windows-nt/Source/XPSP1/NT/base/win32/verifier/support.h

/*++

Copyright (c) 1989  Microsoft Corporation

Module Name:

    support.h

Abstract:

    Internal support interfaces for the standard 
    application verifier provider.

Author:

    Silviu Calinoiu (SilviuC) 1-Mar-2001

Revision History:

--*/

#ifndef _SUPPORT_H_
#define _SUPPORT_H_

//
// Security checks
//
      
VOID
CheckObjectAttributes (
    POBJECT_ATTRIBUTES Object
    );
      
//
// Handle management
//

#define MAX_TRACE_DEPTH 16

#define HANDLE_TYPE_UNKNOWN 0
#define HANDLE_TYPE_NTDLL   1
#define HANDLE_TYPE_FILE    2
#define HANDLE_TYPE_SECTION 3

typedef struct _AVRF_HANDLE {

    LIST_ENTRY Links;

    struct {

        ULONG Type : 30;
        ULONG Delayed : 1;
    };
    
    HANDLE Handle;
    PWSTR Name;
    PVOID Context;
    PVOID Trace [MAX_TRACE_DEPTH];

} AVRF_HANDLE, *PAVRF_HANDLE;

VOID
HandleInitialize (
    );

PAVRF_HANDLE
HandleFind (
    HANDLE Handle
    );

PWSTR 
HandleName (
    PAVRF_HANDLE Handle
    );

PAVRF_HANDLE
HandleAdd (
    HANDLE Handle,
    ULONG Type,
    BOOLEAN Delayed,
    PWSTR Name,
    PVOID Context
    );

VOID
HandleDelete (
    HANDLE Handle,
    PAVRF_HANDLE Entry
    );

VOID
HandleDump (
    HANDLE Handle
    );

//
// Virtual space operations tracking
//

typedef enum _VS_CALL_TYPE {
    VsVirtualAlloc = 0,
    VsVirtualFree = 1,
    VsMapView = 2,
    VsUnmapView = 3
} VS_CALL_TYPE;

VOID
VsLogCall (
    VS_CALL_TYPE Type,
    PVOID Address,
    SIZE_T Size,
    ULONG Operation,
    ULONG Protection
    );

//
// Heap operations tracking
//

VOID
HeapLogCall (
    PVOID Address,
    SIZE_T Size
    );

//
// Write garbage in unused areas of stack.
//

VOID
AVrfpDirtyThreadStack (
    );

//
// Standard function used for hooked CreateThread.
//

typedef struct _AVRF_THREAD_INFO {

    PTHREAD_START_ROUTINE Function;
    PVOID Parameter;

} AVRF_THREAD_INFO, * PAVRF_THREAD_INFO;

DWORD
WINAPI
AVrfpStandardThreadFunction (
    LPVOID Info
    );

VOID
AVrfpCheckThreadTermination (
    VOID
    );

#endif // _SUPPORT_H_
Add source files 2020-09-26 03:20:57 -05:00			`/*++`

			`Copyright (c) 1989 Microsoft Corporation`

			`Module Name:`

			`support.h`

			`Abstract:`

			`Internal support interfaces for the standard`
			`application verifier provider.`

			`Author:`

			`Silviu Calinoiu (SilviuC) 1-Mar-2001`

			`Revision History:`

			`--*/`

			`#ifndef _SUPPORT_H_`
			`#define _SUPPORT_H_`

			`//`
			`// Security checks`
			`//`

			`VOID`
			`CheckObjectAttributes (`
			`POBJECT_ATTRIBUTES Object`
			`);`

			`//`
			`// Handle management`
			`//`

			`#define MAX_TRACE_DEPTH 16`

			`#define HANDLE_TYPE_UNKNOWN 0`
			`#define HANDLE_TYPE_NTDLL 1`
			`#define HANDLE_TYPE_FILE 2`
			`#define HANDLE_TYPE_SECTION 3`

			`typedef struct _AVRF_HANDLE {`

			`LIST_ENTRY Links;`

			`struct {`

			`ULONG Type : 30;`
			`ULONG Delayed : 1;`
			`};`

			`HANDLE Handle;`
			`PWSTR Name;`
			`PVOID Context;`
			`PVOID Trace [MAX_TRACE_DEPTH];`

			`} AVRF_HANDLE, *PAVRF_HANDLE;`

			`VOID`
			`HandleInitialize (`
			`);`

			`PAVRF_HANDLE`
			`HandleFind (`
			`HANDLE Handle`
			`);`

			`PWSTR`
			`HandleName (`
			`PAVRF_HANDLE Handle`
			`);`

			`PAVRF_HANDLE`
			`HandleAdd (`
			`HANDLE Handle,`
			`ULONG Type,`
			`BOOLEAN Delayed,`
			`PWSTR Name,`
			`PVOID Context`
			`);`

			`VOID`
			`HandleDelete (`
			`HANDLE Handle,`
			`PAVRF_HANDLE Entry`
			`);`

			`VOID`
			`HandleDump (`
			`HANDLE Handle`
			`);`

			`//`
			`// Virtual space operations tracking`
			`//`

			`typedef enum _VS_CALL_TYPE {`
			`VsVirtualAlloc = 0,`
			`VsVirtualFree = 1,`
			`VsMapView = 2,`
			`VsUnmapView = 3`
			`} VS_CALL_TYPE;`

			`VOID`
			`VsLogCall (`
			`VS_CALL_TYPE Type,`
			`PVOID Address,`
			`SIZE_T Size,`
			`ULONG Operation,`
			`ULONG Protection`
			`);`

			`//`
			`// Heap operations tracking`
			`//`

			`VOID`
			`HeapLogCall (`
			`PVOID Address,`
			`SIZE_T Size`
			`);`

			`//`
			`// Write garbage in unused areas of stack.`
			`//`

			`VOID`
			`AVrfpDirtyThreadStack (`
			`);`

			`//`
			`// Standard function used for hooked CreateThread.`
			`//`

			`typedef struct _AVRF_THREAD_INFO {`

			`PTHREAD_START_ROUTINE Function;`
			`PVOID Parameter;`

			`} AVRF_THREAD_INFO, * PAVRF_THREAD_INFO;`

			`DWORD`
			`WINAPI`
			`AVrfpStandardThreadFunction (`
			`LPVOID Info`
			`);`

			`VOID`
			`AVrfpCheckThreadTermination (`
			`VOID`
			`);`

			`#endif // _SUPPORT_H_`