Bitdefender Hypervisor Memory Introspection
winapi.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2020 Bitdefender
3  * SPDX-License-Identifier: Apache-2.0
4  */
5 #ifndef _WINAPI_H_
6 #define _WINAPI_H_
7 
8 
9 #include "winguest.h"
10 
11 
12 INTSTATUS
13 IntWinApiHookAll(
14  void
15  );
16 
17 void
18 IntWinApiUpdateHooks(
19  void
20  );
21 
22 INTSTATUS
23 IntWinApiHookVeHandler(
24  _In_ QWORD NewHandler,
25  _Out_ void **Cloak,
26  _Out_opt_ QWORD *OldHandler,
27  _Out_opt_ DWORD *ReplacedCodeLen,
28  _Out_writes_to_(38, *ReplacedCodeLen) BYTE *ReplacedCode
29  );
30 
31 INTSTATUS
32 IntWinApiUpdateHookDescriptor(
33  _In_ WIN_UNEXPORTED_FUNCTION *Function,
34  _In_ DWORD ArgumentsCount,
35  _In_ const DWORD *Arguments
36  );
37 
38 #endif // _WINAPI_H_
_Out_
#define _Out_
Definition: intro_sal.h:22
BYTE
uint8_t BYTE
Definition: intro_types.h:47
_In_
#define _In_
Definition: intro_sal.h:21
IntWinApiUpdateHooks
void IntWinApiUpdateHooks(void)
Iterate through all hookable APIs and enable or disable them according to the current Introcore optio...
Definition: winapi.c:317
INTSTATUS
int INTSTATUS
The status data type.
Definition: introstatus.h:24
_Out_opt_
#define _Out_opt_
Definition: intro_sal.h:30
QWORD
unsigned long long QWORD
Definition: intro_types.h:53
_WIN_UNEXPORTED_FUNCTION
Describes a function that is not exported.
Definition: winguest.h:101
IntWinApiHookAll
INTSTATUS IntWinApiHookAll(void)
Iterates through all hookable APIs and sets requested hooks.
Definition: winapi.c:229
DWORD
uint32_t DWORD
Definition: intro_types.h:49
IntWinApiUpdateHookDescriptor
INTSTATUS IntWinApiUpdateHookDescriptor(WIN_UNEXPORTED_FUNCTION *Function, DWORD ArgumentsCount, const DWORD *Arguments)
Update a hook descriptor with corresponding function patterns and argument list from CAMI...
Definition: winapi.c:615
_Out_writes_to_
#define _Out_writes_to_(expr, expr2)
Definition: intro_sal.h:29
IntWinApiHookVeHandler
INTSTATUS IntWinApiHookVeHandler(QWORD NewHandler, void **Cloak, QWORD *OldHandler, DWORD *ReplacedCodeLen, BYTE *ReplacedCode)
Hooks the #VE handler.
Definition: winapi.c:367