Bitdefender Hypervisor Memory Introspection
|
Structure encapsulating VCPU-specific information. More...
#include <guests.h>
Data Fields | |
INSTRUX | Instruction |
The current instruction, pointed by the guest RIP. More... | |
IG_ARCH_REGS | Regs |
The current state of the guest registers. More... | |
QWORD | Ia32Efer |
The value of the guest IA32 EFER MSR. More... | |
QWORD | EventId |
EventId for which VCPU_STATE.Regs is valid. More... | |
QWORD | ExitGpa |
The accessed guest physical address, for which the EPT violation was generated. More... | |
QWORD | ExitGla |
The accessed guest linear address, for which the EPT violation was generated. More... | |
QWORD | ExitAccess |
The access type for which the EPT violation was generated. More... | |
QWORD | Gpa |
The accessed guest physical address. Valid only for EPT exits. More... | |
QWORD | Gla |
The accessed guest virtual address. Valid only for EPT exits. More... | |
DWORD | AccessSize |
The size of the memory access. Valid only for EPT exits. More... | |
QWORD | PcrGla |
The guest linear address of the _KPCR structure loaded by this CPU. More... | |
QWORD | IdtBase |
Original IDT base. More... | |
WORD | IdtLimit |
The current IDT limit. More... | |
QWORD | GdtBase |
Original GDT base. More... | |
QWORD | Xcr0 |
The value of XCR0. Updated by IntHandleXcrWrite. More... | |
INFO_UD_PENDING * | CurrentUD |
The currently pending #UD injection on this CPU. More... | |
struct { | |
BOOLEAN Valid | |
True if the fields are valid; False if they are not. More... | |
BYTE Vector | |
The injected exception number. More... | |
DWORD ErrorCode | |
The error code, for exceptions that have an error code. More... | |
QWORD Cr2 | |
The Cr2. Valid only if Vector is 14 (Page Fault) More... | |
} | Exception |
The exception to be injected in guest. More... | |
union { | |
void * IdtHookObject | |
The EPT hook object used to protect the IDT. More... | |
void * IdtIntegrityObject | |
The integrity region used to protect the IDT. More... | |
}; | |
The IDT protection object. More... | |
QWORD | LixProcessGva |
The guest virtual address of the running task on the current vCPU (valid only for Linux / thread safeness) More... | |
PATCH_BUFFER | PatchBuffer |
The patch buffer used to emulate reads. More... | |
PTEMU_BUFFER | PtEmuBuffer |
The page table write emulator buffer. More... | |
PTWRITE_CACHE | PtWriteCache |
The last written PT entry. More... | |
DWORD | Index |
The VCPU number. More... | |
CPU_STATE | State |
The state of this VCPU. Describes what action is the VCPU currently doing. More... | |
BOOLEAN | PtContext |
Set to True if we are in the context of a PT filter VMCALL. More... | |
BOOLEAN | VeContext |
Set to True if we are in the context of the #VE agent. More... | |
PVECPU | VeInfoPage |
Pointer to the VEINFO page used for this VCPU. More... | |
DWORD | EptpIndex |
The index of the current loaded EPT. More... | |
BOOLEAN | RepOptDisabled |
The state of the rep optimization feature. More... | |
BOOLEAN | Initialized |
True if the VCPU is initialized and used by the guest, False if it is not. More... | |
BOOLEAN | SingleStep |
True if th VCPU is currently single-stepping the current instruction. More... | |
BOOLEAN | AllowOnExec |
True if we returned introGuestAllowed on an execution alert. More... | |
QWORD | AllowOnExecRip |
The RIP which was allowed to execute on an exec violation. More... | |
QWORD | AllowOnExecGpa |
The GPA which was allowed to execute on an exec violation. More... | |
union { ... } |
The IDT protection object.
