Bitdefender Hypervisor Memory Introspection
shellcode.h
Go to the documentation of this file.
1
/*
2
* Copyright (c) 2020 Bitdefender
3
* SPDX-License-Identifier: Apache-2.0
4
*/
5
#ifndef _SHELLCODE_H_
6
#define _SHELLCODE_H_
7
8
#include "
introcore.h
"
9
10
typedef
struct
_WIN_PROCESS_OBJECT
WIN_PROCESS_OBJECT
;
11
12
INTSTATUS
13
IntShcIsSuspiciousCode
(
14
_In_
QWORD
Gva,
15
_In_
QWORD
Gpa,
16
_In_
DWORD
CsType,
17
_In_
IG_ARCH_REGS
*Registers,
18
_Out_
QWORD
*ShellcodeFlags
19
);
20
21
#endif //_SHELLCODE_H_
_Out_
#define _Out_
Definition:
intro_sal.h:22
_In_
#define _In_
Definition:
intro_sal.h:21
introcore.h
IntShcIsSuspiciousCode
INTSTATUS IntShcIsSuspiciousCode(QWORD Gva, QWORD Gpa, DWORD CsType, IG_ARCH_REGS *Registers, QWORD *ShellcodeFlags)
Checks if the code located at the given guest virtual address is suspicious or not.
Definition:
shellcode.c:25
INTSTATUS
int INTSTATUS
The status data type.
Definition:
introstatus.h:24
QWORD
unsigned long long QWORD
Definition:
intro_types.h:53
DWORD
uint32_t DWORD
Definition:
intro_types.h:49
_IG_ARCH_REGS
Holds register state.
Definition:
glueiface.h:30
_WIN_PROCESS_OBJECT
This structure describes a running process inside the guest.
Definition:
winprocess.h:81
introcore
include
shellcode.h
Generated by
1.8.13
1.8.13