mirror-ac/driver/modules.h

#ifndef MODULES_H
#define MODULES_H

#include <ntifs.h>
#include <intrin.h>

#include "common.h"
#include "queue.h"

typedef struct NMI_CALLBACK_FAILURE
{
	INT report_code;
	INT were_nmis_disabled;
	UINT64 kthread_address;
	UINT64 invalid_rip;

}NMI_CALLBACK_FAILURE, * PNMI_CALLBACK_FAILURE;

typedef struct _MODULE_VALIDATION_FAILURE
{
	INT report_code;
	INT report_type;
	UINT64 driver_base_address;
	UINT64 driver_size;
	CHAR driver_name[128];

}MODULE_VALIDATION_FAILURE, * PMODULE_VALIDATION_FAILURE;

#define APC_STACKWALK_BUFFER_SIZE 4096

typedef struct _APC_STACKWALK_REPORT
{
	INT report_code;
	UINT64 kthread_address;
	UINT64 invalid_rip;
	CHAR driver[APC_STACKWALK_BUFFER_SIZE];

}APC_STACKWALK_REPORT, * PAPC_STACKWALK_REPORT;

typedef struct _APC_OPERATION_ID
{
	int operation_id;

}APC_OPERATION_ID, * PAPC_OPERATION_ID;

/* system modules information */

typedef struct _SYSTEM_MODULES
{
	PVOID address;
	INT module_count;

}SYSTEM_MODULES, * PSYSTEM_MODULES;

#define APC_CONTEXT_ID_STACKWALK 0x1

typedef struct _APC_CONTEXT_HEADER
{
	LONG context_id;
	volatile INT count;
	volatile INT allocation_in_progress;

}APC_CONTEXT_HEADER, * PAPC_CONTEXT_HEADER;

typedef struct _APC_STACKWALK_CONTEXT
{
	APC_CONTEXT_HEADER header;
	PSYSTEM_MODULES modules;

}APC_STACKWALK_CONTEXT, * PAPC_STACKWALK_CONTEXT;

NTSTATUS
GetSystemModuleInformation(
	_Inout_ PSYSTEM_MODULES ModuleInformation
);

NTSTATUS
HandleValidateDriversIOCTL(
	_Inout_ PIRP Irp
);

PRTL_MODULE_EXTENDED_INFO
FindSystemModuleByName(
	_In_ LPCSTR ModuleName,
	_In_ PSYSTEM_MODULES SystemModules
);

NTSTATUS
HandleNmiIOCTL(
	_Inout_ PIRP Irp
);

BOOLEAN
FreeApcContextStructure(
	_Inout_ PAPC_CONTEXT_HEADER Context
);

NTSTATUS
ValidateThreadsViaKernelApc();

VOID
FreeApcStackwalkApcContextInformation(
	_Inout_ PAPC_STACKWALK_CONTEXT Context
);

NTSTATUS
IsInstructionPointerInInvalidRegion(
	_In_ UINT64 RIP,
	_In_ PSYSTEM_MODULES SystemModules,
	_Out_ PBOOLEAN Result
);

BOOLEAN
FlipKThreadMiscFlagsFlag(
	_In_ PKTHREAD Thread,
	_In_ LONG FlagIndex,
	_In_ BOOLEAN NewValue
);

NTSTATUS
LaunchInterProcessInterrupt(
	_In_ PIRP Irp
);

#endif
big money changes to driver 2023-08-19 04:52:57 +02:00			`#ifndef MODULES_H`
			`#define MODULES_H`

			`#include <ntifs.h>`
			`#include <intrin.h>`
gah memory leak waaaaa 2023-09-25 17:41:38 +02:00
AAAAAA 2023-08-22 19:32:25 +02:00			`#include "common.h"`
gah memory leak waaaaa 2023-09-25 17:41:38 +02:00			`#include "queue.h"`
big money changes to driver 2023-08-19 04:52:57 +02:00
bed time c: 2023-08-28 17:00:52 +02:00			`typedef struct NMI_CALLBACK_FAILURE`
			`{`
			`INT report_code;`
			`INT were_nmis_disabled;`
			`UINT64 kthread_address;`
			`UINT64 invalid_rip;`

			`}NMI_CALLBACK_FAILURE, * PNMI_CALLBACK_FAILURE;`

big money changes to driver 2023-08-19 04:52:57 +02:00			`typedef struct _MODULE_VALIDATION_FAILURE`
			`{`
			`INT report_code;`
e 2023-08-19 11:44:42 +02:00			`INT report_type;`
big money changes to driver 2023-08-19 04:52:57 +02:00			`UINT64 driver_base_address;`
			`UINT64 driver_size;`
da 2023-10-05 08:27:17 +02:00			`CHAR driver_name[128];`
big money changes to driver 2023-08-19 04:52:57 +02:00
da 2023-10-05 08:27:17 +02:00			`}MODULE_VALIDATION_FAILURE, * PMODULE_VALIDATION_FAILURE;`
big money changes to driver 2023-08-19 04:52:57 +02:00
few changes 2023-09-28 15:56:07 +02:00			`#define APC_STACKWALK_BUFFER_SIZE 4096`

