Bitdefender Hypervisor Memory Introspection
update_guests.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2020 Bitdefender
3  * SPDX-License-Identifier: Apache-2.0
4  */
5 #ifndef _UPDATE_GUESTS_H__
6 #define _UPDATE_GUESTS_H__
7 
17 
24 
25 #include "introcore.h"
26 
28 #define MAX_VERSION_STRING_SIZE 64
29 
31 #define MAX_FUNCTION_NAME_SIZE 64
32 
34 #define CAMI_MAGIC_WORD 'IMAC'
35 
37 #define CAMI_MAX_ENTRY_COUNT 0x4000
38 
40 typedef enum _CAMI_SECTION_HINTS
41 {
42  CAMI_SECTION_HINT_SUPPORTED_OS = 0x0001,
43  CAMI_SECTION_HINT_SYSCALLS = 0x0002,
44  CAMI_SECTION_HINT_DIST_SIG = 0x0004,
45  CAMI_SECTION_HINT_PROT_OPTIONS = 0x0008,
46 
47  CAMI_SECTION_HINT_WINDOWS = 0x0100,
48  CAMI_SECTION_HINT_LINUX = 0x0200,
49 } CAMI_SECTION_HINTS;
50 
52 typedef enum CAMI_STRING_ENCODING
53 {
54  CAMI_STRING_ENCODING_UTF8 = 0x0000,
55  CAMI_STRING_ENCODING_UTF16 = 0x0001,
56 } CAMI_STRING_ENCODING;
57 
58 
59 #pragma pack(push)
60 #pragma pack(1)
61 
62 #define UPDATE_CAMI_MIN_VER_MAJOR 1
63 #define UPDATE_CAMI_MIN_VER_MINOR 4
64 
66 typedef struct _CAMI_VERSION
67 {
68  DWORD Minor;
69  DWORD Major;
70 
71  DWORD BuildNumber;
72 } CAMI_VERSION, *PCAMI_VERSION;
73 
75 typedef struct _CAMI_HEADER
76 {
77  DWORD Magic;
78 
79  CAMI_VERSION Version;
80 
82  DWORD FileSize;
83  DWORD NumberOfSections;
84  DWORD PointerToSectionsHeaders;
85 
86 } CAMI_HEADER, *PCAMI_HEADER;
87 
89 typedef struct _CAMI_SECTION_HEADER
90 {
91  DWORD Hint;
92  DWORD EntryCount;
93  DWORD _Reserved;
94  DWORD DescriptorTable;
95 } CAMI_SECTION_HEADER, *PCAMI_SECTION_HEADER;
96 
98 typedef struct _CAMI_LIX_DESCRIPTOR
99 {
100  CHAR VersionString[MAX_VERSION_STRING_SIZE];
101 
102  QWORD MinIntroVersion;
103  QWORD MaxIntroVersion;
104 
105  DWORD StructuresCount;
106  DWORD StructuresTable;
108 
109  DWORD HooksCount;
110  DWORD HooksTable;
112 
114  DWORD CustomProtectionOffset;
115 
116  DWORD _Reserved1;
117  DWORD _Reserved2;
118  DWORD _Reserved3;
119 } CAMI_LIX_DESCRIPTOR, *PCAMI_LIX_DESCRIPTOR;
120 
122 typedef struct _CAMI_LIX_HOOK
123 {
124  DWORD NameHash;
125  BYTE HookHandler;
126  BYTE SkipOnBoot;
127  WORD _Reserved1;
128  DWORD _Reserved2;
129 } CAMI_LIX_HOOK, *PCAMI_LIX_HOOK;
130 
132 typedef struct _CAMI_WIN_VERSION_STRING
133 {
134  QWORD VersionStringSize;
135  CHAR VersionString[MAX_VERSION_STRING_SIZE];
136  QWORD ServerVersionStringSize;
137  CHAR ServerVersionString[MAX_VERSION_STRING_SIZE];
138 } CAMI_WIN_VERSION_STRING, *PCAMI_WIN_VERSION_STRING;
139 
141 typedef struct _CAMI_WIN_DESCRIPTOR
142 {
143  DWORD BuildNumber;
144  BOOLEAN Kpti;
145  BOOLEAN Is64;
146 
147  WORD _Reserved1;
148 
149  QWORD MinIntroVersion;
150  QWORD MaxIntroVersion;
151 
152  DWORD KmStructuresCount;
