Bitdefender Hypervisor Memory Introspection
|
#include "introtypes.h"
Go to the source code of this file.
Macros | |
#define | THS_CHECK_ONLY 0x00000001 |
Will check for safeness, without moving any RIP or stack value. More... | |
#define | THS_CHECK_DETOURS 0x00000010 |
Will check if any RIP is inside detours. More... | |
#define | THS_CHECK_MEMTABLES 0x00000020 |
Will check if any RIP is inside memtables. More... | |
#define | THS_CHECK_TRAMPOLINE 0x00000040 |
Will check if any RIP is inside the agent loader. More... | |
#define | THS_CHECK_PTFILTER 0x00000080 |
Will check if any RIP is inside the PT filter agent. More... | |
#define | THS_CHECK_VEFILTER 0x00000100 |
Will check if any RIP is inside the VE filter agent. More... | |
#define | THS_CHECK_SWAPGS 0x00000200 |
Will check if any RIP is inside a mitigated SWAPGS gadget. More... | |
Enumerations | |
enum | THS_PTR_TYPE { ptrLiveRip, ptrStackValue } |
The type of pointer to be checked. More... | |
Functions | |
INTSTATUS | IntThrSafeCheckThreads (QWORD Options) |
Checks if any of the guest threads have their RIP or have any stack pointers pointing to regions of code owned by Introcore. More... | |
enum THS_PTR_TYPE |
The type of pointer to be checked.
Enumerator | |
---|---|
ptrLiveRip | The RIP of a thread. |
ptrStackValue | A stack value. |
Definition at line 28 of file thread_safeness.h.
Checks if any of the guest threads have their RIP or have any stack pointers pointing to regions of code owned by Introcore.
This is done by iterating the in-guest thread lists. This function assumes that all the VCPUs are paused.
[in] | Options | Options that control the checks that will be made. Can be a combination of Thread safeness options values |
INT_STATUS_SUCCESS | in case of success; this means that no guest state points to code or data owned by Introcore |
INT_STATUS_NOT_SUPPORTED | if the type of the guest OS is not known or supported |
INT_STATUS_CANNOT_UNLOAD | if it is not safe to unload given the current guest state |
Definition at line 986 of file thread_safeness.c.
Referenced by IntGuestIsSafeToDisable(), IntHookPtsCheckIntegrity(), IntLixApiHookAll(), IntPtiDeliverDriverForUnload(), IntVeDeliverDriverForUnload(), and IntWinGuestFinishInit().