2020-02-18 02:25:14 +07:00
|
|
|
#ifndef _DRIVER_H
|
|
|
|
|
#define _DRIVER_H
|
|
|
|
|
|
|
|
|
|
typedef struct _POOL_HEADER {
|
|
|
|
|
PVOID addr;
|
|
|
|
|
USHORT prevBlockSize;
|
|
|
|
|
USHORT poolIndex;
|
|
|
|
|
USHORT blockSize;
|
|
|
|
|
USHORT poolType;
|
|
|
|
|
ULONG tag;
|
|
|
|
|
} POOL_HEADER, *PPOOL_HEADER;
|
|
|
|
|
|
2020-02-20 03:40:25 +07:00
|
|
|
enum VERSION_BY_POOL {
|
|
|
|
|
WINDOWS_2018,
|
|
|
|
|
WINDOWS_2019,
|
|
|
|
|
WINDOWS_2020,
|
|
|
|
|
WINDOWS_2020_FASTRING,
|
|
|
|
|
WINDOWS_NOT_SUPPORTED
|
2020-02-18 02:25:14 +07:00
|
|
|
};
|
|
|
|
|
|
2020-02-27 03:28:26 +07:00
|
|
|
VOID
|
|
|
|
|
setup();
|
|
|
|
|
|
|
|
|
|
VOID
|
|
|
|
|
scan_ps_active_head();
|
|
|
|
|
|
2020-02-20 03:40:25 +07:00
|
|
|
VOID
|
2020-02-18 02:25:14 +07:00
|
|
|
toPoolHeader(PPOOL_HEADER p, PVOID chunkAddr);
|
|
|
|
|
|
2020-06-30 04:06:14 +07:00
|
|
|
// VOID
|
|
|
|
|
// tryNextChunk(PPOOL_HEADER p);
|
2020-02-18 02:25:14 +07:00
|
|
|
|
|
|
|
|
bool
|
|
|
|
|
validTag(PPOOL_HEADER p);
|
|
|
|
|
|
2020-06-30 04:06:14 +07:00
|
|
|
// bool
|
|
|
|
|
// validPool(PPOOL_HEADER p);
|
2020-02-18 02:25:14 +07:00
|
|
|
|
|
|
|
|
VOID
|
|
|
|
|
printChunkInfo(PPOOL_HEADER p);
|
|
|
|
|
|
2020-06-30 04:06:14 +07:00
|
|
|
// VOID
|
|
|
|
|
// scanNormalPool(ULONG64 nonPagedPoolStart, ULONG64 nonPagedPoolEnd);
|
2020-02-23 03:33:45 +07:00
|
|
|
|
|
|
|
|
VOID
|
|
|
|
|
scanLargePool(PVOID largePageTableArray, ULONG64 largePageTableSize);
|
2020-02-18 02:25:14 +07:00
|
|
|
|
2020-02-27 03:28:26 +07:00
|
|
|
PVOID
|
2020-05-19 04:24:23 +07:00
|
|
|
scanRemote(ULONG64 startAddress, ULONG64 endAddress, ULONG tag);
|
2020-02-27 03:28:26 +07:00
|
|
|
|
2020-02-27 23:36:03 +07:00
|
|
|
VOID
|
|
|
|
|
hideProcess(CHAR* name, ULONG64 size);
|
|
|
|
|
|
2020-02-18 02:25:14 +07:00
|
|
|
#endif
|
