Bitdefender Hypervisor Memory Introspection
Data Structures | Macros | Typedefs | Functions | Variables
update_guests.c File Reference
Internal » Guest support mechanism

The CAMI parser. More...

#include "update_guests.h"
#include "introdefs.h"
#include "introstatus.h"
#include "winapi.h"
#include "guests.h"
#include "winprocess.h"
#include "lixprocess.h"
#include "introcrt.h"

Go to the source code of this file.

Data Structures

struct  _CAMI_STRUCTURE
 Describe the way we load the guest offsets from the update buffer. More...
 
struct  _CAMI_PROCESS_PROTECTION_INFO
 Describe process protection options. More...
 
struct  _CAMI_PROCESS_PROTECTION_DATA
 Describe a list of process protection options. More...
 

Macros

#define IS_CAMI_FILEOFFSET_OK(FileOffset)   __likely((FileOffset) < gUpdateBufferSize)
 Check whether a file offset overflows the update buffer. More...
 
#define IS_CAMI_FILEPOINTER_OK(FilePointer)
 Check whether a file pointer resides inside the update buffer. More...
 
#define IS_CAMI_STRUCTURE_OK(FilePointer)
 Check whether a whole structure resides inside the update buffer. More...
 
#define IS_CAMI_ARRAY_OK(StartPointer, Count)
 Check whether a whole array resides inside the update buffer. More...
 
#define GET_CAMI_STRUCT(Type, Offset)   ((Type)(const void *)((const BYTE*)gUpdateBuffer + (DWORD)(Offset)))
 Get a CAMI structure from an update buffer. More...
 

Typedefs

typedef struct _CAMI_STRUCTURE CAMI_STRUCTURE
 Describe the way we load the guest offsets from the update buffer. More...
 
typedef struct _CAMI_PROCESS_PROTECTION_INFO CAMI_PROCESS_PROTECTION_INFO
 Describe process protection options. More...
 
typedef struct _CAMI_PROCESS_PROTECTION_INFOPCAMI_PROCESS_PROTECTION_INFO
 
typedef struct _CAMI_PROCESS_PROTECTION_DATA CAMI_PROCESS_PROTECTION_DATA
 Describe a list of process protection options. More...
 
typedef struct _CAMI_PROCESS_PROTECTION_DATAPCAMI_PROCESS_PROTECTION_DATA
 

Functions

static BOOLEAN IntCamiCheckIntroVersion (QWORD MinIntroVersion, QWORD MaxIntroVersion)
 Check if the CAMI buffer is compatible with the Intro version. More...
 
static const CAMI_SECTION_HEADERIntCamiFindSectionHeaderByHint (const CAMI_HEADER *CamiHeader, DWORD SectionHint)
 Iterate through all of the section headers from the update buffer and return the one matching the hint. More...
 
static INTSTATUS IntCamiLoadOpaqueFields (const CAMI_OPAQUE_STRUCTURE *CamiStructures, const CAMI_STRUCTURE *ToLoad, DWORD Count, INTRO_GUEST_TYPE OsType)
 Load a set of opaque filed offsets from the update buffer. More...
 
static INTSTATUS IntCamiLoadPatternSignatures (const CAMI_SECTION_HEADER *SectionHeader, PATTERN_SIGNATURE **PatternSignatures, DWORD *PatternSignaturesCount)
 Allocate and load pattern signatures. More...
 
static INTSTATUS IntCamiLoadSyscalls (const CAMI_HEADER *CamiHeader)
 Loads the syscall signatures from their section. More...
 
static INTSTATUS IntCamiLoadLixDistSigs (const CAMI_HEADER *CamiHeader)
 Loads the Linux distribution signatures from their section. More...
 
static void IntCamiUpdateProtOptions (const CAMI_PROT_OPTIONS *Src, INTRO_PROT_OPTIONS *Dst)
 Updates the current protection options. More...
 
static INTSTATUS IntCamiSetCoreOptions (const CAMI_PROT_OPTIONS *Options)
 Update the guest protection flags using the ones from CAMI. More...
 
static INTSTATUS IntCamiSetShemuOptions (const CAMI_PROT_OPTIONS *Options)
 Update the shemu flags using the ones from CAMI. More...
 
static INTSTATUS IntCamiUpdateProcessProtectionInfoLix (LIX_PROTECTED_PROCESS *ProtectedProcess)
 Update a Linux process' protection flags using the ones from CAMI. More...
 
static INTSTATUS IntCamiUpdateProcessProtectionInfoWin (PROTECTED_PROCESS_INFO *ProtectedProcess)
 Update a windows process' protection flags using the ones from CAMI. More...
 
