2023-07-01 04:14:20 +02:00
|
|
|
#pragma once
|
|
|
|
|
2023-07-01 04:39:52 +02:00
|
|
|
//
|
|
|
|
// Custom allocator for function that allocate pool memory
|
|
|
|
//
|
2023-07-01 04:23:11 +02:00
|
|
|
typedef
|
|
|
|
_IRQL_requires_same_
|
2023-07-01 04:36:59 +02:00
|
|
|
_Function_class_(EVT_DOMITO_ALLOCATE_ROUTINE)
|
2023-07-01 04:23:11 +02:00
|
|
|
__drv_allocatesMem(Mem)
|
|
|
|
PVOID
|
|
|
|
NTAPI
|
2023-07-01 04:36:59 +02:00
|
|
|
EVT_DOMITO_ALLOCATE_ROUTINE(
|
2023-07-01 05:24:04 +02:00
|
|
|
_In_ SIZE_T ByteSize
|
2023-07-01 04:14:20 +02:00
|
|
|
);
|
2023-07-01 04:36:59 +02:00
|
|
|
typedef EVT_DOMITO_ALLOCATE_ROUTINE* PFN_DOMITO_ALLOCATE_ROUTINE;
|
2023-07-01 04:14:20 +02:00
|
|
|
|
|
|
|
|
2023-07-01 04:36:59 +02:00
|
|
|
//
|
|
|
|
// Finds the base address of a driver module
|
|
|
|
//
|
2023-07-01 04:14:20 +02:00
|
|
|
_Success_(return == STATUS_SUCCESS)
|
|
|
|
_Must_inspect_result_
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
|
|
EXTERN_C
|
|
|
|
NTSTATUS
|
|
|
|
DomitoFindDriverBaseAddress(
|
2023-07-01 05:24:04 +02:00
|
|
|
_In_ STRING ModuleName,
|
|
|
|
_In_ PFN_DOMITO_ALLOCATE_ROUTINE Allocator,
|
|
|
|
_Inout_opt_ PVOID * ModuleBase
|
2023-07-01 04:14:20 +02:00
|
|
|
);
|
|
|
|
|
2023-07-01 04:36:59 +02:00
|
|
|
//
|
|
|
|
// Finds the address of an exported function by name
|
|
|
|
//
|
2023-07-01 04:14:20 +02:00
|
|
|
_Success_(return == STATUS_SUCCESS)
|
|
|
|
_Must_inspect_result_
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
|
|
EXTERN_C
|
|
|
|
NTSTATUS
|
|
|
|
DomitoFindExportedFunctionAddress(
|
2023-07-01 05:24:04 +02:00
|
|
|
_In_ PVOID ModuleBase,
|
|
|
|
_In_ STRING FunctionName,
|
|
|
|
_Inout_opt_ PVOID * FunctionAddress
|
|
|
|
);
|
|
|
|
|
|
|
|
//
|
|
|
|
// Scans a provided buffer for a memory pattern
|
|
|
|
//
|
|
|
|
_Success_(return == STATUS_SUCCESS)
|
|
|
|
_Must_inspect_result_
|
|
|
|
_IRQL_requires_max_(DISPATCH_LEVEL)
|
|
|
|
NTSTATUS
|
|
|
|
DomitoMemorySearchPattern(
|
|
|
|
_In_ PCUCHAR pcPattern,
|
|
|
|
_In_ UCHAR uWildcard,
|
|
|
|
_In_ SIZE_T puLen,
|
|
|
|
_In_ PVOID pcBase,
|
|
|
|
_In_ SIZE_T puSize,
|
|
|
|
_Outptr_result_maybenull_ PVOID* ppMatch
|
2023-07-01 04:14:20 +02:00
|
|
|
);
|