mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-25 21:05:28 +00:00
900263ea6f
n/a
36 lines
1.1 KiB
C
36 lines
1.1 KiB
C
#include <ntifs.h>
|
|
#include <devioctl.h>
|
|
#pragma once
|
|
|
|
|
|
#define DEVICE_NAME L"\\Device\\CheckKernelHookDeviceName"
|
|
#define LINK_NAME L"\\DosDevices\\CheckKernelHookLinkName"
|
|
#define CTL_CHECKKERNELMODULE \
|
|
CTL_CODE(FILE_DEVICE_UNKNOWN,0x830,METHOD_NEITHER,FILE_ANY_ACCESS)
|
|
|
|
|
|
NTSTATUS
|
|
DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegisterPath);
|
|
VOID UnloadDriver(PDRIVER_OBJECT DriverObject);
|
|
NTSTATUS
|
|
DefaultPassThrough(PDEVICE_OBJECT DeviceObject,PIRP Irp);
|
|
NTSTATUS
|
|
ControlPassThrough(PDEVICE_OBJECT DeviceObject,PIRP Irp);
|
|
|
|
typedef struct _INLINEHOOKINFO_INFORMATION { //INLINEHOOKINFO_INFORMATION
|
|
ULONG ulHookType;
|
|
ULONG ulMemoryFunctionBase; //ÔʼµØÖ·
|
|
ULONG ulMemoryHookBase; //HOOK µØÖ·
|
|
CHAR lpszFunction[256];
|
|
CHAR lpszHookModuleImage[256];
|
|
ULONG ulHookModuleBase;
|
|
ULONG ulHookModuleSize;
|
|
|
|
} INLINEHOOKINFO_INFORMATION, *PINLINEHOOKINFO_INFORMATION;
|
|
|
|
typedef struct _INLINEHOOKINFO { //InlineHook
|
|
ULONG ulCount;
|
|
INLINEHOOKINFO_INFORMATION InlineHook[1];
|
|
} INLINEHOOKINFO, *PINLINEHOOKINFO;
|
|
|