- Generated by
1.8.13
|
Bitdefender Hypervisor Memory Introspection
|
Describes a kernel driver. More...
#include <drivers.h>
Data Fields | |
| LIST_ENTRY | Link |
| Entry inside the gKernelDrivers list. More... | |
| QWORD | ObjectGva |
| The guest virtual address at which this object resides. More... | |
| QWORD | BaseVa |
| The guest virtual address of the kernel module that owns this driver object. More... | |
| QWORD | Size |
| The size of the kernel module that owns this driver object. More... | |
| QWORD | EntryPoint |
| The entry point of this driver. More... | |
| QWORD | ProtectionFlag |
| The introcore option that decided that this driver must be protected. More... | |
| void * | Name |
| The name of the driver. More... | |
| SIZE_T | NameLength |
| The length of the Name. This is the number of characters in the Name buffer. More... | |
| DWORD | NameHash |
| The hash of the name. More... | |
| void * | HookObject |
| The hook object used to protect this driver. NULL if the driver is not protected. More... | |
| BOOLEAN | Protected |
| True if the driver is protected, False if it is not. More... | |
| union { | |
| WIN_KERNEL_DRIVER Win | |
| Valid only for Windows guests. More... | |
| LIX_KERNEL_MODULE Lix | |
| Valid only for Linux guests. More... | |
| }; | |
| OS-specific information. More... | |
Describes a kernel driver.
This structure contains information that is common for both Windows and Linux kernels, with the OS-specific parts being saved in the Win or Lix fields.
| union { ... } |
OS-specific information.
| QWORD _KERNEL_DRIVER::BaseVa |
The guest virtual address of the kernel module that owns this driver object.
Definition at line 41 of file drivers.h.
Referenced by IntAlertEptFillFromVictimZone(), IntExceptGetVictimMsr(), IntExceptKernelMatchVictim(), IntExceptLixKernelGetOriginator(), IntExceptWinKernelGetOriginator(), IntLdrFixImports(), IntLixDrvCreateDriverObject(), IntLixDrvCreateFromAddress(), IntLixDrvCreateKernel(), IntLogCurrentIP(), IntLogStackTrace(), IntSerializeKernelDriver(), IntVeDeliverDriverForLoad(), IntWinAgentHandleDriverVmcall(), IntWinAgentSelectBootstrapAddress(), IntWinApiHook(), IntWinBcLogBsodEvent(), IntWinDrvCreateFromAddress(), IntWinDrvHandleRead(), IntWinDrvHeadersInMemory(), IntWinGuestFinishInit(), IntWinHalFindHalHeapAndInterruptController(), IntWinHalFindInterruptController(), IntWinHalFindPerformanceCounter(), IntWinHalFindPerformanceCounterInternal(), IntWinHalIsHalPerf(), IntWinHalIsIntController(), IntWinHalReadHal(), IntWinInfCheckCtxLoggerOnRelocation(), IntWinInfHookGetWmiLoggerGetCpuClock(), IntWinInfHookSppViolationCallbackWmiPtrChanged(), IntWinModFillDriverInjectionData(), IntWinNetFindTcpObjects(), IntWinProtectReadNtEat(), and IntWinStackTraceGet64().
| QWORD _KERNEL_DRIVER::EntryPoint |
The entry point of this driver.
Definition at line 45 of file drivers.h.
Referenced by IntExceptWinKernelGetOriginator(), IntLixDrvCreateDriverObject(), IntLixDrvCreateFromAddress(), IntSerializeKernelDriver(), IntWinDrvCreateFromAddress(), IntWinDrvHandleDriverEntry(), and IntWinDrvHeadersInMemory().
| void* _KERNEL_DRIVER::HookObject |
The hook object used to protect this driver. NULL if the driver is not protected.
Definition at line 62 of file drivers.h.
Referenced by IntLixHookKernelWrite(), IntLixUnhookKernelWrite(), IntWinDrvHeadersInMemory(), and IntWinProtectReadNtEat().
| LIST_ENTRY _KERNEL_DRIVER::Link |
Entry inside the gKernelDrivers list.
Definition at line 33 of file drivers.h.
Referenced by IntLixDrvCreateFromAddress(), IntLixDrvCreateKernel(), and IntWinDrvCreateFromAddress().
| LIX_KERNEL_MODULE _KERNEL_DRIVER::Lix |
Valid only for Linux guests.
Definition at line 71 of file drivers.h.
Referenced by IntExceptKernelMatchVictim(), IntLixDrvCreateDriverObject(), IntLixDrvCreateFromAddress(), IntLixDrvCreateKernel(), IntLixDrvInitVfreeHandler(), IntLixDumpStacktrace(), IntLixHookKernelRead(), IntLixPatchHandler(), and IntLixUnhookKernelRead().
| void* _KERNEL_DRIVER::Name |
The name of the driver.
