2023-08-17 10:45:50 +02:00
|
|
|
#ifndef DRIVER_H
|
|
|
|
#define DRIVER_H
|
|
|
|
|
|
|
|
#include <ntifs.h>
|
|
|
|
#include <wdftypes.h>
|
|
|
|
#include <wdf.h>
|
2023-09-25 17:41:38 +02:00
|
|
|
|
2023-09-02 15:47:15 +02:00
|
|
|
#include "common.h"
|
2023-09-25 17:41:38 +02:00
|
|
|
#include "queue.h"
|
|
|
|
#include "modules.h"
|
2023-08-17 10:45:50 +02:00
|
|
|
|
2023-09-01 18:45:06 +02:00
|
|
|
#define DRIVER_PATH_MAX_LENGTH 512
|
2023-09-11 06:53:46 +02:00
|
|
|
#define MOTHERBOARD_SERIAL_CODE_LENGTH 64
|
|
|
|
#define DEVICE_DRIVE_0_SERIAL_CODE_LENGTH 64
|
2023-09-04 15:36:26 +02:00
|
|
|
|
2023-09-18 05:15:26 +02:00
|
|
|
#define MAX_REPORTS_PER_IRP 20
|
|
|
|
|
2023-09-05 18:04:06 +02:00
|
|
|
#define POOL_TAG_STRINGS 'strs'
|
|
|
|
|
2023-09-06 17:33:08 +02:00
|
|
|
#define IOCTL_STORAGE_QUERY_PROPERTY 0x002D1400
|
|
|
|
|
2023-09-04 15:36:26 +02:00
|
|
|
typedef struct _SYSTEM_INFORMATION
|
|
|
|
{
|
2023-10-05 08:27:17 +02:00
|
|
|
CHAR motherboard_serial[MOTHERBOARD_SERIAL_CODE_LENGTH];
|
|
|
|
CHAR drive_0_serial[DEVICE_DRIVE_0_SERIAL_CODE_LENGTH];
|
2023-09-04 15:36:26 +02:00
|
|
|
|
|
|
|
}SYSTEM_INFORMATION, * PSYSTEM_INFORMATION;
|
2023-09-01 18:45:06 +02:00
|
|
|
|
2023-10-09 18:27:04 +02:00
|
|
|
typedef struct _OB_CALLBACKS_CONFIG
|
2023-10-06 10:30:14 +02:00
|
|
|
{
|
|
|
|
PVOID registration_handle;
|
2023-10-07 07:27:22 +02:00
|
|
|
KGUARDED_MUTEX lock;
|
2023-10-06 10:30:14 +02:00
|
|
|
|
2023-10-09 18:27:04 +02:00
|
|
|
}OB_CALLBACKS_CONFIG, * POB_CALLBACKS_CONFIG;
|
2023-10-06 10:30:14 +02:00
|
|
|
|
2023-10-10 15:52:42 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-10-09 18:27:04 +02:00
|
|
|
NTSTATUS
|
|
|
|
ProcLoadInitialiseProcessConfig(
|
2023-08-24 15:12:49 +02:00
|
|
|
_In_ PIRP Irp
|
2023-08-20 16:12:04 +02:00
|
|
|
);
|
|
|
|
|
2023-10-10 15:52:42 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
|
|
|
VOID
|
|
|
|
GetProtectedProcessEProcess(
|
2023-08-30 15:23:04 +02:00
|
|
|
_Out_ PEPROCESS* Process
|
2023-08-20 16:12:04 +02:00
|
|
|
);
|
|
|
|
|
2023-10-10 15:52:42 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
|
|
|
VOID
|
|
|
|
GetProtectedProcessId(
|
2023-08-24 17:10:40 +02:00
|
|
|
_Out_ PLONG ProcessId
|
|
|
|
);
|
|
|
|
|
2023-10-10 15:52:42 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
|
|
|
VOID
|
|
|
|
ReadProcessInitialisedConfigFlag(
|
2023-08-24 17:10:40 +02:00
|
|
|
_Out_ PBOOLEAN Flag
|
2023-08-20 16:12:04 +02:00
|
|
|
);
|
|
|
|
|
2023-10-10 15:52:42 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-09-01 18:45:06 +02:00
|
|
|
VOID GetDriverPath(
|
2023-09-11 11:23:29 +02:00
|
|
|
_Out_ PUNICODE_STRING DriverPath
|
2023-09-01 18:45:06 +02:00
|
|
|
);
|
|
|
|
|
2023-10-10 15:52:42 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-09-07 19:49:36 +02:00
|
|
|
VOID GetDriverConfigSystemInformation(
|
2023-09-11 11:23:29 +02:00
|
|
|
_Out_ PSYSTEM_INFORMATION* SystemInformation
|
2023-09-07 19:49:36 +02:00
|
|
|
);
|
2023-08-24 15:12:49 +02:00
|
|
|
|
2023-10-11 08:35:20 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-10-10 15:52:42 +02:00
|
|
|
VOID
|
|
|
|
GetApcContext(
|
2023-09-25 17:41:38 +02:00
|
|
|
