- Generated by
1.8.13
|
Bitdefender Hypervisor Memory Introspection
|
Memory information structure. More...
#include <guests.h>
Data Fields | |
| QWORD | SystemCr3 |
| The Cr3 used to map the kernel. More... | |
| QWORD | Cr4 |
| Cr4 value used when deducing the paging mode. More... | |
| QWORD | Cr0 |
| Cr0 value used when deducing the paging mode. More... | |
| QWORD | Efer |
| QWORD | LastGpa |
| The upper limit of the guest physical address range. More... | |
| DWORD | SelfMapIndex |
| The self map index. More... | |
| PAGING_MODE | Mode |
| The paging mode used by the guest. More... | |
| QWORD _MM::Cr0 |
Cr0 value used when deducing the paging mode.
Definition at line 209 of file guests.h.
Referenced by IntGuestInitMemoryInfo().
| QWORD _MM::Cr4 |
Cr4 value used when deducing the paging mode.
Definition at line 208 of file guests.h.
Referenced by IntGuestInitMemoryInfo().
| QWORD _MM::Efer |
The value of the IA32 EFER MSR used when deducing the paging mode.
Definition at line 210 of file guests.h.
Referenced by IntGuestHandleCr3Write(), and IntGuestInitMemoryInfo().
| QWORD _MM::LastGpa |
The upper limit of the guest physical address range.
The physical address range that the guest can access is thus [0, LastGPa - 1] (inclusive). Note that gaps may be present inside this range.
Definition at line 215 of file guests.h.
Referenced by IntGuestGetLastGpa().
| PAGING_MODE _MM::Mode |
The paging mode used by the guest.
Definition at line 217 of file guests.h.
Referenced by IntGuestHandleCr3Write(), IntGuestInit(), IntGuestInitMemoryInfo(), IntHookPtmSetHook(), IntHookPtmWriteCallback(), IntHookPtsCreateEntry(), IntHookPtsSetHook(), IntTranslateVirtualAddressEx(), IntVasStartMonitorVaSpace(), IntWinGuestFindSelfMapIndex(), IntWinSelfMapDisableSelfMapEntryProtection(), IntWinSelfMapEnableSelfMapEntryProtection(), IntWinSelfMapGetAndCheckSelfMapEntry(), IntWinSelfMapProtectSelfMapIndex(), and IntWinSelfMapValidateSelfMapEntries().
| DWORD _MM::SelfMapIndex |
The self map index.
Definition at line 216 of file guests.h.
Referenced by IntExceptKernelLogWindowsInformation(), IntPtiDeliverDriverForLoad(), IntVeDeliverDriverForLoad(), IntVeIsAgentRemapped(), and IntWinGuestFindSelfMapIndex().
| QWORD _MM::SystemCr3 |
The Cr3 used to map the kernel.
Definition at line 207 of file guests.h.
Referenced by _IntLixTaskRead(), _IntLixTaskStartMap(), DbgDumpPfn(), DbgVaSpaceIterationCallbackCount(), IntAlertFillDpiExtraInfo(), IntCrSendAlert(), IntDetPatchArgument(), IntDetRelocate(), IntDtrSendAlert(), IntExceptDumpSignatures(), IntExceptGetVictimIntegrity(), IntExceptUserLogWindowsInformation(), IntExceptVerifyCodeBlocksSig(), IntExceptVerifyValueCodeSig(), IntGuestHandleCr3Write(), IntHandleDtrViolation(), IntHandleEptViolation(), IntHookGvaSetHook(), IntHookPtsCreateEntry(), IntHookPtsSetHook(), IntIcAddInvdForInstruction(), IntIntegrityAddRegion(), IntIntegrityCheckAll(), IntIntegrityRecalculate(), IntKernVirtMemRead(), IntKernVirtMemWrite(), IntKsymFindIndexesTableStart(), IntKsymFindMarkersReducedTableEnd(), IntKsymFindMarkersTableEnd(), IntKsymFindNamesTableEnd(), IntKsymInitAbsolute(), IntKsymRelativeFindOffsetTableEnd(), IntKsymRelativeFindOffsetTableStart(), IntLixAgentCreateThreadHypercall(), IntLixAgentFillDataFromMemory(), IntLixAgentFree(), IntLixCrashDumpDmesg(), IntLixCredInitMap(), IntLixCredsDump(), IntLixDepDeployFileHypercall(), IntLixDrvCreateDriverObject(), IntLixDrvFindList(), IntLixDrvSendViolationEvent(), IntLixDrvValidate(), IntLixDumpStacktrace(), IntLixFsrInitMap(), IntLixFsrRead(), IntLixGetInitTask(), IntLixGuestAllocateFill(), IntLixGuestAllocateHook(), IntLixGuestClearGuestMemory(), IntLixGuestFindKernelBase(), IntLixGuestFindKernelVersionAndRo(), IntLixGuestInitAgentCompletion(), IntLixGuestNew(), IntLixKernelHandleRead(), IntLixMmGetInitMm(), IntLixMsrHandleWrite(), IntLixPatchSwapgs(), IntLixStackTraceGet(), IntLixStackTraceGetReg(), IntLixTaskCreateFromBinprm(), IntLixTaskFetchCmdLine(), IntLixTaskFetchMm(), IntLixTaskMarkAgent(), IntLixVdsoFixedProtect(), IntLixVmaGetPageCount(), IntLogCriticalStructureCoruption(), IntMemClkCloakRegion(), IntPeFindFunctionByPattern(), IntPeListSectionsHeaders(), IntPtiCacheAdd(), IntPtiCacheRemove(), IntPtiDeliverDriverForLoad(), IntPtiHookPtDriver(), IntPtiMonitorAllPtWriteCandidates(), IntPtiRemoveInstruction(), IntPtiRemovePtFilter(), IntReadString(), IntSerializeDpiWinPivotedStack(), IntSerializeLixKmMisc(), IntSerializeWinKmMisc(), IntSlackAllocLinux(), IntSlackAllocWindows(), IntSwapMemReadData(), IntThrSafeIsStackPtrInIntro(), IntThrSafeMoveReturn(), IntThrSafeWinInspectWaitingThread(), IntVeDeliverDriverForLoad(), IntVeDumpVeInfoPage(), IntVeEnableDisableDriverAccessInProtectedView(), IntVeHandleEPTViolationInProtectedView(), IntVeHookVeDriver(), IntVePatchVeCoreJmpKiKernelExit(), IntVePatchVeCoreJmpTrampoline(), IntVeRemoveAgent(), IntVeSetVeInfoPage(), IntVeUpdateCacheEntry(), IntWinAgentHandleLoader1Hypercall(), IntWinDrvObjCreateFromAddress(), IntWinDrvObjHandleWrite(), IntWinDrvObjIsValidDriverObject(), IntWinDrvObjRemoveFromAddress(), IntWinDrvRemoveFromAddress(), IntWinGuestFindBuildNumber(), IntWinGuestFindDriversNamespace(), IntWinGuestFindDriversNamespaceNoBuffer(), IntWinGuestFindIdleCr3(), IntWinGuestFindKernel(), IntWinGuestFindKernelCr3(), IntWinGuestFindKernelObjects(), IntWinGuestFindKernelObjectsInternal(), IntWinGuestFindSelfMapIndex(), IntWinGuestNew(), IntWinGuestProtectSudExec(), IntWinGuestReadKernel(), IntWinGuestValidateKernel(), IntWinHalFindHalHeapAndInterruptController(), IntWinHalFindInterruptController(), IntWinHalHandleDispatchTableWrite(), IntWinHalHandleHalHeapExec(), IntWinHalProtectHalHeapExecs(), IntWinInfHookGetCircularCtxLogger(), IntWinInfHookHookSppWmiGetClock(), IntWinInfHookSppHookWmiSiloPtr(), IntWinMsrSendAlert(), IntWinNetFillTcpStruct(), IntWinNetFindTcpBitmap(), IntWinNetFindTcpObjects(), IntWinNetFindTcpPartition(), IntWinNetSearchForAlloc(), IntWinPfnIsMmPfnDatabase(), IntWinPfnLockAddress(), IntWinPfnModifyRefCount(), IntWinProcCreateProcessObject(), IntWinProcEnforceProcessDep(), IntWinProcMapEprocess(), IntWinProcMarkAgent(), IntWinProcPatchSpareValue(), IntWinProcRemoveProcess(), IntWinProcValidateSystemCr3(), IntWinStackTraceGet32(), IntWinStackTraceGet64(), IntWinStackUserTrapFrameGet32(), IntWinStackUserTrapFrameGet64(), IntWinTokenCheckCurrentPrivileges(), IntWinTokenFetchTokenAddress(), IntWinTokenPrivsProtectOnProcess(), IntWinTokenPrivsShouldHook(), IntWinTokenProtectPrivsInternal(), and IntWinVadMapShortVad().
1.8.13