- Generated by
1.8.13
|
Bitdefender Hypervisor Memory Introspection
|
#include "exceptions.h"#include "codeblocks.h"#include "crc32.h"#include "decoder.h"#include "hook.h"#include "winpe.h"Go to the source code of this file.
Functions | |
| static void | IntExceptKernelUserLogWindowsInformation (EXCEPTION_VICTIM_ZONE *Victim, EXCEPTION_KM_ORIGINATOR *Originator, INTRO_ACTION Action, INTRO_ACTION_REASON Reason) |
| Print the information about a kernel-user mode violation (windows guest). More... | |
| void | IntExceptKernelUserLogInformation (EXCEPTION_VICTIM_ZONE *Victim, EXCEPTION_KM_ORIGINATOR *Originator, INTRO_ACTION Action, INTRO_ACTION_REASON Reason) |
| Print the information about a kernel-user mode violation and dumps the code-blocks. More... | |
| static __inline BOOLEAN | IntExceptKernelUserMatchZoneFlags (EXCEPTION_VICTIM_ZONE *Victim, KUM_EXCEPTION *Exception) |
| Checks if the zone-flags of the current exception match the zone flags of the victim. More... | |
| static __inline BOOLEAN | IntExceptKernelUserMatchArch (KUM_EXCEPTION *Exception) |
| Checks if the architecture-flags of the current exception match the architecture-flags of the originator. More... | |
| static __inline BOOLEAN | IntExceptKernelUserMatchNameHash (EXCEPTION_VICTIM_ZONE *Victim, KUM_EXCEPTION *Exception) |
| Checks if the exception name-hash of the current exception matches the name-hash of the victim. More... | |
| static __inline BOOLEAN | IntExceptKernelUserMatchProcessHash (EXCEPTION_VICTIM_ZONE *Victim, KUM_EXCEPTION *Exception) |
| Checks if the exception process name-hash of the current exception matches the process name-hash of the victim. More... | |
| static __inline BOOLEAN | IntExceptKernelUserMatchObjectType (EXCEPTION_VICTIM_ZONE *Victim, KUM_EXCEPTION *Exception) |
| Checks if the zone-type of the current exception matches the object-type of the victim. More... | |
| INTSTATUS | IntExceptKernelUserMatchVictim (EXCEPTION_VICTIM_ZONE *Victim, EXCEPTION_KM_ORIGINATOR *Originator, KUM_EXCEPTION *Exception) |
| This function checks if the exception matches the originator and the modified zone. More... | |
| INTSTATUS | IntExceptKernelUser (EXCEPTION_VICTIM_ZONE *Victim, EXCEPTION_KM_ORIGINATOR *Originator, INTRO_ACTION *Action, INTRO_ACTION_REASON *Reason) |
| This function iterates through exception lists and tries to find an exception that matches the originator and the victim. More... | |
| INTSTATUS | IntExceptKernelUserVerifyExtra (EXCEPTION_VICTIM_ZONE *Victim, EXCEPTION_UM_ORIGINATOR *Originator, UM_EXCEPTION *Exception) |
| This function is used as an extra step in exception mechanism. More... | |
Variables | |
| char | gExcLogLine [2 *ONE_KILOBYTE] |
| The exception log line. More... | |
| INTSTATUS IntExceptKernelUser | ( | EXCEPTION_VICTIM_ZONE * | Victim, |
| EXCEPTION_KM_ORIGINATOR * | Originator, | ||
| INTRO_ACTION * | Action, | ||
| INTRO_ACTION_REASON * | Reason | ||
| ) |
This function iterates through exception lists and tries to find an exception that matches the originator and the victim.
| [in] | Victim | The victim object. |
| [in] | Originator | The originator object. |
| [out] | Action | The action that was taken. |
| [out] | Reason | The reason for which Action was taken. |
| INT_STATUS_INVALID_PARAMETER_1 | If the victim object is invalid. |
| INT_STATUS_INVALID_PARAMETER_2 | If the originator object is invalid. |
| INT_STATUS_INVALID_PARAMETER_3 | If the action is invalid. |
| INT_STATUS_INVALID_PARAMETER_4 | If the reason is invalid. |
| INT_STATUS_EXCEPTION_ALLOW | If the violation is allowed. |
| INT_STATUS_EXCEPTION_NOT_MATCHED | If the violation is not allowed. |
Definition at line 704 of file exceptions_krnusr.c.
