IoTimerInLineHook
2015-11-10 15:20
597 查看
/***************************************************************************************
* AUTHOR :
* DATE : 2015-11-1
* MODULE : IoTimerInlineHook.H
*
* IOCTRL Sample Driver
*
* Description:
* Demonstrates communications between USER and KERNEL.
*
****************************************************************************************
* Copyright (C) 2010 .
****************************************************************************************/
#ifndef CXX_IOTIMERINLINEHOOK_H
#define CXX_IOTIMERINLINEHOOK_H
#include <ntifs.h>
#include <ntimage.h>
#define DEVICE_NAME L"\\Device\\IoTimerInlineHookDeviceName"
#define SEC_IMAGE 0x01000000
//定义SSDT表的结构
typedef struct _SYSTEM_SERVICE_TABLE_WIN7_X64{
PVOID ServiceTableBase;
PVOID ServiceCounterTableBase;
ULONG64 NumberOfServices; //SSDT表中的函数个数 0x191
PVOID ParamTableBase;
} SYSTEM_SERVICE_TABLE_WIN7_X64, *PSYSTEM_SERVICE_TABLE_WIN7_X64;
typedef struct _SYSTEM_SERVICE_TABLE_WINXP_X86 {
PVOID ServiceTableBase;
PVOID ServiceCounterTableBase;
ULONG32 NumberOfServices; //SSDT表中的函数个数 0x11c
PVOID ParamTableBase;
} SYSTEM_SERVICE_TABLE_WINXP_X86, *PSYSTEM_SERVICE_TABLE_WINXP_X86;
extern
char* PsGetProcessImageFileName(PEPROCESS EProcess);
extern
PIMAGE_NT_HEADERS
NTAPI
RtlImageNtHeader(PVOID BaseAddress);
typedef
NTSTATUS
(*pfnNtOpenProcess)(
PHANDLE ProcessHandle,
ACCESS_MASK DesiredAccess,
POBJECT_ATTRIBUTES ObjectAttributes,PCLIENT_ID ClientId);
NTSTATUS Fake_NtOpenProcess(
PHANDLE ProcessHandle,
ACCESS_MASK DesiredAccess,
POBJECT_ATTRIBUTES ObjectAttributes,PCLIENT_ID ClientId);
#ifdef _WIN64
#define PSYSTEM_SERVICE_TABLE PSYSTEM_SERVICE_TABLE_WIN7_X64
#else
#define PSYSTEM_SERVICE_TABLE PSYSTEM_SERVICE_TABLE_WINXP_X86
#endif
VOID UnloadDriver(PDRIVER_OBJECT DriverObject);
BOOLEAN GetSSDTAddressInWinXP_X86(ULONG32* SSDTAddress);
BOOLEAN GetSSDTFunctionIndexFromNtdllExportTableByFunctionNameInWinXP_X86(CHAR* szFindFunctionName,
ULONG32* SSDTFunctionIndex);
BOOLEAN InlineHookSSDTWinXP_X86(ULONG32 ulOldVariable,ULONG32 ulFakeVariable,ULONG32 ulPatchSize);
VOID UnInlineHookSSDTWinXP_X86(ULONG32 ulCurrentVariable,ULONG32 ulOldVariable,ULONG32 ulPatchSize);
BOOLEAN GetSSDTAddressInWin7_X64(ULONG64* SSDTAddress);
BOOLEAN GetSSDTFunctionIndexFromNtdllExportTableByFunctionNameInWin7_X64(CHAR* szFindFunctionName,ULONG32* SSDTFunctionIndex);
BOOLEAN InlineHookSSDTWin7_X64(ULONG64 ulOldVariable,ULONG64 ulFakeVariable,ULONG32 ulPatchSize);
VOID UnInlineHookSSDTWin7_X64(ULONG64 ulCurrentVariable,ULONG64 ulOldVariable,ULONG32 ulPatchSize);
PVOID
GetExportVariableAddressFormNtosExportTableByVariableName(WCHAR *wzVariableName);
BOOLEAN
MappingPEFileInRing0Space(WCHAR* wzFileFullPath,OUT PVOID* MappingBaseAddress,PSIZE_T MappingViewSize);
VOID WPOFF();
VOID WPON();
VOID
CallBackProcedure(PDEVICE_OBJECT DeviceObject,PVOID Context);
#endifView Code
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- nrf51822 GPIOTE
- 高屋建瓴-------谈观看朱老师视频有感
- 物联网操作系统HelloX已成功移植到MinnowBoard MAX开发板上
- 物联网操作系统HelloX已成功移植到MinnowBoard MAX开发板上
- iotop详解
- 物联网系统——远征军的战略图
- 枚举IoTimer
- 被风吹了这么些年,为什么物联网一直不在风口上?(一)
- 大数据环境下的云计算与物联网
- 浅谈工业级物联网项目架构设计及实施
- 时钟 IoTimer
- 分析JVM的性能利器-iotop和jstack
- 浅谈工业级物联网项目架构设计及实施
- STM32 IO口双向问题
- 浅谈工业级物联网项目架构设计及实施
- Java 网络编程[Elliotte R.H.] 中对InputStream.markSupported()方法的误解
- 华为的新突破-物联网的敏捷性开发
- HDU 4609 3-idiots
- UVA - 10881-Piotr's Ants-思路题/模拟
- 物联网核心协议—消息推送技术演进