Bitdefender Hypervisor Memory Introspection
update_exceptions.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2020 Bitdefender
3  * SPDX-License-Identifier: Apache-2.0
4  */
9 
10 #ifndef _UPDATE_EXCEPTIONS_H_
11 #define _UPDATE_EXCEPTIONS_H_
12 
13 #include "exceptions.h"
14 
15 //
16 // These will be shared between Linux & Windows
17 //
18 
19 #pragma pack(push)
20 #pragma pack(1)
21 
22 
26 typedef struct _UPDATE_FILE_HEADER
27 {
28  DWORD Magic;
29 
30  struct
31  {
32  WORD Major;
33  WORD Minor;
34  } Version;
35 
36  DWORD KernelExceptionsCount;
37  DWORD UserExceptionsCount;
38  DWORD SignaturesCount;
39 
40  DWORD BuildNumber;
41 
42  DWORD UserExceptionsGlobCount;
43  DWORD KernelUserExceptionsCount;
44 
45  DWORD _Reserved[1];
46 } UPDATE_FILE_HEADER, *PUPDATE_FILE_HEADER;
47 
48 
52 typedef struct _UPDATE_HEADER
53 {
54  BYTE Type;
55  WORD Size;
56 } UPDATE_HEADER, *PUPDATE_HEADER;
57 
58 
62 typedef struct _UPDATE_KM_EXCEPTION
63 {
64  struct
65  {
66  DWORD NameHash;
67  DWORD PathHash;
68  } Originator;
69 
70  DWORD VictimNameHash;
71 
72  DWORD Flags;
73 
74  BYTE _Reserved;
75  BYTE Type;
76  WORD SigCount;
77 
78  _Field_size_(SigCount)
79  DWORD SigIds[];
80 } UPDATE_KM_EXCEPTION, *PUPDATE_KM_EXCEPTION;
81 
82 
86 typedef struct _UPDATE_UM_EXCEPTION
87 {
88  DWORD OriginatorNameHash;
89 
90  struct
91  {
92  DWORD NameHash;
93  DWORD ProcessHash;
94  } Victim;
95 
96  DWORD Flags;
97 
98  BYTE _Reserved;
99  BYTE Type;
100  WORD SigCount;
101 
102  _Field_size_(SigCount)
103  DWORD SigIds[];
104 } UPDATE_UM_EXCEPTION, *PUPDATE_UM_EXCEPTION;
105 
106 
110 typedef struct _UPDATE_UM_EXCEPTION_GLOB
111 {
113  DWORD Flags;
114 
115  BYTE _Reserved;
117  BYTE Type;
119  WORD SigCount;
120 
122  CHAR OriginatorNameGlob[EXCEPTION_UM_GLOB_LENGTH];
123 
124  struct
125  {
127  CHAR NameGlob[EXCEPTION_UM_GLOB_LENGTH];
129  CHAR ProcessGlob[EXCEPTION_UM_GLOB_LENGTH];
130  } Victim;
131 
132  _Field_size_(SigCount)
133  DWORD SigIds[];
134 } UPDATE_UM_EXCEPTION_GLOB, *PUPDATE_UM_EXCEPTION_GLOB;
135 
136 
140 typedef struct _UPDATE_KUM_EXCEPTION
141 {
142  union
143  {
144  DWORD NameHash;
145  DWORD DriverHash;
146  DWORD ProcessHash;
147  } Originator;
148 
149  struct
150  {
151  DWORD NameHash;
152  DWORD ProcessHash;
153  } Victim;
154 
155  DWORD Flags;
156 
157  BYTE _Reserved;
158  BYTE Type;
159  WORD SigCount;
160 
161  _Field_size_(SigCount)
162  DWORD SigIds[];
163 } UPDATE_KUM_EXCEPTION, *PUPDATE_KUM_EXCEPTION;
164 
165 
169 typedef struct _UPDATE_CB_HASH
170 {
171  BYTE Count;
172 