153  DWORD KmStructuresTable;
155 
156  DWORD UmStructuresCount;
157  DWORD UmStructuresTable;
159 
160  DWORD FunctionCount;
161  DWORD FunctionTable;
163 
165  DWORD CustomProtectionOffset;
166 
168  DWORD VersionStringOffset;
169  DWORD _Reserved3;
170  DWORD _Reserved4;
171 } CAMI_WIN_DESCRIPTOR, *PCAMI_WIN_DESCRIPTOR;
172 
174 typedef struct _CAMI_WIN_FUNCTION
175 {
176  DWORD NameHash;
177 
178  DWORD PatternsCount;
179  DWORD PatternsTable;
181 
182  DWORD ArgumentsCount;
183  DWORD ArgumentsTable;
184 
185  QWORD _Reserved1;
186  DWORD _Reserved2;
187  DWORD _Reserved3;
188 } CAMI_WIN_FUNCTION, *PCAMI_WIN_FUNCTION;
189 
191 typedef struct _CAMI_WIN_FUNCTION_PATTERN_EXTENSION
192 {
193  DWORD ArgumentsCount;
194  DWORD ArgumentsTable;
195 
196  QWORD _Reserved1;
197  QWORD _Reserved2;
198  QWORD _Reserved3;
199  QWORD _Reserved4;
200 } CAMI_WIN_FUNCTION_PATTERN_EXTENSION, *PCAMI_WIN_FUNCTION_PATTERN_EXTENSION;
201 
203 typedef struct _CAMI_WIN_FUNCTION_PATTERN
204 {
205  BYTE SectionHint[8];
206  DWORD HashLength;
207  DWORD HashOffset;
208 
209  DWORD _Reserved1;
210  DWORD Extended;
211 } CAMI_WIN_FUNCTION_PATTERN, *PCAMI_WIN_FUNCTION_PATTERN;
212 
214 typedef struct _CAMI_PATTERN_SIGNATURE
215 {
216  DWORD SignatureId;
217  DWORD Offset;
218  DWORD Flags;
219  WORD _Reserved;
220  WORD PatternLength;
221  DWORD PatternOffset;
222 
223  DWORD _Reserved1;
224  QWORD _Reserved2;
225 } CAMI_PATTERN_SIGNATURE, *PCAMI_PATTERN_SIGNATURE;
226 
228 typedef struct _CAMI_OPAQUE_STRUCTURE
229 {
231  DWORD Members;
232  DWORD MembersCount;
233 } CAMI_OPAQUE_STRUCTURE, *PCAMI_OPAQUE_STRUCTURE;
234 
236 typedef struct _CAMI_PROT_OPTIONS
237 {
238  QWORD ForceOff;
239  QWORD ForceBeta;
240  QWORD ForceFeedback;
241  QWORD ForceOn;
242  DWORD _Reserved2;
243  DWORD _Reserved3;
244 } CAMI_PROT_OPTIONS;
245 
247 typedef struct _CAMI_PROC_PROT_OPTIONS
248 {
249  union
250  {
251  WCHAR Name16[32];
252  CHAR Name8[64];
253  };
254 
255  DWORD OptionsOffset;
256  DWORD Encoding;
257 
258  QWORD _Reserved1;
259  DWORD _Reserved2;
260  DWORD _Reserved3;
261 
262 } CAMI_PROC_PROT_OPTIONS;
263 
265 typedef struct _CAMI_CUSTOM_OS_PROTECTION
266 {
267  DWORD CoreOptionsOffset;
268  DWORD ProcOptionsCount;
269  DWORD ProcOptionsTable;
270  DWORD ShemuOptionsOffset;
271  QWORD _Reserved2;
272 } CAMI_CUSTOM_OS_PROTECTION;
273 
274 #pragma pack(pop)
275 
276 INTSTATUS
277 IntCamiLoadSection(
278  _In_ DWORD CamiSectionHint
279  );
280 
281 INTSTATUS
282 IntCamiSetUpdateBuffer(
283  _In_ const BYTE *UpdateBuffer,
284  _In_ DWORD BufferLength
285  );
286 
287 INTSTATUS
288 IntCamiGetVersion(
289  _Out_ DWORD *MajorVersion,
290  _Out_ DWORD *MinorVersion,
291  _Out_ DWORD *BuildNumber
292  );
293 
294 INTSTATUS
