initial commit

author: tumagonx 2017-08-08 10:54:53 +0700
committer: tumagonx 2017-08-08 10:54:53 +0700
commit: 2acec63b2ed75bf4b71ad257db573c4b8f9639e7 (patch)
tree: a8bea139ddd26116d44ea182b0b8436f2162e6e3 /port.h
1 files changed, 162 insertions, 0 deletions
diff --git a/port.h b/port.h
new file mode 100644
index 0000000..dfa5747
--- /dev/null
+++ b/port.h
@@ -0,0 +1,162 @@
+/*
+ * Copyright (c) 2004 Security Architects Corporation. All rights reserved.
+ *
+ * Module Name:
+ *
+ *              port.h
+ *
+ * Abstract:
+ *
+ *              This module defines various types used by port object hooking routines.
+ *
+ * Author:
+ *
+ *              Eugene Tsyrklevich 25-Mar-2004
+ *
+ * Revision History:
+ *
+ *              None.
+ */
+#ifndef __PORT_H__
+#define __PORT_H__
+#include <NTDDK.h>
+#include "policy.h"
+#include "pathproc.h"
+#include "hookproc.h"
+#include "accessmask.h"
+#include "learn.h"
+#include "log.h"
+/*
+ * ZwCreatePort creates a port object. [NAR]
+ */
+typedef NTSTATUS (*fpZwCreatePort) (
+        OUT PHANDLE PortHandle,
+        IN POBJECT_ATTRIBUTES ObjectAttributes,
+        IN ULONG MaxDataSize,
+        IN ULONG MaxMessageSize,
+        IN ULONG Reserved
+        );
+NTSTATUS
+NTAPI
+HookedNtCreatePort(
+        OUT PHANDLE PortHandle,
+        IN POBJECT_ATTRIBUTES ObjectAttributes,
+        IN ULONG MaxDataSize,
+        IN ULONG MaxMessageSize,
+        IN ULONG Reserved
+        );
+/*
+ * ZwCreateWaitablePort creates a waitable port object. [NAR]
+ */
+typedef NTSTATUS (*fpZwCreateWaitablePort) (
+        OUT PHANDLE PortHandle,
+        IN POBJECT_ATTRIBUTES ObjectAttributes,
+        IN ULONG MaxDataSize,
+        IN ULONG MaxMessageSize,
+        IN ULONG Reserved
+        );
+NTSTATUS
+NTAPI
+HookedNtCreateWaitablePort(
+        OUT PHANDLE PortHandle,
+        IN POBJECT_ATTRIBUTES ObjectAttributes,
+        IN ULONG MaxDataSize,
+        IN ULONG MaxMessageSize,
+        IN ULONG Reserved
+        );
+typedef struct _PORT_SECTION_READ {
+        ULONG Length;
+        ULONG ViewSize;
+        ULONG ViewBase;
+} PORT_SECTION_READ, *PPORT_SECTION_READ;
+typedef struct _PORT_SECTION_WRITE {
+        ULONG Length;
+        HANDLE SectionHandle;
+        ULONG SectionOffset;
+        ULONG ViewSize;
+        PVOID ViewBase;
+        PVOID TargetViewBase;
+} PORT_SECTION_WRITE, *PPORT_SECTION_WRITE;
+/*
+ * ZwConnectPort creates a port connected to a named port. [NAR]
+ */
+typedef NTSTATUS (*fpZwConnectPort) (
+        OUT PHANDLE PortHandle,
+        IN PUNICODE_STRING PortName,
+        IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
+        IN OUT PPORT_SECTION_WRITE WriteSection OPTIONAL,
+        IN OUT PPORT_SECTION_READ ReadSection OPTIONAL,
+        OUT PULONG MaxMessageSize OPTIONAL,
+        IN OUT PVOID ConnectData OPTIONAL,
+        IN OUT PULONG ConnectDataLength OPTIONAL
+        );
+NTSTATUS
+NTAPI
