Bitdefender Hypervisor Memory Introspection
update_exceptions.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2020 Bitdefender
3  * SPDX-License-Identifier: Apache-2.0
4  */
9 
10 #ifndef _UPDATE_EXCEPTIONS_H_
11 #define _UPDATE_EXCEPTIONS_H_
12 
13 #include "exceptions.h"
14 
15 //
16 // These will be shared between Linux & Windows
17 //
18 
19 #pragma pack(push)
20 #pragma pack(1)
21 
22 
26 typedef struct _UPDATE_FILE_HEADER
27 {
28  DWORD Magic;
29 
30  struct
31  {
32  WORD Major;
33  WORD Minor;
34  } Version;
35 
36  DWORD KernelExceptionsCount;
37  DWORD UserExceptionsCount;
38  DWORD SignaturesCount;
39 
40  DWORD BuildNumber;
41 
42  DWORD UserExceptionsGlobCount;
43  DWORD KernelUserExceptionsCount;
44 
45  DWORD _Reserved[1];
46 } UPDATE_FILE_HEADER, *PUPDATE_FILE_HEADER;
47 
48 
52 typedef struct _UPDATE_HEADER
53 {
54  BYTE Type;
55  WORD Size;
56 } UPDATE_HEADER, *PUPDATE_HEADER;
57 
58 
62 typedef struct _UPDATE_KM_EXCEPTION
63 {
64  struct
65  {
66  DWORD NameHash;
67  DWORD PathHash;
68  } Originator;
69 
70  DWORD VictimNameHash;
71 
72  DWORD Flags;
73 
74  BYTE _Reserved;
75  BYTE Type;
76  WORD SigCount;
77 
78  _Field_size_(SigCount)
79  DWORD SigIds[];
80 } UPDATE_KM_EXCEPTION, *PUPDATE_KM_EXCEPTION;
81 
82 
86 typedef struct _UPDATE_UM_EXCEPTION
87 {
88  DWORD OriginatorNameHash;
89 
90  struct
91  {
92  DWORD NameHash;
93  DWORD ProcessHash;
94  } Victim;
95 
96  DWORD Flags;
97 
98  BYTE _Reserved;
99  BYTE Type;
100  WORD SigCount;
101 
102  _Field_size_(SigCount)
103  DWORD SigIds[];
104 } UPDATE_UM_EXCEPTION, *PUPDATE_UM_EXCEPTION;
105 
106 
110 typedef struct _UPDATE_UM_EXCEPTION_GLOB
111 {
113  DWORD Flags;
114 
115  BYTE _Reserved;
117  BYTE Type;
119  WORD SigCount;
120 
122  CHAR OriginatorNameGlob[EXCEPTION_UM_GLOB_LENGTH];
123 
124  struct
125  {
127  CHAR NameGlob[EXCEPTION_UM_GLOB_LENGTH];
129  CHAR ProcessGlob[EXCEPTION_UM_GLOB_LENGTH];
130  } Victim;
131 
132  _Field_size_(SigCount)
133  DWORD SigIds[];
134 } UPDATE_UM_EXCEPTION_GLOB, *PUPDATE_UM_EXCEPTION_GLOB;
135 
136 
140 typedef struct _UPDATE_KUM_EXCEPTION
141 {
142 
143  DWORD OriginatorNameHash;
144 
145  struct
146  {
147  DWORD NameHash;
148  DWORD ProcessHash;
149  } Victim;
150 
151  DWORD Flags;
152 
153  BYTE _Reserved;
154  BYTE Type;
155  WORD SigCount;
156 
157  _Field_size_(SigCount)
158  DWORD SigIds[];
159 } UPDATE_KUM_EXCEPTION, *PUPDATE_KUM_EXCEPTION;
160 
161 
165 typedef struct _UPDATE_CB_HASH
166 {
167  BYTE Count;
168 
169  _Field_size_(Count)
170  DWORD Hashes[];