295 IntCamiGetWinSupportedList(
296  _In_ BOOLEAN KptiInstalled,
297  _In_ BOOLEAN Guest64,
298  _Out_opt_ DWORD *NtBuildNumberList,
299  _Inout_ DWORD *Count
300  );
301 
302 void
303 IntCamiClearUpdateBuffer(
304  void
305  );
306 
307 INTSTATUS
308 IntCamiProtectedProcessAllocate(
309  _In_ DWORD Items
310  );
311 
312 INTSTATUS
313 IntCamiProtectedProcessFree(
314  void
315  );
316 
317 INTSTATUS
318 IntCamiUpdateProcessProtectionInfo(
319  _In_ void *ProtectedProcess
320  );
321 
322 #endif // !_UPDATE_GUESTS_H__
_CAMI_LIX_HOOK::_Reserved2
DWORD _Reserved2
Reserved for future use.
Definition: update_guests.h:128
_CAMI_WIN_DESCRIPTOR::MaxIntroVersion
QWORD MaxIntroVersion
Maximum introcore version which supports this OS.
Definition: update_guests.h:150
_CAMI_PROC_PROT_OPTIONS::_Reserved2
DWORD _Reserved2
Reserved for future use.
Definition: update_guests.h:259
_Out_
#define _Out_
Definition: intro_sal.h:22
BOOLEAN
_Bool BOOLEAN
Definition: intro_types.h:58
IntCamiClearUpdateBuffer
void IntCamiClearUpdateBuffer(void)
Uninitialize the update buffer and notify the integrator that we don't need it anymore.
Definition: update_guests.c:1719
_CAMI_WIN_DESCRIPTOR::UmStructuresCount
DWORD UmStructuresCount
Definition: update_guests.h:156
_CAMI_SECTION_HEADER::_Reserved
DWORD _Reserved
Reserved.
Definition: update_guests.h:93
BYTE
uint8_t BYTE
Definition: intro_types.h:47
_CAMI_WIN_DESCRIPTOR::CustomProtectionOffset
DWORD CustomProtectionOffset
Protection flags for this OS. (pointer to a CAMI_CUSTOM_OS_PROTECTION struct)
Definition: update_guests.h:165
_CAMI_PATTERN_SIGNATURE::SignatureId
DWORD SignatureId
The unique ID of the signature.
Definition: update_guests.h:216
_CAMI_PROT_OPTIONS
Describe the introcore protection options.
Definition: update_guests.h:236
_In_
#define _In_
Definition: intro_sal.h:21
_CAMI_CUSTOM_OS_PROTECTION::CoreOptionsOffset
DWORD CoreOptionsOffset
Intro core options. File pointer to a CAMI_PROT_OPTIONS structure.
Definition: update_guests.h:267
WORD
uint16_t WORD
Definition: intro_types.h:48
CAMI_STRING_ENCODING
CAMI_STRING_ENCODING
Describes the encoding of a string received from the CAMI file.
Definition: update_guests.h:52
_CAMI_PATTERN_SIGNATURE::_Reserved1
DWORD _Reserved1
Reserved for future use.
Definition: update_guests.h:223
_CAMI_WIN_DESCRIPTOR::BuildNumber
DWORD BuildNumber
Build number for this Windows OS.
Definition: update_guests.h:143
_CAMI_PATTERN_SIGNATURE::PatternLength
WORD PatternLength
The length of the pattern. (count of DWORDs)
Definition: update_guests.h:220
_CAMI_CUSTOM_OS_PROTECTION::_Reserved2
QWORD _Reserved2
Reserved for future use.
Definition: update_guests.h:271
CAMI_VERSION
struct _CAMI_VERSION CAMI_VERSION
Describe the CAMI version.
