- Generated by
1.8.13
|
Bitdefender Hypervisor Memory Introspection
|
#include "introcrt.h"Go to the source code of this file.
Data Structures | |
| struct | _WINUM_PATH |
Typedefs | |
| typedef struct _WINUM_PATH | WINUM_PATH |
| typedef struct _WINUM_PATH * | PWINUM_PATH |
Functions | |
| WINUM_PATH * | IntWinUmPathCreate (const WCHAR *Path, DWORD PathSize, QWORD SubsectionGva) |
| Creates a WINUM_PATH object from the given parameters. More... | |
| WINUM_PATH * | IntWinUmPathReference (WINUM_PATH *Path) |
| Increases the reference count of the given WINUM_PATH object. More... | |
| void | IntWinUmPathDereference (WINUM_PATH **Path) |
| Dereferences a WINUM_PATH object, releasing the resources if the reference count has reached 0. More... | |
| WINUM_PATH * | IntWinUmPathFetchAndReferenceBySubsection (QWORD SubsectionGva) |
| Fetches a WINUM_PATH object by the unique identifier and increments the reference counter on it. More... | |
| typedef struct _WINUM_PATH * PWINUM_PATH |
| typedef struct _WINUM_PATH WINUM_PATH |
An object representing a user-mode module path.
| WINUM_PATH* IntWinUmPathCreate | ( | const WCHAR * | Path, |
| DWORD | PathSize, | ||
| QWORD | SubsectionGva | ||
| ) |
Creates a WINUM_PATH object from the given parameters.
Provided the path string which was read from the guest, the total length of the path and the subsection guest virtual address from which the path string was read, which will serve as a unique identifier for the given path, this function will create a path object based on those. Note that if any error occurs, gInvalidUmPath will be returned by this function. This function may get called on already cached paths, in which case a warning will be issued and the cached path will be fetched from the cache and the reference count will be incremented.
| [in] | Path | The path string which was read from the guest. |
| [in] | PathSize | The total number of bytes the path contains. |
| [in] | SubsectionGva | The guest virtual address of the subsection from which the path was fetched. |
Definition at line 184 of file winumpath.c.
Referenced by IntWinVadHandleFilePathInMemory().
| void IntWinUmPathDereference | ( | WINUM_PATH ** | Path | ) |
Dereferences a WINUM_PATH object, releasing the resources if the reference count has reached 0.
When all the callers to IntWinUmPathReference/IntWinUmPathFetchAndReferenceBySubsection or after a path creation has been made, decide that the path should no longer be used, this function will get called and the reference count will reach 0. When reaching 0, the resources (that means the Path string where the path is saved, as well as the path object) will be released. This function will also set to NULL the object given as parameter.
| [in] | Path | A pointer to the WINUM_PATH object which should be dereferenced or freed if the reference counter reaches 0. |
Definition at line 340 of file winumpath.c.
Referenced by IntWinModRemoveModule(), and IntWinVadDestroyObject().
| WINUM_PATH* IntWinUmPathFetchAndReferenceBySubsection | ( | QWORD | SubsectionGva | ) |
Fetches a WINUM_PATH object by the unique identifier and increments the reference counter on it.
| [in] | SubsectionGva | The guest virtual address of the subsection where the path is found. Serves as a unique identifier. |
Definition at line 314 of file winumpath.c.
Referenced by IntWinUmPathCreate(), and IntWinVadFetchImageName().
| WINUM_PATH* IntWinUmPathReference | ( | WINUM_PATH * | Path | ) |
Increases the reference count of the given WINUM_PATH object.
Calling this function means that one uses a reference to a Path object and desires that the path should not be freed until one calls the IntWinUmPathDereference function on the path.
| [in] | Path | The WINUM_PATH object for which the reference count will be incremented. |
Definition at line 292 of file winumpath.c.
Referenced by IntWinModHandleModulePathInMemory().
1.8.13