Bitdefender Hypervisor Memory Introspection
Functions | Variables
lixaghnd.c File Reference
#include "lixagent.h"
#include "guests.h"
#include "linux/exec/exec_content.h"
#include "linux/deploy/deploy_content.h"
#include "linux/run/run_content.h"
#include "linux/init/init_content.h"
#include "linux/uninit/uninit_content.h"

Go to the source code of this file.

Functions

LIX_AGENT_HANDLERIntLixAgentGetHandlerByTag (LIX_AGENT_TAG AgentTag)
 Iterates through all agent handlers and search the entry that has the provided tag. More...
 
LIX_AGENT_HANDLERIntLixAgentThreadGetHandlerByTag (LIX_AGENT_TAG AgentTag, LIX_AGENT_TAG ThreadTag)
 Iterates through all thread-agent handlers and search the entry that has the provided tag. More...
 

Variables

LIX_AGENT_INIT_ARGS gLixAgentArgsInit
 
LIX_AGENT_FUNCTIONS gLixAgentFunctionsInit []
 
LIX_AGENT_UNINIT_ARGS gLixAgentArgsUninit
 
LIX_AGENT_FUNCTIONS gLixAgentFunctionsUninit []
 
LIX_AGENT_CREATE_THREAD_ARGS gLixAgentArgsCreateThread
 
LIX_AGENT_FUNCTIONS gLixAgentFunctionsCreateTread []
 
LIX_AGENT_THREAD_DEPLOY_FILE_ARGS gLixAgentThreadArgsDeployFile
 
LIX_AGENT_FUNCTIONS gLixAgentFunctionsDeployFile []
 
LIX_AGENT_THREAD_DEPLOY_FILE_EXEC_ARGS gLixAgentArgsDeployFileExec
 
LIX_AGENT_THREAD_RUN_CLI_ARGS gLixAgentArgsRunCommand
 
LIX_AGENT_FUNCTIONS gLixAgentFunctionsDeployFileExec []
 
LIX_AGENT_FUNCTIONS gLixAgentFunctionsRunCommand []
 
LIX_AGENT_HANDLER gLixAgentThreadHandlers []
 
LIX_AGENT_HANDLER gLixAgentHandler []
 

Function Documentation

◆ IntLixAgentGetHandlerByTag()

LIX_AGENT_HANDLER* IntLixAgentGetHandlerByTag ( LIX_AGENT_TAG  AgentTag)

Iterates through all agent handlers and search the entry that has the provided tag.

Parameters
[in]AgentTagThe agent tag.
Return values
Onsuccess, returns the found handler, otherwise returns NULL.

Definition at line 408 of file lixaghnd.c.

Referenced by IntLixAgentCreate(), IntLixAgentThreadGetHandlerByTag(), IntLixGuestAllocate(), and IntLixGuestDeployUninitAgent().

◆ IntLixAgentThreadGetHandlerByTag()

LIX_AGENT_HANDLER* IntLixAgentThreadGetHandlerByTag ( LIX_AGENT_TAG  AgentTag,
LIX_AGENT_TAG  ThreadTag 
)

Iterates through all thread-agent handlers and search the entry that has the provided tag.

Parameters
[in]AgentTagThe agent tag.
[in]ThreadTagThe thread-agent tag.
Return values
Onsuccess, returns the found handler, otherwise returns NULL.

Definition at line 432 of file lixaghnd.c.

Referenced by IntLixAgentThreadCreate(), IntLixDepInjectFile(), IntLixDepInjectProcess(), and IntLixDepRunCommand().

Variable Documentation

◆ gLixAgentArgsCreateThread

LIX_AGENT_CREATE_THREAD_ARGS gLixAgentArgsCreateThread
Initial value:
=
{
.Allocate =
{
.Length = 2 * PAGE_SIZE,
}
}
PAGE_SIZE
#define PAGE_SIZE
Definition: common.h:53

Definition at line 84 of file lixaghnd.c.

◆ gLixAgentArgsDeployFileExec

LIX_AGENT_THREAD_DEPLOY_FILE_EXEC_ARGS gLixAgentArgsDeployFileExec
Initial value:
=
{
.Allocate =
{
.Length = PAGE_SIZE_2M
},
.FilePath =
{
.Root = '/',
.Name = { 0 }
},
.Exec =
{
.Args = { 0x0 }
},
}
PAGE_SIZE_2M
#define PAGE_SIZE_2M
Definition: pgtable.h:15

Definition at line 167 of file lixaghnd.c.

