- Generated by
1.8.13
|
Bitdefender Hypervisor Memory Introspection
|
Exposes the definitions used by the CAMI parser and the functions used to load guest support information or update protection policies. More...
#include "introcore.h"Go to the source code of this file.
Data Structures | |
| struct | _CAMI_VERSION |
| Describe the CAMI version. More... | |
| struct | _CAMI_HEADER |
| Describe the CAMI file header. More... | |
| struct | _CAMI_SECTION_HEADER |
| Describe a CAMI file section header. More... | |
| struct | _CAMI_LIX_DESCRIPTOR |
| Describe a CAMI file Linux descriptor. Load support for a Linux guest. More... | |
| struct | _CAMI_LIX_HOOK |
| Describe a function to be hooked by introcore. More... | |
| struct | _CAMI_WIN_VERSION_STRING |
| Describe windows version strings. More... | |
| struct | _CAMI_WIN_DESCRIPTOR |
| Describe a CAMI file windows descriptor. Load support for a windows guest. More... | |
| struct | _CAMI_WIN_FUNCTION |
| Describe a function to be hooked by introcore. More... | |
| struct | _CAMI_WIN_FUNCTION_PATTERN_EXTENSION |
| Describe the arguments for a function. More... | |
| struct | _CAMI_WIN_FUNCTION_PATTERN |
| Describe a function pattern. More... | |
| struct | _CAMI_PATTERN_SIGNATURE |
| Describe a pattern signature. More... | |
| struct | _CAMI_OPAQUE_STRUCTURE |
| Describe the members of a guest opaque structure. More... | |
| struct | _CAMI_PROT_OPTIONS |
| Describe the introcore protection options. More... | |
| struct | _CAMI_PROC_PROT_OPTIONS |
| Describe the introcore protection options for a process. More... | |
| struct | _CAMI_CUSTOM_OS_PROTECTION |
| Describe the introcore protection options for a guest. More... | |
Macros | |
| #define | MAX_VERSION_STRING_SIZE 64 |
| Maximum size of a version string. More... | |
| #define | MAX_FUNCTION_NAME_SIZE 64 |
| Maximum size of a function name. More... | |
| #define | CAMI_MAGIC_WORD 'IMAC' |
| Cami header magic number. More... | |
| #define | CAMI_MAX_ENTRY_COUNT 0x4000 |
| Maximum number of elements for a CAMI array. More... | |
| #define | UPDATE_CAMI_MIN_VER_MAJOR 1 |
| #define | UPDATE_CAMI_MIN_VER_MINOR 4 |
Typedefs | |
| typedef enum _CAMI_SECTION_HINTS | CAMI_SECTION_HINTS |
| CAMI section hints that describe what is to be loaded. More... | |
| typedef enum CAMI_STRING_ENCODING | CAMI_STRING_ENCODING |
| Describes the encoding of a string received from the CAMI file. More... | |
| typedef struct _CAMI_VERSION | CAMI_VERSION |
| Describe the CAMI version. More... | |
| typedef struct _CAMI_VERSION * | PCAMI_VERSION |
| typedef struct _CAMI_HEADER | CAMI_HEADER |
| Describe the CAMI file header. More... | |
| typedef struct _CAMI_HEADER * | PCAMI_HEADER |
| typedef struct _CAMI_SECTION_HEADER | CAMI_SECTION_HEADER |
| Describe a CAMI file section header. More... | |
| typedef struct _CAMI_SECTION_HEADER * | PCAMI_SECTION_HEADER |
| typedef struct _CAMI_LIX_DESCRIPTOR | CAMI_LIX_DESCRIPTOR |
| Describe a CAMI file Linux descriptor. Load support for a Linux guest. More... | |
| typedef struct _CAMI_LIX_DESCRIPTOR * | PCAMI_LIX_DESCRIPTOR |
| typedef struct _CAMI_LIX_HOOK | CAMI_LIX_HOOK |
| Describe a function to be hooked by introcore. More... | |
| typedef struct _CAMI_LIX_HOOK * | PCAMI_LIX_HOOK |
| typedef struct _CAMI_WIN_VERSION_STRING | CAMI_WIN_VERSION_STRING |
| Describe windows version strings. More... | |
| typedef struct _CAMI_WIN_VERSION_STRING * | PCAMI_WIN_VERSION_STRING |
