-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathimports.h
More file actions
42 lines (33 loc) · 1.2 KB
/
imports.h
File metadata and controls
42 lines (33 loc) · 1.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
// Copyright (c) 2026 渟雲. All rights reserved.
#pragma once
#ifndef _IMPORTS_H_
#define _IMPORTS_H_
#include <ntifs.h>
#include <wdmsec.h>
#include "./defines.h"
QWORD _KeAcquireSpinLockAtDpcLevel;
QWORD _KeReleaseSpinLockFromDpcLevel;
QWORD _IofCompleteRequest;
QWORD _IoReleaseRemoveLockEx;
NTKERNELAPI NTSTATUS
IoCreateDriver(_In_ PUNICODE_STRING DriverName,
_In_ PDRIVER_INITIALIZE InitializationFunction);
NTSYSAPI PPEB PsGetProcessPeb(PEPROCESS);
NTSYSCALLAPI
POBJECT_TYPE* IoDriverObjectType;
NTSYSCALLAPI
NTSTATUS
ObReferenceObjectByName(__in PUNICODE_STRING ObjectName, __in ULONG Attributes,
__in_opt PACCESS_STATE AccessState,
__in_opt ACCESS_MASK DesiredAccess,
__in POBJECT_TYPE ObjectType,
__in KPROCESSOR_MODE AccessMode,
__inout_opt PVOID ParseContext, __out PVOID* Object);
NTSYSAPI
NTSTATUS
NTAPI
ZwProtectVirtualMemory(IN HANDLE ProcessHandle, IN OUT PVOID* BaseAddress,
IN OUT PSIZE_T RegionSize, IN ULONG NewProtect,
OUT PULONG OldProtect);
NTSYSAPI PCHAR PsGetProcessImageFileName(PEPROCESS Process);
#endif