_xeroxz
/
BELog
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '80a1b47a3e'
${ noResults }
BELog/BELog/Hooks.h

185 lines
4.9 KiB
Raw Blame History

#pragma once
#include "Types.h"
#include "DriverUtil.h"
namespace Hooks
{
BOOLEAN gh_ExEnumHandleTable(
PVOID HandleTable,
PVOID EnumHandleProcedure,
PVOID EnumParameter,
PHANDLE Handle OPTIONAL
);
NTSTATUS gh_ZwAllocateVirtualMemory(
_In_ HANDLE ProcessHandle,
_Inout_ PVOID* BaseAddress,
_In_ ULONG_PTR ZeroBits,
_Inout_ PSIZE_T RegionSize,
_In_ ULONG AllocationType,
_In_ ULONG Protect
);
NTSTATUS gh_PsSetLoadImageNotifyRoutine(
PLOAD_IMAGE_NOTIFY_ROUTINE NotifyRoutine
);
NTSTATUS gh_ZwQuerySystemInformation(
_In_ SYSTEM_INFORMATION_CLASS SystemInformationClass,
_Inout_ PVOID SystemInformation,
_In_ ULONG SystemInformationLength,
_Out_opt_ PULONG ReturnLength
);
NTSTATUS gh_PsSetCreateProcessNotifyRoutineEx(
PCREATE_PROCESS_NOTIFY_ROUTINE_EX NotifyRoutine,
BOOLEAN Remove
);
NTSTATUS gh_IoCreateDevice(
PDRIVER_OBJECT DriverObject,
ULONG DeviceExtensionSize,
PUNICODE_STRING DeviceName,
DEVICE_TYPE DeviceType,
ULONG DeviceCharacteristics,
BOOLEAN Exclusive,
PDEVICE_OBJECT* DeviceObject
);
NTSTATUS gh_PsSetCreateThreadNotifyRoutine(
PCREATE_THREAD_NOTIFY_ROUTINE NotifyRoutine
);
PHYSICAL_ADDRESS gh_MmGetPhysicalAddress(
PVOID BaseAddress
);
BOOLEAN gh_MmIsAddressValid(
PVOID VirtualAddress
);
NTSTATUS gh_ZwDeviceIoControlFile(
HANDLE FileHandle,
HANDLE Event,
PIO_APC_ROUTINE ApcRoutine,
PVOID ApcContext,
PIO_STATUS_BLOCK IoStatusBlock,
ULONG IoControlCode,
PVOID InputBuffer,
ULONG InputBufferLength,
PVOID OutputBuffer,
ULONG OutputBufferLength
);
VOID gh_RtlInitAnsiString(
PANSI_STRING DestinationString,
PCSZ SourceString
);
VOID gh_RtlInitUnicodeString(
PUNICODE_STRING DestinationString,
PCWSTR SourceString
);
PVOID gh_MmMapIoSpace(
PHYSICAL_ADDRESS PhysicalAddress,
SIZE_T NumberOfBytes,
MEMORY_CACHING_TYPE CacheType
);
NTSTATUS gh_ZwOpenFile(
PHANDLE FileHandle,
ACCESS_MASK DesiredAccess,
POBJECT_ATTRIBUTES ObjectAttributes,
PIO_STATUS_BLOCK IoStatusBlock,
ULONG ShareAccess,
ULONG OpenOptions
);
void gh_KeStackAttachProcess(
PRKPROCESS PROCESS,
PRKAPC_STATE ApcState
);
NTSTATUS gh_ZwCreateSection(
PHANDLE SectionHandle,
ACCESS_MASK DesiredAccess,
POBJECT_ATTRIBUTES ObjectAttributes,
PLARGE_INTEGER MaximumSize,
ULONG SectionPageProtection,
ULONG AllocationAttributes,
HANDLE FileHandle
);
NTSTATUS gh_ObOpenObjectByName(
__in POBJECT_ATTRIBUTES ObjectAttributes,
__in_opt POBJECT_TYPE ObjectType,
__in KPROCESSOR_MODE AccessMode,
__inout_opt PACCESS_STATE AccessState,
__in_opt ACCESS_MASK DesiredAccess,
__inout_opt PVOID ParseContext,
__out PHANDLE Handle
);
NTSTATUS gh_ZwMapViewOfSection(
HANDLE SectionHandle,
HANDLE ProcessHandle,
PVOID* BaseAddress,
ULONG_PTR ZeroBits,
SIZE_T CommitSize,
PLARGE_INTEGER SectionOffset,
PSIZE_T ViewSize,
SECTION_INHERIT InheritDisposition,
ULONG AllocationType,
ULONG Win32Protect
);
NTSTATUS gh_MmCopyVirtualMemory
(
PEPROCESS SourceProcess,
PVOID SourceAddress,
PEPROCESS TargetProcess,
PVOID TargetAddress,
SIZE_T BufferSize,
KPROCESSOR_MODE PreviousMode,
PSIZE_T ReturnSize
);
void gh_IofCompleteRequest(
PIRP Irp,
CCHAR PriorityBoost
);
PVOID gh_MmGetSystemRoutineAddress(
PUNICODE_STRING SystemRoutineName
);
PVOID gh_FltGetRoutineAddress(
PCSTR FltMgrRoutineName
);
VOID gh_KeBugCheckEx(
ULONG BugCheckCode,
ULONG_PTR BugCheckParameter1,
ULONG_PTR BugCheckParameter2,
ULONG_PTR BugCheckParameter3,
ULONG_PTR BugCheckParameter4
);
int gh_strnicmp(
const char* string1,
const char* string2,
size_t count
);
int gh_stricmp(
const char* string1,
const char* string2
);
VOID LoadImageNotifyRoutine(
PUNICODE_STRING FullImageName,
HANDLE ProcessId,
PIMAGE_INFO ImageInfo
);
}
Reference in new issue View Git Blame Copy Permalink