ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-20 18:36:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
188c36d074
MalwareSourceCode/Win32/Proof of Concepts/CheckKernelEATHook/CheckKernelHookDrv/CheckKernelHook/DriverEntry.h
vxunderground 900263ea6f updates and moves 
n/a
2022-04-11 20:00:13 -05:00

36 lines
1.1 KiB
C
Raw Blame History

#include <ntifs.h>
#include <devioctl.h>
#pragma once
#define DEVICE_NAME L"\\Device\\CheckKernelHookDeviceName"
#define LINK_NAME L"\\DosDevices\\CheckKernelHookLinkName"
#define CTL_CHECKKERNELMODULE \
CTL_CODE(FILE_DEVICE_UNKNOWN,0x830,METHOD_NEITHER,FILE_ANY_ACCESS)
NTSTATUS
DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegisterPath);
VOID UnloadDriver(PDRIVER_OBJECT DriverObject);
NTSTATUS
DefaultPassThrough(PDEVICE_OBJECT DeviceObject,PIRP Irp);
NTSTATUS
ControlPassThrough(PDEVICE_OBJECT DeviceObject,PIRP Irp);
typedef struct _INLINEHOOKINFO_INFORMATION { //INLINEHOOKINFO_INFORMATION
ULONG ulHookType;
ULONG ulMemoryFunctionBase; //ԭʼµØÖ·
ULONG ulMemoryHookBase; //HOOK µØÖ·
CHAR lpszFunction[256];
CHAR lpszHookModuleImage[256];
ULONG ulHookModuleBase;
ULONG ulHookModuleSize;
} INLINEHOOKINFO_INFORMATION, *PINLINEHOOKINFO_INFORMATION;
typedef struct _INLINEHOOKINFO { //InlineHook
ULONG ulCount;
INLINEHOOKINFO_INFORMATION InlineHook[1];
} INLINEHOOKINFO, *PINLINEHOOKINFO;
Reference in New Issue View Git Blame Copy Permalink