1 files changed, 78 insertions, 0 deletions
diff --git a/symlink.h b/symlink.h
new file mode 100644
index 0000000..2a6abf9
--- /dev/null
+++ b/symlink.h
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 2004 Security Architects Corporation. All rights reserved.
+ *
+ * Module Name:
+ *
+ *              symlink.h
+ *
+ * Abstract:
+ *
+ *              This module defines various types used by symbolic link object hooking routines.
+ *
+ * Author:
+ *
+ *              Eugene Tsyrklevich 25-Mar-2004
+ *
+ * Revision History:
+ *
+ *              None.
+ */
+#ifndef __SYMLINK_H__
+#define __SYMLINK_H__
+#include <NTDDK.h>
+#include "policy.h"
+#include "pathproc.h"
+#include "hookproc.h"
+#include "accessmask.h"
+#include "learn.h"
+#include "log.h"
+/*
+ * ZwCreateSymbolicLinkObject creates or opens a symbolic link object. [NAR]
+ */
+typedef NTSTATUS (*fpZwCreateSymbolicLinkObject) (
+        OUT PHANDLE SymbolicLinkHandle,
+        IN ACCESS_MASK DesiredAccess,
+        IN POBJECT_ATTRIBUTES ObjectAttributes,
+        IN PUNICODE_STRING TargetName
+        );
+NTSTATUS
+NTAPI
+HookedNtCreateSymbolicLinkObject(
+        OUT PHANDLE SymbolicLinkHandle,
+        IN ACCESS_MASK DesiredAccess,
+        IN POBJECT_ATTRIBUTES ObjectAttributes,
+        IN PUNICODE_STRING TargetName
+        );
+/*
+ * ZwOpenSymbolicLinkObject opens a symbolic link object. [NAR]
+ */
+typedef NTSTATUS (*fpZwOpenSymbolicLinkObject) (
+        OUT PHANDLE SymbolicLinkHandle,
+        IN ACCESS_MASK DesiredAccess,
+        IN POBJECT_ATTRIBUTES ObjectAttributes
+        );
+NTSTATUS
+NTAPI
+HookedNtOpenSymbolicLinkObject(
+        OUT PHANDLE SymbolicLinkHandle,
+        IN ACCESS_MASK DesiredAccess,
+        IN POBJECT_ATTRIBUTES ObjectAttributes
+        );
+BOOLEAN InitSymlinkHooks();
+#endif  /* __SYMLINK_H__ */

diff --git a/symlink.h b/symlink.h new file mode 100644 index 0000000..2a6abf9 --- /dev/null +++ b/symlink.h
@@ -0,0 +1,78 @@
	1	/*
	2	* Copyright (c) 2004 Security Architects Corporation. All rights reserved.
	3	*
	4	* Module Name:
	5	*
	6	* symlink.h
	7	*
	8	* Abstract:
	9	*
	10	* This module defines various types used by symbolic link object hooking routines.
	11	*
	12	* Author:
	13	*
	14	* Eugene Tsyrklevich 25-Mar-2004
	15	*
	16	* Revision History:
	17	*
	18	* None.
	19	*/
	20
	21
	22	#ifndef __SYMLINK_H__
	23	#define __SYMLINK_H__
	24
	25
	26	#include <NTDDK.h>
	27	#include "policy.h"
	28	#include "pathproc.h"
	29	#include "hookproc.h"
	30	#include "accessmask.h"
	31	#include "learn.h"
	32	#include "log.h"
	33
	34
	35	/*
	36	* ZwCreateSymbolicLinkObject creates or opens a symbolic link object. [NAR]
	37	*/
	38
	39	typedef NTSTATUS (*fpZwCreateSymbolicLinkObject) (
	40	OUT PHANDLE SymbolicLinkHandle,
	41	IN ACCESS_MASK DesiredAccess,
	42	IN POBJECT_ATTRIBUTES ObjectAttributes,
	43	IN PUNICODE_STRING TargetName
	44	);
	45
	46	NTSTATUS
	47	NTAPI
	48	HookedNtCreateSymbolicLinkObject(
	49	OUT PHANDLE SymbolicLinkHandle,
	50	IN ACCESS_MASK DesiredAccess,
	51	IN POBJECT_ATTRIBUTES ObjectAttributes,
	52	IN PUNICODE_STRING TargetName
	53	);
	54
	55
	56	/*
	57	* ZwOpenSymbolicLinkObject opens a symbolic link object. [NAR]
	58	*/
	59
	60	typedef NTSTATUS (*fpZwOpenSymbolicLinkObject) (
	61	OUT PHANDLE SymbolicLinkHandle,
	62	IN ACCESS_MASK DesiredAccess,
	63	IN POBJECT_ATTRIBUTES ObjectAttributes
	64	);
	65
	66	NTSTATUS
	67	NTAPI
	68	HookedNtOpenSymbolicLinkObject(
	69	OUT PHANDLE SymbolicLinkHandle,
	70	IN ACCESS_MASK DesiredAccess,
	71	IN POBJECT_ATTRIBUTES ObjectAttributes
	72	);
	73
	74
	75	BOOLEAN InitSymlinkHooks();
	76
	77
	78	#endif /* __SYMLINK_H__ */