			`typedef struct _APC_STACKWALK_REPORT`
			`{`
			`INT report_code;`
			`UINT64 kthread_address;`
			`UINT64 invalid_rip;`
da 2023-10-05 08:27:17 +02:00			`CHAR driver[APC_STACKWALK_BUFFER_SIZE];`
few changes 2023-09-28 15:56:07 +02:00
da 2023-10-05 08:27:17 +02:00			`}APC_STACKWALK_REPORT, * PAPC_STACKWALK_REPORT;`
few changes 2023-09-28 15:56:07 +02:00
apc operation stuff 2023-09-28 18:10:01 +02:00			`typedef struct _APC_OPERATION_ID`
			`{`
			`int operation_id;`

da 2023-10-05 08:27:17 +02:00			`}APC_OPERATION_ID, * PAPC_OPERATION_ID;`
apc operation stuff 2023-09-28 18:10:01 +02:00
big money changes to driver 2023-08-19 04:52:57 +02:00			`/* system modules information */`

			`typedef struct _SYSTEM_MODULES`
			`{`
			`PVOID address;`
			`INT module_count;`

			`}SYSTEM_MODULES, * PSYSTEM_MODULES;`

gah memory leak waaaaa 2023-09-25 17:41:38 +02:00			`#define APC_CONTEXT_ID_STACKWALK 0x1`

			`typedef struct _APC_CONTEXT_HEADER`
			`{`
			`LONG context_id;`
change da apc ref count stuff 2023-09-26 12:00:45 +02:00			`volatile INT count;`
fix apc free deadlock ting 2023-09-27 06:22:14 +02:00			`volatile INT allocation_in_progress;`
gah memory leak waaaaa 2023-09-25 17:41:38 +02:00
change da apc ref count stuff 2023-09-26 12:00:45 +02:00			`}APC_CONTEXT_HEADER, * PAPC_CONTEXT_HEADER;`

			`typedef struct _APC_STACKWALK_CONTEXT`
			`{`
			`APC_CONTEXT_HEADER header;`
			`PSYSTEM_MODULES modules;`

			`}APC_STACKWALK_CONTEXT, * PAPC_STACKWALK_CONTEXT;`
gah memory leak waaaaa 2023-09-25 17:41:38 +02:00
da 2023-10-05 08:27:17 +02:00			`NTSTATUS`
fix apc free deadlock ting 2023-09-27 06:22:14 +02:00			`GetSystemModuleInformation(`
some comments n stuf 2023-09-26 15:48:21 +02:00			`_Inout_ PSYSTEM_MODULES ModuleInformation`
big money changes to driver 2023-08-19 04:52:57 +02:00			`);`

da 2023-10-05 08:27:17 +02:00			`NTSTATUS`
fix apc free deadlock ting 2023-09-27 06:22:14 +02:00			`HandleValidateDriversIOCTL(`
sum stuff c: 2023-10-07 17:37:47 +02:00			`_Inout_ PIRP Irp`
big money changes to driver 2023-08-19 04:52:57 +02:00			`);`

da 2023-10-05 08:27:17 +02:00			`PRTL_MODULE_EXTENDED_INFO`
fix apc free deadlock ting 2023-09-27 06:22:14 +02:00			`FindSystemModuleByName(`
AAAAAA 2023-08-22 19:32:25 +02:00			`_In_ LPCSTR ModuleName,`
			`_In_ PSYSTEM_MODULES SystemModules`
			`);`

da 2023-10-05 08:27:17 +02:00			`NTSTATUS`
fix apc free deadlock ting 2023-09-27 06:22:14 +02:00			`HandleNmiIOCTL(`
sum stuff c: 2023-10-07 17:37:47 +02:00			`_Inout_ PIRP Irp`
e 2023-09-02 15:47:15 +02:00			`);`

fixed apc leak :DDD 2023-09-26 15:32:06 +02:00			`BOOLEAN`
			`FreeApcContextStructure(`
			`_Inout_ PAPC_CONTEXT_HEADER Context`
gah memory leak waaaaa 2023-09-25 17:41:38 +02:00			`);`

da 2023-10-05 08:27:17 +02:00			`NTSTATUS`
fix apc free deadlock ting 2023-09-27 06:22:14 +02:00			`ValidateThreadsViaKernelApc();`
some stuffffffff 2023-09-24 13:13:20 +02:00
fixed apc leak :DDD 2023-09-26 15:32:06 +02:00			`VOID`
			`FreeApcStackwalkApcContextInformation(`
sum stuff c: 2023-10-07 17:37:47 +02:00			`_Inout_ PAPC_STACKWALK_CONTEXT Context`
			`);`

			`NTSTATUS`
			`IsInstructionPointerInInvalidRegion(`
			`_In_ UINT64 RIP,`
			`_In_ PSYSTEM_MODULES SystemModules,`
			`_Out_ PBOOLEAN Result`
			`);`

			`BOOLEAN`
			`FlipKThreadMiscFlagsFlag(`
			`_In_ PKTHREAD Thread,`
			`_In_ LONG FlagIndex,`
			`_In_ BOOLEAN NewValue`
fixed apc leak :DDD 2023-09-26 15:32:06 +02:00			`);`
change da apc ref count stuff 2023-09-26 12:00:45 +02:00
ipi interrupt, readme, some bug fix 2023-10-30 12:57:24 +01:00			`NTSTATUS`
			`LaunchInterProcessInterrupt(`
			`_In_ PIRP Irp`
			`);`

big money changes to driver 2023-08-19 04:52:57 +02:00			`#endif`