173  _Field_size_(Count)
174  DWORD Hashes[];
175 } UPDATE_CB_HASH, *PUPDATE_CB_HASH;
176 
177 
181 typedef struct _UPDATE_VALUE_HASH
182 {
183  WORD Offset;
184  WORD Size;
185  BYTE _Reserved[4];
186  DWORD Hash;
187 } UPDATE_VALUE_HASH, *PUPDATE_VALUE_HASH;
188 
189 
193 typedef struct _UPDATE_EXPORT_HASH
194 {
195  WORD Delta;
196  BYTE _Reserved[2];
197  DWORD Hash;
198 } UPDATE_EXPORT_HASH, *PUPDATE_EXPORT_HASH;
199 
200 
204 typedef struct _UPDATE_CB_SIGNATURE
205 {
206  DWORD Id;
207  DWORD Flags;
208 
209  BYTE Score;
210  BYTE ListsCount;
211 
212  char HashesList[];
213 } UPDATE_CB_SIGNATURE, *PUPDATE_CB_SIGNATURE;
214 
215 
219 typedef struct _UPDATE_EXPORT_SIGNATURE
220 {
221  DWORD Id;
222  DWORD Flags;
223 
224  DWORD LibraryName;
225 
226  BYTE ListsCount;
227  BYTE _Align[3];
228 
229  char HashesList[];
230 } UPDATE_EXPORT_SIGNATURE, *PUPDATE_EXPORT_SIGNATURE;
231 
232 
236 typedef struct _UPDATE_VALUE_SIGNATURE
237 {
238  DWORD Id;
239  DWORD Flags;
240 
241  BYTE Score;
242  BYTE ListsCount;
243  BYTE _Align[2];
244 
245  char HashesList[];
246 } UPDATE_VALUE_SIGNATURE, *PUPDATE_VALUE_SIGNATURE;
247 
248 
252 typedef struct _UPDATE_IDT_SIGNATURE
253 {
254  DWORD Id;
255  DWORD Flags;
256 
257  BYTE Entry;
258  BYTE _Reserved[3];
259 } UPDATE_IDT_SIGNATURE, *PUPDATE_IDT_SIGNATURE;
260 
261 
265 typedef struct _UPDATE_VALUE_CODE_SIGNATURE
266 {
267  DWORD Id;
268  DWORD Flags;
269 
270  INT16 Offset;
271  WORD Length;
272 
273  WORD Pattern[];
274 } UPDATE_VALUE_CODE_SIGNATURE, *PUPDATE_VALUE_CODE_SIGNATURE;
275 
276 
280 typedef struct _UPDATE_VERSION_OS_SIGNATURE
281 {
282  DWORD Id;
283  DWORD Flags;
284 
285  union
286  {
288  struct
289  {
290  BYTE Version;
291  BYTE Patch;
292  WORD Sublevel;
293  WORD Backport;
294  BYTE _Reserved[2];
295  };
297  QWORD Value;
298  } Minimum;
299 
300  union
301  {
303  struct
304  {
305  BYTE Version;
306  BYTE Patch;
307  WORD Sublevel;
308  WORD Backport;
309  BYTE _Reserved[2];
310  };
312  QWORD Value;
313  } Maximum;
314 
315 } UPDATE_VERSION_OS_SIGNATURE, *PUPDATE_VERSION_OS_SIGNATURE;
316 
317 
321 typedef struct _UPDATE_VERSION_INTRO_SIGNATURE
322 {
323  DWORD Id;
324  DWORD Flags;
325 
326  union
327  {
329  struct
330  {
331  WORD Major;
332  WORD Minor;
333  WORD Revision;
334  WORD Build;
335  };
336 
337  QWORD Raw;
338  } Minimum;
339 
340  union
341  {
343  struct
344  {
345  WORD Major;
346  WORD Minor;
347  WORD Revision;
348  WORD Build;
349  };
350 
351  QWORD Raw;
352  } Maximum;
353 
354 } UPDATE_VERSION_INTRO_SIGNATURE, *PUPDATE_VERSION_INTRO_SIGNATURE;