171 } UPDATE_CB_HASH, *PUPDATE_CB_HASH;
172 
173 
177 typedef struct _UPDATE_VALUE_HASH
178 {
179  WORD Offset;
180  WORD Size;
181  BYTE _Reserved[4];
182  DWORD Hash;
183 } UPDATE_VALUE_HASH, *PUPDATE_VALUE_HASH;
184 
185 
189 typedef struct _UPDATE_EXPORT_HASH
190 {
191  WORD Delta;
192  BYTE _Reserved[2];
193  DWORD Hash;
194 } UPDATE_EXPORT_HASH, *PUPDATE_EXPORT_HASH;
195 
196 
200 typedef struct _UPDATE_CB_SIGNATURE
201 {
202  DWORD Id;
203  DWORD Flags;
204 
205  BYTE Score;
206  BYTE ListsCount;
207 
208  char HashesList[];
209 } UPDATE_CB_SIGNATURE, *PUPDATE_CB_SIGNATURE;
210 
211 
215 typedef struct _UPDATE_EXPORT_SIGNATURE
216 {
217  DWORD Id;
218  DWORD Flags;
219 
220  DWORD LibraryName;
221 
222  BYTE ListsCount;
223  BYTE _Align[3];
224 
225  char HashesList[];
226 } UPDATE_EXPORT_SIGNATURE, *PUPDATE_EXPORT_SIGNATURE;
227 
228 
232 typedef struct _UPDATE_VALUE_SIGNATURE
233 {
234  DWORD Id;
235  DWORD Flags;
236 
237  BYTE Score;
238  BYTE ListsCount;
239  BYTE _Align[2];
240 
241  char HashesList[];
242 } UPDATE_VALUE_SIGNATURE, *PUPDATE_VALUE_SIGNATURE;
243 
244 
248 typedef struct _UPDATE_IDT_SIGNATURE
249 {
250  DWORD Id;
251  DWORD Flags;
252 
253  BYTE Entry;
254  BYTE _Reserved[3];
255 } UPDATE_IDT_SIGNATURE, *PUPDATE_IDT_SIGNATURE;
256 
257 
261 typedef struct _UPDATE_VALUE_CODE_SIGNATURE
262 {
263  DWORD Id;
264  DWORD Flags;
265 
266  INT16 Offset;
267  WORD Length;
268 
269  WORD Pattern[];
270 } UPDATE_VALUE_CODE_SIGNATURE, *PUPDATE_VALUE_CODE_SIGNATURE;
271 
272 
276 typedef struct _UPDATE_VERSION_OS_SIGNATURE
277 {
278  DWORD Id;
279  DWORD Flags;
280 
281  union
282  {
284  struct
285  {
286  BYTE Version;
287  BYTE Patch;
288  WORD Sublevel;
289  WORD Backport;
290  BYTE _Reserved[2];
291  };
293  QWORD Value;
294  } Minimum;
295 
296  union
297  {
299  struct
300  {
301  BYTE Version;
302  BYTE Patch;
303  WORD Sublevel;
304  WORD Backport;
305  BYTE _Reserved[2];
306  };
308  QWORD Value;
309  } Maximum;
310 
311 } UPDATE_VERSION_OS_SIGNATURE, *PUPDATE_VERSION_OS_SIGNATURE;
312 
313 
317 typedef struct _UPDATE_VERSION_INTRO_SIGNATURE
318 {
319  DWORD Id;
320  DWORD Flags;
321 
322  union
323  {
325  struct
326  {
327  WORD Major;
328  WORD Minor;
329  WORD Revision;
330  WORD Build;
331  };
332 
333  QWORD Raw;
334  } Minimum;
335 
336  union
337  {
339  struct
340  {
341  WORD Major;
342  WORD Minor;
343  WORD Revision;
344  WORD Build;
345  };
346 
347  QWORD Raw;
348  } Maximum;
349 
350 } UPDATE_VERSION_INTRO_SIGNATURE, *PUPDATE_VERSION_INTRO_SIGNATURE;
351 
352 