| typedef struct _CAMI_WIN_DESCRIPTOR | CAMI_WIN_DESCRIPTOR |
| Describe a CAMI file windows descriptor. Load support for a windows guest. More... | |
| typedef struct _CAMI_WIN_DESCRIPTOR * | PCAMI_WIN_DESCRIPTOR |
| typedef struct _CAMI_WIN_FUNCTION | CAMI_WIN_FUNCTION |
| Describe a function to be hooked by introcore. More... | |
| typedef struct _CAMI_WIN_FUNCTION * | PCAMI_WIN_FUNCTION |
| typedef struct _CAMI_WIN_FUNCTION_PATTERN_EXTENSION | CAMI_WIN_FUNCTION_PATTERN_EXTENSION |
| Describe the arguments for a function. More... | |
| typedef struct _CAMI_WIN_FUNCTION_PATTERN_EXTENSION * | PCAMI_WIN_FUNCTION_PATTERN_EXTENSION |
| typedef struct _CAMI_WIN_FUNCTION_PATTERN | CAMI_WIN_FUNCTION_PATTERN |
| Describe a function pattern. More... | |
| typedef struct _CAMI_WIN_FUNCTION_PATTERN * | PCAMI_WIN_FUNCTION_PATTERN |
| typedef struct _CAMI_PATTERN_SIGNATURE | CAMI_PATTERN_SIGNATURE |
| Describe a pattern signature. More... | |
| typedef struct _CAMI_PATTERN_SIGNATURE * | PCAMI_PATTERN_SIGNATURE |
| typedef struct _CAMI_OPAQUE_STRUCTURE | CAMI_OPAQUE_STRUCTURE |
| Describe the members of a guest opaque structure. More... | |
| typedef struct _CAMI_OPAQUE_STRUCTURE * | PCAMI_OPAQUE_STRUCTURE |
| typedef struct _CAMI_PROT_OPTIONS | CAMI_PROT_OPTIONS |
| Describe the introcore protection options. More... | |
| typedef struct _CAMI_PROC_PROT_OPTIONS | CAMI_PROC_PROT_OPTIONS |
| Describe the introcore protection options for a process. More... | |
| typedef struct _CAMI_CUSTOM_OS_PROTECTION | CAMI_CUSTOM_OS_PROTECTION |
| Describe the introcore protection options for a guest. More... | |
Enumerations | |
| enum | _CAMI_SECTION_HINTS { CAMI_SECTION_HINT_SUPPORTED_OS = 0x0001, CAMI_SECTION_HINT_SYSCALLS = 0x0002, CAMI_SECTION_HINT_DIST_SIG = 0x0004, CAMI_SECTION_HINT_PROT_OPTIONS = 0x0008, CAMI_SECTION_HINT_WINDOWS = 0x0100, CAMI_SECTION_HINT_LINUX = 0x0200 } |
| CAMI section hints that describe what is to be loaded. More... | |
| enum | CAMI_STRING_ENCODING { CAMI_STRING_ENCODING_UTF8 = 0x0000, CAMI_STRING_ENCODING_UTF16 = 0x0001 } |
| Describes the encoding of a string received from the CAMI file. More... | |
Functions | |
| INTSTATUS | IntCamiLoadSection (DWORD CamiSectionHint) |
| Load CAMI objects from section with given hint. More... | |
| INTSTATUS | IntCamiSetUpdateBuffer (const BYTE *UpdateBuffer, DWORD BufferLength) |
| Initialize the update buffer with the one from the integrator. More... | |
| INTSTATUS | IntCamiGetVersion (DWORD *MajorVersion, DWORD *MinorVersion, DWORD *BuildNumber) |
| Get the version of the loaded CAMI support file. More... | |
| INTSTATUS | IntCamiGetWinSupportedList (BOOLEAN KptiInstalled, BOOLEAN Guest64, DWORD *NtBuildNumberList, DWORD *Count) |
| Return a list of supported Windows NtBuildNumbers. More... | |
| void | IntCamiClearUpdateBuffer (void) |
| Uninitialize the update buffer and notify the integrator that we don't need it anymore. More... | |
| INTSTATUS | IntCamiProtectedProcessAllocate (DWORD Items) |
| Initialize the global variable holding custom process protection options. More... | |
| INTSTATUS | IntCamiProtectedProcessFree (void) |
| Uninitialize the global holding custom process protection options. More... | |
| INTSTATUS | IntCamiUpdateProcessProtectionInfo (void *ProtectedProcess) |
| Update a process' protection flags using the ones from CAMI. More... | |
Exposes the definitions used by the CAMI parser and the functions used to load guest support information or update protection policies.
