2023-08-17 10:45:50 +02:00
|
|
|
#include "kmanager.h"
|
|
|
|
|
|
2023-12-25 16:54:35 +01:00
|
|
|
kernelmode::KManager::KManager(LPCWSTR DriverName,
|
|
|
|
|
std::shared_ptr<global::ThreadPool> ThreadPool,
|
|
|
|
|
std::shared_ptr<global::Client> ReportInterface)
|
2023-08-17 10:45:50 +02:00
|
|
|
{
|
2023-12-25 16:54:35 +01:00
|
|
|
this->driver_interface = std::make_unique<Driver>(DriverName, ReportInterface);
|
|
|
|
|
this->thread_pool = ThreadPool;
|
2023-08-17 10:45:50 +02:00
|
|
|
}
|
2023-08-19 04:52:57 +02:00
|
|
|
|
2023-12-25 16:54:35 +01:00
|
|
|
void
|
|
|
|
|
kernelmode::KManager::RunNmiCallbacks()
|
2023-08-19 04:52:57 +02:00
|
|
|
{
|
2023-12-25 16:54:35 +01:00
|
|
|
this->thread_pool->QueueJob([this]() { this->driver_interface->RunNmiCallbacks(); });
|
2023-08-19 04:52:57 +02:00
|
|
|
}
|
|
|
|
|
|
2023-12-25 16:54:35 +01:00
|
|
|
void
|
|
|
|
|
kernelmode::KManager::VerifySystemModuleDriverObjects()
|
2023-08-19 04:52:57 +02:00
|
|
|
{
|
2023-12-25 16:54:35 +01:00
|
|
|
this->thread_pool->QueueJob(
|
|
|
|
|
[this]() { this->driver_interface->VerifySystemModuleDriverObjects(); });
|
2023-08-19 04:52:57 +02:00
|
|
|
}
|
2023-08-20 16:12:04 +02:00
|
|
|
|
2023-12-25 16:54:35 +01:00
|
|
|
void
|
|
|
|
|
kernelmode::KManager::MonitorCallbackReports()
|
2023-08-20 16:12:04 +02:00
|
|
|
{
|
2023-12-25 16:54:35 +01:00
|
|
|
this->thread_pool->QueueJob([this]() { this->driver_interface->QueryReportQueue(); });
|
2023-08-20 16:12:04 +02:00
|
|
|
}
|
2023-08-21 17:48:34 +02:00
|
|
|
|
2023-12-25 16:54:35 +01:00
|
|
|
void
|
|
|
|
|
kernelmode::KManager::DetectSystemVirtualization()
|
2023-08-21 17:48:34 +02:00
|
|
|
{
|
2023-12-25 16:54:35 +01:00
|
|
|
this->thread_pool->QueueJob(
|
|
|
|
|
[this]() { this->driver_interface->DetectSystemVirtualization(); });
|
2023-08-21 17:48:34 +02:00
|
|
|
}
|
2023-08-23 14:14:20 +02:00
|
|
|
|
2023-12-25 16:54:35 +01:00
|
|
|
void
|
|
|
|
|
kernelmode::KManager::EnumerateHandleTables()
|
2023-08-23 14:14:20 +02:00
|
|
|
{
|
2023-12-25 16:54:35 +01:00
|
|
|
this->thread_pool->QueueJob(
|
|
|
|
|
[this]() { this->driver_interface->CheckHandleTableEntries(); });
|
2023-08-23 14:14:20 +02:00
|
|
|
}
|
|
|
|
|
|
2023-12-25 16:54:35 +01:00
|
|
|
void
|
|
|
|
|
kernelmode::KManager::RequestModuleExecutableRegionsForIntegrityCheck()
|
2023-08-23 14:14:20 +02:00
|
|
|
{
|
2023-12-25 16:54:35 +01:00
|
|
|
this->thread_pool->QueueJob(
|
|
|
|
|
[this]() { this->driver_interface->RequestModuleExecutableRegions(); });
|
2023-08-30 13:27:23 +02:00
|
|
|
}
|
|
|
|
|
|
2023-12-25 16:54:35 +01:00
|
|
|
VOID
|
|
|
|
|
kernelmode::KManager::ScanPoolsForUnlinkedProcesses()
|
2023-08-30 13:27:23 +02:00
|
|
|
{
|
2023-12-25 16:54:35 +01:00
|
|
|
