doxygen/html/windrv__protected_8h_source.html

 /*
  * Copyright (c) 2020 Bitdefender
  * SPDX-License-Identifier: Apache-2.0
  */

 #ifndef _WINDRV_PROTECTED_H_
 #define _WINDRV_PROTECTED_H_

 #include "introtypes.h"
 #include "drivers.h"

 typedef struct _PROTECTED_MODULE_INFO PROTECTED_MODULE_INFO;

 _Success_(return != NULL)
 const PROTECTED_MODULE_INFO *
 IntWinDrvIsProtected(
     _In_ const KERNEL_DRIVER *Driver
     );

 _Success_(return != NULL)
 const PROTECTED_MODULE_INFO *
 IntWinDrvObjIsProtected(
     _In_ const WIN_DRIVER_OBJECT *DriverObject
     );

 BOOLEAN
 IntWinDrvHasDriverObject(
     _In_ const KERNEL_DRIVER *Driver
     );

 BOOLEAN
 IntWinDrvIsProtectedAv(
     _In_ const WCHAR *Driver
     );

 BOOLEAN
 IntWinDrvObjIsProtectedAv(
     _In_ const WCHAR *DrvObj
     );

 #endif // !_WINDRV_PROTECTED_H_

BOOLEAN
_Bool BOOLEAN
Definition: intro_types.h:58

IntWinDrvObjIsProtected
const PROTECTED_MODULE_INFO * IntWinDrvObjIsProtected(const WIN_DRIVER_OBJECT *DriverObject)
Get the protected module information for a kernel driver object.
Definition: windrv_protected.c:536

_In_
#define _In_
Definition: intro_sal.h:21

_Success_
#define _Success_(expr)
Definition: intro_sal.h:47

IntWinDrvHasDriverObject
BOOLEAN IntWinDrvHasDriverObject(const KERNEL_DRIVER *Driver)
Check wether a kernel driver has a driver object that we care to protect.
Definition: windrv_protected.c:577

_KERNEL_DRIVER
Describes a kernel driver.
Definition: drivers.h:30

introtypes.h

_WIN_DRIVER_OBJECT
Holds information about a driver object.
Definition: windrvobj.h:13

drivers.h

_PROTECTED_MODULE_INFO::DriverObject
const WCHAR * DriverObject
The driver object that must be protected when protecting this module.
Definition: winguest.h:134

WCHAR
uint16_t WCHAR
Definition: intro_types.h:63

_PROTECTED_MODULE_INFO
Encapsulates a protected Windows kernel module.
Definition: winguest.h:126

IntWinDrvIsProtectedAv
BOOLEAN IntWinDrvIsProtectedAv(const WCHAR *Driver)
Check wether a kernel driver is a known and protected antivirus.
Definition: windrv_protected.c:595

IntWinDrvObjIsProtectedAv
BOOLEAN IntWinDrvObjIsProtectedAv(const WCHAR *DrvObj)
Checks if a driver object belongs to a known and protected antivirus.
Definition: windrv_protected.c:611

IntWinDrvIsProtected
const PROTECTED_MODULE_INFO * IntWinDrvIsProtected(const KERNEL_DRIVER *Driver)
Get the protected module information for a kernel driver.
Definition: windrv_protected.c:484