- Generated by
1.8.13
|
Bitdefender Hypervisor Memory Introspection
|
Describes a Linux guest. More...
#include <lixguest.h>
Data Fields | |
| union { | |
| DWORD Value | |
| The Linux full version number. More... | |
| struct { | |
| WORD Sublevel | |
| The sublevel field of the version string. More... | |
| BYTE Patch | |
| The patch field of the version string. More... | |
| BYTE Version | |
| The version field of the version string. More... | |
| WORD Backport | |
| The backport field of the version string. More... | |
| } | |
| } | Version |
| The version of the Linux kernel. More... | |
| CHAR | VersionString [MAX_VERSION_LENGTH] |
| The version string. More... | |
| struct { | |
| QWORD CodeStart | |
| The guest virtual address where the code starts. More... | |
| QWORD CodeEnd | |
| The guest virtual address where the code ends. More... | |
| QWORD DataStart | |
| The guest virtual address where the data starts. More... | |
| QWORD DataEnd | |
| The guest virtual address where the data ends. More... | |
| QWORD RoDataStart | |
| The guest virtual address where the read-only data starts. More... | |
| QWORD RoDataEnd | |
| The guest virtual address where the read-only data ends. More... | |
| QWORD ExTableStart | |
| The guest virtual address where the ex-table starts. More... | |
| QWORD ExTableEnd | |
| The guest virtual address where the ex-table ends. More... | |
| } | Layout |
| BOOLEAN | Initialized |
| True if the guest is initialized. More... | |
| LIX_SYMBOL | MemoryFunctions [5] |
| The guest virtual address of memcpy, __memcpy, memset, __memset, memmove. More... | |
| struct { | |
| QWORD Vsyscall | |
| The guest virtual address of the vsyscall. More... | |
| QWORD VdsoStart | |
| The guest virtual address where the vDSO starts. More... | |
| QWORD VdsoEnd | |
| The guest virtual address where the vDSO ends. More... | |
| QWORD Vdso32Start | |
| The guest virtual address where the vDSO x32 starts. More... | |
| QWORD Vdso32End | |
| The guest virtual address where the vDSO x32 end. More... | |
| } | Vdso |
| LIX_ACTIVE_PATCH | ActivePatch [lixActivePatchCount] |
| An array that contains information about the active-patches. More... | |
| QWORD | SyscallAddress |
| The guest virtual address of the syscall. More... | |
| QWORD | PropperSyscallGva |
| The guest virtual address of the 'real' syscall. More... | |
| void * | InitProcessObj |
| The LIX_TASK_OBJECT of the 'init' process. More... | |
| struct { | |
| struct { | |
| BOOLEAN Initialized | |
| True if the detours-code/data region is initialized. More... | |
| BOOLEAN Cleared | |
| True if the detours-code/data region is cleared. More... | |
| struct { | |
| QWORD Address | |
| The guest virtual address of the detours-code. More... | |
| DWORD Length | |
| The length (bytes) of the detours-code. More... | |
| void * HookObject | |
| The hook-object for detours-code region. More... | |
| } Code | |
| struct { | |
| QWORD Address | |
| The guest virtual address of the detours-data. More... | |
| DWORD Length | |
| The length (bytes) of the detours-data. More... | |
| void * HookObject | |
| The hook-object for detours-data region. More... | |
| } Data | |
| } Detour | |
| struct { | |
| BOOLEAN Initialized | |
| True if the agents region is initialized. More... | |
| BOOLEAN Cleared | |
| True if the agents region is initialized. More... | |
| QWORD Address | |
| The guest virtual address of the agents. More... | |
| DWORD Length | |
| The length (bytes) of the agents. More... | |
| void * HookObject | |
| The hook-object for agents region. More... | |
| } Agent | |
| struct { | |
| QWORD PerCpuAddress | |
| The guest virtual address of the 'per-cpu' allocated region. More... | |
| DWORD PerCpuLength | |
| The length (bytes) of the 'per-cpu' region. More... | |
| } PerCpuData | |
| QWORD OriginalPagesAttr | |
| The original page protection-attributes for the allocated region. More... | |
| } | MmAlloc |
| LIX_OPAQUE_FIELDS | OsSpecificFields |
| OS-dependent and specific information. More... | |
Describes a Linux guest.