INTSTATUS IntCamiUpdateProcessProtectionInfo (void *ProtectedProcess)
 Update a process' protection flags using the ones from CAMI. More...
 
void IntCamiUpdateProcessProtectionItems (void *Name, CAMI_STRING_ENCODING Encoding, CAMI_PROT_OPTIONS *Options)
 Update a protected process protection flags. More...
 
static INTSTATUS IntCamiSetProcProtOptions (const CAMI_PROC_PROT_OPTIONS *Table, DWORD TableCount)
 Loads all the process protection flags from CAMI. More...
 
static INTSTATUS IntCamiResetCoreOptions (void)
 
static INTSTATUS IntCamiResetShemuOptions (void)
 
static INTSTATUS IntCamiLoadOsOptions (DWORD OptionsFileOffset)
 Load custom protection options for the guest OS or for protected processes. More...
 
static INTSTATUS IntCamiLoadLinux (const CAMI_HEADER *CamiHeader)
 Loads all of the necessary information about the current windows guest that is needed by intro to support it. More...
 
static INTSTATUS IntCamiLoadWindows (const CAMI_HEADER *CamiHeader)
 Loads all of the necessary information about the current windows guest that is needed by intro to support it. More...
 
static INTSTATUS IntCamiLoadProtOptionsLinux (const CAMI_HEADER *CamiHeader)
 Load and apply all of the enforced protection options for Linux guests. More...
 
static INTSTATUS IntCamiLoadProtOptionsWin (const CAMI_HEADER *CamiHeader)
 Load and apply all of the enforced protection options for Windows guests. More...
 
INTSTATUS IntCamiGetWinSupportedList (BOOLEAN KptiInstalled, BOOLEAN Guest64, DWORD *NtBuildNumberList, DWORD *Count)
 Return a list of supported Windows NtBuildNumbers. More...
 
INTSTATUS IntCamiLoadSection (DWORD CamiSectionHint)
 Load CAMI objects from section with given hint. More...
 
INTSTATUS IntCamiSetUpdateBuffer (const BYTE *UpdateBuffer, DWORD BufferLength)
 Initialize the update buffer with the one from the integrator. More...
 
void IntCamiClearUpdateBuffer (void)
 Uninitialize the update buffer and notify the integrator that we don't need it anymore. More...
 
INTSTATUS IntCamiGetVersion (DWORD *MajorVersion, DWORD *MinorVersion, DWORD *BuildNumber)
 Get the version of the loaded CAMI support file. More...
 
INTSTATUS IntCamiProtectedProcessAllocate (DWORD Items)
 Initialize the global variable holding custom process protection options. More...
 
INTSTATUS IntCamiProtectedProcessFree (void)
 Uninitialize the global holding custom process protection options. More...
 

Variables

static CAMI_VERSION gCamiVersion = { 0 }
 The version of the loaded update file. More...
 
static const BYTEgUpdateBuffer = NULL
 The buffer holding the update file. More...
 
static DWORD gUpdateBufferSize = 0
 The size of the update buffer. More...
 
PATTERN_SIGNATUREgSysenterSignatures
 Pointer to the syscall signatures that will be loaded from the update buffer. More...
 
DWORD gSysenterSignaturesCount
 Holds the number of loaded syscall signatures. More...
 
PATTERN_SIGNATUREgLinuxDistSigs
 Pointer to the linux distribution signatures that will be loaded from the update buffer. More...
 
DWORD gLinuxDistSigsCount
 Holds the number of loaded linux distribution signatures. More...
 
INT_VERSION_INFO IntHviVersion
 The HVI version. Used to check for compatibility issues with the cami version. More...
 
static CAMI_PROCESS_PROTECTION_DATA gCamiProcessProtectionData
 Loaded process protection data from CAMI. More...
 
static const CAMI_STRUCTURE gLinuxStructures [lixStructureEnd]
 Describe the Linux fields to be loaded from the update buffer. More...
 
static const CAMI_STRUCTURE gWinKmStructures [winKmStructureEnd]
 Describe the windows km fields to be loaded from the update buffer. More...
 
static const CAMI_STRUCTURE gWinUmStructures [winUmStructureEnd]
 Describe the windows um fields to be loaded from the update buffer. More...
 

