12 #ifndef _WINUMMODULEBLOCK_H_ 13 #define _WINUMMODULEBLOCK_H_ 21 #define WINMODBLOCK_INVALID_VALUE 0xFFFFFFFF 54 _In_ void *BlockObject,
83 _In_ const void *BlockObject
100 _In_ void *BlockObject,
enum _WIN_MOD_BLOCK_FLAG WIN_MOD_BLOCK_FLAG
Used to provided blocking options.
Do not unload the module.
INTSTATUS(* PFUNC_IntWinModBlockCleanup)(WIN_PROCESS_MODULE *Module, const void *BlockObject)
This callback type will be invoked when IntWinModBlockRemoveBlockObject is called for cleanup purpose...
int INTSTATUS
The status data type.
_WIN_MOD_BLOCK_FLAG
Used to provided blocking options.
INTSTATUS(* PFUNC_IntWinModBlockCallback)(WIN_PROCESS_MODULE *Module, void *BlockObject, QWORD DllHandle, QWORD Reason, QWORD Reserved, QWORD RetAddress, INTRO_ACTION *Action)
This callbacks provided detection logic for Windows module loads.
enum _INTRO_ACTION INTRO_ACTION
Event actions.
Force the module to unload by returning FALSE.
INTSTATUS IntWinModBlockBlockModuleLoad(WIN_PROCESS_MODULE *Module, WIN_MOD_BLOCK_FLAG Flags, PFUNC_IntWinModBlockCallback Callback, PFUNC_IntWinModBlockHeadersCallback HeadersCallback, PFUNC_IntWinModBlockCleanup CleanupCallback, void **BlockObject)
This function is invoked when a suspicious dll is loaded in order to analyze and block the dll load i...
INTSTATUS IntWinModBlockRegisterCallbackForReason(void *BlockObject, DWORD Reason, PFUNC_IntWinModBlockCallback Callback)
Registers a callback that is invoked when the blocked module's DllMain function is called with a give...
INTSTATUS(* PFUNC_IntWinModBlockHeadersCallback)(WIN_PROCESS_MODULE *Module, BYTE *Headers)
This callback type will be called for the suspicious module headers when they are swapped in...
INTSTATUS IntWinModBlockRemoveBlockObject(void *BlockObject)
This function is used in order to destroy a WIN_MOD_BLOCK_OBJECT structure.