introvirt Namespace Reference

Core IntroVirt classes. More...

Namespaces
namespace	inject
namespace	windows
	Classes related to Microsoft Windows guests.
namespace	x86
	Classes for the x86 architecture.

Classes
struct	_guest_size_t_base
struct	_guest_size_t_base< _Physical, false, false >
struct	_guest_size_t_base< _Physical, false, true >
struct	_guest_size_t_base< _Physical, true, false >
struct	_guest_size_t_base< _Physical, true, true >
class	AllocationFailedException
	Thrown when failing to allocate guest memory. More...
class	BadPhysicalAddressException
	Thrown when we fail to map a guest physical address. More...
class	basic_guest_ptr
class	basic_guest_ptr_members
class	basic_guest_ptr_members< _Tp, _Physical, false, std::enable_if_t< is_guest_size_v< _Tp > > >
class	basic_guest_ptr_members< _Tp, _Physical, true, std::enable_if_t< is_guest_size_v< _Tp > > >
class	basic_guest_ptr_members_length
class	basic_guest_ptr_members_length< true >
class	basic_guest_ptr_members_page_dir
class	basic_guest_ptr_members_page_dir< true >
class	Breakpoint
	Breakpoint interface class. More...
class	BufferTooSmallException
	Thrown when a buffer is not large enough for some operation. More...
class	CommandFailedException
	Thrown when a hypervisor command fails. More...
class	ControlRegisterEvent
	Control register read/write event interface. More...
class	Domain
	A class representing a single Domain. More...
class	DomainBusyException
	Thrown when failing to attach to a domain because it was busy. More...
class	DomainInformation
	Information about a domain. More...
class	Event
	Interface class for hypervisor events. More...
class	EventCallback
	Interface for an event poller callback. More...
class	EventFilter
	Interface for an EventFilter. More...
class	EventPollException
	Thrown when poll() fails. More...
class	EventTaskInformation
	An interface for event process information. More...
class	ExceptionEvent
	Interface for x86 exception events. More...
class	FunctionCall
	Base class for function calls. More...
class	FunctionCallFactory
class	FunctionCallReturnData
class	Guest
	Base interface for a Guest. More...
class	guest_member_ptr
	Helper class to embed in structs. More...
class	guest_size_t
	Helper class to transparently convert between guest size and a value. More...
class	GUEST_SIZET_TYPE
	Specialization of basic_guest_ptr<_Tp, guest_ptr_t, _Physical> to handle both uint32_t and uint64_t. More...
class	GuestDetectionException
	Thrown when to detect the guest operating system. More...
class	GuestMemoryMapping
	A mapping of guest memory. More...
class	HexDump
	A class for outputting formatted hex dumps. More...
class	Hypervisor
	Abstract class for managing a hypervisor. More...
struct	identity
class	InterruptedException
	Thrown when a suspended thread is interrupted. More...
class	InvalidMethodException
	Thrown when the wrong method is called. More...
class	InvalidVcpuException
	Thrown when attempting to access a vcpu that doesn't exist. More...
struct	is_guest_size
struct	is_guest_size< _Tp, std::enable_if_t< std::is_same_v< guest_size_t, std::remove_const_t< remove_all_pointers_t< std::remove_all_extents_t< _Tp > > > > > >
class	MemAccessEvent
	Interface for intercepting memory accesses. More...
class	MemoryException
	Common base class for memory exceptions. More...
class	MsrAccessEvent
	Interface for MSR read/write events. More...
class	NoSuchDomainException
	Thrown when failing to attach to a domain because it couldn't be found. More...
class	NotImplementedException
	Thrown when a method is not implemented. More...
class	NullAddressException
	Thrown when calling a method on a "null" guest_ptr instance. More...
class	ProgressBar
	Class for displaying a progress bar. More...
struct	remove_all_pointers
class	SingleStep
class	SystemCall
class	SystemCallEvent
	Interface for system call events. More...
class	SystemCallFilter
	Base class for system call filtering. More...
class	SystemCallInjectionException
	Thrown when an error occurs during system call injection. More...
class	TaskFilter
	Filter to remove events based on task. More...
class	ThreadLocalEvent
class	TraceableException
	Base class for exceptions with stack unwinding. More...
class	UnsupportedHypervisorException
	Thrown when no supported hypervisor can be found. More...
class	Vcpu
	A class representing a single virtual processor. More...
class	VersionInfo
	Version information for libintrovirt. More...
class	VirtualAddressNotPresentException
	Thrown when translating a guest virtual address is marked as not present. More...
class	Watchpoint
	Memory access watchpoint. More...

