- Generated by
1.8.13
|
Bitdefender Hypervisor Memory Introspection
|
Hal information. More...
#include <winhal.h>
Data Fields | |
| QWORD | HalHeapAddress |
| The guest virtual address of the HAL heap. More... | |
| QWORD | HalIntCtrlAddress |
| The guest virtual address of the HAL interrupt controller. More... | |
| QWORD | HalPerfCounterAddress |
| The guest virtual address of the HAL performance counter. More... | |
| DWORD | HalHeapSize |
| The size of the HAL heap. More... | |
| QWORD | HalDispatchTableAddress |
| The guest virtual address of the HAL dispatch table. More... | |
| DWORD | HalDispatchTableSize |
| The size of the HAL dispatch table. More... | |
| KERNEL_DRIVER * | OwnerHalModule |
| The hal.dll kernel module or ntoskrnl.exe. More... | |
| void * | HalHeapExecHook |
| The HAL heap execution hook object. More... | |
| void * | HalIntCtrlWriteHook |
| The HAL interrupt controller write hook object. More... | |
| void * | HalDispatchIntegrityHook |
| The HAL dispatch table integrity hook object. More... | |
| BYTE * | HalBuffer |
| A buffer containing the whole HAL image. More... | |
| DWORD | HalBufferSize |
| The size of HAL buffer. More... | |
| DWORD | RemainingSections |
| The number of sections which are not yet read into HAL buffer. More... | |
| LIST_ENTRY | InitSwapHandles |
| A list containing the swap handles for the swapped out sections which should be read in HalBuffer. More... | |
| void * | HalHdrSwapHandle |
| HAL headers swap handle. Used only if HAL is not protected, and the headers are not read automatically. More... | |
| void * | HalPerfIntegrityObj |
| The HAL Performance Counter integrity hook object. More... | |
| BYTE* _WIN_HAL_DATA::HalBuffer |
A buffer containing the whole HAL image.
This can be used when there is a need to fetch values from the HAL image, such as exports, code, etc. Note that this buffer should be valid only after IntWinHalFinishRead is called.
Definition at line 45 of file winhal.h.
Referenced by IntWinHalCancelRead(), IntWinHalFindPerformanceCounterInternal(), IntWinHalReadHal(), IntWinHalSectionInMemory(), and IntWinHalUninit().
| DWORD _WIN_HAL_DATA::HalBufferSize |
The size of HAL buffer.
Definition at line 48 of file winhal.h.
Referenced by IntWinHalFindPerformanceCounterInternal(), and IntWinHalReadHal().
| void* _WIN_HAL_DATA::HalDispatchIntegrityHook |
The HAL dispatch table integrity hook object.
Definition at line 37 of file winhal.h.
Referenced by IntWinHalProtectHalDispatchTable(), and IntWinHalUnprotectHalDispatchTable().
| QWORD _WIN_HAL_DATA::HalDispatchTableAddress |
The guest virtual address of the HAL dispatch table.
Definition at line 25 of file winhal.h.
Referenced by IntWinHalCreateHalData(), and IntWinHalProtectHalDispatchTable().
| DWORD _WIN_HAL_DATA::HalDispatchTableSize |
The size of the HAL dispatch table.
Definition at line 27 of file winhal.h.
Referenced by IntWinHalCreateHalData(), and IntWinHalProtectHalDispatchTable().
| void* _WIN_HAL_DATA::HalHdrSwapHandle |
HAL headers swap handle. Used only if HAL is not protected, and the headers are not read automatically.
Definition at line 59 of file winhal.h.
Referenced by IntWinHalCancelRead(), IntWinHalFindPerformanceCounter(), and IntWinHalHeadersInMemory().
| QWORD _WIN_HAL_DATA::HalHeapAddress |
The guest virtual address of the HAL heap.
Definition at line 16 of file winhal.h.
Referenced by IntWinHalCreateHalData(), IntWinHalIsHalPerf(), and IntWinHalProtectHalHeapExecs().
| void* _WIN_HAL_DATA::HalHeapExecHook |
The HAL heap execution hook object.
Definition at line 33 of file winhal.h.
Referenced by IntWinHalProtectHalHeapExecs(), and IntWinHalUnprotectHalHeapExecs().
| DWORD _WIN_HAL_DATA::HalHeapSize |
The size of the HAL heap.
Definition at line 22 of file winhal.h.
Referenced by IntWinHalCreateHalData(), IntWinHalIsHalPerf(), and IntWinHalProtectHalHeapExecs().
| QWORD _WIN_HAL_DATA::HalIntCtrlAddress |
The guest virtual address of the HAL interrupt controller.
Definition at line 18 of file winhal.h.
Referenced by IntWinHalCreateHalData(), and IntWinHalProtectHalIntCtrl().
| void* _WIN_HAL_DATA::HalIntCtrlWriteHook |
The HAL interrupt controller write hook object.
Definition at line 35 of file winhal.h.
Referenced by IntWinHalProtectHalIntCtrl(), and IntWinHalUnprotectHalIntCtrl().
| QWORD _WIN_HAL_DATA::HalPerfCounterAddress |
The guest virtual address of the HAL performance counter.
Definition at line 20 of file winhal.h.
Referenced by IntWinHalFindPerformanceCounterInternal(), IntWinHalHandlePerfCounterModification(), and IntWinHalProtectHalPerfCounter().
| void* _WIN_HAL_DATA::HalPerfIntegrityObj |
The HAL Performance Counter integrity hook object.
Definition at line 62 of file winhal.h.
Referenced by IntWinHalProtectHalPerfCounter(), and IntWinHalUnprotectHalPerfCounter().
| LIST_ENTRY _WIN_HAL_DATA::InitSwapHandles |
A list containing the swap handles for the swapped out sections which should be read in HalBuffer.
Definition at line 55 of file winhal.h.
Referenced by IntWinHalCancelRead(), and IntWinHalReadHal().
| KERNEL_DRIVER* _WIN_HAL_DATA::OwnerHalModule |
The hal.dll kernel module or ntoskrnl.exe.
Definition at line 30 of file winhal.h.
Referenced by IntWinHalCreateHalData(), IntWinHalFindHalHeapAndInterruptController(), IntWinHalFindInterruptController(), IntWinHalFindPerformanceCounter(), IntWinHalFindPerformanceCounterInternal(), IntWinHalIsHalPerf(), IntWinHalIsIntController(), IntWinHalProtectHalIntCtrl(), and IntWinHalReadHal().
| DWORD _WIN_HAL_DATA::RemainingSections |
The number of sections which are not yet read into HAL buffer.
Definition at line 51 of file winhal.h.
Referenced by IntWinHalReadHal(), and IntWinHalSectionInMemory().
1.8.13