mirror-ac/driver/modules.h

#ifndef MODULES_H
#define MODULES_H

#include <ntifs.h>
#include <intrin.h>
#include "common.h"

#define REPORT_MODULE_VALIDATION_FAILURE 60
#define MODULE_VALIDATION_FAILURE_MAX_REPORT_COUNT 20

#define MODULE_REPORT_DRIVER_NAME_BUFFER_SIZE 128

#define REASON_NO_BACKING_MODULE 1
#define REASON_INVALID_IOCTL_DISPATCH 2

typedef struct _MODULE_VALIDATION_FAILURE_HEADER
{
	INT module_count;

}MODULE_VALIDATION_FAILURE_HEADER, *PMODULE_VALIDATION_FAILURE_HEADER;

typedef struct _MODULE_VALIDATION_FAILURE
{
	INT report_code;
	INT report_type;
	UINT64 driver_base_address;
	UINT64 driver_size;
	CHAR driver_name[ 128 ];

}MODULE_VALIDATION_FAILURE, *PMODULE_VALIDATION_FAILURE;

typedef struct _INVALID_DRIVER
{
	struct _INVALID_DRIVER* next;
	INT reason;
	PDRIVER_OBJECT driver;

}INVALID_DRIVER, * PINVALID_DRIVER;

typedef struct _INVALID_DRIVERS_HEAD
{
	PINVALID_DRIVER first_entry;
	INT count;		//keeps track of the number of drivers in the list

}INVALID_DRIVERS_HEAD, * PINVALID_DRIVERS_HEAD;

/* system modules information */

typedef struct _SYSTEM_MODULES
{
	PVOID address;
	INT module_count;

}SYSTEM_MODULES, * PSYSTEM_MODULES;

NTSTATUS GetSystemModuleInformation(
	_Out_ PSYSTEM_MODULES ModuleInformation
);

NTSTATUS HandleValidateDriversIOCTL(
	_In_ PIRP Irp
);

PRTL_MODULE_EXTENDED_INFO FindSystemModuleByName(
	_In_ LPCSTR ModuleName,
	_In_ PSYSTEM_MODULES SystemModules
);

#endif
big money changes to driver 2023-08-19 04:52:57 +02:00			`#ifndef MODULES_H`
			`#define MODULES_H`

			`#include <ntifs.h>`
			`#include <intrin.h>`
AAAAAA 2023-08-22 19:32:25 +02:00			`#include "common.h"`
big money changes to driver 2023-08-19 04:52:57 +02:00
			`#define REPORT_MODULE_VALIDATION_FAILURE 60`
AAAAAAAAHHHHHHH 2023-08-21 17:48:34 +02:00			`#define MODULE_VALIDATION_FAILURE_MAX_REPORT_COUNT 20`
big money changes to driver 2023-08-19 04:52:57 +02:00
			`#define MODULE_REPORT_DRIVER_NAME_BUFFER_SIZE 128`

e 2023-08-19 11:44:42 +02:00			`#define REASON_NO_BACKING_MODULE 1`
			`#define REASON_INVALID_IOCTL_DISPATCH 2`

big money changes to driver 2023-08-19 04:52:57 +02:00			`typedef struct _MODULE_VALIDATION_FAILURE_HEADER`
			`{`
			`INT module_count;`

			`}MODULE_VALIDATION_FAILURE_HEADER, *PMODULE_VALIDATION_FAILURE_HEADER;`

			`typedef struct _MODULE_VALIDATION_FAILURE`
			`{`
			`INT report_code;`
e 2023-08-19 11:44:42 +02:00			`INT report_type;`
big money changes to driver 2023-08-19 04:52:57 +02:00			`UINT64 driver_base_address;`
			`UINT64 driver_size;`
holy fuck got it working 2023-08-20 07:46:02 +02:00			`CHAR driver_name[ 128 ];`
big money changes to driver 2023-08-19 04:52:57 +02:00
			`}MODULE_VALIDATION_FAILURE, *PMODULE_VALIDATION_FAILURE;`

			`typedef struct _INVALID_DRIVER`
			`{`
			`struct _INVALID_DRIVER* next;`
e 2023-08-19 11:44:42 +02:00			`INT reason;`
big money changes to driver 2023-08-19 04:52:57 +02:00			`PDRIVER_OBJECT driver;`

			`}INVALID_DRIVER, * PINVALID_DRIVER;`

			`typedef struct _INVALID_DRIVERS_HEAD`
			`{`
			`PINVALID_DRIVER first_entry;`
			`INT count; //keeps track of the number of drivers in the list`

			`}INVALID_DRIVERS_HEAD, * PINVALID_DRIVERS_HEAD;`

			`/* system modules information */`

			`typedef struct _SYSTEM_MODULES`
			`{`
			`PVOID address;`
			`INT module_count;`

			`}SYSTEM_MODULES, * PSYSTEM_MODULES;`

			`NTSTATUS GetSystemModuleInformation(`
			`_Out_ PSYSTEM_MODULES ModuleInformation`
			`);`

			`NTSTATUS HandleValidateDriversIOCTL(`
			`_In_ PIRP Irp`
			`);`

AAAAAA 2023-08-22 19:32:25 +02:00			`PRTL_MODULE_EXTENDED_INFO FindSystemModuleByName(`
			`_In_ LPCSTR ModuleName,`
			`_In_ PSYSTEM_MODULES SystemModules`
			`);`

big money changes to driver 2023-08-19 04:52:57 +02:00			`#endif`