Bitdefender Hypervisor Memory Introspection
|
#include "guests.h"
Go to the source code of this file.
Functions | |
INTSTATUS | IntWinIntObjUnprotect (void) |
Uninitializes the interrupt objects protection. More... | |
INTSTATUS | IntWinIntObjProtect (void) |
Protects the interrupt objects which are present in the KPRCB's InterruptObject array. More... | |
INTSTATUS IntWinIntObjProtect | ( | void | ) |
Protects the interrupt objects which are present in the KPRCB's InterruptObject array.
This will create an integrity region for the array on each CPU's KPRCB, in order to monitor it, through IntWinIntObjHandleArrayModification, so that the introspection engine can be notified whenever an interrupt object relocation takes place. The DispatchAddress and ServiceRoutine fields are protected in each interrupt object, for which IntWinIntObjHandleObjectModification will be called whenever a modification is detected.
INT_STATUS_SUCCESS | On success. |
INT_STATUS_NOT_INITIALIZED | If there is no CPU for which protection can be enforced. |
INT_STATUS_NOT_NEEDED_HINT | If the guest is not 64 bits or if the KPRCB does not have an InterruptObject associated. |
INT_STATUS_INSUFFICIENT_RESOURCES | If there are not enough resources for the protection to be enforced. |
Definition at line 473 of file winintobj.c.
Referenced by IntGuestUpdateCoreOptions(), and IntWinGuestActivateProtection().
INTSTATUS IntWinIntObjUnprotect | ( | void | ) |
Uninitializes the interrupt objects protection.
This function will remove all integrity regions associated with protected interrupt object fields, as well as the integrity regions used for monitoring the InterrupObject array.
INT_STATUS_SUCCESS | On success. |
INT_STATUS_NOT_INITIALIZED | If the protection was not initialized beforehand. |
Definition at line 609 of file winintobj.c.
Referenced by IntGuestUpdateCoreOptions(), and IntWinIntObjProtect().