355 
356 
360 typedef struct _UPDATE_PROCESS_CREATION_SIGNATURE
361 {
362  DWORD Id;
363  DWORD Flags;
364 
365  DWORD CreateMask;
366 
367  DWORD _Reserved[3];
368 
369 } UPDATE_PROCESS_CREATION_SIGNATURE, *PUPDATE_PROCESS_CREATION_SIGNATURE;
370 
371 #pragma pack(pop)
372 
373 
374 #define UPDATE_MAGIC_WORD 'ANXE'
375 
376 #define UPDATE_TYPE_KM_EXCEPTION 1
377 #define UPDATE_TYPE_UM_EXCEPTION 2
378 #define UPDATE_TYPE_UM_EXCEPTION_GLOB_MATCH 6
379 #define UPDATE_TYPE_APC_UM_EXCEPTION 9
380 
381 #define UPDATE_TYPE_CB_SIGNATURE 3
382 #define UPDATE_TYPE_EXPORT_SIGNATURE 4
383 #define UPDATE_TYPE_VALUE_SIGNATURE 5
384 #define UPDATE_TYPE_RESERVED 7
385 #define UPDATE_TYPE_VALUE_CODE_SIGNATURE 8
386 #define UPDATE_TYPE_IDT_SIGNATURE 10
387 #define UPDATE_TYPE_VERSION_OS_SIGNATURE 11
388 #define UPDATE_TYPE_VERSION_INTRO_SIGNATURE 12
389 #define UPDATE_TYPE_PROCESS_CREATION_SIGNATURE 13
390 #define UPDATE_TYPE_KUM_EXCEPTION 14
391 
392 #define UPDATE_EXCEPTIONS_MIN_VER_MAJOR 2
393 #define UPDATE_EXCEPTIONS_MIN_VER_MINOR 2
394 
395 
396 INTSTATUS
397 IntUpdateGetVersion(
398  _Out_ WORD *MajorVersion,
399  _Out_ WORD *MinorVersion,
400  _Out_ DWORD *BuildNumber
401  );
402 
403 INTSTATUS
404 IntUpdateLoadExceptions(
405  _In_ void *Buffer,
406  _In_ DWORD Length,
407  _In_ DWORD Flags
408  );
409 
410 INTSTATUS
411 IntUpdateAddExceptionFromAlert(
412  _In_ const void *Event,
413  _In_ INTRO_EVENT_TYPE Type,
414  _In_ BOOLEAN Exception,
415  _In_ QWORD Context
416  );
417 
418 INTSTATUS
419 IntUpdateFlushAlertExceptions(
420  void
421  );
422 
423 INTSTATUS
424 IntUpdateRemoveException(
425  _In_opt_ QWORD Context
426  );
427 
428 #endif // _UPDATE_EXCEPTIONS_H_
_UPDATE_VERSION_OS_SIGNATURE::Backport
WORD Backport
Definition: update_exceptions.h:293
_In_opt_
#define _In_opt_
Definition: intro_sal.h:16
_UPDATE_UM_EXCEPTION::_Reserved
BYTE _Reserved
Alignment purposes.
Definition: update_exceptions.h:98
_UPDATE_VERSION_OS_SIGNATURE::Version
BYTE Version
Definition: update_exceptions.h:290
_UPDATE_HEADER
The header of an exception or a signature.
Definition: update_exceptions.h:52
_UPDATE_UM_EXCEPTION_GLOB::Flags
DWORD Flags
The flags of the exception; any flags from _EXCEPTION_FLG.
Definition: update_exceptions.h:113
BOOLEAN
_Bool BOOLEAN
Definition: intro_types.h:58
_Out_
#define _Out_
Definition: intro_sal.h:22
_UPDATE_IDT_SIGNATURE::Id
DWORD Id
An unique id (_EXCEPTION_SIGNATURE_ID)
Definition: update_exceptions.h:254
_UPDATE_UM_EXCEPTION::Type
BYTE Type
The type of the exception; any type from _UM_EXCEPTION_OBJECT.