356 typedef struct _UPDATE_PROCESS_CREATION_SIGNATURE
357 {
358  DWORD Id;
359  DWORD Flags;
360 
361  DWORD CreateMask;
362 
363  DWORD _Reserved[3];
364 
365 } UPDATE_PROCESS_CREATION_SIGNATURE, *PUPDATE_PROCESS_CREATION_SIGNATURE;
366 
367 #pragma pack(pop)
368 
369 
370 #define UPDATE_MAGIC_WORD 'ANXE'
371 
372 #define UPDATE_TYPE_KM_EXCEPTION 1
373 #define UPDATE_TYPE_UM_EXCEPTION 2
374 #define UPDATE_TYPE_UM_EXCEPTION_GLOB_MATCH 6
375 #define UPDATE_TYPE_APC_UM_EXCEPTION 9
376 
377 #define UPDATE_TYPE_CB_SIGNATURE 3
378 #define UPDATE_TYPE_EXPORT_SIGNATURE 4
379 #define UPDATE_TYPE_VALUE_SIGNATURE 5
380 #define UPDATE_TYPE_RESERVED 7
381 #define UPDATE_TYPE_VALUE_CODE_SIGNATURE 8
382 #define UPDATE_TYPE_IDT_SIGNATURE 10
383 #define UPDATE_TYPE_VERSION_OS_SIGNATURE 11
384 #define UPDATE_TYPE_VERSION_INTRO_SIGNATURE 12
385 #define UPDATE_TYPE_PROCESS_CREATION_SIGNATURE 13
386 #define UPDATE_TYPE_KUM_EXCEPTION 14
387 
388 #define UPDATE_EXCEPTIONS_MIN_VER_MAJOR 2
389 #define UPDATE_EXCEPTIONS_MIN_VER_MINOR 2
390 
391 
392 INTSTATUS
393 IntUpdateGetVersion(
394  _Out_ WORD *MajorVersion,
395  _Out_ WORD *MinorVersion,
396  _Out_ DWORD *BuildNumber
397  );
398 
399 INTSTATUS
400 IntUpdateLoadExceptions(
401  _In_ void *Buffer,
402  _In_ DWORD Length,
403  _In_ DWORD Flags
404  );
405 
406 INTSTATUS
407 IntUpdateAddExceptionFromAlert(
408  _In_ const void *Event,
409  _In_ INTRO_EVENT_TYPE Type,
410  _In_ BOOLEAN Exception,
411  _In_ QWORD Context
412  );
413 
414 INTSTATUS
415 IntUpdateFlushAlertExceptions(
416  void
417  );
418 
419 INTSTATUS
420 IntUpdateRemoveException(
421  _In_opt_ QWORD Context
422  );
423 
424 #endif // _UPDATE_EXCEPTIONS_H_
_UPDATE_VERSION_OS_SIGNATURE::Backport
WORD Backport
Definition: update_exceptions.h:289
_In_opt_
#define _In_opt_
Definition: intro_sal.h:16
_UPDATE_UM_EXCEPTION::_Reserved
BYTE _Reserved
Alignment purposes.
Definition: update_exceptions.h:98
_UPDATE_VERSION_OS_SIGNATURE::Version
BYTE Version
Definition: update_exceptions.h:286
_UPDATE_HEADER
The header of an exception or a signature.
Definition: update_exceptions.h:52
_UPDATE_UM_EXCEPTION_GLOB::Flags
DWORD Flags
The flags of the exception; any flags from _EXCEPTION_FLG.
Definition: update_exceptions.h:113
BOOLEAN
_Bool BOOLEAN
Definition: intro_types.h:58
_Out_
#define _Out_
Definition: intro_sal.h:22
_UPDATE_IDT_SIGNATURE::Id
DWORD Id
An unique id (_EXCEPTION_SIGNATURE_ID)
Definition: update_exceptions.h:250
_UPDATE_UM_EXCEPTION::Type
BYTE Type
The type of the exception; any type from _UM_EXCEPTION_OBJECT.
