lixidt.c File Reference

#include "lixidt.h"
#include "alerts.h"
#include "hook.h"

Go to the source code of this file.

Functions
static INTSTATUS	IntLixIdtWriteHandler (void *Context, void *Hook, QWORD Address, INTRO_ACTION *Action)
	Called if a write occurs on the protected IDT descriptors. More...
INTSTATUS	IntLixIdtProtectOnCpu (DWORD CpuNumber)
	Activates protection for the provided CPU's IDT. More...
INTSTATUS	IntLixIdtProtectAll (void)
	Activates protection for IDT on all CPUs. More...
INTSTATUS	IntLixIdtUnprotectAll (void)
	Disable protection for IDT on all CPUs. More...

Function Documentation

IntLixIdtProtectAll()

INTSTATUS IntLixIdtProtectAll

(

void

)

Activates protection for IDT on all CPUs.

Return values

INT_STATUS_SUCCESS	On success.
INT_STATUS_NOT_NEEDED_HINT	In case there are no CPU's

Definition at line 234 of file lixidt.c.

Referenced by IntDtrHandleWrite(), IntGuestUpdateCoreOptions(), and IntLixGuestActivateProtection().

IntLixIdtProtectOnCpu()

INTSTATUS IntLixIdtProtectOnCpu

(

DWORD

CpuNumber

)

Activates protection for the provided CPU's IDT.

This function hooks the first 0x20 entries and the 80th entry from the provided CPU's IDT using EPT. If the current guest virtual address of the IDT is already hooked that hook-object will be used. The Linux IDT has the same guest virtual address on all CPUs.

Parameters

[in]

CpuNumber

The number of the CPU for witch the IDT will be protected.

Return values

INT_STATUS_SUCCESS	On success.
INT_STATUS_NOT_INITIALIZED	If the IDT of the provided CPU is not initialized.

Definition at line 131 of file lixidt.c.

Referenced by IntLixIdtProtectAll().

IntLixIdtUnprotectAll()

INTSTATUS IntLixIdtUnprotectAll

(

void

)

Disable protection for IDT on all CPUs.

Return values

INT_STATUS_SUCCESS

On success.

Definition at line 261 of file lixidt.c.

Referenced by IntDtrHandleWrite(), IntGuestUpdateCoreOptions(), and IntLixGuestUninit().

IntLixIdtWriteHandler()

static INTSTATUS IntLixIdtWriteHandler ( void *  Context, void *  Hook, QWORD  Address, INTRO_ACTION *  Action  )

static

Called if a write occurs on the protected IDT descriptors.

If a write occurs the exceptions mechanism is used to decide if the write should be allowed. If the write is not allowed an EPT violation event is sent to the integrator.

Parameters

[in]	Context	The context provided by the caller.
[in]	Hook	The GPA hook associated to this callback.
[in]	Address	The GPA address that was accessed.
[out]	Action	The action that must be taken.

Return values

INT_STATUS_SUCCESS	On success.
INT_STATUS_INVALID_PARAMETER_4	If the provided Action is null.

Definition at line 11 of file lixidt.c.

Referenced by IntLixIdtProtectOnCpu().