-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathlayer.h
More file actions
34 lines (29 loc) · 735 Bytes
/
layer.h
File metadata and controls
34 lines (29 loc) · 735 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
/*
* WehnTrust
*
* Copyright (c) 2004, Wehnus.
*/
#ifndef _WEHNTRUST_DRIVER_LAYER_H
#define _WEHNTRUST_DRIVER_LAYER_H
typedef struct _CALL_LAYER
{
ULONG_PTR FunctionToHookAddress;
ULONG_PTR RealFunctionPostPreamble;
ULONG_PTR HookFunctionAddress;
ULONG_PTR Target;
PVOID RealFunction;
UCHAR SavePreamble[6];
PVOID LockedAddress;
PMDL Mdl;
} CALL_LAYER, *PCALL_LAYER;
NTSTATUS InstallCallLayer(
IN ULONG_PTR FunctionToHookAddress,
IN ULONG_PTR HookFunctionAddress,
OUT PCALL_LAYER *layer);
NTSTATUS UninstallCallLayer(
IN PCALL_LAYER Layer);
NTSTATUS GetSystemCallRoutine(
IN PVOID SystemCallToHook OPTIONAL,
IN ULONG SystemCallIndex OPTIONAL,
OUT PULONG_PTR SystemCallAddress);
#endif