initial commit

author: tumagonx 2017-08-08 10:54:53 +0700
committer: tumagonx 2017-08-08 10:54:53 +0700
commit: 2acec63b2ed75bf4b71ad257db573c4b8f9639e7 (patch)
tree: a8bea139ddd26116d44ea182b0b8436f2162e6e3 /timer.h
1 files changed, 78 insertions, 0 deletions
diff --git a/timer.h b/timer.h
new file mode 100644
index 0000000..9b0ae85
--- /dev/null
+++ b/timer.h
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 2004 Security Architects Corporation. All rights reserved.
+ *
+ * Module Name:
+ *
+ *              timer.h
+ *
+ * Abstract:
+ *
+ *              This module defines various types used by timer object hooking routines.
+ *
+ * Author:
+ *
+ *              Eugene Tsyrklevich 25-Mar-2004
+ *
+ * Revision History:
+ *
+ *              None.
+ */
+#ifndef __TIMER_H__
+#define __TIMER_H__
+#include <NTDDK.h>
+#include "policy.h"
+#include "pathproc.h"
+#include "hookproc.h"
+#include "accessmask.h"
+#include "learn.h"
+#include "log.h"
+/*
+ * ZwCreateTimer creates or opens a timer object. [NAR]
+ */
+typedef NTSTATUS (*fpZwCreateTimer) (
+        OUT PHANDLE TimerHandle,
+        IN ACCESS_MASK DesiredAccess,
+        IN POBJECT_ATTRIBUTES ObjectAttributes,
+        IN TIMER_TYPE TimerType
+        );
+NTSTATUS
+NTAPI
+HookedNtCreateTimer(
+        OUT PHANDLE TimerHandle,
+        IN ACCESS_MASK DesiredAccess,
+        IN POBJECT_ATTRIBUTES ObjectAttributes,
+        IN TIMER_TYPE TimerType
+        );
+/*
+ * ZwOpenTimer opens a timer object. [NAR]
+ */
+typedef NTSTATUS (*fpZwOpenTimer) (
+        OUT PHANDLE TimerHandle,
+        IN ACCESS_MASK DesiredAccess,
+        IN POBJECT_ATTRIBUTES ObjectAttributes
+        );
+NTSTATUS
+NTAPI
+HookedNtOpenTimer(
+        OUT PHANDLE TimerHandle,
+        IN ACCESS_MASK DesiredAccess,
+        IN POBJECT_ATTRIBUTES ObjectAttributes
+        );
+BOOLEAN InitTimerHooks();
+#endif  /* __TIMER_H__ */
author	tumagonx	2017-08-08 10:54:53 +0700
committer	tumagonx	2017-08-08 10:54:53 +0700
commit	2acec63b2ed75bf4b71ad257db573c4b8f9639e7 (patch)
tree	a8bea139ddd26116d44ea182b0b8436f2162e6e3 /timer.h

diff --git a/timer.h b/timer.h new file mode 100644 index 0000000..9b0ae85 --- /dev/null +++ b/timer.h
@@ -0,0 +1,78 @@
	1	/*
	2	* Copyright (c) 2004 Security Architects Corporation. All rights reserved.
	3	*
	4	* Module Name:
	5	*
	6	* timer.h
	7	*
	8	* Abstract:
	9	*
	10	* This module defines various types used by timer object hooking routines.
	11	*
	12	* Author:
	13	*
	14	* Eugene Tsyrklevich 25-Mar-2004
	15	*
	16	* Revision History:
	17	*
	18	* None.
	19	*/
	20
	21
	22	#ifndef __TIMER_H__
	23	#define __TIMER_H__
	24
	25
	26	#include <NTDDK.h>
	27	#include "policy.h"
	28	#include "pathproc.h"
	29	#include "hookproc.h"
	30	#include "accessmask.h"
	31	#include "learn.h"
	32	#include "log.h"
	33
	34
	35	/*
	36	* ZwCreateTimer creates or opens a timer object. [NAR]
	37	*/
	38
	39	typedef NTSTATUS (*fpZwCreateTimer) (
	40	OUT PHANDLE TimerHandle,
	41	IN ACCESS_MASK DesiredAccess,
	42	IN POBJECT_ATTRIBUTES ObjectAttributes,
	43	IN TIMER_TYPE TimerType
	44	);
	45
	46	NTSTATUS
	47	NTAPI
	48	HookedNtCreateTimer(
	49	OUT PHANDLE TimerHandle,
	50	IN ACCESS_MASK DesiredAccess,
	51	IN POBJECT_ATTRIBUTES ObjectAttributes,
	52	IN TIMER_TYPE TimerType
	53	);
	54
	55
	56	/*
	57	* ZwOpenTimer opens a timer object. [NAR]
	58	*/
	59
	60	typedef NTSTATUS (*fpZwOpenTimer) (
	61	OUT PHANDLE TimerHandle,
	62	IN ACCESS_MASK DesiredAccess,
	63	IN POBJECT_ATTRIBUTES ObjectAttributes
	64	);
	65
	66	NTSTATUS
	67	NTAPI
	68	HookedNtOpenTimer(
	69	OUT PHANDLE TimerHandle,
	70	IN ACCESS_MASK DesiredAccess,
	71	IN POBJECT_ATTRIBUTES ObjectAttributes
	72	);
	73
	74
	75	BOOLEAN InitTimerHooks();
	76
	77
	78	#endif /* __TIMER_H__ */