Definition at line 476 of file lixguest.h.
| LIX_ACTIVE_PATCH _LINUX_GUEST::ActivePatch[lixActivePatchCount] |
An array that contains information about the active-patches.
Definition at line 527 of file lixguest.h.
Referenced by IntDetHandleWrite(), IntLixDrvHandleWrite(), IntLixDrvIsActivePatch(), IntLixFtraceHandler(), IntLixJumpLabelHandler(), IntLixKernelHandleRead(), and IntLixTextPokeHandler().
| QWORD _LINUX_GUEST::Address |
The guest virtual address of the detours-code.
The guest virtual address of the agents.
The guest virtual address of the detours-data.
Definition at line 543 of file lixguest.h.
| struct { ... } _LINUX_GUEST::Agent |
| WORD _LINUX_GUEST::Backport |
The backport field of the version string.
Definition at line 488 of file lixguest.h.
| BOOLEAN _LINUX_GUEST::Cleared |
True if the detours-code/data region is cleared.
True if the agents region is initialized.
Definition at line 539 of file lixguest.h.
| struct { ... } _LINUX_GUEST::Code |
| QWORD _LINUX_GUEST::CodeEnd |
The guest virtual address where the code ends.
Definition at line 498 of file lixguest.h.
Referenced by IntKsymInitAbsolute(), IntLixDrvCreateKernel(), IntLixDumpStacktrace(), IntLixGuestFindKernelVersionAndRo(), IntLixGuestInit(), IntLixHookKernelRead(), IntLixHookKernelWrite(), and IntLixMmGetInitMm().
| QWORD _LINUX_GUEST::CodeStart |
The guest virtual address where the code starts.
Definition at line 497 of file lixguest.h.
Referenced by IntKsymInitAbsolute(), IntLixDrvCreateKernel(), IntLixDumpStacktrace(), IntLixGuestFindKernelBase(), IntLixGuestInit(), IntLixHookKernelRead(), IntLixHookKernelWrite(), IntLixMmGetInitMm(), and IntLixPatchSwapgs().
| struct { ... } _LINUX_GUEST::Data |
| QWORD _LINUX_GUEST::DataEnd |
The guest virtual address where the data ends.
Definition at line 501 of file lixguest.h.
Referenced by IntLixDrvCreateKernel(), IntLixDrvFindList(), IntLixFindDataStart(), IntLixGuestInit(), IntLixMmGetInitMm(), and IntLixVdsoDynamicProtect().
| QWORD _LINUX_GUEST::DataStart |
The guest virtual address where the data starts.
Definition at line 500 of file lixguest.h.
Referenced by IntLixDrvFindList(), IntLixFindDataStart(), IntLixGetInitTask(), IntLixGuestInit(), and IntLixMmGetInitMm().
| struct { ... } _LINUX_GUEST::Detour |
Referenced by IntDetCallCallback(), IntDetCreateObjectLix(), IntDetIsPtrInHandler(), IntLixApiHookAll(), IntLixApiUpdateHooks(), IntLixGuestAllocateDeploy(), IntLixGuestAllocateFill(), IntLixGuestAllocateHook(), IntLixGuestDeployUninitAgent(), IntLixGuestUnhookGuestCode(), and IntLixGuestUninitGuestCode().
| QWORD _LINUX_GUEST::ExTableEnd |
The guest virtual address where the ex-table ends.
Definition at line 507 of file lixguest.h.
Referenced by IntLixGuestInit(), IntLixGuestResolveExTableLimits(), and IntLixHookKernelWrite().
| QWORD _LINUX_GUEST::ExTableStart |
The guest virtual address where the ex-table starts.
Definition at line 506 of file lixguest.h.
Referenced by IntLixDrvSendViolationEvent(), IntLixGuestInit(), IntLixGuestResolveExTableLimits(), IntLixHookKernelRead(), and IntLixHookKernelWrite().
| void* _LINUX_GUEST::HookObject |
The hook-object for detours-code region.
