- Generated by
1.8.13
|
Bitdefender Hypervisor Memory Introspection
|
Data Fields | |
| LIST_ENTRY | Link |
| List entry element. More... | |
| RBNODE | Node |
| RB node for this entry. More... | |
| QWORD | Gla |
| Linear address where the candidate was found. More... | |
| INSTRUX | Instruction |
| The decoded instruction. More... | |
| void * | CloakHandle |
| Cloak handle used to hide the INT3/INT 20. More... | |
| BOOLEAN | Monitored |
| TRUE if the instruction is being monitored. FALSE if it has been restored. More... | |
| BOOLEAN | PtInstruction |
| TRUE if the instruction modified e PT entry. More... | |
Describes a PT write candidate instruction.
Definition at line 65 of file ptfilter.c.
| void* _PTI_CANDIDATE::CloakHandle |
Cloak handle used to hide the INT3/INT 20.
Definition at line 71 of file ptfilter.c.
Referenced by IntPtiMonitorAllPtWriteCandidates().
| QWORD _PTI_CANDIDATE::Gla |
Linear address where the candidate was found.
Definition at line 69 of file ptfilter.c.
Referenced by IntPtiDumpStats(), IntPtiHandleInt3(), IntPtiMonitorAllPtWriteCandidates(), IntPtiRbTreeNodeCompareRip(), and IntPtiRemoveInstruction().
| INSTRUX _PTI_CANDIDATE::Instruction |
The decoded instruction.
Definition at line 70 of file ptfilter.c.
Referenced by IntPtiDumpStats(), IntPtiInspectInstruction(), IntPtiMonitorAllPtWriteCandidates(), and IntPtiRemoveInstruction().
| LIST_ENTRY _PTI_CANDIDATE::Link |
List entry element.
Definition at line 67 of file ptfilter.c.
Referenced by IntPtiDumpStats(), IntPtiMonitorAllPtWriteCandidates(), IntPtiRemoveInstruction(), and IntPtiRestoreAllPtWriteCandidates().
| BOOLEAN _PTI_CANDIDATE::Monitored |
TRUE if the instruction is being monitored. FALSE if it has been restored.
Definition at line 72 of file ptfilter.c.
Referenced by IntPtiDumpStats(), IntPtiHandleInt3(), and IntPtiMonitorAllPtWriteCandidates().
| RBNODE _PTI_CANDIDATE::Node |
RB node for this entry.
Definition at line 68 of file ptfilter.c.
Referenced by IntPtiHandleInt3(), IntPtiMonitorAllPtWriteCandidates(), and IntPtiRbTreeNodeCompareRip().
| BOOLEAN _PTI_CANDIDATE::PtInstruction |
TRUE if the instruction modified e PT entry.
Definition at line 73 of file ptfilter.c.
1.8.13