Exposes the types, constants and functions used to describe protected Windows Kernel modules and driver objects. More...

#include "introtypes.h"
#include "drivers.h"

Typedefs
typedef struct _PROTECTED_MODULE_INFO	PROTECTED_MODULE_INFO

Functions
const PROTECTED_MODULE_INFO *	IntWinDrvIsProtected (const KERNEL_DRIVER *Driver)
	Get the protected module information for a kernel driver. More...

const PROTECTED_MODULE_INFO *	IntWinDrvObjIsProtected (const WIN_DRIVER_OBJECT *DriverObject)
	Get the protected module information for a kernel driver object. More...

BOOLEAN	IntWinDrvHasDriverObject (const KERNEL_DRIVER *Driver)
	Check wether a kernel driver has a driver object that we care to protect. More...

BOOLEAN	IntWinDrvIsProtectedAv (const WCHAR *Driver)
	Check wether a kernel driver is a known and protected antivirus. More...

BOOLEAN	IntWinDrvObjIsProtectedAv (const WCHAR *DrvObj)
	Checks if a driver object belongs to a known and protected antivirus. More...

Detailed Description

Exposes the types, constants and functions used to describe protected Windows Kernel modules and driver objects.

Definition in file windrv_protected.h.

Typedef Documentation

◆ PROTECTED_MODULE_INFO

typedef struct _PROTECTED_MODULE_INFO PROTECTED_MODULE_INFO

Definition at line 18 of file windrv_protected.h.

Function Documentation

◆ IntWinDrvHasDriverObject()

BOOLEAN IntWinDrvHasDriverObject ( const KERNEL_DRIVER * Driver )

Check wether a kernel driver has a driver object that we care to protect.

Parameters

[in] Driver Pointer to a kernel driver to be checked.

Returns: TRUE if the driver has a driver object, FALSE otherwise.

Definition at line 577 of file windrv_protected.c.

Referenced by IntWinDrvCreateFromAddress().

◆ IntWinDrvIsProtected()

const PROTECTED_MODULE_INFO* IntWinDrvIsProtected ( const KERNEL_DRIVER * Driver )

Get the protected module information for a kernel driver.

Parameters

[in] Driver Pointer to a kernel driver for which to search a protection information.

Returns: The desired protection information or NULL if not found.

Definition at line 484 of file windrv_protected.c.

Referenced by IntWinDrvCreateFromAddress(), IntWinDrvHasDriverObject(), and IntWinDrvUpdateProtection().

◆ IntWinDrvIsProtectedAv()

BOOLEAN IntWinDrvIsProtectedAv ( const WCHAR * Driver )

Check wether a kernel driver is a known and protected antivirus.

Parameters

[in] Driver Pointer to a WCHAR string describing the drivers name.

Returns: TRUE if the driver is a known and protected antivirus, FALSE otherwise.

Definition at line 595 of file windrv_protected.c.

Referenced by IntAlertEptFillFromVictimZone().

◆ IntWinDrvObjIsProtected()

const PROTECTED_MODULE_INFO* IntWinDrvObjIsProtected ( const WIN_DRIVER_OBJECT * Driver )

Get the protected module information for a kernel driver object.

Parameters

[in] Driver Pointer to a driver object for which to search a protection information.

Returns: The desired protection information or NULL if not found.

Definition at line 536 of file windrv_protected.c.

Referenced by IntWinDrvObjCreateFromAddress(), and IntWinDrvObjUpdateProtection().

◆ IntWinDrvObjIsProtectedAv()

BOOLEAN IntWinDrvObjIsProtectedAv ( const WCHAR * DrvObj )

Checks if a driver object belongs to a known and protected antivirus.

Parameters

[in] DrvObj Pointer to a WCHAR string describing the driver objects name.

Returns: TRUE if the driver object belongs to a known and protected antivirus, FALSE otherwise.

Definition at line 611 of file windrv_protected.c.

Referenced by IntAlertEptFillFromVictimZone().

Typedefs

Functions

Detailed Description

Typedef Documentation

◆ PROTECTED_MODULE_INFO

Function Documentation

◆ IntWinDrvHasDriverObject()

◆ IntWinDrvIsProtected()

◆ IntWinDrvIsProtectedAv()

◆ IntWinDrvObjIsProtected()

◆ IntWinDrvObjIsProtectedAv()