noury/mirror-ac
1
0
Fork 0
mirror of https://github.com/donnaskiez/ac.git synced 2024-11-21 22:24:08 +01:00
Code Issues Projects Releases Packages Wiki Activity

remove ugly compuiler macros

Browse source
This commit is contained in:
lhodges1 2024-01-08 14:57:07 +11:00
parent 06822f69c6
commit 602496062c
17 changed files with 336 additions and 725 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
driver/asm.asm → driver/arch.asm
View file

24
driver/callbacks.c
View file

@ -130,9 +130,6 @@ CleanupDriverListOnDriverUnload()
}
}
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
EnumerateThreadListWithCallbackRoutine(_In_ PVOID CallbackRoutine, _In_opt_ PVOID Context)
{
@ -154,9 +151,6 @@ unlock:
ImpKeReleaseGuardedMutex(&thread_list->lock);
}
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
EnumerateProcessListWithCallbackRoutine(_In_ PVOID CallbackRoutine, _In_opt_ PVOID Context)
{
@ -212,16 +206,14 @@ InitialiseDriverList()
POOL_FLAG_NON_PAGED, sizeof(DRIVER_LIST_ENTRY), POOL_TAG_DRIVER_LIST);
if (!entry)
{
status = STATUS_MEMORY_NOT_ALLOCATED;
goto end;
}
continue;
module_entry = &((PRTL_MODULE_EXTENDED_INFO)modules.address)[index];
entry->hashed = TRUE;
entry->ImageBase = module_entry->ImageBase;
entry->ImageSize = module_entry->ImageSize;
RtlCopyMemory(
entry->path, module_entry->FullPathName, sizeof(module_entry->FullPathName));
@ -252,9 +244,6 @@ end:
* I actually think a spinlock here for the driver list is what we want rather then a mutex, but
* implementing a spinlock has its challenges... todo: have a think!
*/
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
FindDriverEntryByBaseAddress(_In_ PVOID ImageBase, _Out_ PDRIVER_LIST_ENTRY* Entry)
{
@ -363,9 +352,6 @@ InitialiseThreadList()
return STATUS_SUCCESS;
}
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
FindProcessListEntryByProcess(_In_ PKPROCESS Process, _Inout_ PPROCESS_LIST_ENTRY* Entry)
{
@ -388,9 +374,6 @@ unlock:
ImpKeReleaseGuardedMutex(&process_list->lock);
}
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
FindThreadListEntryByThreadAddress(_In_ PKTHREAD Thread, _Inout_ PTHREAD_LIST_ENTRY* Entry)
{
@ -518,9 +501,6 @@ ObPostOpCallbackRoutine(_In_ PVOID RegistrationContext,
UNREFERENCED_PARAMETER(OperationInformation);
}
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
OB_PREOP_CALLBACK_STATUS
ObPreOpCallbackRoutine(_In_ PVOID RegistrationContext,
_In_ POB_PRE_OPERATION_INFORMATION OperationInformation)

32
driver/callbacks.h
View file

@ -62,7 +62,7 @@ typedef struct _PROCESS_LIST_ENTRY
} PROCESS_LIST_ENTRY, *PPROCESS_LIST_ENTRY;
#define DRIVER_PATH_LENGTH 0x100
#define DRIVER_PATH_LENGTH 0x100
#define SHA_256_HASH_LENGTH 32
typedef struct _DRIVER_LIST_ENTRY
@ -86,25 +86,10 @@ VOID
ObPostOpCallbackRoutine(_In_ PVOID RegistrationContext,
_In_ POB_POST_OPERATION_INFORMATION OperationInformation);
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
OB_PREOP_CALLBACK_STATUS
ObPreOpCallbackRoutine(_In_ PVOID RegistrationContext,
_In_ POB_PRE_OPERATION_INFORMATION OperationInformation);
// VOID ProcessCreateNotifyRoutine(
// _In_ HANDLE ParentId,
// _In_ HANDLE ProcessId,
// _In_ BOOLEAN Create
//);
// VOID
// EnumerateProcessListWithCallbackFunction(
// _In_ PVOID Function,
// _In_opt_ PVOID Context
//);
NTSTATUS
EnumerateProcessHandles(_In_ PPROCESS_LIST_ENTRY ProcessListEntry, _In_opt_ PVOID Context);
@ -123,33 +108,18 @@ ProcessCreateNotifyRoutine(_In_ HANDLE ParentId, _In_ HANDLE ProcessId, _In_ BOO
VOID
CleanupThreadListOnDriverUnload();
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
FindThreadListEntryByThreadAddress(_In_ PKTHREAD Thread, _Inout_ PTHREAD_LIST_ENTRY* Entry);
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
FindProcessListEntryByProcess(_In_ PKPROCESS Process, _Inout_ PPROCESS_LIST_ENTRY* Entry);
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
EnumerateThreadListWithCallbackRoutine(_In_ PVOID CallbackRoutine, _In_opt_ PVOID Context);
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
EnumerateProcessListWithCallbackRoutine(_In_ PVOID CallbackRoutine, _In_opt_ PVOID Context);
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
FindDriverEntryByBaseAddress(_In_ PVOID ImageBase, _Out_ PDRIVER_LIST_ENTRY* Entry);