These are both void* so they need to be casted to the appropriate object anyway. They have different names to point out that sometimes this is either a hook object (when the IDT is protected with an EPT hook) or a integrity region. For Windows guests, the decision of the protection type is done in IntWinIdtProtectOnCpu based on the OS type and version. For 64-bit Windows versions starting with version 16299, the EPT protection is used; we can do this because the IDT is in its own dedicated page. For the other Windows version the integrity protection is used. We do this because on those versions, the IDT is in a page that is written quite often by the OS, and placing an EPT hook on it will bring a performance impact. On Linux, the EPT protection is always used as the IDT is always in its own page.
DWORD _VCPU_STATE::AccessSize |
The size of the memory access. Valid only for EPT exits.
Definition at line 103 of file guests.h.
Referenced by IntDecEmulateRead(), IntDispatchPtAsEpt(), IntExceptGetVictimEpt(), IntHandleEptViolation(), IntHandleMemAccess(), IntHookPtwProcessWrite(), IntLixDrvIsLegitimateTextPoke(), IntLixKernelHandleRead(), IntMemClkHandleRead(), IntWinModHandleUserWrite(), and IntWinTokenPrivsHandleWrite().
BOOLEAN _VCPU_STATE::AllowOnExec |
True if we returned introGuestAllowed on an execution alert.
Definition at line 201 of file guests.h.
Referenced by IntHandleEptViolation().
QWORD _VCPU_STATE::AllowOnExecGpa |
The GPA which was allowed to execute on an exec violation.
Definition at line 203 of file guests.h.
Referenced by IntHandleEptViolation().
QWORD _VCPU_STATE::AllowOnExecRip |
The RIP which was allowed to execute on an exec violation.
Definition at line 202 of file guests.h.
Referenced by IntHandleEptViolation().
QWORD _VCPU_STATE::Cr2 |
The Cr2. Valid only if Vector is 14 (Page Fault)
Definition at line 135 of file guests.h.
Referenced by IntHandleEventInjection(), and IntInjectExceptionInGuest().
INFO_UD_PENDING* _VCPU_STATE::CurrentUD |
The currently pending #UD injection on this CPU.
Since we can't be sure if and when an #UD injection will succeed, we remember here the one we wait for on this VCPU. There can not be more than one pending injection for one VCPU at a time. If it is NULL, there is no pending injection on this VCPU. Ca be set by IntWinVadHandlePageExecution and IntLixVmaHandlePageExecution and reset by IntHandleEventInjection and IntUDRemoveAllEntriesForCr3.
Definition at line 123 of file guests.h.
Referenced by IntHandleEventInjection(), IntLixVmaHandlePageExecution(), IntUDRemoveAllEntriesForCr3(), IntWinSudHandleSudExec(), and IntWinVadHandlePageExecution().
DWORD _VCPU_STATE::EptpIndex |
The index of the current loaded EPT.
Set in IntHandleEptViolation by using IntGetCurrentEptIndex. In cases in which a VMCALL issued by the #VE agent is dispatched as an EPT violation (VCPU_STATE.VeContext is set to True), its value is forcibly set to 0 (the default EPT view).
Definition at line 196 of file guests.h.
Referenced by IntDispatchVeAsEpt(), IntHandleEptViolation(), IntValidatePageRights(), and IntValidatePageRightsEx().
DWORD _VCPU_STATE::ErrorCode |
The error code, for exceptions that have an error code.
Definition at line 134 of file guests.h.
Referenced by IntInjectExceptionInGuest().
QWORD _VCPU_STATE::EventId |
EventId for which VCPU_STATE.Regs is valid.
Definition at line 97 of file guests.h.
Referenced by IntCr0Read(), IntCr3Read(), IntCr4Read(), IntCr8Read(), IntGetGprs(), IntRipRead(), and IntSetGprs().
struct { ... } _VCPU_STATE::Exception |
The exception to be injected in guest.
Referenced by IntHandleEventInjection(), IntInjectExceptionInGuest(), and IntSwapMemInjectPendingPF().
QWORD _VCPU_STATE::ExitAccess |
The access type for which the EPT violation was generated.
Definition at line 100 of file guests.h.