Detailed Description

The CAMI parser.

Definition in file update_guests.c.

Macro Definition Documentation

◆ GET_CAMI_STRUCT

#define GET_CAMI_STRUCT (   Type,
  Offset 
)    ((Type)(const void *)((const BYTE*)gUpdateBuffer + (DWORD)(Offset)))

Get a CAMI structure from an update buffer.

Parameters
[in]TypeThe type of the structure. It should be a pointer to a constant structure.
[in]OffsetThe offset at which the structure is found.
Returns
The structure.

Definition at line 70 of file update_guests.c.

Referenced by IntCamiFindSectionHeaderByHint(), IntCamiGetWinSupportedList(), IntCamiLoadLinux(), IntCamiLoadOpaqueFields(), IntCamiLoadOsOptions(), IntCamiLoadPatternSignatures(), IntCamiLoadProtOptionsLinux(), IntCamiLoadProtOptionsWin(), IntCamiLoadWindows(), and IntCamiSetProcProtOptions().

◆ IS_CAMI_ARRAY_OK

#define IS_CAMI_ARRAY_OK (   StartPointer,
  Count 
)
Value:
__likely(IS_CAMI_FILEPOINTER_OK(StartPointer) && \
((Count) < CAMI_MAX_ENTRY_COUNT) && \
(((DWORD)(Count) == 0) || \
(IS_CAMI_FILEPOINTER_OK((const BYTE*)((StartPointer) + \
(DWORD)(Count)) - 1))))
BYTE
uint8_t BYTE
Definition: intro_types.h:47
IS_CAMI_FILEPOINTER_OK
#define IS_CAMI_FILEPOINTER_OK(FilePointer)
Check whether a file pointer resides inside the update buffer.
Definition: update_guests.c:49
DWORD
uint32_t DWORD
Definition: intro_types.h:49
__likely
#define __likely(x)
Definition: common.h:63
CAMI_MAX_ENTRY_COUNT
#define CAMI_MAX_ENTRY_COUNT
Maximum number of elements for a CAMI array.
Definition: update_guests.h:37

Check whether a whole array resides inside the update buffer.

Definition at line 58 of file update_guests.c.

Referenced by IntCamiFindSectionHeaderByHint(), IntCamiGetWinSupportedList(), IntCamiLoadLinux(), IntCamiLoadOpaqueFields(), IntCamiLoadOsOptions(), IntCamiLoadPatternSignatures(), IntCamiLoadProtOptionsLinux(), IntCamiLoadProtOptionsWin(), and IntCamiLoadWindows().

◆ IS_CAMI_FILEOFFSET_OK

#define IS_CAMI_FILEOFFSET_OK (   FileOffset)    __likely((FileOffset) < gUpdateBufferSize)

Check whether a file offset overflows the update buffer.

Definition at line 46 of file update_guests.c.

◆ IS_CAMI_FILEPOINTER_OK

#define IS_CAMI_FILEPOINTER_OK (   FilePointer)
Value:
__likely((const BYTE*)(FilePointer) >= (const BYTE*)gUpdateBuffer) && \
((const BYTE*)(FilePointer) < (const BYTE*)gUpdateBuffer + \
gUpdateBufferSize)
BYTE
uint8_t BYTE
Definition: intro_types.h:47
gUpdateBuffer
static const BYTE * gUpdateBuffer
The buffer holding the update file.
Definition: update_guests.c:24
__likely
#define __likely(x)
Definition: common.h:63
gUpdateBufferSize
static DWORD gUpdateBufferSize
The size of the update buffer.
Definition: update_guests.c:27

Check whether a file pointer resides inside the update buffer.

Definition at line 49 of file update_guests.c.

◆ IS_CAMI_STRUCTURE_OK

#define IS_CAMI_STRUCTURE_OK (   FilePointer)
Value:
__likely(IS_CAMI_FILEPOINTER_OK(FilePointer) && \
IS_CAMI_FILEPOINTER_OK(((const BYTE*)((FilePointer) + 1) - 1)))
BYTE
uint8_t BYTE
Definition: intro_types.h:47
IS_CAMI_FILEPOINTER_OK
#define IS_CAMI_FILEPOINTER_OK(FilePointer)
Check whether a file pointer resides inside the update buffer.
Definition: update_guests.c:49
__likely
#define __likely(x)
Definition: common.h:63

Check whether a whole structure resides inside the update buffer.