832
driver/driver.c
View file

File diff suppressed because it is too large Load diff

67
driver/driver.h
View file

@ -20,6 +20,8 @@
#define IOCTL_STORAGE_QUERY_PROPERTY 0x002D1400
#define MAXIMUM_APC_CONTEXTS 10
typedef enum _ENVIRONMENT_TYPE
{
NativeWindows = 0,
@ -57,132 +59,69 @@ typedef struct _OB_CALLBACKS_CONFIG
} OB_CALLBACKS_CONFIG, *POB_CALLBACKS_CONFIG;
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
NTSTATUS
ProcLoadInitialiseProcessConfig(_In_ PIRP Irp);
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
GetProtectedProcessEProcess(_Out_ PEPROCESS* Process);
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
GetProtectedProcessId(_Out_ PLONG ProcessId);
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
ReadProcessInitialisedConfigFlag(_Out_ PBOOLEAN Flag);
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
GetDriverPath(_Out_ PUNICODE_STRING DriverPath);
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
GetDriverConfigSystemInformation(_Out_ PSYSTEM_INFORMATION* SystemInformation);
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
GetApcContext(_Inout_ PVOID* Context, _In_ LONG ContextIdentifier);
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
NTSTATUS
VOID
InsertApcContext(_In_ PVOID Context);
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
GetApcContextByIndex(_Inout_ PVOID* Context, _In_ INT Index);
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
IncrementApcCount(_In_ LONG ContextId);
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
FreeApcAndDecrementApcCount(_Inout_ PRKAPC Apc, _In_ LONG ContextId);
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
NTSTATUS
QueryActiveApcContextsForCompletion();
VOID
TerminateProtectedProcessOnViolation();
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
NTSTATUS
ProcLoadEnableObCallbacks();
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
ProcCloseDisableObCallbacks();
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
ProcCloseClearProcessConfiguration();
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
GetCallbackConfigStructure(_Out_ POB_CALLBACKS_CONFIG* CallbackConfiguration);
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
ImageLoadSetProcessId(_In_ HANDLE ProcessId);
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
GetDriverDeviceName(_Out_ PUNICODE_STRING DeviceName);
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
GetDriverRegistryPath(_Out_ PUNICODE_STRING RegistryPath);
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
GetDriverName(_Out_ LPCSTR* DriverName);
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
GetDriverSymbolicLink(_Out_ PUNICODE_STRING DeviceSymbolicLink);

2
driver/driver.vcxproj
View file

@ -214,7 +214,7 @@
<ClInclude Include="thread.h" />
</ItemGroup>
<ItemGroup>
<MASM Include="asm.asm" />
<MASM Include="arch.asm" />
</ItemGroup>
<ItemGroup>
<None Include="cpp.hint" />

2
driver/driver.vcxproj.filters
View file

@ -94,7 +94,7 @@
</ClInclude>
</ItemGroup>
<ItemGroup>
<MASM Include="asm.asm">
<MASM Include="arch.asm">
<Filter>Source Files</Filter>
</MASM>
</ItemGroup>

2
driver/hv.c
View file

@ -22,7 +22,7 @@
* reference: https://secret.club/2020/01/12/battleye-hypervisor-detection.html
*/
_IRQL_always_function_max_(HIGH_LEVEL) INT APERFMsrTimingCheck()
BOOLEAN APERFMsrTimingCheck()
{
KAFFINITY new_affinity = {0};
KAFFINITY old_affinity = {0};