Referenced by IntHandleEptViolation(), and IntHandleMemAccess().
QWORD _VCPU_STATE::ExitGla |
The accessed guest linear address, for which the EPT violation was generated.
Definition at line 99 of file guests.h.
Referenced by IntHandleEptViolation(), and IntHandleMemAccess().
QWORD _VCPU_STATE::ExitGpa |
The accessed guest physical address, for which the EPT violation was generated.
Definition at line 98 of file guests.h.
Referenced by IntHandleEptViolation(), and IntHandleMemAccess().
QWORD _VCPU_STATE::GdtBase |
QWORD _VCPU_STATE::Gla |
The accessed guest virtual address. Valid only for EPT exits.
Definition at line 102 of file guests.h.
Referenced by IntDecEmulatePTWrite(), IntDecEmulateRead(), IntDispatchPtAsEpt(), IntHandleEptViolation(), IntHandleMemAccess(), IntLixDrvIsLegitimateTextPoke(), IntLixIdtWriteHandler(), IntLixVdsoHandleKernelModeWrite(), IntLixVdsoHandleUserModeWrite(), IntLixVdsoHandleWriteCommon(), IntLixVmaHandlePageExecution(), IntMtblCheckAccess(), IntPtiHandleExecute(), IntPtiHandleWrite(), IntRtlpVirtualUnwindCheckAccess(), IntValidateTranslation(), IntVeHandleAccess(), IntVeHandleEPTViolationInProtectedView(), IntWinIdtWriteHandler(), and IntWinModHandleUserWrite().
QWORD _VCPU_STATE::Gpa |
The accessed guest physical address. Valid only for EPT exits.
Definition at line 101 of file guests.h.
Referenced by IntDecEmulatePTWrite(), IntDispatchPtAsEpt(), IntHandleEptViolation(), IntHandleMemAccess(), IntLixIdtWriteHandler(), IntLixVmaHandlePageExecution(), IntValidateTranslation(), IntVeHandleEPTViolationInProtectedView(), IntWinIdtWriteHandler(), and IntWinModHandleUserWrite().
QWORD _VCPU_STATE::Ia32Efer |
QWORD _VCPU_STATE::IdtBase |
Original IDT base.
Definition at line 110 of file guests.h.
Referenced by DbgLogKpcr(), IntDtrHandleWrite(), IntGuestGetIdtFromGla(), IntLixGuestNew(), IntLixIdtProtectOnCpu(), IntVeFindKernelKvaShadowAndKernelExit(), IntWinGuestNew(), IntWinIdtProtectOnCpu(), IntWinIdtProtectOnCpuEpt(), IntWinIdtProtectOnCpuIntegrity(), IntWinIdtUnprotectOnCpu(), IntWinIdtUnprotectOnCpuEpt(), and IntWinIdtUnprotectOnCpuIntergity().
void* _VCPU_STATE::IdtHookObject |
The EPT hook object used to protect the IDT.
Created in IntWinIdtProtectOnCpuEpt for Windows guests and IntLixIdtProtectOnCpu for Linux guests. Freed in IntWinIdtUnprotectOnCpuEpt and IntLixIdtUnprotectAll.
Definition at line 155 of file guests.h.
Referenced by IntLixIdtProtectOnCpu(), IntLixIdtUnprotectAll(), IntWinIdtProtectOnCpuEpt(), and IntWinIdtUnprotectOnCpuEpt().
void* _VCPU_STATE::IdtIntegrityObject |
The integrity region used to protect the IDT.
Created in IntWinIdtProtectOnCpuIntegrity and freed in IntWinIdtUnprotectOnCpuIntergity.
Definition at line 159 of file guests.h.
Referenced by IntWinIdtProtectOnCpuIntegrity(), and IntWinIdtUnprotectOnCpuIntergity().
WORD _VCPU_STATE::IdtLimit |
The current IDT limit.
Definition at line 111 of file guests.h.
