MalwareSourceCode/Win32/Proof of Concepts/HookDeviceIocontrlFile/HookDeviceIoControlFileDrv/HookDeviceIoControlFile/handlers.h

43 lines
1.0 KiB
C
Raw Normal View History

2022-04-12 01:00:13 +00:00
typedef struct _LST_PROCESS_INFO
{
PEPROCESS Process;
HANDLE ProcessId;
UNICODE_STRING usImagePath;
} LST_PROCESS_INFO,
*PLST_PROCESS_INFO;
void FreeProcessInfo(void);
void NTAPI ProcessNotifyRoutine(HANDLE ParentId, HANDLE ProcessId, BOOLEAN Create);
PUNICODE_STRING LookupProcessName(PEPROCESS TargetProcess);
typedef NTSTATUS (NTAPI * NT_DEVICE_IO_CONTROL_FILE)(
HANDLE FileHandle,
HANDLE Event,
PIO_APC_ROUTINE ApcRoutine,
PVOID ApcContext,
PIO_STATUS_BLOCK IoStatusBlock,
ULONG IoControlCode,
PVOID InputBuffer,
ULONG InputBufferLength,
PVOID OutputBuffer,
ULONG OutputBufferLength
);
NTSTATUS NTAPI new_NtDeviceIoControlFile(
HANDLE FileHandle,
HANDLE Event,
PIO_APC_ROUTINE ApcRoutine,
PVOID ApcContext,
PIO_STATUS_BLOCK IoStatusBlock,
ULONG IoControlCode,
PVOID InputBuffer,
ULONG InputBufferLength,
PVOID OutputBuffer,
ULONG OutputBufferLength
);
BOOLEAN ValidateUnicodeString(PUNICODE_STRING usStr);
VOID WaitHookRemoveComplete();