IntroVirt/WindowsGuest_8hh_source.html

/*

 * Copyright 2021 Assured Information Security, Inc.

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *         http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

#pragma once


#include <introvirt/core/domain/Guest.hh>

#include <introvirt/windows/kernel/SystemCallConverter.hh>


#include <introvirt/fwd.hh>


#include <cstdint>

#include <set>

#include <string>


namespace introvirt {

namespace windows {


class WindowsGuest : public Guest {

  public:

    virtual const SystemCallConverter& syscalls() const = 0;


    virtual nt::NtKernel& kernel() = 0;


    virtual const nt::NtKernel& kernel() const = 0;


    virtual Domain& domain() = 0;


    virtual const Domain& domain() const = 0;


    virtual bool set_system_call_filter(SystemCallFilter& filter, SystemCallIndex index,

                                        bool value) const = 0;


    virtual void default_syscall_filter(SystemCallFilter& filter) const = 0;


    static std::set<std::string> syscall_categories();


    virtual void enable_category(const std::string& category, SystemCallFilter& filter) const = 0;


    virtual ~WindowsGuest() = default;


  private:

};


} // namespace windows

} // namespace introvirt

Guest.hh

SystemCallConverter.hh

introvirt::Domain
A class representing a single Domain.
Definition Domain.hh:44

introvirt::Guest
Base interface for a Guest.
Definition Guest.hh:35

introvirt::SystemCallFilter
Base class for system call filtering.
Definition SystemCallFilter.hh:35

introvirt::windows::SystemCallConverter
Class for converting between native system call numbers and our SystemCall values.
Definition SystemCallConverter.hh:36

introvirt::windows::WindowsGuest
A representation of a Windows Guest OS.
Definition WindowsGuest.hh:33

introvirt::windows::WindowsGuest::enable_category
virtual void enable_category(const std::string &category, SystemCallFilter &filter) const =0
Enable a specific category for a filter.

introvirt::windows::WindowsGuest::~WindowsGuest
virtual ~WindowsGuest()=default

introvirt::windows::WindowsGuest::domain
virtual Domain & domain()=0
Get the Domain instance the guest is running on.

introvirt::windows::WindowsGuest::syscall_categories
static std::set< std::string > syscall_categories()
Get the available system call categories.

introvirt::windows::WindowsGuest::kernel
virtual const nt::NtKernel & kernel() const =0
Get the Nt kernel.

introvirt::windows::WindowsGuest::kernel
virtual nt::NtKernel & kernel()=0
Get the Nt kernel.

introvirt::windows::WindowsGuest::default_syscall_filter
virtual void default_syscall_filter(SystemCallFilter &filter) const =0
Configure a system call filter for all supported calls.

introvirt::windows::WindowsGuest::domain
virtual const Domain & domain() const =0
Get the Domain instance the guest is running on.

introvirt::windows::WindowsGuest::syscalls
virtual const SystemCallConverter & syscalls() const =0
Get the system call conversion class.

introvirt::windows::WindowsGuest::set_system_call_filter
virtual bool set_system_call_filter(SystemCallFilter &filter, SystemCallIndex index, bool value) const =0
Configure a system call filter intercept.

introvirt::windows::nt::NtKernel
Abstraction for the Windows NT kernel.
Definition NtKernel.hh:37

fwd.hh

introvirt::windows::SystemCallIndex
SystemCallIndex
This is our "normalized" list of Windows system calls.
Definition SystemCallIndex.hh:30

introvirt
Core IntroVirt classes.
Definition Cr0.hh:20