The hook-object for agents region.
The hook-object for detours-data region.
Definition at line 546 of file lixguest.h.
| BOOLEAN _LINUX_GUEST::Initialized |
True if the guest is initialized.
True if the agents region is initialized.
True if the detours-code/data region is initialized.
Definition at line 510 of file lixguest.h.
| void* _LINUX_GUEST::InitProcessObj |
The LIX_TASK_OBJECT of the 'init' process.
Definition at line 532 of file lixguest.h.
Referenced by IntLixDrvIterateList(), IntLixTaskCreate(), IntLixTaskHandleDoExit(), and IntLixTaskHandleExec().
| struct { ... } _LINUX_GUEST::Layout |
Referenced by IntKsymInitAbsolute(), IntKsymRelativeFindOffsetTableEnd(), IntKsymRelativeFindOffsetTableStart(), IntLixDrvCreateKernel(), IntLixDrvFindList(), IntLixDrvSendViolationEvent(), IntLixDumpStacktrace(), IntLixFindDataStart(), IntLixGetInitTask(), IntLixGuestFindKernel(), IntLixGuestFindKernelBase(), IntLixGuestFindKernelVersionAndRo(), IntLixGuestInit(), IntLixGuestResolveExTableLimits(), IntLixHookKernelRead(), IntLixHookKernelWrite(), IntLixMmGetInitMm(), IntLixPatchSwapgs(), and IntLixVdsoDynamicProtect().
| DWORD _LINUX_GUEST::Length |
The length (bytes) of the detours-code.
The length (bytes) of the agents.
The length (bytes) of the detours-data.
Definition at line 544 of file lixguest.h.
| LIX_SYMBOL _LINUX_GUEST::MemoryFunctions[5] |
The guest virtual address of memcpy, __memcpy, memset, __memset, memmove.
Definition at line 513 of file lixguest.h.
Referenced by IntExceptLixKernelIsMemoryFunc(), and IntLixGuestResolveSymbols().
| struct { ... } _LINUX_GUEST::MmAlloc |
Referenced by IntDetCallCallback(), IntDetCreateObjectLix(), IntDetIsPtrInHandler(), IntLixAgentFillDataFromMemory(), IntLixAgentThreadInject(), IntLixApiHookAll(), IntLixApiUpdateHooks(), IntLixGuestAllocateDeploy(), IntLixGuestAllocateFill(), IntLixGuestAllocateHook(), IntLixGuestDeployUninitAgent(), IntLixGuestUnhookGuestCode(), and IntLixGuestUninitGuestCode().
| QWORD _LINUX_GUEST::OriginalPagesAttr |
The original page protection-attributes for the allocated region.
Definition at line 576 of file lixguest.h.
Referenced by IntLixGuestAllocateFill(), and IntLixGuestDeployUninitAgent().
| LIX_OPAQUE_FIELDS _LINUX_GUEST::OsSpecificFields |
OS-dependent and specific information.
Definition at line 579 of file lixguest.h.
Referenced by IntCamiLoadLinux(), IntLixApiHookAll(), IntLixGuestAllocateDeploy(), IntLixGuestUninit(), IntLixResolveCurrentCpuOffset(), IntLixResolveCurrentProcessOffset(), IntLixResolveThreadStructOffset(), IntLixTaskGetCurrentTaskStruct(), and IntThrSafeLixInspectWaitingThread().
| BYTE _LINUX_GUEST::Patch |
The patch field of the version string.
Definition at line 486 of file lixguest.h.
| QWORD _LINUX_GUEST::PerCpuAddress |
The guest virtual address of the 'per-cpu' allocated region.
Definition at line 572 of file lixguest.h.
| struct { ... } _LINUX_GUEST::PerCpuData |
| DWORD _LINUX_GUEST::PerCpuLength |
The length (bytes) of the 'per-cpu' region.
Definition at line 573 of file lixguest.h.
| QWORD _LINUX_GUEST::PropperSyscallGva |
The guest virtual address of the 'real' syscall.