Definition at line 54 of file update_guests.c.

Referenced by IntCamiLoadOsOptions(), IntCamiLoadWindows(), and IntCamiSetProcProtOptions().

Typedef Documentation

◆ CAMI_PROCESS_PROTECTION_DATA

typedef struct _CAMI_PROCESS_PROTECTION_DATA CAMI_PROCESS_PROTECTION_DATA

Describe a list of process protection options.

◆ CAMI_PROCESS_PROTECTION_INFO

typedef struct _CAMI_PROCESS_PROTECTION_INFO CAMI_PROCESS_PROTECTION_INFO

Describe process protection options.

◆ CAMI_STRUCTURE

typedef struct _CAMI_STRUCTURE CAMI_STRUCTURE

Describe the way we load the guest offsets from the update buffer.

◆ PCAMI_PROCESS_PROTECTION_DATA

typedef struct _CAMI_PROCESS_PROTECTION_DATA * PCAMI_PROCESS_PROTECTION_DATA

◆ PCAMI_PROCESS_PROTECTION_INFO

typedef struct _CAMI_PROCESS_PROTECTION_INFO * PCAMI_PROCESS_PROTECTION_INFO

Function Documentation

◆ IntCamiCheckIntroVersion()

static BOOLEAN IntCamiCheckIntroVersion ( QWORD  MinIntroVersion,
QWORD  MaxIntroVersion 
)
static

Check if the CAMI buffer is compatible with the Intro version.

Returns
TRUE if they are compatible, FALSE otherwise.

Definition at line 266 of file update_guests.c.

Referenced by IntCamiGetWinSupportedList(), IntCamiLoadLinux(), IntCamiLoadProtOptionsLinux(), IntCamiLoadProtOptionsWin(), and IntCamiLoadWindows().

◆ IntCamiClearUpdateBuffer()

void IntCamiClearUpdateBuffer ( void  )

Uninitialize the update buffer and notify the integrator that we don't need it anymore.

Definition at line 1719 of file update_guests.c.

Referenced by IntGuestPrepareUninit(), and IntUpdateSupport().

◆ IntCamiFindSectionHeaderByHint()

static const CAMI_SECTION_HEADER* IntCamiFindSectionHeaderByHint ( const CAMI_HEADER CamiHeader,
DWORD  SectionHint 
)
static

Iterate through all of the section headers from the update buffer and return the one matching the hint.

Parameters
[in]CamiHeaderThe CAMI header from the update buffer.
[in]SectionHintSpecifies which section to search for.
Returns
The CAMI_SECTION_HEADER desired if found, NULL otherwise.

Definition at line 290 of file update_guests.c.

Referenced by IntCamiGetWinSupportedList(), IntCamiLoadLinux(), IntCamiLoadLixDistSigs(), IntCamiLoadProtOptionsLinux(), IntCamiLoadProtOptionsWin(), IntCamiLoadSyscalls(), and IntCamiLoadWindows().

◆ IntCamiGetVersion()

INTSTATUS IntCamiGetVersion ( DWORD MajorVersion,
DWORD MinorVersion,
DWORD BuildNumber 
)

Get the version of the loaded CAMI support file.

Parameters
[out]MajorVersionWill hold the major version.
[out]MinorVersionWill hold the minor version.
[out]BuildNumberWill hold the build number.
Returns
INT_STATUS_SUCCESS or an appropriate INTSTATUS error value.

Definition at line 1756 of file update_guests.c.

Referenced by IntAlertFillVersionInfo(), and IntGetSupportVersion().

◆ IntCamiGetWinSupportedList()

INTSTATUS IntCamiGetWinSupportedList ( BOOLEAN  KptiInstalled,
BOOLEAN  Guest64,
DWORD NtBuildNumberList,
DWORD Count 
)

Return a list of supported Windows NtBuildNumbers.

If NtBuildNumberList is NULL, Count will hold the number of elements that NtBuildNumberList should be able to hold.

If it's not NULL, it will be filled with at most Count NtBuildNumbers the list in the update buffer.

Parameters
[in]KptiInstalledSpecifies whether to load supported guests with or without KPTI patches.
[in]Guest64Specifies whether to load supported x86_64 guests or x86.
[out]NtBuildNumberListIf NULL, ignored. If not NULL, will hold a list of supported NtBuildNumbers.
[in,out]CountIf NtBuildNumberList is NULL, will hold the number of elements NtBuildNumberList should hold. If NtBuildNumberList is not null, holds the maximum numbers of elements to be loaded in it.
Returns
INT_STATUS_SUCCESS on success or an appropriate INTSTATUS error value.

