2023-08-17 10:45:50 +02:00
|
|
|
#ifndef DRIVER_H
|
|
|
|
|
#define DRIVER_H
|
|
|
|
|
|
|
|
|
|
#include <ntifs.h>
|
|
|
|
|
#include <wdftypes.h>
|
|
|
|
|
#include <wdf.h>
|
2023-09-25 17:41:38 +02:00
|
|
|
|
2023-09-02 15:47:15 +02:00
|
|
|
#include "common.h"
|
2023-09-25 17:41:38 +02:00
|
|
|
#include "queue.h"
|
|
|
|
|
#include "modules.h"
|
2023-12-31 15:06:24 +01:00
|
|
|
#include "integrity.h"
|
2023-08-17 10:45:50 +02:00
|
|
|
|
2023-12-13 05:06:27 +01:00
|
|
|
#define DRIVER_PATH_MAX_LENGTH 512
|
|
|
|
|
#define MOTHERBOARD_SERIAL_CODE_LENGTH 64
|
2023-09-11 06:53:46 +02:00
|
|
|
#define DEVICE_DRIVE_0_SERIAL_CODE_LENGTH 64
|
2023-09-04 15:36:26 +02:00
|
|
|
|
2023-09-18 05:15:26 +02:00
|
|
|
#define MAX_REPORTS_PER_IRP 20
|
|
|
|
|
|
2023-09-05 18:04:06 +02:00
|
|
|
#define POOL_TAG_STRINGS 'strs'
|
|
|
|
|
|
2023-09-06 17:33:08 +02:00
|
|
|
#define IOCTL_STORAGE_QUERY_PROPERTY 0x002D1400
|
|
|
|
|
|
2023-12-25 16:54:35 +01:00
|
|
|
typedef enum _ENVIRONMENT_TYPE
|
|
|
|
|
{
|
|
|
|
|
NativeWindows = 0,
|
|
|
|
|
Vmware,
|
|
|
|
|
VirtualBox
|
|
|
|
|
|
|
|
|
|
} ENVIRONMENT_TYPE;
|
|
|
|
|
|
|
|
|
|
typedef enum _PROCESSOR_TYPE
|
|
|
|
|
{
|
|
|
|
|
Unknown = 0,
|
|
|
|
|
GenuineIntel,
|
|
|
|
|
AuthenticAmd
|
|
|
|
|
|
|
|
|
|
} PROCESSOR_TYPE;
|
|
|
|
|
|
|
|
|
|
#define VENDOR_STRING_MAX_LENGTH 256
|
|
|
|
|
|
2023-09-04 15:36:26 +02:00
|
|
|
typedef struct _SYSTEM_INFORMATION
|
|
|
|
|
{
|
2023-12-25 16:54:35 +01:00
|
|
|
CHAR motherboard_serial[MOTHERBOARD_SERIAL_CODE_LENGTH];
|
|
|
|
|
CHAR drive_0_serial[DEVICE_DRIVE_0_SERIAL_CODE_LENGTH];
|
|
|
|
|
CHAR vendor[VENDOR_STRING_MAX_LENGTH];
|
|
|
|
|
BOOLEAN virtualised_environment;
|
|
|
|
|
ENVIRONMENT_TYPE environment;
|
|
|
|
|
PROCESSOR_TYPE processor;
|
|
|
|
|
RTL_OSVERSIONINFOW os_information;
|
2023-09-04 15:36:26 +02:00
|
|
|
|
2023-12-13 05:06:27 +01:00
|
|
|
} SYSTEM_INFORMATION, *PSYSTEM_INFORMATION;
|
2023-09-01 18:45:06 +02:00
|
|
|
|
2023-10-09 18:27:04 +02:00
|
|
|
typedef struct _OB_CALLBACKS_CONFIG
|
2023-10-06 10:30:14 +02:00
|
|
|
{
|
2023-12-13 05:06:27 +01:00
|
|
|
PVOID registration_handle;
|
|
|
|
|
KGUARDED_MUTEX lock;
|
2023-10-06 10:30:14 +02:00
|
|
|
|
2023-12-13 05:06:27 +01:00
|
|
|
} OB_CALLBACKS_CONFIG, *POB_CALLBACKS_CONFIG;
|
2023-10-06 10:30:14 +02:00
|
|
|
|
2023-10-10 15:52:42 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-10-09 18:27:04 +02:00
|
|
|
NTSTATUS
|
2023-12-13 05:06:27 +01:00
|
|
|
ProcLoadInitialiseProcessConfig(_In_ PIRP Irp);
|
2023-08-20 16:12:04 +02:00
|
|
|
|
2023-10-10 15:52:42 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-12-13 05:06:27 +01:00
|
|
|
VOID
|
|
|
|
|
GetProtectedProcessEProcess(_Out_ PEPROCESS* Process);
|
2023-08-20 16:12:04 +02:00
|
|
|
|
2023-10-10 15:52:42 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-12-13 05:06:27 +01:00
|
|
|
VOID
|
|
|
|
|
GetProtectedProcessId(_Out_ PLONG ProcessId);
|
2023-08-24 17:10:40 +02:00
|
|
|
|
2023-10-10 15:52:42 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-12-13 05:06:27 +01:00
|
|
|
VOID
|
|
|
|
|
ReadProcessInitialisedConfigFlag(_Out_ PBOOLEAN Flag);
|
2023-08-20 16:12:04 +02:00
|
|
|
|
2023-10-10 15:52:42 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-12-13 05:06:27 +01:00
|
|
|
VOID
|
|
|
|
|
GetDriverPath(_Out_ PUNICODE_STRING DriverPath);
|
2023-09-01 18:45:06 +02:00
|
|
|
|
2023-10-10 15:52:42 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-12-13 05:06:27 +01:00
|
|
|
VOID
|
|
|
|
|
GetDriverConfigSystemInformation(_Out_ PSYSTEM_INFORMATION* SystemInformation);
|
2023-08-24 15:12:49 +02:00
|
|
|
|
2023-10-11 08:35:20 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-12-13 05:06:27 +01:00
|
|
|
VOID
|
|
