Bitdefender Hypervisor Memory Introspection
|
#include "introtypes.h"
Go to the source code of this file.
Data Structures | |
struct | _INFO_UD_PENDING |
Typedefs | |
typedef struct _INFO_UD_PENDING | INFO_UD_PENDING |
typedef struct _INFO_UD_PENDING * | PINFO_UD_PENDING |
Functions | |
INTSTATUS | IntUDAddToPendingList (const QWORD Cr3, const QWORD Rip, const QWORD Thread, INFO_UD_PENDING **CurrentPendingUD) |
Add a new UD to the list of pending injections. More... | |
void | IntUDRemoveEntry (INFO_UD_PENDING **InfoUD) |
Remove a pending UD entry. More... | |
void | IntUDRemoveAllEntriesForCr3 (const QWORD Cr3) |
Remove all pending UD entries for a given virtual address space. More... | |
INFO_UD_PENDING * | IntUDGetEntry (const QWORD Cr3, const QWORD Rip, const QWORD Thread) |
Get a UD entry for the provided Cr3, Rip and Thread ID. More... | |
typedef struct _INFO_UD_PENDING INFO_UD_PENDING |
One pending UD injection.
typedef struct _INFO_UD_PENDING * PINFO_UD_PENDING |
INTSTATUS IntUDAddToPendingList | ( | const QWORD | Cr3, |
const QWORD | Rip, | ||
const QWORD | Thread, | ||
INFO_UD_PENDING ** | CurrentPendingUD | ||
) |
Add a new UD to the list of pending injections.
This function will create a pending UD entry for the provided CR3, RIP, and thread ID. This will allow us later to check if we have already injected a UD for a given context, so we can avoid injecting it multiple times.
[in] | Cr3 | The Cr3. |
[in] | Rip | The RIP. |
[in] | Thread | The thread ID (software thread!). |
[out] | CurrentPendingUD | Will contain, upon successful return, the newly allocated pending UD entry. |
INT_STATUS_SUCCESS | On success. |
INT_STATUS_INVALID_PARAMETER | If an invalid parameter is supplied. |
INT_STATUS_INSUFFICIENT_RESOURCES | If a memory alloc fails. |
Definition at line 30 of file udlist.c.
Referenced by IntLixVmaHandlePageExecution(), IntWinSudHandleSudExec(), and IntWinVadHandlePageExecution().
INFO_UD_PENDING* IntUDGetEntry | ( | const QWORD | Cr3, |
const QWORD | Rip, | ||
const QWORD | Thread | ||
) |
Get a UD entry for the provided Cr3, Rip and Thread ID.
[in] | Cr3 | The Cr3. |
[in] | Rip | The Rip. |
[in] | Thread | The thread ID (software thread!). |
Definition at line 150 of file udlist.c.
Referenced by IntLixVmaHandlePageExecution(), IntWinSudHandleSudExec(), and IntWinVadHandlePageExecution().
void IntUDRemoveAllEntriesForCr3 | ( | const QWORD | Cr3 | ) |
Remove all pending UD entries for a given virtual address space.
NOTE: Use this function when a process is being terminated.
[in] | Cr3 | The target CR3. |
Definition at line 116 of file udlist.c.
Referenced by IntLixTaskDestroy(), and IntWinProcDeleteProcessObject().
void IntUDRemoveEntry | ( | INFO_UD_PENDING ** | InfoUD | ) |
Remove a pending UD entry.
Remove the given entry from the list of UD entries and free it.
[in,out] | InfoUD | The pending UD. |
Definition at line 96 of file udlist.c.
Referenced by IntHandleEventInjection(), and IntUDRemoveAllEntriesForCr3().