From 2acec63b2ed75bf4b71ad257db573c4b8f9639e7 Mon Sep 17 00:00:00 2001
From: tumagonx
Date: Tue, 8 Aug 2017 10:54:53 +0700
Subject: initial commit

---
 file.h | 273 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 273 insertions(+)
 create mode 100644 file.h

(limited to 'file.h')

diff --git a/file.h b/file.h
new file mode 100644
index 0000000..792a707
--- /dev/null
+++ b/file.h
@@ -0,0 +1,273 @@
+/*
+ * Copyright (c) 2004 Security Architects Corporation. All rights reserved.
+ *
+ * Module Name:
+ *
+ *		file.h
+ *
+ * Abstract:
+ *
+ *		This module defines various types used by file hooking routines.
+ *
+ * Author:
+ *
+ *		Eugene Tsyrklevich 19-Feb-2004
+ *
+ * Revision History:
+ *
+ *		None.
+ */
+
+
+#ifndef __FILE_H__
+#define __FILE_H__
+
+
+/*
+ * ZwCreateFile creates or opens a file. [NAR]
+ */
+
+typedef NTSTATUS (*fpZwCreateFile) (
+    OUT PHANDLE FileHandle,
+    IN ACCESS_MASK DesiredAccess,
+    IN POBJECT_ATTRIBUTES ObjectAttributes,
+    OUT PIO_STATUS_BLOCK IoStatusBlock,
+    IN PLARGE_INTEGER AllocationSize OPTIONAL,
+    IN ULONG FileAttributes,
+    IN ULONG ShareAccess,
+    IN ULONG CreateDisposition,
+    IN ULONG CreateOptions,
+    IN PVOID EaBuffer OPTIONAL,
+    IN ULONG EaLength
+    );
+
+NTSTATUS
+NTAPI
+HookedNtCreateFile(
+	OUT PHANDLE FileHandle,
+	IN ACCESS_MASK DesiredAccess,
+	IN POBJECT_ATTRIBUTES ObjectAttributes,
+	OUT PIO_STATUS_BLOCK IoStatusBlock,
+	IN PLARGE_INTEGER AllocationSize OPTIONAL,
+	IN ULONG FileAttributes,
+	IN ULONG ShareAccess,
+	IN ULONG CreateDisposition,
+	IN ULONG CreateOptions,
+	IN PVOID EaBuffer OPTIONAL,
+	IN ULONG EaLength
+	);
+
+
+/*
+ * ZwOpenFile opens a file. [NAR]
+ */
+
+typedef NTSTATUS (*fpZwOpenFile) (
+    OUT PHANDLE  FileHandle,
+    IN ACCESS_MASK  DesiredAccess,
+    IN POBJECT_ATTRIBUTES  ObjectAttributes,
+    OUT PIO_STATUS_BLOCK  IoStatusBlock,
+    IN ULONG  ShareAccess,
+    IN ULONG  OpenOptions
+    );
+
+NTSTATUS
+NTAPI
+HookedNtOpenFile(
+	OUT PHANDLE  FileHandle,
+	IN ACCESS_MASK  DesiredAccess,
+	IN POBJECT_ATTRIBUTES  ObjectAttributes,
+	OUT PIO_STATUS_BLOCK  IoStatusBlock,
+	IN ULONG  ShareAccess,
+	IN ULONG  OpenOptions
+	);
+
+
+/*
+ * ZwDeleteFile deletes a file. [NAR]
+ */
+
+typedef NTSTATUS (*fpZwDeleteFile) (
+	IN POBJECT_ATTRIBUTES ObjectAttributes
+	);
+
+NTSTATUS
+NTAPI
+HookedNtDeleteFile(
+	IN POBJECT_ATTRIBUTES ObjectAttributes
+	);
+
+
+/*
+ * ZwQueryDirectoryFile retrieves information about the contents of a directory. [NAR]
+ */
+
+typedef NTSTATUS (*fpZwQueryDirectoryFile) (
+	IN HANDLE FileHandle,
+	IN HANDLE Event OPTIONAL,
+	IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+	IN PVOID ApcContext OPTIONAL,
+	OUT PIO_STATUS_BLOCK IoStatusBlock,
+	OUT PVOID FileInformation,
+	IN ULONG FileInformationLength,
+	IN FILE_INFORMATION_CLASS FileInformationClass,
+	IN BOOLEAN ReturnSingleEntry,
+	IN PUNICODE_STRING FileName OPTIONAL,
+	IN BOOLEAN RestartScan
+	);
+
+NTSTATUS
+NTAPI
+HookedNtQueryDirectoryFile(
+	IN HANDLE FileHandle,
+	IN HANDLE Event OPTIONAL,
+	IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+	IN PVOID ApcContext OPTIONAL,
+	OUT PIO_STATUS_BLOCK IoStatusBlock,
+	OUT PVOID FileInformation,
+	IN ULONG FileInformationLength,
+	IN FILE_INFORMATION_CLASS FileInformationClass,
+	IN BOOLEAN ReturnSingleEntry,
