- Generated by
1.8.13
|
Bitdefender Hypervisor Memory Introspection
|
#include <winagent.h>
Data Fields | |
| LIST_ENTRY | Link |
| List entry element. More... | |
| AGENT_TYPE | AgentType |
| Agent type. More... | |
| AGENT_HCALL | HcallType |
| Hyper call type. More... | |
| PFUNC_AgentInjection | InjectionCallback |
| Injection callback. More... | |
| PFUNC_AgentDeliver | DeliverCallback |
| Delivery callback. More... | |
| PFUNC_AgentCompletion | CompletionCallback |
| Completion callback. More... | |
| void * | Context |
| Optional context. Passed along to the 3 callbacks above. More... | |
| QWORD | BootstrapAddress |
| Address where the bootstrap was allocated. More... | |
| DWORD | BootstrapSize |
| The size of the bootstrap. More... | |
| QWORD | DriverAddress |
| Address of the boot driver. More... | |
| DWORD | DriverSize |
| Size of the boot driver. More... | |
| DWORD | DriverEntryPoint |
| Entry point of the boot driver. More... | |
| DWORD | AgentTag |
| Agent tag. More... | |
| DWORD | Flags |
| Agent flags & state. More... | |
| QWORD | Token1 |
| Token used by the bootstrap code. More... | |
| QWORD | Token2 |
| Token used by the bootstrap code. More... | |
| QWORD | Token3 |
| Token used by the bootstrap code. More... | |
| void * | InsCloakRegion |
| Cloak handle used to hide the detoured instruction. More... | |
| void * | BootCloakRegion |
| Cloak handle used to hide the bootstrap code. More... | |
| BYTE | InstructionBytes [16] |
| Detoured instruction bytes. More... | |
| BYTE | InstructionLen |
| Detoured instruction length. More... | |
| BOOLEAN | InstructionRestored |
| True if the detours instruction has been restored. More... | |
| QWORD | InstructionAddress |
| Address of the detoured instruction. More... | |
| PBYTE | AgentContent |
| Agent contents. Can be a file, process, driver, etc. More... | |
| DWORD | AgentSize |
| DWORD | AgentPosition |
| Current pointer inside the agent, used to track which chunk must be injected inside the guest. More... | |
| BOOLEAN | AgentInternal |
| True if the agent is internal to Introcore. More... | |
| DWORD | Agid |
| Agent ID. Unique for each injected agent. More... | |
| DWORD | ErrorCode |
| DWORD | Pid |
| PID of the process that will be the parent of the injected process. More... | |
| SIZE_T | ArgsLen |
| Length of the arguments. More... | |
| CHAR | Args [IG_MAX_COMMAND_LINE_LENGTH] |
| Agent arguments. More... | |
| CHAR | Name [IG_MAX_AGENT_NAME_LENGTH] |
| Agent name. More... | |
| WORD | OffsetJumpBack |
| Offset of the trampoline code which jumps back to the detoured instruction. More... | |
| BYTE | BootStrap [MAX_BOOTSTRAP_SIZE] |
| The bootstrap code. More... | |
| DWORD | Options |
| Agent options. More... | |
Describes one agent running inside the guest.
Definition at line 98 of file winagent.h.
| PBYTE _WIN_AGENT::AgentContent |
Agent contents. Can be a file, process, driver, etc.
Definition at line 135 of file winagent.h.
Referenced by IntWinAgentInject().
| BOOLEAN _WIN_AGENT::AgentInternal |
True if the agent is internal to Introcore.
Definition at line 139 of file winagent.h.
Referenced by IntWinAgentInject().
| DWORD _WIN_AGENT::AgentPosition |
Current pointer inside the agent, used to track which chunk must be injected inside the guest.
Definition at line 138 of file winagent.h.
Referenced by IntWinAgentInject().
| DWORD _WIN_AGENT::AgentSize |
The size of the agent.
Definition at line 136 of file winagent.h.
Referenced by IntWinAgentInject().
| DWORD _WIN_AGENT::AgentTag |
Agent tag.
Definition at line 119 of file winagent.h.
Referenced by IntWinAgentDisablePendingAgents(), IntWinAgentGetState(), and IntWinAgentInject().
| AGENT_TYPE _WIN_AGENT::AgentType |
Agent type.
Definition at line 102 of file winagent.h.
Referenced by IntWinAgentActivatePendingAgent(), IntWinAgentDisablePendingAgents(), IntWinAgentHandleInt3(), IntWinAgentInject(), and IntWinAgentInjectBreakpoint().
| DWORD _WIN_AGENT::Agid |
Agent ID. Unique for each injected agent.
Definition at line 141 of file winagent.h.
Referenced by IntWinAgentInject(), and IntWinAgentInjectBreakpoint().
| CHAR _WIN_AGENT::Args[IG_MAX_COMMAND_LINE_LENGTH] |
| SIZE_T _WIN_AGENT::ArgsLen |
Length of the arguments.
Definition at line 145 of file winagent.h.
Referenced by IntWinAgentInject(), and IntWinAgentInjectBreakpoint().
| void* _WIN_AGENT::BootCloakRegion |
Cloak handle used to hide the bootstrap code.
Definition at line 127 of file winagent.h.
