- Generated by
1.8.13
|
Bitdefender Hypervisor Memory Introspection
|
#include <vecommon.h>
Data Fields | |
| DWORD | Reason |
| Same as the basic VM Exit reason. More... | |
| DWORD | Reserved |
| QWORD | Qualification |
| Same as the exit qualification provided on VM Exits. More... | |
| QWORD | GuestLinearAddress |
| Same as the GLA field provided on EPT Violations. More... | |
| QWORD | GuestPhysicalAddress |
| Same as the GPA field provided on EPT Violations. More... | |
| QWORD | EptpIndex |
| The index of the EPT in which the fault took place. More... | |
| QWORD | Reserved2 |
| Reserved by Intel. More... | |
| REGISTERS | Registers |
| Offset 0x30 - 0x200, general purpose registers. More... | |
| PBYTE | ProtectedStack |
| Offset 0x200, the protected stack. More... | |
| PBYTE | OriginalStack |
| Offset 0x208, the original stack. More... | |
| QWORD | OldValue |
| Old page-table entry. More... | |
| QWORD | NewValue |
| New page-table entry. More... | |
| QWORD | VeTotal |
| Total number of VEs. More... | |
| QWORD | VeMm |
| Number of VEs generated by the OS. More... | |
| QWORD | VePageWalk |
| Number of VEs generated by the CPU page-walker. More... | |
| QWORD | VeIgnoredTotal |
| QWORD | VeIgnoredCache |
| QWORD | VeIgnoredIrrelevant |
| QWORD | TscTotal |
| Total number of CPU ticks spent inside the agent. More... | |
| QWORD | TscCount |
| Total number of times the agent has been invoked. More... | |
| BYTE | Instruction [16] |
| Current instruction bytes. More... | |
| QWORD | Self |
| Pointer to self. More... | |
| QWORD | Index |
| VCPU index. More... | |
| BOOLEAN | Raised |
| True if the current VE has been sent to Introcore via VMCALL. More... | |
The VE information page. One such structure, that spans an entire page, must be present for each VCPU. The address of the VE info page (host physical address) is stored inside the VMCS, and when a VE is generated, the CPU will store in it information related to the event. Right now, only EPT violation events can be delivered as virtualization exceptions. The beginning of the page is reserved for the CPU, but the rest of it is used by the VE agent and Introcore.
Definition at line 107 of file vecommon.h.
| QWORD _VECPU::EptpIndex |
The index of the EPT in which the fault took place.
Definition at line 117 of file vecommon.h.
Referenced by IntVeDumpVeInfoPage().
| QWORD _VECPU::GuestLinearAddress |
Same as the GLA field provided on EPT Violations.
Definition at line 115 of file vecommon.h.
Referenced by IntDispatchVeAsEpt(), IntVeDumpVeInfoPage(), and IntVeHandleHypercall().
| QWORD _VECPU::GuestPhysicalAddress |
Same as the GPA field provided on EPT Violations.
Definition at line 116 of file vecommon.h.
Referenced by IntDispatchVeAsEpt(), IntVeDumpVeInfoPage(), and IntVeHandleHypercall().
| QWORD _VECPU::Index |
VCPU index.
Definition at line 145 of file vecommon.h.
Referenced by IntVeDeliverDriverForLoad(), IntVeDumpVeInfoPage(), and IntVeHandleHypercall().
| BYTE _VECPU::Instruction[16] |
Current instruction bytes.
Definition at line 142 of file vecommon.h.
Referenced by IntDispatchVeAsEpt(), and IntVeDumpVeInfoPage().
| QWORD _VECPU::NewValue |
New page-table entry.
Definition at line 126 of file vecommon.h.
Referenced by IntDispatchVeAsEpt(), and IntVeDumpVeInfoPage().
| QWORD _VECPU::OldValue |
Old page-table entry.
Definition at line 125 of file vecommon.h.
Referenced by IntDispatchVeAsEpt(), and IntVeDumpVeInfoPage().
| PBYTE _VECPU::OriginalStack |
Offset 0x208, the original stack.
Definition at line 123 of file vecommon.h.
Referenced by IntVeDumpVeInfoPage().
| PBYTE _VECPU::ProtectedStack |
Offset 0x200, the protected stack.
Definition at line 122 of file vecommon.h.
Referenced by IntVeDeliverDriverForLoad(), and IntVeDumpVeInfoPage().
| QWORD _VECPU::Qualification |
Same as the exit qualification provided on VM Exits.
Definition at line 114 of file vecommon.h.
Referenced by IntDispatchVeAsEpt(), IntVeDumpVeInfoPage(), and IntVeHandleHypercall().
| BOOLEAN _VECPU::Raised |
True if the current VE has been sent to Introcore via VMCALL.
Definition at line 147 of file vecommon.h.
| DWORD _VECPU::Reason |
Same as the basic VM Exit reason.
Definition at line 110 of file vecommon.h.
Referenced by IntVeDumpVeInfoPage().
| REGISTERS _VECPU::Registers |
Offset 0x30 - 0x200, general purpose registers.
Definition at line 120 of file vecommon.h.
Referenced by IntDispatchVeAsEpt(), and IntVeDumpVeInfoPage().
| DWORD _VECPU::Reserved |
Reserved. This field will be set to 0xFFFFFFFF when a VE is delivered. If this field is 0xFFFFFFFF, the CPU will not generate VEs anymore; instead, EPT violations will be delivered as usual.
Definition at line 111 of file vecommon.h.
Referenced by IntVeDumpVeInfoPage().
| QWORD _VECPU::Reserved2 |
| QWORD _VECPU::Self |
Pointer to self.
Definition at line 144 of file vecommon.h.
Referenced by IntVeDeliverDriverForLoad(), IntVeDumpVeInfoPage(), and IntVeHandleHypercall().
| QWORD _VECPU::TscCount |
Total number of times the agent has been invoked.
Definition at line 139 of file vecommon.h.
Referenced by IntVeDumpStats().
| QWORD _VECPU::TscTotal |
Total number of CPU ticks spent inside the agent.
Definition at line 138 of file vecommon.h.
Referenced by IntVeDumpStats().
| QWORD _VECPU::VeIgnoredCache |
Total number of VEs that were ignored because the a cache hit (page-table entries which are not monitored by Introcore).
Definition at line 133 of file vecommon.h.
Referenced by IntVeDumpStats().
| QWORD _VECPU::VeIgnoredIrrelevant |
Total number of VEs ignored because the modification was not relevant (for example, the A bit was cleared).
Definition at line 135 of file vecommon.h.
Referenced by IntVeDumpStats().
| QWORD _VECPU::VeIgnoredTotal |
Total number of VEs that were handled inside the guest, without reporting them to Introcore (no VM exit).
Definition at line 131 of file vecommon.h.
Referenced by IntVeDumpStats().
| QWORD _VECPU::VeMm |
Number of VEs generated by the OS.
Definition at line 129 of file vecommon.h.
Referenced by IntVeDumpStats().
| QWORD _VECPU::VePageWalk |
Number of VEs generated by the CPU page-walker.
Definition at line 130 of file vecommon.h.
Referenced by IntVeDumpStats().
| QWORD _VECPU::VeTotal |
1.8.13