2020-02-18 02:25:14 +07:00
|
|
|
#ifndef _DRIVER_H
|
|
|
|
#define _DRIVER_H
|
|
|
|
|
|
|
|
typedef struct _POOL_HEADER {
|
|
|
|
PVOID addr;
|
|
|
|
USHORT prevBlockSize;
|
|
|
|
USHORT poolIndex;
|
|
|
|
USHORT blockSize;
|
|
|
|
USHORT poolType;
|
|
|
|
ULONG tag;
|
|
|
|
} POOL_HEADER, *PPOOL_HEADER;
|
|
|
|
|
2020-02-20 03:40:25 +07:00
|
|
|
enum VERSION_BY_POOL {
|
|
|
|
WINDOWS_2018,
|
|
|
|
WINDOWS_2019,
|
|
|
|
WINDOWS_2020,
|
|
|
|
WINDOWS_2020_FASTRING,
|
|
|
|
WINDOWS_NOT_SUPPORTED
|
2020-02-18 02:25:14 +07:00
|
|
|
};
|
|
|
|
|
2020-02-20 03:40:25 +07:00
|
|
|
VOID
|
2020-02-18 02:25:14 +07:00
|
|
|
toPoolHeader(PPOOL_HEADER p, PVOID chunkAddr);
|
|
|
|
|
2020-02-20 03:40:25 +07:00
|
|
|
VOID
|
2020-02-18 02:25:14 +07:00
|
|
|
tryNextChunk(PPOOL_HEADER p);
|
|
|
|
|
|
|
|
bool
|
|
|
|
validTag(PPOOL_HEADER p);
|
|
|
|
|
|
|
|
bool
|
2020-02-23 03:33:45 +07:00
|
|
|
validPool(PPOOL_HEADER p);
|
2020-02-18 02:25:14 +07:00
|
|
|
|
|
|
|
VOID
|
|
|
|
printChunkInfo(PPOOL_HEADER p);
|
|
|
|
|
|
|
|
VOID
|
2020-02-23 03:33:45 +07:00
|
|
|
scanNormalPool(ULONG64 nonPagedPoolStart, ULONG64 nonPagedPoolEnd);
|
|
|
|
|
|
|
|
VOID
|
|
|
|
scanLargePool(PVOID largePageTableArray, ULONG64 largePageTableSize);
|
2020-02-18 02:25:14 +07:00
|
|
|
|
|
|
|
#endif
|