Definition: update_exceptions.h:99
_UPDATE_KM_EXCEPTION::PathHash
DWORD PathHash
Unused.
Definition: update_exceptions.h:67
_UPDATE_VERSION_INTRO_SIGNATURE::Flags
DWORD Flags
Contains any flags from _SIGNATURE_FLG.
Definition: update_exceptions.h:320
BYTE
uint8_t BYTE
Definition: intro_types.h:47
UPDATE_PROCESS_CREATION_SIGNATURE
struct _UPDATE_PROCESS_CREATION_SIGNATURE UPDATE_PROCESS_CREATION_SIGNATURE
Describe a process-creation signature in binary format.
_In_
#define _In_
Definition: intro_sal.h:21
PUPDATE_CB_SIGNATURE
struct _UPDATE_CB_SIGNATURE * PUPDATE_CB_SIGNATURE
WORD
uint16_t WORD
Definition: intro_types.h:48
_UPDATE_CB_HASH
Describe a code-blocks hash in binary format.
Definition: update_exceptions.h:165
UPDATE_EXPORT_SIGNATURE
struct _UPDATE_EXPORT_SIGNATURE UPDATE_EXPORT_SIGNATURE
Describe an export signature in binary format.
_UPDATE_KM_EXCEPTION
Describe a kernel-mode exception in binary format.
Definition: update_exceptions.h:62
_UPDATE_IDT_SIGNATURE::Flags
DWORD Flags
Contains any flags from _SIGNATURE_FLG.
Definition: update_exceptions.h:251
_UPDATE_UM_EXCEPTION::SigCount
WORD SigCount
The number of the signatures.
Definition: update_exceptions.h:100
PUPDATE_FILE_HEADER
struct _UPDATE_FILE_HEADER * PUPDATE_FILE_HEADER
_UPDATE_EXPORT_HASH
Describe a export hash in binary format.
Definition: update_exceptions.h:189
_UPDATE_KM_EXCEPTION::SigCount
WORD SigCount
The number of the signatures.
Definition: update_exceptions.h:76
_UPDATE_VERSION_OS_SIGNATURE
Describe a version OS signature in binary format.
Definition: update_exceptions.h:276
IntUpdateLoadExceptions
INTSTATUS IntUpdateLoadExceptions(void *Buffer, DWORD Length, DWORD Flags)
Handles the exceptions coming from the integrator.
Definition: update_exceptions.c:1269
_UPDATE_KUM_EXCEPTION::OriginatorNameHash
DWORD OriginatorNameHash
The name-hash of the originator.
Definition: update_exceptions.h:143
_UPDATE_PROCESS_CREATION_SIGNATURE
Describe a process-creation signature in binary format.
Definition: update_exceptions.h:356
_UPDATE_VALUE_CODE_SIGNATURE::Offset
INT16 Offset
The displacement from the beginning of the modified zone.
Definition: update_exceptions.h:266
_UPDATE_VALUE_CODE_SIGNATURE::Flags
DWORD Flags
Contains any flags from _SIGNATURE_FLG.
Definition: update_exceptions.h:264
PUPDATE_IDT_SIGNATURE
struct _UPDATE_IDT_SIGNATURE * PUPDATE_IDT_SIGNATURE
UPDATE_VALUE_HASH
struct _UPDATE_VALUE_HASH UPDATE_VALUE_HASH
Describe a value hash in binary format.
_UPDATE_VALUE_SIGNATURE::ListsCount
BYTE ListsCount
The number of the list of hashes.
Definition: update_exceptions.h:238
_UPDATE_VERSION_OS_SIGNATURE::Patch
BYTE Patch
Definition: update_exceptions.h:287
PUPDATE_VALUE_SIGNATURE
struct _UPDATE_VALUE_SIGNATURE * PUPDATE_VALUE_SIGNATURE
INTSTATUS
int INTSTATUS
The status data type.
Definition: introstatus.h:24
_UPDATE_FILE_HEADER::Minor
WORD Minor
The minor version of the exceptions binary file.