Definition at line 1467 of file update_guests.c.

Referenced by IntWinGuestFindBuildNumber().

◆ IntCamiLoadLinux()

static INTSTATUS IntCamiLoadLinux ( const CAMI_HEADER CamiHeader)
static

Loads all of the necessary information about the current windows guest that is needed by intro to support it.

  1. Find the proper Linux descriptor from the update buffer.
  2. Check for Intro compatibility.
  3. Load all hookable functions and opaque structures.
  4. Load the enforced protection options.
Parameters
[in]CamiHeaderThe CAMI header of the update buffer.
Returns
INT_STATUS_SUCCESS on success or an appropriate INTSTATUS error value.

Definition at line 929 of file update_guests.c.

Referenced by IntCamiLoadSection().

◆ IntCamiLoadLixDistSigs()

static INTSTATUS IntCamiLoadLixDistSigs ( const CAMI_HEADER CamiHeader)
static

Loads the Linux distribution signatures from their section.

Parameters
[in]CamiHeaderThe CAMI header of the update buffer.
Returns
INT_STATUS_SUCCESS on success or an appropriate INTSTATUS error value.

Definition at line 488 of file update_guests.c.

Referenced by IntCamiLoadSection().

◆ IntCamiLoadOpaqueFields()

static INTSTATUS IntCamiLoadOpaqueFields ( const CAMI_OPAQUE_STRUCTURE CamiStructures,
const CAMI_STRUCTURE ToLoad,
DWORD  Count,
INTRO_GUEST_TYPE  OsType 
)
static

Load a set of opaque filed offsets from the update buffer.

Parameters
[in]CamiStructuresPointer to the CAMI structure holding the offsets.
[in]ToLoadSpecifies which fields to be loaded and how.
[in]CountSpecifies how may fields to be loaded.
[in]OsTypeSpecifies the OS for which these should be loaded.
Return values
INT_STATUS_SUCCESSOn success.
INT_STATUS_INVALID_PARAMETER_4If the OsType is not supported.
INT_STATUS_NOT_SUPPORTEDIf the number of fields from the update is less than the required number of fields.
INT_STATUS_INVALID_DATA_SIZEIf the fields array overflows the buffer.

Definition at line 326 of file update_guests.c.

Referenced by IntCamiLoadLinux(), and IntCamiLoadWindows().

◆ IntCamiLoadOsOptions()

static INTSTATUS IntCamiLoadOsOptions ( DWORD  OptionsFileOffset)
static

Load custom protection options for the guest OS or for protected processes.

Parameters
[in]OptionsFileOffsetFile offset of a CAMI_CUSTOM_OS_PROTECTION.
Returns
INT_STATUS_SUCCESS on success or an appropriate INTSTATUS error code.

Definition at line 837 of file update_guests.c.

Referenced by IntCamiLoadLinux(), IntCamiLoadProtOptionsLinux(), IntCamiLoadProtOptionsWin(), and IntCamiLoadWindows().

◆ IntCamiLoadPatternSignatures()

static INTSTATUS IntCamiLoadPatternSignatures ( const CAMI_SECTION_HEADER SectionHeader,
PATTERN_SIGNATURE **  PatternSignatures,
DWORD PatternSignaturesCount 
)
static

Allocate and load pattern signatures.

Parameters
[in]SectionHeaderHeader of the section holding the patterns.
[out]PatternSignaturesWill hold the newly allocated memory range holding the patterns.
[out]PatternSignaturesCountWill hold the number of loaded pattern signatures.
Returns
INT_STATUS_SUCCESS on success or an appropriate INTSTATUS error value.

Definition at line 393 of file update_guests.c.

Referenced by IntCamiLoadLixDistSigs(), and IntCamiLoadSyscalls().

◆ IntCamiLoadProtOptionsLinux()

static INTSTATUS IntCamiLoadProtOptionsLinux ( const CAMI_HEADER CamiHeader)
static

Load and apply all of the enforced protection options for Linux guests.

Will load and apply core protection options and process protection options.

Parameters
[in]CamiHeaderThe CAMI header of the update buffer.
Returns
INT_STATUS_SUCCESS on success or an appropriate INTSTATUS error value.

