- Generated by
1.8.13
|
Bitdefender Hypervisor Memory Introspection
|
Memory information structure. More...
#include <guests.h>
Data Fields | |
| QWORD | SystemCr3 |
| The Cr3 used to map the kernel. More... | |
| QWORD | Cr4 |
| Cr4 value used when deducing the paging mode. More... | |
| QWORD | Cr0 |
| Cr0 value used when deducing the paging mode. More... | |
| QWORD | Efer |
| QWORD | LastGpa |
| The upper limit of the guest physical address range. More... | |
| DWORD | SelfMapIndex |
| The self map index. More... | |
| PAGING_MODE | Mode |
| The paging mode used by the guest. More... | |
| QWORD _MM::Cr0 |
Cr0 value used when deducing the paging mode.
Definition at line 213 of file guests.h.
Referenced by IntGuestInitMemoryInfo().
| QWORD _MM::Cr4 |
Cr4 value used when deducing the paging mode.
Definition at line 212 of file guests.h.
Referenced by IntGuestInitMemoryInfo().
| QWORD _MM::Efer |
The value of the IA32 EFER MSR used when deducing the paging mode.
Definition at line 214 of file guests.h.
Referenced by IntGuestHandleCr3Write(), and IntGuestInitMemoryInfo().
| QWORD _MM::LastGpa |
The upper limit of the guest physical address range.
The physical address range that the guest can access is thus [0, LastGPa - 1] (inclusive). Note that gaps may be present inside this range.
Definition at line 219 of file guests.h.
Referenced by IntGuestGetLastGpa().
| PAGING_MODE _MM::Mode |
The paging mode used by the guest.
Definition at line 221 of file guests.h.
Referenced by IntGuestHandleCr3Write(), IntGuestInit(), IntGuestInitMemoryInfo(), IntHookPtmSetHook(), IntHookPtmWriteCallback(), IntHookPtsCreateEntry(), IntHookPtsSetHook(), IntTranslateVirtualAddressEx(), IntVasStartMonitorVaSpace(), IntWinGuestFindSelfMapIndex(), IntWinSelfMapDisableSelfMapEntryProtection(), IntWinSelfMapEnableSelfMapEntryProtection(), IntWinSelfMapGetAndCheckSelfMapEntry(), IntWinSelfMapProtectSelfMapIndex(), and IntWinSelfMapValidateSelfMapEntries().
| DWORD _MM::SelfMapIndex |
The self map index.
Definition at line 220 of file guests.h.
Referenced by IntExceptKernelLogWindowsInformation(), IntPtiDeliverDriverForLoad(), IntVeDeliverDriverForLoad(), IntVeIsAgentRemapped(), and IntWinGuestFindSelfMapIndex().
| QWORD _MM::SystemCr3 |
The Cr3 used to map the kernel.
Definition at line 211 of file guests.h.
Referenced by _IntLixTaskRead(), _IntLixTaskStartMap(), DbgDumpPfn(), DbgVaSpaceIterationCallbackCount(), IntAlertFillDpiExtraInfo(), IntCrSendAlert(), IntDetPatchArgument(), IntDetRelocate(), IntDtrSendAlert(), IntExceptDumpSignatures(), IntExceptGetVictimIntegrity(), IntExceptUserLogWindowsInformation(), IntExceptVerifyCodeBlocksSig(), IntExceptVerifyValueCodeSig(), IntGuestHandleCr3Write(), IntHandleDtrViolation(), IntHandleEptViolation(), IntHookGvaSetHook(), IntHookPtsCreateEntry(), IntHookPtsSetHook(), IntIcAddInvdForInstruction(), IntIntegrityAddRegion(), IntIntegrityCheckAll(), IntIntegrityRecalculate(), IntKernVirtMemRead(), IntKernVirtMemWrite(), IntKsymFindIndexesTableStart(), IntKsymFindMarkersReducedTableEnd(), IntKsymFindMarkersTableEnd(), IntKsymFindNamesTableEnd(), IntKsymInitAbsolute(), IntKsymRelativeFindOffsetTableEnd(), IntKsymRelativeFindOffsetTableStart(), IntLixAgentCreateThreadHypercall(), IntLixAgentFillDataFromMemory(), IntLixAgentFree(), IntLixCrashDumpDmesg(), IntLixCredInitMap(), IntLixCredsDump(), IntLixDepDeployFileHypercall(), IntLixDrvCreateDriverObject(), IntLixDrvFindList(), IntLixDrvSendViolationEvent(), IntLixDrvValidate(), IntLixDumpStacktrace(), IntLixFsrInitMap(), IntLixFsrRead(), IntLixGetInitTask(), IntLixGuestAllocateFill(), IntLixGuestAllocateHook(), IntLixGuestClearGuestMemory(), IntLixGuestFindKernelBase(), IntLixGuestFindKernelVersionAndRo(), IntLixGuestInitAgentCompletion(), IntLixGuestNew(), IntLixKernelHandleRead(), IntLixMmGetInitMm(), IntLixMsrHandleWrite(), IntLixPatchSwapgs(), IntLixStackTraceGet(), IntLixStackTraceGetReg(), IntLixTaskCreateFromBinprm(), IntLixTaskFetchCmdLine(), IntLixTaskFetchMm(), IntLixTaskMarkAgent(), IntLixVdsoFixedProtect(), IntLixVmaGetPageCount(), IntLogCriticalStructureCoruption(), IntMemClkCloakRegion(), IntPeFindFunctionByPattern(), IntPeListSectionsHeaders(), IntPtiCacheAdd(), IntPtiCacheRemove(), IntPtiDeliverDriverForLoad(), IntPtiHookPtDriver(), IntPtiMonitorAllPtWriteCandidates(), IntPtiRemoveInstruction(), IntPtiRemovePtFilter(), IntReadString(), IntSerializeDpiWinPivotedStack(), IntSerializeLixKmMisc(), IntSerializeWinKmMisc(), IntSlackAllocLinux(), IntSlackAllocWindows(), IntSwapMemReadData(), IntThrSafeIsStackPtrInIntro(), IntThrSafeMoveReturn(), IntThrSafeWinInspectWaitingThread(), IntVeDeliverDriverForLoad(), IntVeDumpVeInfoPage(), IntVeEnableDisableDriverAccessInProtectedView(), IntVeHandleEPTViolationInProtectedView(), IntVeHookVeDriver(), IntVePatchVeCoreJmpKiKernelExit(), IntVePatchVeCoreJmpTrampoline(), IntVeRemoveAgent(), IntVeSetVeInfoPage(), IntVeUpdateCacheEntry(), IntWinAgentHandleLoader1Hypercall(), IntWinDrvObjCreateFromAddress(), IntWinDrvObjHandleWrite(), IntWinDrvObjIsValidDriverObject(), IntWinDrvObjRemoveFromAddress(), IntWinDrvRemoveFromAddress(), IntWinGuestFindBuildNumber(), IntWinGuestFindDriversNamespace(), IntWinGuestFindDriversNamespaceNoBuffer(), IntWinGuestFindIdleCr3(), IntWinGuestFindKernel(), IntWinGuestFindKernelCr3(), IntWinGuestFindKernelObjects(), IntWinGuestFindKernelObjectsInternal(), IntWinGuestFindSelfMapIndex(), IntWinGuestNew(), IntWinGuestReadKernel(), IntWinGuestValidateKernel(), IntWinHalFindHalHeapAndInterruptController(), IntWinHalFindInterruptController(), IntWinHalHandleDispatchTableWrite(), IntWinHalHandleHalHeapExec(), IntWinHalProtectHalHeapExecs(), IntWinHalReadHal(), IntWinInfHookGetCircularCtxLogger(), IntWinInfHookHookSppWmiGetClock(), IntWinInfHookSppHookWmiSiloPtr(), IntWinIntObjHandleArrayModification(), IntWinIntObjHandleObjectModification(), IntWinMsrSendAlert(), IntWinNetFillTcpStruct(), IntWinNetFindTcpBitmap(), IntWinNetFindTcpObjects(), IntWinNetFindTcpPartition(), IntWinNetSearchForAlloc(), IntWinPfnIsMmPfnDatabase(), IntWinPfnLockAddress(), IntWinPfnModifyRefCount(), IntWinProcCreateProcessObject(), IntWinProcEnforceProcessDep(), IntWinProcMapEprocess(), IntWinProcMarkAgent(), IntWinProcPatchSpareValue(), IntWinProcRemoveProcess(), IntWinProcValidateSystemCr3(), IntWinSDCheckAclIntegrity(), IntWinSDCheckSecDescIntegrity(), IntWinSDFetchSecDescAddress(), IntWinSDReadSecDesc(), IntWinStackTraceGet32(), IntWinStackTraceGet64(), IntWinStackUserTrapFrameGet32(), IntWinStackUserTrapFrameGet64(), IntWinSudHandleFieldModification(), IntWinSudProtectSudExec(), IntWinTokenCheckCurrentPrivileges(), IntWinTokenFetchTokenAddress(), IntWinTokenPrivsProtectOnProcess(), IntWinTokenPrivsShouldHook(), IntWinTokenProtectPrivsInternal(), and IntWinVadMapShortVad().
1.8.13