_CAMI_LIX_HOOK::SkipOnBoot
BYTE SkipOnBoot
TRUE if this function should not be hooked on boot.
Definition: update_guests.h:126
_CAMI_PATTERN_SIGNATURE::Flags
DWORD Flags
Auxiliary data.
Definition: update_guests.h:218
_CAMI_WIN_DESCRIPTOR::MinIntroVersion
QWORD MinIntroVersion
Minimum introcore version which supports this OS.
Definition: update_guests.h:149
CAMI_PROC_PROT_OPTIONS
struct _CAMI_PROC_PROT_OPTIONS CAMI_PROC_PROT_OPTIONS
Describe the introcore protection options for a process.
_CAMI_PATTERN_SIGNATURE::_Reserved2
QWORD _Reserved2
Reserved for future use.
Definition: update_guests.h:224
_CAMI_WIN_DESCRIPTOR::_Reserved3
DWORD _Reserved3
Reserved for future use.
Definition: update_guests.h:169
_CAMI_WIN_FUNCTION_PATTERN_EXTENSION::_Reserved2
QWORD _Reserved2
Reserved for future use.
Definition: update_guests.h:197
_CAMI_CUSTOM_OS_PROTECTION::ProcOptionsCount
DWORD ProcOptionsCount
The number of entries in the ProcOptionsTable.
Definition: update_guests.h:268
_CAMI_VERSION::Minor
DWORD Minor
Minor version of this file.
Definition: update_guests.h:68
_CAMI_LIX_HOOK::_Reserved1
WORD _Reserved1
Reserved for future use.
Definition: update_guests.h:127
PCAMI_PATTERN_SIGNATURE
struct _CAMI_PATTERN_SIGNATURE * PCAMI_PATTERN_SIGNATURE
_CAMI_WIN_DESCRIPTOR
Describe a CAMI file windows descriptor. Load support for a windows guest.
Definition: update_guests.h:141
PCAMI_VERSION
struct _CAMI_VERSION * PCAMI_VERSION
CAMI_SECTION_HINT_LINUX
Section will contain linux related information.
Definition: update_guests.h:48
_CAMI_WIN_FUNCTION_PATTERN_EXTENSION::_Reserved3
QWORD _Reserved3
Reserved for future use.
Definition: update_guests.h:198
_CAMI_PROC_PROT_OPTIONS
Describe the introcore protection options for a process.
Definition: update_guests.h:247
INTSTATUS
int INTSTATUS
The status data type.
Definition: introstatus.h:24
CAMI_HEADER
struct _CAMI_HEADER CAMI_HEADER
Describe the CAMI file header.
_CAMI_WIN_FUNCTION::_Reserved3
DWORD _Reserved3
Reserved for future use.
Definition: update_guests.h:187
_CAMI_WIN_FUNCTION_PATTERN_EXTENSION::ArgumentsCount
DWORD ArgumentsCount
Arguments count.
Definition: update_guests.h:193
_CAMI_WIN_DESCRIPTOR::VersionStringOffset
DWORD VersionStringOffset
VersionString pointer (pointer to a CAMI_WIN_VERSION_STRING struct)
Definition: update_guests.h:168
_CAMI_VERSION
Describe the CAMI version.
Definition: update_guests.h:66
_CAMI_LIX_DESCRIPTOR::MinIntroVersion
QWORD MinIntroVersion
Minimum introcore version which supports this OS.
Definition: update_guests.h:102
IntCamiGetVersion
INTSTATUS IntCamiGetVersion(DWORD *MajorVersion, DWORD *MinorVersion, DWORD *BuildNumber)
Get the version of the loaded CAMI support file.
Definition: update_guests.c:1756
CAMI_LIX_HOOK
struct _CAMI_LIX_HOOK CAMI_LIX_HOOK
Describe a function to be hooked by introcore.
CAMI_CUSTOM_OS_PROTECTION
struct _CAMI_CUSTOM_OS_PROTECTION CAMI_CUSTOM_OS_PROTECTION
Describe the introcore protection options for a guest.
_CAMI_PATTERN_SIGNATURE
Describe a pattern signature.