Referenced by IntDtrHandleWrite(), IntGuestGetIdtFromGla(), IntLixGuestNew(), IntLixIdtProtectOnCpu(), IntWinGuestNew(), IntWinIdtProtectOnCpuEpt(), and IntWinIdtProtectOnCpuIntegrity().
DWORD _VCPU_STATE::Index |
The VCPU number.
Definition at line 172 of file guests.h.
Referenced by DbgCrWriteTestCallback(), IntAlertCoreGetFlags(), IntAlertFillCpuContext(), IntAlertFillLixCurrentProcess(), IntAlertProcGetFlags(), IntCr0Read(), IntCr3Read(), IntCr4Read(), IntCr8Read(), IntDecEmulatePTWrite(), IntDetCallCallback(), IntDetPatchArgument(), IntDetSetReturnValue(), IntDispatchVeAsEpt(), IntDtrHandleWrite(), IntDumpCodeAndRegs(), IntEngFillExecDetails(), IntExceptGetVictimEpt(), IntFindKernelPcr(), IntGetGprs(), IntGuestGetPagingMode(), IntGuestHandleCr3Write(), IntGuestInit(), IntGuestInitMemoryInfo(), IntLixAccessRemoteVmHandler(), IntLixAgentCreateThreadHypercall(), IntLixAgentExit(), IntLixAgentHandleInt3(), IntLixAgentHandleVmcall(), IntLixAgentStart(), IntLixDepDeployFileHypercall(), IntLixIdtWriteHandler(), IntLixTaskGetCurrentTaskStruct(), IntLixTaskHandleFork(), IntLixTaskHandleInjection(), IntLixVdsoHandleUserModeWrite(), IntLixVmaHandlePageExecution(), IntLogGuestRegisters(), IntMemClkHandleRead(), IntMtblCheckAccess(), IntRipRead(), IntRtlpVirtualUnwindCheckAccess(), IntSetGprs(), IntSwapMemCancelPendingPF(), IntSwapMemHandleBreakpointAgent(), IntSwapMemInjectPendingPF(), IntUnpPageExecuteCallback(), IntVasPageTableWriteCallback(), IntVeDumpVeInfoPage(), IntVeHandleEPTViolationInProtectedView(), IntVeHandleHypercall(), IntWinAgentHandleDriverVmcall(), IntWinAgentHandleVmcall(), IntWinBcHandleBugCheck(), IntWinCrashHandleDepViolation(), IntWinDpiGetProcessDebugFlag(), IntWinDpiValidateThreadStart(), IntWinGuestFindIdleCr3(), IntWinHalHandleHalHeapExec(), IntWinIdtWriteHandler(), IntWinModBlockHandleExecution(), IntWinModFillInjectionData(), IntWinModPolyHandler(), IntWinProcHandleCreate(), IntWinSudHandleSudExec(), IntWinThrGetCurrentStackBaseAndLimit(), IntWinThrGetCurrentTib(), IntWinVadHandlePageExecution(), and IntWinVadIsExecSuspicious().
BOOLEAN _VCPU_STATE::Initialized |
True if the VCPU is initialized and used by the guest, False if it is not.
Definition at line 199 of file guests.h.
Referenced by IntGuestInit(), IntVeDeliverDriverForLoad(), and IntWinGetActiveCpuCount().
INSTRUX _VCPU_STATE::Instruction |
The current instruction, pointed by the guest RIP.
It is valid only for EPT exits
Definition at line 88 of file guests.h.
Referenced by IntAlertFillCpuContext(), IntDecEmulatePTWrite(), IntDispatchVeAsEpt(), IntExceptGetVictimEpt(), IntExceptKernelGetOriginator(), IntExceptUserGetExecOriginator(), IntHandleDtrViolation(), IntHandleEptViolation(), IntHookPtwEmulateWrite(), IntHookPtwProcessWrite(), IntLixDrvIsLegitimateTextPoke(), IntLixKernelHandleRead(), IntLixVdsoHandleUserModeWrite(), IntLixVmaHandlePageExecution(), IntMemClkHandleRead(), IntMtblCheckAccess(), IntValidatePageRights(), IntValidatePageRightsEx(), IntWinDrvObjHandleWrite(), IntWinInfHookHandleSiloFirstWrite(), IntWinInfHookSppViolationCallbackWmiPtrChanged(), IntWinModHandleUserWrite(), IntWinSudSendSudExecAlert(), and IntWinVadIsExecSuspicious().