+	IN PUNICODE_STRING FileName OPTIONAL,
+	IN BOOLEAN RestartScan
+	);
+
+
+/*
+ * ZwQueryAttributesFile retrieves basic information about a file object. [NAR]
+ */
+
+typedef NTSTATUS (*fpZwQueryAttributesFile) (
+	IN POBJECT_ATTRIBUTES ObjectAttributes,
+	OUT PFILE_BASIC_INFORMATION FileInformation
+	);
+
+NTSTATUS
+NTAPI
+HookedNtQueryAttributesFile(
+	IN POBJECT_ATTRIBUTES ObjectAttributes,
+	OUT PFILE_BASIC_INFORMATION FileInformation
+	);
+
+
+/*
+ * ZwQueryFullAttributesFile retrieves extended information about a file object. [NAR]
+ */
+
+typedef NTSTATUS (*fpZwQueryFullAttributesFile) (
+	IN POBJECT_ATTRIBUTES ObjectAttributes,
+	OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation
+	);
+
+NTSTATUS
+NTAPI
+HookedNtQueryFullAttributesFile(
+	IN POBJECT_ATTRIBUTES ObjectAttributes,
+	OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation
+	);
+
+
+/*
+ * ZwSetInformationFile sets information affecting a file object. [NAR]
+ */
+
+typedef NTSTATUS (*fpZwSetInformationFile) (
+	IN HANDLE FileHandle,
+	OUT PIO_STATUS_BLOCK IoStatusBlock,
+	IN PVOID FileInformation,
+	IN ULONG FileInformationLength,
+	IN FILE_INFORMATION_CLASS FileInformationClass
+	);
+
+NTSTATUS
+NTAPI
+HookedNtSetInformationFile(
+	IN HANDLE FileHandle,
+	OUT PIO_STATUS_BLOCK IoStatusBlock,
+	IN PVOID FileInformation,
+	IN ULONG FileInformationLength,
+	IN FILE_INFORMATION_CLASS FileInformationClass
+	);
+
+
+
+/*
+ * ZwCreateNamedPipeFile creates a named pipe. [NAR]
+ */
+
+typedef NTSTATUS (*fpZwCreateNamedPipeFile) (
+	OUT PHANDLE FileHandle,
+	IN ACCESS_MASK DesiredAccess,
+	IN POBJECT_ATTRIBUTES ObjectAttributes,
+	OUT PIO_STATUS_BLOCK IoStatusBlock,
+	IN ULONG ShareAccess,
+	IN ULONG CreateDisposition,
+	IN ULONG CreateOptions,
+/* The following 3 parameters listed in NAR are wrong
+	IN BOOLEAN TypeMessage,
+	IN BOOLEAN ReadmodeMessage,
+	IN BOOLEAN Nonblocking,
+*/
+	IN ULONG TypeMessage,
+	IN ULONG ReadmodeMessage,
+	IN ULONG Nonblocking,
+	IN ULONG MaxInstances,
+	IN ULONG InBufferSize,
+	IN ULONG OutBufferSize,
+	IN PLARGE_INTEGER DefaultTimeout OPTIONAL
+	);
+
+NTSTATUS
+NTAPI
+HookedNtCreateNamedPipeFile(
+	OUT PHANDLE FileHandle,
+	IN ACCESS_MASK DesiredAccess,
+	IN POBJECT_ATTRIBUTES ObjectAttributes,
+	OUT PIO_STATUS_BLOCK IoStatusBlock,
+	IN ULONG ShareAccess,
+	IN ULONG CreateDisposition,
+	IN ULONG CreateOptions,
+	IN ULONG TypeMessage,
+	IN ULONG ReadmodeMessage,
+	IN ULONG Nonblocking,
+	IN ULONG MaxInstances,
+	IN ULONG InBufferSize,
+	IN ULONG OutBufferSize,
+	IN PLARGE_INTEGER DefaultTimeout OPTIONAL
+	);
+
+
+
+/*
+ * ZwCreateMailslotFile creates a mailslot. [NAR]
+ */
+
+typedef NTSTATUS (*fpZwCreateMailslotFile) (
+	OUT PHANDLE FileHandle,
+	IN ACCESS_MASK DesiredAccess,
+	IN POBJECT_ATTRIBUTES ObjectAttributes,
+	OUT PIO_STATUS_BLOCK IoStatusBlock,
+	IN ULONG CreateOptions,
+	IN ULONG InBufferSize,
+	IN ULONG MaxMessageSize,
+	IN PLARGE_INTEGER ReadTimeout OPTIONAL
+	);
+
+NTSTATUS
+NTAPI
+HookedNtCreateMailslotFile(
+	OUT PHANDLE FileHandle,
+	IN ACCESS_MASK DesiredAccess,
+	IN POBJECT_ATTRIBUTES ObjectAttributes,
+	OUT PIO_STATUS_BLOCK IoStatusBlock,
+	IN ULONG CreateOptions,
+	IN ULONG InBufferSize,
+	IN ULONG MaxMessageSize,
+	IN PLARGE_INTEGER ReadTimeout OPTIONAL
+	);
+
+
+BOOLEAN InitFileHooks();
+
+
+#endif	/* __FILE_H__ */
-- 
cgit v1.3