+HookedNtConnectPort(
+        OUT PHANDLE PortHandle,
+        IN PUNICODE_STRING PortName,
+        IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
+        IN OUT PPORT_SECTION_WRITE WriteSection OPTIONAL,
+        IN OUT PPORT_SECTION_READ ReadSection OPTIONAL,
+        OUT PULONG MaxMessageSize OPTIONAL,
+        IN OUT PVOID ConnectData OPTIONAL,
+        IN OUT PULONG ConnectDataLength OPTIONAL
+        );
+/*
+ * ZwSecureConnectPort creates a port connected to a named port. [NAR]
+ */
+typedef NTSTATUS (*fpZwSecureConnectPort) (
+        OUT PHANDLE PortHandle,
+        IN PUNICODE_STRING PortName,
+        IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
+        IN OUT PPORT_SECTION_WRITE WriteSection OPTIONAL,
+        IN PSID ServerSid OPTIONAL,
+        IN OUT PPORT_SECTION_READ ReadSection OPTIONAL,
+        OUT PULONG MaxMessageSize OPTIONAL,
+        IN OUT PVOID ConnectData OPTIONAL,
+        IN OUT PULONG ConnectDataLength OPTIONAL
+        );
+NTSTATUS
+NTAPI
+HookedNtSecureConnectPort(
+        OUT PHANDLE PortHandle,
+        IN PUNICODE_STRING PortName,
+        IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
+        IN OUT PPORT_SECTION_WRITE WriteSection OPTIONAL,
+        IN PSID ServerSid OPTIONAL,
+        IN OUT PPORT_SECTION_READ ReadSection OPTIONAL,
+        OUT PULONG MaxMessageSize OPTIONAL,
+        IN OUT PVOID ConnectData OPTIONAL,
+        IN OUT PULONG ConnectDataLength OPTIONAL
+        );
+BOOLEAN InitPortHooks();
+#endif  /* __PORT_H__ */
author	tumagonx	2017-08-08 10:54:53 +0700
committer	tumagonx	2017-08-08 10:54:53 +0700
commit	2acec63b2ed75bf4b71ad257db573c4b8f9639e7 (patch)
tree	a8bea139ddd26116d44ea182b0b8436f2162e6e3 /port.h

diff --git a/port.h b/port.h new file mode 100644 index 0000000..dfa5747 --- /dev/null +++ b/port.h
@@ -0,0 +1,162 @@
	1	/*
	2	* Copyright (c) 2004 Security Architects Corporation. All rights reserved.
	3	*
	4	* Module Name:
	5	*
	6	* port.h
	7	*
	8	* Abstract:
	9	*
	10	* This module defines various types used by port object hooking routines.
	11	*
	12	* Author:
	13	*
	14	* Eugene Tsyrklevich 25-Mar-2004
	15	*
	16	* Revision History:
	17	*
	18	* None.
	19	*/
	20
	21
	22	#ifndef __PORT_H__
	23	#define __PORT_H__
	24
	25
	26	#include <NTDDK.h>
	27	#include "policy.h"
	28	#include "pathproc.h"
	29	#include "hookproc.h"
	30	#include "accessmask.h"
	31	#include "learn.h"
	32	#include "log.h"
	33
	34
	35	/*
	36	* ZwCreatePort creates a port object. [NAR]
	37	*/
	38
	39	typedef NTSTATUS (*fpZwCreatePort) (
	40	OUT PHANDLE PortHandle,
	41	IN POBJECT_ATTRIBUTES ObjectAttributes,
	42	IN ULONG MaxDataSize,
	43	IN ULONG MaxMessageSize,
	44	IN ULONG Reserved
	45	);
	46
	47	NTSTATUS
	48	NTAPI
	49	HookedNtCreatePort(
	50	OUT PHANDLE PortHandle,
	51	IN POBJECT_ATTRIBUTES ObjectAttributes,
	52	IN ULONG MaxDataSize,
	53	IN ULONG MaxMessageSize,
	54	IN ULONG Reserved
	55	);
	56
	57