3
driver/hv.h
View file

@ -14,7 +14,8 @@ typedef struct _HYPERVISOR_DETECTION_REPORT
NTSTATUS
PerformVirtualizationDetection(_Inout_ PIRP Irp);
_IRQL_always_function_max_(HIGH_LEVEL) INT APERFMsrTimingCheck();
BOOLEAN
APERFMsrTimingCheck();
extern INT
TestINVDEmulation();

4
driver/imports.c
View file

@ -37,8 +37,8 @@ FindDriverBaseNoApi(_In_ PWCH Name)
return NULL;
}
void*
FindNtExport(const char* ExportName)
PVOID
FindNtExport(PCZPSTR ExportName)
{
PVOID image_base = NULL;
PIMAGE_DOS_HEADER dos_header = NULL;

10
driver/imports.h
View file

@ -3,12 +3,15 @@
#include "common.h"
void*
FindNtExport(const char* ExportName);
PVOID
FindNtExport(PCZPSTR ExportName);
VOID
FreeDriverImportsStructure();
NTSTATUS
ResolveNtImports();
#define IMPORT_FUNCTION_MAX_LENGTH 128
#define IMPORT_FUNCTION_COUNT 256
@ -713,7 +716,4 @@ extern PDRIVER_IMPORTS driver_imports;
#define ImpRtlFreeUnicodeString DRVIMPORTS->DrvImpRtlFreeUnicodeString
#define ImpPsGetProcessImageFileName DRVIMPORTS->DrvImpPsGetProcessImageFileName
NTSTATUS
ResolveNtImports();
#endif

4
driver/integrity.c
View file

@ -397,7 +397,7 @@ MapDiskImageIntoVirtualAddressSpace(_Inout_ PHANDLE Sec
* the PE header and dealing with all relocations for us, meaning the mapped image
* will be identical to the in memory image.
*/
status = ZwMapViewOfSection(*SectionHandle,
status = ImpZwMapViewOfSection(*SectionHandle,
ZwCurrentProcess(),
Section,
NULL,
@ -577,7 +577,7 @@ RetrieveInMemoryModuleExecutableSections(_Inout_ PIRP Irp)
status = GetModuleInformationByName(&module_info, driver_name);
if (!NT_SUCCESS(status) || !module_info.ImageBase || !module_info.ImageSize)
if (!NT_SUCCESS(status))
{
DEBUG_ERROR("GetModuleInformationByName failed with status %x", status);
return status;