◆ gLixAgentArgsInit

LIX_AGENT_INIT_ARGS gLixAgentArgsInit
Initial value:
=
{
.Allocate =
{
.ModuleLength = PAGE_SIZE * 3,
.PerCpuLength = 0x0,
},
}
PAGE_SIZE
#define PAGE_SIZE
Definition: common.h:53

Definition at line 17 of file lixaghnd.c.

◆ gLixAgentArgsRunCommand

LIX_AGENT_THREAD_RUN_CLI_ARGS gLixAgentArgsRunCommand
Initial value:
=
{
.Exec =
{
.Args = { 0x0 }
},
}

Definition at line 187 of file lixaghnd.c.

◆ gLixAgentArgsUninit

LIX_AGENT_UNINIT_ARGS gLixAgentArgsUninit
Initial value:
=
{
.Free =
{
.ModuleAddress = 0x0,
.PerCpuAddress = 0x0,
}
}

Definition at line 51 of file lixaghnd.c.

◆ gLixAgentFunctionsCreateTread

LIX_AGENT_FUNCTIONS gLixAgentFunctionsCreateTread[]
Initial value:
=
{
{
.Version =
{
.Sublevel = WORD_MAX,
.Patch = BYTE_MAX,
.Backport = WORD_MAX,
.Version = BYTE_MAX
},
.Count = 3,
.List =
{
{ .Required = 1, .Count = 1, .Name = { "kthread_create_on_node"} },
{ .Required = 1, .Count = 1, .Name = { "wake_up_process"} },
{ .Required = 1, .Count = 1, .Name = { "vmalloc_exec" } },
}
}
}
WORD_MAX
#define WORD_MAX
Definition: introtypes.h:32
BYTE_MAX
#define BYTE_MAX
Definition: introtypes.h:31

Definition at line 93 of file lixaghnd.c.

◆ gLixAgentFunctionsDeployFile

LIX_AGENT_FUNCTIONS gLixAgentFunctionsDeployFile[]
Initial value:
=
{
{
.Version =
{
.Sublevel = WORD_MAX,
.Patch = BYTE_MAX,
.Backport = WORD_MAX,
.Version = BYTE_MAX
},
.Count = 11,
.List =
{
{ .Required = 1, .Count = 1, .Name = { "filp_open"} },
{ .Required = 1, .Count = 1, .Name = { "filp_close"} },
{ .Required = 1, .Count = 2, .Name = { "kernel_write", "__kernel_write"} },
{ .Required = 1, .Count = 1, .Name = { "vmalloc" } },
{ .Required = 1, .Count = 1, .Name = { "vfree" } },
{ .Required = 1, .Count = 1, .Name = { "argv_split" } },
{ .Required = 1, .Count = 1, .Name = { "argv_free" } },
{ .Required = 1, .Count = 1, .Name = { "call_usermodehelper_setup" } },
{ .Required = 1, .Count = 1, .Name = { "call_usermodehelper_exec" } },
{ .Required = 1, .Count = 1, .Name = { "do_exit" } },
{ .Required = 1, .Count = 1, .Name = { "printk" } },
}
}
}
WORD_MAX
#define WORD_MAX
Definition: introtypes.h:32
BYTE_MAX
#define BYTE_MAX
Definition: introtypes.h:31

Definition at line 134 of file lixaghnd.c.

◆ gLixAgentFunctionsDeployFileExec

LIX_AGENT_FUNCTIONS gLixAgentFunctionsDeployFileExec[]
Initial value:
=
{
{
.Version =
{
.Sublevel = WORD_MAX,
.Patch = BYTE_MAX,
.Backport = WORD_MAX,
.Version = BYTE_MAX
},
.Count = 13,
.List =
{
{ .Required = 1, .Count = 1, .Name = { "filp_open"} },
{ .Required = 1, .Count = 1, .Name = { "filp_close"} },
{ .Required = 0, .Count = 1, .Name = { "flush_delayed_fput"} },
{ .Required = 1, .Count = 2, .Name = { "kernel_write", "__kernel_write"} },
{ .Required = 1, .Count = 1, .Name = { "vmalloc" } },
{ .Required = 1, .Count = 1, .Name = { "vfree" } },
{ .Required = 1, .Count = 1, .Name = { "call_usermodehelper_setup" } },
{ .Required = 1, .Count = 1, .Name = { "call_usermodehelper_exec" } },
{ .Required = 1, .Count = 1, .Name = { "argv_split" } },
{ .Required = 1, .Count = 1, .Name = { "argv_free" } },
{ .Required = 1, .Count = 1, .Name = { "do_exit" } },
{ .Required = 0, .Count = 1, .Name = { "chmod_common" } },
{ .Required = 1, .Count = 1, .Name = { "printk" } },
}
}
}
WORD_MAX
#define WORD_MAX
Definition: introtypes.h:32
BYTE_MAX
#define BYTE_MAX
Definition: introtypes.h:31

