Bitdefender Hypervisor Memory Introspection
Data Structures | Typedefs | Functions
udlist.h File Reference
#include "introtypes.h"

Go to the source code of this file.

Data Structures

struct  _INFO_UD_PENDING
 

Typedefs

typedef struct _INFO_UD_PENDING INFO_UD_PENDING
 
typedef struct _INFO_UD_PENDINGPINFO_UD_PENDING
 

Functions

INTSTATUS IntUDAddToPendingList (const QWORD Cr3, const QWORD Rip, const QWORD Thread, INFO_UD_PENDING **CurrentPendingUD)
 Add a new UD to the list of pending injections. More...
 
void IntUDRemoveEntry (INFO_UD_PENDING **InfoUD)
 Remove a pending UD entry. More...
 
void IntUDRemoveAllEntriesForCr3 (const QWORD Cr3)
 Remove all pending UD entries for a given virtual address space. More...
 
INFO_UD_PENDINGIntUDGetEntry (const QWORD Cr3, const QWORD Rip, const QWORD Thread)
 Get a UD entry for the provided Cr3, Rip and Thread ID. More...
 

Typedef Documentation

◆ INFO_UD_PENDING

typedef struct _INFO_UD_PENDING INFO_UD_PENDING

One pending UD injection.

◆ PINFO_UD_PENDING

typedef struct _INFO_UD_PENDING * PINFO_UD_PENDING

Function Documentation

◆ IntUDAddToPendingList()

INTSTATUS IntUDAddToPendingList ( const QWORD  Cr3,
const QWORD  Rip,
const QWORD  Thread,
INFO_UD_PENDING **  CurrentPendingUD 
)

Add a new UD to the list of pending injections.

This function will create a pending UD entry for the provided CR3, RIP, and thread ID. This will allow us later to check if we have already injected a UD for a given context, so we can avoid injecting it multiple times.

Parameters
[in]Cr3The Cr3.
[in]RipThe RIP.
[in]ThreadThe thread ID (software thread!).
[out]CurrentPendingUDWill contain, upon successful return, the newly allocated pending UD entry.
Return values
INT_STATUS_SUCCESSOn success.
INT_STATUS_INVALID_PARAMETERIf an invalid parameter is supplied.
INT_STATUS_INSUFFICIENT_RESOURCESIf a memory alloc fails.

Definition at line 30 of file udlist.c.

Referenced by IntLixVmaHandlePageExecution(), IntWinSudHandleSudExec(), and IntWinVadHandlePageExecution().

◆ IntUDGetEntry()

INFO_UD_PENDING* IntUDGetEntry ( const QWORD  Cr3,
const QWORD  Rip,
const QWORD  Thread 
)

Get a UD entry for the provided Cr3, Rip and Thread ID.

Parameters
[in]Cr3The Cr3.
[in]RipThe Rip.
[in]ThreadThe thread ID (software thread!).
Returns
The pending UD entry, if one is found, or NULL if none is found.

Definition at line 150 of file udlist.c.

Referenced by IntLixVmaHandlePageExecution(), IntWinSudHandleSudExec(), and IntWinVadHandlePageExecution().

◆ IntUDRemoveAllEntriesForCr3()

void IntUDRemoveAllEntriesForCr3 ( const QWORD  Cr3)

Remove all pending UD entries for a given virtual address space.

NOTE: Use this function when a process is being terminated.

Parameters
[in]Cr3The target CR3.

Definition at line 116 of file udlist.c.

Referenced by IntLixTaskDestroy(), and IntWinProcDeleteProcessObject().

◆ IntUDRemoveEntry()

void IntUDRemoveEntry ( INFO_UD_PENDING **  InfoUD)

Remove a pending UD entry.

Remove the given entry from the list of UD entries and free it.

Parameters
[in,out]InfoUDThe pending UD.

Definition at line 96 of file udlist.c.

Referenced by IntHandleEventInjection(), and IntUDRemoveAllEntriesForCr3().