IntWinSelfMapHandleCr3SelfMapWrite(), IntWinSendCmdLineViolation(), IntWinSudSendSudExecAlert(), IntWinSudSendSudIntegrityAlert(), IntWinThrHandleQueueApc(), IntWinThrHandleThreadHijack(), IntWinTokenPrivsSendEptAlert(), IntWinTokenPrivsSendIntegrityAlert(), IntWinTokenPtrCheckIntegrityOnProcess(), and IntWinVadIsExecSuspicious().
INTRO_CPUCTX _INTRO_VIOLATION_HEADER::CpuContext |
The context of the CPU that triggered the alert.
Definition at line 1196 of file intro_types.h.
Referenced by IntCrSendAlert(), IntDetSendIntegrityAlert(), IntDtrSendAlert(), IntHookGvaEnableHooks(), IntHookPtsCheckIntegrity(), IntLixDrvSendViolationEvent(), IntLixIdtWriteHandler(), IntLixKernelHandleRead(), IntLixMsrHandleWrite(), IntLixTaskSendBlockedEvent(), IntLixTaskSendCredViolationEvent(), IntLixTaskSendInjectionEvent(), IntLixVdsoHandleWriteCommon(), IntLixVmaHandlePageExecution(), IntSlackSendIntegrityAlert(), IntVeHandleAccess(), IntVeHandleEPTViolationInProtectedView(), IntWinCrashHandleDepViolation(), IntWinDagentSendDoubleAgentAlert(), IntWinDpiSendProcessCreationViolation(), IntWinDrvObjSendEptAlert(), IntWinDrvObjSendIntegrityAlert(), IntWinDrvSendAlert(), IntWinHalHandleDispatchTableWrite(), IntWinHalHandleHalHeapExec(), IntWinHalSendAlert(), IntWinHalSendPerfCntIntegrityAlert(), IntWinIdtSendIntegrityAlert(), IntWinIdtWriteHandler(), IntWinInfHookEptSppSendAlert(), IntWinInfHookIntegritySendAlert(), IntWinIntObjSendIntegrityAlert(), IntWinModHandleKernelWrite(), IntWinModHandleUserWrite(), IntWinModPolyHandler(), IntWinMsrSendAlert(), IntWinProcHandleCopyMemory(), IntWinProcHandleInstrument(), IntWinProcValidateSystemCr3(), IntWinSDSendAclIntegrityViolation(), IntWinSDSendSecDescIntViolation(), IntWinSelfMapHandleCr3SelfMapModification(), IntWinSelfMapHandleCr3SelfMapWrite(), IntWinSudSendSudExecAlert(), IntWinSudSendSudIntegrityAlert(), IntWinThrHandleQueueApc(), IntWinThrHandleThreadHijack(), IntWinTokenPrivsSendEptAlert(), IntWinTokenPrivsSendIntegrityAlert(), IntWinTokenPtrCheckIntegrityOnProcess(), and IntWinVadIsExecSuspicious().
INTRO_PROCESS _INTRO_VIOLATION_HEADER::CurrentProcess |
The current process.
Definition at line 1197 of file intro_types.h.
Referenced by IntCrSendAlert(), IntDtrSendAlert(), IntEngSendExecViolation(), IntHookGvaEnableHooks(), IntHookPtsCheckIntegrity(), IntLixCmdLineSendViolationEvent(), IntLixDrvSendViolationEvent(), IntLixIdtWriteHandler(), IntLixKernelHandleRead(), IntLixMsrHandleWrite(), IntLixTaskSendBlockedEvent(), IntLixTaskSendCredViolationEvent(), IntLixTaskSendInjectionEvent(), IntLixVdsoHandleWriteCommon(), IntLixVmaHandlePageExecution(), IntVeHandleAccess(), IntVeHandleEPTViolationInProtectedView(), IntWinCrashHandleDepViolation(), IntWinDagentSendDoubleAgentAlert(), IntWinDpiSendProcessCreationViolation(), IntWinDrvObjSendEptAlert(), IntWinDrvObjSendIntegrityAlert(), IntWinDrvSendAlert(), IntWinHalHandleDispatchTableWrite(), IntWinHalHandleHalHeapExec(), IntWinHalSendAlert(), IntWinHalSendPerfCntIntegrityAlert(), IntWinIdtSendIntegrityAlert(), IntWinIdtWriteHandler(), IntWinInfHookEptSppSendAlert(), IntWinInfHookIntegritySendAlert(), IntWinIntObjSendIntegrityAlert(), IntWinModHandleKernelWrite(), IntWinModHandleUserWrite(), IntWinModPolyHandler(), IntWinMsrSendAlert(), IntWinProcHandleCopyMemory(), IntWinProcValidateSystemCr3(), IntWinSDSendAclIntegrityViolation(), IntWinSDSendSecDescIntViolation(), IntWinSelfMapHandleCr3SelfMapModification(), IntWinSelfMapHandleCr3SelfMapWrite(), IntWinSendCmdLineViolation(), IntWinSudSendSudExecAlert(), IntWinSudSendSudIntegrityAlert(), IntWinThrHandleQueueApc(), IntWinThrHandleThreadHijack(), IntWinTokenPrivsSendEptAlert(), IntWinTokenPrivsSendIntegrityAlert(), IntWinTokenPtrCheckIntegrityOnProcess(), and IntWinVadIsExecSuspicious().