Definition: update_exceptions.h:33
_UPDATE_UM_EXCEPTION::OriginatorNameHash
DWORD OriginatorNameHash
The name-hash of the originator.
Definition: update_exceptions.h:88
_UPDATE_PROCESS_CREATION_SIGNATURE::CreateMask
DWORD CreateMask
Contains the DPI mask.
Definition: update_exceptions.h:361
_UPDATE_KUM_EXCEPTION::_Reserved
BYTE _Reserved
Alignment purposes.
Definition: update_exceptions.h:153
_UPDATE_VALUE_HASH
Describe a value hash in binary format.
Definition: update_exceptions.h:177
_UPDATE_VERSION_OS_SIGNATURE::Sublevel
WORD Sublevel
Definition: update_exceptions.h:288
_UPDATE_IDT_SIGNATURE
Describe an IDT signature in binary format.
Definition: update_exceptions.h:248
_UPDATE_VERSION_OS_SIGNATURE::Value
QWORD Value
Definition: update_exceptions.h:293
_UPDATE_EXPORT_SIGNATURE::Flags
DWORD Flags
Contains any flags from _SIGNATURE_FLG.
Definition: update_exceptions.h:218
_UPDATE_KM_EXCEPTION::NameHash
DWORD NameHash
The name-hash of the originator.
Definition: update_exceptions.h:66
PUPDATE_HEADER
struct _UPDATE_HEADER * PUPDATE_HEADER
_UPDATE_VALUE_CODE_SIGNATURE
Describe a value-code signature in binary format.
Definition: update_exceptions.h:261
_UPDATE_VERSION_INTRO_SIGNATURE::Id
DWORD Id
An unique id (_EXCEPTION_SIGNATURE_ID)
Definition: update_exceptions.h:319
_UPDATE_HEADER::Size
WORD Size
The size of the exception/signature.
Definition: update_exceptions.h:55
_UPDATE_VERSION_INTRO_SIGNATURE::Minor
WORD Minor
Definition: update_exceptions.h:328
_UPDATE_FILE_HEADER::BuildNumber
DWORD BuildNumber
The build number of the exceptions binary file.
Definition: update_exceptions.h:40
PUPDATE_VALUE_CODE_SIGNATURE
struct _UPDATE_VALUE_CODE_SIGNATURE * PUPDATE_VALUE_CODE_SIGNATURE
EXCEPTION_UM_GLOB_LENGTH
#define EXCEPTION_UM_GLOB_LENGTH
Definition: exceptions.h:36
_Field_size_
#define _Field_size_(expr)
Definition: intro_sal.h:41
_UPDATE_FILE_HEADER::_Reserved
DWORD _Reserved[1]
Definition: update_exceptions.h:45
_UPDATE_FILE_HEADER::SignaturesCount
DWORD SignaturesCount
The number of the signatures.
Definition: update_exceptions.h:38
_UPDATE_VERSION_INTRO_SIGNATURE::Build
WORD Build
Definition: update_exceptions.h:330
UPDATE_FILE_HEADER
struct _UPDATE_FILE_HEADER UPDATE_FILE_HEADER
The header of the exceptions binary file.
_UPDATE_FILE_HEADER::Version
struct _UPDATE_FILE_HEADER::@138 Version
PUPDATE_VERSION_INTRO_SIGNATURE
struct _UPDATE_VERSION_INTRO_SIGNATURE * PUPDATE_VERSION_INTRO_SIGNATURE
_UPDATE_VALUE_HASH::Hash
DWORD Hash
The hash of the modified zone.
Definition: update_exceptions.h:182
QWORD
unsigned long long QWORD
Definition: intro_types.h:53
_UPDATE_VERSION_OS_SIGNATURE::Id
DWORD Id
An unique id (_EXCEPTION_SIGNATURE_ID)
Definition: update_exceptions.h:278
_UPDATE_EXPORT_SIGNATURE::Id
DWORD Id
An unique id (_EXCEPTION_SIGNATURE_ID)
Definition: update_exceptions.h:217
_UPDATE_EXPORT_SIGNATURE::ListsCount
BYTE ListsCount
The number of the list of hashes.
