2023-08-17 10:45:50 +02:00
|
|
|
#ifndef KMANAGER_H
|
|
|
|
|
#define KMANAGER_H
|
|
|
|
|
|
|
|
|
|
#include <windows.h>
|
|
|
|
|
|
2023-08-22 19:32:25 +02:00
|
|
|
#include "..\client.h"
|
2023-08-17 10:45:50 +02:00
|
|
|
#include "..\threadpool.h"
|
2023-08-18 07:33:13 +02:00
|
|
|
|
2023-08-17 10:45:50 +02:00
|
|
|
#include "driver.h"
|
|
|
|
|
|
2023-12-25 16:54:35 +01:00
|
|
|
namespace kernelmode {
|
|
|
|
|
class KManager
|
2023-08-17 10:45:50 +02:00
|
|
|
{
|
2023-12-25 16:54:35 +01:00
|
|
|
std::unique_ptr<Driver> driver_interface;
|
|
|
|
|
std::shared_ptr<global::ThreadPool> thread_pool;
|
2023-08-19 04:52:57 +02:00
|
|
|
|
2024-01-11 10:16:55 +01:00
|
|
|
VOID StartIoCompletionPortThread();
|
|
|
|
|
|
2023-12-25 16:54:35 +01:00
|
|
|
public:
|
|
|
|
|
KManager(LPCWSTR DriverName,
|
|
|
|
|
std::shared_ptr<global::ThreadPool> ThreadPool,
|
|
|
|
|
std::shared_ptr<global::Client> ReportInterface);
|
|
|
|
|
|
|
|
|
|
VOID RunNmiCallbacks();
|
|
|
|
|
VOID VerifySystemModuleDriverObjects();
|
|
|
|
|
VOID MonitorCallbackReports();
|
|
|
|
|
VOID DetectSystemVirtualization();
|
|
|
|
|
VOID EnumerateHandleTables();
|
|
|
|
|
VOID RequestModuleExecutableRegionsForIntegrityCheck();
|
|
|
|
|
VOID ScanPoolsForUnlinkedProcesses();
|
|
|
|
|
VOID PerformIntegrityCheck();
|
|
|
|
|
VOID CheckForAttachedThreads();
|
|
|
|
|
VOID ValidateProcessModules();
|
|
|
|
|
VOID SendClientHardwareInformation();
|
|
|
|
|
VOID InitiateApcStackwalkOperation();
|
|
|
|
|
VOID CheckForEptHooks();
|
2023-12-29 17:20:32 +01:00
|
|
|
VOID StackwalkThreadsViaDpc();
|
2023-12-25 16:54:35 +01:00
|
|
|
VOID ValidateSystemModules();
|
2024-01-11 10:16:55 +01:00
|
|
|
VOID InsertIrpIntoIrpQueue();
|
2023-12-25 16:54:35 +01:00
|
|
|
};
|
2023-08-17 10:45:50 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#endif
|
