-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathjavelin_driver.h
More file actions
27 lines (21 loc) · 931 Bytes
/
javelin_driver.h
File metadata and controls
27 lines (21 loc) · 931 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
// javelin_driver.h
#pragma once
#include <ntddk.h>
#define JAVELIN_DEVICE 0x8000
#define IOCTL_JAVELIN_PROTECT_PROCESS CTL_CODE(JAVELIN_DEVICE, 0x800, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_JAVELIN_VERIFY_INTEGRITY CTL_CODE(JAVELIN_DEVICE, 0x801, METHOD_BUFFERED, FILE_ANY_ACCESS)
// Struktur untuk komunikasi user-mode ke kernel
typedef struct _JAVELIN_PROTECTION_REQUEST {
ULONG ProcessId;
ULONG ProtectionFlags;
} JAVELIN_PROTECTION_REQUEST, *PJAVELIN_PROTECTION_REQUEST;
// Fungsi driver
DRIVER_INITIALIZE DriverEntry;
NTSTATUS JavelinCreateClose(_In_ PDEVICE_OBJECT DeviceObject, _In_ PIRP Irp);
NTSTATUS JavelinDeviceControl(_In_ PDEVICE_OBJECT DeviceObject, _In_ PIRP Irp);
// Callback protection
OB_PREOP_CALLBACK_STATUS OnProcessHandleOperation(
_In_ PVOID RegistrationContext,
_In_ POB_PRE_OPERATION_INFORMATION OperationInformation
);
VOID JavelinUnload(_In_ PDRIVER_OBJECT DriverObject);