Definition: update_exceptions.h:99
_UPDATE_KM_EXCEPTION::PathHash
DWORD PathHash
Unused.
Definition: update_exceptions.h:67
_UPDATE_KUM_EXCEPTION::DriverHash
DWORD DriverHash
Contains the originator driver name-hash.
Definition: update_exceptions.h:145
_UPDATE_VERSION_INTRO_SIGNATURE::Flags
DWORD Flags
Contains any flags from _SIGNATURE_FLG.
Definition: update_exceptions.h:324
BYTE
uint8_t BYTE
Definition: intro_types.h:47
UPDATE_PROCESS_CREATION_SIGNATURE
struct _UPDATE_PROCESS_CREATION_SIGNATURE UPDATE_PROCESS_CREATION_SIGNATURE
Describe a process-creation signature in binary format.
_In_
#define _In_
Definition: intro_sal.h:21
PUPDATE_CB_SIGNATURE
struct _UPDATE_CB_SIGNATURE * PUPDATE_CB_SIGNATURE
WORD
uint16_t WORD
Definition: intro_types.h:48
_UPDATE_CB_HASH
Describe a code-blocks hash in binary format.
Definition: update_exceptions.h:169
UPDATE_EXPORT_SIGNATURE
struct _UPDATE_EXPORT_SIGNATURE UPDATE_EXPORT_SIGNATURE
Describe an export signature in binary format.
_UPDATE_KM_EXCEPTION
Describe a kernel-mode exception in binary format.
Definition: update_exceptions.h:62
_UPDATE_IDT_SIGNATURE::Flags
DWORD Flags
Contains any flags from _SIGNATURE_FLG.
Definition: update_exceptions.h:255
_UPDATE_UM_EXCEPTION::SigCount
WORD SigCount
The number of the signatures.
Definition: update_exceptions.h:100
PUPDATE_FILE_HEADER
struct _UPDATE_FILE_HEADER * PUPDATE_FILE_HEADER
_UPDATE_EXPORT_HASH
Describe a export hash in binary format.
Definition: update_exceptions.h:193
_UPDATE_KM_EXCEPTION::SigCount
WORD SigCount
The number of the signatures.
Definition: update_exceptions.h:76
_UPDATE_VERSION_OS_SIGNATURE
Describe a version OS signature in binary format.
Definition: update_exceptions.h:280
IntUpdateLoadExceptions
INTSTATUS IntUpdateLoadExceptions(void *Buffer, DWORD Length, DWORD Flags)
Handles the exceptions coming from the integrator.
Definition: update_exceptions.c:1270
_UPDATE_PROCESS_CREATION_SIGNATURE
Describe a process-creation signature in binary format.
Definition: update_exceptions.h:360
_UPDATE_VALUE_CODE_SIGNATURE::Offset
INT16 Offset
The displacement from the beginning of the modified zone.
Definition: update_exceptions.h:270
_UPDATE_VALUE_CODE_SIGNATURE::Flags
DWORD Flags
Contains any flags from _SIGNATURE_FLG.
Definition: update_exceptions.h:268
PUPDATE_IDT_SIGNATURE
struct _UPDATE_IDT_SIGNATURE * PUPDATE_IDT_SIGNATURE
UPDATE_VALUE_HASH
struct _UPDATE_VALUE_HASH UPDATE_VALUE_HASH
Describe a value hash in binary format.
_UPDATE_VALUE_SIGNATURE::ListsCount
BYTE ListsCount
The number of the list of hashes.
Definition: update_exceptions.h:242
_UPDATE_VERSION_OS_SIGNATURE::Patch
BYTE Patch
Definition: update_exceptions.h:291
PUPDATE_VALUE_SIGNATURE
struct _UPDATE_VALUE_SIGNATURE * PUPDATE_VALUE_SIGNATURE
INTSTATUS
int INTSTATUS
The status data type.
