Bitdefender Hypervisor Memory Introspection
winhal.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2020 Bitdefender
3  * SPDX-License-Identifier: Apache-2.0
4  */
5 #ifndef _WINHAL_H_
6 #define _WINHAL_H_
7 
8 #include "introtypes.h"
9 
13 typedef struct _WIN_HAL_DATA
14 {
16  QWORD HalHeapAddress;
18  QWORD HalIntCtrlAddress;
20  DWORD HalHeapSize;
21 
23  QWORD HalDispatchTableAddress;
25  DWORD HalDispatchTableSize;
26 
28  KERNEL_DRIVER *OwnerHalModule;
29 
31  void *HalHeapExecHook;
33  void *HalIntCtrlWriteHook;
35  void *HalDispatchIntegrityHook;
36 } WIN_HAL_DATA, *PWIN_HAL_DATA;
37 
38 
39 INTSTATUS
40 IntWinHalCreateHalData(
41  void
42  );
43 
44 void
45 IntWinHalUninit(
46  void
47  );
48 
49 INTSTATUS
50 IntWinHalUpdateProtection(
51  void
52  );
53 
54 INTSTATUS
55 IntWinHalProtectHalHeapExecs(
56  void
57  );
58 
59 INTSTATUS
60 IntWinHalProtectHalIntCtrl(
61  void
62  );
63 
64 INTSTATUS
65 IntWinHalProtectHalDispatchTable(
66  void
67  );
68 
69 INTSTATUS
70 IntWinHalUnprotectHalHeapExecs(
71  void
72  );
73 
74 INTSTATUS
75 IntWinHalUnprotectHalIntCtrl(
76  void
77  );
78 
79 INTSTATUS
80 IntWinHalUnprotectHalDispatchTable(
81  void
82  );
83 
84 #endif // _WINHAL_H_
IntWinHalUnprotectHalHeapExecs
INTSTATUS IntWinHalUnprotectHalHeapExecs(void)
Deactivates the HAL heap execution protection.
Definition: winhal.c:656
PWIN_HAL_DATA
struct _WIN_HAL_DATA * PWIN_HAL_DATA
IntWinHalProtectHalIntCtrl
INTSTATUS IntWinHalProtectHalIntCtrl(void)
Protects the HAL interrupt controller against writes.
Definition: winhal.c:681
IntWinHalCreateHalData
INTSTATUS IntWinHalCreateHalData(void)
Initializes gHalData.
Definition: winhal.c:1258
IntWinHalUninit
void IntWinHalUninit(void)
Frees any resources held by gHalData and removes all the HAL protections.
Definition: winhal.c:1445
INTSTATUS
int INTSTATUS
The status data type.
Definition: introstatus.h:24
_KERNEL_DRIVER
Describes a kernel driver.
Definition: drivers.h:30
IntWinHalProtectHalDispatchTable
INTSTATUS IntWinHalProtectHalDispatchTable(void)
Activates the HAL dispatch table protection.
Definition: winhal.c:758
_WIN_HAL_DATA::HalIntCtrlWriteHook
void * HalIntCtrlWriteHook
The HAL interrupt controller write hook object.
Definition: winhal.h:33
IntWinHalUnprotectHalDispatchTable
INTSTATUS IntWinHalUnprotectHalDispatchTable(void)
Deactivates the HAL dispatch table protection.
Definition: winhal.c:801
_WIN_HAL_DATA::HalHeapSize
DWORD HalHeapSize
The size of the HAL heap.
Definition: winhal.h:20
_WIN_HAL_DATA::HalDispatchIntegrityHook
void * HalDispatchIntegrityHook
The HAL dispatch table integrity hook object.
Definition: winhal.h:35
QWORD
unsigned long long QWORD
Definition: intro_types.h:53
WIN_HAL_DATA
struct _WIN_HAL_DATA WIN_HAL_DATA
Hal information.
IntWinHalUnprotectHalIntCtrl
INTSTATUS IntWinHalUnprotectHalIntCtrl(void)
Deactivates the HAL interrupt controller write protection.
Definition: winhal.c:733
_WIN_HAL_DATA::HalHeapAddress
QWORD HalHeapAddress
The guest virtual address of the HAL heap.
Definition: winhal.h:16
DWORD
uint32_t DWORD
Definition: intro_types.h:49
_WIN_HAL_DATA::HalDispatchTableSize
DWORD HalDispatchTableSize
The size of the HAL dispatch table.
Definition: winhal.h:25
_WIN_HAL_DATA::OwnerHalModule
KERNEL_DRIVER * OwnerHalModule
The hal.dll kernel module or ntoskrnl.exe.
Definition: winhal.h:28
IntWinHalUpdateProtection
INTSTATUS IntWinHalUpdateProtection(void)
Updates any of the HAL protections.
Definition: winhal.c:1385
_WIN_HAL_DATA::HalDispatchTableAddress
QWORD HalDispatchTableAddress
The guest virtual address of the HAL dispatch table.
Definition: winhal.h:23
_WIN_HAL_DATA::HalIntCtrlAddress
QWORD HalIntCtrlAddress
The guest virtual address of the HAL interrupt controller.
Definition: winhal.h:18
_WIN_HAL_DATA
Hal information.
Definition: winhal.h:13
_WIN_HAL_DATA::HalHeapExecHook
void * HalHeapExecHook
The HAL heap execution hook object.
Definition: winhal.h:31
IntWinHalProtectHalHeapExecs
INTSTATUS IntWinHalProtectHalHeapExecs(void)
Hooks the HAL heap against execution.
Definition: winhal.c:562