Basic ept hooking

2025-09-03 07:27:25 +00:00 · 2022-04-13 20:59:49 +02:00
parent fd03a49992
commit e02e065bd5
5 changed files with 522 additions and 45 deletions
--- a/src/driver/nt_ext.hpp
+++ b/src/driver/nt_ext.hpp
@@ -116,6 +116,25 @@ PsGetProcessPeb(
 	IN PEPROCESS Process
 );

+// ----------------------------------------
+
+__kernel_entry NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtCreateFile(
+	_Out_ PHANDLE FileHandle,
+	_In_ ACCESS_MASK DesiredAccess,
+	_In_ POBJECT_ATTRIBUTES ObjectAttributes,
+	_Out_ PIO_STATUS_BLOCK IoStatusBlock,
+	_In_opt_ PLARGE_INTEGER AllocationSize,
+	_In_ ULONG FileAttributes,
+	_In_ ULONG ShareAccess,
+	_In_ ULONG CreateDisposition,
+	_In_ ULONG CreateOptions,
+	_In_reads_bytes_opt_(EaLength) PVOID EaBuffer,
+	_In_ ULONG EaLength
+);
+
 #ifdef __cplusplus
 }
 #endif