- Generated by
1.8.13
|
Bitdefender Hypervisor Memory Introspection
|
#include "introtypes.h"Go to the source code of this file.
Data Structures | |
| struct | _WIN_HAL_DATA |
| Hal information. More... | |
Typedefs | |
| typedef struct _WIN_HAL_DATA | WIN_HAL_DATA |
| Hal information. More... | |
| typedef struct _WIN_HAL_DATA * | PWIN_HAL_DATA |
Functions | |
| INTSTATUS | IntWinHalCreateHalData (void) |
| Initializes gHalData. More... | |
| void | IntWinHalUninit (void) |
| Frees any resources held by gHalData and removes all the HAL protections. More... | |
| INTSTATUS | IntWinHalUpdateProtection (void) |
| Updates any of the HAL protections. More... | |
| INTSTATUS | IntWinHalProtectHalHeapExecs (void) |
| Hooks the HAL heap against execution. More... | |
| INTSTATUS | IntWinHalProtectHalIntCtrl (void) |
| Protects the HAL interrupt controller against writes. More... | |
| INTSTATUS | IntWinHalProtectHalDispatchTable (void) |
| Activates the HAL dispatch table protection. More... | |
| INTSTATUS | IntWinHalUnprotectHalHeapExecs (void) |
| Deactivates the HAL heap execution protection. More... | |
| INTSTATUS | IntWinHalUnprotectHalIntCtrl (void) |
| Deactivates the HAL interrupt controller write protection. More... | |
| INTSTATUS | IntWinHalUnprotectHalDispatchTable (void) |
| Deactivates the HAL dispatch table protection. More... | |
| INTSTATUS | IntWinHalProtectHalPerfCounter (void) |
| Enables protection on HalPerformanceCounter function pointer. More... | |
| INTSTATUS | IntWinHalUnprotectHalPerfCounter (void) |
| Removes the protection on HalPerformanceCounter. More... | |
| typedef struct _WIN_HAL_DATA * PWIN_HAL_DATA |
| typedef struct _WIN_HAL_DATA WIN_HAL_DATA |
Hal information.
| INTSTATUS IntWinHalCreateHalData | ( | void | ) |
Initializes gHalData.
Will collect the relevant information from the guest and if any of the INTRO_OPT_PROT_KM_HAL_DISP_TABLE, INTRO_OPT_PROT_KM_HAL_HEAP_EXEC, or INTRO_OPT_PROT_KM_HAL_INT_CTRL option is active, will activate the needed protections.
Definition at line 2270 of file winhal.c.
Referenced by IntWinGuestFinishInit().
| INTSTATUS IntWinHalProtectHalDispatchTable | ( | void | ) |
Activates the HAL dispatch table protection.
Will set IntWinHalHandleDispatchTableWrite as the EPT hook handler.
Definition at line 914 of file winhal.c.
Referenced by IntWinHalCreateHalData(), and IntWinHalUpdateProtection().
| INTSTATUS IntWinHalProtectHalHeapExecs | ( | void | ) |
Hooks the HAL heap against execution.
This will protect the first 16 pages from the HAL heap. Based on the Windows version, some of them already have the NX bit set inside the guest page tables. IntWinHalHandleHalHeapExec will be set as the EPT hook handler. Pages that translate to physical address 0 or that are not present are not hooked.
| INT_STATUS_SUCCESS | in case of success. |
| INT_STATUS_ALREADY_INITIALIZED_HINT | if the HAL heap is already protected. |
| INT_STATUS_NOT_NEEDED_HINT | if the HAL heap is not yet initialized. |
Definition at line 718 of file winhal.c.
Referenced by IntWinHalCreateHalData(), and IntWinHalUpdateProtection().
| INTSTATUS IntWinHalProtectHalIntCtrl | ( | void | ) |
Protects the HAL interrupt controller against writes.
Will set IntWinHalHandleHalIntCtrlWrite as the EPT hook callback.
Definition at line 837 of file winhal.c.
Referenced by IntWinHalCreateHalData(), and IntWinHalUpdateProtection().
| INTSTATUS IntWinHalProtectHalPerfCounter | ( | void | ) |
Enables protection on HalPerformanceCounter function pointer.
The protected region contains the function which is called when KeQueryPerformanceCounter gets called inside the guest OS.
| INT_STATUS_SUCCESS | On success. |
| INT_STATUS_ALREADY_INITIALIZED_HINT | If the protection is already initialized. |
| INT_STATUS_NOT_INITIALIZED_HINT | If the HalPerformanceCounter has not yet been found. |
Definition at line 989 of file winhal.c.
Referenced by IntWinHalFindPerformanceCounterInternal(), and IntWinHalUpdateProtection().
| void IntWinHalUninit | ( | void | ) |
Frees any resources held by gHalData and removes all the HAL protections.
Definition at line 2479 of file winhal.c.
Referenced by IntWinGuestUninit().
| INTSTATUS IntWinHalUnprotectHalDispatchTable | ( | void | ) |
Deactivates the HAL dispatch table protection.
Definition at line 957 of file winhal.c.
Referenced by IntWinHalUninit(), and IntWinHalUpdateProtection().
| INTSTATUS IntWinHalUnprotectHalHeapExecs | ( | void | ) |
Deactivates the HAL heap execution protection.
Definition at line 812 of file winhal.c.
Referenced by IntWinHalUninit(), and IntWinHalUpdateProtection().
| INTSTATUS IntWinHalUnprotectHalIntCtrl | ( | void | ) |
Deactivates the HAL interrupt controller write protection.
Definition at line 889 of file winhal.c.
Referenced by IntWinHalUninit(), and IntWinHalUpdateProtection().
| INTSTATUS IntWinHalUnprotectHalPerfCounter | ( | void | ) |
Removes the protection on HalPerformanceCounter.
| INT_STATUS_SUCCESS | On success. |
| INT_STATUS_NOT_INITIALIZED_HINT | If the protection was not enabled beforehand. |
Definition at line 1035 of file winhal.c.
Referenced by IntWinHalUninit(), and IntWinHalUpdateProtection().
| INTSTATUS IntWinHalUpdateProtection | ( | void | ) |
Updates any of the HAL protections.
If any of the INTRO_OPT_PROT_KM_HAL_DISP_TABLE, INTRO_OPT_PROT_KM_HAL_HEAP_EXEC, or INTRO_OPT_PROT_KM_HAL_INT_CTRL option is changed, the protection is enabled, or disabled, based on the new value.
Definition at line 2405 of file winhal.c.
Referenced by IntGuestUpdateCoreOptions().
1.8.13