Definition: update_guests.h:214
PCAMI_OPAQUE_STRUCTURE
struct _CAMI_OPAQUE_STRUCTURE * PCAMI_OPAQUE_STRUCTURE
IntCamiSetUpdateBuffer
INTSTATUS IntCamiSetUpdateBuffer(const BYTE *UpdateBuffer, DWORD BufferLength)
Initialize the update buffer with the one from the integrator.
Definition: update_guests.c:1639
_CAMI_LIX_HOOK
Describe a function to be hooked by introcore.
Definition: update_guests.h:122
CAMI_SECTION_HINT_SUPPORTED_OS
Section will contain information about a supported OS.
Definition: update_guests.h:42
_CAMI_HEADER
Describe the CAMI file header.
Definition: update_guests.h:75
_CAMI_LIX_DESCRIPTOR
Describe a CAMI file Linux descriptor. Load support for a Linux guest.
Definition: update_guests.h:98
_CAMI_PROC_PROT_OPTIONS::OptionsOffset
DWORD OptionsOffset
File pointer to a CAMI_PROT_OPTIONS.
Definition: update_guests.h:255
_CAMI_PATTERN_SIGNATURE::Offset
DWORD Offset
Offset inside the buffer.
Definition: update_guests.h:217
_CAMI_WIN_FUNCTION
Describe a function to be hooked by introcore.
Definition: update_guests.h:174
_CAMI_SECTION_HEADER::EntryCount
DWORD EntryCount
How many entries of this type are in the DescriptorTable.
Definition: update_guests.h:92
_CAMI_SECTION_HEADER::DescriptorTable
DWORD DescriptorTable
Pointer to a CAMI descriptor table.
Definition: update_guests.h:94
_CAMI_LIX_DESCRIPTOR::_Reserved2
DWORD _Reserved2
Reserved for future use.
Definition: update_guests.h:117
_CAMI_WIN_FUNCTION_PATTERN_EXTENSION
Describe the arguments for a function.
Definition: update_guests.h:191
_CAMI_HEADER::PointerToSectionsHeaders
DWORD PointerToSectionsHeaders
RVA of a CAMI_SECTION_HEADER table.
Definition: update_guests.h:84
_CAMI_OPAQUE_STRUCTURE::MembersCount
DWORD MembersCount
How many members are available for this structure.
Definition: update_guests.h:232
_CAMI_WIN_VERSION_STRING::ServerVersionStringSize
QWORD ServerVersionStringSize
Size of the server version string, if exists.
Definition: update_guests.h:136
_CAMI_WIN_FUNCTION_PATTERN::_Reserved1
DWORD _Reserved1
Reserved for future use.
Definition: update_guests.h:209
_CAMI_SECTION_HEADER
Describe a CAMI file section header.
Definition: update_guests.h:89
_CAMI_WIN_FUNCTION_PATTERN::Extended
DWORD Extended
The file pointer of this structure's extension.
Definition: update_guests.h:210
_Inout_
#define _Inout_
Definition: intro_sal.h:20
_CAMI_OPAQUE_STRUCTURE::Members
DWORD Members
A file pointer to members of this structure. (pointer to a DWORD array)
Definition: update_guests.h:231
_CAMI_WIN_DESCRIPTOR::Is64
BOOLEAN Is64
If this OS is 64 bits.
Definition: update_guests.h:145
IntCamiUpdateProcessProtectionInfo
INTSTATUS IntCamiUpdateProcessProtectionInfo(void *ProtectedProcess)
Update a process' protection flags using the ones from CAMI.
Definition: update_guests.c:701
_Out_opt_
#define _Out_opt_
Definition: intro_sal.h:30
_CAMI_WIN_VERSION_STRING::VersionStringSize
QWORD VersionStringSize
Size of the version string.
Definition: update_guests.h:134
_CAMI_VERSION::BuildNumber
DWORD BuildNumber
Build number.
Definition: update_guests.h:71
_CAMI_CUSTOM_OS_PROTECTION::ShemuOptionsOffset
DWORD ShemuOptionsOffset
Shemu options. File pointer to a CAMI_PROT_OPTIONS structure.
Definition: update_guests.h:270
_CAMI_CUSTOM_OS_PROTECTION::ProcOptionsTable
DWORD ProcOptionsTable
Process protection options. Pointer to a CAMI_PROC_PROT_OPTIONS array.