BYTE _INTRO_VIOLATION_HEADER::Exception[ALERT_EXCEPTION_SIZE] |
Exception information used by GLUE_IFACE.AddExceptionFromAlert.
Definition at line 1204 of file intro_types.h.
INTRO_ALERT_EXCEPTION_HEADER _INTRO_VIOLATION_HEADER::ExHeader |
The header of the exception information.
Definition at line 1205 of file intro_types.h.
QWORD _INTRO_VIOLATION_HEADER::Flags |
A combination of ALERT_FLAG_* values describing the alert.
Definition at line 1198 of file intro_types.h.
Referenced by IntCrSendAlert(), IntDetSendIntegrityAlert(), IntDtrSendAlert(), IntEngSendExecViolation(), IntHookGvaEnableHooks(), IntHookPtsCheckIntegrity(), IntLixCmdLineSendViolationEvent(), IntLixDrvSendViolationEvent(), IntLixIdtWriteHandler(), IntLixKernelHandleRead(), IntLixMsrHandleWrite(), IntLixTaskSendBlockedEvent(), IntLixTaskSendCredViolationEvent(), IntLixTaskSendInjectionEvent(), IntLixVdsoHandleWriteCommon(), IntLixVmaHandlePageExecution(), IntSlackSendIntegrityAlert(), IntUpdateAddExceptionFromAlert(), IntVeHandleAccess(), IntVeHandleEPTViolationInProtectedView(), IntWinCrashHandleDepViolation(), IntWinDagentSendDoubleAgentAlert(), IntWinDpiSendProcessCreationViolation(), IntWinDrvObjSendEptAlert(), IntWinDrvObjSendIntegrityAlert(), IntWinDrvSendAlert(), IntWinHalHandleDispatchTableWrite(), IntWinHalHandleHalHeapExec(), IntWinHalSendAlert(), IntWinHalSendPerfCntIntegrityAlert(), IntWinIdtSendIntegrityAlert(), IntWinIdtWriteHandler(), IntWinInfHookEptSppSendAlert(), IntWinInfHookIntegritySendAlert(), IntWinIntObjSendIntegrityAlert(), IntWinModHandleKernelWrite(), IntWinModHandleUserWrite(), IntWinModPolyHandler(), IntWinMsrSendAlert(), IntWinProcHandleCopyMemory(), IntWinProcHandleInstrument(), IntWinProcValidateSystemCr3(), IntWinSDSendAclIntegrityViolation(), IntWinSDSendSecDescIntViolation(), IntWinSelfMapHandleCr3SelfMapModification(), IntWinSelfMapHandleCr3SelfMapWrite(), IntWinSendCmdLineViolation(), IntWinSudSendSudExecAlert(), IntWinSudSendSudIntegrityAlert(), IntWinThrHandleQueueApc(), IntWinThrHandleThreadHijack(), IntWinTokenPrivsSendEptAlert(), IntWinTokenPrivsSendIntegrityAlert(), IntWinTokenPtrCheckIntegrityOnProcess(), and IntWinVadIsExecSuspicious().
MITRE_ID _INTRO_VIOLATION_HEADER::MitreID |
The Mitre ID that corresponds to this attack.
Definition at line 1199 of file intro_types.h.