Typedefs
using	Registers = x86::Registers
using	guest_ptr_t = guest_size_t
template<typename _Tp >
using	remove_all_pointers_t = typename remove_all_pointers< _Tp >::type
template<typename _Tp , typename _PtrType = void>
using	guest_ptr = basic_guest_ptr< _Tp, _PtrType, false >
template<typename _Tp , typename _PtrType = void>
using	guest_phys_ptr = basic_guest_ptr< _Tp, _PtrType, true >

Enumerations
enum class	OS { Unknown , Windows , Linux }
enum class	EventType : int {   EVENT_FAST_SYSCALL , EVENT_FAST_SYSCALL_RET , EVENT_SW_INT , EVENT_SW_IRET ,   EVENT_CR_READ , EVENT_CR_WRITE , EVENT_MSR_READ , EVENT_MSR_WRITE ,   EVENT_EXCEPTION , EVENT_MEM_ACCESS , EVENT_SINGLE_STEP , EVENT_HYPERCALL ,   EVENT_REBOOT , EVENT_SHUTDOWN , EVENT_MAX = EVENT_SHUTDOWN , EVENT_UNKNOWN = -1 }
	Enum describing a hypervisor event. More...
enum class	FastCallType {   FASTCALL_SYSCALL , FASTCALL_SYSRET , FASTCALL_SYSENTER , FASTCALL_SYSEXIT ,   FASTCALL_UNKNOWN }
	Enum class describing the type of fast system call. More...

Functions
const std::string &	to_string (OS)
std::ostream &	operator<< (std::ostream &, OS)
const std::string &	to_string (EventType type)
	Get a string representation of EventType.
std::ostream &	operator<< (std::ostream &os, EventType type)
	Stream operator overload for EventType.
const std::string &	to_string (FastCallType type)
	Get a string representation of FastCallType.
std::ostream &	operator<< (std::ostream &os, FastCallType type)
	Stream operator overload for FastCallType.
std::ostream &	operator<< (std::ostream &os, const TraceableException &error)
	Write this exception to a stream.
template<typename _OutTp , typename _OutPtrType = void, typename _InTp , typename _PtrType , bool _Physical>
void	_ptr_cast_impl (const basic_guest_ptr< _InTp, _PtrType, _Physical > &in, basic_guest_ptr< _OutTp, _OutPtrType, _Physical > &out)
template<typename _OutTp , typename _OutPtrType = void, typename _InTp , typename _PtrType , bool _Physical>
basic_guest_ptr< _OutTp, _OutPtrType, _Physical >	const_ptr_cast (const basic_guest_ptr< _InTp, _PtrType, _Physical > &in)
	Copy casting functions.
template<typename _OutTp , typename _OutPtrType = void, typename _InTp , typename _PtrType , bool _Physical>
basic_guest_ptr< _OutTp, _OutPtrType, _Physical >	static_ptr_cast (const basic_guest_ptr< _InTp, _PtrType, _Physical > &in)
template<typename _OutTp , typename _OutPtrType = void, typename _InTp , typename _PtrType , bool _Physical>
basic_guest_ptr< _OutTp, _OutPtrType, _Physical >	reinterpret_ptr_cast (const basic_guest_ptr< _InTp, _PtrType, _Physical > &in)
template<typename _OutTp , typename _OutPtrType = void, typename _InTp , typename _PtrType , bool _Physical>
basic_guest_ptr< _OutTp, _OutPtrType, _Physical >	const_ptr_cast (basic_guest_ptr< _InTp, _PtrType, _Physical > &&in)
	Move casting functions.
template<typename _OutTp , typename _OutPtrType = void, typename _InTp , typename _PtrType , bool _Physical>
basic_guest_ptr< _OutTp, _OutPtrType, _Physical >	static_ptr_cast (basic_guest_ptr< _InTp, _PtrType, _Physical > &&in)
template<typename _OutTp , typename _OutPtrType = void, typename _InTp , typename _PtrType , bool _Physical>
basic_guest_ptr< _OutTp, _OutPtrType, _Physical >	reinterpret_ptr_cast (basic_guest_ptr< _InTp, _PtrType, _Physical > &&in)
template<typename _CharType , typename _OutPtrType = void, typename _Tp , typename _PtrType , bool _Physical>
auto	_map_guest_str (const basic_guest_ptr< _Tp, _PtrType, _Physical > &ptr, size_t max_length=0xFFFF)
	Null terminated array helpers.
template<typename _Tp , typename _PtrType , bool _Physical>
basic_guest_ptr< char[], void, _Physical >	map_guest_cstring (const basic_guest_ptr< _Tp, _PtrType, _Physical > &ptr, size_t max_length=0xFFFF)
	Helper function for map_guest_str<char>
template<typename _Tp , typename _PtrType , bool _Physical>
basic_guest_ptr< char16_t[], void, _Physical >	map_guest_wstring (const basic_guest_ptr< _Tp, _PtrType, _Physical > &ptr, size_t max_length=0xFFFF)
	Helper function for map_guest_str<char16_t>
template<typename _Tp , typename _PtrType , bool _Physical>
std::string	to_string (const basic_guest_ptr< _Tp, _PtrType, _Physical > &ptr)
	String and ostream helpers.
template<typename _Tp , typename _PtrType , bool _Physical>
std::ostream &	operator<< (std::ostream &os, const basic_guest_ptr< _Tp, _PtrType, _Physical > &ptr)
template<typename I >
std::string	n2hexstr (I w, size_t hex_len=sizeof(I)<< 1)

