- Generated by
1.8.13
|
Bitdefender Hypervisor Memory Introspection
|
Describes a serialized intObjWinProcess object. More...
Data Fields | |
| QWORD | EprocessAddress |
| This will be the address of the EPROCESS. More... | |
| QWORD | ParentEprocess |
| The EPROCESS of the parent process. More... | |
| QWORD | RealParentEprocess |
| The active EPROCESS at the moment of creation. More... | |
| QWORD | Cr3 |
| Process PDBR. Includes PCID. More... | |
| QWORD | UserCr3 |
| Process user PDBR. Includes PCID. More... | |
| DWORD | Pid |
| Process ID (the one used by Windows). More... | |
| QWORD | Peb64Address |
| PEB 64 address (on x86 OSes, this will be 0). More... | |
| QWORD | Peb32Address |
| PEB 32 address (on pure x64 processes, this will be 0). More... | |
| QWORD | MainModuleAddress |
| The address of the main module. More... | |
| QWORD | Flags |
| The protection flags. More... | |
Describes a serialized intObjWinProcess object.
Definition at line 168 of file serializers.c.
| QWORD _SERIALIZER_WIN_PROCESS::Cr3 |
Process PDBR. Includes PCID.
Definition at line 173 of file serializers.c.
Referenced by IntSerializeWinProcess().
| QWORD _SERIALIZER_WIN_PROCESS::EprocessAddress |
This will be the address of the EPROCESS.
Definition at line 170 of file serializers.c.
Referenced by IntSerializeWinProcess().
| QWORD _SERIALIZER_WIN_PROCESS::Flags |
The protection flags.
Definition at line 179 of file serializers.c.
Referenced by IntSerializeWinProcess().
| QWORD _SERIALIZER_WIN_PROCESS::MainModuleAddress |
The address of the main module.
Definition at line 178 of file serializers.c.
Referenced by IntSerializeWinProcess().
| QWORD _SERIALIZER_WIN_PROCESS::ParentEprocess |
The EPROCESS of the parent process.
Definition at line 171 of file serializers.c.
Referenced by IntSerializeWinProcess().
| QWORD _SERIALIZER_WIN_PROCESS::Peb32Address |
PEB 32 address (on pure x64 processes, this will be 0).
Definition at line 177 of file serializers.c.
Referenced by IntSerializeWinProcess().
| QWORD _SERIALIZER_WIN_PROCESS::Peb64Address |
PEB 64 address (on x86 OSes, this will be 0).
Definition at line 176 of file serializers.c.
Referenced by IntSerializeWinProcess().
| DWORD _SERIALIZER_WIN_PROCESS::Pid |
Process ID (the one used by Windows).
Definition at line 175 of file serializers.c.
Referenced by IntSerializeWinProcess().
| QWORD _SERIALIZER_WIN_PROCESS::RealParentEprocess |
The active EPROCESS at the moment of creation.
Definition at line 172 of file serializers.c.
Referenced by IntSerializeWinProcess().
| QWORD _SERIALIZER_WIN_PROCESS::UserCr3 |
Process user PDBR. Includes PCID.
Definition at line 174 of file serializers.c.
Referenced by IntSerializeWinProcess().
1.8.13