Referenced by IntCrSendAlert(), IntDetSendIntegrityAlert(), IntDtrSendAlert(), IntEngSendExecViolation(), IntHookGvaEnableHooks(), IntHookPtsCheckIntegrity(), IntLixCmdLineSendViolationEvent(), IntLixDrvSendViolationEvent(), IntLixIdtWriteHandler(), IntLixKernelHandleRead(), IntLixMsrHandleWrite(), IntLixTaskSendBlockedEvent(), IntLixTaskSendCredViolationEvent(), IntLixTaskSendInjectionEvent(), IntLixVdsoHandleWriteCommon(), IntLixVmaHandlePageExecution(), IntSlackSendIntegrityAlert(), IntVeHandleAccess(), IntVeHandleEPTViolationInProtectedView(), IntWinCrashHandleDepViolation(), IntWinDagentSendDoubleAgentAlert(), IntWinDpiSendProcessCreationViolation(), IntWinDrvObjSendEptAlert(), IntWinDrvObjSendIntegrityAlert(), IntWinDrvSendAlert(), IntWinHalHandleDispatchTableWrite(), IntWinHalHandleHalHeapExec(), IntWinHalSendAlert(), IntWinHalSendPerfCntIntegrityAlert(), IntWinIdtSendIntegrityAlert(), IntWinIdtWriteHandler(), IntWinInfHookEptSppSendAlert(), IntWinInfHookIntegritySendAlert(), IntWinIntObjSendIntegrityAlert(), IntWinModHandleKernelWrite(), IntWinModHandleUserWrite(), IntWinModPolyHandler(), IntWinMsrSendAlert(), IntWinProcHandleCopyMemory(), IntWinProcHandleInstrument(), IntWinProcValidateSystemCr3(), IntWinSDSendAclIntegrityViolation(), IntWinSDSendSecDescIntViolation(), IntWinSelfMapHandleCr3SelfMapModification(), IntWinSelfMapHandleCr3SelfMapWrite(), IntWinSendCmdLineViolation(), IntWinSudSendSudExecAlert(), IntWinSudSendSudIntegrityAlert(), IntWinThrHandleQueueApc(), IntWinThrHandleThreadHijack(), IntWinTokenPrivsSendEptAlert(), IntWinTokenPrivsSendIntegrityAlert(), IntWinTokenPtrCheckIntegrityOnProcess(), and IntWinVadIsExecSuspicious().
INTRO_ACTION_REASON _INTRO_VIOLATION_HEADER::Reason |
The reason for which Action was taken.
Definition at line 1195 of file intro_types.h.
Referenced by IntCrSendAlert(), IntDetSendIntegrityAlert(), IntDtrSendAlert(), IntEngSendExecViolation(), IntHookGvaEnableHooks(), IntHookPtsCheckIntegrity(), IntLixCmdLineSendViolationEvent(), IntLixDrvSendViolationEvent(), IntLixIdtWriteHandler(), IntLixKernelHandleRead(), IntLixMsrHandleWrite(), IntLixTaskSendBlockedEvent(), IntLixTaskSendCredViolationEvent(), IntLixTaskSendInjectionEvent(), IntLixVdsoHandleWriteCommon(), IntLixVmaHandlePageExecution(), IntSlackSendIntegrityAlert(), IntVeHandleAccess(), IntVeHandleEPTViolationInProtectedView(), IntWinCrashHandleDepViolation(), IntWinDagentSendDoubleAgentAlert(), IntWinDpiSendProcessCreationViolation(), IntWinDrvObjSendEptAlert(), IntWinDrvObjSendIntegrityAlert(), IntWinDrvSendAlert(), IntWinHalHandleDispatchTableWrite(), IntWinHalHandleHalHeapExec(), IntWinHalSendAlert(), IntWinHalSendPerfCntIntegrityAlert(), IntWinIdtSendIntegrityAlert(), IntWinIdtWriteHandler(), IntWinInfHookEptSppSendAlert(), IntWinInfHookIntegritySendAlert(), IntWinIntObjSendIntegrityAlert(), IntWinModHandleKernelWrite(), IntWinModHandleUserWrite(), IntWinMsrSendAlert(), IntWinProcHandleCopyMemory(), IntWinProcHandleInstrument(), IntWinProcValidateSystemCr3(), IntWinSDSendAclIntegrityViolation(), IntWinSDSendSecDescIntViolation(), IntWinSelfMapHandleCr3SelfMapModification(), IntWinSelfMapHandleCr3SelfMapWrite(), IntWinSendCmdLineViolation(), IntWinSudSendSudExecAlert(), IntWinSudSendSudIntegrityAlert(), IntWinThrHandleQueueApc(), IntWinThrHandleThreadHijack(), IntWinTokenPrivsSendEptAlert(), IntWinTokenPrivsSendIntegrityAlert(), IntWinTokenPtrCheckIntegrityOnProcess(), and IntWinVadIsExecSuspicious().
INTRO_VERSION_INFO _INTRO_VIOLATION_HEADER::VerInfo |
Information about the version of Introcore and the guest operating system.
Definition at line 1193 of file intro_types.h.
DWORD _INTRO_VIOLATION_HEADER::ViolationVersion |
The version of the alert. See INTRO_VIOLATION_VERSION.
Definition at line 1191 of file intro_types.h.