sentinel-stack/sentinel-vmi/src/npt_guard.c
sentinel-stack/sentinel-vmi/src/npt_guard.c
Section titled “sentinel-stack/sentinel-vmi/src/npt_guard.c”Classes
Section titled “Classes”| Name | |
|---|---|
| struct | guard_region |
Functions
Section titled “Functions”| Name | |
|---|---|
| int | resolve_syscall_table(struct vmi_session * s) |
| uint64_t | fnv1a64_init(void ) |
| uint64_t | fnv1a64_update(uint64_t h, const void * data, size_t len) |
| uint64_t | monotonic_time_us(void ) |
| int | hash_guest_region(struct vmi_session * s, uint64_t gpa, uint64_t size, uint64_t * out_hash) |
| int | parse_env_u64(const char * key, uint64_t * out_value) |
| void | clear_guard_regions(void ) |
| int | add_guard_region(const char * name, uint64_t gpa, uint64_t size, int critical) |
| int | add_env_guard_region(struct vmi_session * s, const char * name, const char * gva_env, const char * size_env, uint64_t default_size, int critical) |
| void | register_optional_signature_regions(struct vmi_session * s) |
| int | snapshot_syscall_table(struct vmi_session * s) |
| int | snapshot_guard_region(struct vmi_session * s, struct guard_region * region) |
| int | set_page_readonly(struct vmi_session * s, uint64_t gpa) |
| int | arm_guard_regions(struct vmi_session * s) |
| int | npt_guard_arm(struct vmi_session * s) |
| void | npt_guard_disarm(struct vmi_session * s) |
| void | report_syscall_table_diffs(struct vmi_session * s) |
| void | reprotect_region_pages(struct vmi_session * s, const struct guard_region * region) |
| void | npt_guard_handle_events(struct vmi_session * s) |
| int | npt_guard_protect_dynamic(struct vmi_session * s, uint64_t gpa, uint64_t size, int critical, const char * name) |
| int | npt_guard_check_bounds(uint64_t gpa, const char ** region_name, int * is_critical) |
Attributes
Section titled “Attributes”| Name | |
|---|---|
| uint64_t[512] | clean_syscall_table |
| int | snapshot_taken |
| uint64_t | clean_syscall_hash |
| uint64_t | last_integrity_check_us |
| struct guard_region[16] | guard_regions |
| int | guard_region_count |
Defines
Section titled “Defines”| Name | |
|---|---|
| KVM_MEM_READONLY | |
| MAX_GUARD_REGIONS | |
| REGION_NAME_MAX | |
| INTEGRITY_CHECK_INTERVAL_US | |
| SYS_CALL_TABLE_BASE_6_6 | |
| SYS_CALL_TABLE_SIZE | |
| DEFAULT_IDT_SIZE | |
| DEFAULT_GDT_SIZE | |
| DEFAULT_LSTAR_SIZE | |
| DEFAULT_KERNEL_TEXT_SIZE |
Functions Documentation
Section titled “Functions Documentation”function resolve_syscall_table
Section titled “function resolve_syscall_table”static int resolve_syscall_table( struct vmi_session * s)function fnv1a64_init
Section titled “function fnv1a64_init”static uint64_t fnv1a64_init( void)function fnv1a64_update
Section titled “function fnv1a64_update”static uint64_t fnv1a64_update( uint64_t h, const void * data, size_t len)function monotonic_time_us
Section titled “function monotonic_time_us”static uint64_t monotonic_time_us( void)function hash_guest_region
Section titled “function hash_guest_region”static int hash_guest_region( struct vmi_session * s, uint64_t gpa, uint64_t size, uint64_t * out_hash)function parse_env_u64
Section titled “function parse_env_u64”static int parse_env_u64( const char * key, uint64_t * out_value)function clear_guard_regions
Section titled “function clear_guard_regions”static void clear_guard_regions( void)function add_guard_region
Section titled “function add_guard_region”static int add_guard_region( const char * name, uint64_t gpa, uint64_t size, int critical)function add_env_guard_region
Section titled “function add_env_guard_region”static int add_env_guard_region( struct vmi_session * s, const char * name, const char * gva_env, const char * size_env, uint64_t default_size, int critical)function register_optional_signature_regions
