windows-nt/Source/XPSP1/NT/base/win32/verifier/support.h
2020-09-26 16:20:57 +08:00

157 lines
2 KiB
C

/*++
Copyright (c) 1989 Microsoft Corporation
Module Name:
support.h
Abstract:
Internal support interfaces for the standard
application verifier provider.
Author:
Silviu Calinoiu (SilviuC) 1-Mar-2001
Revision History:
--*/
#ifndef _SUPPORT_H_
#define _SUPPORT_H_
//
// Security checks
//
VOID
CheckObjectAttributes (
POBJECT_ATTRIBUTES Object
);
//
// Handle management
//
#define MAX_TRACE_DEPTH 16
#define HANDLE_TYPE_UNKNOWN 0
#define HANDLE_TYPE_NTDLL 1
#define HANDLE_TYPE_FILE 2
#define HANDLE_TYPE_SECTION 3
typedef struct _AVRF_HANDLE {
LIST_ENTRY Links;
struct {
ULONG Type : 30;
ULONG Delayed : 1;
};
HANDLE Handle;
PWSTR Name;
PVOID Context;
PVOID Trace [MAX_TRACE_DEPTH];
} AVRF_HANDLE, *PAVRF_HANDLE;
VOID
HandleInitialize (
);
PAVRF_HANDLE
HandleFind (
HANDLE Handle
);
PWSTR
HandleName (
PAVRF_HANDLE Handle
);
PAVRF_HANDLE
HandleAdd (
HANDLE Handle,
ULONG Type,
BOOLEAN Delayed,
PWSTR Name,
PVOID Context
);
VOID
HandleDelete (
HANDLE Handle,
PAVRF_HANDLE Entry
);
VOID
HandleDump (
HANDLE Handle
);
//
// Virtual space operations tracking
//
typedef enum _VS_CALL_TYPE {
VsVirtualAlloc = 0,
VsVirtualFree = 1,
VsMapView = 2,
VsUnmapView = 3
} VS_CALL_TYPE;
VOID
VsLogCall (
VS_CALL_TYPE Type,
PVOID Address,
SIZE_T Size,
ULONG Operation,
ULONG Protection
);
//
// Heap operations tracking
//
VOID
HeapLogCall (
PVOID Address,
SIZE_T Size
);
//
// Write garbage in unused areas of stack.
//
VOID
AVrfpDirtyThreadStack (
);
//
// Standard function used for hooked CreateThread.
//
typedef struct _AVRF_THREAD_INFO {
PTHREAD_START_ROUTINE Function;
PVOID Parameter;
} AVRF_THREAD_INFO, * PAVRF_THREAD_INFO;
DWORD
WINAPI
AVrfpStandardThreadFunction (
LPVOID Info
);
VOID
AVrfpCheckThreadTermination (
VOID
);
#endif // _SUPPORT_H_