|
|
/*++ BUILD Version: 0001
* * WOW v1.0 * * Copyright (c) 2002, Microsoft Corporation * * dpmf_ntd.h * NTVDM Dynamic Patch Module to support misc NTDLL API family * Definitions & macors to support calls into dpmfntd.dll * * History: * Created 01-10-2002 by cmjones--*/
#ifndef _DPMF_NTDAPI_H_
#define _DPMF_NTDAPI_H_
typedef DWORD ACCESS_MASK__; // including winnt.h here causes a mess
#define NTDPFT (DPMFAMTBLS()[NTD_FAM])
#define NTD_SHIM(ord, typ) ((typ)((pFT)->pDpmShmTbls[ord]))
enum NtdFam {DPM_NTOPENFILE=0, DPM_NTQUERYDIRECTORYFILE, DPM_RTLGETFULLPATHNAME_U, DPM_RTLGETCURRENTDIRECTORY_U, DPM_RTLSETCURRENTDIRECTORY_U, DPM_NTVDMCONTROL, enum_ntd_last};
// These types will catch misuse of parameters & ret types
typedef DWORD (*typdpmNtOpenFile)(PHANDLE, ACCESS_MASK__, POBJECT_ATTRIBUTES, PIO_STATUS_BLOCK, ULONG, ULONG);typedef DWORD (*typdpmNtQueryDirectoryFile)(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN);typedef DWORD (*typdpmRtlGetFullPathName_U)(PCWSTR, ULONG, PWSTR, PWSTR *);typedef DWORD (*typdpmRtlGetCurrentDirectory_U)(ULONG, PWSTR);typedef NTSTATUS (*typdpmRtlSetCurrentDirectory_U)(PUNICODE_STRING);typedef NTSTATUS (*typdpmNtVdmControl)(VDMSERVICECLASS, PVOID);
// Macros to dispatch API calls properly
#define DPM_NtOpenFile(a,b,c,d,e,f) \
((typdpmNtOpenFile)(NTDPFT->pfn[DPM_NTOPENFILE]))(a,b,c,d,e,f)
#define DPM_NtQueryDirectoryFile(a,b,c,d,e,f,g,h,i,j,k) \
((typdpmNtQueryDirectoryFile)(NTDPFT->pfn[DPM_NTQUERYDIRECTORYFILE]))(a,b,c,d,e,f,g,h,i,j,k)
#define DPM_RtlGetFullPathName_U(a,b,c,d) \
((typdpmRtlGetFullPathName_U)(NTDPFT->pfn[DPM_RTLGETFULLPATHNAME_U]))(a,b,c,d)
#define DPM_RtlGetCurrentDirectory_U(a,b) \
((typdpmRtlGetCurrentDirectory_U)(NTDPFT->pfn[DPM_RTLGETCURRENTDIRECTORY_U]))(a,b)
#define DPM_RtlSetCurrentDirectory_U(a) \
((typdpmRtlSetCurrentDirectory_U)(NTDPFT->pfn[DPM_RTLSETCURRENTDIRECTORY_U]))(a)
#define DPM_NtVdmControl(a,b) \
((typdpmNtVdmControl)(NTDPFT->pfn[DPM_NTVDMCONTROL]))(a,b)
// Macros to dispatch Shimed API calls properly from the dpmfxxx.dll
#define SHM_NtOpenFile(a,b,c,d,e,f) \
(NTD_SHIM(DPM_NTOPENFILE, \ typdpmNtOpenFile))(a,b,c,d,e,f)#define SHM_NtQueryDirectoryFile(a,b,c,d,e,f,g,h,i,j,k) \
(NTD_SHIM(DPM_NTQUERYDIRECTORYFILE, \ typdpmNtQueryDirectoryFile))(a,b,c,d,e,f,g,h,i,j,k)#define SHM_RtlGetFullPathName_U(a,b,c,d) \
(NTD_SHIM(DPM_RTLGETFULLPATHNAME_U, \ typdpmRtlGetFullPathName_U))(a,b,c,d)#define SHM_RtlGetCurrentDirectory_U(a,b) \
(NTD_SHIM(DPM_RTLGETCURRENTDIRECTORY_U, \ typdpmRtlGetCurrentDirectory_U))(a,b)#define SHM_RtlSetCurrentDirectory_U(a) \
(NTD_SHIM(DPM_RTLSETCURRENTDIRECTORY_U, \ typdpmRtlSetCurrentDirectory_U))(a)#define SHM_NtVdmControl(a,b) \
(NTD_SHIM(DPM_NTVDMCONTROL, \ typdpmNtVdmControl))(a,b)
#endif // _DPMF_NTDAPI_H_
// These need to be in the same order as the NtdFam enum definitions above and
// the DpmNtdTbl[] list below.
// This instantiates memory for DpmNtdStrs in mvdm\v86\monitor\i386\vdpm.c &
// in mvdm\wow32\wdpm.c
#ifdef _DPM_COMMON_
const char *DpmNtdStrs[] = {"NtOpenFile", "NtQueryDirectoryFile", "RtlGetFullPathName_U", "RtlGetCurrentDirectory_U", "RtlSetCurrentDirectory_U", "NtVdmControl" };
// These need to be in the same order as the NtdFam enum definitions and the
// the DpmNtdStrs[] list above.
// This instantiates memory for DpmNtdTbl[] in mvdm\wow32\wdpm.c
PVOID DpmNtdTbl[] = {NtOpenFile, NtQueryDirectoryFile, RtlGetFullPathName_U, RtlGetCurrentDirectory_U, RtlSetCurrentDirectory_U, NtVdmControl };
#define NUM_HOOKED_NTD_APIS ((sizeof DpmNtdTbl)/(sizeof DpmNtdTbl[0]))
// This instantiates memory for DpmNtdFam in mvdm\v86\monitor\i386\vdpm.c
FAMILY_TABLE DpmNtdFam = {NUM_HOOKED_NTD_APIS, 0, 0, 0, 0, DpmNtdTbl};
#endif // _DPM_COMMON_
|