29
driver/modules.c
View file

@ -128,9 +128,6 @@ ValidateDriverObjectHasBackingModule(_In_ PSYSTEM_MODULES ModuleInformation,
_In_ PDRIVER_OBJECT DriverObject,
_Out_ PBOOLEAN Result);
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_critical_section_)
_Releases_lock_(_Lock_kind_critical_section_)
STATIC
NTSTATUS
ValidateDriverObjects(_In_ PSYSTEM_MODULES SystemModules,
@ -144,12 +141,10 @@ STATIC
NTSTATUS
LaunchNonMaskableInterrupt(_Inout_ PNMI_CONTEXT NmiContext);
_IRQL_requires_max_(APC_LEVEL)
STATIC
VOID
ApcRundownRoutine(_In_ PRKAPC Apc);
_IRQL_requires_max_(APC_LEVEL)
STATIC
VOID
ApcKernelRoutine(_In_ PRKAPC Apc,
@ -158,14 +153,12 @@ ApcKernelRoutine(_In_ PRKAPC Apc,
_Inout_ _Deref_pre_maybenull_ PVOID* SystemArgument1,
_Inout_ _Deref_pre_maybenull_ PVOID* SystemArgument2);
_IRQL_requires_max_(APC_LEVEL)
STATIC
VOID
ApcNormalRoutine(_In_opt_ PVOID NormalContext,
_In_opt_ PVOID SystemArgument1,
_In_opt_ PVOID SystemArgument2);
_IRQL_requires_max_(APC_LEVEL)
STATIC
VOID
ValidateThreadViaKernelApcCallback(_In_ PTHREAD_LIST_ENTRY ThreadListEntry,
@ -473,9 +466,6 @@ GetSystemModuleInformation(_Out_ PSYSTEM_MODULES ModuleInformation)
return status;
}
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_critical_section_)
_Releases_lock_(_Lock_kind_critical_section_)
STATIC
NTSTATUS
ValidateDriverObjects(_In_ PSYSTEM_MODULES SystemModules,
@ -975,7 +965,6 @@ AnalyseNmiData(_In_ PNMI_CONTEXT NmiContext, _In_ PSYSTEM_MODULES SystemModules,
return STATUS_SUCCESS;
}
_IRQL_requires_max_(HIGH_LEVEL)
STATIC
BOOLEAN
NmiCallback(_Inout_opt_ PVOID Context, _In_ BOOLEAN Handled)
@ -1134,7 +1123,6 @@ HandleNmiIOCTL(_Inout_ PIRP Irp)
* The RundownRoutine is executed if the thread terminates before the APC was delivered to
* user mode.
*/
_IRQL_requires_max_(APC_LEVEL)
STATIC
VOID
ApcRundownRoutine(_In_ PRKAPC Apc)
@ -1148,7 +1136,6 @@ ApcRundownRoutine(_In_ PRKAPC Apc)
* The KernelRoutine is executed in kernel mode at APC_LEVEL before the APC is delivered.
* This is also where we want to free our APC object.
*/
_IRQL_requires_max_(APC_LEVEL)
STATIC
VOID
ApcKernelRoutine(_In_ PRKAPC Apc,
@ -1236,7 +1223,6 @@ free:
/*
* The NormalRoutine is executed in user mode when the APC is delivered.
*/
_IRQL_requires_max_(APC_LEVEL)
STATIC
VOID
ApcNormalRoutine(_In_opt_ PVOID NormalContext,
@ -1264,7 +1250,6 @@ FlipKThreadMiscFlagsFlag(_In_ PKTHREAD Thread, _In_ ULONG FlagIndex, _In_ BOOLEA
#define THREAD_STATE_WAIT 5
#define THREAD_STATE_INIT 0
_IRQL_requires_max_(APC_LEVEL)
STATIC
VOID
ValidateThreadViaKernelApcCallback(_In_ PTHREAD_LIST_ENTRY ThreadListEntry,
@ -1407,15 +1392,7 @@ ValidateThreadsViaKernelApc()
return STATUS_MEMORY_NOT_ALLOCATED;
}
status =InsertApcContext(context);
if (!NT_SUCCESS(status))
{
DEBUG_ERROR("InsertApcContext failed with status %x", status);
ImpExFreePoolWithTag(context->modules, POOL_TAG_APC);
ImpExFreePoolWithTag(context, POOL_TAG_APC);
return status;
}
InsertApcContext(context);
context->header.allocation_in_progress = TRUE;
EnumerateThreadListWithCallbackRoutine(ValidateThreadViaKernelApcCallback, context);
@ -1447,10 +1424,6 @@ typedef struct _DPC_CONTEXT
} DPC_CONTEXT, *PDPC_CONTEXT;
_Function_class_(KDEFERRED_ROUTINE) _IRQL_requires_max_(DISPATCH_LEVEL)
_IRQL_requires_min_(DISPATCH_LEVEL)
_IRQL_requires_(DISPATCH_LEVEL)
_IRQL_requires_same_
VOID
DpcStackwalkCallbackRoutine(_In_ PKDPC Dpc,
_In_opt_ PVOID DeferredContext,

2
driver/modules.h
View file

@ -121,7 +121,7 @@ IsInstructionPointerInInvalidRegion(_In_ UINT64 RIP,
_In_ PSYSTEM_MODULES SystemModules,
_Out_ PBOOLEAN Result);
BOOLEAN
VOID
FlipKThreadMiscFlagsFlag(_In_ PKTHREAD Thread, _In_ ULONG FlagIndex, _In_ BOOLEAN NewValue);
NTSTATUS