Definition: update_exceptions.h:222
_UPDATE_FILE_HEADER
The header of the exceptions binary file.
Definition: update_exceptions.h:26
_UPDATE_KM_EXCEPTION::VictimNameHash
DWORD VictimNameHash
The name-hash of the victim.
Definition: update_exceptions.h:70
PUPDATE_PROCESS_CREATION_SIGNATURE
struct _UPDATE_PROCESS_CREATION_SIGNATURE * PUPDATE_PROCESS_CREATION_SIGNATURE
_UPDATE_HEADER::Type
BYTE Type
The type of the exception/signature.
Definition: update_exceptions.h:54
_UPDATE_VALUE_CODE_SIGNATURE::Length
WORD Length
The length of the opcode pattern.
Definition: update_exceptions.h:267
_UPDATE_VALUE_SIGNATURE
Describe a value signature in binary format.
Definition: update_exceptions.h:232
_UPDATE_KUM_EXCEPTION
Describe a kernel-user mode exception in binary format.
Definition: update_exceptions.h:140
_UPDATE_KUM_EXCEPTION::ProcessHash
DWORD ProcessHash
The name-hash of the process in which the modification takes place.
Definition: update_exceptions.h:148
_UPDATE_CB_SIGNATURE::Id
DWORD Id
An unique id (_EXCEPTION_SIGNATURE_ID)
Definition: update_exceptions.h:202
PUPDATE_EXPORT_HASH
struct _UPDATE_EXPORT_HASH * PUPDATE_EXPORT_HASH
_UPDATE_FILE_HEADER::Magic
DWORD Magic
The magic value; must be UPDATE_MAGIC_WORD.
Definition: update_exceptions.h:28
UPDATE_HEADER
struct _UPDATE_HEADER UPDATE_HEADER
The header of an exception or a signature.
_UPDATE_FILE_HEADER::UserExceptionsCount
DWORD UserExceptionsCount
The number of the user-mode exceptions.
Definition: update_exceptions.h:37
DWORD
uint32_t DWORD
Definition: intro_types.h:49
INT16
int16_t INT16
Definition: intro_types.h:43
_UPDATE_KUM_EXCEPTION::SigCount
WORD SigCount
The number of the signatures.
Definition: update_exceptions.h:155
_UPDATE_KUM_EXCEPTION::Type
BYTE Type
The type of the exception; any type from KUM_EXCEPTION_OBJECT.
Definition: update_exceptions.h:154
_UPDATE_CB_HASH::Count
BYTE Count
The number of hashes from the list.
Definition: update_exceptions.h:167
_UPDATE_VERSION_INTRO_SIGNATURE::Major
WORD Major
Definition: update_exceptions.h:327
UPDATE_VALUE_SIGNATURE
struct _UPDATE_VALUE_SIGNATURE UPDATE_VALUE_SIGNATURE
Describe a value signature in binary format.
_UPDATE_KUM_EXCEPTION::Flags
DWORD Flags
The flags of the exception; any flags from EXCEPTION_FLG.
Definition: update_exceptions.h:151
_UPDATE_PROCESS_CREATION_SIGNATURE::Id
DWORD Id
An unique id (_EXCEPTION_SIGNATURE_ID)
Definition: update_exceptions.h:358
UPDATE_VERSION_OS_SIGNATURE
struct _UPDATE_VERSION_OS_SIGNATURE UPDATE_VERSION_OS_SIGNATURE
Describe a version OS signature in binary format.
_UPDATE_VERSION_OS_SIGNATURE::Flags
DWORD Flags
Contains any flags from _SIGNATURE_FLG.
Definition: update_exceptions.h:279
_UPDATE_PROCESS_CREATION_SIGNATURE::Flags
DWORD Flags
Contains any flags from _SIGNATURE_FLG.