_Inout_ PVOID* Context,
|
|
|
|
_In_ LONG ContextIdentifier
|
|
|
|
);
|
|
|
|
|
2023-10-11 08:35:20 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-10-09 09:34:30 +02:00
|
|
|
NTSTATUS
|
|
|
|
InsertApcContext(
|
2023-09-25 17:41:38 +02:00
|
|
|
_In_ PVOID Context
|
|
|
|
);
|
|
|
|
|
2023-10-11 08:35:20 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-09-26 12:00:45 +02:00
|
|
|
VOID
|
|
|
|
GetApcContextByIndex(
|
|
|
|
_Inout_ PVOID* Context,
|
|
|
|
_In_ INT Index
|
2023-09-25 17:41:38 +02:00
|
|
|
);
|
|
|
|
|
2023-10-11 08:35:20 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-09-26 15:32:06 +02:00
|
|
|
VOID
|
|
|
|
IncrementApcCount(
|
|
|
|
_In_ LONG ContextId
|
|
|
|
);
|
|
|
|
|
2023-10-11 08:35:20 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-09-26 15:32:06 +02:00
|
|
|
VOID
|
|
|
|
FreeApcAndDecrementApcCount(
|
2023-10-07 17:37:47 +02:00
|
|
|
_Inout_ PRKAPC Apc,
|
2023-09-26 15:32:06 +02:00
|
|
|
_In_ LONG ContextId
|
|
|
|
);
|
|
|
|
|
2023-10-11 08:35:20 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-09-27 06:22:14 +02:00
|
|
|
NTSTATUS
|
2023-10-10 15:52:42 +02:00
|
|
|
QueryActiveApcContextsForCompletion();
|
2023-09-27 06:22:14 +02:00
|
|
|
|
2023-10-05 08:27:17 +02:00
|
|
|
VOID
|
2023-10-09 18:27:04 +02:00
|
|
|
TerminateProtectedProcessOnViolation();
|
2023-09-26 15:32:06 +02:00
|
|
|
|
2023-10-10 15:52:42 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-10-06 10:30:14 +02:00
|
|
|
NTSTATUS
|
2023-10-09 18:27:04 +02:00
|
|
|
ProcLoadEnableObCallbacks();
|
2023-10-06 10:30:14 +02:00
|
|
|
|
2023-10-10 15:52:42 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-10-06 10:30:14 +02:00
|
|
|
VOID
|
2023-10-09 18:27:04 +02:00
|
|
|
ProcCloseDisableObCallbacks();
|
2023-10-06 13:08:30 +02:00
|
|
|
|
2023-10-10 15:52:42 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-10-09 18:27:04 +02:00
|
|
|
VOID
|
|
|
|
ProcCloseClearProcessConfiguration();
|
2023-10-06 10:30:14 +02:00
|
|
|
|
2023-10-10 15:52:42 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-10-06 10:30:14 +02:00
|
|
|
VOID
|
|
|
|
GetCallbackConfigStructure(
|
2023-10-09 18:27:04 +02:00
|
|
|
_Out_ POB_CALLBACKS_CONFIG* CallbackConfiguration
|
2023-10-06 10:30:14 +02:00
|
|
|
);
|
|
|
|
|
2023-10-10 15:52:42 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-10-06 13:08:30 +02:00
|
|
|
VOID
|
|
|
|
GetDriverDeviceName(
|
|
|
|
_Out_ PUNICODE_STRING DeviceName
|
|
|
|
);
|
|
|
|
|
2023-10-10 15:52:42 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-10-06 13:08:30 +02:00
|
|
|
VOID
|
|
|
|
GetDriverRegistryPath(
|
|
|
|
_Out_ PUNICODE_STRING RegistryPath
|
|
|
|
);
|
|
|
|
|
2023-10-10 15:52:42 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-10-06 13:08:30 +02:00
|
|
|
VOID
|
|
|
|
GetDriverName(
|
|
|
|
_Out_ LPCSTR* DriverName
|
|
|
|
);
|
|
|
|
|
2023-10-10 15:52:42 +02:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
_Acquires_lock_(_Lock_kind_mutex_)
|
|
|
|
_Releases_lock_(_Lock_kind_mutex_)
|
2023-10-06 13:08:30 +02:00
|
|
|
VOID
|
|
|
|
GetDriverSymbolicLink(
|
|
|
|
_Out_ PUNICODE_STRING DeviceSymbolicLink
|
|
|
|
);
|
|
|
|
|
2023-08-17 10:45:50 +02:00
|
|
|
#endif
|