initial commit

author: tumagonx 2017-08-08 10:54:53 +0700
committer: tumagonx 2017-08-08 10:54:53 +0700
commit: 2acec63b2ed75bf4b71ad257db573c4b8f9639e7 (patch)
tree: a8bea139ddd26116d44ea182b0b8436f2162e6e3 /event.h
1 files changed, 105 insertions, 0 deletions
diff --git a/event.h b/event.h
new file mode 100644
index 0000000..db0fc40
--- /dev/null
+++ b/event.h
@@ -0,0 +1,105 @@
+/*
+ * Copyright (c) 2004 Security Architects Corporation. All rights reserved.
+ *
+ * Module Name:
+ *
+ *              event.h
+ *
+ * Abstract:
+ *
+ *              This module defines various types used by event hooking routines.
+ *
+ * Author:
+ *
+ *              Eugene Tsyrklevich 09-Mar-2004
+ *
+ * Revision History:
+ *
+ *              None.
+ */
+#ifndef __EVENT_H__
+#define __EVENT_H__
+/*
+ * ZwCreateEvent creates or opens an event object. [NAR]
+ */
+typedef NTSTATUS (*fpZwCreateEvent) (
+        OUT PHANDLE EventHandle,
+        IN ACCESS_MASK DesiredAccess,
+        IN POBJECT_ATTRIBUTES ObjectAttributes,
+        IN EVENT_TYPE EventType,
+        IN BOOLEAN InitialState
+        );
+NTSTATUS HookedNtCreateEvent(
+        OUT PHANDLE EventHandle,
+        IN ACCESS_MASK DesiredAccess,
+        IN POBJECT_ATTRIBUTES ObjectAttributes,
+        IN EVENT_TYPE EventType,
+        IN BOOLEAN InitialState
+        );
+/*
+ * ZwOpenEvent opens an event object. [NAR]
+ */
+typedef NTSTATUS (*fpZwOpenEvent) (
+        OUT PHANDLE EventHandle,
+        IN ACCESS_MASK DesiredAccess,
+        IN POBJECT_ATTRIBUTES ObjectAttributes
+        );
+NTSTATUS HookedNtOpenEvent(
+        OUT PHANDLE EventHandle,
+        IN ACCESS_MASK DesiredAccess,
+        IN POBJECT_ATTRIBUTES ObjectAttributes
+        );
+/*
+ * ZwCreateEventPair creates or opens an event pair object. [NAR]
+ */
+typedef NTSTATUS (*fpZwCreateEventPair) (
+        OUT PHANDLE EventPairHandle,
+        IN ACCESS_MASK DesiredAccess,
+        IN POBJECT_ATTRIBUTES ObjectAttributes
+        );
+NTSTATUS HookedNtCreateEventPair(
+        OUT PHANDLE EventPairHandle,
+        IN ACCESS_MASK DesiredAccess,
+        IN POBJECT_ATTRIBUTES ObjectAttributes
+        );
+/*
+ * ZwOpenEventPair opens an event pair object. [NAR]
+ */
+typedef NTSTATUS (*fpZwOpenEventPair) (
+        OUT PHANDLE EventPairHandle,
+        IN ACCESS_MASK DesiredAccess,
+        IN POBJECT_ATTRIBUTES ObjectAttributes
+        );
+NTSTATUS
+NTAPI
+HookedNtOpenEventPair(
+        OUT PHANDLE EventPairHandle,
+        IN ACCESS_MASK DesiredAccess,
+        IN POBJECT_ATTRIBUTES ObjectAttributes
+        );
+BOOLEAN InitEventHooks();
+#endif  /* __EVENT_H__ */
author	tumagonx	2017-08-08 10:54:53 +0700
committer	tumagonx	2017-08-08 10:54:53 +0700
commit	2acec63b2ed75bf4b71ad257db573c4b8f9639e7 (patch)
tree	a8bea139ddd26116d44ea182b0b8436f2162e6e3 /event.h

diff --git a/event.h b/event.h new file mode 100644 index 0000000..db0fc40 --- /dev/null +++ b/event.h
@@ -0,0 +1,105 @@
	1	/*
	2	* Copyright (c) 2004 Security Architects Corporation. All rights reserved.
	3	*
	4	* Module Name:
	5	*
	6	* event.h
	7	*
	8	* Abstract:
	9	*
	10	* This module defines various types used by event hooking routines.
	11	*
	12	* Author:
	13	*
	14	* Eugene Tsyrklevich 09-Mar-2004
	15	*
	16	* Revision History:
	17	*
	18	* None.
	19	*/
	20
	21
	22	#ifndef __EVENT_H__
	23	#define __EVENT_H__
	24
	25
	26
	27	/*
	28	* ZwCreateEvent creates or opens an event object. [NAR]
	29	*/
	30
	31	typedef NTSTATUS (*fpZwCreateEvent) (
	32	OUT PHANDLE EventHandle,
	33	IN ACCESS_MASK DesiredAccess,
	34	IN POBJECT_ATTRIBUTES ObjectAttributes,
	35	IN EVENT_TYPE EventType,
	36	IN BOOLEAN InitialState
	37	);
	38
	39	NTSTATUS HookedNtCreateEvent(
	40	OUT PHANDLE EventHandle,
	41	IN ACCESS_MASK DesiredAccess,
	42	IN POBJECT_ATTRIBUTES ObjectAttributes,
	43	IN EVENT_TYPE EventType,
	44	IN BOOLEAN InitialState
	45	);
	46
	47
	48	/*
	49	* ZwOpenEvent opens an event object. [NAR]
	50	*/
	51
	52	typedef NTSTATUS (*fpZwOpenEvent) (
	53	OUT PHANDLE EventHandle,
	54	IN ACCESS_MASK DesiredAccess,
	55	IN POBJECT_ATTRIBUTES ObjectAttributes
	56	);
	57
	58	NTSTATUS HookedNtOpenEvent(
	59	OUT PHANDLE EventHandle,
	60	IN ACCESS_MASK DesiredAccess,
	61	IN POBJECT_ATTRIBUTES ObjectAttributes
	62	);
	63
	64
	65	/*
	66	* ZwCreateEventPair creates or opens an event pair object. [NAR]
	67	*/
	68
	69	typedef NTSTATUS (*fpZwCreateEventPair) (
	70	OUT PHANDLE EventPairHandle,
	71	IN ACCESS_MASK DesiredAccess,
	72	IN POBJECT_ATTRIBUTES ObjectAttributes
	73	);
	74
	75	NTSTATUS HookedNtCreateEventPair(
	76	OUT PHANDLE EventPairHandle,
	77	IN ACCESS_MASK DesiredAccess,
	78	IN POBJECT_ATTRIBUTES ObjectAttributes
	79	);
	80
	81
	82	/*
	83	* ZwOpenEventPair opens an event pair object. [NAR]
	84	*/
	85
	86	typedef NTSTATUS (*fpZwOpenEventPair) (
	87	OUT PHANDLE EventPairHandle,
	88	IN ACCESS_MASK DesiredAccess,
	89	IN POBJECT_ATTRIBUTES ObjectAttributes
	90	);
	91
	92	NTSTATUS
	93	NTAPI
	94	HookedNtOpenEventPair(
	95	OUT PHANDLE EventPairHandle,
	96	IN ACCESS_MASK DesiredAccess,
	97	IN POBJECT_ATTRIBUTES ObjectAttributes
	98	);
	99
	100
	101
	102	BOOLEAN InitEventHooks();
	103
	104
	105	#endif /* __EVENT_H__ */