Definition: introstatus.h:24
_UPDATE_FILE_HEADER::Minor
WORD Minor
The minor version of the exceptions binary file.
Definition: update_exceptions.h:33
_UPDATE_UM_EXCEPTION::OriginatorNameHash
DWORD OriginatorNameHash
The name-hash of the originator.
Definition: update_exceptions.h:88
_UPDATE_PROCESS_CREATION_SIGNATURE::CreateMask
DWORD CreateMask
Contains the DPI mask.
Definition: update_exceptions.h:365
_UPDATE_KUM_EXCEPTION::_Reserved
BYTE _Reserved
Alignment purposes.
Definition: update_exceptions.h:157
_UPDATE_VALUE_HASH
Describe a value hash in binary format.
Definition: update_exceptions.h:181
_UPDATE_VERSION_OS_SIGNATURE::Sublevel
WORD Sublevel
Definition: update_exceptions.h:292
_UPDATE_IDT_SIGNATURE
Describe an IDT signature in binary format.
Definition: update_exceptions.h:252
_UPDATE_VERSION_OS_SIGNATURE::Value
QWORD Value
Definition: update_exceptions.h:297
_UPDATE_EXPORT_SIGNATURE::Flags
DWORD Flags
Contains any flags from _SIGNATURE_FLG.
Definition: update_exceptions.h:222
_UPDATE_KM_EXCEPTION::NameHash
DWORD NameHash
The name-hash of the originator.
Definition: update_exceptions.h:66
PUPDATE_HEADER
struct _UPDATE_HEADER * PUPDATE_HEADER
_UPDATE_VALUE_CODE_SIGNATURE
Describe a value-code signature in binary format.
Definition: update_exceptions.h:265
_UPDATE_VERSION_INTRO_SIGNATURE::Id
DWORD Id
An unique id (_EXCEPTION_SIGNATURE_ID)
Definition: update_exceptions.h:323
_UPDATE_HEADER::Size
WORD Size
The size of the exception/signature.
Definition: update_exceptions.h:55
_UPDATE_VERSION_INTRO_SIGNATURE::Minor
WORD Minor
Definition: update_exceptions.h:332
_UPDATE_FILE_HEADER::BuildNumber
DWORD BuildNumber
The build number of the exceptions binary file.
Definition: update_exceptions.h:40
PUPDATE_VALUE_CODE_SIGNATURE
struct _UPDATE_VALUE_CODE_SIGNATURE * PUPDATE_VALUE_CODE_SIGNATURE
EXCEPTION_UM_GLOB_LENGTH
#define EXCEPTION_UM_GLOB_LENGTH
Definition: exceptions.h:36
_Field_size_
#define _Field_size_(expr)
Definition: intro_sal.h:41
_UPDATE_FILE_HEADER::_Reserved
DWORD _Reserved[1]
Definition: update_exceptions.h:45
_UPDATE_FILE_HEADER::SignaturesCount
DWORD SignaturesCount
The number of the signatures.
Definition: update_exceptions.h:38
_UPDATE_VERSION_INTRO_SIGNATURE::Build
WORD Build
Definition: update_exceptions.h:334
UPDATE_FILE_HEADER
struct _UPDATE_FILE_HEADER UPDATE_FILE_HEADER
The header of the exceptions binary file.
PUPDATE_VERSION_INTRO_SIGNATURE
struct _UPDATE_VERSION_INTRO_SIGNATURE * PUPDATE_VERSION_INTRO_SIGNATURE
_UPDATE_VALUE_HASH::Hash
DWORD Hash
The hash of the modified zone.
Definition: update_exceptions.h:186
QWORD
unsigned long long QWORD
Definition: intro_types.h:53
_UPDATE_VERSION_OS_SIGNATURE::Id
DWORD Id
An unique id (_EXCEPTION_SIGNATURE_ID)
Definition: update_exceptions.h:282
_UPDATE_EXPORT_SIGNATURE::Id
DWORD Id
An unique id (_EXCEPTION_SIGNATURE_ID)
Definition: update_exceptions.h:221
_UPDATE_EXPORT_SIGNATURE::ListsCount
BYTE ListsCount
The number of the list of hashes.