	58	/*
	59	* ZwCreateWaitablePort creates a waitable port object. [NAR]
	60	*/
	61
	62	typedef NTSTATUS (*fpZwCreateWaitablePort) (
	63	OUT PHANDLE PortHandle,
	64	IN POBJECT_ATTRIBUTES ObjectAttributes,
	65	IN ULONG MaxDataSize,
	66	IN ULONG MaxMessageSize,
	67	IN ULONG Reserved
	68	);
	69
	70	NTSTATUS
	71	NTAPI
	72	HookedNtCreateWaitablePort(
	73	OUT PHANDLE PortHandle,
	74	IN POBJECT_ATTRIBUTES ObjectAttributes,
	75	IN ULONG MaxDataSize,
	76	IN ULONG MaxMessageSize,
	77	IN ULONG Reserved
	78	);
	79
	80
	81
	82	typedef struct _PORT_SECTION_READ {
	83	ULONG Length;
	84	ULONG ViewSize;
	85	ULONG ViewBase;
	86	} PORT_SECTION_READ, *PPORT_SECTION_READ;
	87
	88	typedef struct _PORT_SECTION_WRITE {
	89	ULONG Length;
	90	HANDLE SectionHandle;
	91	ULONG SectionOffset;
	92	ULONG ViewSize;
	93	PVOID ViewBase;
	94	PVOID TargetViewBase;
	95	} PORT_SECTION_WRITE, *PPORT_SECTION_WRITE;
	96
	97
	98	/*
	99	* ZwConnectPort creates a port connected to a named port. [NAR]
	100	*/
	101
	102	typedef NTSTATUS (*fpZwConnectPort) (
	103	OUT PHANDLE PortHandle,
	104	IN PUNICODE_STRING PortName,
	105	IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
	106	IN OUT PPORT_SECTION_WRITE WriteSection OPTIONAL,
	107	IN OUT PPORT_SECTION_READ ReadSection OPTIONAL,
	108	OUT PULONG MaxMessageSize OPTIONAL,
	109	IN OUT PVOID ConnectData OPTIONAL,
	110	IN OUT PULONG ConnectDataLength OPTIONAL
	111	);
	112
	113	NTSTATUS
	114	NTAPI
	115	HookedNtConnectPort(
	116	OUT PHANDLE PortHandle,
	117	IN PUNICODE_STRING PortName,
	118	IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
	119	IN OUT PPORT_SECTION_WRITE WriteSection OPTIONAL,
	120	IN OUT PPORT_SECTION_READ ReadSection OPTIONAL,
	121	OUT PULONG MaxMessageSize OPTIONAL,
	122	IN OUT PVOID ConnectData OPTIONAL,
	123	IN OUT PULONG ConnectDataLength OPTIONAL
	124	);
	125
	126
	127	/*
	128	* ZwSecureConnectPort creates a port connected to a named port. [NAR]
	129	*/
	130
	131	typedef NTSTATUS (*fpZwSecureConnectPort) (
	132	OUT PHANDLE PortHandle,
	133	IN PUNICODE_STRING PortName,
	134	IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
	135	IN OUT PPORT_SECTION_WRITE WriteSection OPTIONAL,
	136	IN PSID ServerSid OPTIONAL,
	137	IN OUT PPORT_SECTION_READ ReadSection OPTIONAL,
	138	OUT PULONG MaxMessageSize OPTIONAL,
	139	IN OUT PVOID ConnectData OPTIONAL,
	140	IN OUT PULONG ConnectDataLength OPTIONAL
	141	);
	142
	143	NTSTATUS
	144	NTAPI
	145	HookedNtSecureConnectPort(
	146	OUT PHANDLE PortHandle,
	147	IN PUNICODE_STRING PortName,
	148	IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
	149	IN OUT PPORT_SECTION_WRITE WriteSection OPTIONAL,
	150	IN PSID ServerSid OPTIONAL,
	151	IN OUT PPORT_SECTION_READ ReadSection OPTIONAL,
	152	OUT PULONG MaxMessageSize OPTIONAL,
	153	IN OUT PVOID ConnectData OPTIONAL,
	154	IN OUT PULONG ConnectDataLength OPTIONAL
	155	);
	156
	157
	158
	159	BOOLEAN InitPortHooks();
	160
	161
	162	#endif /* __PORT_H__ */