Definition at line 196 of file lixaghnd.c.

◆ gLixAgentFunctionsInit

LIX_AGENT_FUNCTIONS gLixAgentFunctionsInit[]
Initial value:
=
{
{
.Version =
{
.Sublevel = WORD_MAX,
.Patch = BYTE_MAX,
.Backport = WORD_MAX,
.Version = BYTE_MAX
},
.Count = 3,
.List =
{
{ .Required = 1, .Count = 1, .Name = { "module_alloc"} },
{ .Required = 1, .Count = 1, .Name = { "change_page_attr_set_clr"} },
{ .Required = 1, .Count = 1, .Name = { "vmalloc"} },
}
}
}
WORD_MAX
#define WORD_MAX
Definition: introtypes.h:32
BYTE_MAX
#define BYTE_MAX
Definition: introtypes.h:31

Definition at line 26 of file lixaghnd.c.

◆ gLixAgentFunctionsRunCommand

LIX_AGENT_FUNCTIONS gLixAgentFunctionsRunCommand[]
Initial value:
=
{
{
.Version =
{
.Sublevel = WORD_MAX,
.Patch = BYTE_MAX,
.Backport = WORD_MAX,
.Version = BYTE_MAX
},
.Count = 7,
.List =
{
{ .Required = 1, .Count = 1, .Name = { "call_usermodehelper_setup" } },
{ .Required = 1, .Count = 1, .Name = { "call_usermodehelper_exec" } },
{ .Required = 1, .Count = 1, .Name = { "argv_split" } },
{ .Required = 1, .Count = 1, .Name = { "argv_free" } },
{ .Required = 1, .Count = 1, .Name = { "do_exit" } },
{ .Required = 1, .Count = 1, .Name = { "vfree" } },
{ .Required = 1, .Count = 1, .Name = { "printk" } },
}
}
}
WORD_MAX
#define WORD_MAX
Definition: introtypes.h:32
BYTE_MAX
#define BYTE_MAX
Definition: introtypes.h:31

Definition at line 228 of file lixaghnd.c.

◆ gLixAgentFunctionsUninit

LIX_AGENT_FUNCTIONS gLixAgentFunctionsUninit[]
Initial value:
=
{
{
.Version =
{
.Sublevel = WORD_MAX,
.Patch = BYTE_MAX,
.Backport = WORD_MAX,
.Version = BYTE_MAX
},
.Count = 2,
.List =
{
{ .Required = 1, .Count = 1, .Name = { "vfree"} },
{ .Required = 1, .Count = 1, .Name = { "change_page_attr_set_clr"} },
}
}
}
WORD_MAX
#define WORD_MAX
Definition: introtypes.h:32
BYTE_MAX
#define BYTE_MAX
Definition: introtypes.h:31

Definition at line 60 of file lixaghnd.c.

◆ gLixAgentHandler

LIX_AGENT_HANDLER gLixAgentHandler[]

Definition at line 333 of file lixaghnd.c.

◆ gLixAgentThreadArgsDeployFile

LIX_AGENT_THREAD_DEPLOY_FILE_ARGS gLixAgentThreadArgsDeployFile
Initial value:
=
{
.Allocate =
{
.Length = PAGE_SIZE_2M
},
.FilePath =
{
.Root = '/',
.Name = { 0 }
}
}
PAGE_SIZE_2M
#define PAGE_SIZE_2M
Definition: pgtable.h:15

Definition at line 119 of file lixaghnd.c.

◆ gLixAgentThreadHandlers

LIX_AGENT_HANDLER gLixAgentThreadHandlers[]

Definition at line 257 of file lixaghnd.c.