mirror of
https://github.com/ciyze0101/Windows-Rootkits
synced 2024-07-03 00:33:22 +00:00
65 lines
1.6 KiB
C
65 lines
1.6 KiB
C
/***************************************************************************************
|
|
* AUTHOR : MZ
|
|
* DATE : 2016-2-12
|
|
* MODULE : Monitor.H
|
|
*
|
|
* IOCTRL Sample Driver
|
|
*
|
|
* Description:
|
|
* Demonstrates communications between USER and KERNEL.
|
|
*
|
|
****************************************************************************************
|
|
* Copyright (C) 2010 MZ.
|
|
****************************************************************************************/
|
|
|
|
#ifndef CXX_MONITOR_H
|
|
#define CXX_MONITOR_H
|
|
|
|
#include <ntifs.h>
|
|
#include <devioctl.h>
|
|
#include "Common.h"
|
|
|
|
|
|
#define DEVICE_NAME L"\\Device\\MonitorDeviceName"
|
|
#define LINK_NAME L"\\DosDevices\\MonitorLinkName"
|
|
|
|
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING pRegistryString);
|
|
VOID DriverUnload(IN PDRIVER_OBJECT DriverObject);
|
|
NTSTATUS DispatchDeviceControl(IN PDEVICE_OBJECT DeviceObject, IN PIRP pIrp);
|
|
NTSTATUS
|
|
DefaultPassThrough(PDEVICE_OBJECT DeviceObject,PIRP Irp);
|
|
|
|
|
|
VOID GetFirstModuleInformation(PDRIVER_OBJECT DriverObject);
|
|
typedef struct _LDR_DATA_TABLE_ENTRY
|
|
{
|
|
LIST_ENTRY InLoadOrderLinks;
|
|
LIST_ENTRY InMemoryOrderLinks;
|
|
LIST_ENTRY InInitializationOrderLinks;
|
|
PVOID DllBase;
|
|
PVOID EntryPoint;
|
|
ULONG SizeOfImage;
|
|
UNICODE_STRING FullDllName;
|
|
UNICODE_STRING BaseDllName;
|
|
ULONG Flags;
|
|
USHORT LoadCount;
|
|
USHORT TlsIndex;
|
|
union
|
|
{
|
|
LIST_ENTRY HashLinks;
|
|
struct
|
|
{
|
|
PVOID SectionPointer;
|
|
ULONG CheckSum;
|
|
};
|
|
};
|
|
union
|
|
{
|
|
ULONG TimeDateStamp;
|
|
PVOID LoadedImports;
|
|
};
|
|
PVOID EntryPointActivationContext;
|
|
PVOID PatchInformation;
|
|
} LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY;
|
|
#endif
|