From 2acec63b2ed75bf4b71ad257db573c4b8f9639e7 Mon Sep 17 00:00:00 2001
From: tumagonx
Date: Tue, 8 Aug 2017 10:54:53 +0700
Subject: initial commit

---
 event.h | 105 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 105 insertions(+)
 create mode 100644 event.h

(limited to 'event.h')

diff --git a/event.h b/event.h
new file mode 100644
index 0000000..db0fc40
--- /dev/null
+++ b/event.h
@@ -0,0 +1,105 @@
+/*
+ * Copyright (c) 2004 Security Architects Corporation. All rights reserved.
+ *
+ * Module Name:
+ *
+ *		event.h
+ *
+ * Abstract:
+ *
+ *		This module defines various types used by event hooking routines.
+ *
+ * Author:
+ *
+ *		Eugene Tsyrklevich 09-Mar-2004
+ *
+ * Revision History:
+ *
+ *		None.
+ */
+
+
+#ifndef __EVENT_H__
+#define __EVENT_H__
+
+
+
+/*
+ * ZwCreateEvent creates or opens an event object. [NAR]
+ */
+
+typedef NTSTATUS (*fpZwCreateEvent) (
+	OUT PHANDLE EventHandle,
+	IN ACCESS_MASK DesiredAccess,
+	IN POBJECT_ATTRIBUTES ObjectAttributes,
+	IN EVENT_TYPE EventType,
+	IN BOOLEAN InitialState
+	);
+
+NTSTATUS HookedNtCreateEvent(
+	OUT PHANDLE EventHandle,
+	IN ACCESS_MASK DesiredAccess,
+	IN POBJECT_ATTRIBUTES ObjectAttributes,
+	IN EVENT_TYPE EventType,
+	IN BOOLEAN InitialState
+	);
+
+
+/*
+ * ZwOpenEvent opens an event object. [NAR]
+ */
+
+typedef NTSTATUS (*fpZwOpenEvent) (
+	OUT PHANDLE EventHandle,
+	IN ACCESS_MASK DesiredAccess,
+	IN POBJECT_ATTRIBUTES ObjectAttributes
+	);
+
+NTSTATUS HookedNtOpenEvent(
+	OUT PHANDLE EventHandle,
+	IN ACCESS_MASK DesiredAccess,
+	IN POBJECT_ATTRIBUTES ObjectAttributes
+	);
+
+
+/*
+ * ZwCreateEventPair creates or opens an event pair object. [NAR]
+ */
+
+typedef NTSTATUS (*fpZwCreateEventPair) (
+	OUT PHANDLE EventPairHandle,
+	IN ACCESS_MASK DesiredAccess,
+	IN POBJECT_ATTRIBUTES ObjectAttributes
+	);
+
+NTSTATUS HookedNtCreateEventPair(
+	OUT PHANDLE EventPairHandle,
+	IN ACCESS_MASK DesiredAccess,
+	IN POBJECT_ATTRIBUTES ObjectAttributes
+	);
+
+
+/*
+ * ZwOpenEventPair opens an event pair object. [NAR]
+ */
+
+typedef NTSTATUS (*fpZwOpenEventPair) (
+	OUT PHANDLE EventPairHandle,
+	IN ACCESS_MASK DesiredAccess,
+	IN POBJECT_ATTRIBUTES ObjectAttributes
+	);
+
+NTSTATUS
+NTAPI
+HookedNtOpenEventPair(
+	OUT PHANDLE EventPairHandle,
+	IN ACCESS_MASK DesiredAccess,
+	IN POBJECT_ATTRIBUTES ObjectAttributes
+	);
+
+
+
+BOOLEAN InitEventHooks();
+
+
+#endif	/* __EVENT_H__ */
-- 
cgit v1.3