2023-08-17 10:45:50 +02:00
|
|
|
#ifndef DRIVER_H
|
|
|
|
|
#define DRIVER_H
|
|
|
|
|
|
|
|
|
|
#include <ntifs.h>
|
|
|
|
|
#include <wdftypes.h>
|
|
|
|
|
#include <wdf.h>
|
2023-09-02 15:47:15 +02:00
|
|
|
#include "common.h"
|
2023-08-17 10:45:50 +02:00
|
|
|
|
2023-09-01 18:45:06 +02:00
|
|
|
#define DRIVER_PATH_MAX_LENGTH 512
|
2023-09-04 15:36:26 +02:00
|
|
|
#define MOTHERBOARD_SERIAL_CODE_LENGTH 128
|
2023-09-06 17:33:08 +02:00
|
|
|
#define DEVICE_DRIVE_0_SERIAL_CODE_LENGTH 256
|
2023-09-04 15:36:26 +02:00
|
|
|
|
2023-09-05 18:04:06 +02:00
|
|
|
#define POOL_TAG_STRINGS 'strs'
|
|
|
|
|
|
2023-09-06 17:33:08 +02:00
|
|
|
#define IOCTL_STORAGE_QUERY_PROPERTY 0x002D1400
|
|
|
|
|
|
2023-09-04 15:36:26 +02:00
|
|
|
typedef struct _SYSTEM_INFORMATION
|
|
|
|
|
{
|
2023-09-04 17:00:36 +02:00
|
|
|
CHAR motherboard_serial[ MOTHERBOARD_SERIAL_CODE_LENGTH ];
|
2023-09-06 17:33:08 +02:00
|
|
|
CHAR drive_0_serial[ DEVICE_DRIVE_0_SERIAL_CODE_LENGTH ];
|
2023-09-04 15:36:26 +02:00
|
|
|
|
|
|
|
|
}SYSTEM_INFORMATION, * PSYSTEM_INFORMATION;
|
2023-09-01 18:45:06 +02:00
|
|
|
|
2023-09-01 14:30:32 +02:00
|
|
|
/*
|
|
|
|
|
* This structure is strictly for driver related stuff
|
|
|
|
|
* that should only be written at driver entry.
|
|
|
|
|
*
|
|
|
|
|
* Note that the lock isnt really needed here but Im using one
|
|
|
|
|
* just in case c:
|
|
|
|
|
*/
|
2023-08-24 15:12:49 +02:00
|
|
|
typedef struct _DRIVER_CONFIG
|
|
|
|
|
{
|
2023-09-01 18:45:06 +02:00
|
|
|
UNICODE_STRING unicode_driver_name;
|
|
|
|
|
ANSI_STRING ansi_driver_name;
|
2023-09-01 14:30:32 +02:00
|
|
|
UNICODE_STRING device_name;
|
|
|
|
|
UNICODE_STRING device_symbolic_link;
|
2023-09-01 13:46:31 +02:00
|
|
|
UNICODE_STRING driver_path;
|
2023-09-01 14:30:32 +02:00
|
|
|
UNICODE_STRING registry_path;
|
2023-09-04 15:36:26 +02:00
|
|
|
SYSTEM_INFORMATION system_information;
|
2023-08-24 15:12:49 +02:00
|
|
|
KGUARDED_MUTEX lock;
|
|
|
|
|
|
|
|
|
|
}DRIVER_CONFIG, *PDRIVER_CONFIG;
|
|
|
|
|
|
2023-09-01 14:30:32 +02:00
|
|
|
/*
|
|
|
|
|
* This structure can change at anytime based on whether
|
|
|
|
|
* the target process to protect is open / closed / changes etc.
|
|
|
|
|
*/
|
|
|
|
|
typedef struct _PROCESS_CONFIG
|
|
|
|
|
{
|
|
|
|
|
BOOLEAN initialised;
|
|
|
|
|
LONG protected_process_id;
|
|
|
|
|
PEPROCESS protected_process_eprocess;
|
|
|
|
|
KGUARDED_MUTEX lock;
|
|
|
|
|
|
|
|
|
|
}PROCESS_CONFIG, *PPROCESS_CONFIG;
|
|
|
|
|
|
2023-09-02 10:54:04 +02:00
|
|
|
NTSTATUS InitialiseProcessConfigOnProcessLaunch(
|
2023-08-24 15:12:49 +02:00
|
|
|
_In_ PIRP Irp
|
2023-08-20 16:12:04 +02:00
|
|
|
);
|
|
|
|
|
|
2023-08-24 15:12:49 +02:00
|
|
|
VOID GetProtectedProcessEProcess(
|
2023-08-30 15:23:04 +02:00
|
|
|
_Out_ PEPROCESS* Process
|
2023-08-20 16:12:04 +02:00
|
|
|
);
|
|
|
|
|
|
2023-08-24 15:12:49 +02:00
|
|
|
|
|
|
|
|
VOID GetProtectedProcessId(
|
2023-08-24 17:10:40 +02:00
|
|
|
_Out_ PLONG ProcessId
|
|
|
|
|
);
|
|
|
|
|
|
2023-09-01 14:30:32 +02:00
|
|
|
VOID ReadProcessInitialisedConfigFlag(
|
2023-08-24 17:10:40 +02:00
|
|
|
_Out_ PBOOLEAN Flag
|
2023-08-20 16:12:04 +02:00
|
|
|
);
|
|
|
|
|
|
2023-09-01 18:45:06 +02:00
|
|
|
VOID GetDriverPath(
|
|
|
|
|
_In_ PUNICODE_STRING DriverPath
|
|
|
|
|
);
|
|
|
|
|
|
2023-08-24 15:12:49 +02:00
|
|
|
|
2023-09-01 13:46:31 +02:00
|
|
|
VOID TerminateProtectedProcessOnViolation();
|
|
|
|
|
|
2023-09-01 14:30:32 +02:00
|
|
|
VOID ClearProcessConfigOnProcessTermination();
|
2023-09-01 13:46:31 +02:00
|
|
|
|
2023-08-17 10:45:50 +02:00
|
|
|
#endif
|