this->thread_pool->QueueJob([this]() { this->driver_interface->ScanForUnlinkedProcess(); });
|
2023-08-30 13:27:23 +02:00
|
|
|
}
|
2023-09-01 13:46:31 +02:00
|
|
|
|
2023-12-25 16:54:35 +01:00
|
|
|
VOID
|
|
|
|
|
kernelmode::KManager::PerformIntegrityCheck()
|
2023-09-01 13:46:31 +02:00
|
|
|
{
|
2023-12-25 16:54:35 +01:00
|
|
|
this->thread_pool->QueueJob([this]() { this->driver_interface->PerformIntegrityCheck(); });
|
2023-09-01 13:46:31 +02:00
|
|
|
}
|
2023-09-02 15:47:15 +02:00
|
|
|
|
2023-12-25 16:54:35 +01:00
|
|
|
VOID
|
|
|
|
|
kernelmode::KManager::CheckForAttachedThreads()
|
2023-09-02 15:47:15 +02:00
|
|
|
{
|
2023-12-25 16:54:35 +01:00
|
|
|
this->thread_pool->QueueJob(
|
|
|
|
|
[this]() { this->driver_interface->CheckForAttachedThreads(); });
|
2023-09-02 15:47:15 +02:00
|
|
|
}
|
2023-09-05 11:16:32 +02:00
|
|
|
|
2023-12-25 16:54:35 +01:00
|
|
|
VOID
|
|
|
|
|
kernelmode::KManager::ValidateProcessModules()
|
2023-09-05 11:16:32 +02:00
|
|
|
{
|
2023-12-25 16:54:35 +01:00
|
|
|
this->thread_pool->QueueJob(
|
|
|
|
|
[this]() { this->driver_interface->VerifyProcessLoadedModuleExecutableRegions(); });
|
2023-09-05 11:16:32 +02:00
|
|
|
}
|
2023-09-07 19:49:36 +02:00
|
|
|
|
2023-12-25 16:54:35 +01:00
|
|
|
VOID
|
|
|
|
|
kernelmode::KManager::SendClientHardwareInformation()
|
2023-09-07 19:49:36 +02:00
|
|
|
{
|
2023-12-25 16:54:35 +01:00
|
|
|
this->driver_interface->SendClientHardwareInformation();
|
2023-09-07 19:49:36 +02:00
|
|
|
}
|
2023-09-28 18:10:01 +02:00
|
|
|
|
2023-12-25 16:54:35 +01:00
|
|
|
VOID
|
|
|
|
|
kernelmode::KManager::InitiateApcStackwalkOperation()
|
2023-09-28 18:10:01 +02:00
|
|
|
{
|
2023-12-25 16:54:35 +01:00
|
|
|
this->driver_interface->InitiateApcOperation(
|
|
|
|
|
kernelmode::APC_OPERATION_IDS::operation_stackwalk);
|
2023-09-28 18:10:01 +02:00
|
|
|
}
|
2023-10-06 07:47:01 +02:00
|
|
|
|
2023-12-25 16:54:35 +01:00
|
|
|
VOID
|
|
|
|
|
kernelmode::KManager::CheckForEptHooks()
|
2023-10-06 09:02:10 +02:00
|
|
|
{
|
2023-12-25 16:54:35 +01:00
|
|
|
this->thread_pool->QueueJob([this]() { this->driver_interface->CheckForEptHooks(); });
|
2023-10-30 12:57:24 +01:00
|
|
|
}
|
|
|
|
|
|
2023-12-25 16:54:35 +01:00
|
|
|
VOID
|
2023-12-29 17:20:32 +01:00
|
|
|
kernelmode::KManager::StackwalkThreadsViaDpc()
|
2023-10-30 12:57:24 +01:00
|
|
|
{
|
2023-12-29 17:20:32 +01:00
|
|
|
this->thread_pool->QueueJob([this]() { this->driver_interface->StackwalkThreadsViaDpc(); });
|
2023-10-30 12:57:24 +01:00
|
|
|
}
|
|
|
|
|
|
2023-12-25 16:54:35 +01:00
|
|
|
VOID
|
|
|
|
|
kernelmode::KManager::ValidateSystemModules()
|
2023-10-30 12:57:24 +01:00
|
|
|
{
|
2023-12-25 16:54:35 +01:00
|
|
|
this->thread_pool->QueueJob([this]() { this->driver_interface->ValidateSystemModules(); });
|
2023-10-06 07:47:01 +02:00
|
|
|
}
|
