C++ (Cpp) find_kdversionblock_address_fast Examples

Programming Language: C++ (Cpp)

Method/Function: find_kdversionblock_address_fast

Examples at hotexamples.com: 2

C++ (Cpp) find_kdversionblock_address_fast - 2 examples found. These are the top rated real world C++ (Cpp) examples of find_kdversionblock_address_fast extracted from open source projects. You can rate examples to help us improve the quality of examples.

Example #1

Show file

File: kpcr.c Project: vtxyer/pageTableWalk

status_t init_kdversion_block (vmi_instance_t vmi)
{
    addr_t KdVersionBlock_phys = 0;
    addr_t DebuggerDataList = 0, ListPtr = 0;

    KdVersionBlock_phys = find_kdversionblock_address_fast(vmi);
    //KdVersionBlock_phys = find_kdversionblock_address(vmi);
    if (!KdVersionBlock_phys){
        goto error_exit;
    }

    // Use heuristic to find windows version
    find_windows_version(vmi, KdVersionBlock_phys);

    // get the virtual address for KdVersionBlock from the physical
    if (VMI_FAILURE == vmi_read_addr_pa(vmi, KdVersionBlock_phys, &DebuggerDataList)){
        goto error_exit;
    }
    if (VMI_FAILURE == vmi_read_addr_va(vmi, DebuggerDataList, 0, &ListPtr)){
        goto error_exit;
    }

    if (ListPtr && !vmi->os.windows_instance.kdversion_block){
        vmi->os.windows_instance.kdversion_block = ListPtr;
        printf("LibVMI Suggestion: set win_kdvb=0x%llx in libvmi.conf for faster startup.\n", vmi->os.windows_instance.kdversion_block);
    }
    dbprint("**set KdVersionBlock address=0x%llx\n", vmi->os.windows_instance.kdversion_block);

    return VMI_SUCCESS;
error_exit:
    vmi->os.windows_instance.version = VMI_OS_WINDOWS_UNKNOWN;
    return VMI_FAILURE;
}

Example #2

Show file

File: kpcr.c Project: mrmrwat/libvmi

status_t
init_kdversion_block(
    vmi_instance_t vmi)
{
    addr_t KdVersionBlock_phys = 0;
    addr_t DebuggerDataList = 0, ListPtr = 0;
    windows_instance_t windows = NULL;

    if (vmi->os_data == NULL) {
        return VMI_FAILURE;
    }

    windows = vmi->os_data;

    KdVersionBlock_phys = find_kdversionblock_address_fast(vmi);
    //KdVersionBlock_phys = find_kdversionblock_address(vmi);
    if (!KdVersionBlock_phys) {
        goto error_exit;
    }

    // get the virtual address for KdVersionBlock from the physical
    if (VMI_FAILURE ==
        vmi_read_addr_pa(vmi, KdVersionBlock_phys, &DebuggerDataList)) {
        goto error_exit;
    }
    if (VMI_FAILURE ==
        vmi_read_addr_va(vmi, DebuggerDataList, 0, &ListPtr)) {
        goto error_exit;
    }

    if (ListPtr && !windows->kdversion_block) {
        windows->kdversion_block = ListPtr;
        printf
            ("LibVMI Suggestion: set win_kdvb=0x%"PRIx64" in libvmi.conf for faster startup.\n",
             windows->kdversion_block);
    }
    dbprint("**set KdVersionBlock address=0x%"PRIx64"\n",
            windows->kdversion_block);

    return VMI_SUCCESS;

error_exit:
    return VMI_FAILURE;
}