Variables
template<typename _Tp >
constexpr bool	is_guest_size_v = is_guest_size<_Tp>::value

Detailed Description

Core IntroVirt classes.

The top-level introvirt namespace is for low-level operations, like controlling domains and vcpus, mapping memory, etc.

Typedef Documentation

guest_phys_ptr

template<typename _Tp , typename _PtrType = void>

using introvirt::guest_phys_ptr = typedef basic_guest_ptr<_Tp, _PtrType, true>

guest_ptr

template<typename _Tp , typename _PtrType = void>

using introvirt::guest_ptr = typedef basic_guest_ptr<_Tp, _PtrType, false>

guest_ptr_t

using introvirt::guest_ptr_t = typedef guest_size_t

Registers

using introvirt::Registers = typedef x86::Registers

remove_all_pointers_t

template<typename _Tp >

using introvirt::remove_all_pointers_t = typedef typename remove_all_pointers<_Tp>::type

Enumeration Type Documentation

EventType

enum class introvirt::EventType : int

strong

Enum describing a hypervisor event.

Enumerator
EVENT_FAST_SYSCALL	A system call event.
EVENT_FAST_SYSCALL_RET	A system call return event.
EVENT_SW_INT	A software interrupt event.
EVENT_SW_IRET	A software interrupt return event.
EVENT_CR_READ	A control register was read.
EVENT_CR_WRITE	A control register was written to.
EVENT_MSR_READ	An MSR was read.
EVENT_MSR_WRITE	An MSR was written to.
EVENT_EXCEPTION	An x86 exception event.
EVENT_MEM_ACCESS	Hardware assisted paging violation (memory breakpoints)
EVENT_SINGLE_STEP	Single step event.
EVENT_HYPERCALL	An intercepted hypercall.
EVENT_REBOOT	The guest VM has rebooted.
EVENT_SHUTDOWN	The guest VM has shutdown.
EVENT_MAX	The highest valid event type.
EVENT_UNKNOWN	An unknown event.

FastCallType

enum class introvirt::FastCallType

strong

Enum class describing the type of fast system call.

Enumerator
FASTCALL_SYSCALL
FASTCALL_SYSRET
FASTCALL_SYSENTER
FASTCALL_SYSEXIT
FASTCALL_UNKNOWN

OS

enum class introvirt::OS

strong

Enumerator
Unknown
Windows
Linux

Function Documentation

_map_guest_str()

template<typename _CharType , typename _OutPtrType = void, typename _Tp , typename _PtrType , bool _Physical>

auto introvirt::_map_guest_str ( const basic_guest_ptr< _Tp, _PtrType, _Physical > &  ptr, size_t  max_length = 0xFFFF  )

inline

Null terminated array helpers.

_ptr_cast_impl()

template<typename _OutTp , typename _OutPtrType = void, typename _InTp , typename _PtrType , bool _Physical>

void introvirt::_ptr_cast_impl	(	const basic_guest_ptr< _InTp, _PtrType, _Physical > &	in,
		basic_guest_ptr< _OutTp, _OutPtrType, _Physical > &	out
	)

const_ptr_cast() [1/2]

template<typename _OutTp , typename _OutPtrType = void, typename _InTp , typename _PtrType , bool _Physical>

basic_guest_ptr< _OutTp, _OutPtrType, _Physical > introvirt::const_ptr_cast

(

basic_guest_ptr< _InTp, _PtrType, _Physical > &&

in

)

Move casting functions.

const_ptr_cast() [2/2]

template<typename _OutTp , typename _OutPtrType = void, typename _InTp , typename _PtrType , bool _Physical>

basic_guest_ptr< _OutTp, _OutPtrType, _Physical > introvirt::const_ptr_cast

(

const basic_guest_ptr< _InTp, _PtrType, _Physical > &

in

)

