- Generated by
1.8.13
|
Bitdefender Hypervisor Memory Introspection
|
#include "exceptions.h"Go to the source code of this file.
Data Structures | |
| struct | _UPDATE_FILE_HEADER |
| The header of the exceptions binary file. More... | |
| struct | _UPDATE_HEADER |
| The header of an exception or a signature. More... | |
| struct | _UPDATE_KM_EXCEPTION |
| Describe a kernel-mode exception in binary format. More... | |
| struct | _UPDATE_UM_EXCEPTION |
| Describe a user-mode exception in binary format. More... | |
| struct | _UPDATE_UM_EXCEPTION_GLOB |
| Describe a user-mode-glob exception in binary format. More... | |
| struct | _UPDATE_KUM_EXCEPTION |
| Describe a kernel-user mode exception in binary format. More... | |
| struct | _UPDATE_CB_HASH |
| Describe a code-blocks hash in binary format. More... | |
| struct | _UPDATE_VALUE_HASH |
| Describe a value hash in binary format. More... | |
| struct | _UPDATE_EXPORT_HASH |
| Describe a export hash in binary format. More... | |
| struct | _UPDATE_CB_SIGNATURE |
| Describe a code-blocks signature in binary format. More... | |
| struct | _UPDATE_EXPORT_SIGNATURE |
| Describe an export signature in binary format. More... | |
| struct | _UPDATE_VALUE_SIGNATURE |
| Describe a value signature in binary format. More... | |
| struct | _UPDATE_IDT_SIGNATURE |
| Describe an IDT signature in binary format. More... | |
| struct | _UPDATE_VALUE_CODE_SIGNATURE |
| Describe a value-code signature in binary format. More... | |
| struct | _UPDATE_VERSION_OS_SIGNATURE |
| Describe a version OS signature in binary format. More... | |
| struct | _UPDATE_VERSION_INTRO_SIGNATURE |
| Describe a version introspection signature in binary format. More... | |
| struct | _UPDATE_PROCESS_CREATION_SIGNATURE |
| Describe a process-creation signature in binary format. More... | |
Macros | |
| #define | UPDATE_MAGIC_WORD 'ANXE' |
| #define | UPDATE_TYPE_KM_EXCEPTION 1 |
| #define | UPDATE_TYPE_UM_EXCEPTION 2 |
| #define | UPDATE_TYPE_UM_EXCEPTION_GLOB_MATCH 6 |
| #define | UPDATE_TYPE_APC_UM_EXCEPTION 9 |
| #define | UPDATE_TYPE_CB_SIGNATURE 3 |
| #define | UPDATE_TYPE_EXPORT_SIGNATURE 4 |
| #define | UPDATE_TYPE_VALUE_SIGNATURE 5 |
| #define | UPDATE_TYPE_RESERVED 7 |
| #define | UPDATE_TYPE_VALUE_CODE_SIGNATURE 8 |
| #define | UPDATE_TYPE_IDT_SIGNATURE 10 |
| #define | UPDATE_TYPE_VERSION_OS_SIGNATURE 11 |
| #define | UPDATE_TYPE_VERSION_INTRO_SIGNATURE 12 |
| #define | UPDATE_TYPE_PROCESS_CREATION_SIGNATURE 13 |
| #define | UPDATE_TYPE_KUM_EXCEPTION 14 |
| #define | UPDATE_EXCEPTIONS_MIN_VER_MAJOR 2 |
| #define | UPDATE_EXCEPTIONS_MIN_VER_MINOR 2 |
Functions | |
| INTSTATUS | IntUpdateGetVersion (WORD *MajorVersion, WORD *MinorVersion, DWORD *BuildNumber) |
| Get the version of the loaded exceptions binary file. More... | |
| INTSTATUS | IntUpdateLoadExceptions (void *Buffer, DWORD Length, DWORD Flags) |
| Handles the exceptions coming from the integrator. More... | |
| INTSTATUS | IntUpdateAddExceptionFromAlert (const void *Event, INTRO_EVENT_TYPE Type, BOOLEAN Exception, QWORD Context) |
| Handles all types of supported exceptions that can be added from alerts. More... | |
| INTSTATUS | IntUpdateFlushAlertExceptions (void) |
| This function removes all exceptions that were added from alerts. More... | |
| INTSTATUS | IntUpdateRemoveException (QWORD Context) |
| This function removes an exception for a given context. More... | |
| #define UPDATE_EXCEPTIONS_MIN_VER_MAJOR 2 |
Definition at line 392 of file update_exceptions.h.
Referenced by IntUpdateLoadExceptions().
| #define UPDATE_EXCEPTIONS_MIN_VER_MINOR 2 |
Definition at line 393 of file update_exceptions.h.
Referenced by IntUpdateLoadExceptions().
| #define UPDATE_MAGIC_WORD 'ANXE' |
Definition at line 374 of file update_exceptions.h.
Referenced by IntUpdateLoadExceptions().
| #define UPDATE_TYPE_APC_UM_EXCEPTION 9 |
Definition at line 379 of file update_exceptions.h.
