45 lines
909 B
C
45 lines
909 B
C
#pragma once
|
|
|
|
//
|
|
// Custom allocator for function that allocate pool memory
|
|
//
|
|
typedef
|
|
_IRQL_requires_same_
|
|
_Function_class_(EVT_DOMITO_ALLOCATE_ROUTINE)
|
|
__drv_allocatesMem(Mem)
|
|
PVOID
|
|
NTAPI
|
|
EVT_DOMITO_ALLOCATE_ROUTINE(
|
|
_In_ SIZE_T ByteSize
|
|
);
|
|
typedef EVT_DOMITO_ALLOCATE_ROUTINE* PFN_DOMITO_ALLOCATE_ROUTINE;
|
|
|
|
|
|
//
|
|
// Finds the base address of a driver module
|
|
//
|
|
_Success_(return == STATUS_SUCCESS)
|
|
_Must_inspect_result_
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
EXTERN_C
|
|
NTSTATUS
|
|
DomitoFindDriverBaseAddress(
|
|
_In_ STRING ModuleName,
|
|
_In_ PFN_DOMITO_ALLOCATE_ROUTINE Allocator,
|
|
_Inout_opt_ PVOID * ModuleBase
|
|
);
|
|
|
|
//
|
|
// Finds the address of an exported function by name
|
|
//
|
|
_Success_(return == STATUS_SUCCESS)
|
|
_Must_inspect_result_
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
EXTERN_C
|
|
NTSTATUS
|
|
DomitoFindExportedFunctionAddress(
|
|
_In_ PVOID ModuleBase,
|
|
_In_ STRING FunctionName,
|
|
_Inout_opt_ PVOID * FunctionAddress
|
|
);
|