Definition: update_guests.h:269
_CAMI_HEADER::FileSize
DWORD FileSize
The size of the update file. Should be equal with the value of BufferSize.
Definition: update_guests.h:82
_CAMI_LIX_HOOK::HookHandler
BYTE HookHandler
The hook handler index from the API_HOOK_DESCRIPTOR.
Definition: update_guests.h:125
_CAMI_LIX_DESCRIPTOR::StructuresCount
DWORD StructuresCount
Definition: update_guests.h:105
MAX_VERSION_STRING_SIZE
#define MAX_VERSION_STRING_SIZE
Maximum size of a version string.
Definition: update_guests.h:28
IntCamiProtectedProcessFree
INTSTATUS IntCamiProtectedProcessFree(void)
Uninitialize the global holding custom process protection options.
Definition: update_guests.c:1830
_CAMI_LIX_DESCRIPTOR::_Reserved1
DWORD _Reserved1
Reserved for future use.
Definition: update_guests.h:116
QWORD
unsigned long long QWORD
Definition: intro_types.h:53
CAMI_SECTION_HINT_PROT_OPTIONS
Section will contain protection flags.
Definition: update_guests.h:45
_CAMI_LIX_DESCRIPTOR::MaxIntroVersion
QWORD MaxIntroVersion
Maximum introcore version which supports this OS.
Definition: update_guests.h:103
PCAMI_WIN_FUNCTION
struct _CAMI_WIN_FUNCTION * PCAMI_WIN_FUNCTION
_CAMI_WIN_FUNCTION_PATTERN_EXTENSION::ArgumentsTable
DWORD ArgumentsTable
Arguments file offset. (pointer to a DWORD array)
Definition: update_guests.h:194
CAMI_SECTION_HEADER
struct _CAMI_SECTION_HEADER CAMI_SECTION_HEADER
Describe a CAMI file section header.
_CAMI_WIN_FUNCTION::_Reserved1
QWORD _Reserved1
Reserved for future use.
Definition: update_guests.h:185
PCAMI_WIN_DESCRIPTOR
struct _CAMI_WIN_DESCRIPTOR * PCAMI_WIN_DESCRIPTOR
_CAMI_HEADER::NumberOfSections
DWORD NumberOfSections
Number of entries in the table bellow.
Definition: update_guests.h:83
_CAMI_PROC_PROT_OPTIONS::_Reserved1
QWORD _Reserved1
Reserved for future use.
Definition: update_guests.h:258
_CAMI_WIN_FUNCTION::PatternsCount
DWORD PatternsCount
Definition: update_guests.h:178
CAMI_STRING_ENCODING_UTF8
String will be encoded in utf-8.
Definition: update_guests.h:54
_CAMI_PROT_OPTIONS::ForceOn
QWORD ForceOn
Options which will be enabled by default.
Definition: update_guests.h:241
_CAMI_PROT_OPTIONS::ForceFeedback
QWORD ForceFeedback
Options feedback only.
Definition: update_guests.h:240
CAMI_PATTERN_SIGNATURE
struct _CAMI_PATTERN_SIGNATURE CAMI_PATTERN_SIGNATURE
Describe a pattern signature.
_CAMI_HEADER::Version
CAMI_VERSION Version
Version.
Definition: update_guests.h:79
_CAMI_PATTERN_SIGNATURE::PatternOffset
DWORD PatternOffset
Pattern file pointer. (pointer to a DWORD array)
Definition: update_guests.h:221
PCAMI_WIN_VERSION_STRING
struct _CAMI_WIN_VERSION_STRING * PCAMI_WIN_VERSION_STRING
_CAMI_WIN_VERSION_STRING
Describe windows version strings.
Definition: update_guests.h:132
_CAMI_WIN_FUNCTION_PATTERN::HashLength
DWORD HashLength
The length (count of DWORDs) of the pattern.