Referenced by IntUpdateLoadExceptions().
| #define UPDATE_TYPE_CB_SIGNATURE 3 |
Definition at line 381 of file update_exceptions.h.
Referenced by IntUpdateLoadExceptions().
| #define UPDATE_TYPE_EXPORT_SIGNATURE 4 |
Definition at line 382 of file update_exceptions.h.
Referenced by IntUpdateLoadExceptions().
| #define UPDATE_TYPE_IDT_SIGNATURE 10 |
Definition at line 386 of file update_exceptions.h.
Referenced by IntUpdateLoadExceptions().
| #define UPDATE_TYPE_KM_EXCEPTION 1 |
Definition at line 376 of file update_exceptions.h.
Referenced by IntUpdateLoadExceptions().
| #define UPDATE_TYPE_KUM_EXCEPTION 14 |
Definition at line 390 of file update_exceptions.h.
Referenced by IntUpdateLoadExceptions().
| #define UPDATE_TYPE_PROCESS_CREATION_SIGNATURE 13 |
Definition at line 389 of file update_exceptions.h.
Referenced by IntUpdateLoadExceptions().
| #define UPDATE_TYPE_RESERVED 7 |
Definition at line 384 of file update_exceptions.h.
| #define UPDATE_TYPE_UM_EXCEPTION 2 |
Definition at line 377 of file update_exceptions.h.
Referenced by IntUpdateLoadExceptions().
| #define UPDATE_TYPE_UM_EXCEPTION_GLOB_MATCH 6 |
Definition at line 378 of file update_exceptions.h.
Referenced by IntUpdateLoadExceptions().
| #define UPDATE_TYPE_VALUE_CODE_SIGNATURE 8 |
Definition at line 385 of file update_exceptions.h.
Referenced by IntUpdateLoadExceptions().
| #define UPDATE_TYPE_VALUE_SIGNATURE 5 |
Definition at line 383 of file update_exceptions.h.
Referenced by IntUpdateLoadExceptions().
| #define UPDATE_TYPE_VERSION_INTRO_SIGNATURE 12 |
Definition at line 388 of file update_exceptions.h.
Referenced by IntUpdateLoadExceptions().
| #define UPDATE_TYPE_VERSION_OS_SIGNATURE 11 |
Definition at line 387 of file update_exceptions.h.
Referenced by IntUpdateLoadExceptions().
| typedef struct _UPDATE_CB_HASH * PUPDATE_CB_HASH |
| typedef struct _UPDATE_CB_SIGNATURE * PUPDATE_CB_SIGNATURE |
| typedef struct _UPDATE_EXPORT_HASH * PUPDATE_EXPORT_HASH |
| typedef struct _UPDATE_EXPORT_SIGNATURE * PUPDATE_EXPORT_SIGNATURE |
| typedef struct _UPDATE_FILE_HEADER * PUPDATE_FILE_HEADER |
| typedef struct _UPDATE_HEADER * PUPDATE_HEADER |
| typedef struct _UPDATE_IDT_SIGNATURE * PUPDATE_IDT_SIGNATURE |
| typedef struct _UPDATE_KM_EXCEPTION * PUPDATE_KM_EXCEPTION |
| typedef struct _UPDATE_KUM_EXCEPTION * PUPDATE_KUM_EXCEPTION |
| typedef struct _UPDATE_PROCESS_CREATION_SIGNATURE * PUPDATE_PROCESS_CREATION_SIGNATURE |
| typedef struct _UPDATE_UM_EXCEPTION * PUPDATE_UM_EXCEPTION |
| typedef struct _UPDATE_UM_EXCEPTION_GLOB * PUPDATE_UM_EXCEPTION_GLOB |
| typedef struct _UPDATE_VALUE_CODE_SIGNATURE * PUPDATE_VALUE_CODE_SIGNATURE |
| typedef struct _UPDATE_VALUE_HASH * PUPDATE_VALUE_HASH |
| typedef struct _UPDATE_VALUE_SIGNATURE * PUPDATE_VALUE_SIGNATURE |
| typedef struct _UPDATE_VERSION_INTRO_SIGNATURE * PUPDATE_VERSION_INTRO_SIGNATURE |
| typedef struct _UPDATE_VERSION_OS_SIGNATURE * PUPDATE_VERSION_OS_SIGNATURE |
| typedef struct _UPDATE_CB_HASH UPDATE_CB_HASH |
Describe a code-blocks hash in binary format.
| typedef struct _UPDATE_CB_SIGNATURE UPDATE_CB_SIGNATURE |
Describe a code-blocks signature in binary format.
| typedef struct _UPDATE_EXPORT_HASH UPDATE_EXPORT_HASH |
Describe a export hash in binary format.
| typedef struct _UPDATE_EXPORT_SIGNATURE UPDATE_EXPORT_SIGNATURE |
Describe an export signature in binary format.
| typedef struct _UPDATE_FILE_HEADER UPDATE_FILE_HEADER |
The header of the exceptions binary file.
| typedef struct _UPDATE_HEADER UPDATE_HEADER |
The header of an exception or a signature.
| typedef struct _UPDATE_IDT_SIGNATURE UPDATE_IDT_SIGNATURE |
Describe an IDT signature in binary format.
| typedef struct _UPDATE_KM_EXCEPTION UPDATE_KM_EXCEPTION |
Describe a kernel-mode exception in binary format.
| typedef struct _UPDATE_KUM_EXCEPTION UPDATE_KUM_EXCEPTION |
Describe a kernel-user mode exception in binary format.
