IntroVirt/HIVE_8hh_source.html

/*

 * Copyright 2021 Assured Information Security, Inc.

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *         http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

#pragma once


#include <introvirt/core/memory/guest_ptr.hh>

#include <introvirt/windows/kernel/nt/fwd.hh>


#include <cstdint>

#include <string>


namespace introvirt {

namespace windows {

namespace nt {


class CM_KEY_NODE;

class HBASE_BLOCK;


class HIVE {

  public:


    enum HiveType {

        HFILE_TYPE_PRIMARY = 0,

        HFILE_TYPE_LOG,

        HFILE_TYPE_EXTERNAL,

    };


    enum HiveFlags {

        HIVE_VOLATILE = 0x1,

        HIVE_NOLAZYFLUSH = 0x2,

        HIVE_HAS_BEEN_REPLACED = 0x4,

        HIVE_HAS_BEEN_FREED = 0x8,

        HIVE_UNKNOWN = 0x10,

        HIVE_UNLOADING = 0x20,

        // TODO(papes): Values seen up to 0x200

    };


    virtual const std::string& FileFullPath() const = 0;

    virtual const std::string& FileUserName() const = 0;

    virtual const std::string& HiveRootPath() const = 0;

    virtual const HBASE_BLOCK& BaseBlock() const = 0;

    virtual const CM_KEY_NODE* RootKeyNode() const = 0;

    virtual const CM_KEY_NODE* KeyNode(uint32_t KeyIndex) const = 0;

    virtual guest_ptr<void> CellAddress(uint32_t KeyIndex) const = 0;

    virtual const HIVE* PreviousHive() const = 0;

    virtual const HIVE* NextHive() const = 0;

    virtual uint32_t HiveFlags() const = 0;

    virtual guest_ptr<void> ptr() const = 0;


    virtual ~HIVE() = default;

};


} /* namespace nt */

} /* namespace windows */

} /* namespace introvirt */

introvirt::basic_guest_ptr
Definition guest_ptr.hh:88

introvirt::windows::nt::CM_KEY_NODE
Definition CM_KEY_NODE.hh:29

introvirt::windows::nt::HBASE_BLOCK
Definition HBASE_BLOCK.hh:31

introvirt::windows::nt::HIVE
Definition HIVE.hh:31

introvirt::windows::nt::HIVE::BaseBlock
virtual const HBASE_BLOCK & BaseBlock() const =0

introvirt::windows::nt::HIVE::~HIVE
virtual ~HIVE()=default

introvirt::windows::nt::HIVE::RootKeyNode
virtual const CM_KEY_NODE * RootKeyNode() const =0

introvirt::windows::nt::HIVE::FileUserName
virtual const std::string & FileUserName() const =0

introvirt::windows::nt::HIVE::HiveType
HiveType
Definition HIVE.hh:33

introvirt::windows::nt::HIVE::HFILE_TYPE_EXTERNAL
@ HFILE_TYPE_EXTERNAL
Definition HIVE.hh:36

introvirt::windows::nt::HIVE::HFILE_TYPE_PRIMARY
@ HFILE_TYPE_PRIMARY
Definition HIVE.hh:34

introvirt::windows::nt::HIVE::HFILE_TYPE_LOG
@ HFILE_TYPE_LOG
Definition HIVE.hh:35

introvirt::windows::nt::HIVE::PreviousHive
virtual const HIVE * PreviousHive() const =0

introvirt::windows::nt::HIVE::KeyNode
virtual const CM_KEY_NODE * KeyNode(uint32_t KeyIndex) const =0

introvirt::windows::nt::HIVE::HiveFlags
HiveFlags
Definition HIVE.hh:38

introvirt::windows::nt::HIVE::HIVE_HAS_BEEN_FREED
@ HIVE_HAS_BEEN_FREED
Definition HIVE.hh:42

introvirt::windows::nt::HIVE::HIVE_VOLATILE
@ HIVE_VOLATILE
Definition HIVE.hh:39

introvirt::windows::nt::HIVE::HIVE_HAS_BEEN_REPLACED
@ HIVE_HAS_BEEN_REPLACED
Definition HIVE.hh:41

introvirt::windows::nt::HIVE::HIVE_NOLAZYFLUSH
@ HIVE_NOLAZYFLUSH
Definition HIVE.hh:40

introvirt::windows::nt::HIVE::HIVE_UNKNOWN
@ HIVE_UNKNOWN
Definition HIVE.hh:43

introvirt::windows::nt::HIVE::HIVE_UNLOADING
@ HIVE_UNLOADING
Definition HIVE.hh:44

introvirt::windows::nt::HIVE::HiveRootPath
virtual const std::string & HiveRootPath() const =0

introvirt::windows::nt::HIVE::FileFullPath
virtual const std::string & FileFullPath() const =0

introvirt::windows::nt::HIVE::HiveFlags
virtual uint32_t HiveFlags() const =0

introvirt::windows::nt::HIVE::ptr
virtual guest_ptr< void > ptr() const =0

introvirt::windows::nt::HIVE::CellAddress
virtual guest_ptr< void > CellAddress(uint32_t KeyIndex) const =0

introvirt::windows::nt::HIVE::NextHive
virtual const HIVE * NextHive() const =0

guest_ptr.hh
Type-safe guest virtual address pointer and guest_ptr template.

introvirt
Core IntroVirt classes.
Definition Cr0.hh:20

fwd.hh