2023-08-17 10:45:50 +02:00
|
|
|
#ifndef KMANAGER_H
|
|
|
|
|
#define KMANAGER_H
|
|
|
|
|
|
|
|
|
|
#include <windows.h>
|
|
|
|
|
|
2023-08-22 19:32:25 +02:00
|
|
|
#include "..\client.h"
|
2023-08-17 10:45:50 +02:00
|
|
|
#include "..\threadpool.h"
|
2023-08-18 07:33:13 +02:00
|
|
|
|
2023-08-17 10:45:50 +02:00
|
|
|
#include "driver.h"
|
|
|
|
|
|
|
|
|
|
namespace kernelmode
|
|
|
|
|
{
|
|
|
|
|
class KManager
|
|
|
|
|
{
|
|
|
|
|
std::unique_ptr<Driver> driver_interface;
|
|
|
|
|
std::shared_ptr<global::ThreadPool> thread_pool;
|
|
|
|
|
public:
|
2023-08-22 19:32:25 +02:00
|
|
|
KManager( LPCWSTR DriverName, std::shared_ptr<global::ThreadPool> ThreadPool, std::shared_ptr<global::Client> ReportInterface);
|
2023-08-19 04:52:57 +02:00
|
|
|
|
2023-08-23 14:14:20 +02:00
|
|
|
VOID RunNmiCallbacks();
|
2023-10-30 12:57:24 +01:00
|
|
|
VOID VerifySystemModuleDriverObjects();
|
2023-08-23 14:14:20 +02:00
|
|
|
VOID MonitorCallbackReports();
|
|
|
|
|
VOID DetectSystemVirtualization();
|
|
|
|
|
VOID EnumerateHandleTables();
|
|
|
|
|
VOID RequestModuleExecutableRegionsForIntegrityCheck();
|
2023-08-30 13:27:23 +02:00
|
|
|
VOID ScanPoolsForUnlinkedProcesses();
|
2023-09-01 13:46:31 +02:00
|
|
|
VOID PerformIntegrityCheck();
|
2023-09-02 15:47:15 +02:00
|
|
|
VOID CheckForAttachedThreads();
|
2023-09-05 11:16:32 +02:00
|
|
|
VOID ValidateProcessModules();
|
2023-09-08 20:41:11 +02:00
|
|
|
VOID SendClientHardwareInformation();
|
2023-09-28 18:10:01 +02:00
|
|
|
VOID InitiateApcStackwalkOperation();
|
2023-10-06 07:47:01 +02:00
|
|
|
VOID CheckForHiddenThreads();
|
2023-10-06 09:02:10 +02:00
|
|
|
VOID CheckForEptHooks();
|
2023-10-30 12:57:24 +01:00
|
|
|
VOID LaunchIpiInterrupt();
|
|
|
|
|
VOID ValidateSystemModules();
|
2023-08-17 10:45:50 +02:00
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#endif
|