Definition: update_exceptions.h:226
_UPDATE_FILE_HEADER
The header of the exceptions binary file.
Definition: update_exceptions.h:26
_UPDATE_KM_EXCEPTION::VictimNameHash
DWORD VictimNameHash
The name-hash of the victim.
Definition: update_exceptions.h:70
PUPDATE_PROCESS_CREATION_SIGNATURE
struct _UPDATE_PROCESS_CREATION_SIGNATURE * PUPDATE_PROCESS_CREATION_SIGNATURE
_UPDATE_HEADER::Type
BYTE Type
The type of the exception/signature.
Definition: update_exceptions.h:54
_UPDATE_VALUE_CODE_SIGNATURE::Length
WORD Length
The length of the opcode pattern.
Definition: update_exceptions.h:271
_UPDATE_VALUE_SIGNATURE
Describe a value signature in binary format.
Definition: update_exceptions.h:236
_UPDATE_KUM_EXCEPTION
Describe a kernel-user mode exception in binary format.
Definition: update_exceptions.h:140
_UPDATE_KUM_EXCEPTION::ProcessHash
DWORD ProcessHash
Contains the originator process name-hash.
Definition: update_exceptions.h:146
_UPDATE_CB_SIGNATURE::Id
DWORD Id
An unique id (_EXCEPTION_SIGNATURE_ID)
Definition: update_exceptions.h:206
_UPDATE_FILE_HEADER::Version
struct _UPDATE_FILE_HEADER::@141 Version
PUPDATE_EXPORT_HASH
struct _UPDATE_EXPORT_HASH * PUPDATE_EXPORT_HASH
_UPDATE_FILE_HEADER::Magic
DWORD Magic
The magic value; must be UPDATE_MAGIC_WORD.
Definition: update_exceptions.h:28
UPDATE_HEADER
struct _UPDATE_HEADER UPDATE_HEADER
The header of an exception or a signature.
_UPDATE_FILE_HEADER::UserExceptionsCount
DWORD UserExceptionsCount
The number of the user-mode exceptions.
Definition: update_exceptions.h:37
DWORD
uint32_t DWORD
Definition: intro_types.h:49
INT16
int16_t INT16
Definition: intro_types.h:43
_UPDATE_KUM_EXCEPTION::SigCount
WORD SigCount
The number of the signatures.
Definition: update_exceptions.h:159
_UPDATE_KUM_EXCEPTION::Type
BYTE Type
The type of the exception; any type from KUM_EXCEPTION_OBJECT.
Definition: update_exceptions.h:158
_UPDATE_CB_HASH::Count
BYTE Count
The number of hashes from the list.
Definition: update_exceptions.h:171
_UPDATE_VERSION_INTRO_SIGNATURE::Major
WORD Major
Definition: update_exceptions.h:331
UPDATE_VALUE_SIGNATURE
struct _UPDATE_VALUE_SIGNATURE UPDATE_VALUE_SIGNATURE
Describe a value signature in binary format.
_UPDATE_KUM_EXCEPTION::Flags
DWORD Flags
The flags of the exception; any flags from EXCEPTION_FLG.
Definition: update_exceptions.h:155
_UPDATE_PROCESS_CREATION_SIGNATURE::Id
DWORD Id
An unique id (_EXCEPTION_SIGNATURE_ID)
Definition: update_exceptions.h:362
UPDATE_VERSION_OS_SIGNATURE
struct _UPDATE_VERSION_OS_SIGNATURE UPDATE_VERSION_OS_SIGNATURE
Describe a version OS signature in binary format.
_UPDATE_VERSION_OS_SIGNATURE::Flags
DWORD Flags
Contains any flags from _SIGNATURE_FLG.
Definition: update_exceptions.h:283
_UPDATE_PROCESS_CREATION_SIGNATURE::Flags
DWORD Flags
Contains any flags from _SIGNATURE_FLG.