Definition at line 1335 of file update_guests.c.

Referenced by IntCamiLoadSection().

◆ IntCamiLoadProtOptionsWin()

static INTSTATUS IntCamiLoadProtOptionsWin ( const CAMI_HEADER CamiHeader)
static

Load and apply all of the enforced protection options for Windows guests.

Will load and apply core protection options and process protection options.

Parameters
[in]CamiHeaderThe CAMI header of the update buffer.
Returns
INT_STATUS_SUCCESS on success or an appropriate INTSTATUS error value.

Definition at line 1406 of file update_guests.c.

Referenced by IntCamiLoadSection().

◆ IntCamiLoadSection()

INTSTATUS IntCamiLoadSection ( DWORD  CamiSectionHint)

Load CAMI objects from section with given hint.

Parameters
[in]CamiSectionHintSpecifies the section from which to load.
Returns
INT_STATUS_SUCCESS or an appropriate INTSTATUS error value.

Definition at line 1565 of file update_guests.c.

Referenced by IntGuestDetectOsSysCall(), IntLixGuestFindKernel(), IntLixGuestIsSupported(), IntUpdateSupport(), and IntWinGuestIsSupported().

◆ IntCamiLoadSyscalls()

static INTSTATUS IntCamiLoadSyscalls ( const CAMI_HEADER CamiHeader)
static

Loads the syscall signatures from their section.

Parameters
[in]CamiHeaderThe CAMI header of the update buffer.
Returns
INT_STATUS_SUCCESS on success or an appropriate INTSTATUS error value.

Definition at line 463 of file update_guests.c.

Referenced by IntCamiLoadSection().

◆ IntCamiLoadWindows()

static INTSTATUS IntCamiLoadWindows ( const CAMI_HEADER CamiHeader)
static

Loads all of the necessary information about the current windows guest that is needed by intro to support it.

  1. Find the proper windows descriptor from the update buffer.
  2. Check for Intro compatibility.
  3. Load all functions, opaque fields and version strings.
  4. Load the enforced protection options.
  5. Load all function patterns sent by CAMI and update the hook descriptors.
Parameters
[in]CamiHeaderThe CAMI header of the update buffer.
Returns
INT_STATUS_SUCCESS on success or an appropriate INTSTATUS error value.

Definition at line 1059 of file update_guests.c.

Referenced by IntCamiLoadSection().

◆ IntCamiProtectedProcessAllocate()

INTSTATUS IntCamiProtectedProcessAllocate ( DWORD  Items)

Initialize the global variable holding custom process protection options.

Parameters
[in]ItemsNumber of items the global should hold.
Returns
INT_STATUS_SUCCESS on success or an appropriate INTSTATUS error code.

Definition at line 1795 of file update_guests.c.

Referenced by IntCamiLoadOsOptions().

◆ IntCamiProtectedProcessFree()

INTSTATUS IntCamiProtectedProcessFree ( void  )

Uninitialize the global holding custom process protection options.

Definition at line 1830 of file update_guests.c.

Referenced by IntCamiLoadOsOptions(), and IntGuestUninit().

◆ IntCamiResetCoreOptions()

static INTSTATUS IntCamiResetCoreOptions ( void  )
static

Reset the Introcore guest options.

Returns
INT_STATUS_SUCCESS on success or an appropriate INTSTATUS error code.

Definition at line 805 of file update_guests.c.

Referenced by IntCamiLoadOsOptions().

◆ IntCamiResetShemuOptions()

static INTSTATUS IntCamiResetShemuOptions ( void  )
static

Reset the Introcore shemu options.

Returns
INT_STATUS_SUCCESS on success or an appropriate INTSTATUS error code.

Definition at line 821 of file update_guests.c.

Referenced by IntCamiLoadOsOptions().

◆ IntCamiSetCoreOptions()

static INTSTATUS IntCamiSetCoreOptions ( const CAMI_PROT_OPTIONS Options)
static

Update the guest protection flags using the ones from CAMI.

Parameters
[in]OptionsThe options received from the update buffer.
Returns
INT_STATUS_SUCCESS on success or an appropriate INTSTATUS error code.

Definition at line 548 of file update_guests.c.

Referenced by IntCamiLoadOsOptions(), and IntCamiResetCoreOptions().

◆ IntCamiSetProcProtOptions()

static INTSTATUS IntCamiSetProcProtOptions ( const CAMI_PROC_PROT_OPTIONS Table,
DWORD  TableCount 
)
static

Loads all the process protection flags from CAMI.