Describe a process-creation signature in binary format.
| typedef struct _UPDATE_UM_EXCEPTION UPDATE_UM_EXCEPTION |
Describe a user-mode exception in binary format.
| typedef struct _UPDATE_UM_EXCEPTION_GLOB UPDATE_UM_EXCEPTION_GLOB |
Describe a user-mode-glob exception in binary format.
| typedef struct _UPDATE_VALUE_CODE_SIGNATURE UPDATE_VALUE_CODE_SIGNATURE |
Describe a value-code signature in binary format.
| typedef struct _UPDATE_VALUE_HASH UPDATE_VALUE_HASH |
Describe a value hash in binary format.
| typedef struct _UPDATE_VALUE_SIGNATURE UPDATE_VALUE_SIGNATURE |
Describe a value signature in binary format.
| typedef struct _UPDATE_VERSION_INTRO_SIGNATURE UPDATE_VERSION_INTRO_SIGNATURE |
Describe a version introspection signature in binary format.
| typedef struct _UPDATE_VERSION_OS_SIGNATURE UPDATE_VERSION_OS_SIGNATURE |
Describe a version OS signature in binary format.
| INTSTATUS IntUpdateAddExceptionFromAlert | ( | const void * | Event, |
| INTRO_EVENT_TYPE | Type, | ||
| BOOLEAN | Exception, | ||
| QWORD | Context | ||
| ) |
Handles all types of supported exceptions that can be added from alerts.
If the alert-exception is already created (the Exception parameter is true), this function will dispatch the alert-exception to the appropriate function that can create the exception with the provided type. If the Exception parameter is false, this function calls the IntAlertCreateException to create the alert-exception structure and will dispatch the newly created structure to the appropriate function that can create the exception with the provided type.
| [in] | Event | The event structure that contains the required information to create an exception. |
| [in] | Type | The type of the provided event. |
| [in] | Exception | True if the alert-exceptions structure is already created, otherwise false. |
| [in] | Context | The context provided by the integrator. |
| INT_STATUS_SUCCESS | On success. |
| INT_STATUS_NOT_NEEDED_HINT | If the exception already exists. |
| INT_STATUS_UNSUPPORTED_DATA_VALUE | If the alert-signature's version is different than our internal version. |
| INT_STATUS_INSUFFICIENT_RESOURCES | If not enough memory is available. |
Definition at line 2473 of file update_exceptions.c.
Referenced by IntAddExceptionFromAlert().
| INTSTATUS IntUpdateFlushAlertExceptions | ( | void | ) |
This function removes all exceptions that were added from alerts.
| INT_STATUS_SUCCESS | On success. |
| INT_STATUS_NOT_INITIALIZED | If the exceptions is not initialized. |
Definition at line 2721 of file update_exceptions.c.
Referenced by IntFlushAlertExceptions().
Get the version of the loaded exceptions binary file.
| [out] | MajorVersion | The major version of the exceptions. |
| [out] | MinorVersion | The minor version of the exceptions. |
| [out] | BuildNumber | The build number of the exceptions. |
| INT_STATUS_SUCCESS | On success. |
| INT_STATUS_INVALID_PARAMETER_1 | If the MajorVersion is null. |
| INT_STATUS_INVALID_PARAMETER_2 | If the MinorVersion is null. |
| INT_STATUS_INVALID_PARAMETER_3 | If the BuildNumber is null. |
| INT_STATUS_NOT_INITIALIZED | If the exceptions is not loaded. |
Definition at line 38 of file update_exceptions.c.
Referenced by IntGetExceptionsVersion().
Handles the exceptions coming from the integrator.
This function removes the existing exceptions that were not added from alert, then it parse the entire provided buffer and calls the appropriate function that adds a specific type of exception or signature.
| [in] | Buffer | The exceptions buffer. |
| [in] | Length | The length of the exceptions buffer. |
| [in] | Flags | Unused. |
| INT_STATUS_SUCCESS | On success. |
| INT_STATUS_NOT_SUPPORTED | If the exceptions buffer is corrupted or the version of the exceptions is not supported. |
Definition at line 1270 of file update_exceptions.c.
Referenced by IntUpdateExceptions().
This function removes an exception for a given context.
This function iterates all alert-exception list to find a exception that match the given context.
| [in] | Context | The context given by the integrator. |
| INT_STATUS_SUCCESS | On success. |
| INT_STATUS_NOT_INITIALIZED | If the exceptions is not initialized. |
| INT_STATUS_NOT_FOUND | If no exception with the given context exists. |
Definition at line 2666 of file update_exceptions.c.
Referenced by IntRemoveException().
1.8.13