- Generated by
1.8.13
|
Bitdefender Hypervisor Memory Introspection
|
#include <winumpath.h>
Data Fields | |
| RBNODE | RbNode |
| The node which is inserted into gPaths tree. More... | |
| WCHAR * | Path |
| The string which represents the user-mode module path. More... | |
| WCHAR * | Name |
| The name of the module contained in the path. More... | |
| DWORD | PathSize |
| The number of bytes in the path string. More... | |
| DWORD | NameSize |
| The number of bytes in the name string. More... | |
| DWORD | NameHash |
| The CRC32 hash of the name. Used for fast matching. More... | |
| INT32 | RefCount |
| The reference count of the current object. When reaching 0, the path will be freed. More... | |
| QWORD | SubsectionGva |
| The subsection guest virtual address from where the path was read. Serves as an unique identifier. More... | |
An object representing a user-mode module path.
Definition at line 13 of file winumpath.h.
| WCHAR* _WINUM_PATH::Name |
The name of the module contained in the path.
Definition at line 18 of file winumpath.h.
Referenced by IntExceptGetVictimEpt(), IntExceptUserHandleMemoryFunctions(), IntWinDagentHandleSuspModExecution(), IntWinModBlockHandleExecution(), IntWinModHandleUnload(), IntWinProcHandleCopyMemory(), and IntWinUmPathCreate().
| DWORD _WINUM_PATH::NameHash |
The CRC32 hash of the name. Used for fast matching.
Definition at line 23 of file winumpath.h.
Referenced by IntExceptGetVictimEpt(), IntExceptUserGetOriginator(), IntExceptUserHandleMemoryFunctions(), IntExceptVerifyExportSig(), IntWinDagentHandleSuspModExecution(), IntWinModCacheFixNamePointers(), IntWinModHandleUnload(), IntWinProcDump(), IntWinProcHandleReadFromLsass(), and IntWinUmPathCreate().
| DWORD _WINUM_PATH::NameSize |
The number of bytes in the name string.
Definition at line 21 of file winumpath.h.
Referenced by IntWinUmPathCreate().
| WCHAR* _WINUM_PATH::Path |
The string which represents the user-mode module path.
Definition at line 17 of file winumpath.h.
Referenced by IntLogProcessInfo(), IntModBlockHandleBlockModHeadersInMemory(), IntModBlockHandlePreInjection(), IntWinDagentCheckNativeSubsystem(), IntWinDagentHandleSuspModExecution(), IntWinModHandleExportsInMemory(), IntWinModHandlePreInjection(), IntWinModulesChangeProtectionFlags(), IntWinProcCreateProcessObject(), IntWinProcDump(), IntWinProcHandleCopyMemory(), IntWinProcSwapIn(), IntWinProcSwapOut(), IntWinProcUpdateProtection(), and IntWinUmPathCreate().
| DWORD _WINUM_PATH::PathSize |
The number of bytes in the path string.
Definition at line 20 of file winumpath.h.
Referenced by IntWinUmPathCreate().
| RBNODE _WINUM_PATH::RbNode |
The node which is inserted into gPaths tree.
Definition at line 15 of file winumpath.h.
Referenced by IntWinUmPathCreate(), IntWinUmPathDereference(), and IntWinUmPathFetchBySubsection().
| INT32 _WINUM_PATH::RefCount |
The reference count of the current object. When reaching 0, the path will be freed.
Definition at line 26 of file winumpath.h.
Referenced by IntWinUmPathCreate(), IntWinUmPathDereference(), IntWinUmPathFetchAndReferenceBySubsection(), and IntWinUmPathReference().
| QWORD _WINUM_PATH::SubsectionGva |
The subsection guest virtual address from where the path was read. Serves as an unique identifier.
Definition at line 29 of file winumpath.h.
Referenced by IntWinUmPathCreate(), IntWinUmPathFetchBySubsection(), and IntWinUmPathRbTreeNodeCompare().
1.8.13