- Generated by
1.8.13
|
Bitdefender Hypervisor Memory Introspection
|
Encapsulates information about a virtual to physical memory translation. More...
#include <introcore.h>
Data Fields | |
| QWORD | VirtualAddress |
| The translated virtual address. More... | |
| QWORD | PhysicalAddress |
| The physical address to which VirtualAddress translates to. More... | |
| QWORD | MappingsTrace [MAX_TRANSLATION_DEPTH] |
| Contains the physical address of each entry within the translation tables. More... | |
| QWORD | MappingsEntries [MAX_TRANSLATION_DEPTH] |
| Contains the entry in which paging table. More... | |
| QWORD | Flags |
| The entry that maps VirtualAddress to PhysicalAddress, together with all the control bits. More... | |
| QWORD | PageSize |
| The page size used for this translation. More... | |
| QWORD | Cr3 |
| The Cr3 used for this translation. More... | |
| DWORD | MappingsCount |
| The number of entries inside the MappingsTrace and MappingsEntries arrays. More... | |
| BOOLEAN | Pointer64 |
| BOOLEAN | IsUser |
| True if this page is accessible to user mode code. More... | |
| BOOLEAN | IsWritable |
| True if this page is writable. More... | |
| BOOLEAN | IsExecutable |
| True if this page is executable. More... | |
| PAGING_MODE | PagingMode |
| The paging mode used for this translation. More... | |
| BYTE | CachingAttribute |
| The caching attributes used for this translation. More... | |
Encapsulates information about a virtual to physical memory translation.
Definition at line 102 of file introcore.h.
| BYTE _VA_TRANSLATION::CachingAttribute |
The caching attributes used for this translation.
These are obtained from the guest IA32_PAT MSR.
Definition at line 144 of file introcore.h.
| QWORD _VA_TRANSLATION::Cr3 |
The Cr3 used for this translation.
Definition at line 122 of file introcore.h.
| QWORD _VA_TRANSLATION::Flags |
The entry that maps VirtualAddress to PhysicalAddress, together with all the control bits.
This is the entry in the last table.
Definition at line 119 of file introcore.h.
Referenced by IntHandleCowOnPage(), IntLixGuestFindKernelVersionAndRo(), IntSwapMemInjectPendingPF(), IntSwapMemReadData(), IntTranslateVirtualAddress(), IntValidateRangeForWrite(), IntValidateTranslation(), IntVirtMemMap(), IntVirtMemSafeWrite(), IntWinDpiValidateHeapSpray(), IntWinDrvObjIsValidDriverObject(), IntWinGuestIsSystemCr3(), IntWinPfnIsMmPfnDatabase(), IntWinPfnLockAddress(), IntWinProcValidateSystemCr3(), IntWinSDFetchSecDescAddress(), IntWinSDReadSecDesc(), and IntWinTokenFetchTokenAddress().
| BOOLEAN _VA_TRANSLATION::IsExecutable |
True if this page is executable.
This happens if the NX bit is not set in all page table entries in the mapping hierarchy
Definition at line 136 of file introcore.h.
Referenced by DbgDumpTranslation(), and IntWinDpiValidateHeapSpray().
| BOOLEAN _VA_TRANSLATION::IsUser |
True if this page is accessible to user mode code.
This happens when the user/supervisor bit is set in all page table entries in the mapping hierarchy
Definition at line 128 of file introcore.h.
Referenced by DbgDumpTranslation(), IntValidateRangeForWrite(), and IntVirtMemSafeWrite().
| BOOLEAN _VA_TRANSLATION::IsWritable |
True if this page is writable.
This happens when the write bit is set in all page table entries in the mapping hierarchy
Definition at line 132 of file introcore.h.
Referenced by DbgDumpTranslation(), IntHandleCowOnPage(), IntSwapMemReadData(), IntValidateRangeForWrite(), and IntVirtMemSafeWrite().
| DWORD _VA_TRANSLATION::MappingsCount |
The number of entries inside the MappingsTrace and MappingsEntries arrays.
Definition at line 123 of file introcore.h.
Referenced by DbgDumpTranslation(), IntDecEmulatePageWalk(), IntHookPtsCheckIntegrity(), IntLixGuestAllocateFill(), IntWinGuestIsSystemCr3(), IntWinHalFindHalHeapAndInterruptController(), IntWinLogVAInfo(), and IntWinPfnIsMmPfnDatabase().
| QWORD _VA_TRANSLATION::MappingsEntries[MAX_TRANSLATION_DEPTH] |
Contains the entry in which paging table.
Contains MappingsCount entries, with the entry at index 0 being the entry in the root table
Definition at line 115 of file introcore.h.
Referenced by DbgDumpTranslation(), IntHookPtsCheckIntegrity(), IntLixGuestAllocateFill(), IntVeDumpVeInfoPage(), and IntWinLogVAInfo().
| QWORD _VA_TRANSLATION::MappingsTrace[MAX_TRANSLATION_DEPTH] |
Contains the physical address of each entry within the translation tables.
Contains MappingsCount entries, with the entry at index 0 being the address of the root table
Definition at line 111 of file introcore.h.
Referenced by DbgDumpTranslation(), IntDecEmulatePageWalk(), IntWinHalFindHalHeapAndInterruptController(), and IntWinPfnIsMmPfnDatabase().
| QWORD _VA_TRANSLATION::PageSize |
The page size used for this translation.
Definition at line 121 of file introcore.h.
Referenced by IntHookPtsCheckIntegrity(), IntLixGuestFindKernelVersionAndRo(), IntVirtMemMap(), and IntWinPfnLockAddress().
| PAGING_MODE _VA_TRANSLATION::PagingMode |
The paging mode used for this translation.
This is one of the PAGING_MODE values
Definition at line 140 of file introcore.h.
Referenced by IntTranslateVirtualAddress(), and IntVirtMemMap().
| QWORD _VA_TRANSLATION::PhysicalAddress |
The physical address to which VirtualAddress translates to.
Definition at line 107 of file introcore.h.
Referenced by DbgDumpTranslation(), IntIcAddInvdForInstruction(), IntLixGuestFindKernelVersionAndRo(), IntSwapMemInjectPendingPF(), IntSwapMemReadData(), IntTranslateVirtualAddress(), IntValidateRangeForWrite(), IntValidateTranslation(), IntVeHandleEPTViolationInProtectedView(), IntVirtMemMap(), IntVirtMemSafeWrite(), IntWinDpiValidateHeapSpray(), IntWinDrvObjIsValidDriverObject(), IntWinGuestIsSystemCr3(), IntWinHalFindHalHeapAndInterruptController(), IntWinLogVAInfo(), IntWinPfnIsMmPfnDatabase(), IntWinPfnLockAddress(), IntWinProcValidateSystemCr3(), IntWinSDFetchSecDescAddress(), IntWinSDReadSecDesc(), and IntWinTokenFetchTokenAddress().
| BOOLEAN _VA_TRANSLATION::Pointer64 |
True if VirtualAddress is a 64-bit address
Definition at line 124 of file introcore.h.
| QWORD _VA_TRANSLATION::VirtualAddress |
The translated virtual address.
Definition at line 105 of file introcore.h.
Referenced by IntWinHalFindHalHeapAndInterruptController(), and IntWinLogVAInfo().
1.8.13