QWORD _VCPU_STATE::LixProcessGva |
The guest virtual address of the running task on the current vCPU (valid only for Linux / thread safeness)
Definition at line 166 of file guests.h.
Referenced by IntThrSafeInspectRunningThreads(), and IntThrSafeIsStackPtrInIntro().
PATCH_BUFFER _VCPU_STATE::PatchBuffer |
The patch buffer used to emulate reads.
Definition at line 168 of file guests.h.
Referenced by IntDispatchPtAsEpt(), IntHandleEptViolation(), and IntMemClkHandleRead().
QWORD _VCPU_STATE::PcrGla |
The guest linear address of the _KPCR structure loaded by this CPU.
Valid only for Windows guests.
Definition at line 108 of file guests.h.
Referenced by IntWinIntObjProtect(), and IntWinThrGetCurrentThread().
BOOLEAN _VCPU_STATE::PtContext |
Set to True if we are in the context of a PT filter VMCALL.
This can happen if the PT filter issues a VMCALL which is further dispatched using IntDispatchPtAsEpt.
Definition at line 178 of file guests.h.
Referenced by IntDispatchPtAsEpt(), and IntHandleMemAccess().
PTEMU_BUFFER _VCPU_STATE::PtEmuBuffer |
The page table write emulator buffer.
Definition at line 169 of file guests.h.
Referenced by IntDispatchPtAsEpt(), IntDispatchVeAsEpt(), IntHandleEptViolation(), IntHandleMemAccess(), IntHookPtwEmulateWrite(), IntHookPtwProcessWrite(), and IntWinSelfMapHandleCr3SelfMapWrite().
PTWRITE_CACHE _VCPU_STATE::PtWriteCache |
The last written PT entry.
Definition at line 170 of file guests.h.
Referenced by IntDispatchPtAsEpt(), IntDispatchVeAsEpt(), IntHandleEptViolation(), and IntHookPtwProcessWrite().
IG_ARCH_REGS _VCPU_STATE::Regs |
The current state of the guest registers.
These are filled on every exit and are updated after every IntSetGprs. For IntGetGprs, IntRipRead, IntCr0Read, IntCr3Read, IntCr4Read, and IntCr8Read calls done for the current VCPU while gEventId matches VCPU_STATE.EventId, the values cached here are returned, if they were previously obtained for this exit.
Definition at line 95 of file guests.h.