Definition in file update_guests.h.
| #define CAMI_MAGIC_WORD 'IMAC' |
Cami header magic number.
Definition at line 34 of file update_guests.h.
Referenced by IntCamiSetUpdateBuffer().
| #define CAMI_MAX_ENTRY_COUNT 0x4000 |
Maximum number of elements for a CAMI array.
Definition at line 37 of file update_guests.h.
| #define MAX_FUNCTION_NAME_SIZE 64 |
Maximum size of a function name.
Definition at line 31 of file update_guests.h.
| #define MAX_VERSION_STRING_SIZE 64 |
Maximum size of a version string.
Definition at line 28 of file update_guests.h.
Referenced by IntCamiLoadLinux(), IntCamiLoadProtOptionsLinux(), and IntCamiLoadWindows().
| #define UPDATE_CAMI_MIN_VER_MAJOR 1 |
Definition at line 62 of file update_guests.h.
Referenced by IntCamiSetUpdateBuffer().
| #define UPDATE_CAMI_MIN_VER_MINOR 4 |
Definition at line 63 of file update_guests.h.
Referenced by IntCamiSetUpdateBuffer().
| typedef struct _CAMI_CUSTOM_OS_PROTECTION CAMI_CUSTOM_OS_PROTECTION |
Describe the introcore protection options for a guest.
| typedef struct _CAMI_HEADER CAMI_HEADER |
Describe the CAMI file header.
| typedef struct _CAMI_LIX_DESCRIPTOR CAMI_LIX_DESCRIPTOR |
Describe a CAMI file Linux descriptor. Load support for a Linux guest.
| typedef struct _CAMI_LIX_HOOK CAMI_LIX_HOOK |
Describe a function to be hooked by introcore.
| typedef struct _CAMI_OPAQUE_STRUCTURE CAMI_OPAQUE_STRUCTURE |
Describe the members of a guest opaque structure.
| typedef struct _CAMI_PATTERN_SIGNATURE CAMI_PATTERN_SIGNATURE |
Describe a pattern signature.
| typedef struct _CAMI_PROC_PROT_OPTIONS CAMI_PROC_PROT_OPTIONS |
Describe the introcore protection options for a process.
| typedef struct _CAMI_PROT_OPTIONS CAMI_PROT_OPTIONS |
Describe the introcore protection options.
| typedef struct _CAMI_SECTION_HEADER CAMI_SECTION_HEADER |
Describe a CAMI file section header.
| typedef enum _CAMI_SECTION_HINTS CAMI_SECTION_HINTS |
CAMI section hints that describe what is to be loaded.
| typedef enum CAMI_STRING_ENCODING CAMI_STRING_ENCODING |
Describes the encoding of a string received from the CAMI file.
| typedef struct _CAMI_VERSION CAMI_VERSION |
Describe the CAMI version.
| typedef struct _CAMI_WIN_DESCRIPTOR CAMI_WIN_DESCRIPTOR |
Describe a CAMI file windows descriptor. Load support for a windows guest.
| typedef struct _CAMI_WIN_FUNCTION CAMI_WIN_FUNCTION |
Describe a function to be hooked by introcore.
| typedef struct _CAMI_WIN_FUNCTION_PATTERN CAMI_WIN_FUNCTION_PATTERN |
Describe a function pattern.
Describe the arguments for a function.
| typedef struct _CAMI_WIN_VERSION_STRING CAMI_WIN_VERSION_STRING |
Describe windows version strings.
| typedef struct _CAMI_HEADER * PCAMI_HEADER |
| typedef struct _CAMI_LIX_DESCRIPTOR * PCAMI_LIX_DESCRIPTOR |
| typedef struct _CAMI_LIX_HOOK * PCAMI_LIX_HOOK |
| typedef struct _CAMI_OPAQUE_STRUCTURE * PCAMI_OPAQUE_STRUCTURE |
| typedef struct _CAMI_PATTERN_SIGNATURE * PCAMI_PATTERN_SIGNATURE |
| typedef struct _CAMI_SECTION_HEADER * PCAMI_SECTION_HEADER |
| typedef struct _CAMI_VERSION * PCAMI_VERSION |
| typedef struct _CAMI_WIN_DESCRIPTOR * PCAMI_WIN_DESCRIPTOR |
| typedef struct _CAMI_WIN_FUNCTION * PCAMI_WIN_FUNCTION |
| typedef struct _CAMI_WIN_FUNCTION_PATTERN * PCAMI_WIN_FUNCTION_PATTERN |
| typedef struct _CAMI_WIN_FUNCTION_PATTERN_EXTENSION * PCAMI_WIN_FUNCTION_PATTERN_EXTENSION |
| typedef struct _CAMI_WIN_VERSION_STRING * PCAMI_WIN_VERSION_STRING |
| enum _CAMI_SECTION_HINTS |
CAMI section hints that describe what is to be loaded.