Definition: update_exceptions.h:363
UPDATE_IDT_SIGNATURE
struct _UPDATE_IDT_SIGNATURE UPDATE_IDT_SIGNATURE
Describe an IDT signature in binary format.
_UPDATE_FILE_HEADER::UserExceptionsGlobCount
DWORD UserExceptionsGlobCount
The number of the user-mode exceptions that contains glob items.
Definition: update_exceptions.h:42
UPDATE_VERSION_INTRO_SIGNATURE
struct _UPDATE_VERSION_INTRO_SIGNATURE UPDATE_VERSION_INTRO_SIGNATURE
Describe a version introspection signature in binary format.
_UPDATE_VERSION_INTRO_SIGNATURE
Describe a version introspection signature in binary format.
Definition: update_exceptions.h:321
_UPDATE_VALUE_SIGNATURE::Id
DWORD Id
An unique id (_EXCEPTION_SIGNATURE_ID)
Definition: update_exceptions.h:238
_UPDATE_EXPORT_SIGNATURE
Describe an export signature in binary format.
Definition: update_exceptions.h:219
_UPDATE_FILE_HEADER::KernelExceptionsCount
DWORD KernelExceptionsCount
The number of the kernel-mode exceptions.
Definition: update_exceptions.h:36
_UPDATE_VALUE_HASH::Offset
WORD Offset
The displacement from the beginning of the modified zone.
Definition: update_exceptions.h:183
_UPDATE_UM_EXCEPTION::ProcessHash
DWORD ProcessHash
The name-hash of the process in which the modification takes place.
Definition: update_exceptions.h:93
_UPDATE_CB_SIGNATURE
Describe a code-blocks signature in binary format.
Definition: update_exceptions.h:204
_UPDATE_KUM_EXCEPTION::NameHash
DWORD NameHash
Contains the originator name-hash.
Definition: update_exceptions.h:144
_UPDATE_VALUE_SIGNATURE::Flags
DWORD Flags
Contains any flags from _SIGNATURE_FLG.
Definition: update_exceptions.h:239
PUPDATE_VALUE_HASH
struct _UPDATE_VALUE_HASH * PUPDATE_VALUE_HASH
IntUpdateFlushAlertExceptions
INTSTATUS IntUpdateFlushAlertExceptions(void)
This function removes all exceptions that were added from alerts.
Definition: update_exceptions.c:2721
_UPDATE_VERSION_INTRO_SIGNATURE::Raw
QWORD Raw
Definition: update_exceptions.h:337
_UPDATE_UM_EXCEPTION_GLOB::_Reserved
BYTE _Reserved
Definition: update_exceptions.h:115
_UPDATE_UM_EXCEPTION_GLOB::Type
BYTE Type
The type of the exception; any type from _UM_EXCEPTION_OBJECT.
Definition: update_exceptions.h:117
_UPDATE_VALUE_SIGNATURE::Score
BYTE Score
The number of (minimum) hashes from a list that need to match.
Definition: update_exceptions.h:241
_UPDATE_UM_EXCEPTION_GLOB
Describe a user-mode-glob exception in binary format.
Definition: update_exceptions.h:110
_UPDATE_UM_EXCEPTION_GLOB::SigCount
WORD SigCount
The number of the signatures.
Definition: update_exceptions.h:119
_UPDATE_FILE_HEADER::Major
WORD Major
The major version of the exceptions binary file.
Definition: update_exceptions.h:32
INTRO_EVENT_TYPE
enum _INTRO_EVENT_TYPE INTRO_EVENT_TYPE
Event classes.
_UPDATE_CB_SIGNATURE::ListsCount
BYTE ListsCount
The number of the list of hashes.
Definition: update_exceptions.h:210
IntUpdateGetVersion
INTSTATUS IntUpdateGetVersion(WORD *MajorVersion, WORD *MinorVersion, DWORD *BuildNumber)
Get the version of the loaded exceptions binary file.