Copy casting functions.

map_guest_cstring()

template<typename _Tp , typename _PtrType , bool _Physical>

basic_guest_ptr< char[], void, _Physical > introvirt::map_guest_cstring ( const basic_guest_ptr< _Tp, _PtrType, _Physical > &  ptr, size_t  max_length = 0xFFFF  )

inline

Helper function for map_guest_str<char>

Parameters

ptr	The starting address of the string
max_length	The maximum number of char values to map

Examples

vmcall_interface.cc.

map_guest_wstring()

template<typename _Tp , typename _PtrType , bool _Physical>

basic_guest_ptr< char16_t[], void, _Physical > introvirt::map_guest_wstring ( const basic_guest_ptr< _Tp, _PtrType, _Physical > &  ptr, size_t  max_length = 0xFFFF  )

inline

Helper function for map_guest_str<char16_t>

Parameters

ptr	The starting address of the string
max_length	The maximum number of char16_t values to map

n2hexstr()

template<typename I >

std::string introvirt::n2hexstr	(	I	w,
		size_t	hex_len = sizeof(I) << 1
	)

operator<<() [1/5]

std::ostream & introvirt::operator<<	(	std::ostream &	,
		OS
	)

operator<<() [2/5]

template<typename _Tp , typename _PtrType , bool _Physical>

std::ostream & introvirt::operator<< ( std::ostream &  os, const basic_guest_ptr< _Tp, _PtrType, _Physical > &  ptr  )

inline

operator<<() [3/5]

std::ostream & introvirt::operator<<	(	std::ostream &	os,
		const TraceableException &	error
	)

Write this exception to a stream.

Parameters

os	The output stream to write to
error	The exception to write

Returns

std::ostream& The stream that was provided

operator<<() [4/5]

std::ostream & introvirt::operator<<	(	std::ostream &	os,
		EventType	type
	)

Stream operator overload for EventType.

Writes the string value of the given EventType to the stream

Parameters

os	The stream to write to
type	The type to convert to a string

Returns

The stream that was passed in

operator<<() [5/5]

std::ostream & introvirt::operator<<	(	std::ostream &	os,
		FastCallType	type
	)

Stream operator overload for FastCallType.

Writes the string value of the given FastCallType to the stream

Parameters

os	The stream to write to
type	The type to convert to a string

Returns

The stream that was passed in

reinterpret_ptr_cast() [1/2]

template<typename _OutTp , typename _OutPtrType = void, typename _InTp , typename _PtrType , bool _Physical>

basic_guest_ptr< _OutTp, _OutPtrType, _Physical > introvirt::reinterpret_ptr_cast

(

basic_guest_ptr< _InTp, _PtrType, _Physical > &&

in

)

reinterpret_ptr_cast() [2/2]

template<typename _OutTp , typename _OutPtrType = void, typename _InTp , typename _PtrType , bool _Physical>

basic_guest_ptr< _OutTp, _OutPtrType, _Physical > introvirt::reinterpret_ptr_cast

(

const basic_guest_ptr< _InTp, _PtrType, _Physical > &

in

)

static_ptr_cast() [1/2]

template<typename _OutTp , typename _OutPtrType = void, typename _InTp , typename _PtrType , bool _Physical>

basic_guest_ptr< _OutTp, _OutPtrType, _Physical > introvirt::static_ptr_cast

(

basic_guest_ptr< _InTp, _PtrType, _Physical > &&

in

)

static_ptr_cast() [2/2]

template<typename _OutTp , typename _OutPtrType = void, typename _InTp , typename _PtrType , bool _Physical>

basic_guest_ptr< _OutTp, _OutPtrType, _Physical > introvirt::static_ptr_cast

(

const basic_guest_ptr< _InTp, _PtrType, _Physical > &

in

)

to_string() [1/4]

template<typename _Tp , typename _PtrType , bool _Physical>

std::string introvirt::to_string ( const basic_guest_ptr< _Tp, _PtrType, _Physical > &  ptr )

inline

String and ostream helpers.

to_string() [2/4]

const std::string & introvirt::to_string

(

EventType

type

)

Get a string representation of EventType.

Parameters

type	The type to convert to string

Returns

The string representation EventType

to_string() [3/4]

const std::string & introvirt::to_string

(

FastCallType

type

)

Get a string representation of FastCallType.

Parameters

type	The type to convert to string

Returns

The string representation FastCallType

to_string() [4/4]

const std::string & introvirt::to_string

(

OS

)

Variable Documentation

is_guest_size_v

template<typename _Tp >

constexpr bool introvirt::is_guest_size_v = is_guest_size<_Tp>::value

inlineconstexpr