Referenced by DbgLogCurrentProcess(), IntAlertEptFillFromVictimZone(), IntAlertFillCpuContext(), IntAlertFillExecContext(), IntCr0Read(), IntCr3Read(), IntCr4Read(), IntCr8Read(), IntCrLixHandleWrite(), IntDecEmulatePTWrite(), IntDecEmulateRead(), IntDetCallCallback(), IntDetGetArgumentInternal(), IntDetGetArguments(), IntDetPatchArgument(), IntDisableIntro(), IntDispatchPtAsEpt(), IntDispatchVeAsEpt(), IntDriverLoadHandler(), IntDriverUnloadHandler(), IntExceptGetVictimEpt(), IntExceptKernelGetOriginator(), IntExceptLixKernelGetOriginator(), IntExceptUserGetExecOriginator(), IntExceptUserHandleMemoryFunctions(), IntExceptUserLogInformation(), IntExceptVerifyCodeBlocksSig(), IntExceptVerifyValueCodeSig(), IntExceptWinKernelGetOriginator(), IntGetCurrentInstructionLength(), IntGetCurrentInstructionMnemonic(), IntGetGprs(), IntGuestGetPagingMode(), IntGuestHandleCr3Write(), IntGuestInitMemoryInfo(), IntGuestUninitOnBugcheck(), IntHandleBreakpoint(), IntHandleCowOnPage(), IntHandleCrWrite(), IntHandleDtrViolation(), IntHandleEptViolation(), IntHandleEventInjection(), IntHandleFetchRetryOnPageBoundary(), IntHandleIntroCall(), IntHandleMemAccess(), IntHandleMsrViolation(), IntHandleXcrWrite(), IntHookPtwEmulateWrite(), IntHookPtwProcessWrite(), IntLixAccessRemoteVmHandler(), IntLixAgentCreateThreadCompletion(), IntLixAgentCreateThreadHypercall(), IntLixAgentError(), IntLixAgentExit(), IntLixAgentHandleBreakpoint(), IntLixAgentHandleKernelVmcall(), IntLixAgentHandleUserVmcall(), IntLixAgentStart(), IntLixAgentThreadError(), IntLixAgentThreadHandleBreakpoint(), IntLixCommitCredsHandle(), IntLixCrashHandle(), IntLixDepDeployFileHypercall(), IntLixDrvIsLegitimateTextPoke(), IntLixDumpStacktrace(), IntLixGuestAgentContentHandler(), IntLixGuestAllocateFill(), IntLixGuestDetourDataHandler(), IntLixGuestInitAgentCompletion(), IntLixIdtWriteHandler(), IntLixJumpLabelHandler(), IntLixKernelHandleRead(), IntLixPatchHandler(), IntLixTaskHandleDoExit(), IntLixTaskHandleExec(), IntLixTaskHandleFork(), IntLixTaskHandlePtrace(), IntLixTaskHandleVmRw(), IntLixVdsoHandleUserModeWrite(), IntLixVdsoHandleWrite(), IntLixVdsoHandleWriteCommon(), IntLixVmaAdjust(), IntLixVmaChangeProtection(), IntLixVmaExpandDownwards(), IntLixVmaHandlePageExecution(), IntLixVmaInsert(), IntLixVmaRemove(), IntLogGuestRegisters(), IntLogProcessInfo(), IntLogStackTrace(), IntMemClkHandleRead(), IntMtblCheckAccess(), IntMtblPatchInstruction(), IntPtiHandleExecute(), IntPtiHandleInt3(), IntPtiHandleWrite(), IntPtiInspectInstruction(), IntPtiRemoveInstruction(), IntRipRead(), IntRtlpVirtualUnwindCheckAccess(), IntSerializeArchRegs(), IntSerializeRipCode(), IntSetGprs(), IntTranslateVirtualAddressEx(), IntUnpPageExecuteCallback(), IntValidatePageRights(), IntValidatePageRightsEx(), IntVasPageTableWriteCallback(), IntVeDumpVeInfoPage(), IntVeHandleAccess(), IntVeHandleEPTViolationInProtectedView(), IntVeHandleHypercall(), IntVeIsCurrentRipInAgent(), IntWinAgentActivatePendingAgent(), IntWinAgentHandleInt3(), IntWinAgentHandleVmcall(), IntWinBcHandleBugCheck(), IntWinCrashHandleDepViolation(), IntWinDagentSendDoubleAgentAlert(), IntWinDrvHandleDriverEntry(), IntWinDrvHandleRead(), IntWinDrvObjHandleWrite(), IntWinDrvObjSendEptAlert(), IntWinDrvSendAlert(), IntWinHalHandleHalHeapExec(), IntWinHalSendAlert(), IntWinHandleException(), IntWinIdtWriteHandler(), IntWinInfHookEptSppHandleWrite(), IntWinInfHookEptSppSendAlert(), IntWinInfHookHandleSiloFirstWrite(), IntWinInfHookSppViolationCallbackWmiPtrChanged(), IntWinLogVAInfo(), IntWinModBlockHandleExecution(), IntWinModFillInjectionData(), IntWinModHandleKernelWrite(), IntWinModHandleUserWrite(), IntWinModHandleWrite(), IntWinPowGetRequestedPowerState(), IntWinProcHandleCopyMemory(), IntWinProcHandleCreate(), IntWinProcHandleCreateInternal(), IntWinProcHandleInstrument(), IntWinSelfMapHandleCr3SelfMapWrite(), IntWinSetUmExceptionEvent(), IntWinStackHandleUserStackPagedOut(), IntWinStackUserCheckIsPivoted(), IntWinSudHandleKernelSudExec(), IntWinSudHandleSudExec(), IntWinSudHandleUserSudExec(), IntWinSudSendSudExecAlert(), IntWinThrHandleQueueApc(), IntWinThrHandleThreadHijack(), IntWinTokenPrivsSendEptAlert(), IntWinVadHandleCommit(), IntWinVadHandleDeleteVaRange(), IntWinVadHandleFinishVadDeletion(), IntWinVadHandleInsertMap(), IntWinVadHandleInsertPrivate(), IntWinVadHandlePageExecution(), and IntWinVadIsExecSuspicious().