Definition at line 530 of file lixguest.h.
Referenced by IntLixAgentFindInstruction(), and IntLixGuestInit().
| QWORD _LINUX_GUEST::RoDataEnd |
The guest virtual address where the read-only data ends.
Definition at line 504 of file lixguest.h.
Referenced by IntKsymRelativeFindOffsetTableEnd(), IntKsymRelativeFindOffsetTableStart(), IntLixDrvCreateKernel(), IntLixFindDataStart(), IntLixGuestFindKernel(), IntLixGuestFindKernelVersionAndRo(), IntLixGuestInit(), IntLixHookKernelWrite(), and IntLixVdsoDynamicProtect().
| QWORD _LINUX_GUEST::RoDataStart |
The guest virtual address where the read-only data starts.
Definition at line 503 of file lixguest.h.
Referenced by IntKsymInitAbsolute(), IntKsymRelativeFindOffsetTableStart(), IntLixFindDataStart(), IntLixGuestFindKernelVersionAndRo(), IntLixGuestInit(), and IntLixHookKernelWrite().
| WORD _LINUX_GUEST::Sublevel |
The sublevel field of the version string.
Definition at line 485 of file lixguest.h.
| QWORD _LINUX_GUEST::SyscallAddress |
The guest virtual address of the syscall.
Definition at line 529 of file lixguest.h.
Referenced by IntLixAgentFindInstruction(), and IntLixGuestNew().
| DWORD _LINUX_GUEST::Value |
The Linux full version number.
Definition at line 481 of file lixguest.h.
| struct { ... } _LINUX_GUEST::Vdso |
| QWORD _LINUX_GUEST::Vdso32End |
The guest virtual address where the vDSO x32 end.
Definition at line 523 of file lixguest.h.
Referenced by IntLixVdsoDynamicProtectNonRelocate(), and IntLixVdsoResolveDynamicOffset().
| QWORD _LINUX_GUEST::Vdso32Start |
The guest virtual address where the vDSO x32 starts.
Definition at line 522 of file lixguest.h.
Referenced by IntLixVdsoDynamicProtectNonRelocate(), and IntLixVdsoResolveDynamicOffset().
| QWORD _LINUX_GUEST::VdsoEnd |
The guest virtual address where the vDSO ends.
Definition at line 520 of file lixguest.h.
Referenced by IntLixVdsoDynamicProtectNonRelocate(), IntLixVdsoDynamicProtectRelocate(), and IntLixVdsoResolveDynamicOffset().
| QWORD _LINUX_GUEST::VdsoStart |
The guest virtual address where the vDSO starts.
Definition at line 519 of file lixguest.h.
Referenced by IntLixVdsoDynamicProtect(), IntLixVdsoDynamicProtectNonRelocate(), IntLixVdsoDynamicProtectRelocate(), and IntLixVdsoResolveDynamicOffset().
| BYTE _LINUX_GUEST::Version |
The version field of the version string.
Definition at line 487 of file lixguest.h.
Referenced by IntExceptVerifyVersionOsSignature(), IntGetVersionStringLinux(), IntGuestGetInfo(), IntLixAgentMatchVersion(), IntLixCrashDumpDmesg(), IntLixDepInjectFile(), IntLixDepInjectProcess(), IntLixGuestParseVersion(), IntLixGuestSetOsVersion(), IntLixTaskIterateThreadGroup(), and IntLixTaskIterateThreadNode().
| union { ... } _LINUX_GUEST::Version |
The version of the Linux kernel.
| CHAR _LINUX_GUEST::VersionString[MAX_VERSION_LENGTH] |
The version string.
Definition at line 492 of file lixguest.h.
Referenced by IntCamiLoadLinux(), IntCamiLoadProtOptionsLinux(), IntGetVersionStringLinux(), and IntLixGuestFindKernelVersionAndRo().
| QWORD _LINUX_GUEST::Vsyscall |
The guest virtual address of the vsyscall.
Definition at line 517 of file lixguest.h.
Referenced by IntLixVdsoFixedProtect().
1.8.13