|
|
|
GetApcContext(_Inout_ PVOID* Context, _In_ LONG ContextIdentifier);
|
2023-09-25 17:41:38 +02:00
|
|
|
|
2023-10-11 08:35:20 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-12-13 05:06:27 +01:00
|
|
|
NTSTATUS
|
|
|
|
|
InsertApcContext(_In_ PVOID Context);
|
2023-09-25 17:41:38 +02:00
|
|
|
|
2023-10-11 08:35:20 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-09-26 12:00:45 +02:00
|
|
|
VOID
|
2023-12-13 05:06:27 +01:00
|
|
|
GetApcContextByIndex(_Inout_ PVOID* Context, _In_ INT Index);
|
2023-09-25 17:41:38 +02:00
|
|
|
|
2023-10-11 08:35:20 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-09-26 15:32:06 +02:00
|
|
|
VOID
|
2023-12-13 05:06:27 +01:00
|
|
|
IncrementApcCount(_In_ LONG ContextId);
|
2023-09-26 15:32:06 +02:00
|
|
|
|
2023-10-11 08:35:20 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-09-26 15:32:06 +02:00
|
|
|
VOID
|
2023-12-13 05:06:27 +01:00
|
|
|
FreeApcAndDecrementApcCount(_Inout_ PRKAPC Apc, _In_ LONG ContextId);
|
2023-09-26 15:32:06 +02:00
|
|
|
|
2023-10-11 08:35:20 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-09-27 06:22:14 +02:00
|
|
|
NTSTATUS
|
2023-10-10 15:52:42 +02:00
|
|
|
QueryActiveApcContextsForCompletion();
|
2023-09-27 06:22:14 +02:00
|
|
|
|
2023-10-05 08:27:17 +02:00
|
|
|
VOID
|
2023-10-09 18:27:04 +02:00
|
|
|
TerminateProtectedProcessOnViolation();
|
2023-09-26 15:32:06 +02:00
|
|
|
|
2023-10-10 15:52:42 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-10-06 10:30:14 +02:00
|
|
|
NTSTATUS
|
2023-10-09 18:27:04 +02:00
|
|
|
ProcLoadEnableObCallbacks();
|
2023-10-06 10:30:14 +02:00
|
|
|
|
2023-10-10 15:52:42 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-10-06 10:30:14 +02:00
|
|
|
VOID
|
2023-10-09 18:27:04 +02:00
|
|
|
ProcCloseDisableObCallbacks();
|
2023-10-06 13:08:30 +02:00
|
|
|
|
2023-10-10 15:52:42 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-10-09 18:27:04 +02:00
|
|
|
VOID
|
|
|
|
|
ProcCloseClearProcessConfiguration();
|
2023-10-06 10:30:14 +02:00
|
|
|
|
2023-10-10 15:52:42 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-10-06 10:30:14 +02:00
|
|
|
VOID
|
2023-12-13 05:06:27 +01:00
|
|
|
GetCallbackConfigStructure(_Out_ POB_CALLBACKS_CONFIG* CallbackConfiguration);
|
2023-10-06 10:30:14 +02:00
|
|
|
|
2023-11-18 11:40:22 +01:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
|
|
|
|
VOID
|
2023-12-13 05:06:27 +01:00
|
|
|
ImageLoadSetProcessId(_In_ HANDLE ProcessId);
|
2023-11-18 11:40:22 +01:00
|
|
|
|
2023-10-10 15:52:42 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-10-06 13:08:30 +02:00
|
|
|
VOID
|
2023-12-13 05:06:27 +01:00
|
|
|
GetDriverDeviceName(_Out_ PUNICODE_STRING DeviceName);
|
2023-10-06 13:08:30 +02:00
|
|
|
|
2023-10-10 15:52:42 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-10-06 13:08:30 +02:00
|
|
|
VOID
|
2023-12-13 05:06:27 +01:00
|
|
|
GetDriverRegistryPath(_Out_ PUNICODE_STRING RegistryPath);
|
2023-10-06 13:08:30 +02:00
|
|
|
|
2023-10-10 15:52:42 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-12-13 05:06:27 +01:00
|
|
|
VOID
|
|
|
|
|
GetDriverName(_Out_ LPCSTR* DriverName);
|
2023-10-06 13:08:30 +02:00
|
|
|
|
2023-10-10 15:52:42 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-10-06 13:08:30 +02:00
|
|
|
VOID
|
2023-12-13 05:06:27 +01:00
|
|
|
GetDriverSymbolicLink(_Out_ PUNICODE_STRING DeviceSymbolicLink);
|
2023-10-06 13:08:30 +02:00
|
|
|
|
2023-12-31 15:06:24 +01:00
|
|
|
PDEVICE_OBJECT
|
|
|
|
|
GetDriverDeviceObject();
|
|
|
|
|
|
|
|
|
|
GetSystemModuleValidationContext(_Out_ PSYS_MODULE_VAL_CONTEXT* Context);
|
|
|
|
|
|
2024-01-07 05:13:41 +01:00
|
|
|
PDRIVER_OBJECT
|
|
|
|
|
GetDriverObject();
|
|
|
|
|
|
2023-08-17 10:45:50 +02:00
|
|
|
#endif
|
