Bitdefender Hypervisor Memory Introspection
|
#include "introtypes.h"
Go to the source code of this file.
Functions | |
INTSTATUS | IntWinIdtProtectOnCpu (DWORD CpuNumber) |
Protects the IDT against writes on a CPU. More... | |
INTSTATUS | IntWinIdtUnprotectOnCpu (DWORD CpuNumber) |
Removes the IDT write protection for a CPU. More... | |
INTSTATUS | IntWinIdtProtectAll (void) |
Activates the IDT protection for all the guest CPUs. More... | |
INTSTATUS | IntWinIdtUnprotectAll (void) |
Removes the IDT protection for all the guest CPUs. More... | |
INTSTATUS IntWinIdtProtectAll | ( | void | ) |
Activates the IDT protection for all the guest CPUs.
Definition at line 559 of file winidt.c.
Referenced by IntGuestUpdateCoreOptions(), and IntWinGuestActivateProtection().
Protects the IDT against writes on a CPU.
For Windows versions older than 16299 or for 32-bit Windows versions the integrity mechanism is used because the IDT and the GDT are placed in the same page on those versions, and the GDT is written very often, which will end up causing performance problems, due to the high amount of VMEXITs that will be generated. The integrity mechanism will not be able to catch a change as soon as it is done, as it does the checks periodically, and will not be able to consult the exceptions mechanism. For all the other Windows versions, an EPT write hook is placed on the IDT. We can do that because on those versions the IDT is in its own page, so we can hook it without expecting a large number of VMEXITs, as the IDT is not written very often.
[in] | CpuNumber | The CPU for which the IDT will be protected. Can not be IG_CURRENT_VCPU. |
INT_STATUS_SUCCESS | in case of success. |
INT_STATUS_INVALID_PARAMETER_2 | if CpuNumber is not valid. |
INT_STATUS_NOT_INITIALIZED_HINT | if the base of the IDT on the given CPU is not a valid kernel pointer. |
Definition at line 479 of file winidt.c.
Referenced by IntDtrHandleWrite(), and IntWinIdtProtectAll().
INTSTATUS IntWinIdtUnprotectAll | ( | void | ) |
Removes the IDT protection for all the guest CPUs.
Definition at line 590 of file winidt.c.
Referenced by IntGuestUpdateCoreOptions().
Removes the IDT write protection for a CPU.
[in] | CpuNumber | The CPU for which the protection is removed. Can not be IG_CURRENT_VCPU. |
INT_STATUS_SUCCESS | in case of success. |
INT_STATUS_INVALID_PARAMETER_2 | if CpuNumber is not valid. |
INT_STATUS_NOT_INITIALIZED_HINT | if the base of the IDT on the given CPU is not a valid kernel pointer. |
Definition at line 524 of file winidt.c.
Referenced by IntDtrHandleWrite(), and IntWinIdtUnprotectAll().