This is saved as a void* because on Windows it will be a WCHAR* and on Linux it will be a CHAR*.
Definition at line 54 of file drivers.h.
Referenced by IntAlertEptFillFromVictimZone(), IntExceptWinKernelGetOriginator(), IntLixDrvCreateDriverObject(), IntLixDrvCreateFromAddress(), IntLixDrvCreateKernel(), IntLixDrvInitVfreeHandler(), IntLixDumpStacktrace(), IntLogCurrentIP(), IntLogStackTrace(), IntVeInit(), IntWinAgentSelectBootstrapAddress(), IntWinDrvCreateFromAddress(), IntWinDrvHeadersInMemory(), and IntWinStackTraceGet64().
| DWORD _KERNEL_DRIVER::NameHash |
The hash of the name.
Definition at line 59 of file drivers.h.
Referenced by IntExceptLixKernelGetOriginator(), IntExceptWinKernelGetOriginator(), IntLixDrvCreateDriverObject(), IntLixDrvCreateKernel(), IntVeInit(), IntWinDrvCreateFromAddress(), and IntWinModFillDriverInjectionData().
| SIZE_T _KERNEL_DRIVER::NameLength |
The length of the Name. This is the number of characters in the Name buffer.
Definition at line 56 of file drivers.h.
Referenced by IntExceptKernelLogLinuxInformation(), IntLixDrvCreateDriverObject(), IntLixDrvCreateKernel(), IntVeInit(), and IntWinDrvCreateFromAddress().
| QWORD _KERNEL_DRIVER::ObjectGva |
The guest virtual address at which this object resides.
For windows guests this is the address of the _DRIVER_OBJECT structure, for Linux guests this is the address of the 'struct module' structure.
Definition at line 39 of file drivers.h.
Referenced by IntLixDrvCreateDriverObject(), IntLixDrvCreateFromAddress(), and IntSerializeKernelDriver().
| BOOLEAN _KERNEL_DRIVER::Protected |
True if the driver is protected, False if it is not.
Definition at line 65 of file drivers.h.
Referenced by IntLixHookKernelRead(), IntLixHookKernelWrite(), IntLixUnhookKernelRead(), IntLixUnhookKernelWrite(), IntVeInit(), IntVeUnInit(), and IntWinDrvHeadersInMemory().
| QWORD _KERNEL_DRIVER::ProtectionFlag |
The introcore option that decided that this driver must be protected.
See Activation and protection flags for valid values.
Definition at line 49 of file drivers.h.
Referenced by IntLixDrvHandleWrite(), IntLixHookKernelRead(), IntLixHookKernelWrite(), IntLixKernelHandleRead(), IntLixUnhookKernelRead(), IntLixUnhookKernelWrite(), IntVeInit(), IntVeUnInit(), IntWinDrvHandleRead(), and IntWinDrvHandleWrite().
| QWORD _KERNEL_DRIVER::Size |
The size of the kernel module that owns this driver object.
Definition at line 43 of file drivers.h.
Referenced by IntLixDrvCreateDriverObject(), IntLixDrvCreateFromAddress(), IntLixDrvCreateKernel(), IntSerializeKernelDriver(), IntVeDeliverDriverForLoad(), IntWinBcLogBsodEvent(), IntWinDrvCreateFromAddress(), IntWinDrvHeadersInMemory(), IntWinGuestFinishInit(), IntWinHalIsHalPerf(), IntWinHalIsIntController(), and IntWinProtectReadNtEat().
| WIN_KERNEL_DRIVER _KERNEL_DRIVER::Win |
Valid only for Windows guests.
Definition at line 70 of file drivers.h.
Referenced by IntExceptKernelLogWindowsInformation(), IntExceptKernelMatchVictim(), IntExceptWinKernelGetOriginator(), IntHandleTimer(), IntVeInit(), IntWinBcLogBsodEvent(), IntWinDrvCreateFromAddress(), IntWinDrvForceDisableReadNtEat(), IntWinDrvHandleDriverEntry(), IntWinDrvHandleRead(), IntWinDrvHeadersInMemory(), IntWinDrvObjCreateFromAddress(), IntWinDrvObjHandleWrite(), IntWinDrvObjRemove(), IntWinGuestFinishInit(), IntWinHalFindHalHeapAndInterruptController(), IntWinHalFindInterruptController(), IntWinHalFindPerformanceCounter(), IntWinHalHeadersInMemory(), IntWinHalReadHal(), IntWinModFillDriverInjectionData(), IntWinProtectReadNtEat(), IntWinStackTraceGet64(), and IntWinUnprotectReadNtEat().
1.8.13