Definition: update_exceptions.h:359
UPDATE_IDT_SIGNATURE
struct _UPDATE_IDT_SIGNATURE UPDATE_IDT_SIGNATURE
Describe an IDT signature in binary format.
_UPDATE_FILE_HEADER::UserExceptionsGlobCount
DWORD UserExceptionsGlobCount
The number of the user-mode exceptions that contains glob items.
Definition: update_exceptions.h:42
UPDATE_VERSION_INTRO_SIGNATURE
struct _UPDATE_VERSION_INTRO_SIGNATURE UPDATE_VERSION_INTRO_SIGNATURE
Describe a version introspection signature in binary format.
_UPDATE_VERSION_INTRO_SIGNATURE
Describe a version introspection signature in binary format.
Definition: update_exceptions.h:317
_UPDATE_VALUE_SIGNATURE::Id
DWORD Id
An unique id (_EXCEPTION_SIGNATURE_ID)
Definition: update_exceptions.h:234
_UPDATE_EXPORT_SIGNATURE
Describe an export signature in binary format.
Definition: update_exceptions.h:215
_UPDATE_FILE_HEADER::KernelExceptionsCount
DWORD KernelExceptionsCount
The number of the kernel-mode exceptions.
Definition: update_exceptions.h:36
_UPDATE_VALUE_HASH::Offset
WORD Offset
The displacement from the beginning of the modified zone.
Definition: update_exceptions.h:179
_UPDATE_UM_EXCEPTION::ProcessHash
DWORD ProcessHash
The name-hash of the process in which the modification takes place.
Definition: update_exceptions.h:93
_UPDATE_CB_SIGNATURE
Describe a code-blocks signature in binary format.
Definition: update_exceptions.h:200
_UPDATE_KUM_EXCEPTION::NameHash
DWORD NameHash
The name-hash of the victim.
Definition: update_exceptions.h:147
_UPDATE_VALUE_SIGNATURE::Flags
DWORD Flags
Contains any flags from _SIGNATURE_FLG.
Definition: update_exceptions.h:235
PUPDATE_VALUE_HASH
struct _UPDATE_VALUE_HASH * PUPDATE_VALUE_HASH
IntUpdateFlushAlertExceptions
INTSTATUS IntUpdateFlushAlertExceptions(void)
This function removes all exceptions that were added from alerts.
Definition: update_exceptions.c:2720
_UPDATE_VERSION_INTRO_SIGNATURE::Raw
QWORD Raw
Definition: update_exceptions.h:333
_UPDATE_UM_EXCEPTION_GLOB::_Reserved
BYTE _Reserved
Definition: update_exceptions.h:115
_UPDATE_UM_EXCEPTION_GLOB::Type
BYTE Type
The type of the exception; any type from _UM_EXCEPTION_OBJECT.
Definition: update_exceptions.h:117
_UPDATE_VALUE_SIGNATURE::Score
BYTE Score
The number of (minimum) hashes from a list that need to match.
Definition: update_exceptions.h:237
_UPDATE_UM_EXCEPTION_GLOB
Describe a user-mode-glob exception in binary format.
Definition: update_exceptions.h:110
_UPDATE_UM_EXCEPTION_GLOB::SigCount
WORD SigCount
The number of the signatures.
Definition: update_exceptions.h:119
_UPDATE_FILE_HEADER::Major
WORD Major
The major version of the exceptions binary file.
Definition: update_exceptions.h:32
INTRO_EVENT_TYPE
enum _INTRO_EVENT_TYPE INTRO_EVENT_TYPE
Event classes.
_UPDATE_CB_SIGNATURE::ListsCount
BYTE ListsCount
The number of the list of hashes.
Definition: update_exceptions.h:206
IntUpdateGetVersion
INTSTATUS IntUpdateGetVersion(WORD *MajorVersion, WORD *MinorVersion, DWORD *BuildNumber)
Get the version of the loaded exceptions binary file.
