doxygen/html/winhal_8h_source.html

 /*
  * Copyright (c) 2020 Bitdefender
  * SPDX-License-Identifier: Apache-2.0
  */
 #ifndef _WINHAL_H_
 #define _WINHAL_H_

 #include "introtypes.h"

 typedef struct _WIN_HAL_DATA
 {
     QWORD           HalHeapAddress;
     QWORD           HalIntCtrlAddress;
     QWORD           HalPerfCounterAddress;
     DWORD           HalHeapSize;

     QWORD           HalDispatchTableAddress;
     DWORD           HalDispatchTableSize;

     KERNEL_DRIVER   *OwnerHalModule;

     void            *HalHeapExecHook;
     void            *HalIntCtrlWriteHook;
     void            *HalDispatchIntegrityHook;

     BYTE            *HalBuffer;

     DWORD           HalBufferSize;

     DWORD           RemainingSections;

     LIST_ENTRY      InitSwapHandles;

     void            *HalHdrSwapHandle;

     void            *HalPerfIntegrityObj;
 } WIN_HAL_DATA, *PWIN_HAL_DATA;


 INTSTATUS
 IntWinHalCreateHalData(
     void
     );

 void
 IntWinHalUninit(
     void
     );

 INTSTATUS
 IntWinHalUpdateProtection(
     void
     );

 INTSTATUS
 IntWinHalProtectHalHeapExecs(
     void
     );

 INTSTATUS
 IntWinHalProtectHalIntCtrl(
     void
     );

 INTSTATUS
 IntWinHalProtectHalDispatchTable(
     void
     );

 INTSTATUS
 IntWinHalUnprotectHalHeapExecs(
     void
     );

 INTSTATUS
 IntWinHalUnprotectHalIntCtrl(
     void
     );

 INTSTATUS
 IntWinHalUnprotectHalDispatchTable(
     void
     );

 INTSTATUS
 IntWinHalProtectHalPerfCounter(
     void
     );

 INTSTATUS
 IntWinHalUnprotectHalPerfCounter(
     void
     );

 #endif // _WINHAL_H_
_WIN_HAL_DATA::HalHdrSwapHandle
void * HalHdrSwapHandle
HAL headers swap handle. Used only if HAL is not protected, and the headers are not read automaticall...
Definition: winhal.h:59

IntWinHalUnprotectHalHeapExecs
INTSTATUS IntWinHalUnprotectHalHeapExecs(void)
Deactivates the HAL heap execution protection.
Definition: winhal.c:812

PWIN_HAL_DATA
struct _WIN_HAL_DATA * PWIN_HAL_DATA

BYTE
uint8_t BYTE
Definition: intro_types.h:47

IntWinHalProtectHalIntCtrl
INTSTATUS IntWinHalProtectHalIntCtrl(void)
Protects the HAL interrupt controller against writes.
Definition: winhal.c:837

_WIN_HAL_DATA::HalPerfIntegrityObj
void * HalPerfIntegrityObj
The HAL Performance Counter integrity hook object.
Definition: winhal.h:62

IntWinHalCreateHalData
INTSTATUS IntWinHalCreateHalData(void)
Initializes gHalData.
Definition: winhal.c:2270

_WIN_HAL_DATA::InitSwapHandles
LIST_ENTRY InitSwapHandles
A list containing the swap handles for the swapped out sections which should be read in HalBuffer...
Definition: winhal.h:55

IntWinHalUninit
void IntWinHalUninit(void)
Frees any resources held by gHalData and removes all the HAL protections.
Definition: winhal.c:2479

INTSTATUS
int INTSTATUS
The status data type.
Definition: introstatus.h:24

_KERNEL_DRIVER
Describes a kernel driver.
Definition: drivers.h:30

IntWinHalProtectHalDispatchTable
INTSTATUS IntWinHalProtectHalDispatchTable(void)
Activates the HAL dispatch table protection.
Definition: winhal.c:914

_WIN_HAL_DATA::HalBufferSize
DWORD HalBufferSize
The size of HAL buffer.
Definition: winhal.h:48

_WIN_HAL_DATA::HalIntCtrlWriteHook
void * HalIntCtrlWriteHook
The HAL interrupt controller write hook object.
Definition: winhal.h:35

IntWinHalUnprotectHalDispatchTable
INTSTATUS IntWinHalUnprotectHalDispatchTable(void)
Deactivates the HAL dispatch table protection.
Definition: winhal.c:957

_WIN_HAL_DATA::HalHeapSize
DWORD HalHeapSize
The size of the HAL heap.
Definition: winhal.h:22

introtypes.h

_WIN_HAL_DATA::HalDispatchIntegrityHook
void * HalDispatchIntegrityHook
The HAL dispatch table integrity hook object.
Definition: winhal.h:37

QWORD
unsigned long long QWORD
Definition: intro_types.h:53

_WIN_HAL_DATA::RemainingSections
DWORD RemainingSections
The number of sections which are not yet read into HAL buffer.
Definition: winhal.h:51

_WIN_HAL_DATA::HalBuffer
BYTE * HalBuffer
A buffer containing the whole HAL image.
Definition: winhal.h:45

WIN_HAL_DATA
struct _WIN_HAL_DATA WIN_HAL_DATA
Hal information.

IntWinHalUnprotectHalIntCtrl
INTSTATUS IntWinHalUnprotectHalIntCtrl(void)
Deactivates the HAL interrupt controller write protection.
Definition: winhal.c:889

_WIN_HAL_DATA::HalHeapAddress
QWORD HalHeapAddress
The guest virtual address of the HAL heap.
Definition: winhal.h:16

DWORD
uint32_t DWORD
Definition: intro_types.h:49

_WIN_HAL_DATA::HalDispatchTableSize
DWORD HalDispatchTableSize
The size of the HAL dispatch table.
Definition: winhal.h:27

_WIN_HAL_DATA::OwnerHalModule
KERNEL_DRIVER * OwnerHalModule
The hal.dll kernel module or ntoskrnl.exe.
Definition: winhal.h:30

IntWinHalUpdateProtection
INTSTATUS IntWinHalUpdateProtection(void)
Updates any of the HAL protections.
Definition: winhal.c:2405

_WIN_HAL_DATA::HalDispatchTableAddress
QWORD HalDispatchTableAddress
The guest virtual address of the HAL dispatch table.
Definition: winhal.h:25

_WIN_HAL_DATA::HalIntCtrlAddress
QWORD HalIntCtrlAddress
The guest virtual address of the HAL interrupt controller.
Definition: winhal.h:18

IntWinHalProtectHalPerfCounter
INTSTATUS IntWinHalProtectHalPerfCounter(void)
Enables protection on HalPerformanceCounter function pointer.
Definition: winhal.c:989

_WIN_HAL_DATA
Hal information.
Definition: winhal.h:13

_WIN_HAL_DATA::HalHeapExecHook
void * HalHeapExecHook
The HAL heap execution hook object.
Definition: winhal.h:33

IntWinHalUnprotectHalPerfCounter
INTSTATUS IntWinHalUnprotectHalPerfCounter(void)
Removes the protection on HalPerformanceCounter.
Definition: winhal.c:1035

_WIN_HAL_DATA::HalPerfCounterAddress
QWORD HalPerfCounterAddress
The guest virtual address of the HAL performance counter.
Definition: winhal.h:20

IntWinHalProtectHalHeapExecs
INTSTATUS IntWinHalProtectHalHeapExecs(void)
Hooks the HAL heap against execution.
Definition: winhal.c:718

_LIST_ENTRY
Definition: introlists.h:16