mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-24 20:35:25 +00:00
118 lines
3.1 KiB
C
118 lines
3.1 KiB
C
|
/*
|
||
|
* This file is part of the Process Hacker project - https://processhacker.sourceforge.io/
|
||
|
*
|
||
|
* You can redistribute this file and/or modify it under the terms of the
|
||
|
* Attribution 4.0 International (CC BY 4.0) license.
|
||
|
*
|
||
|
* You must give appropriate credit, provide a link to the license, and
|
||
|
* indicate if changes were made. You may do so in any reasonable manner, but
|
||
|
* not in any way that suggests the licensor endorses you or your use.
|
||
|
*/
|
||
|
|
||
|
#ifndef _NTMISC_H
|
||
|
#define _NTMISC_H
|
||
|
|
||
|
// Filter manager
|
||
|
|
||
|
#define FLT_PORT_CONNECT 0x0001
|
||
|
#define FLT_PORT_ALL_ACCESS (FLT_PORT_CONNECT | STANDARD_RIGHTS_ALL)
|
||
|
|
||
|
// VDM
|
||
|
|
||
|
typedef enum _VDMSERVICECLASS
|
||
|
{
|
||
|
VdmStartExecution,
|
||
|
VdmQueueInterrupt,
|
||
|
VdmDelayInterrupt,
|
||
|
VdmInitialize,
|
||
|
VdmFeatures,
|
||
|
VdmSetInt21Handler,
|
||
|
VdmQueryDir,
|
||
|
VdmPrinterDirectIoOpen,
|
||
|
VdmPrinterDirectIoClose,
|
||
|
VdmPrinterInitialize,
|
||
|
VdmSetLdtEntries,
|
||
|
VdmSetProcessLdtInfo,
|
||
|
VdmAdlibEmulation,
|
||
|
VdmPMCliControl,
|
||
|
VdmQueryVdmProcess
|
||
|
} VDMSERVICECLASS, *PVDMSERVICECLASS;
|
||
|
|
||
|
NTSYSCALLAPI
|
||
|
NTSTATUS
|
||
|
NTAPI
|
||
|
NtVdmControl(
|
||
|
_In_ VDMSERVICECLASS Service,
|
||
|
_Inout_ PVOID ServiceData
|
||
|
);
|
||
|
|
||
|
// WMI/ETW
|
||
|
|
||
|
NTSYSCALLAPI
|
||
|
NTSTATUS
|
||
|
NTAPI
|
||
|
NtTraceEvent(
|
||
|
_In_ HANDLE TraceHandle,
|
||
|
_In_ ULONG Flags,
|
||
|
_In_ ULONG FieldSize,
|
||
|
_In_ PVOID Fields
|
||
|
);
|
||
|
|
||
|
typedef enum _TRACE_CONTROL_INFORMATION_CLASS
|
||
|
{
|
||
|
TraceControlStartLogger = 1,
|
||
|
TraceControlStopLogger = 2,
|
||
|
TraceControlQueryLogger = 3,
|
||
|
TraceControlUpdateLogger = 4,
|
||
|
TraceControlFlushLogger = 5,
|
||
|
TraceControlIncrementLoggerFile = 6,
|
||
|
|
||
|
TraceControlRealtimeConnect = 11,
|
||
|
TraceControlWdiDispatchControl = 13,
|
||
|
TraceControlRealtimeDisconnectConsumerByHandle = 14,
|
||
|
|
||
|
TraceControlReceiveNotification = 16,
|
||
|
TraceControlEnableGuid = 17,
|
||
|
TraceControlSendReplyDataBlock = 18,
|
||
|
TraceControlReceiveReplyDataBlock = 19,
|
||
|
TraceControlWdiUpdateSem = 20,
|
||
|
TraceControlGetTraceGuidList = 21,
|
||
|
TraceControlGetTraceGuidInfo = 22,
|
||
|
TraceControlEnumerateTraceGuids = 23,
|
||
|
|
||
|
TraceControlQueryReferenceTime = 25,
|
||
|
TraceControlTrackProviderBinary = 26,
|
||
|
TraceControlAddNotificationEvent = 27,
|
||
|
TraceControlUpdateDisallowList = 28,
|
||
|
|
||
|
TraceControlUseDescriptorTypeUm = 31,
|
||
|
TraceControlGetTraceGroupList = 32,
|
||
|
TraceControlGetTraceGroupInfo = 33,
|
||
|
TraceControlTraceSetDisallowList= 34,
|
||
|
TraceControlSetCompressionSettings = 35,
|
||
|
TraceControlGetCompressionSettings= 36,
|
||
|
TraceControlUpdatePeriodicCaptureState = 37,
|
||
|
TraceControlGetPrivateSessionTraceHandle = 38,
|
||
|
TraceControlRegisterPrivateSession = 39,
|
||
|
TraceControlQuerySessionDemuxObject = 40,
|
||
|
TraceControlSetProviderBinaryTracking = 41,
|
||
|
TraceControlMaxLoggers = 42,
|
||
|
TraceControlMaxPmcCounter = 43
|
||
|
} TRACE_CONTROL_INFORMATION_CLASS;
|
||
|
|
||
|
#if (PHNT_VERSION >= PHNT_VISTA)
|
||
|
NTSYSCALLAPI
|
||
|
NTSTATUS
|
||
|
NTAPI
|
||
|
NtTraceControl(
|
||
|
_In_ TRACE_CONTROL_INFORMATION_CLASS TraceInformationClass,
|
||
|
_In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer,
|
||
|
_In_ ULONG InputBufferLength,
|
||
|
_Out_writes_bytes_opt_(TraceInformationLength) PVOID TraceInformation,
|
||
|
_In_ ULONG TraceInformationLength,
|
||
|
_Out_ PULONG ReturnLength
|
||
|
);
|
||
|
#endif
|
||
|
|
||
|
#endif
|