vmi_os_windows

Struct WindowsHandleTable

Source 
pub struct WindowsHandleTable<'a, Driver>
where
    Driver: VmiDriver,
    Driver::Architecture: Architecture + ArchAdapter<Driver>,
{ /* private fields */ }
Expand description

A Windows handle table.

A handle table in Windows tracks handles to kernel objects for a specific process, allowing access control and management.

§Implementation Details

Corresponds to _HANDLE_TABLE.

Implementations§

Source§

impl<'a, Driver> WindowsHandleTable<'a, Driver>
where Driver: VmiDriver, Driver::Architecture: Architecture + ArchAdapter<Driver>,

Source

pub fn new(vmi: VmiState<'a, Driver, WindowsOs<Driver>>, va: Va) -> Self

Creates a new Windows module object.

Source

pub fn table_code(&self) -> Result<u64, VmiError>

Returns the table code of the handle table.

§Notes

This value is cached after the first read.

§Implementation Details

Corresponds to _HANDLE_TABLE.TableCode.

Source

pub fn next_handle_needing_pool(&self) -> Result<u64, VmiError>

Returns the next handle needing pool.

This value tracks the next handle slot that requires additional pool allocation.

§Notes

This value is cached after the first read.

§Implementation Details

Corresponds to _HANDLE_TABLE.NextHandleNeedingPool.

Source

pub fn iter(&'a self) -> Result<HandleTableEntryIterator<'a, Driver>, VmiError>

Iterates over all handle table entries.

Returns an iterator over all handle table entries that have a valid object pointer. The iterator yields a tuple containing the handle value and the handle table entry.

§Implementation Details

The functionality is similar to the Windows kernel’s internal ExpSnapShotHandleTables() function.

Source

pub fn lookup( &self, handle: u64, ) -> Result<Option<WindowsHandleTableEntry<'a, Driver>>, VmiError>

Performs a lookup in the handle table to find the address of a handle table entry.

Implements the multi-level handle table lookup algorithm used by Windows. Returns the virtual address of the handle table entry.

§Implementation Details

The functionality is similar to the Windows kernel’s internal ExpLookupHandleTableEntry() function.

Trait Implementations§

Source§

impl<Driver> VmiVa for WindowsHandleTable<'_, Driver>
where Driver: VmiDriver, Driver::Architecture: Architecture + ArchAdapter<Driver>,

Source§

fn va(&self) -> Va

Returns the virtual address.

Auto Trait Implementations§

§

impl<'a, Driver> !Freeze for WindowsHandleTable<'a, Driver>

§

impl<'a, Driver> !RefUnwindSafe for WindowsHandleTable<'a, Driver>

§

impl<'a, Driver> !Send for WindowsHandleTable<'a, Driver>

§

impl<'a, Driver> !Sync for WindowsHandleTable<'a, Driver>

§

impl<'a, Driver> Unpin for WindowsHandleTable<'a, Driver>

§

impl<'a, Driver> !UnwindSafe for WindowsHandleTable<'a, Driver>

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> ErasedDestructor for T
where T: 'static,