Referenced by IntWinAgentActivatePendingAgent(), IntWinAgentInject(), and IntWinAgentInjectBreakpoint().
| BYTE _WIN_AGENT::BootStrap[MAX_BOOTSTRAP_SIZE] |
The bootstrap code.
Definition at line 153 of file winagent.h.
Referenced by IntWinAgentActivatePendingAgent(), and IntWinAgentInject().
| QWORD _WIN_AGENT::BootstrapAddress |
Address where the bootstrap was allocated.
Definition at line 111 of file winagent.h.
Referenced by IntWinAgentActivatePendingAgent(), and IntWinAgentHandleInt3().
| DWORD _WIN_AGENT::BootstrapSize |
The size of the bootstrap.
Definition at line 112 of file winagent.h.
Referenced by IntWinAgentActivatePendingAgent(), IntWinAgentHandleInt3(), and IntWinAgentInject().
| PFUNC_AgentCompletion _WIN_AGENT::CompletionCallback |
| void* _WIN_AGENT::Context |
Optional context. Passed along to the 3 callbacks above.
Definition at line 108 of file winagent.h.
Referenced by IntWinAgentInject(), and IntWinAgentInjectBreakpoint().
| PFUNC_AgentDeliver _WIN_AGENT::DeliverCallback |
| QWORD _WIN_AGENT::DriverAddress |
Address of the boot driver.
Definition at line 115 of file winagent.h.
Referenced by IntWinAgentHandleVmcall(), IntWinAgentInject(), and IntWinAgentIsRipInsideCurrentAgent().
| DWORD _WIN_AGENT::DriverEntryPoint |
Entry point of the boot driver.
Definition at line 117 of file winagent.h.
Referenced by IntWinAgentInject().
| DWORD _WIN_AGENT::DriverSize |
Size of the boot driver.
Definition at line 116 of file winagent.h.
Referenced by IntWinAgentHandleVmcall(), IntWinAgentInject(), and IntWinAgentIsRipInsideCurrentAgent().
| DWORD _WIN_AGENT::ErrorCode |
Error code encountered during the agent injection.
Definition at line 142 of file winagent.h.
| DWORD _WIN_AGENT::Flags |
Agent flags & state.
Definition at line 120 of file winagent.h.
| AGENT_HCALL _WIN_AGENT::HcallType |
Hyper call type.
Definition at line 103 of file winagent.h.
Referenced by IntWinAgentInject(), and IntWinAgentInjectBreakpoint().
| PFUNC_AgentInjection _WIN_AGENT::InjectionCallback |
Injection callback.
Definition at line 105 of file winagent.h.
Referenced by IntWinAgentInject(), and IntWinAgentInjectBreakpoint().
| void* _WIN_AGENT::InsCloakRegion |
Cloak handle used to hide the detoured instruction.
Definition at line 126 of file winagent.h.
Referenced by IntWinAgentActivatePendingAgent(), IntWinAgentInject(), and IntWinAgentInjectBreakpoint().
| QWORD _WIN_AGENT::InstructionAddress |
Address of the detoured instruction.
Definition at line 132 of file winagent.h.
Referenced by IntWinAgentActivatePendingAgent(), and IntWinAgentHandleInt3().
| BYTE _WIN_AGENT::InstructionBytes[16] |
Detoured instruction bytes.
Definition at line 129 of file winagent.h.
Referenced by IntWinAgentActivatePendingAgent().
| BYTE _WIN_AGENT::InstructionLen |
Detoured instruction length.
Definition at line 130 of file winagent.h.
Referenced by IntWinAgentActivatePendingAgent().
| BOOLEAN _WIN_AGENT::InstructionRestored |
True if the detours instruction has been restored.
Definition at line 131 of file winagent.h.
Referenced by IntWinAgentActivatePendingAgent(), IntWinAgentInject(), and IntWinAgentInjectBreakpoint().
| LIST_ENTRY _WIN_AGENT::Link |
List entry element.
Definition at line 100 of file winagent.h.
Referenced by IntWinAgentActivatePendingAgent(), IntWinAgentDisablePendingAgents(), IntWinAgentInject(), and IntWinAgentInjectBreakpoint().
| CHAR _WIN_AGENT::Name[IG_MAX_AGENT_NAME_LENGTH] |
| WORD _WIN_AGENT::OffsetJumpBack |
Offset of the trampoline code which jumps back to the detoured instruction.
Definition at line 151 of file winagent.h.
Referenced by IntWinAgentActivatePendingAgent(), and IntWinAgentInject().
| DWORD _WIN_AGENT::Options |
Agent options.
Definition at line 155 of file winagent.h.
Referenced by IntWinAgentActivatePendingAgent(), and IntWinAgentInject().
| DWORD _WIN_AGENT::Pid |
PID of the process that will be the parent of the injected process.
Definition at line 144 of file winagent.h.
Referenced by IntWinAgentInject().
| QWORD _WIN_AGENT::Token1 |
Token used by the bootstrap code.
Definition at line 122 of file winagent.h.
Referenced by IntWinAgentInject().
| QWORD _WIN_AGENT::Token2 |
Token used by the bootstrap code.
Definition at line 123 of file winagent.h.
Referenced by IntWinAgentInject().
| QWORD _WIN_AGENT::Token3 |
Token used by the bootstrap code.
Definition at line 124 of file winagent.h.
Referenced by IntWinAgentInject().
1.8.13