Section titled “function register_optional_signature_regions”static void register_optional_signature_regions( struct vmi_session * s)function snapshot_syscall_table
Section titled “function snapshot_syscall_table”static int snapshot_syscall_table( struct vmi_session * s)function snapshot_guard_region
Section titled “function snapshot_guard_region”static int snapshot_guard_region( struct vmi_session * s, struct guard_region * region)function set_page_readonly
Section titled “function set_page_readonly”static int set_page_readonly( struct vmi_session * s, uint64_t gpa)function arm_guard_regions
Section titled “function arm_guard_regions”static int arm_guard_regions( struct vmi_session * s)function npt_guard_arm
Section titled “function npt_guard_arm”int npt_guard_arm( struct vmi_session * s)function npt_guard_disarm
Section titled “function npt_guard_disarm”void npt_guard_disarm( struct vmi_session * s)function report_syscall_table_diffs
Section titled “function report_syscall_table_diffs”static void report_syscall_table_diffs( struct vmi_session * s)function reprotect_region_pages
Section titled “function reprotect_region_pages”static void reprotect_region_pages( struct vmi_session * s, const struct guard_region * region)function npt_guard_handle_events
Section titled “function npt_guard_handle_events”void npt_guard_handle_events( struct vmi_session * s)function npt_guard_protect_dynamic
Section titled “function npt_guard_protect_dynamic”int npt_guard_protect_dynamic( struct vmi_session * s, uint64_t gpa, uint64_t size, int critical, const char * name)function npt_guard_check_bounds
Section titled “function npt_guard_check_bounds”int npt_guard_check_bounds( uint64_t gpa, const char ** region_name, int * is_critical)Attributes Documentation
Section titled “Attributes Documentation”variable clean_syscall_table
Section titled “variable clean_syscall_table”static uint64_t[512] clean_syscall_table;variable snapshot_taken
Section titled “variable snapshot_taken”static int snapshot_taken = 0;variable clean_syscall_hash
Section titled “variable clean_syscall_hash”static uint64_t clean_syscall_hash = 0;variable last_integrity_check_us
Section titled “variable last_integrity_check_us”static uint64_t last_integrity_check_us = 0;variable guard_regions
Section titled “variable guard_regions”static struct guard_region[16] guard_regions;variable guard_region_count
Section titled “variable guard_region_count”static int guard_region_count = 0;Macros Documentation
Section titled “Macros Documentation”define KVM_MEM_READONLY
Section titled “define KVM_MEM_READONLY”#define KVM_MEM_READONLY (1UL << 1)define MAX_GUARD_REGIONS
Section titled “define MAX_GUARD_REGIONS”#define MAX_GUARD_REGIONS 16define REGION_NAME_MAX
Section titled “define REGION_NAME_MAX”#define REGION_NAME_MAX 32define INTEGRITY_CHECK_INTERVAL_US
Section titled “define INTEGRITY_CHECK_INTERVAL_US”#define INTEGRITY_CHECK_INTERVAL_US 500000ULLdefine SYS_CALL_TABLE_BASE_6_6
Section titled “define SYS_CALL_TABLE_BASE_6_6”#define SYS_CALL_TABLE_BASE_6_6 0xffffffff82200300ULLdefine SYS_CALL_TABLE_SIZE
Section titled “define SYS_CALL_TABLE_SIZE”#define SYS_CALL_TABLE_SIZE (512 * 8)define DEFAULT_IDT_SIZE
Section titled “define DEFAULT_IDT_SIZE”#define DEFAULT_IDT_SIZE 0x1000ULLdefine DEFAULT_GDT_SIZE
Section titled “define DEFAULT_GDT_SIZE”#define DEFAULT_GDT_SIZE 0x1000ULLdefine DEFAULT_LSTAR_SIZE
Section titled “define DEFAULT_LSTAR_SIZE”#define DEFAULT_LSTAR_SIZE 0x100ULLdefine DEFAULT_KERNEL_TEXT_SIZE
Section titled “define DEFAULT_KERNEL_TEXT_SIZE”#define DEFAULT_KERNEL_TEXT_SIZE 0x200000ULLUpdated on 2026-05-26 at 13:25:29 +0000