A representation of a Windows Guest OS. More...

#include <WindowsGuest.hh>

Inheritance diagram for introvirt::windows::WindowsGuest:

Collaboration diagram for introvirt::windows::WindowsGuest:

Public Member Functions
virtual const SystemCallConverter &	syscalls () const =0
	Get the system call conversion class.

virtual nt::NtKernel &	kernel ()=0
	Get the Nt kernel.

virtual const nt::NtKernel &	kernel () const =0
	Get the Nt kernel.

virtual Domain &	domain ()=0
	Get the Domain instance the guest is running on.

virtual const Domain &	domain () const =0
	Get the Domain instance the guest is running on.

virtual bool	set_system_call_filter (SystemCallFilter &filter, SystemCallIndex index, bool value) const =0
	Configure a system call filter intercept.

virtual void	default_syscall_filter (SystemCallFilter &filter) const =0
	Configure a system call filter for all supported calls.

virtual void	enable_category (const std::string &category, SystemCallFilter &filter) const =0
	Enable a specific category for a filter.

virtual	~WindowsGuest ()=default

Public Member Functions inherited from introvirt::Guest
virtual OS	os () const =0
	Get the Guest OS type.

virtual bool	x64 () const =0
	Check if the guest is 64-bit.

virtual guest_ptr< void >	allocate (size_t &region_size, bool executable=false)=0
	Allocate a region of memory in the guest.

virtual void	guest_free (const guest_ptr< void > &ptr, size_t region_size)=0
	Free a region of memory in the guest.

virtual bool	page_in (Event &event, uint64_t virtual_address)=0

virtual GuestImpl &	impl ()=0
	Used internally.

virtual const GuestImpl &	impl () const =0

virtual	~Guest ()=default
	Destroy the instance.

Static Public Member Functions
static std::set< std::string >	syscall_categories ()
	Get the available system call categories.

Detailed Description

A representation of a Windows Guest OS.

Examples: ivexec.cc, ivguestinfo.cc, ivmemwatch.cc, ivprocinfo.cc, ivservicetable.cc, ivsessions.cc, ivsyscallmon.cc, and vmcall_interface.cc.

Constructor & Destructor Documentation

◆ ~WindowsGuest()

virtual introvirt::windows::WindowsGuest::~WindowsGuest ( )

virtualdefault

Member Function Documentation

◆ default_syscall_filter()

virtual void introvirt::windows::WindowsGuest::default_syscall_filter ( SystemCallFilter & filter ) const

pure virtual

Configure a system call filter for all supported calls.

This method will enable all supported system calls in the filter. It does not turn the filter on, or clear out existing entries.

Parameters

filter The filter to configure

Examples: ivexec.cc, and ivsyscallmon.cc.

◆ domain() [1/2]

virtual const Domain & introvirt::windows::WindowsGuest::domain ( ) const

pure virtual

Get the Domain instance the guest is running on.

Returns: The domain instance

◆ domain() [2/2]

virtual Domain & introvirt::windows::WindowsGuest::domain ( )

pure virtual

Get the Domain instance the guest is running on.

Returns: The domain instance

◆ enable_category()

virtual void introvirt::windows::WindowsGuest::enable_category	(	const std::string &	category,
		SystemCallFilter &	filter
	)		const

pure virtual

Enable a specific category for a filter.

Parameters

category	The category to enable
filter	The system call filter to enable for

Examples: ivexec.cc, and ivsyscallmon.cc.

◆ kernel() [1/2]

virtual const nt::NtKernel & introvirt::windows::WindowsGuest::kernel ( ) const

pure virtual

Get the Nt kernel.

Returns: A reference to the NT kernel parser

◆ kernel() [2/2]

virtual nt::NtKernel & introvirt::windows::WindowsGuest::kernel ( )

pure virtual

Get the Nt kernel.

Returns: A reference to the NT kernel parser

Examples: ivguestinfo.cc, and ivmemwatch.cc.

◆ set_system_call_filter()

virtual bool introvirt::windows::WindowsGuest::set_system_call_filter	(	SystemCallFilter &	filter,
		SystemCallIndex	index,
		bool	value
	)		const

pure virtual

Configure a system call filter intercept.

Parameters

filter	The filter to configure
index	The index to configure
value	The value to set

Returns: true If the bitmap was configured; false If the guest does not support the given index

Examples: ivexec.cc, and vmcall_interface.cc.

◆ syscall_categories()

static std::set< std::string > introvirt::windows::WindowsGuest::syscall_categories ( )

static

Get the available system call categories.

◆ syscalls()

virtual const SystemCallConverter & introvirt::windows::WindowsGuest::syscalls ( ) const

pure virtual

Get the system call conversion class.

Returns: the system call conversion class

Examples: ivguestinfo.cc.

The documentation for this class was generated from the following file:

/home/runner/work/IntroVirt/IntroVirt/include/introvirt/windows/WindowsGuest.hh

Public Member Functions

Static Public Member Functions

Detailed Description

Constructor & Destructor Documentation

◆ ~WindowsGuest()

Member Function Documentation

◆ default_syscall_filter()

◆ domain() [1/2]

◆ domain() [2/2]

◆ enable_category()

◆ kernel() [1/2]

◆ kernel() [2/2]

◆ set_system_call_filter()

◆ syscall_categories()

◆ syscalls()