- Generated by
1.8.13
|
Bitdefender Hypervisor Memory Introspection
|
#include <winumcache.h>
Data Fields | |
| LIST_ENTRY | Link |
| Link inside the global list of module caches. More... | |
| DWORD | ModuleNameHash |
| The hash on the name of the cached module. More... | |
| struct { | |
| DWORD EatRva | |
| RVA of the exports table. More... | |
| DWORD EatSize | |
| Size of the exports table. More... | |
| DWORD IatRva | |
| RVA of the imports table. More... | |
| DWORD IatSize | |
| Size of the imports table. More... | |
| DWORD TimeDateStamp | |
| Module time & date stamp. More... | |
| DWORD SizeOfImage | |
| Size of image. More... | |
| } | Info |
| WINUM_CACHE_EXPORTS | Exports |
| The exports cache. More... | |
| WINUM_CACHE_MEMORY_FUNCS | MemFuncs |
| Memory related functions RVAs. More... | |
| BYTE * | Headers |
| A buffer containing the MZ/PE headers of this module. More... | |
| BOOLEAN | Wow64 |
| True if this module is Wow64. More... | |
| BOOLEAN | ExportDirRead |
| True if the exports directory has been read. More... | |
| BOOLEAN | MemoryFuncsRead |
| True if the memory functions have been identified. More... | |
| BOOLEAN | Dirty |
| True if this caches was created for a module loaded by a statically detected process. Dirty caches are NOT reused by other loaded modules, and they will be destroyed when the module is unloaded. More... | |
Describes one module cache.
Definition at line 76 of file winumcache.h.
| BOOLEAN _WINUM_MODULE_CACHE::Dirty |
True if this caches was created for a module loaded by a statically detected process. Dirty caches are NOT reused by other loaded modules, and they will be destroyed when the module is unloaded.
Definition at line 106 of file winumcache.h.
Referenced by IntWinModCacheCreate(), and IntWinUmModCacheFetch().
| DWORD _WINUM_MODULE_CACHE::EatRva |
RVA of the exports table.
Definition at line 84 of file winumcache.h.
Referenced by IntExceptGetVictimEpt(), IntWinModHandleExportsInMemory(), IntWinUmModCacheFillExports(), and IntWinUmModCacheFillHeaders().
| DWORD _WINUM_MODULE_CACHE::EatSize |
Size of the exports table.
Definition at line 85 of file winumcache.h.
Referenced by IntExceptGetVictimEpt(), IntWinModHandleExportsInMemory(), IntWinUmModCacheFillExports(), and IntWinUmModCacheFillHeaders().
| BOOLEAN _WINUM_MODULE_CACHE::ExportDirRead |
True if the exports directory has been read.
Definition at line 101 of file winumcache.h.
Referenced by IntExceptVerifyExportSig(), IntWinModHandleExportsInMemory(), and IntWinUmModCacheExportFind().
| WINUM_CACHE_EXPORTS _WINUM_MODULE_CACHE::Exports |
The exports cache.
Definition at line 94 of file winumcache.h.
Referenced by IntWinModCacheFixNamePointers(), IntWinModHandleExportsInMemory(), IntWinUmModCacheExportFind(), and IntWinUmModCacheFillExports().
| BYTE* _WINUM_MODULE_CACHE::Headers |
A buffer containing the MZ/PE headers of this module.
Definition at line 97 of file winumcache.h.
Referenced by IntExceptGetVictimEpt(), IntWinStackTraceGetUser32(), IntWinStackTraceGetUser64(), and IntWinUmModCacheFillHeaders().
| DWORD _WINUM_MODULE_CACHE::IatRva |
RVA of the imports table.
Definition at line 87 of file winumcache.h.
Referenced by IntExceptGetVictimEpt(), IntWinModHandleUserWrite(), IntWinModWriteValidHandler(), and IntWinUmModCacheFillHeaders().
| DWORD _WINUM_MODULE_CACHE::IatSize |
Size of the imports table.
Definition at line 88 of file winumcache.h.
Referenced by IntExceptGetVictimEpt(), IntWinModWriteValidHandler(), and IntWinUmModCacheFillHeaders().
| struct { ... } _WINUM_MODULE_CACHE::Info |
| LIST_ENTRY _WINUM_MODULE_CACHE::Link |
Link inside the global list of module caches.
Definition at line 78 of file winumcache.h.
Referenced by IntWinModCacheCreate().
| WINUM_CACHE_MEMORY_FUNCS _WINUM_MODULE_CACHE::MemFuncs |
Memory related functions RVAs.
Definition at line 95 of file winumcache.h.
Referenced by IntWinModCacheFixNamePointers().
| BOOLEAN _WINUM_MODULE_CACHE::MemoryFuncsRead |
True if the memory functions have been identified.
Definition at line 102 of file winumcache.h.
Referenced by IntWinModCacheFixNamePointers().
| DWORD _WINUM_MODULE_CACHE::ModuleNameHash |
The hash on the name of the cached module.
Definition at line 80 of file winumcache.h.
Referenced by IntWinModCacheCreate(), and IntWinUmModCacheFetch().
| DWORD _WINUM_MODULE_CACHE::SizeOfImage |
Size of image.
Definition at line 91 of file winumcache.h.
Referenced by IntWinUmModCacheFillExports(), and IntWinUmModCacheFillHeaders().
| DWORD _WINUM_MODULE_CACHE::TimeDateStamp |
Module time & date stamp.
Definition at line 90 of file winumcache.h.
Referenced by IntWinUmModCacheFillHeaders().
| BOOLEAN _WINUM_MODULE_CACHE::Wow64 |
True if this module is Wow64.
Definition at line 99 of file winumcache.h.
Referenced by IntWinModCacheCreate(), IntWinUmModCacheFetch(), IntWinUmModCacheFillExports(), and IntWinUmModCacheFillHeaders().
1.8.13