mirror-ac/user/km/driver.h

#ifndef DRIVER_H
#define DRIVER_H

#include <Windows.h>

#include "../threadpool.h"
#include "../report.h"

#define IOCCTL_RUN_NMI_CALLBACKS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2001, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_VALIDATE_DRIVER_OBJECTS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2002, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_MONITOR_CALLBACKS_FOR_REPORTS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2003, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_NOTIFY_DRIVER_ON_PROCESS_LAUNCH CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2004, METHOD_BUFFERED, FILE_ANY_ACCESS)

namespace kernelmode
{
	class Driver
	{
		HANDLE driver_handle;
		LPCWSTR driver_name;
		std::shared_ptr<global::Report> report_interface;
	public:

		Driver(LPCWSTR DriverName, std::shared_ptr<global::Report> ReportInterface );

		void RunNmiCallbacks();
		void VerifySystemModules();
		bool QueueCallbackReportIrp( PHANDLE Event );
		void NotifyDriverOnProcessLaunch();
		void CompleteQueuedCallbackReports();
		void EnableProcessLoadNotifyCallbacks();
		void DisableProcessLoadNotifyCallbacks();
		void ValidateKPRCBThreads();
		void CheckDriverHeartbeat();
		/* todo: driver integrity check */
	};

	struct DRIVER_INITIATION_INFORMATION
	{
		LONG protected_process_id;
	};
}

#endif
e 2023-08-17 10:45:50 +02:00			`#ifndef DRIVER_H`
			`#define DRIVER_H`

			`#include <Windows.h>`

			`#include "../threadpool.h"`
EPIC 2023-08-18 07:33:13 +02:00			`#include "../report.h"`
e 2023-08-17 10:45:50 +02:00
big money changes to driver 2023-08-19 04:52:57 +02:00			`#define IOCCTL_RUN_NMI_CALLBACKS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2001, METHOD_BUFFERED, FILE_ANY_ACCESS)`
			`#define IOCTL_VALIDATE_DRIVER_OBJECTS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2002, METHOD_BUFFERED, FILE_ANY_ACCESS)`
excellent progress :) 2023-08-20 16:12:04 +02:00			`#define IOCTL_MONITOR_CALLBACKS_FOR_REPORTS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2003, METHOD_BUFFERED, FILE_ANY_ACCESS)`
			`#define IOCTL_NOTIFY_DRIVER_ON_PROCESS_LAUNCH CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2004, METHOD_BUFFERED, FILE_ANY_ACCESS)`
big money changes to driver 2023-08-19 04:52:57 +02:00
e 2023-08-17 10:45:50 +02:00			`namespace kernelmode`
			`{`
			`class Driver`
			`{`
			`HANDLE driver_handle;`
			`LPCWSTR driver_name;`
EPIC 2023-08-18 07:33:13 +02:00			`std::shared_ptr<global::Report> report_interface;`
e 2023-08-17 10:45:50 +02:00			`public:`

EPIC 2023-08-18 07:33:13 +02:00			`Driver(LPCWSTR DriverName, std::shared_ptr<global::Report> ReportInterface );`
big money changes to driver 2023-08-19 04:52:57 +02:00
			`void RunNmiCallbacks();`
			`void VerifySystemModules();`
excellent progress :) 2023-08-20 16:12:04 +02:00			`bool QueueCallbackReportIrp( PHANDLE Event );`
			`void NotifyDriverOnProcessLaunch();`
			`void CompleteQueuedCallbackReports();`
big money changes to driver 2023-08-19 04:52:57 +02:00			`void EnableProcessLoadNotifyCallbacks();`
			`void DisableProcessLoadNotifyCallbacks();`
			`void ValidateKPRCBThreads();`
			`void CheckDriverHeartbeat();`
			`/* todo: driver integrity check */`
e 2023-08-17 10:45:50 +02:00			`};`
excellent progress :) 2023-08-20 16:12:04 +02:00
			`struct DRIVER_INITIATION_INFORMATION`
			`{`
			`LONG protected_process_id;`
			`};`
e 2023-08-17 10:45:50 +02:00			`}`

			`#endif`