mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-23 20:05:26 +00:00
36 lines
1.1 KiB
C
36 lines
1.1 KiB
C
|
#include <ntifs.h>
|
|||
|
#include <devioctl.h>
|
|||
|
#pragma once
|
|||
|
|
|||
|
|
|||
|
#define DEVICE_NAME L"\\Device\\CheckKernelHookDeviceName"
|
|||
|
#define LINK_NAME L"\\DosDevices\\CheckKernelHookLinkName"
|
|||
|
#define CTL_CHECKKERNELMODULE \
|
|||
|
CTL_CODE(FILE_DEVICE_UNKNOWN,0x830,METHOD_NEITHER,FILE_ANY_ACCESS)
|
|||
|
|
|||
|
|
|||
|
NTSTATUS
|
|||
|
DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegisterPath);
|
|||
|
VOID UnloadDriver(PDRIVER_OBJECT DriverObject);
|
|||
|
NTSTATUS
|
|||
|
DefaultPassThrough(PDEVICE_OBJECT DeviceObject,PIRP Irp);
|
|||
|
NTSTATUS
|
|||
|
ControlPassThrough(PDEVICE_OBJECT DeviceObject,PIRP Irp);
|
|||
|
|
|||
|
typedef struct _INLINEHOOKINFO_INFORMATION { //INLINEHOOKINFO_INFORMATION
|
|||
|
ULONG ulHookType;
|
|||
|
ULONG ulMemoryFunctionBase; //ԭʼ<D4AD><CABC>ַ
|
|||
|
ULONG ulMemoryHookBase; //HOOK <20><>ַ
|
|||
|
CHAR lpszFunction[256];
|
|||
|
CHAR lpszHookModuleImage[256];
|
|||
|
ULONG ulHookModuleBase;
|
|||
|
ULONG ulHookModuleSize;
|
|||
|
|
|||
|
} INLINEHOOKINFO_INFORMATION, *PINLINEHOOKINFO_INFORMATION;
|
|||
|
|
|||
|
typedef struct _INLINEHOOKINFO { //InlineHook
|
|||
|
ULONG ulCount;
|
|||
|
INLINEHOOKINFO_INFORMATION InlineHook[1];
|
|||
|
} INLINEHOOKINFO, *PINLINEHOOKINFO;
|
|||
|
|