Parameters
[in]TableArray containing the protection options to be loaded.
[in]TableCountSize of Table in elements.
Returns
INT_STATUS_SUCCESS on success or an appropriate INTSTATUS error code.

Definition at line 753 of file update_guests.c.

Referenced by IntCamiLoadOsOptions().

◆ IntCamiSetShemuOptions()

static INTSTATUS IntCamiSetShemuOptions ( const CAMI_PROT_OPTIONS Options)
static

Update the shemu flags using the ones from CAMI.

Parameters
[in]OptionsThe options received from the update buffer.
Returns
INT_STATUS_SUCCESS on success or an appropriate INTSTATUS error code.

Definition at line 570 of file update_guests.c.

Referenced by IntCamiLoadOsOptions(), and IntCamiResetShemuOptions().

◆ IntCamiSetUpdateBuffer()

INTSTATUS IntCamiSetUpdateBuffer ( const BYTE UpdateBuffer,
DWORD  BufferLength 
)

Initialize the update buffer with the one from the integrator.

Parameters
[in]UpdateBufferThe update buffer from the integrator.
[in]BufferLengthThe size of the buffer.
Returns
INT_STATUS_SUCCESS or an appropriate INTSTATUS error value.

Definition at line 1639 of file update_guests.c.

Referenced by IntNewGuestNotification(), and IntUpdateSupport().

◆ IntCamiUpdateProcessProtectionInfo()

INTSTATUS IntCamiUpdateProcessProtectionInfo ( void *  ProtectedProcess)

Update a process' protection flags using the ones from CAMI.

Parameters
[in]ProtectedProcessProcess whose protection flags to be updated. Will be a PROTECTED_PROCESS_INFO for Windows guests and a LIX_PROTECTED_PROCESS for Linux Guests.
Return values
INT_STATUS_SUCCESSOn success.
INT_STATUS_NOT_SUPPORTEDIf the current guest is not supported.

Definition at line 701 of file update_guests.c.

Referenced by IntLixTaskAddProtected(), and IntWinProcAddProtectedProcess().

◆ IntCamiUpdateProcessProtectionInfoLix()

static INTSTATUS IntCamiUpdateProcessProtectionInfoLix ( LIX_PROTECTED_PROCESS ProtectedProcess)
static

Update a Linux process' protection flags using the ones from CAMI.

Parameters
[in]ProtectedProcessProcess whose protection flags to be updated.
Return values
INT_STATUS_SUCCESSOn success.

Definition at line 592 of file update_guests.c.

Referenced by IntCamiUpdateProcessProtectionInfo().

◆ IntCamiUpdateProcessProtectionInfoWin()

static INTSTATUS IntCamiUpdateProcessProtectionInfoWin ( PROTECTED_PROCESS_INFO ProtectedProcess)
static

Update a windows process' protection flags using the ones from CAMI.

Parameters
[in]ProtectedProcessProcess whose protection flags to be updated.
Return values
INT_STATUS_SUCCESSOn success.

Definition at line 639 of file update_guests.c.

Referenced by IntCamiUpdateProcessProtectionInfo().

◆ IntCamiUpdateProcessProtectionItems()

void IntCamiUpdateProcessProtectionItems ( void *  Name,
CAMI_STRING_ENCODING  Encoding,
CAMI_PROT_OPTIONS Options 
)

Update a protected process protection flags.

Parameters
[in]NameName of the process.
[in]EncodingEncoding of Name. May be utf-8 or utf-16.
[in]OptionsThe new protection options.

Definition at line 728 of file update_guests.c.

Referenced by IntCamiSetProcProtOptions().

◆ IntCamiUpdateProtOptions()

static void IntCamiUpdateProtOptions ( const CAMI_PROT_OPTIONS Src,
INTRO_PROT_OPTIONS Dst 
)
static

Updates the current protection options.

Parameters
[in]SrcThe new protection options.
[in,out]DstThe current protection option to be updated.

Definition at line 513 of file update_guests.c.

Referenced by IntCamiSetCoreOptions(), and IntCamiSetShemuOptions().

Variable Documentation

◆ gCamiProcessProtectionData

CAMI_PROCESS_PROTECTION_DATA gCamiProcessProtectionData
static

Loaded process protection data from CAMI.

Definition at line 118 of file update_guests.c.