Definition: update_guests.h:206
WCHAR
uint16_t WCHAR
Definition: intro_types.h:63
PCAMI_WIN_FUNCTION_PATTERN
struct _CAMI_WIN_FUNCTION_PATTERN * PCAMI_WIN_FUNCTION_PATTERN
_CAMI_WIN_DESCRIPTOR::KmStructuresCount
DWORD KmStructuresCount
Definition: update_guests.h:152
DWORD
uint32_t DWORD
Definition: intro_types.h:49
_CAMI_PROT_OPTIONS::_Reserved2
DWORD _Reserved2
Reserved for future use.
Definition: update_guests.h:242
PCAMI_LIX_DESCRIPTOR
struct _CAMI_LIX_DESCRIPTOR * PCAMI_LIX_DESCRIPTOR
_CAMI_WIN_DESCRIPTOR::FunctionCount
DWORD FunctionCount
Definition: update_guests.h:160
CAMI_OPAQUE_STRUCTURE
struct _CAMI_OPAQUE_STRUCTURE CAMI_OPAQUE_STRUCTURE
Describe the members of a guest opaque structure.
_CAMI_PROT_OPTIONS::ForceOff
QWORD ForceOff
Options which will be disabled.
Definition: update_guests.h:238
_CAMI_PROT_OPTIONS::_Reserved3
DWORD _Reserved3
Reserved for future use.
Definition: update_guests.h:243
IntCamiProtectedProcessAllocate
INTSTATUS IntCamiProtectedProcessAllocate(DWORD Items)
Initialize the global variable holding custom process protection options.
Definition: update_guests.c:1795
_CAMI_SECTION_HINTS
_CAMI_SECTION_HINTS
CAMI section hints that describe what is to be loaded.
Definition: update_guests.h:40
_CAMI_OPAQUE_STRUCTURE
Describe the members of a guest opaque structure.
Definition: update_guests.h:228
_CAMI_WIN_FUNCTION_PATTERN_EXTENSION::_Reserved1
QWORD _Reserved1
Reserved for future use.
Definition: update_guests.h:196
_CAMI_SECTION_HEADER::Hint
DWORD Hint
Any combination of CAMI_SECTION_HINTS.
Definition: update_guests.h:91
_CAMI_WIN_FUNCTION_PATTERN
Describe a function pattern.
Definition: update_guests.h:203
PCAMI_WIN_FUNCTION_PATTERN_EXTENSION
struct _CAMI_WIN_FUNCTION_PATTERN_EXTENSION * PCAMI_WIN_FUNCTION_PATTERN_EXTENSION
PCAMI_SECTION_HEADER
struct _CAMI_SECTION_HEADER * PCAMI_SECTION_HEADER
CAMI_SECTION_HINTS
enum _CAMI_SECTION_HINTS CAMI_SECTION_HINTS
CAMI section hints that describe what is to be loaded.
CAMI_SECTION_HINT_WINDOWS
Section will contain windows related information.
Definition: update_guests.h:47
_CAMI_HEADER::Magic
DWORD Magic
Magic value. Should be CAMI_MAGIC_WORD.
Definition: update_guests.h:77
_CAMI_LIX_HOOK::NameHash
DWORD NameHash
Function name hash.
Definition: update_guests.h:124
_CAMI_LIX_DESCRIPTOR::_Reserved3
DWORD _Reserved3
Reserved for future use.
Definition: update_guests.h:118
_CAMI_WIN_DESCRIPTOR::_Reserved1
WORD _Reserved1
Alignment mostly, but may become useful.
Definition: update_guests.h:147
_CAMI_WIN_FUNCTION_PATTERN::HashOffset
DWORD HashOffset
Pattern file pointer. (pointer to a DWORD array)
Definition: update_guests.h:207
_CAMI_WIN_DESCRIPTOR::Kpti
BOOLEAN Kpti
If this OS has KPTI support.
Definition: update_guests.h:144
CAMI_WIN_VERSION_STRING
struct _CAMI_WIN_VERSION_STRING CAMI_WIN_VERSION_STRING
Describe windows version strings.
_CAMI_PROC_PROT_OPTIONS::Encoding
DWORD Encoding
One of the CAMI_STRING_ENCODING.
Definition: update_guests.h:256
_CAMI_PROC_PROT_OPTIONS::_Reserved3
DWORD _Reserved3
Reserved for future use.
