Bitdefender Hypervisor Memory Introspection
winselfmap.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2020 Bitdefender
3  * SPDX-License-Identifier: Apache-2.0
4  */
5 #ifndef _WINSELFMAP_H_
6 #define _WINSELFMAP_H_
7 
8 #include "guests.h"
9 
10 typedef struct _WIN_PROCESS_OBJECT WIN_PROCESS_OBJECT, *PWIN_PROCESS_OBJECT;
11 
21 #define SELF_MAP_ENTRY(Cr3) (CLEAN_PHYS_ADDRESS64(((QWORD)(Cr3))) + gGuest.Mm.SelfMapIndex * 8ull)
22 
34 #define SELF_MAP_ENTRY_IS_DETECTION(entry) (((entry) & PT_P) != 0 && ((entry) & PT_US) != 0)
35 
39 #define SELF_MAP_ENTRY_VA (0xFFFF800000000000 | ((QWORD)gGuest.Mm.SelfMapIndex << 39) | \
40  ((QWORD)gGuest.Mm.SelfMapIndex << 30) | ((QWORD)gGuest.Mm.SelfMapIndex << 21) | \
41  ((QWORD)gGuest.Mm.SelfMapIndex << 12) | ((QWORD)gGuest.Mm.SelfMapIndex * 8))
42 
43 
44 INTSTATUS
45 IntWinSelfMapValidateSelfMapEntries(
46  void
47  );
48 
49 INTSTATUS
50 IntWinSelfMapUnprotectSelfMapIndex(
51  _Inout_ WIN_PROCESS_OBJECT *Process
52  );
53 
54 INTSTATUS
55 IntWinSelfMapProtectSelfMapIndex(
56  _Inout_ WIN_PROCESS_OBJECT *Process
57  );
58 
59 INTSTATUS
60 IntWinSelfMapDisableSelfMapEntryProtection(
61  void
62  );
63 
64 INTSTATUS
65 IntWinSelfMapEnableSelfMapEntryProtection(
66  void
67  );
68 
69 INTSTATUS
70 IntWinSelfMapGetAndCheckSelfMapEntry(
71  _Inout_ WIN_PROCESS_OBJECT *Process
72  );
73 
74 #endif
INTSTATUS
int INTSTATUS
The status data type.
Definition: introstatus.h:24
IntWinSelfMapGetAndCheckSelfMapEntry
INTSTATUS IntWinSelfMapGetAndCheckSelfMapEntry(WIN_PROCESS_OBJECT *Process)
Sets and validates the self map entry values for a process.
Definition: winselfmap.c:579
IntWinSelfMapProtectSelfMapIndex
INTSTATUS IntWinSelfMapProtectSelfMapIndex(WIN_PROCESS_OBJECT *Process)
Protects the self map index of a process by placing an EPT write hook on it.
Definition: winselfmap.c:710
IntWinSelfMapUnprotectSelfMapIndex
INTSTATUS IntWinSelfMapUnprotectSelfMapIndex(WIN_PROCESS_OBJECT *Process)
Removes the EPT protection for the self map entry index of a process.
Definition: winselfmap.c:802
_Inout_
#define _Inout_
Definition: intro_sal.h:20
PWIN_PROCESS_OBJECT
struct _WIN_PROCESS_OBJECT * PWIN_PROCESS_OBJECT
Definition: winselfmap.h:10
IntWinSelfMapValidateSelfMapEntries
INTSTATUS IntWinSelfMapValidateSelfMapEntries(void)
Validates the self map entries for every process in the system.
Definition: winselfmap.c:453
IntWinSelfMapEnableSelfMapEntryProtection
INTSTATUS IntWinSelfMapEnableSelfMapEntryProtection(void)
Enables the self map protection mechanism for the entire system.
Definition: winselfmap.c:516
IntWinSelfMapDisableSelfMapEntryProtection
INTSTATUS IntWinSelfMapDisableSelfMapEntryProtection(void)
Disables the self map entry protection for all the processes on the system.
Definition: winselfmap.c:656
_WIN_PROCESS_OBJECT
This structure describes a running process inside the guest.
Definition: winprocess.h:83