Definition: update_exceptions.c:38
_UPDATE_EXPORT_SIGNATURE::LibraryName
DWORD LibraryName
The name-hash of the modified library.
Definition: update_exceptions.h:224
_UPDATE_IDT_SIGNATURE::Entry
BYTE Entry
The number of the IDT entry.
Definition: update_exceptions.h:257
_UPDATE_EXPORT_HASH::Hash
DWORD Hash
The hash of the modified function name.
Definition: update_exceptions.h:197
UPDATE_EXPORT_HASH
struct _UPDATE_EXPORT_HASH UPDATE_EXPORT_HASH
Describe a export hash in binary format.
_UPDATE_CB_SIGNATURE::Score
BYTE Score
The number of (minimum) hashes from a list that need to match.
Definition: update_exceptions.h:209
_UPDATE_KM_EXCEPTION::Flags
DWORD Flags
The flags of the exception; any flags from _EXCEPTION_FLG.
Definition: update_exceptions.h:72
PUPDATE_EXPORT_SIGNATURE
struct _UPDATE_EXPORT_SIGNATURE * PUPDATE_EXPORT_SIGNATURE
_UPDATE_VERSION_INTRO_SIGNATURE::Revision
WORD Revision
Definition: update_exceptions.h:333
CHAR
char CHAR
Definition: intro_types.h:56
_UPDATE_UM_EXCEPTION::NameHash
DWORD NameHash
The name-hash of the victim.
Definition: update_exceptions.h:92
_UPDATE_KM_EXCEPTION::_Reserved
BYTE _Reserved
Alignment purposes.
Definition: update_exceptions.h:74
_UPDATE_VALUE_HASH::Size
WORD Size
The size of of the modified zone.
Definition: update_exceptions.h:184
_UPDATE_VALUE_CODE_SIGNATURE::Id
DWORD Id
An unique id (_EXCEPTION_SIGNATURE_ID)
Definition: update_exceptions.h:267
IntUpdateAddExceptionFromAlert
INTSTATUS IntUpdateAddExceptionFromAlert(const void *Event, INTRO_EVENT_TYPE Type, BOOLEAN Exception, QWORD Context)
Handles all types of supported exceptions that can be added from alerts.
Definition: update_exceptions.c:2473
_UPDATE_CB_SIGNATURE::Flags
DWORD Flags
Contains any flags from _SIGNATURE_FLG.
Definition: update_exceptions.h:207
_UPDATE_FILE_HEADER::KernelUserExceptionsCount
DWORD KernelUserExceptionsCount
The number of the kernel-user mode exceptions.
Definition: update_exceptions.h:43
_UPDATE_UM_EXCEPTION
Describe a user-mode exception in binary format.
Definition: update_exceptions.h:86
UPDATE_VALUE_CODE_SIGNATURE
struct _UPDATE_VALUE_CODE_SIGNATURE UPDATE_VALUE_CODE_SIGNATURE
Describe a value-code signature in binary format.
IntUpdateRemoveException
INTSTATUS IntUpdateRemoveException(QWORD Context)
This function removes an exception for a given context.
Definition: update_exceptions.c:2666
_UPDATE_EXPORT_HASH::Delta
WORD Delta
The number of bytes that are modified.
Definition: update_exceptions.h:195
_UPDATE_KM_EXCEPTION::Type
BYTE Type
The type of the exception; any type from _KM_EXCEPTION_OBJECT.
Definition: update_exceptions.h:75
_UPDATE_UM_EXCEPTION::Flags
DWORD Flags
The flags of the exception; any flags from _EXCEPTION_FLG.
Definition: update_exceptions.h:96
UPDATE_CB_SIGNATURE
struct _UPDATE_CB_SIGNATURE UPDATE_CB_SIGNATURE
Describe a code-blocks signature in binary format.
PUPDATE_VERSION_OS_SIGNATURE
struct _UPDATE_VERSION_OS_SIGNATURE * PUPDATE_VERSION_OS_SIGNATURE