- Generated by
1.8.13
|
Bitdefender Hypervisor Memory Introspection
|
Windows process subsystem. More...
#include <winprocess.h>
Data Fields | |
| struct _WIN_PROCESS_OBJECT * | Process |
| The process object related to this subsystem. More... | |
| WIN_SUBSYTEM_TYPE | SubsystemType |
| Process subsystem type. More... | |
| QWORD | PebAddress |
| The Process Environment Block of this subsystem. More... | |
| DWORD | ProtectedModulesCount |
| Number of protected modules inside this process. More... | |
| DWORD | LoadedModulesCount |
| The number of modules that were loaded. More... | |
| const WCHAR * | SystemDirPath |
| The location of the system directory (where the system DLLs are located). For wow64 processes, it would be Windows\SysWow64. For others, it would be Windows\system32. More... | |
| LIST_HEAD | ProcessModules |
| List of process modules. More... | |
| BOOLEAN | MainModuleLoaded |
| TRUE if the MainModule was loaded. More... | |
| BYTE | NtdllLoadCount |
| Number of ntdll.dll loads. More... | |
| BYTE | Kernel32LoadCount |
| Number of kernel32.dll loads. More... | |
| QWORD | NtdllBase |
| The base address for ntdll.dll. More... | |
| DWORD | NtdllSize |
| The size of ntdll.dll. More... | |
Windows process subsystem.
Definition at line 54 of file winprocess.h.
| BYTE _WIN_PROCESS_SUBSYSTEM::Kernel32LoadCount |
Number of kernel32.dll loads.
Definition at line 74 of file winprocess.h.
Referenced by IntWinModHandleUnload().
| DWORD _WIN_PROCESS_SUBSYSTEM::LoadedModulesCount |
The number of modules that were loaded.
Definition at line 62 of file winprocess.h.
Referenced by IntWinModHandleModulePathInMemory(), and IntWinModHandleUnload().
| BOOLEAN _WIN_PROCESS_SUBSYSTEM::MainModuleLoaded |
TRUE if the MainModule was loaded.
Definition at line 72 of file winprocess.h.
Referenced by IntWinModHandleModulePathInMemory().
| QWORD _WIN_PROCESS_SUBSYSTEM::NtdllBase |
The base address for ntdll.dll.
Definition at line 76 of file winprocess.h.
Referenced by IntWinModHandleUserWrite().
| BYTE _WIN_PROCESS_SUBSYSTEM::NtdllLoadCount |
Number of ntdll.dll loads.
Definition at line 73 of file winprocess.h.
Referenced by IntWinModHandleUnload().
| DWORD _WIN_PROCESS_SUBSYSTEM::NtdllSize |
The size of ntdll.dll.
Definition at line 77 of file winprocess.h.
Referenced by IntWinModHandleUserWrite().
| QWORD _WIN_PROCESS_SUBSYSTEM::PebAddress |
The Process Environment Block of this subsystem.
Definition at line 59 of file winprocess.h.
Referenced by IntWinProcCreateProcessObject().
| struct _WIN_PROCESS_OBJECT* _WIN_PROCESS_SUBSYSTEM::Process |
The process object related to this subsystem.
Definition at line 56 of file winprocess.h.
Referenced by IntExceptGetVictimEpt(), IntWinDagentCheckNativeSubsystem(), IntWinDagentHandleSlackWritable(), IntWinDagentHandleSuspModExecution(), IntWinModBlockHandleExecution(), IntWinModHandleKernelWrite(), IntWinModHandleMainModuleInMemory(), IntWinModHandleModuleHeadersInMemory(), IntWinModHandleModulePathInMemory(), IntWinModHandleUserWrite(), IntWinModPolyHandler(), IntWinProcCreateProcessSubsystem(), and IntWinProcPolicyIsFeedback().
| LIST_HEAD _WIN_PROCESS_SUBSYSTEM::ProcessModules |
List of process modules.
Definition at line 70 of file winprocess.h.
Referenced by IntWinModHandleLoadFromVad(), IntWinProcCreateProcessSubsystem(), and IntWinProcDump().
| DWORD _WIN_PROCESS_SUBSYSTEM::ProtectedModulesCount |
Number of protected modules inside this process.
Definition at line 61 of file winprocess.h.
| WIN_SUBSYTEM_TYPE _WIN_PROCESS_SUBSYSTEM::SubsystemType |
Process subsystem type.
Definition at line 57 of file winprocess.h.
Referenced by IntWinDagentHandleSlackWritable(), IntWinModBlockHandleExecution(), IntWinModHandleMainModuleInMemory(), IntWinModHandleModulePathInMemory(), and IntWinProcCreateProcessSubsystem().
| const WCHAR* _WIN_PROCESS_SUBSYSTEM::SystemDirPath |
The location of the system directory (where the system DLLs are located). For wow64 processes, it would be Windows\SysWow64. For others, it would be Windows\system32.
NOTE: Don't free, it's a reference
Definition at line 68 of file winprocess.h.
1.8.13