Referenced by IntExcept().
| void IntExceptKernelUserLogInformation | ( | EXCEPTION_VICTIM_ZONE * | Victim, |
| EXCEPTION_KM_ORIGINATOR * | Originator, | ||
| INTRO_ACTION | Action, | ||
| INTRO_ACTION_REASON | Reason | ||
| ) |
Print the information about a kernel-user mode violation and dumps the code-blocks.
| [in] | Victim | The victim object. |
| [in] | Originator | The originator object. |
| [in] | Action | The action that was taken. |
| [in] | Reason | The reason for which Action was taken. |
Definition at line 365 of file exceptions_krnusr.c.
Referenced by IntExcept(), and IntWinModHandleKernelWrite().
|
static |
Print the information about a kernel-user mode violation (windows guest).
| [in] | Victim | The victim object. |
| [in] | Originator | The originator object. |
| [in] | Action | The action that was taken. |
| [in] | Reason | The reason for which Action was taken. |
Definition at line 22 of file exceptions_krnusr.c.
Referenced by IntExceptKernelUserLogInformation().
|
static |
Checks if the architecture-flags of the current exception match the architecture-flags of the originator.
| [in] | Exception | The exception object. |
| True | if the arch match, otherwise false. |
Definition at line 442 of file exceptions_krnusr.c.
Referenced by IntExceptKernelUserMatchVictim().
|
static |
Checks if the exception name-hash of the current exception matches the name-hash of the victim.
| [in] | Victim | The victim object. |
| [in] | Exception | The exception object. |
| True | if the name-hash matches, otherwise false. |
Definition at line 476 of file exceptions_krnusr.c.
Referenced by IntExceptKernelUserMatchVictim().
|
static |
Checks if the zone-type of the current exception matches the object-type of the victim.
| [in] | Victim | The victim object. |
| [in] | Exception | The exception object. |
| True | if the object-type matches, otherwise false. |
Definition at line 535 of file exceptions_krnusr.c.
Referenced by IntExceptKernelUserMatchVictim().
|
static |
Checks if the exception process name-hash of the current exception matches the process name-hash of the victim.
| [in] | Victim | The victim object. |
| [in] | Exception | The exception object. |
| True | if the process name-hash matches, otherwise false. |
Definition at line 500 of file exceptions_krnusr.c.
Referenced by IntExceptKernelUserMatchVictim().
| INTSTATUS IntExceptKernelUserMatchVictim | ( | EXCEPTION_VICTIM_ZONE * | Victim, |
| EXCEPTION_KM_ORIGINATOR * | Originator, | ||
| KUM_EXCEPTION * | Exception | ||
| ) |
This function checks if the exception matches the originator and the modified zone.
The following are verified:
| [in] | Victim | The victim object. |
| [in] | Originator | The originator object. |
| [in] | Exception | The current exception object. |
| INT_STATUS_EXCEPTION_NOT_MATCHED | If any check fails. |
| INT_STATUS_EXCEPTION_ALLOW | If all checks have passed. |
Definition at line 586 of file exceptions_krnusr.c.
Referenced by IntExceptMatchException().
|
static |
Checks if the zone-flags of the current exception match the zone flags of the victim.
| [in] | Victim | The victim object. |
| [in] | Exception | The exception object. |
| True | if the zone-flags match, otherwise false. |
Definition at line 404 of file exceptions_krnusr.c.
Referenced by IntExceptKernelUserMatchVictim().
| INTSTATUS IntExceptKernelUserVerifyExtra | ( | EXCEPTION_VICTIM_ZONE * | Victim, |
| EXCEPTION_UM_ORIGINATOR * | Originator, | ||
| UM_EXCEPTION * | Exception | ||
| ) |
This function is used as an extra step in exception mechanism.
| [in] | Victim | The victim object. |
| [in] | Originator | The originator object. |
| [in] | Exception | The current exception object. |
| INT_STATUS_EXCEPTION_CHECKS_OK | On success. |
Definition at line 942 of file exceptions_krnusr.c.
Referenced by IntExceptMatchException().
| char gExcLogLine[2 *ONE_KILOBYTE] |
The exception log line.
Definition at line 40 of file exceptions.c.
Referenced by IntExceptKernelUserLogWindowsInformation().
1.8.13