2023-08-17 10:45:50 +02:00
|
|
|
#ifndef DRIVER_H
|
|
|
|
|
#define DRIVER_H
|
|
|
|
|
|
|
|
|
|
#include <ntifs.h>
|
|
|
|
|
#include <wdftypes.h>
|
|
|
|
|
#include <wdf.h>
|
2023-09-25 17:41:38 +02:00
|
|
|
|
2023-09-02 15:47:15 +02:00
|
|
|
#include "common.h"
|
2023-09-25 17:41:38 +02:00
|
|
|
#include "queue.h"
|
|
|
|
|
#include "modules.h"
|
2023-12-31 15:06:24 +01:00
|
|
|
#include "integrity.h"
|
2024-01-13 22:33:57 +01:00
|
|
|
#include "callbacks.h"
|
2024-01-11 10:16:55 +01:00
|
|
|
|
2023-10-09 18:27:04 +02:00
|
|
|
NTSTATUS
|
2023-12-13 05:06:27 +01:00
|
|
|
ProcLoadInitialiseProcessConfig(_In_ PIRP Irp);
|
2023-08-20 16:12:04 +02:00
|
|
|
|
2023-12-13 05:06:27 +01:00
|
|
|
VOID
|
|
|
|
|
GetProtectedProcessEProcess(_Out_ PEPROCESS* Process);
|
2023-08-20 16:12:04 +02:00
|
|
|
|
2023-12-13 05:06:27 +01:00
|
|
|
VOID
|
|
|
|
|
GetProtectedProcessId(_Out_ PLONG ProcessId);
|
2023-08-24 17:10:40 +02:00
|
|
|
|
2023-12-13 05:06:27 +01:00
|
|
|
VOID
|
|
|
|
|
ReadProcessInitialisedConfigFlag(_Out_ PBOOLEAN Flag);
|
2023-08-20 16:12:04 +02:00
|
|
|
|
2023-09-27 06:22:14 +02:00
|
|
|
NTSTATUS
|
2023-10-10 15:52:42 +02:00
|
|
|
QueryActiveApcContextsForCompletion();
|
2023-09-27 06:22:14 +02:00
|
|
|
|
2023-10-05 08:27:17 +02:00
|
|
|
VOID
|
2023-10-09 18:27:04 +02:00
|
|
|
TerminateProtectedProcessOnViolation();
|
2023-09-26 15:32:06 +02:00
|
|
|
|
2023-10-06 10:30:14 +02:00
|
|
|
NTSTATUS
|
2023-10-09 18:27:04 +02:00
|
|
|
ProcLoadEnableObCallbacks();
|
2023-10-06 10:30:14 +02:00
|
|
|
|
|
|
|
|
VOID
|
2023-10-09 18:27:04 +02:00
|
|
|
ProcCloseDisableObCallbacks();
|
2023-10-06 13:08:30 +02:00
|
|
|
|
2023-10-09 18:27:04 +02:00
|
|
|
VOID
|
|
|
|
|
ProcCloseClearProcessConfiguration();
|
2023-10-06 10:30:14 +02:00
|
|
|
|
|
|
|
|
VOID
|
2023-12-13 05:06:27 +01:00
|
|
|
GetCallbackConfigStructure(_Out_ POB_CALLBACKS_CONFIG* CallbackConfiguration);
|
2023-10-06 10:30:14 +02:00
|
|
|
|
2024-01-13 22:33:57 +01:00
|
|
|
LPCSTR
|
|
|
|
|
GetDriverName();
|
2023-10-06 13:08:30 +02:00
|
|
|
|
2023-12-31 15:06:24 +01:00
|
|
|
PDEVICE_OBJECT
|
|
|
|
|
GetDriverDeviceObject();
|
|
|
|
|
|
2024-01-07 05:13:41 +01:00
|
|
|
PDRIVER_OBJECT
|
|
|
|
|
GetDriverObject();
|
|
|
|
|
|
2024-01-11 10:16:55 +01:00
|
|
|
PIRP_QUEUE_HEAD
|
|
|
|
|
GetIrpQueueHead();
|
|
|
|
|
|
2024-01-13 22:33:57 +01:00
|
|
|
PSYS_MODULE_VAL_CONTEXT
|
|
|
|
|
GetSystemModuleValidationContext();
|
|
|
|
|
|
|
|
|
|
PUNICODE_STRING
|
|
|
|
|
GetDriverPath();
|
|
|
|
|
|
|
|
|
|
PUNICODE_STRING
|
|
|
|
|
GetDriverRegistryPath();
|
|
|
|
|
|
|
|
|
|
PUNICODE_STRING
|
|
|
|
|
GetDriverDeviceName();
|
|
|
|
|
|
|
|
|
|
PUNICODE_STRING
|
|
|
|
|
GetDriverSymbolicLink();
|
|
|
|
|
|
|
|
|
|
PSYSTEM_INFORMATION
|
|
|
|
|
GetDriverConfigSystemInformation();
|
|
|
|
|
|
|
|
|
|
PREPORT_QUEUE_HEAD
|
|
|
|
|
GetDriverReportQueue();
|
|
|
|
|
|
|
|
|
|
PTHREAD_LIST_HEAD
|
|
|
|
|
GetThreadList();
|
|
|
|
|
|
|
|
|
|
PDRIVER_LIST_HEAD
|
|
|
|
|
GetDriverList();
|
|
|
|
|
|
|
|
|
|
PPROCESS_LIST_HEAD
|
|
|
|
|
GetProcessList();
|
|
|
|
|
|
|
|
|
|
PUINT64
|
|
|
|
|
GetApcContextArray();
|
|
|
|
|
|
|
|
|
|
VOID
|
|
|
|
|
AcquireDriverConfigLock();
|
|
|
|
|
|
|
|
|
|
VOID
|
|
|
|
|
ReleaseDriverConfigLock();
|
|
|
|
|
|
|
|
|
|
BOOLEAN
|
|
|
|
|
IsDriverUnloading();
|
|
|
|
|
|
2023-08-17 10:45:50 +02:00
|
|
|
#endif
|