BOOLEAN _VCPU_STATE::RepOptDisabled |
The state of the rep optimization feature.
Definition at line 198 of file guests.h.
Referenced by IntHandleEptViolation().
BOOLEAN _VCPU_STATE::SingleStep |
True if th VCPU is currently single-stepping the current instruction.
Definition at line 200 of file guests.h.
Referenced by IntHandleEptViolation().
CPU_STATE _VCPU_STATE::State |
The state of this VCPU. Describes what action is the VCPU currently doing.
Definition at line 173 of file guests.h.
Referenced by DbgDumpCpuState(), IntExceptKernelGetOriginator(), IntHandleBreakpoint(), IntHandleCrWrite(), IntHandleDtrViolation(), IntHandleEptViolation(), IntHandleEventInjection(), IntHandleIntroCall(), IntHandleMsrViolation(), IntHandleXcrWrite(), IntHookCrRemoveHook(), IntHookDtrRemoveHook(), IntHookMsrRemoveHook(), IntHookXcrRemoveHook(), and IntMtblCheckAccess().
BOOLEAN _VCPU_STATE::Valid |
True if the fields are valid; False if they are not.
When it is True, an exception was injected using IntInjectTrap. It is set to True by IntInjectExceptionInGuest and reset to False in IntHandleEventInjection
Definition at line 132 of file guests.h.
Referenced by IntHandleEventInjection(), IntInjectExceptionInGuest(), and IntSwapMemInjectPendingPF().
BOOLEAN _VCPU_STATE::VeContext |
Set to True if we are in the context of the #VE agent.
This can happen if the agent issues a VMCALL and IntVeHandleHypercall returns INT_STATUS_RAISE_EPT. Toggled by IntDispatchVeAsEpt while handling the memory access.
Definition at line 184 of file guests.h.
Referenced by IntDispatchVeAsEpt(), and IntSetGprs().
BYTE _VCPU_STATE::Vector |
The injected exception number.
Definition at line 133 of file guests.h.
Referenced by IntHandleEventInjection(), and IntInjectExceptionInGuest().
PVECPU _VCPU_STATE::VeInfoPage |
Pointer to the VEINFO page used for this VCPU.
This maps the guest physical address at which the VEINFO page is found, essentially sharing the page between introcore and the guest. Set to NULL if #VE is not used. IntVeSetVeInfoPage is used to map and unmap it.
Definition at line 190 of file guests.h.
Referenced by IntDispatchVeAsEpt(), IntVeDeliverDriverForLoad(), IntVeDumpStats(), IntVeDumpVeInfoPage(), IntVeHandleHypercall(), and IntVeSetVeInfoPage().
QWORD _VCPU_STATE::Xcr0 |
The value of XCR0. Updated by IntHandleXcrWrite.
Definition at line 114 of file guests.h.
Referenced by IntHandleXcrWrite().