Definition: update_exceptions.c:38
_UPDATE_EXPORT_SIGNATURE::LibraryName
DWORD LibraryName
The name-hash of the modified library.
Definition: update_exceptions.h:220
_UPDATE_IDT_SIGNATURE::Entry
BYTE Entry
The number of the IDT entry.
Definition: update_exceptions.h:253
_UPDATE_EXPORT_HASH::Hash
DWORD Hash
The hash of the modified function name.
Definition: update_exceptions.h:193
UPDATE_EXPORT_HASH
struct _UPDATE_EXPORT_HASH UPDATE_EXPORT_HASH
Describe a export hash in binary format.
_UPDATE_CB_SIGNATURE::Score
BYTE Score
The number of (minimum) hashes from a list that need to match.
Definition: update_exceptions.h:205
_UPDATE_KM_EXCEPTION::Flags
DWORD Flags
The flags of the exception; any flags from _EXCEPTION_FLG.
Definition: update_exceptions.h:72
PUPDATE_EXPORT_SIGNATURE
struct _UPDATE_EXPORT_SIGNATURE * PUPDATE_EXPORT_SIGNATURE
_UPDATE_VERSION_INTRO_SIGNATURE::Revision
WORD Revision
Definition: update_exceptions.h:329
CHAR
char CHAR
Definition: intro_types.h:56
_UPDATE_UM_EXCEPTION::NameHash
DWORD NameHash
The name-hash of the victim.
Definition: update_exceptions.h:92
_UPDATE_KM_EXCEPTION::_Reserved
BYTE _Reserved
Alignment purposes.
Definition: update_exceptions.h:74
_UPDATE_VALUE_HASH::Size
WORD Size
The size of of the modified zone.
Definition: update_exceptions.h:180
_UPDATE_VALUE_CODE_SIGNATURE::Id
DWORD Id
An unique id (_EXCEPTION_SIGNATURE_ID)
Definition: update_exceptions.h:263
IntUpdateAddExceptionFromAlert
INTSTATUS IntUpdateAddExceptionFromAlert(const void *Event, INTRO_EVENT_TYPE Type, BOOLEAN Exception, QWORD Context)
Handles all types of supported exceptions that can be added from alerts.
Definition: update_exceptions.c:2472
_UPDATE_CB_SIGNATURE::Flags
DWORD Flags
Contains any flags from _SIGNATURE_FLG.
Definition: update_exceptions.h:203
_UPDATE_FILE_HEADER::KernelUserExceptionsCount
DWORD KernelUserExceptionsCount
The number of the kernel-user mode exceptions.
Definition: update_exceptions.h:43
_UPDATE_UM_EXCEPTION
Describe a user-mode exception in binary format.
Definition: update_exceptions.h:86
UPDATE_VALUE_CODE_SIGNATURE
struct _UPDATE_VALUE_CODE_SIGNATURE UPDATE_VALUE_CODE_SIGNATURE
Describe a value-code signature in binary format.
IntUpdateRemoveException
INTSTATUS IntUpdateRemoveException(QWORD Context)
This function removes an exception for a given context.
Definition: update_exceptions.c:2665
_UPDATE_EXPORT_HASH::Delta
WORD Delta
The number of bytes that are modified.
Definition: update_exceptions.h:191
_UPDATE_KM_EXCEPTION::Type
BYTE Type
The type of the exception; any type from _KM_EXCEPTION_OBJECT.
Definition: update_exceptions.h:75
_UPDATE_UM_EXCEPTION::Flags
DWORD Flags
The flags of the exception; any flags from _EXCEPTION_FLG.
Definition: update_exceptions.h:96
UPDATE_CB_SIGNATURE
struct _UPDATE_CB_SIGNATURE UPDATE_CB_SIGNATURE
Describe a code-blocks signature in binary format.
PUPDATE_VERSION_OS_SIGNATURE
struct _UPDATE_VERSION_OS_SIGNATURE * PUPDATE_VERSION_OS_SIGNATURE