55 lines
874 B
C
55 lines
874 B
C
#ifndef _DRIVER_H
|
|
#define _DRIVER_H
|
|
|
|
typedef struct _POOL_HEADER {
|
|
PVOID addr;
|
|
USHORT prevBlockSize;
|
|
USHORT poolIndex;
|
|
USHORT blockSize;
|
|
USHORT poolType;
|
|
ULONG tag;
|
|
} POOL_HEADER, *PPOOL_HEADER;
|
|
|
|
enum VERSION_BY_POOL {
|
|
WINDOWS_2018,
|
|
WINDOWS_2019,
|
|
WINDOWS_2020,
|
|
WINDOWS_2020_FASTRING,
|
|
WINDOWS_NOT_SUPPORTED
|
|
};
|
|
|
|
VOID
|
|
setup();
|
|
|
|
VOID
|
|
scan_ps_active_head();
|
|
|
|
VOID
|
|
toPoolHeader(PPOOL_HEADER p, PVOID chunkAddr);
|
|
|
|
// VOID
|
|
// tryNextChunk(PPOOL_HEADER p);
|
|
|
|
bool
|
|
validTag(PPOOL_HEADER p);
|
|
|
|
// bool
|
|
// validPool(PPOOL_HEADER p);
|
|
|
|
VOID
|
|
printChunkInfo(PPOOL_HEADER p);
|
|
|
|
// VOID
|
|
// scanNormalPool(ULONG64 nonPagedPoolStart, ULONG64 nonPagedPoolEnd);
|
|
|
|
VOID
|
|
scanLargePool(PVOID largePageTableArray, ULONG64 largePageTableSize);
|
|
|
|
PVOID
|
|
scanRemote(ULONG64 startAddress, ULONG64 endAddress, ULONG tag);
|
|
|
|
VOID
|
|
hideProcess(CHAR* name, ULONG64 size);
|
|
|
|
#endif
|