Definition at line 40 of file update_guests.h.
| enum CAMI_STRING_ENCODING |
Describes the encoding of a string received from the CAMI file.
| Enumerator | |
|---|---|
| CAMI_STRING_ENCODING_UTF8 | String will be encoded in utf-8. |
| CAMI_STRING_ENCODING_UTF16 | String will be encoded in utf-16. |
Definition at line 52 of file update_guests.h.
| void IntCamiClearUpdateBuffer | ( | void | ) |
Uninitialize the update buffer and notify the integrator that we don't need it anymore.
Definition at line 1719 of file update_guests.c.
Referenced by IntGuestPrepareUninit(), and IntUpdateSupport().
Get the version of the loaded CAMI support file.
| [out] | MajorVersion | Will hold the major version. |
| [out] | MinorVersion | Will hold the minor version. |
| [out] | BuildNumber | Will hold the build number. |
Definition at line 1756 of file update_guests.c.
Referenced by IntAlertFillVersionInfo(), and IntGetSupportVersion().
| INTSTATUS IntCamiGetWinSupportedList | ( | BOOLEAN | KptiInstalled, |
| BOOLEAN | Guest64, | ||
| DWORD * | NtBuildNumberList, | ||
| DWORD * | Count | ||
| ) |
Return a list of supported Windows NtBuildNumbers.
If NtBuildNumberList is NULL, Count will hold the number of elements that NtBuildNumberList should be able to hold.
If it's not NULL, it will be filled with at most Count NtBuildNumbers the list in the update buffer.
| [in] | KptiInstalled | Specifies whether to load supported guests with or without KPTI patches. |
| [in] | Guest64 | Specifies whether to load supported x86_64 guests or x86. |
| [out] | NtBuildNumberList | If NULL, ignored. If not NULL, will hold a list of supported NtBuildNumbers. |
| [in,out] | Count | If NtBuildNumberList is NULL, will hold the number of elements NtBuildNumberList should hold. If NtBuildNumberList is not null, holds the maximum numbers of elements to be loaded in it. |
Definition at line 1467 of file update_guests.c.
Referenced by IntWinGuestFindBuildNumber().
Load CAMI objects from section with given hint.
| [in] | CamiSectionHint | Specifies the section from which to load. |
Definition at line 1565 of file update_guests.c.
Referenced by IntGuestDetectOsSysCall(), IntLixGuestFindKernel(), IntLixGuestIsSupported(), IntUpdateSupport(), and IntWinGuestIsSupported().
Initialize the global variable holding custom process protection options.
| [in] | Items | Number of items the global should hold. |
Definition at line 1795 of file update_guests.c.
Referenced by IntCamiLoadOsOptions().
| INTSTATUS IntCamiProtectedProcessFree | ( | void | ) |
Uninitialize the global holding custom process protection options.
Definition at line 1830 of file update_guests.c.
Referenced by IntCamiLoadOsOptions(), and IntGuestUninit().
Initialize the update buffer with the one from the integrator.
| [in] | UpdateBuffer | The update buffer from the integrator. |
| [in] | BufferLength | The size of the buffer. |
Definition at line 1639 of file update_guests.c.
Referenced by IntNewGuestNotification(), and IntUpdateSupport().
| INTSTATUS IntCamiUpdateProcessProtectionInfo | ( | void * | ProtectedProcess | ) |
Update a process' protection flags using the ones from CAMI.
| [in] | ProtectedProcess | Process whose protection flags to be updated. Will be a PROTECTED_PROCESS_INFO for Windows guests and a LIX_PROTECTED_PROCESS for Linux Guests. |
| INT_STATUS_SUCCESS | On success. |
| INT_STATUS_NOT_SUPPORTED | If the current guest is not supported. |
Definition at line 701 of file update_guests.c.
Referenced by IntLixTaskAddProtected(), and IntWinProcAddProtectedProcess().
1.8.13