21
driver/queue.c
View file

@ -60,9 +60,6 @@ InitialiseGlobalReportQueue(_Out_ PBOOLEAN Status)
// return head;
// }
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
QueuePush(_Inout_ PQUEUE_HEAD Head, _In_ PVOID Data)
{
@ -89,9 +86,6 @@ end:
ImpKeReleaseGuardedMutex(&Head->lock);
}
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
PVOID
QueuePop(_Inout_ PQUEUE_HEAD Head)
{
@ -118,9 +112,6 @@ end:
return data;
}
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
InsertReportToQueue(_In_ PVOID Report)
{
@ -133,9 +124,6 @@ InsertReportToQueue(_In_ PVOID Report)
ImpKeReleaseGuardedMutex(&report_queue_config.lock);
}
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
FreeGlobalReportQueueObjects()
{
@ -164,9 +152,6 @@ end:
* reports as a result of a single usermode request and hence it makes dealing with
* reports generated from ObRegisterCallbacks for example much easier.
*/
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
NTSTATUS
HandlePeriodicGlobalReportQueueQuery(_Inout_ PIRP Irp)
{
@ -345,8 +330,6 @@ ListInit(_Inout_ PSINGLE_LIST_ENTRY Head, _Inout_ PKGUARDED_MUTEX Lock)
Head->Next = NULL;
}
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
ListInsert(_Inout_ PSINGLE_LIST_ENTRY Head,
_Inout_ PSINGLE_LIST_ENTRY NewEntry,
@ -368,8 +351,6 @@ ListInsert(_Inout_ PSINGLE_LIST_ENTRY Head,
* allows us to dereference/free structure specific items whilst still allowing
* the list to remain flexible.
*/
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
BOOLEAN
ListFreeFirstEntry(_Inout_ PSINGLE_LIST_ENTRY Head,
_In_ PKGUARDED_MUTEX Lock,
@ -401,8 +382,6 @@ ListFreeFirstEntry(_Inout_ PSINGLE_LIST_ENTRY Head,
* If we are removing a specific entry, its assumed we have freed and/or dereferenced
* any fields in the structure.
*/
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
ListRemoveEntry(_Inout_ PSINGLE_LIST_ENTRY Head,
_Inout_ PSINGLE_LIST_ENTRY Entry,

21
driver/queue.h
View file

@ -36,58 +36,37 @@ typedef struct _REPORT_HEADER
#define LIST_POOL_TAG 'list'
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
QueuePush(_Inout_ PQUEUE_HEAD Head, _In_ PVOID Data);
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
PVOID
QueuePop(_Inout_ PQUEUE_HEAD Head);
VOID
InitialiseGlobalReportQueue(_Out_ PBOOLEAN Status);
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
InsertReportToQueue(_In_ PVOID Report);
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
NTSTATUS
HandlePeriodicGlobalReportQueueQuery(_Inout_ PIRP Irp);
_IRQL_requires_max_(APC_LEVEL)
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
FreeGlobalReportQueueObjects();
VOID
ListInit(_Inout_ PSINGLE_LIST_ENTRY Head, _Inout_ PKGUARDED_MUTEX Lock);
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
ListInsert(_Inout_ PSINGLE_LIST_ENTRY Head,
_Inout_ PSINGLE_LIST_ENTRY NewEntry,
_In_ PKGUARDED_MUTEX Lock);
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
BOOLEAN
ListFreeFirstEntry(_Inout_ PSINGLE_LIST_ENTRY Head,
_In_ PKGUARDED_MUTEX Lock,
_In_opt_ PVOID CallbackRoutine);
_Acquires_lock_(_Lock_kind_mutex_)
_Releases_lock_(_Lock_kind_mutex_)
VOID
ListRemoveEntry(_Inout_ PSINGLE_LIST_ENTRY Head,
_Inout_ PSINGLE_LIST_ENTRY Entry,

6
driver/thread.c
View file

@ -71,9 +71,9 @@ ValidateThreadsPspCidTableEntry(_In_ PETHREAD Thread)
* state and is quite important during context switch scenarios as it's how the thread determines if
* it has any APC's queued.
*/
_IRQL_always_function_min_(DISPATCH_LEVEL) STATIC VOID
DetectAttachedThreadsProcessCallback(_In_ PTHREAD_LIST_ENTRY ThreadListEntry,
_Inout_opt_ PVOID Context)
STATIC VOID
DetectAttachedThreadsProcessCallback(_In_ PTHREAD_LIST_ENTRY ThreadListEntry,
_Inout_opt_ PVOID Context)
{
UNREFERENCED_PARAMETER(Context);