The KPCR (Kernel Processor Control Region) is used by Windows to hold information about the current thread. More...

#include <KPCR.hh>

Public Member Functions
virtual uint64_t	pid () const =0
	Get the process ID of the current thread.

virtual uint64_t	tid () const =0
	Get the thread ID of the current thread.

virtual std::string	process_name () const =0
	Get the name of the current process.

virtual THREAD &	CurrentThread ()=0
	Get the currently active thread.

virtual const THREAD &	CurrentThread () const =0
	Get the currently active thread.

virtual uint64_t	KernelDirectoryTableBase () const =0
	Get the paging table used by the kernel, if the field exists.

virtual bool	idle () const =0
	Check if the processor for this KPCR is idle.

virtual void	reset ()=0
	Reset the state held by the KPCR.

virtual	~KPCR ()=default
	Destroy the instance.

Detailed Description

The KPCR (Kernel Processor Control Region) is used by Windows to hold information about the current thread.

Constructor & Destructor Documentation

◆ ~KPCR()

virtual introvirt::windows::nt::KPCR::~KPCR ( )

virtualdefault

Destroy the instance.

Member Function Documentation

◆ CurrentThread() [1/2]

virtual const THREAD & introvirt::windows::nt::KPCR::CurrentThread ( ) const

pure virtual

Get the currently active thread.

Returns: The current active thread on this processor

Exceptions

IdleThreadException If the CurrentThread is Idle

◆ CurrentThread() [2/2]

virtual THREAD & introvirt::windows::nt::KPCR::CurrentThread ( )

pure virtual

Get the currently active thread.

Returns: The current active thread on this processor

Exceptions

IdleThreadException If the CurrentThread is Idle

Examples: ivexec.cc, and ivprocmemdump.cc.

◆ idle()

virtual bool introvirt::windows::nt::KPCR::idle ( ) const

pure virtual

Check if the processor for this KPCR is idle.

Returns: true If the processor is idle; false If the processor is not idle

◆ KernelDirectoryTableBase()

virtual uint64_t introvirt::windows::nt::KPCR::KernelDirectoryTableBase ( ) const

pure virtual

Get the paging table used by the kernel, if the field exists.

This field is used for Spectre/Meltdown mitigation.

Returns: The KernelDirectoryTableBase value, if one exists. Null otherwise.

◆ pid()

virtual uint64_t introvirt::windows::nt::KPCR::pid ( ) const

pure virtual

Get the process ID of the current thread.

Returns: The current process id

◆ process_name()

virtual std::string introvirt::windows::nt::KPCR::process_name ( ) const

pure virtual

Get the name of the current process.

Returns: The current process name

◆ reset()

virtual void introvirt::windows::nt::KPCR::reset ( )

pure virtual

Reset the state held by the KPCR.

This is used internally to reset the cached objects held by the KPCR. When a new event is delivered, the KPCR is reset, releasing the cached CurrentThread object, as well as other state.

◆ tid()

virtual uint64_t introvirt::windows::nt::KPCR::tid ( ) const

pure virtual

Get the thread ID of the current thread.

Returns: The current thread id

The documentation for this class was generated from the following file:

/home/runner/work/IntroVirt/IntroVirt/include/introvirt/windows/kernel/nt/types/KPCR.hh

Public Member Functions

Detailed Description

Constructor & Destructor Documentation

◆ ~KPCR()

Member Function Documentation

◆ CurrentThread() [1/2]

◆ CurrentThread() [2/2]

◆ idle()

◆ KernelDirectoryTableBase()

◆ pid()

◆ process_name()

◆ reset()

◆ tid()