Data Fields | |
| uint32_t | mode |
| uint32_t | error_mode |
| char * | sysmap |
| char * | image_type |
| uint32_t | page_offset |
| uint32_t | page_shift |
| uint32_t | page_size |
| uint32_t | kpgd |
| uint32_t | init_task |
| int | os_type |
| int | hvm |
| int | pae |
| int | pse |
| uint32_t | cr3 |
| xa_cache_entry_t | cache_head |
| xa_cache_entry_t | cache_tail |
| int | current_cache_size |
| xa_pid_cache_entry_t | pid_cache_head |
| xa_pid_cache_entry_t | pid_cache_tail |
| int | current_pid_cache_size |
| int | tasks_offset |
| int | mm_offset |
| int | pid_offset |
| int | pgd_offset |
| int | addr_offset |
| uint32_t | ntoskrnl |
| int | pdbase_offset |
| int | peb_offset |
| int | iba_offset |
| int | ph_offset |
| FILE * | fhandle |
| uint32_t | size |
This struct holds all of the relavent information for an instance of XenAccess. Each time a new domain is accessed, a new instance must be created using the xa_init function. When you are done with an instance, its resources can be freed using the xa_destroy function.
| uint32_t xa_instance::mode |
file or xen VM data source
| uint32_t xa_instance::error_mode |
XA_FAILHARD or XA_FAILSOFT
| char* xa_instance::sysmap |
system map file for domain's running kernel
| char* xa_instance::image_type |
image type that we are accessing
| uint32_t xa_instance::page_offset |
page offset for this instance
| uint32_t xa_instance::page_shift |
page shift for last mapped page
| uint32_t xa_instance::page_size |
page size for last mapped page
| uint32_t xa_instance::kpgd |
kernel page global directory
| uint32_t xa_instance::init_task |
address of task struct for init
type of os: XA_OS_LINUX, etc
| int xa_instance::hvm |
nonzero if HVM memory image
| int xa_instance::pae |
nonzero if PAE is enabled
| int xa_instance::pse |
nonzero if PSE is enabled
| uint32_t xa_instance::cr3 |
value in the CR3 register
| xa_cache_entry_t xa_instance::cache_head |
head of the address cache list
| xa_cache_entry_t xa_instance::cache_tail |
tail of the address cache list
size of the address cache list
| xa_pid_cache_entry_t xa_instance::pid_cache_head |
head of the pid cache list
| xa_pid_cache_entry_t xa_instance::pid_cache_tail |
tail of the pid cache list
size of the pid cache list
task_struct->tasks
task_struct->mm
task_struct->pid
mm_struct->pgd
mm_struct->start_code
| uint32_t xa_instance::ntoskrnl |
base phys address for ntoskrnl image
EPROCESS->Pcb.DirectoryTableBase
EPROCESS->Peb
EPROCESS->Peb.ImageBaseAddress
EPROCESS->Peb.ProcessHeap
| FILE* xa_instance::fhandle |
handle to the memory image file
| uint32_t xa_instance::size |
total size of file, in bytes
1.4.7