libintrovirt v0.57.4
IntroVirt introspection library
Loading...
Searching...
No Matches
MMVAD.hh
Go to the documentation of this file.
1/*
2 * Copyright 2021 Assured Information Security, Inc.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16#pragma once
17
18#include <introvirt/core/memory/guest_ptr.hh>
19#include <introvirt/windows/kernel/nt/const/MEMORY_ALLOCATION_TYPE.hh>
20#include <introvirt/windows/kernel/nt/const/PAGE_PROTECTION.hh>
21#include <introvirt/windows/kernel/nt/fwd.hh>
22
23#include <cstdint>
24#include <memory>
25#include <string>
26#include <vector>
27
28namespace introvirt {
29namespace windows {
30namespace nt {
31
35enum class VadStructure {
36 MMVAD_SHORT,
37 MMVAD,
38
39 UNKNOWN
40};
41
48class MMVAD {
49 public:
60
62 virtual std::string tag() const = 0;
63
65 virtual VadStructure structure() const = 0;
66
67 virtual uint64_t CommitCharge() const = 0;
68
70 virtual uint64_t StartingVpn() const = 0;
72 virtual uint64_t EndingVpn() const = 0;
74 virtual const FILE_OBJECT* FileObject() const = 0;
76 virtual std::shared_ptr<const MMVAD> LeftChild() const = 0;
78 virtual std::shared_ptr<const MMVAD> RightChild() const = 0;
80 virtual std::shared_ptr<const MMVAD> Parent() const = 0;
82 virtual VadType Type() const = 0;
84 virtual PAGE_PROTECTION Protection() const = 0;
86 virtual const MEMORY_ALLOCATION_TYPE& Allocation() const = 0;
88 virtual bool Private() const = 0;
89
91 virtual uint64_t RegionSize() const = 0;
92
94 virtual uint64_t StartingAddress() const = 0;
95
97 virtual uint64_t EndingAddress() const = 0;
98
99 virtual guest_ptr<void> ptr() const = 0;
100
101 virtual bool locked() const = 0;
102
103 virtual std::vector<std::shared_ptr<const MMVAD>> VadTreeInOrder() const = 0;
104
105 virtual uint64_t FirstPrototypePte() const = 0;
106 virtual uint64_t LastContiguousPte() const = 0;
107
114 virtual std::shared_ptr<const MMVAD> search(uint64_t virtual_address) const = 0;
115
116 virtual ~MMVAD() = default;
117};
118
122const std::string& to_string(MMVAD::VadType);
123
127std::ostream& operator<<(std::ostream&, MMVAD::VadType);
128
132const std::string& to_string(VadStructure);
133
137std::ostream& operator<<(std::ostream&, VadStructure);
138
139} // namespace nt
140} // namespace windows
141} // namespace introvirt
MEMORY_ALLOCATION_TYPE.hh
PAGE_PROTECTION.hh
introvirt::basic_guest_ptr
Definition guest_ptr.hh:88
introvirt::windows::nt::FILE_OBJECT
Definition FILE_OBJECT.hh:66
introvirt::windows::nt::MEMORY_ALLOCATION_TYPE
Class for MEMORY_ALLOCATION_TYPE flags.
Definition MEMORY_ALLOCATION_TYPE.hh:54
introvirt::windows::nt::MMVAD
An entry inside a process's VAD table.
Definition MMVAD.hh:48
introvirt::windows::nt::MMVAD::Type
virtual VadType Type() const =0
introvirt::windows::nt::MMVAD::VadType
VadType
Definition MMVAD.hh:50
introvirt::windows::nt::MMVAD::VadNone
@ VadNone
Definition MMVAD.hh:51
introvirt::windows::nt::MMVAD::VadLargePages
@ VadLargePages
Definition MMVAD.hh:56
introvirt::windows::nt::MMVAD::VadDevicePhysicalMemory
@ VadDevicePhysicalMemory
Definition MMVAD.hh:52
introvirt::windows::nt::MMVAD::VadImageMap
@ VadImageMap
Definition MMVAD.hh:53
introvirt::windows::nt::MMVAD::VadAwe
@ VadAwe
Definition MMVAD.hh:54
introvirt::windows::nt::MMVAD::VadRotatePhysical
@ VadRotatePhysical
Definition MMVAD.hh:57
introvirt::windows::nt::MMVAD::VadLargePageSection
@ VadLargePageSection
Definition MMVAD.hh:58
introvirt::windows::nt::MMVAD::VadWriteWatch
@ VadWriteWatch
Definition MMVAD.hh:55
introvirt::windows::nt::MMVAD::EndingAddress
virtual uint64_t EndingAddress() const =0
introvirt::windows::nt::MMVAD::tag
virtual std::string tag() const =0
introvirt::windows::nt::MMVAD::LeftChild
virtual std::shared_ptr< const MMVAD > LeftChild() const =0
introvirt::windows::nt::MMVAD::RightChild
virtual std::shared_ptr< const MMVAD > RightChild() const =0
introvirt::windows::nt::MMVAD::structure
virtual VadStructure structure() const =0
introvirt::windows::nt::MMVAD::Allocation
virtual const MEMORY_ALLOCATION_TYPE & Allocation() const =0
introvirt::windows::nt::MMVAD::FileObject
virtual const FILE_OBJECT * FileObject() const =0
introvirt::windows::nt::MMVAD::Parent
virtual std::shared_ptr< const MMVAD > Parent() const =0
introvirt::windows::nt::MMVAD::ptr
virtual guest_ptr< void > ptr() const =0
introvirt::windows::nt::MMVAD::RegionSize
virtual uint64_t RegionSize() const =0
introvirt::windows::nt::MMVAD::EndingVpn
virtual uint64_t EndingVpn() const =0
introvirt::windows::nt::MMVAD::Private
virtual bool Private() const =0
introvirt::windows::nt::MMVAD::VadTreeInOrder
virtual std::vector< std::shared_ptr< const MMVAD > > VadTreeInOrder() const =0
introvirt::windows::nt::MMVAD::Protection
virtual PAGE_PROTECTION Protection() const =0
introvirt::windows::nt::MMVAD::search
virtual std::shared_ptr< const MMVAD > search(uint64_t virtual_address) const =0
Search for the MMVAD entry for the given address in children.
introvirt::windows::nt::MMVAD::StartingVpn
virtual uint64_t StartingVpn() const =0
introvirt::windows::nt::MMVAD::locked
virtual bool locked() const =0
introvirt::windows::nt::MMVAD::FirstPrototypePte
virtual uint64_t FirstPrototypePte() const =0
introvirt::windows::nt::MMVAD::LastContiguousPte
virtual uint64_t LastContiguousPte() const =0
introvirt::windows::nt::MMVAD::StartingAddress
virtual uint64_t StartingAddress() const =0
introvirt::windows::nt::MMVAD::CommitCharge
virtual uint64_t CommitCharge() const =0
introvirt::windows::nt::PAGE_PROTECTION
Definition PAGE_PROTECTION.hh:30
guest_ptr.hh
Type-safe guest virtual address pointer and guest_ptr template.
introvirt::windows::nt::VadStructure
VadStructure
Definition MMVAD.hh:35
introvirt::windows::nt::operator<<
std::ostream & operator<<(std::ostream &, APPHELPCACHESERVICECLASS val)
introvirt::windows::nt::to_string
const std::string & to_string(APPHELPCACHESERVICECLASS val)
introvirt
Core IntroVirt classes.
Definition Cr0.hh:20