Definition: update_guests.h:260
CAMI_PROT_OPTIONS
struct _CAMI_PROT_OPTIONS CAMI_PROT_OPTIONS
Describe the introcore protection options.
CAMI_WIN_FUNCTION_PATTERN_EXTENSION
struct _CAMI_WIN_FUNCTION_PATTERN_EXTENSION CAMI_WIN_FUNCTION_PATTERN_EXTENSION
Describe the arguments for a function.
_CAMI_WIN_FUNCTION::_Reserved2
DWORD _Reserved2
Reserved for future use.
Definition: update_guests.h:186
_CAMI_WIN_FUNCTION::ArgumentsCount
DWORD ArgumentsCount
Arguments count.
Definition: update_guests.h:182
CAMI_SECTION_HINT_DIST_SIG
Section will contain distribution signatures.
Definition: update_guests.h:44
PCAMI_LIX_HOOK
struct _CAMI_LIX_HOOK * PCAMI_LIX_HOOK
_CAMI_CUSTOM_OS_PROTECTION
Describe the introcore protection options for a guest.
Definition: update_guests.h:265
CHAR
char CHAR
Definition: intro_types.h:56
_CAMI_VERSION::Major
DWORD Major
Major version of this file.
Definition: update_guests.h:69
_CAMI_WIN_DESCRIPTOR::_Reserved4
DWORD _Reserved4
Reserved for future use.
Definition: update_guests.h:170
CAMI_STRING_ENCODING_UTF16
String will be encoded in utf-16.
Definition: update_guests.h:55
_CAMI_WIN_FUNCTION::ArgumentsTable
DWORD ArgumentsTable
Arguments file offset. (pointer to a DWORD array)
Definition: update_guests.h:183
CAMI_SECTION_HINT_SYSCALLS
Section will contain syscall signatures.
Definition: update_guests.h:43
CAMI_WIN_DESCRIPTOR
struct _CAMI_WIN_DESCRIPTOR CAMI_WIN_DESCRIPTOR
Describe a CAMI file windows descriptor. Load support for a windows guest.
CAMI_WIN_FUNCTION
struct _CAMI_WIN_FUNCTION CAMI_WIN_FUNCTION
Describe a function to be hooked by introcore.
_CAMI_PATTERN_SIGNATURE::_Reserved
WORD _Reserved
Definition: update_guests.h:219
_CAMI_WIN_FUNCTION::NameHash
DWORD NameHash
Function name hash.
Definition: update_guests.h:176
_CAMI_PROT_OPTIONS::ForceBeta
QWORD ForceBeta
Options beta only.
Definition: update_guests.h:239
IntCamiGetWinSupportedList
INTSTATUS IntCamiGetWinSupportedList(BOOLEAN KptiInstalled, BOOLEAN Guest64, DWORD *NtBuildNumberList, DWORD *Count)
Return a list of supported Windows NtBuildNumbers.
Definition: update_guests.c:1467
_CAMI_WIN_FUNCTION_PATTERN_EXTENSION::_Reserved4
QWORD _Reserved4
Reserved for future use.
Definition: update_guests.h:199
PCAMI_HEADER
struct _CAMI_HEADER * PCAMI_HEADER
_CAMI_LIX_DESCRIPTOR::HooksCount
DWORD HooksCount
Definition: update_guests.h:109
_CAMI_LIX_DESCRIPTOR::CustomProtectionOffset
DWORD CustomProtectionOffset
Protection flags for this OS. (pointer to a CAMI_CUSTOM_OS_PROTECTION).
Definition: update_guests.h:114
IntCamiLoadSection
INTSTATUS IntCamiLoadSection(DWORD CamiSectionHint)
Load CAMI objects from section with given hint.
Definition: update_guests.c:1565
CAMI_LIX_DESCRIPTOR
struct _CAMI_LIX_DESCRIPTOR CAMI_LIX_DESCRIPTOR
Describe a CAMI file Linux descriptor. Load support for a Linux guest.
CAMI_WIN_FUNCTION_PATTERN
struct _CAMI_WIN_FUNCTION_PATTERN CAMI_WIN_FUNCTION_PATTERN
Describe a function pattern.