◆ gCamiVersion

CAMI_VERSION gCamiVersion = { 0 }
static

The version of the loaded update file.

Definition at line 21 of file update_guests.c.

◆ gLinuxDistSigs

PATTERN_SIGNATURE* gLinuxDistSigs

Pointer to the linux distribution signatures that will be loaded from the update buffer.

Pointer to the linux distribution signatures that will be loaded from the update buffer.

Definition at line 35 of file lixguest.c.

◆ gLinuxDistSigsCount

DWORD gLinuxDistSigsCount

Holds the number of loaded linux distribution signatures.

Holds the number of loaded linux distribution signatures.

Definition at line 37 of file lixguest.c.

Referenced by IntCamiLoadLixDistSigs(), and IntLixGuestFindKernelBase().

◆ gLinuxStructures

const CAMI_STRUCTURE gLinuxStructures[lixStructureEnd]
static

Describe the Linux fields to be loaded from the update buffer.

Definition at line 121 of file update_guests.c.

◆ gSysenterSignatures

PATTERN_SIGNATURE* gSysenterSignatures

Pointer to the syscall signatures that will be loaded from the update buffer.

Pointer to the syscall signatures that will be loaded from the update buffer.

The signatures are plain binary chunks that must be found at the syscall entry point. 0x100 can be used as a wild card in order to match anything.

Definition at line 80 of file guests.c.

◆ gSysenterSignaturesCount

DWORD gSysenterSignaturesCount

Holds the number of loaded syscall signatures.

Holds the number of loaded syscall signatures.

Definition at line 81 of file guests.c.

Referenced by IntCamiLoadSyscalls(), and IntGuestDetectOsSysCall().

◆ gUpdateBuffer

const BYTE* gUpdateBuffer = NULL
static

The buffer holding the update file.

Definition at line 24 of file update_guests.c.

Referenced by IntCamiClearUpdateBuffer(), IntCamiGetWinSupportedList(), IntCamiLoadSection(), and IntCamiSetUpdateBuffer().

◆ gUpdateBufferSize

DWORD gUpdateBufferSize = 0
static

The size of the update buffer.

Definition at line 27 of file update_guests.c.

Referenced by IntCamiClearUpdateBuffer(), IntCamiGetWinSupportedList(), IntCamiLoadOsOptions(), IntCamiLoadSection(), and IntCamiSetUpdateBuffer().

◆ gWinKmStructures

const CAMI_STRUCTURE gWinKmStructures[winKmStructureEnd]
static

Describe the windows km fields to be loaded from the update buffer.

Definition at line 189 of file update_guests.c.

◆ gWinUmStructures

const CAMI_STRUCTURE gWinUmStructures[winUmStructureEnd]
static
Initial value:
=
{
{.StructureTag = winUmStructureDll,
.Offset = OFFSET_OF(WINDOWS_GUEST, OsSpecificFields.Um.Dll),
.MembersCount = winUmFieldDllEnd },
{.StructureTag = winUmStructurePeb,
.Offset = OFFSET_OF(WINDOWS_GUEST, OsSpecificFields.Um.Peb),
.MembersCount = winUmFieldPebEnd },
{.StructureTag = winUmStructureTeb,
.Offset = OFFSET_OF(WINDOWS_GUEST, OsSpecificFields.Um.Teb),
.MembersCount = winUmFieldTebEnd },
}
winUmFieldDllEnd
The end of the fields.
Definition: winguest.h:174
winUmStructurePeb
Used for the WIN_OPAQUE_FIELDS.Um.Peb array.
Definition: winguest.h:251
OFFSET_OF
#define OFFSET_OF(Type, Member)
Definition: introlists.h:33
winUmStructureDll
Used for the WIN_OPAQUE_FIELDS.Um.Dll array.
Definition: winguest.h:250
winUmFieldPebEnd
The end of the fields.
Definition: winguest.h:191
winUmFieldTebEnd
The end of the fields.
Definition: winguest.h:212
_WINDOWS_GUEST
Holds information about a Windows guest.
Definition: winguest.h:810
winUmStructureTeb
Definition: winguest.h:252

Describe the windows um fields to be loaded from the update buffer.

Definition at line 249 of file update_guests.c.

◆ IntHviVersion

INT_VERSION_INFO IntHviVersion

The HVI version. Used to check for compatibility issues with the cami version.

The HVI version. Used to check for compatibility issues with the cami version.

Definition at line 27 of file introcore.c.